On Fri, 10 Sep 2010 04:40:02 -0400 Roger Dingledine <a...@mit.edu> wrote: >On Fri, Sep 10, 2010 at 03:27:01AM -0500, Scott Bennett wrote: >> >Yup, that's the actual behaviour. Good thing we added the warn, >> >otherwise >> >it might have gone unnoticed longer. >> > >> Wow. This is a scandalously bad situation. Is there any chance >> that it will get a high priority for being corrected *soon*? Please?? > >This excludenodes thing has been no end of trouble. The root problem is >that it's a feature that absolutely none of the developers use. > >I wonder if that means there are similar problems with other features >that no developers use. > >In any case, Sebastian started a trac entry for this one: >https://trac.torproject.org/projects/tor/ticket/1929 >wherein he starts out by listing a reason that we shouldn't fix it. > >Please add more pros and cons to the trac entry.
I'll see if I can do that over the next couple of days. The old system wouldn't let me do anything beyond simply looking at trouble tickets. Meanwhile, a quick tally through my Exclude* lists shows 10 that were reported to be run by a federal agent of some sort and were not listed as a Family at the time, 2 impersonators of blutmagie, 1 that illegitimately claimed to be a directory authority, a group of 10 not listed as a Family that also inserted text into exit streams on port 80, 11 others that inserted text into or substituted their own web pages for port 80 exit streams, 8 that consistently truncated image files, 1 that redirected port 80 streams to a spyware page, 1 that allowed DNS hijacking, 1 that censored exits to certain IP addresses and/or ports instead of defining its ExitPolicy correctly, 3 that falsified SSL certificates into exit streams for MITM attacks, ~90 that ran very obsolete (e.g., 0.1.x.x, 0.2.0.x) tor software lacking oodles of security fixes, and 31 excluded for another reason of my own preference. These last two groups are ones that I do review from time to time to see whether the reason I excluded them has been eliminated, which would allow their removal from the list. All of the others, however, I've excluded for damned good reason, and I have no intention of ever removing them from the lists. As you can see, they aren't going to fit on just one ExcludeNodes line and one ExcludeExitNodes line. > >(I guess the angry rants can stay here. ;) > I'm still in astonishment, wondering how I can actually exclude the nodes that should be excluded. No angry rants from me at this point. Scott Bennett, Comm. ASMELG, CFIAG ********************************************************************** * Internet: bennett at cs.niu.edu * *--------------------------------------------------------------------* * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * * -- Gov. John Hancock, New York Journal, 28 January 1790 * ********************************************************************** *********************************************************************** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/