logs archiveIRC Archive / Oftc / #tor / 2010 / February / 3 / 1
arma
fabi: yep. correct.
shahn
cdc_: filing the bug and adding more data later is fine
fabi
but i actually don't think this is a guard specific problem. It will probably appear for all hops
arma
which 'it'?
fabi
if you choose a non-performant guard, your circuit performance will be bad. The same holds, if you choose a non-performant middle or exit
i mean, if you decide on not voting bw-authority on guard nodes anymore, this will obviously decrease performance (though I'm surprised the consequences are that bad). But if instead you would use the old scheme on the middle or exit node the result will probably be the same since the achivable performance unfortunately is obviously determinded by the slowest hop
arma
"China Internet Network Information Center accepted as a Mozilla root CA"
http://lwn.net/Articles/372264/
murb
perfect for real time MITM attacks.
fabi
lol
murb
has this already been deployed in current firefox versions?
         

phobos
they accept turkish intelligence, why not china?
murb
phobos: a secular western democracy compared to a one party dictatorship?
bja
You can delete CA as you wish on Mozilla, or are they hardcoded on the program?
phobos
you can remove them
murb
you can remove them.
pde
arma: in the past week we've had conversations with Mozilla and Chrome developers, and I think they're at least willing to talk about adjustments to the CA trust model to give users some protection against corrupt CAs
phobos
i remove them all and only accept domains i trust
but i may be paranoid
misc
but that's a pain to remove if you need to do it on a lot of computer
pde
the worst case for the "just remove the CA" solution is MSIE
which silently adds CAs to its trust list at page load time
murb
it would be nice if you could say yeah i trust the chinese whatever ca for gov.cn or something.
loads of other governments have CAs in mozilla.
atleast according to the ca-certificates package in debian.
but that isn't really how they work... yet.
phobos
cnnic only seems corrupt to non-cn people i suspect
arma
as a bonus, according to the bugzilla entry, it only signs non-cn certs.
pde
!
arma
"CNNIC CA only offers SSL
Certificates for servers abroad now."
fabi: once 0.2.1.23 has been out for a few weeks, we can reenable the measured= voting on guards.
in fact, we could reenable it for now, and disable it again when 0.2.1.23 comes out, for a week.
fabi
if you would reenable it for now, and the voting of measured= for guards is accessable for me 48 hours would be enough to see if that is really the reason for performance decrease
calwig
I wish Tor had a button (or Vidalia for that matter) where you could click at the moment that you feel there is a really good circuit engaged.
arma
fabi: good idea. let's do it. then we'll learn.
karsten: in aggregate.py in your bwauth, can you set IGNORE_GUARDS to 0 for now?
calwig
Clicking it would allow the 3 nodes to be added to a list of prefferable nodes to choose (and shuffle betw. entry,mid,exit node)
arma
karsten: no need to restart anything i believe.
karsten
arma: ok. doing that..
         

arma
fabi: it might be a while til it kicks in, since mikeperry needs to fix his aggregator too.
calwig
so if you happen to be on a good 3 node circuit you add the 3 to a further list of 10,20,30 or however many and this list can then (theoretically speaking) shuffle 2 fast ones, with a new third new node not known to this list.
But I think if that is done, then everyone will be using up the fastest nodes. However it would depend on location, bw, and perhaps other factors. But I just had that idea....
karsten
arma: done.
fabi
hey, that's really cool! :)
arma
calwig: in theory, the circuit performance stuff mikeperry added in 0.2.2.x does something like that. except it chooses the best 80% of the circuits, rather than the best 10%.
calwig
So although you keep adding nodes to the list that you may think are fast, no one single circuit will be repeated continuously, if you can apply a rule that will always force 2 nodes to request a 3rd node from the not-chosen list
fabi
Then I can also check, whether my proposed improvements, that I could only check on my testing network also work in real tor as well
calwig
I see
BarkerJr
so if everyone in one geographic area used the same set of nodes that are in the same geographic area...
you lose the globality
calwig
sure... If they used the same set of nodes that are in the same geographic area
BarkerJr
those might be the ones fastest for them
calwig
but I thought of always adding a 3rd node not from the same geo area
BarkerJr
then your security is no better than a two-node circuit
calwig
But it doesnt mean the first 2 nodes are from your local geo area, it just means they are 2 of the best nodes that were the fastest, be it abroad or across the street
arma
pde: anything we can do to help with the mozilla / chrome discussions? seems to me that one day torbutton might disable certain CAs.
calwig
arma: cool then its good to know something like that is already implemented
BarkerJr
why wouldn't the nearest nodes be the fastest?
pde
arma: interesting question
we could loop you, or someone else on the Tor staff, into our conversations, if you like
calwig
BarkerJr: of course they can/could/should be...
arma
pde: only if you think it would be a good idea. we have plenty going on already, too :)
pde
okay, perhaps for now I'll just mention that you guys will have to do this in some horrible torbutton hack if Mozilla can't implement something nice for everyone
arma
Subject: [SECURITY] [DSA-1988-1] New qt4-x11 packages fix several vulnerabilities
whee
calwig
(Action) is still reading the Performance Improvements on Tor Paper
arma
have you looked at the 'why tor is slow' paper?
calwig
Mar,11,09?
arma
yep
calwig
reading that still... it is interesting :) is there a video other than the HRA or whatever it is called that summarizes it?
BarkerJr
arma puts all this ime into writing it and you complain that there's no summary? :P
calwig
Hey someone has to do the demanding job
arma
what's an HRA?
calwig
:P
arma
oh, HAR.
calwig
yes siree
arma
so, right, i write you a detailed pdf, and then i make a video, and you ask for.. what, a different video? :)
calwig
... ok ok
nsa
or: mikeperry committed revision 21552 (/torflow/trunk/NetworkScanners/BwAuthority):
or: Go back to voting on guards for a temporary experiment.
fabi
there's a video on that?
arma
fabi: there you go. in an hour or so, we should start voting the new ones.
let us know what you learn
fabi: https://blog.torproject.org/blog/why-tor-is-slow has a link to the video
fabi
i'll restart all measurements tomorrow morning. Then we'll see if there's a significant difference.
nsa
or: mikeperry committed revision 21553 (/torflow/branches/stable/NetworkScanners/BwAuthority):
or: Go back to voting on guards for a temporary experiment.
fabi
(tomorrow morning = in 6 hours from now)
arma
fabi: sounds good
seeess
phobos you around?
tried donating to tor through the united way again only this time i got "Ineligible Agency - Agency has not responded to PATRIOT Act Compliance documentation requests. Please encourage this agency to contact us so your designation request can be paid out"
lulz
arma
seeess: hah. i have no idea what all the patriot act compliance documentation requests encompass, but i imagine i would not be excited to follow them all.
seeess
yeah that's fine it wasnt a lot of money, i just found it funny
that didnt happen last year which is strange, maybe it is just the united way trying to take the money for themselves
they dont seem to be the most upstanding organization
arma
(Action) notes that <a href="https://wiki.mozilla.org/CA:Problematic_Practices">https://wiki.mozilla.org/CA:Problematic_Practices</a> doesn't include "no censorship"
seeess: yeah, my sense is that a lot of the donation aggregation services load up the restrictions so you can't do what you want. unclear if that's just the level of audits required for them, or something more nefarious.
seeess
i'm still running a 1500KB/sec server for the last 3 years, so that is my way to give back i guess
i havent been keeping up with the changelogs, is there a way to get stats from a bridge you run besides the control port?
arma
vidalia prints them once there's something
under 'who has used my bridge'
seeess
it gets that data via the control port?
arma
yep. as an event. or maybe a getinfo.
BarkerJr
<a href="<package-oldosx-bundle-alpha-sha1>">sha1</a>
is that like a template tag?
arma
it's an wml tag, defined in include/versions.wmi
BarkerJr
I wouldn't think it should be in the public html
I'll just spam tor-webmasters
arma
barkerjr: what url?
BarkerJr
download.html.ja, download.html.fr, download.html.ru
also download.html.pt and download.html.de
arma
ah. that's because the -sha1 tag doesn't exist anymore
the correct thing to do is to fix those pages so they don't reference the sha1 thing anymore
BarkerJr
hmm
zBeeble
As background, I run a tor node with 20 megabit of traffic allowance and a good exit policy.
... I was attacked today with well over 100 megabit of sustained hack traffic against http, https, ftp, ftps and ssh login attempts. Roughly 240k unique ip addresses in total, according to the http logs, at least.
arma
yuck. i'm sorry to hear that.
zBeeble
... has this happened to many big tor nodes?
arma
sometimes that can be caused by jerks on irc.
zBeeble
yeah... I've had IRC jerks before. What's odd to me is that this is hack traffic, not just a DDOS.
arma
item #3 on https://www.torproject.org/faq-abuse.html.en#TypicalAbuses
zBeeble
And I'm prepared for it --- this didn't even take me down, really ... just made some latency and packet loss that a couple of customers noticed.
The server in question beat back all the hack attempts (it's a pretty hardened server, and it's FreeBSD, not linux --- so it's just that much more uncommon)
arma
seems kind of weird to use 240k addresses for breakin attempts
also like somebody pressed the wrong button
s/also/almost/
shahn
BarkerJr
does Tor Project have an Employer Identification Number (EIN)?
arma
we do
BarkerJr
can I have it? :)
arma
sure. what for? :)
(Action) starts digging
BarkerJr
I'm trying to add tor project to easymatch.com, and they want that
zBeeble
checking
I don't see myself in that list.
arma
barkerjr: sent via msg. in theory it's a public number, but knowing our fine government, i'm sure there's a way to phish somebody with the number.
BarkerJr
probably
shahn
zBeeble: hm ok
zBeeble: I didn't think so, but it was worth a guess.
zBeeble
I do run a tight ship.
... this all happend with me out at small claims court --- so I wasn't around for the bulk of the attack. Still getting several hundred hits per second... but it's nominal in bits/second.
arma
zbeeble: sounds like fun. let us know how it progresses.
zBeeble
what is that list, BTW?
shahn
zBeeble: some windows virus makes a https connection to those hosts and then immediately closes the connection
people on the list seem to get millions of those
nsa
or: Nick Mathewson <nickm@torproject.org>: 2010-02-03 05:12:31 [tor/master]: Trivial doc fix for exit_policy_is_general_exit_helper
or: Sebastian Hahn <sebastian@torproject.org>: 2010-02-03 04:43:09 [tor/master]: Another new test for exit_policy_is_general_exit()
or: Sebastian Hahn <sebastian@torproject.org>: 2010-02-02 13:51:12 [tor/master]: New testcase for exit_policy_is_general_exit
or: Sebastian Hahn <sebastian@torproject.org>: 2010-02-02 13:51:51 [tor/master]: Don't assign Exit flag incorrectly
videludisto
hi
how do I keep the tor button from disabling on firefox startup?
does the tor bundle come with extras other than torbutton?
why doesn't tor spoof the US English broswer useragent?
it is enabled and I went to whatismyuseragent and it says it is US browser
I found the problem
have a custom override forgot about that
didn't know that tor spoofs useragent until a little while ago
rieo
any feedback on 1240?
or close it
Runa
rieo: nothing new mentioned in the bug rapport, at least.
nickm
I haven't read it yet myself. it's only been there for a few hours, and I need to finish a lot of other stuff pretty soon.
rieo
"for (j = 0; j < 256; ++j)" omg
nickm
Well, it's not like it got merged. :)
rieo
isn't during router_parse_entry_from_string() no checking for redudancies?
for exit policy parsing
nickm
I think all the redundancy checking happens when we generate the router descriptor, now when we parse it.
rieo
so exit_policy_is_general_exit_helper() helpless, somebody can append many acceptes with the same addr and then rejectes. well clients will be confused too not only by flag, but anyway.
calwig
Hello Ladies and Gentlemen
nickm
rieo: are you talking about before or after sebastian's patch? He cleans up a lot of bug 925, I think.
If you mean "after", then I do not understand what case you are talking about exactly.
rieo
03bd98b3b1f92954c286f9d4dd5a2dd5f34a7e8b it's commited
nickm
oh, that one
hm. I see. I can just say "accept 1.0.0.0:80/32, accept 1.0.0.0:443/32" and it will act like I'm a real exit.
Or I'm too sleepy, and I don't see at all.
shahn: see above
rieo
well code for summaries policy can parse fraud, at least it showed reject 1-65535 for b0red relay.
nickm
shahn: The b0red exit policy should be part of the unit test.
rieo
hmm 192.168/16 routable for exit_policy_is_general_exit_helper(), it's checking port with it.
or no.
hmm "reject 1/8:80, reject 1/8:443, accept *:*" non exit with new _helper()
isn't "if (func() == 0)" non tor code style?
or no.
names
desu _4get rrr fabi remx calwig_ jn Tas ygrek videludisto susurrusus cheako linux-guy Meliboeus seeess johnhans rieo edeca_ lavaramano MacLemon dr|z3d webmind formalist veren atagar redleg Fredzupy dfi G-Lo obvio171 jrabbit Barnerd anonym `Orum ONid packbart rudi_s copton darrob morphium LoRez infralit1 nickm Arancaytar_ dun Ragnor_ ruskie hanru qbiort ivan` lokkju_wrk_ Cbas alip quasisane xx82 mischief NickDe BarkerJr tomaw [R] hihos T_X
jrabbit MacLemon dun anonym susurrusus tomaw quasisane formalist ygrek videludisto fabi desu atagar `Orum mischief linux-guy hanru Fredzupy webmind cheako Arancaytar_ qbiort Cbas Ragnor_ remx lavaramano dr|z3d merlijn calwig_ seeess weasel packbart _4get alip infralit1 Barnerd Meliboeus lokkju_wrk_ T_X redleg edeca_ copton veren LoRez [R] xx82 obvio171 hihos morphium jn rudi_s ivan` johnhans rieo rrr ONid nickm ruskie NickDe G-Lo dfi Tas
valets
worsen names desu _4get rrr fabi remx calwig_ jn Tas ygrek videludisto susurrusus cheako linux-guy Meliboeus seeess johnhans rieo edeca_ lavaramano MacLemon dr|z3d webmind formalist veren atagar redleg Fredzupy dfi G-Lo obvio171 jrabbit Barnerd anonym `Orum ONid packbart rudi_s copton darrob morphium LoRez infralit1 nickm Arancaytar_ dun Ragnor_ ruskie hanru qbiort ivan` lokkju_wrk_ Cbas alip quasisane xx82 mischief NickDe BarkerJr tomaw
pigging
escort valets worsen names desu _4get rrr fabi remx calwig_ jn Tas ygrek videludisto susurrusus cheako linux-guy Meliboeus seeess johnhans rieo edeca_ lavaramano MacLemon dr|z3d webmind formalist veren atagar redleg Fredzupy dfi G-Lo obvio171 jrabbit Barnerd anonym `Orum ONid packbart rudi_s copton darrob morphium LoRez infralit1 nickm Arancaytar_ dun Ragnor_ ruskie hanru qbiort ivan` lokkju_wrk_ Cbas alip quasisane xx82 mischief NickDe
escort
valets worsen names desu _4get rrr fabi remx calwig_ jn Tas ygrek videludisto susurrusus cheako linux-guy Meliboeus seeess johnhans rieo edeca_ lavaramano MacLemon dr|z3d webmind formalist veren atagar redleg Fredzupy dfi G-Lo obvio171 jrabbit Barnerd anonym `Orum ONid packbart rudi_s copton darrob morphium LoRez infralit1 nickm Arancaytar_ dun Ragnor_ ruskie hanru qbiort ivan` lokkju_wrk_ Cbas alip quasisane xx82 mischief NickDe BarkerJ
pigging
rieo Tas MacLemon G-Lo johnhans worsen Meliboeus lavaramano escort Cbas LoRez Arancaytar_ valets jn names ivan` ONid veren videludisto dun NickDe `Orum infralit1 seeess edeca_ formalist packbart nickm ygrek _4get remx BarkerJr dr|z3d alip quasisane xx82 rudi_s Ragnor_ susurrusus atagar fabi lokkju_wrk_ morphium ruskie obvio171 calwig_ anonym redleg copton rrr jrabbit Fredzupy qbiort mischief darrob tomaw cheako linux-guy Barnerd webmind
differs
wackier pigging escort valets worsen names desu _4get rrr fabi remx calwig_ jn Tas ygrek videludisto susurrusus cheako linux-guy Meliboeus seeess johnhans rieo edeca_ lavaramano MacLemon dr|z3d webmind formalist veren atagar redleg Fredzupy dfi G-Lo obvio171 jrabbit Barnerd anonym `Orum ONid packbart rudi_s copton darrob morphium LoRez infralit1 nickm Arancaytar_ dun Ragnor_ ruskie hanru qbiort ivan` lokkju_wrk_ Cbas alip quasisane xx82 m
governs
hobbies differs wackier pigging escort valets worsen names desu _4get rrr fabi remx calwig_ jn Tas ygrek videludisto susurrusus cheako linux-guy Meliboeus seeess johnhans rieo edeca_ lavaramano MacLemon dr|z3d webmind formalist veren atagar redleg Fredzupy dfi G-Lo obvio171 jrabbit Barnerd anonym `Orum ONid packbart rudi_s copton darrob morphium LoRez infralit1 nickm Arancaytar_ dun Ragnor_ ruskie hanru qbiort ivan` lokkju_wrk_ Cbas alip
