security-discuss
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-discuss] (no subject)

From: Anonymous
Subject: [security-discuss] (no subject)
Date: Thu, 9 Mar 2017 12:15:09 -0500 (EST) 
Alfred M. Szmidt said:

>    GNU Radio Foundation, Inc. is denying freedom 0 to GNU wget
>    users.  The only GNU Radio users being denied freedom 0 are those
>    who are also GNU wget users.
> 
> 1) GNU wget users are not being "denied" access to GNU radio via
>    Tor.  Here is me downloading GNU radio via Tor using GNU wget:
> 
>   $ wget http://gnuradio.org/releases/gnuradio/gnuradio-3.7.10.1.tar.gz
>   --2017-03-09 09:49:15--  
> http://gnuradio.org/releases/gnuradio/gnuradio-3.7.10.1.tar.gz
>   Resolving gnuradio.org... 104.28.6.113, 104.28.7.113, 
> 2400:cb00:2048:1::681c:771, ...
>   Connecting to gnuradio.org|104.28.6.113|:80... connected.
>   HTTP request sent, awaiting response... 200 OK
>   Length: 4272430 (4.1M) [application/x-gzip]
>   Saving to: ‘gnuradio-3.7.10.1.tar.gz’
>   
>   gnuradio-3.7.10.1.t 100%[===================>]   4.07M  4.04MB/s    in 1.0s 
>   
>  
>   
>   2017-03-09 09:49:16 (4.04 MB/s) - ‘gnuradio-3.7.10.1.tar.gz’ 
> saved 
> [4272430/4272430]

You didn't use torsocks, and clearly there's a problem with the proxy
settings in your environment because:

 * you weren't denied access
 * the download took only 1 second.

That's very unlikely over tor.  Realistically that file should have
taken at least 10 seconds on a good circuit and that's neglecting
handshaking; would be closer to 25 seconds on average.  I also just
did 6 wget downloads of the same tarball, over tor, and from a
cloudflare server (for which tor was whitelisted), and the fastest
time was 14s; longest time was 63s.

Here's a demo of wget over 4 arbitrary Tor exit nodes connecting to
gnuradio.org:

  https://lists.gnu.org/archive/html/security-discuss/2017-03/msg00028.html

> 2) By saying that the GNU Radio Foundation is "denying access" you
>    are saying that they have activley taken decisions to make it
>    impossible, or very hard to download GNU Radio, they have done no
>    such thing.

They certainly have.

Although a substantial portion of CloudFlare's clientel is low-tech
website owners for small non-tech businesses, e.g. "Bob's Bagel Shop"
and the like.. these website owners can easily play the ignorance
card.  We know that GNU Radio Foundation, Inc. cannot.  They have a
mission that is technical, and GNU Radio admins in #gnuradio on
freenode have proven to be very hostile toward the Tor community.  GNU
Radio admins have been informed about problem, and they were quite
uncivil in their reaction.  They know what they are doing; it's not
accidental.  It is purposeful, and it is malicious.

Being aware of the hostility of GNU Radio admins is important for
someone who might approach them on the matter.  But whether the denial
of service is accidental or not (a deliberate attack or not) does not
change the need for a solution.

--
Please note this was sent anonymously, so the "From:" address will be unusable.
List archives will be monitored.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]