[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor no longer works with win2K ??



Sebastian Hahn wrote:
I'll pretend you didn't insult me and the rest of the Tor dev team, and
try and get your question answered. I've snipped the useless
allegations.


I made no allegations WHAT SO EVER, I asked questions, that was all. I seem to have hit a raw nerve.

On Nov 12, 2011, at 12:52 PM, Anon Mus wrote:
Jacob Appelbaum wrote:
On 11/10/2011 02:39 AM, Anon Mus wrote:
I got a message to upgrade my Tor version..

Nov 10 10:20:45.953 [Warning] Please upgrade! This version of Tor
(0.2.1.30) is obsolete, according to the directory authorities.
Recommended versions are: 0.2.1.31,0.2.2.34,0.2.3.6-alpha,0.2.3.7-alpha

But (as before) the latest versions of the expert install do not work.


Here's the stable..

Nov 10 10:17:10.093 [Notice] Tor v0.2.2.34 (git-c4eae752f0d157ce). This
is experimental software. Do not rely on it for strong anonymity.
(Running on Windows 2000 Service Pack 4 [workstation])
Just as a general warning, I suspect the Random Number Generator on
Windows 2000 is not so great. I would seriously consider installing a
recent Operating system or booting a tails live CD.

All the best,
Jacob

As I understand it the random number generator in win2k is the same as the one in WinNT, Win2003, WinXP and Windows Vista.

http://www.theregister.co.uk/2007/11/13/windows_random_number_gen_flawed/
http://www.computerworld.com/s/article/9048438/Microsoft_confirms_that_XP_contains_random_number_generator_bug
http://www.segobit.com/rng.htm

Does this mean support for these Windows OSes is also to be withdrawn?

Nobody said anything about withdrawing support because of this.

NOTE: I made no such statement, I asked the question, "was it still supported?", DON'T put words into someone else's mouth so YOU can make FALSE allegations.
 Note
that Jake spoke of suspicion.

Yes the "suspicion" as you call it (I would say it was advice/excuse), is well documented, Israeli (Mossad??) researchers published the weakness, its also in WinXP's that have not been updated.

To let people know to update would have been sensible considering how "Jake" was so concerned about it.

But REALLY, the attack requires access to the machine and must be on one that is kept running 24/7 (frequent reboots defeat the attack), I boot my Win2k every time I use Tor via it.. I don't run a Tor node nowadays so its no a risk to others. But of course there may be WinXP (not updated) Tor nodes out there who are, but you seem to be unconcerned about that, otherwise you'd have seen my point about alerting the Tor community to update their WinXPs, wouldn't you.

 Recommending against the use of Operating
Systems that have reached their end of life and no longer have security
support is also just common sense, and it isn't surprising that WinNT
or WinXP pre-SP have extremely bad security problems. Does this really
surprise you at all?

I think I've covered most of this above.

Win2k is still a fairly popular OS (0.17%), when compared with most versions of Linux (e.g. Ubuntu > 0.1%) where all the versions of Linux have only 1.2%. (one seriously wonders why so much effort goes into the support for that OS.

Win2K is also very stable. I love using it, and it has my old dev stuff on it (I still have Win98, WinNT, WinSBS PC's and even Win95, Win 3.x & OS2 on disk).

Blah..  Snip because its OT argumentative..
Perhaps you can ensure a full explanation is placed a warning on the Torproject web site otherwise lots of users will be using Windows operating systems which are vulnerable.

It's not entirely clear what the implications are, from what I understand.

Uhhh ??, so why would "Jake" write Tor-talk a message like that?
Obviously my questions are still NOT being answered, I QUOTE,

Maybe that is because you demand a fully qualified answer within six
hours, while you fail to provide a good bug report?
I asked my question on the 10/11/2011 at 10:39 , get your facts straight before you make such slanderous allegations.
 Typically, bugs
get reported to https://bugs.torproject.org, where the developers
actually expect them.

I was not reporting the bug as such, I was asking if (as there was a bug and at the same time my old running version was telling me it needed replacing), it was being supported still, but I got curious replies, so I asked why, simple.

I re-iterate, can I get a reply from someone on the tor dev team about this ERROR and whether Win2k is being supported now or not?

Here's the reply from someone on the tor dev team: "Exciting! It seems
you've found a bug on Windows 2000 systems, we should totally debug that
and see if we can get it fixed! Unfortunately, we don't have a windows
2000 system around to debug this ourselves, and this is the only report
we've gotten about trouble so far. Please try and provide more input
about your system, the other software that you run, and if you have any
experience debugging software so we may help you get this issue
resolved.

Perhaps you should have tested to see if it at least ran (sigh up) first (as is normal release practise) BEFORE you released it for use as stable, no?

Otherwise you should not have released it for use on Win2k, it is highly unprofessional, after all the Tor project is getting paid Tax Dollars to develop it, and its certainly NOT being developed for free, just free to use.

If we have to conclude that the expert Bundle doesn't work on Windows
2000 anymore for whatever reason, I'm afraid we'll have to drop support
for it unless someone else steps in to provide the necessary fixes."


It sounds like, sadly, you'll never know if it does or not, so why not just remove the claim that it still works on Win2k (with all SP's and rollups)?

I have a more "professional" solution to suggest, if you cannot get yourselves a copy of Win2k (all updates are still on MS site) from ebay (you'll need a pc with a boot manager also).

Try pointing me to the place (exact link - I don/t want access to dev suite/tools/sources) where I can download all the unstable tor.exe's that have been produced since the stable version that I am running (which still works - just), see my original post for details. Then I can test the exe's and let you know where it changed to fail with this error message. Then you can do a diff on the code and take a look if you can fix.

Personally. I don't give a fig what you do, but I do expect software to work with the OSES it says it should work on and as a user I don't expect to be dissed about by dev teams.


Jo
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk