[tor-relays] two questions about bridge

2015-02-02 Thread jchase
Hello,
I have a bridge up and running for about 6 months. I have two questions.
According to arm my fingerprint is
72DB4EE86C65856E3131A32D8E30EC8A2B72A73D . But if I look up
rasptorholland in globe.torproject.org I find that my fingerprint is
1BCD3EBEFE17EEB86EEDE21D5E2DB8468E2864CF . And again according to
globe.torproject.org my pool assignment is blank (the empty set). Are
these related to each other and is something wrong?
Thanks,
J Chase

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


Re: [tor-relays] two questions about bridge

2015-02-02 Thread isis
jchase transcribed 0.6K bytes:
 Hello,
 I have a bridge up and running for about 6 months. I have two questions.
 According to arm my fingerprint is
 72DB4EE86C65856E3131A32D8E30EC8A2B72A73D . But if I look up
 rasptorholland in globe.torproject.org I find that my fingerprint is
 1BCD3EBEFE17EEB86EEDE21D5E2DB8468E2864CF .

Globe replaces Bridge fingerprints with their hashed form, i.e. instead of:

  72DB4EE86C65856E3131A32D8E30EC8A2B72A73D = H(PK_ID)

It's hashed again, i.e.:

  1BCD3EBEFE17EEB86EEDE21D5E2DB8468E2864CF = H(H(PK_ID))

This is to protect the real fingerprint of the Bridge, because with the real
fingerprint one can request its descriptor and connect to it (meaning that
leaking the fingerprint can result in the Bridge being blocked in censoring
regions).

 And again according to
 globe.torproject.org my pool assignment is blank (the empty set). Are
 these related to each other and is something wrong?
 Thanks,
 J Chase

BridgeDB no longer syncs pool assignment data to the Metrics servers, [0]
meaning that it no longer ends up in Onionoo, meaning that it no longer ends
up in Globe.

There is ticket #13921 to remove this field from Globe's display.

Patches, reviews of others' patches, and other contributions to Globe are
*extremely* welcome, as I hate writing JS and detest the web.

[0]: https://bugs.torproject.org/14082
[1]: https://bugs.torproject.org/13921

-- 
 ♥Ⓐ isis agora lovecruft
_
OpenPGP: 4096R/0A6A58A14B5946ABDE18E207A3ADB67A2CDB8B35
Current Keys: https://blog.patternsinthevoid.net/isis.txt


signature.asc
Description: Digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


Re: [tor-relays] [tor-assistants] Running obfs4proxy on Debian Stable

2015-02-02 Thread Yawning Angel
On Mon, 2 Feb 2015 22:41:40 +
isis i...@torproject.org wrote:
 I requested that the obfs4proxy package in Debian jessie be ported to
 wheezy-backports, [0] however, it seems this is extremely unlikely to
 happen because it would mean backporting pretty much every Golang
 package in existence.

Last I heard, that was mostly unnecessary, though how exactly this apt
pinning stuff works is a mystery to me[0].

 I would be super stoked if we could make it as easy and seamless as
 possible for the Bridge operators who are still running obfs2 (!!) to
 move to supporting better, newer Pluggable Transports.  Currently
 recommended PTs to run are: obfs3, obfs4, scramblesuit, and
 fteproxy.  When Tor Browser 4.5 becomes stable (probably in mid-April
 2015), we'll want lots more obfs4 Bridges!  For the super adventurous
 sysadmins who'd like to try Yawning's experimental new post-quantum
 PT, Basket [1] is one of the newest PTs.

More obfs4 bridges would be amazing.  It's worth noting that obfs4proxy
can also handle obfs2 and 3 (and with a branch that I need to
test/merge soon, a ScrambleSuit client), and it even is easy to run
bridges on ports  1024 without messing with port forwarding.

Basket is still a research project and non-researchers shouldn't deploy
it because the wire format may change (and it consumes a hilarious
amount of bandwidth).

 We should probably come up with some easy instructions for operators
 of Tor Bridge relays who are running Debian stable, such as adding an
 Apt pin to pull in only the obfs4proxy package and its dependencies
 from Debian jessie and keep everything else pinned to stable.  If
 someone has done this, or has another simple solution, would you mind
 writing up some short how-to on the steps you took, please?
 
 [0]:
 http://lists.alioth.debian.org/pipermail/pkg-anonymity-tools/Week-of-Mon-20150202/001119.html
 [1]: https://github.com/yawning/basket

All of obfs4proxy's dependencies are build time.  The binary is
statically linked because that's what Go does.  David S.'s ansible-tor
package does it like this:

https://github.com/david415/ansible-tor/commit/f897581daa79389ddcb28c7dae601473e85e8226

So the documentation should be a matter of how to setup the apt pin
for a single package.  I've heard someone complaining about the tor
AppArmor profile but that also isn't something I've dealt with ever.

