tor-dev March 2015

tor-dev@lists.torproject.org

76 participants
78 discussions

Draft report on where to focus testing efforts and modularization efforts in Tor
by Nick Mathewson 26 Mar '15

26 Mar '15

0. Summary I've got some end-of-month deliverables to try to figure out how Tor fits together to identify the most important areas to test, the hardest areas to test, and the best ways to modularize Tor in the future. Here's my current draft. Some of these ideas are half-baked; many will need more rounds of revision before they can be acted on. For more information see tickets #15236 and #15234. 1. Testing Tor: Where we should focus 1.1. Let's focus on complicated, volatile things. These functions are the highest in length and in complexity: circuit_expire_building parse_port_config run_scheduled_events connection_ap_handshake_rewrite_and_attach options_act networkstatus_parse_vote_from_string connection_dir_client_reached_eof directory_handle_command_get networkstatus_compute_consensus options_validate If we focus on the number of commits that have code still live in a function, we have: circuit_expire_building parse_port_config run_scheduled_events connection_ap_handshake_rewrite_and_attach options_act networkstatus_parse_vote_from_string connection_dir_client_reached_eof directory_handle_command_get networkstatus_compute_consensus options_validate And if we want to focus on average commits per line of code in a function, weighted in various ways, these ones stand out: add_stream_log_impl connection_close_immediate connection_connect_sockaddr connection_dir_client_reached_eof connection_edge_destroy connection_exit_begin_conn connection_handle_write_impl consider_testing_reachability directory_info_has_arrived init_keys options_act options_validate router_add_to_routerlist router_dump_router_to_string tor_free_all router_rebuild_descriptor run_scheduled_events If we focus on how many changes have *ever* been made to a function, we get these as the top offenders: router_rebuild_descriptor onion_extend_cpath directory_handle_command dns_resolve assert_connection_ok connection_handle_write connection_handle_listener_read dns_found_answer circuit_extend main connection_edge_process_inbuf connection_ap_handshake_attach_circuit config_assign init_keys circuit_send_next_onion_skin connection_dir_process_inbuf prepare_for_poll connection_exit_begin_conn connection_ap_handshake_process_socks router_dump_router_to_string fetch_from_buf_socks getconfig run_scheduled_events connection_edge_process_relay_cell do_main_loop No single list above is uniquely the right one to focus on; instead, we should probably use them in tandem to identify areas to work on. 1.2. What will be hardest to test? The entire "blob" described in section 2.1 below should be considered hard-to-test because of the number of functions reachable from one another. Removing some of this callgraph complexity will help us test, but it's not completely trivial. See Appendix A for a list of functions of this kind. 2. Untangling Tor: Modules and You If you've done a software engineering class, you probably got taught how to diagram the modules or layers of a software project. I tried this with Tor back in 2005 and my head spun; things have not gotten easier since then. Looking at Tor's call graphs tell us a lot about our issues with modularizing Tor. In the abstract, we'd like to divide Tor into layers and modules, with most modules only calling a few others, and the "central" functions limited to as little code as possible. This will make modules more independent and help us test them in isolation. This will also help us with future design ideas like splitting Tor into separate processes for testing or security or robustness purposes. 2.1. Fun with callgraphs I did some analysis of Tor's callgraph to figure out where we stand today. About 27% of the functions that tor calls (internally and externally) can reach only 10 or fewer other functions that Tor knows about. About 82% can reach a smaller portion of Tor. Then there comes a block of functions that can reach _nearly every other function_ in the block, or in Tor. They are all reachable from one another. There are about 450 of these, or 11% of the functions in Tor. I'll call them "The Blob." Finally, there are functions that can reach the Blob, and all the functions that the Blob calls, but which are not themselves part of the Blob. These are about 100 functions, or 2% of the functions in Tor. Breaking up the Blob is a high priority for making Tor more modular. So, how can we do that? * Let's start by looking at which functions, if they were made unnecessary, or if they stopped calling into the Blob, would remove the most other functions from the Blob. * Let's also start by hand-annotating the Blob with a list of functions that logically shouldn't be part of the Blob, and then seeing what they call that pulls them into the Blob. Here are some preliminary results for the best functions to try to remove from the Blob, and some antipatterns to avoid: * The following functions pull many, many other functions into the Blob: control_event_* router_rebuild_descriptor_ directory_fetches_from_authorities *mark_for_close* *free *free_ If we could stop them calling back into the blob, we would shrink the blob's size down to 254 functions, and reduce the number of outside functions calling into the blob to 74. Also worth investigating is seeing whether to remove the call from 'connection_write_to_buf_impl_' to 'connection_handle_write', and the call from 'conection_handle_write_impl' to 'connection_handle_read'. Either of these changes reduces the number of functions reachable from blob functions severely, and shifts many functions from Blob-members to Blob-callers. Finally, these might be more work to unblob: 'connection_or_change_state' 'tor_cleanup' 'init_keys' 'connection_or_close_for_error' But doing so would take the blob down to 60 functions, with the blob-callers to 118. * Many functions that are meant to simply note that an event has occurred, so that some work must happen. We could refactor most of these to instead use a deferred callback type, rather than invoking the functions that call the work directly. This would also help us decouple Blob functions from one another. * I have the blob functions listed in Appendix A.1, with the ones that would still in the blob after the changes above listed in Appendix A.2. 2.2. Separating modules into processes and libraries; module-level APIs. Let's imagine this architecture: Tor runs as a series of conceptually separate processes that communicate over a reasonable IPC mechanism. These processes correspond to module boundaries; their APIs need to be carefully designed. There is a central communications process that does the work of transferring commands and replies from A to B. APIs would be divided into publish/subscribe types and remote-procedure call types. Modules would be divided into stateful/non-stateful; non-stateful ones could be shared libraries; or if their processing is sensitive, they could be kept in very sandboxed processes. How do we get there? To make the proposal concrete, I suggest for a 0th-order draft that we imagine the following simplified version: * That all src/common modules become shared libraries with no state. * That we divide (or imagine how to divide) the contents of src/or into separate modules, with more clear connections between them. We imagine doing this one part at a time, starting by adding a nice simple publish/subscribe mechanism. * That the controller API be reimagined as a a layer on top of the rest of this. * That any multiprocess version of this be imagined, for concreteness, as ProtocolBufs over nanomsg. (I'm not tied to this particular format/transport combination; just proposing it for concreteness. We would need a transition plan here. I'd suggest that some of the easiest modules to extract first would be voting, rephist, node information management, path selection, directory data, and hidden services. Most of these have the virtue of being more easily testable once they are extracted. Once we have some significant pieces split into libraries, and submodules, we could start doing process-level refactoring, moving towards an architecture built out of processes and parts of these kinds: * Network: Has libevent-driven main loop. Accepts commands in a pool, maybe from a subthread. * Utility: Is just event-driven. Answers requests, gives responses. * Manager: starts up processes as needed and connects them to one another. * Dispatcher: relays messages from where they come from to where they go. Our best next steps in this area, IMO, seem to be to identify one or two key areas and abstractions, and begin isolating them in practice so as to better get a feel for how this kind of transition works, so we can iterate our design. [Appendices in attachment so as to keep this to a reasonable size.]

1 0

Question about estimated number of clients
by Lei Yang 26 Mar '15

26 Mar '15

Hi, I have a question about estimated number of Tor clients. I know that the average number of Tor clients per day for each country is provided on the metrics site, which is a daily basis number. I am curious if I can get a more fine-grained information about how many clients are using Tor per hour for each country? I would like to know the peak number of concurrent users who are using Tor at a given time. Can anyone please give me some clues? Thank you very much! Best, Lei

2 5

Getting visuals out of bridge bandwidth statistics
by George Kadianakis 26 Mar '15

26 Mar '15

Hello, I recently discovered that bridges report detailed bandwidth histories in their extrainfo descriptors. We should think about the privacy implications of these statistics since they are quite fine grained (multiple measurements per day) and some bridges don't have many clients (hence small anonymity set for them). Until then, I decided to visualize a bit those bandwidth histories, to better understand how much bridges are used. This took a bit longer than I expected, so I'm just going to show you some preliminary results. Here is a graph! https://people.torproject.org/~asn/bridges_bureau/bridges_daily_bandwidth.p… To generate this graph, I summed up the reported bandwidth histories of each bridge descriptor to get that bridge's daily consumption. I used the number of *read* bytes, and ignored the number of written bytes. I discarded multiple descriptors of the same bridge and bridges which did not report 24 hours worth of bandwidth history. I started with about 7603 descriptors, in the end the graphs include about 4k bridges. Basically, this graph tells us that only very few bridges see big amounts of traffic. Most bridges are concentrated on the left side of the graph. If you can't see how many bridges contribute big bandwidth because their column is so small, you can use those spikes that come from the bottom of the graph. Each such spike is one bridge. The graph is in megabytes, and its left side is too crowded. Here is another graph that might be cleaner: https://people.torproject.org/~asn/bridges_bureau/bridges_daily_bandwidth_p… This graph was created the same way, but I discarded the 200 highest observations. This makes the left hand side of the graph cleaner. Here we can see that most bridges see less than 50 MBs of traffic per day, and there are even a few hundreds of them who see none or almost none. Unfortunately, this concludes my studies for today. Maybe in the future I will work on this a bit more, and also take in account the pluggable transports that these bridges use as well as how many hours in a day each bridge did not have any activity. Questions and feedback on my methodology are welcome. If people want to work on this, I'm happy to clean up and publish my Python scripts. Cheers!

1 1

Proposal 243: Give out HSDir flag only to relays with Stable flag
by George Kadianakis 24 Mar '15

24 Mar '15

Inlining the proposal written for #8243. Feedback is welcome. Thanks! ------ Filename: 243-hsdir-flag-need-stable.txt Title: Give out HSDir flag only to relays with Stable flag Author: George Kadianakis Created: 2015-03-23 Status: Open 1. Introduction The descriptors of hidden services are stored by hidden service directories. Those are chosen by directory authorities who assign the "HSDir" flag to those relays according to their uptime. It's important for new relays to not be able to get the HSDir flag too easily, because a few correctly placed HSDirs can launch a denial of service attack on a hidden service. We should make sure that a naive Sybil attacker that injects thousands of new Tor relays to the network cannot position herself like this. 2. Motivation Currently, directory authorities give out the HSDir flag to relays that volunteer to be hidden service directories by sending a "hidden-service-dir" line in their relay descriptor, which is the default relay behavior. Furthermore, the HSDir flag is only given to relays that have been up for more than MinUptimeHidServDirectoryV2 hours. MinUptimeHidServDirectoryV2 is a parameter locally set at the directory authorities and it's somewhere between 25 to 96 hours. We propose changing that last requirement, and instead giving the HSDir flag only to relays that have the Stable flag. We believe that this will result in a few benefits: - We stop using the ad-hoc uptime calculation that we are currently doing (see dirserv_thinks_router_is_hs_dir()). Instead, we use the MTBF uptime calculation that is performed for the Stable flag which is more robust. - We increase the time required to get the HSDir flag, making it harder for naive adversaries that flood the network with relays to actually get the HSDir flag. - After implementing non-deterministic HSDir picks (#8244) we also make it harder for sophisticated adversaries to DoS a hidden service, since at that point their main attack strategy is to flood the network with relays. - By increasing the stability of HSDirs, we reduce the misses during descriptor fetching that get caused by natural churn of relays on the list of HSDirs. 3. Specification We are suggesting changing the criteria that directory authorities use to vote for HSDirs to the following: - The relay has included the "hidden-service-dir\n" line in its descriptor. - The relay is eligible for having the "Stable" flag. 4. Security considerations As it currently is, a router is 'Stable' if it is active, and either its Weighted MTBF is at least the median for known active routers or its Weighted MTBF corresponds to at least 7 days. This is stricter criteria than what's required for HSDir, which means that the number of HSDirs will decrease after the suggested changes. Currently there are about 2400 HSDirs in the consensus, and about 2300 of them are Stable, which means that we will lose about 100 HSDirs. We believe that this is an acceptable temporary loss. In the short-term future, the number of HSDirs will greatly improve as more directory authorities upgrade to #14202 and more relays upgrade to #12538. 5. Future Should we give out the HSDir flag only to relays that are Fast? Is being an HSDir a demanding job bandwidth-wise? With the upcoming keyblinding scheme (#8106) and non-deterministic HSDir selection (#8244), are there any other criteria that we should use when assigning HSDir flags?

1 0

Re: [tor-dev] #15060: Decide the fate of MyFamily / prop242 better families
by teor 23 Mar '15

23 Mar '15

> Date: Mon, 23 Mar 2015 09:32:50 -0400 > From: Nick Mathewson <nickm(a)alum.mit.edu> > >> On Mon, Mar 23, 2015 at 8:56 AM, Nusenu <nusenu(a)openmailbox.org> wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA512 >> >> Hi, >> >> I like prop242 [1] because it doesn't "Nuke MyFamily" [2] but replaces >> it with a better approach. "Better" in terms of scalability and >> maintainability. >> >> I don't know of any current 'tools' (except the tor client itself) >> that use MyFamily data but Virgil's [3] gamification website and >> compass group-by family feature [4] would depend on it. >> >> So before spending time on features that depends on an uncertain >> descriptor field, it is probably better to wait till the fate of that >> property (MyFamily) has been decided. >> >> The reason for this email is to find out when that fate will be >> decided upon? (expected answer: before tor 0.2.7.x-final is released) > > I don't know that we have a date here, or a consensus that it ought to > be done. Whether any changes happen in 0.2.7 here is going to depend > on whether we've got a solid answer one way or another on the question > of MyFamily. > > So, what do we think? I'd say that MyFamily is likely to continue to > serve a useful purpose, and that removing it entirely would be > premature given how often people come up with fun new routing and path > selection and guard selection ideas. > > On the other hand, prop242 is a fair bit of work to do, and I don't > know whether it will rise to a high enough priority over all the other > stuff we need to do. And who knows, maybe somebody will come up with > a solid argument in favor of removing MyFamily entirely? It's worth > thinking about. I can think of one good social/technical reason to keep MyFamily or similar feature(s): It provides a useful mechanism for the Tor relay community to distinguish between Sybils, technically capable enthusiastic new operators, and operators who can't/won't maintain their relays. I've seen this sort of communication a few times, but I'm not sure how frequently it happens: Someone says: "Thanks for signing up N Tor relays, please add MyFamily to each of them so we don't choose any of them in the same path." If the operator complies, they become part of the Tor network. If they decline or ignore, they are excluded from the Tor network. It would be a shame to lose such a useful technique for weeding out the bad onions, even if it relies on us finding them in the first place. teor teor2345 at gmail dot com pgp 0xABFED1AC https://gist.github.com/teor2345/d033b8ce0a99adbc89c5 teor at blah dot im OTR C3C57B23 349825DE 929A1DEF C3531C25 A32287ED

1 0

onionoo: grouping families in the backend?
by Nusenu 23 Mar '15

23 Mar '15

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I figured it might make sense to discuss this in a separate thread. > And just in case you were wondering, if you ever have a feature > request for Onionoo, I'd be happy to discuss that. In contrast to > some of its clients, Onionoo itself is actively maintained. Actually I came to the conclusion that it would make sense to move the myfamily grouping to the backend since any other compass grouping is based on onionoo data and not on data "generated" by compass itself (grouping key). The MyFamily grouping takes also a bit CPU time. So "computing" families once per generated details document make a lot more sense than recalculating them in every compass query again. Since the MyFamily is subject to change [1] is also relevant here. [1] https://lists.torproject.org/pipermail/tor-dev/2015-March/008516.html -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJVEBuLAAoJEFv7XvVCELh05MMP/0Gy6zYQLbZtavXL1wdISLMg X/zdJM9+ZysuFkDj2hl0fP1iXfrNCCCvjCOdCYQJXzD5axrvgzPK/Jql1b2J1tO5 m+fbkLla9/KRCukJKYOjmkeoKAuadRDiZvI9LvePuGPrP53ZmlJmh4PT/Iss8Qh+ ndTBIbz1Kl04cBVS8RW08veFIKyzblkd2bJVj6AIlsvRvNybLJdEatgNAJ0YX6Vk ERuWuI65qP40ATFMAmL+IMsrdJ2WVdhpbbFLNkrZfloXt/UlNvFddMKlJ0k3YUkb ZQsFmZUPPv9+gMGx7Rkca94XmleBxMidjAbDVT0Y+SVyC0HxEOa5UsZ099cVu52F Hf2ZHt2E6vSxICoO4lxFEx82BxuaJLvG/+pQcNmUQk+SeBlcYn/W6PIyYV1bs9sh /pLjikLnMEMpNCls5XNc/wtFJtbnfljmsDhYL+R5jCHfUk5s3XmyEuDitenwZ8Qb 3u4qtnusQqLzW0R2bcnA8OV5RU5N12kBmFnki2lZ+m7VKtHCQVgJP8Rpvfg7G0/6 Js36UnNL2ijMNuDJED70PZEPop8kiuSZq6ePI3lYsPaLLRGLmNyHCgFQFRBox4BK ntAiePf2HtQ1kSLM2j5GLrQK5p59ko9xXrQkRBy60M5oVJkl+Rtf/+79W0Nf9f8Y /rcCkyU4s7XqW0UoHMYQ =ly6d -----END PGP SIGNATURE-----

