logs archiveIRC Archive / Oftc / #tor / 2015 / November / 5 / 1
toralf
with firefox 42 (stable 64bit Gentoo) I cannot longer choose the time frame (week,month, year) fo the graphs at https://globe.torproject.org - and it tooks awefully long in egenrell do get a page - local or remote problem ?
binaryatrocity
Working just fine for me, but I'm on Firefox 40.0
toralf
well, even https://globe.torproject.org/#/top10 just gives the title here in Hamburg
so network problem
Yst
Is there a decent way to detect Tor use client-side in Web browsers? I tried to make extra hyperlinks visible using CSS loaded from an onion address, but the browser is having an issue with loading files from the other site. Is there another way to set this up so onion links only appear to those that can actually reach them?
I guess, the real goal is this: I want Tor users to see the Tor-accessible links without alerting non-Tor-users to the fact that there is anything missing unless they check the source code.
cacahuatl
Only suggestion I heard was to use a .css attribute only available on the onion that just overlays a whole new page. Only people who can fetch it from the onion will see it. Other than that you're trying to automagically guess who isn't and isn't using tor by fingerprinting.
yano
using js you might be able to check the user agent, but that doesn't seem reliable
and that'd require the person to have js enabled
Yst
cacahuatl: That's what I tried, but the CSS from the onion won't load unless you've already visited the onion website.
cacahuatl
I've not tried it myself and I don't do webdev but something like that is about the only way you'd be able to tell, probably. You may need CORS/CSP exceptions?
Yst
Yeah, the user-agent seems unreliable. I use Iceweasel/Tor and I know someone else that uses Links/Tor. Also, the Links/Tor user doesn't use JavaScript.
         

cacahuatl
with links you pretty much won't be able to do anything like that.
Yst
What is CORS/CSP?
cacahuatl
HTTP security mechanisms.
Yst
\I think Links might ignore CSS, acruallt, so I suppose that one isn't an issue as the <a/> tag doesn't get hidden by the initial CSS.
yano
unless your site is just text, it is nearly impossible to build a site for the average web-browser and Links
Yst
Would those be browser-side exceptions then?
My website has one image on an obscure page plus the icon. Everything else is text.
I have a fallback for the CSS-disabled case, which is pretty much an explanation about why two conflicting messages are being shown on redirect pages, along with nothing being hidden.
But on CSS-enabled browsers, the links are hidden whether the user is using Tor or not.
I'd like to fix that if I could.
cacahuatl
Long story short is you're not going to be able to only serve .onion links to people who can fetch them by knowing if they can or cannot access them before you provide them the links *with any certainty*.
Yst
Drats. Okay, thank you for the advice.
Maybe I'll just remove the links altogether.
Illya
I run: https://globe.torproject.org/#/bridge/DBE82F2DEA86EBBD598A6BE34AF05309F8233A60 and my advertise bandwidth is really low? Is there a way to increase it? I guess I need to use port 80 or 443 to increase the usage
cacahuatl
I don't think it's an especially important metric for a bridge? I'm not sure it's even measured by the auths?
Illya
whats the difference between a bridge and a relay?
cacahuatl
A bridge isn't published, it's used by users who aren't able to connect to (publically listed) guards due to censorship.
well, it's selectively published, either by the user in the case of a private bridge, or through bridgedb, which is the default method of distribution.
Illya
Would I just set BridgeRelay to 0 to not be a bridge then?
cacahuatl
or just remove or comment out the "BridgeRelay 1" line, by default it won't act as a bridge.
Illya
ok, it wont be an exit relay though, right?
cacahuatl
All relays have 'exit policies', if you don't have one defined it'll use the default one
so if you want to restrict your exit policy, you'll want to ensure you configure that too.
