Re: Failed to decode requested authority digest
Quoth Nick Mathewson ni...@torproject.org, on 2010-01-14 21:49:33 -0500: Nevermore! Jan 12 08:57:59.119 [warn] Failed to decode requested authority digest 14C131%2027B6B5%20585769%2081349F%20E2A2AF%20E8A9C4. Jan 14 11:40:05.641 [warn] Failed to decode requested authority digest 14C131%2027B6B5%20585769%2081349F%20E2A2AF%20E8A9C4. This looks like some kind of broken client to me. =A0Look at all those %20s in the string: that looks like http encoding of a space ( ) character, so somebody's program is requesting 14C131 27B6B5 585769 81349F E2A2AF E8A9C4 with the spaces HTTP-encoded. =A0Unless I'm mistaken, the proper format is using + signs, not spaces. If you mean URI-encoded (or URL-encoded), which HTTP uses, then %20 is a valid encoding of a 0x20 (ASCII space) character. =A0+ is a secondary convention that's used in query strings only, which can also mean a space character. =A0Does the Tor directory request protocol specify something else? For this URL, dir-spec.txt specifies: http://hostname/tor/status-vote/current/consensus/F1+F2+F3.z Where F1, F2, etc. are authority identity fingerprints the client trusts= . Servers will only return a consensus if more than half of the requested authorities have signed the document, otherwise a 404 error will be sent back. The fingerprints can be shortened to a length of any multiple of two, using only the leftmost part of the encoded fingerprint. Tor uses 3 bytes (6 hex characters) of the fingerprint. The last sentence should probably start The Tor client uses... The plus signs have been required as long as I can remember, though I agree that a more standards-friendly use of HTTP would accept any equivalent URI-encoded string. I'd welcome a patch or two to handle proper URI-encoding better, or alternatively a patch to dir-spec.txt to be more explicit about anything at all. The dir-spec.txt document from Tor 0.2.1.20 doesn't seem to be clear on how fp is interpreted in URIs. Agreed. The closest it comes is saying, ] http://hostname/tor/status-vote/next/fp.z ] where fp is the fingerprint of the other authority's identity key. From this, the reader is presumably meant to infer that fp means an arbitrary-length hexadecimal string, with current lengths of 160 bits (or 20 bytes, or 40 hex characters) , encoding a SHA1 digest of the public identity key of the corresponding authority. If any reader really infers this... that's some reader! Somebody should clean this up. Let me know if anyone has got a patch I can apply here. --=20 Nick *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Tor-ramdisk 20100115 is out.
Hi everyone I want to announce to the list that a new rlease of tor-ramdisk is out. Tor-ramdisk is an i686, x86_64 or MIPS uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Security is enhenced by hardening the kernel and binaries, and privacy is enhanced by forcing logging to be off at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key, which may be exported/imported by FTP. Changelog: Tor was updated to 0.2.1.21. The setup scripts now include the option of setting your own DNS server when acquiring networking information by DHCP to avoid ISPs that use DNS... blocking. These changes have been implemented in the i686, MIPS, and the new x86_64 port. These have been tested in the wild. i686: Homepage: http://opensource.dyc.edu/tor-ramdisk Download: http://opensource.dyc.edu/tor-ramdisk-downloads x86_64: Homepage: http://opensource.dyc.edu/tor-x86_64-ramdisk Download: http://opensource.dyc.edu/tor-x86_64-ramdisk-downloads MIPS: Homepage: http://opensource.dyc.edu/tor-mips-ramdisk Download: http://opensource.dyc.edu/tor-mips-ramdisk-downloads -- Anthony G. Basile, Ph.D. Chair of Information Technology D'Youville College Buffalo, NY 14201 USA (716) 829-8197 signature.asc Description: OpenPGP digital signature
Re: Tor-ramdisk 20100115 is out.
On 01/15/2010 10:13 AM, arshad wrote: is this a project supported/acknowledged by torproject? Yes, it's acknowledged. It's a great way for people with dedicated hardware to run a Tor relay. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor-ramdisk 20100115 is out.
On 01/15/2010 12:50 PM, basile wrote: But all the ramdisk image has in it is a kernel, 3 binaries (tor, ntpd and busybox) and one ash script. You can't run the service there. I guess you could run it on another machine behind tor-ramdisk. You could map the hidden service to another server, but you might as well run the tor client and a hidden service on that other machine itself. The hidden service also wants to write a private key and hostname somewhere. If you write this to a ram disk, it also goes away when the system is rebooted. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
[OT] Problems With Outlook 2k2
As part of my attempts to write an article about using GPG and Tor with Outlook I set up a test email account. O says it connects just fine and sends/receives a test message, but when I attempt to send my own test message to another email address, I have nothing but connection time out issues. As soon as I get these issues sorted, I'll be posting the last in my series before bringing them together in a static web page. Also, it appears I cannot change how /just/ MSO connects to the internet without changing system wide settings, but I'm continuing to look into that aspect. Please reply off-list with suggestions or help. P.S. For those who aren't subscribed to my news feed, my article for setting up Thunderbird to us Tor and GPG. http://blog.joseph-a-nagy-jr.us/2010/01/getting-serious-about-security-email-and-you/ -- PIT signature.asc Description: OpenPGP digital signature
Re: [OT] Problems With Outlook 2k2
isn't email (i.e. tcp/25) blocked by default as a exit policy? Programmer In Training wrote: As part of my attempts to write an article about using GPG and Tor with Outlook I set up a test email account. O says it connects just fine and sends/receives a test message, but when I attempt to send my own test message to another email address, I have nothing but connection time out issues. As soon as I get these issues sorted, I'll be posting the last in my series before bringing them together in a static web page. Also, it appears I cannot change how /just/ MSO connects to the internet without changing system wide settings, but I'm continuing to look into that aspect. Please reply off-list with suggestions or help. P.S. For those who aren't subscribed to my news feed, my article for setting up Thunderbird to us Tor and GPG. http://blog.joseph-a-nagy-jr.us/2010/01/getting-serious-about-security-email-and-you/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: [OT] Problems With Outlook 2k2
On 1/15/2010 1:43 PM, Harry Hoffman wrote: isn't email (i.e. tcp/25) blocked by default as a exit policy? snip No (and apparently the list stripped my explicit reply-to setting). Tor does warn you, though (I have one email account that I cannot make a secure connection with due to the setup that is out of my control). Also, I do not use the Windows firewall (it's junk anyway). All my other accounts connect via ssl/tls. -- PIT signature.asc Description: OpenPGP digital signature
BridgeRelay 1, tor does nothing
Tor story when configured to do nothing but BridgeRelay 1 is: [warn] SocksPort, TransPort, NatdPort, DNSPort, and ORPort are all undefined, and there aren't any hidden services configured. Tor will still run, but probably won't do anything. warning!! warning!! you're only acting as a bridge!! perhaps the line could be slightly adjusted. A SocksPort 0 and BridgeRelay 1 is likely rare and not very interesting, but it does do something(?) signature.asc Description: This is a digitally signed message part.
Re: BridgeRelay 1, tor does nothing
On Fri, Jan 15, 2010 at 09:48:42PM +0100, xiando wrote: Tor story when configured to do nothing but BridgeRelay 1 is: [warn] SocksPort, TransPort, NatdPort, DNSPort, and ORPort are all undefined, and there aren't any hidden services configured. Tor will still run, but probably won't do anything. warning!! warning!! you're only acting as a bridge!! perhaps the line could be slightly adjusted. A SocksPort 0 and BridgeRelay 1 is likely rare and not very interesting, but it does do something(?) You need to set an ORPort too, or your bridge won't listen for connections. https://www.torproject.org/bridges.html.en#RunningABridge --Roger *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
QoS and Tor on Ubuntu 9.10
German: Hallo miteinander Ich betreibe einen Tor Server auf einem 100/100mbit Dedicated Server unter Ubuntu 9.10 x86. Momentan biete ich Tor nur eine Bandbreite von 1mb/s (8mbit/s). Dies möchte ich jedoch ändern, denn ich möchte dem Tor Projekt mehr Bandbreite zur Verfügung stellen. Jedoch laufen auf diesem Server noch andere Dienste Darum wollte ich höflichst anfragen, ob es möglich wäre, dass jemand mir ein QoS Script mittels TC Filter schreiben könnte. Ich würde zwei verschiedene Kategorien benötigen. Low Prio: Für den Tor Dienst, welcher auf Port 443 läuft High Prio: Alle andern Ports Ich freue mich schon voraus auf eine Antwort von euch Gruss Mete English: Hello everyone Im running tor server on a 100/100mbit dedicated machine which runs ubuntu 9.10 x86. Currently Im sharing 1mb/s (8mbit/s) with the tor network. But I want to share more bandwidth with the tor network. But on my server are running also other services. Because of this I want to ask here, if its possible that a linux guru can write a little QoS script for me with tc filters. I need two different classes for traffic shaping. Low prio: For the tor service, which is running on port 443 High prio: For all the other ports I thank you for the reply -Mete
Re: QoS and Tor on Ubuntu 9.10
On Fri, Jan 15, 2010 at 10:34:31PM +0100, Matias Meier wrote: But on my server are running also other services. Because of this I want to ask here, if it?s possible that a linux guru can write a little QoS script for me with ?tc filters?. I need two different classes for traffic shaping. Low prio: For the tor service, which is running on port 443 High prio: For all the other ports You're in luck! See item #6 at https://blog.torproject.org/blog/tips-running-exit-node-minimal-harassment for a pointer to Mike's Linux-based QoS script. Alas, our new https interface for git is still under construction, so in the mean time, an easy place to find the script is contrib/linux-tor-prio.sh in your Tor tarball. --Roger *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
AW: QoS and Tor on Ubuntu 9.10
Hi Roger. Thank you for the fast reply. But the link to that script isn't working... Does the link work for you? https://git.torproject.org/checkout/tor/master/contrib/linux-tor-prio.sh -Mete -Ursprüngliche Nachricht- Von: owner-or-t...@freehaven.net [mailto:owner-or-t...@freehaven.net] Im Auftrag von Roger Dingledine Gesendet: Freitag, 15. Januar 2010 23:07 An: or-talk@freehaven.net Betreff: Re: QoS and Tor on Ubuntu 9.10 On Fri, Jan 15, 2010 at 10:34:31PM +0100, Matias Meier wrote: But on my server are running also other services. Because of this I want to ask here, if it?s possible that a linux guru can write a little QoS script for me with ?tc filters?. I need two different classes for traffic shaping. Low prio: For the tor service, which is running on port 443 High prio: For all the other ports You're in luck! See item #6 at https://blog.torproject.org/blog/tips-running-exit-node-minimal-harassment for a pointer to Mike's Linux-based QoS script. Alas, our new https interface for git is still under construction, so in the mean time, an easy place to find the script is contrib/linux-tor-prio.sh in your Tor tarball. --Roger *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: AW: QoS and Tor on Ubuntu 9.10
On 01/15/2010 05:14 PM, Matias Meier wrote: Hi Roger. Thank you for the fast reply. But the link to that script isn't working... Does the link work for you? https://git.torproject.org/checkout/tor/master/contrib/linux-tor-prio.sh From Roger's email: Alas, our new https interface for git is still under construction, so in the mean time, an easy place to find the script is contrib/linux-tor-prio.sh in your Tor tarball. You need to either use git://git.torproject.org/checkout/tor/master/contrib/linux-tor-prio.sh to get it, or look in the source tarball for the script. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Latest router selection algorithm
2010/1/10 ilter yüksel ilteryuk...@gmail.com: Hello, I'm searching latest router selection algorithm which implemented on Tor 0.2.1.21. I couldn't find spec. or proposal for it. Could you help me how i can find some docs about it? The best document is still path-spec.txt, though proposals 160 and 161 may be of interest. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: [OT] Problems With Outlook 2k2
On 1/15/2010 11:59 PM, Scott Bennett wrote: On Fri, 15 Jan 2010 13:52:35 -0600 Programmer In Training p...@joseph-a-nagy-jr.us wrote: On 1/15/2010 1:43 PM, Harry Hoffman wrote: isn't email (i.e. tcp/25) blocked by default as a exit policy? snip No (and apparently the list stripped my explicit reply-to setting). Tor I don't know why you responded in the negative. The *default* exit policy, which is to say, the exit policy in effect when no exit policy is specified in torrc, does block TCP port 25 (smtp). It is the smtps port that is no longer blocked by default. However, there is often a number of routers that do have exit policies allowing exits to port 25, so sometimes connection attempts for port 25 will work. I've never had issue with connecting to port 25 through Tor, either in the default rc that comes with the Vidalia bundle or the rc that I downloaded as a recommendation from the Wiki (link in archives somewhere, might post it if requested). I just get a warning that I'm attempting an insecure connection. Sorry, meant to send to list. -- PIT signature.asc Description: OpenPGP digital signature
Re: [OT] Problems With Outlook 2k2
On Fri, 15 Jan 2010 13:52:35 -0600 Programmer In Training p...@joseph-a-nagy-jr.us wrote: On 1/15/2010 1:43 PM, Harry Hoffman wrote: isn't email (i.e. tcp/25) blocked by default as a exit policy? snip No (and apparently the list stripped my explicit reply-to setting). Tor I don't know why you responded in the negative. The *default* exit policy, which is to say, the exit policy in effect when no exit policy is specified in torrc, does block TCP port 25 (smtp). It is the smtps port that is no longer blocked by default. However, there is often a number of routers that do have exit policies allowing exits to port 25, so sometimes connection attempts for port 25 will work. does warn you, though (I have one email account that I cannot make a secure connection with due to the setup that is out of my control). Also, I do not use the Windows firewall (it's junk anyway). All my other accounts connect via ssl/tls. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army. * *-- Gov. John Hancock, New York Journal, 28 January 1790 * ** *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/