Re: Tor takes too much RAM
On Sun, Jul 22, 2007 at 10:35:56AM +0200, Olaf Selke wrote: Yes, my directory authorities are using way too much ram too. It appears that we introduced something bad in 0.1.2.x that wasn't present in 0.1.1.x. today I noticed that according the FAQ tor needs 768 MB ram each 10 Mbps bandwidth :-) No, this is not true. At least, it wasn't true for 0.1.1.x. Some kind soul appears to have modified the FAQ to report the current situation, rather than bugging anybody about the problems. :) A few months ago we had plenty of people running at 30Mbps+ using 200M or 300M of memory, back when 0.1.1.x was the recommended stable. You might try downgrading to 0.1.1.26 briefly, and see how it compares to the current situation. Fun fun, --Roger
Re: Tor takes too much RAM
Hi ! Roger Dingledine wrote: On Sun, Jul 22, 2007 at 10:35:56AM +0200, Olaf Selke wrote: Yes, my directory authorities are using way too much ram too. It appears that we introduced something bad in 0.1.2.x that wasn't present in 0.1.1.x. today I noticed that according the FAQ tor needs 768 MB ram each 10 Mbps bandwidth :-) No, this is not true. At least, it wasn't true for 0.1.1.x. Some kind soul appears to have modified the FAQ to report the current situation, rather than bugging anybody about the problems. :) Oh, that was me :-) I'm quite new to Tor and never ran a 0.1.1.x version. So I didn't know that the current memory consumption is too high. Sorry for that. You might try downgrading to 0.1.1.26 briefly, and see how it compares to the current situation. I'll try.
Re: is this a bandwidth problem? my IP is a TOR exit, the client works and the server doesn't
Rip Rock [EMAIL PROTECTED] wrote: So http://torcheck.xenobite.eu/ verifies that my TOR setup really is working, and it shows IPs and machine names that have nothing to do with my real IP and machine name. That much is great. However, when I try surfing to .onion URLs, I get 503 or 404 errors, along with the not-very-encouraging message that my request could not be fulfilled, because the domain name *... *could not be resolvedThis is often a temporary failure, so you might just try again. Remote Tor checks usually only confirm that your request is coming from a known Tor exit node, they don't confirm whether or not your using socks4 or socks4a. Are you sure you're using the latter? I'm using Vidalia/Privoxy/Firefox/Torbutton and I usually don't run a server. And it's great for going to normal webpages but telling them some other IP. I tried running a server to see if that would improve matters, but possibly my bandwidth is too low (I'm just on a home ADSL account). Jul 22 11:29:12:003 [Warning] Your server (...:9001) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. Jul 22 11:29:12:080 [Warning] Your server (...:9030) has not managed to confirm that its DirPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. I don't think this is related to your hidden service problems. I think the problem might be a lack of bandwidth. I don't believe I have a firewall problem. While it could also be a NAT problem, I wouldn't rule out a firewall issue. I imagine the worst-case scenario is that I'll be unable to resolve any .onion URLs until I buy a huge amount of bandwidth, set up a dedicated TOR server, and thus get enough traffic to be thoroughly connected. In other words, I fear that I might have to set up a miniature ISP in order to get any .onion connections. Is there any way to troubleshoot this, short of setting up a miniature ISP? Check your Tor logs. A failed request for a hidden service should result in something like: Jul 22 14:28:10.086 [notice] Tried for 120 seconds to get a connection to hy2644uxnz6zwt6c:80. Giving up. (waiting for circuit) or: Jul 22 15:07:26.829 [notice] Rend stream is 120 seconds late. Giving up on address 'hy2644uxnz6zwt6c.onion'. If there are no such messages you may not be using socks4a. With a socks4 (no a) connection between Privoxy and Tor you would still pass remote Tor checks, while your DNS requests could be done through a standard name server which wouldn't resolve onion domains and might explain the error messages. You could also try opening example.noconnect. If it leads to the same error message you're not using socks4a. Additionally you could build Privoxy 3.0.7 from CVS to get a less useless error message in case of forwarding failures. It wouldn't solve the problem, but might make diagnosing it easier. Fabian signature.asc Description: PGP signature
Re: is this a bandwidth problem? my IP is a TOR exit, the client works and the server doesn't
