logs archiveIRC Archive / Oftc / #tor / 2010 / June / 17 / 1
gamambel
heh
node's been up for a few days now, first three abuse complaints
three torrents on the watchlist of mediasentry
Sebastian
how... unsurprising
what is your exit policy currently?
gamambel
http://torstatus.all.de/router_detail.php?FP=2f265b37920bdfe474bf795739978eefa4427510
Sebastian
ah, default policy. good.
gamambel
not quite default, but yes, mostly unrestricted
but we're already thinking about limiting it to well-known popular ports
we will probably run some instances with that policy, and some others with a more restricted policy in another virtual machine
so we can shut down the respective machine immediately when chaos ensues
Sebastian
curious choice
atagar
I'd be cuirous to know how that hosting provider responds to the abuse compliants
Sebastian
why is 465 blocked
gamambel
good question
i stole the policy from blutmagie because olaf should have the best experience
         

Sebastian
hm
misc
smtps
Sebastian
that's not a good answer
misc
likely spam related ?
Sebastian
same for port 587
gamambel: It'd probably be quite wise to either make up your own mind about the ports, or ask Olaf why he chose them and then make up your own mind :)
gamambel
yes
but that's a temporary setup after all
we're currently playing with different setups to see how we can reach 39mb/s with good resource consumption
Sebastian
sure. Those last the longest, see our mighty Grundgesetz ;)
gamambel
hehe true
still, i don't have a problem filtering too much if it means my ISP doesn't kick me
Sebastian
Right; it's a question of convenience. The hope is that enough people are willing to take the pain
gamambel
even if it was only allowing 80 and 443, most rightful users will benefit
Sebastian
rightful users?
You seem to judge a lot
gamambel
yes
i do
so?
Sebastian
Nothing; just one more reason why I would never invest in torservers.net
gamambel
i'm just the admin
i don't make decisions
all current sponsors told me they would rather go for a very limited node policy than having it shut down
it's really not my decision to make
Sebastian
ok
It's unfortunate to see these chilling effects; though.
gamambel
that depends
it's better to have a door to the net than having no door at all
i rarely use tor myself, why would i
and if politics decide to ban tor, i will do my best to stop them
but if a large ISP decides it's too much hassle i need to respect that
Sebastian
I disagree. Having a "guarded" door to the internet; allowing only carefully whitelisted "safe" things to happen, "protecting" the innocent - that is censorship.
gamambel
and like i said, olaf must have good reasons for his policy
i agree
Sebastian
I am sure he does
gamambel
so why do you respect his policy, but not ours?
         

Sebastian
If he were on IRC I would ask his reasons just as I am asking you for your own reasons
gamambel
after all you can step in and fund a node with me for the banned ports :P
Sebastian
I have no money to spare; unfortunately. If I did, it'd be running more nodes than I currently am.
in any case, I'm surprised you see no need to use Tor yourself
gamambel
yeah that might look odd
but if i lose my rights in our so-called free country, i am better on the streets than trying to cirumvent their decisions
i still don't see why you would "never" invest in what i do
i don't see you as a customer anyway, because you're technically skilled and willing enough to operate your own nodes
i think our policy is helping more than yours, no offense
but of course i'd rather see hundred smaller nodes than our large one
misc
well, personnaly, i think I should let the bandwidth for people who need it more than me
gamambel
dito
Sebastian
I highly respect your motives. I am not sure what kind of "policy" you speak of, because you just said that whoever gives the money makes the policy. And I don't know what my own policy would be.
misc
otoh, using tor also enhance anonimity for others
gamambel
Sebastian, what i don't understand is the subversive hostility some of you seem to have towards what looks like a good thing to me
Sebastian: you're nodes policy
Sebastian
What are my nodes' policies?
gamambel
don't nail me that way, but i looked at fluxe3/sebastianhahn.net
Sebastian
Having any entity control a large number of nodes is problematic, imo.
gamambel
because i had your name connected to that last name, i'm sorry if i was mistaken
yes, it is, i agree
but it's just one node after all (by its family), and it's a matter of economics too
if olaf's node is responsible for 25% of all exit traffic, that hurts more than a second large node
because if i was spying on anything, it would be olaf's node
Sebastian
fluxe3's policy is pretty locked down because I am actively helping to develop tor a little. I don't want anyone accusing me of eavesdropping on traffic. Before I became an active volunteer, I ran default policy
gamambel
plus you probably think "now who's this guy suddenly appearing", but that's just because i wasn't active with my name associated before
are you on PETS?
atagar
Sebastian: Hu? Don't follow that reasoning... why would people accuse you of spying on traffic?
Sebastian
I don't care whether you suddenly appeared or not
It doesn't make a difference
atagar: I only allow ports that are usually associated with encrypted traffic
gamambel
i find it a bit awkward to confront me with this open dislike though
atagar
I mean the part of 'volunteering for tor = can't run the default exit policy any more' reasoning
Sebastian
open dislike?
arma
atagar: long ago, eff recommended to tor developers that we focus on one type of vague legal liability. either run an exit relay or write software that gives freedom to other people. doing both at once just muddies things.
atagar: it's not clear how well that advice maps to volunteers. probably not as well. but who knows.
gamambel
"You seem to judge a lot (...) Nothing; just one more reason why I would never invest in torservers.net"
Sebastian
gamambel: The notion of a rightful use of Tor is disgusting to me
gamambel
yes, and that's your right, i tolerate that
Sebastian
If I chat over IM, is that not a rightful use? If I watch youtube; is that bad?
arma
if you download a movie, is that bad? :)
gamambel
but "just one more reason" is, and that you don't seem to respect my opinion
atagar
arma: how does that result in an encrypted-traffic-only exit policy?
gamambel
if i trade child porn for money
if i sell weapons
arma
atagar: i dunno.
just trying to answer what questions i can :)
atagar
gotcha, thx
Sebastian
arma: I download movies all the time. That doesn't mean I'm doing anything illegal. It is also very possible that I am doing something illegal while chatting on IM
gamambel
Sebastian: with your argument you again show that there's more behind your argumentation. because obviously i didn't mean to say watching youtube or chatting was not "rightful"
i was taking about obviously abusing tor for something that it isn't, in my personal opinion
arma
sebastian: didn't say it was illegal. was mostly focusing on the network congestion question there.
but i agree, the answer is a technical answer, of "handle network congestion better"
Sebastian
arma: right. I fully believe that people who push more bytes should get slower service
arma
(Action) gets back to thinking about his technical answers
Sebastian
that doesn't interfere with my other points at all though
dr|z3d
Since Tor's a distrubuted network, I personally don't see an issue with any individual node operating a restrictive exit policy. The network itself is built to function that way. Any bandwidth is better than none, and it's up to the individual node operator to determine what he wishes to offer.
gamambel
and that's what all of us agree on i think
Sebastian
sure, that is entirely obvious
dr|z3d
Sebastian: No need for overt hostility; better to explain disappoassionately your views, otherwise you risk alienating volunteers.
Sebastian
it doesn't mean that one can't/shouldn't question the choices of other operators. After all, this is built on trust
gamambel
yes, and i told you why i made the decision to close that port
Sebastian
No, that in fact you didn't do. You said that Olaf closed it
gamambel
to come back to the source of the discussion: i was just wondering where that hostility comes from, by some of you
and from the list, i - and again, let me judge and state my personal opinion - think that some still have that teenager attitude of condemning everything slightly 'commercial'
atagar
Hu? Others?
Sebastian
commercial? Tor has mostly paid staff
gamambel
atagar: on the list, not here
sorry, i think this conversation is completely going in the wrong direction
atagar
I lost the thread a *long* time ago :P
gamambel
it's partly because i'm not a native speaker, sorry, i probably said things i didn't mean that way
we're all one happy family :]
i still don't see why you don't want to respect that i see "rightful" vs. "not rightful" use of tor
as a personal, not as a professional ("data")
*person
Sebastian
Oh, you are entitled to your own views obviously. But I strongly disagree and will continue to challenge them
gamambel
i wish we could all sit at one table drinking some beers over how to make the world a better place together instead of nutpicking about words
misc
that wouldn't change much, except the alcohol in our blood
Sebastian
For me, this has nothing to do with nitpicking. It is fundamental in why I support Tor
atagar
gamambel: Just a point in terms of terminology, most everything you said was perfect english but I'd avoid using the term "rightful"... it tends to have a judgmental connotation.
