logs archiveIRC Archive / Oftc / #tor / 2009 / December / 3 / 1
calwig
Has anyone got a comment on the INDECT program in Europe?
phobos
what is INDECT?
misc
a european project
http://www.indect-project.eu/ ( connexion refused here )
http://www.telegraph.co.uk/news/uknews/6210255/EU-funding-Orwellian-artificial-intelligence-plan-to-monitor-public-for-abnormal-behaviour.html
calwig
as far as Tor is concerned, since their onion will actually enclose Tor within it, Im trying to figure out the schematics and math behind how much INDECT can do to synchronize with data flowing from nodes to detect where the data is originating from
phobos
off the top of my head, this could mean not starting and ending a circuit in europe
forcing geographical diversity in some anonymizing way
s
phobos: ts ts
dont know about indect? :)
read WL :P
INDECT does not really relate to Tor though
i mean, its happening on a different level
Tor is transport
INDECT is content
and not content of transport
calwig
s i see
phobos
i can only pay attention to so many Big Brother's at once
;)
s
calwig: it will harvest content from websites, chats, tweets, facebook etc
so all the places you put data
which only relates to network transport to a certain extent
         

phobos
i'm sure IP addresese are part of it
s
would be much more important to get people to fu*kin stop using this social media crap
phobos
and they'll do some silly stylometry analysis to determine if it's the same person or not
s
phobos: yes, sure, but a smaller part
INDECT right now is a data structure
it will only define howto correlate all sorts of data
phobos
this sounds like the US falcon program
s
yes
calwig
i agree with the social media hype
(to stop using it)
phobos
it's FANTOM not falcon, sorry
http://www.fbi.gov/page2/july09/STAO_073109.html
and the cia's open source intelligence thing
s
heard of SEAS?
calwig
is there anything running now to determine circuit source
s
thats the bigger scheme i think
phobos
and then the FSB has one
and china has one
calwig
in relation to IP source etc
phobos
if it's not stopping terrorism, it's stopping child porn
s
Synthetic Environments for Analysis and Simulation
phobos
...as the reasons to do it
s
also a US based program
pulls all sorts of data and generates a behaviour pattern for every US citizen
when diverting from that simulated pattern, one gets flagged
phobos
that's why i buy fertilier and diesel fuel regularly ;)
s
phobos: hahaha
phobos
totally normal, nothing to see here
         

calwig
hmm
(Action) googles
s
http://www.theregister.com/2007/06/23/sentient_worlds/print.html
there
SWS
setient world simulation
thats making use of SEAS
calwig
lots to read
s
yeah
_the_ general problem
too much to read
calwig
agreed
phobos, unabomber you!
ok outta here
nsa
or: phobos committed revision 21091 (/website/trunk/en): add running a relay as a fine way to donate to tor
or: phobos committed revision 21092 (/website/trunk/en): text fixes
hammergod
i am not able to install vidalia in my fedora 12 box
udo
why not?
what happens?
what did you try?
any error messages?
hammergod
i am having qt4 installed
error is CMake Error at common/CMakeLists.txt:25 (qt4_wrap_cpp):
i am in src directory did cmake . && make
keb
did you install qt4-devel package
hammergod
checked it was not there installing now
installed but still same problem frnds
Sebastian
did you make clean or whatever that is called for cmake?
(also try #vidalia)
hammergod
cmake . && make
Sebastian
well, that's not what I mean
you might need to regenerate some cached files
hammergod
okay
nsa
or: kloesing committed revision 21093 (/projects/todo): Add another branch in the hope that someone will notice and feel like merging into master.
udo
any ideas bout https://bugs.torproject.org/flyspray/index.php?do=details&id=1158 ?
I telnet to 9001 and get in the log
Dec 02 11:43:11.358 [info] TLS error while handshaking with [scrubbed]: unknown protocol (in SSL routines:SSL23_GET_CLIENT_HELLO)
I also see tor routers being communicated
but no real traffic
http://pindarots.xs4all.nl/mrtg/tor.html
ever since upgrading to fedora 12.
why?
coderman
udo: telnet does no TLS handshake, that is propably the source of your info log TLS error. also why use a DNS name in Address? (why set address at all?)
as for no real traffic, if you've been skipped in a consensus due to down time, it may take many hours for traffic to resume.
last but not least, are you having any firewall issues, or running in enforcing mode?
udo
what address?
hours? it's days now
no selinux
firewall is open
there is communication with routers for tor
routerlist_remove_old_routers(): We have 96 live routers and 0 old router descriptors.
etc
with address removed it still finds the correct address but with a lot more jojo-ing in the logging.
multiple times liek: i fond X and Y, Y is private so I'll use X
etc
coderman
ok
if you've got live routers connected, how long has it been up that way?
udo
I just restarted it
coderman
the debug log attached to that entry seems to indicate you need a latest tor; the failed renegotiation is likely due to OpenSSL 1.0.0-fips-beta4
udo
but before that it was up for at least 24 hours of not 48
coderman
have you updated from 0.2.1.20 since?
udo
I have fedora 12 which has openssl 1.0.0.
so I will insatll 0.2.2.6 then
install...
it didn't give much change at an earlier try
coderman
try that. becuase i believe your OpenSSL 1.0.0-fips-beta4 has the renegotiation "fix" backported and you will need a "fix"'ed tor (at least 0.2.2.6 or git latest) to work correctly.
udo
or git?
maybe I should try git anyway?
coderman
sure
udo
how cna I confirm from info.log that tsuff is different?
I mean, different messages?
coderman
confirmed in beta4: - Initial TLS session renegotiation fix
udo: in the debug log
you'll see tor_tls_handshake(): Completed V2 TLS handshake with client; waiting for renegotiation.
followed by TLS error while reading with [scrubbed]: parse tlsext (in SSL routines:SSL3_GET_CLIENT_HELLO)
if it is broken
(like you see)
udo
aha.
ok
coderman
if those go away, hopefully you'll be in better shape.
udo
and is there a way to turn off debugging without restatring tor?
restarting
I mean: sigusr to get debug
and how to go back?
coderman
SIGHUP should re-parse config. but i've never tried enabling and disabling debug log via config reload and sighup
worth a shot
also i see you've got "HardwareAccel" turned on. what engine do you have?
you will likely need to set a new "AccelName" option with the right name to actually get accelerated crypto
like: AccelName padlock
udo
VIA Epia with C7 Esther CPU
I had that on but turned it of to see if it made a difference
for the 0.2.1.x tor I had a patch to set the name of the engine
to padlock
coderman
turn it back on; it wasn't the source of any problems most likely :)
udo
aha.
I just cloned git
now building etc
just launched the git version
hmmz not using my torrc
coderman
you should see confirmation the padlock engine is working in the notices log too.
udo
padlock is being used according to debug log
notice (the window that I started tor in shows notice) does not say anything about it
maybe info?
coderman
notice only shows notices in console until it open the notices log file.
but i think it is in info too.
udo
`grep info debug.log` does show the padlock messages
coderman
is it happy now?
udo
hmm. it is running
but I see no circuit message yet about success
coderman
any more of those: TLS error while reading with [scrubbed]: parse tlsext (in SSL routines:SSL3_GET_CLIENT_HELLO)
udo
Dec 03 13:17:54.802 [info] circuit_testing_failed(): Our testing circuit (to see if your ORPort is reachable) has failed. I'll try again later.
Dec 03 13:18:57.316 [debug] TLS error while reading with [scrubbed]: parse tlsext (in SSL routines:SSL3_GET_CLIENT_HELLO:SSL3_ST_SR_CLNT_HELLO_C)
yes
this is from master git
coderman
crud. it could be that the fix for openssl 0.9.8l does not apply to 1.0.0-beta4
udo
openssl-1.0.0-0.13.beta4.fc12.i686 here
from fedora
but if an app has to work around openssl issues
why not fix openssl?
ios there a bug yet?
or should I file one in fedora bugzilla?
against openssl that is
since I am not running fedora tor
coderman
they know it is a problem
there's just no quick fix
(or rather, the quick fix has side effects :)
just a sec, i think there might be an easy fix for 1.0.0-beta4
udo
ok, just let me know...
coderman
yeah, the 1.0.0-beta4 did things different. updating ticket. will have a fix for you to try in just a sec
udo
http://marc.info/?l=openssl-dev&m=124750975421012&w=2 ?
ok, I will sip my beer in the mean time ;-)
coderman
(Action) is still building 1.0.0 beta4 :/
udo
hmm. that takes a while, at least on my 1 GHZ C7 Ester (LT10000)
coderman
you won't have to
i just want to confirm the fix
udo
ok
so the change will be in tor
and not in openssl?
(saw the flyspray comment)
coderman
right
udo
it will be in git then?
coderman
ok, this patched fixes 1.0.0-beta4 for me: https://data.peertech.org/files/fix-reneg.diff.txt
at some point, but i don't have commit, and this may require some additional coding / scrutiny
udo
so applying just this patch is not enough?
because I can do so and test, of course
coderman
no, applying that will fix it
try it
you just can't do a git pull to fix (yet)
udo
ok I will try the patch then!
patched, built, restarted
« prev 1 2 next »