[tor-talk] Tor no longer works with win2K ??
Anon Mus
my.green.lantern at googlemail.com
Sun Nov 13 23:15:08 UTC 2011
Sebastian Hahn wrote:
> I'll pretend you didn't insult me and the rest of the Tor dev team, and
> try and get your question answered. I've snipped the useless
> allegations.
>
>
I made no allegations WHAT SO EVER, I asked questions, that was all. I
seem to have hit a raw nerve.
> On Nov 12, 2011, at 12:52 PM, Anon Mus wrote:
>
>> Jacob Appelbaum wrote:
>>
>>> On 11/10/2011 02:39 AM, Anon Mus wrote:
>>>
>>>> I got a message to upgrade my Tor version..
>>>>
>>>> Nov 10 10:20:45.953 [Warning] Please upgrade! This version of Tor
>>>> (0.2.1.30) is obsolete, according to the directory authorities.
>>>> Recommended versions are: 0.2.1.31,0.2.2.34,0.2.3.6-alpha,0.2.3.7-alpha
>>>>
>>>> But (as before) the latest versions of the expert install do not work.
>>>>
>>>>
>>>> Here's the stable..
>>>>
>>>> Nov 10 10:17:10.093 [Notice] Tor v0.2.2.34 (git-c4eae752f0d157ce). This
>>>> is experimental software. Do not rely on it for strong anonymity.
>>>> (Running on Windows 2000 Service Pack 4 [workstation])
>>>>
>>> Just as a general warning, I suspect the Random Number Generator on
>>> Windows 2000 is not so great. I would seriously consider installing a
>>> recent Operating system or booting a tails live CD.
>>>
>>> All the best,
>>> Jacob
>>>
>>>
>>>
>> As I understand it the random number generator in win2k is the same as the one in WinNT, Win2003, WinXP and Windows Vista.
>>
>> http://www.theregister.co.uk/2007/11/13/windows_random_number_gen_flawed/
>> http://www.computerworld.com/s/article/9048438/Microsoft_confirms_that_XP_contains_random_number_generator_bug
>> http://www.segobit.com/rng.htm
>>
>> Does this mean support for these Windows OSes is also to be withdrawn?
>>
>
> Nobody said anything about withdrawing support because of this.
NOTE: I made no such statement, I asked the question, "was it still
supported?", DON'T put words into someone else's mouth so YOU can make
FALSE allegations.
> Note
> that Jake spoke of suspicion.
Yes the "suspicion" as you call it (I would say it was advice/excuse),
is well documented, Israeli (Mossad??) researchers published the
weakness, its also in WinXP's that have not been updated.
To let people know to update would have been sensible considering how
"Jake" was so concerned about it.
But REALLY, the attack requires access to the machine and must be on one
that is kept running 24/7 (frequent reboots defeat the attack), I boot
my Win2k every time I use Tor via it.. I don't run a Tor node nowadays
so its no a risk to others. But of course there may be WinXP (not
updated) Tor nodes out there who are, but you seem to be unconcerned
about that, otherwise you'd have seen my point about alerting the Tor
community to update their WinXPs, wouldn't you.
> Recommending against the use of Operating
> Systems that have reached their end of life and no longer have security
> support is also just common sense, and it isn't surprising that WinNT
> or WinXP pre-SP have extremely bad security problems. Does this really
> surprise you at all?
>
I think I've covered most of this above.
Win2k is still a fairly popular OS (0.17%), when compared with most
versions of Linux (e.g. Ubuntu > 0.1%) where all the versions of Linux
have only 1.2%. (one seriously wonders why so much effort goes into the
support for that OS.
Win2K is also very stable. I love using it, and it has my old dev stuff
on it (I still have Win98, WinNT, WinSBS PC's and even Win95, Win 3.x &
OS2 on disk).
Blah.. Snip because its OT argumentative..
>> Perhaps you can ensure a full explanation is placed a warning on the Torproject web site otherwise lots of users will be using Windows operating systems which are vulnerable.
>>
>
> It's not entirely clear what the implications are, from what I understand.
>
>
Uhhh ??, so why would "Jake" write Tor-talk a message like that?
>> Obviously my questions are still NOT being answered, I QUOTE,
>>
>
> Maybe that is because you demand a fully qualified answer within six
> hours, while you fail to provide a good bug report?
I asked my question on the 10/11/2011 at 10:39 , get your facts straight
before you make such slanderous allegations.
> Typically, bugs
> get reported to https://bugs.torproject.org, where the developers
> actually expect them.
>
>
I was not reporting the bug as such, I was asking if (as there was a bug
and at the same time my old running version was telling me it needed
replacing), it was being supported still, but I got curious replies, so
I asked why, simple.
>> I re-iterate, can I get a reply from someone on the tor dev team about this ERROR and whether Win2k is being supported now or not?
>>
>
> Here's the reply from someone on the tor dev team: "Exciting! It seems
> you've found a bug on Windows 2000 systems, we should totally debug that
> and see if we can get it fixed! Unfortunately, we don't have a windows
> 2000 system around to debug this ourselves, and this is the only report
> we've gotten about trouble so far. Please try and provide more input
> about your system, the other software that you run, and if you have any
> experience debugging software so we may help you get this issue
> resolved.
>
>
Perhaps you should have tested to see if it at least ran (sigh up) first
(as is normal release practise) BEFORE you released it for use as
stable, no?
Otherwise you should not have released it for use on Win2k, it is highly
unprofessional, after all the Tor project is getting paid Tax Dollars to
develop it, and its certainly NOT being developed for free, just free to
use.
> If we have to conclude that the expert Bundle doesn't work on Windows
> 2000 anymore for whatever reason, I'm afraid we'll have to drop support
> for it unless someone else steps in to provide the necessary fixes."
>
>
>
It sounds like, sadly, you'll never know if it does or not, so why not
just remove the claim that it still works on Win2k (with all SP's and
rollups)?
I have a more "professional" solution to suggest, if you cannot get
yourselves a copy of Win2k (all updates are still on MS site) from ebay
(you'll need a pc with a boot manager also).
Try pointing me to the place (exact link - I don/t want access to dev
suite/tools/sources) where I can download all the unstable tor.exe's
that have been produced since the stable version that I am running
(which still works - just), see my original post for details. Then I can
test the exe's and let you know where it changed to fail with this
error message. Then you can do a diff on the code and take a look if you
can fix.
Personally. I don't give a fig what you do, but I do expect software to
work with the OSES it says it should work on and as a user I don't
expect to be dissed about by dev teams.
Jo
More information about the tor-talk
mailing list