From eugen at leitl.org  Mon Jan  2 12:36:11 2006
From: eugen at leitl.org (Eugen Leitl)
Date: Mon, 2 Jan 2006 13:36:11 +0100
Subject: benchmarking a node
Message-ID: <20060102123610.GK2235@leitl.org>


I would like to benchmark my node, to see whether the hoster
who sold me a 10 MBit/s flat rodent is defaulting on contract.
The stats on 

http://www.noreply.org/tor-running-routers/current.html#3BB0DC6EA321256DDD1155197DBD3F1E48623549

do not seem to be very reliable.

How do I benchmark a node?

Another question: as Tor alpha seems to crash regularly,
will the keys/torrc be wiped if I do apt-get remove tor,
to downgrade to the stable branch?

-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820            http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20060102/5fbda181/attachment.pgp>

From arma at mit.edu  Tue Jan  3 09:40:27 2006
From: arma at mit.edu (Roger Dingledine)
Date: Tue, 3 Jan 2006 04:40:27 -0500
Subject: benchmarking a node
In-Reply-To: <20060102171301.GP2235@leitl.org>
References: <20060102123610.GK2235@leitl.org> <20060102151341.GO20671@eecs.harvard.edu> <20060102171301.GP2235@leitl.org>
Message-ID: <20060103094027.GB15157@localhost.localdomain>

On Mon, Jan 02, 2006 at 06:13:01PM +0100, Eugen Leitl wrote:
> Jan 02 18:11:26.745 [notice] Tor v0.1.0.15. This is experimental software. Do not rely on it for strong anonymity.
> Jan 02 18:11:26.746 [warn] config_assign_line(): Unknown option 'SocksListenAddress'.  Failing.
> Jan 02 18:11:26.746 [err] tor_init(): Reading config failed--see warnings above. For usage, try -h.

The new 0.1.0.16, just released, handles this.

(We'll announce it more widely in a day or so -- on the or-announce
list, which all of you should be on -- once more packages are built.)

Thanks,
--Roger


From eugen at leitl.org  Fri Jan 27 09:51:12 2006
From: eugen at leitl.org (Eugen Leitl)
Date: Fri, 27 Jan 2006 10:51:12 +0100
Subject: [declan@well.com: [Politech] In China, Google censors more than just politics: beer, dating, joke, gay sites too [fs]]
Message-ID: <20060127095112.GE2301@leitl.org>

----- Forwarded message from Declan McCullagh <declan at well.com> -----

From: Declan McCullagh <declan at well.com>
Date: Thu, 26 Jan 2006 14:25:45 -0800
To: politech at politechbot.com
Subject: [Politech] In China, Google censors more than just politics: beer,
 dating, joke, gay sites too [fs]
User-Agent: Mozilla Thunderbird 1.0.6 (Macintosh/20050716)


http://news.com.com/What+Google+censors+in+China/2100-1030_3-6031727.html

What Google censors in China
January 26, 2006, 1:27 PM PST

Google's new China search engine not only censors many Web sites that 
question the Chinese government, but it goes further than similar 
services from Microsoft and Yahoo by targeting teen pregnancy, 
homosexuality, dating, beer and jokes.

In addition, CNET News.com has found that contrary to Google founder 
Sergey Brin's promise to inform users when their search results are 
censored, the company frequently filters out sites without revealing it.

[...remainder snipped...]

--------

This chart is better seen on the Web page (URL above) because it'll be 
poorly-formatted in email, but FYI...


Site / Category / Google.cn / Yahoo China/ MSN China
----------------------------------------------------
bacardi.com	Alcohol	Deleted	OK	OK
badpuppy.com	Gay	Deleted	Deleted (1)	OK
bignews.org	News	Deleted	Deleted	Deleted
beerlabels.com	Alcohol	Deleted	OK	OK
bombaysapphire.com	Alcohol	Deleted	OK	OK
budweiser.com	Alcohol	Deleted (5)	OK	OK
catholiclesbians.org	Religious	Deleted	OK	OK
chinesenewsweek.com	News	Deleted	OK	Deleted
collegehumor.com	Humor	Deleted	OK	OK
date.com	Dating	Deleted	OK	OK
ebaumsworld.com	Humor	Deleted	OK	OK
falunasia.info	Advocacy	Deleted	OK	Deleted
faluncanada.net	Advocacy	Deleted	OK	Deleted
funnyjokes.com	Humor	Deleted	OK	OK
gaycenter.org	Gay	Deleted	OK	OK
gaycrawler.com	Gay	Deleted	OK	OK
gaytimes.co.uk	Gay	OK	Deleted	OK
gio.gov.tw	Government	OK	Deleted	Deleted
guinness.com	Alcohol	Deleted	OK	OK
hightimes.com	Drug use	Deleted (6)	OK	OK
hrw.org	Advocacy	Deleted	OK	Deleted
jackdaniels.com	Alcohol	Deleted	OK	OK
jokesgallery.com	Humor	OK	Deleted (1)	OK
lesbian.com	Gay	Deleted	OK	OK
libertytimes.com.tw	News	Deleted	OK	OK
lingerie.com	Sex	Deleted	OK	OK
mm52.com	Entertainment	Deleted	OK	OK
netfirms.com	Web hosting	Deleted	OK	OK
network54.com	Community	Deleted	OK	Deleted
neworder.box.sk	Security	Deleted	OK	OK
news.bbc.co.uk	News	Deleted	Deleted	Deleted
omnitalk.com	Community	Deleted	OK	Deleted
penthouse.com	Sex	Deleted	Deleted (1)	Deleted
playboy.com	Sex	Deleted	Deleted (1)	OK
pressfreedom.com	Advocacy	Deleted	OK	Deleted
queernet.org	Gay	Deleted	OK	OK
resist.com	Racist	Deleted	OK	OK
rsf.org	Advocacy	OK	Deleted (2)	Deleted
savetibet.org	Advocacy	Deleted	OK	Deleted
search.msn.com	Search	Deleted	OK	OK
seas.upenn.edu	Academic	Deleted (5)	OK	Deleted
sonicnet.com	Music (VH1)	Deleted	OK	OK
sxetc.org	Sex ed.	Deleted	OK	Deleted (3)
teenpregnancy.org	Sex ed.	Deleted	OK	OK
theagitator.com	Blog	OK	Deleted	OK
thisisessex.co.uk	Local	Deleted	OK	OK
time.com	News	OK	Deleted	OK
voa.gov	Government	Deleted (1)	Deleted	Deleted
_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820            http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20060127/dab7b541/attachment.pgp>

From xsteadfastx at gmail.com  Fri Jan 27 15:17:24 2006
From: xsteadfastx at gmail.com (Marvin Preuss)
Date: Fri, 27 Jan 2006 16:17:24 +0100
Subject: Question about the DirServer
Message-ID: <43DA3984.2020308@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
im new here so first a big Hi to everyone :)
Since two days i run a little tor server now and i just have some
question about the DirServer. What is when a Server dont exist no more?
is there a time out when the server gets deleted from the list? or they
just always stay in the list and just get marked as offline? thanks
already :)

Marvin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD2jmEChE8w47F3oMRAuOvAJ9U11Mub7iarS5o1cWRIqLgLXC0pwCfYVUa
fZkuyYHZKAx653VJXHUEddM=
=IUIa
-----END PGP SIGNATURE-----


From arma at mit.edu  Sat Jan 28 00:09:25 2006
From: arma at mit.edu (Roger Dingledine)
Date: Fri, 27 Jan 2006 19:09:25 -0500
Subject: (FWD) quick question on exit policy...
Message-ID: <20060128000925.GY7649@localhost.localdomain>

[Forwarding because Joe is not subscribed as this address.

The answer is yes, this will work fine, but the way you say
it is 128.32.0.0/255.255.0.0:* or 128.32.0.0/16:*
-RD]

----- Forwarded message from owner-or-talk at freehaven.net -----

Date: Fri, 27 Jan 2006 15:57:03 -0800
From: Joseph Lorenzo Hall <joehall at gmail.com>
Reply-To: joehall at pobox.com
To: or-talk at seul.org
Subject: quick question on exit policy...

Hi,

In order to get a TOR server up and running on the Berkeley campus,
I'd like to know if it's possible to specify an exit policy that
effectively said, "don't allow any exit connections that would connect
to the UC Berkeley network."  Would this be sufficient:

reject 128.32.*.*:*

To, say, block all exits to any ports to IPs in the range
128.32.0.0-128.32.255.255?

best, Joe

--
Joseph Lorenzo Hall
<http://josephhall.org/>


----- End forwarded message -----


From joehall at gmail.com  Sat Jan 28 00:19:38 2006
From: joehall at gmail.com (Joseph Lorenzo Hall)
Date: Fri, 27 Jan 2006 16:19:38 -0800
Subject: (FWD) quick question on exit policy...
In-Reply-To: <20060128000925.GY7649@localhost.localdomain>
References: <20060128000925.GY7649@localhost.localdomain>
Message-ID: <928946aa0601271619h2c36dac9v6288c556029744be@mail.gmail.com>

On 1/27/06, Roger Dingledine <arma at mit.edu> wrote:
> [Forwarding because Joe is not subscribed as this address.
>
> The answer is yes, this will work fine, but the way you say
> it is 128.32.0.0/255.255.0.0:* or 128.32.0.0/16:*
> -RD]

Thanks and thanks again, Roger.  Hopefully I can convince them that I
can write a set of exit policies that ensure no exit traffic to
Berkeley IP addresses... it would be too bad (and not nearly as useful
from a research/educational point of view) if we ended up with a
middleman node. best, Joe

> ----- Forwarded message from owner-or-talk at freehaven.net -----
>
> Date: Fri, 27 Jan 2006 15:57:03 -0800
> From: Joseph Lorenzo Hall <joehall at gmail.com>
> Reply-To: joehall at pobox.com
> To: or-talk at seul.org
> Subject: quick question on exit policy...
>
> Hi,
>
> In order to get a TOR server up and running on the Berkeley campus,
> I'd like to know if it's possible to specify an exit policy that
> effectively said, "don't allow any exit connections that would connect
> to the UC Berkeley network."  Would this be sufficient:
>
> reject 128.32.*.*:*
>
> To, say, block all exits to any ports to IPs in the range
> 128.32.0.0-128.32.255.255?
>
> best, Joe
>
> --
> Joseph Lorenzo Hall
> <http://josephhall.org/>
>
>
> ----- End forwarded message -----
>
>


--
Joseph Lorenzo Hall
PhD Student
UC Berkeley, School of Information (SIMS)
<http://josephhall.org/>
blog: <http://josephhall.org/nqb2/>

This email is written in [markdown] - an easily-readable and parseable
text format.
[markdown]: http://daringfireball.net/projects/markdown/


From firefox-gen at walala.org  Sat Jan 28 01:16:35 2006
From: firefox-gen at walala.org (ADB)
Date: Fri, 27 Jan 2006 17:16:35 -0800
Subject: Tor & SELinux/SuSE 10 (also AppArmor question)
In-Reply-To: <20060128000925.GY7649@localhost.localdomain>
References: <20060128000925.GY7649@localhost.localdomain>
Message-ID: <43DAC5F3.2020709@walala.org>

I have SuSE Linux 10, and the latest alpha of Tor. Due to SELinux, I 
can't run tor as anything but root and have it work correctly. This 
prompts me to ask the following two related questions:

1. How should I correctly configure SELinux on SuSE to be secure *and* 
have tor have enough privelages to correctly download all the required 
dir info, and
2. How can SELinux and/or Novell AppArmor be used to effectively lock 
down and secure Tor and other potentially dangerous network programs?

Thanks,
Andrew


From firefox-gen at walala.org  Sat Jan 28 01:34:31 2006
From: firefox-gen at walala.org (ADB)
Date: Fri, 27 Jan 2006 17:34:31 -0800
Subject: FW: EFFector 19.04: Action Alert - Stop Congress from	Mandating Secret
 Technology!]
Message-ID: <43DACA27.4060601@walala.org>

Many of you doubtlessly already get this mailing, but several probably 
don't as well, so here it is.
~Andrew
-------------- next part --------------
An embedded message was scrubbed...
From: "wayne" <wayne at waynef.com>
Subject: [sdlibchat] FW: EFFector 19.04: Action Alert - Stop Congress from
	Mandating Secret Technology!
Date: Fri, 27 Jan 2006 17:19:24 -0800
Size: 19267
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20060127/67a3fffd/attachment.eml>

From phobos at rootme.org  Sat Jan 28 02:08:56 2006
From: phobos at rootme.org (phobos at rootme.org)
Date: Fri, 27 Jan 2006 21:08:56 -0500
Subject: Tor & SELinux/SuSE 10 (also AppArmor question)
In-Reply-To: <43DAC5F3.2020709@walala.org>
References: <20060128000925.GY7649@localhost.localdomain> <43DAC5F3.2020709@walala.org>
Message-ID: <20060128020856.GA14058@deimos>

On Fri, Jan 27, 2006 at 05:16:35PM -0800, firefox-gen at walala.org wrote 0.5K bytes in 14 lines about:
: I have SuSE Linux 10, and the latest alpha of Tor. Due to SELinux, I 
: can't run tor as anything but root and have it work correctly. This 
: prompts me to ask the following two related questions:
: 
: 1. How should I correctly configure SELinux on SuSE to be secure *and* 
: have tor have enough privelages to correctly download all the required 
: dir info, and
: 2. How can SELinux and/or Novell AppArmor be used to effectively lock 
: down and secure Tor and other potentially dangerous network programs?

	Two ways to do this:

	1) check out step four of
	http://tor.eff.org/cvs/tor/doc/tor-doc-unix.html

	2) profile it and come up with a better policy than I did. :)

-- 
Andrew


From joehall at gmail.com  Sat Jan 28 02:37:15 2006
From: joehall at gmail.com (Joseph Lorenzo Hall)
Date: Fri, 27 Jan 2006 18:37:15 -0800
Subject: Running a Tor exit node on an academic network?
Message-ID: <928946aa0601271837y51ba17faied9535531f97a723@mail.gmail.com>

Hi, If anyone out there is running a Tor exit node on an academic
network, could you contact me off-list?

I'm am trying to convince my university, UC Berkeley, to allow a Tor
exit node in our network but am running into significant difficulty
and would like to have a few of you comment over the weekend on a
proposal I wrote. best, Joe

--
Joseph Lorenzo Hall
PhD Student
UC Berkeley, School of Information (SIMS)
<http://josephhall.org/>
blog: <http://josephhall.org/nqb2/>

This email is written in [markdown] - an easily-readable and parseable
text format.
[markdown]: http://daringfireball.net/projects/markdown/


From arrakistor at gmail.com  Sat Jan 28 03:13:53 2006
From: arrakistor at gmail.com (Arrakistor)
Date: Fri, 27 Jan 2006 21:13:53 -0600
Subject: Running a Tor exit node on an academic network?
In-Reply-To: <928946aa0601271837y51ba17faied9535531f97a723@mail.gmail.com>
References: <928946aa0601271837y51ba17faied9535531f97a723@mail.gmail.com>
Message-ID: <913086632.20060127211353@gmail.com>

I am trying to do the same thing. I would be interested in any help along these lines as well!

ST


Friday, January 27, 2006, 8:37:15 PM, you wrote:

> Hi, If anyone out there is running a Tor exit node on an academic
> network, could you contact me off-list?

> I'm am trying to convince my university, UC Berkeley, to allow a Tor
> exit node in our network but am running into significant difficulty
> and would like to have a few of you comment over the weekend on a
> proposal I wrote. best, Joe

> --
> Joseph Lorenzo Hall
> PhD Student
> UC Berkeley, School of Information (SIMS)
> <http://josephhall.org/>
> blog: <http://josephhall.org/nqb2/>

> This email is written in [markdown] - an easily-readable and parseable
> text format.
> [markdown]: http://daringfireball.net/projects/markdown/



-- 
Best regards,
 Arrakistor                            mailto:arrakistor at gmail.com


From chris at eff.org  Sat Jan 28 03:53:08 2006
From: chris at eff.org (Chris Palmer)
Date: Fri, 27 Jan 2006 19:53:08 -0800
Subject: Running a Tor exit node on an academic network?
In-Reply-To: <913086632.20060127211353@gmail.com>
References: <928946aa0601271837y51ba17faied9535531f97a723@mail.gmail.com> <913086632.20060127211353@gmail.com>
Message-ID: <43DAEAA4.3090205@eff.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Arrakistor wrote:

> I am trying to do the same thing. I would be interested in any help along these lines as well!

Yes, maybe it's a conversation best had on-list rather than off-.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFD2uqjsobNj2jkCc0RAsvdAKCCxh/a2chgeLJJ8n4jbEcRZTtZMQCg3bUw
fwKAYmOgMAczuxzQusKiGxw=
=TiNd
-----END PGP SIGNATURE-----


From arma at mit.edu  Tue Jan  3 11:30:14 2006
From: arma at mit.edu (Roger Dingledine)
Date: Tue, 3 Jan 2006 06:30:14 -0500
Subject: benchmarking a node
In-Reply-To: <20060102123610.GK2235@leitl.org>
References: <20060102123610.GK2235@leitl.org>
Message-ID: <20060103113013.GC15157@localhost.localdomain>

On Mon, Jan 02, 2006 at 01:36:11PM +0100, Eugen Leitl wrote:
> I would like to benchmark my node, to see whether the hoster
> who sold me a 10 MBit/s flat rodent is defaulting on contract.
> 
> How do I benchmark a node?

To get an idea of what your node is doing right now, you could look at
http://serifos.eecs.harvard.edu:8000/cgi-bin/exit.pl?sortbw=1&addr=1
which shows redgene with a max self-measured burst of 847kB/s, and an
average of 337 kB/s in and 339 kB/s out.

You can get the data itself from your descriptor:
http://serifos.eecs.harvard.edu:8000/cgi-bin/desc.pl?q=redgene and look
at the write-history and read-history (which are in 15 minute summaries,
oldest to most recent).

To push up these numbers, you need to start sending traffic through it.
One way is to listen on ports like 80 and 443 to attract more users
behind firewalls, and to open up your exit policy more to attract more
users in general. Another way is to run a Tor client on a link that's
faster than your server's, and start transferring a lot of data through
it, e.g. by specifying it as your entrynode. Do several in parallel if
you need to. If you want to get more precise, use a Tor controller like
Blossom to craft a path that uses only your node; and/or run your own
whole Tor network on the server (see FAQ entry).

> Another question: as Tor alpha seems to crash regularly,

If anybody can give us a useful backtrace from the crashes in Tor cvs,
that would be wonderful. There's a crash bug that happens for fast
servers and so far we have been unable to track it down.

--Roger


From numE at onionizer.de  Sat Jan 28 10:29:46 2006
From: numE at onionizer.de (numE)
Date: Sat, 28 Jan 2006 11:29:46 +0100
Subject: Running a Tor exit node on an academic network?
In-Reply-To: <43DAEAA4.3090205@eff.org>
References: <928946aa0601271837y51ba17faied9535531f97a723@mail.gmail.com> <913086632.20060127211353@gmail.com> <43DAEAA4.3090205@eff.org>
Message-ID: <43DB479A.1030609@onionizer.de>

full ack.
would be interested, too :-)

Chris Palmer schrieb:
> Arrakistor wrote:
>
> >> I am trying to do the same thing. I would be interested in any help
> along these lines as well!
>
> Yes, maybe it's a conversation best had on-list rather than off-.



From eugen at leitl.org  Sat Jan 28 10:46:34 2006
From: eugen at leitl.org (Eugen Leitl)
Date: Sat, 28 Jan 2006 11:46:34 +0100
Subject: Running a Tor exit node on an academic network?
In-Reply-To: <43DB479A.1030609@onionizer.de>
References: <928946aa0601271837y51ba17faied9535531f97a723@mail.gmail.com> <913086632.20060127211353@gmail.com> <43DAEAA4.3090205@eff.org> <43DB479A.1030609@onionizer.de>
Message-ID: <20060128104634.GY2301@leitl.org>

On Sat, Jan 28, 2006 at 11:29:46AM +0100, numE wrote:

> full ack.
> would be interested, too :-)

How would deal with an occasional DDoS? These happen
each every few months. Not that large a problem if
you're behind reasonably good iron and have good
administration.

But the admins are going to notice, and they're not
going to like it.
 
> Chris Palmer schrieb:
> > Arrakistor wrote:
> >
> > >> I am trying to do the same thing. I would be interested in any help
> > along these lines as well!
> >
> > Yes, maybe it's a conversation best had on-list rather than off-.
> 
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820            http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20060128/f9d19b86/attachment.pgp>

From huber at paradoxical.net  Sat Jan 28 14:45:32 2006
From: huber at paradoxical.net (Josh)
Date: Sat, 28 Jan 2006 09:45:32 -0500
Subject: Running a Tor exit node on an academic network?
In-Reply-To: <928946aa0601271837y51ba17faied9535531f97a723@mail.gmail.com>
	(Joseph Lorenzo Hall's message of "Fri, 27 Jan 2006 18:37:15 -0800")
References: <928946aa0601271837y51ba17faied9535531f97a723@mail.gmail.com>
Message-ID: <87lkx0pg1f.fsf@callisto.paradoxical.net>

Joseph Lorenzo Hall <joehall at gmail.com> writes:

> Hi, If anyone out there is running a Tor exit node on an
> academic network, could you contact me off-list?

Well, I'm not, but if you look at the network status page, you'll
see that there are quite a few nodes running on academic
networks.  In fact, many of the top throughput nodes are in
.edu-land.

http://serifos.eecs.harvard.edu/cgi-bin/exit.pl lists 24 .edu
domains, of which there are 9 live exit nodes:

bolanda      pingwin.icm.edu.pl
cherubim     sledgehammer.mit.edu
err          err.cylab.cmu.edu
gnunet       tripwire.cs.ucla.edu
golem        golem.ph.utexas.edu
riceu        sysrack07.cs.rice.edu
rodos        rodos.eecs.harvard.edu
serifos      serifos.eecs.harvard.edu
sipbtor1     alice-whacker.mit.edu

If you look at the by-bandwidth listings, there are many academic
nodes near the top of the list:

http://serifos.eecs.harvard.edu/cgi-bin/exit.pl?sortbw=1

Perhaps you could use some of the contact information for one of
those nodes to find assistance?

Josh


From joehall at gmail.com  Sat Jan 28 18:34:55 2006
From: joehall at gmail.com (Joseph Lorenzo Hall)
Date: Sat, 28 Jan 2006 10:34:55 -0800
Subject: Running a Tor exit node on an academic network?
In-Reply-To: <43DAEAA4.3090205@eff.org>
References: <928946aa0601271837y51ba17faied9535531f97a723@mail.gmail.com>
	 <913086632.20060127211353@gmail.com> <43DAEAA4.3090205@eff.org>
Message-ID: <928946aa0601281034n578bc7efge502b06ef1c272@mail.gmail.com>

On 1/27/06, Chris Palmer <chris at eff.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Arrakistor wrote:
>
> > I am trying to do the same thing. I would be interested in any help along these lines as well!
>
> Yes, maybe it's a conversation best had on-list rather than off-.

The main reason I didn't want to send my justification document to the
list is that it might expose my strategy (and any deliberation about
it) to the networking people if they monitor this list.  I suppose
that might be the plays-with-lawyers-well side of me.

I could send it if others think it would be helpful (and I guarantee
that I'll write up my struggle next week after they've passed
judgement on my proposal).

I guess I'll just paraphrase the issues and academic stuff:

* They want to make sure that my Tor server is not used to attack
services/computers on the campus network. Proposal: block all exit
traffic to campus IP addresses.

* The Library has electronic subscriptions to certain services that
are based on IP addresses only.  Proposal: block exit connections to
those IP addresses given a list or build a list as needed.  The
eventual list could be thousands of IP addresses long which would have
a undetermined impact on Tor's performance.

* They're not confident that Tor will obey its exit policies. 
Proposal: include kernel-level software firewall and possibly a
hardware-based firewall device on the Tor box.

* They're concerned about bandwidth (although this one is not a
biggie).  Proposal: limit to 5% of my departments bandwidth (5MBit/s)
and then explore burst settings and see how this impacts our
department.

As for academic justification, in addition to Dean, Sysadmin. and
multiple Faculty supporters I've noted that:

* We have a postdoc that works on reputation systems in anonymous routing.

* Journalism and Law students need a way to be able to communicate
with clients/sources and do competitive analyses in a private, secure
fashion.[1]

* Faculty need to be able to do research on student and faculty
candidates without exposing their institutional affiliation.[1]

* Students at our school have expressed interest in using our Tor node
to incorporate onion-routing concepts into client-side privacy
protection tools and research tools (like hidden surveys and such).

* Students in networking, privacy, security and cryptography classes
(such as myself) could tinker with our Tor node and get hands-on
experience with onion-routing, cryptography an anonymity tools.

[1] Neither of these require a Tor node (exit or middleman) on
campus... but I'd like to make a convincing case that we need to be
supporting the network if we're going to be using its services.

I would appreciate any comments on any of this... -Joe

> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (Darwin)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFD2uqjsobNj2jkCc0RAsvdAKCCxh/a2chgeLJJ8n4jbEcRZTtZMQCg3bUw
> fwKAYmOgMAczuxzQusKiGxw=
> =TiNd
> -----END PGP SIGNATURE-----
>
>


--
Joseph Lorenzo Hall
PhD Student
UC Berkeley, School of Information (SIMS)
<http://josephhall.org/>
blog: <http://josephhall.org/nqb2/>

This email is written in [markdown] - an easily-readable and parseable
text format.
[markdown]: http://daringfireball.net/projects/markdown/


From mfreed at cs.nyu.edu  Sat Jan 28 19:36:16 2006
From: mfreed at cs.nyu.edu (Michael J Freedman)
Date: Sat, 28 Jan 2006 14:36:16 -0500 (EST)
Subject: Running a Tor exit node on an academic network?
In-Reply-To: <928946aa0601281034n578bc7efge502b06ef1c272@mail.gmail.com>
References: <928946aa0601271837y51ba17faied9535531f97a723@mail.gmail.com> 
 <913086632.20060127211353@gmail.com> <43DAEAA4.3090205@eff.org>
 <928946aa0601281034n578bc7efge502b06ef1c272@mail.gmail.com>
Message-ID: <Pine.BSO.4.62.0601281425230.1032@ludlow.scs.cs.nyu.edu>

Hi Joe,

> * The Library has electronic subscriptions to certain services that
> are based on IP addresses only.  Proposal: block exit connections to
> those IP addresses given a list or build a list as needed.  The
> eventual list could be thousands of IP addresses long which would have
> a undetermined impact on Tor's performance.

I run CoralCDN (http://www.coralcdn.org/), although I also used to work 
with Roger on the Free Haven Project. We have many of the same issues with 
running CoralCDN, which is deployed at ~150 PlanetLab sites, most at 
universities.  We push out a bit over 2 TB per day in web traffic to > 1 
million clients.

Part of our solution for handling some of these issues to to limit 
bandwidth consumption, part is to enforce blacklists for websites that 
send abuse complaints (although operating at the HTTP layer this is a bit 
easier for us), and part is to make sure we add all the appropriate HTTP 
headers.

HTTP headers like X-Forwarded-For, Via, and Proxy-Connection all 
communicate to the third-party services performing address authentication 
(such as the ACM or IEEE digital library) that the communication is from 
elsewhere.  While you certainly won't be able to / don't want to identify 
the correct X-Forwarded-For address, you can at least synthesize some fake 
one (perhaps just a 10.x.x.x address).  But again, this operates at the 
application layer.

> * They're not confident that Tor will obey its exit policies.
> Proposal: include kernel-level software firewall and possibly a
> hardware-based firewall device on the Tor box.
>
> * They're concerned about bandwidth (although this one is not a
> biggie).  Proposal: limit to 5% of my departments bandwidth (5MBit/s)
> and then explore burst settings and see how this impacts our
> department.

Our experience is that universities don't care as much about peak 
bandwidth as they do about steady-state traffic: 5 Mbit/s at steady state 
translates to over 50 GB / day.  We've found many universities get 
uncomfortable around 15-20 GB / day.  In CoralCDN, we employ 
application-level bandwidth tracking that allows higher burst rates, but 
ensure that steady-state consumption over the long period stays below this 
high water mark.

Good luck,
--mike


-----
www.michaelfreedman.org                              www.coralcdn.org


From adam at homeport.org  Sat Jan 28 21:22:26 2006
From: adam at homeport.org (Adam Shostack)
Date: Sat, 28 Jan 2006 16:22:26 -0500
Subject: Running a Tor exit node on an academic network?
In-Reply-To: <928946aa0601281034n578bc7efge502b06ef1c272@mail.gmail.com>
References: <928946aa0601271837y51ba17faied9535531f97a723@mail.gmail.com> <913086632.20060127211353@gmail.com> <43DAEAA4.3090205@eff.org> <928946aa0601281034n578bc7efge502b06ef1c272@mail.gmail.com>
Message-ID: <20060128212226.GB1234@homeport.org>

On Sat, Jan 28, 2006 at 10:34:55AM -0800, Joseph Lorenzo Hall wrote:
| On 1/27/06, Chris Palmer <chris at eff.org> wrote:
| * The Library has electronic subscriptions to certain services that
| are based on IP addresses only.  Proposal: block exit connections to
| those IP addresses given a list or build a list as needed.  The
| eventual list could be thousands of IP addresses long which would have
| a undetermined impact on Tor's performance.

If you don't mind me asking, are you contractually obligated to do this, or are you
simply being nice?



Adam


From adam at homeport.org  Sat Jan 28 21:22:26 2006
From: adam at homeport.org (Adam Shostack)
Date: Sat, 28 Jan 2006 16:22:26 -0500
Subject: Running a Tor exit node on an academic network?
In-Reply-To: <928946aa0601281034n578bc7efge502b06ef1c272@mail.gmail.com>
References: <928946aa0601271837y51ba17faied9535531f97a723@mail.gmail.com> <913086632.20060127211353@gmail.com> <43DAEAA4.3090205@eff.org> <928946aa0601281034n578bc7efge502b06ef1c272@mail.gmail.com>
Message-ID: <20060128212226.GB1234@homeport.org>

On Sat, Jan 28, 2006 at 10:34:55AM -0800, Joseph Lorenzo Hall wrote:
| On 1/27/06, Chris Palmer <chris at eff.org> wrote:
| * The Library has electronic subscriptions to certain services that
| are based on IP addresses only.  Proposal: block exit connections to
| those IP addresses given a list or build a list as needed.  The
| eventual list could be thousands of IP addresses long which would have
| a undetermined impact on Tor's performance.

If you don't mind me asking, are you contractually obligated to do this, or are you
simply being nice?



Adam


From matt at snark.net  Sun Jan 29 00:41:05 2006
From: matt at snark.net (Matt Ghali)
Date: Sat, 28 Jan 2006 16:41:05 -0800 (PST)
Subject: Running a Tor exit node on an academic network?
In-Reply-To: <20060128212226.GB1234@homeport.org>
References: <928946aa0601271837y51ba17faied9535531f97a723@mail.gmail.com>
 <913086632.20060127211353@gmail.com> <43DAEAA4.3090205@eff.org>
 <928946aa0601281034n578bc7efge502b06ef1c272@mail.gmail.com>
 <20060128212226.GB1234@homeport.org>
Message-ID: <Pine.GSO.4.61.0601281637190.4187@pants.snark.net>

On Sat, 28 Jan 2006, Adam Shostack wrote:

> On Sat, Jan 28, 2006 at 10:34:55AM -0800, Joseph Lorenzo Hall wrote:
> | * The Library has electronic subscriptions to certain services that
> | are based on IP addresses only.  Proposal: block exit connections to
> | those IP addresses given a list or build a list as needed.  The
> | eventual list could be thousands of IP addresses long which would have
> | a undetermined impact on Tor's performance.
>
> If you don't mind me asking, are you contractually obligated to 
> do this, or are you simply being nice?

The funny thing is, more than a year ago, it became a violation of 
UC policy to use weak authentication methods such as relying on IP 
addresses. Like elsewhere in the UC, though, ineptitude and 
ignorance are coddled, and so life goes on- until someone walks off 
with a laptop containing personal information on thousands of 
students and staff..

Suffice it to say that UCB is in the intersection of academic and 
state beaurocracies. The effect seems to be multiplicative, instead 
of additive.

--matt at snark.net------------------------------------------<darwin><
               The only thing necessary for the triumph
               of evil is for good men to do nothing. - Edmund Burke


From matt at snark.net  Sun Jan 29 00:41:05 2006
From: matt at snark.net (Matt Ghali)
Date: Sat, 28 Jan 2006 16:41:05 -0800 (PST)
Subject: Running a Tor exit node on an academic network?
In-Reply-To: <20060128212226.GB1234@homeport.org>
References: <928946aa0601271837y51ba17faied9535531f97a723@mail.gmail.com>
 <913086632.20060127211353@gmail.com> <43DAEAA4.3090205@eff.org>
 <928946aa0601281034n578bc7efge502b06ef1c272@mail.gmail.com>
 <20060128212226.GB1234@homeport.org>
Message-ID: <Pine.GSO.4.61.0601281637190.4187@pants.snark.net>

On Sat, 28 Jan 2006, Adam Shostack wrote:

> On Sat, Jan 28, 2006 at 10:34:55AM -0800, Joseph Lorenzo Hall wrote:
> | * The Library has electronic subscriptions to certain services that
> | are based on IP addresses only.  Proposal: block exit connections to
> | those IP addresses given a list or build a list as needed.  The
> | eventual list could be thousands of IP addresses long which would have
> | a undetermined impact on Tor's performance.
>
> If you don't mind me asking, are you contractually obligated to 
> do this, or are you simply being nice?

The funny thing is, more than a year ago, it became a violation of 
UC policy to use weak authentication methods such as relying on IP 
addresses. Like elsewhere in the UC, though, ineptitude and 
ignorance are coddled, and so life goes on- until someone walks off 
with a laptop containing personal information on thousands of 
students and staff..

Suffice it to say that UCB is in the intersection of academic and 
state beaurocracies. The effect seems to be multiplicative, instead 
of additive.

--matt at snark.net------------------------------------------<darwin><
               The only thing necessary for the triumph
               of evil is for good men to do nothing. - Edmund Burke


From circut at youtopia.homelinux.org  Mon Jan 30 05:32:02 2006
From: circut at youtopia.homelinux.org (circut at youtopia.homelinux.org)
Date: Mon, 30 Jan 2006 00:32:02 -0500
Subject: Lots of errors in logs (>300mb)
Message-ID: <20060130053202.GA23872@youtopia.homelinux.org>


Hey guys, I'm running tor-0.1.0.16 on linux. I'm running an onion router 
on my box, and I'm seeing alot of these errors in my tor.log:

Jan 30 00:25:30.735 [notice] onion_pending_add(): Already have 100
onions queued. Closing.
Jan 30 00:25:30.735 [warn] command_process_create_cell(): Failed to hand
off onionskin. Closing.

These were filling my logs up like crazy, so I just removed those log 
lines from the code and recompiled. 

Just wanted to know if there was a better facility for limiting those
logs. I can't imagine those log entries being anything serious right?

-circut


From jfranusic at gmail.com  Tue Jan  3 18:40:53 2006
From: jfranusic at gmail.com (Joel Franusic)
Date: Tue, 3 Jan 2006 10:40:53 -0800
Subject: OSX - Manual Restart?
In-Reply-To: <43B65C2E.2040501@onionizer.de>
References: <F8548E961B6F7849904218FDE1C83D0009CC58@MAIL-L-Q.baylor.edu>
	 <43B59C3B.6030109@onionizer.de>
	 <20051231081230.GB11514@totoro.wangafu.net>
	 <43B65A61.5000603@onionizer.de> <43B65C2E.2040501@onionizer.de>
Message-ID: <4f9bdc4c0601031040t1cbb2e06qe33160e1e4dc8779@mail.gmail.com>

I've seen the behavior that numE describes. However you do not need to
press ctrl-c to get a prompt back. I normally just hit the space bar
to get my prompt back.

On 12/31/05, numE <numE at onionizer.de> wrote:
> hmm.
>
> obviously tor is running.. even though i had to brake it up with ctrl-c ?!
> the startup script seems to bring it in background on its own....
> perhaps there should be a slight change, so that the user dont has to
> press "ctrl-c"
> on its own to get his prompt back, because he could thing that he broke
> up the process :-)
>
>
> numE schrieb:
> > Hi Nick,
> >
> >
> >> >how may i manually restart tor & privoxy on osx?
> >>
> >> >i tried:
> >> >sudo /Library/StartupItems/Tor/Tor restart
> >>
> >> >this works, but then it is no background process....
> >>
> >>
> >
> > >>>Hm! There may be a bug here.  I'll look into it. In the meantime, I'd
> > >>>suggest you do a separate "start" and "stop" step.
> >
> >
> >
> > srv-01:~ admin$ sudo /Library/StartupItems/Tor/Tor start
> > Starting Tor Service
> > srv-01:~ admin$ Dec 31 10:12:39.757 [notice] Tor v0.1.1.10-alpha. This
> > is experimental software. Do not rely on it for strong anonymity.
> > Dec 31 10:12:39.784 [notice] Initialized libevent version 1.1a using
> > method poll. Good.
> > Dec 31 10:12:39.785 [notice] connection_create_listener(): Opening Socks
> > listener on 127.0.0.1:9050
> > ---
> > CTRL-C
> > ---
> > srv-01:~ admin$
> >
> >
> > same problem :-)
> > process does not go into background.
> >
> > greetings,
> >
> > numE
> >
> > p.s. Wishing you all the best in 2006!
> >
>
>


From xsteadfastx at gmail.com  Mon Jan 30 14:55:11 2006
From: xsteadfastx at gmail.com (Marvin Preuss)
Date: Mon, 30 Jan 2006 15:55:11 +0100
Subject: Question about HiddenServices and...
Message-ID: <43DE28CF.3080406@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

...Server configuration :) Hi,
so i have two questions. the first one is about hidden services. when i
set up a hidden service can it point to a other url except localhost? i
just saw the example with google but im still not sure about it. so i
need to have my webserver running somewhere and i need to have tor
running somewhere. on which port the tor needs to listen to that things
are working? 9050 from outside? cause i would have it running behind nat.

and the other question is about BandwidthBurst for my tor server. i dont
understand it exactly what this is doing. i would be really helpful for
every help :)
best wishes

marvin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD3ijPChE8w47F3oMRAoaZAJ9mKciZKVfkpxs+h0vrL6F/ejJ5tgCcCwIs
DryZT2HEYANIymJKTykxJgY=
=5GMt
-----END PGP SIGNATURE-----


From numE at onionizer.de  Mon Jan 30 19:44:02 2006
From: numE at onionizer.de (numE)
Date: Mon, 30 Jan 2006 20:44:02 +0100
Subject: whats up with tor?!
In-Reply-To: <43DE28CF.3080406@gmail.com>
References: <43DE28CF.3080406@gmail.com>
Message-ID: <43DE6C82.4020906@onionizer.de>

I know. most times tor is slow - thats no problem.
sometimes i have to restart it - then it works again,
but currently i always get privoxy 403 and 503 errors.

according to weasels list a lot of exitnodes are down...

whats up?


From arma at mit.edu  Mon Jan 30 19:56:29 2006
From: arma at mit.edu (Roger Dingledine)
Date: Mon, 30 Jan 2006 14:56:29 -0500
Subject: whats up with tor?!
In-Reply-To: <43DE6C82.4020906@onionizer.de>
References: <43DE28CF.3080406@gmail.com> <43DE6C82.4020906@onionizer.de>
Message-ID: <20060130195629.GN15157@localhost.localdomain>

On Mon, Jan 30, 2006 at 08:44:02PM +0100, numE wrote:
> I know. most times tor is slow - thats no problem.

http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#WhySlow

> sometimes i have to restart it - then it works again,
> but currently i always get privoxy 403 and 503 errors.

Try upgrading to 0.1.0.16 or later. Or try going to websites
that exist. :)

> according to weasels list a lot of exitnodes are down...

Really? They seem up to me.
http://www.noreply.org/tor-running-routers/

--Roger


From firefox-gen at walala.org  Mon Jan 30 19:55:46 2006
From: firefox-gen at walala.org (ADB)
Date: Mon, 30 Jan 2006 11:55:46 -0800
Subject: whats up with tor?!
In-Reply-To: <43DE6C82.4020906@onionizer.de>
References: <43DE28CF.3080406@gmail.com> <43DE6C82.4020906@onionizer.de>
Message-ID: <43DE6F42.7010808@walala.org>

Is it when you're connecting to a hidden service via rendezvous? If so, 
this has been happening to me too lately but it was never a problem 
before. It happens during periods of high traffic mostly.
~A

numE wrote:
> I know. most times tor is slow - thats no problem.
> sometimes i have to restart it - then it works again,
> but currently i always get privoxy 403 and 503 errors.
>
> according to weasels list a lot of exitnodes are down...
>
> whats up?
>
>
>
>
>   


From numE at onionizer.de  Mon Jan 30 21:53:06 2006
From: numE at onionizer.de (numE)
Date: Mon, 30 Jan 2006 22:53:06 +0100
Subject: whats up with tor?!
In-Reply-To: <20060130195629.GN15157@localhost.localdomain>
References: <43DE28CF.3080406@gmail.com> <43DE6C82.4020906@onionizer.de> <20060130195629.GN15157@localhost.localdomain>
Message-ID: <43DE8AC2.2000506@onionizer.de>



Roger Dingledine schrieb:
> On Mon, Jan 30, 2006 at 08:44:02PM +0100, numE wrote:
>   
>> I know. most times tor is slow - thats no problem.
>>     
>
> http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#WhySlow
>   
i said - i know that it is slow - and why it is slow :-)
i am running a >300gb/month tor server myself.

>   
>> sometimes i have to restart it - then it works again,
>> but currently i always get privoxy 403 and 503 errors.
>>     
>
> Try upgrading to 0.1.0.16 or later. Or try going to websites
> that exist. :)
>   
i am using the latest alpha :-)
and regulary visiting the same site :-)
>   
>> according to weasels list a lot of exitnodes are down...
>>     
>
> Really? They seem up to me.
> http://www.noreply.org/tor-running-routers/
>
> --Roger
>   

i mean the weasel list of exitnodes.
there are many hibbernating and unreachable nodes....




From peter at palfrader.org  Mon Jan 30 23:10:31 2006
From: peter at palfrader.org (Peter Palfrader)
Date: Tue, 31 Jan 2006 00:10:31 +0100
Subject: whats up with tor?!
In-Reply-To: <43DE8AC2.2000506@onionizer.de>
References: <43DE28CF.3080406@gmail.com> <43DE6C82.4020906@onionizer.de> <20060130195629.GN15157@localhost.localdomain> <43DE8AC2.2000506@onionizer.de>
Message-ID: <20060130231031.GM9997@asteria.noreply.org>

On Mon, 30 Jan 2006, numE wrote:

> > Really? They seem up to me.
> > http://www.noreply.org/tor-running-routers/
> 
> i mean the weasel list of exitnodes.
> there are many hibbernating and unreachable nodes....

Um, which weasel list of exitnodes then?

Regards,
weasel


From nickm at freehaven.net  Tue Jan 31 05:55:18 2006
From: nickm at freehaven.net (Nick Mathewson)
Date: Tue, 31 Jan 2006 00:55:18 -0500
Subject: Tor talk in Boston this Thursday (MIT, Room 4-237, 7:30 pm)
Message-ID: <20060131055518.GJ6463@totoro.wangafu.net>

Hi! I'm giving a tor-related talk this Thursday at MIT.  It's open to
the public.  You should come if you're in the neighborhood.

============================================================
Anonymous Communications for Crypto Geeks, the U.S. Department of
Defense, and You

Nick Mathewson and Roger Dingledine

First half: Introduction to the theory and designs that make anonymity
networks work, and a discussion of the technical choices from the
earliest designs of the 1980s to today. Second half: Experiences
deploying anonymity, including backing, adoption, law enforcement
issues, abuse, anti-abuse measures, usability, co-existing with other
systems, censorious governments, and creating incentives for people to
help privacy. 

Thu Feb 2, 07:30-09:30pm, 4-237
http://stuff.mit.edu/iap/
Contact: Sherri Davidoff, W20-557, x3-7788, sipb-iap-lectures at mit.edu 
============================================================


-- 
Nick Mathewson


From xsteadfastx at gmail.com  Tue Jan 31 06:25:37 2006
From: xsteadfastx at gmail.com (Marvin Preuss)
Date: Tue, 31 Jan 2006 07:25:37 +0100
Subject: Question about HiddenServies (sorry when twice)
Message-ID: <43DF02E1.8080700@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sorry if i sent this twice but i think i was always sending this to the
wrong email adress. to or-talk at seul.org. but i think it should be
@freehaven.net. And if im wrong then im sorry for spamming this list :)
im just pretty new in here :)

Hi,
so i have two questions. the first one is about hidden services. when i
set up a hidden service can it point to a other url except localhost? i
just saw the example with google but im still not sure about it. so i
need to have my webserver running somewhere and i need to have tor
running somewhere. on which port the tor needs to listen to that things
are working? 9050 from outside? cause i would have it running behind nat.

and the other question is about BandwidthBurst for my tor server. i dont
understand it exactly what this is doing. i would be really helpful for
every help  :)
best wishes

marvin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD3wLhChE8w47F3oMRAo+4AKCOhwami2ek34tqODsHGl794bQj0QCfa+Pp
rmgyDsZEFi5zIMsBZIH9v2w=
=59xb
-----END PGP SIGNATURE-----


From force44 at Safe-mail.net  Tue Jan 31 06:35:14 2006
From: force44 at Safe-mail.net (force44 at Safe-mail.net)
Date: Tue, 31 Jan 2006 01:35:14 -0500
Subject: TOR log question
Message-ID: <N1-6vdmk1aK3z@Safe-mail.net>

Hi everybody,

I receive regular error messages like these 2:

"Error writing router store to disk"
and
"Error replacing "[mypath]/cached-routers.new": File exists"
"Error replacing "[mypath]/cached-routers": File exists"
"Error replacing "[mypath]/cached-routers.new": Permission denied"


I am using WinXP...

Despite this, it seems that TOR is running well, using the last Alfa, the last TorCP interface and Privoxy.

Thanks for your comments :)


From force44 at Safe-mail.net  Tue Jan 31 06:36:35 2006
From: force44 at Safe-mail.net (force44 at Safe-mail.net)
Date: Tue, 31 Jan 2006 01:36:35 -0500
Subject: Socks/TOR setup question
Message-ID: <N1-TPZaDuMJJB@Safe-mail.net>

Hello,

I  use Tor, TorCP and Privoxy:

Privoxy listens on 8118
TOR requests are sent for http and https to 127.0.0.0 on 8118,
and to 127.0.0.1 on 9050 for the socks requests.

That works fine,  but  I am always receiving such message in the Log file:
"[Warn] Your application (using socks4 on port 49370) is giving Tor only an IP address.  Applications  that  do  DNS  resolves themselves  may  leak information.  Consider  using  Socks4A  (e.g. via  privoxy  or socat) instead."

This message is created when any application uses the TOR server, no matter if I parameter it as a socks4 or socks5.

As I am already using Privoxy, what must I change in my config so that this message isn't generated? Moreover, must I setup my applications to use TOR as a socks4 or a socks5 server>

Thank you!


From cyphrpunk at gmail.com  Wed Jan  4 04:03:38 2006
From: cyphrpunk at gmail.com (cyphrpunk)
Date: Tue, 3 Jan 2006 20:03:38 -0800
Subject: Voting for nym
In-Reply-To: <Pine.LNX.4.64.0512201939410.20474@pl2.zayda.com>
References: <Pine.LNX.4.64.0512020045050.20484@pl2.zayda.com>
	 <20051202010441.GM22994@localhost.localdomain>
	 <Pine.LNX.4.64.0512201939410.20474@pl2.zayda.com>
Message-ID: <792ce4370601032003u2b6c2ff1qdf6cb569973c6b2d@mail.gmail.com>

On 12/20/05, Jason Holt <jason at lunkwill.org> wrote:
> There's no point in writing a proxy if it'll still require support on
> wikipedia's end.  To be zero-barrier, the proxy would have to:
>
> * maintain a table of "nymuserXX" wikipedia logins
>
> * automatically login to wikipedia using the one corresponding to the
> connecting nym user
>
> * prevent the client from logging out or doing other things that would let
> them hide behind the nym proxy using anything other than their assigned
> pseudonym.

I would see a proxy as being, from Wikipedia's point of view, like an
ISP. It would be like aol.com or, more analogously, momandpopisp.com,
some ISP with a number of users. If one misbehaves at Wikipedia they
probably don't block the whole ISP. That would be an unfriendly action
that would give them a bad reputation. Instead they probably make an
effort to contact someone at the ISP responsible for abuse and tell
them about the user who caused trouble, letting the ISP block him.
Only if an ISP were persistently unresponsive to abuse complaints
would they be justified in blocking the entire ISP, and I imagine that
this is exactly what they do.

If so, the need is for the anonymous proxy to be able to provide the
same level of service. I have outlined in previous messages how it
could do so, using similar technology to Jason's nym server. It would
hand out usage tokens, one to a customer, and black list tokens which
commit abuse.

BTW Jimmy Wales himself suffered some embarrassment a few weeks ago
when it came out that he had edited his own Wikipedia entry (an action
that is frowned upon) to change it and make himself look better and
more important. If only he had been able to use Tor to create a nym
account he could have avoided all this trouble. Setting himself up as
the sole founder of Wikipedia and removing the name of that other
fellow who had been given credit could have been done without making
Jimmy look bad. So I think we definitely have a friend on the inside,
we just need to get him involved in pushing for this.

CP


From arma at mit.edu  Tue Jan 31 07:55:50 2006
From: arma at mit.edu (Roger Dingledine)
Date: Tue, 31 Jan 2006 02:55:50 -0500
Subject: Socks/TOR setup question
In-Reply-To: <N1-TPZaDuMJJB@Safe-mail.net>
References: <N1-TPZaDuMJJB@Safe-mail.net>
Message-ID: <20060131075549.GO15157@localhost.localdomain>

On Tue, Jan 31, 2006 at 01:36:35AM -0500, force44 at Safe-mail.net wrote:
> I  use Tor, TorCP and Privoxy:
> 
> Privoxy listens on 8118
> TOR requests are sent for http and https to 127.0.0.0 on 8118,
> and to 127.0.0.1 on 9050 for the socks requests.
> 
> That works fine,  but  I am always receiving such message in the Log file:
> "[Warn] Your application (using socks4 on port 49370) is giving Tor only an IP address.  Applications  that  do  DNS  resolves themselves  may  leak information.  Consider  using  Socks4A  (e.g. via  privoxy  or socat) instead."
> 
> This message is created when any application uses the TOR server, no matter if I parameter it as a socks4 or socks5.
> 
> As I am already using Privoxy, what must I change in my config so that this message isn't generated? Moreover, must I setup my applications to use TOR as a socks4 or a socks5 server>

The port that your error message references (49370) doesn't look like
it's for web browsing.

Do you actually get this with every connection? If so, then you should
be seeing complaints about port 80 also.

Perhaps it is some other application that you are pointing through Tor? It
sounds like you're using Privoxy correctly for your web connections and
you are using other applications which you have failed to mention here
that leak DNS resolves.

http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#CompatibleApplications
http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#SOCKSAndDNS

--Roger


From arma at mit.edu  Tue Jan 31 07:58:39 2006
From: arma at mit.edu (Roger Dingledine)
Date: Tue, 31 Jan 2006 02:58:39 -0500
Subject: TOR log question
In-Reply-To: <N1-6vdmk1aK3z@Safe-mail.net>
References: <N1-6vdmk1aK3z@Safe-mail.net>
Message-ID: <20060131075839.GP15157@localhost.localdomain>

On Tue, Jan 31, 2006 at 01:35:14AM -0500, force44 at Safe-mail.net wrote:
> I receive regular error messages like these 2:
> 
> "Error writing router store to disk"
> and
> "Error replacing "[mypath]/cached-routers.new": File exists"
> "Error replacing "[mypath]/cached-routers": File exists"
> "Error replacing "[mypath]/cached-routers.new": Permission denied"
> 
> 
> I am using WinXP...
> 
> Despite this, it seems that TOR is running well, using the last Alfa, the last TorCP interface and Privoxy.

Interesting. This sounds like a bug somewhere. Did you install
from the latest bundle from the Tor webpage? Are you running Windows XP
SP2, or something else?

1) do these errors happen often?
2) are they repeatable?
3) is the directory there?
4) are the files there?
5) if they're there, what size are they?

--Roger


From arma at mit.edu  Tue Jan 31 08:04:39 2006
From: arma at mit.edu (Roger Dingledine)
Date: Tue, 31 Jan 2006 03:04:39 -0500
Subject: Question about HiddenServices and...
In-Reply-To: <43DE28CF.3080406@gmail.com>
References: <43DE28CF.3080406@gmail.com>
Message-ID: <20060131080438.GQ15157@localhost.localdomain>

On Mon, Jan 30, 2006 at 03:55:11PM +0100, Marvin Preuss wrote:
> ...Server configuration :) Hi,
> so i have two questions. the first one is about hidden services. when i
> set up a hidden service can it point to a other url except localhost?

Yes.

> i just saw the example with google but im still not sure about it. so i
> need to have my webserver running somewhere and i need to have tor
> running somewhere.

Precisely.

> on which port the tor needs to listen to that things
> are working? 9050 from outside? cause i would have it running behind nat.

To run a hidden service, your Tor connects *out*, and then the people
accessing your hidden service use those outbound connections to get
to your service.

This means you can run a hidden service from anywhere that can reach
the Tor network. It doesn't have to have a routable network address.
It's hidden, after all.

> and the other question is about BandwidthBurst for my tor server. i dont
> understand it exactly what this is doing. i would be really helpful for
> every help :)

http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#LimitBandwidth
http://en.wikipedia.org/wiki/Token_bucket

Perhaps ask a more concrete question?

--Roger


From arma at mit.edu  Tue Jan 31 08:21:33 2006
From: arma at mit.edu (Roger Dingledine)
Date: Tue, 31 Jan 2006 03:21:33 -0500
Subject: Lots of errors in logs (>300mb)
In-Reply-To: <20060130053202.GA23872@youtopia.homelinux.org>
References: <20060130053202.GA23872@youtopia.homelinux.org>
Message-ID: <20060131082133.GR15157@localhost.localdomain>

On Mon, Jan 30, 2006 at 12:32:02AM -0500, circut at youtopia.homelinux.org wrote:
> Hey guys, I'm running tor-0.1.0.16 on linux. I'm running an onion router 
> on my box, and I'm seeing alot of these errors in my tor.log:
> 
> Jan 30 00:25:30.735 [notice] onion_pending_add(): Already have 100
> onions queued. Closing.
> Jan 30 00:25:30.735 [warn] command_process_create_cell(): Failed to hand
> off onionskin. Closing.
> 
> These were filling my logs up like crazy, so I just removed those log 
> lines from the code and recompiled. 
> 
> Just wanted to know if there was a better facility for limiting those
> logs. I can't imagine those log entries being anything serious right?

These are very serious. They mean that your Tor server is overloaded
and can't keep up with the clients trying to use it. I've just changed
the log message to be more helpful:

"Your computer is too slow to handle this many circuit creation
 requests! Please consider using the MaxAdvertisedBandwidth config
 option or choosing a more restricted exit policy."

Does that help? My best guess is either that you're running on a 20mhz
processor, or you set your exit policy to accept *:*, or both.

--Roger


From arma at mit.edu  Tue Jan 31 08:30:26 2006
From: arma at mit.edu (Roger Dingledine)
Date: Tue, 31 Jan 2006 03:30:26 -0500
Subject: dynamically changable options in torrc?
In-Reply-To: <87ek2uderj.fsf@callisto.paradoxical.net>
References: <87ek2uderj.fsf@callisto.paradoxical.net>
Message-ID: <20060131083026.GS15157@localhost.localdomain>

On Thu, Jan 26, 2006 at 01:29:20PM -0500, Josh wrote:
> Is there a list of what options may be changed without restarting
> the tor process? (i.e., change and kill -HUP <torpid>)

See options_transition_allowed() in
http://tor.eff.org/cvs/tor/src/or/config.c

Currently everything is allowed to change except PidFile, RunAsDaemon,
DataDirectory, User, Group, and HardwareAccel.

Note that there's a bug in 0.1.1.12-alpha that makes your Tor crash
when you enable ORPort -- this is fixed in CVS.

> By experimentation, I've discoverd that the various bandwidth
> limiting options are changable.  How about hidden services?

Sure. For lots more details, see section 3.1 and the end of 3.3 in
http://tor.eff.org/cvs/doc/control-spec.txt
and also
http://tor.eff.org/cvs/control/doc/howto.txt

--Roger


From arma at mit.edu  Tue Jan 31 08:35:31 2006
From: arma at mit.edu (Roger Dingledine)
Date: Tue, 31 Jan 2006 03:35:31 -0500
Subject: Bandwidth shaping by time of day / week / month? Adding that info to Tor protocol?
In-Reply-To: <1138256865.28648.252795679@webmail.messagingengine.com>
References: <1138256865.28648.252795679@webmail.messagingengine.com>
Message-ID: <20060131083531.GT15157@localhost.localdomain>

On Wed, Jan 25, 2006 at 10:27:45PM -0800, Scarab wrote:
> I'm new to the list. Perhaps this has been covered already, but are
> there any plans to add cron-style bandwidth shaping options to Tor? I
> mean using the common crontab notation for specifying arbitrary time
> periods and bandwidth throttles within those periods. In my case, I want
> a 20KB limit from 8am to 5pm Mon-Fri, no limit outside those hours. With
> a cron-style implementation it'd be easy to do arbitrarily complex
> shaping, i.e. cap Tor at 30KB on a specific night if a remote backup was
> scheduled to occur, etc.
> 
> I'd like to ramp the rate on my end-node up to the full 50KB capacity of
> the line when
> I'm done using my ADSL connection for the day, but can't now do this
> without stopping / restarting Tor, re-writing the config file, etc. Also
> I'd prefer to keep my server up all the time in service of the overall
> stability of the network.

Using one of the 0.1.1.x Tor releases, set "ControlPort 9051" in your
torrc before you start Tor, and then

telnet localhost 9051
authenticate
setconf bandwidthrate="50 KB"
quit

I'm sure you can automate this process via netcat or the like.

Once you've got your script working, can you publish it here
so others can use it and improve it?

Thanks!
--Roger


From force44 at Safe-mail.net  Tue Jan 31 08:37:57 2006
From: force44 at Safe-mail.net (force44 at Safe-mail.net)
Date: Tue, 31 Jan 2006 03:37:57 -0500
Subject: Socks/TOR setup question
Message-ID: <N1-a4l6kLiIKn@Safe-mail.net>

Yes in fact I didn't explain correctly!

I use SocksCap that I point to TOR on 127.0.0.1:9050

Then, I "socksify" for example my email software, with SocksCap.

These messages always happen when I run also for example ICQ, or a FTP, SSH, email etc software also "socksified" by SocksCap.


But doing so, is there a way to remove these messages, using socksified applications through SocksCap ?

Thank you!


> On Tue, Jan 31, 2006 at 01:36:35AM -0500, force44 at Safe-mail.net wrote:
>> I  use Tor, TorCP and Privoxy:
>> 
>> Privoxy listens on 8118
>> TOR requests are sent for http and https to 127.0.0.0 on 8118,
>> and to 127.0.0.1 on 9050 for the socks requests.
>> 
>> That works fine,  but  I am always receiving such message in the Log file:
>> "[Warn] Your application (using socks4 on port 49370) is giving Tor only an IP address.  Applications  that  do  DNS  resolves themselves  may  leak information.  Consider  using  Socks4A  (e.g. via  privoxy  or socat) instead."
>> 
>> This message is created when any application uses the TOR server, no matter if I parameter it as a socks4 or socks5.
>> 
>> As I am already using Privoxy, what must I change in my config so that this message isn't generated? Moreover, must I setup my applications to use TOR as a socks4 or a socks5 server>

> The port that your error message references (49370) doesn't look like
> it's for web browsing.

> Do you actually get this with every connection? If so, then you should
> be seeing complaints about port 80 also.

> Perhaps it is some other application that you are pointing through Tor? It
> sounds like you're using Privoxy correctly for your web connections and
> you are using other applications which you have failed to mention here
> that leak DNS resolves.

> http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#CompatibleApplications
> http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#SOCKSAndDNS

> --Roger


From arma at mit.edu  Tue Jan 31 08:42:23 2006
From: arma at mit.edu (Roger Dingledine)
Date: Tue, 31 Jan 2006 03:42:23 -0500
Subject: choosing a syslog facility other than 'daemon'
In-Reply-To: <Pine.GSO.4.61.0601232100530.22876@pants.snark.net>
References: <Pine.GSO.4.61.0601232100530.22876@pants.snark.net>
Message-ID: <20060131084223.GU15157@localhost.localdomain>

On Mon, Jan 23, 2006 at 09:02:05PM -0800, Matt Ghali wrote:
> Is there a user-friendly way to ask tor to log to a different 
> facility than 'daemon'? IE, something that does not involve editing 
> the source and recompiling :)

Hi Matt,

You're the only person who wants this, as far as I've heard. Did
you have another facility in mind, or did you want to handle all
of them?

I would be pleased to apply a patch. :)

--Roger


From force44 at Safe-mail.net  Tue Jan 31 08:43:15 2006
From: force44 at Safe-mail.net (force44 at Safe-mail.net)
Date: Tue, 31 Jan 2006 03:43:15 -0500
Subject: TOR log question
Message-ID: <N1-pRYuk8gETT@Safe-mail.net>

Yes I installed from the last available release (alpha)

I am running XP-SP2, updated,

These error happen now less often than with the previous releases, but
happen sometimes.


The DIR and the files ARE there!

Currently the cached-routers.new is 15 ko, from 10 minutes ago,
BUT I got an error message that this file couldn't be stored on the
disk, 40 minutes ago!

Same for cached-routers, size is about 1300 ko.

Thank you!



> On Tue, Jan 31, 2006 at 01:35:14AM -0500, force44 at Safe-mail.net wrote:
>> I receive regular error messages like these 2:
>> 
>> "Error writing router store to disk"
>> and
>> "Error replacing "[mypath]/cached-routers.new": File exists"
>> "Error replacing "[mypath]/cached-routers": File exists"
>> "Error replacing "[mypath]/cached-routers.new": Permission denied"
>> 
>> 
>> I am using WinXP...
>> 
>> Despite this, it seems that TOR is running well, using the last Alfa, the last TorCP interface and Privoxy.

> Interesting. This sounds like a bug somewhere. Did you install
> from the latest bundle from the Tor webpage? Are you running Windows XP
> SP2, or something else?

> 1) do these errors happen often?
> 2) are they repeatable?
> 3) is the directory there?
> 4) are the files there?
> 5) if they're there, what size are they?

> --Roger


From numE at onionizer.de  Tue Jan 31 09:34:06 2006
From: numE at onionizer.de (numE)
Date: Tue, 31 Jan 2006 10:34:06 +0100
Subject: whats up with tor?!
In-Reply-To: <20060130231031.GM9997@asteria.noreply.org>
References: <43DE28CF.3080406@gmail.com> <43DE6C82.4020906@onionizer.de> <20060130195629.GN15157@localhost.localdomain> <43DE8AC2.2000506@onionizer.de> <20060130231031.GM9997@asteria.noreply.org>
Message-ID: <43DF2F0E.4010505@onionizer.de>

LoL

Peter Palfrader schrieb:
> On Mon, 30 Jan 2006, numE wrote:
>
>   
>>> Really? They seem up to me.
>>> http://www.noreply.org/tor-running-routers/
>>>       
>> i mean the weasel list of exitnodes.
>> there are many hibbernating and unreachable nodes....
>>     
>
> Um, which weasel list of exitnodes then?
>
> Regards,
> weasel
>   

args. sorry ;)
i meant geoff's :o)
http://serifos.eecs.harvard.edu/cgi-bin/exit.pl


From jason at lunkwill.org  Wed Jan  4 20:41:17 2006
From: jason at lunkwill.org (Jason Holt)
Date: Wed, 4 Jan 2006 20:41:17 +0000 (UTC)
Subject: Voting for nym
In-Reply-To: <792ce4370601032003u2b6c2ff1qdf6cb569973c6b2d@mail.gmail.com>
References: <Pine.LNX.4.64.0512020045050.20484@pl2.zayda.com> 
 <20051202010441.GM22994@localhost.localdomain>  <Pine.LNX.4.64.0512201939410.20474@pl2.zayda.com>
 <792ce4370601032003u2b6c2ff1qdf6cb569973c6b2d@mail.gmail.com>
Message-ID: <Pine.LNX.4.64.0601042021480.26195@pl2.zayda.com>


On Tue, 3 Jan 2006, cyphrpunk wrote:
> I would see a proxy as being, from Wikipedia's point of view, like an
> ISP. It would be like aol.com or, more analogously, momandpopisp.com,
> some ISP with a number of users. If one misbehaves at Wikipedia they
> probably don't block the whole ISP. That would be an unfriendly action
> that would give them a bad reputation. Instead they probably make an
> effort to contact someone at the ISP responsible for abuse and tell
> them about the user who caused trouble, letting the ISP block him.
> Only if an ISP were persistently unresponsive to abuse complaints
> would they be justified in blocking the entire ISP, and I imagine that
> this is exactly what they do.

Most ISPs don't use a single outgoing IP address, and I've never seen anyone 
contact an external authority to have a user blocked; we just take care of it 
on wikipedia itself.

I've been doing a lot of "RC Patrol" lately (watching the list of edits for 
vandalism), and frequently high school students will try to turn the article 
about their high school into a message board ("l33tdud3 wuz here, peace to all 
my h0m13z"...).  Standard practice for vandalism is to put increasingly dire 
warning messages on their "user talk" page (which displays a "You have new 
messages" message when they next view a page), then request one of the 
wikipedia admins to block them if they continue.  When their username is 
blocked, their IP is also automatically blocked.  High schools often come 
through a proxy with a single IP, and there's a standard notice that 
eventually gets added to the IP's talk page if both good and bad edits show up 
over time.  It puts admins in a more difficult position, because blocking the 
IP also blocks the good users, and they'll try to be more lenient, but the 
process is ultimately the same.  I've seen individual users vandalize multiple 
pages per minute, and by the time an admin gets around to blocking them, I've 
spent 20 minutes cleaning up after them.  Nobody's going to wait around for an 
email response when something like that's happening.  I can hit the "recent 
changes" link all day long and stay continuously busy repairing vandalism (and 
warning users) even without the prolific vandals that require continuous 
watching.

I agree that Jimmy is an excellent advocate to have.  Maybe somebody else can 
get him interested again. I've emailed him several times without a response, 
although for all I know his spam filter is eating my messages.


 						-J


From circut at youtopia.homelinux.org  Tue Jan 31 15:35:51 2006
From: circut at youtopia.homelinux.org (circut at youtopia.homelinux.org)
Date: Tue, 31 Jan 2006 10:35:51 -0500
Subject: Lots of errors in logs (>300mb)
In-Reply-To: <20060131082133.GR15157@localhost.localdomain>
References: <20060130053202.GA23872@youtopia.homelinux.org> <20060131082133.GR15157@localhost.localdomain>
Message-ID: <20060131153551.GA29362@youtopia.homelinux.org>


Good guess. I'm running on a 2.8ghz Celeron, but my exit policy was
flawed I believe. I've since fixed it, I hope.

-circut

On Tue, Jan 31, 2006 at 03:21:33AM -0500, Roger Dingledine wrote:
> On Mon, Jan 30, 2006 at 12:32:02AM -0500, circut at youtopia.homelinux.org wrote:
> > Hey guys, I'm running tor-0.1.0.16 on linux. I'm running an onion router 
> > on my box, and I'm seeing alot of these errors in my tor.log:
> > 
> > Jan 30 00:25:30.735 [notice] onion_pending_add(): Already have 100
> > onions queued. Closing.
> > Jan 30 00:25:30.735 [warn] command_process_create_cell(): Failed to hand
> > off onionskin. Closing.
> > 
> > These were filling my logs up like crazy, so I just removed those log 
> > lines from the code and recompiled. 
> > 
> > Just wanted to know if there was a better facility for limiting those
> > logs. I can't imagine those log entries being anything serious right?
> 
> These are very serious. They mean that your Tor server is overloaded
> and can't keep up with the clients trying to use it. I've just changed
> the log message to be more helpful:
> 
> "Your computer is too slow to handle this many circuit creation
>  requests! Please consider using the MaxAdvertisedBandwidth config
>  option or choosing a more restricted exit policy."
> 
> Does that help? My best guess is either that you're running on a 20mhz
> processor, or you set your exit policy to accept *:*, or both.
> 
> --Roger
> 


From chris at eff.org  Tue Jan 31 16:19:29 2006
From: chris at eff.org (Chris Palmer)
Date: Tue, 31 Jan 2006 08:19:29 -0800
Subject: TOR log question
In-Reply-To: <20060131075839.GP15157@localhost.localdomain>
References: <N1-6vdmk1aK3z@Safe-mail.net> <20060131075839.GP15157@localhost.localdomain>
Message-ID: <43DF8E11.5070201@eff.org>

Roger Dingledine wrote:

>>"Error replacing "[mypath]/cached-routers.new": File exists"
>>"Error replacing "[mypath]/cached-routers": File exists"
>>"Error replacing "[mypath]/cached-routers.new": Permission denied"

> 1) do these errors happen often?
> 2) are they repeatable?
> 3) is the directory there?
> 4) are the files there?
> 5) if they're there, what size are they?

6) What are the ACLs on those files and the directory?


From chris at eff.org  Tue Jan 31 16:27:38 2006
From: chris at eff.org (Chris Palmer)
Date: Tue, 31 Jan 2006 08:27:38 -0800
Subject: Tor bug?
In-Reply-To: <20060131153439.92236.qmail@web51305.mail.yahoo.com>
References: <20060131153439.92236.qmail@web51305.mail.yahoo.com>
Message-ID: <43DF8FFA.1050300@eff.org>

David Edwards wrote:

> I have my network connection setup to point to Tor on
> 127.0.0.1 and port 8118. I'm running several browsers:
> Safari, Camino 10.b1 and Firefox 1.5, with
> SwitchProxy.

I think I sense a problem already. It's Privoxy, an HTTP proxy, that 
listens on 8118. Tor listens on port 9050 for SOCKS connections.

The Privoxy configuration that is installed by the Mac installer is set 
to use Tor as a SOCKS proxy; thus, you have two ways of using Tor with 
your web browser:

1. Tell your web browser to use Privoxy as an HTTP (and HTTPS) proxy; 
Privoxy will then in turn use Tor.

2. Tell your browser to use Tor as a SOCKS proxy.

Normally, #1 is preferable. See Step Two in 
<http://tor.eff.org/cvs/tor/doc/tor-doc-osx.html>.

Finally, please note that questions about using Tor should be sent to 
or-talk@, not tor-webmaster at . You'll need to subscribe to or-talk@ 
before you can post. See Mailing List Information in 
<http://tor.eff.org/documentation.html.en>.


From patgus at stonewwwall.org  Tue Jan 31 16:41:18 2006
From: patgus at stonewwwall.org (patgus)
Date: Tue, 31 Jan 2006 10:41:18 -0600
Subject: how to confirm that tor is working?
Message-ID: <20060131104118.63fd6312.patgus@stonewwwall.org>


 Ok, I see a lot of connections with netstat and in the logs. But I also get a message in the logs every so often that I am unable to confirm that the DIR and OR port are available. After a few hours all I receive are log messages that my server cannot confirm that the ports are available and no more connection messages. I am also seeing a lot of "scrubbed" connections and "giving up" messages in the logs.
 I am using the latest stable version, I am behind a NAT firewall, port forwarding has been setup per instructions on both the server and the NAT firewall.


From brianwc at ocf.berkeley.edu  Tue Jan 31 17:03:58 2006
From: brianwc at ocf.berkeley.edu (Brian C)
Date: Tue, 31 Jan 2006 09:03:58 -0800
Subject: how to confirm that tor is working?
In-Reply-To: <20060131104118.63fd6312.patgus@stonewwwall.org>
References: <20060131104118.63fd6312.patgus@stonewwwall.org>
Message-ID: <43DF987E.1030900@ocf.berkeley.edu>

Do you see your tor server listed here:

http://moria.seul.org:9031/

or here:

http://serifos.eecs.harvard.edu/cgi-bin/exit.pl

If not, something's probably wrong.

Brian

patgus wrote:
>  Ok, I see a lot of connections with netstat and in the logs. But I also get a message in the logs every so often that I am unable to confirm that the DIR and OR port are available. After a few hours all I receive are log messages that my server cannot confirm that the ports are available and no more connection messages. I am also seeing a lot of "scrubbed" connections and "giving up" messages in the logs.
>  I am using the latest stable version, I am behind a NAT firewall, port forwarding has been setup per instructions on both the server and the NAT firewall.
> 
> 


From patgus at stonewwwall.org  Tue Jan 31 18:09:56 2006
From: patgus at stonewwwall.org (patgus)
Date: Tue, 31 Jan 2006 12:09:56 -0600
Subject: how to confirm that tor is working?
In-Reply-To: <43DF987E.1030900@ocf.berkeley.edu>
References: <20060131104118.63fd6312.patgus@stonewwwall.org>
	<43DF987E.1030900@ocf.berkeley.edu>
Message-ID: <20060131120956.6f5c5206.patgus@stonewwwall.org>

 Ok, it was not listed. It is now, what does the 
reject *:25
on the listing on this webpage signify. I assume it has something to do with my firewall but what?
On Tue, 31 Jan 2006 09:03:58 -0800
Brian C <brianwc at ocf.berkeley.edu> wrote:

> Do you see your tor server listed here:
> 
> http://moria.seul.org:9031/
> 
> or here:
> 
> http://serifos.eecs.harvard.edu/cgi-bin/exit.pl
> 
> If not, something's probably wrong.
> 
> Brian
> 
> patgus wrote:
> >  Ok, I see a lot of connections with netstat and in the logs. But I also get a message in the logs every so often that I am unable to confirm that the DIR and OR port are available. After a few hours all I receive are log messages that my server cannot confirm that the ports are available and no more connection messages. I am also seeing a lot of "scrubbed" connections and "giving up" messages in the logs.
> >  I am using the latest stable version, I am behind a NAT firewall, port forwarding has been setup per instructions on both the server and the NAT firewall.
> > 
> > 
> 
> 





From xsteadfastx at gmail.com  Tue Jan 31 18:27:33 2006
From: xsteadfastx at gmail.com (Marvin Preuss)
Date: Tue, 31 Jan 2006 19:27:33 +0100
Subject: how to confirm that tor is working?
In-Reply-To: <20060131120956.6f5c5206.patgus@stonewwwall.org>
References: <20060131104118.63fd6312.patgus@stonewwwall.org>	<43DF987E.1030900@ocf.berkeley.edu> <20060131120956.6f5c5206.patgus@stonewwwall.org>
Message-ID: <43DFAC15.4040400@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

patgus wrote:

Hi,

>  Ok, it was not listed. It is now, what does the 
> reject *:25
> on the listing on this webpage signify. I assume it has something to do with my firewall but what?

that means that port 25 is not allowed as exit port on your server. this
is default (as i know) cause people could use tor to send spam emails.
thats why it should be rejected. and the * means.....from everyone. so
port 25 from everyone gets rejected as exit point.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD36wVChE8w47F3oMRArBPAKCUg7mVrpY8L6ftcR4IjvTpyd99iACeL2cX
pG8YaQ+nn+0YmYs9WZaZ5Zw=
=vb4a
-----END PGP SIGNATURE-----


From patgus at stonewwwall.org  Tue Jan 31 18:31:01 2006
From: patgus at stonewwwall.org (patgus)
Date: Tue, 31 Jan 2006 12:31:01 -0600
Subject: how to confirm that tor is working?
In-Reply-To: <43DFAC15.4040400@gmail.com>
References: <20060131104118.63fd6312.patgus@stonewwwall.org>
	<43DF987E.1030900@ocf.berkeley.edu>
	<20060131120956.6f5c5206.patgus@stonewwwall.org>
	<43DFAC15.4040400@gmail.com>
Message-ID: <20060131123101.2fb6216f.patgus@stonewwwall.org>

 Hmm, which is worse? spam or someone reading your emails? Hard decision there, I hate spam too.
On Tue, 31 Jan 2006 19:27:33 +0100
Marvin Preuss <xsteadfastx at gmail.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> patgus wrote:
> 
> Hi,
> 
> >  Ok, it was not listed. It is now, what does the 
> > reject *:25
> > on the listing on this webpage signify. I assume it has something to do with my firewall but what?
> 
> that means that port 25 is not allowed as exit port on your server. this
> is default (as i know) cause people could use tor to send spam emails.
> thats why it should be rejected. and the * means.....from everyone. so
> port 25 from everyone gets rejected as exit point.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQFD36wVChE8w47F3oMRArBPAKCUg7mVrpY8L6ftcR4IjvTpyd99iACeL2cX
> pG8YaQ+nn+0YmYs9WZaZ5Zw=
> =vb4a
> -----END PGP SIGNATURE-----
> 
> 



From zorba at pavlovian.net  Tue Jan 31 18:36:12 2006
From: zorba at pavlovian.net (Ben Wilhelm)
Date: Tue, 31 Jan 2006 10:36:12 -0800
Subject: how to confirm that tor is working?
In-Reply-To: <43DFAC15.4040400@gmail.com>
References: <20060131104118.63fd6312.patgus@stonewwwall.org>	<43DF987E.1030900@ocf.berkeley.edu> <20060131120956.6f5c5206.patgus@stonewwwall.org> <43DFAC15.4040400@gmail.com>
Message-ID: <43DFAE1C.1090505@pavlovian.net>

 > and the * means.....from everyone. so
 > port 25 from everyone gets rejected as exit point.

Backwards - the * means to everyone. Obviously, if we knew who was 
sending us the packets, it would defeat the entire purpose of Tor. This 
lets you set up certain IP ranges so packets can't be sent to them 
(commonly, localhost and other LAN IP blocks - occasionally, 
Tor-disliking sites like Slashdot or Wikipedia.)

-Ben


From xsteadfastx at gmail.com  Tue Jan 31 19:33:11 2006
From: xsteadfastx at gmail.com (Marvin Preuss)
Date: Tue, 31 Jan 2006 20:33:11 +0100
Subject: Question about HiddenServices and...
In-Reply-To: <20060131080438.GQ15157@localhost.localdomain>
References: <43DE28CF.3080406@gmail.com> <20060131080438.GQ15157@localhost.localdomain>
Message-ID: <43DFBB77.7030609@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Roger Dingledine wrote:

Hi Roger,

> To run a hidden service, your Tor connects *out*, and then the people
> accessing your hidden service use those outbound connections to get
> to your service.
> 
> This means you can run a hidden service from anywhere that can reach
> the Tor network. It doesn't have to have a routable network address.
> It's hidden, after all.

that was exactly what i like to hear :) and i just tried it and it
works. My own hidden service :) but thank you for your answer and
everything. Thanks,

Marvin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD37t3ChE8w47F3oMRAhP/AJ9JtyTf/CpniCTtw0M2CNJ9LSlBCgCaAr9z
kKu3imuJT+vC9642ERxq4FE=
=yMJU
-----END PGP SIGNATURE-----


From lnoferin at cybervalley.org  Wed Jan  4 23:18:25 2006
From: lnoferin at cybervalley.org (leandro noferini)
Date: Thu, 05 Jan 2006 00:18:25 +0100
Subject: Running a server on the 80 and 443 ports
Message-ID: <87vewzoa4e.fsf@clementino.cybervalley.org>

Ciao a tutti,

I am  going to setup  a new server  with a good connection:  this server
will run on  a dedicated ip so I  would like to run on the  ports 80 and
443  as requested  at http://tor.eff.org/cvs/tor/doc/tor-doc-server.html
but I am finding this problem. 

The server will run  as a special user not and root  will only start the
program so I put these two lines on torrc to let the change of user

User torserver
Group torgruppo

but the same I get this error in log file

Jan 05 00:05:07.731  [warn] connection_create_listener(): Could not bind
to port 443: Permission denied

Jan  05 00:05:07.731  [err] options_act():  Failed  to bind  one of  the
listener ports. 

Jan 05  00:05:07.731 [err] init_from_config(): Acting  on config options
left us in a broken state. Dying. 

?

-- 
Ciao
leandro
Un esteso e "normale" uso della crittografia ? il sistema pi? forte
per rivendicare il diritto alla privacy nelle comunicazioni
telematiche: come tutti i diritti e come i muscoli se non viene
esercitato costantemente si atrofizza e va perso.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20060105/1594ed64/attachment.pgp>

From huber at paradoxical.net  Tue Jan 31 19:48:31 2006
From: huber at paradoxical.net (Josh)
Date: Tue, 31 Jan 2006 14:48:31 -0500
Subject: dynamically changable options in torrc?
In-Reply-To: <20060131083026.GS15157@localhost.localdomain> (Roger
	Dingledine's message of "Tue, 31 Jan 2006 03:30:26 -0500")
References: <87ek2uderj.fsf@callisto.paradoxical.net>
	<20060131083026.GS15157@localhost.localdomain>
Message-ID: <87d5i8govk.fsf@callisto.paradoxical.net>

Roger Dingledine <arma at mit.edu> writes:

> See options_transition_allowed() in
> http://tor.eff.org/cvs/tor/src/or/config.c

Thanks, that was exactly what I was looking for.

> Sure. For lots more details, see section 3.1 and the end of 3.3 in
> http://tor.eff.org/cvs/doc/control-spec.txt
> and also
> http://tor.eff.org/cvs/control/doc/howto.txt

Excellent, even more information. :)

Josh


From matt at snark.net  Tue Jan 31 19:50:09 2006
From: matt at snark.net (Matt Ghali)
Date: Tue, 31 Jan 2006 11:50:09 -0800 (PST)
Subject: choosing a syslog facility other than 'daemon'
In-Reply-To: <20060131084223.GU15157@localhost.localdomain>
References: <Pine.GSO.4.61.0601232100530.22876@pants.snark.net>
 <20060131084223.GU15157@localhost.localdomain>
Message-ID: <Pine.GSO.4.61.0601311146290.22864@pants.snark.net>

Funny you should reply now- I spent the morning hacking on autoconf 
and friends, so configure can be used to select a log facility; and 
also, a useful method to point configure at libevent not located in 
/usr/local/lib.

I suspect that a "nicer" way to support other log facilities would 
be to add support in config.c; which I may do instead, given the 
time. Of course, given the lack of interest, I suspect that 
compile-time would be good enough.

I will make sure to send diffs if/when I get them working.

matto

On Tue, 31 Jan 2006, Roger Dingledine wrote:

> On Mon, Jan 23, 2006 at 09:02:05PM -0800, Matt Ghali wrote:
>> Is there a user-friendly way to ask tor to log to a different
>> facility than 'daemon'? IE, something that does not involve editing
>> the source and recompiling :)
>
> Hi Matt,
>
> You're the only person who wants this, as far as I've heard. Did
> you have another facility in mind, or did you want to handle all
> of them?
>
> I would be pleased to apply a patch. :)
>
> --Roger
>


--matt at snark.net------------------------------------------<darwin><
               The only thing necessary for the triumph
               of evil is for good men to do nothing. - Edmund Burke


From rumage_time at yahoo.com  Tue Jan 31 22:06:25 2006
From: rumage_time at yahoo.com (jtnnd ddfff)
Date: Tue, 31 Jan 2006 14:06:25 -0800 (PST)
Subject: Autostarting Server if X connection speed is found?
Message-ID: <20060131220625.411.qmail@web35706.mail.mud.yahoo.com>

Hi,

I was wondering if there is a torrc command which tells Tor *only* to function as a server if X connection speed.  

I looked through the manual and the wikiki and I did not find anything I thought was on-topic.

I would like to set X to a speed of  say 30kb each way.  If this connection speed is found Tor will auto-start it's server functions.

If the above is possible would it be advisable to  set both the "BandwidthRate" and "BandwidthBurst" to 50kb?

Thank You


		
---------------------------------
Do you Yahoo!?
 With a free 1 GB, there's more in store with Yahoo! Mail.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20060131/44fcdfb3/attachment.htm>

From arma at mit.edu  Wed Jan  4 23:34:53 2006
From: arma at mit.edu (Roger Dingledine)
Date: Wed, 4 Jan 2006 18:34:53 -0500
Subject: Running a server on the 80 and 443 ports
In-Reply-To: <87vewzoa4e.fsf@clementino.cybervalley.org>
References: <87vewzoa4e.fsf@clementino.cybervalley.org>
Message-ID: <20060104233453.GE15157@localhost.localdomain>

On Thu, Jan 05, 2006 at 12:18:25AM +0100, leandro noferini wrote:
> I am  going to setup  a new server  with a good connection:  this server
> will run on  a dedicated ip so I  would like to run on the  ports 80 and
> 443  as requested  at http://tor.eff.org/cvs/tor/doc/tor-doc-server.html
> but I am finding this problem. 
> 
> Jan 05 00:05:07.731  [warn] connection_create_listener(): Could not bind
> to port 443: Permission denied

Step 9 of http://tor.eff.org/cvs/tor/doc/tor-doc-server.html
points you to this FAQ entry:
http://wiki.noreply.org/wiki/TheOnionRouter/TorFAQ#ServerForFirewalledClients
which walks you through setting up port forwarding with iptables, etc.

Hope that helps,
--Roger


From superm40 at comcast.net  Thu Jan  5 03:38:09 2006
From: superm40 at comcast.net (Matthew Seth Flaschen)
Date: Wed, 04 Jan 2006 22:38:09 -0500
Subject: Voting for nym
In-Reply-To: <792ce4370601032003u2b6c2ff1qdf6cb569973c6b2d@mail.gmail.com>
References: <Pine.LNX.4.64.0512020045050.20484@pl2.zayda.com>	 <20051202010441.GM22994@localhost.localdomain>	 <Pine.LNX.4.64.0512201939410.20474@pl2.zayda.com> <792ce4370601032003u2b6c2ff1qdf6cb569973c6b2d@mail.gmail.com>
Message-ID: <43BC94A1.2020803@comcast.net>

> I would see a proxy as being, from Wikipedia's point of view, like an
> ISP. It would be like aol.com or, more analogously, momandpopisp.com,
> some ISP with a number of users. If one misbehaves at Wikipedia they
> probably don't block the whole ISP. That would be an unfriendly action
> that would give them a bad reputation. Instead they probably make an
> effort to contact someone at the ISP responsible for abuse and tell
> them about the user who caused trouble, letting the ISP block him.
> Only if an ISP were persistently unresponsive to abuse complaints
> would they be justified in blocking the entire ISP, and I imagine that
> this is exactly what they do.

To the best of my knowledge, we've never blocked an entire ISP, largely 
because it is difficult to determine all the relevant IP ranges. 
However, when large range blocks are done, that may block an entire ISP 
or organization.  I would also note that ISPs have been very 
unresponsive to our abuse compliants.

> BTW Jimmy Wales himself suffered some embarrassment a few weeks ago
> when it came out that he had edited his own Wikipedia entry (an action
> that is frowned upon) to change it and make himself look better and
> more important. 

You're right that he has made edits to the page.  Some have made himself 
look better while others have been neutral factual edits (see 
http://en.wikipedia.org/w/index.php?title=Jimmy_Wales&action=history for 
a record of all edits to the page). However, he now expressed regret for 
making any edits. More importantly, he made those edits from his 
established account, with no attempt to hide his identity.  It is wrong 
to imply he was trying to be secretive.


From ron_davis at ftml.net  Sat Jan  7 01:40:17 2006
From: ron_davis at ftml.net (Ron Davis)
Date: Sat, 07 Jan 2006 02:40:17 +0100
Subject: Warning message in v0.1.1.10-alpha
Message-ID: <1136598017.9167.251280614@webmail.messagingengine.com>

Hi all,

I'm running Tor v0.1.1.10-alpha in client mode on Win 98SE.

Several times today, I saw a warning message like the one below. 

Any ideas?

Thanks,
Ron


Jan 07 02:20:06.450 [warn] connection_dir_client_reached_eof(): Received
http st
atus code 302 ("Found") from server '65.254.37.163:80' while fetching
"/tor/serv
er/fp/C76815FA912A6B2954B70DA4FF033902CC4F0650+C790983B7A75E52FBAA167A78795138F4
00E8B18+CB82503D8E750F5486CE280DEC973221679C0F7F+D12BD550CCB17AB14211025655918C8
2208E9BB0+D7BBC9D1B08AE5933B08A21610205940D697C8F2+D897181CBFB75B0DA3E90E81DD07D
C11CD1CFC5A+DCC0984284410C322F94E08E422B1D641C7B715F+DE1462CB122675127C158E69B40
3F52EDD30BC9F+E3B1360083D406A632F807D9CD67E93EAFFF4AEB+EB16E6B8A5146BBD3EC64A463
85CBDBA9EE6A990+EB6086CA3FF2ACE751D55EC5C6679D6AAE5B3349+FB4E78D82806D28AFB96CBB
525E60320FB81A06A.z". I'll try again soon.
-- 
  Ron Davis
  ron_davis at ftml.net

-- 
http://www.fastmail.fm - Accessible with your email software
                          or over the web


From phobos at rootme.org  Sat Jan  7 04:53:03 2006
From: phobos at rootme.org (phobos at rootme.org)
Date: Fri, 6 Jan 2006 23:53:03 -0500
Subject: Warning message in v0.1.1.10-alpha
In-Reply-To: <1136598017.9167.251280614@webmail.messagingengine.com>
References: <1136598017.9167.251280614@webmail.messagingengine.com>
Message-ID: <20060107045303.GA10771@deimos>

On Sat, Jan 07, 2006 at 02:40:17AM +0100, ron_davis at ftml.net wrote 1.0K bytes in 33 lines about:
: Several times today, I saw a warning message like the one below. 
: 
: Any ideas?

	Yes, this is what happens when the proxy on port 80 continues to
	work, but the tor server itself has crashed.  Therefore, people
	trying to contact this server, "phobos", did get a response on
	my port 80 proxy, but not actually get a connection to the
	DirPort served up by tor itself.

	By the way, it's fixed and working again.


-- 
Andrew


From alexismanning at hotpop.com  Mon Jan  2 13:43:33 2006
From: alexismanning at hotpop.com (Alexis Manning)
Date: Mon, 2 Jan 2006 13:43:33 -0000
Subject: Dealing with bad Tor nodes
Message-ID: <004d01c60fa2$87d0e250$1901a8c0@fishtest>

I hit a lot of 404s because the path I'm going through has a knackered node.
Is there any way the client could automatically deduce bad nodes and stop
using them?  Sure, some 404s are going to be legit, but the majority won't
be.

Failing that, is there any easy way the client could try to repeat a request
using a different chain if a couple of 404s are returned in succession?

-- A.



From firefox-gen at walala.org  Sat Jan  7 21:02:11 2006
From: firefox-gen at walala.org (ADB)
Date: Sat, 07 Jan 2006 13:02:11 -0800
Subject: Warning message in v0.1.1.10-alpha
In-Reply-To: <1136598017.9167.251280614@webmail.messagingengine.com>
References: <1136598017.9167.251280614@webmail.messagingengine.com>
Message-ID: <43C02C53.2080806@walala.org>

I get that a lot too on winxp. I have no clue, but it doesn't seem to 
cause any issues that I can see.
~Andrew

Ron Davis wrote:

>Hi all,
>
>I'm running Tor v0.1.1.10-alpha in client mode on Win 98SE.
>
>Several times today, I saw a warning message like the one below. 
>
>Any ideas?
>
>Thanks,
>Ron
>
>
>Jan 07 02:20:06.450 [warn] connection_dir_client_reached_eof(): Received
>http st
>atus code 302 ("Found") from server '65.254.37.163:80' while fetching
>"/tor/serv
>er/fp/C76815FA912A6B2954B70DA4FF033902CC4F0650+C790983B7A75E52FBAA167A78795138F4
>00E8B18+CB82503D8E750F5486CE280DEC973221679C0F7F+D12BD550CCB17AB14211025655918C8
>2208E9BB0+D7BBC9D1B08AE5933B08A21610205940D697C8F2+D897181CBFB75B0DA3E90E81DD07D
>C11CD1CFC5A+DCC0984284410C322F94E08E422B1D641C7B715F+DE1462CB122675127C158E69B40
>3F52EDD30BC9F+E3B1360083D406A632F807D9CD67E93EAFFF4AEB+EB16E6B8A5146BBD3EC64A463
>85CBDBA9EE6A990+EB6086CA3FF2ACE751D55EC5C6679D6AAE5B3349+FB4E78D82806D28AFB96CBB
>525E60320FB81A06A.z". I'll try again soon.
>  
>


From eugen at leitl.org  Mon Jan  9 15:37:20 2006
From: eugen at leitl.org (Eugen Leitl)
Date: Mon, 9 Jan 2006 16:37:20 +0100
Subject: [selected.by.rael@rael-science.org: [rael-science] The great firewall of China]
Message-ID: <20060109153720.GA2247@leitl.org>


Source: bbc
http://news.bbc.co.uk/2/hi/programmes/click_online/4587622.stm




The great firewall of China


In the space of about a decade, China's tech 
development has raced ahead to catch up with some 
of the most advanced countries in the West. But 
there are still stark differences, finds Richard Taylor.

With a rapidly expanding online population, it is 
tempting to see China as hurtling full speed 
towards digital nirvana, but all is not quite what it seems.

Somewhere along the way the idea that the Chinese 
people should be allowed to inform and be informed appears to have been lost.

China is proof that the net can be developed and strangled all at once.

Being online here is a distinctly hit and miss 
experience - fine if you want to access mundane 
content, but try to get into anything considered 
even remotely sensitive by the government and it 
soon starts grinding to a halt.

I tried accessing the BBC News website but to no 
avail. A government official told me there must 
be what he called "a technical problem".

In truth, those "technical problems" are 
afflicting more and more information sites in 
China, for example the open source encyclopaedia 
Wikipedia, perhaps because it has fallen foul of 
the government's recent declaration that news and 
information in today's China should only be what 
it calls "healthy" and "in the public interest".

One official from the internet publishing 
department, Kuo Xiao Wei, admitted the 
authorities consider the net a mixed blessing.

He said it abounds with pornography and gambling 
sites, and while it can be a source of good 
information, it also carries with it the 
possibility of spreading rumour and misinformation.

"With 56 ethnic minorities, we can't risk one slandering another", he added.

-----
Amnesty International is aware of at least 64 
cyber dissidents who are imprisoned right now 
just for peacefully expressing their opinions 
online, whether it's on an e-mail or a website
Steve Ballinger, Amnesty International
-----

So Chinese netizens find themselves surfing in 
the shadow of the world's most sophisticated 
censorship machine, which is now more menacing than ever.

There is now an estimated 30,000-strong internet 
police force which, with the aid of 
Western-provided technology, is dedicated to monitoring websites and e-mails.

On a technical level the five gateways which 
connect China to the global internet filter 
traffic coming into and going out of the country.

Keyword blocking technology - much of it provided 
by western companies - is used to prevent access to offending sites.

Even the country's 110,000 internet caf?s are now 
highly regulated and state-licensed, and all are 
equipped with standard surveillance systems.

Self-censorship

Increasingly, though, the authorities are relying 
on individuals to censor themselves or risk harsh 
and well publicised penalties if they dare to challenge the establishment.

Steve Ballinger, of Amnesty International, says: 
"Amnesty International is aware of at least 64 
cyber dissidents who are imprisoned right now 
just for peacefully expressing their opinions 
online, whether it's on an e-mail or a website.

"Some of the offences they're accused of are 
signing an online petition, sending information 
to a foreign organisation, or disseminating information about the SARS virus."

Corporate China is also expected to play an 
active part in this self-censorship, keeping a close eye on content.

One website forum administrator was willing to 
talk to me, but did not want to be identified. 
Suffice to say, he is in no doubt what his job entails.

He said: "If you say anything against the 
government we've got to delete it, no exception, 
because it's a forum, it's a public place. If the 
government finds anything against them in the 
forum, that will jeopardise the company."

Finding a way

In spite of all this, many people here simply 
refuse to be cowed and they are finding some 
inventive ways to circumvent the restrictions.

The government doesn't know how to control the 
blog thing. Next year maybe they'll be able to 
but we'll find other ways of expressing ourselves
Michael Anti, free speech campaigner
One simple and effective way is to turn to other 
forms of communication, like texting from mobiles 
and instant messaging, which have proved 
successful in distributing information quickly.

Blogging is also proving a hugely popular 
alternative to websites, for individuals to find self-expression.

SOME PUBLIC WEB-BASED CIRCUMVENTION SERVICES
The BBC is not responsible for the content of external websites
Michael Anti has long been campaigning for free 
speech. His blog is renowned as being one of 
China's true sources of information.

He believes the cat and mouse game between the 
government and its people is set to continue.

"The government doesn't know how to control the 
blog thing. Next year maybe they'll be able to 
but we'll find other ways of expressing ourselves."

Equipped with the right know-how, some Chinese 
are already using more sophisticated technologies 
to beat the authorities at their own game.

Advanced software for example allows users 
anonymously to redirect their internet activity 
through a third-party computer known as a proxy 
server, which is out of reach of the Chinese authorities.

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820            http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20060109/16f0c80e/attachment.pgp>

From nogard_is_here at sbcglobal.net  Tue Jan 10 04:42:31 2006
From: nogard_is_here at sbcglobal.net (Ernie)
Date: Mon, 09 Jan 2006 23:42:31 -0500
Subject: Tor problems with Proxomiton and privoxy
Message-ID: <43C33B37.4040007@sbcglobal.net>

I have tor set up with proxomiton and privoxy. Every time I try to connect to a site, I get a message in the tor window that says, "[notice] tried for 60 seconds to get connection to [scrubbed]:80.Giving up." How can I fix this? I'm using tor version 0.1.0.16


From force44 at Safe-mail.net  Tue Jan 10 09:26:21 2006
From: force44 at Safe-mail.net (force44 at Safe-mail.net)
Date: Tue, 10 Jan 2006 04:26:21 -0500
Subject: Error messages in Tor
Message-ID: <N1-DRENCtrKpf@Safe-mail.net>

Hi everybody,

I receive regular error messages like these 2:

"Error writing router store to disk"
and
"Error replacing "[mypath]/cached-routers.new": File exists"
"Error replacing "[mypath]/cached-routers": File exists"
"Error replacing "[mypath]/cached-routers.new": Permission denied"


I am using WinXP...

Despite this, it seems that TOR is running well, using the last Alfa, and the last TorCP interface.

Thanks for your comments :)


From cwilson352 at cogeco.ca  Tue Jan 10 21:12:16 2006
From: cwilson352 at cogeco.ca (Wilson)
Date: Tue, 10 Jan 2006 16:12:16 -0500
Subject: New beta version of TorDNS
Message-ID: <43C42330.5070509@cogeco.ca>

Attempting to rectify the problem with TorDNS not always resolving 
hostnames when using the internet, TorDNS is now coded to hammer Tor 
resolve over socks function, making TorDNS a little more cpu intensive 
at times, but should insure better hostname to ip resolvements. The 
problem with using TorDNS and Tor to resolve hostnames to ip addresses 
(When TorDNS sometimes does not resolve them right away) is seemingly 
Tor itself, and not TorDNS. I encountered the same problem when using 
Tor_resolve, Tor would lose connection  and retry on a new circuit, 
while using TorDNS or Tor_resolve. It is due to broken resolve over 
socks functions on the exit nodes (From what I was told). Also, TorDNS 
v1.7 listens on address
127.1.2.3 instead of localhost. I hope this has fixed the problem with 
windows users that do not
have a localhost interface (win2k i.e.). The webpage is below

http://sandos.ath.cx/~badger/tordns.html

C. Wilson


From arma at mit.edu  Wed Jan 11 05:12:55 2006
From: arma at mit.edu (Roger Dingledine)
Date: Wed, 11 Jan 2006 00:12:55 -0500
Subject: Tor 0.1.1.11-alpha is out
Message-ID: <20060111051255.GM15075@localhost.localdomain>

This is the eleventh development snapshot for the 0.1.1.x series.

This release implements entry guard nodes: it automatically chooses a
handful of entry nodes and sticks with them for all circuits. The logs
about entry guards are still pretty chatty, but hopefully that will help
us track down any problems. Please let us know whether it works for you.

The release also reduces directory bandwidth overhead substantially,
makes Tor servers with dynamic IP addresses useful again, and makes IRC
and IM connections over Tor more reliable.

Everybody who runs a hidden service should upgrade.

http://tor.eff.org/download.html

Changes in version 0.1.1.11-alpha - 2006-01-10
  o Crashes in 0.1.1.x:
    - Include all the assert/crash fixes from 0.1.0.16.
    - If you start Tor and then quit very quickly, there were some
      races that tried to free things that weren't allocated yet.
    - Fix a rare memory stomp if you're running hidden services.
    - Fix segfault when specifying DirServer in config without nickname.
    - Fix a seg fault when you finish connecting to a server but at
      that moment you dump his server descriptor.
    - Extendcircuit and Attachstream controller commands would
      assert/crash if you don't give them enough arguments.
    - Fix an assert error when we're out of space in the connection_list
      and we try to post a hidden service descriptor (reported by weasel).
    - If you specify a relative torrc path and you set RunAsDaemon in
      your torrc, then it chdir()'s to the new directory. If you HUP,
      it tries to load the new torrc location, fails, and exits.
      The fix: no longer allow a relative path to torrc using -f.

  o Major features:
    - Implement "entry guards": automatically choose a handful of entry
      nodes and stick with them for all circuits. Only pick new guards
      when the ones you have are unsuitable, and if the old guards
      become suitable again, switch back. This will increase security
      dramatically against certain end-point attacks. The EntryNodes
      config option now provides some hints about which entry guards you
      want to use most; and StrictEntryNodes means to only use those.
    - New directory logic: download by descriptor digest, not by
      fingerprint. Caches try to download all listed digests from
      authorities; clients try to download "best" digests from caches.
      This avoids partitioning and isolating attacks better.
    - Make the "stable" router flag in network-status be the median of
      the uptimes of running valid servers, and make clients pay
      attention to the network-status flags. Thus the cutoff adapts
      to the stability of the network as a whole, making IRC, IM, etc
      connections more reliable.

  o Major fixes:
    - Tor servers with dynamic IP addresses were needing to wait 18
      hours before they could start doing reachability testing using
      the new IP address and ports. This is because they were using
      the internal descriptor to learn what to test, yet they were only
      rebuilding the descriptor once they decided they were reachable.
    - Tor 0.1.1.9 and 0.1.1.10 had a serious bug that caused clients
      to download certain server descriptors, throw them away, and then
      fetch them again after 30 minutes. Now mirrors throw away these
      server descriptors so clients can't get them.
    - We were leaving duplicate connections to other ORs open for a week,
      rather than closing them once we detect a duplicate. This only
      really affected authdirservers, but it affected them a lot.
    - Spread the authdirservers' reachability testing over the entire
      testing interval, so we don't try to do 500 TLS's at once every
      20 minutes.

  o Minor fixes:
    - If the network is down, and we try to connect to a conn because
      we have a circuit in mind, and we timeout (30 seconds) because the
      network never answers, we were expiring the circuit, but we weren't
      obsoleting the connection or telling the entry_guards functions.
    - Some Tor servers process billions of cells per day. These statistics
      need to be uint64_t's.
    - Check for integer overflows in more places, when adding elements
      to smartlists. This could possibly prevent a buffer overflow
      on malicious huge inputs. I don't see any, but I haven't looked
      carefully.
    - ReachableAddresses kept growing new "reject *:*" lines on every
      setconf/reload.
    - When you "setconf log" via the controller, it should remove all
      logs. We were automatically adding back in a "log notice stdout".
    - Newly bootstrapped Tor networks couldn't establish hidden service
      circuits until they had nodes with high uptime. Be more tolerant.
    - We were marking servers down when they could not answer every piece
      of the directory request we sent them. This was far too harsh.
    - Fix the torify (tsocks) config file to not use Tor for localhost
      connections.
    - Directory authorities now go to the proper authority when asking for
      a networkstatus, even when they want a compressed one.
    - Fix a harmless bug that was causing Tor servers to log
      "Got an end because of misc error, but we're not an AP. Closing."
    - Authorities were treating their own descriptor changes as cosmetic,
      meaning the descriptor available in the network-status and the
      descriptor that clients downloaded were different.
    - The OS X installer was adding a symlink for tor_resolve but
      the binary was called tor-resolve (reported by Thomas Hardly).
    - Workaround a problem with some http proxies where they refuse GET
      requests that specify "Content-Length: 0" (reported by Adrian).
    - Fix wrong log message when you add a "HiddenServiceNodes" config
      line without any HiddenServiceDir line (reported by Chris Thomas).

  o Minor features:
    - Write the TorVersion into the state file so we have a prayer of
      keeping forward and backward compatibility.
    - Revive the FascistFirewall config option rather than eliminating it:
      now it's a synonym for ReachableAddresses *:80,*:443.
    - Clients choose directory servers from the network status lists,
      not from their internal list of router descriptors. Now they can
      go to caches directly rather than needing to go to authorities
      to bootstrap.
    - Directory authorities ignore router descriptors that have only
      cosmetic differences: do this for 0.1.0.x servers now too.
    - Add a new flag to network-status indicating whether the server
      can answer v2 directory requests too.
    - Authdirs now stop whining so loudly about bad descriptors that
      they fetch from other dirservers. So when there's a log complaint,
      it's for sure from a freshly uploaded descriptor.
    - Reduce memory requirements in our structs by changing the order
      of fields.
    - There used to be two ways to specify your listening ports in a
      server descriptor: on the "router" line and with a separate "ports"
      line. Remove support for the "ports" line.
    - New config option "AuthDirRejectUnlisted" for auth dirservers as
      a panic button: if we get flooded with unusable servers we can
      revert to only listing servers in the approved-routers file.
    - Auth dir servers can now mark a fingerprint as "!reject" or
      "!invalid" in the approved-routers file (as its nickname), to
      refuse descriptors outright or include them but marked as invalid.
    - Servers store bandwidth history across restarts/crashes.
    - Add reasons to DESTROY and RELAY_TRUNCATED cells, so clients can
      get a better idea of why their circuits failed. Not used yet.
    - Directory mirrors now cache up to 16 unrecognized network-status
      docs. Now we can add new authdirservers and they'll be cached too.
    - When picking a random directory, prefer non-authorities if any
      are known.
    - New controller option "getinfo desc/all-recent" to fetch the
      latest server descriptor for every router that Tor knows about.


From cwilson352 at cogeco.ca  Thu Jan 12 05:17:29 2006
From: cwilson352 at cogeco.ca (Wilson)
Date: Thu, 12 Jan 2006 00:17:29 -0500
Subject: TorDNS beta 2 release
Message-ID: <43C5E669.4040109@cogeco.ca>

Sorry for all the new versions everybody, I will find a major bug in the 
program the next day after a new release. TorDNS beta 2 website link below:

http://sandos.ath.cx/~badger/tordns.html


From arma at mit.edu  Thu Jan 12 05:32:10 2006
From: arma at mit.edu (Roger Dingledine)
Date: Thu, 12 Jan 2006 00:32:10 -0500
Subject: Tor 0.1.1.12-alpha is out
Message-ID: <20060112053209.GQ15075@localhost.localdomain>

This is the twelfth development snapshot for the 0.1.1.x series.

It fixes a bug that prevented Tor servers from accepting connections
from non-servers. If you run a server, you should use this release rather
than 0.1.1.11-alpha.

http://tor.eff.org/download.html

Changes in version 0.1.1.12-alpha - 2006-01-11
  o Bugfixes on 0.1.1.x:
    - The fix to close duplicate server connections was closing all
      Tor client connections if they didn't establish a circuit
      quickly enough. Oops.
    - Fix minor memory issue (double-free) that happened on exit.

  o Bugfixes on 0.1.0.x:
    - Tor didn't warn when it failed to open a log file.


From moses.mason at gmail.com  Thu Jan 12 15:12:16 2006
From: moses.mason at gmail.com (Moses)
Date: Thu, 12 Jan 2006 23:12:16 +0800
Subject: Tor 0.1.1.12-alpha is out
In-Reply-To: <20060112053209.GQ15075@localhost.localdomain>
References: <20060112053209.GQ15075@localhost.localdomain>
Message-ID: <87bcf3800601120712o7ab776f0ye26c73041a570646@mail.gmail.com>

Thank you for your work :)

BTW: Where's your PGP key?


On 1/12/06, Roger Dingledine <arma at mit.edu> wrote:
> This is the twelfth development snapshot for the 0.1.1.x series.
>
> It fixes a bug that prevented Tor servers from accepting connections
> from non-servers. If you run a server, you should use this release rather
> than 0.1.1.11-alpha.
>
> http://tor.eff.org/download.html
>
> Changes in version 0.1.1.12-alpha - 2006-01-11
>   o Bugfixes on 0.1.1.x:
>     - The fix to close duplicate server connections was closing all
>       Tor client connections if they didn't establish a circuit
>       quickly enough. Oops.
>     - Fix minor memory issue (double-free) that happened on exit.
>
>   o Bugfixes on 0.1.0.x:
>     - Tor didn't warn when it failed to open a log file.
>
>


--
"I may not agree with what you say but I will defend to the death your
right to say it"


From goodell at eecs.harvard.edu  Thu Jan 12 16:02:37 2006
From: goodell at eecs.harvard.edu (Geoffrey Goodell)
Date: Thu, 12 Jan 2006 11:02:37 -0500
Subject: migrating exit.pl from serifos:8000 to serifos:80
Message-ID: <20060112160237.GG2367@eecs.harvard.edu>

In an effort to simplify and consolidate my computing infrastructure, I
am collapsing the two web servers running on serifos.eecs.harvard.edu
into a single web server.  Effective immediately,
serifos.eecs.harvard.edu:8000 is deprecated in favor of
serifos.eecs.harvard.edu:80.  Please migrate your links and automated
scripts for harvesting content on serifos.eecs.harvard.edu:8000.

In particular, the following URL:

http://serifos.eecs.harvard.edu:8000/cgi-bin/exit.pl

is deprecated in favor of:

http://serifos.eecs.harvard.edu/cgi-bin/exit.pl

For now, both URLs work.  I plan to disable the server on port 8000 one
week from today, 19 Jaunary 2006.

Thank you for understanding, and I apologize for the inconvenience.

Geoff
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20060112/57546f27/attachment.pgp>

From numE at onionizer.de  Mon Jan  2 13:46:09 2006
From: numE at onionizer.de (numE)
Date: Mon, 02 Jan 2006 14:46:09 +0100
Subject: Dealing with bad Tor nodes
In-Reply-To: <004d01c60fa2$87d0e250$1901a8c0@fishtest>
References: <004d01c60fa2$87d0e250$1901a8c0@fishtest>
Message-ID: <43B92EA1.4010905@onionizer.de>

A way to deal with this could be the following:

always build two node-chains and compare the results...
this could also help to detect nodes wich manipulate data....

Alexis Manning schrieb:
> I hit a lot of 404s because the path I'm going through has a knackered node.
> Is there any way the client could automatically deduce bad nodes and stop
> using them?  Sure, some 404s are going to be legit, but the majority won't
> be.
>
> Failing that, is there any easy way the client could try to repeat a request
> using a different chain if a couple of 404s are returned in succession?
>
> -- A.
>   


From glymr_darkmoon at ml1.net  Thu Jan 12 21:39:11 2006
From: glymr_darkmoon at ml1.net (Glymr Darkmoon)
Date: Thu, 12 Jan 2006 22:39:11 +0100
Subject: migrating exit.pl from serifos:8000 to serifos:80
In-Reply-To: <20060112160237.GG2367@eecs.harvard.edu>
References: <20060112160237.GG2367@eecs.harvard.edu>
Message-ID: <43C6CC7F.6060002@ml1.net>

Geoffrey Goodell wrote:

>In an effort to simplify and consolidate my computing infrastructure, I
>am collapsing the two web servers running on serifos.eecs.harvard.edu
>into a single web server.  Effective immediately,
>serifos.eecs.harvard.edu:8000 is deprecated in favor of
>serifos.eecs.harvard.edu:80.  Please migrate your links and automated
>scripts for harvesting content on serifos.eecs.harvard.edu:8000.
>
>In particular, the following URL:
>
>http://serifos.eecs.harvard.edu:8000/cgi-bin/exit.pl
>
>is deprecated in favor of:
>
>http://serifos.eecs.harvard.edu/cgi-bin/exit.pl
>
>For now, both URLs work.  I plan to disable the server on port 8000 one
>week from today, 19 Jaunary 2006.
>
>Thank you for understanding, and I apologize for the inconvenience.
>
>Geoff
>  
>
could you not simply create a redirector that pushes stuff from 8000 
onto 80... oh, i may me remembering incorrectly, but can't apache be 
told to listen on more than one port anyway? idk, sorry if i'm talking 
out my ass.


From goodell at eecs.harvard.edu  Thu Jan 12 21:46:40 2006
From: goodell at eecs.harvard.edu (Geoffrey Goodell)
Date: Thu, 12 Jan 2006 16:46:40 -0500
Subject: migrating exit.pl from serifos:8000 to serifos:80
In-Reply-To: <43C6CC7F.6060002@ml1.net>
References: <20060112160237.GG2367@eecs.harvard.edu> <43C6CC7F.6060002@ml1.net>
Message-ID: <20060112214640.GB10018@eecs.harvard.edu>

On Thu, Jan 12, 2006 at 10:39:11PM +0100, Glymr Darkmoon wrote:
> could you not simply create a redirector that pushes stuff from 8000 
> onto 80... oh, i may me remembering incorrectly, but can't apache be 
> told to listen on more than one port anyway? idk, sorry if i'm talking 
> out my ass.

Yes, of course, and this is in fact what I am doing right now.  But
ultimately I want port 8000 to be free for other purposes, and I do not
want my dependency on port 8000 to become a permanent tombstone in my
system as the result of an historical decision.

Geoff
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20060112/631d58c8/attachment.pgp>

From glymr_darkmoon at ml1.net  Thu Jan 12 21:54:00 2006
From: glymr_darkmoon at ml1.net (Glymr Darkmoon)
Date: Thu, 12 Jan 2006 22:54:00 +0100
Subject: migrating exit.pl from serifos:8000 to serifos:80
In-Reply-To: <20060112214640.GB10018@eecs.harvard.edu>
References: <20060112160237.GG2367@eecs.harvard.edu> <43C6CC7F.6060002@ml1.net> <20060112214640.GB10018@eecs.harvard.edu>
Message-ID: <43C6CFF8.1090106@ml1.net>

Geoffrey Goodell wrote:

>On Thu, Jan 12, 2006 at 10:39:11PM +0100, Glymr Darkmoon wrote:
>  
>
>>could you not simply create a redirector that pushes stuff from 8000 
>>onto 80... oh, i may me remembering incorrectly, but can't apache be 
>>told to listen on more than one port anyway? idk, sorry if i'm talking 
>>out my ass.
>>    
>>
>
>Yes, of course, and this is in fact what I am doing right now.  But
>ultimately I want port 8000 to be free for other purposes, and I do not
>want my dependency on port 8000 to become a permanent tombstone in my
>system as the result of an historical decision.
>
>Geoff
>  
>
ah, pardon my stupidity :/ yes of course, port 8000 being the port for 
shoutcast of course, for one example


From arma at mit.edu  Thu Jan 12 22:04:52 2006
From: arma at mit.edu (Roger Dingledine)
Date: Thu, 12 Jan 2006 17:04:52 -0500
Subject: Tor 0.1.1.12-alpha is out
In-Reply-To: <87bcf3800601120712o7ab776f0ye26c73041a570646@mail.gmail.com>
References: <20060112053209.GQ15075@localhost.localdomain> <87bcf3800601120712o7ab776f0ye26c73041a570646@mail.gmail.com>
Message-ID: <20060112220452.GH15157@localhost.localdomain>

On Thu, Jan 12, 2006 at 11:12:16PM +0800, Moses wrote:
> Thank you for your work :)
> 
> BTW: Where's your PGP key?

http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#DistSignatures

--Roger


From goodell at eecs.harvard.edu  Fri Jan 13 04:31:47 2006
From: goodell at eecs.harvard.edu (Geoffrey Goodell)
Date: Thu, 12 Jan 2006 23:31:47 -0500
Subject: using OzymanDNS to access Tor via DNS
Message-ID: <20060113043147.GB10646@eecs.harvard.edu>

Since we have been discussing ways for people with limited Internet
access to make use of Tor, I decided to run a service on one of my hosts
that provides a free gateway to Tor via OzymanDNS.  I posted a web page
about it here:

http://afs.eecs.harvard.edu/~goodell/blossom/tor-via-dns.html

Please check it out and send me comments.  Here is the overview:

Thanks to a nifty tool from Dan Kaminsky called OzymanDNS, we have
successfully constructed a gateway to the Tor network that allows an
arbitrary host to establish a secure connection to the Tor network even
if its upstream ISP filters all traffic except DNS requests. We provide
access to this gateway as a free service.

This means that if you and your laptop find yourselves in an environment
that forbids you from communicating with the Internet except to send and
receive DNS data, then you can still access network resources visible
via the Tor network. Performance is limited to a maximum of about 1.7
kB/s, which is comparable to the speed of a 14.4 kbps modem.

Thanks,

Geoff

[bcc]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20060112/537e7781/attachment.pgp>

From force44 at Safe-mail.net  Fri Jan 13 05:48:18 2006
From: force44 at Safe-mail.net (force44 at Safe-mail.net)
Date: Fri, 13 Jan 2006 00:48:18 -0500
Subject: Error messages in Tor
Message-ID: <N1-CbCe8SWIbq@Safe-mail.net>

Hi everybody,

I receive regular error messages :

"Error writing router store to disk"
"Error replacing "[mypath]/cached-routers.new": File exists"
"Error replacing "[mypath]/cached-routers": File exists"
"Error replacing "[mypath]/cached-routers.new": Permission denied"


I am using WinXP...

Despite this, it seems that TOR is running well, using the last Alfa, and
the last TorCP interface.

Thanks for your comments :)


From cwilson352 at cogeco.ca  Fri Jan 13 06:21:18 2006
From: cwilson352 at cogeco.ca (Wilson)
Date: Fri, 13 Jan 2006 01:21:18 -0500
Subject: TorDNS security issue resolved
Message-ID: <43C746DE.5070301@cogeco.ca>

I was watching my isp interfere with TorDNS. Was watching them do so 
four 3 or 4 weeks now.
When I would be using firefox to browse, once in a blue moon my isp name 
was found in the TorDNS log screen, and the website would not be 
resolved. The instructions for fixing this (I hope this will perminantly 
stop your isp from interfering with TorDNS on your windows box) can be found
on the TorDNS website under "READ THIS...".... Also, I have released 
TorDNS beta 4, hopefully I have fixed all the major bug issues. Website 
is below............

http://sandos.ath.cx/~badger/tordns.html


From tor at tracker.fire-world.de  Fri Jan 13 16:33:29 2006
From: tor at tracker.fire-world.de (Sebastian Wiesinger)
Date: Fri, 13 Jan 2006 17:33:29 +0100
Subject: Errors/Warnings in Tor 0.1.1.12-alpha
Message-ID: <20060113163329.GA7948@data.fire-world.de>

Hi,

I have the following warnings with the new alpha:

Jan 13 16:40:13.852 [notice] entry_guards_set_status_from_directory(): Entry guard 'err' is up in latest directories.
Jan 13 16:40:13.852 [notice] entry_guards_set_status_from_directory():     (5/5 entry guards are usable/new)
Jan 13 16:46:32.961 [warn] entry_guard_set_status(): Connection to entry guard 'err' failed. 4/5 entry guards usable/new.
Jan 13 16:55:29.450 [notice] entry_guards_set_status_from_directory(): Entry guard 'err' is up in latest directories.
Jan 13 16:55:29.450 [notice] entry_guards_set_status_from_directory():     (5/5 entry guards are usable/new)
Jan 13 16:58:17.412 [warn] entry_guard_set_status(): Connection to entry guard 'err' failed. 4/5 entry guards usable/new.
Jan 13 17:10:43.352 [notice] entry_guards_set_status_from_directory(): Entry guard 'err' is up in latest directories.
Jan 13 17:10:43.352 [notice] entry_guards_set_status_from_directory():     (5/5 entry guards are usable/new)
Jan 13 17:18:53.981 [notice] conn_close_if_marked(): Something wrong with your network connection? We tried to write 118784 bytes to addr [scrubbed] (fd 197, type OR, state 5) but timed out. (Marked at main.c:672)
Jan 13 17:26:24.616 [warn] entry_guard_set_status(): Connection to entry guard 'err' failed. 4/5 entry guards usable/new.

Is that something that should bother me?

"Something wrong with your network connection?"
No, surely not, tor was running fine here for months. :)


Regards,

Sebastian

-- 
GPG Key-ID: 0x76B79F20 (0x1B6034F476B79F20)
Wehret den Anfaengen: http://odem.org/informationsfreiheit/
'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE.
            -- Terry Pratchett, The Fifth Elephant


From listpost at bananasplit.info  Fri Jan 13 16:47:28 2006
From: listpost at bananasplit.info (Steve Crook)
Date: Fri, 13 Jan 2006 16:47:28 +0000
Subject: Errors/Warnings in Tor 0.1.1.12-alpha
In-Reply-To: <20060113163329.GA7948@data.fire-world.de>
References: <20060113163329.GA7948@data.fire-world.de>
Message-ID: <20060113164728.GA32394@bananasplit.info>

On Fri, Jan 13, 2006 at 05:33:29PM +0100, Sebastian Wiesinger wrote:
> Hi,
> 
> I have the following warnings with the new alpha:
> 
> Jan 13 16:40:13.852 [notice] entry_guards_set_status_from_directory(): Entry guard 'err' is up in latest directories.
> Jan 13 16:40:13.852 [notice] entry_guards_set_status_from_directory():     (5/5 entry guards are usable/new)
> Jan 13 16:46:32.961 [warn] entry_guard_set_status(): Connection to entry guard 'err' failed. 4/5 entry guards usable/new.
> Jan 13 16:55:29.450 [notice] entry_guards_set_status_from_directory(): Entry guard 'err' is up in latest directories.

Hi,

You might want to check out:-
http://wiki.noreply.org/noreply/TheOnionRouter/LogExplanations

I haven't documented many warnings yet, but that's one of them.  :)


From afpno69 at yahoo.se  Fri Jan 13 20:43:04 2006
From: afpno69 at yahoo.se (Player69)
Date: Fri, 13 Jan 2006 21:43:04 +0100 (CET)
Subject: Tor uninstaller for Mac OS X as requested
Message-ID: <20060113204304.73217.qmail@web25602.mail.ukl.yahoo.com>

I read here:
http://tor.eff.org/volunteer.html.en
that a Tor uninstaller for Mac OS X was wanted.
So I did one.
It's only a shell script but it will do the trick. :)
It removes all files specified here:
http://tor.eff.org/cvs/tor/doc/tor-doc-osx.html#uninstall

It would be great if somebody would like to try it out
and give me some feedback :)
http://www.kabo.nu/Tor_uninstall.command.zip


/Calle Kabo


From alexismanning at hotpop.com  Mon Jan  2 14:17:32 2006
From: alexismanning at hotpop.com (Alexis Manning)
Date: Mon, 2 Jan 2006 14:17:32 -0000
Subject: Dealing with bad Tor nodes
References: <004d01c60fa2$87d0e250$1901a8c0@fishtest> <43B92EA1.4010905@onionizer.de>
Message-ID: <007c01c60fa7$48292950$1901a8c0@fishtest>

> A way to deal with this could be the following:
>
> always build two node-chains and compare the results...
> this could also help to detect nodes wich manipulate data....

That's not a bad idea, but obviously you wouldn't want to do that on every
request.

Perhaps the client could do a restricted number of tests like this per day,
and perhaps test the exit nodes directly once a day or so when the client is
idle?

Currently I have to keep manually stopping and restarting Tor, which I find
quite aggravating.

-- A.



From eugen at leitl.org  Mon Jan 16 14:47:07 2006
From: eugen at leitl.org (Eugen Leitl)
Date: Mon, 16 Jan 2006 15:47:07 +0100
Subject: WIRED: Anonymity on a Disk
Message-ID: <20060116144707.GQ2301@leitl.org>


http://www.wired.com/news/technology/0,70017-0.html?tw=wn_tophead_1

By  Quinn Norton | Also by this reporter

WASHINGTON DC -- To many privacy geeks, it's the holy grail -- a totally anonymous and secure computer so easy to use you can hand it to your grandmother and send her off on her own to the local Starbucks.

That was the guiding principle for the members of kaos.theory security research

when they set out to put a secure crypto-heavy operating systems on a bootable CD: a disk that would offer the masses the same level of privacy available to security professionals, but with an easy user interface.

"If Granny's into trannies, and doesn't want her grandkids to know, she should be able to download without fear," says Taylor Banks, project leader.

It's a difficult problem, entailing a great deal of attention to both security details and usability issues. The group finally unveiled their finished product at the Shmoo Con hacker conference here Saturday, with mixed results.

Titled Anonym.OS, the system is a type of disk called a "live CD" -- meaning it's a complete solution for using a computer without touching the hard drive. Developers say Anonym.OS is likely the first live CD based on the security-heavy OpenBSD operating system.

OpenBSD running in secure mode is relatively rare among desktop users. So to keep from standing out, Anonym.OS leaves a deceptive network fingerprint. In everything from the way it actively reports itself to other computers, to matters of technical minutia such as TCP packet length, the system is designed to look like Windows XP SP1. "We considered part of what makes a system anonymous is looking like what is most popular, so you blend in with the crowd," explains project developer Adam Bregenzer of Super Light Industry.

Booting the CD, you are presented with a text based wizard-style list of questions to answer, one at a time, with defaults that will work for most users. Within a few moments, a fairly naive user can be up and running and connected to an open Wi-Fi point, if one is available.

Once you're running, you have a broad range of anonymity-protecting applications at your disposal.

But actually using the system can be a slow experience. Anonym.OS makes extensive use of Tor, the onion routing network that relies on an array of servers passing encrypted traffic to permit untraceable surfing. Sadly, Tor has recently suffered from user-base growth far outpacing the number of servers available to those users -- at last count there were only 419 servers worldwide. So Tor lags badly at times of heavy use.

Between Tor's problems, and some nagging performance issues on the disk itself, Banks concedes that the CD is not yet ready for the wide audience he hopes to someday serve. "Is Grandma really going to be able to use it today? I don't know. If she already uses the internet, yes."

Experts also say Anonym.OS may not solve the internet's most pressing issues, such as the notorious China problem: repressive governments that monitor their population's net access, and censor or jail citizens who speak out against the government.

Ethan Zuckerman, fellow with Harvard's Berkman Center for Internet and Society, works extensively with international bloggers and journalists, many of whom live under constant threat from their own governments. He see Anonym.OS as a blessing for some -- but not for those at the greatest risk.

"I think it's going to be tremendously useful for fairly sophisticated users when they are traveling, but where it may not be as effective as people would hope is in counties where the government is really seriously about locking down the net, constraining internet access," Zuckerman says.

Because most people in the developing world use the internet from shared desktop environments, services for them have to consider office place and cyber cafe-based computer situations. "Rebooting isn't often an option," explains Zuckerman, who would like to see anonymity solutions move toward minimally invasive strategies like the TorPark, a USB key that allows access to a Tor enabled browser without rebooting, and private proxies matched up one by one with dissidents.

But kaos.theory members say Anonym.OS is just the first step in making anonymity widely available. Future versions, they say, may run on a USB keychain. Additionally, they plan to implement Enigmail to allow encrypted e-mail for Thunderbird and Gaim Off The Record, which allows users to use instant messaging without their logs being tied to them.

David Del Torto, chief security officer of the non-profit CryptoRights group, says projects like Anonym.OS are heading in the right direction, but thinks the project overreaches by trying to be useful to everyone. "Grandmas are not the ones that need this right now.... My instincts tell me that it's a very small number of people (that can use Anonym.OS). You can't really solve this problem by simplifying the interface. It's almost impossible to anticipate everything a user can do to hurt themselves."


-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820            http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20060116/b5820215/attachment.pgp>

From y0himba at technolounge.org  Mon Jan 16 14:53:41 2006
From: y0himba at technolounge.org (y0himba)
Date: Mon, 16 Jan 2006 09:53:41 -0500
Subject: WIRED: Anonymity on a Disk
In-Reply-To: <20060116144707.GQ2301@leitl.org>
Message-ID: <005001c61aac$a499ae70$6400a8c0@y0himba>

You know what, you go to their web site, and it is the exact same web site
template my daughter uses.  That sends up flags right there.... 

-----Original Message-----
From: owner-or-talk at freehaven.net [mailto:owner-or-talk at freehaven.net] On
Behalf Of Eugen Leitl
Sent: Monday, January 16, 2006 9:47 AM
To: or-talk at freehaven.net
Cc: cypherpunks at al-qaeda.net
Subject: WIRED: Anonymity on a Disk


http://www.wired.com/news/technology/0,70017-0.html?tw=wn_tophead_1

By  Quinn Norton | Also by this reporter

WASHINGTON DC -- To many privacy geeks, it's the holy grail -- a totally
anonymous and secure computer so easy to use you can hand it to your
grandmother and send her off on her own to the local Starbucks.

That was the guiding principle for the members of kaos.theory security
research

when they set out to put a secure crypto-heavy operating systems on a
bootable CD: a disk that would offer the masses the same level of privacy
available to security professionals, but with an easy user interface.

"If Granny's into trannies, and doesn't want her grandkids to know, she
should be able to download without fear," says Taylor Banks, project leader.

It's a difficult problem, entailing a great deal of attention to both
security details and usability issues. The group finally unveiled their
finished product at the Shmoo Con hacker conference here Saturday, with
mixed results.

Titled Anonym.OS, the system is a type of disk called a "live CD" -- meaning
it's a complete solution for using a computer without touching the hard
drive. Developers say Anonym.OS is likely the first live CD based on the
security-heavy OpenBSD operating system.

OpenBSD running in secure mode is relatively rare among desktop users. So to
keep from standing out, Anonym.OS leaves a deceptive network fingerprint. In
everything from the way it actively reports itself to other computers, to
matters of technical minutia such as TCP packet length, the system is
designed to look like Windows XP SP1. "We considered part of what makes a
system anonymous is looking like what is most popular, so you blend in with
the crowd," explains project developer Adam Bregenzer of Super Light
Industry.

Booting the CD, you are presented with a text based wizard-style list of
questions to answer, one at a time, with defaults that will work for most
users. Within a few moments, a fairly naive user can be up and running and
connected to an open Wi-Fi point, if one is available.

Once you're running, you have a broad range of anonymity-protecting
applications at your disposal.

But actually using the system can be a slow experience. Anonym.OS makes
extensive use of Tor, the onion routing network that relies on an array of
servers passing encrypted traffic to permit untraceable surfing. Sadly, Tor
has recently suffered from user-base growth far outpacing the number of
servers available to those users -- at last count there were only 419
servers worldwide. So Tor lags badly at times of heavy use.

Between Tor's problems, and some nagging performance issues on the disk
itself, Banks concedes that the CD is not yet ready for the wide audience he
hopes to someday serve. "Is Grandma really going to be able to use it today?
I don't know. If she already uses the internet, yes."

Experts also say Anonym.OS may not solve the internet's most pressing
issues, such as the notorious China problem: repressive governments that
monitor their population's net access, and censor or jail citizens who speak
out against the government.

Ethan Zuckerman, fellow with Harvard's Berkman Center for Internet and
Society, works extensively with international bloggers and journalists, many
of whom live under constant threat from their own governments. He see
Anonym.OS as a blessing for some -- but not for those at the greatest risk.

"I think it's going to be tremendously useful for fairly sophisticated users
when they are traveling, but where it may not be as effective as people
would hope is in counties where the government is really seriously about
locking down the net, constraining internet access," Zuckerman says.

Because most people in the developing world use the internet from shared
desktop environments, services for them have to consider office place and
cyber cafe-based computer situations. "Rebooting isn't often an option,"
explains Zuckerman, who would like to see anonymity solutions move toward
minimally invasive strategies like the TorPark, a USB key that allows access
to a Tor enabled browser without rebooting, and private proxies matched up
one by one with dissidents.

But kaos.theory members say Anonym.OS is just the first step in making
anonymity widely available. Future versions, they say, may run on a USB
keychain. Additionally, they plan to implement Enigmail to allow encrypted
e-mail for Thunderbird and Gaim Off The Record, which allows users to use
instant messaging without their logs being tied to them.

David Del Torto, chief security officer of the non-profit CryptoRights
group, says projects like Anonym.OS are heading in the right direction, but
thinks the project overreaches by trying to be useful to everyone. "Grandmas
are not the ones that need this right now.... My instincts tell me that it's
a very small number of people (that can use Anonym.OS). You can't really
solve this problem by simplifying the interface. It's almost impossible to
anticipate everything a user can do to hurt themselves."


--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820            http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE


From y0himba at technolounge.org  Mon Jan 16 15:07:37 2006
From: y0himba at technolounge.org (y0himba)
Date: Mon, 16 Jan 2006 10:07:37 -0500
Subject: WIRED: Anonymity on a Disk
In-Reply-To: <20060116144707.GQ2301@leitl.org>
Message-ID: <005101c61aae$96f491c0$6400a8c0@y0himba>

Also, the file is not downloadable from Sourceforge.

-----Original Message-----
From: owner-or-talk at freehaven.net [mailto:owner-or-talk at freehaven.net] On
Behalf Of Eugen Leitl
Sent: Monday, January 16, 2006 9:47 AM
To: or-talk at freehaven.net
Cc: cypherpunks at al-qaeda.net
Subject: WIRED: Anonymity on a Disk


http://www.wired.com/news/technology/0,70017-0.html?tw=wn_tophead_1

By  Quinn Norton | Also by this reporter

WASHINGTON DC -- To many privacy geeks, it's the holy grail -- a totally
anonymous and secure computer so easy to use you can hand it to your
grandmother and send her off on her own to the local Starbucks.

That was the guiding principle for the members of kaos.theory security
research

when they set out to put a secure crypto-heavy operating systems on a
bootable CD: a disk that would offer the masses the same level of privacy
available to security professionals, but with an easy user interface.

"If Granny's into trannies, and doesn't want her grandkids to know, she
should be able to download without fear," says Taylor Banks, project leader.

It's a difficult problem, entailing a great deal of attention to both
security details and usability issues. The group finally unveiled their
finished product at the Shmoo Con hacker conference here Saturday, with
mixed results.

Titled Anonym.OS, the system is a type of disk called a "live CD" -- meaning
it's a complete solution for using a computer without touching the hard
drive. Developers say Anonym.OS is likely the first live CD based on the
security-heavy OpenBSD operating system.

OpenBSD running in secure mode is relatively rare among desktop users. So to
keep from standing out, Anonym.OS leaves a deceptive network fingerprint. In
everything from the way it actively reports itself to other computers, to
matters of technical minutia such as TCP packet length, the system is
designed to look like Windows XP SP1. "We considered part of what makes a
system anonymous is looking like what is most popular, so you blend in with
the crowd," explains project developer Adam Bregenzer of Super Light
Industry.

Booting the CD, you are presented with a text based wizard-style list of
questions to answer, one at a time, with defaults that will work for most
users. Within a few moments, a fairly naive user can be up and running and
connected to an open Wi-Fi point, if one is available.

Once you're running, you have a broad range of anonymity-protecting
applications at your disposal.

But actually using the system can be a slow experience. Anonym.OS makes
extensive use of Tor, the onion routing network that relies on an array of
servers passing encrypted traffic to permit untraceable surfing. Sadly, Tor
has recently suffered from user-base growth far outpacing the number of
servers available to those users -- at last count there were only 419
servers worldwide. So Tor lags badly at times of heavy use.

Between Tor's problems, and some nagging performance issues on the disk
itself, Banks concedes that the CD is not yet ready for the wide audience he
hopes to someday serve. "Is Grandma really going to be able to use it today?
I don't know. If she already uses the internet, yes."

Experts also say Anonym.OS may not solve the internet's most pressing
issues, such as the notorious China problem: repressive governments that
monitor their population's net access, and censor or jail citizens who speak
out against the government.

Ethan Zuckerman, fellow with Harvard's Berkman Center for Internet and
Society, works extensively with international bloggers and journalists, many
of whom live under constant threat from their own governments. He see
Anonym.OS as a blessing for some -- but not for those at the greatest risk.

"I think it's going to be tremendously useful for fairly sophisticated users
when they are traveling, but where it may not be as effective as people
would hope is in counties where the government is really seriously about
locking down the net, constraining internet access," Zuckerman says.

Because most people in the developing world use the internet from shared
desktop environments, services for them have to consider office place and
cyber cafe-based computer situations. "Rebooting isn't often an option,"
explains Zuckerman, who would like to see anonymity solutions move toward
minimally invasive strategies like the TorPark, a USB key that allows access
to a Tor enabled browser without rebooting, and private proxies matched up
one by one with dissidents.

But kaos.theory members say Anonym.OS is just the first step in making
anonymity widely available. Future versions, they say, may run on a USB
keychain. Additionally, they plan to implement Enigmail to allow encrypted
e-mail for Thunderbird and Gaim Off The Record, which allows users to use
instant messaging without their logs being tied to them.

David Del Torto, chief security officer of the non-profit CryptoRights
group, says projects like Anonym.OS are heading in the right direction, but
thinks the project overreaches by trying to be useful to everyone. "Grandmas
are not the ones that need this right now.... My instincts tell me that it's
a very small number of people (that can use Anonym.OS). You can't really
solve this problem by simplifying the interface. It's almost impossible to
anticipate everything a user can do to hurt themselves."


--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820            http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE


From alok.mishra at imperial.ac.uk  Mon Jan 16 15:13:11 2006
From: alok.mishra at imperial.ac.uk (Alok Mishra)
Date: Mon, 16 Jan 2006 15:13:11 +0000
Subject: Tor reputation system
Message-ID: <43CBB807.2030809@imperial.ac.uk>

I was looking at the design paper on Tor. I was thinking that one 
problem with malicious node might be that they would advertise their 
services and when the directory servers  attempt to connect to them they 
reply fine but any other request is totally ignored. Since directory 
servers can't afford to  try passing traffic through so many nodes to 
ensure that they are functional, do we need some kind of a reputation 
mechanism that will collect evidence from each of the OPs that 
successfully (or not) can complete their transaction.




From nickm at freehaven.net  Mon Jan 16 19:36:44 2006
From: nickm at freehaven.net (Nick Mathewson)
Date: Mon, 16 Jan 2006 14:36:44 -0500
Subject: Tor reputation system
In-Reply-To: <43CBB807.2030809@imperial.ac.uk>
References: <43CBB807.2030809@imperial.ac.uk>
Message-ID: <20060116193644.GA3783@totoro.wangafu.net>

On Mon, Jan 16, 2006 at 03:13:11PM +0000, Alok Mishra wrote:
> I was looking at the design paper on Tor. I was thinking that one 
> problem with malicious node might be that they would advertise their 
> services and when the directory servers  attempt to connect to them they 
> reply fine but any other request is totally ignored.

Yes, this is a fine attack.  It's similar to some described in

  http://freehaven.net/anonbib/topic.html#mix-acc
  http://freehaven.net/anonbib/topic.html#casc-rep

Right now, though, we don't do anything to automate testing for
complex failure modes. 

-- 
Nick Mathewson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 652 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20060116/8e6637f4/attachment.pgp>

From digi_news at gmx.de  Tue Jan 17 10:33:15 2006
From: digi_news at gmx.de (Oliver Niesner)
Date: Tue, 17 Jan 2006 11:33:15 +0100
Subject: You think you can hide your ip?
Message-ID: <43CCC7EB.2090901@gmx.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

...not if you have java enabled check this out!

> http://www.inet-police.com/cgi-bin/env.cgi

Does anyone know a way to check sites for such applets?
Or is the only way to disable java, which surely breaks
some of our favorite sites :-/


Oliver
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org

iD8DBQFDzMfq724ZL5LNhNcRAutfAJ9pMcmqwDtFXG3OTYqTcJ5ttkaV3wCeJtwk
mAN1czrsiwKWGOo6/kucF3Q=
=4s2N
-----END PGP SIGNATURE-----


From listpost at bananasplit.info  Tue Jan 17 11:16:55 2006
From: listpost at bananasplit.info (Steve Crook)
Date: Tue, 17 Jan 2006 11:16:55 +0000
Subject: You think you can hide your ip?
In-Reply-To: <43CCC7EB.2090901@gmx.de>
References: <43CCC7EB.2090901@gmx.de>
Message-ID: <20060117111655.GA3236@bananasplit.info>

On Tue, Jan 17, 2006 at 11:33:15AM +0100, Oliver Niesner wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> ...not if you have java enabled check this out!
> 
> > http://www.inet-police.com/cgi-bin/env.cgi
> 
> Does anyone know a way to check sites for such applets?
> Or is the only way to disable java, which surely breaks
> some of our favorite sites :-/

Hi Oliver,

I use a combination of two Firefox plugins to gain granular control over
what scripts are allowed to run.

First of all, NoScript is a good tool for blocking all scripts by
default.  It then allows me to whitelist specific url's where I have
confidence in the source.

The other tool I use is Adblock which allows me to blacklist any
component on a webpage.  This is useful for all those sites where the
content is in plain html put there are advertising scripts all over the
place.  It supports basic regex so I can (for example) blacklist any
link that contains 'doubleclick'.

I'm sure there are plenty of other scripts doing similar jobs, but these
two happen to coexist quite happily in my experience.  Running them
along side SwitchProxy also doesn't cause me any issues.

HTH


From or at inbox.org  Tue Jan 17 11:19:13 2006
From: or at inbox.org (Anthony DiPierro)
Date: Tue, 17 Jan 2006 06:19:13 -0500
Subject: You think you can hide your ip?
In-Reply-To: <43CCC7EB.2090901@gmx.de>
References: <43CCC7EB.2090901@gmx.de>
Message-ID: <71cd4dd90601170319q7eec28dchd1c5905a7e9d0145@mail.gmail.com>

On 1/17/06, Oliver Niesner <digi_news at gmx.de> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> ...not if you have java enabled check this out!
>
> > http://www.inet-police.com/cgi-bin/env.cgi
>
> Does anyone know a way to check sites for such applets?
> Or is the only way to disable java, which surely breaks
> some of our favorite sites :-/
>
>
> Oliver

I'm assuming what is being done is that java is being used to connect
back to the site - this will reveal the IP address because java
doesn't go through the proxy.

I looked really quickly, and there doesn't seem to be an easy way to
disable just this one java feature (to make TCP connections) without
disabling java completely (at least not on firefox, there *might* be a
way to do it on IE which has differing java security levels, but I
didn't really look into it because I don't really use IE with tor).

Another option would be some sort of restrictive firewall.  There is
software for Unix and Windows that can restrict the ability to make
connections on a program by program basis.  Limit connections only to
Tor and you know you won't make any leaks (this could be turned on and
off when switching Tor on and off).

Personally I have java on my firefox browser turned off, party for
security reasons and partly for performance reasons.  I've found it
really doesn't affect many sites that I use.  For those few sites it
does affect, I use IE.  Now that I think about it there is likely a
firefox extension which can easily turn java on and off (maybe even on
a site-by-site whitelist basis), though until Interactive Brokers
decides to support something other than IE (or someone else offers $1
stock trades) I'm kind of stuck.

I'm curious, what are the favorite sites you have which insist on
java?  The only one I really go to more than rarely is Yahoo Games,
and it's pretty obvious why they need java.  Now if only there were
enough sites which don't require javascript...


From maillist at piirakka.com  Tue Jan 17 11:24:14 2006
From: maillist at piirakka.com (M)
Date: Tue, 17 Jan 2006 13:24:14 +0200
Subject: You think you can hide your ip?
References: <43CCC7EB.2090901@gmx.de>
Message-ID: <002801c61b58$8c51a230$0a0aa8c0@none>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi
I'm transparently routing all traffic from my workstation to internet via
Tor, that solves the problem. I'm using Firefox, Privoxy and java is
enabled.


M



- ----- Original Message -----
From: "Oliver Niesner" <digi_news at gmx.de>
To: "or" <or-talk at freehaven.net>
Sent: Tuesday, January 17, 2006 12:33 PM
Subject: You think you can hide your ip?


>
> ...not if you have java enabled check this out!
>
>> http://www.inet-police.com/cgi-bin/env.cgi
>
> Does anyone know a way to check sites for such applets?
> Or is the only way to disable java, which surely breaks
> some of our favorite sites :-/
>
>
> Oliver
>
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32) - GPGrelay v0.959
Comment: GnuPT 2.7.2

iD8DBQFDzNPj6fSN8IKlpYoRAkAiAJkBpvnbKrjKpFMn+lCrxqihmyM/iACcDZkO
D8HLvKVHZTmrNy9uP9s0NyU=
=4doF
-----END PGP SIGNATURE-----


From cwilson352 at cogeco.ca  Tue Jan 17 13:47:52 2006
From: cwilson352 at cogeco.ca (Wilson)
Date: Tue, 17 Jan 2006 08:47:52 -0500
Subject: You think you can hide your ip?
In-Reply-To: <002801c61b58$8c51a230$0a0aa8c0@none>
References: <43CCC7EB.2090901@gmx.de> <002801c61b58$8c51a230$0a0aa8c0@none>
Message-ID: <43CCF588.8020109@cogeco.ca>

How the heck can you route all trafiic through Tor? I am wondering 
because I would like to do that myself.......


M wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi
> I'm transparently routing all traffic from my workstation to internet via
> Tor, that solves the problem. I'm using Firefox, Privoxy and java is
> enabled.
>
>
> M
>
>
>
> - ----- Original Message -----
> From: "Oliver Niesner" <digi_news at gmx.de>
> To: "or" <or-talk at freehaven.net>
> Sent: Tuesday, January 17, 2006 12:33 PM
> Subject: You think you can hide your ip?
>
>
>>
>> ...not if you have java enabled check this out!
>>
>>> http://www.inet-police.com/cgi-bin/env.cgi
>>
>>
>> Does anyone know a way to check sites for such applets?
>> Or is the only way to disable java, which surely breaks
>> some of our favorite sites :-/
>>
>>
>> Oliver
>>
>>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (MingW32) - GPGrelay v0.959
> Comment: GnuPT 2.7.2
>
> iD8DBQFDzNPj6fSN8IKlpYoRAkAiAJkBpvnbKrjKpFMn+lCrxqihmyM/iACcDZkO
> D8HLvKVHZTmrNy9uP9s0NyU=
> =4doF
> -----END PGP SIGNATURE-----
>


From arma at mit.edu  Mon Jan  2 14:28:30 2006
From: arma at mit.edu (Roger Dingledine)
Date: Mon, 2 Jan 2006 09:28:30 -0500
Subject: Dealing with bad Tor nodes
In-Reply-To: <004d01c60fa2$87d0e250$1901a8c0@fishtest>
References: <004d01c60fa2$87d0e250$1901a8c0@fishtest>
Message-ID: <20060102142830.GA15157@localhost.localdomain>

On Mon, Jan 02, 2006 at 01:43:33PM -0000, Alexis Manning wrote:
> I hit a lot of 404s because the path I'm going through has a knackered node.

Upgrade to the latest 0.1.1.x-alpha and you should see some marked
improvement.

The upcoming 0.1.0.16 release has several backports from the 0.1.1.x
tree that should make it behave better too.

--Roger


From glymr_darkmoon at ml1.net  Tue Jan 17 14:05:00 2006
From: glymr_darkmoon at ml1.net (glymr)
Date: Wed, 18 Jan 2006 00:05:00 +1000
Subject: You think you can hide your ip?
In-Reply-To: <43CCF588.8020109@cogeco.ca>
References: <43CCC7EB.2090901@gmx.de> <002801c61b58$8c51a230$0a0aa8c0@none> <43CCF588.8020109@cogeco.ca>
Message-ID: <43CCF98C.2090805@ml1.net>

using a router box with iptables does the trick i believe

Wilson wrote:

> How the heck can you route all trafiic through Tor? I am wondering 
> because I would like to do that myself.......
>
>
> M wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Hi
>> I'm transparently routing all traffic from my workstation to internet 
>> via
>> Tor, that solves the problem. I'm using Firefox, Privoxy and java is
>> enabled.
>>
>>
>> M
>>
>>
>>
>> - ----- Original Message -----
>> From: "Oliver Niesner" <digi_news at gmx.de>
>> To: "or" <or-talk at freehaven.net>
>> Sent: Tuesday, January 17, 2006 12:33 PM
>> Subject: You think you can hide your ip?
>>
>>
>>>
>>> ...not if you have java enabled check this out!
>>>
>>>> http://www.inet-police.com/cgi-bin/env.cgi
>>>
>>>
>>>
>>> Does anyone know a way to check sites for such applets?
>>> Or is the only way to disable java, which surely breaks
>>> some of our favorite sites :-/
>>>
>>>
>>> Oliver
>>>
>>>
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.2 (MingW32) - GPGrelay v0.959
>> Comment: GnuPT 2.7.2
>>
>> iD8DBQFDzNPj6fSN8IKlpYoRAkAiAJkBpvnbKrjKpFMn+lCrxqihmyM/iACcDZkO
>> D8HLvKVHZTmrNy9uP9s0NyU=
>> =4doF
>> -----END PGP SIGNATURE-----
>>
>


From maillist at piirakka.com  Tue Jan 17 18:28:38 2006
From: maillist at piirakka.com (M)
Date: Tue, 17 Jan 2006 20:28:38 +0200
Subject: You think you can hide your ip?
References: <43CCC7EB.2090901@gmx.de> <002801c61b58$8c51a230$0a0aa8c0@none> <43CCF588.8020109@cogeco.ca>
Message-ID: <005b01c61b93$d5de5ca0$0a0aa8c0@none>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> How the heck can you route all trafiic through Tor? I am wondering because
> I would like to do that myself.......


You can do this by using a router box, iptables and some other software.


Found this from my sent emails (This isn't meant to be step-by-step howto,
just some pointers):

- --------------------------------------------------
I assume that you're familiar compiling stuff from source and so on...

First you must download and compile Dante, transocks needs some libraries
from it:
ftp://ftp.inet.no/pub/socks/dante-1.1.18.tar.gz
(the usual "tar xfvz dante-1.1.18.tar.gz && cd dante-1.1.18", read README
and INSTALL, "./configure && make && make install")

I compiled transsocks against dante-1.1.14, try that if 1.1.18 doesn't work
(transocks.c failed to compile against dante-1.1.15).

Download and compile transocks. I attached a simple patch by me to
transocks.c, it adds verbose option and some help, you can apply it by
"patch -p1 < transocks.patch" and when it asks a file to patch just type
path to transocks.c.
http://cvs.sourceforge.net/viewcvs.py/transocks/transocks/

Compile transocks by typing "make" and copy freshly compiled transocks to
/usr/local/sbin/.

Install iptables if you already dont have it.

Copy attached transocksify.sh to /usr/local/sbin/ and edit it to suit your
needs.

Edit /etc/socks.conf to look like following:

route {
       from: 0.0.0.0/0   to: 0.0.0.0/0   via: 192.168.10.1 port = 9050
       proxyprotocol: socks_v4
       method: none
       protocol: tcp
}

Edit /etc/tor/torrc, change

SocksBindAddress 127.0.0.1
to
SocksBindAddress routers_local_ip

where routers_local_ip is your routers nics local address (LAN), example
192.168.1.1.

Run /usr/local/sbin/transocks && /usr/local/sbin/transocksify.sh and test if
it works... I assume that you have working Tor installation.

If everything goes right I recommend that you install Privoxy and Squid for
http connections. I have following setup: for traffic going out to port 80
client -> squid -> privoxy -> tor, other ports are directed straight to Tor,
everything else is dropped. Privoxy filters out some bad javascript and
stuff that could break your privacy.
- ------------------------------------------------------

M
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32) - GPGrelay v0.959
Comment: GnuPT 2.7.2

iD8DBQFDzTdX6fSN8IKlpYoRAl6aAJ9+3Ts+xQfAjnBASKETLRYNQqWEvwCdGXnC
y+wCBH991arTI+QoflFj8rs=
=lowO
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: transocksify.sh
Type: application/octet-stream
Size: 920 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20060117/3db2fd04/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: transocksify.sh.asc
Type: application/octet-stream
Size: 226 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20060117/3db2fd04/attachment-0001.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: transocks.patch
Type: application/octet-stream
Size: 1066 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20060117/3db2fd04/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: transocks.patch.asc
Type: application/octet-stream
Size: 226 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20060117/3db2fd04/attachment-0003.obj>

From numE at onionizer.de  Tue Jan 17 18:37:33 2006
From: numE at onionizer.de (numE)
Date: Tue, 17 Jan 2006 19:37:33 +0100
Subject: You think you can hide your ip?
In-Reply-To: <005b01c61b93$d5de5ca0$0a0aa8c0@none>
References: <43CCC7EB.2090901@gmx.de> <002801c61b58$8c51a230$0a0aa8c0@none> <43CCF588.8020109@cogeco.ca> <005b01c61b93$d5de5ca0$0a0aa8c0@none>
Message-ID: <43CD396D.4040706@onionizer.de>

Why not building a small linux system image for one of those embedded
systems?
i suggested this before..

(just copied from one of my old mails)
--

for example:
http://www.pcengines.ch/wrap.htm
(it is a little embedded pc - quite cheap - form factor of a normal home
use router)
wireless mini-pci cards are optional - so it could be used as a wireless
access point, too.

the whole thing should be configurable via webinterface, like for example
the m0n0wall linux firewall (they also use the wrap hardware):
(see here: http://m0n0.ch/wall/ )

features should include:
- webadministration
- possibility to run as server, client, hidden service (forward to local
network)
- built in proxy
- ...
- independent trust system (external directory service or something)


(if the box images would be precompiled they could be more trustworthy,
of course sources should be availiable, too)

only a quick idea - you probably have even more ideas...
perhaps we should look at the m0n0wall project... i think there are some
ideas realized, which could
be used for a tor-in-a-box project, too:

quoute from m0n0wall:
" m0n0wall is probably *the first UNIX system that has its boot-time
configuration done with PHP*,
rather than the usual shell scripts, and that has *the entire system
configuration stored in XML format*."


--

M schrieb:
> >> How the heck can you route all trafiic through Tor? I am wondering
> because
> >> I would like to do that myself.......
>
>
> You can do this by using a router box, iptables and some other software.
>
>
> Found this from my sent emails (This isn't meant to be step-by-step howto,
> just some pointers):
>
> --------------------------------------------------
> I assume that you're familiar compiling stuff from source and so on...
>
> First you must download and compile Dante, transocks needs some libraries
> from it:
> ftp://ftp.inet.no/pub/socks/dante-1.1.18.tar.gz
> (the usual "tar xfvz dante-1.1.18.tar.gz && cd dante-1.1.18", read README
> and INSTALL, "./configure && make && make install")
>
> I compiled transsocks against dante-1.1.14, try that if 1.1.18 doesn't
> work
> (transocks.c failed to compile against dante-1.1.15).
>
> Download and compile transocks. I attached a simple patch by me to
> transocks.c, it adds verbose option and some help, you can apply it by
> "patch -p1 < transocks.patch" and when it asks a file to patch just type
> path to transocks.c.
> http://cvs.sourceforge.net/viewcvs.py/transocks/transocks/
>
> Compile transocks by typing "make" and copy freshly compiled transocks to
> /usr/local/sbin/.
>
> Install iptables if you already dont have it.
>
> Copy attached transocksify.sh to /usr/local/sbin/ and edit it to suit your
> needs.
>
> Edit /etc/socks.conf to look like following:
>
> route {
>       from: 0.0.0.0/0   to: 0.0.0.0/0   via: 192.168.10.1 port = 9050
>       proxyprotocol: socks_v4
>       method: none
>       protocol: tcp
> }
>
> Edit /etc/tor/torrc, change
>
> SocksBindAddress 127.0.0.1
> to
> SocksBindAddress routers_local_ip
>
> where routers_local_ip is your routers nics local address (LAN), example
> 192.168.1.1.
>
> Run /usr/local/sbin/transocks && /usr/local/sbin/transocksify.sh and
> test if
> it works... I assume that you have working Tor installation.
>
> If everything goes right I recommend that you install Privoxy and
> Squid for
> http connections. I have following setup: for traffic going out to port 80
> client -> squid -> privoxy -> tor, other ports are directed straight
> to Tor,
> everything else is dropped. Privoxy filters out some bad javascript and
> stuff that could break your privacy.
> ------------------------------------------------------
>
> M



From firefox-gen at walala.org  Tue Jan 17 20:23:58 2006
From: firefox-gen at walala.org (A. Bourdon)
Date: Tue, 17 Jan 2006 12:23:58 -0800
Subject: You think you can hide your ip?
In-Reply-To: <43CCC7EB.2090901@gmx.de>
References: <43CCC7EB.2090901@gmx.de>
Message-ID: <20060117122358.waf1czq1jdce80so@libertarianactivism.com>

The wiki talks about solving this problem with the Firefox NoScript 
extension. I
should know, because I wrote it ;D

~ADB


Quoting Oliver Niesner <digi_news at gmx.de>:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> ...not if you have java enabled check this out!
>
>> http://www.inet-police.com/cgi-bin/env.cgi
>
> Does anyone know a way to check sites for such applets?
> Or is the only way to disable java, which surely breaks
> some of our favorite sites :-/
>
>
> Oliver
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.6 (GNU/Linux)
> Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org
>
> iD8DBQFDzMfq724ZL5LNhNcRAutfAJ9pMcmqwDtFXG3OTYqTcJ5ttkaV3wCeJtwk
> mAN1czrsiwKWGOo6/kucF3Q=
> =4s2N
> -----END PGP SIGNATURE-----
>




From zorba at pavlovian.net  Tue Jan 17 18:24:49 2006
From: zorba at pavlovian.net (Ben Wilhelm)
Date: Tue, 17 Jan 2006 10:24:49 -0800
Subject: You think you can hide your ip?
In-Reply-To: <71cd4dd90601170319q7eec28dchd1c5905a7e9d0145@mail.gmail.com>
References: <43CCC7EB.2090901@gmx.de> <71cd4dd90601170319q7eec28dchd1c5905a7e9d0145@mail.gmail.com>
Message-ID: <43CD3671.7060505@pavlovian.net>

Anthony DiPierro wrote:
> Another option would be some sort of restrictive firewall.  There is
> software for Unix and Windows that can restrict the ability to make
> connections on a program by program basis.  Limit connections only to
> Tor and you know you won't make any leaks (this could be turned on and
> off when switching Tor on and off).

I've got my home network set up so that my "Tor-browsing box" simply 
isn't allowed to go out to the internet. I've got a second computer that 
runs Tor, and *it's* allowed to connect out. The browsing box has to 
connect through it to get to the Internet in any way, which leaves me 
neatly immune to the whole thing.

-Ben


From firefox-gen at walala.org  Tue Jan 17 23:35:22 2006
From: firefox-gen at walala.org (Andrew Bourdon)
Date: Tue, 17 Jan 2006 18:35:22 -0500
Subject: Stop the Patriot Act Expansion
Message-ID: <200601172335.k0HNZMAu005345@action.downsizedc.org>

Stop the Patriot Act Expansion

Dear friend,

Congress is on the verge of expanding police-state powers, and making permanent others, under a new version of the Patriot Act. Please send Congress a message opposing this by clicking here:  http://action.downsizedc.org/wyc.php?cid=31

Let's fire up the Patriot act resistance bandwagon yet again! 

Come to DownsizeDC.org to learn more:
http://action.downsizedc.org/wyc.php?cid=31


From arrakistor at gmail.com  Tue Jan 17 23:14:30 2006
From: arrakistor at gmail.com (Arrakistor)
Date: Tue, 17 Jan 2006 17:14:30 -0600
Subject: Stop the Patriot Act Expansion
In-Reply-To: <200601172335.k0HNZMAu005345@action.downsizedc.org>
References: <200601172335.k0HNZMAu005345@action.downsizedc.org>
Message-ID: <181994365.20060117171430@gmail.com>

Thank you Alex Jones!


> Stop the Patriot Act Expansion

> Dear friend,

> Congress is on the verge of expanding police-state powers, and
> making permanent others, under a new version of the Patriot Act.
> Please send Congress a message opposing this by clicking here: 
> http://action.downsizedc.org/wyc.php?cid=31

> Let's fire up the Patriot act resistance bandwagon yet again! 

> Come to DownsizeDC.org to learn more:
> http://action.downsizedc.org/wyc.php?cid=31



-- 
Best regards,
 Arrakistor                            mailto:arrakistor at gmail.com


From cwilson352 at cogeco.ca  Wed Jan 18 00:11:16 2006
From: cwilson352 at cogeco.ca (Wilson)
Date: Tue, 17 Jan 2006 19:11:16 -0500
Subject: You think you can hide your ip?
In-Reply-To: <005b01c61b93$d5de5ca0$0a0aa8c0@none>
References: <43CCC7EB.2090901@gmx.de> <002801c61b58$8c51a230$0a0aa8c0@none> <43CCF588.8020109@cogeco.ca> <005b01c61b93$d5de5ca0$0a0aa8c0@none>
Message-ID: <43CD87A4.9010901@cogeco.ca>

Thanks for the info M, but I am running windows ..... what you described 
looked like it was for linux or something........Very interesting though :)

M wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>> How the heck can you route all trafiic through Tor? I am wondering 
>> because
>> I would like to do that myself.......
>
>
>
> You can do this by using a router box, iptables and some other software.
>
>
> Found this from my sent emails (This isn't meant to be step-by-step 
> howto,
> just some pointers):
>
> - --------------------------------------------------
> I assume that you're familiar compiling stuff from source and so on...
>
> First you must download and compile Dante, transocks needs some libraries
> from it:
> ftp://ftp.inet.no/pub/socks/dante-1.1.18.tar.gz
> (the usual "tar xfvz dante-1.1.18.tar.gz && cd dante-1.1.18", read README
> and INSTALL, "./configure && make && make install")
>
> I compiled transsocks against dante-1.1.14, try that if 1.1.18 doesn't 
> work
> (transocks.c failed to compile against dante-1.1.15).
>
> Download and compile transocks. I attached a simple patch by me to
> transocks.c, it adds verbose option and some help, you can apply it by
> "patch -p1 < transocks.patch" and when it asks a file to patch just type
> path to transocks.c.
> http://cvs.sourceforge.net/viewcvs.py/transocks/transocks/
>
> Compile transocks by typing "make" and copy freshly compiled transocks to
> /usr/local/sbin/.
>
> Install iptables if you already dont have it.
>
> Copy attached transocksify.sh to /usr/local/sbin/ and edit it to suit 
> your
> needs.
>
> Edit /etc/socks.conf to look like following:
>
> route {
>       from: 0.0.0.0/0   to: 0.0.0.0/0   via: 192.168.10.1 port = 9050
>       proxyprotocol: socks_v4
>       method: none
>       protocol: tcp
> }
>
> Edit /etc/tor/torrc, change
>
> SocksBindAddress 127.0.0.1
> to
> SocksBindAddress routers_local_ip
>
> where routers_local_ip is your routers nics local address (LAN), example
> 192.168.1.1.
>
> Run /usr/local/sbin/transocks && /usr/local/sbin/transocksify.sh and 
> test if
> it works... I assume that you have working Tor installation.
>
> If everything goes right I recommend that you install Privoxy and 
> Squid for
> http connections. I have following setup: for traffic going out to 
> port 80
> client -> squid -> privoxy -> tor, other ports are directed straight 
> to Tor,
> everything else is dropped. Privoxy filters out some bad javascript and
> stuff that could break your privacy.
> - ------------------------------------------------------
>
> M
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (MingW32) - GPGrelay v0.959
> Comment: GnuPT 2.7.2
>
> iD8DBQFDzTdX6fSN8IKlpYoRAl6aAJ9+3Ts+xQfAjnBASKETLRYNQqWEvwCdGXnC
> y+wCBH991arTI+QoflFj8rs=
> =lowO
> -----END PGP SIGNATURE-----



From firefox-gen at walala.org  Wed Jan 18 05:09:45 2006
From: firefox-gen at walala.org (A. Bourdon)
Date: Tue, 17 Jan 2006 21:09:45 -0800
Subject: Stop the Patriot Act Expansion
In-Reply-To: <181994365.20060117171430@gmail.com>
References: <200601172335.k0HNZMAu005345@action.downsizedc.org>
	<181994365.20060117171430@gmail.com>
Message-ID: <20060117210945.qhtqfhvi7rvcwoo0@libertarianactivism.com>

What does that freak have to do w/ anything? This is actually legit :D

~Andrew

Quoting Arrakistor <arrakistor at gmail.com>:

> Thank you Alex Jones!
>
>
>> Stop the Patriot Act Expansion
>
>> Dear friend,
>
>> Congress is on the verge of expanding police-state powers, and
>> making permanent others, under a new version of the Patriot Act.
>> Please send Congress a message opposing this by clicking here:
>> http://action.downsizedc.org/wyc.php?cid=31
>
>> Let's fire up the Patriot act resistance bandwagon yet again!
>
>> Come to DownsizeDC.org to learn more:
>> http://action.downsizedc.org/wyc.php?cid=31
>
>
>
> --
> Best regards,
> Arrakistor                            mailto:arrakistor at gmail.com
>
>




From w9osxbh02 at sneakemail.com  Wed Jan 18 09:15:51 2006
From: w9osxbh02 at sneakemail.com (w9osxbh02 at sneakemail.com)
Date: 18 Jan 2006 09:15:51 -0000
Subject: Anonym.OS
Message-ID: <6363-21942@sneakemail.com>

For those of you trying to download Anonym.OS from the Wired article, there's also the Bittorrent, which seems to work pretty quickly.

Mark


--------------------------------------
Protect yourself from spam, 
use http://sneakemail.com


From goodell at eecs.harvard.edu  Mon Jan  2 15:13:41 2006
From: goodell at eecs.harvard.edu (Geoffrey Goodell)
Date: Mon, 2 Jan 2006 10:13:41 -0500
Subject: benchmarking a node
In-Reply-To: <20060102123610.GK2235@leitl.org>
References: <20060102123610.GK2235@leitl.org>
Message-ID: <20060102151341.GO20671@eecs.harvard.edu>

On Mon, Jan 02, 2006 at 01:36:11PM +0100, Eugen Leitl wrote:
> Another question: as Tor alpha seems to crash regularly,
> will the keys/torrc be wiped if I do apt-get remove tor,
> to downgrade to the stable branch?

Issuing "apt-get remove tor" will not delete the tor configuration and
data files, but it would probably be easiest for you to just apt-get
install or dpkg -i the stable version of tor, which will automatically
perform the downgrade for you.

Geoff
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20060102/7412a103/attachment.pgp>

From maillist at piirakka.com  Wed Jan 18 11:10:03 2006
From: maillist at piirakka.com (M)
Date: Wed, 18 Jan 2006 13:10:03 +0200
Subject: You think you can hide your ip?
References: <43CCC7EB.2090901@gmx.de> <002801c61b58$8c51a230$0a0aa8c0@none> <43CCF588.8020109@cogeco.ca> <005b01c61b93$d5de5ca0$0a0aa8c0@none> <43CD87A4.9010901@cogeco.ca>
Message-ID: <001b01c61c1f$bba7ad50$0a0aa8c0@none>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yes, you need one computer which has Linux installed that acts as router and
firewall. Workstation with Windows is connected to internet through router
box that routes traffic transparently through Tor.

M



- ----- Original Message -----
From: "Wilson" <cwilson352 at cogeco.ca>
To: <or-talk at freehaven.net>
Sent: Wednesday, January 18, 2006 2:11 AM
Subject: Re: You think you can hide your ip?


> Thanks for the info M, but I am running windows ..... what you described
> looked like it was for linux or something........Very interesting though
> :)
>
> M wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>>> How the heck can you route all trafiic through Tor? I am wondering
>>> because
>>> I would like to do that myself.......
>>
>>
>>
>> You can do this by using a router box, iptables and some other software.
>>
>>
>> Found this from my sent emails (This isn't meant to be step-by-step
>> howto,
>> just some pointers):
>>
>> - --------------------------------------------------
>> I assume that you're familiar compiling stuff from source and so on...
>>
>> First you must download and compile Dante, transocks needs some libraries
>> from it:
>> ftp://ftp.inet.no/pub/socks/dante-1.1.18.tar.gz
>> (the usual "tar xfvz dante-1.1.18.tar.gz && cd dante-1.1.18", read README
>> and INSTALL, "./configure && make && make install")
>>
>> I compiled transsocks against dante-1.1.14, try that if 1.1.18 doesn't
>> work
>> (transocks.c failed to compile against dante-1.1.15).
>>
>> Download and compile transocks. I attached a simple patch by me to
>> transocks.c, it adds verbose option and some help, you can apply it by
>> "patch -p1 < transocks.patch" and when it asks a file to patch just type
>> path to transocks.c.
>> http://cvs.sourceforge.net/viewcvs.py/transocks/transocks/
>>
>> Compile transocks by typing "make" and copy freshly compiled transocks to
>> /usr/local/sbin/.
>>
>> Install iptables if you already dont have it.
>>
>> Copy attached transocksify.sh to /usr/local/sbin/ and edit it to suit
>> your
>> needs.
>>
>> Edit /etc/socks.conf to look like following:
>>
>> route {
>>       from: 0.0.0.0/0   to: 0.0.0.0/0   via: 192.168.10.1 port = 9050
>>       proxyprotocol: socks_v4
>>       method: none
>>       protocol: tcp
>> }
>>
>> Edit /etc/tor/torrc, change
>>
>> SocksBindAddress 127.0.0.1
>> to
>> SocksBindAddress routers_local_ip
>>
>> where routers_local_ip is your routers nics local address (LAN), example
>> 192.168.1.1.
>>
>> Run /usr/local/sbin/transocks && /usr/local/sbin/transocksify.sh and test
>> if
>> it works... I assume that you have working Tor installation.
>>
>> If everything goes right I recommend that you install Privoxy and Squid
>> for
>> http connections. I have following setup: for traffic going out to port
>> 80
>> client -> squid -> privoxy -> tor, other ports are directed straight to
>> Tor,
>> everything else is dropped. Privoxy filters out some bad javascript and
>> stuff that could break your privacy.
>> - ------------------------------------------------------
>>
>> M
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.2 (MingW32) - GPGrelay v0.959
>> Comment: GnuPT 2.7.2
>>
>> iD8DBQFDzTdX6fSN8IKlpYoRAl6aAJ9+3Ts+xQfAjnBASKETLRYNQqWEvwCdGXnC
>> y+wCBH991arTI+QoflFj8rs=
>> =lowO
>> -----END PGP SIGNATURE-----
>
>
>
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32) - GPGrelay v0.959
Comment: GnuPT 2.7.2

iD8DBQFDziIM6fSN8IKlpYoRAlz2AJ4onMBno72nTgkS4TtP2snZ2Y/8KgCfbU7d
BFwK9jD/MdHpJL3uST6kVd0=
=xU7h
-----END PGP SIGNATURE-----


From toruser at googlemail.com  Wed Jan 18 12:38:16 2006
From: toruser at googlemail.com (Tor User)
Date: Wed, 18 Jan 2006 04:38:16 -0800
Subject: Spam sent to contact address
Message-ID: <b09b80610601180438q56895fa1g82e64e4a98f078d7@mail.gmail.com>

I am running a tor server and publish a contact email address in a mangled
format, along the lines of  toruser-at-gmail-dot-com. I have received two
apparent spams to that address recenly. A somewhat surprising aspect is that
both contained just one random word and no other content. They were the only
two emails ever received at that address, and I have not published the
address anywhere (although google finds it at moria.seul.org:9031).

I am wondering whether to put this down to the incopetence of the
spammer(s), or whether there could be any possible reason for why they might
have wanted to send me content-free messages after going into the effort of
unscrambling the email address. I doubt they would have wanted to learn
anything from an automated bounce message (which they would expect to come
from gmail in any case) but cannot see any other explanation.

Do others also get spam to addresses published only through tor status, does
said spam look like the usual sort of spam, and can anyone think of an
explanation for the above? Many thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20060118/7958f364/attachment.htm>

From arrakistor at gmail.com  Wed Jan 18 13:48:11 2006
From: arrakistor at gmail.com (Arrakistor)
Date: Wed, 18 Jan 2006 07:48:11 -0600
Subject: Spam sent to contact address
In-Reply-To: <b09b80610601180438q56895fa1g82e64e4a98f078d7@mail.gmail.com>
References: <b09b80610601180438q56895fa1g82e64e4a98f078d7@mail.gmail.com>
Message-ID: <293990577.20060118074811@gmail.com>

Hello Tor User,

If there are html references to remote files inside, this would be a way to track you, because it would leave your IP in the access logs via your mail program.

ST

Wednesday, January 18, 2006, 6:38:16 AM, you wrote:

> I am running a tor server and publish a contact email address in a mangled
> format, along the lines of  toruser-at-gmail-dot-com. I have received two
> apparent spams to that address recenly. A somewhat surprising aspect is that
> both contained just one random word and no other content. They were the only
> two emails ever received at that address, and I have not published the
> address anywhere (although google finds it at moria.seul.org:9031).

> I am wondering whether to put this down to the incopetence of the
> spammer(s), or whether there could be any possible reason for why they might
> have wanted to send me content-free messages after going into the effort of
> unscrambling the email address. I doubt they would have wanted to learn
> anything from an automated bounce message (which they would expect to come
> from gmail in any case) but cannot see any other explanation.

> Do others also get spam to addresses published only through tor status, does
> said spam look like the usual sort of spam, and can anyone think of an
> explanation for the above? Many thanks.



-- 
Best regards,
 Arrakistor                            mailto:arrakistor at gmail.com


From toruser at googlemail.com  Wed Jan 18 14:38:50 2006
From: toruser at googlemail.com (Tor User)
Date: Wed, 18 Jan 2006 06:38:50 -0800
Subject: Spam sent to contact address
In-Reply-To: <293990577.20060118074811@gmail.com>
References: <b09b80610601180438q56895fa1g82e64e4a98f078d7@mail.gmail.com>
	 <293990577.20060118074811@gmail.com>
Message-ID: <b09b80610601180638m5f7cfd34t55b08e871f8bf795@mail.gmail.com>

On 1/18/06, Arrakistor <arrakistor at gmail.com> wrote:
>
> Hello Tor User,
>
> If there are html references to remote files inside, this would be a way
> to track you, because it would leave your IP in the access logs via your
> mail program.
>

Yes, that would certainly be possible in principle but i) both spams are
plain-text only, and ii) it is already easy to find the IP address of my tor
server based on the contact address (just scan through all few hundred known
tor servers, conveniently listed e.g. at
http://serifos.eecs.harvard.edu/cgi-bin/exit.pl?sorbw=1&addr=1 ).

I am not at all worried, which is just as well given the amount of other
spam I get :-) I am, however, puzzled as to why anyone would bother to go
into a non-trivial amount of effort to decipher the email address, only to
then use it to send a meaningless one-word message.  I suppose an
explanation might be that the process of harvesting mildly obfuscated email
addresses from the web has been automated and the resulting email addresses
were then used by an utterly incompetent spammer. Another possibility might
be that the spammer had a list of harvested emails not all of which were
necessarily converted correctly from whatever form of obfuscation was used.
It would then make sense for them to try to filter out invalid addresses
before selling the list on, although it is unclear why they would use a
one-word message rather than a real spam that they could have been paid for.
I suspect I will never know.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20060118/9789150a/attachment.htm>

From Christian.Kellermann at nefkom.net  Wed Jan 18 14:55:30 2006
From: Christian.Kellermann at nefkom.net (Christian Kellermann)
Date: Wed, 18 Jan 2006 15:55:30 +0100
Subject: Spam sent to contact address
In-Reply-To: <b09b80610601180438q56895fa1g82e64e4a98f078d7@mail.gmail.com>
References: <b09b80610601180438q56895fa1g82e64e4a98f078d7@mail.gmail.com>
Message-ID: <20060118145529.GC13704@hermes.my.domain>

Hi,

* Tor User <toruser at googlemail.com> [060118 13:41]:

> I am wondering whether to put this down to the incopetence of the
> spammer(s), or whether there could be any possible reason for why they might
> have wanted to send me content-free messages after going into the effort of
> unscrambling the email address. I doubt they would have wanted to learn
> anything from an automated bounce message (which they would expect to come
> from gmail in any case) but cannot see any other explanation.

I don't think this is related to tor. It seems someone harvested
your email address from the status page and send you some garbage. I
have seen this form of spam as a part of a multipart message where
the plain text is used to confuse Bayes filters.

Maybe the spammer misconfigured his tool.

Why would anyone send just a couple words? Because they can I
guess....

Cheers,

Christian

-- 
You may use my gpg key for replies:
pub  1024D/47F79788 2005/02/02 Christian Kellermann (C-Keen)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20060118/c74527ae/attachment.pgp>

From Christian.Kellermann at nefkom.net  Wed Jan 18 14:55:30 2006
From: Christian.Kellermann at nefkom.net (Christian Kellermann)
Date: Wed, 18 Jan 2006 15:55:30 +0100
Subject: Spam sent to contact address
In-Reply-To: <b09b80610601180438q56895fa1g82e64e4a98f078d7@mail.gmail.com>
References: <b09b80610601180438q56895fa1g82e64e4a98f078d7@mail.gmail.com>
Message-ID: <20060118145529.GC13704@hermes.my.domain>

Hi,

* Tor User <toruser at googlemail.com> [060118 13:41]:

> I am wondering whether to put this down to the incopetence of the
> spammer(s), or whether there could be any possible reason for why they might
> have wanted to send me content-free messages after going into the effort of
> unscrambling the email address. I doubt they would have wanted to learn
> anything from an automated bounce message (which they would expect to come
> from gmail in any case) but cannot see any other explanation.

I don't think this is related to tor. It seems someone harvested
your email address from the status page and send you some garbage. I
have seen this form of spam as a part of a multipart message where
the plain text is used to confuse Bayes filters.

Maybe the spammer misconfigured his tool.

Why would anyone send just a couple words? Because they can I
guess....

Cheers,

Christian

-- 
You may use my gpg key for replies:
pub  1024D/47F79788 2005/02/02 Christian Kellermann (C-Keen)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20060118/c74527ae/attachment-0001.pgp>

From mlthorne at gmail.com  Wed Jan 18 14:56:56 2006
From: mlthorne at gmail.com (Matt Thorne)
Date: Wed, 18 Jan 2006 09:56:56 -0500
Subject: Spam sent to contact address
In-Reply-To: <b09b80610601180638m5f7cfd34t55b08e871f8bf795@mail.gmail.com>
References: <b09b80610601180438q56895fa1g82e64e4a98f078d7@mail.gmail.com>
	 <293990577.20060118074811@gmail.com>
	 <b09b80610601180638m5f7cfd34t55b08e871f8bf795@mail.gmail.com>
Message-ID: <5c4c375e0601180656i4728fec4ldd2b85014f6072d9@mail.gmail.com>

perhaps that email address was added the Not so Good Email addr's
List, for whichever spammer, and they used that list to run testing
for whichever Bot they are designing.

On 1/18/06, Tor User <toruser at googlemail.com> wrote:
>
> On 1/18/06, Arrakistor <arrakistor at gmail.com> wrote:
> > Hello Tor User,
> >
> > If there are html references to remote files inside, this would be a way
> to track you, because it would leave your IP in the access logs via your
> mail program.
> >
>
> Yes, that would certainly be possible in principle but i) both spams are
> plain-text only, and ii) it is already easy to find the IP address of my tor
> server based on the contact address (just scan through all few hundred known
> tor servers, conveniently listed e.g. at
> http://serifos.eecs.harvard.edu/cgi-bin/exit.pl?sorbw=1&addr=1
> ).
>
> I am not at all worried, which is just as well given the amount of other
> spam I get :-) I am, however, puzzled as to why anyone would bother to go
> into a non-trivial amount of effort to decipher the email address, only to
> then use it to send a meaningless one-word message.  I suppose an
> explanation might be that the process of harvesting mildly obfuscated email
> addresses from the web has been automated and the resulting email addresses
> were then used by an utterly incompetent spammer. Another possibility might
> be that the spammer had a list of harvested emails not all of which were
> necessarily converted correctly from whatever form of obfuscation was used.
> It would then make sense for them to try to filter out invalid addresses
> before selling the list on, although it is unclear why they would use a
> one-word message rather than a real spam that they could have been paid for.
> I suspect I will never know.
>
>


From firefox-gen at walala.org  Wed Jan 18 19:52:58 2006
From: firefox-gen at walala.org (ADB)
Date: Wed, 18 Jan 2006 11:52:58 -0800
Subject: Anonym.OS
In-Reply-To: <6363-21942@sneakemail.com>
References: <6363-21942@sneakemail.com>
Message-ID: <43CE9C9A.8010809@walala.org>

Cool. What BT client would you recommend for Linux? The standard one 
sucks (or else I do) and I've never been able to DL anything with it. 
Maybe I just don't know WTF I'm doing, who knows...

~A

w9osxbh02 at sneakemail.com wrote:
> For those of you trying to download Anonym.OS from the Wired article, there's also the Bittorrent, which seems to work pretty quickly.
>
> Mark
>
>
> --------------------------------------
> Protect yourself from spam, 
> use http://sneakemail.com
>
>
>
>   


From w9osxbh02 at sneakemail.com  Thu Jan 19 03:09:08 2006
From: w9osxbh02 at sneakemail.com (w9osxbh02 at sneakemail.com)
Date: 19 Jan 2006 03:09:08 -0000
Subject: Anonym.OS
Message-ID: <8667-84200@sneakemail.com>

I use azeurus, but i don't drag the data through tor...too slow...i do run the tracker through tor...


----------reply separator----------

Cool. What BT client would you recommend for Linux? The standard one 
sucks (or else I do) and I've never been able to DL anything with it. 
Maybe I just don't know WTF I'm doing, who knows...

~A





--------------------------------------
Protect yourself from spam, 
use http://sneakemail.com


From keithn at csh.rit.edu  Thu Jan 19 04:00:21 2006
From: keithn at csh.rit.edu (Keith Needels)
Date: Wed, 18 Jan 2006 23:00:21 -0500
Subject: Tor Diffie-Hellman question
Message-ID: <43CF0ED5.2020401@csh.rit.edu>

Hello,

I just read through the design paper (Tor: The Second Generation Onion 
Router), and I have a quick question that I'm sure one of you can answer.

I might be missing something obvious here, but if the first half of the 
Diffie-Hellman key exchange sent with the Create/Relay Extend commands 
is encrypted using RSA and the public key of the onion router in which 
it is destined, why do Diffie-Hellman at all?  Why not just have our 
Alice generate the AES key by herself, and send it down the circuit 
encrypted with the destination OR's public key?

Thanks a lot!

-Keith


From alexismanning at hotpop.com  Mon Jan  2 16:28:38 2006
From: alexismanning at hotpop.com (Alexis Manning)
Date: Mon, 2 Jan 2006 16:28:38 -0000
Subject: Dealing with bad Tor nodes
References: <004d01c60fa2$87d0e250$1901a8c0@fishtest> <20060102142830.GA15157@localhost.localdomain>
Message-ID: <00dd01c60fb9$9bb059b0$1901a8c0@fishtest>

"Roger Dingledine" <arma at mit.edu> wrote:
> Upgrade to the latest 0.1.1.x-alpha and you should see some marked
> improvement.
>
> The upcoming 0.1.0.16 release has several backports from the 0.1.1.x
> tree that should make it behave better too.

Thanks Roger.  I'll give the alpha a try and see what happens.

Apologies, I see the changelog says "Recover better from TCP connections to
Tor servers that are broken but don't tell you (it happens!);".  I did skim
the alpha changelogs but obviously should have read them more carefully
before posting!

Cheers,

-- A.



From syverson at itd.nrl.navy.mil  Thu Jan 19 04:10:01 2006
From: syverson at itd.nrl.navy.mil (Paul Syverson)
Date: Wed, 18 Jan 2006 23:10:01 -0500
Subject: Tor Diffie-Hellman question
In-Reply-To: <43CF0ED5.2020401@csh.rit.edu>
References: <43CF0ED5.2020401@csh.rit.edu>
Message-ID: <20060119041001.GA6050@itd.nrl.navy.mil>

On Wed, Jan 18, 2006 at 11:00:21PM -0500, Keith Needels wrote:
> Hello,
> 
> I just read through the design paper (Tor: The Second Generation Onion 
> Router), and I have a quick question that I'm sure one of you can answer.
> 
> I might be missing something obvious here, but if the first half of the 
> Diffie-Hellman key exchange sent with the Create/Relay Extend commands 
> is encrypted using RSA and the public key of the onion router in which 
> it is destined, why do Diffie-Hellman at all?  Why not just have our 
> Alice generate the AES key by herself, and send it down the circuit 
> encrypted with the destination OR's public key?
> 

This has some similarity to the generation 0 and generation 1 designs
of onion routing. The problem is that if someone saved all the traffic
that went to that OR and then later broke or otherwise obtained the
private key, they could now get the AES key with which data between
Alice and that OR was encrypted. Using ephemeral DH gets us perfect
forward secrecy. I.e., this sort of attack won't work.

HTH,
Paul


From firefox-gen at walala.org  Thu Jan 19 07:38:29 2006
From: firefox-gen at walala.org (ADB)
Date: Wed, 18 Jan 2006 23:38:29 -0800
Subject: Anonym.OS
In-Reply-To: <8667-84200@sneakemail.com>
References: <8667-84200@sneakemail.com>
Message-ID: <43CF41F5.9020307@walala.org>

I have this thing called KTorrent on my PC- but Linuxtracker isn't 
giving me the file. It's overloaded or something? :'(

~Andrew

w9osxbh02 at sneakemail.com wrote:
> I use azeurus, but i don't drag the data through tor...too slow...i do run the tracker through tor...
>
>
> ----------reply separator----------
>
> Cool. What BT client would you recommend for Linux? The standard one 
> sucks (or else I do) and I've never been able to DL anything with it. 
> Maybe I just don't know WTF I'm doing, who knows...
>
> ~A
>
>
>
>
>
> --------------------------------------
> Protect yourself from spam, 
> use http://sneakemail.com
>
>
>
>   


From w9osxbh02 at sneakemail.com  Thu Jan 19 10:39:37 2006
From: w9osxbh02 at sneakemail.com (w9osxbh02 at sneakemail.com)
Date: 19 Jan 2006 10:39:37 -0000
Subject: Anonym.OS
Message-ID: <23996-43144@sneakemail.com>

Andrew,

Not sure as I've never used ktracker. I use asureus (spelled it wrong the first time) - which is java based and very easy to install under your user account and doesn't require root rights. All I do is find a torrent search site, search for what I'm looking for,  download the torrent file, open it in azureus and the rest happens automatically. 

I also have to adjust my upload speed as my upline pipe is rather limited.

I am pretty new to the bittorrent as well so I don't yet understand all the components.

Mark

---------reply separator---------------

I have this thing called KTorrent on my PC- but Linuxtracker isn't 
giving me the file. It's overloaded or something? :'(

~Andrew



--------------------------------------
Protect yourself from spam, 
use http://sneakemail.com


From mkol at poczta.neostrada.pl  Thu Jan 19 13:53:23 2006
From: mkol at poczta.neostrada.pl (Michal Kolinski)
Date: Thu, 19 Jan 2006 14:53:23 +0100
Subject: Anonym.OS
References: <6363-21942@sneakemail.com> <43CE9C9A.8010809@walala.org>
Message-ID: <001a01c61cff$bfe1c3c0$0201a8c0@michalpc>

> Cool. What BT client would you recommend for Linux? The standard one sucks 
> (or else I do) and I've never been able to DL anything with it.

Open (or forward) your BitTorrent port. Set your port to something in 
1024-65535 range.
Don't use these ports: 1214, 4661-4672, 6346-6347, 6881-6889.
GUI client: http://azureus.sourceforge.net/
ncurses client: http://libtorrent.rakshasa.no/


From firefox-gen at walala.org  Thu Jan 19 20:47:58 2006
From: firefox-gen at walala.org (ADB)
Date: Thu, 19 Jan 2006 12:47:58 -0800
Subject: Anonym.OS
In-Reply-To: <001a01c61cff$bfe1c3c0$0201a8c0@michalpc>
References: <6363-21942@sneakemail.com> <43CE9C9A.8010809@walala.org> <001a01c61cff$bfe1c3c0$0201a8c0@michalpc>
Message-ID: <43CFFAFE.8030006@walala.org>

I get an error mesage saying that linuxtracker.org/announce.php is 
sending an impropper response. None of the SF mirrors seem to have this 
file, no do any other BT search engines that I've tried! :(

~Andrew

PS- Are any other people having this problem?

Michal Kolinski wrote:
>> Cool. What BT client would you recommend for Linux? The standard one 
>> sucks (or else I do) and I've never been able to DL anything with it.
>
> Open (or forward) your BitTorrent port. Set your port to something in 
> 1024-65535 range.
> Don't use these ports: 1214, 4661-4672, 6346-6347, 6881-6889.
> GUI client: http://azureus.sourceforge.net/
> ncurses client: http://libtorrent.rakshasa.no/
>
>
>
>


From rabbi at abditum.com  Sat Jan 21 19:54:02 2006
From: rabbi at abditum.com (Len Sassaman)
Date: Sat, 21 Jan 2006 11:54:02 -0800 (PST)
Subject: CodeCon program announced, early registration deadline nearing
Message-ID: <Pine.LNX.4.58.0601211153470.22441@thetis.deor.org>

The program for CodeCon 2006 has been announced.

http://www.codecon.org/2006/program.html

CodeCon is the premier showcase of innovative software projects. It is a
workshop for developers of real-world applications with working code and
active development projects. All presentations will given by one of the
lead developers, and accompanied by a functional demo.


Highlights of CodeCon 2006 include:

iGlance -           Open source push-to-talk videoconferencing and
                    screen-sharing
Monotone -          Low stress, high functionality version control
Query By Example -  Data mining operations within PostgreSQL
Djinni -            Efficient approximations to NP-complete problems
Elsa/Oink/Cqual++ - A static-time whole-program dataflow analysis for C
                    and C++
Truman -            An open-source behavioral malware analysis sandnet
VidTorrent/Peers -  A scalable real-time p2p streaming protocol


The fifth annual CodeCon takes place February 10 - 12, 11:30 - 18:00, at
StudioZ (314 11th Street) in San Francisco. Early registration is $63,
available online until February 1st, 2006.

Registration will be available at the door for $85.

Supporting Attendee tickets are also available, and include a one-year
membership to the USENIX Association. Please see the CodeCon registration
page for details:

http://www.codecon.org/2006/registration.html


From w9osxbh02 at sneakemail.com  Sun Jan 22 14:24:02 2006
From: w9osxbh02 at sneakemail.com (w9osxbh02 at sneakemail.com)
Date: 22 Jan 2006 14:24:02 -0000
Subject: Anonym.OS
Message-ID: <8512-39231@sneakemail.com>

Andrew,

Don't know what is causing the problem with your seeding error, but do you have a natted port set up in your firewall to allow through for Azureus?

Sometimes it takes a little while for the tracker info to come through.

Mark

------------Reply Separator------------

I get an error mesage saying that linuxtracker.org/announce.php is 
sending an impropper response. None of the SF mirrors seem to have this 
file, no do any other BT search engines that I've tried! :(

~Andrew


From glymr_darkmoon at ml1.net  Mon Jan 23 02:36:53 2006
From: glymr_darkmoon at ml1.net (glymr)
Date: Mon, 23 Jan 2006 12:36:53 +1000
Subject: an idea about how to improve routing for interactive services
Message-ID: <43D44145.3020805@ml1.net>

Hi,

I've been running a tor server on and off for some time, I just recently 
got a dsl connection again, only a measly 256/64 connection, and one of 
my main uses for tor has always been instant messaging.

One of the most annoying things about tor, as it is presently run, for 
instant messaging purposes, is getting circuits which die frequently. I 
have an idea about how this problem could be solved, and I feel that 
this idea should be promoted at tor.eff.org - of specialised interactive 
traffic only nodes. This could be integrated into the configuration 
system in fact. The rules for how to define what one should set a node 
to do are as follows:

    1. If a node is run which is frequently offline, but with high
    bandwidth, this is suited to short-lived traffic, such as downloads
    of files (p2p, web browsing).

    2. If a node has low bandwidth, and can be kept online for long
    periods of time, this is the ideal situation for low-volume
    interactive traffic.


These rules could be used to weight classes of ports, a node could keep 
a history of its uptime, and report its average uptime value accumulated 
over time to the directory. This would help for choosing interactive 
traffic routes, the longer the average uptime, the greater the chance of 
it being picked on interactive circuits.

A cumulative history of average bandwidth usage would be added to this, 
and through the combination of these two, routers could create a pair of 
different classes of circuits, long lived circuits and short lived 
circuits, and one could overlay this and create another two classes of 
circuit, short-lived, low bandwidth circuits and long-lived 
high-bandwidth circuits. This second set of classes is probably not so 
important.

Tor could automatically select it's preference for the different traffic 
classes according to these values. At this point, without an automated 
system to do this, it can be done by users (as I am doing) - by using a 
rate-limiting system (netlimiter) and allowing only a small set of 
interactive traffic types through (in my case, irc and silc) - since tor 
precludes the use of file transfers on these two protocols, I set the 
rate limiting between 2 and 4kb/s depending on whether I am downloading 
more or chatting more.

However, I think it would be a worthwhile addition to the system by 
which Tor does its routing to use these rules in both the production of 
an uptime and bandwidth average, which is used by clients to select a 
pair of different circuit classes, interactive and high volume. High 
volume traffic usually is short lived, and interactive traffic is 
usually long lived. By specialising the circuits according to these 
rules one would find that interactivity is better promoted, and 
separated from volume.

David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20060123/49002ff7/attachment.htm>

From arma at mit.edu  Mon Jan 23 04:14:32 2006
From: arma at mit.edu (Roger Dingledine)
Date: Sun, 22 Jan 2006 23:14:32 -0500
Subject: an idea about how to improve routing for interactive services
In-Reply-To: <43D44145.3020805@ml1.net>
References: <43D44145.3020805@ml1.net>
Message-ID: <20060123041432.GK15157@localhost.localdomain>

On Mon, Jan 23, 2006 at 12:36:53PM +1000, glymr wrote:
> These rules could be used to weight classes of ports, a node could keep 
> a history of its uptime, and report its average uptime value accumulated 
> over time to the directory. This would help for choosing interactive 
> traffic routes, the longer the average uptime, the greater the chance of 
> it being picked on interactive circuits.

Actually, we already do something like this. Nodes report their uptime,
and we assume that a long uptime implies that it will stay up.

> Tor could automatically select it's preference for the different traffic 
> classes according to these values. At this point, without an automated 
> system to do this, it can be done by users (as I am doing) - by using a 
> rate-limiting system (netlimiter) and allowing only a small set of 
> interactive traffic types through (in my case, irc and silc) - since tor 
> precludes the use of file transfers on these two protocols, I set the 
> rate limiting between 2 and 4kb/s depending on whether I am downloading 
> more or chatting more.

I'm not sure I understand this part. You are using an external tool to
traffic shape the stuff you send into Tor? Or you are using an external
tool to traffic shape the stuff that exits from your Tor server?

> However, I think it would be a worthwhile addition to the system by 
> which Tor does its routing to use these rules in both the production of 
> an uptime and bandwidth average, which is used by clients to select a 
> pair of different circuit classes, interactive and high volume. High 
> volume traffic usually is short lived, and interactive traffic is 
> usually long lived. By specialising the circuits according to these 
> rules one would find that interactivity is better promoted, and 
> separated from volume.

Right, we do this too.

Check out the man page entry:

LongLivedPorts PORTS
  A list of ports for services that tend to have long-running connec-
  tions (e.g. chat and interactive shells). Circuits for streams that
  use  these ports will contain only high-uptime nodes, to reduce the
  chance that a node will go down  before  the  stream  is finished.
  (Default:  21,  22,  706, 1863, 5050, 5190, 5222, 5223, 6667, 8300,
  8888)

In 0.1.0.x, "high-uptime" is defined as "claiming an uptime of at least 24
hours." In 0.1.1.11-alpha, high-uptime is defined as meeting or exceeding
the median uptime of running valid servers. On the current Tor network
this tends to vary between 2 to 3 days.

But this clearly does not totally solve the problem: long-term connections
over Tor do still break. Part of this is because the Tor network is very
young and still quite dynamic, so people are upgrading, restarting their
servers, and so on. There is also clearly a tension between scaling the
network (and thus being more flexible about the volunteers we can make
use of) and providing stable links.

Another nice approach would be to be able to move streams to a new
circuit if the current one dies. But this has its own problems:
http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#MigrateStreams

What other approaches are there that might work?

--Roger


From glymr_darkmoon at ml1.net  Mon Jan 23 04:47:44 2006
From: glymr_darkmoon at ml1.net (glymr)
Date: Mon, 23 Jan 2006 14:47:44 +1000
Subject: an idea about how to improve routing for interactive services
In-Reply-To: <20060123041432.GK15157@localhost.localdomain>
References: <43D44145.3020805@ml1.net> <20060123041432.GK15157@localhost.localdomain>
Message-ID: <43D45FF0.5030902@ml1.net>

Roger Dingledine wrote:

>On Mon, Jan 23, 2006 at 12:36:53PM +1000, glymr wrote:
>  
>
>>These rules could be used to weight classes of ports, a node could keep 
>>a history of its uptime, and report its average uptime value accumulated 
>>over time to the directory. This would help for choosing interactive 
>>traffic routes, the longer the average uptime, the greater the chance of 
>>it being picked on interactive circuits.
>>    
>>
>
>Actually, we already do something like this. Nodes report their uptime,
>and we assume that a long uptime implies that it will stay up.
>
>  
>
yes, that's not a good assumption to make however. average uptime is a 
more useful metric, when a system has been up for a long time it may be 
just about to go down. also, for irc users, a connection which can stay 
up for 8 hours or more is regarded as quite adequate by most.

>>Tor could automatically select it's preference for the different traffic 
>>classes according to these values. At this point, without an automated 
>>system to do this, it can be done by users (as I am doing) - by using a 
>>rate-limiting system (netlimiter) and allowing only a small set of 
>>interactive traffic types through (in my case, irc and silc) - since tor 
>>precludes the use of file transfers on these two protocols, I set the 
>>rate limiting between 2 and 4kb/s depending on whether I am downloading 
>>more or chatting more.
>>    
>>
>
>I'm not sure I understand this part. You are using an external tool to
>traffic shape the stuff you send into Tor? Or you are using an external
>tool to traffic shape the stuff that exits from your Tor server?
>  
>
what i mean is, different ports, for different protocols, have different 
traffic characteristics. irc, silc, msn, aim/icq, jabber etc, these are 
all long lived and mostly low bandwidth connections, whereas web 
browsing is short lived and bursty. they should be treated differently.

regarding the shaper, yes, i'm shaping the bandwidth that comes out of 
my tor server so that it limits it, but because i have specified that it 
only allows exit with irc and silc, to a large degree that will reduce 
the amount of bursty high bandwidth connections it creates, once my node 
is up for the 'long uptime' period (i'm still nutting out some problems 
with a new installation, but i'm hoping i'll have over 24 hours uptime 
soon).

but unfortunately there is nothing yet in the protocol to stop my node 
being a part of a bursty, short-lived high-bandwidth circuit. being able 
to control this would be very useful. and that's what i'm talking about, 
having two classes of traffic in tor, so that nodes that have good 
uptime but low bandwidth can contribute to improving the interactive 
connection experience with tor.

>>However, I think it would be a worthwhile addition to the system by 
>>which Tor does its routing to use these rules in both the production of 
>>an uptime and bandwidth average, which is used by clients to select a 
>>pair of different circuit classes, interactive and high volume. High 
>>volume traffic usually is short lived, and interactive traffic is 
>>usually long lived. By specialising the circuits according to these 
>>rules one would find that interactivity is better promoted, and 
>>separated from volume.
>>    
>>
>
>Right, we do this too.
>
>Check out the man page entry:
>
>LongLivedPorts PORTS
>  A list of ports for services that tend to have long-running connec-
>  tions (e.g. chat and interactive shells). Circuits for streams that
>  use  these ports will contain only high-uptime nodes, to reduce the
>  chance that a node will go down  before  the  stream  is finished.
>  (Default:  21,  22,  706, 1863, 5050, 5190, 5222, 5223, 6667, 8300,
>  8888)
>
>In 0.1.0.x, "high-uptime" is defined as "claiming an uptime of at least 24
>hours." In 0.1.1.11-alpha, high-uptime is defined as meeting or exceeding
>the median uptime of running valid servers. On the current Tor network
>this tends to vary between 2 to 3 days.
>
>But this clearly does not totally solve the problem: long-term connections
>over Tor do still break. Part of this is because the Tor network is very
>young and still quite dynamic, so people are upgrading, restarting their
>servers, and so on. There is also clearly a tension between scaling the
>network (and thus being more flexible about the volunteers we can make
>use of) and providing stable links.
>
>Another nice approach would be to be able to move streams to a new
>circuit if the current one dies. But this has its own problems:
>http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#MigrateStreams
>
>What other approaches are there that might work?
>
>--Roger
>  
>
I think that what i have described is the, at this point at least, best 
answer to the problem of improving long lived interactive connections.

One other point that might be worth mentioning is that these long lived 
connections would probably benefit, due to their long life and low ping, 
from having 4 or 5 hops instead of 3 to help reduce the traffic analysis 
problem, since it would be very easy to have a lot more people running 
these low capacity high uptime nodes, the extra traffic is insignificant.

Oh, and because these connections are very low bandwidth, it could be 
incorporated into the client to automatically relay traffic from known 
low bandwidth ports, if the client finds itself with a high uptime average.

Think about how important persistence is with interactive connections. 
SSH is a classic example... what happens if you are in the middle of 
some irritaingly long process and suddenly your connection pings out? I 
think that there should be a priority made in the tor architecture to 
promote this kind of use of tor because it's probably the most delicate, 
security wise. Consider the benefits for activists being able to use 
instant messaging without being monitored, for organising and such.

David


From peter at palfrader.org  Mon Jan  2 16:42:10 2006
From: peter at palfrader.org (Peter Palfrader)
Date: Mon, 2 Jan 2006 17:42:10 +0100
Subject: benchmarking a node
In-Reply-To: <20060102151341.GO20671@eecs.harvard.edu>
References: <20060102123610.GK2235@leitl.org> <20060102151341.GO20671@eecs.harvard.edu>
Message-ID: <20060102164210.GV30820@asteria.noreply.org>

On Mon, 02 Jan 2006, Geoffrey Goodell wrote:

> On Mon, Jan 02, 2006 at 01:36:11PM +0100, Eugen Leitl wrote:
> > Another question: as Tor alpha seems to crash regularly,
> > will the keys/torrc be wiped if I do apt-get remove tor,
> > to downgrade to the stable branch?
> 
> Issuing "apt-get remove tor" will not delete the tor configuration and
> data files, but it would probably be easiest for you to just apt-get
> install or dpkg -i the stable version of tor, which will automatically
> perform the downgrade for you.

Generally, Debian packages do not support downgrades.

It will probably work in this very case but no guarantees.

-- 
 PGP signed and encrypted  |  .''`.  ** Debian GNU/Linux **
    messages preferred.    | : :' :      The  universal
                           | `. `'      Operating System
 http://www.palfrader.org/ |   `-    http://www.debian.org/


From firefox-gen at walala.org  Mon Jan 23 08:23:18 2006
From: firefox-gen at walala.org (ADB)
Date: Mon, 23 Jan 2006 00:23:18 -0800
Subject: an idea about how to improve routing for interactive services
In-Reply-To: <43D44145.3020805@ml1.net>
References: <43D44145.3020805@ml1.net>
Message-ID: <43D49276.5060605@walala.org>

What OS are you using? I used to have this problem all the time with 
Windows, and it got worse over time as the system got more and more 
FUBARed. However, since switching entirely to Linux, I have not had any 
of these issues more than once every week or so. This is just my case 
though perhaps others have this issue on other platforms more frequently.

~Andrew

glymr wrote:
> Hi,
>
> I've been running a tor server on and off for some time, I just 
> recently got a dsl connection again, only a measly 256/64 connection, 
> and one of my main uses for tor has always been instant messaging.
>
> One of the most annoying things about tor, as it is presently run, for 
> instant messaging purposes, is getting circuits which die frequently. 
> I have an idea about how this problem could be solved, and I feel that 
> this idea should be promoted at tor.eff.org - of specialised 
> interactive traffic only nodes. This could be integrated into the 
> configuration system in fact. The rules for how to define what one 
> should set a node to do are as follows:
>
>     1. If a node is run which is frequently offline, but with high
>     bandwidth, this is suited to short-lived traffic, such as
>     downloads of files (p2p, web browsing).
>
>     2. If a node has low bandwidth, and can be kept online for long
>     periods of time, this is the ideal situation for low-volume
>     interactive traffic.
>
>
> These rules could be used to weight classes of ports, a node could 
> keep a history of its uptime, and report its average uptime value 
> accumulated over time to the directory. This would help for choosing 
> interactive traffic routes, the longer the average uptime, the greater 
> the chance of it being picked on interactive circuits.
>
> A cumulative history of average bandwidth usage would be added to 
> this, and through the combination of these two, routers could create a 
> pair of different classes of circuits, long lived circuits and short 
> lived circuits, and one could overlay this and create another two 
> classes of circuit, short-lived, low bandwidth circuits and long-lived 
> high-bandwidth circuits. This second set of classes is probably not so 
> important.
>
> Tor could automatically select it's preference for the different 
> traffic classes according to these values. At this point, without an 
> automated system to do this, it can be done by users (as I am doing) - 
> by using a rate-limiting system (netlimiter) and allowing only a small 
> set of interactive traffic types through (in my case, irc and silc) - 
> since tor precludes the use of file transfers on these two protocols, 
> I set the rate limiting between 2 and 4kb/s depending on whether I am 
> downloading more or chatting more.
>
> However, I think it would be a worthwhile addition to the system by 
> which Tor does its routing to use these rules in both the production 
> of an uptime and bandwidth average, which is used by clients to select 
> a pair of different circuit classes, interactive and high volume. High 
> volume traffic usually is short lived, and interactive traffic is 
> usually long lived. By specialising the circuits according to these 
> rules one would find that interactivity is better promoted, and 
> separated from volume.
>
> David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20060123/d92f2ddf/attachment.htm>

From glymr_darkmoon at ml1.net  Mon Jan 23 10:35:22 2006
From: glymr_darkmoon at ml1.net (glymr)
Date: Mon, 23 Jan 2006 20:35:22 +1000
Subject: an idea about how to improve routing for interactive services
In-Reply-To: <43D49276.5060605@walala.org>
References: <43D44145.3020805@ml1.net> <43D49276.5060605@walala.org>
Message-ID: <43D4B16A.5040307@ml1.net>

yes, windows network system is seriously crappy at scheduling. i'm using 
winxp but i've got netlimiter installed for ratelimiting.

ADB wrote:

> What OS are you using? I used to have this problem all the time with 
> Windows, and it got worse over time as the system got more and more 
> FUBARed. However, since switching entirely to Linux, I have not had 
> any of these issues more than once every week or so. This is just my 
> case though perhaps others have this issue on other platforms more 
> frequently.
>
> ~Andrew
>
> glymr wrote:
>
>> Hi,
>>
>> I've been running a tor server on and off for some time, I just 
>> recently got a dsl connection again, only a measly 256/64 connection, 
>> and one of my main uses for tor has always been instant messaging.
>>
>> One of the most annoying things about tor, as it is presently run, 
>> for instant messaging purposes, is getting circuits which die 
>> frequently. I have an idea about how this problem could be solved, 
>> and I feel that this idea should be promoted at tor.eff.org - of 
>> specialised interactive traffic only nodes. This could be integrated 
>> into the configuration system in fact. The rules for how to define 
>> what one should set a node to do are as follows:
>>
>>     1. If a node is run which is frequently offline, but with high
>>     bandwidth, this is suited to short-lived traffic, such as
>>     downloads of files (p2p, web browsing).
>>
>>     2. If a node has low bandwidth, and can be kept online for long
>>     periods of time, this is the ideal situation for low-volume
>>     interactive traffic.
>>
>>
>> These rules could be used to weight classes of ports, a node could 
>> keep a history of its uptime, and report its average uptime value 
>> accumulated over time to the directory. This would help for choosing 
>> interactive traffic routes, the longer the average uptime, the 
>> greater the chance of it being picked on interactive circuits.
>>
>> A cumulative history of average bandwidth usage would be added to 
>> this, and through the combination of these two, routers could create 
>> a pair of different classes of circuits, long lived circuits and 
>> short lived circuits, and one could overlay this and create another 
>> two classes of circuit, short-lived, low bandwidth circuits and 
>> long-lived high-bandwidth circuits. This second set of classes is 
>> probably not so important.
>>
>> Tor could automatically select it's preference for the different 
>> traffic classes according to these values. At this point, without an 
>> automated system to do this, it can be done by users (as I am doing) 
>> - by using a rate-limiting system (netlimiter) and allowing only a 
>> small set of interactive traffic types through (in my case, irc and 
>> silc) - since tor precludes the use of file transfers on these two 
>> protocols, I set the rate limiting between 2 and 4kb/s depending on 
>> whether I am downloading more or chatting more.
>>
>> However, I think it would be a worthwhile addition to the system by 
>> which Tor does its routing to use these rules in both the production 
>> of an uptime and bandwidth average, which is used by clients to 
>> select a pair of different circuit classes, interactive and high 
>> volume. High volume traffic usually is short lived, and interactive 
>> traffic is usually long lived. By specialising the circuits according 
>> to these rules one would find that interactivity is better promoted, 
>> and separated from volume.
>>
>> David
>


From matt at snark.net  Tue Jan 24 05:02:05 2006
From: matt at snark.net (Matt Ghali)
Date: Mon, 23 Jan 2006 21:02:05 -0800 (PST)
Subject: choosing a syslog facility other than 'daemon'
Message-ID: <Pine.GSO.4.61.0601232100530.22876@pants.snark.net>

Is there a user-friendly way to ask tor to log to a different 
facility than 'daemon'? IE, something that does not involve editing 
the source and recompiling :)

thanks!
matto

--matt at snark.net------------------------------------------<darwin><
               The only thing necessary for the triumph
               of evil is for good men to do nothing. - Edmund Burke


From cwilson352 at cogeco.ca  Tue Jan 24 23:17:37 2006
From: cwilson352 at cogeco.ca (Wilson)
Date: Tue, 24 Jan 2006 18:17:37 -0500
Subject: TorDNS 1.7 final
Message-ID: <43D6B591.1020708@cogeco.ca>

Unless there is a problem with the final release, there probably won't 
be a new version for a little while... Read the "furthermore..." section 
of the "READ THIS" on the website.... Link is below:

http://sandos.ath.cx/~badger/tordns.html


From scarab7 at fastmail.fm  Thu Jan 26 06:27:45 2006
From: scarab7 at fastmail.fm (Scarab)
Date: Wed, 25 Jan 2006 22:27:45 -0800
Subject: Bandwidth shaping by time of day / week / month? Adding that info to
   Tor protocol?
Message-ID: <1138256865.28648.252795679@webmail.messagingengine.com>

Hi,

I'm new to the list. Perhaps this has been covered already, but are
there any plans to add cron-style bandwidth shaping options to Tor? I
mean using the common crontab notation for specifying arbitrary time
periods and bandwidth throttles within those periods. In my case, I want
a 20KB limit from 8am to 5pm Mon-Fri, no limit outside those hours. With
a cron-style implementation it'd be easy to do arbitrarily complex
shaping, i.e. cap Tor at 30KB on a specific night if a remote backup was
scheduled to occur, etc.

I'd like to ramp the rate on my end-node up to the full 50KB capacity of
the line when
I'm done using my ADSL connection for the day, but can't now do this
without stopping / restarting Tor, re-writing the config file, etc. Also
I'd prefer to keep my server up all the time in service of the overall
stability of the network.

Perhaps it'd add too much complexity, but the Tor protocol could perhaps
even take advantage of published cron-style bandwidth schedules to
optimize network throughput... a lot of the world is asleep while the
other part of it goes through the working (and playing) day.

Any comments on this? (I scanned the last 5 months of mailing list
archives "by hand" but found no mention. How do I search the mailing
list archives; I'm amazed there's not at least a rudimentary "Search"
field & button on the mailing list archive page.)

Thanks,

G. Osmond
-- 
  Scarab
  scarab7 at fastmail.fm

-- 
http://www.fastmail.fm - Accessible with your email software
                          or over the web


From m.balvers at addicts.nl  Thu Jan 26 07:36:07 2006
From: m.balvers at addicts.nl (Martin Balvers)
Date: Thu, 26 Jan 2006 08:36:07 +0100 (CET)
Subject: Bandwidth shaping by time of day / week / month? Adding that 
     info to   Tor protocol?
In-Reply-To: <1138256865.28648.252795679@webmail.messagingengine.com>
References: <1138256865.28648.252795679@webmail.messagingengine.com>
Message-ID: <16004.194.151.164.2.1138260967.squirrel@webmail.addicts.nl>


> Any comments on this? (I scanned the last 5 months of mailing list
> archives "by hand" but found no mention. How do I search the mailing
> list archives; I'm amazed there's not at least a rudimentary "Search"
> field & button on the mailing list archive page.)

You can search a (any) site with google like this:
To search for the term 'bandwidth' in the archives type the following term
in google:
site:archives.seul.org/or/talk/ bandwidth

http://www.google.com/search?hl=en&q=site%3Aarchives.seul.org%2For%2Ftalk%2F+bandwidth&btnG=Google+Search


Hope this helps someone :)

Martin


From force44 at Safe-mail.net  Thu Jan 26 09:48:08 2006
From: force44 at Safe-mail.net (force44 at Safe-mail.net)
Date: Thu, 26 Jan 2006 04:48:08 -0500
Subject: Socks/TOR setup question
Message-ID: <N1-F2sEXJqB-a@Safe-mail.net>

Hello,

I  use Tor, TorCP and Privoxy:

Privoxy listens on 8118
TOR requests are sent for http and https to 127.0.0.0 on 8118,
and to 127.0.0.1 on 9050 for the socks requests.

That works fine,  but  I am always receiving such message in the Log file: "[Warn] Your application (using socks4 on port 49370) is giving Tor only an IP address.  Applications  that  do  DNS  resolves themselves  may  leak information.  Consider  using  Socks4A  (e.g. via  privoxy  or socat) instead."

This message is created when any application uses the TOR server, no matter if I parameter it as a socks4 or socks5.

As I am already using Privoxy, what must I change in my config so that this message isn't generated? Moreover, must I setup my applications to use TOR as a socks4 or a socks5 server>

Thank you!


From force44 at Safe-mail.net  Thu Jan 26 09:49:28 2006
From: force44 at Safe-mail.net (force44 at Safe-mail.net)
Date: Thu, 26 Jan 2006 04:49:28 -0500
Subject: Tor and WinXP question
Message-ID: <N1-HVY-2dSujN@Safe-mail.net>

Hi everybody,

I receive regular error messages like these 2:

"Error writing router store to disk"
and
"Error replacing "[mypath]/cached-routers.new": File exists"
"Error replacing "[mypath]/cached-routers": File exists"
"Error replacing "[mypath]/cached-routers.new": Permission denied"


I am using WinXP...

Despite this, it seems that TOR is running well, using the last Alfa, TorCP and Privoxy.

Thanks for your comments :)


From toruser at googlemail.com  Thu Jan 26 10:15:12 2006
From: toruser at googlemail.com (Tor User)
Date: Thu, 26 Jan 2006 02:15:12 -0800
Subject: Bandwidth shaping by time of day / week / month? Adding that info to Tor protocol?
In-Reply-To: <1138256865.28648.252795679@webmail.messagingengine.com>
References: <1138256865.28648.252795679@webmail.messagingengine.com>
Message-ID: <b09b80610601260215i6eac47d4wf9550e3c2c63fb2@mail.gmail.com>

>
> I'd like to ramp the rate on my end-node up to the full 50KB capacity of
> the line when
> I'm done using my ADSL connection for the day, but can't now do this
> without stopping / restarting Tor, re-writing the config file, etc.


You don't need to restart tor. Just update the config file and then do
something like

kill -HUP `cat /var/run/tor/tor.pid`

I guess you could have several config files and use cron to copy whichever
one you wanted to use at that time to /etc/tor, or you could update just the
bandwith section by calling  e.g. sed.

Hope this helps,

Toruser
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20060126/71a2eaf2/attachment.htm>

From iminium at wanadoo.fr  Thu Jan 26 15:54:23 2006
From: iminium at wanadoo.fr (=?ISO-8859-1?Q?Jean-Paul_Desbru=E8res?=)
Date: Thu, 26 Jan 2006 16:54:23 +0100
Subject: Switching Tor on and off on Mac OS X Tiger
Message-ID: <368606C4-DAFD-4ADB-AC91-661C8080EFE2@wanadoo.fr>

As using Tor slows down quite a bit web browsing and as going to the  
weather forecast site for instance does not really need a protection  
is there a simple way to switch Tor on or off on Mac OS 10 Tiger ?



From eugen at leitl.org  Mon Jan  2 17:13:01 2006
From: eugen at leitl.org (Eugen Leitl)
Date: Mon, 2 Jan 2006 18:13:01 +0100
Subject: benchmarking a node
In-Reply-To: <20060102151341.GO20671@eecs.harvard.edu>
References: <20060102123610.GK2235@leitl.org> <20060102151341.GO20671@eecs.harvard.edu>
Message-ID: <20060102171301.GP2235@leitl.org>

On Mon, Jan 02, 2006 at 10:13:41AM -0500, Geoffrey Goodell wrote:
> On Mon, Jan 02, 2006 at 01:36:11PM +0100, Eugen Leitl wrote:
> > Another question: as Tor alpha seems to crash regularly,
> > will the keys/torrc be wiped if I do apt-get remove tor,
> > to downgrade to the stable branch?
> 
> Issuing "apt-get remove tor" will not delete the tor configuration and
> data files, but it would probably be easiest for you to just apt-get
> install or dpkg -i the stable version of tor, which will automatically
> perform the downgrade for you.

Yes, with the exception of

85-31-186-61:~# dpkg -i tor_0.1.0.15-1~~sarge.1_i386.deb
dpkg - warning: downgrading tor from 0.1.1.10-alpha-1~~sarge.1 to 0.1.0.15-1~~sarge.1.
(Reading database ... 13875 files and directories currently installed.)
Preparing to replace tor 0.1.1.10-alpha-1~~sarge.1 (using tor_0.1.0.15-1~~sarge.1_i386.deb) ...
Stopping tor daemon: ...............................tor.
Unpacking replacement tor ...
Setting up tor (0.1.0.15-1~~sarge.1) ...

Configuration file `/etc/tor/torrc'
 ==> Modified (by you or by a script) since installation.
 ==> Package distributor has shipped an updated version.
   What would you like to do about it ?  Your options are:
    Y or I  : install the package maintainer's version
    N or O  : keep your currently-installed version
      D     : show the differences between the versions
      Z     : background this process to examine the situation
 The default action is to keep your current version.
*** torrc (Y/I/N/O/D/Z) [default=N] ? N
Installing new version of config file /etc/default/tor ...
Installing new version of config file /etc/init.d/tor ...
debian-tor uid check: ok
debian-tor homedir check: ok
Starting tor daemon: tor...
Jan 02 18:11:26.745 [notice] Tor v0.1.0.15. This is experimental software. Do not rely on it for strong anonymity.
Jan 02 18:11:26.746 [warn] config_assign_line(): Unknown option 'SocksListenAddress'.  Failing.
Jan 02 18:11:26.746 [err] tor_init(): Reading config failed--see warnings above. For usage, try -h.
invoke-rc.d: initscript tor, action "start" failed.

Just FYI.

-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820            http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20060102/1ba2df15/attachment.pgp>

From numE at onionizer.de  Thu Jan 26 15:56:31 2006
From: numE at onionizer.de (numE)
Date: Thu, 26 Jan 2006 16:56:31 +0100
Subject: Switching Tor on and off on Mac OS X Tiger
In-Reply-To: <368606C4-DAFD-4ADB-AC91-661C8080EFE2@wanadoo.fr>
References: <368606C4-DAFD-4ADB-AC91-661C8080EFE2@wanadoo.fr>
Message-ID: <43D8F12F.602@onionizer.de>

Firefox + Switchproxy

Jean-Paul Desbru?res schrieb:
> As using Tor slows down quite a bit web browsing and as going to the
> weather forecast site for instance does not really need a protection
> is there a simple way to switch Tor on or off on Mac OS 10 Tiger ?


From iminium at wanadoo.fr  Thu Jan 26 16:00:13 2006
From: iminium at wanadoo.fr (=?ISO-8859-1?Q?Jean-Paul_Desbru=E8res?=)
Date: Thu, 26 Jan 2006 17:00:13 +0100
Subject: Switching Tor on and off on Mac OS X Tiger
In-Reply-To: <43D8F12F.602@onionizer.de>
References: <368606C4-DAFD-4ADB-AC91-661C8080EFE2@wanadoo.fr> <43D8F12F.602@onionizer.de>
Message-ID: <C79A2275-58FB-4233-AF8A-6686D6C3E01A@wanadoo.fr>

Unfortunately I am using Safari
Le 26 janv. 06 ? 16:56, numE a ?crit :

> Firefox + Switchproxy
>
> Jean-Paul Desbru?res schrieb:
>> As using Tor slows down quite a bit web browsing and as going to the
>> weather forecast site for instance does not really need a protection
>> is there a simple way to switch Tor on or off on Mac OS 10 Tiger ?
>
> ---------------------------------------------------------------------- 
> -----------------
> Wanadoo vous informe que cet  e-mail a ete controle par l'anti- 
> virus mail.
> Aucun virus connu a ce jour par nos services n'a ete detecte.
>
>
>



From numE at onionizer.de  Thu Jan 26 16:04:02 2006
From: numE at onionizer.de (numE)
Date: Thu, 26 Jan 2006 17:04:02 +0100
Subject: Switching Tor on and off on Mac OS X Tiger
In-Reply-To: <C79A2275-58FB-4233-AF8A-6686D6C3E01A@wanadoo.fr>
References: <368606C4-DAFD-4ADB-AC91-661C8080EFE2@wanadoo.fr> <43D8F12F.602@onionizer.de> <C79A2275-58FB-4233-AF8A-6686D6C3E01A@wanadoo.fr>
Message-ID: <43D8F2F2.8060504@onionizer.de>

With Safari there is no real solution (at least i dont know).
you could generate two "profiles" in the osx network configuration.
one with proxy, one without..

the bad thing is.. when changing the profile your connection is cut for some
seconds....

this is why i use safari for normal surfing...

firefox with tor (and if i want to use firefox without tor i can simply
disable it via switchproxy).

Jean-Paul Desbru?res schrieb:
> Unfortunately I am using Safari
> Le 26 janv. 06 ? 16:56, numE a ?crit :
>
>> Firefox + Switchproxy
>>
>> Jean-Paul Desbru?res schrieb:
>>> As using Tor slows down quite a bit web browsing and as going to the
>>> weather forecast site for instance does not really need a protection
>>> is there a simple way to switch Tor on or off on Mac OS 10 Tiger ?
>>
>> ---------------------------------------------------------------------------------------
>>
>> Wanadoo vous informe que cet  e-mail a ete controle par l'anti-virus
>> mail.
>> Aucun virus connu a ce jour par nos services n'a ete detecte.
>>
>>
>>


From huber at paradoxical.net  Thu Jan 26 16:07:55 2006
From: huber at paradoxical.net (Josh)
Date: Thu, 26 Jan 2006 11:07:55 -0500
Subject: Switching Tor on and off on Mac OS X Tiger
In-Reply-To: <368606C4-DAFD-4ADB-AC91-661C8080EFE2@wanadoo.fr> (Jean-Paul
	=?iso-8859-1?Q?Desbru=E8res's?= message of "Thu, 26 Jan 2006 16:54:23
 +0100")
References: <368606C4-DAFD-4ADB-AC91-661C8080EFE2@wanadoo.fr>
Message-ID: <87wtgnnfac.fsf@callisto.paradoxical.net>

Jean-Paul Desbru?res <iminium at wanadoo.fr> writes:

> As using Tor slows down quite a bit web browsing and as going
> to the weather forecast site for instance does not really need
> a protection is there a simple way to switch Tor on or off on
> Mac OS 10 Tiger ?

If you're using Firefox you should take a look at the SwitchProxy
extension.  Setup details for tor use are here:

http://tor.eff.org/cvs/tor/doc/tor-switchproxy.html

Also, you could specify your weather site as a proxy exception.
If you want to do this with safari, enter e.g. weather.com into
the "Bypass proxy settings for these Hosts & Domains" text box:

http://tor.eff.org/img/screenshot-osx-proxy-settings.png

(that image is from
 http://tor.eff.org/cvs/tor/doc/tor-doc-osx.html)

Josh


From jay at tamboli.cx  Thu Jan 26 16:13:21 2006
From: jay at tamboli.cx (Jay Goodman Tamboli)
Date: Thu, 26 Jan 2006 11:13:21 -0500
Subject: Switching Tor on and off on Mac OS X Tiger
In-Reply-To: <C79A2275-58FB-4233-AF8A-6686D6C3E01A@wanadoo.fr>
References: <368606C4-DAFD-4ADB-AC91-661C8080EFE2@wanadoo.fr> <43D8F12F.602@onionizer.de> <C79A2275-58FB-4233-AF8A-6686D6C3E01A@wanadoo.fr>
Message-ID: <53245C62-220E-4766-9FA5-24B8131B1D30@tamboli.cx>

On 2006.01.26, at 11:00, Jean-Paul Desbru?res wrote:

> Unfortunately I am using Safari

Depending on what you're asking there are really two ways to control  
Tor when you're using Safari.

If you're talking about turning Tor on and off completely, the  
easiest way is to go to the "Network" System Preference panel and  
uncheck the proxy settings. As someone else suggested, you could also  
create separate network locations, one with proxies and one without,  
though switching locations would interrupt connections.

Something else you can try is adding hosts you want fast access to to  
the proxy exceptions list in the Network panel. Access to these will  
be fast, but not anonymous.

For both situations, you can also edit your Privoxy config file (/ 
Library/Privoxy/config). You can comment out the "forward-socks4a /  
localhost:9050 ." line to turn off Tor completely, or you can add  
lines below that to keep certain hosts from going through Tor. For  
example, I have the following lines in my config:

forward-socks4a / localhost:9050 .
forward   192.168.1.1 .
forward   160.79.128.22 . # Digitally Imported streaming music
forward   swcdn.apple.com . # Apple system updates downloads
forward   kh.google.com   . # Google Earth
forward   mail.google.com:443   . # Gmail
forward   en.wikipedia.org .

/jgt
-- 
http://tamboli.cx/



From iminium at wanadoo.fr  Thu Jan 26 16:18:25 2006
From: iminium at wanadoo.fr (=?ISO-8859-1?Q?Jean-Paul_Desbru=E8res?=)
Date: Thu, 26 Jan 2006 17:18:25 +0100
Subject: Switching Tor on and off on Mac OS X Tiger
In-Reply-To: <43D8F2F2.8060504@onionizer.de>
References: <368606C4-DAFD-4ADB-AC91-661C8080EFE2@wanadoo.fr> <43D8F12F.602@onionizer.de> <C79A2275-58FB-4233-AF8A-6686D6C3E01A@wanadoo.fr> <43D8F2F2.8060504@onionizer.de>
Message-ID: <4ECE2A11-EF27-46F0-ACB0-DA95FF427CB1@wanadoo.fr>

Thanks a lot for your help.

I think I am going to use Firefox for protected surfing only.
Le 26 janv. 06 ? 17:04, numE a ?crit :

> With Safari there is no real solution (at least i dont know).
> you could generate two "profiles" in the osx network configuration.
> one with proxy, one without..
>
> the bad thing is.. when changing the profile your connection is cut  
> for some
> seconds....
>
> this is why i use safari for normal surfing...
>
> firefox with tor (and if i want to use firefox without tor i can  
> simply
> disable it via switchproxy).
>
> Jean-Paul Desbru?res schrieb:
>> Unfortunately I am using Safari
>> Le 26 janv. 06 ? 16:56, numE a ?crit :
>>
>>> Firefox + Switchproxy
>>>
>>> Jean-Paul Desbru?res schrieb:
>>>> As using Tor slows down quite a bit web browsing and as going to  
>>>> the
>>>> weather forecast site for instance does not really need a  
>>>> protection
>>>> is there a simple way to switch Tor on or off on Mac OS 10 Tiger ?
>>>
>>> -------------------------------------------------------------------- 
>>> -------------------
>>>
>>> Wanadoo vous informe que cet  e-mail a ete controle par l'anti-virus
>>> mail.
>>> Aucun virus connu a ce jour par nos services n'a ete detecte.
>>>
>>>
>>>
>
> ---------------------------------------------------------------------- 
> -----------------
> Wanadoo vous informe que cet  e-mail a ete controle par l'anti- 
> virus mail.
> Aucun virus connu a ce jour par nos services n'a ete detecte.
>
>
>



From iminium at wanadoo.fr  Thu Jan 26 16:19:19 2006
From: iminium at wanadoo.fr (=?ISO-8859-1?Q?Jean-Paul_Desbru=E8res?=)
Date: Thu, 26 Jan 2006 17:19:19 +0100
Subject: Switching Tor on and off on Mac OS X Tiger
In-Reply-To: <87wtgnnfac.fsf@callisto.paradoxical.net>
References: <368606C4-DAFD-4ADB-AC91-661C8080EFE2@wanadoo.fr> <87wtgnnfac.fsf@callisto.paradoxical.net>
Message-ID: <9D20CDD3-E7B5-4DA7-80AC-4564021620B3@wanadoo.fr>

Thanks a lot for your help.

I think I am going to use Firefox for protected surfing only.

Le 26 janv. 06 ? 17:07, Josh a ?crit :

> Jean-Paul Desbru?res <iminium at wanadoo.fr> writes:
>
>> As using Tor slows down quite a bit web browsing and as going
>> to the weather forecast site for instance does not really need
>> a protection is there a simple way to switch Tor on or off on
>> Mac OS 10 Tiger ?
>
> If you're using Firefox you should take a look at the SwitchProxy
> extension.  Setup details for tor use are here:
>
> http://tor.eff.org/cvs/tor/doc/tor-switchproxy.html
>
> Also, you could specify your weather site as a proxy exception.
> If you want to do this with safari, enter e.g. weather.com into
> the "Bypass proxy settings for these Hosts & Domains" text box:
>
> http://tor.eff.org/img/screenshot-osx-proxy-settings.png
>
> (that image is from
>  http://tor.eff.org/cvs/tor/doc/tor-doc-osx.html)
>
> Josh
> ---------------------------------------------------------------------- 
> -----------------
> Wanadoo vous informe que cet  e-mail a ete controle par l'anti- 
> virus mail.
> Aucun virus connu a ce jour par nos services n'a ete detecte.
>
>
>



From iminium at wanadoo.fr  Thu Jan 26 16:21:47 2006
From: iminium at wanadoo.fr (=?ISO-8859-1?Q?Jean-Paul_Desbru=E8res?=)
Date: Thu, 26 Jan 2006 17:21:47 +0100
Subject: Switching Tor on and off on Mac OS X Tiger
In-Reply-To: <53245C62-220E-4766-9FA5-24B8131B1D30@tamboli.cx>
References: <368606C4-DAFD-4ADB-AC91-661C8080EFE2@wanadoo.fr> <43D8F12F.602@onionizer.de> <C79A2275-58FB-4233-AF8A-6686D6C3E01A@wanadoo.fr> <53245C62-220E-4766-9FA5-24B8131B1D30@tamboli.cx>
Message-ID: <388D222D-CF3B-4CCE-B953-5D80081E6AA2@wanadoo.fr>

Thanks a lot for your help.

I think I am going to use Firefox for protected surfing only.

Le 26 janv. 06 ? 17:13, Jay Goodman Tamboli a ?crit :

> On 2006.01.26, at 11:00, Jean-Paul Desbru?res wrote:
>
>> Unfortunately I am using Safari
>
> Depending on what you're asking there are really two ways to  
> control Tor when you're using Safari.
>
> If you're talking about turning Tor on and off completely, the  
> easiest way is to go to the "Network" System Preference panel and  
> uncheck the proxy settings. As someone else suggested, you could  
> also create separate network locations, one with proxies and one  
> without, though switching locations would interrupt connections.
>
> Something else you can try is adding hosts you want fast access to  
> to the proxy exceptions list in the Network panel. Access to these  
> will be fast, but not anonymous.
>
> For both situations, you can also edit your Privoxy config file (/ 
> Library/Privoxy/config). You can comment out the "forward-socks4a /  
> localhost:9050 ." line to turn off Tor completely, or you can add  
> lines below that to keep certain hosts from going through Tor. For  
> example, I have the following lines in my config:
>
> forward-socks4a / localhost:9050 .
> forward   192.168.1.1 .
> forward   160.79.128.22 . # Digitally Imported streaming music
> forward   swcdn.apple.com . # Apple system updates downloads
> forward   kh.google.com   . # Google Earth
> forward   mail.google.com:443   . # Gmail
> forward   en.wikipedia.org .
>
> /jgt
> -- 
> http://tamboli.cx/
>
>
> ---------------------------------------------------------------------- 
> -----------------
> Wanadoo vous informe que cet  e-mail a ete controle par l'anti- 
> virus mail.
> Aucun virus connu a ce jour par nos services n'a ete detecte.
>
>
>



From huber at paradoxical.net  Thu Jan 26 18:29:20 2006
From: huber at paradoxical.net (Josh)
Date: Thu, 26 Jan 2006 13:29:20 -0500
Subject: dynamically changable options in torrc?
Message-ID: <87ek2uderj.fsf@callisto.paradoxical.net>

Is there a list of what options may be changed without restarting
the tor process? (i.e., change and kill -HUP <torpid>)

By experimentation, I've discoverd that the various bandwidth
limiting options are changable.  How about hidden services?

Thanks,
Josh


From grey at unixfu.net  Thu Jan 26 23:30:39 2006
From: grey at unixfu.net (grey)
Date: Thu, 26 Jan 2006 18:30:39 -0500
Subject: OT: user who was trying to use EV-DO card with OpenBSD
Message-ID: <20060126233039.GK13140@fluffy.unixfu.net>

Ok, this is off topic, but I'm trying to find out anyone who has had 
successful experiences with EVDO cards & OpenBSD, and this is the 
closest google hit I could find:

http://archives.seul.org/or/talk/Jul-2005/msg00048.html

Anyone know what this person's email address is so that I could contact 
them directly to see if they got off of the stompbox/linux 
configuration?

I love tor btw - I use it constantly, sorry this is totally off topic.