Re: invitation to directory server operators
On Sat, 13 Sep 2008 07:39:39 +0200 Gitano [EMAIL PROTECTED] wrote: Scott Bennett wrote: ## The following line enables hidden service directory mirroring. HidServDirectoryV2 1 (Or skip the comment line, and just add the second line, as you please.) Then tell your tor server to reload its torrc file. Within 24 - 25 hours your server will begin operating as a tor hidden services directory server. You probably won't even notice the difference in traffic loads on your tor server. This entry doesn't work on my server (Picolo) even though the flag 'Directory (v2)' is set. Are there any dependencies, for example minimum Why do you believe it doesn't work? bandwidth? Not that I am aware of. There is, however, the requirement that your server be up for at least 24 hours before the authorities will list a new HSDir server with the HSDir flag set in the consensus and status documents. If it hasn't been that long yet, please give it enough time. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army. * *-- Gov. John Hancock, New York Journal, 28 January 1790 * **
Re: invitation to directory server operators
Scott Bennett wrote: This entry doesn't work on my server (Picolo) even though the flag 'Directory (v2)' is set. Why do you believe it doesn't work? My server is not listed as a HSDir server. There is, however, the requirement that your server be up for at least 24 hours before the authorities will list a new HSDir server with the HSDir flag set in the consensus and status documents. If it hasn't been that long yet, please give it enough time. Ok - so a server, getting a new IP every 24 hours (ADSL), will never become a HSDir server?
Re: invitation to directory server operators
On: Sat, 13 Sep 2008 09:01:34 +0200 Gitano [EMAIL PROTECTED] wrote: Scott Bennett wrote: This entry doesn't work on my server (Picolo) even though the flag 'Directory (v2)' is set. Why do you believe it doesn't work? My server is not listed as a HSDir server. There is, however, the requirement that your server be up for at least 24 hours before the authorities will list a new HSDir server with the HSDir flag set in the consensus and status documents. If it hasn't been that long yet, please give it enough time. Ok - so a server, getting a new IP every 24 hours (ADSL), will never become a HSDir server? Probably not. And even if it did, it would have to be something requiring exactly the right timing. And then it would all go to waste a short time later when your system got disconnected and readdressed again. It is now nearly a month since I dumped an ISP that had proven to be nearly unusable by mid April. But the first complaint that I had was that they forced a disconnection of the PPPoE session *at least* every 24 hours, usually assigning a different IP address. That meant any login sessions I had open to other locations got broken without notification to either end, and all open tor connections got broken without warning or notification to either end (i.e., all TCP connections to anywhere else). The ISP's employees insisted that that was by deliberate design and intent, a totally intolerable approach to customer service. Unfortunately, I had signed a one-year contract without having been informed that there would be one or more outages each and every day of that contract. The new ISP is cheaper for the first six months, then somewhat more expensive than the old ISP. But, although there appear to be a few lingering signal quality issues that cause trouble only very infrequently, the stress and irritation of bad service is mostly gone. The new ISP also is giving me higher data rates than I had before, which is great. Also, it appears that even when the signal is lost or erratic enough to cause the modem to reset itself and then reconnect, it seems to get the same IP address every time, so there may be a pause of 60 - 75 seconds or so, but then everything seems to resume with few, if any, broken connections. If you can find an ISP that doesn't force a disconnection and reconnection every day, life will be much less unpleasant. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army. * *-- Gov. John Hancock, New York Journal, 28 January 1790 * **
Re: invitation to directory server operators
On Sat, Sep 13, 2008 at 04:46:14AM -0500, Scott Bennett wrote: On: Sat, 13 Sep 2008 09:01:34 +0200 Gitano [EMAIL PROTECTED] wrote: Scott Bennett wrote: This entry doesn't work on my server (Picolo) even though the flag 'Directory (v2)' is set. Why do you believe it doesn't work? My server is not listed as a HSDir server. There is, however, the requirement that your server be up for at least 24 hours before the authorities will list a new HSDir server with the HSDir flag set in the consensus and status documents. If it hasn't been that long yet, please give it enough time. Ok - so a server, getting a new IP every 24 hours (ADSL), will never become a HSDir server? [...snip...] they forced a disconnection of the PPPoE session *at least* every 24 hours, usually assigning a different IP address. That meant any login sessions I had open to other locations got broken without notification to either end, and all open tor connections got broken without warning or notification to either end (i.e., all TCP connections to anywhere else) [...snip}... Just for clarification for Germans: Isps of various countries, even in Europe, do _NOT_ force a 24 hour dis/reconnect with dialup adsl lines. Even if the line is disconnected, they _may_ just give away the same IP that was used before to the same machine. They do not have to, but in practice they often do. (see below) Also, it appears that even when the signal is lost or erratic enough to cause the modem to reset itself and then reconnect, it seems to get the same IP address every time, so ^^^ there may be a pause of 60 - 75 seconds or so, but then everything seems to resume with few, if any, broken connections. If you can find an ISP that doesn't force a disconnection and reconnection every day, life will be much less unpleasant. For Non-Germans: In Germany and some neighboring states it's standard of isp's providing adsl dialups to disconnect _every_ line after 24 hours and reconnect with giving away a new IP. AFAIK there is no exeption to the rule with dialup lines. So the idea of running a HSDir server is probably limited to those with more permanent IPs, unless the 24 hour waiting period for HSDir servers to become active is changed to something shorter. 0.5c Regards Hans
