Hi George,
You sell yourself short. It was a good first attempt. Now I should
clarify. The last time I spoke to Karsten about this they indicated
that the measurement team has other priorities (not obvious from the
outdated roadmap). Karsten quoted an approximation of a year+ before a
replacement
Oh I see, so they happened before. I wasn't sure about that. In that
case the last consensus stored locally must have been many days old.
If that's the case you would bootstrap from dirauths then use your
guard for tunneling later directory request.
--leeroy
Hi,
UseEntryGuardsAsDirGuards defaults to 1 in torrc.
So if you did not change this default you will use entry guards for
tunneling directory connections.
--leeroy
On 8/21/2015 at 7:46 AM, tordev...@safe-mail.net wrote:
Original Message
From: Mike Perry
Subject: [tor-dev]
Hi,
I'm curious what analysis has been done against a gateway adversary.
In particular dealing with the effectiveness of entry guards against
such an adversary. There's a part of me that thinks it doesn't work at
all for this case. Only because I've been studying such an adversary
at the AS-level
Hi Joss,
Thank you for the fine paper. I look forward to reading it. Karsten
would be keen on it too (and maybe also your offer) if you haven't
already forwarded it to them. My interest in fixing it is (mostly)
recreational. I have some thoughts on how to proceed, but I'm not a
representative of
Hi,
As some of you may be aware, the mailing list for censorship events
was recently put on hold indefinitely. This appears to be due to the
detector providing too much false positive in it's current
implementation. It also raises the question of the purpose for such a
mailing list. Who are the
a) The network is not hostile and allows access just fine, but...
This came up before didn't it. Nick mentioned that the question
`network down` isn't the easiest question to answer portably.
Supposing such a network could have it's properties (like route)
enumerated this might provide another
Thanks for the input!
Hey, no problem. Thank you for working on this too.
Can you suggest a retry amount and time interval?
If the adversary is at the gateway and can do filtering, they pretty
much want some rotation. Whatever that reason may be (choose a guard
you've already chosen, or
Hi Philipp,
First, thank you for the input. I will certainly review your
discussions with other measurement team members. I'm sorry I wasn't
able to attend.
On the subject of databases and why they're a kludge. Databases
represent relationships between data as joins. Joins are a construct
which
Hi Philipp,
I know I've already mentioned some thoughts on this subject. I would
be interested in your thoughts on the types of challenging questions
such a hypothetical DSL might answer. I've already put some effort
into this (forking metrics-lib), but I'm still new to working with tor
network
It's probably for the best. The implementation of upnp and nat-pmp is
frequently done incorrectly. Many implementations simply break the fw
security or leak identifying information by enabling the feature. I
once saw a case which opened port 0 everytime upnp was used. Not
closed, or stealth, but
Hi,
Is it normal for a core developer to want to commit broken code to
master? I mean if the code is known to be completely broken. Wouldn't
it be better to fix the code that is broken before commit. I mean
master is a basis for working code isn't it?
--leeroy
Even for read-only filesystem, tor will attempt to fix folder
permission using chmod. I find it unusual that I don't see this in
your logs.
--leeroy
___
tor-dev mailing list
tor-dev@lists.torproject.org
Sounds like access control gone wrong. An older version works but a
newer version fails. Permissions on the filesystem look fine from
mount output. So do you use access control, apparmor, selinux,
grsecurity, fsprotect, bilibop, etc? In particular the tor package
which is mentioned in your ticket
Hi nusenu,
Since you posted to tor-dev I guess you're asking for community input
too. About your use cases, Onionoo is for obtaining data about running
relays, not tor network health, or BWAuth activity. You can answer
this question by looking at the latest consensus data from CollecTor,
counting
The major problem with ticket 16276 is that it isn't a fix (as you
seek here). It just moves the current implementation into the details
document rather than being done in the node index. I don't think you
*can* fix it as you seek. Bi-directionality isn't an enforceable
property. The spec makes no
One proposal I've liked is to socially discourage asymmetrical
families by giving them with bad badges on Roster. If A says B is
part of their family but B doesn't reciprocate, A gets a penalty to
their bandwidth points.
Maybe don't go as far as penalizing relay operators for attempting
to
So I guess I should go back to the original issue posted in this
thread. It hasn't been addressed if the (bi-directional family)
concern is actually data from Onionoo or operators that just don't
declare families. The view from Onionoo--based on consensus, taking
into consideration caching and
Hi,
Last I heard NIST groups are rubbish. You're better off without them
for security. Am I wrong?
--leeroy
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Hello,
DirAuth's can cache multiple versions of the descriptor and serve
what appears to be the newest in a given consensus interval. This
coupled with routers publishing descriptors at least every 18 hours,
but potentially sooner. What you describe doesn't appear to be a bug
in Onionoo
Hi nusenu,
The spec isn't done :P Seriously though, no it's not a bug. If you
check nodelist [0] you'll see that this type of hex-encoded nickname
is normal for generating a descriptor. If you check CollecTor history
for the node your mention [1] you'll see the result of building a
descriptor.
Hi,
yes i can, here is nmap output
*
Starting Nmap 6.47 ( http://nmap.org ) at 2015-05-30 19:05 CEST
Nmap scan report for 10.0.2.11
Host is up (0.00070s latency).
PORT STATE SERVICE
7000/tcp open afs3-fileserver
7001/tcp open afs3-callback
7002/tcp
Hello,
I setup Tor Test-Network in my laptop using chutney with basic-min
configuration and i also configured tor-browser with this test
network
to browse internet.
But now i want to bootstrap Test Tor-Network inside Virtual Machine.
(Virtual Machine 1 = (3 AUTHORITY + 1 RELAY) IP=
Hello,
I probably should have asked this sooner. How quickly does tor project
upgrade to the latest Debian stable on development machines [0] ?
Thanks in advance.
--leeroy
[0] https://db.torproject.org/machines.cgi
___
tor-dev mailing list
Hi, a couple questions about fallback directories.
On 4/17/15, Peter Palfrader wrote:
We want them to have been around and using their current key,
address,
and port for a while now (120 days), and have been running, a guard,
and
a v2 directory mirror for most of that time.
In the script
Client perspective--Maybe listen to controller events? Integrate exit
map for audible notification of impending doom.
Exit perspective--Crying kittens, non-stop
On 5/22/2015 at 6:33 PM, Kenneth Freeman wrote:On 05/22/2015 04:27
PM, l.m wrote:
So...wouldn't the torified traffic sound like
So...wouldn't the torified traffic sound like...white noise? I can
fall asleep to that.
On 5/22/2015 at 6:09 PM, Kenneth Freeman wrote:On 05/21/2015 07:29
AM, Michael Rogers wrote:
Hi Kenneth,
What a cool idea! I played around with sonification of network
traffic
once upon a time, using
Hi Luke,
Django (and by implication, python) are an accepted technology
at tor, but as much as I wish it would be different, the tor web
infrastructure is still based on python 2.7 (basically, you can
only depend on whatever is in wheezy and wheezy-backports if
you want something to run on
Hi Karsten,
Not sure what frameworks you have in mind. But I'm happy
to hear more about frameworks that would make Onionoo
easier to extend and not perform worse (or even better) than
now. If you have something in mind, please say so.
Thanks for the clarification. I'm not against the choice
Hi,
Actually I've been meaning to ask a question related to this. I've
been wondering if, during the development of Onionoo, you considered
any other frameworks? I'm not familiar with the history of Onionoo so
I don't know if you made the choice based on some constraint. I read
the design doc
On 3/7/2015 at 1:49 AM, HOANG NGUYEN PHONG wrote:Dear all,
I read a discussion about How can Tor use a one hop circuit to a
directory server during initial bootstrap? here
However, why I cannot find TunnelDirConns 0|1 in
torproject.org/docs/tor-manual.html.en? Is the feature already removed
or
It's a mistake to say that if something doesn't
work in China (or any other single concrete
threat environment), then it's useless.
Out of respect for the work you've done I'm not going to assume you're
taking typed-word out of context incorrectly.
I'm concerned that this PT exchanges one
Hi,
If I understand the factors, as things stand currently, regarding
family use with respect to the *security* of Tor.
Pros
1 - Prevents information disclosure in case of using related relay too
much (relay configuration or seizure of hardware).
Cons
2 - It's not used by operators with
Hi,
I'm wondering about a particular case--let me explain. From your
threat model you assume that the adversary has suspicions about
encrypted traffic and may block them without strong justification. You
also take as given that the adversary may be state-level. From the
adversary objective this
Nick Mathewson wrote:
If the number of guards we have *tried* to connect to in
the last PERIOD days is greater than
CANDIDATE_THRESHOLD, do not attempt to connect
to any other guards; only attempt the ones we have
previously *tried* to connect to.
Torrc allows the use of multiple guards with
Daniel Forster wrote:
Hello Guys,
it would be great if I could get a few opinions regarding my
upcoming master thesis topic.
My supervisor is Andriy Panchenko (you may know some of his work
from Mike Perry's critique on website fingerprinting attacks).
As a defense, we'd like to experiment
36 matches
Mail list logo
