logs archiveIRC Archive / Oftc / #tor / 2010 / April / 28 / 1
dandon
10-04-27 | 20:55:23>Sebastian<hab vorhin meine platte bisschen ausgemistet und das hier gefunden (jetzt gerade bisschen ueberarbeitet). hab's vor paar wochen/monaten gemacht nur dann wieder vergessen.. sind die aussagen so korrekt?
http://tinypic.com/usermedia.php?uo=JDduC2mKjdsyY1uRCPgjD4h4l5k2TGxc
Sebastian: |^|
Sebastian
dandon: there's an image with small typing that's very hard to read.
dandon
click it :)
sorry
Sebastian
yeah clicking it didn't help
dandon
http://i43.tinypic.com/rvj4b5.jpg
Sebastian
that looks better.
Mirroring the relay directory has nothing to do with getting banned by ISPs.
dandon
not by isps
by regular sites
or irc or w/e
Sebastian
same thing
dandon
if somone takes the direcotyr and blacklists it?
         

Sebastian
either they ban you for just running a relay, or they ban you because you run an exit
dandon
takes the ip add.
Sebastian
whether you mirror the directory doesn't play into it.
dandon
but where will they get your ip add. if you only run a relay without dirport
Sebastian
It is still listed in the consensus just as well
This is why we recommend that people don't write their own instructions on how to setup Tor, but rather just point to our instructions, or help make our instructions better if they're confusing.
atagar_
dandon: all relays are listed except bridges
dandon
hm. yeah. Sebastian i know. i just had this laying around and then while browsing torproject.org saw the tor guide. so..
so why should someone mirror the directory
Sebastian
because it is necessary, that's a way where clients go to learn about who is currently a relay
you don't distribute that list if you don't tick that box.
atagar_
I'm pretty sure all relays by default do (isn't the DirPort pretty much obsolete now?)
Sebastian
atagar_: sorry, but you're wrong.
atagar_
Sebastian: Yay! Let the enlightenment begin!
Sebastian
atagar_: the dirport itself isn't used for fetching the directory information anymore (at least in most cases), clients make a onehop tunnel using your orport
whether you mirror the directory or not is still controlled by having a dirport != 0, and that's what clients use to detect who mirrors the directory.
dandon
let me just bring up one example
atagar_
ahhhh, ok (shouldn't we deprecate the dirport option in favor of something more descriptive like 'MirrorDirectoryAuth' boolean instead?)
Sebastian
atagar_: Bug https://trac.torproject.org/projects/tor/ticket/1338 has a tiny bit more info.
atagar_: See this question in the linked bugreport: "Will making everyone a directory mirror put too much load on the authorities?"
among other things.
BarkerJr
how can you tell if a bug is open or closed?
Sebastian
(We're planning to make everyone a mirror. No timeframe yet)
BarkerJr: see the headline
"Ticket #1338 (new defect: None)"
a closed ticket might look like this:
Ticket #910 (closed defect: Fixed)
dandon
i just recently started relaying traffic again and the "first" time i relayed the directory after a few weeks or days i couldn't access the official emule channel. forgot which server..
BarkerJr
so, this one is still "new" even though arma said he closed it a week ago? https://trac.torproject.org/projects/tor/ticket/1346
dandon
i was banned on the server and she told me it was
wait i still have the mail
         

Sebastian
BarkerJr: that looks like something for helix to look into.
maybe he never closed it
BarkerJr
could be
cause this one imported as closed fine: https://trac.torproject.org/projects/tor/ticket/1353
question: will my relay ever become a guard if I don't restart it?
Sebastian
yes
I believe we had a bug in the past where it wouldn't, but fixed that bug.
BarkerJr
so the current uptime is averaged into the mtbf
Sebastian
I think guard doesn't use mtbf
or stable doesn't? ugh.
I can never keep them straight. Way too complex.
helix
BarkerJr: do you remember if he actually closed it?
someone would have a mail about that if so
from flyspray
Sebastian
looks like he never did.
Good thinking with the email address. I totally forgot about that. ugh.
BarkerJr
hmm, I only have an email re adding the comment
Sebastian
Sorry for the noise.
BarkerJr: yup, same here. And adding a comment doesn't work while closing a ticket at the same time. So, he didn't close.
helix
Sebastian: hmm?
Sebastian
hm?
helix
I remember being able to close bugs on flyspray with a comment
Sebastian
Sorry I'm slow and sucky today.
helix
and you can do it on trac too
Sebastian
in flyspray you had this extra field for a closing comment
which was something different than a normal comment on a ticket
that's what I mean
helix
ah yes, that is true
btw Sebastian I added the tor-bugs@ to always bcc, did you get any mails yet?
I don't think there have been new comments
I should test it
Sebastian
nope
I didn't
monkey_d_luffy
I installed tor 0.2.2.13-alpha and enabled the telnet control port. However when I try this command: setconf CircuitBuildTimeout 10 I get an error: 552 Unrecognized option: Unknown option '10'. Failing.
What am I doing wrong?
dandon
ok i found the mail.. it was the german-elite.net server
die IP 88.151. ist als Tor-Server in einer unserer DNSBL gelistet und deshalb auf unserem Netzwerk gebannt. Wir setzen seit einiger Zeit Proxy-Scanner ein, um dem hohen Spamaufkommen auf unserem Netzwerk entgegenzuwirken.
at that time i was mirroring the directory
2009-10
Sebastian
that has nothing to do with mirroring the directory.
dandon
so where did they get it from..
Sebastian
your relay is listed in the directory
Imagine you have a phone. Its number is listed in the phonebook
dandon
is there somewhere i can read this?
just this specific fetching and so on.. ?
Sebastian
Whether you also make phonebooks available to others has nothing to do with whether you are listed in the phonebook
dandon
i see
Sebastian
There is nothing you can do about that. Except tell those idiots that they're a bunch of idiots.
dandon
well ok glad i ask
idiots = ?
Sebastian
people who use a dnsbl that is obviously broken
by including Tor relays that aren't exits
dandon
ok. it's what i thought. just wanted to make sure
ok Sebastian. thank you for the time..
are you still in germany? you once mentioned you were a year in america..
you don't have to answer
Sebastian
#nottor or #tor-de. Thanks
monkey_d_luffy
How do I get a onion address for a tor node, when having it's IP and fingerprint?
Sebastian
You're confusing two things
one is relays that make up the Tor network
the other is hidden services, services that any Tor client can run. You cannot get a link between an IP address and a .onion address, even if there really is a hidden service running on that ip.
monkey_d_luffy
oh I see
but what about if I want to use .exit nodes? using alias/nicknames is not very secure is it? surely there are collisions
Sebastian
If a node has the Named flag, the directory authorities guarantee there's no collision. In any case, just use the fingerprint.
(note that .exit notation has security problems. It is disabled by default in recent Tor versions)
monkey_d_luffy
I'm in fact having a problem with that... I just typed the command: SETCONF AllowDotExit=1 and got a "250 OK"
but when I try: www.google.com.0trace.exit in firefox+torbutton (which works fine for normal browsing) it says the error: An external application is needed to handle: ......
what am I doing wrong?
Sebastian
That's exactly where we were yesterday
I suggested you try it from the torrc, but apparently you didn't like that. Tor might have bugs. Or torbutton. or anything else in the chain. We should learn where the problem is.
monkey_d_luffy
Sebastian: yesterday I reached the conclusion that AllowDotExit didn't work on my tor. So today I have just upgraded and was able to issue that command... So progress has been made :)
I'll try that in torrc. My idea for using it as a control option would be that it would be dynamic, thus not enabled by default and only when I really needed that
Sebastian: i just tryed it. I edited torrc and restarted it, but the same problem happens again :(
does it work for you?
Sebastian
no, it doesn't. It doesn't know what an 0trace is.
monkey_d_luffy
Sebastian: I'm using this to check the alias/nicknames of the tor relays: http://torstatus.kgprog.com/ It "supposedly" exists and is real
Sebastian
when I go to http://www.google.com.blutmagie.exit/, all works as expected.
monkey_d_luffy
Sebastian: it works -_- now why the hell didn't the one I said work O_o how did you know that one would work?
Sebastian
I told you before that the one you're using might be down or having problems. I'm a little sad to see you didn't try another one.
I also didn't know blutmagie would work, I just tried it randomly.
monkey_d_luffy
sorry, I didn't remember about trying another one now. I did it the last time (before I realized that my tor version didn't even AllowDotExit). But since I've seen that site and it showed to be working... I assumed (incorrectly) ...
thanks for all the help Sebastian
jn
data`: Where is this mail rejected?
Reaper_man
anyone familiar with torbutton
it managed to sh*t itself in FF 3.7a4 and now whatever sites I had open at that time has javascript disabled
hunh... it seems as though making a new tab fixes said issue
derp
dandon
anyone here?