Re: invitation to directory server operators
On Sat, 13 Sep 2008 12:31:34 +0200 Hans Schnehl [EMAIL PROTECTED] wrote: On Sat, Sep 13, 2008 at 04:46:14AM -0500, Scott Bennett wrote: On: Sat, 13 Sep 2008 09:01:34 +0200 Gitano [EMAIL PROTECTED] wrote: Scott Bennett wrote: This entry doesn't work on my server (Picolo) even though the flag 'Directory (v2)' is set. Why do you believe it doesn't work? My server is not listed as a HSDir server. There is, however, the requirement that your server be up for at least 24 hours before the authorities will list a new HSDir server with the HSDir flag set in the consensus and status documents. If it hasn't been that long yet, please give it enough time. Ok - so a server, getting a new IP every 24 hours (ADSL), will never become a HSDir server? [...snip...] they forced a disconnection of the PPPoE session *at least* every 24 hours, usually assigning a different IP address. That meant any login sessions I had open to other locations got broken without notification to either end, and all open tor connections got broken without warning or notification to either end (i.e., all TCP connections to anywhere else) [...snip}... Just for clarification for Germans: Isps of various countries, even in Europe, do _NOT_ force a 24 hour dis/reconnect with dialup adsl lines. Even if the line is disconnected, they _may_ just give away the same IP that was used before to the same machine. They do not have to, but in practice they often do. (see below) And some clarification for non-gringos: in the U.S. the ADSL connections are not dialup, but rather continuous connections usually provided directly or indirectly by the telephone company monopolizing the local geographical area. Cable connections are also supposed to be continuous here. The only normal reason for outages is supposed to be hardware trouble. The catches are 1) that some ISPs, like the lousy one I used to pay (TBC Net, Inc. -- tbc.net), buy large packages of ADSL service from another provider, which may be the telephone company or it may be yet another service repackager, and then they turn around and sell the service for individual lines at a cheaper rate than the underlying physical service provider, and 2) any level of this setup that requires authentication can use whatever method it chooses. My old ISP chose to use PPPoE session authentication logs as some sort of input to its accounting system, and the accounting system needed a record for every day or some such nonsense, so they forced new accounting data to be logged at least every 24 hours by cancelling the PPPoE session and requiring reauthentication upon reconnection. Basically, it was one of those setups designed by amateurs, maybe junior high school kids similar to the way Microsoft appears to handle software design. Also, it appears that even when the signal is lost or erratic enough to cause the modem to reset itself and then reconnect, it seems to get the same IP address every time, so ^^^ there may be a pause of 60 - 75 seconds or so, but then everything seems to resume with few, if any, broken connections. If you can find an ISP that doesn't force a disconnection and reconnection every day, life will be much less unpleasant. For Non-Germans: In Germany and some neighboring states it's standard of isp's providing adsl dialups to disconnect _every_ line after 24 hours and reconnect with giving away a new IP. AFAIK there is no exeption to the rule with dialup lines. Sounds awful. Is there a cable-based ISP there? You might have better results that way. Sorry to hear, as well, that the ADSL lines are dial-up connections. Bummer. So the idea of running a HSDir server is probably limited to those with more permanent IPs, unless the 24 hour waiting period for HSDir servers to become active is changed to something shorter. Oh, well. However, I do notice that German HSDir servers outnumber those of all other countries at present, so *somebody* there is getting better service. 0.5c That must be before adjusting for inflation, right? ;-) In this country, the U.S. Mint has not produced 0.5c coins since the mid-19th century or perhaps earlier. Now 1.0c coins are not worth picking up off the ground, though if you good get 5 or 10 kg of them, you could sell them for the copper, because the face value has dropped significantly below the metal value. Reading about precious metals coinage is like reading something from Anderson's fairy tales nowadays. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * A well regulated and disciplined militia, is at all times a good * * objection to the
Re: invitation to directory server operators
