logs archiveIRC Archive / Oftc / #tor / 2015 / October / 23 / 1
meejah
sine0: I filed https://github.com/micahflee/torbrowser-launcher/issues/199 please comment there if you can add detail
sine0
thanks ive been too busy, just got back
instagibbs
Android 6 has deprecated a mandatory chipher for Tor. Any known workarounds for this kind of thing?
arma
instagibbs: which cipher?
also, is android 6 super-old?
qwerty1
6 is the newest
the android tor library is probably pretty old
torQUES1
Tor 0.2.7.4-rc halted with the log message: "(Sandbox) Caught a bad syscall attempt (syscall time)" - sandbox.c -> __NR_time not defined. (Debian Linux 3.16.0-4-amd64)
qwerty1
0.2.2.x old
or maybe even older
s/android/java/
arma
torques1: do you get a backtrace to tell you where the syscall happened? if so, trac ticket time :)
qwerty1
might be using the v1 handshake
         

torQUES1
all details here: https://trac.torproject.org/projects/tor/ticket/17391
debug log: http://paste.ubuntu.com/12892295/
there are many unistd.h with different values for __NR_time - I am a noob with linux
pabs
are hidden service nodes also relay nodes?
mrphs
no
hidden (onion) services are not a relay.
and it's not a good idea to run an onion service on a realy
pabs
thanks for confirming. do you have a link about the reasons for that?
reasons why it isn't a good idea I mean
mrphs
https://www.torproject.org/docs/tor-hidden-service.html.en
"It is generally a better idea to host hidden services on a Tor client rather than a Tor relay, since relay uptime and other properties are publicly visible."
pabs
makes sense, thanks
ryonaloli_
how likely is getting abuse complaints with a slow-ish exit (a few MiB/s) within a one month period?
i got some which shut down my vps within a week or two, so i'm wondering if i should bring it back up as an exit if that were just bad luck, or just turn it into a middle node
marcusw
depends on exit policy
ryonaloli_
i was just using the default (full) exit policy
however i think the abuses came over port 80...
marcusw
I'd block the things that triggered complaints even though that sucks :/
oh
that's problematic...
ryonaloli_
yeah
iirc, i can't get the exit flag by blocking 80
i'm sure very few honeypots use port 443, and i'd be fine morally with using only 443, but i don't know if it's possible
marcusw
well that's kinda sh*tty
but the network probably does that for security
to avoid people doing sybil attacks on specific ports? idk...
ryonaloli_
i could probably configure snort to block this kind of thing though
simply block a single session that tries more than 5 logins with common dictionary words
marcusw
;_;
so this is how liberty dies
ryonaloli_
well yeah, i don't want to risk collateral
marcusw
probably turn it into a middle then
ryonaloli_
but if the vast majority of abuses are trying to log into wordpress blogs...
then how bad would it really be to deny the nth attempt of logging into a bunch of random wordpress blogs with dictionary words?
cuz i do have two relays in an area where network diversity is needed, and they're *both* unmetered 100mbit so i really want to put them to use ._.
even worse, for some reason i can't send mail to the tor-relays mailing list...
well they'll have to be middles for a while anyway, gotta read up on snort docs
so i have until then to figure out what to do
marcusw
exotic middle nodes are excellent, too! they strengthen hidden services a lot
ryonaloli_
not nearly as useful as exits though
marcusw
maybe make only one of them an exit?
so even if it gets killed, the other can still relay
         

ryonaloli_
that's what i'm thinking of doing, but i don't want it to be lost in a week
so i need to find some way to minimize the abuse
JesseW
Could someone check if http://firsttechfed.com/ is still blocking non-exit relays (with a TCP timeout)?
ryonaloli_
* About to connect() to firsttechfed.com port 80 (#0)
* Trying 65.174.253.170...
qwerty1
n.b. if you are using tor 0.2.7.3-rc, 0.2.7.4-rc, or 0.2.8, be sure to set 'HiddenServiceStatistics 0' in your relay's torrc.
GeKo
fwiw this is not the advice from the Tor project
qwerty1
depends what you mean by that
https://trac.torproject.org/projects/tor/ticket/15254
it actually is advice from the tor project anyways
add 'HiddenServiceStatistics 0' to your torrc if it isn't already there.
it's unsafe not to
GeKo
the feature is enabled by default in the code we ship, this disabling that is clearly not the advice we give
qwerty1
see the ticket
GeKo
otherwise it wouldn't be on by default
qwerty1
DARPA required it as a deliverable
GeKo
s/this/thus
qwerty1
it is on due to money coming first
and security second
very sad business
and yes, this is advice from the tor project to turn it off.
(same advice as always)
DARPA actually pays some developers on condition that they do not work on anonymity or improvements, only on their roadmap
tacky
why can't darpa just enable it for their stuff so it can default to sanity?
rendo
hi
x5f
according to Tor's man pages, DirServer commmand must be provided with a fingerprint. Is this a custom chosen fingerprint ?
pim
hi there
how can i configure pidgin to not use tor?
the server does not allow tor nodes
the server where i want to go*
thank you
whitanne_
what if an application doesn't use connect() for internet communication? would torsocks still torify it?
« prev next »