tvdw | 9 years ago | on: Implementing a Tor relay from scratch in golang (2015)
tvdw's comments
tvdw | 9 years ago | on: Implementing a Tor relay from scratch in golang (2015)
There are separate reader/writer goroutines, I don't think splitting them up further would've helped much. The problem is that all connections may end up needing something from all other connections, and as soon as one of them slows down (slow network, etc) its channels start filling up, taking other connections with it :-)
This could've been mitigated by applying backpressure in a bunch of places, and is ultimately a problem of Tor and not Go, but the nature of Go makes it hard to build code to do that.
As for renegotiation: my work on the Go version of Tor had some nice side-effects, and indeed, renegotiation was finally removed :-) https://gitweb.torproject.org/tor.git/tree/ChangeLog?id=55c4...
tvdw | 9 years ago | on: Implementing a Tor relay from scratch in golang (2015)
Ha, I see how it can sound like that :-)
Yes, it broke the speed record: a multithreaded application outperformed the singlethreaded version. But I wasn't happy with the result. It consumed an order of magnitude more memory, and gc times were potentially harming users (not a widely researched subject, but gc times in low-latency mixnets can likely harm user anonymity). Oh, and it would occasionally crash with OOM errors.
tvdw | 9 years ago | on: Implementing a Tor relay from scratch in golang (2015)
Hi. I wrote the post, happy to answer questions.
* yes, more modern versions of Go would likely mitigate some of the memory pain * yes, crypto/tls is fast now * no, crypto/tls still has insufficient functionality for implementing this. crypto/tls implicitly assumes you want to authenticate the channel through certificates, which Tor doesn't do * I was using go 1.4 * yes, I tried Rust
tvdw | 13 years ago | on: The End: NZBMatrix closes
This is awkward... When newzbin shut down, I was without a NZB provider for a week. Then 2 days ago I paid for my membership at NZBMatrix. And now it's gone?
tvdw | 13 years ago | on: Let's make GitHub better, together
Non-native English speaker here, I volunteer at several companies to translate their interfaces.
Almost all people can read basic English (especially those who access Github), so translating the Github interface seems rather pointless to me. Of course, translating the support articles would really help accessibility for those who don't know English as well as native speakers.
Translating interfaces makes people think they can use their language to communicate on a site. Translating only the support articles helps people understand the site, but they will quickly realize that the site itself prefers English-only communication.
tvdw | 13 years ago | on: Bitcoin Block #210 000 mined - reward halving
Transaction fees are a 'gift' from the person doing the transaction to the person that's processing the transaction. Processing transactions is done in blocks, and the process is called 'mining' because for every processed block, the person who processes the block gets 25 BTC (before today that was 50 BTC) plus the transaction fees. Obviously 25 BTC is a lot, which is why it's so hard to mine blocks. Mining is often done in groups, and the person who mines a block has to share the profits with the rest of that group.
IIRC the entire Bitcoin community mines 6 blocks per hour, and it's the mining process that keeps Bitcoin going, because without miners there couldn't be any transactions.
tvdw | 13 years ago | on: Leaping Brain's "Virtually Uncrackable" DRM is just an XOR with "RANDOM_STRING"
For the record, distributing Python scripts doesn't have to mean distributing the source: it's possible to just execute the compiled .pyc files, which are harder to crack than (for example) Java's .class files.
Also, since xor is just a CPU instruction, you won't immediately notice it in the decompiled script (if you get that far). With all the overhead that decompilers tend to produce, it's really easy to miss.
tvdw | 13 years ago | on: Windows 8 — Disappointing Usability for Both Novice and Power Users
I've been using Windows 8 since roughly two weeks before its launch, and I agree with most of the article.
In fact, I just realized that I never use a single "Modern UI" app for the simple reason that they force my entire screen (2560x1440, 27") to be filled by one app. Such a waste of space. In desktop mode I often have four 1280x720 windows on my screen.
Windows 8 might just be the push I needed to switch to Linux.
tvdw | 13 years ago | on: Introducing Wikipedia’s new HTML5 video player
Happy to see that a big site is finally starting to support WebM. I hope that they've chosen to not support h264, because of its proprietary nature?
tvdw | 13 years ago | on: Dolphins deserve same rights as humans, say scientists
Man has always assumed that he was more intelligent than
dolphins because he had achieved so much... the wheel,
New York, wars and so on... while all the dolphins had
ever done was muck about in the water having a good time.
But conversely, the dolphins had always believed that
they were far more intelligent than man... for precisely
the same reason.tvdw | 13 years ago | on: Show HN: What's Your Browser's Age?
Firefox Aurora "17.0a2 (2012-09-30)". Updated roughly 10 minutes ago, yet it says 25 days.
tvdw | 13 years ago | on: Ask HN: How do you handle sudden huge traffic spike like that of Obama IAMA?
1. Cache. Cache, cache, cache. Cache. Consider turning off most of these caches for normal production work, then turn them on when you really need them. This way if you normally run at 90% of your capabilities, you can turn on caches and still be able to handle a massive traffic spike.
2. Backup servers. Make sure you have a way to quickly spin up more machines. If you're using EC2, just launch a few extra machines, it's really easy as long as it's not the database being the bottleneck.
3. Turn off anything unimportant. During the traffic spike of Obama, there were undoubtedly some background processes that could be ran later. Just pause those for a while and make them continue later. As long as it's a spike and the background processes aren't that important, this works well.
4. Turn off some front-end stuff. Reddit, for example, disabled commenting on Obama's IAMA for a while, instead forcing a cached version of the homepage. It really helps performance and doesn't really hurt the visitors too much. Sure, they can't comment, but with 15000 comments it's not likely that your comment gets read by Obama anyway.
On 1 and 2: always make sure you have room to handle spikes. Get backup servers ready but don't turn those into real production servers. Always ensure you have a buffer. Maybe embed some code that makes your site extra heavy, then give it a switch to turn off that extra code in case of a big spike? If you always run your site on full capacity hardware, you can't plan for spikes.
tvdw | 13 years ago | on: Areion: The 3D printed racer which reaches 88mph
So much for "You don't download a car"
tvdw | 13 years ago | on: Stripe CTF Writeup
while diff > 2: tryAgain()
tvdw | 13 years ago | on: Stripe CTF Writeup
You don't have to get the base port on each try, you can just re-use the previous result. I achieved this by simply storing them on the global scope and only keeping the "last" and "before last" port numbers.
https://gist.github.com/38c0430b5084f8442858 for my entire implementation.
tvdw | 13 years ago | on: Stripe CTF Writeup
https://gist.github.com/38c0430b5084f8442858
You only need 1 call per possible number for each chunk, yes. But since the numbers are random between 0 to 999, that averages to 500 requests per chunk. Additionally, you don't have to do any kind of port checking for the last chunk, so that saves on any overhead you might have for the port checks. Based on this I'd say there's (3x 500 requests + 20% overhead) + 500 requests for the final block. That's 2300 requests on average.
tvdw | 13 years ago | on: Stripe CTF Writeup
Yes it was. But you could optimize the brute forcing so much that you needed only ~2400 calls to the API to crack a 12 digit password.
tvdw | 13 years ago | on: Stripe CTF Writeup
Finished as 30th, when we still had to actually work to get the answers (shortly after that everyone just started posting the answers in the IRC channels). Level 8 was a really nice challenge. After completing the challenge I managed to optimize my level 8 solution a lot, so much that it managed to finish in under 3 minutes by only doing roughly 2400 API calls (2000 for the bruteforcing itself, 400 to compensate for other players).
https://gist.github.com/38c0430b5084f8442858 for those who are interested. There aren't many comments in there though
tvdw | 13 years ago | on: Stripe CTF Writeup
This works well if for some reason they block fromCharCode:
eval(unescape(/your escaped code goes here/.source))
page 1
I attempted an implementation of Tor in Rust, but because I implemented it in Go a few weeks before that I got bored quickly. That said, some ideas I had for the Rust version have made it to Tor itself (or soon will), such as my ideas on transparently load-balancing Tor hidden services: https://gitweb.torproject.org/torspec.git/tree/proposals/255...
[1] note that in the land of Tor, unpredictable performance (for example because of GC pauses) could lead to user deanonymization.