Re: SoC Project: Improving Hidden Service Security and Usability
I was actually thinking Ubuntu but the scripts I'm planning on making should apply pretty universally to any debian-based system. Ringo Ted Smith wrote: On Sun, 2009-06-28 at 11:19 -0700, Chris Humphry wrote: I might be confused but I thought you were writing this for standard Linux installation? Do you mean I can use Ubuntu as the Linux OS? (re: My goal is to make a standard Linux-Apache-MySQL-PHP installation) Thanks for your time There's no such thing as a standard Linux installation, with the possible exception of the vanilla build of Linux. There are many different variants of the GNU/Linux operating system, and any major variant will allow you to use a GLAMP stack. In fact, I would recommend the Ubuntu Server spin of Ubuntu for any new user wishing to work with server software -- the install CD supports full disk encryption in the same way the Alternate CD does, and you can easily select what services you want to provide. Out of curiosity, what were you thinking of as the standard Linux installation? I wonder what distribution you gave that honor to. ;-)
Re: 25 tbreg relays in directory
On Mon, June 29, 2009 12:07, Pei Hanru wrote: Someone hinted in a local forum that those tbregs are related with Taobao. So I googled and found out what I've described. That's it. like this: http://translate.google.com/translate?js=nprev=_thl=enie=UTF-8u=http%3A%2F%2Fwww.wintaobao.com%2Fhelp%2Ftbreg-auto%2Fsl=zh-CNtl=enhistory_state0= thanks again for the info :-) -- Marco Bonetti BT3 EeePC enhancing module: http://sid77.slackware.it/bt3/ Slackintosh Linux Project Developer: http://workaround.ch/ Linux-live for powerpc: http://workaround.ch/pub/rsync/mb/linux-live/ My GnuPG key id: 0x86A91047
Re: 25 tbreg relays in directory
Scott Bennett wrote: Ouch. This provides another example in support of having a way for the directory authorities to render insecure versions ... and only usable as clients to connect to the tor project's web site to download a current version of tor. This kind of thinking baffles me. It seems diametrically opposed to the notion of free software. I could understand if the outdated client was endangering the Tor network (which was discussed in the portion of the comment I skipped over with the ellipsis). And I would have no problem with a friendly advisory as long is it wasn't incessant nagware that couldn't be disabled. But I don't understand the desire to dictate to people or some nanny viewpoint of trying to save people from themselves. (Before somebody makes an argument of keeping the Internet free of compromised machines, I rather imagine the number of machines compromised because of Tor software would be lost in the statistical noise of all the other ways machines get compromised. And I don't think the unsavory purpose these tbreg instances are put to is a relevant factor.)
Re: 25 tbreg relays in directory
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Scott Bennett wrote: On Sun, 28 Jun 2009 20:09:25 +0800 Pei Hanru peiha...@gmail.com wrote: On 2009-04-27 18:27 CST, Scott Bennett wrote: torstatus currently shows 25 different relays that are all named tbreq and appear to be in China. I wonder whether these are due to some benighted snip I've downloaded the software and tested, the version of Tor in it is indeed 0.2.1.2-alpha, torrc in it is Ouch. This provides another example in support of having a way for the directory authorities to render insecure versions inoperable/unusable as relays to the rest of the network and only usable as clients to connect to the tor project's web site to download a current version of tor. How about simply take a page from Freenet? Each new build of Freenet comes with a lastGoodVersion= variable that contains the version number of the oldest build it's willing to talk to. Nodes older than that can't connect to the network for anything except updating the out of date node. - -- The best way to get past my spam filter is to sign or encrypt your email to me. My PGP KeyId: 0x84D46604 http://blogdoofus.com http://tinfoilchef.com http://www.domaincarryout.com Un-official Freenet 0.5 alternative download http://peculiarplace.com/freenet/ Mixminion Message Sender, Windows GUI Frontend for Mixminion http://peculiarplace.com/mixminion-message-sender/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBSki323V+YnyE1GYEAQgXmQf/VVTT7G8vMnOI222SVC7FKFZzH8ZHFvjn CuNHTqjkBRlN4L9zjv5Iya3UQtdSwQDTWCVpQM5UIP4wZFOVd3HcPjWD4KvSU2ST MLyH0v3Z14mHcFvMD6Z6F7fQYLwdOGdH22Zd95mtFbU3WtvtASOwjNcd0Al0+8ee NAERkThuVWzct+vfPDoxQgkWzlcJRK9BRSqrVgQPVsMqW/+n29WjuZL67r4N9Fza uF7g4jpLRptk9JaVcX1zDyPMoz/r5keX45ydaL4yluyg/6d3kQmoCRC6mBNN03HD bbJNge3BfGH3zTBOUp3uvai2x5u0PZnqfpdVblrOTlRNSXto4Xk/ag== =IQV6 -END PGP SIGNATURE-
Re: 25 tbreg relays in directory
