What about private Public Keys
Maybe this subject has already been discussed here. Given, an attacker succeeds to break into a large number of tornodes and gets a copy of the secret keys from all those nodes. This would increase the chance to decrypt parts of the traffic that goes through the tor network. Am I right? So would it be of advantage for the to network to change keys from time to time, like one should do with his passwords? Lets say, each month? Would this be of negative impact to the tor net? What is your opinion? thomas signature.asc Description: This is a digitally signed message part.
Good news: tor 0.2.1.25 works on Sparc-Solaris10
This is for Sun Freaks: some times ago I wrote a notice here that tor-0.2.1.24 crashed when compiling it with SunStudio cc. There were memory align problems in any way. Unfortunately I had no time to debug this. Now I tried the new 0.2.1.25 and it compiled without any errors and runs stable wit either gcc or cc with or without -xmemalign option. It seems the problem is solved. By the way: is anybody interested in having precompiled packages in Sun-pkg format, either for Sparc or x86? I could provide them for the download aera of torproject.org without additional work for myself, because I create them anyway. Thomas signature.asc Description: This is a digitally signed message part.
Re: tor 0.2.1.24 crashes on Sparc-Solaris10
Am Dienstag 09 März 2010 schrieb Roger Dingledine:
On Tue, Mar 09, 2010 at 08:23:30PM +0100, thomas.hluch...@netcologne.de wrote:
When starting tor it comes up but crashes within one minute.
Try these:
http://freehaven.net/~arma/tor-0.2.1.24-dev.tar.gz
http://freehaven.net/~arma/tor-0.2.1.24-dev.tar.gz.asc
Unfortunately this didnt help. But I succeeded in another way meanwhile:
The crashing tor executables were built with gcc. The one who works right now,
is from Your dev tarball, but built with Suns cc plus an interesting CFLAG. I
found some info in the net
(http://developers.sun.com/solaris/articles/manage_core_dump.html):
The Sun Studio C/C++ compiler has the -xmemalign option, which can be used to
adjust the behavior of the UltraSPARC CPU when there are unaligned memory
addresses that can be determined at compile time. The -xmemalign option causes
the compiler to generate additional load/store instructions for unaligned
memory access. However, the -xmemalign option cannot handle unaligned memory
access during runtime. If unaligned memory access happens during runtime, the
developer needs to change the source code.
So I did:
make distclean
export CC=cc
export CFLAGS='-xmemalign'
./configure --enable-threads --prefix=/usr --sysconfdir=/etc
--with-ssl-dir=/usr/local/ssl
/usr/local/bin/make -j 2
here I got some very unusual output:
source='directory.c' object='directory.o' libtool=no \
DEPDIR=.deps depmode=none /bin/bash ../../depcomp \
cc -DHAVE_CONFIG_H -I. -I../.. -DSHARE_DATADIR=\/usr/share\
-DLOCALSTATEDIR=\/usr/var\ -DBINDIR=\/usr/bin\ -I../../src/common
-I/usr/local/ssl/include -xmemalign -g -O -c directory.c
directory.c, line 3231: warning: statement not reached
source='dirserv.c' object='dirserv.o' libtool=no \
DEPDIR=.deps depmode=none /bin/bash ../../depcomp \
cc -DHAVE_CONFIG_H -I. -I../.. -DSHARE_DATADIR=\/usr/share\
-DLOCALSTATEDIR=\/usr/var\ -DBINDIR=\/usr/bin\ -I../../src/common
-I/usr/local/ssl/include -xmemalign -g -O -c dirserv.c
dirserv.c, line 747: warning: identifier redeclared: dirserv_add_extrainfo
current : function(pointer to struct extrainfo_t {struct
signed_descriptor_t {..} cache_info, array[20] of char nickname, unsigned int
bad_sig :1, pointer to char pending_sig, unsigned int pending_sig_len}, pointer
to pointer to const char) returning enum was_router_added_t
{ROUTER_AUTHDIR_REJECTS(-5), ROUTER_NOT_IN_CONSENSUS_OR_NETWORKSTATUS(-4),
ROUTER_NOT_IN_CONSENSUS(-3), ROUTER_WAS_NOT_NEW(-2), ROUTER_BAD_EI(-1),
ROUTER_ADDED_NOTIFY_GENERATOR(0), ROUTER_ADDED_SUCCESSFULLY(1)}
previous: function(pointer to struct extrainfo_t {struct
signed_descriptor_t {..} cache_info, array[20] of char nickname, unsigned int
bad_sig :1, pointer to char pending_sig, unsigned int pending_sig_len}, pointer
to pointer to const char) returning int : dirserv.c, line 64
dirserv.c, line 3254: warning: static function called but not defined:
dirserv_add_extrainfo()
Might this be the reason why a gcc built crashes on Solaris? The executable was
created and runs now without crashing:-)
Thomas
signature.asc
Description: This is a digitally signed message part.
