logs archiveIRC Archive / Oftc / #tor / 2009 / November / 22 / 1
AstralStorm
hello
how can I increase the connection timeout per node in Tor?
15s is too small for a certain slowpoke of mine
keb
see CircuitBuildTimeout or SocksTimeout in man tor
hmm none of them default at 15 seconds
http://support.mozilla.com/tiki-view_forum_thread.php?comments_parentId=29493&forumId=1
is it a firefox problem?
Decepticon
what is privoxy and why do i need it
Triskelios
Decepticon: an HTTP proxy, and you may need it if your browser doesn't do DNS over SOCKS. a proxy is also good for caching; browsing will be much slower without one
keb
hmm what was the bug with firefox and socks5 not doing dns? i turned on network.proxy.socks_remote_dns in about:config and it seems to work
in firefox 3.5.5
according to this guy it was fixed in april https://bugzilla.mozilla.org/show_bug.cgi?id=134105
AstralStorm
keb: no no, there's another one
"We tried for 15 seconds to connect to '[scrubbed]' using exit 'bach'. Retrying on a new circuit."
this one
keb
ah
thats a low timeout
mine always tries for around 120 seconds
yeah the default SocksTimeout is 120 according to the manual
did you change anything?
AstralStorm
I did, but nothing has the value 15
(added a few more entry guards)
keb
well you could try adding SocksTimeout 120, restart Tor and see what happens
         

AstralStorm
I have that set to 300
keb
hmm
does it always give up after 15 seconds?
AstralStorm
not anymore
weird
keb
maybe only that exit node gives up at 15 seconds?
AstralStorm
no.
must've been some fluke
I blame solar particles
tor could use OutgoingBindInterface in addition to Address
less hassle for my dynamic ip address
(although yes, I could use a dummy interface with a dummy IP and a full NAT)
no, still the same message
I can pastebin my settings (no "this is unsafe" crap please)
http://dpaste.com/123477/
Decepticon
what is the command line priboxy should be st arted in vidalia with...
im on xp, can someone paste for vidalia 0.1.15
are there any mirrors for the vidalia installer
i realize im on an older vidalia version, and probably older tor. but the sites blocked for me
keb
http://tor.unfix.org/
http://www.oignon.net/
http://tor.zuo.la/
http://tor.sixxs.net/
Decepticon
thanks first one did it
shabby internet blocking
should i uninstall my older vidalia and then upgrade OR should i directly install 0.2.1.20-0.2.5 over 0.1.15
keb
might remove possible confusion
Decepticon
polipo has replaced privoxy?
misc
yes
(in tor bundle)
Decepticon
i have multiple firefox profiles, the bundle will install torbutton for all profiles i assume?
keb
the portable bundle makes a completely separate installation
the regular one will not work with multiple profiles afaik
Decepticon
is there somethign special about the version of torbutton in the bundle vs the one available on the web
keb
dont think so
same
1.2.2
Decepticon
i saw some -fix suffix at the end of that version #
never mind that was a -fx
keb
complete installation video http://tinyvid.tv/show/3lejztnthk2tm
more vids http://tinyvid.tv/
Decepticon
where can i see some statistics on the tor network
how many nodes. how much bandwidth
etc
AstralStorm
Decepticon: google is your friend :)
or even better, scroogle
keb
http://trunk.torstatus.kgprog.com/network_detail.php
and that
         

desalvionjr
hmmmmmmmmmmmm
windows media player just crashed...
Delamore
Is it possible to use Tor together with programs other than IRC clients and web browsers?
misc
yes
Delamore
How do I set it up to run with another program, such as a java app?
misc
either the softare support socks, or you have to use torify
cheako
[2009-11-21 19:24:44] SERVICE ALERT: localhost;tordns;OK;SOFT;2;DNS OK - 0.022 seconds response time (broker.freenet6.net. 60 IN A 81.171.72.10)
[2009-11-21 19:23:54] SERVICE ALERT: localhost;tordns;CRITICAL;SOFT;1;CRITICAL - Plugin timed out while executing system call
I get these periodically.
arma
cheako: what is generating those lines? (i.e. get those in what?)
AstralStorm: correct, tor has an internal timeout of 15 seconds for establishing the connection with the destination. this is probably a bug. it's been on my todo list to change it, but i'm not sure what to change it to. i think the right answer is to have tor adapt the timeout based on what it's seen for other connection timings.
AstralStorm
maybe
or maybe just offer an option?
arma
yep. what OS are you on?
AstralStorm
arma: Linux
the slowpoke connection does 64kbps
arma
compute_retry_timeout() in connection_edge.c is the function you want to change
AstralStorm
Tor is suprisingly still usable there, but I bet fixing this bug will help it
mhm
and add an option for torrc?
ConnectionTimeout <seconds>?
arma
well, if i were in your boat, i'd just hack it locally and be happy :)
AstralStorm
fixing it properly won't take much more time
can't spare any to fix it right now anyway
arma
ok. can you run tor from git?
AstralStorm
it works fine after I added traffic shaping to the interface
sfq = wondrous
I *am* running tor from git ;p
(after checking the changelog)
anyway, such a git patch would be trivial to backport
arma
yep. i'll add an option for this in a bit.
my sandbox is full of other changes currently. need to get them in order first.
AstralStorm
thanks :)
nsa
or: phobos committed revision 21008 (/projects/todo): fix the resource allocation, update some tasks, update the pdf
or: arma@seul.org committed patch by Roger Dingledine <arma@torproject.org> at Sat, 21 Nov 2009 22:57:29 -0500 (EST) to tor/master: bump to 0.2.2.6-alpha-dev
AstralStorm
nsa is slow today ;)
nsa
or: arma@seul.org committed patch by Roger Dingledine <arma@torproject.org> at Sat, 21 Nov 2009 22:59:57 -0500 (EST) to tor/master: stop assuming that our downcasts have a struct offset of 0
arma
slow?
nsa
or: arma@seul.org committed patch by Roger Dingledine <arma@torproject.org> at Sat, 21 Nov 2009 23:02:59 -0500 (EST) to tor/master: clobber connections with different number than we clobber circuits
AstralStorm
oh wait
this is EST ;)
nsa
or: arma@seul.org committed patch by Roger Dingledine <arma@torproject.org> at Sat, 21 Nov 2009 23:10:14 -0500 (EST) to tor/master: If somebody tries to overflow my dirport, don't log his IP by default.
arma
ok. so what should we actually call this config option? we try to avoid using the word Connection because it means everything and anything.
it could be a StreamTimeout, but it isn't a stream timeout. it's a timeout for when we should give up on one circuit for that stream, and try a new circuit.
PerCircuitStreamTimeout is slightly more accurate, but a horrible name.
maybe CircuitStreamTimeout is it. to go with CircuitBuildTimeout and CircuitIdleTimeout.
(Action) goes with that
there you go.
let me know if it works :)
nsa
or: arma@seul.org committed patch by Roger Dingledine <arma@torproject.org> at Sat, 21 Nov 2009 23:37:18 -0500 (EST) to tor/master: New config option "CircuitStreamTimeout"
arma
http://www.wired.com/vanish/2009/11/ff_vanish2/
Sebastian
arma: you didn't set a minimum for CircuitStreamTimeout. Was that on purpose? Also you didn't add it to the manpage
arma
hmmmm. a minimum might be useful. setting it to 2 seconds would mean that you churn through a *lot* of circuits, but perhaps the one you end up with would be quite fast.
(Action) disappears for a bit, will fix when he returns
keb
(Action) launches #Hunt_for_Arma
G-Lo
Hi, is there something that will be implemented to prevent Tor to build a circuit where entry and exit nodes are in the same country?
xtoaster
um... i think use entryguard and exitnode parameter can achieve a similar effect.
G-Lo
I know, but I thought that this was a so big anonymity break that it should be hardcoded in Tor...
I was thnking about this because half of my circuits are GER - GER
Sebastian
G-Lo: no, there isn't.
G-Lo
germany keeping records of connexions for a long time, i was wandering
xtoaster
peer block doesnt look like a necessary part of a mix network framework. maybe it would be better if external part like vidalia can do that.
G-Lo
adding ExcludeExitNodes {de} could be a good solution?
Sebastian
G-Lo: My (exit) node is located in Germany, and doesn't log anything.
G-Lo
Sebastian: yes, but I heard that german FAI had to record everything
Sebastian
G-Lo: You could exclude all German exits, but that doesn't make you any safer. Let's say your entry is in Poland and your exit in the US, your Traffic _WILL_ go through Frankfurt
probably more than once
G-Lo
so let's use https everytime is what you say?
Sebastian
The current intuition (as there is no research in either direction) is that you hurt yourself way more if you disallow two nodes from the same country in the same circuit, because it severly cuts down on your possible routes
G-Lo
<Sebastian> The current intuition (as there is no research in either direction) is that you hurt yourself way more if you disallow two nodes from the same country in the same circuit, because it severly cuts down on your possible routes << yes, especially germany and it's 6-700 nodes :(
Sebastian
I know what I said, no need to quote it :)
I'm happy we have that many nodes in Germany
I'm sad we don't have as many per resident in other countries
G-Lo
sure, but with a 40secs lag, i'm not sure you have my answer at the right moment ;)
xtoaster
Sebastian: better not per resident :-)
Sebastian
xtoaster: I don't understand
xtoaster: In my dream world, a majority of people everywhere would see the need for technologies like Tor
xtoaster
cn relay are almost useless
Sebastian
G-Lo: anyways, there is no such thing in Tor currently
xtoaster: I don't think they are at all.
G-Lo
thanks for the answer Sebastian
xtoaster
but the current status is they are seperated from tor hq's
Sebastian
xtoaster: They clearly show that Tor is important to some Chinese people, and that they're willing to take a risk by operating a node. They are entry points into the network, and they can help show the rest of the world how restricted the internet is compared to what we have
xtoaster: of course, if they're blocked completely, that's also a sign to the outside world
Sometimes you're doing good by showing others how you're prevented from doing what you want to be doing
They might not contribute to the Tor network directly, but they do help promote a free internet. This doesn't have to be one of Tor's explicit goals to make it a good thing
xtoaster
It seem to me that not many people really want to run relay esp at risk in such a country, unless on purpose. good or bad.
Sebastian
The same is true about Germany, the US, ...
Maybe on different levels wrt your own safety, but still a big enough burden to prevent them from running relays
xtoaster
freedom is not free any more :-(
arma
g-lo: right. don't just think about the physical location of your relays. think also about where your traffic originates (your isp), and where your destination is, and where the traffic goes between you and the tor network, between the tor network and the destination, and between nodes.
g-lo: the sad truth is that there are 8 or 10 bottlenecks on the internet, and probably multiple organizations have a pretty good handle on how to tap them.
wish i had more cheerful news :}
Sebastian
nice smiley, though
arma: if you don't get to it, I can do the patch for a minimum value later, and write a manpage entry.
nsa
or: arma@seul.org committed patch by Roger Dingledine <arma@torproject.org> at Sun, 22 Nov 2009 07:16:23 -0500 (EST) to tor/master: add a minimum for CircuitStreamTimeout, plus a man page
SwissTorExit
a question about the "circuitStreamTimeout" what will be resonable for a quick relay ?
and moring to everyone btw :P
ABCDE
"Clients under attack.", "Death from the circuit.", "Segfaults will back to client's nightmare". it's sounds like cinema action. Truth is out here, it's almost here. Client could be crashed by any evil intermidate relay, while circuit has been extended. fix if needed is http://paste.pocoo.org/show/BQPoGOcTiWlxZnUXFL2b/
That was wrong alarm, wrong reads :) Ignore text and link.
SwissTorExit
i have a question with shh tunnel over putty, i know what set for config but dunno if under session login i need choose "host 127.0.0.1" and port 9050
but don't think so lol
G-Lo
SwissTorExit: port 9051 is default
to control Tor
SwissTorExit
yeah but i need use socks not as controler if i am right
i don't really get it, i try finf the page i have see
G-Lo: http://itnomad.wordpress.com/2006/09/28/tor-howto-using-tor-through-a-ssh-tunnel/
look under at putty, i have config right but dunno what put on log session, so i dunno how start putty or if i need start it
G-Lo
can't help you, i'm using telnet for that
maybe it's the same, anyway. try to type: authenticate "yourpassword" (with the quotes)
SwissTorExit
i just will try setup a tunnel sll between my application and Tor
i have no password because vidalia do random
yeah you have sure right and need have a pass to connect...
G-Lo
it may be usefull :)
SwissTorExit
oh i am stupid, that's maybe privoxy who run already on it, i will try in my VM ...
ahahah
G-Lo
err, privoxy is using the socks port (9050 default) while you have to use control port (9051) to pass commands, or I have missed something?
SwissTorExit
well i don't want access with putty, only use it as a ssl tunnel to encrypt all traffic if i have right understand
G-Lo
weel, you have to set 127.0.0.1:9050 as proxy in putty to do that, as any other proxified application
*well
SwissTorExit
brb
ok ok, i will try :P
i have restarted Tor now with circuitstreamtimout at 20, dunno if are good
Sebastian
SwissTorExit: CircuitStreamTimeout will have nothing to do with relays
SwissTorExit
i think that it 60 by default
but it's about my client no ?
it's the when wait Tor to use another stream no ?
Sebastian
SwissTorExit: it's a client option, and the default is 15. Not setting it makes most sense for you
SwissTorExit
i have mean that will change more quickly to another stream:/ sad for me
« prev 1 2 next »