[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: (FWD) Re: seven bloxortsipt* relays ought *not* to be Valid

     On Thu, 30 Jul 2009 03:02:00 -0400 Roger Dingledine <arma@xxxxxxx>
>[Forwarding since truxton appears not to be subscribed to or-talk. As
>for the questions: a) yes, you should upgrade, that version is way old,
>and b) check out
>----- Forwarded message from owner-or-talk@xxxxxxxxxxxxx -----
>Date: Wed, 29 Jul 2009 23:24:31 -0700
>From: Truxton Fulton <truxton@xxxxxxxxxxx>
>To: grarpamp <grarpamp@xxxxxxxxx>
>Cc: or-talk@xxxxxxxxxxxxx, support@xxxxxxxxxxx
>Subject: Re: seven bloxortsipt* relays ought *not* to be Valid
>On Thu, 30 Jul 2009 02:10:34 -0400
>grarpamp <grarpamp@xxxxxxxxx> wrote:
>> >  "bloxortsipt":
>> the more eyes on the nodes the better.
>> >         a) are running an obsolete version of tor ( under
>> > LINUX,
>> not good, for them at least.
>> >         b) publish identical ContactInfo "1024D/E5712ECF IPT Support
>> neither good/bad
>> >         c) are *NOT* listed as a family, so your client might well
>> > build a
>> not good
>> >  I recommend that all relay operators concerned about security in
>> > tor do likewise.
>> umm, or or-talk people, ahem, could just say hi to them first, they
>> might just need a few pointers :)
>Thanks for the heads up.
>Is (a) not good because of a security hole?  I will upgrade.
>I dont understand about (c).  All my "bloxortsipt" nodes are
>related, although they are geographically distributed, why/how
>should they be listed as a family?
>----- End forwarded message -----
     Thanks for forwarding that message to the list, Roger.  I hope Truxton
will stay better informed and up to date from now on.  I will check the
directory in a few days to see whether it is yet safe to remove his nodes
from my ExcludeNodes list.
     FWIW, I went through the entire portion of that list devoted to nodes
running very obsolete versions of tor several hours ago.  I'm happy to
report that around 15 - 20 of them--I didn't think to keep count until too
late to do so--have switched to versions of tor that are on the list of
server-versions distributed by the authorities since the time many moons
ago that I went through the directory looking for nodes that were very
obsolete and probably unsafe to use.  It was still disheartening, to see
that most the nodes on the list could not be removed because they either
were not currently listed in the consensus or directory or were still
running 0.1.x.x versions. :-(
     I have not yet taken the time to go through the full directory again
to find new nodes that ought to be added to the list, but I should think
that there wouldn't be many because nodes that weren't in the directory
at the time I produced the first list are probably new nodes and thus
would likely have been set up with 0.2.x.x versions anyway.  The handful
of obsolete 0.2.x.x nodes from my original list appear to have all upgraded
since that time.  (Yay!:-)  Any 0.2.x.x nodes that are really obsolete are
probably in the 0.2.0.x series, so I'll try to take a closer look at those
when I can find the time (and patience:-) for it.

                                  Scott Bennett, Comm. ASMELG, CFIAG
* Internet:       bennett at cs.niu.edu                              *
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *