bassosimone edited this page Nov 7, 2013 · 79 revisions


This wiki page contains all the errors found in recent Neubot versions along with links to the fixing commit, where available. This page is in the GitHub wiki rather than at because it is much more manageable to use Git for this task.



[2013-10-28_1] False-positive detection of the windows installer by a few antivirus vendors

12% of the antiviruses at (five out of 41) indicate that neubot- is a suspicious file, probably some unknown malware. That file (which is the windows installer) is not a piece of unknown malware, rather the five antiviruses report a false positive.

We know that the windows installer is not a piece of malware because:

a) when you hit a real piece of malware, most antiviruses report that they hit a piece of malware. In this case, instead, only a minority of the antiviruses raise a warning flag.

b) we prepare Neubot in a very controlled windows7 virtual machine, in which we install the minimum amount of software needed to create a Neubot release.

c) the win32/0.004016009.tar.gz file (which is the compressed archive) is not considered a piece of malware by any antivirus at This fact is relevant, because the compressed archive and the windows installer contain the same code. The windows installer, in fact, installs the code of the compressed archive, and then sets up the windows registry according to the Neubot needs. In particular the windows installer edits the CurrentVersion\Run key of the registry, because Neubot needs to run when the user logs in.

The editing of CurrentVersion\Run is the feature that triggers the false positive. The description of the Trojan.Win32.Agent.Ai malware, in fact, indicates that the CurrentVersion\Run key is often written by pieces of malware:

 Due to the generic nature of this detection, method
 of installation may vary. These trojans may often
 install themselves by copying their executable to the
 Windows or Windows system folders, and then modifying
 the registry to run this file at each system start.
 These trojans often modify the following subkey in order
 to accomplish this:


The antiviruses that don't flag the windows installer as malware probably implement more complex checks, or have already white-listed Neubot. I contacted a couple of antivirus vendors one-and-an-half years ago, in fact, to report a false-positive for an old version of the windows installer.

To fix the false-positive detection of the windows installer, I will contact the antiviruses that flag the windows installer as malware to tell them that their product reported a false positive.

Update — I have contacted Baidu International and KasperSky (2013-11-06); KasperSky acknowledged the false positive, and I also contacted Panda Security (2013-11-07).

I will also try, if possible, to rewrite the windows installer in a way that is less likely to trigger false positives.

[2013-10-29_1] FAQ and manpage are outdated

The manual page of Neubot and the FAQ of Neubot do not document the new DASH test. We are working on a diff to document the new DASH test, and we will include it into the next release.



[2013-10-29_2] Rewritten utils_path.append().

When working on Neubot, we noticed that the previous implementation of utils_path.append() was buggy, as the following example shows:

$ git checkout
HEAD is now at 2db202b... regress: repair regression tests
$ cat 
import sys
sys.path.insert(0, ".")
from neubot import utils_path
result = utils_path.append("/tmp", "/foo/../../../../bar")
sys.stdout.write("%s\n" % result)
$ python 

Instead of mapping the path to /tmp/bar, in fact, the append() function should reject the input.

We rewrote the code and the implementation of utils_path.append() behaves correctly:

$ git checkout
HEAD is now at 3db1a13... Neubot/ released
$ cat 
import sys
sys.path.insert(0, ".")
from neubot import utils_path
result = utils_path.append("/tmp", "/foo/../../../../bar", False)
sys.stdout.write("%s\n" % result)
$ python 
WARNING:root:utils_path: '/bar' IS NOT below '/tmp'



  • [2012-10-14] When auto-updating on Windows from 0.4.14 to, the version number in the "Uninstall a program" Control Panel sect. is set to "0.4.15-rc5" instead of "". This is actually harmless and is caused by the fact that the old version writes this entry: the interpretation of version numbers changed from 0.4.14 to 0.4.15. (This is "fixed" in the sense that it will not happen again: it was just an issue with the transition from 0.4.14 to 0.4.15).

  • [2012-10-17] The Makefile used USER ?= _neubot, which caused the default user name to be override by my user name. As a result, the debian package was trying to run as used simone instead of _neubot. Issue reported by Gabriele Bianchi, Matteo Castelli and Joey Stanford. Fixed by removing support for selecting the default user name (since it's optional complexity) and by releasing out a new package for debian ( This also created problems with FreeBSD, where Neubot was installed to run as root, and has been fixed promptly by FreeBSD Neubot maintainer Thierry Thomas, who applied the same patch.

Neubot 0.4.11


  • [2012-05-27] Neubot is removed during Ubuntu upgrade along with "obsolete packages". I just noticed the bug and at the moment I don't know why it occurs. I guess that Neubot fails to mark itself in some special way to avoid removal. There are many ways to fix this problem. But the most rational one, in my opinion, is to ask Debian to include our package into their repository. This way Neubot is no longer on an external repository, and this kind of problems should not happen anymore. I will write a blog post on that as soon as I understand better why Neubot is removed. I am marking this bug as fixed, since Dash Elhauge, who is currently doing an intern at the Nexa Center, reported that the bug does not occur anymore during the transition from 12.04 to 12.10, thanks!

Neubot 0.4.9


Neubot 0.4.8


  • [2012-02-12] Settings are not sorted by name in settings.html. Fixed by this commit, the fix is included in Neubot 0.4.9.

  • [2012-02-27] Plots are blank on Windows XP, Internet Explorer 8, unless you enable compatibility mode for the page. No problem on Windows 7, Internet Explorer 9, so may have something to do with canvas emulation on IE8. Reported on the public mailing list by Joachim Kross, thanks! Fixed by this commit, the fix is included in Neubot 0.4.11.

Neubot 0.4.6


  • [2012-01-24] In privacy policy v2.0, Measurement-Lab URI is incorrectly reported to be, but the correct URI is Fixed by this commit:, the fix is already available in Neubot 0.4.8.

  • [2012-01-24] When a test starts, the results of the last test are not properly cleared in the right sidebar. As a result, if the test fails, you see in the right sidebar the name of the new test and the results of the old test. Reported by Alessio Palmero Aprosio, thanks! Fixed by this commit:, the fix is already available in Neubot 0.4.8.

  • [2012-01-24] Under Windows 7, Neubot uninstaller does not show up in the control panel. Should you want to uninstall Neubot, you must do that manually, invoking the uninstall.exe program at C:\Users\USER\Neubot, where USER is your user name. Reported by Alessandro Longo, thanks! Fixed by this commit:, the fix is already available in Neubot 0.4.8.

  • [2012-01-24] The update.html page does not load at a minimum the state.js javascript and, as a results, the right sidebar is not initialized. Fixed by this commit:, the fix is already available in Neubot 0.4.8.

  • [2012-01-24] The update.html page pops up too frequently and should allow users to silence the warning. Fixed by this commit, the fix will be included in Neubot 0.4.9.

  • [2012-01-25] The neubot-nox-0.4.6-1_all.deb file was missing in the releases directory. Spotted by my aunt (!), thanks! This is now fixed in the releases site and has been fixed 2012-01-26.

  • [2012-01-25] The testing-only codepath for speedtest and bittorrent should nonetheless check the privacy settings. Noted while helping Tiziana to debug a Neubot problem with her laptop. Fixed by this commit:, and is already include in Neubot 0.4.8.

  • [2012-01-27] It has been reported that one would expected that when Neubot is disabled it should not open the browser. I think that, in general, one wants to receive notifications in any case, however, I've added a setting to let an user decide to receive no notifications when Neubot is disabled. Link to commit, and note that the fix will be included in Neubot 0.4.9.

  • [2012-01-30] The geographic redirection table has been disabled by mistake the 23rd January, and all tests where served by the master server. Found the hard way by Felipe Octaviano Delgado Busnello, many thanks! This is now fixed and I've added a number of checks to make sure it couldn't happen again. This has been fixed 2012-01-30.

  • [2012-02-13] The migration from database schema 4.1 to 4.2 (which takes place when updating to Neubot 0.4.6) is broken and, as a result, columns collected before Neubot 0.4.6 are permuted. Preliminary investigation of this issue suggests that the permutation depends on Python version and possibly system architecture. So, it should be possible to restore the correct column order at least when the system Python is the same that had created that mess. Link to the offending commit: Fixed by this commit:, the fix is included in Neubot 0.4.11.

  • [2012-01-26] The update.html page is not clear enough and should give, at a minimum, information about the number of version and the place where to download. It would be even better if it could provide a direct download link. Reported by and discussed with Felipe Octaviano Delgado Busnello, thanks! Fixed by Felipe Octaviano himself, with the following commit:

  • [2012-01-25] The user-wide database is a potential source of confusion and cognitive dissonance. The program should always read (and, if possible, write) settings from/to the system-wide database. This is not something that affects the casual user but you'll jump into this problem, sooner or later, if you start using Neubot from the command line. Noted while helping Tiziana to debug a Neubot problem with her laptop. Fixed in Neubot 0.4.14, where support for user-wide database has been removed.


  • [2012-01-24] The first automatic test may fail under MacOSX, because (apparently) the first test is attempted when the network is already down. The proper fix for this problem would be to register with the system to be notified that the network is up, and requires a bit of ObjC-fu. A reasonable workaround may be to periodically retry and backoff when the first rendezvous fails.

  • [2012-01-24] A FAQ section mentioning the security implications of publishing the user Internet address is missing. This question was asked me privately by someone on privacy@.

  • [2012-01-27] The web user interface should explain clearly how one can report a Neubot bug and should, at the minimum, provide the mailing list email address.

Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.