So, here are a few listings that seems to be regularly updated (as of today, at least):

• http://torstatus.all.de/index.php?SR=Bandwidth&SO=Desc: has lots of details (notably, they do make the difference between exit nodes and simple relays), but is probably not trivial to parse automatically. NB: if you’re on Firefox, beware that it will slow down the browser massively for a few seconds. It’s fine on Iron, though.
• http://torstatus.blutmagie.de/index.php?SR=Bandwidth&SO=Desc: pretty much the same as the previous one (still a Fx killer, notably!), but hosted elsewhere.
• http://torstatus.rueckgr.at/index.php: and the same again, somewhere else.
• http://www.ircproxy.net/torlist/: just a list of IPs, probably great to parse. Also mention the update date, even though I guess it’s not a guarantee.
• http://files.sabmx.net/pg2/tor_block.txt: also just a list of IP, indicated as IP ranges.
• http://teksimple.com/tornodes.txt: that’s probably the easiest one to parse: just a text list, one IP per line, update date and time on first line.

Note however that it seems pretty much impossible to perform a DDoS attack from the Tor network (limitation #1 being it doesn’t really have that much bandwidth available), so there’s no reason to be a jackass like Daniel Austin MBCS and ban all traffic from Tor nodes. Particularly, blocking traffic from non-exit nodes altogether is seriously retarded. Purely banning all traffic from Tor also means you’d simply play along SOPA and alike. You might want instead to maybe just make the spam filter harsher, or systematically manual, on contents coming from Tor.
Well, anyway, you got the list now act smart with it.

1. They care about privacy: unlike (for instance and just to cite the most famous one) Dropbox where the files are encrypted once they’ve arrived on Dropbox’s servers (sure, the transfer is SSL-protected, but at the end of the tunnel Dropbox can see the unencrypted files), the files are encrypted on the user’s computer. So Wuala has no way to read your files. (source: Wuala FAQ – Is Wuala private and secure?). The obvious drawback with that is that you’d better not lose your password: they don’t know it, and they can’t regenerate it, if you lose it it’s lost. You know, like dead is dead.
2. You can get lots more storage for free, just by sharing space. If your goal is to secure your data by storing them redundantly and not to store more data than can fit on your hard drive, read on carefully: if you let Wuala store 1 GiB of data on your computer (for redundantly storing encrypted files from other users), you’ll get an extra 1 GiB x [your uptime] free storage. At the moment, you can share 1 to 100 GiB per computer. So if you have 2 computers online 50% of the time and you share (aka “trade”) 100 GiB on each, you’ll get 100 GiB x 2 x 50% = 100 GiB of free Wuala space! Try and get that on Dropbox… they sell the 100 GiB quota at 20 bucks a month (oh, right, $19.99…). If you don’t want to trade storage with Wuala, you can also pay for extra GiBs, for instance 100GiB come at 100€ a year (right, 99€ or $129).
   UPDATE: this possibility to trade storage has been removed. However, at the moment it’s possible to pay for storage using Bitcoin.
3. Last but not least, there’s a decent corporation behind Wuala: Lacie (and guess what they sell: hard drives and NAS ). Sure, startups are cool. But losing your valuable data just because startups come and go, not so cool. And if you’re already on Dropbox, why not simply duplicate your Dropbox folder to Wuala for extra redundancy?

So, want to try? Wuala comes with 1 GiB free plus 500 MiB per referral (the bonus only lasts 1 year though, and is maxed to 6 GiB), plus as I explained lots more if you want to trade storage. It works on Windows, Mac OS X and Linux, so if you happen to own a server you’ll be able to use it to trade storage. And to finish here is the guide to run it on Linux (Ubuntu / Debian) using only the command line:

• Get Java and Screen if you don’t have them already: apt-get install sun-java6-jre screen or apt-get install default-jre screen
• Download wuala: wget http://wuala.com/files/wuala.tar.gz
• Extract it: tar -xzf wuala.tar.gz
• Make some files that need it executable:
  cd wuala
chmod 744 wuala
chmod 744 wualacmd
• Open a screen session and launch Wuala in it:
  screen
./wualacmd
• Detach the screen session: CTRL+A, CTRL+D
• Login to Wuala (NB: once again, Wuala needs to be running in the background, for instance in screen, for this to work): ./wuala login [your username] [your password]
• Start trading: ./wuala trade [space you want to trade, in gigabyte, so from 1 to 100]

That’s it, Wuala is installed and started trading. You can check your trading status by using ./wuala tradeStats, and you can force to update the trading stats by running again ./wuala trade.
The only problems I’ve been unable to solve yet is that the command line client seems to behave pretty bad with every update: it just seems to fail to restart, and even needs some manual cleaning (removing .lock files and/or killing the java process) about every time Wuala gets updated… which occurs quite often currently.

Sources:

• Wuala forums: Linux Installation Guide
• Wuala Blog – Effective Usage: Control Wuala With Your Console
• Once again the link to Wuala

AVG is one from this quite old trio of big free anti-virus software. The others being AntiVir/Avira (my current antivirus) and Avast!. I tried them all a long while ago, by the time of version 5-6 of AntiVir and AVG, and from this period I remembered how heavy AVG and Avast! were (plus they used to require a registration on their website) while AntiVir felt so light, with a rather miserable GUI that I liked but which used to repulse “basic” users. And I stuck with it until now, even though they “upgraded” the interface to something shiny but heavy like hell, notably because Avast! was still heavier and because AVG got pretty poor ratings from anti-virus tests during a large period.

But it wasn’t all brilliant. AntiVir saved my @$$, well, I don’t remember of a single time actually. Probably it caught a few highly suspicious files that I was going to check myself anyway, but that remained highly rare. During the same time, it gave me tons and tons of false positives, notably on a lot of things I programmed myself and packed using UPX, and on a lot of trainers (I used quite many of them for Wiki4Games…). It also failed to register that I don’t want it to detect that Abel & Cain installation file which has been sleeping on my PC for ages (and suddenly got detected forever after some update). And finally, it totally missed Buzus, which I only caught thanks to RegRun. When I caught the files and sent them to online scanners (Virustotal and VirSCAN), I noticed that:

1. as usual, Kaspersky pwned
2. only a few scanners detected the virus (3/41=7% or 5/36=14%)
3. and AVG was amongst those!

After all I’d heard and seen in tests about AVG, I was rather amazed. But considering how I was disappointed with my AntiVir experience, I eventually decided to give it another chance.

First impression: bloody hard to find on avg.com: I ended up searching for AVG free on Google…
Second impression: omfg it’s huge: the installer is more than twice as big as AntiVir: 84 MiB vs 40 MiB (Avast: is 46 MiB)
The installer is ok, it seems to do weird things at the beginning but it turns out to be a good, normal installer with the usual options. No restart needed at the end, the first run update is fast, too. The installed program is, despite the bigger installer, smaller than AntiVir (around 55 MiB, maybe there’s stuff elsewhere though?).
I start by scanning the folder where I had isolated the infected files. They’re all detected and… deleted. Ow, not cool, the default configuration is to slay the infected files. Gladly, I found them in quarantine (they call this the Virus Vault ), and there are options to disable this “I act without asking you first” behavior. Then I scan the whole infected Windows partition… gosh it takes ages… but it does find what AntiVir hadn’t found.
I finish cleaning and finally can get back to my primary Windows XP installation. There I promptly replace AntiVir with AVG. It detects a keygen on the desktop (bloody false +, hey…) but the whitelist does work and is not limited in size to a ridiculous value like AntiVir. The Cain & Abel installer isn’t detected, too.

So, to summarize:

• kind of heavy, but not more than AntiVir after all, notably faster interface than AntiVir
• seems to have a good detection rate. OK, that’s just one sample, but on this random one he’s in the top 10% already…
• false positives on trainers and such, but working white-list system and no detection of unarmed malware like the Cain & Abel installer.

Looks like AVG is definitely back in the race. At least it’s back on my computer now

• C:\WINDOWS\system32\winupdte\winupdte.exe (the file to be loaded at start-up)
• {temp folder}\is.exe (one of the crap processes by Adbul Raheem which add the above one to start-up)
• {temp folder}\output.exe (same)
• {temp folder}\svhost.exe (same)

I don’t know if there are other files around.

I checked one of the file on Virus Total, here is the result. Only 5 antiviruses out of 41 detected it. Kaspersky called it “Trojan.Win32.Buzus.emdx”, the other detection names were Dropper.Generic2.UFN (AVG), Heuristic.LooksLike.Trojan.Chinky.B (Mc Afee), VirTool:Win32/VBInject.gen!BH (Microsoft), Suspicious file (lol) (Panda). So globally, it seems that only Kaspersky detected the file as a specific virus, the other tools detected it thanks to heuristic or generic detection. I sent the virus an hour ago to Avira, because that’s the anti-virus I use and I actually need a fix (oops :s). I don’t have the time to send it to other vendors, so if you’re willing to send it yourself or if you’re precisely an anti-virus maker looking for this Buzus, here it is (beware, all 4 exes in the 7-zip archive are very most likely infected), in a 7-zip encrypted archive (password: virus).

1. Let’s get Firefox

That’s right, my PC is on MSIE 6. The whole company network is. Even the IT guys complain about this, but we’re stuck on Internet Explorer 6 and this might last still a while. There’s no running an installer here, so I went for the portable version, as usual.

First problem: exe blocked

First surprise of the day: no can download an executable file. This must be a new policy since it used to be possible half a year ago. Never mind, let’s get a zipped version… or so I thought. But I found out that it’d been a while since they last released the Portable Fox as a ZIP. Additionnally, although Protable Apps do list their old versions, they only list the exe ones. The easy solution is of course to zip Portable Firefox at home then bring it at home, but the I’m-in-a-hurry solution was to go find a zipped version. After a lot of disappointing searches (a lot of sites refer to portable firefox as a zip file, probably because they haven’t been updated during the last 4 years…), I resigned to get a pretty old version, 1.5.7, from sourceforge.
Edit (June 15): here is the current version (3.6.3) of Firefox Portable as a 7-Zip archive.

Second problem: configuring the connection

Firefox wasn’t able to connect to Internet. Which wasn’t really surprising since I knew my company requires us to go through a proxy. The problem was: how to find informations about that proxy?
In Internet options? → They’re hidden.
Use Firefox’s option “use the same proxy settings as MSIE”? → Should work but isn’t available in Firefox 1.5.
In the registry? → Good idea, but then how to launch regedit?
The run menu is disabled (Windows key+R returns an error), but there’s a cheap and easy workaround: batch files. Create a new text file, put regeditin it, change the file extension from .txt to .bat and run it. (NB: for the more generic command prompt, do the same replacing regedit with cmd) Now that we’re in the registry, we just need to browse to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings (thanks to the manual). In this key, the proxy is stored in the DWORD value ProxyServer, and the exclusion list (Firefox’s “No Proxy for” field) is stored in ProxyOverride.
If you don’t know or can’t figure out by yourself how to use this information to configure Firefox you probably shouldn’t be following this guide. But since I like unreasonable stuff I’m still pointing you to the direction: go to Tools → Options, then in General → Connection Settings. Then check “Manual proxy configuration”, enter your proxy in the HTTP proxy field, also add the port (that’s the part of the proxy address after the column, e.g. in myproxy.com:80 the port is 80 and the proxy is myproxy.com). Also check “Use this proxy server for all protocols”. Finally, fill the “No Proxy for” field as mentioned earlier. Click OK as many times as needed, and try again to load a website. If it still fails probably you did something wrong, but it’s also possible that your company filters which programs can or can’t connect (firewall…), and then sorry but you’ll have to stick with your corporate browser.

Finally, don’t forget…

…to update Firefox. The update package isn’t an exe file so auto-update should be able to download it. Because of performance issues (I’m, in May 2010, on a Pentium 4 2.8 GHz with 512 MiB of RAM – yes that’s like 7 years old), I chose to stay on Firefox 1.5 (so, 1.5.12), but the updater should be able to update to the latest Firefox version (and the launcher should keep working with it). If you want to stick with an old version, you can still use plenty of old add-ons since addons.mozilla.org, like sourceforge, keeps all older versions. For instance with my 1.5.12 version I installed the good old Littlefox theme, in its 1.7 version.
Edit: I just compared 1.5.12 and 3.6.3 RAM usage: when writing an e-mail in Gmail, 1.5.12 uses around 57MiB while 3.6.3 uses around 81MiB. So, it’s not that huge in absolute but it’s still a 42% relative increase.

2. Let’s get more portable stuff

In my previous tips to freedom I remained quite unspecific about the portable apps because there are so many of them. This time I’ll list a few chosen for their availability as a zipped (non executable) package (either an official package or one packed by myself for future use).

Opera

Unlike Firefox Portable, Opera Portable (actually, Opera@USB) is still being actively distributed as a zip version. You can get it there: http://www.opera-usb.com/operausben.htm.

R

Although it’s not distributed as a portable installer, R is natively portable (by this I mean, the installer can’t be run on a restricted computer, but if you just copy/paste an existing installation it will work and be 100% functional). So I simply packed my 2.10.1 installation into an archive. There: http://notepad.patheticcockroach.com/512/r-project-portable/.

Notepad++

The must-have notepad replacement with syntax highlighting for most common languages (notably R, too) is, as of today (version 5.6.8), distributed as a zip that might be usable as a portable version. To be verified… => http://sourceforge.net/projects/notepad-plus/files/. But anyway, here’s Notepad++ Portable 5.6.8 packed as a 7-Zip archive.

Name it!

I’ll add here a few things I pack for myself, but if you request some not too big ones I can do them for you, too.