logs archiveIRC Archive / Oftc / #tor / 2010 / April / 17 / 1
nsa
or: runa committed revision 22194 (/projects/gettor/i18n/zh_CN): fixed gettor.po for kaner
BarkerJr
so, I'm thinking I should set RelayBandwidthRate to half my bandwidth on each relay, and RelayBandwidthBurst to all my bandwidth
arma
plausible
nsa
or: pootle committed revision 22195 (/translation/trunk/projects/website): added Vietnamese
or: runa committed revision 22196 (/website/trunk/press/pl): translated files for the website
or: runa committed revision 22197 (/translation/trunk/projects/website/vi): lots of new po files
or: runa committed revision 22198 (/website/trunk): there is no need for the path to my logfile
Sebastian
BarkerJr: you wanted to talk to me?
BarkerJr
actually, I think I got it
Francis
Is there any way to find out if a Firefox plugin calls home/leaks your IP?
BarkerJr
one of my relays is using 101% cpu and 1604MB ram, while the other is using 6% cpu and 139MB ram :)
Sebastian
ah :)
         

Francis
Maybe I can ask that question in another way.
Sebastian
Looks like one is slightly more popular.
BarkerJr
hehe
Sebastian
Francis: To be sure, you'd want to use something like wireshark
Francis
How do I make sure all traffic on firefox uses Tor, even plugins?
misc
use a firewall
BarkerJr
I wonder if I made my smaller one be the directory mirror that'd help even it out
Francis
Sebastian, I'm connecting to tor through a VPN, so I don't think that would work.
Sebastian
BarkerJr: What is the name of the new one?
Francis: yeah, that might be a bit tricky then
Francis
misc, Are you talking to me? How do you use a firewall to make sure all traffic goes through Tor?
Sebastian
BarkerJr: is it BarkerJrParis1b?
BarkerJr: and BarkerJrParis1b gets less traffic?
BarkerJr
yeah
misc
Francis: just block all traffic except the one of tor
Sebastian
BarkerJr: ok. Yeah, I think once BarkerJrParis1b is also Stable (wish shouldn't take so terribly long) it'll even out
Francis
127.0.0.1:9050
?
misc
Francis: well, under linux, you can block by pid
or by uid
Francis
Would that be sufficient?
oh really?
BarkerJr
yeah :)
Francis
misc, Wouldn't that be difficult if I wanted to use other applications that don't use Tor at the same time?
BarkerJr
you'd think most bandwidth would be used by non-stable protocols
         

Francis
misc, Do you happen to know how I'd fix that?
katmagic
You could run the Tor applications under a different UID than the rest of your programs.
Francis
katmagic, and that would prevent add-on leaks?
I don't see how that would prevent add-on leaks.
katmagic
Yes, assuming you've blocked traffic from that UID and your threat model doesn't include exploitation.
Lucky
FYI: Tonga (Bridge Authority) will go down for maintenance on Saturday at around 05:00 UTC. I expect the down time to last less than an hour.
arma
great. thanks for letting us know.
we're not making as much use of the bridge authority as we should, due to some bugs in tor clients that i haven't managed to fix yet
so the downtime shouldn't be too noticeable to users. feel free to make it two hours if you need to.
Lucky
And hour should be plenty. And given the choice, I'd rather have you folks re-enable the ability to cap bandwidth than fix bridge-related issues. (Based on what I read on or-talk). :-)
arma
yeah. boy. ugh.
opoppoppo
hy all
arma
lucky: i'm still thinking the flood of connections is caused by something other than our bandwidth weighting algorithm.
opoppoppo
it posible to conect to bitlbee with tor , anyone familiar with this ?
arma
is there anybody here whose relay is being hammered by connections?
misc
mhh i do not really look at it, but if you tell me, i can check
Lucky
Honestly, I don't really care what triggers that particular issue. I am disturbed by the fact (assuming that is true) that operators can no longer set a bandwidth cap. If I understand things correctly.
arma
lamar: interesting. might work. no idea if bitlbee leaks private information internally.
Sebastian
Lucky: I was afraid people might think that
arma
lucky: no, they can set a bandwidth cap. that's works fine.
Sebastian
I'm waiting for arma to clear that up
I'll time out tomorrow ;)
arma
the problem is that many tor clients produce many tcp connections to them
which is bad for them for other reasons. their cable modem router falls over from the number of connections, etc
Sebastian
What you cannot do anymore is set a low advertised bandwidth, so you attract few users, and have lots of spare capacity.
katmagic
lamar: yes, if the Bitlbee server doesn't block Tor.
Sebastian
So if you set a high BandwidthRate, expect 100% of that to be used.
compared to earlier, where your connection wouldn't be fully saturated.
Francis
katmagic, I don't see how that would prevent add-on leaks.
Sebastian
arma: I think it's important to not only look at the connection issue right now. Even a few weeks ago, we had people who had earlier been able to run Tor relays not being able to do so anymore, because the bw authorities realized how much data they can push; giving them more clients than they can handle.
lamar
on http://en.linuxreviews.org/Bitlbee , its said :
Tor Bitlbee Servers
These are location hidden Tor-services.
2uqqegdqdrw2mlit.onion:6667
zvv4lqu37sbndsao.onion:6667
Sebastian
As we're trying to grow the network, this will be a problem for lots more users.
lamar
anyone could explain how to connect to those servers ?
Francis
katmagic, could you please explain a bit
katmagic
Francis: I'm not quite sure exactly what you're confused about.
lamar: you have to configure your IRC client to use Tor.
Francis
katmagic, all of it
doesn't make any sense
Sebastian
arma: I think maybe one of the reasons why this is only a problem for high-bandwidth nodes is that a high bw node already has really high cpu usage. Fluxe3 has no problem doing lots more crypto than it usually does, it won't have a big queue of onionskins it still needs to decrypt etc, so it can close connections quickly. Relays with high cpu load need to keep them open longer, introducing more overhead, etc.
fluxe3 was at 15% cpu earlier this morning. Now it is 4%. It used to be between 1 and 3%.
katmagic
Francis: if a program can't connect to the Internet, than it wouldn't be able to ping computers connected to the Internet.
lamar
katmagic, its there a site tutorial to show me how to setup my irc client to use Tor ?
Lucky
Sebastian: OK, so if I understand this correctly, then not having a delta between upstream bandwidth allocated to Tor and bandwidth used really only matters to uses that want to use part of their Tor capacity for themselves. Not an issue for me. All I care about is being able to throttle Tor such that the server doesn't hit a load of 20.
nickm
arma,Sebastian,mikeperry : Some of these problems would go away if the bwauthorities were allowed to _lower_ declared bandwidth, but not raise it
Lucky
Guess I shoudl read the the backlog. I bet this was all discussed in detail. ;-)
katmagic
lamar: What client are you using?
lamar
mirc
arma
nickm: true. but the big benefits would go away too, i believe. tor was not as fast as it could be because of all the fast relays that no clients knew were fast.
katmagic
lamar: http://wiki.noreply.org/noreply/TheOnionRouter/TorifyHOWTO/IrcSilc#mIrc
Sebastian
Lucky: right, you should still be able to do that.
arma
sebastian: another piece of the challenge is that if you crank down bandwidthrate, it takes a day or two before the bwauthorities respond
lamar
katmagic, thanx 4 now
nickm
arma: those were also fast relays that did not know themselves that they were fast.
arma
whereas before it used to be a few hours before clients would change their behavior
nickm: sure
Francis
katmagic, why are you talking about programs not being able to connect to the internet now?
Sebastian
I'm just wondering what to do. It seems obvious that a lot of relays might have a sh*tton of bandwidth, but not other ressources to handle that many connections. We're seeing this on crippled vservers with 100mbit/s links - bw testing would rank them high, but they can't even be relays advertising 20kB/s because they don't have enough file descriptors. So we're making zero use of them.
Everyone who comes here gets the recommendation to run a bridge instead from me. But those were people who wanted to run relays.
katmagic
Francis: Because you blocked connections from the user the program you're worried about is running as from accessing the Internet.
Francis
katmagic, I'm not trying to block any connections
arma
we could let relays publish their maxadvertisedbw in their descriptor, and authorities would try to obey it
lamar
katmagic, i setup my client like on that tutorial , and when i try to conect to those two hiden toer service server i got this error:
* Connecting to zvv4lqu37sbndsao.onion (6667)
-
* Unable to connect to server (Connection attempt timed out)
-
* Connect retry #1 zvv4lqu37sbndsao.onion (6667)
arma
that's an easy hack to add back in.
Sebastian
arma: I don't see how that is useful when load balancing is done by weights
arma
well, they specify a max weight.
Sebastian
arma: because the weights aren't bandwidths anymore
arma
sure
they look in the consensus, see that their number is too high, ask in their descriptor to have a number no higher than x
Sebastian
specifying a max weight also doesn't help if you don't know the other weights
and specifying a percentage doesn't help if you don't know the total
arma
sure.
none the less, it would work. they choose a smaller number, and keep choosing smaller numbers until they're happy.
