[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: gratuitous change blocks upgrade to :-(

     On Fri, 10 Sep 2010 04:40:02 -0400 Roger Dingledine <arma@xxxxxxx>
>On Fri, Sep 10, 2010 at 03:27:01AM -0500, Scott Bennett wrote:
>> >Yup, that's the actual behaviour. Good thing we added the warn,  
>> >otherwise
>> >it might have gone unnoticed longer.
>> >
>>      Wow.  This is a scandalously bad situation.  Is there any chance
>> that it will get a high priority for being corrected *soon*?  Please??
>This excludenodes thing has been no end of trouble. The root problem is
>that it's a feature that absolutely none of the developers use.
>I wonder if that means there are similar problems with other features
>that no developers use.
>In any case, Sebastian started a trac entry for this one:
>wherein he starts out by listing a reason that we shouldn't fix it.
>Please add more pros and cons to the trac entry.

     I'll see if I can do that over the next couple of days.  The old
system wouldn't let me do anything beyond simply looking at trouble
     Meanwhile, a quick tally through my Exclude* lists shows 10 that
were reported to be run by a federal agent of some sort and were not
listed as a Family at the time, 2 impersonators of blutmagie, 1 that
illegitimately claimed to be a directory authority, a group of 10 not
listed as a Family that also inserted text into exit streams on port
80, 11 others that inserted text into or substituted their own web pages
for port 80 exit streams, 8 that consistently truncated image files,
1 that redirected port 80 streams to a spyware page, 1 that allowed DNS
hijacking, 1 that censored exits to certain IP addresses and/or ports
instead of defining its ExitPolicy correctly, 3 that falsified SSL
certificates into exit streams for MITM attacks, ~90 that ran very
obsolete (e.g., 0.1.x.x, 0.2.0.x) tor software lacking oodles of security
fixes, and 31 excluded for another reason of my own preference.
     These last two groups are ones that I do review from time to time
to see whether the reason I excluded them has been eliminated, which
would allow their removal from the list.  All of the others, however,
I've excluded for damned good reason, and I have no intention of ever
removing them from the lists.  As you can see, they aren't going to fit
on just one ExcludeNodes line and one ExcludeExitNodes line.
>(I guess the angry rants can stay here. ;)
     I'm still in astonishment, wondering how I can actually exclude the
nodes that should be excluded.  No angry rants from me at this point.

                                  Scott Bennett, Comm. ASMELG, CFIAG
* Internet:       bennett at cs.niu.edu                              *
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/