hmm, i can reach you all thru non-tor, but tor conn banns me
reason?

the server may block the exit node

so? gotta keep trying?

that might work
:-/

till a new exit node isnt on the blocked list
ok i try
talk about privacy
anonymisierungsdienst.foebud.org (Banned)

?

trying to go thru tor but they ban my tries

:(

its ok, ijust need some info here
but im looking for it
on the web

are v2 directory mirrors still any use?

$address (Plug,1)

or: mikeperry committed revision 21411 (/torflow/trunk/NetworkScanners):
or: Add code to dump stats on ratios for guard, middle, and exit
or: nodes.

hi all,
Does anyone succeed installing tor in Ubuntu Jaunty following http://www.torproject.org/docs/tor-doc-unix.html.en?
Since torproject.org is blocked here, I had to proxy the apt operation through another box with a working tor. But the new installed couldn't connect any relay node.

i gotta belive that tor on ubuntu works

yafrank: the relay nodes are publicly published so they are likely blocked by the GFWC. you will likely have to get a few bridge nodes and connect manually to those. once they get you onto the tor network you should be good to go with connecting to other peers.
from the tor docs... "Another way to find public bridge addresses is to send mail to bridges@torproject.org with the line "get bridges" by itself in the body of the mail. You'll need to send this request from a gmail account, though otherwise we make it too easy for an attacker to make a lot of email addresses and learn about all the bridges."

I guess it should work on Jaunty, since I haven't found much related complain from google.

it should work fine on jaunty.

The other working tor is a Ubuntu Hardy.

http://tinyvid.tv/show/3uiwckrlqynqv <--- video info about bridges,

The setup is relatively smooth except the apt proxy part.
Thanks, I'll check it right way.

no problem. good luck.

why gmail?
well i officially think requiring a gmail acct to get bridges sucks

I would guess that it allows the tor admins to offload the fake account phishing to gmail and lowers the number of possible abuse vectors to find out all the bridge relays. and gmail uses https so at least your mail requests are (somewhat) pivate.

everyone uses ssl
hotmail uses ssl

not everyone.

may providers use ssl for login only
err, many

up until recently gmail was the only one to allow always on https

phobos is correct.

u can always actually set up an IMAP or POP client
and force it all thru ssl

but the issue is account creation

afaik with hotmail and yahoo too

in this case
google tends to be a bit more picky

yeah, doesnt allow tor users for example
:)
they're nothing but trouble

I've had trouble with it, but Sebastian hasn't
so its hit or miss

Fred_: well then you have no need to use gmail to request bridges ;)

i dont currently
at all

Fred_: yeah, doesnt allow tor users for example <-- ref for my comment.

what was the other way to get one?
ah

well, I don't think it's caused by the ISP block so we need a bridge to bypass it, as the working tor in my Hardy is in the same lan of the corperate network.

yafrank: is the working hardy node making use of bridges at all? and remember, the blocks we are talking about are tor node IP's not the public isp ip at the edge of your corp network.
*remote tor node IPs

I don't know, It's the default one from Hardy,

then prolly not (and if its hardy then its an ancient version of tor)

if you run a relay with several ips, can you make one public and the rest bridge ips

And the box was setup maybe 2 years ago, shouldn't use the torproject.org repo.

Fred_: would not surprise me if the general ISP FW rules simply block a /29 or /28 when they find a tor node - just to be safe.

:(

I don't remember I ever put any bridge ips to the 0.2.0.34-1~hardy+1.
Does that mean the new version 0.2.1.21-1~jaunty+1 uses different tor nodes which is blocked here?

yafrank: try telnetting to 62.40.184.106 on port 9001 - its a public tor relay see if you get a connect

Connection closed by foreign host.

then its blocked.
its possible that your old tor node knows about a public relay that is not currently blocked and is using it.
just to be safe... you ARE doing this from a nice (reasonably annon corp environment) right?

OK, I guess I'll have to try the bridge as my new box is too new for Hardy. Is it possible to set it without vidalia?

yafrank: yes... you can hand config everything in the /etc/tor/torrc file

Thanks, gonna test it right now.

good luck and be safe

is there any benefit to multi ip relay then?

Fred_: not *really* sure... if I were trying to stop tor I would be pretty liberal in my use of at least /29's on known tor hosts. the devs (and a few others) might have more info on the usefulness of same subnet multi-ip tor nodes.

can anybody write the question to 1208 bug: "did subdirs of datadir was deleted for sure"?

Fred_: and once you know the ip addy of a tor node its pretty easy to remotely find the entire subnet. if its an allocated /28... then block it outright (because its usually under the control of a single person/organization.

yeah, doesnt look good for me

Fred_: and thats why Bridge nodes are pretty important for people living in countries where tor might get you a bullet in the head :(
like I said before, I'd run a few bridges - but my subnets are already 'dirty' *sigh*

will v6 help any in terms of supplying "clean" subnets?

j_r: by sheer volume possibly - ipv6 has a few other goodies that might make things easier as well.

yes I was referring to the volume
I have friends who have been given class Cs that were "dirty" in other respects

dnsbl's and other such horrors... yeah thats always an issue.

was a big botnet or something
got some very weird traffic
had to tweak the settings at the gateway
to block certain subnets

ouch... hope they got the upstream provider to help them sort it out.
nothing quite like getting handed an entire /24 thats blacklisted to hell and back.

yup
does Tor have many v6 visible relays?
any v6 only?
(assuming it supports v6 at all)

not sure... atm I'd say that 2.1.x is ipv4 only (at least in production) I've never seen an IPv6 relay.

ok
does that ever come up?
adding v6

any IPv6 testing that might have been done has prolly been done with v4 to v6 tunneling

yup
I don't have any sense for how useful it would be
some places are serious about v6

I'm sure it has (but I dont troll the channel enough)

but the US has so much of v4, that there isn't much push

I wish my provider would - I currently get v6 subnets via a tunnel broker.

I know some people in CA (state) who do it without a tunnel broker, but I don't think its common

v6 is gonna get important pretty quickly (next 2 years or so I would guess) there is quite a bit that can be done to put off the pain of a transition, but its a big train heading for most providers.
and (to get back on tor topic) it should be pretty easy to make tor fully ipv6 ready. everything is already there in most major os platforms.
and the abstraction between the transport and the address layer should already be there in tor

ok
well v6 deployment levels are relevant
tor has limited dev resources
only want to think about it if it would be widely beneficial in the next year or two

i h8 ajax

now that's #nottor
:D

lol yup it is.

hello could I please check basic tor settings for irc?
it is 9001 as the port?
xchat has a different way of asking for stuff than mirc
is address to bind to localhost? 127.0.0.1?
err 9050 sorry

9050 is socks

proxy server has me puzzled
address to bind to is 127.0.0.1
port socks5
erm 9050
proxy server?

sounds good

got nothing to put in proxy server though
leave it blank?
there is no other info I can find

localhost

same as address to bind to?
that is also localhost

i guess

xchat aqua has some dumb features
thx :)
well it seemed to work :))

how many hops do tor circuits have?

3

hi, is git.torproject.org up and running? I get timeout errors for about 2 weeks now

phobos: who is the admin there?

bnadland: no, not yet. It should work again in a bit (the git server is restored, we need to point dns over and fix a few related services). This should all happen in the next 24hours.

Sebastian: what happened?
bad disk?

thx, for reply. what happened?

http://209.85.129.132/search?q=cache:5eM9pUyaCC0J:www.mail-archive.com/or-talk%40freehaven.net/msg12331.html

so you just took it offline for 2 weeks because it *might* be vulnerable?
0.o
would have had the replacement set up first

Tarballs are still available. Having your source code repository compromised is not nice.

yup
as Fedora found out
heh

Sebastian: in the case of an old (working) node and a new (non-working, unable to peer due to GFWoC) would a simple temp solution be as simple as grabbing the cached-* files from the working node and firing up the new node with these files? (assuming the file format is the same from v2.0.x to v2.1.x)

QPrime: yes, that's a good idea

yafrank: see above ^^^^ as a possible option to try...
Sebastian: thanks, I was thinking about yafrank's issue a little more.

ah, I missed that I think.

can anybody write the question to 1208 bug: "did subdirs of datadir was deleted for sure"?

rieo: done

thanks

Sebastian: in yafrank's case his old node might have a descriptor cached and active that is currently not blocked (thats how he was able to pull a new tor version to a new box), but he's unable to get a new node up (tried telnet to a public entry and got a tcp RST) does the state file track current active connections? and would that also be needed on the new box to get his new node up asap? (if of course this is the problem to begin

your last message didn't go through completely
the state file contains his guards, and these might well be valuable information if they aren't blocked.
Active connections aren't recorded in there, though.

ok... understood. so a possible solution is to grab cached-* and state, copy over to a new install, fire it up and hope for the best (resorting to bridges if it fails totally). in his situation (assuming it worked) he'd also want to grab a few bridges as soon as possible as well to avoid possible issue sin the future. does that about sum it up?

yes

I wonder how often this might happen... a node thats left on for some time manages to peer with an unblocked node eventually. might there be some option for automatic dissemination of bridge nodes to these "almost lost" nodes?

I don't really understand what you're proposing here.

if a node has limited visibility of network peers it send a request to the ones that it can connect to. they hash the peer fingerprint and forward that to a directory server which stores the hash and dishes out (in a rate controlled way) possible bridges that are then forwarded to the node with limited visibility. requests from hashes that are seen too often (perhaps more than once a week) are discarded as bridge phishing attempts.
does this make any sense at all?

So you're saying that a relay uses bridges to connect to the network?

no, the relay is used to gather bridges to populate the troubled node with bridge node info.

Does Snader's thesis on path selection contribute much?
i.e. should I add it to my to-read queue?

basically looking for a way to have a node thats "in trouble" automatically ask for a limited number or bridge nodes (that may not be blocked)

where a node is a client

yes

ah. that won't work, clients don't have identities
But we do have a bridge authority that clients with a somewhat working network can connect to, to refresh bridge descriptors.

Hmm.. a non relay node has no identity?

http://ixquick.com is worth a look. Seems to have the best privacy policy of _any_ engine.

Sebastian: perhaps this has already been thought out and coded for... I'll have to use "the source" before I make pointless suggestions :P
"Clients with a somewhat working network" = clients that *are* able to make at least one peer connection to a tor node?

well, you shouldn't have to. But reading the bridges sec might be a good idea, http://gitweb.torproject.org/tor/tor.git/blob/HEAD:/doc/spec/bridges-spec.txt

dr|z3d: I'm trying to make the switch from google now... been using ixquick for a week.
Sebastian: looking now thanks
Sebastian: what is the current action a client (not using bridges) that is able to connect to a single entry and nothing else? does that client basically sit there attempting connections to other possible (non-bridge) entries learned via directory?

yes, it will pick a few guards, and try to connect to them