logs archiveIRC Archive / Oftc / #tor / 2010 / May / 10 / 1
nsa
or: [Tor Bug Tracker] #1389 filed by anonymous: #1389: no loading relay discriptors from root servers moria1, tor26, ides... - http://trac.torproject.org/projects/tor/ticket/1389
or: torrc file:
or: ---------------------
or: StrictEntryNodes 1
or: EntryNodes moria1,ides
or: HashedControlPassword XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX[...]
or: phobos committed revision 22306 (/projects/presentations): add a new presentation on technical solutions to internet surveillance
or: and censorship.
or: phobos committed revision 22307 (/projects/presentations): update the presentation, rename it to be more accurate to the topic
krit
strict exit nodes doesn't work
any tips ?
phobos
it's an open bug
krit
ok
used to work before
isn't it ?
phobos
or, what problem do you encounter?
krit
i put strictexitnodes 1
and select exitnode abcd
it doesn't go through abcd
phobos
https://trac.torproject.org/projects/tor/ticket/1090
krit
sometimes seem to work, but with other open circuits (though not used), but many times simply doesn't honor it
ok i saw that link
but this thin used to work with older tor versoins ?
phobos
it's probably been broken for a while
         

krit
that link talks about excludeexit nodes
but i guess they are related
problems
phobos
there are internal circuits where it is safe to use nodes regardless of what the user wants
because they don't exit tor
and maybe that strict exit is not the path to the hidden service the user asked for
the debate is whether tor should say 1) ignoring your config becaues this is X type of circuit, or 2) you said never use this node, never using this node and denying access to X
nsa
or: phobos committed revision 22308 (/website/trunk/en): update the links to hidden services so they point to the overivew and
or: not the docs on how to configure one.
JC_Yang
my tor cache is still valid but i can't establish connection right now, some nodes in the cache might be block or offline. Is there any method to accelerate the connection rate by increased the frequency of "try another node"?
yafrank
Hi,
My tor-0.2.1.26-1~lucid+1 stops working this morning with the bridges got from Gmail,
Does anyone here has a working one? Thanks!
dr|z3d
JC_Yang: There is. MaxCircuitDirtiness is the directive you'll want to add to your torrc.
JC_Yang: This directive determines the maximum time a given circuit can be used for. Default is 10 minutes, or 600 seconds. (values in seconds).
Set that value too low and you'll place excess strain on the network, so use with care.
JC_Yang
thanks. my tor has re-established connection now. I'll try it next time it can't establish connection. Reset this value to default after connection ON might be a good idea, right?
dr|z3d
Depends.. if you want identity cycling that's quicker than the default 10 minutes, you could leave your tweaks as is.
That said, there may be a better directive. One moment.
JC_Yang
I don't intend to stress the network, I'll use it carefully
dr|z3d
CircuitBuildTimeout you might also look at tweaking.. that determines that maximum length of time Tor waits before it gives up attempting to build a circuit. 1 minute is default.
I'm assuming those values are in seconds, so you'd set that to say 30 to speed things up.
As for maxcircuitdirtiness, don't go below say 180 is my advice (3 minutes).
CircuitBuildTimeout I thin is more apt for your usecase, mind.
*think
JC_Yang
thanks, got it
nsa
or: pootle committed revision 22309 (/translation/trunk/projects/website): updated files from pootle
Neeraj
hi
just was busy in exams
Runa
:)
nsa
or: runa committed revision 22310 (/website/trunk): new and updated translations for the website
or: runa committed revision 22311 (/translation/trunk/projects/website): updated files for pootle
or: pootle committed revision 22312 (/translation/trunk/projects/torbutton/nb): Commit from The Tor Translation Portal by user runa. 106 of 106 messages translated (0 fuzzy).
startx
hello
i have a question about permissions when i run a hidden service:
on debian, when i start tor everytime tor changes the permissions of the hiddenservice dir to debian-tor drw-----
which means the webserver cannot read / serve the docs anymore
(e.g. apache as www-data)
i could of course run a webserver as debian-tor, but that would expose my keyfile to the web, too
Sebastian
why should your apache serve the contents of the hiddenservice dir?
It contains your private key, which is supposed to remain private
startx
ah, you mean the hissenservicedir is actually not meant to be the webroot?
Sebastian
The hiddenservice dir has nothing to do with the directories that apache is serving
right
that has nothing to do with it
Tor only wants an ip and a port to forward to
You could forward to applications that don't even have a notion of a webroot
or forward to an entirely different machine
startx
ah ok, then i misread the tutorial, that makes sense
         

Sebastian
Can you show what was misleading?
