123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159 |
- <?xml version="1.0" encoding="utf-8"?>
- <!--
-
- h t t :: / / t /
- h t t :: // // t //
- h ttttt ttttt ppppp sssss // // y y sssss ttttt //
- hhhh t t p p s // // y y s t //
- h hh t t ppppp sssss // // yyyyy sssss t //
- h h t t p s :: / / y .. s t .. /
- h h t t p sssss :: / / yyyyy .. sssss t .. /
-
- <https://y.st./>
- Copyright © 2016 Alex Yst <mailto:copyright@y.st>
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <https://www.gnu.org./licenses/>.
- -->
- <!DOCTYPE html>
- <html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <base href="https://y.st./en/weblog/2016/03-March/05.xhtml" />
- <title>Relay service <https://y.st./en/weblog/2016/03-March/05.xhtml></title>
- <link rel="icon" type="image/png" href="/link/CC_BY-SA_4.0/y.st./icon.png" />
- <link rel="stylesheet" type="text/css" href="/link/basic.css" />
- <link rel="stylesheet" type="text/css" href="/link/site-specific.css" />
- <script type="text/javascript" src="/script/javascript.js" />
- <meta name="viewport" content="width=device-width" />
- </head>
- <body>
- <nav>
- <p>
- <a href="/en/">Home</a> |
- <a href="/en/a/about.xhtml">About</a> |
- <a href="/en/a/contact.xhtml">Contact</a> |
- <a href="/a/canary.txt">Canary</a> |
- <a href="/en/URI_research/"><abbr title="Uniform Resource Identifier">URI</abbr> research</a> |
- <a href="/en/opinion/">Opinions</a> |
- <a href="/en/coursework/">Coursework</a> |
- <a href="/en/law/">Law</a> |
- <a href="/en/a/links.xhtml">Links</a> |
- <a href="/en/weblog/2016/03-March/05.xhtml.asc">{this page}.asc</a>
- </p>
- <hr/>
- <p>
- Weblog index:
- <a href="/en/weblog/"><abbr title="American Standard Code for Information Interchange">ASCII</abbr> calendars</a> |
- <a href="/en/weblog/index_ol_ascending.xhtml">Ascending list</a> |
- <a href="/en/weblog/index_ol_descending.xhtml">Descending list</a>
- </p>
- <hr/>
- <p>
- Jump to entry:
- <a href="/en/weblog/2015/03-March/07.xhtml"><<First</a>
- <a rel="prev" href="/en/weblog/2016/03-March/04.xhtml"><Previous</a>
- <a rel="next" href="/en/weblog/2016/03-March/06.xhtml">Next></a>
- <a href="/en/weblog/latest.xhtml">Latest>></a>
- </p>
- <hr/>
- </nav>
- <header>
- <h1>Relay service</h1>
- <p>Day 00364: Saturday, 2016 March 05</p>
- </header>
- <p>
- I did not sleep well last night.
- I woke up at about four and couldn't get back to sleep.
- </p>
- <p>
- I began my <a href="http://sbuk7aqcxkoyipwv.onion/">onion-to-clearnet</a> forwarding service today to aid in bypassing <abbr title="The Onion Router">Tor</abbr> blocks.
- I obviously can't use it myself, as my own <abbr title="Internet Protocol">IP</abbr> address acts as the exit, but perhaps someone can make use of it.
- Unfortunately, I set up the website for the server over <abbr title="Hypertext Transfer Protocol">HTTP</abbr> instead of <abbr title="Hypertext Transfer Protocol Secure">HTTPS</abbr>.
- I much prefer <abbr title="Hypertext Transfer Protocol Secure">HTTPS</abbr>, but a lot of onionlanders don't.
- This service is for them, not me, and encryption is already supplied by <abbr title="The Onion Router">Tor</abbr>, so I'll do it their way.
- I've also decided to use the high ports, not the low ports, for forwarding.
- Many of the low ports have specific services that they are assumed to run.
- If I end up needing one of those ports after I've already assigned it for forwarding, it will be too late.
- As such, I've decided to use the ports in the 49152-65535 range, as they are currently defined as ports that will not be assigned any specific service.
- If the <abbr title="Internet Assigned Numbers Authority">IANA</abbr> decides to change this, some network changes will be to be expected, so there won't be any issues with me reclaiming ports; it wasn't my fault, I took reasonable precautions.
- <a href="https://opalrwf4mzmlfmag.onion/">Wowaname</a> suggested allowing other people to share their <abbr title="Internet Protocol">IP</abbr> addresses in the same way, using my onion to forward to random volunteer machines in a round-robin-type way.
- I'm not sure who would volunteer, but it seems like it would be easy to set up on their end.
- The simplest way would probably be to set up port forwarding in their home router configuration.
- They wouldn't even need to install <abbr title="The Onion Router">Tor</abbr>, though of course I recommend installing and using <abbr title="The Onion Router">Tor</abbr> to everyone.
- I thought about adding freenode to my forwarding configuration, but due to the fact that I don't want to play "favorites" with <abbr title="The Onion Router">Tor</abbr>-haters, I didn't want to add any specific services until they were requested.
- <a href="https://ronsor.net/">Ronsor</a> quickly suggested <a href="ircs://sbuk7aqcxkoyipwv.onion:49152/">freenode</a> (once people were actually awake), so that resolved that issue.
- </p>
- <p>
- While discussing ways to get multiple <abbr title="Internet Protocol">IP</abbr> addresses to be usable for relay service, wowaname and I were discussing on <a href="ircs://kitsune6uv4dtdve.onion:6697/%23Volatile">#Volatile</a> how nice round robin support for onion addresses.
- One hidden service node can relay to multiple servers, but multiple hidden service nodes cannot use the same onion address like can be done in <abbr title="Domain Name System">DNS</abbr>.
- Cathugger knew of an article about <a href="https://www.benthamsgaze.org/2015/11/17/scaling-tor-hidden-services/">horizontal scalability of hidden services</a>.
- With the techniques the author suggests, it is possible to get up to sixty separate machines at separate locations to receive requests meant for a single onion address.
- These sixty machines are all registered with the <abbr title="The Onion Router">Tor</abbr> network without any changes to the underlying infrastructure.
- The only things changed are on the machines that hold the private onion key.
- It sounds a bit difficult to deploy and custom code is needed, but it might get people thinking about the need to share onion addresses between machines like this.
- It might lead to changes in how <abbr title="The Onion Router">Tor</abbr> fundamentally handles hidden services.
- Even if it doesn't lead to changes, it provides an option for large services that really need more room to grow on the <abbr title="The Onion Router">Tor</abbr> network.
- </p>
- <p>
- When the local community college said that they would send me a gift card, I assumed that it was a use-anywhere prepaid type of gift card.
- That was a naïve assumption on my part.
- The card arrived in the mail today and it's a gift card for their in-house book store.
- As the card dosen't have much on it and I don't know if I'll be attending this school, it's little more than an amusing novelty item.
- Still, it got me to submit my feedback for their orientation.
- I was going to do that anyway, but this helped make sure I did it in a timely manner.
- </p>
- <p>
- Our mother, Cyrus, Vanessa, and I volunteered at a spaghetti-serving fund raiser today.
- We told them that we were there to help, then waited a couple hours for them to be ready for help.
- We were pretty much just wasting time unable to do anything, so we asked if they even needed us.
- They told us that they didn't even want our help.
- Why didn't they just tell us that from the beginning? While I was waiting, I thought about the fact that my <a href="/en/domains/accessed574tizbu.onion.xhtml">accessed574tizbu</a> onion would have been a cool address for my forwarding service because it helps people access malicious servers, but I'm going to continue using my <a href="/en/domains/sbuk7aqcxkoyipwv.onion.xhtml">sbuk7aqcxkoyipwv</a> onion.
- </p>
- <p>
- It seems that Ronsor will be away for three weeks.
- </p>
- <p>
- Wowaname decided that she wanted her <abbr title="The Onion Router">Tor</abbr>-to-IRC2P onion to be "listed" on my forwarding service.
- It seemed pretty strange to me.
- I'm not sure she understood that it was a forwarding service, not a listing of forwarding services.
- However, it seemed like it could be of benefit to <abbr title="The Onion Router">Tor</abbr> users, as it does provide access to a service not normally reachable over <abbr title="The Onion Router">Tor</abbr>, so I went with it.
- However, I didn't want it to look like my forwarding service was not up to forwarding to other darknets and that this burden had to fall to others.
- To fix this, I set up <abbr title="Invisible Internet Project">I2P</abbr> on my server and forwarded one of my onion ports to <a href="irc://sbuk7aqcxkoyipwv.onion:49153/">IRC2P</a> as well.
- If I chance upon any other services similar to mine, I'll add them to my list and forward to their destinations in parallel.
- A little redundancy doesn't hurt.
- While the onion-to-clearnet ports are nice for getting access to places without giving into their ridiculous anti-privacy agendas, the onion-to-other-darnet ports are nice for convenience.
- </p>
- <p>
- As I was installing <a href="apt:i2p"><abbr title="Invisible Internet Project">I2P</abbr></a> on my server, I decided to install it <a href="https://geti2p.net/en/download/debian#debian">from a package</a>, unlike on my client machine.
- Installation went fine, but I found that <abbr title="Invisible Internet Project">I2P</abbr>'s package, being from a non-Debian party, is not set up to start itself as a system service.
- You still need to run <code>i2prouter start</code> to start it each time you start the system, unless you script something to take care of that.
- <abbr title="Invisible Internet Project">I2P</abbr>'s strange (in my opinion) setup of binding ports to services made it ridiculously easy to forward between darknets.
- It also didn't hurt that one of the default port bindings was pointed directly to the service that I needed in this case.
- </p>
- <hr/>
- <p>
- Copyright © 2016 Alex Yst;
- You may modify and/or redistribute this document under the terms of the <a rel="license" href="/license/gpl-3.0-standalone.xhtml"><abbr title="GNU's Not Unix">GNU</abbr> <abbr title="General Public License version Three or later">GPLv3+</abbr></a>.
- If for some reason you would prefer to modify and/or distribute this document under other free copyleft terms, please ask me via email.
- My address is in the source comments near the top of this document.
- This license also applies to embedded content such as images.
- For more information on that, see <a href="/en/a/licensing.xhtml">licensing</a>.
- </p>
- <p>
- <abbr title="World Wide Web Consortium">W3C</abbr> standards are important.
- This document conforms to the <a href="https://validator.w3.org./nu/?doc=https%3A%2F%2Fy.st.%2Fen%2Fweblog%2F2016%2F03-March%2F05.xhtml"><abbr title="Extensible Hypertext Markup Language">XHTML</abbr> 5.1</a> specification and uses style sheets that conform to the <a href="http://jigsaw.w3.org./css-validator/validator?uri=https%3A%2F%2Fy.st.%2Fen%2Fweblog%2F2016%2F03-March%2F05.xhtml"><abbr title="Cascading Style Sheets">CSS</abbr>3</a> specification.
- </p>
- </body>
- </html>
|