Re: Tor raid [was: cease and desist from my vps provider...]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 thus Marco Predicatori spake: morphium, on 02/04/2011 03:08 PM, wrote: Oh and yes, they took only my hardware @ home, not the Server in the data center that actually DID run Tor and that the bad IP belonged to. That's interesting, because it means that running the node away from home doesn't affect the chance of being harassed at 5 AM. :-( Well, it's not only due to 'their' misunderstanding of TOR, but it's part of the game: They want to scare you. Timo -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFNT8Rqfg746kcGBOwRAgpYAJ4hngGOaOT9AFqNrwpMYedyONSNtwCglFEK tCf2m2gHY91SQfQiZbJZ0yo= =jwtS -END PGP SIGNATURE- *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: geeez...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 thus Mike Perry spake: Some of us are also compiling abuse response templates. The goal for abuse responses is to inform people about Tor, and to suggest solutions for their security problems that involve improving their computer security for the Internet at large (open wifi, open proxies, botnets), rather than seeking vengeance and chasing ghosts. The difference between these two approaches to abuse is the difference between decentralized fault-tolerant Internet freedom, and fragile, corruptible totalitarian control. Is there any place (e.g. in a wiki) where one could find or even upload his own 'response template', as I might assume that they will be very specific to the country's law they're issued? Such a thing could be helpful for many of us. Timo -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFNLWcVfg746kcGBOwRAkjBAJ0cmrvDTbJJj+aU04fuOhaFs+BYhQCfdAQn qvVOpZUsi9qIpLZHoibrWHE= =KidE -END PGP SIGNATURE- *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor in German media (27c3)
On 01/04/2011 05:46 PM, Dirk wrote: Moritz Bartl wrote: Hi, FYI: The German public radio network Deutschlandfunk put up an interview with Julius Mittenzwei, the Chaos Computer Club lawyer, about Tor. http://vimeo.com/18267378 (german only) So all I need is a competent lawyer to run as many exit nodes as I want in Germany? Just great... the brainwashing already made me believe that I'd ruin my life if I did. I'll consult a local lawyer who is a specialist in this field. From my point of view the question arises if it'd be possible to create groups of admins that belong to the same 'area' in terms of the law being applied there, e.g. all TOR (exit) node operators of Germany, France, Great Britian, Zimbabwe, whatever, in order to concentrate on defending against attacks on that level. I used to run two medium-bandwidth exit nodes, but as the complaints about it began to rise above a certain level I shut them down. Maybe temporarily, I don't know. Cheers, Timo *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Full bandwidth is not used.
thus Paul Menzel spake: Dear Thomas, Am Mittwoch, den 13.10.2010, 10:31 -0400 schrieb Thomas S. Benjamin: Is your relay running on a virtual machine (V-colo)? Yes, the relay is running on a virtual machine. If so, check your user beancounters, they may show you which resources are being exhausted. Xen is used. So I cannot check those entries, but according to the FAQ, this should not be a problem [1]. I also checked with `top` on Dom0 and DomU and the ressources are barley used. Xen doesn't use beancounters, they're used in OpenVZ, e.g. You should be able to find out lack of resources of your Dom0 and DomU by using the 'usualy' utilities and `xentop', e.g. Also, do you find any messages in your log? The log just contains the normal `[NOTICE]` messages. Maybe the problem resides outside of what he can see, maybe there's traffic shaping/accounting with limiting after a certain useage taking place? Thanks, Paul Best, Timo [1] http://archives.seul.org/or/talk/Mar-2010/msg00155.html [2] https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ#CanIrunaTorrelayfrommyvirtualserveraccount *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor Exit Node Sponsorship - looking for partners
thus David Triendl spake: Hi everyone, Have you guys thought organizing a (very) public Kickstarter.com project for the purpose of raising the funds and creating awareness of need? Kickstarter has three disadvantages: 1) It does not allow recurring fees, you'd have to start a new project for every payment you want to make. This also means that someone who funds the first Kickstarter project will not necessarily have to fund the second one. 2) The creator and benificiary of the project has to be in the USA and have a bank account there. 3) You can only pledge if you have an Amazon Payments account, for which you need a credit card. Not everyone has (or wants) one. As much as I hate to say this, PayPal might be a better alternative here. (Or simple bank transactions for euroland people). I quite like the idea of having another big node. While 20 small non-exit VPS with only a few 100 kilobyte throughput are nice, one big machine with 150 MBit/s thoughput (~ 100 TB a month) that has an open exit policy and good abuse handling is nicer. Offering some backup space and VPN (maybe from a second IP reserved for VPN use) is a nice incentive too, btw. Hi, I don't want to be a party-pooper, but installing just another big node (like blutmagie) would still mean * relatively (still very low) redundancy * strong agglomeration of traffic on only a few nodes (thus leading to) * relatively simple eavesdropping of exit traffic When speaking in terms of bandwidth, e.g. 150Mbps, then I'd rather spread it across n machines with 150Mbps/n each. Just a thought. Cheers, David Timo *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor Exit Node Sponsorship - looking for partners
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 thus Al MailingList spake: Hi, I don't want to be a party-pooper, but installing just another big node (like blutmagie) would still mean * relatively (still very low) redundancy * strong agglomeration of traffic on only a few nodes (thus leading to) * relatively simple eavesdropping of exit traffic When speaking in terms of bandwidth, e.g. 150Mbps, then I'd rather spread it across n machines with 150Mbps/n each. Just a thought. Cheers, David Timo *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ Any new nodes are great, +1 but it does seem like the best option might be to get people to donate to a pool of money, from which a number of smaller servers are paid for. +1 Ideally also, there would be a pool of admins, so a different person could run each node (or at least a few nodes of the larger pool)? I'd like to mention that it'd be an ideal solution, especially to 'create trust', to have an XOR-like admin network. So, admin A is responsible for node A, admin B - node B, etc, while nobody knows another nodes credentials. However, they of course may belong to the same family. Al Timo -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org/ iD8DBQFL6aeGO/2mgkVVV7kRAn3qAKCs2dSpWTnSE59OSGBMgZpm3JRI1QCfWQy3 oOxyUZccTB7nQI/uxCfp17M= =4GeY -END PGP SIGNATURE- *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: blutmagie quad core upgrade
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 M wrote: Hello I've been wondering this for a long time. How do you keep your exit node running without interference from ISP / local police etc.? Especially when it's the largest exit node. Do a 'whois' for Olaf's IP range... ;) Timo I've had two exit-nodes which both we're closed, first by KRP (National Criminal Police, finnish) and had all my hardware taken by cops (2008) and second one was closed by ISP (2010) even I had informed them about Tor-exit and asked if it was okay to run exit node. It was until they got first abuse-notices, then they shut the node down. I was able to run it about six days. I was able to get off the contract because ISP broke their promises. M Olaf Selke wrote: hello, blutmagie exit node has replaced its former socket 775 core2 duo E8600 cpu by a socket 775 core2 quad Q9650. Furthermore memory is upgraded from 4 to 8 GB. Instead of one heavily loaded core which probably has been bad for latency there are now four moderately loaded tor processes running. Blutmagie, blutmagie2, blutmagie3, and blutmagie4 are announced as one family and each core runs safely below 100% cpu load which is hopefully good for latency ;-) BandwidthRate each process is set to 6000 KB. regards Olaf -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org/ iD8DBQFL5Cd4O/2mgkVVV7kRAiFzAJ4jUICQydVFgDKQMrMqY91+o/sAGACfTQW5 VqiCt7z29m13TDMttfJubDM= =7+Ua -END PGP SIGNATURE- *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Botnet attack? [was: Re: Declining traffic]
thus Roger Dingledine spake: On Fri, Apr 23, 2010 at 02:35:01PM +0200, Timo Schoeler wrote: I'm seeing declining traffic over the last few weeks, please see graph: It dropped from a sustainted 2,5Mbps (or more) to about a fifth, with a massive drop today. I'm running tor-0.2.1.25-1.el5.rf on a 64Bit CentOS machine. Is there something going in the TOR network? My first thought is that you updated your openssl rpm in centos, which disabled tls renegotiation in yet another new way, and that broke your Tor relay. Meaning your relay still worked, but it would only do tls renegotiation with other people with centos's particular openssl twist. Tor 0.2.2.11-alpha fixes the issue we hope: - Fix SSL renegotiation behavior on OpenSSL versions like on Centos that claim to be earlier than 0.9.8m, but which have in reality backported huge swaths of 0.9.8m or 0.9.8n renegotiation behavior. Possible fix for some cases of bug 1346. But we haven't yet put out a stable release that includes that patch. So if you upgraded to the latest 0.2.2.x-alpha to get the fixes for other bugs, you would get the fix for this bug too. Let us know if it works. Hi, after installing v0.2.2.13-alpha (git-feb8c1b5f67f2c6f) and downgrading OpenSSL before this, my setup works again -- somewhat. When running tor, I see i) CPU cycles being eaten up by tor almost entirely; ii) my machine experiences things like those: TCP: Treason uncloaked! Peer 217.230.25.218:49206/9001 shrinks window 2175675571:2175696065. Repaired. TCP: Treason uncloaked! Peer 217.230.25.218:49206/9001 shrinks window 2175675571:2175696065. Repaired. TCP: Treason uncloaked! Peer 217.230.25.218:49206/9001 shrinks window 2175675571:2175696065. Repaired. TCP: Treason uncloaked! Peer 124.160.123.73:32536/9001 shrinks window 554805076:554806568. Repaired. TCP: Treason uncloaked! Peer 87.145.230.151:58404/9001 shrinks window 2362284953:2362292307. Repaired. TCP: Treason uncloaked! Peer 87.145.230.151:58404/9001 shrinks window 2362284953:2362292307. Repaired. TCP: Treason uncloaked! Peer 87.145.230.151:58404/9001 shrinks window 2362284953:2362292307. Repaired. One is a chinese dialup, the other ones are from a big German ISP (Deutsche Telekom AG). For me it really seems as there's some kind of botnet attack going on. --Roger Timo *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: (FWD) Re: Declining traffic
Roger Dingledine wrote: For those who haven't noticed yet, relays on Centos running 0.2.1.25 will fail to work as expected. You should either upgrade to 0.2.2.12-alpha, or wait patiently for 0.2.1.26. Hi, I installed .12-alpha yesterday (hit by the OpenSSL issue), but it doesn't fix it. Will try .13-alpha, when it still doesn't work, I'll downgrade my OpenSSL... Thanks, Timo Thanks, --Roger - Forwarded message from owner-or-t...@freehaven.net - From: Mikael Fornius m...@abc.se To: or-talk@freehaven.net Subject: Re: Declining traffic Date: Fri, 23 Apr 2010 21:35:46 +0200 Roger Dingledine a...@mit.edu writes: So if you upgraded to the latest 0.2.2.x-alpha to get the fixes for other bugs, you would get the fix for this bug too. Let us know if it works. I upgraded to latest torproject rpm alpha version and latest openssl from centos just now and I do not experience the problems I did before, traffic behaves normal. The ssl issue I had seemes to be fixed, thanks! :) /mfo (poster of ticket 1356) *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Declining traffic
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 thus Brian Mearns spake: On Fri, Apr 23, 2010 at 8:35 AM, Timo Schoeler timo.schoe...@riscworks.net wrote: Hi, I'm seeing declining traffic over the last few weeks, please see graph: It dropped from a sustainted 2,5Mbps (or more) to about a fifth, with a massive drop today. I'm running tor-0.2.1.25-1.el5.rf on a 64Bit CentOS machine. Is there something going in the TOR network? Thanks, Timo Any chance your ISP is throttling you? 100% *not*. -Brian Timo -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFL0Z7xfg746kcGBOwRAksdAKCCKDzanDLHshQH8QHYbgfopPSFAQCfacnd MAFQW8v60W7UFhuGOs/Jnzg= =nXhn -END PGP SIGNATURE- *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Declining traffic
On 04/23/2010 03:51 PM, Sebastian Hahn wrote: On Apr 23, 2010, at 3:21 PM, Timo Schoeler wrote: thus Brian Mearns spake: Any chance your ISP is throttling you? 100% *not*. Another possibility would be that your relay is heavily overloaded. See the big thread on tor-relays about the problems and potential solutions [0]. Sebastian [0]: http://archives.seul.org/or/relays/Apr-2010/msg00029.html thx, I saw this discussion but didn't follow it close enough, as it seems. However, I just installed the most recent alpha instead of the out-dated RPM version. Though, it seems that we'll have to wait for .13 to have this issue fixed? [1] [1] -- http://archives.seul.org/or/talk/Apr-2010/msg00176.html *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Announce: amnesia Live system 0.4.2
thus Hannah Schroeter spake: Hi! Hi, Just checked a bit. On Wed, Feb 10, 2010 at 11:13:05AM +0100, intrigeri wrote: Hannah Schroeter wrote (09 Feb 2010 21:26:07 GMT) : 404 Not found for both the RSS and the Atom. oops, sorry, the correct links are: - RSS: https://amnesia.boum.org/torrents/rss/index.rss - Atom: https://amnesia.boum.org/torrents/rss/index.atom They're right now. Btw, if you want people to do something (keep seeds running), perhaps make it less work for them. I.e. push principle instead of pull principle (having to actively poll a feed on and off, no, I'm not one of the RSS/... junkies anyway). Well, this would be great, but I don't know any way of pushing new .torrent files to seeds we don't manage ourselves; we need to research this, as solutions probably exist already. Any idea? I don't see a *completely* automatic solution, and I didn't mean it either. I meant things like announcing them by mail (and ensuring that one doesn't need *too* frequent updates, +1. I could provide a bunch of well-connected machines seeding, but updates on new releases would be best by email. I like it old school. ;) as that would pose additional workload on seed operators, as well as additional download load to them, too). One also has to follow quite many links from the start page (or the download page) to finally actually *get* to the torrents. Perhaps optimize the link depth? Ack, we will try to fix this. Okay. wget also complains about a certificate mismatch $ wget https://amnesia.boum.org/torrents/files/amnesia-i386-gnome-0.4.2-20100207.torrent --22:25:04-- https://amnesia.boum.org/torrents/files/amnesia-i386-gnome-0.4.2-20100207.torrent = `amnesia-i386-gnome-0.4.2-20100207.torrent' Resolving amnesia.boum.org... 204.13.164.189 Connecting to amnesia.boum.org|204.13.164.189|:443... connected. ERROR: certificate common name `boum.org' doesn't match requested host name `amnesia.boum.org'. To connect to amnesia.boum.org insecurely, use `--no-check-certificate'. Unable to establish SSL connection. Agreed, this is truly annoying. The certificate is actually valid: it has the *.boum.org wildcard listed in Subject Alternative Name. Many clients, such as wget, don't understand such valid, though uncommon, certificates. I'll ask the webhost sysadmins to get a new certificate with amnesia.boum.org explicitly listed as a SubjAltName. Okay. Staying tuned a bit. Kind regards, Hannah. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Announce: amnesia Live system 0.4.2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 thus intrigeri spake: | Hi, Hi, | Max wrote (08 Feb 2010 16:51:44 GMT) : | Thanks for the info, it is recommended to add these apps too: | http://www.vorratsdatenspeicherung.de/CD/preview/amnesiacd.html | | What do you mean by it is recommended? Recommended by whom? 'Vorratsdatenspeicherung' is a group of people that is against telecommunications data retention by the state/government/capitalists and recommends (usually open source) software to escape it (thusly 'recommended' to achieve this). Timo | Thanks for the hint anyway, we're going to have a look at this list | and decide on a case-by-case basis. | | Bye, | -- | intrigeri intrig...@boum.org | | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr-fingerprint.asc | | So what? | *** | To unsubscribe, send an e-mail to majord...@torproject.org with | unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ | -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFLcmR0fg746kcGBOwRAlBqAKCgKEPEulqZ24W4teBwxExuEeAZcACffzQH 5D7mOIpFn9fPW80pXt1RjHI= =Ryeb -END PGP SIGNATURE- *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: My tor exit node is STILL gone from the node list
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 thus Scott Bennett spake: | On Tue, 21 Jul 2009 00:03:10 +0300 Alexandru Cezar t...@ze.ro | wrote: | Best of luck getting your provider to straighten out the routing. | I have limited experience in running servers. From what I found out, my Xen dom0 is traceable | (89.248.169.106), while the virtual host running TOR is not (89.248.169.109, vif-bridge). I can | still access the web server running on 109 though. | Is this a Xen misconfiguration? I can't think of anything that I have changed. | | I've never worked with Xen, so I can't answer that. However, it is | certainly possible to misconfigure other virtualization environments in | ways that would probably cause those symptoms. OTOH, it strikes me as | more likely that the host system's packet filtering/redirection/NAT software | may be misconfigured. Xen doesn't yet run on the BSDs, AFAIK, so I'll guess | that it's running on a LINUX system of some flavor, so iptables is probably | the filtering package. Beyond that, I can't tell you much. Some of the | LINUX users on this list ought to be able to give you some help in figuring | out whether the problem is with Xen or with the host system. | | | Scott Bennett, Comm. ASMELG, CFIAG hi, a vif-bridge in Xen does, what it's name says: It bridges. So when your domU has a 'proper' (plain standard seen from within the domU itself) IP setup, there's no difference to a bare metal host. However, as I see, your problem's already fixed? Best, Timo -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org iD8DBQFKZWMqfg746kcGBOwRAjMgAKC37tgWTftU17sEoLR47yC23I55AACaAyjf aKA5vUmSbC8YXFuU+tGpofI= =7lXw -END PGP SIGNATURE-
Re: My tor exit node is STILL gone from the node list
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 thus Alexandru Cezar spake: | Hi list, | | I am still struggling to get my server back on the list of Tor nodes. For several months it | was among the top 5 nodes, pumping 15TB a month. I am paying a lot of money for that machine, | and I don't see why it just doesn't work any more. | | Let me reiterate what's happening: Since April, the node disappears from the node list after a | few hours of running. I have tried to change exit policies, node name, node keys, ports and IP | (within the same subnet). After the IP change the node was listed (and used) for several hours | before it vanished. There's nothing about in the log file. | | It seems as if the node is unreachable from some of the authority servers, but I have no idea | what to do about that. My ISP says that routing is fine and everything should work as | expected. I don't understand why the node stays listed for a few hours before disappearing. | Can someone please help me get this 100EUR/mnth node up again? | | Information about the node: | | Current IP 89.248.169.109 (previously 89.248.169.108) | Nickname kyirong2 (previously kyirong) | Fingerprint D3EB 3132 99A0 082A 4A4E 10E0 EB75 8E4F 0163 F4F0 | (Old fp: A8BD 32A9 C2F2 0C4F 8ED2 C26C E477 0A24 85E3 CD22) | | Tor 0.2.1.17-rc Debian | DirPort 80, ORPort 8080 | | | -- | Alexandru Hi again, besides the routing stuff I saw that on the mentioned IP (see above) there's a nice disclaimer-like website that impresses me. I'm still not sure whether to pimp my node to be an exit node or not (due to the supressing that happens here in Germany). However, this suits me well. Is this a usual practice for TOR admins, and if yes, is there a multilingual approach? Best, Timo -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org iD8DBQFKZWkwfg746kcGBOwRAlwMAJ0XgV8rkGMq+5r4pc8yO+KI/RsMdwCguzb1 fErXJrwX3tlaUXGvtqlcr1Y= =z1Ji -END PGP SIGNATURE-
Re: My tor exit node is STILL gone from the node list
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 thus Scott Bennett spake: | On Tue, 21 Jul 2009 08:41:46 +0200 Timo Schoeler | timo.schoe...@riscworks.net wrote: | thus Scott Bennett spake: | Actually, no, I didn't, but I did write :-) : | | On Tue, 21 Jul 2009 00:03:10 +0300 Alexandru Cezar t...@ze.ro | | wrote: | | Best of luck getting your provider to straighten out the routing. | | I have limited experience in running servers. From what I found out, | my Xen dom0 is traceable | | (89.248.169.106), while the virtual host running TOR is not | (89.248.169.109, vif-bridge). I can | | still access the web server running on 109 though. | | Is this a Xen misconfiguration? I can't think of anything that I have | changed. | | | | I've never worked with Xen, so I can't answer that. However, it is | | certainly possible to misconfigure other virtualization environments in | | ways that would probably cause those symptoms. OTOH, it strikes me as | | more likely that the host system's packet filtering/redirection/NAT | software | | may be misconfigured. Xen doesn't yet run on the BSDs, AFAIK, so I'll | guess | | that it's running on a LINUX system of some flavor, so iptables is | probably | | the filtering package. Beyond that, I can't tell you much. Some of the | | LINUX users on this list ought to be able to give you some help in | figuring | | out whether the problem is with Xen or with the host system. | | | | | | Scott Bennett, Comm. ASMELG, CFIAG | | hi, | | a vif-bridge in Xen does, what it's name says: It bridges. So when your | domU has a 'proper' (plain standard seen from within the domU itself) IP | setup, there's no difference to a bare metal host. | | However, as I see, your problem's already fixed? | | Actually, it was Alexandru reporting the problem, not I, I know; sorry for my misleading eMail. I was responding to the thoughts WRT Xen. | but it's not | obvious that it is fixed. kyirong2 has been missing from the consensus | for quite a few hours now. I don't know whether that means he is trying | different Xen tricks, is working with his ISP, or some other possibility | that would leave his node down or unreachable for now. I came across the web page on the machine after I scanned it, to be honest. The results from this scan show a 'healthy' node regarding its network configuration (except one little thing that I will tell the TS), so it might be a routing issue (ISP) or an application problem. Best, Timo | Scott Bennett, Comm. ASMELG, CFIAG -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org iD8DBQFKZXolfg746kcGBOwRAusqAJ9QpPp92OX8752nd3b12KZHW/8eiwCfUhO5 5lB8KIOFbfvYW/q7E27Eui4= =oLl/ -END PGP SIGNATURE-
Re: Tor Exit Node Notice
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 thus Alexandru Cezar spake: | Hi Timo, | | besides the routing stuff I saw that on the mentioned IP (see above) | there's a nice disclaimer-like website that impresses me. I'm still not | sure whether to pimp my node to be an exit node or not (due to the | supressing that happens here in Germany). However, this suits me well. | Is this a usual practice for TOR admins, and if yes, is there a | multilingual approach? | | I basically got it from | https://tor-svn.freehaven.net/svn/tor/trunk/contrib/tor-exit-notice.html | and slightly modified the template. Feel free to use it. Thanks. :) | I don't know of any multilingual approaches, but I guess it would be nice | to have that. I could provide a germany template soon, but I have to look up the proper legal stuff (which is different in Germany). However, there's a law here (Grundgesetz, Paragraph 13) which states that it *should* not be too easy to enter your private rooms (flat, appartment, house, whatever) without having *serious* reasons for doing so. I don't see how running an exit node could endanger other persons lives (which is stated as an example for being 'serious'). IANAL, though... Timo | -- | Alexandru -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org iD8DBQFKZY3qfg746kcGBOwRAifJAJ9nfOH3UzimT/19aXiL6hUjHRQuogCcC8hC mMMazwvuwZiG+/Y+whhbOMs= =8JIY -END PGP SIGNATURE-
Re: Hetzner
thus Hannah Schroeter spake: Hi! Hi, On Thu, Jun 18, 2009 at 05:52:08AM +0200, Timo Schoeler wrote: So am I, running a middle node. However, for months now I'm thinking of reverting it to an exit node as the situation that everyone runs a middle node, but no one dares to run an exit node just lets TOR die. Hidden services will run very fine with only middleman and bridge nodes. that's true, for sure. However, we create a parallel world doing this. From a metaphysical POV (IMHO), TOR is (partly) existing to defend civil rights. But to be able to do this, it must exist not only in a 'parallel world'. Losing connection to 'this world' (today's internet) would mean to lose the 'war'. Best, Timo Kind regards, Hannah.