Maybe we can improve the docs
startx
it was my mistake: it says "You're going to want to change the HiddenServiceDir line, so it points to an actual directory that is readable/writeable by the user that will be running Tor."
i think i read "readablke for your webserver"
Sebastian
ok
startx
however:
it says before:
"Then mkdir hidserv; cd hidserv, and run ../thttpd -p 5222 -h localhost"
which would make hidserv my webdir, no?
if somebody really did that
why would i need to do "cd hidserv"?
i sounded to me like "hidserv" becomes your rootdir
http://www.torproject.org/docs/tor-hidden-service.html.en
Sebastian
there
nsa
or: sebastian committed revision 22313 (/website/trunk/docs/en): Document that webroot and HiddenServiceDir are supposed to be different things better.
Sebastian
The website should be updated as soon as phobos gets around to pushing it.
startx: to answer your questions:
you need to do cd hidserv because that will become your webroot
and thttpd uses the dir you start it from as the webroot by default
startx
yes
but the tutorial implies further down that hidserv/ is used as hiddenServiceDir : "You're going to want to change the HiddenServiceDir line, so it points to an actual directory that is readable/writeable by the user that will be running Tor. The above line should work if you're using the OS X Tor package. On Unix, try "/home/username/hidserv/" "
thats what i found confusing
Sebastian
ah
startx
its clear to me now though
Sebastian
there again
nsa
or: sebastian committed revision 22314 (/website/trunk/docs/en): Make unix doc match windows in that the hsdir is called hidden_service
Sebastian
We should use different directory names now as well as giving the user a warning that they shouldn't use the same dir for webroot and hsdir.
startx
cheers
Sebastian
Good luck with your hs
startx
thx
dr|z3d
startx: If you're also interested in running a hidden service type facility with an easy-to-remember domain and access from the wider net, feel free to /join us in #nottor for more infoz. :)
startx
cheers, will check that out in a bit, im fighting my local privoxy right now ;)
dr|z3d
Right you are!
startx
(Action) just won the fight
in the docs for torbutton it says "Torbutton must disable Javascript, Meta-Refresh tags, and certain CSS behavior" ... is this documented what CSS behaviour is meant here? would be cool to have a guide for website people.
dr|z3d
I imagine css behavior that requests off-site resources.
mikeperry would be the one to ask, mind.
keb
startx http://www.torproject.org/torbutton/design/#adversary look under Adversary Capabilities - Attacks
startx
keb: cheers
ok here comes another hopefully not to dumb question: if i throttle the bandwith of the tor relay where also a hidden service is running, is this effecting the hidden service in the same way? e.g. if i set the bandwith to 20k, does that mean the server only serves 20k too?
Sebastian
See the BandwidthRate vs RelayBandwidthRate options
the first one will limit the hs too, the second one won't
startx
ah ok
nsa
or: phobos committed revision 22315 (/projects/presentations/images): add a fine graphic from future of privacy forum showing where some user
or: data flows.
Lord_Of_Syntax
everything I try to connect to returns a 504 error, how do I fix this (I know a lot about networking, I am just new to Tor)
Nonpython
Tor is running, but it refuses connections.
OFFShare
Nonpython: proxy config wrong ? try to check if you use Tor: https://check.torproject.org:443/
Nonpython
I enabled Tor, and it can not connect at all.
504 Connect to www.giantitp.com:80 failed: Connection refused
The following error occurred while trying to access http://www.giantitp.com/forums/:
504 Connect to www.giantitp.com:80 failed: Connection refused
Generated Mon, 10 May 2010 10:21:07 PDT by Polipo on localhost:8118.
is my error.
same thing but with differnt addresses everywhere.
(I use firefox and torbutton with polipo)
OFFShare
and this one: https://check.torproject.org:443/
"circuit_find_to_cannibalize" why do we cannibalize and extend a 3-hop to a x-hop circ ?
nsa
or: [Tor Bug Tracker] #1136 was updated: #1136: When Tor is offline, it doesn't quite run out of relays, so doesn't realize it's offline - http://trac.torproject.org/projects/tor/ticket/1136#comment:6
or: Changes (by mikeperry):
or: * status: new => assigned
or: * owner: => mikeperry
or: [...]
Sebastian
OFFShare: because sometimes we need a circuit quickly, and extending one we already have will be much quicker than making a new one
OFFShare
Sebastian: THanks for your answer. It makes controlling of node choices very complex, excluding exitnodes and more..
Sebastian
it sure does
The whole circuit build logic needs fixes.
« prev next »