logs archiveIRC Archive / Oftc / #tor / 2010 / February / 27 / 1
mikeperry
do you have anything odd about your startup, like runing as non-admin user, running with antivirus software, or running it on a readonly usb drive?
err setup
computerfreaker
running as an admin, off my hard disk. I do have Microsoft Forefront Client Security installed, but it's not flagging anything.
The other thing that occurred to me was that my ContentWatch installation might be giving me trouble, but I can't disable/uninstall that to check
mikeperry
where does it crash?
computerfreaker
when I open the "Start Tor Browser" application, the "Vidalia Control Panel" window opens; about 30 seconds later (sooner if I click the window), it goes Not Responding and I have to use Task Manager to kill it
mikeperry
does the progress bar update at all?
computerfreaker
not really; it gets a trifling bit of progress (probably about 2%), then freezes
the Status text says "Starting Tor"
mikeperry
I have seen installs where software blocks all TCP connections except from an authorized list of applications
might that be the case with this ContentWatch thingy?
computerfreaker
shouldn't be; it lets OperaTor through just fine
and it lets other Internet-facing apps through without needing to do anything special, either
mikeperry
hrmm
did you try the regular vidalia bundle?
         

computerfreaker
do you mean the browser bundle (without IM)?
mikeperry
no, the first package on https://www.torproject.org/download.html.en
the vidalia-bundle
computerfreaker
no, I didn't try that one yet. Should I try that?
mikeperry
yeah, give it a shot. it will install to your hard disk though
but that seems fine for you
since you've put torbrowser bundle on there already
computerfreaker
shoot, I had hoped for a portable build (I move from computer to computer pretty regularly)
mikeperry
ah
well if its not a problem to install it just for testing, this may help us determine if it is a torbrowser bug, or a general tor bug
computerfreaker
sure, I'm willing to test that
mind giving me a few minutes to download the non-portable version?
mikeperry
ok
computerfreaker
should I get the stable version or the unstable one?
mikeperry
stable
computerfreaker
ok, will do
just wondering, is the TorBrowser bundle completely portable (like PortableApps.com applications), or does it leave some stuff behind?
mikeperry
we've done our best to ensure it never writes anything to the hard disk
its firefox is based on the portableapps.com one, iirc
computerfreaker
wow, great!
mikeperry: the Vidalia Control Panel is still crashing, and crashing hard
let me see if I can get more details on the crash
mikeperry: I've got a Process Monitor log if you'd find that useful
the problem seems to be ContentWatch; Vidalia is doing a lot of reading in the ContentWatch folders
mikeperry
that's weird..
computerfreaker
ah, I just found three items of interest
mikeperry
it shouldn't do that.. maybe ContentWatch is inserting a DLL into vidalia
and the rest of your apps
computerfreaker
TCP Reconnect (localhost:3086 -> localhost:9051)
TCP Disconnect (localhost:3086 -> localhost:9051)
those are the final three entries before Vidalia locks up entirely
and I bet you're right about the DLL injection; Sandboxie and ContentWatch don't play nicely, either, and that could be why
mikeperry
yeah, thats the vidalia -> tor control port connection
perhaps contentwatch is trying to block that for some reason
computerfreaker
and it looks like ContentWatch is denying the connection for some reason
sure enough, you were dead-on about that DLL injection
I just used Process Explorer to see what was going on - each and every process that's requested Internet access is crammed with ContentWatch DLL's
mikeperry
yeah, that sucks
         

computerfreaker
yeah
and I don't suppose there's a way to work around that, is there?
mikeperry
I've had friends with work computers that do similar things to block off all other apps than firefox and their email software from making internet connections
hard for us to operate in that sort of environment..
I think there are tor bootable cd projects out there
computerfreaker
any idea why OperaTor can survive where Vidalia can't?
mikeperry
that is the only general solution
perhaps it doesn't use the control port
there may be other hacks you can do, like telling windows to launch vidalia as a different user, but you may still need to disable the S_DEBUG credential (or whatever it is, I forget) for content watch still
maybe get it to launch content watch as a different user is better. but it sounds like you're not able to change content watch's behavior for some reason?
oh actually you may be able to use TorVM
computerfreaker
the problem is ContentWatch is being run as SYSTEM, while the other apps are only being run as admin - it's a privileges game I can't win
TorVM?