alip qbiort MacLemon edeca_ packbart valets rudi_s rrr dun formalist hobbies Fredzupy worsen ygrek escort lavaramano atagar Ragnor_ Cbas LoRez ruskie redleg jn ivan` differs seeess obvio171 nickm fabi G-Lo anonym `Orum ONid Arancaytar_ quasisane desu Barnerd pigging wackier dfi rieo veren cheako linux-guy remx xx82 Tas lokkju_wrk_ susurrusus infralit1 videludisto Meliboeus webmind jrabbit _4get morphium copton johnhans hanru calwig_ dr|z
escort
worsen tomaw `Orum webmind G-Lo linux-guy mischief Cbas veren lokkju_wrk_ [R] hihos seeess Barnerd jrabbit susurrusus Arancaytar_ anonym NickDe _4get Fredzupy alip valets nickm desu quasisane darrob atagar redleg LoRez MacLemon qbiort BarkerJr rudi_s fabi xx82 jn packbart rieo names dun obvio171 ivan` morphium Meliboeus T_X rrr infralit1 copton dfi johnhans lavaramano Tas dr|z3d ONid hanru formalist cheako ruskie remx Ragnor_ ygrek calwi
valets
calwig_ alip edeca_ redleg desu BarkerJr MacLemon Arancaytar_ lokkju_wrk_ tomaw veren morphium fabi hanru infralit1 cheako quasisane worsen T_X linux-guy ONid ygrek lavaramano atagar dfi darrob qbiort [R] packbart Ragnor_ nickm Tas formalist rieo `Orum mischief hihos remx dr|z3d anonym ruskie Cbas copton videludisto ivan` Meliboeus jn obvio171 dun weasel susurrusus Barnerd LoRez jrabbit _4get webmind rrr G-Lo names johnhans xx82 rudi_s s
governs
`Orum quasisane redleg rieo rudi_s johnhans worsen ygrek differs morphium MacLemon names G-Lo ruskie Arancaytar_ infralit1 escort nickm Barnerd calwig_ jn packbart seeess videludisto lokkju_wrk_ cheako pigging linux-guy alip webmind obvio171 ivan` desu valets darrob lavaramano wackier Cbas xx82 dr|z3d LoRez susurrusus Tas Fredzupy ONid _4get formalist atagar hobbies edeca_ Ragnor_ jrabbit rrr fabi copton hanru veren qbiort anonym remx du
since
colonel purring truth governs hobbies differs wackier pigging escort valets worsen names desu _4get rrr fabi remx calwig_ jn Tas ygrek videludisto susurrusus cheako linux-guy Meliboeus seeess johnhans rieo edeca_ lavaramano MacLemon dr|z3d webmind formalist veren atagar redleg Fredzupy dfi G-Lo obvio171 jrabbit Barnerd anonym `Orum ONid packbart rudi_s copton darrob morphium LoRez infralit1 nickm Arancaytar_ dun Ragnor_ ruskie hanru qbiort
governs
linux-guy qbiort alip packbart cheako johnhans fabi _4get atagar seeess anonym Cbas Arancaytar_ susurrusus Fredzupy infralit1 Ragnor_ G-Lo darrob wackier lokkju_wrk_ escort desu ivan` webmind ruskie quasisane ygrek lavaramano jn copton LoRez redleg veren rieo edeca_ hobbies formalist valets pigging dr|z3d Meliboeus differs hanru xx82 rudi_s MacLemon jrabbit remx ONid dfi videludisto nickm obvio171 dun morphium worsen calwig_ Tas names Ba
empathy
gingko since colonel purring truth governs hobbies differs wackier pigging escort valets worsen names desu _4get rrr fabi remx calwig_ jn Tas ygrek videludisto susurrusus cheako linux-guy Meliboeus seeess johnhans rieo edeca_ lavaramano MacLemon dr|z3d webmind formalist veren atagar redleg Fredzupy dfi G-Lo obvio171 jrabbit Barnerd anonym `Orum ONid packbart rudi_s copton darrob morphium LoRez infralit1 nickm Arancaytar_ dun Ragnor_ rus
governs
ivan` morphium Ragnor_ wackier desu dr|z3d alip worsen escort packbart edeca_ susurrusus fabi LoRez formalist Fredzupy infralit1 differs Cbas ygrek Barnerd copton ruskie videludisto Meliboeus linux-guy quasisane rrr names Arancaytar_ anonym xx82 atagar pigging Tas redleg rieo ONid jn hanru lokkju_wrk_ calwig_ nickm remx hobbies webmind dun johnhans darrob valets rudi_s seeess _4get qbiort jrabbit dfi `Orum G-Lo cheako MacLemon lavaramano
« prev 1 2 3 4 next »