API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 26th, 2013
47
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 18.09 KB | None | 0 0
raw download clone embed print report
  1. [11:18 AM] <GeKo> mikeperry: Do you already have a branch with the rebased ff24 stuff somewhere?
  2. [11:56 AM] <armadev> microchip_: ok, i'm here a little bit more now. why not contribute your file to suse itself?
  3. [12:00 PM] <mikeperry> GeKo: https://gitweb.torproject.org/user/mikeperry/tor-browser.git
  4. [12:01 PM] <GeKo> thanks
  5. [12:01 PM] <mikeperry> GeKo: I believe that branch builds. Pearl Crescent reported issues with a build that they made using Xcode using that, but they suspect compiler issues
  6. [12:02 PM] <mikeperry> a few patches also havent been rebased yet: https://gitweb.torproject.org/user/mikeperry/tor-browser.git/tree/refs/heads/torbrowser-firefox24.0:/BADPATCHES
  7. [12:15 PM] <arlolra> armadev: https://check2.torproject.org/cgi-bin/TorBulkExitList.py?ip=123.123.123.123&port=443
  8. [12:18 PM] <StrangeCharm> armadev: You around?
  9. [12:18 PM] <armadev> spiffy. can we run that through sort -n
  10. [12:18 PM] <armadev> strangecharm: i am!
  11. [12:19 PM] <armadev> arlolra: the sort -n suggestion was for you
  12. [12:20 PM] <arlolra> we can
  13. [12:21 PM] <armadev> (the previous bulkexitlist does, and somebody might be relying on that. plus it's easier to tell that it doesn't have duplicates)
  14. [12:21 PM] <armadev> also, great!
  15. [12:21 PM] <armadev> did you see that weasel set up the cron to give you tor's cached dir info? i guess you probably did since this url uses it?
  16. [12:22 PM] <arlolra> yup, using it
  17. [12:22 PM] <armadev> great. and also that you can modify your apache vhost file
  18. [12:23 PM] <arlolra> are you happy with what it says here?
  19. [12:23 PM] <arlolra> https://check2.torproject.org/cgi-bin/TorBulkExitList.py
  20. [12:23 PM] <arlolra> should I update the part about svn to my github repo?
  21. [12:24 PM] <arlolra> anything else you can think of re: that page or https://check2.torproject.org/?
  22. [12:24 PM] <arlolra> otherwise, I think we're good to give it a shot
  23. [12:24 PM] <armadev> https://check2.torproject.org/cgi-bin/TorBulkExitList.py?ip=128.31.0.34%3A443 is what i tried to input into the box
  24. [12:24 PM] <armadev> it didn't like my input :)
  25. [12:25 PM] <arlolra> doesn't on check either .. I think you need &port=
  26. [12:25 PM] <arlolra> should it support that syntax?
  27. [12:25 PM] <armadev> well, how do you use the box to put the port of your service?
  28. [12:25 PM] <armadev> (i agree that it's not obvious on the original either)
  29. [12:26 PM] <arlolra> can you do that on the original?
  30. [12:26 PM] <arlolra> I don't think so ... but I agree that there should be an easier way
  31. [12:28 PM] <armadev> "we do keep a cache of answers for all queries made" is this still true on your new script?
  32. [12:30 PM] <arlolra> no. we played with some caching mechanisms but it's plenty fast as is
  33. [12:30 PM] <GeKo> mikeperry: Okay, that should be fine. I'd like to build a TBB3.0 with esr24 as I might have a (simple) fix for #9783 which is not working with esr17.
  34. [12:31 PM] <armadev> sounds like we should remove that sentence then :)
  35. [12:31 PM] <armadev> but yes, sounds great, i think we're all set for a switchover. what did you have in mind?
  36. [12:36 PM] <arlolra> armadev: sorry, cut out. sounds good
  37. [12:58 PM] <mikeperry> GeKo: So we have a build that matches for a commit btw. I suppose we should try to release it and then do another release shortly after with your Windows fix and a torbutton hack to watch for this XPCOM issue
  38. [12:58 PM] <GeKo> mikeperry: Sounds good to me.
  39. [12:59 PM] <GeKo> If you create a tag I'll start building it tomorrow.
  40. [1:00 PM] <GeKo> (or just tell me the commit you want to use)
  41. [1:00 PM] <mikeperry> oh, let me tag a new torbutton release for the startpage change
  42. [1:00 PM] <GeKo> sure
  43. [1:04 PM] <GeKo> mikeperry: Btw #9790 is really, really scary. I never thought that such cross-extenion influencing would be possible...
  44. [1:05 PM] <GeKo> so, having something that screams at the user when such central components are not working would be neat
  45. [1:07 PM] <Lunar^> mikeperry: you should close #8839 :)
  46. [1:11 PM] <mikeperry> GeKo: Oh wow, that's the same bug as #9763
  47. [1:11 PM] <GeKo> mikeperry: No.
  48. [1:11 PM] <GeKo> cache isolation is working fine even if the component is not loading
  49. [1:12 PM] <mikeperry> not for me
  50. [1:12 PM] <GeKo> that's interesting
  51. [1:12 PM] <mikeperry> it's broken by the startup pref being in the wrong state
  52. [1:12 PM] <GeKo> could you try if my workaround is fixing the issue for you as well?
  53. [1:13 PM] <GeKo> if so convince the HTTPSE-people to catch their exception and you are done :D
  54. [1:13 PM] <mikeperry> we created that exception by disabling ctypes
  55. [1:14 PM] <microchip_> armadev: i just inspected the tor package on the suse build service. They have indeed added a systemd file
  56. [1:14 PM] <GeKo> mikeperry: yes, exactly.
  57. [1:14 PM] <mikeperry> so I am thinking this means for thi 17.0.9 build we just re-enable it
  58. [1:14 PM] <mikeperry> since not having cache isolation is superbad
  59. [1:14 PM] <GeKo> yes
  60. [1:14 PM] <mikeperry> and we can fix the ctypes issues later
  61. [1:15 PM] <microchip_> armadev: the reason i wrote my systemd file is because i package tor in my home repo as suse is often late in providing up to date tor packages, so i wasn't aware they have added a systemd file
  62. [1:26 PM] <arlolra_> hmm, how come this relay has a running flag and yet status says running is false? https://atlas.torproject.org/#details/0FB356FBE623B3F6C8A2CC3CA42E0E7681F72FE7
  63. [1:26 PM] <arlolra_> armadev: sorted https://check2.torproject.org/cgi-bin/TorBulkExitList.py?ip=123.123.123.123
  64. [1:31 PM] <armadev> arlolra: exciting! my guess is that it's not running now, but the last time we saw it in the consensus, it had the Running flag.
  65. [1:31 PM] <armadev> that is pretty clearly a bug in atlas.
  66. [1:31 PM] <armadev> (it can't get into the consensus without having the Running flag.)
  67. [1:32 PM] <wfn> i think that's the case, just wanted to say sth like that - the flags included are from the last available consensus (2013-09-23 15:00:00 in this case), which is not the newest one, hence router is not reported as running
  68. [1:32 PM] <armadev> ah. perhaps that's because Properties refers to the last consensus stanza we have for it,
  69. [1:32 PM] <wfn> i wonder what atlas should do - it makes sense to report latest available flags; problem is, the name "Running" has a certain meaning to it that can confuse people, i guess
  70. [1:33 PM] <armadev> and Status refers to ... but i bet the Uptime is from...uh.
  71. [1:33 PM] <armadev> right. i think part of the problem is that atlas doesn't tell you *when* each piece of information is from.
  72. [1:33 PM] <wfn> yeah, that'd be useful, hm
  73. [1:33 PM] <armadev> i bet Uptime would do better if it were "Uptime (as of 17 hours ago"
  74. [1:34 PM] <wfn> not familiar with atlas' code, but yeah that'd help, hm
  75. [1:34 PM] <armadev> and similarly, "Flags (as of x ago)"
  76. [1:34 PM] <armadev> wfn, can i ask you to file a ticket for this feature / bugfix?
  77. [1:35 PM] <wfn> armadev: okay, will do :)
  78. [1:35 PM] <armadev> thanks!
  79. [1:35 PM] <wfn> armadev: likewise with rndm's tool: http://globe.rndm.de/#/relay/0FB356FBE623B3F6C8A2CC3CA42E0E7681F72FE7
  80. [1:35 PM] <wfn> 'Running' flag reported, but not the consensus from which it was extracted
  81. [1:35 PM] <wfn> okay, will file in couple of h or sooner
  82. [1:36 PM] <armadev> looks like it, yes
  83. [1:37 PM] <arlolra_> interesting. I ask because the current check has that relay in the bulk list but since it's not in the consensus, check2 isn't reporting it
  84. [1:37 PM] <armadev> ah yes
  85. [1:37 PM] <armadev> i forgot that feature
  86. [1:37 PM] * armadev plays some more circus music as he multitasks in too many directions
  87. [1:37 PM] <armadev> so, here's the issue. if your relay falls out of the consensus briefly, but clients have the consensus from two hours ago, and they use the relay and exit from it,
  88. [1:38 PM] <armadev> and check.tp.o says "nope, not an exit!"
  89. [1:38 PM] <wfn> ooh
  90. [1:38 PM] <armadev> then people will be surprised.
  91. [1:39 PM] <armadev> the general shape of the solution so far has been "if we would have listed it in any of the last n consensus periods" where n is typically 16 or something
  92. [1:39 PM] <wfn> ideally, the "fresh_until" field in consensuses should be used to decide whether exit addresses in that particular consensus are valid, i suppose?
  93. [1:39 PM] <armadev> a related issue is: if you're a relay and you stop being a relay, odds are not bad that you'll show back up pretty soon. so if we stop listing you, when you come back, you'll be a false negative. better to be a false positive for a short time period instead.
  94. [1:40 PM] <wfn> i.e., won't tor clients refuse to use an outdated consensus, where outdated means "more fresh than valid_until / fresh_until" (not sure of field name)
  95. [1:40 PM] <armadev> wfn: tor clients will continue to use a consensus they have for 24 hours, even if it's out of date, if they can't get a better one
  96. [1:40 PM] <wfn> oh. hm.
  97. [1:40 PM] <armadev> this is both a bug and a feature
  98. [1:40 PM] <armadev> the 'feature' side has won out so far, since it makes the network not break if a few directory authorities fall over briefly
  99. [1:41 PM] <armadev> (when phrased like that, it seems like a pretty important feature)
  100. [1:41 PM] <wfn> yeah, it'd make sense to me (total newcomer) at least for sure
  101. [1:41 PM] <wfn> can the bulk exit list checker than include all exit addrs in the last 24h maybe?
  102. [1:42 PM] <arlolra_> it can if that's the right solution .. which it seems to be
  103. [1:43 PM] <armadev> unless we can produce a better solution
  104. [1:43 PM] <armadev> also, the main check.tp.o should probably use the same list
  105. [1:45 PM] <armadev> isn't this exciting? all these changing requirements? :)
  106. [1:45 PM] <armadev> someday somebody should write up a description of how the check algorithm behaves, and should behave
  107. [1:45 PM] <armadev> wfn: if you could open a ticket for that too, assuming you want to help answer it, that'd be grand
  108. [1:46 PM] <arlolra_> Rym wrote some docs
  109. [1:46 PM] <arlolra_> https://github.com/arlolra/check/blob/master/docs/ABOUT.md
  110. [1:46 PM] <smallproblem> I think I have a repoducable quirky bug.  The latest vidalia relay bundle for windows on windows xp, if you're running vidalia/tor and open notepad, a shortcut to torrc is created
  111. [1:46 PM] <wfn> armadev: of course, very glad to help, will do!
  112. [1:47 PM] <armadev> smallproblem: open notepad for anything? or for torrc?
  113. [1:47 PM] <smallproblem> start--> run--> notepad
  114. [1:48 PM] <smallproblem> that's it, not opening a file or anything
  115. [1:49 PM] <armadev> smallproblem: exciting. can you help track it down? i fear it is unlikely to be solved otherwise.
  116. [1:50 PM] <armadev> smallproblem: step one is to open a ticket for it on trac
  117. [1:52 PM] <armadev> arlolra: the broader question here is: what are likely false positives and false negatives, and which ones are worse when they occur?
  118. [1:52 PM] <armadev> right now we have check.tp.o telling tbb users "you're not using tor!" and it's a lie
  119. [1:52 PM] <armadev> that's a pretty bad false negative
  120. [1:52 PM] <Lever> armadev : no one answer me
  121. [1:53 PM] <armadev> lever: still. here is bad.
  122. [1:53 PM] <smallproblem> ok, send me that info again, i was trying to reproduce the issue on win7, \
  123. [1:53 PM] <armadev> > smallproblem: exciting. can you help track it down? i fear it is unlikely to
  124. [1:53 PM] <armadev> +be solved otherwise.
  125. [1:53 PM] <armadev> > smallproblem: step one is to open a ticket for it on trac
  126. [1:53 PM] <smallproblem> open ticket how?
  127. [1:53 PM] <wfn> armadev: i'm not sure which component the second ticket (exit list strategy, check{1,2}.tp.o) should be filed under. i suppose it doesn't have to do anything directly with tordnsel, etc.? or does it?
  128. [1:53 PM] <armadev> smallproblem: bugs.torproject.org, make an account, new ticket
  129. [1:53 PM] <wfn> arlolra: i guess you're not using the exit lists provided? https://metrics.torproject.org/data.html#exitlist
  130. [1:54 PM] <armadev> wfn: i'd go with component Check
  131. [1:54 PM] <armadev> (if there is one)
  132. [1:54 PM] <wfn> agh! there's "Tor Check" - missed that one
  133. [1:54 PM] <armadev> wfn: i believe arlolra's code takes those exitlists as input. but see also the ticket where they're missing a lot of entries.
  134. [1:54 PM] <arlolra> wfn: we're using the output of TorDNSEL, which produces those
  135. [1:54 PM] <wfn> ok, ok [absorbing new info]
  136. [1:54 PM] <wfn> thanks
  137. [1:55 PM] <smallproblem> hold on
  138. [1:55 PM] <arlolra> armadev: ok, so err on the side of telling tbb users they are using tor
  139. [1:56 PM] <armadev> i think so. i guess the false positive side is when an exit relay operator loads this page in her safari.
  140. [1:56 PM] <arlolra> in #9204 B) ... For users who want to consider all relays in the past n hours, this script should be able to handle reading multiple consensus files (ideally just by concatenating them before they go in).
  141. [1:56 PM] <armadev> another false positive side is if your neighbor ran an exit relay, and then the dynamic IP game happened and you inherited her IP
  142. [1:56 PM] <wfn> or, a tor relay is running in a large local network / e.g. uni network.. :(
  143. [1:57 PM] <armadev> wfn: ah yes, another one is if you're behind a nat and share it with an exit
  144. [1:57 PM] <armadev> arlolra: oh good, i did write about this problem in #9204 then. :)
  145. [1:57 PM] <armadev> s/write about/hint at/
  146. [1:59 PM] <wfn> so, uh, did anyone think about the totally insane and probably non-scalable idea of providing a 'paranoid tor check' service which would attempt to establish a circuit to/through a given exit adderss, and then immediately report results in http response?
  147. [1:59 PM] <wfn> though, uh, that still doesn't solve the 'large local network' problem, so eh
  148. [1:59 PM] <armadev> that wouldn't be a complete solution, right, since exits can be multihomed?
  149. [1:59 PM] <armadev> and since that
  150. [1:59 PM] <wfn> indeed, indeed..
  151. [2:00 PM] <wfn> bugger.
  152. [2:03 PM] <armadev> wfn: sounds like a good opportunity for somebody to write up all the pros and cons, so the next conversation goes easier.
  153. [2:03 PM] <armadev> the right answer for tbb is for tbb to check itself. that's what tbb 3.0 does. it doesn't use an external website (which, heck, could lie to it).
  154. [2:03 PM] <smallproblem> @armadev here's the ticket!  see: https://trac.torproject.org/projects/tor/ticket/9808
  155. [2:04 PM] <wfn> oh, right! forgot about that, hey that's great.
  156. [2:04 PM] <armadev> for example, imagine the following attack. alice is not using tor, and has an adversarial network. she asks for check.torproject.org. her attacking network notices that, and redirects her request through tor, so that a) she gets the right ssl cert for check.tp.o, and b) check says she's using tor.
  157. [2:04 PM] <armadev> but the adversarial network doesn't redirect anything else. or redirects everything but a few things.
  158. [2:06 PM] <wfn> and this is trivially possible even when she's making an https request from the beginning?
  159. [2:06 PM] <smallproblem> alright guys, thanks so much.  I'm going back to working on other stuff.
  160. [2:06 PM] <armadev> wfn: yes, i think so
  161. [2:06 PM] <armadev> smallproblem: thanks. i think you may actually have the bug backwards -- i wonder if the relay bundle tries to make the shortcut always, and it doesn't show up sometimes.
  162. [2:06 PM] <wfn> yes, that sounds bad. i mean, elaborate model of evil, but that's not good for sure.
  163. [2:07 PM] <armadev> arlolra: in general, the question for torbulkexitlist, especially if external services are going to cache their answer for a while, is "what list shall i give them that accurately predicts the right answer for x hours into the future?"
  164. [2:07 PM] <smallproblem> @armadev why would relay bunde want to make a shortcut to torrc?
  165. [2:07 PM] <smallproblem> that makes no sense
  166. [2:07 PM] <armadev> to help you edit it?
  167. [2:08 PM] <armadev> i dunno. these bundles are nearly unmaintained.
  168. [2:09 PM] <smallproblem> But you can do that inside Vidalia anyway.  creating an all users shortcut on the start menu to my account's specific torrc user is silly.
  169. [2:09 PM] <wfn> to add to the circus, re: atlas flag confusion, thing is, the onionoo backend is basically reporting that same info:
  170. [2:09 PM] <wfn> https://onionoo.torproject.org/details?lookup=0FB356FBE623B3F6C8A2CC3CA42E0E7681F72FE7
  171. [2:09 PM] <wfn> *but* it is implied that those flags are coming from the last consensus available (hopefully i'm not mixing things up, but i think they are.)
  172. [2:09 PM] <wfn> on its part, atlas could simply add a warning icon or whatnot to the flags if it sees that running=false as reported by onionoo. if it's more complicated than that, then it might require karsten's intervention. i'll write this in the ticket, end of wall of text
  173. [2:09 PM] <mttpgn> Sherief: I added something about the Cyberoam firewall to Tor Weekly News. Can you see if there's anything you'd like to add?
  174. [2:09 PM] <armadev> the feature to edit the torrc from inside vidalia is a) quite new, and b) mostly broken
  175. [2:10 PM] <smallproblem> oh well.
  176. [2:10 PM] <Sherief> mttpgn: Will check it right now, I should've done it my self so thanks a bunch :)
  177. [2:10 PM] <armadev> wfn: that "last_seen" line looks important
  178. [2:10 PM] <armadev> (in onionoo)
  179. [2:11 PM] <wfn> yeah, it's the same that you saw when you linked to metrics relay info page about turtles - last consensus this was present in.
  180. [2:11 PM] <wfn> i've reimplemented these parts in my backend as well:
  181. [2:11 PM] <wfn> http://ts.mkj.lt:5555/details?lookup=0FB356FBE623B3F6C8A2CC3CA42E0E7681F72FE7
  182. [2:11 PM] <wfn> http://ts.mkj.lt:5555/statuses?lookup=0FB356FBE623B3F6C8A2CC3CA42E0E7681F72FE7&condensed=true
  183. [2:12 PM] <wfn> the same that you saw - semantically the same meaning
  184. [2:12 PM] <helix> smallproblem: thanks for reporting 9808. wtf.
  185. [2:12 PM] <smallproblem> @helix, you're welcome.
  186. [2:13 PM] <smallproblem> @helix I thought I got hacked
  187. [2:13 PM] <helix> I haven't seen this on win7 but I'll see if I can find an XP to check it out with
  188. [2:14 PM] <helix> is winxp your normal OS?
  189. [2:14 PM] <smallproblem> somewhat
  190. [2:15 PM] <Sherief> mttpgn: I have nothing to add, Thanks again.
  191. [2:16 PM] <smallproblem> I use linux and win7, it only happens in winxp
  192. [2:16 PM] <arlolra> armadev: alright, well, I'll start by implementing the current solution. doesn't seem like a bad predictor
  193. [2:17 PM] <arlolra> and seems straightforward with what we have
  194. [2:17 PM] <mttpgn> Sherief: great. I tried to find something on the support mailing list about it, but I didn't see it. Did you summarize this issue on any of the mailing lists
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!