mikeperry
I bet content watch can't touch qemu very well
torvm runs tor and vidalia in a vm and transparently proxies all your internet traffic
yet another approach might be to run a vm with tor and a browser inside it
https://www.torproject.org/torvm/
computerfreaker
I'll be danged - OperaTor just went under. Looks like ContentWatch got upgraded.
and no, I'm not able to change ContentWatch in any way; I'd love to uninstall the darn thing and get it out of my way entirely, but can't even kill its process
thanks, I'll go check out TorVM
mikeperry
I take it this is a school, library, cafe, or work computer?
computerfreaker
yes, you're correct
mikeperry
torvm requires an install though :/
computerfreaker
shoot. Well, I'll try finding a bootable Tor disk. Any ideas on getting a good one? (I'm a bit worried about somebody sticking a backdoor in some unauthorized build)
mikeperry
incognito is our officially recognized one
http://www.browseanonymouslyanywhere.com/
anonym
I will annouce that the gentoo-based Incognito is dead in a few days
computerfreaker
mikeperry: thank you, I'll go look at that
anonym
the way to go is amnesia (https://amnesia.boum.org/)
computerfreaker
anonym: thanks, I'll take a look at that too
anonym
computerfreaker: only look at amnesia
I'm the incognito maintainer
I've been putting all my effort into amnesia for the last six months or so, and it has other devs too
FYI amnesia might be renamed into "incognito", but it's currently being discussed among the amnesia devs
mikeperry
forcing https via a ca cert signed certificate might not be the best way to make people feel comfortable :)
sebastian
dun: apache might not know the real IP, but maybe it can be tricked into making a direct connection to some website. Or can be tricked to give away your username, or something else
hisuiIBMPower4
hello anyone here?is the get bridge services failed?
computerfreaker
mikeperry: yeah, I was just wondering about the cert. "Untrusted connection" warnings from Firefox, regardless of whether I specify https:// or http://
anonym
mikeperry: I know, but the old incognito site is http
so it's not like you loose anything
of course, firefox is telling the user that you probably will loose all your money on your bank account or something like that...
computerfreaker
anonym: it doesn't go quite that far, but it does strongly suggest leaving the site unless you fully trust it and know it has a good reason to have a problematic cert
FullFlannelJacket
Can anyone tell me what polipo/privoxy's job is when it comes to Tor? People say you can bypass them and hook the browser directly to Tor. Why, then, does the Tor documentation say to use Polipo?
anonym
computerfreaker: I was joking. but that warning is still a bit over-reactive considering that most pages people use are http which doesn't offer any authentication/confidentiality at all
sebastian
FullFlannelJacket: Firefox's SOCKS proxy support is a cruel joke
FullFlannelJacket: we have to use an http proxy to work around its issues
mikeperry
FullFlannelJacket: https://blog.torproject.org/blog/investigating-http-proxy-performance-tor
FullFlannelJacket
So what is Polipos job?
Specifically?
computerfreaker
anonym: I've got to agree with you there
sebastian
FullFlannelJacket: be an http proxy
FullFlannelJacket: nothing else
FullFlannelJacket
sebastian: because Firefox sucks? Basically?
sebastian
yes
FullFlannelJacket
So what is wrong with hooking Firefox directly to Tor and bypassing Polipo? What ill effects will occur?
sebastian
Firefox has a hard-coded timeout for all socks connections that you cannot change
its network access blocks while a socks request is happening
FullFlannelJacket
So Polipo is basically there to improve performance
sebastian
yes, and to make it work at all on computers with slow network access.
mikeperry
hrmm
I think there actually are hacks we can do to try to block dll injection
probably a risky move for stability with antivirus software though
it might not like them very much
FullFlannelJacket
is it true that SSL wont work over polipo?
sebastian
FullFlannelJacket: why shouldn't it work
FullFlannelJacket
or that the broswer is susceptible to MITM whilst using it?
sebastian
no?
computerfreaker
mikeperry: I'm going with the TorVM for now, I just realized I'm out of CD's. Thanks for all the help!
chrisd
polipo handles ssl fine. it just relays the encrypted data between the https server and the client's browser. there's no greater mitm threat
Meliboeus
Does anybody also have a problem running tor on os x 10.5?