Scott, when I did a reply on your email, it (tried to) sent it your personal email account rather than the list. -- Scott Bennett wrote: On Mon, 29 Jun 2009 05:14:25 -0600 Jim McClanahan jimmy...@copper.net wrote: Scott Bennett wrote: Ouch. This provides another example in support of having a way for the directory authorities to render insecure versions ... and only usable as clients to connect to the tor project's web site to download a current version of tor. This kind of thinking baffles me. It seems diametrically opposed to the notion of free software. I could understand if the outdated client was How so? It's still free of charge, freely available, and freely modifiable and redistributable. (GPL3-licensed software doesn't qualify, IMO.) I did not not mean it was not technically free software. The license takes care of that. My meaning is that the goal is to restrict people rather than to grant freedom. It is an issue of perspective rather than license technicalities. I probably could have phrased it better. (I happen to like, to the extent I understand it, GPLv3. But I don't see how it is relevant to this discussion and I don't know why it was injected into it.) endangering the Tor network (which was discussed in the portion of the comment I skipped over with the ellipsis). And I would have no problem Insecure relays endanger the network That is why I inserted the ellipsis and made the parenthetical comment about it. I am not arguing against neutralizing insecure relays. The danger to the network is perfect justification IMO. Insecure clients installed virally onto systems without notice to the users endanger those users. It's not like the clients ended up there on their own w/o the consent of the user or owner. Trying to enforce a policy on people when those people are not harming others reeks (IMO) of unsavory things like police states and nanny states. I am opposed. It is personal perspective, not technical argument. Obviously, it is technically possible to do what you describe. And because of the free license, it is technically possible and legally permissible for people to undo those changes on their copies of the software. It is also possible for the software to lie to the network about what it is. But as I stated, this attitude of trying to coerce other people baffles me. I am not saying nobody does it. The world is full of tyrants. Just to flesh out my view a little more, I would have no problem with a configuration option that says allow the tor network to nearly disable this client at somebody's discretion. As long as it could be disabled. But I really wonder why Tor developers would be interested in spending the time to implement such a thing. with a friendly advisory as long is it wasn't incessant nagware that couldn't be disabled. But I don't understand the desire to dictate to I don't think the current log messages are so influential as all that. Just take a look at the current consensus. :-( people or some nanny viewpoint of trying to save people from themselves. (Before somebody makes an argument of keeping the Internet free of compromised machines, I rather imagine the number of machines compromised because of Tor software would be lost in the statistical Again, when the software is installed by stealth onto the machines of unsuspecting users, then the probability on each user's machine becomes 100%. In other words, the number of machines w.r.t. the user is 1 out of 1, a ratio that cannot be considered lost in the noise for that user. By stealth??? If that is really so, I guess you could try to make the same argument about *any* free software that somebody decided to turn into malware. But I am still unconvinced the people who installed didn't know they were installing something. noise of all the other ways machines get compromised. And I don't think the unsavory purpose these tbreg instances are put to is a relevant factor.) How so? I note that you deleted all the relevant context in your reply. I did not reproduce Pei Hanru's email in its entirety because I did not see it as necessary. Or particularly relevant for this discussion. As I stated, I don't think the unsavory purpose these 'tbreg' instances are put to is a relevant factor. The unsavory purpose I referred to and perhaps what you call relevant context is the fact that Tor was part of software sold to (for the purpose of) (quoting Pei Hanru) automatically register large number of TaoBao accounts. It is my opinion (yes, once again, *opinion*) that the fact that an unscrupulous person (or group of people) used the free software in question in a manner that *might* be analogous to certain freeware (*not* free software) actually being a trojan, i.e. malware that arguably was installed by stealth, is not justification for taking a tyrannical attitude toward the users of said free
Re: 25 tbreg relays in directory
