Re: [or-talk] Re: huge pages, was where are the exit nodes gone?
On Thu, 15 Apr 2010 14:42:26 +0200 Olaf Selke wrote: >Scott Bennett wrote: >> >> Olaf, if you're awake and on-line at/near this hour:-), how about >> an update, now that blutmagie has been running long enough to complete >> its climb to FL510 and accelerate to its cruising speed? Also, how about >> some numbers for how it ran without libhugetlbfs, even if only approximate, >> for comparison? (The suspense is really getting to me.:^) > >tor process is still growing: > >anonymizer2:~# hugeadm --pool-list > Size Minimum Current Maximum Default > 2097152 100 319 1000* > > PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ P COMMAND >21716 debian-t 20 0 2075m 1.1g 25m R 95.2 29.4 2020:29 0 tor That CPU usage looks pretty high to me, but I still don't know what you were accustomed to seeing tor use before, so is it higher so far? Lower? > >It hard to tell after only one day how throughput is affected. Pls give >me some more days. In the meanwhile everybody can do his own assessment Okay. But, again, I'd still like to know whether the hugepages are helping tor's CPU load or hurting it, and I would need some historical clues, even if just estimates, to know the answer to that. >from mrtg data http://torstatus.blutmagie.de/public_mrtg It's in the queue, but I ran into a firefox bug again a few minutes ago and had to kill it. Now your statistics page is competing with the reloading of well over 200 open tabs. B^} Once it has loaded, though, I'll refresh the page from time to time to check on things. How often are the graphs updated? (Yes, I see the 5-minute refresh timeout on the page, but is the timeout related to graph regeneration?) > >There are additional non-public graphs for environmental data monitoring >like temperatures, fan speeds, and other super secret stuff which gives >me a hint if someone is messing with my hardware. > Ooh! A cloak-and-dagger challenge for OR-TALK subscribers? Cool! :) Not that I'm into that sort of thing, you understand...ahem. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * *-- Gov. John Hancock, New York Journal, 28 January 1790 * ** *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
BadExit flag still needed for PrivacyNow...
My weather satellite images got blocked again, due to the PrivacyNow exit using OpenDNS with a misconfigured account and the fact that ExcludeExitNodes still doesn't work reliably. Will the the authority operators *please* stick a BadExit flag onto that router's entry in the consensus? Thanks! Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * *-- Gov. John Hancock, New York Journal, 28 January 1790 * ** *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: PrivacyNow is a BadExit (was Re: PrivacyNow node has misconfigured OpenDNS account)
On Fri, 16 Apr 2010 00:04:06 -0400 zzzjethro...@email2me.net top-posted (again, please stop doing that): > Scott Bennett wrote: > > > "That is why tor is distributed with a complete set of documentation." > >Okay, great. I will read it but all I have in my Home Folder, in Library,= > is Vidalia. In earlier versions, there used to be folders for Tor, Privox= >y and Vidalia,=20 >so where do I find this documentation? I kept assuming you were referring= > to The Onion Router.doc but now I'm guessing you're not. > In your tor distribution, there should be a "doc" directory. The stuff you're looking for is all in the subdirectories called "design-paper", "spec", and "website", although there are also three man pages and a couple of .txt files in the doc directory itself. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * *-- Gov. John Hancock, New York Journal, 28 January 1790 * ** *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: MacFUSE
Hello. Yes I do and thanks for that. -Original Message- From: and...@torproject.org To: or-talk@freehaven.net Sent: Fri, Apr 16, 2010 10:49 am Subject: Re: MacFUSE On Wed, Apr 14, 2010 at 09:33:24PM -0400, zzzjethro...@email2me.net wrote 2.6K bytes in 74 lines about: : Tor wouldn't work until, I reinstalled MacFUSE. Actually it is more accurate to say, "until it somehow reinstalled itself." : Now, I'm not 100% sure of my memory in that regard as I couldn't open Vidalia/Tor first. I had to go through a True Crypt file first, but if memory serves me, the very first time I rid myself of MacFUSE, it was Tor that didn't work. Truecrypt on os x needs macfuse to work. If your tor/vidalia is installed to the truecrypt volume, then you need truecrypt to work. If you remove macfuse, but not truecrypt, you have a broken truecrypt installation. If your truecrypt is broken, then you can't get to your tor/vidalia app to run it. See the dependencies there? -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor using StrictExitNodes
On Thu, Apr 15, 2010 at 01:41:14PM +0200, linuxu...@gmx.us wrote 0.8K bytes in 19 lines about: > apr 15 13:39:03.590 [Warning] No specified exit routers seem to be > running, and StrictExitNodes is set: can't choose an exit. > apr 15 13:39:30.595 [Warning] failed to choose an exit server > > It is interesting that this thing worked at first, but ceased working > about a week ago. Are the exit nodes you chose still active now? -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: MacFUSE
On Wed, Apr 14, 2010 at 09:33:24PM -0400, zzzjethro...@email2me.net wrote 2.6K bytes in 74 lines about: : Tor wouldn't work until, I reinstalled MacFUSE. Actually it is more accurate to say, "until it somehow reinstalled itself." : Now, I'm not 100% sure of my memory in that regard as I couldn't open Vidalia/Tor first. I had to go through a True Crypt file first, but if memory serves me, the very first time I rid myself of MacFUSE, it was Tor that didn't work. Truecrypt on os x needs macfuse to work. If your tor/vidalia is installed to the truecrypt volume, then you need truecrypt to work. If you remove macfuse, but not truecrypt, you have a broken truecrypt installation. If your truecrypt is broken, then you can't get to your tor/vidalia app to run it. See the dependencies there? -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: TOR Not Starting after upgrade
On Tue, Apr 13, 2010 at 10:17:21PM -0500, apos...@peculiarplace.com wrote 13K bytes in 270 lines about: : Apr 13 22:12:36.875 [Warning] Problem bootstrapping. Stuck at 5%: : Connecting to directory server. (Socket is not connected [WSAENOTCONN : ]; NOROUTE; count 1; recommendation warn) It seems like your path to the directory authorities is blocked. This could be by local firewall or antivirus software, or something on the network. Do you have the same config file before and after the upgrade? -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: TOR Not Starting after upgrade
On Thu, Apr 15, 2010 at 09:45:56PM -0500, Edward Langenback wrote: > > I've just upgraded to vidalia-bundle-0.2.1.25-0.2.7.exe and now TOR is > > not starting at all. I've tried a full uninstall-reinstall with no > > changes. > > Any ideas what the problem is? I'm still getting the same behavior > after several reboots and complete re-installs. 1) Your insecurity software may have detected changed .exe files and therefore blocked Tor from starting (it is easy to miss the prompt). 2) The Tor might have started but browsing though it with Firefox not be working due to a legacy Privoxy hanging around (it was not automatically uninstalled by previous bundles for some reason) and occupying port 8118 so Polipo cannot start. 3) Check the Tor log file for other possibilities. Check the Windows Events log for related System and Application events. signature.asc Description: Digital signature
Re: TOR Not Starting after upgrade
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Edward Langenback wrote: > I've just upgraded to vidalia-bundle-0.2.1.25-0.2.7.exe and now TOR is > not starting at all. I've tried a full uninstall-reinstall with no > changes. Any ideas what the problem is? I'm still getting the same behavior after several reboots and complete re-installs. - -- The best way to get past my spam filter is to sign or encrypt your email to me. My PGP KeyId: 0x84D46604 http://blogdoofus.com http://tinfoilchef.com http://www.domaincarryout.com Un-official Freenet 0.5 alternative download http://peculiarplace.com/freenet/ Mixminion Message Sender, Windows GUI Frontend for Mixminion http://peculiarplace.com/mixminion-message-sender/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBS8fPZHV+YnyE1GYEAQjVngf/fMzMaHyNsD8XggBmJOblCx469gsXahOe 3LU6NictbG6V8WdBVqxsPB6iq6YNMNQlkB4wWV3oOPLNfwIBA8VtcfIWGWpOkmqU PfcL9Dyf3hXmq6E5D4ggKagXHUMqOyzcQ4bGV476mN2lgVma5Bk7zL0m4VAfFfp/ mpWJQ0bipp766xpqDR2QFjDshm9I8uEdBYUqsFBdWTBaOjz23CQ2Zp+sWKPI0+2Y +6zkBjgZh2TQVc7joyMxC3cwbcftoZdEUS1iyiNQw/QFstnQ3lvc8HCtrJDA5N8y Qe8ychDAEX4f16gXX4LQH/rBvmSQTpTaa58krMKMP3+uqjmBjOtc0A== =h6aT -END PGP SIGNATURE- *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Howto build static linux binary?
On Apr 15, 2010, at 11:46 PM, Clemens Eisserer wrote: Hmm, I would prefer to have all libraries statically linked (including libc) - so that the resulting executable would have no external dependencies (except for the kernel-syscall interface of course ^^). Sad this isn't possible ... maybe I can find a way to do this manually. Thanks, Clemens Someone in #tor was experimenting with CFLAGS="-static", maybe that can help you a bit. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Howto build static linux binary?
Hi Sebastian > yesterday a patch was accepted to allow statically linking zlib. > This means you can now pass > --enable-static-(openssl|zlib|libevent) to configure to link those > parts statically, if you use the latest development version from > git. Other options are unknown to me. Hmm, I would prefer to have all libraries statically linked (including libc) - so that the resulting executable would have no external dependencies (except for the kernel-syscall interface of course ^^). Sad this isn't possible ... maybe I can find a way to do this manually. Thanks, Clemens *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Howto build static linux binary?
On Apr 15, 2010, at 3:32 PM, Clemens Eisserer wrote: Hi, I would like to build a statically linked binary of tor. Is there an easy way to accomplish this, e.g. by passing a simply command line option to configure? Thank you in advance, Clemens Hey Clemens, yesterday a patch was accepted to allow statically linking zlib. This means you can now pass --enable-static-(openssl|zlib|libevent) to configure to link those parts statically, if you use the latest development version from git. Other options are unknown to me. Sebastian *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Howto build static linux binary?
Hi, I would like to build a statically linked binary of tor. Is there an easy way to accomplish this, e.g. by passing a simply command line option to configure? Thank you in advance, Clemens *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: [or-talk] Re: huge pages, was where are the exit nodes gone?
Scott Bennett wrote: > > Olaf, if you're awake and on-line at/near this hour:-), how about > an update, now that blutmagie has been running long enough to complete > its climb to FL510 and accelerate to its cruising speed? Also, how about > some numbers for how it ran without libhugetlbfs, even if only approximate, > for comparison? (The suspense is really getting to me.:^) tor process is still growing: anonymizer2:~# hugeadm --pool-list Size Minimum Current Maximum Default 2097152 100 319 1000* PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ P COMMAND 21716 debian-t 20 0 2075m 1.1g 25m R 95.2 29.4 2020:29 0 tor It hard to tell after only one day how throughput is affected. Pls give me some more days. In the meanwhile everybody can do his own assessment from mrtg data http://torstatus.blutmagie.de/public_mrtg There are additional non-public graphs for environmental data monitoring like temperatures, fan speeds, and other super secret stuff which gives me a hint if someone is messing with my hardware. Olaf *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Tor using StrictExitNodes
Hello, I am using StrictExitNodes 1 and a list of permitted exit nodes. I also tried country code. But I have problems, because although I see at least one or two permitted exit nodes as available on "Tor Network Map" in Vidalia, Tor still does not want to connect with them. I am getting warning messages repeatedly instead: apr 15 13:39:03.590 [Warning] No specified exit routers seem to be running, and StrictExitNodes is set: can't choose an exit. apr 15 13:39:30.595 [Warning] failed to choose an exit server It is interesting that this thing worked at first, but ceased working about a week ago. Thanks for any hint! *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: PrivacyNow is a BadExit (was Re: PrivacyNow node has misconfigured OpenDNS account)
On Thu, 15 Apr 2010 09:17:39 +0200 Sebastian Hahn wrote: >On Apr 15, 2010, at 9:11 AM, Scott Bennett wrote: > >> On Thu, 15 Apr 2010 08:25:07 +0200 Sebastian Hahn >> > > >> wrote: >>> On Apr 15, 2010, at 8:17 AM, Scott Bennett wrote: Unfortunate (IMO), the latest versions have the support for .exit either disabled or deleted, apparently leaving us no easy way to perform such tests. I've asked recently on this list whether some other easy way were available, but have been met with silence, so I assume that there still is none. >>> >>> If you want the functionality, feel free to set the AllowDotExit >>> config option >>> to 1. Note that this can't be recommended, because it opens you up >>> for >> >> That is what I have been doing in order to be able to test for >> exit >> misbehavior. However, the ChangeLog notes under "Minor bugfixes" for >> 0.2.2.9-alpha the following: >> >> - Resume handling .exit hostnames in a special way: originally we >> stripped the .exit part and used the requested exit relay. In >> 0.2.2.1-alpha we stopped treating them in any special way, meaning >> if you use a .exit address then Tor will pass it on to the exit >> relay. Now we reject the .exit stream outright, since that behavior >> ^^^ >> might be more expected by the user. Found and diagnosed by Scott >> ?? >> Bennett and Downie on or-talk. >> >> I understood the "Now we reject" part as meaning that the .exit >> support had >> been completely removed. I do not understand why that behavior >> "might be >> more expected by the user." In any case, the above note is why I've >> paused >> at 0.2.2.7-alpha while waiting to discover some fairly easy-to-use >> alternative >> method of testing exit behavior. > >Ah no, that's not what is meant here. The idea is that when .exit is >disabled, >we reject connections to some domain ending in .exit, instead of passing >that URL to the exit node. This is more expected behaviour because there >is no .exit tld currently, so people telling to to go to xyz.exit are >most likely >thinking that they are talking to a tor with the .exit functionality >enabled. > Great! Thanks for the clarification. I'll go ahead and upgrade soon. >> >>> attacks where the exit node can choose who your exit is going to be, >>> unless you use encrypted protocols when webbrowsing only. >>> >> Regarding the attack route you mention, I have some firefox plug- >> ins >> like NoRedirect and RefreshBlocker installed in addition to the >> recommended >> plug-ins (including QuickJava, NoScript, and Torbutton especially) >> that should >> help with automated stuff, and I'm in the habit of checking the >> actual URLs >> in links before using the links manually. In many cases, I don't >> even use >> firefox to get stuff from the links, but rather do a copy-and-paste >> to a >> wget(1) or some other downloader command in an xterm(1), so I have >> plenty of >> opportunity to notice that sort of interference. If those >> strategies still >> miss something, please do let me know. > >I suppose you still load images and possibly other resources, too; >those can be fetched from arbitrary locations unless disabled via >special-purpose addons like RequestPolicy. Hmmm...yes, some images load without intervention, although many do not. Okay, I'll change my habits, so that torrc will have it turned off by default, and I'll only turn it on (and send tor a SIGHUP) when I really need it. OTOH, thanks very much for the tip about RequestPolicy. I didn't know about that one, so I'll check into it. > > # This file was generated by Tor; if youedit it, comments will not > be pres= I think the comment may be a lie. It's most likely a torrc produced by vidalia, not tor. (Someone please correct me if I've forgotten some special case in which tor does rewrite a torrc.) >>> >>> I think it is more likely that the file was written by Tor, via the >>> SAFECONF >>> torctl command. >>> >> Okay, I guess I had forgotten tor implemented such a command, >> but who >> is issuing the command? Vidalia? >> Thanks for the information, Sebastian. > >Yes, Vidalia as the only Tor controller in a typical setup would be >issuing >the saveconf command. > Okay, so tor does the actual (re)write, but Vidalia is still the perpetrator as far as the OP should be concerned. :-) Thanks again. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all
Re: [or-talk] Re: huge pages, was where are the exit nodes gone?
On Wed, 14 Apr 2010 17:23:35 +0200 Olaf Selke wrote: >Scott Bennett wrote: > >>> >>> It appears memory consumption with the wrapped Linux malloc() is still >>> larger than than with openbsd-malloc I used before. Hugepages don't >>> appear to work with openbsd-malloc. >>> >> Okay, that looks like a problem, and it probably ought to be passed >> along to the LINUX developers to look into. > >yes, but I don't suppose this problem being related to hugepages >wrapper. Linking tor against standard glibc malloc() never worked for me >in the past. Always had the problem that memory leaked like hell and >after a few days tor process crashed with an out of memory error. >Running configure script with --enable-openbsd-malloc flag solved this >issue but apparently it doesn't work with libhugetlbfs.so. > >After 17 hours of operation resident process size is 1 gig. > > PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ P COMMAND >21716 debian-t 20 0 1943m 1.0g 24m R 79.4 26.9 927:51.27 1 tor > >On the other hand cpu load really seems to be reduced compared with >standard page size. > Olaf, if you're awake and on-line at/near this hour:-), how about an update, now that blutmagie has been running long enough to complete its climb to FL510 and accelerate to its cruising speed? Also, how about some numbers for how it ran without libhugetlbfs, even if only approximate, for comparison? (The suspense is really getting to me.:^) Thanks! Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * *-- Gov. John Hancock, New York Journal, 28 January 1790 * ** *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: PrivacyNow is a BadExit (was Re: PrivacyNow node has misconfigured OpenDNS account)
On Apr 15, 2010, at 9:11 AM, Scott Bennett wrote: On Thu, 15 Apr 2010 08:25:07 +0200 Sebastian Hahn > wrote: On Apr 15, 2010, at 8:17 AM, Scott Bennett wrote: Unfortunate (IMO), the latest versions have the support for .exit either disabled or deleted, apparently leaving us no easy way to perform such tests. I've asked recently on this list whether some other easy way were available, but have been met with silence, so I assume that there still is none. If you want the functionality, feel free to set the AllowDotExit config option to 1. Note that this can't be recommended, because it opens you up for That is what I have been doing in order to be able to test for exit misbehavior. However, the ChangeLog notes under "Minor bugfixes" for 0.2.2.9-alpha the following: - Resume handling .exit hostnames in a special way: originally we stripped the .exit part and used the requested exit relay. In 0.2.2.1-alpha we stopped treating them in any special way, meaning if you use a .exit address then Tor will pass it on to the exit relay. Now we reject the .exit stream outright, since that behavior ^^^ might be more expected by the user. Found and diagnosed by Scott ?? Bennett and Downie on or-talk. I understood the "Now we reject" part as meaning that the .exit support had been completely removed. I do not understand why that behavior "might be more expected by the user." In any case, the above note is why I've paused at 0.2.2.7-alpha while waiting to discover some fairly easy-to-use alternative method of testing exit behavior. Ah no, that's not what is meant here. The idea is that when .exit is disabled, we reject connections to some domain ending in .exit, instead of passing that URL to the exit node. This is more expected behaviour because there is no .exit tld currently, so people telling to to go to xyz.exit are most likely thinking that they are talking to a tor with the .exit functionality enabled. attacks where the exit node can choose who your exit is going to be, unless you use encrypted protocols when webbrowsing only. Regarding the attack route you mention, I have some firefox plug- ins like NoRedirect and RefreshBlocker installed in addition to the recommended plug-ins (including QuickJava, NoScript, and Torbutton especially) that should help with automated stuff, and I'm in the habit of checking the actual URLs in links before using the links manually. In many cases, I don't even use firefox to get stuff from