Oh I see, so they happened before. I wasn't sure about that. In that
case the last consensus stored locally must have been many days old.
If that's the case you would bootstrap from dirauths then use your
guard for tunneling later directory request.
--leeroy
__
Hi George,
You sell yourself short. It was a good first attempt. Now I should
clarify. The last time I spoke to Karsten about this they indicated
that the measurement team has other priorities (not obvious from the
outdated roadmap). Karsten quoted an approximation of a year+ before a
replacement
Hi,
I'm curious what analysis has been done against a gateway adversary.
In particular dealing with the effectiveness of entry guards against
such an adversary. There's a part of me that thinks it doesn't work at
all for this case. Only because I've been studying such an adversary
at the AS-level
Hi,
UseEntryGuardsAsDirGuards defaults to 1 in torrc.
So if you did not change this default you will use entry guards for
tunneling directory connections.
--leeroy
On 8/21/2015 at 7:46 AM, tordev...@safe-mail.net wrote:
Original Message
From: Mike Perry
Subject: [tor-dev] Prop
Hi Joss,
Thank you for the fine paper. I look forward to reading it. Karsten
would be keen on it too (and maybe also your offer) if you haven't
already forwarded it to them. My interest in fixing it is (mostly)
recreational. I have some thoughts on how to proceed, but I'm not a
representative of t
> Thanks for the input!
Hey, no problem. Thank you for working on this too.
> Can you suggest a retry amount and time interval?
If the adversary is at the gateway and can do filtering, they pretty
much want some rotation. Whatever that reason may be (choose a guard
you've already chosen, or choo
> "a) The network is not hostile and allows access just fine, but..."
This came up before didn't it. Nick mentioned that the question
`network down` isn't the easiest question to answer portably.
Supposing such a network could have it's properties (like route)
enumerated this might provide anothe
Hi,
As some of you may be aware, the mailing list for censorship events
was recently put on hold indefinitely. This appears to be due to the
detector providing too much false positive in it's current
implementation. It also raises the question of the purpose for such a
mailing list. Who are the st
Hello,
> "To improve our algorithm and make it more robust we need to
understand further what kind of path bias attacks are relevant
here...What nasty attacks can this adversary do?"
An gateway adversary which can filter the network can use guards to
fingerprint you. This requires connecting to t
Hi Philipp,
First, thank you for the input. I will certainly review your
discussions with other measurement team members. I'm sorry I wasn't
able to attend.
On the subject of databases and why they're a kludge. Databases
represent relationships between data as joins. Joins are a construct
which m
Hi Philipp,
I know I've already mentioned some thoughts on this subject. I would
be interested in your thoughts on the types of challenging questions
such a hypothetical DSL might answer. I've already put some effort
into this (forking metrics-lib), but I'm still new to working with tor
network da
Hi again,
So it's really not a domain specific language at all then? You can do
that without a specific parser and without stem. Just feed the data
subset into your favorite analysis tool. Stem, and parsers by
themselves are basically useless for analysis. Without an integrated
method of performin
Herrow,
3. Something else you didn't consider.
You're describing something which I've been tinkering with recently so
I'll add some thoughts. I've looked at zoossh and stem for parsing.
They are inadequate alone. What you need is to properly define this
domain-specific language using a context-fr
It's probably for the best. The implementation of upnp and nat-pmp is
frequently done incorrectly. Many implementations simply break the fw
security or leak identifying information by enabling the feature. I
once saw a case which opened port 0 everytime upnp was used. Not
closed, or stealth, but op
Hi,
Is it normal for a core developer to want to commit broken code to
master? I mean if the code is known to be completely broken. Wouldn't
it be better to fix the code that is broken before commit. I mean
master is a basis for working code isn't it?
--leeroy
Even for read-only filesystem, tor will attempt to fix folder
permission using chmod. I find it unusual that I don't see this in
your logs.
--leeroy
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listi
Sounds like access control gone wrong. An older version works but a
newer version fails. Permissions on the filesystem look fine from
mount output. So do you use access control, apparmor, selinux,
grsecurity, fsprotect, bilibop, etc? In particular the tor package
which is mentioned in your ticket i
Hi nusenu,
Since you posted to tor-dev I guess you're asking for community input
too. About your use cases, Onionoo is for obtaining data about running
relays, not tor network health, or BWAuth activity. You can answer
this question by looking at the latest consensus data from CollecTor,
counting
So I guess I should go back to the original issue posted in this
thread. It hasn't been addressed if the (bi-directional family)
concern is actually data from Onionoo or operators that just don't
declare families. The view from Onionoo--based on consensus, taking
into consideration caching and othe
>> One proposal I've liked is to socially discourage asymmetrical
>> families by giving them with bad badges on Roster. If A says B is
>> part of their family but B doesn't reciprocate, A gets a penalty to
>> their bandwidth points.
> Maybe don't go as far as penalizing relay operators for attem
The major problem with ticket 16276 is that it isn't a fix (as you
seek here). It just moves the current implementation into the details
document rather than being done in the node index. I don't think you
*can* fix it as you seek. Bi-directionality isn't an enforceable
property. The spec makes no
Hi,
Last I heard NIST groups are rubbish. You're better off without them
for security. Am I wrong?
--leeroy
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Hello,
When I check the running Onionoo server at onionoo.torproject.org I
see it is using Apache. In the installation documentation running the
web service starts the embedded Jetty. The first question I have is:
which is responsible for the static components of the official Onionoo
server? Does
Hello,
So I've been playing with Onionoo's source and I cannot find where
this property is set. When the main class for the cron updater runs it
checks for the property existence and returns a string "true" if not
found or unset. This "true" is used to evaluate the first time update.
