Re: [tor-relays] T-shirts and Confirming Relay Control
Being fairly new to the tor project I can see where he is getting at with the difficulty of helping out. I can deffinantly see having a single person to contact to try and find things to do would be important. While I agree that volunteers should not be babysat there should be someone that has a bunch of tasks to pass off to those who is interested. I would be more than willing to dedicate time to do something like this, I think it could be seriously useful to newer people in the community. In my mind a volunteer coordinator would not babysit but provide things that may be suited for a particular skill set. Then a little later down the line touch base with person to see if they encountered any issues. Side note: getting a little off track here. Would there be a better place for a discussion like this? Tim div Original message /divdivFrom: Matthew Finkel matthew.fin...@gmail.com /divdivDate:06/05/2015 02:14 (GMT+08:00) /divdivTo: tor-relays@lists.torproject.org /divdivSubject: Re: [tor-relays] T-shirts and Confirming Relay Control /divdiv /divOn Tue, May 05, 2015 at 01:57:04PM +, Speak Freely wrote: Matthew Finkel, It's kind of disingenuous to suggest If you want to work on something, then please come work on it, we really are overloaded. I'm really sorry you interpretted it in that way. It actually was a genuine request for more help. You have to let us work on it, for us to work on it. Do you understand the problem? Sure, that is a problem, but what is the problem? It seems this dilemma is reoccurring and not getting solved. Someone says they are willing to help work on something, possibly someone else says great! we need your help! then nothing happens. Was it an empty offer or did the offer die because no one followed up with the person? Having a volunteer coordinator might help - I hope it would help - but what's the best way to organize that? Is it the responsibly of some people associated with The Tor Project to follow up on every offer they receive or is it the responsibility of the person who made the offer to follow up and get involved? Maybe both? To The Inner Circle (The Tor Project People), I am at the very least the third person to mention in this thread that we have offered to help. No one responded to my offers. I'm pretty sure at least some of their offers were ignored as well, though I can't be bothered to double check. :( I don't know. Obviously, not receiving a response sucks. I completely understand that. Tor's work and day-to-day coordination is heavily based around IRC, so the mailing lists are not great places for offering help. This whole situation seems to be less about an inner circle existing, and more about a disconnection between the announcements and discussions on the mailing lists and what happens on IRC. I don't know of a good way to bridge this gap, though. I get that you're busy. However, Matthew's attitude to Seth is, in my most humble of opinions, unwarranted. We're all busy, it's difficult balancing everything. I'm sorry if my response was unwarranted, and maybe I shouldn't have responded because it was off-topic, in any case. It's frustrating trying to do something and improve a situation, and instead of receiving helpful feedback the thread receives complaints about how Tor is crappy with how it handles volunteers. Maybe this is partially due to miscommunication but I'm at a loss for what to do. You've got several people who out of their own free will, decided to offer our additional help, above and beyond what we already do. I wonder, how would you feel, if after offering free assistance to a community that then goes completely, totally, and utterly UNANSWERED, only to have those very people that we offered to assist, bitch that they are busy and want our help. How would you feel? Angry? A little schadenfreude? Or numb? I'm a husband, a father, and a business owner. I'm a busy guy, yet I still offered to help. I can't express how pissed off I am about this, without going into a obscenity-laced tirade about how your house isn't in order. When I offer assistance to someone, or in Tor's case several people, I damn well expect a response. Yes or no, thanks or fuck off, please or tomorrow, join us! or maybe next time. Deafening silence is in no way a mechanism that encourages support from the broader community, but from my perspective that's all you've given. Thanks. Obviously you're correct, silence is not an answer and not what you deserve as a result of offering your assistance. I don't know why this happened or the context of the offer but, to be blunt, Tor doesn't babysit volunteers. If you want to work on something, then, you must actually follow through and work on it. I learned this personally. A volunteer coordinator would be a great person for helping volunteers become more integrated into the community and work on projects but it is ultimately the person
[tor-relays] Enabling obfs4 and obfs3 on 80 and 443
I have recently set up a bridge and was reading some old emails on the list. I found some instructions from s7r on setting up obfs4 and obfs3: Sample torrc entry for enabling obfs4 and obfs3: ExtORPort auto ServerTransportPlugin obfs3,obfs4 exec /usr/bin/obfs4proxy ServerTransportListenAddr obfs3 [::]:port ServerTransportListenAddr obfs4 [::]:port To make the bridge even better, you can bind obfs3 and obfs4 to lower ports ( 1024), if you have them free, such as obfs3 on 80 and obfs4 on 443 (for example). This seemed like a good idea (I am not running a web server). I am running tor 0.2.4.27, which does not seem to support ExtORPort. From some other recommended bridge setup I had previously set ORPort to 443. I tried changing my config to: ORPort auto ServerTransportListenAddr obfs3 0.0.0.0:80 ServerTransportListenAddr obfs4 0.0.0.0:443 (and doing the capabilities stuff, of course). This didn't work -- obfs4 complained that 443 was in use (is that because I had previously set it for ORPort?). So, for now, I have set obfs4 to a random high port. I will admit to being pretty confused about the recommended bridge setting for ORPort and the obfs ports (and what ExtORPort does differently). Does anyone have a recommendation for what I should do? Do I need to upgrade to tor 0.2.5? ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] T-shirts and Confirming Relay Control
Matthew Finkel, It's kind of disingenuous to suggest If you want to work on something, then please come work on it, we really are overloaded. You have to let us work on it, for us to work on it. Do you understand the problem? To The Inner Circle (The Tor Project People), I am at the very least the third person to mention in this thread that we have offered to help. No one responded to my offers. I'm pretty sure at least some of their offers were ignored as well, though I can't be bothered to double check. I get that you're busy. However, Matthew's attitude to Seth is, in my most humble of opinions, unwarranted. You've got several people who out of their own free will, decided to offer our additional help, above and beyond what we already do. I wonder, how would you feel, if after offering free assistance to a community that then goes completely, totally, and utterly UNANSWERED, only to have those very people that we offered to assist, bitch that they are busy and want our help. How would you feel? Angry? A little schadenfreude? Or numb? I'm a husband, a father, and a business owner. I'm a busy guy, yet I still offered to help. I can't express how pissed off I am about this, without going into a obscenity-laced tirade about how your house isn't in order. When I offer assistance to someone, or in Tor's case several people, I damn well expect a response. Yes or no, thanks or fuck off, please or tomorrow, join us! or maybe next time. Deafening silence is in no way a mechanism that encourages support from the broader community, but from my perspective that's all you've given. Here's a suggestion to The Inner Circle - Have a volunteer coordinator that actually responds to people. This way, when the next person offers to help, they might actually get a good g*d d@mn f@cking response! Seeing as how I'm a nobody and my offers aren't worth acknowledging, please continue to do whatever you'd like, with *all* the success it brings. Don't forget to smile. Matt Speak Freely ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Enabling obfs4 and obfs3 on 80 and 443
On Tue, 05 May 2015 13:51:34 +0100 R-one r...@cryptoisimportantto.me wrote: [snip] This didn't work -- obfs4 complained that 443 was in use (is that because I had previously set it for ORPort?). So, for now, I have set obfs4 to a random high port. I will admit to being pretty confused about the recommended bridge setting for ORPort and the obfs ports (and what ExtORPort does differently). Does anyone have a recommendation for what I should do? Do I need to upgrade to tor 0.2.5? ORPort should be sent to something random, that is externally reachable and not in use by anything else. ExtORPort should be set to auto, it only listens on the loopback interface, so it doesn't need external reachability. The obfs ports can be unset (No ServerTransportListenAddr line) in which case they will be random, or set to specific ports to attempt to bypass naive attempts at protocol whitelisting. You need to upgrade to tor 0.2.5.x or later to be a useful obfs4 bridge period because Bridges running 0.2.4.x will publish broken bridge configurations to BridgeDB, and will not ever get served to users. (Yes, tor should log a warning whenever such situations occur, see #13202 for people shooting that idea down when I first brought it up a long time ago.) No idea about the port already in use thing. Check the processes on the system to see if you have a defunct obfs4proxy instance hanging around (obfs4proxy 0.0.5 makes this less likely to happen). Regards, -- Yawning Angel pgpcJKGqTuM_P.pgp Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] HW-Accelerated OpenSSL Tor not playing nicely.
Thanks Yawning, I was trying to make due with the equipment I had laying around, but, anyways, I did learn a bit along the way. Thanks for your input. On 3.5.15 0:40, Yawning Angel wrote: On Sat, 02 May 2015 12:10:33 -0400 12xBTM 12x...@gmail.com wrote: So, I deleted the /usr/local/ssl/ folder and went from there. I got the sudo make test going again, and it failed D: . So the last thing remains: How do I get/install that patch that supposedly corrects this? ... Quoting from the README file: Note that OpenSSL's cryptodev implementation is outdated, and there are issues with it. For that we recommend to use the patches below, that we have provided to the openssl project. http://... You're making it sound as if the patches are on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying 'Beware of the Leopard'. Anyway... * I haven't bothered to check if the patches apply cleanly, only that they weren't ever merged. Shouldn't be that hard to fix the patches if they've rotted. * According to one of the writeups linked, in 2013 cryptdev wasn't exposing a CTR-AES EVP engine. If this is still the case, the bulk of tor's AES calls will not benefit from the acceleration (Skimming the cryptdev code quickly, this would ultimately be a kernel issue). * The SHA acceleration will only help TLS, because the bulk of the SHA calls in tor don't use the EVP interface (For good reasons in the case of SHA1, and it's a good idea, someone should do it reasons for SHA256). I'd expect in a lot of cases that the gains would be fairly minimal anyway, since using hardware acceleration with this configuration requires a syscall. if there's a better way to go about having HW-accelerated crypto for Tor (excluding Intel aes-ni), please let me know. Instead of some garbage TI part, use something that supports ARM-v8's AES, SHA1, SHA256, and VMULL instructions. Regards, ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] T-shirts and Confirming Relay Control
On Tue, May 05, 2015 at 01:57:04PM +, Speak Freely wrote: Matthew Finkel, It's kind of disingenuous to suggest If you want to work on something, then please come work on it, we really are overloaded. I'm really sorry you interpretted it in that way. It actually was a genuine request for more help. You have to let us work on it, for us to work on it. Do you understand the problem? Sure, that is a problem, but what is the problem? It seems this dilemma is reoccurring and not getting solved. Someone says they are willing to help work on something, possibly someone else says great! we need your help! then nothing happens. Was it an empty offer or did the offer die because no one followed up with the person? Having a volunteer coordinator might help - I hope it would help - but what's the best way to organize that? Is it the responsibly of some people associated with The Tor Project to follow up on every offer they receive or is it the responsibility of the person who made the offer to follow up and get involved? Maybe both? To The Inner Circle (The Tor Project People), I am at the very least the third person to mention in this thread that we have offered to help. No one responded to my offers. I'm pretty sure at least some of their offers were ignored as well, though I can't be bothered to double check. :( I don't know. Obviously, not receiving a response sucks. I completely understand that. Tor's work and day-to-day coordination is heavily based around IRC, so the mailing lists are not great places for offering help. This whole situation seems to be less about an inner circle existing, and more about a disconnection between the announcements and discussions on the mailing lists and what happens on IRC. I don't know of a good way to bridge this gap, though. I get that you're busy. However, Matthew's attitude to Seth is, in my most humble of opinions, unwarranted. We're all busy, it's difficult balancing everything. I'm sorry if my response was unwarranted, and maybe I shouldn't have responded because it was off-topic, in any case. It's frustrating trying to do something and improve a situation, and instead of receiving helpful feedback the thread receives complaints about how Tor is crappy with how it handles volunteers. Maybe this is partially due to miscommunication but I'm at a loss for what to do. You've got several people who out of their own free will, decided to offer our additional help, above and beyond what we already do. I wonder, how would you feel, if after offering free assistance to a community that then goes completely, totally, and utterly UNANSWERED, only to have those very people that we offered to assist, bitch that they are busy and want our help. How would you feel? Angry? A little schadenfreude? Or numb? I'm a husband, a father, and a business owner. I'm a busy guy, yet I still offered to help. I can't express how pissed off I am about this, without going into a obscenity-laced tirade about how your house isn't in order. When I offer assistance to someone, or in Tor's case several people, I damn well expect a response. Yes or no, thanks or fuck off, please or tomorrow, join us! or maybe next time. Deafening silence is in no way a mechanism that encourages support from the broader community, but from my perspective that's all you've given. Thanks. Obviously you're correct, silence is not an answer and not what you deserve as a result of offering your assistance. I don't know why this happened or the context of the offer but, to be blunt, Tor doesn't babysit volunteers. If you want to work on something, then, you must actually follow through and work on it. I learned this personally. A volunteer coordinator would be a great person for helping volunteers become more integrated into the community and work on projects but it is ultimately the person volunteering who decides how, when, and if they help. Tor wants your help, but becoming an active volunteer is your decision. Here's a suggestion to The Inner Circle - Have a volunteer coordinator that actually responds to people. This way, when the next person offers to help, they might actually get a good g*d d@mn f@cking response! Yes, this sounds like a good idea. Who wants to volunteer to be the volunteer coordinator? Again, that is a genuine question. No one has stepped up to do it. If we had one, at least they would respond to most offers. Seeing as how I'm a nobody and my offers aren't worth acknowledging, please continue to do whatever you'd like, with *all* the success it brings. Don't forget to smile. Being a nobody or being a somebody is irrelevant. I'm a nobody too, but I'm trying to do something. I sincerely hope you and the rest of the community will help me and Tor, as a whole, create a better community/network/world. Let's continue this discussion in a new thread. Thanks, Matt ___ tor-relays mailing
Re: [tor-relays] T-shirts and Confirming Relay Control
On 2015-05-03 19:44, Matthew Finkel wrote: Hi Ops, [...] For this case, we need an authentication mechanism which proves control of the relay but is something relay operators won't mind running. My currently plan is to ask relay operators to sign the fingerprint file which tor creates. The major disadvantage of this method is that it must be run as root (or a user with access to tor's data directory). If you are willing to lower the bar for 'proof' a bit I'd ask them to fetch a confirmation url send to them from the connection their node runs on. Spoofing an IP address for a TCP connection isn't trivial and seems rather a lot of effort for just a t-shirt. So it at least proofs access to the connection the node is running on. That could be a simple unprivileged wget one-liner. It leaves room for some abuse, but does raise the bar quite a bit. If you do want to use the tor key couldn't you use it as a key for ssl client authentication? That would allow for further automation and you could be build into tor in the future. AVee ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] T-shirts and Confirming Relay Control
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 AVee, Would it not be possible for me to specify the ExitNode in my torrc and then do the wget to prove my ownership? I haven't tried to specify a single node before so I'm not sure if it'd work. Thanks, Tim -BEGIN PGP SIGNATURE- Version: Mailvelope v0.13.1 Comment: https://www.mailvelope.com wsFcBAEBCAAQBQJVSKElCRC8Tq5FO2jmKgAA4hMP/3nPoz/ygyRrtpzWxYQT S6+EN5A3DlPHX/fWgSHVdtaZKatb/OBfH4db6anvf1T1t7yhA8u1YxTKSLxA TOB0Bk3n5BC6H0dCBusAMLcGBb/r/navz5ficu2N8/mP7Yvee2zMuTMPmWML awWw1pgh90cHQbMYvs0k5/DsByxzdfRPzkSL5i1jrKNyiEaDNZTDMo0dm2cf dkyiW/Qr1HueO8qkVTzzeGthCVN+saUmhfWIKnQfs1nMG64Hrh+8S7oMEmoK efHJT6bAPn0fWr9STiqV19xKmAPuYAOSSHMOdRiI8CAS/bfPMZQvOjHwmKBm Tp0AqKrVequEQDiKeuQOinEksdMVMPi8C1ifCL70GM4T5QOyK2CzbSuWmi8e fr2D/mN5fSKVcITgud29FxQKYjP8rmxYcCBBTF9m4/W/XdN9eXrOjHko0HEK 4dGMmzdf6/Wx9+kgS3n9pcOabSd742FUwb2ZqIRXsxpcg0S8mJc3vU5OVTsC VurtbRQVycIbfOvDtqogbUpPGLe3D/Z0nkqjHuoP746SKFnNeB6rVu9b4Zdh HDclgMy9L2q2nuOS1KvOfDgoEYa0A/tfRDG4qahaovrn/ayonAvwtnUgtgkK HMdyh83msC72l3apxAMqCh6sZfijuxjIOTUQBicbHemrLyf1KVrK7RJ/6U4h phH0 =ZXd3 -END PGP SIGNATURE- On 5 May 2015 at 17:58, AVee d6re...@d6.nl wrote: On 2015-05-03 19:44, Matthew Finkel wrote: Hi Ops, [...] For this case, we need an authentication mechanism which proves control of the relay but is something relay operators won't mind running. My currently plan is to ask relay operators to sign the fingerprint file which tor creates. The major disadvantage of this method is that it must be run as root (or a user with access to tor's data directory). If you are willing to lower the bar for 'proof' a bit I'd ask them to fetch a confirmation url send to them from the connection their node runs on. Spoofing an IP address for a TCP connection isn't trivial and seems rather a lot of effort for just a t-shirt. So it at least proofs access to the connection the node is running on. That could be a simple unprivileged wget one-liner. It leaves room for some abuse, but does raise the bar quite a bit. If you do want to use the tor key couldn't you use it as a key for ssl client authentication? That would allow for further automation and you could be build into tor in the future. AVee ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays