Silk Road forums
Discussion => Silk Road discussion => Topic started by: SpoonyBard on February 02, 2012, 05:17 am
-
Here's my pet theory on SR's accessibility suckage. This came from reading the Tor Project's overview of how hidden services work (http://"https://www.torproject.org/docs/hidden-services.html.en"), and from staring too long at the "View Network" window as I bit my fingernails waiting to check my order status.
I think the problem is not with the Web site. It's with the entry points. When you create a hidden service, Tor builds circuits to a random set of arbitrary relays, and says "Hey, YOU guys, you're responsible for knowing how to find me." These entry points are published to the cloud as the "location" of the service. (The entry points still don't know the service's IP address or anything; they just know the start of an anonymous circuit that will eventually get to it.)
When you or I want to buy some pot? We tell Tor the .onion address, and it uses that as the key to look up a list of entry points. Our Tor client then picks a totally different random relay, contacts one of those entry points, and says "Can you please tell Silk Road to call me at this number?" The entry point is supposed to deliver your message to Silk Road's hidden service. Silk Road then builds a circuit to that relay, where you've been waiting for it, and that's when you finally get to see the crappy login captcha.
The weak point in the system, I believe, is the dependency on those entry points. There are only a few of them, they're the only ones who know how to talk to Silk Road directly, and they can't change. (If they could, you could in theory substitute an evil one and use it for a site attack. Choosing them randomly at the start means you'd need either to own a huge chunk of Tor or have a time machine to screw with a site this way.)
The system works great as long as they're generally available and not overloaded. But Silk Road is very likely one of the most popular hidden services out there. Every request to connect to it means a request to one of those entry points, which then has to pass the message on, and then more stuff has to happen before we make a connection on neutral ground. This has to happen within the two minutes or so before Tor times out on us, and when we get frustrated and click the "Reload" button, we're generating more requests to those points and increasing their load more.
(As a corroborating aside, this explains why it's always easy to connect to the forums whether or not you can connect to SR. Different hidden service; different entry points. Different problems, and I'm sure the forums aren't as overloaded.)
Are all of SR's entry points still up? I don't know. Are they solid relays with enough bandwidth and CPU to do the job? I don't know. Are they being found and DDoSed by the graybeards? I don't know. Will Lassie make it in time to save little Timmy in the well? I don't know and stopped watching.
What I do know is this: Silk Road is (technically speaking) a lightweight piece of PHP shit that could probably run all right on a Playstation Portable. Processing hundreds of orders a day is nothing. There's no evidence that the server can't handle the load: once you can connect to it, it doesn't run much slower than anything else does over Tor. (Which is pretty damn slow.) The problem is connecting in the first place. To me that means an issue in the network, not an issue with the site. And "the network" in this case is Tor.
If I'm right, this means that yelling at the sysadmins to post downtime statuses or fix their servers isn't going to do any good. There isn't really any downtime, and the server's not at fault. Setting up as a new service and picking new entry points might help, but I doubt it's trivial, and might or might not mean another URL change.
In any case, I thought I'd share. I doubt it will calm everyone down, but it calmed me down. So there ya go.