I cannot see
Hello,
DirAuth's can cache multiple versions of the descriptor and serve
what appears to be the newest in a given consensus interval. This
coupled with routers publishing descriptors at least every 18 hours,
but potentially sooner. What you describe doesn't appear to be a bug
in Onionoo becaus
Hi again,
Although, as you've noticed, the the node you mention, Konata lists
*itself* in the Family Members. That would be a bug. At least compared
to the other possibilities. Onionoo checks for the bidirectional
relationship and, in other cases, excludes the current node being
viewed. If the cur
Hi nusenu,
The spec isn't done :P Seriously though, no it's not a bug. If you
check nodelist [0] you'll see that this type of hex-encoded nickname
is normal for generating a descriptor. If you check CollecTor history
for the node your mention [1] you'll see the result of building a
descriptor. Met
Hi,
Your Tor Browser client is caching a consensus from when you were
running all the nodes on a single virtual machine:
> Consensus includes unrecognized authority 'test001a' at
127.0.0.1:7001
You should double-check two things:
- For each of the directory authorities and relay make sure
Out
Hi,
> yes i can, here is nmap output
> *
> Starting Nmap 6.47 ( http://nmap.org ) at 2015-05-30 19:05 CEST
> Nmap scan report for 10.0.2.11
> Host is up (0.00070s latency).
> PORT STATE SERVICE
> 7000/tcp open afs3-fileserver
> 7001/tcp open afs3-callback
> 70
Hello,
> I setup Tor Test-Network in my laptop using chutney with basic-min
> configuration and i also configured tor-browser with this test
network
> to browse internet.
>
> But now i want to bootstrap Test Tor-Network inside Virtual Machine.
> (Virtual Machine 1 = (3 AUTHORITY + 1 RELAY)
Hello,
I probably should have asked this sooner. How quickly does tor project
upgrade to the latest Debian stable on development machines [0] ?
Thanks in advance.
--leeroy
[0] https://db.torproject.org/machines.cgi
___
tor-dev mailing list
tor-dev@list
Client perspective--Maybe listen to controller events? Integrate exit
map for audible notification of impending doom.
Exit perspective--Crying kittens, non-stop
On 5/22/2015 at 6:33 PM, "Kenneth Freeman" wrote:On 05/22/2015 04:27
PM, l.m wrote:
>
> So...wouldn't the torifi
So...wouldn't the torified traffic sound like...white noise? I can
fall asleep to that.
On 5/22/2015 at 6:09 PM, "Kenneth Freeman" wrote:On 05/21/2015 07:29
AM, Michael Rogers wrote:
> Hi Kenneth,
>
> What a cool idea! I played around with sonification of network
traffic
> once upon a time, us
Hi, a couple questions about fallback directories.
On 4/17/15, Peter Palfrader wrote:
> We want them to have been around and using their current key,
address,
> and port for a while now (120 days), and have been running, a guard,
and
> a v2 directory mirror for most of that time.
In the script (
Hi Luke,
>Django (and by implication, python) are an accepted technology
>at tor, but as much as I wish it would be different, the tor web
>infrastructure is still based on python 2.7 (basically, you can
>only depend on whatever is in wheezy and wheezy-backports if
>you want something to run
Hi Karsten,
>Not sure what frameworks you have in mind. But I'm happy
>to hear more about frameworks that would make Onionoo
>easier to extend and not perform worse (or even better) than
>now. If you have something in mind, please say so.
Thanks for the clarification. I'm not against the choi
Hi,
Actually I've been meaning to ask a question related to this. I've
been wondering if, during the development of Onionoo, you considered
any other frameworks? I'm not familiar with the history of Onionoo so
I don't know if you made the choice based on some constraint. I read
the design doc whic
On 3/7/2015 at 1:49 AM, "HOANG NGUYEN PHONG" wrote:Dear all,
I read a discussion about "How can Tor use a one hop circuit to a
directory server during initial bootstrap?" here
However, why I cannot find "TunnelDirConns 0|1" in
torproject.org/docs/tor-manual.html.en? Is the feature already removed
> It's a mistake to say that if something doesn't
> work in China (or any other single concrete
> threat environment), then it's useless.
Out of respect for the work you've done I'm not going to assume you're
taking typed-word out of context incorrectly.
I'm concerned that this PT exchanges one
Hi,
I'm wondering about a particular case--let me explain. From your
threat model you assume that the adversary has suspicions about
encrypted traffic and may block them without strong justification. You
also take as given that the adversary may be state-level. From the
adversary objective this is
Hi,
If I understand the factors, as things stand currently, regarding
family use with respect to the *security* of Tor.
Pros
1 - Prevents information disclosure in case of using related relay too
much (relay configuration or seizure of hardware).
Cons
2 - It's not used by operators with maliciou
Hi,
For anonymous scraping it could certainly be useful. This poses a
problem as far as making Tor Project look as if it supports autonomous
anonymous scraping of web data. Ultimately this impression could lead
to even more blocking of Tor exits. Another problem with the idea of a
randomized fing
"Nick Mathewson" wrote:
>If the number of guards we have *tried* to connect to in
>the last PERIOD days is greater than
>CANDIDATE_THRESHOLD, do not attempt to connect
>to any other guards; only attempt the ones we have
>previously *tried* to connect to.
Torrc allows the use of multiple guards
Daniel Forster wrote:
> Hello Guys,
>
> it would be great if I could get a few opinions regarding my
> upcoming master thesis topic.
>
> My supervisor is Andriy Panchenko (you may know some of his work
> from Mike Perry's critique on website fingerprinting attacks).
> As a defense, we'd like to exp
44 matches
Mail list logo
