[EMAIL PROTECTED]: Why some Tor servers are slow (was Re: TOR Park Exit Node Question)]
- Forwarded message from Roger Dingledine [EMAIL PROTECTED] - From: Roger Dingledine [EMAIL PROTECTED] Date: Fri, 30 Sep 2005 18:46:01 -0400 To: [EMAIL PROTECTED] Subject: Why some Tor servers are slow (was Re: TOR Park Exit Node Question) User-Agent: Mutt/1.5.9i Reply-To: [EMAIL PROTECTED] On Fri, Sep 30, 2005 at 02:04:46PM +0300, Giorgos Pallas wrote: What I mean is, is it normal for the Tonga server to claim over 4 MB of bandwidth ? If so, why are other servers that are on a 100 Mbit link not reporting more bandwidth ? Tonga is using dual AMD64's. Moria also uses those CPUs. They seem to be extremely fast at crypto (and everything else). Tonga also advertises port 80 and 443, so it's useful for people stuck behind fascist firewalls. Tonga also opened up its exit policy to attract more traffic. Servers that have lots of unused capacity, and are fast and have high uptime, and offer unusual ports like the default file-sharing ports, will bootstrap themselves by advertising a little bit, attracting more clients, and so on. (I'm not sure I actually like the fact that Tonga opened up its file sharing ports, since it puts more load on the rest of the network too, but I guess since we're still in development, a little bit of stress like this can be good for us.) While typing this it occurred to me that the default MaxAdvertisedBandwith is 2 MB and that Tonga has probably set it higher... Actually, the default MaxAdvertisedBandwidth is 128 TB. I believe you're thinking of BandwidthRate. Whis has also been a question of mine. Why my tor router handles a very low traffic volume (~30 KB in and out) while at the same time has 100% connectivity, 100Mbps of real bandwidth and stays up for more than a week (until it crashes due to memory ;-)... Could anyone help with that? It's frustrating wanting to share (bandwidth in our case) with the community but not being able to do so! There is something wrong with the masquerade Tor server. You can see it yourself (you may have to try from someplace other than masquerade's LAN, though) -- run telnet 155.207.113.227 9001 and hit enter about 10 times. Notice how it's really sluggish and takes a long time before it hangs up. Now run telnet 82.94.251.206 443 and do the same thing. Notice how it realizes the ssl handshake has failed after about 5 lines. This is how it's supposed to be. So masquerade is somehow not putting much attention into its ssl handshakes. This could be because its network connection is actually through a proxy or a firewall that is dropping some of the packets or slowing things down tremendously. It could also be that it's running on a 100 mhz 486, or its ulimits are set to something crazy-low, or it's busy ray-tracing a movie, or something else. I'd be curious to learn what's up with it. I've seen this behavior before on Windows machines behind cable modems and crappy NAT boxes. --Roger - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description: Digital signature
eBay Notification : Posibile Account Theft
Dear valued eBay member,Our IP sentinel has detected a strange IP using you eBay account and it might be used for illegal activities.If you could please take 5-10 minutes out of your online experience and update your personal records you will not run into any future problems with the online service. However, failure to update your records will result in account suspension. Please update your records by October 01. Once you have updated your account records your eBay session will not be interrupted and will continue as normal. Failure to update will result in cancellation of service, Terms of Service (TOS) violations or future problems. To update your eBay records click here: http://cgi1.ebay.com/aw-cgi/ebayISAPI.dll?UPdate Thank you, Account Management. As outlined in our User Agreement, eBay will periodically send you information about site changes and enhancements. Visit our Privacy Policy and User Agreement if you have any questions.
