logs archiveIRC Archive / Oftc / #tor / 2010 / April / 21 / 1
Sebastian
hrm, offshare is gone.
nsa
or: [tor/master] 2010-04-20 21:56:28 Roger Dingledine <arma@torproject.org>: bump to 0.2.2.12-alpha-dev
or: [tor/master] 2010-04-20 22:02:23 Roger Dingledine <arma@torproject.org>: more logging when tracking missing descriptors
sylar
so what is the purpose of polipo, and how do I use squid instead?
I thought tor is a proxy server
Sebastian
sylar: the purpose is that firefox has a broken socks implementation, that has a hard-coded timeout and some other nastyness built-in. Using an http proxy works around those bugs.
sylar
ah
so if I should be able to just set the proxy to my local squid?
Sebastian
If Firefox fixed its bugs, we'd most likely drop the requirement.
I think so, if your squid is configured to point to tor
sylar
?
the proxy point to tor?
Sebastian
yes
Tor is a Socks proxy
polipo (or in your case squid) gets configured to point to tor
sylar
so one proxy point to the other proxy?
         

Sebastian
and then your browser is pointed to polipo acting as an http proxy
sylar
ah
but my squid , I want it to surf directly... could it have two definitions?
arma
sounds like you should run squid and polipo separately
sylar
with polipo, do I need to set anything, or just install it?
arma
you need to follow the instructions that we very carefully wrote on our documentation page.
sylar
(on debian lenny)
(Action) looks
Sebastian
I guess sqid can be configured to do that.
But we can't help you with that
what arma suggested will be tons easier.
sylar
aha
ok
what about privoxy? I see in the doc it is an alternative to polipo
Sebastian
it is an alternative.
sylar
so, why is polipo first?
Sebastian
because it is faster than privoxy
sylar
but privoxy gives some more privacy no?
Sebastian
Relying on a proxy is not a good idea, because it cannot look into https connections and you generally need your browser to take care of your anonymity needs. That's why Torbutton was created.
Neither Privoxy nor Polipo are used for their filtering (in)capability
sylar
does the tor button does any filtering?
Sebastian
https://www.torproject.org/torbutton/design/
sylar
ok
bja
sylar: still king of the hill on that department. But sometimes it fails to load some stuff while using tor
sylar
bja, which one?
BarkerJr
my relay with ulimit problems seems to have dropped off the concensus today
should I restart it?
arma?
killing it with INT just caused it to start using 100% cpu after 30 seconds
TERM didn't help, either, but 9 did it
arma
barkerjr: which nickname?
         

BarkerJr
BarkerJrParis1b
arma
when did it fall out?
BarkerJr
not sure :/
but I see you fiuxed it in the changelog :)
arma
is it still out?
BarkerJr
I restarted it, so it'll probably be back shortly
nsa
or: [tor/master] 2010-04-21 00:17:28 Roger Dingledine <arma@torproject.org>: windows packaging cleanups from phobos
arma
Apr 20 19:50:05.907 [info] update_consensus_router_descriptor_downloads(): Learned about BarkerJrParis1b (2010-04-20 23:42:08 vs none) from urras's vote (unknown)
Apr 20 19:52:09.343 [info] update_consensus_router_descriptor_downloads(): Learned about BarkerJrParis1b (2010-04-20 23:50:18 vs 2010-04-20 23:42:08) from gabelmoo's vote (known)
BarkerJr
toe weather emailed me at Tue, 20 Apr 2010 20:08:48 +0000 (UTC)
arma
when did you restart it?
BarkerJr
I restarted it at Apr 20 23:49:01
utc
arma
well, it published something at 23:42:08
looks like you restarted it then
BarkerJr
Apr 20 23:42:08.008 [notice] Interrupt: will shut down in 30 seconds. Interrupt again to exit now.
that's right :)
arma
holy cow
BarkerJr
23:49:01 was the startup: Apr 20 23:49:01.136 [notice] Tor 0.2.2.11-alpha (git-9cde5a4629769d42) opening log file.
arma
that explains why moria1 isn't hearing votes
"moria1 orport=9101 no-v2 "
"v3ident=D586D18309DED4CD6D57C18FDB97EFA96D330566 "
"128.31.0.39:9131 9695 DFC3 5FFE B861 329B 9F1A B04C 4639 7020 CE31",
"that's not my ip"
BarkerJr
heh nice
arma
i think moria1 has been unreachable since january
and, fixed. this will maybe make things easier.
it may also make moria1 reachable from china, as was the original plan.
BarkerJr
oh, you changed the blocked ip and forgot to tell anyone about it? :P
arma
no, i told everyone.
i just forgot to listen there.
BarkerJr
it's a good thing you don't swear :)
arma
:)
we built this tor thing too damn robustly. if it had been brittler, i would have found that bug months ago.
keb
is it possible that bitblinder folks have configured their clients to use the Tor network? i wonder how to check
katmagic
BitBlinder uses a separate network, doesn't it?
keb
it should but what is stopping it from using Tor
katmagic
It would have different directory authorities configured.
arma
keb: you could grab a bitblinder client and see where it connects
keb
ok
Francis
what would be a secure, lightweight, customizable distribution to install tor on?
keb
android?
Francis
by customizable i mean able to create your own live cd
perhaps I'll stick with puppy
keb
puppy is light for sure
Francis
i don't know about secure though
i heard it wasnt the bes
t
katmagic
Oh. Francis.
Francis
what?
katmagic
I forgot to tell you something in my instructions. Those iptables commands have to be run at every boot.
webmind
Francis, secure isn't an absolute. so it's only as secure as far as you understand it. there you want a transparant system.
which would fit inline we the desire for customiseability
katmagic
Francis: How about OpenBSD?
