Re: [tor-relays] Multi node management programs/platforms?

2018-09-03 Thread Norman Rieß 
Hello,

what maintenance actions do you take? I merely keep the operating system
up to date, which includes the tor package.
So i do not ssh regularly into my machines. Sometimes maybe once a week.
What are you guys doing every day?



Am 04.09.18 um 07:36 schrieb Spiros Andreou:
> I used to use Puppet and Foreman, but I've now just taken to SSH'ing
> into each exit and manually maintaining them.
> 
> 
> 
> On September 4, 2018 2:11:59 AM UTC, "Isaac Grover, Aileron I.T."
>  wrote:
> 
> Good evening, 
> 
> For those of you who manage multiple exits and/or relays, what
> program/platform do you use to manage them? 
> 
> Make your day great,
> Isaac Grover, Senior I.T. Consultant
> Aileron I.T. - "Practical & Proactive I.T. Solutions"
> 
> Office: 715-377-0440, Fax:715-690-1029, Web: www.aileronit.com
> 
> 
> -- 
> Spiros Andreou
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 




signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Multi node management programs/platforms?

2018-09-03 Thread Spiros Andreou 
I used to use Puppet and Foreman, but I've now just taken to SSH'ing into each 
exit and manually maintaining them.  



On September 4, 2018 2:11:59 AM UTC, "Isaac Grover, Aileron I.T." 
 wrote:
>Good evening,
>
>For those of you who manage multiple exits and/or relays, what
>program/platform do you use to manage them?
>
>Make your day great,
>Isaac Grover, Senior I.T. Consultant
>Aileron I.T. - "Practical & Proactive I.T. Solutions"
>
>Office: 715-377-0440, Fax:715-690-1029, Web: www.aileronit.com

-- 
Spiros Andreou___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Multi node management programs/platforms?

2018-09-03 Thread I 





 How many relays do you do that to?
  




___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Multi node management programs/platforms?

2018-09-03 Thread Nathaniel Suchy 
I use a platform called time and SSH :)

On Mon, Sep 3, 2018 at 10:12 PM Isaac Grover, Aileron I.T. <
igro...@aileronit.com> wrote:

> Good evening,
>
> For those of you who manage multiple exits and/or relays, what
> program/platform do you use to manage them?
>
> Make your day great,
> Isaac Grover, Senior I.T. Consultant
> Aileron I.T. - "Practical & Proactive I.T. Solutions"
>
> Office: 715-377-0440, Fax:715-690-1029, Web: www.aileronit.com
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Multi node management programs/platforms?

2018-09-03 Thread Isaac Grover, Aileron I.T. 
Good evening,

For those of you who manage multiple exits and/or relays, what program/platform 
do you use to manage them?

Make your day great,
Isaac Grover, Senior I.T. Consultant
Aileron I.T. - "Practical & Proactive I.T. Solutions"

Office: 715-377-0440, Fax:715-690-1029, Web: www.aileronit.com
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Possible problem with NYX

2018-09-03 Thread Nathaniel Suchy 
You have to decide a balance of usefulness to a legitimate operator and
privacy concerns. I could just as easily run Wireshark or TCPDump on my
relays and get client IP Addresses that way. You are trusting most
operators, like me, are the good guys. Of course a client IP isn’t very
useful without a way to associate exit traffic to them.

Cordially,
Nathaniel

On Mon, Sep 3, 2018 at 4:14 PM arisbe  wrote:

> Hello ops,
>
> Today I noticed something on NYX that I find disturbing.  Page 2 (list
> of inbound/outbound connections) showed me the IP address of an inbound
> connection on one of my bridges!  Not the authority. This is crazy as
> these are indicated as :port for the users protection!  I have
> never seen this before and haven't seen it since.  Of course, on low
> usage bridges, the connection IP address can possibly be disseminated
> from netstat but that's not the point.  It's my sense that this should
> never happen.  I get chills imagining this happening on a guard relay
> operated by an antagonist ! !
>
> I'm using the default NYX configuration on Ubuntu server 18.04.1 LTS,
> Tor 0.3.3.9.
>
> Arisbe
>
> --
> One person's moral compass is another person's face in the dirt.
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Possible problem with NYX

2018-09-03 Thread arisbe 

Hello ops,

Today I noticed something on NYX that I find disturbing.  Page 2 (list 
of inbound/outbound connections) showed me the IP address of an inbound 
connection on one of my bridges!  Not the authority. This is crazy as 
these are indicated as :port for the users protection!  I have 
never seen this before and haven't seen it since.  Of course, on low 
usage bridges, the connection IP address can possibly be disseminated 
from netstat but that's not the point.  It's my sense that this should 
never happen.  I get chills imagining this happening on a guard relay 
operated by an antagonist ! !


I'm using the default NYX configuration on Ubuntu server 18.04.1 LTS, 
Tor 0.3.3.9.


Arisbe

--
One person's moral compass is another person's face in the dirt.

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] 4 of Conrad Rockenhaus trial servers are in the top ten exit relays for Canada

2018-09-03 Thread Michael Brodhead 
Meltdown and Spectre are interesting intellectually but real world breaches 
tend to be more prosaic. It's the boring stuff that gets us: social 
engineering, shitty passwords, out-of-date software. We see it over and over in 
the news and in overviews like the DBIR.