Unlurking for the first time, I think. Why not join forces with a popular freeware/shareware product like Aim or Winamp, with an uncheck to opt out option and a description of tor. Such a bundle could be preset to relay, and there's got to be a magic bandwidth that most western users could tolerate. Is it ethically wrong to insert TOR into the userspace of the less-informed by associating it with a popular (hopefully not unsavory) download? Does this concept fly in the face of free will? Is it just too sneaky? It's not like you'd be putting five new toolbars into their browser. On Mon, Jun 29, 2009 at 8:13 AM, Jim McClanahan jimmy...@copper.net wrote: Scott, when I did a reply on your email, it (tried to) sent it your personal email account rather than the list. -- Scott Bennett wrote: On Mon, 29 Jun 2009 05:14:25 -0600 Jim McClanahan jimmy...@copper.net wrote: Scott Bennett wrote: Ouch. This provides another example in support of having a way for the directory authorities to render insecure versions ... and only usable as clients to connect to the tor project's web site to download a current version of tor. This kind of thinking baffles me. It seems diametrically opposed to the notion of free software. I could understand if the outdated client was How so? It's still free of charge, freely available, and freely modifiable and redistributable. (GPL3-licensed software doesn't qualify, IMO.) I did not not mean it was not technically free software. The license takes care of that. My meaning is that the goal is to restrict people rather than to grant freedom. It is an issue of perspective rather than license technicalities. I probably could have phrased it better. (I happen to like, to the extent I understand it, GPLv3. But I don't see how it is relevant to this discussion and I don't know why it was injected into it.) endangering the Tor network (which was discussed in the portion of the comment I skipped over with the ellipsis). And I would have no problem Insecure relays endanger the network That is why I inserted the ellipsis and made the parenthetical comment about it. I am not arguing against neutralizing insecure relays. The danger to the network is perfect justification IMO. Insecure clients installed virally onto systems without notice to the users endanger those users. It's not like the clients ended up there on their own w/o the consent of the user or owner. Trying to enforce a policy on people when those people are not harming others reeks (IMO) of unsavory things like police states and nanny states. I am opposed. It is personal perspective, not technical argument. Obviously, it is technically possible to do what you describe. And because of the free license, it is technically possible and legally permissible for people to undo those changes on their copies of the software. It is also possible for the software to lie to the network about what it is. But as I stated, this attitude of trying to coerce other people baffles me. I am not saying nobody does it. The world is full of tyrants. Just to flesh out my view a little more, I would have no problem with a configuration option that says allow the tor network to nearly disable this client at somebody's discretion. As long as it could be disabled. But I really wonder why Tor developers would be interested in spending the time to implement such a thing. with a friendly advisory as long is it wasn't incessant nagware that couldn't be disabled. But I don't understand the desire to dictate to I don't think the current log messages are so influential as all that. Just take a look at the current consensus. :-( people or some nanny viewpoint of trying to save people from themselves. (Before somebody makes an argument of keeping the Internet free of compromised machines, I rather imagine the number of machines compromised because of Tor software would be lost in the statistical Again, when the software is installed by stealth onto the machines of unsuspecting users, then the probability on each user's machine becomes 100%. In other words, the number of machines w.r.t. the user is 1 out of 1, a ratio that cannot be considered lost in the noise for that user. By stealth??? If that is really so, I guess you could try to make the same argument about *any* free software that somebody decided to turn into malware. But I am still unconvinced the people who installed didn't know they were installing something. noise of all the other ways machines get compromised. And I don't think the unsavory purpose these tbreg instances are put to is a relevant factor.) How so? I note that you deleted all the relevant context in your reply. I did not reproduce Pei Hanru's email in its entirety because I did not see it as necessary. Or particularly
Re: Question About Security Threat from Tor
On 06/28/2009 02:30 PM, Michael wrote: if a security problem were exploited, that could lead to unprivileged access to the machine- then the attacker just has to find a suitable way to crack the box through an exploit Another way to add a layer is to use a virtualization. I'm going to be converting my tor server to Xen shortly anyway (for another task it does), so tor will probably get its own VM, for good measure. It already has its own IP, so it's pretty straightforward to do. I've also seen some valgrind comments in the source. Not sure if any static analysis tools like clang are used. -Bill -- Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 http://www.bfccomputing.com/Cell: 603.252.2606 Twitter, etc.: bill_mcgonigle Page: 603.442.1833 Email, IM, VOIP: b...@bfccomputing.com Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf
Re: 25 tbreg relays in directory
On Mon, 29 Jun 2009 07:47:23 -0500 Edward Langenback apos...@peculiarplace.com wrote: Scott Bennett wrote: On Sun, 28 Jun 2009 20:09:25 +0800 Pei Hanru peiha...@gmail.com wrote: On 2009-04-27 18:27 CST, Scott Bennett wrote: torstatus currently shows 25 different relays that are all named tbreq and appear to be in China. I wonder whether these are due to some benighted snip I've downloaded the software and tested, the version of Tor in it is indeed 0.2.1.2-alpha, torrc in it is Ouch. This provides another example in support of having a way for the directory authorities to render insecure versions inoperable/unusable as relays to the rest of the network and only usable as clients to connect to the tor project's web site to download a current version of tor. How about simply take a page from Freenet? Each new build of Freenet comes with a lastGoodVersion= variable that contains the version number of the oldest build it's willing to talk to. 1) Sometimes a security bug is introduced into a particular version, rather than having been present in tor since the beginning. When found, the problem can be fixed in a new release. That means that the security bug renders a range of one or more releases dangerous to use, while versions both older and newer may be okay to use. Setting only the new start of a range could, depending upon timing, render the majority of relays in the tor network unusable for no good reason. 2) Calling the *first* good version the lastGoodVersion strikes me as a poor idea because of the potential for causing confusion. 3) The current setup regarding versions enables the directory authorities to establish the currently recommended versions for use as clients and a similar set of relay versions. (At present, an instance of tor that doesn't find its own version in the relevant list issues a warning message to a log file that many tor users rarely, if ever, see and thus do not respond to.) Why would having a statically compiled list that is certain to become obsolete be a better idea? Nodes older than that can't connect to the network for anything except updating the out of date node. That is part of what I have been recommending. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army. * *-- Gov. John Hancock, New York Journal, 28 January 1790 * **
Re: 25 tbreg relays in directory
On Mon, 29 Jun 2009 09:19:21 -0500 punkle jones punkle.jo...@gmail.com wrote: Unlurking for the first time, I think. Welcome to the fray! ;) Why not join forces with a popular freeware/shareware product like Aim or Winamp, with an uncheck to opt out option and a description of tor. Such a bundle could be preset to relay, and there's got to be a magic bandwidth that most western users could tolerate. Is it ethically wrong to insert TOR into the userspace of the less-informed by associating it with a popular (hopefully not unsavory) download? Does this concept fly in the face of free will? Is it just too sneaky? It's not like you'd be putting five new toolbars into their browser. Take a look at some reasons, beginning at https://www.torproject.org/download.html.en#Warning Then let us know whether you still see a way for such an uncheck to opt out arrangement to be a good idea. Keep in mind that, in general, people do not currently read EULAs displayed by software installer packages, so you're not likely to get them to read and understand a bunch of pages from the tor project's web site in the middle of installing a different package that also includes tor. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army. * *-- Gov. John Hancock, New York Journal, 28 January 1790 * **
Re: many new relays
Subject: Re: many new relays To: or-talk@freehaven.net Date: Sunday, June 28, 2009, 10:05 AM I'd give it a 15 minute mile high eyeball if I had the 'before the jump' cache files or a 'getinfo desc/all-recent' from back then. I just don't have that dataset. It means everyone is busy working on other things. Yep, it's just an on the radar thing. more stats about the effect of other major media stories about Tor, Slashdot effect, etc. I think the Tor project may indeed have some long term data such as a simple relay count in RRD. Just thought I saw some graphs once. There's probably a roadmap somewhere that gives an idea of when Tor would be felt ready for more general mass consumption/advertisment. This whole Iran thing is a great way for a number of adversaries to slip in undetected. In bulk, in short order, yes, perhaps. Though if I were a serious adversary I would probably advise against something as we've just seen. I suggested doing the analysis because often the first rollout of anything is botched in some fashion. And there's limited time to catch it, then learning occurs and the future ones appear normal. And of course, as a secondary check, the non-black Tor break canary has yet to be seen in the public courts. Is it possible this alleged jump in the numbers of relays is partly driven by the tbreg/Taobao thing? Perhaps this same technique is being used more widely than is realized with relay nodes on zombied machines having names other than 25tbreg. Just a thought.
Re: many new relays
On Mon, 29 Jun 2009 13:27:28 -0700 (PDT) Phil philtickle...@yahoo.com wrote: I'd give it a 15 minute mile high eyeball if I had the 'before the jump' cache files or a 'getinfo desc/all-recent' from back then. I just don't have that dataset. It means everyone is busy working on other things. Yep, it's just an on the radar thing. more stats about the effect of other major media stories about Tor, Slashdot effect, etc. I think the Tor project may indeed have some long term data such as a simple relay count in RRD. Just thought I saw some graphs once. There's probably a roadmap somewhere that gives an idea of when Tor would be felt ready for more general mass consumption/advertisment. This whole Iran thing is a great way for a number of adversaries to slip in undetected. In bulk, in short order, yes, perhaps. Though if I were a serious adversary I would probably advise against something as we've just seen. I suggested doing the analysis because often the first rollout of anything is botched in some fashion. And there's limited time to catch it, then learning occurs and the future ones appear normal. And of course, as a secondary check, the non-black Tor break canary has yet to be seen in the public courts. Is it possible this alleged jump in the numbers of relays is partly driven by the tbreg/Taobao thing? Perhaps this same technique is being used more widely than is realized with relay nodes on zombied machines having names other than 25tbreg. Just a thought. I don't think so. Right now there are 1972 relays listed in the consensus, but only one with a nickname of tbreg. The jump is still on the order of 400-600 relays. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army. * *-- Gov. John Hancock, New York Journal, 28 January 1790 * **
Re: 25 tbreg relays in directory
punkle jones (punkle.jo...@gmail.com) wrote (in part) (on 2009-06-29 at 10:19): Unlurking for the first time, I think. Why not join forces with a popular freeware/shareware product like Aim or Winamp, with an uncheck to opt out option and a description of tor. Such a bundle could be preset to relay, and there's got to be a magic bandwidth that most western users could tolerate. Is it ethically wrong to insert TOR into the userspace of the less-informed by associating it with a popular (hopefully not unsavory) download? Does this concept fly in the face of free will? Is it just too sneaky? It's not like you'd be putting five new toolbars into their browser. I've been following this thread with interest. From what I've read our best guess as to why other users are installing the package which uses Tor is to provide the means to circumvent the restrictions on quickly creating multiple accounts for a particular auction group (*Taobao)*. Correct so far? Presumably the effect of doing this are likely to be unwelcome to *Taobao.com * management and/or other non-participating users/bidders/sellers? Question: ignoring any possible bad reputation this brings to the TOR community at large does this have the side-effect of increasing exit nodes and thereby providing more capacity to everyone? Or is typical usage for those who want to create the multiple accounts just to open them briefly and then cease immediately with no net noticeable effect on the TOR network as a whole? -- Regards ... Alec (bura...@gmail WinLiveMess - alec.m.burg...@skype)