Francis
katmagic, is that under 100 mb?
or under 120
webmind
openbsd under 100/120 is tricky
Francis
i don't like tricky
:)
katmagic
Ah. You could use Gentoo to make the CD, but to actually install Portage on it would push it way over.
webmind
as for small you could look at http://www.slitaz.org/en/
there's alspo this kit some licecd's are based on
Francis
webmind, what kit?
webmind
somewith nwith an 's
can't remember the name
Francis, slax also might be worth a look
Francis
webmind, you can compile on slitaz?
apps that aren't in it's package system
add repositories or anything like this
katmagic
You can cross-compile if you're wanting to make a LiveCD.
Francis
katmagic, you mean I couldn't put tor on puppy if they didn't have a package for it (for example's sake)
keb
i compiled tor on puppy last year, it worked fine
Francis
and then put it on a live cd?
keb
nope didnt try that, but i think there are livecd instructions forpuppy
katmagic
I don't know if it includes a compiler or not. What I mean to say is that you can compile the program on a different system and just place the binary on your LiveCD.
Light
i was wondering, are tor connections reliable, meaning if a node goes down, a new circuit is established while the apps are unaware that a re-route has happened
or will the apps actually get disconnected
katmagic
The circuits will close.
webmind
Francis, I don't know
Light
so i am an app that uses a tor socks proxy, i will get be informed that conn has closed/
webmind
Francis, I just looked for small distributions
katmagic
Light: Yes.
Light
so in a way tor is unlike other overlay networks that are able to reroute and still maintain the end connections to clients
tks
katmagic
I'd be surprised if other networks could do this. I don't believe you can just continue a TCP connection from a different IP and pretend as if nothing happened.
arma
katmagic: you can if the exit relay isn't the one that goes down
tor has thought about adding this feature, but it'd be a mess of new protocol stuff
Light
i noe aother architectures like spines can do that
its just that spines do not offer anonymity
am looking for something that offers the best of both worlds
but it seems like it wun be such an ez solution
katmagic
arma: Do you mean adding the feature of being able to switch exit nodes, or being able to switch entry/middle nodes?
arma
being able to do what light described
the latter, i guess
Light
yeap, its like your average routers. if a router is down, the packets are simply rerouted
arma
if tor ever switches to udp transport, it'll be easier
Light
i think there is also the issue of the onion layered encryption
anyway, just wanted to verify that if u connect host a to host b via tor maybe using netcat. if an intermediate node goes down, the netcat will disconnect immediatel
arma - are u doubly sure that tor has thought about adding this feature
arma
doubly.
i even wrote about it
Light
oh
arma
https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#MigrateStreams
alas, it's a wiki so some dude scribbled garbage at the end. sorry about that. :)
Light
haha no problem
arma
well, maybe not garbage. maybe brilliant insights, poorly worded.
keb
the definition of Stable has already been refined as suggested there
Tas
what's described there in the last paragraph is why I connect via a tunnel to a Tor instance running on a static IP address. otherwise I'd get disconnected here in IRC every 24 hours
same for SSH connections. only stay up when they go via a tunnel
keb
hmm. i have a static ip address but i still get disconnected
Tas
but not in 24 hour intervals
keb
and thats not the tor ip i am using
doh
Tas
a nice side effect of IPv6 tunnels, by the way, that connections stay up. :-)
micah
arg, oom on my exit node
keb
wow today i got over 100 "Attempt by [scrubbed] to open a stream from unknown relay. Closing." in a row milliseconds apart
maybe i should let it display the ip address and sick fail2ban on them
if its the same source
bja
keb: a small statistical anaylisis should give you the number of tries normally allowed per hour, use a 1.3 factor and fail2ban should be a nice solution
keb
of course i dont want to log legit users
yesterday there was talk in here about relays maybe not being in the consensus due to a voting issue
arma
keb: if i were doing it i'd have safelogging to 0 and would be trying to figure out what fraction of them are relays that just aren't in my consensus somehow
micah: sorry to hear. if you want to follow the threads on it, there are many on the tor-relays list. common problem as tor fails to scale..
nsa
or: erinn committed revision 22214 (/torbrowser/trunk): bump tor and tbb versions
or: erinn committed revision 22215 (/website/trunk/include): update tbb/tor version
or: [tor/master] 2010-04-21 07:12:14 Roger Dingledine <arma@torproject.org>: immediate reachability check for new relays
qbirot
Can anyone have a look at capoteATWO?
fingerprint DD0F 0A72 A773 ED5F 2EA2 98BE 0DD1 1775 60F9 7A9A
It seems to be router inside an university network which lets nobody use the network outside.
So it's not really usable as tor relay. :-)
Sebastian_
confirmed. Mailing authority operators
nsa
or: [Tor] #1364 was updated: #1364: testing, yo - http://trac.torproject.org/projects/tor/ticket/1364#comment:1
or: Changes (by erinn):
or: * cc: erinn@& (added)
or: [...]
helix
oh hello nsa bug bot
Sebastian_
woo
helix
Sebastian: did you do that? :)
Sebastian
no, weasel did that. You added the something.noreply.org to the always_bcc line, remember? :)
helix
I guess I did, but that change is not so recent
so I assumed somethin' new happened. but good point.
weasel
nsa was set up at the same time you added it
Sebastian
helix: that change is not so recent, but now trac actually sends out email ;)
helix
in a manner of speaking
anyway I got the actual email 45m ago, that's why I was surprised
weasel
greylisted?
helix
I don't do greylisting
weasel
but nsa does
helix
derp
right
weasel
nsa doesn't read /your/ mailbox :)
helix
oh I bet they do
weasel
*this* nsa doesn't.
« prev 1 2 next »