logs archiveIRC Archive / Oftc / #tor / 2015 / July / 22 / 1
weasel
Ralphy: ooi, what's on that anycast range that wants anycast?
Ralphy
weasel other services I run in those boxes
showwl
Hello, why isn't it possible to see which circuits you are using in tails but in the regular TBB?
cacahuatl
They disabled the display in tails because they felt it was a possible security risk.
https://git-tails.immerda.ch/tails/plain/debian/changelog see the first item for 1.4 under 'Major new features'
showwl
Alright cacahuatl , thanks!
s7r
cacahuatl: yeah i was looking for that 2 days ago.
so tails took in consideration half of the changes. they just reset dirtiness if the circuit still has used streams, but don't isolate all the content loaded in a tab through a single circuit
how does exactly SocksAuth isolation work? I setup an app to use socks5 127.0.0.1:9150 with username app1 and password <random>?
what is to be random every time for proper isolation? socks username ? socks password? both?
cacahuatl
At a glance, either
m0ron
hi
s7r
cacahuatl: app 1 with username app1 / password: password111 and app2 with username: app1 / password222 will be stream isolated from each other?
         

cacahuatl
so if the username has never been used or the password has never been used
s7r
so i can change either the username, either the password, either both
ryonaloli_
s7r: right
s7r
nice to know. thanks!
cacahuatl
https://bpaste.net/show/f8fca6f80c1d from src/or/connection_edge.c
s7r
so this eliminates needing IsolateDestAddr flag in torrc
because it would do the same thing apparently
well not exactly. it would isolate streams regardless if coming from the same app, while this would assign circuits / streams directly to applications
cacahuatl
only in the browser, but I don't think destaddr is enabled by default is it? it always seemed needlessly extensive.
s7r
it is not enabled by default no
cacahuatl
there was talk of using it to stop the requirement for controlport access entirely, by taking a random string, and prefixing the username and password for socksauth with it
s7r
but there is not much of a difference between using SocksAuth for all apps using Tor or IsolateDestAddr
cacahuatl
then on the new identity button, you hash the random string and get a new one, and use that as the prefix
then the browser doesn't really need the control port at all
I prefer SOCKSAuth because it's enabled by default, and it allows more fine-grained control as to what you want to isolate.
s7r
exactly
this is the benefit. because maybe I want the streams of app1 not to be isolated from each other
but i want app1 to be isolated from app2
which would make me use SocksAuth as opposite to IsolateDestAddr
cacahuatl
torsocks >=2.1 also has a similar option, isolating by pid + timestamp which uses socksauth too
s7r
torsocks isn't shipped with tor anyway
i understand isolation by pid but i don't understand why it also takes in consideration the timestamp
cacahuatl
er, some operating systems re-use pids
so you close app1 then open app2 and app2 gets app1s old pid, rather than a counter-like mechanism.
s7r
yeah but if my os doesn't reuse pids, i could end up in isolating streams coming from the same pid /app which probably i don't want to
m0ron
okay, so I've been running a non exit relay node for about a year now and I need clarification on something
cacahuatl
it also has traditional username/password isolation :P since at least 2.0, maybe 1.3?
m0ron
if I've gotten anything wrong here, let me know
SHADOWIMPACT
m0ron that's cool thanks for the bandwidth
         

m0ron
it's my understanding that 1) exit and non exit relays are on the public list of tor nodes 2) bridges are *not* on the public list of tor nodes
SHADOWIMPACT :)
cacahuatl
correct
SHADOWIMPACT
yes that is correct
m0ron
so how long does it take for a non-exit relay that's switched to a bridge to disappear from the public list of tor nodes?
I've been banned from a few services that can't be bothered to differentiate between non exits and exits, and from what I hear, bridges are needed more than non exit-relays
cacahuatl
er, if you are going to switch to a bridge you probably want to *at least* switch ORPort
m0ron
ok, I see
cacahuatl
bridges are needed for a certain set of users, I'd probably strongly recommend adding an obfs4 pluggable transport too if you can
but just because you're removed from the consensus doesn't mean that the people actively trying to block bridge use will have removed you from their blacklists
ryonaloli_
what could "tor_assertion_failed_(): Bug: src/or/buffers.c:2627: assert_buf_ok: Assertion ch->data < &ch->mem[0]+ch->memlen failed; aborting." be from, on openbsd?
m0ron
cacahuatl, thanks
ryonaloli_
tor just randomly crashed with that error. no other relevent logs.
s7r
ryonaloli_: you are ussing 0.2.5.10 ?
ryonaloli_
yes
s7r
upgrade.
it s a known bug
cacahuatl
https://trac.torproject.org/projects/tor/ticket/15083 ?
ryonaloli_
are there any major security issues in 0.2.5.10?
s7r
fixeed in 0.2.5.12 or 0.2.6.x
m0ron
I've been looking at how to get pluggable transport added all day - my relay's running on windows and there doesn't seem to be anything for obfs on this platform
ryonaloli_
i'm running it on openbsd, and would like to avoid putting a toolchain on the server unless absolutely necessary
m0ron
might have to set up a Linux VM instead and run it from there
cacahuatl
Yeah, windows is pretty terrible for doing anything meaningful that's not clicking big buttons, but I might be biased.
m0ron
:p
SHADOWIMPACT
well it is good for games
linux can do movies and music fine nowadays
cacahuatl
obfs4 is golang...I think most of it is pure go?
so it should be possible to get it running
m0ron
I did like using Arch for a year or two, but I was just so comfy in Windows :(
anyway, thanks for your help cacahuatl and SHADOWIMPACT
see you around
SHADOWIMPACT
comfort is mostly a matter of mentality
mcmc
this page sorely needs updating: https://www.torproject.org/docs/faq-abuse.html.en
"So yes, criminals could in theory use Tor"
doesn't really seem like a fair statement
also, "Not much, in the grand scheme of things. The network has been running since October 2003, and it's only generated a handful of complaints."
very very out of date. Could make us look bad if used against us in one of those lovely sensational pieces that are becoming so popular these days
cacahuatl
Yes, lets pander to the accusations of sensationalist clickbait. That road will only take us to better places.
mcmc
cacahuatl: no, the article is factually wrong
cacahuatl: I'm saying why it's important that these errors be fixed
cacahuatl
I disagree.
mcmc
cacahuatl: it's only generated a handful of complaints.
that's what it says
it's generated literally tens of thousands of complaints
you cannot fit that many complaints in your hand
fact
;)
cacahuatl
If you put them in plaintext compressed on an SD card you could balance them on one finger.
mcmc
also, the section about services blocking tor is very outdated
and should probably just link to the new page/initiative for that
anyway, if there's anyone with the rights to update that page here, I'm willing to draft a revision
cacahuatl
Feel free to submit a patch for it on trac, I guess?
neanderthal
Anybody know why I get this when trying to join . :irc.dg.i2p.onion NOTICE AUTH :*** Looking up your hostname... :irc.dg.i2p.onion NOTICE AUTH :*** Found your hostname (cached) ERROR :Closing Link: [192.168.122.121] (HTTP command from IRC connection (ATTACK?))
cacahuatl
Probably using an HTTP proxy incorrectly, how is it related to tor?
tumbler
hi guys ... what to do if custom bridges failed?
usually meek-amazon or meek-aruze fixed the issue
thoguh they don t now
« prev 1 2 3 4 next »