Re: Hetzner
thus Eugen Leitl spake: On Thu, Jun 25, 2009 at 10:28:23AM +0200, Timo Schoeler wrote: Hidden services will run very fine with only middleman and bridge nodes. that's true, for sure. However, we create a parallel world doing this. That's not a bug, it's a feature. I never said that it's a bug. I just said that if we drop the connection to the 'normal' internet we lost the fight. Things like the french revolution were without avail. From a metaphysical POV (IMHO), TOR is (partly) existing to defend civil rights. But to be able to do this, it must exist not only in a The free, uncesored Intenet is dead. So, we already lost it. The sooner we acknowledge this, and realize that we need an anonymizing publishing layer on top of that the better. The problem is that TOR (and any other system accomplishing this target) excludes the 'masses', if one may say so. I keep harping about that since early 1990s. Surisingly little has happened since. 'parallel world'. Losing connection to 'this world' (today's internet) would mean to lose the 'war'. Things are never quite black and white. A few things are, some are not. Have you ever seen a girl being 'a little big pregnant'? ;) There is a network that is censored and sniffed but also accountable, and hence less prone to abuse. On top of that you can have a network that anonymous/pseudonymous, unaccountable, and slightly abusive. There's a place for both of them to exist. True. Timo
Conspiracy: Piratebay owned by CIA (TOR involved, also)
http://joyn.org/conspiracy/ThePiratebay-owned-by-CIA.html
Re: Conspiracy: Piratebay owned by CIA (TOR involved, also)
thus Tom Hek spake: On Jun 23, 2009, at 15:01 PM, Harry Hoffman wrote: At $0.20USD/MB I was able to supplement my regular income. Soon I'll be able to quit my regular job. It's like all of those emails say, let your computer work for you! You get payed $0.20USD/MB? I only got an offer of 0,05 euro/MB from the AIVD (the Dutch intelligence service). Maybe I should think about moving to the VS.. -Tom :D Well, I just bought a nice house at the sea side in south west Portugal (paid by BND, for my exit nodes running ;). SCNR
Re: Conspiracy: Piratebay owned by CIA (TOR involved, also)
thus Scott Bennett spake: On Tue, 23 Jun 2009 13:22:04 +0200 Timo Schoeler timo.schoe...@riscworks.net wrote: http://joyn.org/conspiracy/ThePiratebay-owned-by-CIA.html Why did you post the above to OR-TALK? If you intended it to be some form of humor, you definitely missed the mark. Scott Bennett, Comm. ASMELG, CFIAG Neither humor nor pun intended. Sorry if I wasted your time/electrons/bandwidth. Best, Timo
Re: Conspiracy: Piratebay owned by CIA (TOR involved, also)
thus Scott Bennett spake: On Tue, 23 Jun 2009 16:25:01 +0200 Timo Schoeler timo.schoe...@riscworks.net wrote: thus Scott Bennett spake: On Tue, 23 Jun 2009 13:22:04 +0200 Timo Schoeler timo.schoe...@riscworks.net wrote: http://joyn.org/conspiracy/ThePiratebay-owned-by-CIA.html Why did you post the above to OR-TALK? If you intended it to be some form of humor, you definitely missed the mark. Neither humor nor pun intended. Sorry if I wasted your time/electrons/bandwidth. I repeat: why did you post it? What did you intend? You posted it without any explanation as to why anyone should bother. Scott Bennett, Comm. ASMELG, CFIAG i) because it's 'talk' and not '/dev/null' ii) meanwhile, a few people responded to it; even if the responses are humorous, they're still responses, aren't they?
Re: Hetzner
thus Sebastian Hahn spake: On Jun 17, 2009, at 8:28 PM, Sören Weber wrote: On Wed, Jun 17, 2009 at 5:58 PM, Fabian Keilfreebsd-lis...@fabiankeil.de wrote: Alleged copyright infringements. Yes, of course. He stated that he doesn't believe that these mails are caused by the owners of the servers. Rather he thinks that Hetzner could lose its face in some way. Additionally these mails are semi-automatically processed, so they have to invest manpower to get them forwarded (I'd be happy if they would just throw them away. Same effect). Hi Sören, thanks for your efforts so far! It would be great if Hetzner learned a bit more about Tor, so if you want, you may point them in the direction of tor-assistants. There are a few Germans who would be able to talk to them, if you think they still have trouble understanding how Tor works. I think it would be a good idea to educate the hosting providers before they decide to dislike Tor. Thanks! Sebastian Hi, IMHO it's not the problem of 'how TOR works' or the (unquestionable) benefits it provides, it's more the problem of the 'image' of the ISP that hosts (customer's) exit nodes and therefore might have problems with the local law (copyright infringements, etc). Especially the censorship^Wchild porn filtering discussion in Germany forces this topic being discussed, as claiming an exit node having provided access to forbidden content is the 'A-bomb of getting a host down' -- even if it didn't something forbidden. Best, Timo
Re: Hetzner
Hi Sebastian, Hi Timo, On Jun 18, 2009, at 8:00 AM, Timo Schoeler wrote: Hi, IMHO it's not the problem of 'how TOR works' or the (unquestionable) benefits it provides, it's more the problem of the 'image' of the ISP that hosts (customer's) exit nodes and therefore might have problems with the local law (copyright infringements, etc). The first step really is understanding how Tor works (for example, that there is a difference between exit and non-exit nodes). Sure. But -- from the ISP's lawyers POV -- where's the difference between providing _encrypted_ and maybe _anonymized_ access to $FORBIDDEN_CONTENT and _unencryped_, _not annonymized_ access? There just is no difference. You're _possibly_ (sic!) breaking the law, and this is sufficient to shut down your machine. This is some kind of 'minority report' becoming reality. But how Tor works doesn't stop at explaining the technical aspects, it's also about the community, the people who depend on it, and the role of the ISP. Especially the censorship^Wchild porn filtering discussion in Germany forces this topic being discussed, as claiming an exit node having provided access to forbidden content is the 'A-bomb of getting a host down' -- even if it didn't something forbidden. Being a part of that decision and clearly showing where you stand is better than passively watching. That's more than true; however, I just wanted to show (and thusly, prepare for action in consequence) that (especially) German ISPs will be much more rigid from now on. Timo Best, Timo Best Sebastian
Re: Hetzner
thus Eugen Leitl spake: On Thu, Jun 18, 2009 at 05:52:08AM +0200, Timo Schoeler wrote: So am I, running a middle node. However, for months now I'm thinking of reverting it to an exit node as the situation that everyone runs a middle node, but no one dares to run an exit node just lets TOR die. This is great, but please be careful. Depending on the Bundesland customs vary, and it's pretty clear that online anonymity in Germany is firmly in the crosshairs. Hence the discussion, I guess... ;) Eugen's mail: | I've used to run a Tor exit with Hetzner a couple years ago, which | resulted in several tet-a-tetes with the local (Bavaria) police. sounded very interesting. What was the reason for their visits? Two cases of complaints (petty online fraud), with the local cop acting as a proxy for the public persecutor, taking up the protocol. I denied the charges of course, and explained how Tor works, brought printouts, including a list of nodes and my node being listed. One case was a fax from BKA accusing me in trafficking in pedophilia. I decided that I don't really want to have my family deal with a search warrant in the wee hours, and switched to middleman. No complaints so far. Hard stuff. But since 'they' have those 'weapons' against running an exit node, what can we do (technologically, politically, ...) against it, to provide free speech in future? The problem remains: No exit nodes, no reliable/fast/stable/anonymous TOR. This has to be fixed, and the urgency to fix this gets stronger every day (see geopolitical stuff, yallayalla).
Re: Hetzner
thus Bernhard Fischer spake: On Wednesday 17 June 2009, Eugen Leitl wrote: I've used to run a Tor exit with Hetzner a couple years ago, which resulted in several tet-a-tetes with the local (Bavaria) police. I don't think Hetzner will give a damn if you're running a middleman. Especially if it's throttled, so you're not making them lose money on you. That's also my opinion. We also ran an exit node at Hetzner which lead to several discussions with their abuse people. One time the server simply was shut down and it took me days and much discussion to bring them to activate the network again. They have been very uncooperative all the time. As a consequence, we moved our services away from Hetzner. Bernhard All other ISPs (in Germany) will behave exactly the same way due to suppression from the state... Timo
Re: Hetzner
I've used to run a Tor exit with Hetzner a couple years ago, which resulted in several tet-a-tetes with the local (Bavaria) police. I don't think Hetzner will give a damn if you're running a middleman. Especially if it's throttled, so you're not making them lose money on you. That's also my opinion. We also ran an exit node at Hetzner which lead to several discussions with their abuse people. One time the server simply was shut down and it took me days and much discussion to bring them to activate the network again. They have been very uncooperative all the time. As a consequence, we moved our services away from Hetzner. Bernhard All other ISPs (in Germany) will behave exactly the same way due to suppression from the state... Timo Note how that even after multiple abuse shutdowns, much discussion, eventual reactivation (thereby indicating that they understood that the alleged abuse did not originate from the customer), and a history of uncooperative behavior on their part: they still pretend that they have never heard of Tor. It looks like they just want people to waste time and energy explaining it to them. They hope that if it becomes too much trouble for you, maybe you will choose another provider. Maybe that this is the normal 'modus operandi'. There's lusers and geeks running TOR -- those get into that mode. Timo