For the last few months I've being working on integrating rdsys with bridgedb, so bridges are managed by rdsys and bridgedb only does the distribution (https, moat and email)[0]. There will not be any visible changes, but all the insides are different.
Thanks to the TPA work now we have a testing setup of the new setup to test it. If you want to test it I'll be happy to hear if you find any issues with it. As this is distributing real bridges only people with accounts in TPO LDAP has access to it.
How to access the different distributors: * email. Just write an email to bridges-test@torproject.org from your @torproject.org email, and should get a reply with bridges.
* https. The web interface is available at https://bridges-test.torproject.org, but only reachable from people.torproject.org. You can make a ssh proxy: $ ssh -D 9999 people.torproject.org and configure your browser to use a SOCKS proxy at localhost with port 9999.
* moat. This is reachable the same way that https only from people.torproject.org. Is a bit more complicated to test, but I will stress test it myself :) I wrote I simple script to do the moat captcha request and solution: https://gitlab.torproject.org/-/snippets/127 It's run like: $ MOAT_URL="https://bridges-test.torproject.org/moat" CURL_OPTIONS="--socks5 localhost:9999" ./test-moat
Thank you.
[0] https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/12
On Tue, Feb 08, 2022 at 06:17:47PM +0100, meskio wrote:
How to access the different distributors:
- email. Just write an email to bridges-test@torproject.org from your @torproject.org email, and should get a reply with bridges.
I sent 2 emails from dcf@torproject.org and did not get any reply. One email had subject "get bridges" and an empty body; the other had an empty subject and "get transport obfs4" in the body.
- https. The web interface is available at https://bridges-test.torproject.org, but only reachable from people.torproject.org. You can make a ssh proxy:
$ ssh -D 9999 people.torproject.org and configure your browser to use a SOCKS proxy at localhost with port 9999.
This worked for me. I got 3 obfs4 bridges.
On Mon, Feb 28, 2022 at 01:45:50AM -0700, David Fifield wrote:
On Tue, Feb 08, 2022 at 06:17:47PM +0100, meskio wrote:
How to access the different distributors:
- email. Just write an email to bridges-test@torproject.org from your @torproject.org email, and should get a reply with bridges.
I sent 2 emails from dcf@torproject.org and did not get any reply. One email had subject "get bridges" and an empty body; the other had an empty subject and "get transport obfs4" in the body.
I spoke too soon. I got a reply to the first email (the one with a subject of "get bridges" and an empty body) after about 6 minutes. (The email's Date header was the same second I sent the message, but the Delivery-date header was 6 minutes later. Date: Mon, 28 Feb 2022 08:38:53 +0000 Delivery-date: Mon, 28 Feb 2022 08:45:09 +0000
Then I got a reply to the second email, saying I had exceeded the rate limit. In this case, too, the Date was the same second that I had sent the email, and the Delivery-date was about 7 minutes later. Date: Mon, 28 Feb 2022 08:42:34 +0000 Delivery-date: Mon, 28 Feb 2022 08:50:15 +0000
Quoting David Fifield (2022-02-28 09:54:28)
On Mon, Feb 28, 2022 at 01:45:50AM -0700, David Fifield wrote:
On Tue, Feb 08, 2022 at 06:17:47PM +0100, meskio wrote:
How to access the different distributors:
- email. Just write an email to bridges-test@torproject.org from your @torproject.org email, and should get a reply with bridges.
I sent 2 emails from dcf@torproject.org and did not get any reply. One email had subject "get bridges" and an empty body; the other had an empty subject and "get transport obfs4" in the body.
I spoke too soon. I got a reply to the first email (the one with a subject of "get bridges" and an empty body) after about 6 minutes. (The email's Date header was the same second I sent the message, but the Delivery-date header was 6 minutes later. Date: Mon, 28 Feb 2022 08:38:53 +0000 Delivery-date: Mon, 28 Feb 2022 08:45:09 +0000
This is pretty weird. I have tested it many times and I always get content in the body. I just tested it and it looked good here :(
Might it be that the changes we did to the text[0] are breaking your client (it does now contain some UTF-8 characters)? Can you try to open the email with a text editor or another email client? Does it look empty? Do you mind forwarding me the email?
[0]https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/40028#no...
Then I got a reply to the second email, saying I had exceeded the rate limit. In this case, too, the Date was the same second that I had sent the email, and the Delivery-date was about 7 minutes later. Date: Mon, 28 Feb 2022 08:42:34 +0000 Delivery-date: Mon, 28 Feb 2022 08:50:15 +0000
This is expected.
On Mon, Feb 28, 2022 at 12:43:24PM +0100, meskio wrote:
Quoting David Fifield (2022-02-28 09:54:28)
On Mon, Feb 28, 2022 at 01:45:50AM -0700, David Fifield wrote:
On Tue, Feb 08, 2022 at 06:17:47PM +0100, meskio wrote:
How to access the different distributors:
- email. Just write an email to bridges-test@torproject.org from your @torproject.org email, and should get a reply with bridges.
I sent 2 emails from dcf@torproject.org and did not get any reply. One email had subject "get bridges" and an empty body; the other had an empty subject and "get transport obfs4" in the body.
I spoke too soon. I got a reply to the first email (the one with a subject of "get bridges" and an empty body) after about 6 minutes. (The email's Date header was the same second I sent the message, but the Delivery-date header was 6 minutes later. Date: Mon, 28 Feb 2022 08:38:53 +0000 Delivery-date: Mon, 28 Feb 2022 08:45:09 +0000
This is pretty weird. I have tested it many times and I always get content in the body. I just tested it and it looked good here :(
Might it be that the changes we did to the text[0] are breaking your client (it does now contain some UTF-8 characters)? Can you try to open the email with a text editor or another email client? Does it look empty? Do you mind forwarding me the email?
Sorry, I wasn't clear. The email I *sent* had an empty body. The email I *received* from bridges-test had bridges and instructions in the body as expected.o
I tested sending an empty body, and separately an empty subject because, as I recall, in the past there was some confusion about whether BridgeDB should reply to such messages.
Quoting David Fifield (2022-02-28 17:33:51)
On Mon, Feb 28, 2022 at 12:43:24PM +0100, meskio wrote:
Quoting David Fifield (2022-02-28 09:54:28)
On Mon, Feb 28, 2022 at 01:45:50AM -0700, David Fifield wrote:
On Tue, Feb 08, 2022 at 06:17:47PM +0100, meskio wrote:
How to access the different distributors:
- email. Just write an email to bridges-test@torproject.org from your @torproject.org email, and should get a reply with bridges.
I sent 2 emails from dcf@torproject.org and did not get any reply. One email had subject "get bridges" and an empty body; the other had an empty subject and "get transport obfs4" in the body.
I spoke too soon. I got a reply to the first email (the one with a subject of "get bridges" and an empty body) after about 6 minutes. (The email's Date header was the same second I sent the message, but the Delivery-date header was 6 minutes later. Date: Mon, 28 Feb 2022 08:38:53 +0000 Delivery-date: Mon, 28 Feb 2022 08:45:09 +0000
This is pretty weird. I have tested it many times and I always get content in the body. I just tested it and it looked good here :(
Might it be that the changes we did to the text[0] are breaking your client (it does now contain some UTF-8 characters)? Can you try to open the email with a text editor or another email client? Does it look empty? Do you mind forwarding me the email?
Sorry, I wasn't clear. The email I *sent* had an empty body. The email I *received* from bridges-test had bridges and instructions in the body as expected.o
Ok, I'm happy it worked as expected. Thank you for testing it.
I tested sending an empty body, and separately an empty subject because, as I recall, in the past there was some confusion about whether BridgeDB should reply to such messages.
I see the code having something about that. But now bridgedb should always reply with obfs4 unless other commands provided, so no valid commands will still work to get bridges :)
BTW, bridgedb+rdsys is already in production.
anti-censorship-team@lists.torproject.org
-
David Fifield -
meskio