logs archiveIRC Archive / Oftc / #tor / 2010 / February / 18 / 1
MoiraA
hello any competent user
is there a way to rid the server of this particular tor user? death@5039a6c0.tor.gateway.quakenet.org)
phobos
kick? ban? kickban?
MoiraA
or if it allows tor is it impossible to customise any ban
PMs
or not my channels
I ranted at MadHacker in qnet, saying he must see the IP could he not z/q/k/g/d/t-line it or something then realised no, not with tor
he uses around 3 different nicks
panuh
hi
phobos
well, you can still kick death@5039a6c0*
MoiraA
but you cannot server ban a nick
from a PM?
phobos
or just /ignore
MoiraA
I can't ignore all PMs there right now - but ignoring that host would do it?
that is great
even if it is just a few days peace
few hours even
thank you very much
panuh
I could need some help here. I'm setting up a bridge but my /var/lib/tor/fingerprint shows only the fingerprint itself and my local hostname instead of IP:port. I'm wondering if it can work like this.
         

phobos
it's only supposed to be a fingerprint
panuh
ok so the documentations I've read are out of date? i thought connecting via fingerprint only is not supported yet
i mean this http://gitweb.torproject.org/tor.git?a=blob_plain;hb=HEAD;f=doc/spec/bridges-spec.txt
phobos
clients only need the ip:port
panuh
ok so my ip:port will be published to the bridge authority I assume. I thought it's supposed to show up in the fingerprint file
phobos
the ip:port and fingerprint are sent to the bridge authority
panuh
ok good. thanks :)
now that I'm here for once... in general I'm running a normal relay on my laptop when it's stationary and I know it will be up for a while. I often leave it on over night also. I was wondering what is a reasonable time of being connected for starting the relay. Don't want to disturb the network rather than helping...
phobos
client will begin to use it within 2-4 hours
clients even
panuh
so it should be up for at least, say, 6 hours?
ok then... thanks anyway, buddy
nsa
or: Andrew Lewman <andrew@torproject.org>: 2010-02-17 18:43:33 [tor/master]: add in the apple incantations to get tls renegotiation to work.
or: Andrew Lewman <andrew@torproject.org>: 2010-02-17 18:37:51 [tor/master]: fix the win32 build instructions for openssl.
or: ioerror committed revision 21681 (/website/trunk/images): N900 installation screenshots provided by the fine folks at synthesize.us
or: ioerror committed revision 21682 (/website/trunk/i): Move N900 images into the regular screenshot directory.
or: phobos committed revision 21683 (/website/trunk/include): vidalia bundle with tor 0.2.1.23 now available.
or: phobos committed revision 21684 (/website/trunk/vidalia/en): fixed vidalia 0.2.7 for win32 available as 0.2.7-1
synx
am I the only one who hasn't been able to connect to Freenode over tor for like, weeks?
Legion
Freenode requires a new kind of authentication for tor users.
Isnt compatible with most irc clients
synx
ugh...
Legion: know any more specifics on that? I might be able to hack something.
Legion
SASL.
synx
...
wow, really?
damn...
Legion
Authenticates w/ nickserv during server connection
Plaintext, blowfish, or RSA
yeah
you just need a regged nick
use a proxy and cgi irc client.
Reg your nick, drop in sasl..
synx
I was going through the gpg-tor one, so I wouldn't get blocked when flooders came over tor.
arma
when did this sasl thing start?
synx
few weeks ago. All I know is tor suddenly stopped working.
...but only for Freenode
thought it was me at first
_4get
arma: http://blog.freenode.net/2010/01/connecting-to-freenode-using-tor-sasl/
synx
you know what'd be amazing is if they let you connect to tor with any nickname, instead of making ghosting frikkin' impossible.
         

_4get
synx: you are now talking about their previous ircd
arma
neato. i'm glad freenode is doing something.
for a long time it looked like they were going to do nothing about tor ever again except periodically get hassled by it and think it sucks
synx
well, let's see if I can't get it working in pidgin
arma
(Action) starts the thread on or-talk too
torifythenet
tor rules
synx
yay
arma
bleah! i was just going to hunt down the wikipedia talk on sock puppets (including presumably their current take on tor) from 26c3,
but http://events.ccc.de/congress/2009/wiki/Conference_Recordings#Lectures_that_will_not_be_published says "Speaker requests no recording or streaming"
screw you, mr i-have-no-need-to-be-open :(
synx
:/ bummer, arma
arma
i talked to the guy the night before his talk, but then i slept through his talk so i could be awake to do mine
synx
gotta keep people buying tickets somehow I guess
nsa
or: mikeperry committed revision 21685 (/torctl/trunk/python/TorCtl):
or: Stop recording OS. It can have junk in it that SQLAlchemy
or: hates.
or: Also wait a bit more for stray descriptors to arrive before
or: deciding to update our consensus statistics.
or: mikeperry committed revision 21686 (/torctl/branches/stable/python/TorCtl):
or: Stop recording OS. It can have junk in it that SQLAlchemy
or: hates.
or: Also wait a bit more for stray descriptors to arrive before
or: deciding to update our consensus statistics.
or: pootle committed revision 21687 (/projects/gettor/i18n): updated files from pootle
or: pootle committed revision 21688 (/translation/trunk/projects/torcheck/et): updated files from pootle
or: pootle committed revision 21689 (/translation/trunk/projects/website): updated files from pootle
_4get
G-Lo: I saw you've mentioned SASL support in KVirc on or-talk, I'm using it on freenode/tor-sasl and it works fine.
nsa
or: runa committed revision 21690 (/website/trunk): new and updated translations for the website
Runa
phobos: ^
arma
+<!--PO4ASHARPBEGINinclude <foot.wmi>
+PO4ASHARPEND-->
Runa
arma: which file is that?
(or all of them?)
arma
website/trunk/docs/fr/rpms.wml
at least
possibly all of them
Runa
is it causing any problems at this point?
I know that it's there (in some files, at least), I just haven't had the time to look into it. As far as I know, it's not causing any problems.
arma
hm. trying to build the website to find out. but it doesn't build now.
(fixing wml files to make it build)
StrangeCharm
is duskgytldkxiuqc6.onion down?
arma
oh hey
it probably is.
and probably has been for a month or so
(Action) reinstalls thttpd
Runa
arma: yeah, I know that one of the files are broken. I'm going to take a look in a few minutes
StrangeCharm
so it should be back up in a few hours?
arma
runa: yes, it means docs/rpm.html.fr has no footer.
(so yes, problem)
nsa
or: arma committed revision 21691 (/website/trunk/nl): fix two brokennesses in the nederlands download page
or: arma committed revision 21692 (/website/trunk/torvm/fr): close a string on the french torvm page
StrangeCharm
i'm trying to use a cname record to point demo.hidden.the-onion-router.net to duskgytldkxiuqc6.onion. even now that the demo page is back up, my borwser doesn't seem to be interpreting this the way that i'd like
arma
demo.hidden.the-onion-router.net. 10790 IN CNAME duskgytldkxiuqc6.onion.
StrangeCharm
is this actually doable, or am i attempting the impossible?
arma
yeah, i would be surprised if that worked.
you are attempting the unlikely. you might be able to trick it somehow.
but really, when you type one address into your browser, your browser will try to go to that address. for the .onion address to work, you need the browser to tell tor that you typed in the .onion address.
what you might look into instead is the petnames firefox extension
StrangeCharm
i don't really want it just for my use, i wanted a general solution.
what do you mean when you say that i need the browser to tell tor that i typed an onion? doesn't the browser attempt to 'resolve' the onion through tor after it gets the cname result?
formalist
apparently not.
StrangeCharm
my question is less 'but this should happen' - obviously, it should not, because it does not, and more 'what is wrong with my understanding of this system'
arma
nope. you're using an http proxy. the browser just hands whatever you typed to the http proxy.
the http proxy in turn just hands whatever you typed to the socks5 proxy (aka tor).
so tor dutifully tries to make an anonymous connection to that address. some exit relay is asked to turn it into an A record and connect to it. that exit relay doesn't find an A record so sends back 'resolve failed'.
your tor client decides maybe it just picked a crummy exit relay, so tries two more. then gives up.
Feb 18 03:52:01.317 [notice] Have tried resolving or connecting to address 'demo.hidden.the-onion-router.net' at 3 different places. Giving up.
StrangeCharm
aah, so the problem is that the resolving occurs at the exit, not the browser?
arma
or the feature :)
if you did resolving at the browser end, your local network would get to see what you're resolving
StrangeCharm
why would that be the case? wouldn't the browser attempt to resolve things through the proxy?
arma
why resolve first and connect later? that makes it more round-trips.
StrangeCharm
but it allows this sort of jiggery-pokery!
i guess it would work as far as http pages if i put a page at demo.exits that redirected to disk.onion?
arma
yes, probably
formalist
yes.
StrangeCharm
but that wouldn't allow me to - say - run a hidden ftp or irc server that could be accessed using whatever.hidden
formalist
right.
StrangeCharm
someone would have to break out a browser, go to the page, find the onion address, then use that
arma
really, the reason we haven't worked to support something like what you describe is that you're throwing away the "self-authenticating name" property of hidden services
and that's one of their main features
StrangeCharm
am i really throwing it away, or just hiding it from the user?
or am i missing the function here?
arma
http://en.wikipedia.org/wiki/Zooko's_triangle
you're throwing it away. you're making it so there's some other place that can send the user somewhere else, and the user (or her software) has no way to verify that the destination she's reaching is authenticated and encrypted.
"memorable, secure, global". you're throwing away secure.
formalist
hehe.
arma
hm. that page sucks. try http://zooko.com/distnames.html instead
StrangeCharm
what if i use dnssec?
formalist
the proxy can accept names rather than addresses. it can then get you a connection to "something" based on the name supplied.
arma
even if you use dnssec, you're still putting the security somewhere else.
the feature of foo.onion is that foo is the hash of foo.onion's public key. when you connect to it, you can know that you connected to the right one, simply by examining the name.
if you type anything else in, then whatever process gives you foo.onion could give you bar.onion instead.
StrangeCharm
if i try to resolve domain.tld, and get an authoritative result for foo.onion, and dns lookups are cryptographically secure, I am confident that foo.onion is really where domain.tld wants me to be, no?
where else is the security going?
arma
dns lookups are cryptographically secure based on some hierarchy of trust that is different from the hidden service pki
now you have two pki's you need to trust.
StrangeCharm
but i've already accepted that i'm happy with the dns pki - that's a neccessary condition of wanting to use dns! using dns 'on top of' hs doesn't fundamentally break hs any more than using it on top of tcp/ip, or bgp breaks those.
nsa
or: runa committed revision 21693 (/translation/trunk/projects/website): updated po files
StrangeCharm
by analogy: hidden services are a safe. the keys are specially designed not to fit on keyrings. i say 'but i want my key on my keyring, so that i can find it in my pocket'. you say 'no, no keyring usage for you, because i don't trust your keyring'. i say 'but i do, and i'm willing to take the risk that my trust is misplaced'
or is that not a valid analogue?
Tas
why run a hidden service at all when you want to reach with a normal URL?
+it
arma
not a valid analogy. the analogy is more like,
there's a safe with keys specially designed for it. you say "but i don't like having to hold the key myself. i want to ask my buddy in europe for it whenever i want to open the safe." actually, no,
it's like there's a safe with a key designed for it. and you are asking your buddy in europe to hold the safe *and* the key.
and when you want to visit it, you yell across the ocean "hey, send me a safe and a key that will open it"
and he sends you *a* safe, and sure enough, the key opens it.
whereas the situation right now is that you have the safe, and ask somebody for the key that opens it. then you can learn for yourself that if the key in fact opens it, then it must be the right key for your safe.
StrangeCharm
Tas, so that nobody knows where the server lives, but so that it's still easy to remember how to get there
JSJSJSJSJA
am i using tor
nsa
or: honglei jiang <jhonglei@gmail.com>: 2010-01-28 12:46:37 [polipo/master]: change from MINGW to WIN32
or: honglei jiang <jhonglei@gmail.com>: 2010-01-28 12:48:56 [polipo/master]: change func from mingw_* to win32_*
or: Christopher Davis <chrisd@mangrin.org>: 2010-02-18 09:12:10 [polipo/master]: Update CHANGES.
arma
jsjs: sure looks like it
Tas
they could ask the domain owner
StrangeCharm
Tas, how would the domain owner know?
Tas
don't know, I just say they could ask, and make "an offer one can't refuse"
arma
strangecharm: you can do what you just said you wanted. but hidden services offer another feature beyond that,
StrangeCharm
arma, really the question seems to come down to how trustworthy the person who tels you the .onion address is?
arma
which is that when you visit the hidden service, you can know for sure that you have end-to-end encryption to it, and you can know for sure that you're not being mitm'ed.
StrangeCharm
Tas, and the domain owner would have no way of knowing. they just know the hs address
Tas
yes, then it doesn't work
StrangeCharm
arma, where do i lose either of those properties by using dns(sec)?
Tas
StrangeCharm: that's like the music industry who tries to sue exit node owners. they know the exit node owners know nothing, but they try to sue anyway
arma
dnssec relies on a tree of trusted parties. hidden services don't rely on any trusted parties for the security properties i just named.
JSJSJSJSJA
are there other servers that dont ban tor?
StrangeCharm
Tas, well, i suspect that they don't know that they're contacting exit nodes. i assume that the thought doesn't even enter their minds
arma
jsjs: http://blog.freenode.net/2010/01/connecting-to-freenode-using-tor-sasl/
limcore
hi guys, whats up with the recent seednodes pwnage ;)
Tas
StrangeCharm: yes, because it's all automated
arma
limcore: ?
StrangeCharm
arma, it seems like hs do rely on one trusted party: the party that tells you what the hs address is?
limcore
arma: 2 out of 4 directory nodes where pwnd
or something
arma
limcore: oh. see all the various threads about that. did you have a more specific question?
(2 out of 7, not 2 out of 4)
strangecharm: correct. but still, the number of trusted parties is larger when you add in a lookup service with memorable names. unless you can solve zooko's triangle.
Tas
shallot tries to solve that by making the onion domains as nice as possible
StrangeCharm
arma, it seems like here's the point where our opinions diverge. i think that if i trust the person telling me the hs address, i'm happy to trust anyone else that they tell me to trust. that is, trusting them allows me to trust the trust tree for which they are the root.
nickisnick
almost everyone bans tor
« prev 1 2 3 next »