Re: [tor-relays] Close friend

[IceFish ThreeTwo]

Thanks for the info guys!(:

On Sunday, August 17, 2014, Paul Syverson 
wrote:

> On Mon, Aug 18, 2014 at 04:41:33PM +1200, Christian Gagneraud wrote:
> > On 18/08/2014 4:26 p.m., Rex Wolf wrote:
> > >On 17/08/2014 9:11 PM, IceFish ThreeTwo wrote:
> > >>I'm pretty sure I read somewhere that the Family option in torrc is
> > >>used so that nodes administrated by the same person never make a
> > >>circuit with each other, which somehow protects anonymity. Should my
> > >>friend and I put each other's fingerprints in the Family field? Seems
> > >>logical since we know each other and if the point of theFamily field
> > >>is to protect anonymity.
> > >
> > >Hi IceFish,
> > >
> > >The MyFamily option is what you've described--an option used so that
> > >nodes administered by the same person / entity will only be used once in
> > >any given circuit (other nodes from the same family will not be used in
> > >the same circuit).
> > >
> > >This isn't so much to protect your anonymity as a relay operator, but to
> > >limit any one client's potential vulnerability. For example, if one
> > >relay operator happens to control both the guard node and the exit node
> > >in a circuit, they can correlate the timing of packets entering and
> > >exiting the network, and determine both a person's identity and the
> > >content of their traffic.
> >
> > On the other hand, if I'm a bad guy who as lot of entry and exit nodes, I
> > will certainly not disclosed it by using a "MyFamily" flag...
>
> Right. It's not meant to guard against that. But if you're honest and
> you are threatened or coerced or your relays are otherwise collectively
> compromised, MyFamily limits the damage.
>
> aloha,
> Paul
>
> >
> > Chris
> >
> > >You and your friend may know each other, but unless you both administer
> > >each other's nodes, I don't think you would need to use the MyFamily
> option.
> > >
> > >  -Rex
> > >
> > >
> > >
> > >___
> > >tor-relays mailing list
> > >tor-relays@lists.torproject.org 
> > >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> > >
> > ___
> > tor-relays mailing list
> > tor-relays@lists.torproject.org 
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>


-- 
Sent from my iPhone
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Close friend

[Paul Syverson]

On Mon, Aug 18, 2014 at 04:41:33PM +1200, Christian Gagneraud wrote:
> On 18/08/2014 4:26 p.m., Rex Wolf wrote:
> >On 17/08/2014 9:11 PM, IceFish ThreeTwo wrote:
> >>I'm pretty sure I read somewhere that the Family option in torrc is
> >>used so that nodes administrated by the same person never make a
> >>circuit with each other, which somehow protects anonymity. Should my
> >>friend and I put each other's fingerprints in the Family field? Seems
> >>logical since we know each other and if the point of theFamily field
> >>is to protect anonymity.
> >
> >Hi IceFish,
> >
> >The MyFamily option is what you've described--an option used so that
> >nodes administered by the same person / entity will only be used once in
> >any given circuit (other nodes from the same family will not be used in
> >the same circuit).
> >
> >This isn't so much to protect your anonymity as a relay operator, but to
> >limit any one client's potential vulnerability. For example, if one
> >relay operator happens to control both the guard node and the exit node
> >in a circuit, they can correlate the timing of packets entering and
> >exiting the network, and determine both a person's identity and the
> >content of their traffic.
> 
> On the other hand, if I'm a bad guy who as lot of entry and exit nodes, I
> will certainly not disclosed it by using a "MyFamily" flag...