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all, the quoting approach doesn't work here any more, so that I try to address the main questions directly; if I should have overlooked something important, please let me know: One question was why we didn't announce the feature of configuring a node as v2 hidden service directories (HSDir in the folling) earlier: This feature was introduced in one of the alphas of the 0.2.0.x series. Back then I asked some people I knew to configure their node as HSDir to have a number of 3--6 HSDirs as a basis to get it running. Unfortunately, there was a major bug in one of the alphas (I don't recall if it was in the HSDir code or not, but anyway, it's fixed long ago, so no worries). The result was that the one of the more high-bandwidth nodes crashed and the node administrator downgraded to 0.1.2.x. At that time I refrained from asking more people to be beta testers before being more sure that it works more stable. Now that the HSDir code runs for quite some time without making trouble, I would say it is stable; which doesn't rule out the possibility of bugs completely, though. It was also on my TODO list to make an announcement, but not on top position, so that Scott got ahead of me with his announcement. It wasn't urgent, though, because the v0 directory is still running in parallel. Scott asked whether enough people turned on this option now: Not if we want the distributed directory be as stable and reliable as it was planned in its design. It is really awesome that so many people followed the announcement here, but we need as many HSDirs as possible. The concept depends on distributing descriptors among hundreds of nodes in the long term. This is required for higher reliability in face of single failing and corrupt nodes. Plus, it even gains more importance for hidden services with client authorization (see proposal 121) where you have separate hidden service descriptors for different clients that should not be linked together. With only a few HSDirs we need to rely on delaying descriptor publication for different descriptors from the same hidden service going to the same HSDir. With hundreds of HSDirs we can make this significantly faster. But this whole thing is not even completely implemented in trunk, so give us some time before announcing it here. (See proposal 121 for more details if you are interested in that.) Andrew found out that it is not required to open the DirPort in addition to setting the HSDir configuration. While this could on the one hand be considered a bug, it shows on the other hand that this requirement is really redundant and can be dropped. Originally, this requirement stems from a time when it was not clear that we can tunnel directory requests over the OR port. This works by extending a circuit to the OR port of a relay and sending a so-called BEGIN_DIR cell that contains a directory request and can be answered directly instead of a command to open a connection to another server or something like that. Then there was a question why nodes need to have an uptime of 24 hours or more: As was discussed earlier on this list, this is a means to ensure high availability of HSDirs. If one looks at the number of nodes over time and removes nodes with lower uptime than 24 hours, one gets a very smooth graph with low variations. Unfortunately this excludes people on daily disconnected DSL lines. Sorry for that, but if we want a reliable distributed hidden service directory, we really need reliable nodes that don't change their IP address. Hidden service clients shall be able to find a hidden service descriptor even when it was published a few hours ago. Finally, there were some questions about legal issues when configuring a relay as hidden service directory. I can't answer those, sorry. Please consult your lawyer, or turn off this option. We will add a remark in the sample torrc (and maybe other places) that this option can be turned off when 0.2.1.x goes stable (at the latest). - --Karsten -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIy6W70M+WPffBEmURAn6nAKDLAeBjtuGEFeE4erWE1Ce8CLYPPQCgl/km Adgs1qh0en59PyJ/caR1d8E= =Oz3x -END PGP SIGNATURE-
Re: invitation to directory server operators
On Sat, Sep 13, 2008 at 06:18:51AM -0500, Scott Bennett wrote: On Sat, 13 Sep 2008 12:31:34 +0200 Hans Schnehl [EMAIL PROTECTED] wrote: On Sat, Sep 13, 2008 at 04:46:14AM -0500, Scott Bennett wrote: On: Sat, 13 Sep 2008 09:01:34 +0200 Gitano [EMAIL PROTECTED] wrote: Scott Bennett wrote: This entry doesn't work on my server (Picolo) even though the flag 'Directory (v2)' is set. Why do you believe it doesn't work? My server is not listed as a HSDir server. There is, however, the requirement that your server be up for at least 24 hours before the authorities will list a new HSDir server with the HSDir flag set in the consensus and status documents. If it hasn't been that long yet, please give it enough time. Ok - so a server, getting a new IP every 24 hours (ADSL), will never become a HSDir server? [...snip...] So the idea of running a HSDir server is probably limited to those with more permanent IPs, unless the 24 hour waiting period for HSDir servers to become active is changed to something shorter. Oh, well. However, I do notice that German HSDir servers outnumber those of all other countries at present, so *somebody* there is getting better service. They do either run a rented server or pay a rather expensive price for that. For a private person who wishes to run a Tor-node with higher bandwidth and undisrupted connectivity I assume it to be best to rent a server somewhere. Prices have become quite moderate by now. Last not least this would contribute more bandwidth, nodes and anonymity, and that's what it's all about, isn't it? 0.5c That must be before adjusting for inflation, right? ;-) In this country, the U.S. Mint has not produced 0.5c coins since the mid-19th century or perhaps earlier. Now 1.0c coins are not worth picking up off the ground, though if you good get 5 or 10 kg of them, you could sell them for the copper, because the face value has dropped significantly below the metal value. Reading about precious metals coinage is like reading something from Anderson's fairy tales nowadays. Numismatic evaluation but back to topic ;)