tor 0.2.1.24 crashes on Sparc-Solaris10
Hello, I always run a tor node on my Sparc engine which is connected to the net via DSL and always runs without problems. So the 0.2.1.22 did. Now I got the sources of 0.2.1.24 and installed them doing the same commands as I always do. When starting tor it comes up but crashes within one minute. These are some of the infos: r...@tor# uname -a SunOS tor 5.10 Generic_141444-09 sun4u sparc SUNW,Ultra-4 The configure options: ./configure --enable-threads --prefix=/usr --sysconfdir=/etc --with-ssl-dir=/usr/local/ssl r...@tor# ldd /usr/bin/tor libz.so = /usr/lib/libz.so libevent-1.4.so.2 = /usr/lib/libevent-1.4.so.2 libssl.so.0.9.8 = /usr/local/ssl/lib/libssl.so.0.9.8 libcrypto.so.0.9.8 =/usr/local/ssl/lib/libcrypto.so.0.9.8 libnsl.so.1 = /lib/libnsl.so.1 libsocket.so.1 =/lib/libsocket.so.1 libc.so.1 = /lib/libc.so.1 librt.so.1 =/lib/librt.so.1 libresolv.so.2 =/lib/libresolv.so.2 libdl.so.1 =/lib/libdl.so.1 libgcc_s.so.1 = /usr/local/lib/libgcc_s.so.1 libmp.so.2 =/lib/libmp.so.2 libmd.so.1 =/lib/libmd.so.1 libscf.so.1 = /lib/libscf.so.1 libaio.so.1 = /lib/libaio.so.1 libdoor.so.1 = /lib/libdoor.so.1 libuutil.so.1 = /lib/libuutil.so.1 libgen.so.1 = /lib/libgen.so.1 libm.so.2 = /lib/libm.so.2 /platform/SUNW,Ultra-4/lib/libc_psr.so.1 /platform/SUNW,Ultra-4/lib/libmd_psr.so.1 The crash causes no message in notices.log. It looks like: Mar 09 20:07:27.087 [notice] Tor 0.2.1.24 opening log file. Mar 09 20:07:27.092 [notice] Parsing GEOIP file. Mar 09 20:07:28.997 [notice] OpenSSL OpenSSL 0.9.8l 5 Nov 2009 looks like version 0.9.8l; I will try SSL3_FLAGS to enable renegotation. Mar 09 20:07:32.541 [notice] Your Tor server's identity key fingerprint is 'herecomesthesun E959DE5174DE719D712E181704DF20E7D47FD221' Mar 09 20:08:03.318 [notice] We now have enough directory information to build circuits. Mar 09 20:08:03.318 [notice] Bootstrapped 80%: Connecting to the Tor network. Mar 09 20:08:04.474 [notice] Guessed our IP address as 89.0.140.247 (source: 194.109.206.212). Mar 09 20:08:05.699 [notice] Bootstrapped 85%: Finishing handshake with first hop. Mar 09 20:08:06.808 [notice] Bootstrapped 90%: Establishing a Tor circuit. Mar 09 20:08:08.891 [notice] Tor has successfully opened a circuit. Looks like client functionality is working. Mar 09 20:08:08.895 [notice] Bootstrapped 100%: Done. Mar 09 20:08:08.895 [notice] Now checking whether ORPort 89.0.140.247:9001 and DirPort 89.0.140.247:9030 are reachable... (this may take up to 20 minutes -- look for log messages indicating success) Mar 09 20:08:14.977 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor. Mar 09 20:08:15.846 [notice] Tor 0.2.1.24 opening log file. Mar 09 20:08:15.851 [notice] Parsing GEOIP file. At Mar 09 20:08:14.977 a new tor process started after the crash of the old process. This is because it starts vis SMF Service Manifest instead of initscript. I did a truss -p pid_of_tor to see better whats going on. It looks like: /1: write(14, M a r 0 9 2 0 : 1 0.., 127)= 127 /1: time() = 1268161838 /1: port_associate(3, 4, 0x0012, 0x0001, 0x) = 0 /1: port_getn(3, 0xFFBFFB20, 8, 1, 0xFFBFFB14) = 1 [0] /1: clock_gettime(4, 0xFFBFFBA4)= 0 /1: write(14, M a r 0 9 2 0 : 1 0.., 75) = 75 /1: write(14, M a r 0 9 2 0 : 1 0.., 125)= 125 /1: read(18, 170301\0 , 5) = 5 /1: read(18, V -87 ~ jDA9BB8 P s90D7.., 32) = 32 /1: read(18, 17030102 , 5) = 5 /1: read(18, D0A7AB p80 4 - d yB4BF z.., 544) = 544 /1: write(14, M a r 0 9 2 0 : 1 0.., 97) = 97 /1: write(14, M a r 0 9 2 0 : 1 0.., 129)= 129 /1: time() = 1268161838 /1: time() = 1268161838 /1: time() = 1268161838 /1: port_associate(3, 4, 0x0016, 0x0005, 0x) = 0 /1: write(14, M a r 0 9 2 0 : 1 0.., 90) = 90 /1: write(14, M a r 0 9 2 0 : 1 0.., 127)= 127 /1: time() = 1268161838 /1: port_associate(3, 4, 0x0012, 0x0001, 0x) = 0 /1: port_getn(3, 0xFFBFFB20, 8, 1, 0xFFBFFB14) = 1 [0] /1: clock_gettime(4, 0xFFBFFBA4)= 0 /1: write(14, M a r 0 9 2 0 : 1 0.., 77) = 77 /1: send(22, 02\0\0\0\0\0\0\014 \r '.., 197, 0) = 197 /1: time() =