Rip Rock [EMAIL PROTECTED] wrote: On 7/22/07, Roger Dingledine [EMAIL PROTECTED] wrote: I think the problem might be a lack of bandwidth. No, the problem is that your ports aren't reachable. Okay, the problem is my ports. And because my logs had lacked the error messages described by Fabian, I guess I have socks4 where I ought to have socks4a, although I had thought that I had socks4a because my Privoxy config file has the line: # forward-socks4a / localhost:9050 . But of course the little dot prevents the forwarding from being used. There's nothing wrong with the dot. It indicates that there's no HTTP proxy after the socks proxy. So I tried taking out the . and LittleSnitch reported that Privoxy was now trying to access the net when I tried to find the hidden service. That's because invalid configuration directives are ignored (and valid forward-socks4a directives end either with a dot or with a HTTP proxy address). Have a look at: http://config.privoxy.org/show-status to see which of your configuration directives are ignored. I now see that there is an error: Jul 22 23:53:09:137 [Notice] Rend stream is 120 seconds late. Giving up on addre ss '[scrubbed].onion'. Now, the fact that I have that would lead me to think I have socks4a, At least you had it at Jul 22 23:53:09:137 ... but example.noconnect leads to an identical error page, so maybe I don't have socks4a, or maybe some other thing is going wrong with the 9050 mentioned in the file and the 8118 mentioned on the error page. I think you messed up your Privoxy configuration file while debugging this issue. I imagine the worst-case scenario is that I'll be unable to resolve any .onion URLs until Does http://6sxoyfb3h2nvok2d.onion/ load for you? You may have to try it several times. That address opens immediately with the message: [quote] The hidden wiki is gone. If you set up a new one and post the link to the or-talk list I'll link it from here. 06/07/07. Some Hans Zaagman suggested in a post to or-talkhttp://archives.seul.org/or/talk/Jun-2007/msg00215.htmlto use http://hy2644uxnz6zwt6c.onion/hidden/ as a replacement. 07/07/07. [/quote] So this hidden service appears to be working. The problem comes when I try to open http://hy2644uxnz6zwt6c.onion/hidden/ which always takes at least 30 seconds, usually much longer, and results in a 404 error. This hidden service doesn't work for me either, maybe it's just not running. So anyway I went into the config file of Privoxy and added the following below the forward socks4a: forward-socks4a / localhost:9050 forward-socks4a / localhost:8118 forward 192.168.*.*/ forward 10.*.*.*/ forward 127.*.*.*/ This was inspired by reading the faq/configuration file. However, neither the new hidden wiki, nor example.noconnect, show any new behaviors -- they both show the same error page, except for the URL. That's probably because none of these lines use correct syntax (and the second one is probably wrong anyway as it would overrule the first one and it's unlikely that Tor is listening at port 8118). The configuration file of the official Privoxy release should contain the same (valid) lines as: http://www.privoxy.org/faq/misc.html#TOR Fabian signature.asc Description: PGP signature
Re: Meeting at Chaos Communication Camp 07
On Thu, 2007-07-19 at 15:30 +0200, Benedikt Boss wrote: Hej all, im going to attend this years Chaos Communication Camp held near Berlin/Germany and was wondering who of you is going there too. Maybe we can held a meeting there or simply meet. If you dont know what im talking about or want more information about the camp you can find all informations on the following site: http://events.ccc.de/camp/2007/Intro/ Hi, there is a privacy village, but seems to be a very german oriented initiative. Anyway I hope to be there, and maybe some other from PWS will be there too. Knock me after the 7. Ciao.Marco Greetings Benedikt -- +--- http://www.winstonsmith.info ---+ | il Progetto Winston Smith: scolleghiamo il Grande Fratello | | the Winston Smith Project: unplug the Big Brother | | Marco A. Calamari [EMAIL PROTECTED] http://www.marcoc.it | | DSS/DH: 8F3E 5BAE 906F B416 9242 1C10 8661 24A9 BFCE 822B | + PGP RSA: ED84 3839 6C4D 3FFE 389F 209E 3128 5698 --+ signature.asc Description: This is a digitally signed message part
Re: Tor takes too much RAM
Just to toss some more numbers into the fray. Tor 1.2.14 I'm looking at about 62 MB resident, with 120 open connections (both incoming and outgoing, from lsof and wc -l.). Actual bandwidth is about 30KB/s, maximum advertised is supposed to be 20, but Vidalia reports that it's 33 KB/s. I'm on a mac, 10.4.9. VSize is 110 MB. (In fairness for reporting, Mac's memory allocation is very slow to remove unused pages out of memory. Tor was running mostly uninterrupted for the last 24 hours, and I just started using Firefox to read my mail.)