Sebastian
Tor is infrastructure. Is there a way to use a street in an unrightful way?
gamambel
atagar: yeah it's not about the words, it's also about the meaning conveyed by its context :D
yes
depending on the country, illegal use of a street would be to cross on red lights
or go in the wrong direction
bad example :P
Sebastian
very bad example, because what is illegal has nothing to do with what is rightful
gamambel
misc: it would change because then it wouldn't be only words, but looks and gestures
yes
exactly
that's why i say rightful, because that's for me to decide for me
and i think i am very, very tolerant towards what other people do or think
more than most other people i know
Sebastian
So if I had a technology that allowed me to prevent actions that I consider not rightful, would that be a good thing? In my world, that's a terrible thing. Others with their lunatic definitions might use it on me
atagar
historically, they always do :(
Sebastian
If I had such a technology, would I use it? Probably; yes. To prevent "the really bad stuff"
phobos
see rfc3514, i think
aka, "the evil bit"
atagar
heh... it's brilliant!
gamambel
Sebastian: no
it's a difference if i have my opinion, or if i put that opinion above other people's opinion
i get a lot of attempts to "open a stream from unknown relay" by the way
atagar
probably people trying to use you as a one hop proxy?
gamambel
yes, but i didn't think it would be that many
because we had that discussion on the list and it was the opinion that there weren't that many
atagar
could also be bots making use of tortunnel
gamambel
probably bots, judging from the hit rate
i don't like to make the decision for people not to use tor as a one-hop proxy, i don't think it really hurts the network, but still it might be better to filter them exactly because of that reason
atagar
it's the same as exit policy decisions - exit operators can opt to make themselves usable as one-hop proxies if they'd like (it's just not the default)
Sebastian
It's a bit different, though
gamambel
hehe hi Sebastian ;)
Sebastian
I never go away, no worries
gamambel
i'm still thinking it might be helpful information to exit node operators to know about the setting, and to know about how many people are actually using it
atagar
Sebastian: isn't it still a torrc option, or was that just while it was an experimental feature?
gamambel
i have ~2000 attempts logged within a few hours
Sebastian
If a lot of people use Tor for one-hop proxying, it becomes quite worthwhile to go after exit node operators, further decreasing the number of exits
gamambel
by default it is unset, and not mentioned in the default torrc
Sebastian
the notice log is an experimental feature
gamambel
yes that's what i mean
Sebastian
We will change it before we do a stable release
atagar: It can remain a torrc option, too
atagar
Sebastian: what about giving relays with that option set a special flag to differentiate the one-hop-permissable relays from the rest (this would help address the issue you mentioned)
(it would also make the users of one-hop proxies happy since things like tortunnel could skip the rest of the tor network and just use them)
gamambel
good idea
Sebastian
atagar: see the "opt allow-single-hop-exits" line in 8AC5 4C60 F747 C84E 7A2D 5A66 A07B 6D1E 152A 0DC7's descriptor.
gamambel
:-)
Sebastian
from the spec:
"allow-single-hop-exits" NL
[At most once.]
Present only if the router allows single-hop circuits to make exit
connections. Most Tor servers do not support this: this is
included for specialized controllers designed to support perspective
access and such.
The reason it was implemented is goodell's blossom, iirc
atagar
Blossom makes use of one-hop proxies? I thought it was a dead project.
Sebastian
it is pretty dead alright, but what does that have to do with its design? :)
phobos
blossom was a one hop research network
the goal being to see the internet from different perspectives
atagar
Sebastian: if it's dead then it won't be making use of a new addition to the spec
Sebastian
atagar: ah, but who said this was a new addition? :)
atagar
Sebastian: doesn't it concern the new torrc option to prevent non-relays from attaching?
Sebastian
well, we have commit e147e867 that would add the AllowSingleHopExits torrc option in late 2008; which also introduced the spec change.
and then we have commit 110835 that would allow people to set the RefuseUnknownExits option as an experimental feature
This option is set up in a way so that we will be able to turn it on by default with a consensus switch
Unless you turned it off in your torrc
atagar
Hm. So the RefuseUnknownExits will go away and be the default, then the AllowSingleHopExits can be used to disable this feature?
Sebastian
or set the AllowSingleHopExits option.
atagar
gotcha
« prev 1 2 3 next »