Runa
dandon: yep
dandon
it was brought up once already when i was here
flash and tor
on linux for example the best option?
sandbox?
oh ok.. i just looked up my logs and i didn't see this the first time
[2010-04-13 21:03:40] <danieldg> I'm not sure if flash uses a proxy for anything; I know it doesn't for videos
dr|z3d: ?
nsa
or: [ernie/master] 2010-04-28 11:37:02 Karsten Loesing <karsten.loesing@gmx.net>: Log number of requested descriptors by directory.
dandon
do you have to set pipelining in fx in order for it to be valid even if polipo is running?
dr|z3d
dandon: No.
Quite the opposite. Leave pipelining in Firefox off.
dandon
network.http.pipelining;false
network.http.proxy.pipelining;true
|^| false
set both to false?
dr|z3d
polipo does conditional pipelining, ie it actually verifies that the server supports pipelining before it attempts it; Firefox doesn't, it's blind to the server's capabilities.
Both false.
phobos
odd, i have mine set to true
and it works fine
firefox pipelines to polipo
dandon
where's this written down? somewhere in svn.torpj.org
phobos
polipo does whatever it wants to the actual server
probably on the wiki somewhere
but i don't think anyone has done any real research/testing into which config is better, for some definition of better
dandon
hm yeah but i imagine you need to set this in fx in order for fx to pick it up.. ?
or maybe polipo just dumps everything into fx
phobos
the connections go from firefox <--> polipo <--> webserver
so firefox isn't going to influence how polipo talks to the actual webserver
dandon
i know.what did you make say that?
dr|z3d
Firefox can break webservers with pipelining on true.
phobos
more power to firefox as a DoS tool then, eh? ;)
dr|z3d
That it hasn't for you phobos doesn't mean it can.. perhaps polipo overrides Fx's settings..
dandon
no it doesn't
i just tried a fresh profile.. well the torbutton
dr|z3d
Overrides in the sense that Firefox settings are ignored because polipo takes over control of pipelining.. that's most likely.
phobos
from the 3rd party perspective, the browser shouldn't be able to break a webserver
dandon
yes that is what i meant with || 10-04-28 | 13:48:35<dandon>or maybe polipo just dumps everything into fx
old wiki only mentions pipelining once..
phobos
2
dandon
https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ ?
phobos
it's a fine little project for someone to tackle
dr|z3d
phobos: Lots of stuff shouldn't be able to happen, but does.. FasterFox used to be great at tweaking Firefox to break all manner of server-side stuff :)
dandon
why tackle. why isn't this written down somehwere?
nsa
or: phobos committed revision 22249 (/website/trunk/include): osx i386 expert pkg for 0.2.2.13-alpha available.
phobos
dandon: because no one has taken the time to go through every last config option in firefox and test it against every config option in polipo
nor done any statistically valid testing of performance changes for each config option
dandon
this is a fact? [2010-04-13 21:03:40] <danieldg> I'm not sure if flash uses a proxy for anything; I know it doesn't for videos
dr|z3d
Flash mostly disregards proxy settings.
You need to "wrap" your browser in order to prevent it leaking.
dandon
sandbox?
dr|z3d
No, not a sandbox. Something like sockscap or equivalent.
user123456789
hi there, I'm doing some Tor testing having created a network of six or seven relays, but when setting up a hidden service the error "Publishing server descriptor to directory authorities of type "Hidden service", but no authorities of that type listed!"
I've connected to the control port and done a "GET INFO ns/all" and the directory authority specified in the torrc where the hidden service is running is listed as "Authority Fast HSDir Running V2Dir Valid"
can anyone see anything missing that might explain the error message?
OFFShare
user123456789: look at the source: directory.c - directory_post_to_dirservers(..). no Dirservers ??
user123456789
but my browsing through this tor network works fine, so there must be a DirServer contactable right?
nsa
or: [Tor Bug Tracker] #863 was updated: #863: Relay crashes OSX 10.3.9 - http://trac.torproject.org/projects/tor/ticket/863#comment:32
or: Old description:
or: > Tor v0.2.0.31 (r16744). Mac OSX10.3.9 500Mhz 640Mb Libevent 1.4.7 ORPort
or: > 9001[...]
OFFShare
right, and a hidden service Authority ??
i pick this questions by reading the source code..
phobos
hs auths are picked automatically by relays with hsdir flag
user123456789: which tor version?
OFFShare
the code says so in the error-msg...
« prev 1 2 3 next »