logs archiveIRC Archive / Oftc / #tor / 2010 / May / 5 / 1
Travis-42
since upgrading to a new version of tor/vidalia I've been getting this new warning in my message log "Couldn't rename configuration file "/etc/tor/torrc" to "/etc/tor/torrc.orig.1": Permission denied" -- any ideas why this might be happening?
ln5
one of my relays is pushing its normal 9 Mbps with only 1444 tcp connections. the number of connections is usually about 5-7 times that figure. wonder why.
karsten
hmm, maybe those clients don't go to moria1's or gabelmoo's new dir port to ask for the certificates.
weasel: can i give you a certificate that you append to tor26's cached-certs?
weasel
yes. send mail
karsten
sent
weasel: once you restart your tor, this certificate should replace the current certificate that expired today.
weasel: at least this happens on gabelmoo.
erm, happened*
weasel: also, you're recommending 0.2.1.26 for clients, but not for servers.
ISS|Steed
hi
_fabi
hi
ISS|Steed
how can i disable the tor lock file?
weasel
karsten: thanks, fixed next time it reloads
         

karsten
weasel: are you sure a reload is enough?
weasel
for the recommended thing?
yes.
karsten
ah, yes. i meant for the cached-certs thing.
weasel
didn't do that yet :)
karsten
ok
Sebastian
hah. evil legacy signing.
karsten
indeed.
keb
ISS|Steed the lock file can be deleted when tor is not running
ISS|Steed
and if i want to run tor multiple times?
keb
in the torrc you can specify a different data directory
ISS|Steed
ok, so it will be created in the data dir?
Sebastian
yes
if "it" is the lock file
ISS|Steed
yes, thanks
BarkerJr
what's wrong with .25?
Sebastian
BarkerJr: What do you mean?
keb
probably 0.2.1.25
BarkerJr
hmm
Sebastian
keb: yeah I got that part
but I wonder why anything is wrong ;)
BarkerJr
cause it's getting recomended before it gets announced... that usually means a security fix :)
plus there's no changelog available
keb
apparently its possible to do a diff on the source to find out
         

Sebastian
BarkerJr: nah, we've just changed our policy I think
we used to not talk about new versions until there are packages for everything
now we make packages, and when we have a few, we announce them
but we update the authorities asap, so people don't get a "you're running a version that isn't recommended, omg" warning
BarkerJr: changelog should be available
keb
in the tarball
Sebastian
hah
except I'm lying
bad bad arma
BarkerJr
it should be here, too: http://gitweb.torproject.org/tor.git?a=blob_plain;hb=maint-0.2.1;f=ReleaseNotes
Sebastian
I just noticed that.
looks like arma forgot that.
BarkerJr
:P
Sebastian
ah
no
we need to update the link
hah
keb
not using git anymore?
Sebastian
hah
we need to update the link AND Roger forgot to add the stuff.
way to go.
there
part one is done
nsa
or: sebastian committed revision 22286 (/website/trunk/include): We changed the release branch from maint to release.
BarkerJr
so why would my relay keep flickering between guard and not?
is there some bug in the authorities so they keep changing their minds?
Manny
slight instabilty?
Sebastian
BarkerJr: yeah
unfortunately there is
the criteria aren't as robust as they should be
Manny
but bugs in tor are impossible
BarkerJr
ping: sendmsg: No buffer space available
is tor doing that?
keb
what log was that in
BarkerJr
crond
keb
do you have a heartbeat program running
BarkerJr
yep
MoiraA
hi
can I ask why my account has been "suspended" when I go to show someone my photo on the wiki page modelling a torshirt?
keb
the whole wiki moved to a new trac based system
probably the accounts have not all been reactivated
MoiraA
will this happen automatically? It makes it look like I did something illegal
keb
did you?
j/k
not sure whois in charge of that
BarkerJr
maybe the server just can't handle three relays :/
keb
did you up the ulimit and stuff
BarkerJr
yeah, I don't think this is related to ulimit
TCP: Treason uncloaked! Peer <ip>:49581/21 shrinks window 1326075360:1326078160. Repaired.
that's an odd error in dmesg
keb
i get lots of those
even without To
r
BarkerJr
ok
maybe I just need a reboot
keb
is it still out of buffers
phobos
generally tcp treason messages are tcp stack overload, or network module losing track of buffers
BarkerJr
maybe I just can't shove more than 40mbit through one virtual machine
keb
nice
fp
I have some ideas for a secure Tor system. Can I bounce them off this channel, to see if there's anything obvious I've missed in my setup?
Runa
fp: sure, you can also send an email to or-talk :)
fp: I think you'll get more feedback with an email, since most people are still sleeping
fp
probably. I don't have any anonymous way to post to or-talk, and not sure if I want to get my name known as someone into security a hole lot just past a look
Runa
ok :)
nsa
or: [tor/master] 2010-05-05 07:12:26 Roger Dingledine <arma@torproject.org>: put the blurb in 0.2.2.13-alpha
or: [tor/master] 2010-05-05 07:12:33 Roger Dingledine <arma@torproject.org>: bump to 0.2.2.13-alpha-dev
fp
in a nutshell, 2 vm's. One router that routes everything through tor, the other is a host that only knows about the router
That seems to be similar to what TorVM does, but with another vm for the apps and not the host
nsa
or: [tor/maint-0.2.1] 2010-05-05 07:19:41 Roger Dingledine <arma@torproject.org>: release notes entry for 0.2.1.26
or: [tor/release-0.2.1] 2010-05-05 07:20:55 Roger Dingledine <arma@torproject.org>: Merge branch 'maint-0.2.1' into release-0.2.1
or: [tor/release-0.2.1] 2010-05-05 07:19:41 Roger Dingledine <arma@torproject.org>: release notes entry for 0.2.1.26
or: [tor/master] 2010-05-05 07:23:25 Roger Dingledine <arma@torproject.org>: Merge branch 'maint-0.2.1'
or: [tor/master] 2010-05-05 07:19:41 Roger Dingledine <arma@torproject.org>: release notes entry for 0.2.1.26
fp
I noticed that you were pulling in the socket and ssl modules, at least in RC1, so I thought I would check
But they very well could be required by something else, or just pulled in as extras just in case
oops
nsa
or: [ernie/master] 2010-05-05 08:31:03 Karsten Loesing <karsten.loesing@gmx.net>: Sanitized bridge descriptors for April 2010 are available.
karsten
anyone seeing messages like these in their logs? "We're missing a certificate from authority" or "No current certificate known for authority"
intrigeri
no such log with 0.2.1.26-1~squeeze+1
kc_sebastian
have we ever seen it with a recent version?
karsten
unsure. i think only 0.2.0.x.
thanks, intrigeri. if it shows up, do tell!
kc_sebastian
A theory might be that only those clients that want to accept legacy sigs ask for those descriptors
compiling stuff here
and trying it out
karsten
kc_sebastian: i think so, yes. i tried with my own 0.2.0.35 client. but never hurts to confirm from what other people see.
kc_sebastian
hrm
intrigeri
karsten: I'm running "tail -f /var/log/tor/log | grep authority" on two boxes.
karsten
intrigeri: sounds good.
kc_sebastian
somehow my Tor doesn't find a linkable libevent, even though I gave it one with --with-libevent-dir
wtf
so much for my testing. Will get back to you with tests once I have my own machine back ;)
bary
wtf!
BarkerJr
karsten: is that a directory mirror?
karsten
"that"?
kc_sebastian
ah, here we go. "--prefix ~/levent" and "--prefix=~/levent" mean different things ;)
BarkerJr
the authority warnings
kc_sebastian
BarkerJr, they can happen on clients
BarkerJr
hmm
kc_sebastian
karsten, I'm not getting any warnings on master, and not getting any warnings on 0.2.0.35 (from git, so without weasel's debian patches).
Looks like your hack works.
hah
I spoke to soon
May 05 12:50:53.714 [notice] We're missing a certificate from authority with signing key F7C7B9191C74C0BA07363C84D37BBAD3A8A6C6D8: launching request.
repeated every 30 seconds.
karsten ^^^^^^^^^^
karsten
gah
kc_sebastian
When I run it multiple times, i get always get the message at least once. Then after a certain number of tries, it succeeds. So I think you're right in assuming that at some point, an authority that knows about it is asked.
erm, kill one of the "get"s.
karsten
urras and dizum don't have it yet.
kc_sebastian
(Action) never liked legacy signing ;p
only those two?
I choose them often, then.
karsten
and dannenberg times out.
kc_sebastian
ah
that's 3 out of 7, looks about right
karsten
and tor26 only answers a few times before it stops talking to you.
kc_sebastian
ah right, I use the same ip with all those clients.
karsten
let's see when dizum adds the new cert. if it doesn't do that in the next few hours, i'll mail alex and ask him to add it manually.
kc_sebastian
So rather unsurprising behaviour.
karsten
yup. great!
so, how's the load on relays that are not running one of the most recent 0.2.2.x or 0.2.1.x?
kc_sebastian
why would the load on relays be higher because of this?
Clients only ask authorities
or do they also ask dir mirrors?
If they also ask dir mirrors, my 3/7 figure and all that discussion was totally wrong.
karsten
hmmm
you're right.
ok, never mind that about mirrors.
BarkerJr
maybe that would explain why mirrors see it more
karsten
no mirrors involved, i think.
and i was so sure...
ok, i'll make a new attempt to rescue the tor network tomorrow.
SwissTorExit
(Action) great's the chan
kc_sebastian
karsten, hah, good luck.
back to Uni stuff for me ;)
nsa
or: pootle committed revision 22287 (/translation/trunk/projects/website/ru/torbutton): Commit from The Tor Translation Portal by user vitolink. 53 of 53 messages translated (0 fuzzy).
mr0t
Hi, I'm having a hard time finding any information on using tor to be able to, for instance, connect to a telnet server from two separate ips, is this even possible? and if so, is there documentation explaining how?
I guess just being able to open a single connection would be a start. I'm eventually hoping to offer relay to anyone who wants to login to a telnet server on multiple ips, or an anonymous ip, but gotta start simple. :) any help would be much appreciated
bary
what?
mr0t
I want to use Tor to telnet from a proxy IP
not because i'm ipbanned from the server, but because my sister and i play the same MUD and we're always fighting for time, even though we have two different comps, apparently the server's ip detector doesn't look at the last part of the ip address if the rest is the same, or something
I downloaded the Vidalia panel and whatnot, at the very least I guess I could use a browser-based telnet app, but it specifically says it won't work with any of that because it may give away your ip, and all the documentation I've found lacks any reference to telnet
StrangeCharm
mr0t, sounds like tor is way overkill for your needs
mr0t
Perhaps, but I tried various searches, 'ip proxy program' 'telnet by proxy ip', and variations, and nothing came up, so I asked the l33test person I know and she said Tor like I should have known already
if there's some other way you know of, I'd be grateful to hear it
if it matters, i use windows xp
bary
you don't have a way to proxify a telnet app?
William_Conqueror
hi to all, is the next normal? I have a vds-server with 2 ip-adresses. I set one of them in /etc/torrc for the tor-node. But when I see netstat there are many outgoing connections from my server to any Internet resourses from the other ip-address. All connections with other tor-nodes are established from ip-address pointed in torrc. It seems that all connections in the Tor net are established through ip pointed in torrc but outgoing
(from the Tor net) connection are established also through another ip-address of the same server.
bary
http would be pretty easy
Sebastian_
William_Conqueror: you probably forgot to set the outboundbindaddress config option
bary
you just telnet to http port 80 and type CONNECT hostname:port HTTP/0.9
William_Conqueror
Sebastian_, thanks
bary
the problem with proxies including tor is that other people may be using time for moo too
hehe
William_Conqueror
The IP address or full DNS name for your relay. Leave commented out
## and Tor will guess.
- when I set my address
Oh, I need set it in OutboundBindAddress concirning the Tor man. I'm sorry, thanks
nsa
or: kloesing committed revision 22288 (/projects/archives/trunk/exonerator): Fix two edge cases found when writing the ExoneraTor web version.
mr0t
bary: i actually tried http proxy, but it doesn't hide ip, apparently
« prev 1 2 next »