2 5

#15060: Decide the fate of MyFamily / prop242 better families
by Nusenu 23 Mar '15

23 Mar '15

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, I like prop242 [1] because it doesn't "Nuke MyFamily" [2] but replaces it with a better approach. "Better" in terms of scalability and maintainability. I don't know of any current 'tools' (except the tor client itself) that use MyFamily data but Virgil's [3] gamification website and compass group-by family feature [4] would depend on it. So before spending time on features that depends on an uncertain descriptor field, it is probably better to wait till the fate of that property (MyFamily) has been decided. The reason for this email is to find out when that fate will be decided upon? (expected answer: before tor 0.2.7.x-final is released) Nick's statement: > Having some paths with all three nodes in the same family scares > me gives me some hope that it won't go away completely and will allow me to group relays to an operator (as long as the operator decides to configure it). Even in the unlikely event of MyFamily being nuked completely (with no replacement) - I guess it will be some years(?) till you deprecate pre tor 0.2.7 clients? [1] https://trac.torproject.org/projects/tor/ticket/6676 [2] https://gitweb.torproject.org/torspec.git/tree/proposals/242-better-familie… [3] https://lists.torproject.org/pipermail/tor-dev/2014-June/006975.html [4] https://raw.githubusercontent.com/nusenu/misc-files/master/biggest_tor_rela… -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJVEA1hAAoJEFv7XvVCELh0cUYP/jl5EknR8EC9A5KNS9rWR/4J PEOz9u/6ySu4Pn1oDaWw7zjZK3IAzaqTdDenHq4et4U4GmrLG7JaKTdhL3pAmc8W mBNzwgE7FvYDgxKAwbh7fdVS2mD13QyZ6e9SPqdYQiR7WkKF1Ep5omp1HGoyGe4M mPo413K21SvkXGBcIhf62+R20renwTTNQ6G2dWB2wwlcjKoUJ385p7TYeNBbA/Jd NjCSmfAFFX7OeC8XuP/EHdf7+5CZI/SVn5Dq3oxZIpABNl4UdDzHdjRUoXSCEvxh hxpFbp7nozV7++73QUD5ECAFjUe98siKYODSFGb/xBMA9rCm93JKLKPB8iJPy8RO 8+D+qKsK0PFQVpEbbu/Uix2gcg68lTmv/zhHt1vVtT0h13LLtHyTQGQQ1SihcNlS Jv0mSxL3wDCs/yVRVR8r76MOdMAh891rPUzrW0/TxCc6W/LWXsA2ST4xt7zE8RQf LDWqlmSO6813M5vuEXZYFBQ+GsOquTUssPRKc/l1Ik8V628LYDvyfkN8QAJ72MDR HPkc6RGmHUVejpTUa9pcSbol2F96pEZ8XVYCyX3pIRoPiqlq0phnOlctaQFeAyGN 75FfN/GhEW2JDpqmIsD0BQbgcYTHa+qMiRZ8mWE9NRkQKIcDXyOTY7nIt810wbp9 0idgIP01pqKYPzhhaO5h =81G7 -----END PGP SIGNATURE-----

4 3

RFC: Ephemeral Hidden Services via the Control Port
by Yawning Angel 23 Mar '15

23 Mar '15

Hi, The Warning: DO NOT USE MY BRANCH YET, IT HAS HAD MINIMAL TESTING AND REVIEW. IT IS NOT DONE. IT WILL BROADCAST YOUR SECRETS TO THE NSA'S ORBITAL SPACE STATION. Trac Ticket: https://trac.torproject.org/projects/tor/ticket/6411 Branch: https://github.com/Yawning/tor/compare/feature6411 With that out of the way, I've been poking at implementing a way to add hidden services at runtime via the control port. I'm calling this "ephemeral hidden services" because the HS state is not written out to disk, and they disappear when the tor damon is shutdown. Yes, this means that if you run "kittensomgmewmew.onion" and are scared of the NSA's persistent attempts to extract your hidden service key, via ultrasonic laser beamed from their satellites, you could run your tor instance entirely in a ram disk, and load the HS key manually each time from a USB token you wear around your neck. What I've come up with looks like this: ADD_EPH_HS - Adds a new ephemeral hidden service. The syntax is: "ADD_EPH_HS" keytype:keyblob SP 1*(port SP addrPort) CRLF keytype = "RSA1024", "NEW" keyblob = opaque ascii serialized key material, or an algorithm specifier, in the case of "keytype" == "NEW". port = the "VIRTPORT" addrPort = the "TARGET" A hidden service is created using the key and list of port/targets, that will persist till configuration reload or the termination of the tor process. The currently supported keytypes and keyblobs are: "RSA1024" - The keyblob contains the Base64 encoding of the PKCS#1 layout DER representation of a 1024 bit RSA private key. "NEW" - The tor instance should generate a key with the keytype specified in the keyblob parameter. A type of "BEST" will generate a key using the best supported algorithm. Returns: "250-ServiceID=serviceID" - The hidden service's onion address without the ".onion" suffix. "250-PrivateKey=keytype:keyblob" - The newly generated hidden service's private key, if a keytype of "NEW" was specified. "250 OK" - Everything went well. Proper key management, is left as an exercise for the application invoking the controller command. DEL_EPH_HS - Removes an existing ephemeral hidden service. The syntax is: "DEL_EPH_HS" serviceID CRLF serviceID = the hidden service identifier, without the trailing ".onion" suffix The hidden service specified by the given service ID is removed, and the intro points are closed. Existing connections are left as is, and it is up to the application to close them if it wishes to do so. Examples: * Adding a new ephemeral hidden service, with a pre-generated RSA key: > ADD_EPH_HS RSA1024:[Base64 blob] 80 127.0.0.1:8080 < 250-ServiceID=blahblahblahblah < 250 OK Hidden service is reachable at blahblahblahblah.onion:80 * Adding a new ephemeral hidden service, tor generates a new RSA key: > ADD_EPH_HS NEW:RSA1024 22 127.0.0.1:22 < 250-ServiceID=hogehogehogehoge < 250-PrivateKey=RSA1024:[Base64 blob] < 250 OK Hidden service is reachable at hogehogehogehoge.onion:22. At a later date, the value passed back as "PrivateKey" can be used to re-create the hidden service. * Add a new ephemeral hidden service, tor picks the algorithm: > ADD_EPH_HS NEW:BEST 1245 192.168.1.5:23 < 250-ServiceID=hemohemohemohemo < 250-PrivateKey=Ed25519:[Base64 blob] < 250 OK Hidden service is reachable at hemohemohemohemo:23. (nb: Ed25519 key support is not actually implemented yet, and is used as an example of a better algorithm.) * Remove the hidden service configured in the first example: > DEL_EPH_HS blahblahblahblah < 250 OK Note: ADD_EPH_HS can take more than one VIRTPORT/TARGET pair at once, the examples only show one pair for brevity. This does not support `HiddenServiceAuthorizeClient` yet in any way (neither basic nor stealth). It may in the future, but coming up with a sane interface for it is way more pain than I am willing to self-inflict at the moment. Design question that I want feedback on, primarily from control port library maintainers, and authors of applications that use the control port: * meejah suggested that ephemeral hidden services should have their lifetime tied to the originating control port connection. I think this is a good idea, but this would be the only control port command that does this sort of thing. My motivations for strongly considering implementing this is that, I don't think that adding a command to enumerate hidden services is a good idea (SketchORChat has no business in seeing what hidden services JankORFileSharing is using), and that this will automate cleanup in the event of an application crashing, or not removing it's hidden services before terminating. * Does this interface expose enough functionality, in a way that is intuitive and easy to use? (The initial version I was planning on proposing made key generation entirely the application's problem, but nickm convinced me otherwise). Questions, comments, feedback appreciated, -- Yawning Angel

11 28

compass: new group by options: by-contact, by-OS, by-version
by Nusenu 23 Mar '15

23 Mar '15

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Karsten, I added a few new grouping options to compass: - -T --by-contact (#6675) (Maybe we should truncate contacts and remove the undefined) - -O --by-os - -V --by-version (#6855) +expose -N options in html (was implemented but not exposed in gui) https://github.com/nusenu/tor-compass For all output I (mis)used the nick column as a quick solution since it is not used otherwise when grouping. Advertised bw is broken for some time. There is no 'advertised_bandwidth_fraction' (This field was removed from onionoo in November 2014.). Is it ok to change this to observed_bandwidth? (which would be a non fraction item)* ? (The MyFamily lookup is also broken) short commit log: - - add new group by ContactInfo option: by_contact (-T, --by-contact) (quick 'n dirty) - - added new grouping -O, --by-os (all BSDs are merged into one group) - - added new grouping by tor version (-V, --by-version) - - tell app.py about new options (by_version, by_os, by_contact) - - expose -N option in html and fix a missing label tag - - include network data in html output when using -N (uses nick column) - - expose by_version, by_os and by_contact options in HTML - - if it is just one item, display the actual value for AS and CC instead of saying (1) What do you think about it? thanks, Nusenu *) while playing with that I found 3 relays from JP that have a suspiciosly high adv bw: https://atlas.torproject.org/#details/F528DED21EACD2E4E9301EC0AABD370EDCAD2… https://atlas.torproject.org/#details/8901B1D2D4C0D3398C3F8363247B5AABF3136… https://atlas.torproject.org/#details/4EA0464A1B8D4231F176BA2FA1BCBF0A26F12… reminded me of SKKU43: https://lists.torproject.org/pipermail/tor-talk/2014-February/032094.html -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJVCtlTAAoJEFv7XvVCELh0bY0P/1aJyZncqdy47WZM9I7Y1E4a Sg1luXTqi9VlFZhbUJeFrhidLVPSqQYbMw79sKufU2uw/Jcqr0Ro2O48q9Gj7sL8 lDcM4AgFzm1yTedoXqyNAA5+bBeQTAjEgQU1ADYUZvDx2ULmGG4aD6qCuaFoP+3/ kjJ6r92jLOSYpOVdt8FyNc8IZYpbEwQNMKc4A0uZhQV/WVv6vFiOaXHliPdR6m2+ SU+KTqldWppfeezWIalGl3t7HEnz87JOaWrdnQ8fjLKSsqkex2T5E1MClguM4u2o 5ABPxg6uF/izjPv2VEy/hl42RQbLM5SDazM4CLMFN3mQu6Xa4iZ5R8A6iLDgZBj6 zK2wExcxScc58r4Briv5EKUpC9LTgE52DkPkX+TM3i9ktniYQbb/k/cy85nn+ENa WrZ2WDmaMyQXy6kXDCS4U/3gbv1+Dwq82hg372N2fga6hOXsZPFrxV1TwWlMTzp9 MvpaF6/GZsivrjNklteHxvxgcxTyywaKW5QUdFJdeCZnOrDy29iGKIql10xQ7TXa gTC7OTsDCAPiJn8P5xKhEAlVeJmz0zZN7QhbY/ybIc5KWkOoKyYwkT9ysmpS8rOK mapKbuMXvuA3Sg1F1sK9PEUy+D8ZAe+sBjOEHzqILARA6VXsly0rSJkcnhNKNpmL yxSwWe4uWOVXDmVEl7hQ =jGQe -----END PGP SIGNATURE-----

3 7

#if 0 unused functions?
by Sebastian Hahn 23 Mar '15

23 Mar '15

Hi there, we have some functions which we never call anywhere. In many cases, it appears we shouldn't delete them from the source because they "belong" there - the thing I initially stumbled across was ed25519_seckey_write_to_file(), for example. But I also don't see why compiling it and potentially including it in our binary makes any sense. Thoughts? Cheers Sebastian

2 1

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-dev March 2015