logs archiveIRC Archive / Oftc / #tor / 2010 / January / 22 / 1
jr_
sjmurdoch: ping
arma
you could try sending him mail :)
jr_
:P
how quaint
:)
Luser
hello. got a technical question.
arma
if you ask, people are more likely to answer
Luser
right. I'm behind a router, and my relay doesn't seem to work right. must I disable the router's firewall? also - why doesn't my relay show up in the list?
arma
can incoming connections reach your relay?
or does "behind a router" mean that it's filtering incoming connections?
Luser
yes.
to the second question.
arma
ah. you need to be reachable to be a relay
that doesn't necessarily mean disabling the router's firewall. it just means forwarding the port.
         

Luser
what ports? 443 and 9001?
arma
whichever ports you configured in your torrc. doing just ORPort should be sufficient
Luser
I don't know exactly what to do.
arma
what OS?
Luser
WinXP, Vidalia
arma
in your vidalia 'sharing' window, what number does it say next to "Relay Port"?
Luser
443
arma
unclick 'mirror the relay directory'. 443 is the only port you need to forward.
Luser
so I can change it to anything else?
arma
it's possible that your router already supports upnp, which is a protocol to automatically do port forwarding.
(yes, you can change 443 to some other number if you want)
(but if you change it, then the new number is the one you need to forward)
Luser
Ok thanks.
tacit
I'm working on the openSUSE package. Are there anyknown outages after the recent release that would explain this: http://pastebin.com/d5c914f1a
Luser
another one: how can I be a non-exit relay node?
disabling everything in exit policies?
arma
tacit: don't we have an opensuse rpm on the download page already?
luser: correct
tacit: it looks like you are using an openssl version that disables tls renegotiation.
tacit: is this the system openssl?
Luser
arma: understood. thanks and bye.
tacit
arma: You do have a package but this one is different. :-)
arma
tacit: which openssl are you using?
tacit
0.9.8k
arma
really? are you sure it's not 0.9.8k-with-a-bunch-of-unspecified-hacks-by-the-opensuse-people?
tacit
the 0.2.1.21 build worked. Hmm.
I'll review the build, thanks.
again for the openSUSE package http://pastebin.com/d5c914f1a It was actually linked against the older version of openSSL but ran under the newer version.
oh
well that doesn't make sense with shared libraries.
         

jr_
arma: http://lists.freebsd.org/pipermail/cvs-ports/2010-January/187741.html
updated to .22 and now uses openssl from ports
arma
tacit: openssl version mismatches could do it
tacit
Yes I build against the openSSL version initially released with openSUSE.
arma
tacit: a few distributions, mostly bsd-based, have decided to take it upon themselves to remove parts of openssl, even though the openssl people decided not to. it would be a shame if opensuse did that too.
tacit
I'll check the package but I figure that we don't do that.
arma
your log sure looks like it
though. hm.
i wonder if some relays have upgraded and they can't make any tls connections but they still run and advertise.
Sebastian
I've heard that apple didn't disable all renegotiation
I wonder if we're incompatible with some version that would theoretically allow us to work.
tacit
arma: Works now with the newly build package.
arma
tacit: ah good.
ln5
arma: i hear that osx uses 0.9.8l unpatched. the only thing tor needs in that case is to set SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION. right?
arma
right. tor even tries to set it, i believe.
it might try poorly
it might also be that it only tries if it's there in the headers
ioerror_kef
hi jr_
jr_
hi
arma
which means if phobos does an apple update, and then builds a new osx bundle, then his bundle will try to set it.
(and if people who haven't updated try to use his bundle, it will try to set an option that doesn't exist and fail? whee.)
Sebastian
arma: I did build master on OS X
doesn't work.
arma
hm.
nickm is the one who did those hacks
BarkerJr
arma, vidalia says no people are using my bridge
which is wrong, btw, cause the bandwidth graph is showing usage
arma
tor's count that it tells vidalia is 24 hours delayed
we don't want you to be watching and then have it say "the person who just connected, just now at this timestamp, was from vietnam!"
that's the sort of thing that shouldn't be in logs
BarkerJr
ah, didn't know this stuff was logged
arma
might be, might not be
if it comes out of tor, it could be logged
so tor only exports data that we hope is pretty safe
BarkerJr
I assumed vidalia asked for the data
arma
it does, and tor caches the data that it exports every day or so, and answers with whatever it exported latest
we use exactly the same data to build our users-of-bridges graphs
http://metrics.torproject.org/graphs.html
BarkerJr
so this really discourages people from running bridges on PCs that are not always-on
cause they think their bridge is never used, so why bother running it
arma
i talked about this issue in my or-dev post about bridges
you should read it
BarkerJr
how many months ago? :)
nsa
or: mikeperry committed revision 21470 (/torflow/trunk/CircuitAnalysis/BuildTimes/CBT-Test):
or: Add some more output, test the 100% case more, and add a list
or: of experiments to run for final output.
heavenraiser
Tired of NIGGERS? Sick of their monkeyshines? Would you rather never have to deal with the fecal-colored beast? Then you are not alone! Join us at Chimpout Forum! http://www.chimpout.com/forum At Chimpout WE ARE NOT WHITE SUPREMACISTS! We welcome anybody who isn't a NIGGER and who HATES NIGGERS! http://www.chimpout.com/forum
arma
barkerjr: uhm. early december i think.
d-b
(Action) wonders when a patched tor will be in debian stable
arma
debian *stable*, eh?
it could be a while. they don't do patches much.
you could use the deb.torproject.org debs
d-b
arma: they do security patches.
if the only change is the sigs and the servers, i don't see why it wouldn't get pushed through.
arma
yep. it's in the queue somewhere.
for the next point release
debian stable is still on tor 0.2.0.x, which is nearly but not quite obsolete.
we're keeping it on life support, barely, just for debian.
btw, you'll find 0.2.2.7-alpha to be way faster :)
d-b
arma: well im a relay node mostly.
i don't care much for speed.
arma
ah. relays on 0.2.0.35 should still be ok.
you might provide a not quite up to date consensus, if any of the authorities go down. but that's not the end of the world.
in any case, weasel told me it's in the queue for the next point release. so, soon i hope.
d-b
well that's fine, this relay only has a set amount of bandiwdth so it drops in and out
:P
arma
we also fixed a way to crash your relay, you'll be happy to hear :)
d-b
arma: oh good if it crashes im not the one who knows tho
arma
hum?
d-b
i might just go oh um, that process which used a fair amount of ram has gone.
i should fix that.
arma: i probably wouldn't notice
if it let me define different bandiwdth amounts for different periods that might be more useful.
but i am meant to trust that these newer packages that i get from the tor project are not backdoored now :P
arma
you had to trust the old ones too, right?
you can set different rate limits for different time periods. the simple way is to set a cron to rewrite your torrc and then hup your tor.
QPrime
d-b: fire up your compiler.
d-b
arma: well atm ive only installed from debian
arma
d-b: right, and who wrote the tor that debian ships? :)
d-b
arma: yes but i assume this was before it was pwned.
actually
any ideas when the server/s were actually pwned?
arma
july 2009 and august 2009, we believe
also, what do you mean by the "it" that was pwned?
i'm pretty sure tor, the source, wasn't. and tor, the website and tarballs and stuff, weren't either.
d-b
arma: i just meant the server. not tor
i assume people who made commits in the time that was affected have already reviewied them etc. /git is not svn.
arma
fortunately
d-b
yes, svn is horrible!
nsa
or: arma committed revision 21471 (/projects/articles): tighten up part of the next section, and give it the full conclusion
or: and bio back if we're going to turn this into a policy paper
QPrime
re: Tor bridges and the (apparent) ease of hostile firewalls discovering bridges; is there any point of a 'proof of work' challenge/response to the current e-mail based bridge request system? perhaps something torturous (no pun intended) to additionally slowdown the harvesting? just a (likely) useless thought on this issue.
otoh, might be self defeating as a possible DoS on the box handing out bridge nodes, so perhaps not. :(
diddy
Anybody has an idea why my privoxy died? Since an update on Ubuntu a while ago I am having a problem with privoxy. It won't run on startup. when I try to restart it I get: sudo /etc/init.d/privoxy restart
* Restarting filtering proxy server privoxy [fail]

Only after restarting the PC it will work again. That is such a nuisance.
SwissTorExit
hi diddy, if you run karmic, there has a bug somewhere who break privoxy, it'possible same for you
have you set 127.0.0.1 instead "localhost" ?
diddy
SwissTorExit, Yes, I use karmic.
SwissTorExit
and after that use synaptic and try reinstall privoy, it must work after that
diddy
SwissTorExit, but I never had problems with Privoxy on Karmic, this only started recently.
SwissTorExit, where?
SwissTorExit
yeah i know, it can come one day and never see it after too
diddy
SwissTorExit, where to I have to set 127.0.0.1 ?
SwissTorExit
well by default privoxy are set to "localhost 8118" but seem make problem, so use 127.0.0.1 8118 and with synaptic, use "reinstall " fonction to i hope will fix that
in your config file
hang on
here : /etc/privoxy/config
diddy
SwissTorExit, thank you
SwissTorExit
you are welcome, i think that will work, well for mostly sure
diddy
SwissTorExit, looking good. You rock. Thx a lot for your help.
SwissTorExit
:P
enjoy :D
lokkju_wrk_
so... why isn't the security breach thing on the main Tor site or the Tor blog? or am I blind?
SwissTorExit
lokkju_wrk_: ?
about what ?
Runa
SwissTorExit: there was a security breach earlier this month
SwissTorExit: see email to or-talk
lokkju_wrk_: I'm not sure why the information isn't there.
lokkju_wrk_
and I read the email, but you would think that should be on the Blog at the least
SwissTorExit
hey Runa, thanks, well i have mean that he speak about pivoxy,that's why i don't get it...
lol
Runa
SwissTorExit: hey, np :)
Makai
Hi people, is there someting wrong with the Tor network? Can't connect since two days ago. Installed newest OSX version and still have this problem.
dr|z3d
Tor network's fine, Makai. Sure you haven't wrongly configured your setup?
QPrime
there is info about an OSX SSL issue thats floating around
with a recent OSX update.
Makai
QPrime, ok. I did perform an update recently.
QPrime
quote from mailing list... "It looks like the latest OS X update removes a feature from the system
OpenSSL library, and Tor needs this feature to operate."
Makai
I'll look it up and see if I can find any info on it.
Perhaps there is a workaround
QPrime
good luck :)
a new OSX Tor package with statically linked OpenSSL should be available in a few days if you cant find a quick fix in the meantime.
Makai
QPrime, Ok. Thanks for the info ;)
QPrime
np
Makai
:( No workarounds yet that I can find
Runa
Makai: not yet, no :(
QPrime
pitty... not even a library preload? (I know nothing about BSD/OSX)
Luser
hello. my node can't "confirm that its ORPort is reachable". is this important?
QPrime
do you plan to relay traffic for other users are are you simply looking to be a client?
Luser
relay, non-exit node.
QPrime
then its important. as a replay node you have to be reachable from the outside. have you checked your router/firewall settings?
*relay
Luser
I auto-configured UPnP without problems.
as for the firewall, what should I check?
QPrime
I'm old school - none of this UPnP for me... ;) have you checked the port forward settings on your router
Runa
Luser: check if the port is open
QPrime
software firewall of built into a hardware router?
Luser
qprime: I was scared.
QPrime
of=or
Luser
my OS has a firewall, so does the router.
QPrime
windows?
Luser
yes.
QPrime
xp/vista/other?
« prev 1 2 3 next »