the links, but rather do a copy-and-paste to a wget(1) or some other downloader command in an xterm(1), so I have plenty of opportunity to notice that sort of interference. If those strategies still miss something, please do let me know. I suppose you still load images and possibly other resources, too; those can be fetched from arbitrary locations unless disabled via special-purpose addons like RequestPolicy. # This file was generated by Tor; if youedit it, comments will not be pres= I think the comment may be a lie. It's most likely a torrc produced by vidalia, not tor. (Someone please correct me if I've forgotten some special case in which tor does rewrite a torrc.) I think it is more likely that the file was written by Tor, via the SAFECONF torctl command. Okay, I guess I had forgotten tor implemented such a command, but who is issuing the command? Vidalia? Thanks for the information, Sebastian. Yes, Vidalia as the only Tor controller in a typical setup would be issuing the saveconf command. Sebastian *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: PrivacyNow is a BadExit (was Re: PrivacyNow node has misconfigured OpenDNS account)
On Thu, 15 Apr 2010 08:25:07 +0200 Sebastian Hahn wrote: >On Apr 15, 2010, at 8:17 AM, Scott Bennett wrote: >> Unfortunate (IMO), the latest versions have the support for .exit >> either disabled or deleted, apparently leaving us no easy way to >> perform >> such tests. I've asked recently on this list whether some other >> easy way >> were available, but have been met with silence, so I assume that there >> still is none. > >If you want the functionality, feel free to set the AllowDotExit >config option >to 1. Note that this can't be recommended, because it opens you up for That is what I have been doing in order to be able to test for exit misbehavior. However, the ChangeLog notes under "Minor bugfixes" for 0.2.2.9-alpha the following: - Resume handling .exit hostnames in a special way: originally we stripped the .exit part and used the requested exit relay. In 0.2.2.1-alpha we stopped treating them in any special way, meaning if you use a .exit address then Tor will pass it on to the exit relay. Now we reject the .exit stream outright, since that behavior ^^^ might be more expected by the user. Found and diagnosed by Scott ?? Bennett and Downie on or-talk. I understood the "Now we reject" part as meaning that the .exit support had been completely removed. I do not understand why that behavior "might be more expected by the user." In any case, the above note is why I've paused at 0.2.2.7-alpha while waiting to discover some fairly easy-to-use alternative method of testing exit behavior. >attacks where the exit node can choose who your exit is going to be, >unless you use encrypted protocols when webbrowsing only. > Regarding the attack route you mention, I have some firefox plug-ins like NoRedirect and RefreshBlocker installed in addition to the recommended plug-ins (including QuickJava, NoScript, and Torbutton especially) that should help with automated stuff, and I'm in the habit of checking the actual URLs in links before using the links manually. In many cases, I don't even use firefox to get stuff from the links, but rather do a copy-and-paste to a wget(1) or some other downloader command in an xterm(1), so I have plenty of opportunity to notice that sort of interference. If those strategies still miss something, please do let me know. >>> # This file was generated by Tor; if youedit it, comments will not >>> be pres= >> >> I think the comment may be a lie. It's most likely a torrc >> produced by >> vidalia, not tor. (Someone please correct me if I've forgotten some >> special >> case in which tor does rewrite a torrc.) > >I think it is more likely that the file was written by Tor, via the >SAFECONF >torctl command. > Okay, I guess I had forgotten tor implemented such a command, but who is issuing the command? Vidalia? Thanks for the information, Sebastian. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * *-- Gov. John Hancock, New York Journal, 28 January 1790 * ** *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