Right. It's not meant to guard against that. But if you're honest and
you are threatened or coerced or your relays are otherwise collectively
compromised, MyFamily limits the damage.

aloha,
Paul

> 
> Chris
> 
> >You and your friend may know each other, but unless you both administer
> >each other's nodes, I don't think you would need to use the MyFamily option.
> >
> >  -Rex
> >
> >
> >
> >___
> >tor-relays mailing list
> >tor-relays@lists.torproject.org
> >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> >
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Close friend

[Christian Gagneraud]

On 18/08/2014 4:26 p.m., Rex Wolf wrote:

On 17/08/2014 9:11 PM, IceFish ThreeTwo wrote:

I'm pretty sure I read somewhere that the Family option in torrc is
used so that nodes administrated by the same person never make a
circuit with each other, which somehow protects anonymity. Should my
friend and I put each other's fingerprints in the Family field? Seems
logical since we know each other and if the point of theFamily field
is to protect anonymity.


Hi IceFish,

The MyFamily option is what you've described--an option used so that
nodes administered by the same person / entity will only be used once in
any given circuit (other nodes from the same family will not be used in
the same circuit).

This isn't so much to protect your anonymity as a relay operator, but to
limit any one client's potential vulnerability. For example, if one
relay operator happens to control both the guard node and the exit node
in a circuit, they can correlate the timing of packets entering and
exiting the network, and determine both a person's identity and the
content of their traffic.


On the other hand, if I'm a bad guy who as lot of entry and exit nodes, 
I will certainly not disclosed it by using a "MyFamily" flag...


Chris


You and your friend may know each other, but unless you both administer
each other's nodes, I don't think you would need to use the MyFamily option.

  -Rex



___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Close friend

[Rex Wolf]

On 17/08/2014 9:11 PM, IceFish ThreeTwo wrote:
> I'm pretty sure I read somewhere that the Family option in torrc is
> used so that nodes administrated by the same person never make a
> circuit with each other, which somehow protects anonymity. Should my
> friend and I put each other's fingerprints in the Family field? Seems
> logical since we know each other and if the point of theFamily field
> is to protect anonymity. 

Hi IceFish,

The MyFamily option is what you've described--an option used so that
nodes administered by the same person / entity will only be used once in
any given circuit (other nodes from the same family will not be used in
the same circuit).

This isn't so much to protect your anonymity as a relay operator, but to
limit any one client's potential vulnerability. For example, if one
relay operator happens to control both the guard node and the exit node
in a circuit, they can correlate the timing of packets entering and
exiting the network, and determine both a person's identity and the
content of their traffic.

You and your friend may know each other, but unless you both administer
each other's nodes, I don't think you would need to use the MyFamily option.

 -Rex



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Close friend

[IceFish ThreeTwo]

Hello.

I'm not going to use the term "Framily", Sprint can...nsfw.

Anyways, my close friend just set up a Tor node. I'm pretty sure I read
somewhere that the Family option in torrc is used so that nodes
administrated by the same person never make a circuit with each other,
which somehow protects anonymity. Should my friend and I put each other's
fingerprints in the Family field? Seems logical since we know each other
and if the point of theFamily field is to protect anonymity.

Thanks!

Ice Fish



-- 
Sent from my iPhone
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] reaching out to relay ops that run outdated versions

[jason]

yep you're correct, I should have taken note of the version numbers
better. All exits have been updated now.
-J

On 08/18/2014 03:48 AM, JT Allison wrote:
> 0.2.4.23 has been on the repo for awhile now.
> 
> ---
> GPG/PGP Fingerprint
> E129 722B A512 105C E8BE
> 4705 8046 EA48 2C82 1339
> https://arlen.io/key
> 
> On Aug 17, 2014 11:40 PM, mailto:ja...@icetor.is>> wrote:
> 
> actually after poking at this for a bit tonight it looks like newer
> packages haven't been rolled out for deb.torproject.org
>  repo's yet.
> I'll be waiting for them first.
> -Jason
> 
> On 08/18/2014 02:55 AM, ja...@icetor.is  wrote:
> > Let it never be said that public shaming doesn't work, I'll update
> > our exits tonight! -Jason
> >
> > On 08/17/2014 10:45 AM, Nusenu wrote:
> >> FYI: I just sent out the email bellow to ~160 relay operators - I
> >> hope this results in some actual improvements.
> >>
> >> It is a bit disappointing to see even torservers.net
> , DFRI,
> >> icetor, Frenn vun der Enn, Calyx, Cymru in the recipients list.
> >>
> >> The recipient list is based on the following output (limited to
> >> relays faster than 999KB/s):
> >>
> >> grep -v 0.2.5.6 Tor_query_EXPORT.csv |grep -v 0.2.4.23|grep -v
> >> 0.2.6.0|head -n 344 (csv is from torstatus.blutmagie.de
> )
> >>
> >>> Hello,
> >>
> >>> you are receiving this email because you are using an outdated
> >>> tor version on your tor relay. (your email address was taken
> >>> from your relay's contact info field)
> >>
> >>> Tor v0.2.4.23 has been released on 2014-07-28 [1] to address a
> >>>  security issue that makes de-anonymization attacks easier [2]
> >>> - please update to Tor v0.2.4.23 or v0.2.5.6.
> >>
> >>> To find out your current version run the following command on
> >>> your relay: tor --version
> >>
> >>> If you are using Linux: Package managers can be used to
> >>> automatically update Tor without requiring manual admin
> >>> intervention.
> >>
> >>
> >>> It is recommended to use the official APT/YUM repos from
> >>> torproject.org  to get timely updates: APT:
> >>> https://www.torproject.org/docs/debian.html.en YUM:
> >>> https://www.torproject.org/docs/rpms.html.en
> >>
> >>
> >>> thanks for running a relay and making the tor network safer!
> >>
> >>
> >>> [1]
> >>>
> https://lists.torproject.org/pipermail/tor-announce/2014-July/93.html
> >>
> >>
> >>
> >>>
> [2]
> >>>
> https://lists.torproject.org/pipermail/tor-announce/2014-July/94.html
> >>
> >>
> >>
> >>>
> ___
> >> tor-relays mailing list tor-relays@lists.torproject.org
> 
> >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> >>
> >
> > ___ tor-relays mailing
> > list tor-relays@lists.torproject.org
> 
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> >
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> 
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] reaching out to relay ops that run outdated versions

[JT Allison]

0.2.4.23 has been on the repo for awhile now.

---
GPG/PGP Fingerprint
E129 722B A512 105C E8BE
4705 8046 EA48 2C82 1339
https://arlen.io/key
On Aug 17, 2014 11:40 PM,  wrote:

> actually after poking at this for a bit tonight it looks like newer
> packages haven't been rolled out for deb.torproject.org repo's yet.
> I'll be waiting for them first.
> -Jason
>
> On 08/18/2014 02:55 AM, ja...@icetor.is wrote:
> > Let it never be said that public shaming doesn't work, I'll update
> > our exits tonight! -Jason
> >
> > On 08/17/2014 10:45 AM, Nusenu wrote:
> >> FYI: I just sent out the email bellow to ~160 relay operators - I
> >> hope this results in some actual improvements.
> >>
> >> It is a bit disappointing to see even torservers.net, DFRI,
> >> icetor, Frenn vun der Enn, Calyx, Cymru in the recipients list.
> >>
> >> The recipient list is based on the following output (limited to
> >> relays faster than 999KB/s):
> >>
> >> grep -v 0.2.5.6 Tor_query_EXPORT.csv |grep -v 0.2.4.23|grep -v
> >> 0.2.6.0|head -n 344 (csv is from torstatus.blutmagie.de)
> >>
> >>> Hello,
> >>
> >>> you are receiving this email because you are using an outdated
> >>> tor version on your tor relay. (your email address was taken
> >>> from your relay's contact info field)
> >>
> >>> Tor v0.2.4.23 has been released on 2014-07-28 [1] to address a
> >>>  security issue that makes de-anonymization attacks easier [2]
> >>> - please update to Tor v0.2.4.23 or v0.2.5.6.
> >>
> >>> To find out your current version run the following command on
> >>> your relay: tor --version
> >>
> >>> If you are using Linux: Package managers can be used to
> >>> automatically update Tor without requiring manual admin
> >>> intervention.
> >>
> >>
> >>> It is recommended to use the official APT/YUM repos from
> >>> torproject.org to get timely updates: APT:
> >>> https://www.torproject.org/docs/debian.html.en YUM:
> >>> https://www.torproject.org/docs/rpms.html.en
> >>
> >>
> >>> thanks for running a relay and making the tor network safer!
> >>
> >>
> >>> [1]
> >>>
> https://lists.torproject.org/pipermail/tor-announce/2014-July/93.html
> >>
> >>
> >>
> >>>
> [2]
> >>>
> https://lists.torproject.org/pipermail/tor-announce/2014-July/94.html
> >>
> >>
> >>
> >>>
> ___
> >> tor-relays mailing list tor-relays@lists.torproject.org
> >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> >>
> >
> > ___ tor-relays mailing
> > list tor-relays@lists.torproject.org
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> >
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] reaching out to relay ops that run outdated versions