I'm not saying we should ignore those vulns but we shouldn't dig a deeper moat 
while leaving the drawbridge down. Let's make sure we're doing a good job on 
the basics.

--mkb


> On Sep 2, 2018, at 6:21 AM, Gary  > wrote:
> 
> Conrad,
> 
> Thank you for your reply. I can now see that 4 big + 1 small (or 5 big) 
> providers is definitely better than only 4 big ones for diversity, but it 
> leads to another diversity question which needs some background:
> 
> For a while, earlier this year during the spectre / meltdown vulnerability 
> commotion I ran a couple of relays in VM's using Amazon Web Services (AWS). I 
> was confident in the knowledge that the AWS provided kernels / VM's switched 
> to the spectre mitigation measures. Sure they slowed down a bit for a while, 
> but they speeded up again when after AWS tweaked it a little. Because I know 
> my VM's were using the mitigation I know other VM's can't spy on the tor 
> traffic & what ever encryption keys happens to been in the VM's memory at 
> that time (the really paranoid can supply their own kernel / boot image to 
> run).
> 
> My VM's were probably running in a rack containing hardware that also runs 
> websites, web applications, corporate cloud email and backup systems the list 
> could go on, but it importantly it is about diversity.
> 
> If one person were to run a hardware rack full of VM's that ALL run tor - 
> that is a prime target for, for example, some spying government or 
> international hacker group. For an admittedly far fetched example, some 
> government can fly in, flash a court warrant to an underpaid security guard 
> and do whatever they want to the rack, and then ALL the tor relays that are 
> hosted there are compromised. Yes thats unlikely to happen but its still a 
> risk.
> 
> I am interested to hear your opinion on the diversity question of - How does 
> having many relays in one place not damage diversity, even if they are 
> connected to different networks / AS's are are technically controlled by 
> different people. 
> 
> Again I want to point out what you are doing is good - I apologise if I 
> appear to be "trolling" you, I am genuinely interested in learning the 
> technical pro's and con's relating to this topic.
> 
> Thanks again,
> 
> Gary.
> 
> On Sun, 2 Sep 2018 at 02:26, Conrad Rockenhaus  > wrote:
> Gary,
> 
> It’s bad in the same way it’s bad as the other numerous other exit relays 
> that run under the OVH umbrella. I am not my own independent upstream and run 
> my servers at a colocation facility at OVH. I also plan on running my servers 
> at a colocation facility at another location for AS-diversity purposes but 
> donations aren’t enough to cover all of the bills to be honest, but I’m 
> partnering up with a fellow Texan and we’ll make sure this nonprofit grows at 
> the rate needed to support diversity.
> 
> But if you ignore the emails sounding alarm about this or that, you should 
> realize - Greypony is no different than Hetzner, OVH, or DigitialOcrean - 
> which rank in the top 5 of the Tor relay providers by size and bandwidth, by 
> node count, AS, and bandwidth. Someone should ask those providers the exact 
> same thing, because they’re setup just like me - I don’t have root access to 
> a customer’s server - they don’t have access.
> 
> I’m actually a little drop in the big bucket But I’ve been trying to promote 
> diversity through the use of other providers.
> 
> Thanks,
> 
> Conrad
> 
> > On Sep 1, 2018, at 6:53 AM, Gary  > > wrote:
> > 
> > Conrad,
> > 
> > I have been following this thread and would be grateful if you could clear 
> > up some confusion for me.
> > 
> > Firstly, I am not 1337 haxorz, I dont have a technical profession. However 
> > I do believe in tor and anything that can increase the number of relays is 
> > good. You are donating your time and resources freely to tor for the 
> > benefit of everyone. You have helped me, others on this list, as well as 
> > countless others contribute to the Tor Project.
> > 
> > All these large relays that you are managing - surely this is bad in terms 
> > of AS diversity? One user / network provider shouldn't have a large control 
> > over the network.
> > 
> > My question:
> > 
> > Is there anyway that these relays can be added to the network in such a way 
> > that does not damage diversity?
> > 
> > Dont get me wrong - I believe in what you do. If these relays are been 
> > added without damaging diversity then I apologise for my misunderstanding 
> > of the topic.
> > 
> > Thanks,
> > 
> > Gary
> > 
> > On Sat, 1 Sep 2018 at 00:12, Conrad Rockenhaus  >

Re: [tor-relays] Unmeasured - 69D9FF1BE14B9AE77701A6BCBC075FF837F5AFF9

2018-09-03 Thread nusenu 

addressed off-list

-- 
https://twitter.com/nusenu_
https://mastodon.social/@nusenu



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Unmeasured - 69D9FF1BE14B9AE77701A6BCBC075FF837F5AFF9

2018-09-03 Thread Dark Matter 
Greetings,

my relay 69D9FF1BE14B9AE77701A6BCBC075FF837F5AFF9 (darkmatter) recently (3 
days) received an Unmeasured flag and is considered to be offline. I could not 
detect any issues on my side and wondered if you could help me to resolve this.

Best regards, Dark
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Relay operators meetup part #2 @ Onionspace, Berlin

2018-09-03 Thread Vasilis 
Hi,

You can find the (public) meetup notes here:
https://trac.torproject.org/projects/tor/wiki/org/meetings/BerlinRelayOperatorsMeetupAug18

Thanks to everyone coming to the meetup.


Cheers,
~Vasilis
-- 
Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162
Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays