logs archiveIRC Archive / Oftc / #tor / 2009 / December / 22 / 1
arma
(Action) appears
redarrow
can I switch off my tor server till january as I'm not at home or will this cause several problems (it's just a middle node)
Runa
redarrow: shouldn't cause any problems
redarrow
Runa: ok, thank you - I will maybe move the server to my Fritz!Box (HomeServer), than the cost of running the computer 24/7 will no longer be an issue - but for know I have spend ~50GB in 16 days uptime ....
arma
where is the datadirectory for windows (vidalia bundle) users?
\Documents and Settings\Application Data\tor\ ?
dr|z3d
C:\Documents and Settings\<username\Application Data\tor
+-
arma
thanks
keb
on windows 6 and 7 would that be C:\Users\<username>\Apps\Local\tor ?
AppData
murb
except windows does internatinoalistation foo for Documents\ and\ settings etc.
so you can't assume that you have to use the environment.
         

AstralStorm
$USERDIR :)
$APPDATA
murb
well %USERDIR% or whever it is called.
AstralStorm
oh right, those percents
murb
%USERPROFILE%
ok the same on windows server 2008
nsa
or: sebastian committed revision 21311 (/projects/misc-sysadmin): added moria to known hosts
or: phobos committed revision 21312 (/website/trunk): revert r21309 and r21310
Goldstein
Is there any way to specify fast nodes only?
:)
Sebastian
Goldstein: Tor prefers fast nodes automatically.
Goldstein
doesnt seem like it
it's weird what fails
it just seems that some stuff isnt capable of dealing with slightly bigger latency
keb
WoW
Goldstein
what
keb
real time shooters wont work well
Goldstein
duh
keb
do you have some less obvious examples
Goldstein
though they might use udp
AstralStorm
VoIP over Tor? madness ;)
keb
yeah most voip is udp
Sebastian
almost all games and voip solutions use udp
AstralStorm
IRC needs fairly low latency, maybe other chat/IM protocols
Sebastian
AstralStorm: irc works just fine with Tor
AstralStorm
just fine with some few seconds of latency
could be better ;)
         

Sebastian
the biggest issue is that many circs don't last that long
AstralStorm
yes
even the stable nodes
tor really needs some way to migrate circuits
Sebastian
AstralStorm: with just fine, I mean that someone expecting Tor to be reasonable can use it well.
AstralStorm
hehe
Goldstein
well let me rephrase
Sebastian
AstralStorm: migrating circuits only helps when the exit node doesn't go away.
keb
i get kicked maybe once a day from irc, it seems fine for me
Goldstein
there are some features that appear to break with just slightly bigger latency
AstralStorm
what features and of which software
Sebastian
Goldstein: you're still not giving any examples.
AstralStorm
is it some kind of realtime chat protocol?
that happens to need really low latency (no idea why would that be)
keb
stock trading progs?
AstralStorm
tor for stock trading lol
it's far too slow
Goldstein
that's what sucks
silc
AstralStorm
there, 100ms ping can mean profit or loss
silc is chat, right? why would it be sensitive to latency
Goldstein
i cant join channels
AstralStorm
wth
Goldstein
unless I start with them joined
AstralStorm
bad luck in picking nodes
or something
oh wait
isn't silc P2P?
Goldstein
no, it's not that
AstralStorm
if it is, then you won't be able to find nodes via Tor
Goldstein
no
keb
sounds like a problem with your silc client setup
Goldstein
i understand that issue
maybe
AstralStorm
right, tor for any server protocols fails due to short life of circuits and no migration - migrating servers is hard
ok, SILC is two-way
same issue as with HTTPS - it will take more time to connect with it
Goldstein
well i'm having things where it tells me that I cant join a cchannel, then it tells me I'm already in a channel
all without a window open for it
i dont know that that happens without tor
AstralStorm
it is some timeout problem
too short one I guess
nsa
or: arma committed revision 21313 (/website/trunk): give translation priorities to torvm and vidalia front pages.
or: decide that gettor's page isn't worth translating yet.
kenobi
calling of connection_ap_can_use_exit() with excluded_means_no == 1 from choose_good_exit_server_general() duplicate logic of routersets_get_disjunction() and do nothing new for strictnodes do strictly work. If circ was _builded_ it can be used for edge conn with any "excluded" option.
arma
(Action) is summoned
(Action) tries to parse
kenobi: right. the Excluded part of the patch isn't done or in yet. see the 'strictnodes' branch in my public git for a few more commits that will come soon. but yes, more work remains there. i'm looking at the functions you mention to see if this is something known or not-yet-known.
Sebastian
kenobi: http://gitweb.torproject.org/tor/arma.git/shortlog/refs/heads/strictnodes this is the branch arma speaks of.
arma
ah ha. you're saying that when we're choosing an exit, we're first ignoring all exits that are in the excluded list,
and later we're removing all exits that are in the excluded list. no need to do both.
the new behaviors i want for excludenodes is that it should trump the exitnodes request. i want to make it behave in a reasonable way if you don't set strictnodes, so most people won't need to.
setting strictnodes is only about people who really never ever want to connect to a node in excludenode, even if tor thinks it's safe to do so. for example, if you want to rendezvous with a hidden service yet the introduction point is in your excludenodes, do you a) fail or b) do it anyway, since come on, how is connecting to that node going to harm you
keb
what if you "know" that node is being used as part of some attack, or not being used as part of your own attack
Sebastian
keb: hm? can you clarify?
arma
feel free to set strictnodes if you are willing to potentially break your tor's ability to succeed at the tor protocol.
the current entrynode behavior, if you don't set strictentrynode, is "here are some nodes i'd like you to use. feel free to use others too." that sucks.
keb
Sebastian well if strictnodes is actually obeyed, there is nothing to argue with
arma
yep. that's the plan. i plan to break your tor in mysterious ways if you set strictnodes.
you wanted to learn directory info? and you picked that one? no directory info for you.
you wanted to serve a hidden service? and the client picked that one for a rendezvous point? no talking to that client.
you wanted to publish your hidden service descriptor but the place to publish it is excluded? no publish for you
etc
Sebastian
I don't understand the first one, the others seem reasonable.
arma
yeah. we might be able to work around the first one. depends what dir info you're trying to learn.
i'll end up with a comprehensive list one day. a few days after i have nothing else i must do. :}
kenobi
then if no strictnodes set tor should respect excluded options for existen circs while choses one for exit.
Sebastian
kenobi: yep, that's correct.
arma
kenobi: in fact, when you set exitnodes or excludenodes or excludeexitnodes, it discards all your current circuits, to make sure that none of them violate your new requirements.
Sebastian
kenobi: but there are a few tricky questions. If you already have a circuit open, and you change your options, should that circuit be closed? If you set strictnodes, should it be killed?
ah
arma
sebastian: yes and yes
Sebastian
arma: I think we talked about this, and I think yes and yes is the sane answer. :)
keb
signal 1 causes re-read of options?
arma
the new plan is "if you set exitnodes, make it do what a reasonable arma would think exitnodes should do. that is, fail if it can't reasonably exit at the place you wanted to exit from."
Sebastian
keb: yes
kenobi
I mean circ builded for fetch HS decriptor, if no strictnodes and HSdir can be exit, such circ can be used later.
Sebastian
kenobi: that shouldn't happen anymore, unless there is a bug.
arma
"if you set entrynodes, and none of them are available, it should fail also." "if you set excludenodes, then never use of them, except for places where tor needs to and it shouldn't hurt much. if you set excludeexitnodes, never use one of them for an actual exit circuit. feel free to use them for non-exit circuits."
kenobi: search options_act() for
!routerset_equal(old_options->ExcludeNodes,options->ExcludeNodes)) ||
that calls
circuit_mark_all_unused_circs();
circuit_expire_all_dirty_circs();
kenobi
No for changed config, for the same.
arma
oh. reading again
hmmm.
yeah, we should make sure that doesn't happen. :)
in theory, we only need to check about ExcludeExitNodes there, right? since we won't have a circuit that ends at a node on ExcludeNodes, if my earlier code works.
Sebastian
hrm, but wait
Doesn't excludenodes without strictnodes mean "only use this node if I have to, but if I have to, use it wherever"
that's what it ought to mean, imo
arma
define 'have to'
if you say excludeexitnodes, or excludenodes, you should never ever use it as an exit. even if it's the only option.
if you say excludenodes, you should never ever use it as an entry. even if it's the only option.
kenobi
and middle
Sebastian
erm
arma
same with middle.
Sebastian
and what is strictnodes for, using that reasoning?
arma
but if you say excludenodes, you should still use it for interacting with a hidden service if the other side picked it, or for publishing your descriptor to, etc.
strictnodes is to rule out even those uses. never use it ever for anything.
Sebastian
ok, I got that. I thought we meant excludenodes to also allow exiting, if it was the only option.
arma
hm.
i'm not sure anymore. looking at the code.
kenobi
what about enclaved exit with those options?
Sebastian
(In the same sense that if we use entrynodes, and it is down, we don't break without strictnodes)
arma
kenobi: i think if exitnodes is set but not strictnodes, you should feel free to enclave exit at a place not in your exitnodes.
if excludenodes is set but not strictnodes, and the enclave is excluded, you should use it anyway (?)
and if excludenodes is set and strictnodes is set, and the enclave is excluded, you should skip it.
kenobi
but enclaving too easy manipulated by remote attacker via some web page.
Sebastian
right
i would say that in either case, we can use a different exit node
not hard to do, and we'd satisfy the user's request
(who came up with this "listen to feature requests" crap?)
arma: maybe it would be worthwhile if i wrote all of this down. And then we can agree or disagree on individual points, but we have a clear text that states what is going on?
keb
crikey a spec?
Sebastian
keb: we have an incompleted spec for that already, see https://git.torproject.org/checkout/tor/master/doc/spec/path-spec.txt
note the (easily overlooked) THIS SPEC ISN'T DONE YET.
keb
can people match spec versions with code versions easily
Sebastian
No, but it wouldn't be useful anyways. The spec in a specific git revision unfortunately isn't an exact represantation of what the code for that revision does/is supposed to do.
Many things get merged to the spec late, or never; while others might not actually be in the code.
(reality is a sad place, isn't it)
keb
well this should prove to skeptics that tor project isnt run by the military, they still use that waterfall model
Sebastian
erm...
"ok"
arma
waterfall model?
Sebastian
arma: your commit de34de3177842e346272749d515731ae65db20d9 fails tests, "File test.c: line 3503 (test_circuit_timeout): assertion failed: (!circuit_build_times_check_too_many_timeouts(&final))"
arma
woot
keb
spec, code, test, goto step 1
Sebastian
(only in your repo)
arma
sebastian: is it that commit, or that commit or older and we're not sure which?
Sebastian
it is only that commit, afaict
my script reported only that one, anyways. let me check.
ah. it was only that one, and newer commits pass again.
arma
wonder what i could have broken there
are you sure this isn't a unit test that fails extremely rarely?
Sebastian
no, I'm not sure.
arma
try it again on the same commit?
Sebastian
but the commit failed on my commit bot. Then I checked on my snow leopard machine, and it failed, too.
arma: ed2457b passes unit tests
and now de34de3177 passes, too
arma
funky.
Sebastian
wo
w
arma
ah ha.
i think you have uncovered a rare unit test failure in mike's code.
Sebastian
this might have been a very weird coincidence, but the same thing failed on my debian machine and my snow leopard box.
crazy.
arma
see also https://bugs.torproject.org/flyspray/index.php?do=details&id=1139
Thamster
how do people running exit nodes avoid prosecution?
read this article about a guy in the uk
http://calumog.wordpress.com/2009/03/18/why-you-need-balls-of-steel-to-operate-a-tor-exit-node/
Sebastian
Thamster: Many countries have sane laws, allowing you to relay traffic for others as long as you're not looking at what they're doing
Thamster
is the Us one of them?
Sebastian
yes
(as far as I know, I'm not a lawyer nor a us resident)
Thamster
so probably no then
Sebastian
If you want to take my yes as a no, then no.
Thamster
what kind of argument can you make if they trace your ip to some nefarious activity
that cause you didn't look at the packet
« prev 1 2 3 next »