Illya
Can tor start as root and then downgrade priveleges to the tor user?
because it's not liking opening port 443 as a non root user
Peng
Yes.
cacahuatl
The tor debian package automatically does this
arma
         

Illya
thanks :)
gamambel
Illya: the "default policy" for a relay is to allow exiting, so if you don't want to do that make sure you have ExitPolicy reject *:*
(not relevant for a bridge, since bridges can only be used as entry points)
arma
or on new enough tors, "exitrelay 0"
Illya
So apparently it's bad to run a relay, and a hidden service in the same instance. Would just running two instances solve this? i.e. one client instance running the hidden service, and the other running the relay (but still on the same server)
gamambel
Illya: so why you want to avoid being a relay and hidden service at the same time is that someone can then correlate downtimes easily, and also theoretically by looking at performance impacts if they ddos relays
it gets slightly better if you run two tors but not completely
say, you reboot the machine, and the relay and the HS go down and come back around the same time
Illya
oh yeah. that's a good point
TheCthulhu1
Is Tor Browser's update server down?
kvm234
it seemed to work ok for me when it went to Help - About Tor browser
arma
why do you ask?
https://dist.torproject.org/torbrowser/5.0.4/ is the directory in question
TheCthulhu1
The last updates for two linux laptops and a Windows desktop updated fine, but my business laptop has been stuck on this screen for about 10 minutes: https://gyazo.com/bfe0eec451d669707b204c23f07d1ba1
arma
interesting that the progress bar appears complete
TheCthulhu1
Yeah, I didn't catch the message but it said something before about a download completing but didn't work or something like that, don't remember the exact wording
Just struck me as unusual
arma
for me, it always fails in poor and surprising ways, because i never have enough disk space
those are bugs in the underlying mozilla updater thoug
h
god help you if you're an ordinary user trying to use firefox with low disk space
TheCthulhu1
600GB on an SSD available. Definitely not that
kvm234
no chance the laptop is overheating?
TheCthulhu1
Nope, nothing unusual, everything else functions well
Except can't seem to connect to dist.torproject.org on it, although I can on this
Peng
arma: I've had the updater get into weird states when it gets OOM killed, too.
cacahuatl
I just update the old fashioned way cause my /tmp is noexec so it never works for me :P
TheCthulhu1
Hmm... can access torproject.org on it, but not dist.torproject.org when connecting through clearnet. Both work on Tor Browser though
Most people just resign it to random problem. My paranoia never lets such conclusions occur.
kvm234
good policy
maybe firewall, addon, noscript
router
cacahuatl
It fetches the updates over tor though, right?
so if you can see both fine on tor browser then it shouldn't be an issue, except maybe a malfunctioning exit?
arma
there are three dist.tp.o servers
five if you include the ipv6 ones
TheCthulhu1
I should carry on bugging mikeperry to start doing them over hidden services....
yano
speaking of that, whatever happened to the onion service of torproject.org?
TheCthulhu1
I run a mirror on a HS: http://torsiteyqk5ajx5o.onion - but yeah no official one
kvm234
and there does not appear to be a link on torproject.org that points to media.torproject.org
yano
TheCthulhu1: ah, i remember there use to be an "official" one but most of the links use to be broken
thanks for the bookmark
kvm234
I thought kernelkorn was working on a new system of organizing .onion domains that was going to be implemented?
that way we don't have to memorize these onion addresses
cacahuatl
I wrote some code to turn onions into 'correct horse battery staple' and back but it's nowhere near perfect :P it needs more work by smart people
yano
ooh, that'd be neat
cacahuatl
https://github.com/0xcaca0/leekspeak
_opal_
wew speak
cary-elv1s
is it ok to change RelayBandwidthRate and Burst and reload the config (service tor reload) to limit the bandwidth?
mrphs
sure. that's why they are there.
but please make sure you set it above the minimum of 250KByte each direction. that's 500KByte/s bw = ~2mbit/s.
cary-elv1s
right. there are other ways to limit the vandwidth in the manual. so i thought that maybe this way is not optimal
yano
is 250KByte the new recommendation?
*minimum recommendation?
mrphs
yano: yes
yano
is that to get the 'fast' flag?
mrphs
no. 250KByte/s each dir is the _bare_ minimum.
yano
i think the documentation said 20KByte was the minimum
»Define these to limit how much relayed traffic you will allow. Your own traffic is still unthrottled. Note that RelayBandwidthRate must be at least 20 kilobytes per second.«
« prev 1 2 next »