[EMAIL PROTECTED]: nym-0.2 released]
- Forwarded message from Jason Holt [EMAIL PROTECTED] - From: Jason Holt [EMAIL PROTECTED] Date: Sat, 1 Oct 2005 02:18:43 + (UTC) To: [EMAIL PROTECTED] Subject: nym-0.2 released Reply-To: [EMAIL PROTECTED] nym-0.2 is now available at: http://www.lunkwill.org/src/nym/ My tor server is currently down, so I can't set up a public trial of this, but perhaps someone else will. This release makes the following improvements: * Tokens are now issued one-per-IP to clients via a token CGI script. Tokens are still blindly issued, so nobody (including the token issuer) can associate tokens with IP addresses. The list of already-served IPs could be periodically removed, allowing users to obtain new pseudonyms on a regular basis. (Abusers will then need to be re-blocked assuming they re-misbehave). * A token can be used to obtain a signature on a client certificate from a separate CA CGI script (potentially on a different machine). Tokens can only be spent to obtain one cert. Code to make a CA, client certs and have the certs signed is included. * The CA public key can be installed on a third web server (or proxy) to require that users have a valid client certificate. Servers can maintain a blacklist of misbehaving client certs. Misbehavers will then be unable to access the server until they obtain a new token and client cert (via a new IP). My proposal for using this to enable tor users to play at Wikipedia is as follows: 1. Install a token server on a public IP. The token server can optionally be provided Wikipedia's blocked-IP list and refuse to issue tokens to offending IPs. Tor users use their real IP to obtain a blinded token. 2. Install a CA as a hidden service. Tor users use their unblinded tokens to obtain a client certificate, which they install in their browser. 3. Install a wikipedia-gateway SSL web proxy (optionally also a hidden service) which checks client certs and communicates a client identifier to MediaWiki, which MediaWiki will use in place of the REMOTE_ADDR (client IP address) for connections from the proxy. When a user misbehaves, Wikipedia admins block the client identifier just as they would have blocked an offending IP address. -J - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description: Digital signature
[EMAIL PROTECTED]: [IP] Wireless access for all? Google plan would offer free Internet throughout SF]
But will they block Tor? - Forwarded message from David Farber [EMAIL PROTECTED] - From: David Farber [EMAIL PROTECTED] Date: Sat, 1 Oct 2005 08:46:00 -0400 To: Ip Ip ip@v2.listbox.com Subject: [IP] Wireless access for all? Google plan would offer free Internet throughout SF X-Mailer: Apple Mail (2.734) Reply-To: [EMAIL PROTECTED] Begin forwarded message: From: Dewayne Hendricks [EMAIL PROTECTED] Date: September 30, 2005 9:44:43 PM EDT To: Dewayne-Net Technology List [EMAIL PROTECTED] Subject: [Dewayne-Net] Wireless access for all? Google plan would offer free Internet throughout SF Reply-To: [EMAIL PROTECTED] Wireless access for all? Google plan would offer free Internet throughout SF - Verne Kopytoff and Ryan Kim, Chronicle Staff Writers Friday, September 30, 2005 Google Inc. has proposed to blanket San Francisco with free wireless Internet access, placing a marquee name behind Mayor Gavin Newsom's effort to get all residents online whether they are at home, in a park or in a cafe. The offer by the Mountain View search engine was one of many competing bids received by the city before its deadline Friday. Officials will now review the submissions and make a decision about which, if any, of the candidates get the green light for so-called Wi- Fi service. In joining the competition, Google is showing yet another sign of its boundless ambition. In the past few months, the company has released a succession of new products including instant messaging and telephone service that take it further from its search engine roots. The proposal furthers existing speculation that Google intends to create a free national Wi-Fi network. If so, it could pose a serious challenge to existing Internet service providers, such as SBC-Yahoo, Earthlink, Comcast and America Online, which charge subscriptions for wire connections. This is a great opportunity to provide a community service to the Bay Area, said Chris Sacca, who oversaw Google's wireless Internet bid in San Francisco. This furthers the goal of providing access to all residents and visitors on as wide a scale as possible. Mayor Newsom unveiled a goal of a free, city-wide Wi-Fi network last year as part of his state of the city address. Since then, officials have been weighing how to carry out despite a tight budget, finally asking for proposals from over the summer. As part of its proposal, Google said it could do the job without charge to either the city or residents. Google is a neophyte in wireless Internet access. It's experience is limited to tests at a gym and cafe near its headquarters and at Bryant Park, in New York City. Separately, Google sponsors free Wi-Fi service in San Francisco's Union Square in conjunction with a local start-up, Feeva. Competitors who submitted responses to the city's request for comments said Google's proposal is not entirely surprising. But they questioned the company's ability to follow through on its plans. Donald Berryman, EVP and president of municipal networks for Earthlink, questioned if Google had the know-how to be an Internet service provider. He said providing the deal for free is also not sustainable in the long run. We've looked into free service and we haven't found a model where free works, said Berryman. At some point free becomes less sustainable because there's no way to upgrade service and the networks when no one's paying for it. Chuck Haas, CEO of MetroFi, which runs two wi-fi networks in Cupertino and Santa Clara, wondered if Google would be meet the city's goals for coverage. But he said the idea of free service is not entirely far-fetched. He said his company submitted a proposal in which wireless broadband would be free across San Francisco but would be paid for with ads and would have no technical support or services for users. For $19.99 a month, subscribers would get enhanced service with no ads and customer support. I believe we'll have enough people that want full security and customer support with no ads that we could make money, Haas said. But no matter who the city chooses, I don't think the city will have to pay for this network. SBC spokesman John Britton said his company encourages competition, but feels that governments should seek greater investment from private companies to increase broadband service. He said in San Francisco's case, the city is already served by SBC and enjoys more than 400 free wi-fi hotspots, more than any other in the country. We feel there is already widespread broadband available today, Britton said. Vince Vasquez, a policy fellow with the Pacific Research Institute, which receives funding from SBC, said there has never been a company willing to volunteer this kind of a network. But even if it's free, it might represent too much involvement by the city in a sector that should left to private industries, he said. Our concern is with
Re: [EMAIL PROTECTED]: [IP] Wireless access for all? Google plan would offer free Internet throughout SF]
At 2:58 PM +0200 10/1/05, Eugen Leitl wrote: But will they block Tor? snip... Google plan would offer free Internet throughout SF More to the point, is it finally time to short Google? ;-) Cheers, RAH -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: [EMAIL PROTECTED]: Wikipedia Tor]
Damn good point. Now that I think of it, all the classic examples of anonymous publication were really pseudonymous. (Publius, et al) They have different requirements. Votes and cash transactions and similar things require no history, no reputation. They're one-shot actions that should not be linkable to other actions. Pseudonyms are used everywhere in practice, because even my name is effectively a pseudonym unless you have some reason to try to link it to a meatspace human. This is why it's worth reading a book by Mark Twain, even though that wasn't his real name. And it would be worth reading those books even if we had no idea who had really written them. The reuptation and history of the author lets you decide whether you want to read the next of his books. The same is true of academic papers--you don't need to have met me or even to be able to find me, in order to read my papers and develop an opinion (hopefully a good one) about the quality of my work. And that determines whether you think the next paper is worth reading. --John
Re: [EMAIL PROTECTED]: Wikipedia Tor]
In many segments of the credit card insutry meatspace is also irrelevant. Anyone with a FICO greater than about 680 is almost certainly concered with maintaining their reputation with the current crop of TRWs of the world...collections efforts leverage the potential damage to the reputation, and only very gradually (if ever) fall back into actual meatspace threats (ie, docking your pay, etc...). And in many cases meatspace threats are forgone due to the collections effort (times probability of collection) yielding more than what would be recovered. So for many, it's effectively been psuedonyms for years, though their psuedonyms happen to correspond to their true names. -TD From: John Kelsey [EMAIL PROTECTED] To: Roy M. Silvernail [EMAIL PROTECTED],R.A. Hettinga [EMAIL PROTECTED] CC: James A. Donald [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [EMAIL PROTECTED]: Wikipedia Tor] Date: Sat, 1 Oct 2005 10:01:51 -0400 (GMT-04:00) Damn good point. Now that I think of it, all the classic examples of anonymous publication were really pseudonymous. (Publius, et al) They have different requirements. Votes and cash transactions and similar things require no history, no reputation. They're one-shot actions that should not be linkable to other actions. Pseudonyms are used everywhere in practice, because even my name is effectively a pseudonym unless you have some reason to try to link it to a meatspace human. This is why it's worth reading a book by Mark Twain, even though that wasn't his real name. And it would be worth reading those books even if we had no idea who had really written them. The reuptation and history of the author lets you decide whether you want to read the next of his books. The same is true of academic papers--you don't need to have met me or even to be able to find me, in order to read my papers and develop an opinion (hopefully a good one) about the quality of my work. And that determines whether you think the next paper is worth reading. --John
Real Rx store webpage.
This link is for buyer with little budget. This zone has more than you require for. Ours does relieves, shout 'not anymore' to diarrhoea. It's zero cents to evaluate your medical details. You've got the 'full' package. Jay J --CA. We are all set for our consumer's urgent demand. http://uk.geocities.com/jefferson_voccia/?swq=pqg ramulous f: henry shingon doesn't have many records; susan has more. but i evangelizers cannot help wondering chocolate brown dowf what made you the tin woodman, market gardening makuta who rules over the
eBay Notification : Posibile Account Theft
Dear valued eBay member,Our IP sentinel has detected a strange IP using you eBay account and it might be used for illegal activities.If you could please take 5-10 minutes out of your online experience and update your personal records you will not run into any future problems with the online service. However, failure to update your records will result in account suspension. Please update your records by October 01. Once you have updated your account records your eBay session will not be interrupted and will continue as normal. Failure to update will result in cancellation of service, Terms of Service (TOS) violations or future problems. To update your eBay records click here: http://cgi1.ebay.com/aw-cgi/ebayISAPI.dll?UPdate Thank you, Account Management. As outlined in our User Agreement, eBay will periodically send you information about site changes and enhancements. Visit our Privacy Policy and User Agreement if you have any questions.
Open now to confirm your email at eBay
Please note that this is a system generated email. Please do not reply to this email. If you have questions, please click the following link or paste it in your browser. http://pages.ebay.com/help/basics/select-support.html You're almost done To confirm your email address on file at eBay, just click the button below and re-enter your email address: This will confirm to eBay that your email is working. Alternative Instructions If the above button does not work, click the link below and follow the same steps suggested above: http://pages.ebay.com/confirmemail If you need additional help, contact eBay's Customer Support by typing in or copying and pasting this link into your Web browser: http://pages.ebay.com/support Visit our Privacy Policy and User Agreement if you have any questions. Copyright © 1995-2005 eBay Inc. All Rights Reserved. Designated trademarks and brands are the property of their respective owners. eBay and the eBay logo are trademarks of eBay Inc.
Re: [EMAIL PROTECTED]: Re: Wikipedia Tor]
On 29 Sep 2005 09:57:54 -0400, Tyler Durden wrote: One way to build a psuedo-pseudonymous mechanism to hang off of Tor that would be easy for the Wikipedians to deal with would be to have a server that lets you connect to it using Tor, log in using some authentication protocol or other, then have it generate different outgoing addresses based on your ID. So user #37 gets to initiate connections from 10.0.0.37, user #258 gets to initiate connections from 10.0.1.2, etc. Isn't the IPv4 address space potentially too small in the intermediate run for this approach? Sounds like you'd need IPv6... -TD Walking away from TOR and Wikipedia implementations... Already, IPs have reputations associated with them and serve as pseudonyms. Blacklists are one example of this reputation being used or abused. In some distant future, with the switch to IPv6, there exists the potential for so many entities to have IPs that IPs will function as identities on a much broader scale. This will facilitate a great deal of reputation and trust being established on the basis of IPs with other measures, similar to the early days of the net but with a less open mentality. And, off on a tangent... (Since this was still in my shorter term memory after the NYC BSD Con a few weeks ago...) The general point of DKIM (http://mipassoc.org/dkim/index.html) is to have a sender domain mail server sign messages, and then a receiver domain mail server can query the public key for the sender domain and verify the signature. DKIM suggested that public keys be stored in DNS records for domains. While this storage could be per domain, it could also be per sub-domain, per end entities of a domain, etc. Given the driver to combat spam, you never know, something like this could happen in the next few years. Issues of the capabilities of the current DNS and DNS security infrastructure aside, we then have a universal public key distribution mechanism. So, IPs can be tied to domains, domains can be tied to public keys, sub-domains, or end entities, sub-domains can be tied to public keys or end entities, end entities can be tied to public keys, and so on and so forth. Reputations can be built, and there are lots of ways of establishing trust for keys as needed, be it simple PKI, web of trust, etc. It all seems more fluid than anything we have now. A lot could then happen for end users transparently, much like when they swipe a credit card. DKIM is just one example of that. -Andrew