On Tue, 17 Mar 2009 03:15:31 +0100 slush sl...@slush.cz wrote:
On Tue, Mar 17, 2009 at 2:11 AM, Scott Bennett benn...@cs.niu.edu wrote:
Wow. The differences in laws from one place to another makes it
difficult or impossible to recommend any single practice for tor users. In
the U.S
that I've been misled by
their residential-class sales staff through its ignorance on the matter. OTOH,
the choices around here are distressingly poor.
Scott Bennett, Comm. ASMELG, CFIAG
through my relay during that time.
FWIW, I am currently dealing with a new (to me) situation involving my
current ISP, but I'll post comments on that later.
Scott Bennett, Comm. ASMELG, CFIAG
within the preceding few days.
Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet: bennett at cs.niu.edu
by hand,
or course. :-)
Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet: bennett at cs.niu.edu
connections would duplicate inbound connections,
but I didn't check those either.
So why is tor doing this?
Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet: bennett at cs.niu.edu
there, too.
Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet: bennett at cs.niu.edu
, sometimes as much as 30% - 40%, but those events
usually last only a couple of seconds. Given these numbers, your figures seem
reasonable.
Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet
On Sun, 22 Feb 2009 23:20:05 +0100 Lexi Pimenidis
l...@i4.informatik.rwth-aachen.de wrote:
On Sun, Feb 22, 2009 at 11:01:46PM CET, Scott Bennett wrote:
No, no, NO. That means three times as many descriptor uploads to the
authorities, which is the small part, and then potentially twice
. :-)
Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet: bennett at cs.niu.edu *
**
* A well regulated and disciplined militia, is at all
by
moving those operations off of the core is handling the rest of tor's work.
operations in parallel.
Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet: bennett at cs.niu.edu
that I've written that brief list of thoughts above, I think
I'll save it as a tiny starting point for a more complete description of data
rate reporting problems, so you may see it again someday. :-)
Scott Bennett, Comm. ASMELG, CFIAG
by every relay and active client around the
planet during the next couple of hours. That is exactly the wrong approach.
Please read my previous followup.
Scott Bennett, Comm. ASMELG, CFIAG
--00163630f629af8d520463892804--
You really don't need to send an HTML copy of your message to the list.
Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet: bennett at cs.niu.edu
as well as the output prioritizations.
Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet: bennett at cs.niu.edu
and persuasions
need the anonymity that tor provides. Here we can see that that big tent
applicability includes even would-be tyrants. :-}
Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet
decision to make and not that of people like
Germershausen because it is *your* tor relay and *your* computer system, not
theirs.
What is it that keeps drawing control freaks out of the woodwork and
onto this list anyway? Jeesh...
Scott Bennett, Comm. ASMELG
blockers? Maybe it
should be built into browsers, perhaps enabled as a configurable option turned
on by default.
Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet: bennett at cs.niu.edu
On Wed, 18 Feb 2009 01:33:11 +0100 slush sl...@slush.cz wrote:
On Tue, Feb 17, 2009 at 10:00 AM, Scott Bennett benn...@cs.niu.edu wrote:
Really? I know that seems to be in accord with the received wisdom
on this list, but I, for one, no longer make that assumption. For one
thing
.
Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet: bennett at cs.niu.edu *
**
* A well regulated and disciplined
occurred.
Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet: bennett at cs.niu.edu
*:9051,
accept *:9001, accept *:9030), and I wasn't aware that the geoip project had
appropriated a port for its own use. I've now added
ExitPolicy accept 128.213.48.13:1443
to my torrc, and it has just now been published.
Scott Bennett, Comm. ASMELG, CFIAG
, too, that such transfers
provide quite a bit of cover traffic for those who need the cover.
Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet: bennett at cs.niu.edu
.
Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet: bennett at cs.niu.edu *
**
* A well regulated and disciplined militia, is at all
On Tue, 17 Feb 2009 17:54:51 +0100 Mitar mmi...@gmail.com wrote:
On Tue, Feb 17, 2009 at 10:59 AM, Scott Bennett benn...@cs.niu.edu wrote:
I just read Roger's message from July 2006 on playing down the use of
ExcludeNodes and maybe eventually eliminating it. I encountered a reason
first before
eliminating it for all circuit route positions.
Rabbit holes within rabbit holes,
Yes, indeed.
Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet: bennett at cs.niu.edu
On Fri, 13 Feb 2009 08:06:23 -0600 Drake Wilson dr...@begriffli.ch
wrote:
Quoth Scott Bennett benn...@cs.niu.edu, on 2009-02-13 07:27:10 -0600:
TCP connection has much more of this than would be present if one were
using the underlying packet network more directly, I think.)
But I
occupied?
6) Did you get an INFO log by any chance? (Please don't post it to
the list if it's huge.)
Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet: bennett at cs.niu.edu
to provide properly functioning addresses for
postmaster and abuse. It's also on the dsn list at the same
site.
BTW, I note that your address is at hotmail.com, a site that is
also on the abuse and postmaster blacklists.
Scott Bennett, Comm. ASMELG, CFIAG
to.
FWIW, if you think an Internet Domain Name registrar is going to
de-list the domain name of an ISP for offenses committed from the
computer of one of that ISP's subscribers, then you have a small
learning experience ahead of you. :-)
Scott Bennett, Comm
by how fast that input can be
relayed to the next OR or exited to a destination, and that transmission
rate limit is being shared with the directory service transmissions.
Scott Bennett, Comm. ASMELG, CFIAG
with this, but that brings up
various other annoying practical problems that are particularly
annoying because there's no good reason for them to exist.
Such as? A list of pros and cons is the kind of elaboration I've
been hoping to get.
Scott Bennett, Comm
top-post, too, so I should never have bothered to read, much
less respond to, your message in the first place. I'll avoid that mistake
with your postings in the future.
Scott Bennett, Comm. ASMELG, CFIAG
the benefit of removing an
unsafe relay from the network.
Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet: bennett at cs.niu.edu
for mailing list postings.
What client are you using that is causing a problem? Mutt?
I am using mailx(1), but the cause of the problem is at your end, not
here. You are the one posting entire paragraphs on single lines, after all,
not I.
Scott Bennett, Comm
On Tue, 10 Feb 2009 01:49:55 -0500 Nick Mathewson ni...@freehaven.net
wrote:
On Mon, Feb 09, 2009 at 11:10:28PM -0600, Scott Bennett wrote:
[...]
I think it would be a useful modification for the authorities to be able
to flag IP addresses and address ranges with BadExit in addition
] trusted_dirs_load_certs_from_string(): Adding cached
certificate for unrecognized directory authority with signing key
783A368067E26CDD64205EFCF1C5066B5F55EDCB
These certainly *look* alarming. Is there a problem here, too?
Scott Bennett, Comm. ASMELG, CFIAG
looks scary is somehow actually innocuous, I do think we
need a patch ASAP.
Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet: bennett at cs.niu.edu
of circuits I
currently had open. I have now added it to the ExcludeNodes list in my torrc,
but I've noticed that tor doesn't always exclude what I tell it to exclude,
so I would appreciate prompt action on this.
Thank you.
Scott Bennett, Comm. ASMELG, CFIAG
detection and flagging
of BADEXITs.
Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet: bennett at cs.niu.edu
flag for its *name*, as well as its new key, to force apple's crooked
operator to change his/her relay's torrc file next time. It isn't much, but
anything is a help.
Scott Bennett, Comm. ASMELG, CFIAG
, followed by another couple of years of depression.
Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet: bennett at cs.niu.edu
such bad reputations to the guilty
parts of an ISP's available addresses, but could easily make it difficult or
impossible for the crooked operator(s) to return to exit hijacking without
changing ISPs.
Scott Bennett, Comm. ASMELG, CFIAG
satisfied their ISPs by rejecting exits to the ports that were attacked, in
some cases, rejecting those ports only for certain IP addresses.
Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet
?
Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet: bennett at cs.niu.edu *
**
* A well regulated and disciplined militia
On Wed, 21 Jan 2009 11:51:10 -0800 coderman coder...@gmail.com
wrote:
On Wed, Jan 21, 2009 at 1:43 AM, Scott Bennett benn...@cs.niu.edu wrote:
...
Okay. I downloaded entrust_ssl_ca.der (the man page for wget(1) says
it wants DER or PEM format for certificates) and
i tend to use PEM
I'm finally getting back to this. Sorry about the delay again.
On Wed, 31 Dec 2008 10:55:36 -0800 coderman coder...@gmail.com
wrote:
On Wed, Dec 31, 2008 at 12:21 AM, Scott Bennett benn...@cs.niu.edu wrote:
...
Nope. Instead I get:
ah the joys of PKI. Tor has been changing certs
be difficult or impossible to answer
your question.
Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet: bennett at cs.niu.edu
%.
Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet: bennett at cs.niu.edu *
**
* A well
out via the same address/interface the connection originally
came in on (i.e., Address), regardless of what OutboundBindAddress says.
Note that this would also apply to DirPort connections if one is running
a directory mirror.
Scott Bennett, Comm. ASMELG, CFIAG
connection, extended power outage, etc.),
but I really would like to know how to get tor to obey what I tell it in
ExcludeNodes.
Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet: bennett
.
HrmI think it's working. If I'm wrong, could someone point out the flaw
in my testing method?
See above. Take a good look at the proxyresolv script that is used by
proxychains to resolve names to addresses.
Scott Bennett, Comm. ASMELG, CFIAG
, the queries were all being sent to 4.2.2.2, which has a
PTR RR to vnsc-bak.sys.gtei.net. So maybe the queries weren't really being
leaked, but they were all going to the same name server.
Scott Bennett, Comm. ASMELG, CFIAG
a
closer look at configuring and using it. (Apparently, the version number
hasn't changed in at least a year and a half.)
Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet: bennett
On Mon, 05 Jan 2009 12:01:29 +0100 gabrix gab...@gabrix.ath.cx wrote:
Scott Bennett wrote:
I know people are doing FTP transfers via tor, but I don't know how
they are doing it. What are people using for a proxy to sit between either
a native FTP client or a web browser to do FTP
be the active list for proxychains
to use, but it does what I need for now.)
Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet: bennett at cs.niu.edu
I know people are doing FTP transfers via tor, but I don't know how
they are doing it. What are people using for a proxy to sit between either
a native FTP client or a web browser to do FTP transfers?
Thanks in advance for suggestions.
Scott Bennett
On Sun, 21 Dec 2008 22:59:09 -0800 coderman coder...@gmail.com
wrote:
On Sun, Dec 21, 2008 at 10:31 PM, Scott Bennett benn...@cs.niu.edu wrote:
...
is it possible you have an old openssl cacerts package without the
newer ev signing and root ca's?
Beats me.
yup, that appears
coderman coder...@gmail.com
wrote:
On Thu, Dec 11, 2008 at 11:35 AM, Scott Bennett benn...@cs.niu.edu wrote:
I appear to be getting an SSL connection error when using wget(1) to
fetch 0.2.1.8-alpha using the links from the tor project's download page...
is it possible you have an old openssl
On Sun, 21 Dec 2008 05:22:41 +0100 Mitar mmi...@gmail.com wrote:
On Sat, Dec 20, 2008 at 10:22 AM, Scott Bennett benn...@cs.niu.edu wrote:
I am running FreeBSD ~6.3 (i386), but I see the thread counts stated
earlier when running it as a relay. In client-only mode, I think there's
only one
On Sat, 20 Dec 2008 03:09:58 +0100 Mitar mmi...@gmail.com wrote:
On Sat, Dec 20, 2008 at 12:30 AM, Scott Bennett benn...@cs.niu.edu wrote:
Roger missed mentioning (step two) that you can adjust the queue limit
yourself, e.g., by adding to torrc
MaxONionsPending 200
to double the default
On Sat, 20 Dec 2008 03:25:33 +0100 Mitar mmi...@gmail.com wrote:
On Sat, Dec 20, 2008 at 12:45 AM, Scott Bennett benn...@cs.niu.edu wrote:
That is odd. In my experience, tor has 4 + NumCPUs threads, except
right after a SIGHUP or during initialization. I normally only see two
threads do
On Sat, 20 Dec 2008 21:56:09 +0100 Mitar mmi...@gmail.com wrote:
On Sat, Dec 20, 2008 at 10:05 AM, Scott Bennett benn...@cs.niu.edu wrote:
Increasing the queue limit to a high enough value means that none will be
lost, even if it takes a bit longer for your CPUs to get caught up
tor's memory
requirement, but only by a small amount.
Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet: bennett at cs.niu.edu
found tor to be helpful in bypassing censorial
regimes' efforts is one of the nicer unintended consequences of tor's design,
but such use is fallout from, not motivation for, the design.
Scott Bennett, Comm. ASMELG, CFIAG
.
Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet: bennett at cs.niu.edu *
**
* A well regulated
ago, so it will
be a long time, if ever, before it sees publication.
If you're curious, see the abstract at
http://arxiv.org/abs/0811.1209
Scott Bennett, Comm. ASMELG, CFIAG
On Sat, 6 Dec 2008 16:27:16 +0100 Sven Anderson [EMAIL PROTECTED]
wrote:
Am 06.12.2008 um 15:56 schrieb Scott Bennett:
It appears that a theoretical method of breaking quantum key
distribution
has been found, there's no cause for alarm (yet:-) because it
requires the use
On Fri, 05 Dec 2008 13:14:08 +0100 Dominik Schaefer [EMAIL PROTECTED]
wrote:
Scott Bennett schrieb:
I still don't understand this. I will try to find time to resume
reading those proposals, but the idea of running stream data over a protocol
with neither sequence preservation nor
I wonder what sorts of spyware the Chinese government has built into
Red Flag LINUX that might affect tor or browser security. See the article at
http://news.yahoo.com/s/ap/20081203/ap_on_bi_ge/as_china_internet_cafes
Scott Bennett, Comm. ASMELG, CFIAG
such an option in the 0.2.1.7-alpha man page,
however. Perhaps it's one of those undocumented options.
Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet: bennett at cs.niu.edu
/shutdown script, perhaps run by /etc/rc on your system,
that specifies --user and --group. If you do, try removing those arguments
from the command line that starts tor in the script.
The error messages could be more accurate.
Scott Bennett, Comm. ASMELG
, and it is (and has been) working
without hitch since I started it. There appears to be something about 0.2.1.7
specifically that causes problems. Prior to upgrading to it I was running
tor-0.2.1.6, also without problem.
Scott Bennett, Comm. ASMELG, CFIAG
by two directory servers who are an hour or two out
of date do not yet have the new descriptor?
Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet: bennett at cs.niu.edu
.
Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet: bennett at cs.niu.edu *
**
* A well
. :-)
Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet: bennett at cs.niu.edu *
**
* A well regulated and disciplined militia
to configure a basic relay successfully just
based upon the comments in torrc, though the man page might clarify a detail
here or there.
Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet: bennett
. If the People won't enforce them, then they won't
be enforced. Expecting the courts to defend the Constitution has been a bad
bet from the beginning (a fox-guarding-the-henhouse scenario).
Scott Bennett, Comm. ASMELG, CFIAG
On Sat, 1 Nov 2008 00:23:20 +0100 Sven Anderson [EMAIL PROTECTED]
wrote:
Am 31.10.2008 um 06:03 schrieb Roger Dingledine:
I'm still surprised at all the people who think the choice is between
keeping their Tor relay without logs or adding logging. The choice is
to keep the relay running
for a NAT'ed LAN
gateway--to run a web server supporting HTTPS connections. That alone
should be sufficient reason not to change the default ORPort to 443.
Scott Bennett, Comm. ASMELG, CFIAG
On Sun, 19 Oct 2008 09:35:13 +0200 Niels Grewe [EMAIL PROTECTED]
wrote:
On Sun, Oct 19, 2008 at 01:44:15AM -0500, Scott Bennett wrote:
If nothing else, defaulting to 443 would allow a greater number of
hotspot laptops access to TOR from HTTP/S-only networks.
Doing that, however
. That way
they would still have to take some responsibility for getting what they want,
but could no longer harass my list.
Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet: bennett
On Wed, 8 Oct 2008 23:34:00 -0400 Roger Dingledine [EMAIL PROTECTED]
wrote:
On Tue, Sep 02, 2008 at 08:20:47AM -0500, Scott Bennett wrote:
A short time ago, I found that 212.205.53.212 had several hundred open
TCP connections to my tor server's DirPort, and very little relay traffic
.
Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet: bennett at cs.niu.edu *
**
* A well regulated and disciplined
suppose.:-)
Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet: bennett at cs.niu.edu *
**
* A well
in a message sent to you confirming the fact that your email address
had been added to the list.
Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet: bennett at cs.niu.edu
On Thu, 9 Oct 2008 19:23:48 +0100 Geoff Down [EMAIL PROTECTED]
wrote:
On 9 Oct 2008, at 13:33, Scott Bennett wrote:
While we're on this subject, I'd like to point out a problem with
tor's
current data rate capacity testing during server initialization. In
order
to get some
the tripwires.
Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet: bennett at cs.niu.edu
of roughly hourly. Getting rid of the old directory
protocol (0.1.0.x versions) seemed to be at least correlated with the earlier
reduction.
Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet
will begin
again?
Thanks in advance for any news.
Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet: bennett at cs.niu.edu
On Sat, 13 Sep 2008 07:39:39 +0200 Gitano [EMAIL PROTECTED]
wrote:
Scott Bennett wrote:
## The following line enables hidden service directory mirroring.
HidServDirectoryV2 1
(Or skip the comment line, and just add the second line, as you please.)
Then tell your tor server to reload
On: Sat, 13 Sep 2008 09:01:34 +0200 Gitano [EMAIL PROTECTED]
wrote:
Scott Bennett wrote:
This entry doesn't work on my server (Picolo) even though the flag
'Directory (v2)' is set.
Why do you believe it doesn't work?
My server is not listed as a HSDir server.
There is, however
On Sat, 13 Sep 2008 12:31:34 +0200 Hans Schnehl [EMAIL PROTECTED]
wrote:
On Sat, Sep 13, 2008 at 04:46:14AM -0500, Scott Bennett wrote:
On: Sat, 13 Sep 2008 09:01:34 +0200 Gitano [EMAIL PROTECTED]
wrote:
Scott Bennett wrote:
This entry doesn't work on my server (Picolo) even
On Thu, 11 Sep 2008 23:11:53 +0200 Lucky Green [EMAIL PROTECTED]
wrote:
On Thu, Sep 11, 2008 at 08:17:53AM -0500, Scott Bennett wrote:
Anyway, for those directory server operators who are willing to add
hidden services directory service to their ordinary tor directory server's
On Fri, 12 Sep 2008 05:42:53 -0400 Roger Dingledine [EMAIL PROTECTED]
wrote:
On Fri, Sep 12, 2008 at 04:25:30AM -0500, Scott Bennett wrote:
Right. And that reminds me of an old question. When tor starts up,
it logs a standard disclaimer about being experimental software, don't bet
to an OrPort
and get recognized as a tunneled directory request, rather than a circuit-
building operation? Can anyone clarify this?
Thanks for any answers.
Scott Bennett, Comm. ASMELG, CFIAG
On Thu, 11 Sep 2008 22:20:01 +0200 Karsten Loesing
[EMAIL PROTECTED] wrote:
Scott Bennett wrote:
There is already a proposal in the works to make hidden services
directory service the default for directory servers, which would probably
radically increase the number of HSDir servers
, if tunneled connections
just mean using a circuit to get to a DirPort, then yes, I would agree with
you.
I mainly configured it as such because it's fun to find out the emergent
properties of a system.
:-)
Scott Bennett, Comm. ASMELG, CFIAG
until we see how many more directory server operators
will volunteer to offer hidden service directory services? We are already
well above the six-server danger zone.
Scott Bennett, Comm. ASMELG, CFIAG
on this.
Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet: bennett at cs.niu.edu *
**
* A well regulated and disciplined militia
301 - 400 of 623 matches
Mail list logo