Re: Blocking child pornography exits
Why doesn't the EFF implement an option like 'no_exit_cp=YES' for server configurations that would allow people to block child pornography? I wish to run a tor exit node but, having been molested as a child, will not do so until such a feature exists. you can't run a completely open anonymous router network without being a conduit for child abuse and other evils. ... Here is one such list: http://squidguard.shalla.de/shallalist.html Alright, so how do you define child pornography? Are you saying that this un-elected, un-appointed group should be given arbitrary blockage authority over the whole internet, for every country? For any action, there may be many possible results, and it seems to me that if one of the evils is overwhelming, it is artificially hedging the issue to say you have no responsibility for it. You claim that Child Pornography, whatever that is, is an overwhelming evil. What if there are others? Who defines an overwhelming evil? So, if you have an action like We'll have central monitoring of every internet connection made, and there's one overwhelming evil that comes out of it, that it is unacceptable to not take responsibility for it? We're fighting terrorists, protecting the country. Tor is, among other things, fighting back against that. Are you really saying that you want to put a different agency/group/goal in charge of doing the same thing? You can't talk to them -- they're [ ] Terrorists [ ] Child Pornographers [ ] Evil skinheads [ ] Enemies of the state [ ] Trouble makers [ ] Out to overthrow the oppressive natural government inherited from God, Lord protect us all (check one). The game is Selectively block who you can talk to. Strange game. The only winning move is not to play
Re: Tor takes too much RAM
Roger Dingledine wrote: You might try downgrading to 0.1.1.26 briefly, and see how it compares to the current situation. I'll give it a try, too. But where to download version 0.1.1.26? regards, Olaf
Re: Tor takes too much RAM
* Olaf Selke schrieb am 2007-07-22 um 21:26 Uhr: I'll give it a try, too. But where to download version 0.1.1.26? http://tor.eff.org/dist/tor-0.1.1.26.tar.gz Besten Gruß -- Jens Kubieziel http://www.kubieziel.de Ich arbeite nach dem Prinzip, dass man niemals etwas selbst tun soll, was jemand anderer fuer einen erledigen kann. Dean Archeson signature.asc Description: Digital signature
Re: Blocking child pornography exits
On Sunday 22 July 2007 05:58:23 Ron Wireman wrote: Unfortunately, this 'separation of concerns' you're a proponent of doesn't work in the real world. In the same way that you can't insert a piece of metal into someone with a high calibre rifle without grievously injuring then, you can't run a completely open anonymous router network without being a conduit for child abuse and other evils. For any action, there may be many possible results, and it seems to me that if one of the evils is overwhelming, it is artificially hedging the issue to say you have no responsibility for it. If tor can't be designed in a way that strongly discourages or prevents people from using it for evil, it shouldn't exist. To pick up on your analogy, what you are asking for here is a gun that cannot shoot innocent people. And if you can't make a gun that only kills people who deserve it then guns shouldn't exist. We all know that weapons (and you can include Tor and the cryptography that underlies Tor in that category) can be used for evil ends [1]. They provide security and can guarantee freedom, but some asshole is always going to use them to do something horrible and make us wonder why we ever invented them in the first place. But a little reflection makes us realize that assholes and murder existed long before the first high calibre rifle, and in fact the high calibre rifle gives us all a better chance of defeating the assholes in the long run, particularly if they're bigger than us and trying to get into our house. Child pornographers and their ilk remind us that privacy, like true freedom of speech, is not an unmitigated blessing but a necessary evil. A bank can secure your bill payment from prying eyes with SSL, so a criminal can do the same with his obsene images. No one is suggesting that SSL develop obscene image filters. The assholes can use SSL/PGP/Tor as much as we do but because these tools protect our privacy we *all* can use them to protect ourselves from even bigger assholes than child pornographers. [1] Most cryptography is classified as a munition in the US and subject to the same export controls. -- Browse Anonymously Anywhere - http://anonymityanywhere.com TorK- KDE Anonymity Manager - http://tork.sf.net KlamAV - KDE Anti-Virus- http://www.klamav.net
Re: Blocking child pornography exits
On Sun, 2007-22-07 at 13:57 -0700, Michael_google gmail_Gersten wrote: Short version: If I knew how to build a version of Tor that could be used only for Good and never for Evil, I surely would. But I have no idea how to do that well, and I don't think anybody else does either. (There are proposed solutions to do that. They are bad.) Ahh. When you put it that way, there is a simple solution. Remember, the IP specs define a malicious bit that all bad, evil data packets will set if they are standard compliant. So, as long as these evil users comply with the standards, Tor can filter them out. All done :-). humour Sadly Evil (users/persons/companies/etc) almost never self identify as such. And so, would fail to set the bit because in their view it doesn't apply. Leaving us with a situation in which only people with a conscious, and a guilty one at that, would set the bit. It has been my experience that most people that fall into the would set the bit category are not the ones people need to worry about, but rather persons being far to hard on themselves for human failings. so unfortunatley filtering on the evil bit probably wouldn't help much. /humour as a side note I've always thought it would be neat to packet sniff and see if anyone is actually setting this bit. But I'm routered and thus most of the interesting stuff never makes it to my machine.. I could always DMZ myself I suppose but seems like a lot of work for such trivial curiosity. Have a pleasant day all Freemor [EMAIL PROTECTED] Freemor [EMAIL PROTECTED] This e-mail has been digitally signed with GnuPG See: http://gnupg.org/ for more details signature.asc Description: This is a digitally signed message part
Re: Tor takes too much RAM
On Fri, 20 Jul 2007, Ben Wilhelm wrote: I'd love to keep it running, but when it's singlehandedly chewing up more than half of my system's RAM, it just isn't going to happen. Any suggestions on this? Are there config options I can tweak to make it a little less RAM-hungry, or is it just intrinsically a memory gobbler? What OS/Rev/Hardware are you running? cheers! == A cat spends her life conflicted between a deep, passionate and profound desire for fish and an equally deep, passionate and profound desire to avoid getting wet. This is the defining metaphor of my life right now.
Re: Tor takes too much RAM
Thus spake Roger Dingledine ([EMAIL PROTECTED]): On Sun, Jul 22, 2007 at 10:35:56AM +0200, Olaf Selke wrote: Yes, my directory authorities are using way too much ram too. It appears that we introduced something bad in 0.1.2.x that wasn't present in 0.1.1.x. today I noticed that according the FAQ tor needs 768 MB ram each 10 Mbps bandwidth :-) No, this is not true. At least, it wasn't true for 0.1.1.x. Some kind soul appears to have modified the FAQ to report the current situation, rather than bugging anybody about the problems. :) A few months ago we had plenty of people running at 30Mbps+ using 200M or 300M of memory, back when 0.1.1.x was the recommended stable. You might try downgrading to 0.1.1.26 briefly, and see how it compares to the current situation. I have done this, and have been running 0.1.1.26 for about a couple weeks weeks. It appears to be leaking at about the same rate as 0.1.2.14 did. Since this problem suddenly showed up, yet 0.1.1.26 has been out for ages, perhaps it is a client problem? There is that issue where clients can send too many SENDMEs and fill up server buffers.. Maybe there is a SENDME leak? -- Mike Perry Mad Computer Scientist fscked.org evil labs pgprjIBR8lfyx.pgp Description: PGP signature
Re: Tor takes too much RAM
On Mon, Jul 23, 2007 at 12:14:20AM -0400, [EMAIL PROTECTED] wrote 0.7K bytes in 13 lines about: I've created a Flyspray entry for this apparent bug. http://bugs.noreply.org/flyspray/index.php?do=detailsid=468 Please post the relevant details to the flyspray entry. We're looking for details to try and correlate code changes to what might be causing this excessive memory usage. Thanks! -- Andrew