Re: Tor Vidalia RPM repositories
Please let me know if you have any problems! Yes, I have. First I got the vidalia-SuSE Package, but my system doesnt like it. # cat /etc/SuSE-release openSUSE 11.0 (i586) VERSION = 11.0 It refuses to install: # ls -l vidalia-0.2.7-1.suse11_3.i586.rpm* -rw-r- 1 tom users 268992 Feb 4 15:34 vidalia-0.2.7-1.suse11_3.i586.rpm -rw-r- 1 tom users 21211 Feb 4 15:34 vidalia-0.2.7-1.suse11_3.i586.rpm.asc # gpg --verify vidalia-0.2.7-1.suse11_3.i586.rpm.asc gpg: Keine gültigen OpenPGP-Daten gefunden. gpg: verify signatures failed: Unerwarteter Fehler # rpm -qip vidalia-0.2.7-1.suse11_3.i586.rpm error: vidalia-0.2.7-1.suse11_3.i586.rpm: Header V4 RSA/SHA1 signature: BAD, key ID 63fee659 I have your PublicKey with SIG 63FEE659, so the RPM seems to be invalid. Next I tried to compile the sources by myself, unpacking the tar.gz, then: /usr/src # gzip -cd /home/tom/vidalia-0.2.7.tar.gz | tar -xf - /usr/src # cd vidalia-0.2.7 /usr/src/vidalia-0.2.7 # mkdir build cd build /usr/src/vidalia-0.2.7 # /usr/bin/cmake --version cmake version 2.6-patch 0 /usr/src/vidalia-0.2.7/build # cmake .. -- Configuring Vidalia 0.2.7 -- The C compiler identification is GNU -- The CXX compiler identification is GNU -- Check for working C compiler: /usr/bin/gcc -- Check for working C compiler: /usr/bin/gcc -- works -- Detecting C compiler ABI info -- Detecting C compiler ABI info - done -- Check for working CXX compiler: /usr/bin/c++ -- Check for working CXX compiler: /usr/bin/c++ -- works -- Detecting CXX compiler ABI info -- Detecting CXX compiler ABI info - done CMake Error at /usr/share/cmake/Modules/FindQt4.cmake:1584 (MESSAGE): Qt qmake not found! Call Stack (most recent call first): CMakeLists.txt:37 (find_package) -- Configuring done The program qmake couldnt be found at my system. I searched alot, but it seems to be not installed. I searched the SuSE repos, didnt find anything. Searched a little bit in the web, all sites pretend its very normal to have qmake ready run, except my box. Why must compiling software be so complicated sometimes. Why must there be tools like cmake, qmake, xymake? Isnt make enough? I have few time and hoped to get it running with few times:-( Anyone out here to tell me tow to get Vidalia running without wasting all my time for cryptic make errors? Thanks for any help. Thanks, Erinn signature.asc Description: This is a digitally signed message part.
Re: Tor Vidalia RPM repositories
Am Donnerstag 04 Februar 2010 schrieb Erinn Clark: * thomas.hluch...@netcologne.de thomas.hluch...@netcologne.de [2010:02:04 16:21 +0100]: Please let me know if you have any problems! Yes, I have.. qmake is in the libqt4-devel package. Erinn Thanks alot. After installing libpt4-devel, it runs out of the box. signature.asc Description: This is a digitally signed message part.
Re: AW: tor exit-node abused, takedown by ISP,
Am Sonntag 24 Januar 2010 schrieb Arian Sanusi: Olaf Selke schrieb: If US law doesn't apply, why should one care about dmca notices? Regarding my exit node I simply ignore them. Olaf I don't know why one should, but I got that damn bill over 192€, thats what I mainly care about. I mean, if that was like 20€ I could live with that even if that was cheeky anyway. Arian If I understand Olaf in the right way, he wants to say: What the hell does your ISP take care about DMCA requests within germany? DMCA is NOT german law. They dont have to care about such requests at all and shall send them to /dev/null. If they waste their time and take care of such requests it is their decision and cant make you responsible for this. If I understand Olaf right he might have the opinion you should refuse to pay that. Anyway, you should try to speak with someone of their staff directly to clear that incident. There is a german Verein of tor node admins, the German Privacy Foundation. Hereby you are invited to join, see www.privacyfoundation.de. Best wishes signature.asc Description: This is a digitally signed message part.
Re: US Customers: anyone helping me?
Am Dienstag 08 Dezember 2009 schrieb John Case: We had a big long discussion about hardware devices a few months ago: You may find it useful to read that entire thread. In short: the Sun SCA-1000 does not perform AES at all, and will not help you with Tor at all. Thanks, I was reading the whole thread and it was very interesting to me. I know that the Sun SCA-1000 does NOT encrypt AES, but there is something that was not discussed in the thread: Random Devices. Thats what I found in a Sun doc about the SCA-1000: # Hardware Random Numbers: True random number generation of up to 125 Kbps Without such a board a system creates only pseudo random numbers. Right now I am very interested in questions regarding crypto and randomness. I wanted first check some more about this, then opening a discussion thread here about the quality of tor keys and PRNG versus hardware based randomness. Thats the main reason why I am interested in that card. Thomas signature.asc Description: This is a digitally signed message part.
Re: US Customers: anyone helping me?
Am Dienstag 08 Dezember 2009 schrieb Lexi Pimenidis: On Mon, Dec 07, 2009 at 07:56:19PM CET, Jacob Appelbaum wrote: Hej, thomas.hluch...@netcologne.de wrote: [...] Will you attend the 26c3? The poster's mail address suggests that he lives in my vicinity. As at least I will be at 26c3, I could pick up his hardware there and bring it to Cologne. It seems that meanwhile someone bought the SCA-1000 for me and will travel to germany soon. So no further help is necasssary right now. Thanks for all other offers. Perhaps I will be at the 26c3, dont know yet. Thomas signature.asc Description: This is a digitally signed message part.
Re: entropykey.co.uk
Am Dienstag 08 Dezember 2009 schrieb Matej Kovacic: Hi, # Hardware Random Numbers: True random number generation of up to 125 Kbps What about this: http://www.entropykey.co.uk/ It is about 40 EUR... Coool... signature.asc Description: This is a digitally signed message part.
US Customers: anyone helping me?
Hello altogether, for my Sun Hosts I would like to have a Crypto Hardware Accelerator Card. At ebay.com there are some. Especially this one is what I want to get: http://cgi.ebay.com/Sun-X6762A-375-3089-Crypto-Accelerator-1000_W0QQitemZ180440049586QQcmdZViewItemQQptZCOMP_EN_Networking_Components?hash=item2a0310a7b2 Unfortunately the owner sells only within the USA, but I live in germany. I wrote him and asked if he would make an exception, but he doesnt. At ebay.de there is nothing like this. So can someone living in the US get this, then sending it for me to germany? If so, please contact me by mail directly (my PublicKeys can be obtained from the keyservers) Thanks in advance Thomas signature.asc Description: This is a digitally signed message part.
Slightly OT: where to get Crypto HW stuff for Sparc/Solaris?
Am Dienstag 13 Oktober 2009 schrieben Sie: Hello Wyllys and all other Solaris freaks. This thread is very interesting to me. I have some older Suns at home (E450, V480) and playing around with tor on Solaris. But I never saw a crypto hardware accelerator card for Sparc engines at Ebay or anywhere else. I would like to test this stuff. Anybody here who can give me a hint where to get such a card that would fit in my Suns? Thomas On the other hand, there are Solaris-specific routines (crypto framework APIs (PKCS#11)) built into Solaris that Tor can call instead of OpenSSL, which _will_ do AES CTR in hardware, yielding a huge gain in performance (you mention 25x). Do I have all of that correct ? Yes. - How does the T2 (Niagara 2) compare to dedicated hardware such as the Sun Crypto 6000 which is currently available ? Presumably the crypto framework APIs will use whatever is available, whether it be a SCA-6 or a Broadcom based card or ... ? I don't think the SCA6000 offers AES CTR support. The N2 (T2) crypto chips are newer and offer more algorithm support and faster performance. You are correct, though, we (Solaris security) do strive to offer crypto framework support for the underlying hardware devices. signature.asc Description: This is a digitally signed message part.
Solaris10/Sparc, tor and threads
Hello, my fist steps with running tor on Sparc are successful. I did it with Solaris10, Sun-CC on a E450 with 4 CPU. When doing configure I found a message: configure:2435: You are running Solaris; Sometimes threading makes cpu workers lock up here, so I will disable threads. This is a pity cause I have 4 CPU. Has anyone experience with tor on Sparc-Solaris here and can explain why this is? What would happen if I enforce threading? Kind Regards Thomas signature.asc Description: This is a digitally signed message part.
Re: Time Warner bad / VPS recommendations
Zitat von Xinwen Fu xinwe...@gmail.com: The problem is: was the violation done through Tor? A bot may do the same thing. Time to scan your computer?:) Maybe you can run Tor as an entry or a middle node, not an exit node. Cheers, Xinwen Fu Yes, and one pertty nice day we have 1 middlemen and no exit node anymore.
Letter to the german SPIEGEL
Hi altogether, today there came out a article in the german newspaper Spiegel regarding anonymizing services. They wrote about tor, also in a positive way. So I decided to send them a mail asking them to run one or more tor-nodes. I think this would be good for the tor project when journalists start running tor nodes by themselves. It is one thing only to write about that and another thing to become active within this project. Thats what I wrote (german lang): Sehr geehrte Damen und Herren, es freut mich sehr, daß Sie in Ihrem Magazin das tor-Netzwerk positiv erwähnen, beteilige ich doch mit zwei Knoten an diesem Netzwerk. Das mache ich nicht zuletzt, um Journalisten oder politisch Verfolgten die Möglichkeit zur unüberwachten Kommunikation zu bieten. Eines ist jedoch unabdingbar wichtig: so viel Leute bzw Institutionen wie möglich sollten sich an diesem Netzwerk beteiligen, indem sie einen tor-Knoten beisteuern. Nach meinem Kenntnisstand betreibt der SPIEGEL zur Zeit noch keine(n) tor-Knoten, was ich sehr schade finde. Bitte überlegen Sie sich, sich mit einem oder mehreren tor-Knoten an diesem Netzwerk zu beteiligen. Immerhin bietet dieses Netzwerk auch den Journalisten des SPIEGEL interessanteste Möglichkeiten, an staatlicher Zensur vorbei zu kommunizieren. Mit freundlichen Grüßen Thomas Hluchnik pgpdcTgpGWUj3.pgp Description: PGP signature
Re: About US$3 Million Spent per Second on Pornography in Indonesia
What kind of nonsense. Just calculate: 1 s3.075.000 $ 60 s 184.500.000 $ 1 h 11.070.000.000 $ (11 mrd $ per hour!!!) 24 h 265.680.000.000 $ ( 265 mrd $ per day) 1 month 7,9704 x 10^12 $ If that country were so rich I would live there for 15 years now. My wife is indonesian and I know how poor that country is. They NEVER were able to spend just a small part of that money. Another fact is that education there is incredibly bad and lots of people are stupid in a way noone can imagine. I think this is the reason why such nonsense finds it way into indo newspapers. Am Montag 28 Juli 2008 schrieb Roy Lanek: Myth #?! ... don't know, some low number in any case: --Tor as a *stratagem* for watching pornography.-- Fact: About US$3 Million Spent per Second on Pornography Monday, 28 July, 2008 | 13:44 WIB http:/www.tempointeraktif.com/hg/nasional/2008/07/28/brk,20080728-129161,uk.html [Roy: link will expire within a couple of days] TEMPO Interactive, Jakarta: Head of Internet Rental Centers in Indonesia (Awari), Irwin Day, has that the money in circulation being spent on pornography has reached US$3.075 million per second.
Re: shinjiru closed exit node acceptnolimits
Am Donnerstag, 3. Januar 2008 11:01 schrieb accept no limits: Hello everybody, on the 1st of January 2008 the web server provider shinjiru (Malaysia) kicked my exit node acceptnolimits (traffic about 10 GB per day) because of abuse. Before the contract (serveral months ago) I asked if they have a problem with tor running on their servers (exit node) and they answered you are most welcome. Up to now they have not answered my questions (about what happended). What about going the hard way? They have a contract with you. You paid for a service they refuse to fulfill without comment. I dont know the malaysian laws but I think you should do steps to force them to fulfil their contract. Some years ago I made the experience (with renting a house) that some people need some kind of warn shot until they start respecting you. In my case I got a (german) Einstweilige Verfügung and suddenly they spoke with me. It makes me angry to read: 1) They throw me out 2) They refuse telling me why 2) I accept that While doing so you show them that their way of behaviour works. Kind Regards from germany Thomas Hluchnik pgpIxZiKCEGGx.pgp Description: PGP signature
Re: Provider 1blu closed exit node torpaulianer
Am Donnerstag, 20. Dezember 2007 15:08 schrieb kazaam: Here's an answer from 1blu why they are closing the tor-servers: Gern nutzen wir die Gelegenheit zur Stellungnahme. Als Dienstanbieter haftet die 1blu AG spätestens ab Kenntnis auch für fremde Inhalte. Isnt this is a bullshit? They say: ..we are liable for customers CONTENTS. Tor doesnt provide any content at all. A tor server is something like a telecommunication device. Damit ist sie schon zur Vermeidung einer eigenen Haftung berechtigt und verpflichtet, Kundenserver zu sperren, wenn Beschwerden über davon ausgehenden Missbrauch vorliegen. Next bullshit: according german laws (I am not a lawyer) telecommunication providers are not responsible for customers content. So noone can punish a telecommunication provider for the fact that any illegal content passed his systems. Wenn durch die 1blu AG Unterlassungserklärungen von Kunden gefordert werden, liegen grundsätzlich Beschwerden vor, die die 1blu AG zum Eingreifen zwingen. It seems to me it is what I wrote these days in the german GTP mailing list: those server providers go the way of least resistance. If they would have a minimum of courage they would protect their customers. Da die 1blu AG keinen Zugriff auf Kundensysteme hat, sind konkrete Serveranwendungen nicht unmittelbar bekannt. Die 1blu AG hat zu keinem Zeitpunkt Kunden wegen des Betriebs einer bestimmten Anwendung kontaktiert oder Verhandlungen darüber angeboten. Mit freundlichen Grüßen aus Berlin, Ihr 1blu Support-Team Short in english: 1blu are saying, that if they are not closing the servers after a third-party contacted them about an abuse from this server, they would make themselves liable. So they take the servers offline and are forcing the owners to sign a forbearance-declaration. greets pgpkRdgsKsC2K.pgp Description: PGP signature
Re: Provider 1blu closed exit node torpaulianer
I am not a lawyer but I think they have a contract with you. You paid them money and they have to provide you a host. Very simple. If they shut down your server without any comment they broke the contract. So you can go to judge and force them to fulfill your contract. If they did not even tell you why they shut it down any judge should be on your side (German: Einstweilige Verfügung) I think they try to go the way of least trouble. Hosting providers get lots of trouble through the police. They just seize the complete servers for months and force the providers to do lots of bureaucracy. This costs money. The problem here is the police. They could make a copy of the hard drives, this would be enough. But they take away the complete hardware. The Hosting Providers think it would be too much trouble to to go to judge against that behaviour. They think it is less trouble to just shutdown the customers host. It is a question of pressure. Who makes more pressure? The customer or the police? If you force them to fulfill their contract they might start thinking about going to judge preventing police to seize a complete server. Thomas Am Sonntag, 16. Dezember 2007 17:51 schrieb Gitano: kazaam wrote: could someone please drop a copy of the email or letter you received by the 1blu Ag, in which they told you that they shut down your server to me? As I wrote, they closed down my Server/Account without any comment. I got no answer to my email nor letter. On the phone the hotliner told me that the contract has been terminated without notice. pgpljGfCfMYhs.pgp Description: PGP signature
Germany: Demonstratin in Cologne next Saturday
Hello, there is a demonstration against the Überwachungsstaat next saturday in cologne. Any of you will be there? Link: http://www.freiheit-ist-sicherheit.de/demo_2411.php Thomas pgpT4dSZTZ7xo.pgp Description: PGP signature
Re: German Tor Legal Fund
This is for germans only. The non-germans may excuse this. Du sprichst mir aus der Seele. Ich denke auch seit einiger Zeit darüber nach, aber es wird Zeit, daß wir den Arsch hochkriegen. Ich habe sogar schon einen Namen ausgedacht: wie wärs mit German Tor Operators, z.B. GTO e.V. Vereinszwecke könnten sein: - Finanzierung eines Vereinsanwaltes, der sich mit der Materie auskennt und den Mitgliedern Hilfestellung leistet. Wie das genau funktioniert, muss im Detail geklärt werden. - Leute, die tor-Server betreiben möchten, aber aus Angst davor zurückschrecken, könnten Spenden an den GTO eV leisten, und der GTO betreibt die Server. - Der Verein sorgt dafür, daß die Server in Deutschland bei möglichst vielen unterschiedlichen Hostern stehen, um der Gefahr vorzubeugen, daß ein großer Hoster auf einen Schlag alle tor-Knoten abstellt. - Ebenso können Knoten in anderen Ländern betrieben werden, der Fachanwalt wird ermitteln können, in welchen Ländern günstige rechtliche Bedingungen herrschen. Was der Verein NICHT leisten sollte: PR für tor. Das wird ja bereits durch andere Organisationen gemacht, und wenn der GTO damit auch noch anfängt, wird es zu einer Zersplitterung der Kräfte kommen. Ich bin also dabei. Ich habe aber keine Ahnung von Recht und relativ wenig Zeit. Kennt jemand einen guten Anwalt, der Bürgerrechtsideale ein Anliegen sind und der Lust hat, schon bei der Vereinsgründung dabeizusein? Ich denke, das wäre ein günstiger Weg, um schnell zum Ziel zu kommen. Erstes Treffen: bald. Thomas Hluchnik Am Donnerstag, 15. November 2007 00:36 schrieb Alexander W. Janssen: This is to all german Tor-operators about the possibilty to found a german Tor legal fund. In german. Obviously. Hallo Kameraden, so langsam wird es Zeit. Ich hatte selber schon drei Verfahren gegen mich, die mich jetzt schon viele hundert Euro an Anwaltsrechnung kosten. Heute habe ich von jemanden gelesen, den es in einem Verfahren so richtig erwischt hat: Keinen Freispruch, sondern Einstellung nach §153 StPO. Das kann es doch nicht sein. Um es zusammenzufassen: Das Betreiben eines Tor-Nodes in Deutschland ist (noch) nicht illegal. So etwas wie Beihilfe gibt es nicht. Behilfe muss immer eine konkrete, aktive Tat sein, die es bei Tor in dieser eng definerten Form nicht gibt. Eine Menge Leute haben nun schon mit der Strafverfolgung in der einen oder anderen Art zu Tun gehabt. Es gibt in Deutschland noch keine Organisation, die sich um Leute mit geringen finanziellen Mittel kümmert. Wenn es nicht zu einem Verfahren kommt und man nicht freigesprochen wird, gibt es kaum eine Möglichkeite, irgendwie seine Kosten für die Verteidigung wiederzubekommen. Jedoch habe ich im engeren und erweitertem Bekanntenkreis doch schon festgestellt, dass die Bereitschaft, für solche Vorfälle zu spenden, eindeutig vorhanden ist. Warum nicht einen Verein gründen? Spenden annehmen. Anwälte bezahlen. Operator raushauen. So etwas gibt es in Deutschland noch nicht. Aber es wird Zeit, dass wir so etwas bekommen. Wer hat Zeit und das nötige Aussdauervermögen, so etwas durchzuziehen? Wer kennt sich im Vereinsrecht aus? Wer hat sowas schon einmal gemacht? Ich bin dabei. Ich habe so langsam die Faxen dicke. Man wird von vorne bis hinten so richtig durchgenudelt, obwohl man nur seine Bürgerrechte wahrnimmt. Datenvorratsspeicherung hin oder her: So langsam muss Schluss sein. Anfragen und Angebote bitte per Email *verschlüsselt* direkt an mich: [EMAIL PROTECTED], keyid 90DEE171. Bis bald! Mit Ringos Worten: Kamerad Alex. pgpPqnTH3RSJj.pgp Description: PGP signature
Re: News orgs should be interested in running tor nodes
Am Donnerstag, 15. November 2007 07:29 schrieb Roger Dingledine: On Wed, Nov 14, 2007 at 10:48:33PM +0100, Thomas Hluchnik wrote: Has anyone ever tried to speak with the guys from SPIEGEL, FAZ, Sueddeutsche and so on that they drive own tor nodes? This would be good PR for tor. If not yet, is there anybody who has contact to news orgs? If the great news orgs in germany would have own tor nodes, they would become more sensitive about what we are fighting for. Rather than trying to get them to operate their own hardware, we might make more progress just trying to help them understand the good uses and good users for Tor. What you say is right, but if for example the SPIEGEL drives some tor exits by themselves and police seizes them it is something different for the SPIEGEL journalists. So the SPIEGEL is dircectly involved and they have much more awareness about what goes on with tor. Furthermore they would (I hope so) provide some infos in their Contact area on their website how to use anonymization tor contacting journalists or the SPIEGEL office. And thats waht I want. They shell be directly involved, not just reporting about that. Thomas Hluchnik pgp5MhGK88lBG.pgp Description: PGP signature
News orgs should be interested in running tor nodes
Has anyone ever tried to speak with the guys from SPIEGEL, FAZ, Sueddeutsche and so on that they drive own tor nodes? This would be good PR for tor. If not yet, is there anybody who has contact to news orgs? If the great news orgs in germany would have own tor nodes, they would become more sensitive about what we are fighting for. Thomas Am Mittwoch, 14. November 2007 15:29 schrieb Alexander W. Janssen: BTW, I'm currently reading http://www.spiegel.de/politik/deutschland/0,1518,517232,00.html That's stinks too... pgp4nJmNRzel4.pgp Description: PGP signature
Re: [ANNOUNCE] Incognito CD/USB 20070824.1 released
Hello, can you find out which graphics driver is used? It seems to me as if the fglrx driver is used, which works bad for older ATI cards. Is ist possible to use the radeon driver instead? I have a ATI card, too, and I am just going to throw it away, though its quite a good card. Next time I buy a Nvidia, hope that runs better. Zitat von Ano Nymous [EMAIL PROTECTED]: I hope this is the right place to ask this question. If not, please point me to the right one! Im having a problem with booting the incognito cd. i am always being dropped to the command prompt. my video card seems to be detected correctly though. after trying startx the screen goes black for one second, and then i get this error message: (EE) no devices detected fatal server error: no screens found XIO: fatal IO error 104 (Connection reset by peer) on X server :0.0 after 0 requests (0 known processed) with 0 remaining. it looks like its a problem with the video card driver, maybe? which is weird because incognito detects my video card correctly. it not only says that its an ati card, but it also knows the correct model (1900xt). i had the exact same problem with the previous incognito version by the way. I hope that i have included all the necessary information. if you need to know more, to diagnose the problem, just ask! i already tried googling for the error, but i couldnt find anything useful. but since im a linux noob, thats no suprise.
Re: I break the silence: My arrest
Am Sonntag, 16. September 2007 07:41 schrieb Martin Senftleben: Hello, can you please give some more info about that? I am just thinkinking about becoming member of a association and let my two tor nodes register as from that association. I have the luck that my home was not yet searched by any technical incompetent police, but who knows... What about the Humanistische Union? Do they have tor nodes? Is there anybody of them in this thread? Would like to hear if the HU is interested of gettimg members with tor nodes as entrance gift. What I definitely NOT like is giving up my help for the tor project. In times like these modern inquisition we have to resist, but have to find ways to protect ourselves. I am currently into registering an association that was founded more than a hundred years ago - that is quite some work, but manageable. I find the thought to found an association quite intriguing, particularly for Germany, where the members of a registered association (eingetragener Verein) would be protected against legal prosecution. The association could act as contract partners with the ISPs, and as that run Tor nodes which are managed by its members. BTW, one such node has just been set up which is legally registered with an association in Germany and run by a previous Tor-node admin who has also been harassed by the police. But I don't think they will be setting up more nodes. Martin pgpKHmcIlJGzx.pgp Description: PGP signature
What do you think about this exit policy for germany?
Last year I was running my torserver (baphomet) as exit for port 80/443. The results were interesting: first a DOS attack, then later my box was seized by the german Staatsanwalt because of childporn. OK, I got my box back from them but this took 3 months. Then I got trouble with my ISP who told me that it were forbidden to run a tor exit (bullshit). So I configured my meanwhile 2 nodes (baphomet info4all) to run as middleman, I only allowed them to be exit for DNS requests over tor. But I am not satisfied with that. These days I read about Dan Egerstad and his mailsniffer experience and I started thinking: If I open exit ports for only those that do encrypted access to mailservers (465,993,995), I should be save from the Staatsanwaltschaft. If they seize a mailserver, they should be interested in getting the realname of the account owner, not of the IP, from where the traffic came. Is that right? On the other hand I support those protocols that work with encryption. If lots of people close their unencrypted mail ports, users experience that it is slow over tor and (hopefully) switch to secure protocols and cannot be sniffed anymore. Last not least: how great, do you think, is the danger of supporting spammers when setting up my node for 465,993,995? Kind Regards Thomas Hluchnik
Off topic: need help getting tripwire to work
Hello, to make my torhost more secure I had tripwire running there which was no problem when I had SuSE9.3. I just took the rpm from SuSE9.0, it worked. Now I had to setup a new host using SuSE10.0, but the tripwire rpm from SuSE9.0 doesnt want to do its job here anymore. So I searched the net and found a source package of tripwire-2.4.0.1 which I tried to compile on my SuSE10.0 box. Unfortunately make exited with errors and I am not that C programmer to help myself. This is the error: make[3]: Entering directory `/usr/src/tripwire-2.4.0.1/src/fco' g++ -DHAVE_CONFIG_H -I. -I. -I../.. -I.. -O -pipe -Wall -c -o fcodatasourceiter.o fcodatasourceiter.cpp ../core/typed.h:57: warning: 'class iTyped' has virtual functions but non-virtual destructor ../core/serializable.h:79: warning: 'class iSerializable' has virtual functions but non-virtual destructor ../core/serializable.h:91: warning: 'class iTypedSerializable' has virtual functions but non-virtual destructor fconameinfo.h:46: warning: 'class iFCONameInfo' has virtual functions but non-virtual destructor fconame.h:147: error: ISO C++ forbids declaration of 'cFCOName_i' with no type fconame.h:147: error: expected ';' before '*' token make[3]: *** [fcodatasourceiter.o] Fehler 1 make[3]: Leaving directory `/usr/src/tripwire-2.4.0.1/src/fco' make[2]: *** [all-recursive] Fehler 1 make[2]: Leaving directory `/usr/src/tripwire-2.4.0.1/src' make[1]: *** [all-recursive] Fehler 1 make[1]: Leaving directory `/usr/src/tripwire-2.4.0.1' make: *** [all] Fehler 2 h1047742:/usr/src/tripwire-2.4.0.1 # Anyone here who can give me a hint how to fix that? Thomas Hluchnik pgpv8voM0CFEF.pgp Description: PGP signature
Re: confiscating middleman-tor-nodes
Exactly this happened to me, too, yesterday. I am running a dedicated host by Strato, providing unused bandwith for tor (nickname baphomet) which is configured as a exit node. This host is unavail since 9:00 MEST yesterday. The guys at Strato gave me the phone number of a public prosecutor. I spoke with him, and though he wasnt allowed to tell me details by phone, we has some conversation. When I told him that I provide some bandwith for tor he knew about tor and told me that it is NOT FORBIDDEN in germany to do so. He asked me if it could be possible that my server has been hacked and been abused. Unfortunately I have not yet received any letter from them so I dont know what's the real reason. I think, two things might be: some illegal activities have been made through tor and unfortunately my host was exit node in the right moment. Or, they are searching for hidden services. Perhaps there are nodes within tor that provide content that is unallowed in germany and they start confiscating all tor nodes and search for unallowed content. If so, some more of us will get troubles soon. My personal opinion: I have no hidden service. I have no unallowed content at my host. It is allowed to run tor in germany. I will go on running a tor node. I tell anybody here to do so, too. Kind Regards Thomas Hluchnik Am Freitag, 8. September 2006 02:57 schrieb sigi: Hi, possibly we get a problem, because in Germany they're just confiscating tor-middleman-nodes?!? The message is only available in German... http://forums.gentoo.org/viewtopic-t-496214.html Does anyone here have similar problems? asks; sigi. pgpyh4t6Aougw.pgp Description: PGP signature