[jason]

actually after poking at this for a bit tonight it looks like newer
packages haven't been rolled out for deb.torproject.org repo's yet.
I'll be waiting for them first.
-Jason

On 08/18/2014 02:55 AM, ja...@icetor.is wrote:
> Let it never be said that public shaming doesn't work, I'll update
> our exits tonight! -Jason
> 
> On 08/17/2014 10:45 AM, Nusenu wrote:
>> FYI: I just sent out the email bellow to ~160 relay operators - I
>> hope this results in some actual improvements.
>> 
>> It is a bit disappointing to see even torservers.net, DFRI,
>> icetor, Frenn vun der Enn, Calyx, Cymru in the recipients list.
>> 
>> The recipient list is based on the following output (limited to
>> relays faster than 999KB/s):
>> 
>> grep -v 0.2.5.6 Tor_query_EXPORT.csv |grep -v 0.2.4.23|grep -v 
>> 0.2.6.0|head -n 344 (csv is from torstatus.blutmagie.de)
>> 
>>> Hello,
>> 
>>> you are receiving this email because you are using an outdated
>>> tor version on your tor relay. (your email address was taken
>>> from your relay's contact info field)
>> 
>>> Tor v0.2.4.23 has been released on 2014-07-28 [1] to address a
>>>  security issue that makes de-anonymization attacks easier [2]
>>> - please update to Tor v0.2.4.23 or v0.2.5.6.
>> 
>>> To find out your current version run the following command on
>>> your relay: tor --version
>> 
>>> If you are using Linux: Package managers can be used to 
>>> automatically update Tor without requiring manual admin 
>>> intervention.
>> 
>> 
>>> It is recommended to use the official APT/YUM repos from 
>>> torproject.org to get timely updates: APT: 
>>> https://www.torproject.org/docs/debian.html.en YUM: 
>>> https://www.torproject.org/docs/rpms.html.en
>> 
>> 
>>> thanks for running a relay and making the tor network safer!
>> 
>> 
>>> [1] 
>>> https://lists.torproject.org/pipermail/tor-announce/2014-July/93.html
>>
>>
>>
>>> 
[2]
>>> https://lists.torproject.org/pipermail/tor-announce/2014-July/94.html
>>
>>
>>
>>> 
___
>> tor-relays mailing list tor-relays@lists.torproject.org 
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> 
> 
> ___ tor-relays mailing
> list tor-relays@lists.torproject.org 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Dynamic IP

[Sebastian Hahn]

Hi Tim,

> Sebastien, I run a relay on a machine that has an internal private IP, behind 
> a NAT router with a public IP.
> 
> In my experience, I need to specify the NAT router's public IP in the torrc, 
> otherwise tor doesn't include it in the router descriptor it submits to the 
> consensus.

This shouldn't happen typically, Tor tries to learn its IP address by
looking at the traffic it receives.

> If that process isn't working for me, is this a bug I should report?

Likely. Can you try again, noting the kind of log messages Tor might
emit?

Cheers
Sebastian
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Dynamic IP

[Tim]

> On Sun, 17 Aug 2014 00:42:13 +0200, Sebastian Hahn  
> wrote:
> 
> Date: Sun, 17 Aug 2014 00:42:13 +0200
> From: Sebastian Hahn 
> To: tor-relays@lists.torproject.org
> Subject: Re: [tor-relays] Dynamic IP
> Message-ID: <90abdce9-cc09-4892-9935-f7b7c7883...@sebastianhahn.net>
> Content-Type: text/plain; charset=us-ascii
> 
> Hi Tim,
> 
>> On 16 Aug 2014, at 23:53, Tim  wrote:
>> I'm running a relay on a similarly "dynamic" IP.
>> If the line goes down, I'm reallocated a new one. But otherwise the IP is 
>> stable.
>> If I don't notice the change, I notice the traffic drop, then I update the 
>> torrc, and everything works again.
> 
> I think you're a little confused. It's not necessary to specify your own
> IP address in Tor's configuration file. The various "address" options are
> purely optional. Or I am confused, and you mean something completely
> different?
> 

Sebastien, I run a relay on a machine that has an internal private IP, behind a 
NAT router with a public IP.

In my experience, I need to specify the NAT router's public IP in the torrc, 
otherwise tor doesn't include it in the router descriptor it submits to the 
consensus.

How does tor autodetect its public IP, when it is running on a separate machine 
with a private network IP, behind a NAT router with a public IP?

If that process isn't working for me, is this a bug I should report?

If tor doesn't currently autodetect public IPs on middleboxes (as opposed to 
the tor relay machine itself), is this a feature that could be implemented?
Or do we wish to discourage this use case?
(It would involve trusting an external server to report tor's public IP 
correctly - and making other assumptions like the middlebox having a single 
public IP.)

Tim



___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] reaching out to relay ops that run outdated versions

[jason]

Let it never be said that public shaming doesn't work, I'll update our
exits tonight!
-Jason

On 08/17/2014 10:45 AM, Nusenu wrote:
> FYI: I just sent out the email bellow to ~160 relay operators - I hope
> this results in some actual improvements.
> 
> It is a bit disappointing to see even torservers.net, DFRI, icetor,
> Frenn vun der Enn, Calyx, Cymru in the recipients list.
> 
> The recipient list is based on the following output (limited to relays
> faster than 999KB/s):
> 
> grep -v 0.2.5.6 Tor_query_EXPORT.csv |grep -v 0.2.4.23|grep -v
> 0.2.6.0|head -n 344
> (csv is from torstatus.blutmagie.de)
> 
>> Hello,
> 
>> you are receiving this email because you are using an outdated tor 
>> version on your tor relay. (your email address was taken from your
>> relay's contact info field)
> 
>> Tor v0.2.4.23 has been released on 2014-07-28 [1] to address a 
>> security issue that makes de-anonymization attacks easier [2] -
>> please update to Tor v0.2.4.23 or v0.2.5.6.
> 
>> To find out your current version run the following command on your
>> relay: tor --version
> 
>> If you are using Linux: Package managers can be used to
>> automatically update Tor without requiring manual admin
>> intervention.
> 
> 
>> It is recommended to use the official APT/YUM repos from 
>> torproject.org to get timely updates: APT: 
>> https://www.torproject.org/docs/debian.html.en YUM: 
>> https://www.torproject.org/docs/rpms.html.en
> 
> 
>> thanks for running a relay and making the tor network safer!
> 
> 
>> [1] 
>> https://lists.torproject.org/pipermail/tor-announce/2014-July/93.html
> 
> 
> [2]
>> https://lists.torproject.org/pipermail/tor-announce/2014-July/94.html
> 
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Torservers.net - unattended upgrades

[Nils Vogels]

There are some nice plugins for puppet, chef, ansible, etc.

Should save you a lot of time on software deployment!

Gr,
Nils

On August 17, 2014 3:35:14 PM CEST, Moritz Bartl  wrote:
>On 08/17/2014 03:12 PM, Nusenu wrote:
>> Please consider unattended automated updates. Maybe start with a few
>> relays first.
>
>I wanted to switch to unattended upgrades a long time ago, but the
>story
>of our relay "management" is more complicated than that... I really
>want
>some proper control, the ability to centrally update the MyFamily
>statement, etc etc. There have been some threads about it on the
>mailing
>list over time, but as we're all volunteers we can't magically fix
>everything immediately...
>
>-- 
>Moritz Bartl
>https://www.torservers.net/
>
>
>
>
>
>___
>tor-relays mailing list
>tor-relays@lists.torproject.org
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Torservers.net - unattended upgrades

[Nusenu]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

> I wanted to switch to unattended upgrades a long time ago, but the
> story of our relay "management" is more complicated than that...

What were the specific problems with unattended upgrades?

> There have been some threads about it on the mailing list

I was not aware about any threads regarding unattended torservers
upgrades. Would you point us to them?


> over time, but as we're all volunteers we can't magically fix 
> everything immediately...

Well I hope I didn't make the impression that you should "fix
everything immediately".
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJT8MTrAAoJEDcK3SCCSvoefNAP/idFiVJILa3IQUz0czQX3ojZ
OU8JpxWUmYaLBK2dLAtbTNVsjZd8+ESbx2Ww3EgjNXNIpok8AXp7lmbRBt7ZPyqD
yM84/1AzN3Y3FopjrGHnZnnURbJWIYnEEfpP1WKUQVHBdZo9nePZ0aK/fVFiHz5/
hhMjvAfgPKXxsbYYJoOvue8sfeK4c9bmwbpriYbGz10iO47yTBQuQ4CXDEcV5PcW
Rpl9J4ZbbBe9Lj2vYG+8PAqU/nb1aZ0oFcToBEGwS3SeLVEPS1EMirEQtHfy7zLI
LXJDm/olQ58eneAS0FhTgc7Qv2u1aK8+sfucof0JX5jLPvs2bsf8TNHDL2/YpEEe
l7PD4jo1uNuh5WinFFcyGpsRb/i3JWpqCFBDShEXsNOXijiH/hykoqHESjF354x9
md9SAd3sOCKLe6T/J8gKPiQ0RxVHWnrqJTfjk91X9NAy3LBqUhBwza2bZIoQkgeM
ZlZrCvQmTVx9oo4Iqi3HBmL9cpksI8Kx/zkAjRcOecdnKZFTRJsqOUwedQXcW1vn
G101kaC/LWFJRVDt94NDbnrilthbmY8LZF2PLIFoR1od0xN0zYRsf17UWe9DRx5y
JMqCkMrW4xCh9s1j9xy3NyNtjLwcT7xzacnL9p7SSCnHeH1Wa8JK2VCngrV+BMJm
mgn4FrbcO+j2gtdWQKS3
=BahY
-END PGP SIGNATURE-

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Torservers.net - unattended upgrades

[Moritz Bartl]

On 08/17/2014 03:12 PM, Nusenu wrote:
> Please consider unattended automated updates. Maybe start with a few
> relays first.

I wanted to switch to unattended upgrades a long time ago, but the story
of our relay "management" is more complicated than that... I really want
some proper control, the ability to centrally update the MyFamily
statement, etc etc. There have been some threads about it on the mailing
list over time, but as we're all volunteers we can't magically fix
everything immediately...

-- 
Moritz Bartl
https://www.torservers.net/



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Torservers.net - unattended upgrades

[Nusenu]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512


> On 08/17/2014 01:08 AM, Nusenu wrote:
>> since you haven't updated most of your relays to address [1]
>> released on 2014-07-28 yet, I was wondering if everything is ok?
>> collective vacation?
> 
> Indeed. This is terrible and we will add some more trusted people's
> ssh keys to the relays, but then again we really want to limit the
> number of keys that can access our relays for security reasons...

Please consider unattended automated updates. Maybe start with a few
relays first.

Even in your environment (I guess you do custom builds) I consider
this to be the option that results in the fasted response times and
safest network.

Worst case would be that the upgrade fails and all your relays go
down. Depending on the actual vulnerability that is being fixed, an
offline relay can be preferred over a vulnerable relay.

Most of the time it will probably work just fine and safe you some
time doing boring updates.

> I am returning from vacation tomorrow and will update all relays.
> Sorry for the delay.

Thanks.

-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJT8Ko6AAoJEDcK3SCCSvoeEscP/02nN0YwyX4cJzXnDuLMzYaC
MxMwmp2boVVlslv/CQUcH/IOD9S2aK1xLgR89YG9vvnaiiC5Fcbf7z0LqZwu6rGz
Jzxr/D5SV+6sF3tnB1oomgASfET1BibrpetGBiY8j747QxEwQ2/yhuxfQUBUv8Pc
CGYOpu1kcKGB3fV/wk2k8sSLlXuNjOtoHoPa/Ud1YVQAGj6730I7VWt7L+pXwZSk
INWTfbe4bn8jvqHUxE/YvGAGMKmiE6OHjcTDOQ57B0jatiXPsj02p8vVHJA4EZ0F
5tzyD739JK5B9uIPHWOydwbIwg0SGjjO0xONawmkTKlF6xekVplDa1C/8GMUtanj
YKzXnYNirKZalWM3c2+5rgX1lwtvzgizadjnQ2xYNNrnpEunOcEml4FuwWOokPbN
a8pKwBNxJeV8tklIsN4TEsJIXbDLGdDqc67NXnkXsYGNaCTGYuXzszRQ3l5qPI8f
PUTx7zG/ZU0CF8bE3AZ0fLgHtp0QxW1dfpaagLE1orikecCY0F6tzFWyY1SJ4Qmr
XPmadyIGcxJ9QH0oasZOoaSBMaimF4zR+z/L3vVVHD15XbDj27/lDDCTfyi3bguZ
2qiSgbqcyuwyIl6eiSbOgSoLqgRaARXxwzsxmxPNSkNFcBPhuDx++dTCfkotJ93D
yDa2YsWTer18rb1Cv9Yf
=tViE
-END PGP SIGNATURE-

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Torservers.net relays not updated yet?

[Moritz Bartl]

Hi Nusenu,

On 08/17/2014 01:08 AM, Nusenu wrote:
> since you haven't updated most of your relays to address [1] released
> on 2014-07-28 yet, I was wondering if everything is ok? collective
> vacation?

Indeed. This is terrible and we will add some more trusted people's ssh
keys to the relays, but then again we really want to limit the number of
keys that can access our relays for security reasons...

I am returning from vacation tomorrow and will update all relays. Sorry
for the delay.

-- 
Moritz Bartl
https://www.torservers.net/
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Number of relays by version

[Nusenu]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

related feature requests/trac entries:

https://trac.torproject.org/projects/tor/ticket/6947
https://trac.torproject.org/projects/tor/ticket/6855
https://trac.torproject.org/projects/tor/ticket/6856
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJT8IqwAAoJEDcK3SCCSvoeboUP/jG6Ro76uxnUJS8/gwHeDrna
pKRS+DWF5xeC2kLIUkFRQAxEY/sGKqE4dFGMJeiVaZnnBenlfARyxKYambKSVm4O
akCEl0SoGRydI6iEcT1busj3Pg3S0cSBKYHyV+/66sSvlj+zgnnzpu/8bygKtAME
/YX5M5Cp7ikaQqebcJkN54BAV52FCx0g72BRqW3OhQpxyltAXkjnY/nR7ELSqYaA
dGx7OTALsUQ8uGDDFYajuIJfPMyZ5Qf/KfCJQ2ngajVj0qUkN4BMxRGfewjmjarg
u9W0qOcFDWlJ0jrOkgucdxY49OiTdCEEK3cjYFIT6VINqlB9xUbHX5sKjSwqpsq3
KdFJuUxbmWKZsCYKofvCcnxPKKmxmYeaZj1+wyehbr2lD4esGL5FMuTT7uCDOB9J
GJl5HwYHBP2E8TYj0ynXSvZvhuKXNq2DQYC94UDMrJnsm1a1bml75eva+Uk/1++S
+hhRvn+eIuS3MHySbFaGVW/aWfc3OdTCKfFh2ygTeQSnVTL9gpBt6NM1Ht14ruAf
E5M4k1s7taTbzo8N+QmS3v2UWfUau63DpfTExPNxcgysp9O9Qt6usIbRgR6isF8K
fD/a6GXYTRYxFEzwNZMnwTLPky5WGMp1DvJrnvIE5X+UvnIKgW0SaocBZIoGbFT4
fS5sOpJf9YRKp6vfm/1B
=k7U5
-END PGP SIGNATURE-

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] reaching out to relay ops that run outdated versions

[Nusenu]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

FYI: I just sent out the email bellow to ~160 relay operators - I hope
this results in some actual improvements.

It is a bit disappointing to see even torservers.net, DFRI, icetor,
Frenn vun der Enn, Calyx, Cymru in the recipients list.

The recipient list is based on the following output (limited to relays
faster than 999KB/s):

grep -v 0.2.5.6 Tor_query_EXPORT.csv |grep -v 0.2.4.23|grep -v
0.2.6.0|head -n 344
(csv is from torstatus.blutmagie.de)

> Hello,
> 
> you are receiving this email because you are using an outdated tor 
> version on your tor relay. (your email address was taken from your
> relay's contact info field)
> 
> Tor v0.2.4.23 has been released on 2014-07-28 [1] to address a 
> security issue that makes de-anonymization attacks easier [2] -
> please update to Tor v0.2.4.23 or v0.2.5.6.
> 
> To find out your current version run the following command on your
> relay: tor --version
> 
> If you are using Linux: Package managers can be used to
> automatically update Tor without requiring manual admin
> intervention.
> 
> 
> It is recommended to use the official APT/YUM repos from 
> torproject.org to get timely updates: APT: 
> https://www.torproject.org/docs/debian.html.en YUM: 
> https://www.torproject.org/docs/rpms.html.en
> 
> 
> thanks for running a relay and making the tor network safer!
> 
> 
> [1] 
> https://lists.torproject.org/pipermail/tor-announce/2014-July/93.html
>
> 
[2]
> https://lists.torproject.org/pipermail/tor-announce/2014-July/94.html
>
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJT8IfkAAoJEDcK3SCCSvoecIMP/0NX+C4+h55BXaQt2RSwA472
PyEIjSRUwrlnc0navJ1pSHOusCWnrCiMFXQaQqcdCliODzEytPoaLynItiwAtKzp
UhDja4Sp/Lag9m9CiNJ/0C9k9OeHQbKcEffLAnTVUOZmcBFwo2CsROruGgveOic6
gE13Yi9LuoHdtMfDDRgLoQyL5hqa1kogpj9maMjXZwEwXhZvNpd7GEUd79WjtVm+
eFoYTW4mgPXcU0fZOtuZxAAkrd/blEzr67o4aKiMeaNDo6zmXIBe1URsPkRf50dO
kQ0m4/GSicdVyOnsId+f6RcpAD/LD7QiqIyxv/XZ9uEDqtI2RvxBxNeU9kXU8KK+
y4fsXKZ4pvXgj5Nqv7niNJlftegr1rrdRB7wAtZ/2ETpEL3dqC+aBo0bL+ctk1zZ
RlXZkPTOTmGEh5pDxXr8P1rxukgivOsPw3tWmeCjb2+HeiRi117LNeccvwW3SZYE
pDLVSJIhxpkFKxtJ8N4vTyqoQzX/N+g1gkOZ/yuF4aCIpfLFTxjUUkMt8wyEI+v2
HMiAXyeHBFh541b9ScTrLao21sxPDsQHq1mNf3RHRKESgiejWLZz74wojUU/drIP
coZVoJ7U3aFqb6xgIlJzv8u+IcPld6Xsy3U8MUtD+4q2v7t9y6u6QBrj454YCQrQ
Ms0g2ocOvRCTKWUgtbdx
=BK/o
-END PGP SIGNATURE-

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays