logs archiveIRC Archive / Oftc / #tor / 2010 / February / 25 / 1
Sebastian
the problem was that their stick sucked, unfortunately, iirc :/
MacLemon: are you using the tbb for windows?
Unfortunately, tbb for os x and linux is still a bit far away
MacLemon
Since there are upcoming elections in the chamber of commerce, we're a little active in politics and economy working against the EC data retention crap.
Sebastian
ijkonj: When fetching a file via Tor, firefox tells the proxy it wants to fetch the file. If the file is hosted on an ftp site, though, the proxy (polipo or privoxy) does not know how to cope and returns an error.
MacLemon
Yes, we're including tbb for windows and mac. I didn't have time to fetch all the Linux Packages as well.
Sebastian
ijkonj: Firefox doesn't handle the error correctly, and creates an empty file
MacLemon
I only got the message that I should update our sticks a few hours ago.
ijkonj
oh i see
Sebastian
ijkonj: that empty file has a different sha1sum, of course.
ijkonj: so yes, there's a bug we should fix.
ijkonj
why cant you get tor to work with more protocols?
         

Sebastian
ijkonj: dunno how we can do that sanely.
ijkonj: that's not a Tor problem
ijkonj
i mean its great
Sebastian
it's a proxy problem
ijkonj: Tor handles ftp just fine
ijkonj
you should create vpn circuits
Sebastian
no, we shouldn't. Please see the faq.
MacLemon: there's no tbb for mac
MacLemon: it would be neat if you contacted tor-assistants with such plans. We can often offer advice
MacLemon
I'm semi working around that by including Vidalia and a portable Firefox&
ijkonj
Sebastian, would using privoxy fix this problem?
Sebastian
ijkonj: no
ijkonj: privoxy doesn't support ftp either
MacLemon
It would help me and a friend a lot to get the sources of the Vidalia build scripts (and vidalia sources) for the Mac.
ijkonj
so I have to use wget? what is its windows equivalkent
Sebastian
MacLemon: Vidalia is in subversion
ijkonj: you might want to try and find an http mirror
MacLemon
The Mac side of Vidalia is quite problematic, as is the tor only bundle (totally omg&)
Sebastian
MacLemon: https://trac.vidalia-project.net/ has all the details
ijkonj
Sebastian, http mirrors aren't always available'
MacLemon
Sebastian: Are the Mac build scripts in there as well? Must have overlooked them
Sebastian
MacLemon: what's the problem with the Tor only bundle? It works well for people who don't want to have a gui
MacLemon: they are
MacLemon: https://trac.vidalia-project.net/browser/vidalia/trunk/pkg/osx/build-bundle.txt
MacLemon
Then I blantantly missed them. Sorry& Not my day today.
Sebastian
no problem
Does your portable firefox include Torbutton?
MacLemon
Sebastian: Yes, I've manually added that.
It still is totally rushed work.
Sebastian
neat. helix: that might be of interest to you
         

MacLemon
I'd really like to fix the Mac parts. Vidalia is not a universal binary, posing unnecesary questions to users for a few hundred kB of download saved.
Sebastian
it used to be a universal binary, but we changed it, because tons of people complained
I suggest you try to coordinate with phobos on this.
MacLemon
The tor only bundle package is terribly not Mac like, using a totally outdated StartupItem etc.
Sebastian
He does the os x bundles
It would be great if you wrote up all your criticisms, and made them available somewhere.
Then phobos can explain, and a better bundle can hopefully emerge.
MacLemon
I need the sources to look how they are build at the moment. Then I can start to give useful input on how one might be able to improve them.
Sebastian
well, they are there.
MacLemon
I'm currently fighting to many sides simultanously. :-) I'm working on an embedded node project as well which I need to get the documentation out first before tackling the next thing.
http://metalab.at/wiki/Embedded_Tor_Node If you want to have a look.
Sebastian
Sure. It just seems strange you started working on a tbb for osx before contacting us
yeah, I've read about that. I met kyrah at har
MacLemon
It's not a tbb per se. More of a "something like" that I could stuff together in a few hours.
Sebastian
your embedded Tor seems awesome
MacLemon
kyrah did a lot of mental support during my work on that project. Especially during times of hair-pulling and fighting the nanoBSD build process.
Sebastian
;)
I've always wanted to visit the metalab one day.
MacLemon
Glad I had a quad-core machine at my disposal for compiling during the hackathon.
Be sure to tell me when you find a chance to do so!
Sebastian
How about next week, if I can find a place to crash?
in any case, let's move that to #nottor :)
MacLemon
:-)
daaab
hey
formalist
hey
daaab
im wondering if anyone knows the address for the tor hidden forum
i used to know it...
anyone?
anat
was oftc blocking tor yesterday?
dr|z3d
Quite probably the answer is "yes!"
FullFlannelJacket
no
Juliana
While attempting to follow the instructions on
anat
when i tried to connect i kept getting a message about being banned... something about a tor exit node
Juliana
http://www.torproject.org/docs/debian.html.en
I use Ubuntu Karmic
So I added "deb http://deb.torproject.org/torproject.org Karmic main
And I get the error on loading: "Failed to fetch http://deb.torproject.org/torproject.org/dists/Karmic/main/binary-i386/Packages.gz 404 Not Found [IP: 88.198.151.34 80]"
helix
Juliana: try karmic, all lowercase
Juliana
Thank you, works :)
FullFlannelJacket
anat: you have to connect to the HS
anat
FullFlannelJacket: i never had to before, and it works fine now
FullFlannelJacket
anat: I always connect via HS..I had problems trying to connect to the regular servers via Tor.
Freenode is the same way -- you have to connect via hs.
xmux
Some misconceptions seem to need to be corrected here: http://www.reddit.com/r/netsec/comments/b5uk4/a_broken_onion_is_a_sad_onion/
arma
xmux: i find the reddit format to be horrifying. i have no way to usefully contribute.
FullFlannelJacket
xmux: That's well and good but most of us don't want to be harrassed because some dude used our exit node for illegal activities
arma
somebody who "does" reddit should read the tor website, and maybe reference a url or something, rather than just wanking
for example, they might like https://www.torproject.org/faq#ExitPolicies
xmux
FullFlannelJacket: That's the main misconception that people seem to have. The idea that you can only usefully contribute to the Tor network by running an exit node
arma
xmux: probably lots of people also think that you are automatically an exit relay if you run tor as a client
it's a misconception based in their belief that tor is a p2p filesharing network -- another bad misconception.
FullFlannelJacket
arma: I know about exit policies but exit nodes are badly needed by Tor
arma
yep.
but people saying "man i'm not in a position to run an exit relay therefore nobody is tor sure is dying" may not help
but anyway, i am up past my bedtime. carry on. :)
Legion
Do you guys know any good hidden jabbers?
(.onion XMPP / Jabber servers)
grumpy3
hello, world
psk
/who
ultramage
07:05 < FullFlannelJacket> arma: I know about exit policies but exit nodes are badly needed by Tor
there's also a complementary solution - have every site run a hidden service :)
that way you wouldn't need exit nodes
if the service could define 0 entry guards (since it doesn't really need to be anonymous), then you'd get identical performance
Sebastian
that's not true
performance would be worse
ultramage
how much worse?
Sebastian
just as bad as with normal hidden services.
ultramage
I thought the biggest problem is that there's so many hops in the chain?
if your 3-node circuit could connect directly to the hosted service, that would be around the same as connecting through a 3-node circuit with an exit node at the end
Sebastian
right
but specifying "0 entry guards" doesn't do the trick
ultramage
yea, that was just my first guess at phrasing it
Sebastian
well, nothing currently does the trick.
ultramage
the service would have to be its own entry guard and rendezvous point (or such)
yup, it's just some random idea that popped into my mind
Sebastian
It's been thought of before, calling it secure service or something of the like.
ultramage
you guys need more flexible circuit control ;o
Sebastian
meaning that even though the location is not hidden, the Tor protocol ensures you're going to the right location
ultramage
right, something like that
Sebastian
Circuit control is as flexible as you want, if you use a Tor controller.
ultramage
;o
fokker
hi people
Sebastian
hey
ultramage
Sebastian: just consider it a suggestion from me... if you ever sit down and feel like designing the thing :)
Sebastian
ultramage: yeah... so much to code, so little time
ultramage
being able to put up a website onto the tor network, reachable from anywhere, perfectly secured traffic, maximum performance possible... would sound tempting
fokker
i used to use this mail service that I forgot the name of but they allowed you to send encrypted email that self distructed in a length of time you set and you couldnt copy and paste and was displayed in a little window so you had to scroll through it-- this prevented people from pressing PrntScr and getting a copy of it that way. does anyone know the name of this service?
it used to come with JonDoFox
i mean the link did
ultramage
Sebastian: a rather ugly alternative way would be for said site to run an exit node with exit policies restricted to just the destination webserver
Sebastian
ultramage: sure. Not 100% foolproof
ultramage
that way you'd say http://something.slashdot.exit/
fokker
Sebastian, maybe?
ultramage
http://slashdot.org.slashdot.org.exit? :D
Sebastian
ultramage: you should look up exit enclaving
it's implemented already
fokker
I really want to find out because I have emails to send that I don't want forwarded or copied
Sebastian
fokker: I've never heard of such a service, and I would think its security is bad at best. I'm afraid that's pretty ot here.
fokker
ok
joim #nottor
this channel keeps growing and growing
im in nottor if anyone would like to help
ill be back soon
ultramage
Sebastian: reading it on the FAQ page, it's hard to understand the text ><
Sebastian
improve it
ultramage
I'd have to understand what it says first :)
from the first 4 sentences I have no idea what it does
Sebastian
tbh, I have no idea what "it" is.
enclaving?
ultramage
an usage example would be nice there
> Running an Exit Enclave provides your users the assurance that they will exit through your server, rather than exiting from a randomly selected exit node
so, all exit nodes adverties their enclave destinations, the client's tor client scans the entire list of exit nodes, and if its requested target url is on the list it will pick the exit node that lists those urls?
or it's not by url but by ip address
Sebastian
it is by ip address
and the exit node doesn't advertise this
ultramage
wait, the text says about tor relays, not about tor exit nodes...
Sebastian
it just allows exiting to its own ip
an exit is a relay, is it not
ultramage
so to get this to work you need to mark yourself as an exit node
the only way clients can learn that you support enclaving
Sebastian
well, you only need to allow access to your own IP(s)
ultramage
yup
Sebastian
see the faq for an example :)
anat
hmmm... does it protect against other nodes returning the wrong ip for dns queries?
ultramage
but it still puts you on the list of exit nodes, even though it's not a really good usage of the exit node system
Sebastian
anat: It doesn't.
ultramage
if 1000 sites did this, you could say "the tor network now has +1000 exit nodes!" although they wouldn't add any real value to the network
Sebastian
it's hard to estimate the "value" of a node, in any case.
ultramage
well, the size of the exit node list is a highly valued metric, no?
Sebastian
Also, your node wouldn't get the exit flag
ultramage
ah.
ah?
alright, so you'd be on the public list of exit nodes but you'd not really be considered as an exit node
Sebastian
To get the exit flag, you need to exit to two of the three ports 80, 443, 6667 to at least one /8 network.
ultramage
I see
Sebastian
For example, my node fluxe3 is a useful exit, but doesn't have the exit flag.
ultramage
so it's putting 2 separate concepts onto a single list, and using a query (what you just said) to pick a subset of that list
seems to me like it's using a feature to do things it was not designed for :)
I wonder, that 80,443,6667 /8 constraint, did you add that before people started doing this, or afterwards?
Sebastian
people started doing this?
started doing what
ultramage
ah, sorry, had to urgently tend to something else <<
I meant, what was first: exits considered exits only if they really work as exits, or people using exit enclaving?
hm, not a very useful question
Sebastian
exit enclaves really work as exits
so the question is kind of weird :)
ultramage
that is, was the exit nodes list designed to hold nodes that do not really serve as exits, and to be filtered as you describe?
*from the start, or was it done as an afterthought after you found 50% of your exit node list not really exiting?
Sebastian
I have no idea which was implemented first. But you seem to pull your 50% figure out of your ass, and reality doesn't reflect that one
ultramage
(and from there - how many % of the list are 'exit' exit nodes? does vidalia show everything, or just the 'exit' exit nodes?)
Sebastian
Vidalia shows all nodes
not just exits
ultramage
alright
oh? O.o
ah, I meant in the named list on the left side
Sebastian
I think it shows all nodes there, too
but I don't use vidalia normally
ultramage
hm, didn't know that
« prev 1 2 next »