logs archiveIRC Archive / Oftc / #tor / 2010 / January / 6 / 1
jr_
how many other ORs does a typical OR interact with at once?
IOW, how many TLS tunnels does it maintain?
arma: re-read the thesis, one thing I don't agree with is using a single unconnected socket - that may work well on linux, but it adds a lot of overhead to bind / and resolve the destination on each packet sent
arma
jr_: a typical tor relay has a few thousand TLS connections open at once
fast tor relays have 15k to 20k tls connections open at once
jr_
fast == how many Mbps?
arma
10 or more?
jr_
ok
arma
the more bandwidth they advertise, the more users they attract
jr_
and an active relay is potentially interacting with every other relay?
arma
yep. probably is.
if you take 2000 relays, and build 1.2M circuits over them, probably most edges are used.
jr_
ok
I think most of the overhead of having that many sockets open is the TCP buffering, so UDP shouldn't have that issue, but I'll need to test windows to see how it actually behaves in practice
         

arma
yeah. i'm a bit worried on the udp side that we'd miss packets if they're coming in that fast
we might need a separate thread that just reads packets and sticks them somewhere
Sebastian
Wouldn't that be a smart idea wrt performing better on multicore-systems?
arma
you mean with tcp, or udp?
with tcp, our kernel does the "read packets and stick them somewhere" for us
Sebastian
arma: with udp.
arma
ah. could be.
but even if there's only one core, it would still be good.
Sebastian
sure
jr__
Sebastian: more sockets up to some point equals more parallelism
arma
(what if that one core is busy doing a public key crypto op? then we miss packets)
jr__
I would definitely have a dedicated receiver thread
Sebastian
we should just rip that out of Tor if it makes it slow. Who needs crypto, anyways.
look at all the open unencrypted proxies
jr__
(Action) puts Sebastian back in the box
misc
(Action) puts the box in the river
Sebastian
I can feel the love.
chris_
hi boys
why's tor so slow?
noncombatant
chris_ is NOT me
just putting that out there :)
Sebastian
chris_: https://www.torproject.org/faq#WhySlow
if you want the long answer
the short answer is: There are less than 2000 relays for hundreds of thousands of users
jr__
chris_: www.freehaven.net/anonbib/cache/reardon-thesis.pdf
Sebastian: depends on what he means by slow
I don't use it because of latency
if he wants his bittorrent to go faster
chris_
it takes forever to load heise.de, e.g.
noncombatant
I have to call my ISP and get more bandwidth, then turn on a relay again
jr__
then yes, limited relays is the problem
         

noncombatant
like the good old days
jr__
chris_: read the thesis
chris_: in shrt
in short
chris_
i'm running a 500 kb/s node .. i should get at least some speed .. otherwise it sucks ..
Sebastian
jr__: my answer is correct in almost all cases of people coming here, bt users usually don't complain, they can wait :)
jr__
interactive TCP connections are penalized by bulk transfers
because they share the same congestion window
Sebastian
chris_: Unfortunately, we have no design implemented yet that gives you better speed when you're running a relay
chris_
pittyy
jr__
chris_: it is being discussed
Sebastian
chris_: the main reason is that it is very hard to do so safely
jr__
chris_: the issue is to reward relay providers without losing anonymity
chris_
i was at 26c3, wanted to remember that guys name that had to stand up during dingledines talk ..
whats was his name?
jr__: thats a problem, right
Sebastian
chris_: There are recordings of the talk. If a name wasn't mentioned, maybe he doesn't want to be named.
jr__
:D
chris_
hmm, stupid me .. i was sitting right next to him ..
have to check the talk again ..
Sebastian
hint: There is a list of Tor people at https://www.torproject.org/people.html.en#Core
chris_
told me he was dragged to court about a kipo thing going over his exit-node ..
have to follow up on this ..
dont think, he is an official member .. but thanks ..
jr__
yup, I'd be hesitant to host an exit node in the US
at least as an individual
chris_
well he is based in germany, as am i .. but anyway .. same same ..
arma
jr__: really? based on my experience talking to exit relay operators, US is one of the best jurisdiction choices. the real challenge is finding an ISP that will keep you. legal concerns are much less an issue.
chris_
missed Jacob Appelbaum at 26c3 ..
arma
chris_: you may be thinking of morpheum
jr__
arma: really? I haven't been impressed with US jurisprudence, but it is a luck of the draw thing I guess.
chris_
arma .. right ...
:-))
now i remember
arma
chris_: and, it was during the wikileaks talk that he stood up
chris_
right .. silly me again ..
you were there too?
arma
jr__: i'm not saying it's great. just better than the alternatives. ;)
jr__: we've actually been making really good progress in the US at educating law enforcement about what tor is and why they should follow other leads when they run into tor.
chris_: yes
chris_
i heard, if you enter tor in one country you will get an exit node in another jurisdiction .. is that right?
jr__
arma: excellent, defending one's self in a suit can be truly crippling
Sebastian
chris_: Not generally, no
chris_
ah, ok ..
jr__
suit == civil || criminal
arma
chris_: some people have suggested that design. the trouble is that most of the places where your packets can be seen are in between you and the entry node, and in between the exit node and your destination. so it is much more complex to pick relay locations to be jurisdictionally independent.
jr__: http://archives.seul.org/or/talk/Oct-2005/msg00208.html
phobos
i thought someone was researching unique AS paths through tor
chris_
ah, ok .. well, maybe we'll get some new exit nodes in iceland during the next years to come ..
phobos
that someone would be nrl
arma
phobos: yep. nick feamster and i, plus paul and matt more recently. researching meaning writing papers about.
jr__
arma: have there been any incidences of kiddy porn accesses with TOR? That is a bigger concern than DMCA violations
arma
phobos: the recent conclusion is that with a huge amount of computation, bandwidth transfer, and other overhead, you can guess which path would be better and you'll be 60% right.
jr__: https://www.torproject.org/eff/tor-legal-faq.html.en#Represent
phobos
sounds plausibly better than today
chris_
jr__: if tor is doing what it promises to do it should be full of k.p.
noncombatant
Kitchen Patrol?
chris_
something like that ..
arma
jr__: incidences, probably. actual legal cases, few or none.
phobos
much like the general internet, yes, people have found child porn on tor
jr__
chris_: sure, I don't care about what the socially retarded do, I'm concerned with prosecutions
phobos
they also find child porn in email, tracker sites, digital cameras, and nearly every internet technology out there
instant messaging networks and web forums are found
wih cp
jrabbit
Child porn is less prevolent then the fake arabic radical forums to my knowlege. But I don't actively seek ethier.
jr__
phobos: yes, but none of those can be linked to me
phobos
right, even if your Ip did something, explaining tor is generally all you have to do
jr__
k
phobos
lately, leo have been confiscating a computer at an IP address, finding nothing, and giving it back
chris_
thats why i want to know how morpheum's case is going to go out ..
phobos
i think it was solved, and he was deemed innocent
chris_
dont think so ..
jr__
as a practical matter, a crime is what a prosecutor can convince a jury of
phobos
last i talked to him, he said he won his tor case
chris_
as i said, i talkt to him at 26c3 and he told me he had to go to court this spring ..
jr__
law is only weakly coupled
Sebastian
there's an or-talk post about winning
chris_
hmm, ok ..
well, dont know ..
Sebastian
maybe not by him
Maybe the other side challenged the ruling
many maybes.
phobos
he also runs wikileaksk mirrors
and owns wikileaks.de, i believe
chris_
right ..
he does ..
phobos
plenty of reasons for the authorities to keep trying
jr__
arma
phobos: morpheum has two tor cases. one that he won, and another that he expects to win soon.
jr__
you don't get a chart like that through scrupulous adherence to due process
phobos
i've talked to other exit node ops in other countries that have had their tor exit node confiscated because the IP shows up in some child porn forum
and after losing their computer for a week, they got it back
and charges dropped
arma
phobos: in england, apparently, they basically never give it back. i think that's contributed to the lack of exit relays in england.
jr__
lol
arma
phobos: (they're too busy to actually look at the evidence they collect, so they just collect it and ignore it. yay due process.)
phobos
well, yes
it helps if there is an eff/aclu/ccc analog in your country
jr__
UK also lacks any notion of protection against self-incrimination
not really shining beacon of light
arma
england sure has been earning its "black" human rights rating lately.
phobos
and trying to export it to the rest of europe
jr__
:(
hopefully their finances will just implode and the EU can go on about its business
arma
jr__: they're in the middle of finalizing an "iceland owes us the next 4 years of their gdp" agreement with iceland.
jr__
arma: yeah, extortion at its finest
Iceland didn't agree - but risks being isolated by the IMF
phobos
i've been invited to iceland, belgium, and poland to talk about the nonsense of censorship
jr__
but I think that is better than being a debt slave
arma: http://www.bloomberg.com/apps/news?pid=20601087&sid=aujWzg8.dcs4&pos=6
chris_
i've quite mixed feelings in this iceland-thingy .. they still owe me around 500 bucks ..
jr__
lol, their banks do
chris_
well, yes .. anyway ..
jr__
chris_: I think Germans should know something about reparations ...
chris_
point taken ..
phobos
this is getting into #nottor territory
jr__
sorry
you're right
chris_
anyway .. i went on and off the tor-train in the last couple of years.. i guess i will bounce off again if it's no use to me ..
at least running it off my vdsl line ..
jr__
try again in a year
maybe 6 months
chris_
will be back .. i promise ..
bye bye guys ..
phobos
odd, i use tor all the time because i worry that at some point in the future my ISP will lose all my data or forget to anonymize it before they sell it
or figure they don't make enough money and just start selling browsing patterns for a premium
and all these sites building profiles of my ip
jr__
Sebastian: I think it is important to differentiate between the latency protocol issue and the number of TOR relays bandwidth issue
Sebastian
jr__ of course. But it is of little interest to most people coming here.
jr__
Sebastian: more people would provide TOR relays if they found it personally useful, latency can largely be addressed with a software update
thus, I disagree
so by confounding the two you potentially discourage future relay providers
phobos
we're happy to accept patches
Sebastian
afaik, there are some unknown anonymity issues with dtls transport, that need solving too
arma
jr__: have you looked at my performance.pdf doc?
jr__
Sebastian: with direct relaying, yes - potentially, although I remain unconvinced, if you continue to buffer at every node, no
arma: no, I've only read his reardon's thesis
arma: URL?
arma
jr__: https://blog.torproject.org/blog/why-tor-is-slow
it includes a video from HAR if you prefer videos. the video has slightly newer material than the pdf.
jr__
oh, yeah I saw that in the summer but had forgotten about it - will re-read
arma
it makes the distinction between "not enough relays", "bad cc", etc more clearly i hope
jr__
yes
I think its a more important distinction for "naive" users than Sebastian makes it out to be
arma: what is the state of DTLS now?
the openssl implementation that is
arma
i don't know. i think ian and chris had some patches for it. chris has vanished, leaving ian wondering what to do next. ian has some new grad students who are planning to pick it up.
jr__
ok
phobos
"commit early, commit often"
jr__
:)
provided it is to a branch
otherwise we call them "drive-by" commits
from my standpoint, a privacy preserving user level TCP stack is straightforward - auditing crypto code is anything but
arma
(Action) mails ian to find out about the dtls patches
phobos
i think i'd make it a condition of getting a degree that you must commit your code
« prev 1 2 3 4 next »