Sebastian
How does a relay notice it is happy? :)
lamar
katmagic, if i try to conect o original server "im.bitlbee.org" its works perfect , why it dosent work on those 2 tor hiden service servers ?
arma
how does a relay notice it's unhappy?
the opposite of that :)
Sebastian
usuallly, it doesn't. Sometimes it might get oom-killed, sometimes it has onionskin warnings in its logs
most cases, it just stops working altogether as it just killed the router or even crashed the system
(at least judging from the reports in here and on the ml)
lamar
katmagic, still here?
Sebastian
Or the operator notices some kind of degradation (or the operator gets mail from his upstream)
Maybe I'm missing something obvious.
I guess we could teach Tor a few options
"oh, we're getting close to using MaxMemoryConsumption bytes of memory. And we're also using close to MaxFileDescriptors fds. Let's make sure we get a lower number for our bw in the next consensus"
katmagic
lamar: They're probably not functioning. Most hidden services are down.
Sebastian
but that requires a bit of design and experimenting to get right, I think.
katmagic
lamar: yeah.
lamar: the only working IRC server I know of is 4eiruntyxxbgfv7o.onion.
(The only working hidden service IRC server, I mean)
BarkerJr
I think the root problem here is that it takes several hours to update
Francis
Would anyone be able to explain what katmagic was trying to tell me?
BarkerJr
if we want to dynamically update the advertised bandwidth, we need faster updates to the clients
Sebastian
yeah, we want those anyways to make better use of relays that aren't very stable
BarkerJr
if we had faster updates, we could do a lot of cool things with tor, though I can't think of any at this time
Sebastian
I think microdescriptors is supposed to help towards that.
BarkerJr
yeah
katmagic
Francis: I don't really understand what you don't really understand. What is it that you're trying to do, exactly?
Francis
katmagic, I just want to make sure my addons only connect through Tor.
puglia
hello to everybody
question: tor ip are all g-lined on undernet server ?
question: tor ip are all g-lined on all undernet server ?
Sebastian
yup, undernet is one of the networks banning Tor.
puglia
its a way to search wich ip are g-lined and wich not ?
Sebastian
nope
puglia
only connect-reconnect on disconnect untill i founf lucky ip ? :(
only connect-reconnect on disconnect until i found lucky ip ? :(
Sebastian
no, find another solution.
You're just placing load on the network for nothing good.
You'll be g-lined again soon enough.
puglia
Sebastian, but i whant to be anonimous on the undernet chnnels :(
Sebastian
Right. But undernet doesn't want that. Sounds like you want to find a replacement for undernet.
puglia
<Sebastian> no, find another solution.
whart solution can you have in mind ?
Sebastian, what solution can you have in mind ?
Sebastian
maybe you find an open proxy that you can chain after tor
or something else
puglia
Sebastian, any sugestions ?
Sebastian
Don't you think I would've given any by now? No, I don't have any.
puglia
k , tx
formalist
puglia. let somebody help you.
i know for a fact that not all of the exit nodes are g-lined, because spammers use them every other day.
the ones that aren't g-lined.
puglia
formalist, and what option do i have then ?
formalist. connect-reconnect on disconnect until i found lucky ip (that is not g-line)? :(
formalist
puglia. pick an exit node that doesn't advertise a lot of bandwidth.
puglia
formalist, and i will do that ?
from my knowlege its not posible to chose / control tor , tor its just chosing ip randomaly , its that corect ?
atagar
puglia: here ya go: https://www.torproject.org/faq#ChooseEntryExit
puglia
formalist, still here?
atagar, and how shoud i know wich node , contry to chose whos ip are not g-line ?
atagar
puglia: formalist's suggestion was to use a low bandwidth exit. To do that look at a site like 'http://torstatus.kgprog.com/' that provides an overview of tor relays (with their fingerprint), pick one, and use the mentioned option in your torrc
puglia
atag ok, thanx
atagar
np
formalist
i'm guessing you want to try something that isn't likely to be used.
i think tor typically choses nodes based on bandwidth.
BarkerJr
Sebastian: what is odd to me is that bandwidth and cpu don't seem to really have any correlation
cpu dropped from 80% to 45& with no change in bandwidth it seems
nsa
or: phobos committed revision 22199 (/website/trunk/include): differentiate gnu-tbb from win-tbb.
derekm
hi, is there anything like tordns for linux?
maybe some iptables workaround?
so .onion addresses can be resolved from any application
BarkerJr
not really, cause .onion doesn't resolve to an IP
bbl
formalist
derekm. there's a torrc option.
derekm
which option is that?
not mapaddress, right?
formalist
AutomapHostsOnResolve 1
derekm
thanks
formalist
it'll have tor make up ip addresses for onion addresses.
derekm
cool
formalist
what is tordns btw?
derekm
it's a windows app that fixed the dns leak
i never used it though
formalist
one way to prevent dns leaks on linux would be to use target dnat in the nat table.
« prev 1 2 3 next »