Regards,

-- 
Yawning Angel

[0]: I just scp the binary to my bridge whenever I need to update it,
and my idea of how to update all my linux systems starts with pacman
and not apt-get.


pgpL005w2im2I.pgp
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


[tor-relays] TOR: Inbound, Outbound, Exit connections

2015-02-02 Thread Ralph Bolliger
*Good evening ladies and gentleman*

I'm running a TOR Exit for a few days now (
https://globe.torproject.org/#/relay/06BA80D9E1143CFAD835442142A3FA5A1E4FD910).
I'm also using TOR ARM in order to monitor TOR's performance, log messages
and connections.
When I have a look at the connections page on TOR ARM I read about
«Inbound», «Outbound» or «Exit» connections. I searched the web already.
But I wasn't able to find a site that explains in simple words what's the
difference between «Inbound», «Outbound» or «Exit» connections.

Is there anybody who is able to tell me what «Inbound», «Outbound» or
«Exit» connections are?

Greetings from Switzerland

Information Architect
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


[tor-relays] Running obfs4proxy on Debian Stable

2015-02-02 Thread isis
Hello,

I requested that the obfs4proxy package in Debian jessie be ported to
wheezy-backports, [0] however, it seems this is extremely unlikely to happen
because it would mean backporting pretty much every Golang package in
existence.

I would be super stoked if we could make it as easy and seamless as possible
for the Bridge operators who are still running obfs2 (!!) to move to
supporting better, newer Pluggable Transports.  Currently recommended PTs to
run are: obfs3, obfs4, scramblesuit, and fteproxy.  When Tor Browser 4.5
becomes stable (probably in mid-April 2015), we'll want lots more obfs4
Bridges!  For the super adventurous sysadmins who'd like to try Yawning's
experimental new post-quantum PT, Basket [1] is one of the newest PTs.

We should probably come up with some easy instructions for operators of Tor
Bridge relays who are running Debian stable, such as adding an Apt pin to pull
in only the obfs4proxy package and its dependencies from Debian jessie and
keep everything else pinned to stable.  If someone has done this, or has
another simple solution, would you mind writing up some short how-to on the
steps you took, please?

[0]: 
http://lists.alioth.debian.org/pipermail/pkg-anonymity-tools/Week-of-Mon-20150202/001119.html
[1]: https://github.com/yawning/basket

-- 
 ♥Ⓐ isis agora lovecruft
_
OpenPGP: 4096R/0A6A58A14B5946ABDE18E207A3ADB67A2CDB8B35
Current Keys: https://blog.patternsinthevoid.net/isis.txt


signature.asc
Description: Digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


Re: [tor-relays] Tor and Freenode

2015-02-02 Thread Markus Hitter
Am 02.02.2015 um 05:59 schrieb Moritz Bartl:
 The history of Tor and Freenode is quite long and we currently can't
 seem to change how they treat Tor users. Better ways could be
 implemented, but someone would have to implemented it for their homebrew
 grown IRCd.

Thanks. At least one person understanding the disappointment about the current 
state of affairs.


Markus

-- 
- - - - - - - - - - - - - - - - - - -
Dipl. Ing. (FH) Markus Hitter
http://www.jump-ing.de/
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


[tor-relays] Stats [was: freenode]

2015-02-02 Thread grarpamp
On Sat, Jan 24, 2015 at 3:16 PM, cacahuatl cacahu...@autistici.org wrote:
 Most of the network is under-utilised guards and middle nodes, hidden
 services don't stress exits, which are the limited resource.

Exits can and do serve in all the other node roles too.
I don't think there has yet been a study to determine the actual
unused capacity of the relays as grouped by flag permutations.
Nor has compass been enhanced to support that selection matrix.

 Triples?

A HS doubles vs exit.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


Re: [tor-relays] Hibernating / Traffic limit and consequrnces for the network.

2015-02-02 Thread Erik de Castro Lopo
Zack Weinberg wrote:

 I wonder how hard it would be to have relays randomize the start point
 of their hibernation period, to stabilize the amount of available
 bandwidth over a 1-month interval...

I run my relay with a daily limit using:

AccountingStart day HH:MM
AccountingMax XXXGB

My relay currently runs for about 2/3 day and hibernates for the other
1/3 of the day.

As long as everyone choses a different HH:MM, this should average out
pretty nicely.

Erik
-- 
--
Erik de Castro Lopo
http://www.mega-nerd.com/
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays