Leave a comment
It's complicated
02 December 2009 @ 01:04 pm
30 November 2009 @ 08:56 am
24 November 2009 @ 02:12 pm
According to a post today on or-talk, Livejournal is blocking access for users of the Tor network.
Users of the Tor network may see a message like this:
You've been temporarily banned from accessing LiveJournal, perhaps because you were hitting the site too quickly. Please make sure that you're following our Bot Policy. If you have questions, contact us at webmaster@livejournal.com with the following information: PFOL0fb1R8QvjxX @ 62.197.40.154
I'm unable to actually get a reliable connection to LJ via Tor; my browser is sent a 502 HTTP error code every time that I try to connect.
Can someone from Livejournal comment? Is this specific to Tor or is this a general bot trigger?
Update:
I've posted an update to this situation on the or-talk mailing list:
Hello again,
In summary:
Mike Perry and I just had a visit to the San Francisco Livejournal
office. The servers at LJ are currently being abused by two users in
Russia. They are currently blocking access to all of the Tor exit nodes
with a rather crufty (but effective) screen scrape of some Tor status
page. They'd like to lift this ban and they'd like to see the abuse
stop. They recognize that many legitimate users are now out in the cold
and they'd like to allow Tor to access LJ.
The service abusing their systems is http://lj2rss.net.ru/; lj2rss
provides a user with an RSS feed of their LJ friends page (normally a
paid service). LJ considers this abuse and has attempted to block this
service. Lj2rss was previously run through basic HTTP proxies. It has
apparently evolved as a service. The lj2rss people decided to ditch HTTP
proxies for the public Tor network. This has caused LJ to filter _all_
access from the Tor network as a quick hack to block their service. LJ
is unhappy with this as they realize this means that many people are not
able to reach LJ. They want to find a solution to this total method of
blocking. They only want to stop lj2rss and not everyone who actually
needs Tor to legitimately use LJ.
We've suggested that rather than outright blocking, users should be
redirected (http 302 rather than 502) to a status page explaining the
outage information. We've also suggested they can have user puzzles or
require a specific login (paid accounts or flagged in some way). As far
as I can tell, this is not a conspiracy by SUP or any other measure
taken on behalf of SUP. The sysadmins at LJ are simply trying to combat
someone abusing their service.
LJ said that they're going to change their status page shortly to
explain the block. They're also working on methods to block the lj2rss
people and not every single user of the Tor network. I hope this is
helpful and that the users of Tor will be able to access LJ services
again shortly.
And it appears that the error returned by LJ is now updated to reflect the nature of the block:
LiveJournal is currently blocking TOR access. We apologize for this inconvenience. We have been working with TOR to identify ways to allow their service, while keeping malicious users away.
Users of the Tor network may see a message like this:
You've been temporarily banned from accessing LiveJournal, perhaps because you were hitting the site too quickly. Please make sure that you're following our Bot Policy. If you have questions, contact us at webmaster@livejournal.com with the following information: PFOL0fb1R8QvjxX @ 62.197.40.154
I'm unable to actually get a reliable connection to LJ via Tor; my browser is sent a 502 HTTP error code every time that I try to connect.
Can someone from Livejournal comment? Is this specific to Tor or is this a general bot trigger?
Update:
I've posted an update to this situation on the or-talk mailing list:
Hello again,
In summary:
Mike Perry and I just had a visit to the San Francisco Livejournal
office. The servers at LJ are currently being abused by two users in
Russia. They are currently blocking access to all of the Tor exit nodes
with a rather crufty (but effective) screen scrape of some Tor status
page. They'd like to lift this ban and they'd like to see the abuse
stop. They recognize that many legitimate users are now out in the cold
and they'd like to allow Tor to access LJ.
The service abusing their systems is http://lj2rss.net.ru/; lj2rss
provides a user with an RSS feed of their LJ friends page (normally a
paid service). LJ considers this abuse and has attempted to block this
service. Lj2rss was previously run through basic HTTP proxies. It has
apparently evolved as a service. The lj2rss people decided to ditch HTTP
proxies for the public Tor network. This has caused LJ to filter _all_
access from the Tor network as a quick hack to block their service. LJ
is unhappy with this as they realize this means that many people are not
able to reach LJ. They want to find a solution to this total method of
blocking. They only want to stop lj2rss and not everyone who actually
needs Tor to legitimately use LJ.
We've suggested that rather than outright blocking, users should be
redirected (http 302 rather than 502) to a status page explaining the
outage information. We've also suggested they can have user puzzles or
require a specific login (paid accounts or flagged in some way). As far
as I can tell, this is not a conspiracy by SUP or any other measure
taken on behalf of SUP. The sysadmins at LJ are simply trying to combat
someone abusing their service.
LJ said that they're going to change their status page shortly to
explain the block. They're also working on methods to block the lj2rss
people and not every single user of the Tor network. I hope this is
helpful and that the users of Tor will be able to access LJ services
again shortly.
And it appears that the error returned by LJ is now updated to reflect the nature of the block:
LiveJournal is currently blocking TOR access. We apologize for this inconvenience. We have been working with TOR to identify ways to allow their service, while keeping malicious users away.
08 November 2009 @ 10:45 pm
This weekend has been quite the awesome weekend. 3ric brought a high speed camera (7000 frames per second at full resolution) and we made a few videos together. I've uploaded a couple of videos. Here's a high speed video of me using mentholated eye drops. And here's what happens when Eric, 3ric, Kelly and I get soy milk, a belt and a high speed camera. Go Vegan. Or something.
For the high speed video of soy milk on youtube:
For the high speed video of soy milk on youtube:
07 November 2009 @ 10:14 am
"We're recursive homeboys this year, Don."
"Nested and recursive parens. ... We can square it every year."
"Nested and recursive parens. ... We can square it every year."
15 October 2009 @ 11:32 pm
Fall in Seattle is so colorful and beautiful.
15 October 2009 @ 11:31 pm
14 October 2009 @ 03:04 pm
Capitol hill in Seattle is a great place for coffee.
10 October 2009 @ 08:23 pm
I totally win at breaking glasses. Here's my future broken pair of glasses.
04 September 2009 @ 10:43 pm
A hacker hero for the world.
04 September 2009 @ 10:41 pm
"Step a little closer, you're still in focus..."
16 August 2009 @ 07:24 am
HAR was absolutely awesome.
30 July 2009 @ 04:20 pm
I'm happy to report that Joe Grand, Chris Tarnovsky and I successfully gave our talk at Black Hat today. Our slides and code are online now and they're pretty informative.
We spent some time looking at various metering systems from around the world. We did so by acquiring meters on eBay and reversing them. It was a lot of fun. Our case study focused on San Francisco and we showed it was pretty badly broken.
Here's a screen capture of the silicon die analysis:

And here's the proof that we've been able to emulate their broken system:

We can't thank the EFF enough. They're the best.
We spent some time looking at various metering systems from around the world. We did so by acquiring meters on eBay and reversing them. It was a lot of fun. Our case study focused on San Francisco and we showed it was pretty badly broken.
Here's a screen capture of the silicon die analysis:
And here's the proof that we've been able to emulate their broken system:

We can't thank the EFF enough. They're the best.
15 July 2009 @ 04:31 pm
A snapshot of Emmanuel at Toorcamp.
08 July 2009 @ 01:11 am
Traveling with Benessa and Folkert in China was wonderful.
26 June 2009 @ 02:17 am
"This is not a battle that we will win for you. But rather, these are battles we will win with each other. We will do this not with fear on our minds but with courage in our hearts."
25 June 2009 @ 12:15 pm
23 June 2009 @ 07:47 pm
18 June 2009 @ 11:15 am