Vidalia crashes immediately...
after starting
mikeperry
what version of tor?
sebastian
Meliboeus: you probably have qt installed
Meliboeus: open Terminal.app, type "echo "[Paths] Plugins =" > /Applications/Vidalia.app/Contents/Resources/qt.conf" and press enter. That should fix it.
nsa
or: sebastian committed revision 21760 (/projects/todo): add new commit to branch backports, add note about merging to master
Legion
http://xqz3u5drneuzhaeo.onion/users/zvc/imgboard/b/
Ill just leave that right there.
formalist
just who do you think you are?
Legion
You
from the future
_jr__
:-/
v1ttu
how do i set up a relay just for people in censored countries?
anyone home?
outofwords
I don't like bwweight-smartlistfix, anybody like it?
smartlist_choose_by_bandwidth() no need checks, only if harden checks of total_bw. and warns it's annoying, just one wich supports only one exit-relay with zero bw and you have bunches of warns.
and !sl and empty sl not the same
if caller passed !sl then it's bug.
mikeperry
we try not to pass in empty smartlists in there to begin with
I'd like to know if we actually do so
also, just because smartlist_choose_by_bandwidth() manages to be safe from the 0 list condition because of how the loops work today doesn't mean code won't be added later that assumes a smartlist with elements
sebastian
mikeperry: what about assert(sl), if(empty(sl))?
passing NULL seems like a big bug.
mikeperry
all this seems bikeshed to me
sebastian
Meliboeus: it'd be interesting to hear whether that fixed your problem.
hm.
I just woke up, I have a constitutional right to bikeshed.
mikeperry
I am just about to go to sleep. I have a self-affirmed right to call it out ;)
sebastian
very well
dun
sebastian, can you please resend what you said about apache? I read it this morning but its gone after a restart, forgot to save it. I want to show it to someone :)
sebastian
dun: Feb 26 23:50:26 <sebastian>dun: apache might not know the real IP, but maybe it can be tricked into making a direct connection to some website. Or can be tricked to give away your username, or something else
dun
thanks
sebastian
(yay, I'm famous)
dun
you sure are :)
sebastian
pff ;)
dun: especially the first worry is quite severe, because it is often easy to get the server to do a lookup somewhere else, or fetch a file from somewhere, etc.
dun
I see
anat
the obvious solution to that problem is to run apache in a vm that has no network access except through tor
SwissTorExit
morning to everyone :D
dun
grüezi
sebastian
anat: indeed. That makes many worries go away.
dun
anat: yes, iirc someone posted that solution on the mailinglist. I just want to convince someone NOT to run apache without securing it that way
subbie3
are there any .onion sites around that arn't gay?
anat
subbie3: none of the ones i've seen seem particularly homosexual...
dun
http://kpvz7ki2v5agwt35.onion/wiki/index.php/Main_Page#Hidden_Websites
subbie3
i have noticed that the tor directory has been down for a while as well which sucks
sebastian
"the Tor directory"
?
subbie3
yea
dun
I guess sebastian wants to know what you mean by "tor directory"..
as do I :)
subbie3
the "Tor directory" on the hidden wiki
sebastian
ah, so some hidden service is down that calls itself tor directory?
subbie3
under "introduction points"
sebastian
ok.
dun
hm. http://dppmfxaacucguzpc.onion/ works for me
subbie3
do you use polio
dun
yes
subbie3
sorry, polipo..
its working..
ygrek
anybody knows why do freenode irc servers require sasl for tor hidden service connections?
what is the point?
anat
ygrek: they're trying to make it difficult because they don't want people to use tor
ygrek
anat, sounds questionable - they do bother to provide hidden service
sebastian
ygrek: I think they like trying out new ideas to prevent abuse from Tor. I don't think that they don't want people to use Tor.
ygrek
they do not require sasl for ssl, why require it for end-to-end encrypted hidden service connections?
sebastian
ygrek: Nobody here can look into their heads.
outofwords
I'm try to last time to explain about easy crash or easy bunches of warns for now. If any exit policy of any realy with 0 bw contains some unique address, then choose_good_exit_server_general() returns null.
It's ok for most cases, only one bug that choose_good_exit_server_general() do not checks for hibernate.
ygrek
sebastian, that won't prevent any abuse
sebastian
outofwords: thanks
i think that was really helpful
outofwords: so the idea is that only one relay is suitable to exit to a given destination, and if that relay has bw 0, we warn/assert?
outofwords
yes, no it's many warns.
*now
no assert
« prev 1 2 3 4 next »