[tor-talk] Tor no longer works with win2K ??

Sun Nov 13 23:15:08 UTC 2011

Sebastian Hahn wrote:
> I'll pretend you didn't insult me and the rest of the Tor dev team, and
> try and get your question answered. I've snipped the useless
> allegations.
>
>   

I made no allegations WHAT SO EVER, I asked questions, that was all. I 
seem to have hit a raw nerve.

> On Nov 12, 2011, at 12:52 PM, Anon Mus wrote:
>   
>> Jacob Appelbaum wrote:
>>     
>>> On 11/10/2011 02:39 AM, Anon Mus wrote:
>>>       
>>>> I got a message to upgrade my Tor version..
>>>>
>>>> Nov 10 10:20:45.953 [Warning] Please upgrade! This version of Tor
>>>> (0.2.1.30) is obsolete, according to the directory authorities.
>>>> Recommended versions are: 0.2.1.31,0.2.2.34,0.2.3.6-alpha,0.2.3.7-alpha
>>>>
>>>> But (as before) the latest versions of the expert install do not work.
>>>>
>>>>
>>>> Here's the stable..
>>>>
>>>> Nov 10 10:17:10.093 [Notice] Tor v0.2.2.34 (git-c4eae752f0d157ce). This
>>>> is experimental software. Do not rely on it for strong anonymity.
>>>> (Running on Windows 2000 Service Pack 4 [workstation])
>>>>         
>>> Just as a general warning, I suspect the Random Number Generator on
>>> Windows 2000 is not so great. I would seriously consider installing a
>>> recent Operating system or booting a tails live CD.
>>>
>>> All the best,
>>> Jacob
>>>
>>>  
>>>       
>> As I understand it the random number generator in win2k is the same as the one in WinNT, Win2003, WinXP and Windows Vista.
>>
>> http://www.theregister.co.uk/2007/11/13/windows_random_number_gen_flawed/
>> http://www.computerworld.com/s/article/9048438/Microsoft_confirms_that_XP_contains_random_number_generator_bug
>> http://www.segobit.com/rng.htm
>>
>> Does this mean support for these Windows OSes is also to be withdrawn?
>>     
>
> Nobody said anything about withdrawing support because of this.

NOTE: I made no such statement, I asked the question, "was it still 
supported?", DON'T put words into someone else's mouth so YOU can make 
FALSE allegations.
>  Note
> that Jake spoke of suspicion.

Yes the "suspicion" as you call it (I would say it was advice/excuse), 
is well documented, Israeli (Mossad??) researchers published the 
weakness, its also in WinXP's that have not been updated.

To let people know to update would have been sensible considering how 
"Jake" was so concerned about it.

But REALLY, the attack requires access to the machine and must be on one 
that is kept  running 24/7 (frequent reboots defeat the attack), I boot 
my Win2k every time I use Tor via it.. I don't run a Tor node nowadays 
so its no a risk to others. But of course there may be WinXP (not 
updated) Tor nodes out there who are, but you seem to be unconcerned 
about that, otherwise you'd have seen my point about alerting the Tor 
community to update their WinXPs, wouldn't you.

>  Recommending against the use of Operating
> Systems that have reached their end of life and no longer have security
> support is also just common sense, and it isn't surprising that WinNT
> or WinXP pre-SP have extremely bad security problems. Does this really
> surprise you at all?
>   

I think I've covered most of this above.

Win2k is still a fairly popular OS (0.17%), when compared with most 
versions of Linux (e.g. Ubuntu > 0.1%) where all the versions of Linux 
have only 1.2%. (one seriously wonders why so much effort goes into the 
support for that OS.

Win2K is also very stable. I love using it, and it has my old dev stuff 
on it (I still have Win98, WinNT, WinSBS PC's and even Win95, Win 3.x & 
OS2 on disk).

Blah..  Snip because its OT argumentative..
>> Perhaps you can ensure a full explanation is placed a warning on the Torproject web site otherwise lots of users will be using Windows operating systems which are vulnerable.
>>     
>
> It's not entirely clear what the implications are, from what I understand.
>
>   
Uhhh ??, so why would "Jake" write Tor-talk a message like that?
>> Obviously my questions are still NOT being answered, I QUOTE,
>>     
>
> Maybe that is because you demand a fully qualified answer within six
> hours, while you fail to provide a good bug report?
I asked my question on the 10/11/2011 at 10:39 , get your facts straight 
before you make such slanderous allegations.
>  Typically, bugs
> get reported to https://bugs.torproject.org, where the developers
> actually expect them.
>
>   
I was not reporting the bug as such, I was asking if (as there was a bug 
and at the same time my old running version was telling me it needed 
replacing), it was being supported still, but I got curious replies, so 
I asked why, simple.

>> I re-iterate, can I get a reply from someone on the tor dev team about this ERROR and whether Win2k is being supported now or not?
>>     
>
> Here's the reply from someone on the tor dev team: "Exciting! It seems
> you've found a bug on Windows 2000 systems, we should totally debug that
> and see if we can get it fixed! Unfortunately, we don't have a windows
> 2000 system around to debug this ourselves, and this is the only report
> we've gotten about trouble so far. Please try and provide more input
> about your system, the other software that you run, and if you have any
> experience debugging software so we may help you get this issue
> resolved.
>
>   
Perhaps you should have tested to see if it at least ran (sigh up) first 
(as is normal release practise) BEFORE you released it for use as 
stable, no?

Otherwise you should not have released it for use on Win2k, it is highly 
unprofessional, after all the Tor project is getting paid Tax Dollars to 
develop it, and its certainly NOT being developed for free, just free to 
use.

> If we have to conclude that the expert Bundle doesn't work on Windows
> 2000 anymore for whatever reason, I'm afraid we'll have to drop support
> for it unless someone else steps in to provide the necessary fixes."
>
>
>   
It sounds like, sadly, you'll never know if it does or not, so why not 
just remove the claim that it still works on Win2k (with all SP's and 
rollups)?

I have a more "professional" solution to suggest, if you cannot get 
yourselves a copy of Win2k (all updates are still on MS site) from ebay 
(you'll need a pc with a boot manager also).

Try pointing me to the place (exact link - I don/t want access to dev 
suite/tools/sources) where I can download all the unstable tor.exe's 
that have been produced since the stable version that I am running 
(which still works - just), see my original post for details. Then I can 
test the exe's and  let you know where it changed to fail with this 
error message. Then you can do a diff on the code and take a look if you 
can fix.

Personally. I don't give a fig what you do, but I do expect software to 
work with the OSES it says it should work on and as a user I don't 
expect to be dissed about by dev teams.

Jo