Re: [tor-relays] Operator straw poll: Reasons why you use Tor LTS versions?
> On Sep 5, 2019, at 10:21 PM, grarpamp wrote: > >> never relied on the OS Package of Tor, mainly because OS’s OpenSSL versions >> are behind the current version of OpenSSL, so I normally compile Tor against >> the latest OpenSSL. Example, FreeBSD 12.0-RELEASE has OpenSSL >> 1.1.1a-freebsd, which generates a slight crypto error during the startup of >> Tor. If you download OpenSSL 1.1.1c and just compile against it, eh, problem >> fixed. > > As to realtime, hardly any behind... > ver openssl 12-stable ports-head > 1.1.1c 20190528 20190528 20190528 > 1.1.1b 20190226 20190226 20180227 > 1.1.1a 20181120 20181120 20181120 > ... not including any 'responsible disclosure' bs > around any HW / SW that users may or may not > be affected by. > > As to release mechanics... > 12.0-release base had latest 1.1.1a at release, > release ports tags were one letter rev behind > at 1.0.2p and 1.1.0i, release ports head was > latest at 1.0.2q and 1.1.1a, quarterly was similar. > > tor follows same pattern, people can research > and post those datas if they want. > > Of course people's boxes will be behind if they never > update them beyond release, that's not fault of any OS. > > https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/updating-upgrading.html > https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ports.html > https://download.freebsd.org/ftp/snapshots/ > > Either update base per binary, snapshot, releng, or stable... > or track and install ports (packages) quarterly, latest / head... > and compile against that as needed. > > Or get the upstream sources and do by hand. > > If people aren't on FreeBSD or a well supported > Linux distro they should expect their OS to be > laggy in areas. > > Many FreeBSD tor users would be fine tracking > base stable and packages latest (ports head). > pkg.conf: url: "pkg+https://pkg.FreeBSD.org/${ABI}/latest;, > > If their OS of choice is still a bit laggy for them, they > can join their OS community and start generating > update commits... :) > > https://freebsd.org/ > https://openbsd.org/ > etc > or whatever pump and dump linux distro is hot this year. Grampamp, You know I love you tons - but the problem with the FreeBSD release of Tor isn’t fixed by switching to “latest”, you’ll still get the error upon startup. It’s compiled against an older version of OpenSSL. Since it already has an active maintainer I can’t just go in and take it over. That would be rude. Yes, OpenSSL on mainline 12.0-RELEASE is fixed, but what they compiled the package against isn’t, so it’s either compile the port or don’t use pkgs. I for one believe in the philosophy of not mixing pkgs and ports so…. Ports it is. Thanks, Conrad signature.asc Description: Message signed with OpenPGP ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Operator straw poll: Reasons why you use Tor LTS versions?
> On Sep 5, 2019, at 11:44 AM, Matt Traudt wrote: > > On 9/4/19 22:43, teor wrote: >> Hi Mike, >> >> Here's some other reasons that might affect a few operators: >> >>> On 5 Sep 2019, at 12:11, Mike Perry wrote: >>> >>> Unfortunately, we still have something like 2500 relays on either Tor >>> 0.2.9-LTS or Tor 0.3.5-LTS. >>> >>> What are the reasons for this? My guess is the top 5 most common >>> responses are: >>> >>> 1. "I didn't know that Debian's backports repo has latest-stable Tor!" >>> 2. "I didn't see the Tor Project repos mentioned in Tor's Relay docs!" >>> 3. "I'm running a distribution that Tor Project doesn't have repos for." >>> 4. "I rolled my own custom Tor from git and forgot about it." >>> 5. "My relay machine was not getting any updates at all. Oops." >>> >>> Does anyone have a reason that they think many other relay operators >>> also share? >> >> 6. When I tried to update, it didn't work with my old config >> 7. I need features that only exist in older Tors >> - I can think of Tor2web, there may be others >> 8. I am maintaining research or other patches against tor, and rebases >> are difficult >> > > Regarding my relays, which currently are [0] > > - Two were stuck on 0.3.4.11 because I had to install Tor from source on > that machine and am bad about updating it (just updated) > - Two are stuck on 0.3.5.7 because research and rebasing to new versions > is liable to create inconsistencies and general doubt about results > > [0]: https://metrics.torproject.org/rs.html#search/contact:pastly > >>> How can we fix that for you, or at least, how can we make it easier to >>> run the very latest stable series Tor on your relay? > > This is a huge ask and I don't expect anything to come of this > suggestion, but: > > Auto updates from within Tor itself (not relying on distro package > managers). Put it behind a torrc option, allow the authorities to tell > relays with the option enabled to download a new tor binary from $PLACE, > create a bunch of infrastructure that builds Tor for all supported > platforms reliably and efficiently, use a bunch of signatures everywhere > so nothing bad can happen, done. So easy a caveman could do it, nothing > bad could ever happen, absolutely no downsides, it's $CURRENT_YEAR so > why don't we have this, etc. etc. > > -- > Matt This may not matter for LTS versions, but I just wanted to mention it it in reference it to the possible idea that Tor possibly updating itself. I’ve never relied on the OS Package of Tor, mainly because OS’s OpenSSL versions are behind the current version of OpenSSL, so I normally compile Tor against the latest OpenSSL. Example, FreeBSD 12.0-RELEASE has OpenSSL 1.1.1a-freebsd, which generates a slight crypto error during the startup of Tor. If you download OpenSSL 1.1.1c and just compile against it, eh, problem fixed. Sorry, maybe I just don’t like seeing errors :). Anyway, why don’r we try to simplify the update process even further and just ship Tor with some ansible scripts that will replace the binary, check the config file and comment out any settings that will break the new version, then restart? It’s pretty simple to write an sensible script to do this function. --- Conrad Rockenhaus con...@rockenhaus.com https://www.rockenhaus.com/ (254) 292-3350 signature.asc Description: Message signed with OpenPGP ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Please test bandwidth and resiliency of greyponyitnyc002
Hello, I was wondering if Rob would be willing to perform speed measurements on this node, it’s. 20 vcpu running CentOS 7 with manually compiled Tor against OpenSSL 1.1.1 on a 30Gbit link. I know it’s not going to see all of that bandwidth, it’s meant as a high powered VM platform because my intention is to start giving VMs back to the guys on my old infrastructure, and hopefully setup a “Torservers” type arrangement down the road, since this is hosted on unique ASN and addresses. Thanks, Conrad Rock Rockenhaus Greypony IT Consulting (254) 292-3350 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Cherryservers (formerly balticservers) account terminated for exit relay
Actually, Server Room/Primcast will allow you to operate with an unrestricted exit policy if you use their Data Center in Romania of if you want to use a server in the NYC datacenter, you could use one of my IP ranges I have out there. --Conrad -Original Message- From: tor-relays On Behalf Of Neel Chauhan Sent: Tuesday, July 30, 2019 12:18 PM To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] Cherryservers (formerly balticservers) account terminated for exit relay If you want an alternative exit relay host (other than the common ones like OVH, Scaleway, or Hetzner), one option is Server Room/Primcast (same company). I use Primcast for a 300 Mbps FreeBSD exit and have been happy with them. Server Room/Primcast is not the "best" provider, but they are good enough for the purpose of an exit and being less popular (as of now) helps with relay diversity. However, you will need a reduced exit policy with SR/Primcast. I have a **very** restrictive exit policy only allowing Ports 53, 80, 443, and 8080 (so I get less complaints). If you want a custom OS, you will need iLO (HP/HPE's remote management, Primcast uses HP/HPE servers). An older server (pre-2011) may mean you'll need Windows and Internet Explorer (NOT MS Edge) to use the console, while a newer server will work with HTML5 on Windows/Mac/Linux/BSD/etc. -Neel === https://www.neelc.org/ On 2019-07-30 02:15, Chris Kerr wrote: > I just heard from the hosting provider cherryservers.com that they are > terminating my account (after 2.5 years) where I run the exit relay > "ostwaldripening" (46.166.162.53), because they no longer wish to host > tor > exit nodes. > > I tried to create an account on trac.torproject.org to edit the > "GoodBadISPs" > wiki page, but the spam blocking stopped me from doing so. > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] exit operators: overall DNS failure rate above 5% - please check your DNS resolver
> On Jun 30, 2019, at 8:32 PM, Matt Westfall wrote: > > Just set your exit relay DNS to 8.8.8.8 and 1.1.1.1 I mean dns traffic isn't > bulk traffic, let google and CloudFlare do the “work" > Utilizing Google DNS (and possibly Cloudflare DNS) provides a significant security flaw that allows outside entities to determine what Tor network users are looking at. Utilizing your own DNS server, a trusted DNS server, or just running Unbound on the same instance is significantly more secure. Google DNS keeps their logs…Cloudflare claims to wipe after 24 hours, but what’s not known if there’s an open FISA, for example, to continuously turn over Tor originated DNS requests over that 24 hour period. There’s multiple Open Source Intelligence sources that have developed that governments are doing this exact thing to monitor Tor users, amongst other things. I would say this, a friend of mine who previously worked with the US IC says run Unbound or use trusted DNS. Thanks, Conrad Rockenhaus https://www.greyponyit.com/ smime.p7s Description: S/MIME cryptographic signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Tor Performance on Xen vs KVM
Hello, I’m just curious on how people feel about relay performance on Tor nodes running on Xen vs KVM. I’ve noticed on Xen I have increased network performance and I do like the improved modular architecture of Xen vs KVM (right now I’m working on an experimental OpenStack w/ XCP-ng environment). I was wondering if any others on the list had experience running high performance Tor nodes on Xen and KVM and have a preference for one over the other… I’m just trying to compare and contrast here. Of course, I built a XCP-ng pool with a compute VM, then I have a regular KVM compute instance running under the Openstack framework. Thanks, Conrad Rockenhaus http://www.greyponyit.com/ smime.p7s Description: S/MIME cryptographic signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Onionoo and ASN Number/AS Name
Hello, Onionoo returns “unknown” for my ASN for some reason (should return 63080) and returns “unknown” for AS Name (Should be GreyPony Consultants - as named in ARIN). I’m trying to find out where things might be potentially breaking here before I start connecting to the route servers at DE-CIX next week. Has anyone seen this type of issue before? Thanks, Conrad smime.p7s Description: S/MIME cryptographic signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor relay says it is reachable, but is not appearing on the network.
Hello, My bust, confirmation bias. Thanks, Conrad On Thu, May 23, 2019 at 11:45 PM teor wrote: > Hi, > > > On 24 May 2019, at 14:08, Conrad Rockenhaus > wrote: > > > > In April 2018 Google released an update that caused VPNs and Tor > services to stop working on GCE and App Engine. It was a long planned > network update. > > > > The following ticket refers: > https://trac.torproject.org/projects/tor/ticket/25804 > > That ticket is about domain-fronting, which is used by meek and snowflake > bridges. > But these issues do not affect other relays. > > Do you have any information about Google blocking relays? > > T > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > -- Conrad Rockenhaus https://www.rockenhaus.com Cell: (254) 292-3350 Fax: (254) 875-0459 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor relay says it is reachable, but is not appearing on the network.
Hi, I apologize for top posting, but it’ll be the simplest way to convey the message. In April 2018 Google released an update that caused VPNs and Tor services to stop working on GCE and App Engine. It was a long planned network update. The following ticket refers: https://trac.torproject.org/projects/tor/ticket/25804 Thanks, Conrad > On May 23, 2019, at 8:15 PM, teor wrote: > > Hi, > >> On 24 May 2019, at 09:19, Keifer Bly wrote: >> >> Hi all, so this is the tor log since the last restart. It includes the relay >> fingerprint. The tor version is (0.2.9.16-1). > > The log you posted is missing a few lines at the start, including the lines > that tell us the tor version. > > We need to see the tor version that is *running*, not the tor version that > you installed. Just in case they are different. (Authorities reject really old > Tor versions.) > >> When I tried updating tor I got a message saying that was the >> newest version. > > It looks like you're on Debian or Ubuntu, please follow these instructions > to update: > https://2019.www.torproject.org/docs/debian.html.en > >> The relay has an assigned static ip and port which are both allowed by the >> firewall. It seems strange that >> Dmitrii Tcvetkov was able to reach the relay though teor cannot, > > We looked in different places: > > Dmitrii connected to the IP and ports of your relay using SSL. > I looked for your relay in the votes and the consensus, but I did not find it. > >> also that the relay says it is reachable and receiving traffic but not >> appearing in the relay list. > > I think your relay is not publishing its descriptor. See my comments below > about the relay log. > >> It seems like the relay >> would not be able to start at all if Google was blocking it. > > There are lots of different ways to block relays. Some let the relay start, > but > it never gets in the consensus. But I don't think that has happened to your > relay. > >> May 21 20:01:32.000 [warn] You are running Tor as root. You don't need to, >> and you probably shouldn't. > > I don't know how you are configuring and running your relay. Using a guided > relay configuration tool might help you. See my suggestion below. > >> May 21 20:01:33.000 [notice] Your Tor server's identity key fingerprint is >> 'torworld 3A4E582092E7C6B822EC01F4D76F680F6C65B0A2' > > I have confirmed that this fingerprint is not in the votes or consensus. > >> May 21 20:01:33.000 [notice] Bootstrapped 0%: Starting >> May 21 20:03:53.000 [notice] Bootstrapped 80%: Connecting to the Tor network >> May 21 20:03:54.000 [notice] Guessed our IP address as 104.154.93.253 >> (source: 128.31.0.34). > > 128.31.0.34 is the IP address of moria1, so your relay can connect to the > directory > authorities. That means that Google isn't blocking connections out. > >> May 21 20:03:58.000 [notice] Bootstrapped 100%: Done >> May 21 20:03:58.000 [notice] Now checking whether ORPort >> 104.154.93.253:65534 is reachable... (this may take up to 20 minutes -- >> lookfor log messages indicating success) >> May 21 20:04:01.000 [notice] Self-testing indicates your ORPort is reachable >> from the outside. Excellent. > > Your relay and Dmitrii have confirmed that this port is reachable from the > outside. > > But your relay log does not say "Publishing server descriptor." That's why > your > relay is not in the votes or the consensus. > > So we need to answer these questions: > * Is your relay configured as a bridge? > * Is your relay configured to *not* publish its descriptor? > (Relays publish their descriptors by default.) > > Please copy and paste your torrc into your next email. > > Your logs were also missing these things: > >> * tor version, >> * role (relay or bridge), and >> * descriptor posts to authorities. > > Please post the parts of your logs that contain this information. > There is no need to paste more than 2 repetitions of the > Heartbeat/Cell/Circuit/Connection/DoS lines. > > You seem to have a lot of trouble configuring relays manually. > You might have a better experience with a guided setup tool, like this > Tor Relay role in Ansible: > https://github.com/nusenu/ansible-relayor > > T > >> On Thu, May 23, 2019 at 2:09 PM teor wrote: >> >> On 23 May 2019, at 18:41, Dmitrii Tcvetkov wrote: >> >>> On Tue, 21 May 2019 23:36:28 -0700 >>> Keifer Bly wrote: >>> >>>> Hi, so the relay in question does indeed have a reserved Static IP >>>> (104.154.93.253), and the traffic is allowe
Re: [tor-relays] new tor middle relay error
> On May 16, 2019, at 10:31 PM, Keifer Bly wrote: > > Hi all, > > So I am running a new tor middle relay via a Google Cloud VPS but after the > relay running for 1 day I am seeing this error > > May 16 18:23:50.000 [notice] Heartbeat: It seems like we are not in the > cached consensus. > Have you done a ps aux | grep tor and determined how many tor processes are running? If you’re running more than one tor process, are they bind to either separate IPs or different ports? Thanks, Conrad smime.p7s Description: S/MIME cryptographic signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] forward relay connections
> On May 23, 2019, at 3:54 AM, tor-re...@riseup.net wrote: > > I think that a network based to much on remotes VMs, with closed source > software running on the most deep machine level, is not very resilient and > secure. > Actually, it’s very secure. By default, Tor doesn’t log anything but simple notice messages. In addition, if you use Offline Master Keys (https://trac.torproject.org/projects/tor/wiki/doc/TorRelaySecurity/OfflineKeys) the security of your node is greatly enhanced. As long as you have direct root access to the VM, you’re fine. Also, most VM use OSS HyperVisors such as KVM or Xen. > So the reason why I was thinking to do so is that I wanted to run a small > exit relay on a device running only open source software, like Olimex Lime2 > does, and under my direct control. > If you really want to use this device as an exit, I would strongly suggest that you don’t do it at home, there’s actually a few companies that specialize in colocation for small hardware platforms such as the Lime2. > The latency from my home and the VM is not so high (45-50 ms), and I was > pretty sure that with a proper configuration I didn't risk that users exit > through my home connection. But If you say that with a so small bandwidth It > can't run properly, I trust you, so I keep a non-exit relay. That’s actually very high latency to add to the hop because you’re going to add SSH encryption on top of it, which will add more latency, just to get to the VM? I wouldn’t consider it feasible. Now that I’m thinking about it, you could try finding a VPN provider that allows Tor and using that VPN provider on your Lime2. -Conrad > > Anyway thanks for your advices > > Il 22/05/19 11:05, nusenu ha scritto: >> tor-re...@riseup.net >> : >> >>> I'm running a non exit relay on a debian machine (in the next few >>> months I will switch to *BSD) on a Lime2. >>> >> I assume you are referring to a relay run at home. >> >> >>> I'm running an exit relay >>> too on a remote VM. >>> >>> I would turn my non-exit relay in an exit one, but for obvious >>> reasons, I don't want to run It from my shitty ISP IP. I could give >>> 10-14 mbps from my home connection, so I think that the lime2 would >>> be powerful enough to run It properly. >>> >> I would discourage such a setup for the following reasons: >> >> - this setup includes the risk that users will exit >> through your home broadband IP address (bad!) if tunnels break down >> - such setups that introduce an additional hop decrease the user-experience >> - most users will not be happy with an "10-14mbps" exit at a home broadband >> connection >> - it is not clear to me why you would involve your home IP at all for your >> exit >> if you have a VM in a datacenter >> >> >> nonetheless, thanks for running relays, >> nusenu >> >> >> >> >> >> >> ___ >> tor-relays mailing list >> >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays smime.p7s Description: S/MIME cryptographic signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] forward relay connections
> On May 22, 2019, at 1:24 AM, tor-re...@riseup.net wrote: > > Hello dear friends > > I'm running a non exit relay on a debian machine (in the next few months I > will switch to *BSD) on a Lime2. I'm running an exit relay too on a remote VM. > > I would turn my non-exit relay in an exit one, but for obvious reasons, I > don't want to run It from my shitty ISP IP. I could give 10-14 mbps from my > home connection, so I think that the lime2 would be powerful enough to run > It properly. > > Do you think would be feasible to use SSH to forward all connections, except > DNS queries, between my Lime2 and the remote VM in order to use an additional > VM's IP? > > Could you give me some tips please? > I would highly advise against this, namely because you’re exposing yourself the risk of the tunnel going down and exit traffic possibly going out the default route, which is your home ISP connection, or a misconfiguration occurring, which would mean your home is detected as a Tor exit, or so forth. If you want to run a relay at home, run an entry or middle. If you want an exit, get a VM, a Colo, or a Dedicated Server. Just my $0.02. > > cheers > > Gigi > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays smime.p7s Description: S/MIME cryptographic signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor relay problem
> On May 17, 2019, at 6:16 PM, findmei wrote: > > Thank you for replying to my mail. > > Damn it. My isp is blocking me. Is it possible to run this node in some way? > Do you happen to know if you have a transparent proxy in your path to the internet from your box? Run “curl ifconfig.me” does that return the IP address of your box or a different IP address altogether? > Sent from ProtonMail mobile > > > > Original Message > On May 17, 2019, 01:24, Roger Dingledine < a...@torproject.org> wrote: > > On Thu, May 16, 2019 at 06:56:10PM +, findmei wrote: > > May 15 14:42:13.000 [warn] Unable to stat resolver configuration in > > '/etc/resolv.conf': Permission denied > > This one is weird and unexpected. Your relay can't do any dns resolves > of its own if it can't read that file. For a non-exit relay (which you > appear to be), that's not so bad. > > As for why that might happen, my first thought is some sort of apparmor > permissions that intercept the file access attempt and block it. > > > May 15 14:49:13.000 [warn] HTTP status 307 ("Temporary Redirect") was > > unexpected while uploading descriptor to server '86.59.21.38:80'. Possibly > > the server is misconfigured? > > This one is most likely something on your network trying to attack or > censor or intercept your outgoing traffic. Maybe there is something > that calls itself antivirus, or firewall, or web cleaner, or something > like that? Or maybe your ISP or your country does something like that > 'for' you automatically? > > > I try to chmod 777 /etc/resolv.conf for this warning " /etc/resolv.conf': > > Permission denied".But it didnt work it.And then i searched it on google > > for "HTTP status 307 ("Temporary Redirect")" .But i didn't find > > solution.Any suggestions? > > > > /var/log/tor/notices.log => https://paste.ubuntu.com/p/JsPGdgFJyT/ > > A possible reason why the relay wasn't listed as Running was that there > were three different relays running at that IP address in the past day, > and Tor tries to limit to at most two relays per IP address. > > Anyway, it looks like it is now listed. > > --Roger > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays smime.p7s Description: S/MIME cryptographic signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Well, what exactly are you trying to contribute with your efforts?
On Sun, Apr 28, 2019 at 4:58 AM I wrote: > > It is a bit expensive if there's no profit. That was the before, prior to my complete change to a 501(c)(3), now it's changed to a completely donation driven way of doing things. In order for people to get a clear idea of what they should donate what I'm doing is posting the invoices and a "total donated" hour glass type thing, just to keep things simple accounting wise and transparent, the way they should be. As people sign up I might establish tiers, but for now, it's just going to be completely open with the accounting and everything. -- Conrad Rockenhaus https://www.rockenhaus.com Cell: (254) 292-3350 Fax: (254) 875-0459 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Well, what exactly are you trying to contribute with your efforts?
On Sun, Apr 28, 2019 at 6:05 AM Olaf Grimm wrote: > Conrad, why did you suddenly go underground and not be reachable > anymore? Greypony IT was offline and you were just gone. I was a paying > customer and my two servers were suddenly offline. > > now you come back and promise paradise again. No, i go my own way. Guys > like you are not trustworthy. > > Olaf > > > Am 28.04.19 um 10:34 schrieb Conrad Rockenhaus: > > On Wed, Apr 17, 2019 at 5:49 PM Seby wrote: > >> Here we go again... > >> This dude just won't stop harassing us with masked advertising, > commercial > >> offers and monetary asks. Every time even the most boring thing needs > to be > >> publicly shouted on these mail lists, every time he does something > >> extraordinary, something quite unusual that none of you mortals could > ever > >> do like running a middle relay on a small virtual machine, or a 500KB/s > >> bridge. > >> > > Actually, it's not masked advertising for commercial offers. It's > > nonprofit solicitation to assist other users that are interested in > > expanding Tor's FreeBSD Resiliency. There's quite a few people that > > would like to help but aren't comfortable making the plunge on their > > own. Increasing the number of FreeBSD machines ensures we don't have a > > single point of failure as the number of Linux machines presently on > > Tor greatly outweighs the number of FreeBSD machines on Tor. > > > > This was previously discussed, but I'm sure you weren't paying > > attention, but that's where the project started from and it was always > > a nonprofit project to begin with. > > > > In addition, we're now assisting with AS divestment as well, to try to > > get people off of highly populated ASes so those don't form single > > points of failure. Which is another goal of the Project, from what I > > have been told. I understand you may not get that, so I'll explain it > > as simply as possible - too many middle relays and exits are getting > > service from the same service providers. We are trying to help provide > > another Tor friendly service provider to the table (which runs > > separately from this since that's a commercial operation). > > > > When we had are stuff fully online, we occupied all 15 top spots of > > the highest bandwidth exits in Canada. Right now my highest performing > > exit in the US is in the Top 10 but I've been scaling that exit down > > as I'm not sure if I'm keeping my personal items online anymore at > > this point. > > > > Finally, the GreyPony project has been there to make it be able for an > > enduser be able to easily setup and get going on their first new relay > > with dedicated support, sometimes people want that extra hand. > > > > Before you trash a project before you should learn about it, but all > > you've been doing is trashing things. Maybe you should try > > contributing to something and ignoring things you disagree with or > > asking questions if you don't understand it, instead of just resorting > > to talking trash about a project. I just makes it look like you have > > plenty of free time to mock others because you aren't helping others, > > but that's my take on things. > > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > -- Conrad Rockenhaus https://www.rockenhaus.com Cell: (254) 292-3350 Fax: (254) 875-0459 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Well, what exactly are you trying to contribute with your efforts?
On Wed, Apr 17, 2019 at 5:49 PM Seby wrote: > > Here we go again... > This dude just won't stop harassing us with masked advertising, commercial > offers and monetary asks. Every time even the most boring thing needs to be > publicly shouted on these mail lists, every time he does something > extraordinary, something quite unusual that none of you mortals could ever > do like running a middle relay on a small virtual machine, or a 500KB/s > bridge. > Actually, it's not masked advertising for commercial offers. It's nonprofit solicitation to assist other users that are interested in expanding Tor's FreeBSD Resiliency. There's quite a few people that would like to help but aren't comfortable making the plunge on their own. Increasing the number of FreeBSD machines ensures we don't have a single point of failure as the number of Linux machines presently on Tor greatly outweighs the number of FreeBSD machines on Tor. This was previously discussed, but I'm sure you weren't paying attention, but that's where the project started from and it was always a nonprofit project to begin with. In addition, we're now assisting with AS divestment as well, to try to get people off of highly populated ASes so those don't form single points of failure. Which is another goal of the Project, from what I have been told. I understand you may not get that, so I'll explain it as simply as possible - too many middle relays and exits are getting service from the same service providers. We are trying to help provide another Tor friendly service provider to the table (which runs separately from this since that's a commercial operation). When we had are stuff fully online, we occupied all 15 top spots of the highest bandwidth exits in Canada. Right now my highest performing exit in the US is in the Top 10 but I've been scaling that exit down as I'm not sure if I'm keeping my personal items online anymore at this point. Finally, the GreyPony project has been there to make it be able for an enduser be able to easily setup and get going on their first new relay with dedicated support, sometimes people want that extra hand. Before you trash a project before you should learn about it, but all you've been doing is trashing things. Maybe you should try contributing to something and ignoring things you disagree with or asking questions if you don't understand it, instead of just resorting to talking trash about a project. I just makes it look like you have plenty of free time to mock others because you aren't helping others, but that's my take on things. -- Conrad Rockenhaus https://www.rockenhaus.com Cell: (254) 292-3350 Fax: (254) 875-0459 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Anyone interested in running FreeBSD or Linux Exit Relays on AS19624?
Nope, not really. On Wed, Apr 17, 2019 at 6:57 AM Old Man Tor wrote: > So, did I call it? Or did I call it > > ‐‐‐ Original Message ‐‐‐ > On Wednesday, April 17, 2019 11:29 AM, Conrad Rockenhaus < > ad...@rockenhaus.com> wrote: > > For a small donation in relation to the number of physical CPUs (and x > cores each) plus bandwidth you want, (mbp/s or gbp/s) I can provide you > your own instance on my OpenStack cloud that I just built out on AS19624. > No exit policy restrictions, I handle all abuse complaints, so you won’t > have to worry about any abuse takedowns. > > This is the only time I’ll mention it here. If anyone is interested, > please email me directly. > > Thanks, > > Conrad > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > -- Conrad Rockenhaus https://www.rockenhaus.com Cell: (254) 292-3350 Fax: (254) 875-0459 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Anyone interested in running FreeBSD or Linux Exit Relays on AS19624?
For a small donation in relation to the number of physical CPUs (and x cores each) plus bandwidth you want, (mbp/s or gbp/s) I can provide you your own instance on my OpenStack cloud that I just built out on AS19624. No exit policy restrictions, I handle all abuse complaints, so you won’t have to worry about any abuse takedowns. This is the only time I’ll mention it here. If anyone is interested, please email me directly. Thanks, Conrad ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Making use of new bandwidth
Hello, If Tor doesn't scale on multicore CPUs, setting NumCPUs to 2 and running two threads has no effect at all on throughput? Thanks, Conrad On Sun, Apr 7, 2019 at 7:02 AM wrote: > > Am 06.04.2019 21:19, schrieb Logforme: > > > The reason I ask is that I wonder if I should run a second Tor > > instance or if the current one will be able to make use a a reasonable > > part of the 500Mps. > > I'm also testing it with one to three instances. > My problem is, I only have 30TB traffic / month. Unfortunately, that > does not make sense with multiple instances. :-( > > > From https://www.torservers.net/wiki/setup/server: > > Currently, Tor does not scale on multicore CPUs. If the CPU supports > AES-NI crypto extensions (most modern CPUs do), > one Tor process is able to handle around 400 Mbps of throughput – > without AES-NI, around 100 Mbps. > > -- > Ciao Marco! > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Conrad Rockenhaus https://www.rockenhaus.com Cell: (254) 292-3350 Fax: (254) 875-0459 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] FallbackDir
Is their a need for any more FallbackDirs? Thanks, Conrad -- Conrad Rockenhaus https://www.rockenhaus.com Cell: (254) 292-3350 Fax: (254) 875-0459 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] High Speed Exit Relay or just a plain Relay?
AS19624 only has four exits, two instances run on another person's FreeBSD server, and I have two dedicated servers, with one more dedicated server sitting idle. Currently, total bandwidth contribution is 81.27 MiB/s, but note that the first relay in this AS came online on March 15th. This AS is announced from two datacenters, one in NYC and the other in Bucharest, Hungry. I'm not worried about cancellation or legal exposure, they are very Tor friendly, and I'm working on their OpenStack Cloud, so I have some interaction with them. They understand the wonderful automated bots that send emails and the occasional real human that may ask for information, so that portion is covered. Now, the two datacenters sites have a sufficient bandwidth and are connected to three providers (one Tier 1) with a significant number of peers to support more Tor relays. I know there's a desire for AS diversity within the network, given the large amount of relays concentrated in three or four major providers. So, in this AS, traffic is disproportionally low compared to other ASes. I would like your recommendations. Thanks, Conrad On Thu, Apr 4, 2019 at 1:35 PM grarpamp wrote: > > On 4/4/19, Conrad Rockenhaus wrote: > > I have a FreeBSD box on a 1 Gbit/s connection. I'm trying to determine > > if we need more high speed relays or high speed exit relays. The AS > > it's on has no plain relays, just exit relays. That's what has me > > wondering what to do. > > https://metrics.torproject.org/bandwidth-flags.html > Exit and non-exit appear both roughly equal at > around 50% utilization. Perhaps a coin toss there. > > https://metrics.torproject.org/torperf.html > There may be long term performance trends > to try enhancing or reversing as desired. > > https://metrics.torproject.org/relayflags.html > There's 1000 exits, fraction that are > variously p0wn3d is unknown. > > Was mentioned above the AS is already represented by > exits, so diversity needs there may be moot, unless traffic > there is added up and found to be disproportionally low > compared to other AS, region, etc. > > https://metrics.torproject.org/services.html > https://metrics.torproject.org/ > There are more resources here. > > If all else equal, the answer may be... do you prefer to > grow the ISP relationship as an exit from today, including > any extra fraffic costs and cancellation or legal exposure, > or prefer to enable the exit forms of those four later on. > > Or survey other ISP and locations for the tor node. > > Or even assist other network overlay projects with their nodes. > > Lots of considerations can go into success and diversity > of the privacy anonymity freedom space overall when > wondering "what to do with my box" :) > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Conrad Rockenhaus https://www.rockenhaus.com Cell: (254) 292-3350 Fax: (254) 875-0459 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Hello
On Thu, Apr 4, 2019 at 2:50 PM Old Man Tor wrote: > > Sorry to hear that, that's really unfortunate and I would never want to wish > that upon anyone. I wish you a speedy recovery with hopefully no lasting side > effects. Thank you, I appreciate that. Unfortunately, I am unable to walk anymore. > > That said, it has been a GOOD amount of quiet while you've been gone. > > For the love of god/shiva/onions, please don't let these new relays turn into > Conrad and Nathaniel 'Cordially' Suchy's DeadGreyPonyIT show again. My sin was over advertising on the list, I will take that. Oh, and arguing with an arrogant asghshole. Otherwise, it was others. I can't control the actions of other people. They did what they did. As far as the 12 year old douche bag, don't worry about my association with him. When I came home and I was catching up on the list and I read his "disassociation" email, I felt this sharp pain in my back, and I realized that Mr. Cordially just stabbed me in front of all of the relay operators. It's all good though, I was able to stop the bleeding and continue catching up on the list. > No one else cares about you and your confused lackeys attempts to be big-boy > tor relay operators. Yes, I understand that, which is why I went silent after I was told to stop advertising. > > If you wish to join the network again, please do it in the style of someone > respectable like Quintex - He just 'does' it, and doesn't clog up everyone's > inboxes with useless messages about new nodes/downtime/'customers'/things > that should be experimented with or tested on your own first. It's not a > competition to get the fastest speeds from a box, the most nodes (maybe a > personal goal, being mindful of operator percentages) or anything else. We're > just here for the bigger cause. I mainly sent my email to explain my absence for the past couple of months. I apologize that it offended all of the operators. Since y'all are so easily offended by my email explaining my absence shall I just take my shit down and do something else? > > We, and all tor users appreciate your efforts in running a relay of any kind, > we can just do without the 'look at me' circus again. I don't give a shit about the 'Look at me' circus. Previously, my main goal was to get more FreeBSD nodes on Tor, and it turned into a 'Look at me' shit show, I'll admit that, but I was no part of that. I thought that was a respectable goal. > > Love, > Old Man Tor. > > [Sent from a throwaway account, over Tor of course. Cowardly, but I said what > needed to be said that a lot of other relay operators are thinking but are > too scared to say.] > > > From:Conrad Rockenhaus > Date: Thu Apr 4 04:48:01 UTC 2019 > Subject: [tor-relays] Hello > To: Tor Relay Mailinglist > > Hi Tor-Relays, > > I apologize that I just disappeared, I wound up with a massive stroke > last year which was more significant than the last one and was > hospitalized longer for recovery and rehabilitation. Things just kind > of fell to the wayside since it's kind of hard to computer when you > can't computer :P. > > Anyway, I've been home for the past few weeks and starting to get back > into my old hobbies again. I brought two new exit relays up in NYC, > one Linux, and one FreeBSD on 1 Gb/s Links. I have another FreeBSD box > in NYC on a 1 Gb/s link that I'm trying to think if I should make an > exit relay or just a regular relay. > > Relay names - greyponyitnyc001 and greyponyitnyc002. > > I hope everyone is having a good day! > > -- > Conrad Rockenhaus > https://www.rockenhaus.com > Cell: (254) 292-3350 > Fax: (254) 875-0459 > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Conrad Rockenhaus https://www.rockenhaus.com Cell: (254) 292-3350 Fax: (254) 875-0459 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] High Speed Exit Relay or just a plain Relay?
Hello, I have a FreeBSD box on a 1 Gbit/s connection. I'm trying to determine if we need more high speed relays or high speed exit relays. The AS it's on has no plain relays, just exit relays. That's what has me wondering what to do. So, what is the general consensus - should it be an exit or just a plain relay? Thanks, Conrad -- Conrad Rockenhaus https://www.rockenhaus.com Cell: (254) 292-3350 Fax: (254) 875-0459 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Emerald Onion's new relays
> I'm also encouraging you to use separate IP addresses for exit traffic [1] > because that helps eliminate the impact on relay-to-relay communication when > ISPs are ordered to BGP blackhole some exit IP addresses (as we have seen > recently in the news). I've been assigning a second set of IP addresses to my servers in case I want to run another instance of Tor. Would it be more prudent to use that second set of IP addresses as an OutboundBindAddressExit instead and use different ports as a better practice? Thanks, Conrad On Tue, Apr 2, 2019 at 12:35 PM nusenu wrote: > > > We are in the process of creating an RPKI ROA for our prefixes > > Thanks for taking the extra steps to create a RPKI ROA to reduce > the impact of BGP routing attacks on your prefixes. Extra points for > doing RPKI-based Route Origin Validation on your BGP routers. > > I hope to convince everyone with such a high concentration of tor network > capacity to make use of tor's OfflineMasterKey mode to safeguard your relay > identity keys even in the event of a system compromise. > Which basically implies automation because no one wants to handle (renew) > more than > 3 keys manually. > > > I'm also encouraging you to use separate IP addresses for exit traffic [1] > because that helps eliminate the impact on relay-to-relay communication > when ISPs are ordered to BGP blackhole some exit IP addresses > (as we have seen recently in the news). > > > 40 new uncapped and unfiltered exit relays > > I would suggest to not run uncapped tor instances > but to set a per-instance limit of around 80-90% what a single core > is able to handle, to avoid poor performance for the user. > With growing bandwidth the CPU will spend considerable amount of resources > just handling packets (kernel). > > > This work is part of our efforts to saturate our new unmetered 10Gbps > > transit link > > As teor usually says, saturated links is not what we should be aiming for > if we like performance. > > > Thanks for adding such a significant amount of exit capacity. > > > > [1] > https://2019.www.torproject.org/docs/tor-manual.html.en#OutboundBindAddressExit > > -- > https://twitter.com/nusenu_ > https://mastodon.social/@nusenu > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Conrad Rockenhaus https://www.rockenhaus.com Cell: (254) 292-3350 Fax: (254) 875-0459 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Hello
Hi Tor-Relays, I apologize that I just disappeared, I wound up with a massive stroke last year which was more significant than the last one and was hospitalized longer for recovery and rehabilitation. Things just kind of fell to the wayside since it's kind of hard to computer when you can't computer :P. Anyway, I've been home for the past few weeks and starting to get back into my old hobbies again. I brought two new exit relays up in NYC, one Linux, and one FreeBSD on 1 Gb/s Links. I have another FreeBSD box in NYC on a 1 Gb/s link that I'm trying to think if I should make an exit relay or just a regular relay. Relay names - greyponyitnyc001 and greyponyitnyc002. I hope everyone is having a good day! -- Conrad Rockenhaus https://www.rockenhaus.com Cell: (254) 292-3350 Fax: (254) 875-0459 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] exit operators: overall DNS failure rate above 5% - please check your DNS
Would you make a recommendation of running unbound on the local exit nodes to resolve local DNS server congestion to get around this issue? Thanks, Conrad > On Oct 19, 2018, at 5:30 PM, nusenu wrote: > > Signed PGP part > Dear Exit relay operators, > > (you are getting this email because you are a subscriber of the tor-relays > mailing > list or because you are among the top 10 affected parties - addressed via BCC > to protect the address) > > first of all thanks for running exit relays! > > One of the crucial service that you provide in addition to forwarding > TCP streams is DNS resolution for tor clients. > Exits relays which fail to resolve hostnames > are barely useful for tor clients. > > We noticed that lately the failure rates did increase again and would like > to urge you to visit Arthur's "Tor Exit DNS Timeouts" > page that shows you the DNS error rate for exit relays: > > https://arthuredelstein.net/exits/ > (the page is usually updated once a day) > > Please consider checking your DNS if your exit relay consistently shows a non > zero > timeout rate - and make sure you run an up to date tor version. > > If you are an exit operator but have no (or no working) ContactInfo, please > consider > updating that field in your torrc so we can reach you if something is wrong > with your relay. > > kind regards > nusenu > > -- > https://twitter.com/nusenu_ > > > > > signature.asc Description: Message signed with OpenPGP ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Thank You
Thank you everyone for the well wishes. I have been discharged from the hospital and I’m recovering slowly at home. I appreciate all of the kind notes that I received and again, thank you. Regards, Conrad signature.asc Description: Message signed with OpenPGP ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Court Order
S7R, I emailed you privately with evidence hoping you would retract your statement. Unfortunately, you’ve decided to not reply, so I’ll gladly post a redacted copy of the court order to my blog: https://www.rockenhaus.com/2018/09/hey-now-court-order.html as well as respond to some of your finer points. > On Sep 9, 2018, at 8:25 AM, s7r wrote: > > I can see this way too often in the mail list and it looks like some > pour attempts of advertising of a small hosting/server/vps company > start-up. I sincerely doubt any court order was received on such short > notice, especially because these procedures take significant time from > the date an action happen to the date subpoena/court order is physically > received. Subject of this email thread chosen to attract attention, yet > with 0 proof. My, oh my, you really need some education about Court Orders if you think they really need to “take some time” to get one. All a Police Officer has to do is convince a judge that they believe Party X holds evidence related to the crime, and they need Party X to release the evidence to bolster their case to probable cause for arrest or to determine who the suspect is. If a judge agrees, the court order is signed. It’s up to you to fight the court order. I would like to see how I was advertising. I didn’t mention my company once, I sent it from my personal account, and I sent the email just to inform that another relay operator received a court order, which is an atypical topic brought up here. > Secondly, the said company could not have received a court order, or > even an abuse email, it is OVH who could have received them, and if it > really was a court order they would not pass it further downstream, they > would just tell them who the user of the IP address was at the given time. Thank you for educating me about my network, but too bad the servers weren’t hosted at OVH. However, I’m contacted directly about my IP space at OVH as well, because it’s reassigned to me. I have servers at other locations, but I greatly appreciate you knowing my network oh so well. > > HIGHLIGHT: I appreciate and respect and am thankful to people doing any > efforts at all to run exit nodes running, including setting up small > re-seller accounts with big providers and do it. We do not have to > advertise these facts to the mail list over and over again. > > After all this company does not even own any IP address space at all, it > is an OVH re-seller with a different html website, and all those exits > can be shut down the minute OVH decides they received too many abuse > complaints, and that is it. They can state as long as they want that > they will not shut them down, just one day some person in management > changes and decides they are not worth it, so bye-bye. > > Quite some people here are running exits under their own AS numbers and > own IP address space with different upstream providers that provide real > diversity yet none of them advertise it so heavily. HIGHLIGHT: No, you don’t appreciate and respect people doing any efforts at all to keep exit nodes running, otherwise, you wouldn’t of sent this email. No one was advertising, you could of easily emailed me and asked me for proof before launching into your little tirade like another gentleman here did because he was angry that he wasn’t getting three servers for free anymore on an one server trial. Too many people decide to draft an email and send to everyone instead of actually getting their facts straight for a change. Oh, and no, again, we’re not just an OVH reseller, but thank you, maybe I should become one and maybe they’ll actually pay me something. I heard they have a good referral program. > > ANOTHER HIGHLIGHT SO MY WORDS DO NOT GET TWISTED: I am not saying these > relays are useless, they are just not such a big deal to keep reading > about them over and over again. > > Thanks for not understanding it wrong. Well, it came across completely wrong. Conrad signature.asc Description: Message signed with OpenPGP ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Court Order
Greypony received its first Court Order yesterday. Unfortunately, we have no records to provide since it was a Tor Exit, and we don’t even have records of who owned that relay at that IP address because we don’t keep records of the info. Oops. It’s a pretty broad Court Order, and kind of funny. Oh well. Conrad signature.asc Description: Message signed with OpenPGP ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] 4 of Conrad Rockenhaus trial servers are in the top ten exit relays for Canada
> > Thank you for your reply. I can now see that 4 big + 1 small (or 5 big) > providers is definitely better than only 4 big ones for diversity, but it > leads to another diversity question which needs some background: > For a while, earlier this year during the spectre / meltdown vulnerability > commotion I ran a couple of relays in VM's using Amazon Web Services (AWS). I > was confident in the knowledge that the AWS provided kernels / VM's switched > to the spectre mitigation measures. Sure they slowed down a bit for a while, > but they speeded up again when after AWS tweaked it a little. Because I know > my VM's were using the mitigation I know other VM's can't spy on the tor > traffic & what ever encryption keys happens to been in the VM's memory at > that time (the really paranoid can supply their own kernel / boot image to > run). All major operating systems provided mitigation/and or patches to correct this vulnerability. Just because you were using Amazon Linux doesn’t mean that Amazon did anything special. All the major Linux distributions had mitigation measures and/or patches, as well as FreeBSD. If you had automatic updated turned on for your respective OS they were brought online automatically, but most people I know don’t have automatic updates turned on because they like being able to control when updates are installed. There’s nothing special about what AWS does that major OS distributions aren’t doing already. Plus, I’m sorry, but I don’t consider CPU meltdown attacks are great in theory and all, but your greatest threat is always going to be password compromise, social engineering, or something of that sort. It’s the small stuff that typically matters more than some major thing that looks like the end of the world on paper. > My VM's were probably running in a rack containing hardware that also runs > websites, web applications, corporate cloud email and backup systems the list > could go on, but it importantly it is about diversity. > So are mine. I don’t just provide Tor related services.w > If one person were to run a hardware rack full of VM's that ALL run tor - > that is a prime target for, for example, some spying government or > international hacker group. For an admittedly far fetched example, some > government can fly in, flash a court warrant to an underpaid security guard > and do whatever they want to the rack, and then ALL the tor relays that are > hosted there are compromised. Yes thats unlikely to happen but its still a > risk. > Who said they all run Tor? You’re just making an assumption here. There’s a variety of services that are ran, in fact, I host a high traffic website within the same rack; it was the excess capacity from that project that led to the donation driven project that is Greypony. The Government can do this anyway, and they’ve raided places before, even places that were running operations other than Tor at that location. It could be one server or 100 servers, if there’s governmental interest, the government will use their means to get into that server, It’s not exactly the best example. > I am interested to hear your opinion on the diversity question of - How does > having many relays in one place not damage diversity, even if they are > connected to different networks / AS's are are technically controlled by > different people. I’m interested in how that damages any sort of diversity, other than the fact that you have a concentrated number of relays in one location, which has been going on for a long time, prior to GreyPony putting up high bandwidth relays. People only started having concerns when Greypony came along with our high bandwidth relays, even though we have significant technical safeguards in place to prevent snooping of traffic (especially within our rack) or obtaining any discernible data off of the drives, which are encrypted. (Some of our users encrypt their data data on top of that as well, so, anyway.) You need to really look at the definition of diversity, because it seems according to you, I could setup a new datacenter that no existing tor services exist in and that would be damaging to Tor’s diversity for some reason…..which a significant amount of people would disagree. > > Again I want to point out what you are doing is good - I apologise if I > appear to be "trolling" you, I am genuinely interested in learning the > technical pro's and con's relating to this topic. I don’t consider this trolling, but this is the real world. There normally isn’t a huge grand conspiracy and someone’s not out there waiting to melt processors. It’s all fun to discuss in theory, but in the end, that’s not what’s happening in the real world. Conrad > > Thanks again, > > Gary. > > On Sun, 2 Sep 2018 at 02:26, Conrad Rockenhaus wrote: > Ga
Re: [tor-relays] 4 of Conrad Rockenhaus trial servers are in the top ten exit relays for Canada
Gary, It’s bad in the same way it’s bad as the other numerous other exit relays that run under the OVH umbrella. I am not my own independent upstream and run my servers at a colocation facility at OVH. I also plan on running my servers at a colocation facility at another location for AS-diversity purposes but donations aren’t enough to cover all of the bills to be honest, but I’m partnering up with a fellow Texan and we’ll make sure this nonprofit grows at the rate needed to support diversity. But if you ignore the emails sounding alarm about this or that, you should realize - Greypony is no different than Hetzner, OVH, or DigitialOcrean - which rank in the top 5 of the Tor relay providers by size and bandwidth, by node count, AS, and bandwidth. Someone should ask those providers the exact same thing, because they’re setup just like me - I don’t have root access to a customer’s server - they don’t have access. I’m actually a little drop in the big bucket But I’ve been trying to promote diversity through the use of other providers. Thanks, Conrad > On Sep 1, 2018, at 6:53 AM, Gary wrote: > > Conrad, > > I have been following this thread and would be grateful if you could clear up > some confusion for me. > > Firstly, I am not 1337 haxorz, I dont have a technical profession. However I > do believe in tor and anything that can increase the number of relays is > good. You are donating your time and resources freely to tor for the benefit > of everyone. You have helped me, others on this list, as well as countless > others contribute to the Tor Project. > > All these large relays that you are managing - surely this is bad in terms of > AS diversity? One user / network provider shouldn't have a large control over > the network. > > My question: > > Is there anyway that these relays can be added to the network in such a way > that does not damage diversity? > > Dont get me wrong - I believe in what you do. If these relays are been added > without damaging diversity then I apologise for my misunderstanding of the > topic. > > Thanks, > > Gary > > On Sat, 1 Sep 2018 at 00:12, Conrad Rockenhaus wrote: > Hi teor, > > It seems the criticism originated from one guy (Ralph) and one troll who > bravely refuses to identify himself. > > You want me to stop talking about even the cool things we’re accomplishing > thing (like pumping lots of ultra fast bandwidth into the community) because > of these two, perhaps one yahoos? > > Thanks, > > Conrad > > On Tue, Aug 28, 2018 at 11:37 PM teor wrote: > Hi Conrad (and staff and operators), > > > On 28 Aug 2018, at 22:16, Conrad Rockenhaus wrote: > > > >> > >> On Aug 27, 2018, at 8:02 PM, Jordan wrote: > >> > >>> ... > >>> The research in this paper > >>> (https://www.freehaven.net/anonbib/cache/DBLP:conf/ccs/EdmanS09.pdf) is > >>> becoming more relevent and is worth discussing as more ISPs come out with > >>> the goal of hosting lots and lots of exit relays. > >> > >> ... > >> I have the utmost belief your intentions are good, but the concentration > >> of exits under a non-advertised central control warrants conversation, at > >> least. > >> > >> If the end goal is turning $ into relays, not all paths are paved with > >> equal mind to security and it might be worth considering donation-backed > >> alternatives. > > > > Actually, Jordan, I appreciate your input, but Greypony is technically > > operating as a nonprofit organization right now. We’re completing the > > paperwork to be considered an official nonprofit. We allow people to > > operate their own relay, on their own HVM instance (which we don’t have > > access to) for a donation of $15/month for a basic model A instance. > > > > They’re totally separately and independently operated relays. We don’t tell > > them how to operate their relays. We provide support, we provide > > suggestions, but we don’t operate it for them, we don’t install anything > > for them, and we’re completely hands off unless they need support with > > something. Our job is to provide the instance and the bandwidth. > > This is the 5th list post in the last few weeks describing Greypony IT's > services, operators, or relays. > > There have also been several critical posts. > > Please take a break from promoting or criticising Greypony on this list > until at least October 2018. > > If you feel the need to respond, please use another platform. > > Thanks > > T > ___ > t
Re: [tor-relays] Policy Question: Tor Exits at Universities, Corporate Networks, etc
I know this is an issue of semantics here, but when you say “Tor Exit in Turkey censoring access to various access to various websites” you’re kind of putting the onus on them directly instead of the repressive anti-free speech regime that they are operating the the exit under. Why not be more clear and direct with your language and state the “Tor Exit in Turkey that is being actively censored by it’s upstream” or the “Tor Exit that is being actively censored by an unknown third party” instead of putting the blame on them? Furthermore, even western countries have limits to what you can access from those countries. As others have said - you can’t access torrent sites from the UK, heck, you can’t even access EncyclopediaDramatica (certain pages of it anyway) from Australia. Should we mark those exits as bad because they can’t access certain pages as well? > On Sep 1, 2018, at 4:56 PM, Nathaniel Suchy wrote: > > Recently we've been discussing a Tor Exit in Turkey censoring access to > various websites. > > It's less to some err, disagreements on what should and should not be > allowed. I've seen a few opinions: > *) It grants an outside view at what Turkey censors > *) It could push new tor users away > > This leads me to question if it's okay for a Tor Exit to be on a censored > network are the following scenarios now allowed? > *) A Tor Exit behind a Corporate Network and Web Filter > *) A Tor Exit behind a University Network and Web Filter > Under the logic with the Turkey exit relay it should be right? > > Cordially, > Nathaniel > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays signature.asc Description: Message signed with OpenPGP ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Lets increase Routing Security for Tor related BGP Prefixes
Here’s OVH’s non-response: Start OVH Thank you for contacting OVH with regards to BGP hijacking; we apologize for the delay in response. From the current status of discussion on the subject, it appears implementing ROA / RPKI is still in development but not a priority; I am afraid at the moment we have no information on a possible ETA for it. The goal would be to eventually implement BGPSec , as ROA / RPKI only verifies the origin of an IP address regarding the AS which is announcing it. At the moment, what we propose to you is to ensure you have ways of detecting BGP hijacks on your services; for instance you may search online for "how to detect BGP hijacking on my service". Shall you have any doubts or concerns, please let us know. For any other questions or concerns, please feel free to contact us through a support ticket or through our toll-free line at 1-855-684-5463. We’re here 24/7 to help you! We thank you again for choosing OVH, <<< On Aug 26, 2018, at 10:30 AM, nusenu wrote: > > Signed PGP part > > > Paul Templeton: >> Ticket number 165858113 created. We will wait for a response and I will post >> it. >> >> :-) Paul > > > > >> OVH Ticket Number 6993458396 created. > > > thanks appreciated, > looking forward to the answers. > > > > > -- > https://twitter.com/nusenu_ > https://mastodon.social/@nusenu > > > signature.asc Description: Message signed with OpenPGP ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] 4 of Conrad Rockenhaus trial servers are in the top ten exit relays for Canada
Hi teor, It seems the criticism originated from one guy (Ralph) and one troll who bravely refuses to identify himself. You want me to stop talking about even the cool things we’re accomplishing thing (like pumping lots of ultra fast bandwidth into the community) because of these two, perhaps one yahoos? Thanks, Conrad On Tue, Aug 28, 2018 at 11:37 PM teor wrote: > Hi Conrad (and staff and operators), > > > On 28 Aug 2018, at 22:16, Conrad Rockenhaus > wrote: > > > >> > >> On Aug 27, 2018, at 8:02 PM, Jordan wrote: > >> > >>> ... > >>> The research in this paper ( > https://www.freehaven.net/anonbib/cache/DBLP:conf/ccs/EdmanS09.pdf) is > becoming more relevent and is worth discussing as more ISPs come out with > the goal of hosting lots and lots of exit relays. > >> > >> ... > >> I have the utmost belief your intentions are good, but the > concentration of exits under a non-advertised central control warrants > conversation, at least. > >> > >> If the end goal is turning $ into relays, not all paths are paved with > equal mind to security and it might be worth considering donation-backed > alternatives. > > > > Actually, Jordan, I appreciate your input, but Greypony is technically > operating as a nonprofit organization right now. We’re completing the > paperwork to be considered an official nonprofit. We allow people to > operate their own relay, on their own HVM instance (which we don’t have > access to) for a donation of $15/month for a basic model A instance. > > > > They’re totally separately and independently operated relays. We don’t > tell them how to operate their relays. We provide support, we provide > suggestions, but we don’t operate it for them, we don’t install anything > for them, and we’re completely hands off unless they need support with > something. Our job is to provide the instance and the bandwidth. > > This is the 5th list post in the last few weeks describing Greypony IT's > services, operators, or relays. > > There have also been several critical posts. > > Please take a break from promoting or criticising Greypony on this list > until at least October 2018. > > If you feel the need to respond, please use another platform. > > Thanks > > T > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > -- Conrad Rockenhaus https://www.rockenhaus.com -- Get started with GreyPony Anonymization Today! https://www.greyponyit.com ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] [tor-talk] Exit in Turkey blocking torproject (komm EA93C), BadExit, Node Subscription Services, Censorship
Good God every conversation, now. Anyway. This exit isn’t bad exit material. Turkey has been known to block Tor though, I’m actually proud of this guy for having the cajones (also known as balls to those of you who don’t habla espanol) to operate an exit in country such as Turkey, which absolutely hates freedom inducing technologies such as Tor. Let’s give this guy (or gal) the atto-boy by marking the exit as a bad-exit just because stuff gets blocked in autocratic regimes that this operator has no control over. None, absolutely none. They screw with the DNS servers over there, that’s why during the last uprising they were tagging “8.8.8.8” on the walls. Now they’re doing things a little more sophisticated. Either way, this guy gives us a window to see what is blocked and what isn’t blocked within the Turkish thunderdome. -Conrad > On Aug 30, 2018, at 9:24 PM, Nathaniel Suchy wrote: > > What if a Tor Bridge blocked connections to the tor network to selective > client IPs? Would we keep it in BridgeDB because its sometimes useful? > > On Thu, Aug 30, 2018 at 10:02 PM arisbe wrote: > >> Children should be seen and not herd. The opposite goes for Tor relays. >> Arisbe >> >> >> On 8/30/2018 2:11 PM, Nathaniel Suchy wrote: >> >> So this exit node is censored by Turkey. That means any site blocked in >> Turkey is blocked on the exit. What about an exit node in China or Syria or >> Iraq? They censor, should exits there be allowed? I don't think they >> should. Make them relay only, (and yes that means no Guard or HSDir flags >> too) situation A could happen. The odds might not be in your favor. Don't >> risk that! >> >> Cordially, >> Nathaniel Suchy >> >> On Thu, Aug 30, 2018 at 3:25 PM grarpamp wrote: >> >>> This particular case receiving mentions for at least a few months... >>> D1E99DE1E29E05D79F0EF9E083D18229867EA93C kommissarov 185.125.33.114 >>> >>> The relay won't [likely] be badexited because neither it nor its upstream >>> is >>> shown to be doing anything malicious. Simple censorship isn't enough. >>> And except for such limited censorship, the nodes are otherwise fully >>> useful, and provide a valuable presence inside such regions / networks. >>> >>> Users, in such censoring regimes, that have sucessfully connected >>> to tor, already have free choice of whatever exits they wish, therefore >>> such censorship is moot for them. >>> >>> For everyone else, and them, workarounds exist such as,,, >>> https://onion.torproject.org/ >>> http://yz7lpwfhhzcdyc5y.onion/ >>> search engines, sigs, vpns, mirrors, etc >>> >>> Further, whatever gets added to static exitpolicy's might move out >>> from underneath them or the censor, the censor may quit, or the exit >>> may fail to maintain the exitpolicy's. None of which are true >>> representation >>> of the net, and are effectively censorship as result of operator action >>> even though unintentional / delayed. >>> >>> Currently many regimes do limited censorship like this, >>> so you'd lose all those exits too for no good reason, see... >>> https://ooni.torproject.org/ >>> >>> https://en.wikipedia.org/wiki/Internet_censorship_and_surveillance_by_country >>> >>> And arbitrarily hamper spirits, tactics, and success of volunteer >>> resistance communities and operators in, and fighting, such regimes >>> around the world. >>> >>> And if the net goes chaotic, majority of exits will have limited >>> visibility, >>> for which exitpolicy / badexit are hardly manageable solutions either, >>> and would end up footshooting out many partly useful yet needed >>> exits as well. >>> >>> >>> If this situation bothers users, they can use... SIGNAL NEWNYM, >>> New Identity, or ExcludeExitNodes. >>> >>> They can also create, maintain and publish lists of whatever such >>> classes of nodes they wish to determine, including various levels >>> of trust, contactability, verification, ouija, etc... such that others >>> can subscribe to them and Exclude at will. >>> They can further publish patches to make tor automatically >>> read such lists, including some modes that might narrowly exclude >>> and route stream requests around just those lists of censored >>> destination:exit pairings. >>> >>> Ref also... >>> https://metrics.torproject.org/rs.html#search/as:AS197328%20flag:exit >>> https://metrics.torproject.org/rs
Re: [tor-relays] Individual Operator Exit Probability Threshold
The website is old and has been updated. We are providing up do 100 MiB/s now. Thanks, Conrad > On Aug 28, 2018, at 7:16 AM, livak wrote: > > 10 MiB/s may right for me, but I would try to get > as much bandwidth as I could, up to the 10% of the > consensus weight limit criteria. > > Livak > > > Sent with ProtonMail Secure Email. > > ‐‐‐ Original Message ‐‐‐ > On August 25, 2018 11:56 PM, Paul Templeton wrote: > >>> About finding sponsors for high speed exits, it could be nice >>> to gather ideas. >> >> Can I ask what is a high speed/capacity exit? For me it would be >10MiB/s am >> I correct? >> >> Paul >> >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays signature.asc Description: Message signed with OpenPGP ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Individual Operator Exit Probability Threshold
Hi Livak, Yes, there are compiled tor relay packages for BSD, they exist in packages - for FreeBSD is pkg install tor and for OpenBSD it’s pkg_add tor. For FreeBSD, you’ll want to switch packages from quarterly to latest prior to installing tor though. You may also compile from source - the ports collection is available on each instance. Thanks, Conrad > On Aug 28, 2018, at 7:09 AM, livak wrote: > > Hi Conrad: > > I'm pretty sure I'm taking your offer about the free trial. > > I'm having a question, though: > > I think there are no compiled tor relay packages for BSD, > so I may compile it on my own, right ? > > Livak > > > Sent with ProtonMail Secure Emai signature.asc Description: Message signed with OpenPGP ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] 4 of Conrad Rockenhaus trial servers are in the top ten exit relays for Canada
> On Aug 27, 2018, at 8:02 PM, Jordan wrote: > >> Tor will already avoid making circuits where two IP Addresses in the same >> /24 are involved. The research in this paper >> (https://www.freehaven.net/anonbib/cache/DBLP:conf/ccs/EdmanS09.pdf) is >> becoming more relevent and is worth discussing as more ISPs come out with >> the goal of hosting lots and lots of exit relays. > > A valid point, thanks for linking the paper. I have the utmost belief your > intentions are good, but the concentration of exits under a non-advertised > central control warrants conversation, at least. > > If the end goal is turning $ into relays, not all paths are paved with equal > mind to security and it might be worth considering donation-backed > alternatives. > > Have a good one, > > -- > Jordan > https://yui.cat/ Actually, Jordan, I appreciate your input, but Greypony is technically operating as a nonprofit organization right now. We’re completing the paperwork to be considered an official nonprofit. We allow people to operate their own relay, on their own HVM instance (which we don’t have access to) for a donation of $15/month for a basic model A instance. They’re totally separately and independently operated relays. We don’t tell them how to operate their relays. We provide support, we provide suggestions, but we don’t operate it for them, we don’t install anything for them, and we’re completely hands off unless they need support with something. Our job is to provide the instance and the bandwidth. Thank you, Conrad signature.asc Description: Message signed with OpenPGP ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] 4 of Conrad Rockenhaus trial servers are in the top ten exit relays for Canada
The trial period was for 30 days for one server. You were able to try out three servers at the same time. WHMCS calculated your trial period at 10 days and scheduled your instances for deletion. You didn’t even give me half of a day before you started acting paranoid that your instances were deleted because you didn’t want to pay for the service, which wasn’t the case at all, I didn’t even get the chance to look at the reason at what happened, or to even correct what happened, before you became hateful and became abusive. I decided the best course of action was to just disengage because I will not tolerate abuse of myself nor any employee of GreyPony. However, I won’t tolerate slander on the mailing list either. You received excellent service during your free trial. You had a custom Gentoo Image, just for you, deployed, which you were quite happy with, and now you have the audacity to slander Nathaniel’s and I’s work? Thank you, Have a good day. > On Aug 27, 2018, at 12:59 PM, Ralph Seichter wrote: > > On 27.08.18 19:11, zimmer linux wrote: > >> Well done to Conrad - I say. The more, the merrier. > > I disagree. My personal experience with the trial, or more specifically > with Conrad's behaviour, made it clear to me that he is not the kind of > person I want to have a business relationship with. The honeymoon phase > was quickly over after I said I would not rent VMs for the rest of this > year, and what followed convinced me that I definitely can NOT recommend > GreyPony IT. Your mileage may vary. > > -Ralph > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays signature.asc Description: Message signed with OpenPGP ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Congrats to Nullvoid
> On Aug 26, 2018, at 12:43 PM, grarpamp wrote: > > On 8/26/18, nusenu wrote: >> Conrad Rockenhaus: >>> I just wanted to say congratulations to Nullvoid, who is currently running >>> the second fastest exit in France in my colo in Europe. > >> allowing port 25 on purpose or accidentally? > > Either way, up to the operator, some do it for the lols. > >>> Also, go FreeBSD! >> >> consider updating that tor version > > Not a problem with FreeBSD. > > Switch over to https and latest... > > /etc/pkg/FreeBSD.conf: > > url: "pkg+https://pkg.FreeBSD.org/${ABI}/latest;, > > and run 'pkg upgrade' . > > If it's a shared box, you probably also want > devcpu-data, and optionally cpupdate. Luckily, the instances aren’t running on shared boxes, each user runs on their own XenServer HVM instance, so they have dedicated control of their own instance. What Nullvoid does is basically up to him at this point, but I strongly agree with the recommendations that everyone is recommending. -Conrad signature.asc Description: Message signed with OpenPGP ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Congrats to Nullvoid
I just wanted to say congratulations to Nullvoid, who is currently running the second fastest exit in France in my colo in Europe. https://metrics.torproject.org/rs.html#details/51420DFB2047A33803A9A6E456D627937DD6E316 Also, go FreeBSD! Thanks, Conrad signature.asc Description: Message signed with OpenPGP ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Individual Operator Exit Probability Threshold
> On Aug 25, 2018, at 6:56 PM, Paul Templeton wrote: > > >> About finding sponsors for high speed exits, it could be nice >> to gather ideas. > > Can I ask what is a high speed/capacity exit? For me it would be >10MiB/s am > I correct? > > Paul I’m not advertising, but I run a nonprofit organization that offers instances to run Tor exits that burst up to 1 Gbit/s for $15/month with no caps on data transfer and guaranteed bandwidth. One person who runs an exit within this group has the fastest exit in Canada at this point. $15/mo is three cups of coffee from Starbucks, a meal at a restaurant, or going to a movie. I have been told that this is an excessive charge and quite frankly some of the excuses I read were ridiculous. Do people really need to pursue corporate sponsorship when you can get fast exits starting at $15/mo? Get three guys to give up a cup of coffee and you have an exit. Done. There’s other organizations as well, but I just brought up my own because, well, I know my own pricing the best. Livak- Would you like to have a server dedicated just to you? I’m game, I’ll even chip in, if you put some skin in the game. I have some conditions: 1) It has to run a BSD Operating System 2) No Corporate sponsorship. Corporate Sponsors want governance, which we don’t want. A sponsor is never hands off. 3) You must find some people that are willing to chip in to pay for the bandwidth costs of this server. I’m not going to completely sponsor you. I have spent enough supporting Tor exits over the past three months. 4) Over 9000? Excluding colocation costs, power, and all of that stuff I pay, it’s about $85/server, and I’m estimating here, so you’re probably winning in the end. Get a couple of people to throw you $10, you throw in a couple of bucks, then bam, done. Easy day, mission accomplished, and not in the Bush way either. Thanks, Conrad signature.asc Description: Message signed with OpenPGP ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Lets increase Routing Security for Tor related BGP Prefixes
OVH Ticket Number 6993458396 created. signature.asc Description: Message signed with OpenPGP ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Individual Operator Exit Probability Threshold
> On Aug 25, 2018, at 8:39 AM, livak wrote: > > Thanks "I", > > About finding sponsors for high speed exits, it could be nice > to gather ideas. > On the other side, if someone wants to contact me to develop > the idea, I'm ready for it. > > Livak > > > Sent with ProtonMail Secure Email. > The first thing corporate sponsors always ask when you ask them for money (or services in kind), and I know this as I have done nonprofit work in the past after I retired from the US Navy, is the following question, paraphrased for brevity: “What skin are you going to have in the game?” You’re not going to administer a relay for multiple hours each day, how many hours are you going to spend fundraising for this project each day, oh and you’re running something that has the chance to give us bad publicity anyway (to the average user of XYZ Internet Services.) More times than not, accepting something for donation is more work than just purchasing it yourself, or getting a person or two together and pooling your money together. Things can be cheaper in the long run, just my $0.02 from experience. I do wish you success in developing this idea though, I really do. Don’t consider this me crapping all over your idea, just consider this practical experience from me having the door slammed in my face numerous times while trying to help inner city youth with technology, a noble goal that still resulted in many door slams. Thanks, Conrad signature.asc Description: Message signed with OpenPGP ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Yay, Complaints
> On Aug 24, 2018, at 3:50 PM, Dave Warren wrote: > > On 2018-08-23 17:56, Conrad Rockenhaus wrote: >> This mainly seemed to be an issue of miscommunication - I had one party that >> I was in communication with at the beginning who said that this was going to >> be a perfectly okay endeavor, equipment gets plugged in, day one passes with >> a couple of abuse complaints, no problems. Day two comes around, and a new >> guy comes in. That’s when it hit the fan. > > Do you think it was an actual miscommunication, or perhaps just a salesdroid > selling something different than they actually offer? > Since I contacted someone in their abuse department, I believe it’s more of the lines of miscommunication. Maybe the abuse people are confused :/ signature.asc Description: Message signed with OpenPGP ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Yay, Complaints
> On Aug 23, 2018, at 6:20 PM, I wrote: > > When I've met the same attitude I've had some luck by immediately saying they > could wipe the hard drive to exterminate all devils, and even give me a > different ip address, to show my interest in keeping our relationship going. > I told them torrenting is not what tor's for and I want to get rid of them as > much as anybody. > > Since they didn't comprehend or listen properly to the longer sensible > explanation it was surprising that they liked the simple story. > > Rob > This mainly seemed to be an issue of miscommunication - I had one party that I was in communication with at the beginning who said that this was going to be a perfectly okay endeavor, equipment gets plugged in, day one passes with a couple of abuse complaints, no problems. Day two comes around, and a new guy comes in. That’s when it hit the fan. They listened to reason and that was good enough with me. This gives me a chance to repair the relationship to the point where I can eventually open the relays back up at some point. In fact, they’ve stated that they don’t care if the relays are completely open, they just don’t want to deal with the complaints. If Irdeto actually followed emailed me per the ARIN database (like the other complaining parties did today), there wouldn’t be any problem. The problem lays with the fact that Irdeto has consistently decided to disregard the fact that these IPs are reassigned and just emails the upstream, probably because they know they would get more of a reaction that way. Thanks, Conrad signature.asc Description: Message signed with OpenPGP ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Yay, Complaints
It’s located in Denver, but Colin had a good suggestion to have everyone run a reduced exit policy for now until things cool down a little, and the provider seemed to cool down their stance after I approached them with that idea and stated that they just wanted the flood of abuse emails to stop, and even suggested that I reach out to the copyright holders and try to get them to contact me directly, since the IPs are SWIPped to me and that is the proper procedure anyway. So, the new colo stays alive for now…. I’ll let things cool down for a bit then we’ll open the exit policies back up and see where things go from there. Thanks, Conrad > On Aug 23, 2018, at 2:30 PM, Franklin Bynum wrote: > > Where is your hardware physically located? If it’s in the United States, I > can probably help you get your stuff back. > > — > Franklin Bynum > Lawyer > Bynum Law Office > 708 Main Street > Houston, Texas 77002 > Dial “713 LAW FIRM” > +1 713 529-3476 > >> On Aug 23, 2018, at 07:51, Conrad Rockenhaus wrote: >> >> So, new equipment gets plugged into a colo…. I’m a dude that was looking to >> increase AS diversity on Tor and well, decided to add a new colo to the mix. >> >> Two exit relays are brought online on properly SWIPed IP addresses. These >> exit relays have only been online for about 24 hours. >> >> An organization, known as Irdeto Intelligence, ignores the fact that the IP >> addresses are SWIPed and sends abuse complaints to my upstream providers >> asking them to straighten me out, because I’m a pox on society because >> people are torrenting via Tor. They have sent over 40 emails in the last 12 >> hours. >> >> Some dude-man, who calls himself a “Network Security Administrator” who >> asked me to explain what Tor is……….because he’s a Network Security >> Administrator……..has told me that due to the volume of complaints I need to >> block the offending applications from their network. >> >> I told him that I spoke with them prior to bringing this stuff online, >> explained what Tor was, explained what a Tor exit was, explained that it >> will generate complaints, explained the DCMA liability, explained the whole >> thing…..and was told that they were okay with it. >> >> I’m sorry for the bitching and moaning…it’s just another case of doing >> everything right and now I’m quite worried that they’ll not only pull the >> plug, that I’ll have to fight to get my Cisco UCS blade server back (and >> other assorted equipment) which is totally not going to be cool. >> >> Conrad >> ___ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays signature.asc Description: Message signed with OpenPGP ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Yay, Complaints
So, new equipment gets plugged into a colo…. I’m a dude that was looking to increase AS diversity on Tor and well, decided to add a new colo to the mix. Two exit relays are brought online on properly SWIPed IP addresses. These exit relays have only been online for about 24 hours. An organization, known as Irdeto Intelligence, ignores the fact that the IP addresses are SWIPed and sends abuse complaints to my upstream providers asking them to straighten me out, because I’m a pox on society because people are torrenting via Tor. They have sent over 40 emails in the last 12 hours. Some dude-man, who calls himself a “Network Security Administrator” who asked me to explain what Tor is……….because he’s a Network Security Administrator……..has told me that due to the volume of complaints I need to block the offending applications from their network. I told him that I spoke with them prior to bringing this stuff online, explained what Tor was, explained what a Tor exit was, explained that it will generate complaints, explained the DCMA liability, explained the whole thing…..and was told that they were okay with it. I’m sorry for the bitching and moaning…it’s just another case of doing everything right and now I’m quite worried that they’ll not only pull the plug, that I’ll have to fight to get my Cisco UCS blade server back (and other assorted equipment) which is totally not going to be cool. Conrad signature.asc Description: Message signed with OpenPGP ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Interested in running a FreeBSD Relay on Cogent?
Would you like to trial a FreeBSD Relay on Cogent until October 1st? Yes, it has to be FreeBSD, because I use Bhyve as my hypervisor and some of my blades don’t support UG, which means, I support FreeBSD only on these series of servers. If you’re interested in a Model “A” (25GB HDD, 1vCPU, 2GB RAM, burstable up to 1gbit of bandwidth/unlimited transfer) running FreeBSD and would like to try it out until October 1st, just send me your Public Key. My hope is you will keep it online and hopefully increase the BSD Relay percentage to 7%. After October 1st its only $15/mo, which is my costs alone. You don’t have to worry about abuse complaints, I handle that for you. You just worry about running your exit and maintaining your OS. I take care of everything else. If you’re interested, send me a public key. Thanks, Conrad signature.asc Description: Message signed with OpenPGP ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] public relay stats
We’re still getting the archive together, we have a bunch from July to put up still, but we are noticing a trend, of course, of automated DCMAs specifically just for torrented copyrighted works. -- Conrad Rockenhaus Public Key: http://www.sks-keyservers.net:11371/pks/lookup?op=get=0x0F72F2B526DAE93F <http://www.sks-keyservers.net:11371/pks/lookup?op=get=0x0F72F2B526DAE93F> https://www.rockenhaus.com <https://www.rockenhaus.com> -- Get started with GreyPony Anonymization Today! https://www.greyponyit.com <https://www.greyponyit.com/> From: tor-relays On Behalf Of Nathaniel Suchy Sent: Friday, August 10, 2018 4:30 PM To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] public relay stats A link to the DMCA Archive for those who want to see them: https://github.com/GreyPony/dmca On Fri, Aug 10, 2018 at 4:38 PM mailto:con...@rockenhaus.com> > wrote: I'm gathering them for all of the Greypony relays...if you're interested in that information, I can give you some charts if you want. I plan to start publishing them soon, we're still revamping our website and just started publishing all of the DCMAs we receive. -- Conrad Rockenhaus Public Key: http://www.sks-keyservers.net:11371/pks/lookup?op=get=0x0F72F2B526DAE93F https://www.rockenhaus.com -- Get started with GreyPony Anonymization Today! https://www.greyponyit.com -Original Message- From: tor-relays mailto:tor-relays-boun...@lists.torproject.org> > On Behalf Of nusenu Sent: Friday, August 10, 2018 3:31 PM To: tor-relays@lists.torproject.org <mailto:tor-relays@lists.torproject.org> Subject: [tor-relays] public relay stats Hi, if you are publishing traffic/bandwidth stats for your relays, please send me a pointer to them (off-list) thanks, nusenu -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu ___ tor-relays mailing list tor-relays@lists.torproject.org <mailto:tor-relays@lists.torproject.org> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays pgp93AFuGFvLp.pgp Description: PGP signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] public relay stats
Just to clarify this, since there's some confusion - by publish, I meant on XOA, which requires a username/password to access. It's not a public site. Forgive me for not making that clearer. And yes, the users know these statistics are being gathered, they have commented on how pretty the charts are. Respectfully, Conrad Rockenhaus -- Conrad Rockenhaus Public Key: http://www.sks-keyservers.net:11371/pks/lookup?op=get=0x0F72F2B526DAE93F https://www.rockenhaus.com -- Get started with GreyPony Anonymization Today! https://www.greyponyit.com -Original Message- From: con...@rockenhaus.com Sent: Friday, August 10, 2018 3:38 PM To: tor-relays@lists.torproject.org Subject: RE: [tor-relays] public relay stats I'm gathering them for all of the Greypony relays...if you're interested in that information, I can give you some charts if you want. I plan to start publishing them soon, we're still revamping our website and just started publishing all of the DCMAs we receive. -- Conrad Rockenhaus Public Key: http://www.sks-keyservers.net:11371/pks/lookup?op=get=0x0F72F2B526DAE93F https://www.rockenhaus.com -- Get started with GreyPony Anonymization Today! https://www.greyponyit.com -Original Message- From: tor-relays On Behalf Of nusenu Sent: Friday, August 10, 2018 3:31 PM To: tor-relays@lists.torproject.org Subject: [tor-relays] public relay stats Hi, if you are publishing traffic/bandwidth stats for your relays, please send me a pointer to them (off-list) thanks, nusenu -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] public relay stats
I'm gathering them for all of the Greypony relays...if you're interested in that information, I can give you some charts if you want. I plan to start publishing them soon, we're still revamping our website and just started publishing all of the DCMAs we receive. -- Conrad Rockenhaus Public Key: http://www.sks-keyservers.net:11371/pks/lookup?op=get=0x0F72F2B526DAE93F https://www.rockenhaus.com -- Get started with GreyPony Anonymization Today! https://www.greyponyit.com -Original Message- From: tor-relays On Behalf Of nusenu Sent: Friday, August 10, 2018 3:31 PM To: tor-relays@lists.torproject.org Subject: [tor-relays] public relay stats Hi, if you are publishing traffic/bandwidth stats for your relays, please send me a pointer to them (off-list) thanks, nusenu -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Canned Abuse Response
Hello, I'm just curious, does anyone happen to have a canned abuse response that contains the safe harbor provisions of the DCMA? I figured I would ask before I wrote up a really long email. Thanks, Conrad -- Conrad Rockenhaus Fingerprint: 8049 CDBA C385 C451 3348 776D 0F72 F2B5 26DA E93F Public Key: https://pgp.key-server.io/pks/lookup?op=get=0x0F72F2B526DAE93F https://www.rockenhaus.com -- Get started with GreyPony Anonymization Today! https://www.greyponyit.com ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Emails
I'm suddenly without my tor-relays emails and I'm beginning to withdrawal test 1...2...3? Thanks, Conrad -- Conrad Rockenhaus Fingerprint: 8049 CDBA C385 C451 3348 776D 0F72 F2B5 26DA E93F Public Key: https://pgp.key-server.io/pks/lookup?op=get=0x0F72F2B526DAE93F https://www.rockenhaus.com -- Get started with GreyPony Anonymization Today! https://www.greyponyit.com ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] AS awareness
I did want to note one thing about these big ASes... sure, they may be big ASes, but they are still lacking in one major area - Exits. OVH has almost 4.5 Gbit/s of relay bandwidth available within the AS. However, if you search for exits, that rapidly drops to just under 750 mbit/s. I'm more than positive all of the other big ASes are the same way. A little off topic, but it just amazes me how much exit capacity these sites actually have, but people aren't willing to sign up for services whose TOS permits running an exit (or can't afford it), so they run a relay at an overly saturated site. Thanks, Conrad -- Conrad Rockenhaus Fingerprint: 8049 CDBA C385 C451 3348 776D 0F72 F2B5 26DA E93F Public Key: https://pgp.key-server.io/pks/lookup?op=get=0x0F72F2B526DAE93F https://www.rockenhaus.com -- Get started with GreyPony Anonymization Today! https://www.greyponyit.com -Original Message- From: tor-relays On Behalf Of nusenu Sent: Sunday, July 29, 2018 4:43 PM To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] AS awareness Mirimir: > On 07/29/2018 02:26 PM, nusenu wrote: >>>> If I know the relays IP I could give you the probabilities of your >>>> relay relaying traffic to others in the same AS (since a relay will >>>> usually not be used with others in the same /16 netblock) >>> >>> It'd be better for relays to avoid connecting within an AS, right? >> >> better according to what metric? > > Risk of coordinated compromise. that is a very generic and short description -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Question regarding variables in torrc
Hello All, I haven't had a chance to experiment with it yet, but can I source a variable from the tor startup script, let's say the IPv6 address of an instance, and define that within torrc as follows ORPort [$Instance_IPv6_ADDR]:443 I'm sure if it's possible it would of already been done. I just wanted to see if there was an easy fix for simplifying templates for end users. Thanks, Conrad -- Conrad Rockenhaus Fingerprint: 8049 CDBA C385 C451 3348 776D 0F72 F2B5 26DA E93F Public Key: https://pgp.key-server.io/pks/lookup?op=get=0x0F72F2B526DAE93F https://www.rockenhaus.com -- Get started with GreyPony Anonymization Today! https://www.greyponyit.com ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] greyponyit.com free trial report
On Friday, July 27, 2018 3:32:28 AM CDT Dmitrii Tcvetkov wrote: > Since 25.07.2018 I'm running Tor exit relay > BBF17F784433635FA28E7E585D05FE3B15A31A6B on FreeBSD VPS. Although > AS16276 is quite crowded, fact that IP address space is SWIPed to Conrad > Rockenhaus means that I, as relay operator, don't need to deal with a > torrent of abuse complaints because of usual exit activity. This allows > to run relay with default exit policy. > > The VPS has OS FreeBSD 11.2 on KVM hypervisor (hypervisor maybe > different for newer VPS though), storage is ZFS on GPT. > > The relay is too young to reach it's full potential, I may post > updates in the future. Thank you for the note. I just wanted to advise that the AS that I'm provising new nodes on presently is crowded as my other site isn't ready yet (it's a colo so I have to physically ship new equipment there) but my intention is to introduce more FreeBSD Exits to Tor, not just ordinary relays. I think we could always use a few more exits even in this AS. The newer infrastructure is Xen based now. So far we've successfully added nine FreeBSD Tor Exits in the past few days. I think that's great for OS Diversity and for expanding the amount of capacity and overal quaility of service we provide to our end users. Thank you to everyone for your interest and if you are interested in running a FreeBSD or even a...Linux Exit relay with a one month trial please don't hesitate to let me know. Finally, I've been asked - what's my motivation here? Honestly, I'm supporting the community and the Torproject, and I wish I could do it for free, but I have to charge for the cost of hosting+slight overhead. I don't make a profit. This project is here because I see a huge gap in high speed exits and want to provide the community the opportunity to help. I hope that smooths over any questions anyone has. Conrad -- Conrad Rockenhaus https://www.rockenhaus.com -- Get started with GreyPony Anonymization Today! https://www.greyponyit.com signature.asc Description: This is a digitally signed message part. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Expanded Free Trial For Exit Relays
Hello, One of the guys trying out my services suggested that I offer a free trial to those who would like to run Linux Tor Exit Relays or just plain relays or even bridges. So I am. I would prefer you would use FreeBSD (Still working on OpenBSD) but I'll offer Linux if it helps expand Tor. So, I'll offer this - 1 vCPU, 2GB RAM, 10GB HDD, 100mbit/unmetered bandwidth. Address space is SWIPed to me. I'm still automating things so I don't have a nice control panel online yet, should have it by this weekend though. If you're interested, please email me a public RSA key and I will create an instance for you. Thanks, Conrad -- Conrad Rockenhaus https://www.rockenhaus.com -- Get started with GreyPony Anonymization Today! https://www.greyponyit.com signature.asc Description: This is a digitally signed message part. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Discounts/Free Trials on BSD instances to promote BSD relays?
Completely unrelated, but I just realized- why the heck am I using XenServer or even Xen when I can just use bhyve? Shoot, I just solved most of my automation issues right there. I’m not running jails only because I’m promising a complete 100% your own VM and because I have people asking for OpenBSD. Of course, I could always offer a jail environment as the freebie for a month package from now on, except for those I’ve already promised OpenBSD to. What are thr thoughts on just using HardenedBSD Jails as the free/try BSD and tor out environment? Thanks, Rock On Fri, Jul 20, 2018 at 2:20 AM Conrad Rockenhaus wrote: > On Thu, Jul 19, 2018 at 5:10 PM, nusenu wrote: > > > > > > Conrad Rockenhaus: > >> 1 vCPU > >> 2 GB RAM > >> 30 GB Disk > >> 10 mbit/Unlimited Traffic > >> > >> I'll adjust the numbers as I assess demand, I just don't want a > >> potential high level of interest and have to turn people away. Do > >> these numbers sound reasonable? > > > > maybe increase the bw to ~20 mbps to make guards possible > > Ok, that sounds reasonable. Please note, this is for a free > trial/basic XenU VM. I will make other flavors available. > > I will also make sure that these are burstable to a certain extent, I > don't want to oversubscribe or slow things down. > > Thanks, > > Conrad > > -- > Conrad Rockenhaus > > Get started with GreyPony Anonymization Today! > > https://www.greyponyit.com > -- Conrad Rockenhaus https://www.rockenhaus.com -- Get started with GreyPony Anonymization Today! https://www.greyponyit.com ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Discounts/Free Trials on BSD instances to promote BSD relays?
On Thu, Jul 19, 2018 at 5:10 PM, nusenu wrote: > > > Conrad Rockenhaus: >> 1 vCPU >> 2 GB RAM >> 30 GB Disk >> 10 mbit/Unlimited Traffic >> >> I'll adjust the numbers as I assess demand, I just don't want a >> potential high level of interest and have to turn people away. Do >> these numbers sound reasonable? > > maybe increase the bw to ~20 mbps to make guards possible Ok, that sounds reasonable. Please note, this is for a free trial/basic XenU VM. I will make other flavors available. I will also make sure that these are burstable to a certain extent, I don't want to oversubscribe or slow things down. Thanks, Conrad -- Conrad Rockenhaus Get started with GreyPony Anonymization Today! https://www.greyponyit.com ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Discounts/Free Trials on BSD instances to promote BSD relays?
On Wed, Jul 18, 2018 at 8:42 PM, I wrote: > Conrad, > > For diversity I would participate and learn to use BSD to run a relay. > > Robert Robert, You (and anyone else who's interested) is more than welcome to send me an email with an RSA public key, along with your choice of OS (FreeBSD or OpenBSD) and a RSA Public Key for your authorized_keys file, and once I'm ready to start spinning up instances, which should be hopefully this weekend if not by Monday, I will email everyone and let you know what your IP/hostname is. If you have a preferred hostname.greyponyit.com or hostname.yourdomainname.com please let me know that as well. I should have that part somewhat automated at some point as well, just trying to get things off the ground. Thanks, Conrad -- Conrad Rockenhaus Get started with GreyPony Anonymization Today! https://www.greyponyit.com ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Discounts/Free Trials on BSD instances to promote BSD relays?
Thank you for letting me know, I will look into this! I greatly appreciate the tip. On Wed, Jul 18, 2018 at 9:03 PM, Alejandro Andreu wrote: > Hi, > > For automating the setup please consider using `gibson`[1], an effort made > by the folks at Emerald Onion to better manage a Tor relay through a set of > shell scripts. It's still in development, but just as you do, they run > everything in BSD boxes. > > Cheers! > > [1]: https://emeraldonion.org/introducing-gibson/ > > > > Original Message ---- > > On Jul 19, 2018, 09:34, Conrad Rockenhaus < con...@rockenhaus.com> wrote: > > > Howdy, > > So, anyway, I was previously more active, but I decided on a midlife > career change and was on a training path to become a Physician > Assistant. Then I was hit by a drunk driver. Now I had to drop out of > the program for the next year at least, if at all, so I'm going back > to working IT. That's the sob story. > > I like BSD, primarily FreeBSD (please flame me about how my relays > aren't secure later :P) and like promoting the use of it. I have > excess capacity on dedicated servers that I personally pay for that > are used to host portions of a very popular Wiki based Satire/Dark > Humor website. Some of that capacity is already going to Tor. On the > servers that have address space SWIPed to me, I would like to resell > that capacity specifically to host BSD based Tor relays, exits, > bridges, and hidden services. Right now I'm working on infrastructure > and a website and trying to somewhat automate things. > > The question I would like to ask, and honestly, I'm not trying to > generate customers, I honestly believe that if a Linux user actually > logs into a BSD box for the first time and sees the beauty and grace > that the differences between BSD and Linux are that they would want to > switch their own personal relay. I'm a firm believer of this. I know > there's some hardcore Linux fans out there and that's fine, there's a > legion of BSD fans too :). > > To the point - would it be fair to network stability to offer a week > long free trial to run a tor instance, well, that is if that's what > the user hopefully runs? Would such a model even have an affect on > increasing the number of BSD instances we have on Tor presently? > > And again, per a suggestion in a previous email chain that I was > involved in, I setup my ARIN and RIPE ids, and my providers have > SWIPed the address spaces to me so any and all abuse complaints will > be coming to me for the address spaces for now on. > > Thanks, > > Conrad > _______ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Conrad Rockenhaus Get started with GreyPony Anonymization Today! https://www.greyponyit.com ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Discounts/Free Trials on BSD instances to promote BSD relays?
On Wed, Jul 18, 2018 at 11:10 PM, teor wrote: > >> On 19 Jul 2018, at 11:34, Conrad Rockenhaus wrote: >> >> To the point - would it be fair to network stability to offer a week >> long free trial to run a tor instance, well, that is if that's what >> the user hopefully runs? Would such a model even have an affect on >> increasing the number of BSD instances we have on Tor presently? > > Exits typically see some traffic after a week. > > It can take guards and middles a few months to get decent traffic. > > So maybe a month-long trial would be more rewarding? > This sounds pretty reasonable. Right now I'm working on trying to automate as much as I can with bsd-cloudinit and such as well as getting the Tax Exempt status paperwork in order, as I'm trying to pursue this as an opportunity as another avenue about the educational and security benefits of using BSD systems. I don't expect to turn a profit...my hope is to break even sometime though. Anyway, I'm not sure what the level of interest would be, so I figure I would be very conservative and configure the free trial instances with the following parameters for now: 1 vCPU 2 GB RAM 30 GB Disk 10 mbit/Unlimited Traffic I'll adjust the numbers as I assess demand, I just don't want a potential high level of interest and have to turn people away. Do these numbers sound reasonable? I have room to work within. I did a horrible job of creating a web page. I had to use something to help me as my web page skills stopped at...html, maybe some JS... people expect pretty these days and I even made the machine that generates pretty pages generate ugly. That's impressive. Thanks, Conrad -- Conrad Rockenhaus Get started with GreyPony Anonymization Today! https://www.greyponyit.com ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Discounts/Free Trials on BSD instances to promote BSD relays?
Howdy, So, anyway, I was previously more active, but I decided on a midlife career change and was on a training path to become a Physician Assistant. Then I was hit by a drunk driver. Now I had to drop out of the program for the next year at least, if at all, so I'm going back to working IT. That's the sob story. I like BSD, primarily FreeBSD (please flame me about how my relays aren't secure later :P) and like promoting the use of it. I have excess capacity on dedicated servers that I personally pay for that are used to host portions of a very popular Wiki based Satire/Dark Humor website. Some of that capacity is already going to Tor. On the servers that have address space SWIPed to me, I would like to resell that capacity specifically to host BSD based Tor relays, exits, bridges, and hidden services. Right now I'm working on infrastructure and a website and trying to somewhat automate things. The question I would like to ask, and honestly, I'm not trying to generate customers, I honestly believe that if a Linux user actually logs into a BSD box for the first time and sees the beauty and grace that the differences between BSD and Linux are that they would want to switch their own personal relay. I'm a firm believer of this. I know there's some hardcore Linux fans out there and that's fine, there's a legion of BSD fans too :). To the point - would it be fair to network stability to offer a week long free trial to run a tor instance, well, that is if that's what the user hopefully runs? Would such a model even have an affect on increasing the number of BSD instances we have on Tor presently? And again, per a suggestion in a previous email chain that I was involved in, I setup my ARIN and RIPE ids, and my providers have SWIPed the address spaces to me so any and all abuse complaints will be coming to me for the address spaces for now on. Thanks, Conrad ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Question regarding ethical torrent blocking
On Sun, Jul 15, 2018 at 2:18 PM, Mirimir wrote: > > I think that you'll find blocking bittorrent to be harder than expected. > Modern protocols are well-encrypted, and DPI doesn't really touch them. > DPI was never even under consideration. I wasn't comfortable calling it "Free Speech" when I was indeed limiting access to something by implementing an exit policy. I forgot that the default policy in itself limits SMTP, and other things and my comfort level increased. -Conrad ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Question regarding ethical torrent blocking
On Sun, Jul 15, 2018 at 12:36 PM, Nagaev Boris wrote: > I think that modern copyright lays violate non aggression principle, > which includes free speech. As I agree, which is why I typically ignored such threats until my provider started enforcing said threats. > Rationale. Skip this paragraph if you already agree with the above > statement. When a person buys a hard drive they become an owner of it. > Of all its parts, including parts happen to be Fallout 4, The Elder > Scrolls V, Sweetbitter, and The Evil Within 2. Another person > establishes a private communication channel between their hard drive > and the first person's hard drive. The line between them is private, > hard drives are private property of these two people => any > intervention of force into this voluntarily interaction is an > aggression. > > If one agrees that copyright laws are incompatible with free speech > and are immoral, then he has to admit that all solutions including Tor > are technical, not fundamental. Thus the "quality" of a solution is > based not on morality but on technical properties (e.g. how much data > is transmitted, how many people can use it, etc). Free speech > considerations are not a measure at this point. If to continue > providing the service the node has to drop some connections is the > lesser evil to be accepted. You can compare it with treating an > incurable disease: you can not fix the problem in a right way but you > can reduce the suffering and increase life time of the patient. > Thank you for your very thoughtful answer. I just implemented the first choice in the ReducedExit policies in my exits to try to block the bittorrent threat from taking service away from everyone else. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Question regarding ethical torrent blocking
Hello, > Tor is designed in such a way that you can separately decide whether or > not you want to contribute to the network, and also whether or not you > are willing to deal with abuse notices. This is configured via exit > policies. I never said that, I asked if people felt it was ethical to still consider themselves contributing to "Full Free Speech" by running the default exit policy then to start deviating from the default exit policy and blocking items such as access to bittorrent. Basically, my concern is I see a legitimate use of bittorrent, which is why I never blocked it on my exits. Now I'm being forced to. I'm asking if other people view themselves as "Full Free Speech" still or are we starting to arbitrate free speech? > If abuse is threatening the continued running of your relay, then you > should take action to avoid not having a relay anymore. I am, but I'm in an ethical quandary. Do I like watching scat porn? No, but I'll defend your right to the death to watch it. > There is a page on the wiki about various reduced exit policies that > will reduce the amount of abuse notices your relay may attract: Again, we can answer the technical questions all day long, but it's not answering my true question here. > > https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy > > Exit policies are the way to configure this. Please do not try to filter > specific uses of a protocol using DPI. Application-level > filtering/firewalls is a good way to get the BadExit flag. Never thought of doing it that way. I do business by the book, what I'm questioning is am I right to call myself a Defender of the Faith by the book or should I try fighting this or what? Thanks, Conrad ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Question regarding ethical torrent blocking
Hello, I was going to ask someone off-list, but the amount of abuse and DCMA complaints I have received now have been so much that I have decided that the best action to take is to set an exit policy. I run a couple of exit nodes and I have people apparently using them to torrent, which we ask people politely not to do through Torbut the policy gets ignored I guess. Anyway, I'm receiving a sufficient amount of complaints to where I'm worried that my service may be terminated unless I take action, which would affect the greater good. So the question is - I run the default exit policy. I don't like being the arbiter of what goes through and what doesn't. Is it okay, ethically, from a free speech standpoint, to reach this point to where we say "we need to block this content from transversing my node" in response to legal complaints from others? Are others implementing these blocks and do you feel that such a block doesn't violate any ethical norm to provide uncensored access to the Internet? I'm just curious on what thoughts on this are. I know how to technically perform the block, I guess I feel like we're one of the last bastions against censorship on the Internet and people do torrent legitimate stuff. I don't consider pirating Fallout 4, The Elder Scrolls V, Sweetbitter, and The Evil Within 2 to be protected speech FYI... my worry is just blocking the legitimate uses of bittorrent. Thanks, Conrad Rockenhaus ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Alternative hoster (Re: DigitalOcean bandwidth billing changes)
Hello, In reference to this issue, I am willing to provide an alternative solution that doesn't rely on thge big 3 remaining providers that are over saturated ASNs within the network, however, I would like to gauge how many people would be generally interested in such an endeavor before I go out and execute on it. So before I invest in the hardware for a nonprofit "collective" of sorts at my friendly downtown colo facility, I would like to get an idea of how many people are interested in this, because then I could do some formulations to determine what to offer to break even. Easy Peasy. Please respond to my personal email and not to the list. Thank you. Rock On Wed, 2018-04-25 at 16:55 +0200, Ralph Seichter wrote: > On 25.04.18 16:48, Tobias Sachs wrote: > > > The interesting thing about Hetzer is that only outgoing traffic is > > counted towards the billing. > > D.O. does the same. Still, $0.01 per extra GB is theft in my book. > > > https://twitter.com/Knight1/status/988868691868749825 > > Unfortunately I beat your stats by quite a margin. :-P > > -Ralph > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] FreeBSD 11.1 ZFS Tor Image
On 03/03/2018 04:27 AM, Moritz Bartl wrote: > On 03.03.2018 07:11, Roger Dingledine wrote: >> Apparently the link from my blog post, to >> https://trac.torproject.org/projects/tor/wiki/doc/TorExitGuidelines >> no longer has any mention pro or con disk encryption. I wonder if that >> was intentionally removed by the torservers.net folks (maybe they have >> even changed their mind on the advice?), or if it just fell out because >> it's a wiki. > I added the recommendation for "no disk encryption" back then, and it > wasn't me who removed it. > > My own opinion has changed slightly: My general advice would still be to > not do disk encryption, to reduce the amount of hassle and allow easier > 'audits'. For additional protection, you better move the relay keys to a > RAM disk. > > However, in our case, we don't really care how long they keep the > machines for analysis, and we do not reuse hardware that was seized (it > goes back into the provider pool, so some other customer might be in for > a surprise...). In that case, a relay operator may decide to use disk > encryption for integrity reasons: They at least have to ask you for the > decryption key and cannot silently copy content or easily manipulate the > file system. > Personally, I think entire disk encryption just to protect the keys is way too much of a hassle. I completely agree with your solution - place the keys in a ramdisk, that's actually a great idea. I'll put that into what I'm building up right now. Regards, Conrad Rockenhaus 0x424F4C61.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Running a relay at home
On Friday, March 2, 2018 2:22:00 PM CST George wrote: > Matthew Finkel: > > On Fri, Mar 02, 2018 at 03:01:31PM -0500, Roger Dingledine wrote: > >> On Fri, Mar 02, 2018 at 07:42:11PM +, Matthew Finkel wrote: > >>> Are you running this relay at your home? If yes, then that is not > >>> recommended, but > >> > >> For the record, it's running *exit* relays at home that is not > >> recommended. Running non-exit relays at home is typically fine -- the > >> most likely problems are that some overzealous blacklist will put your > >> IP address on their list, making some websites not work so well for you > >> if you also use that IP address for your own traffic. Some of these > >> overzealous blacklists are just being stupid, because they don't > >> understand about exit policies: > >> https://www.torproject.org/docs/faq#ExitPolicies > >> but others of them are intentionally trying to harm people who are > >> trying to support Tor: > >> http://paulgraham.com/spamhausblacklist.html > > > > Just for the record, this is exactly why I don't recommend it from my > > exerience. I lost access to my bank's website (plus some other sites) > > for a while because I did this. It's must less risky running a non-exit > > than running an exit, but there may be unintended side effects that make > > the experience less fun overall for the operator. > > +1 on that. > > With the direction things are moving (. . .), I tend to think avoiding > the possibility of residential IPs being blacklisted is a smart move. > Run a bridge at home, and install a pluggable transport. > > I was first aware of non-exit Tor IPs being blacklisted by a bank > several years ago in Latin America... in a country which, at that point, > had few relays. > > It's good node operator practices IMHO. Being blacklisted on a > residential connection is a bad gateway into the relay operator club. > > g Other than running a bridge at home, if you would like to run a relay or exit, there are many VPS providers or even present Relay operators that operate their own private clouds that will be more than willing to let you run tor on a VPS or VM for a small monthly fee. Also, once I'm done with the final stage of a project I'm working on,, several of us on this list are going to start working on the reboot of the AWS relay project, which takes advantage of the AWS free tier rules. You could look into running a relay on AWS and making sure your relay only runs within the free tier rules, but make sure you only run a relay on AWS and not an exit. Regards, Conrad signature.asc Description: This is a digitally signed message part. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] FreeBSD 11.1 ZFS Tor Image
On Wednesday, February 28, 2018 6:46:00 PM CST George wrote: > Vinícius Zavam: > > 2018-02-25 21:23 GMT+00:00 Conrad Rockenhaus <con...@rockenhaus.com>: > >> On Sunday, February 25, 2018 3:05:00 PM CST George wrote: > >>> Conrad Rockenhaus: > >>>> Hello All, > >>>> > >>>> If anyone is interested, I have a RAW image of a FreeBSD 11.1 ZFS > > > > image > > > >>>> that is fully configured and ready to run Tor. Right now it's an > > > > eight GB > > > >>>> image, but I'm reducing the size by removing all of the extra stuff > > > > on it > > > >>>> from the upgrade from FreeBSD 11 to 11.1. > >>> > >>> I think it's great to ease the implementation of Tor relays, > >>> particularly on BSDs. > >> > >> My main thought process behind trying to ease the implementation of BSD > > > > relays > > > >> is the fact that we should diversify what we have online within the > > > > network. > > > >> Most of our nodes are Linux. What if we have another vulnerability that > > > > comes > > > >> out that hits Linux specifically again? > >> > >>> However, I'd be wary of an image that I didn't build myself, personally. > >> > >> That's your opinion. The AWS relay project was very successful. Numerous > >> people ran an image that they didn't build. Numerous people also run > > > > Docker > > > >> containers that they didn't build. Numerous people run Vagrant boxes they > >> didn't build. You have the right to be weary, but there's numerous people > > > > out > > > >> there who run other people's images everyday. > >> > >>>> If you're interested in the image let me know. This image has been > > > > fully > > > >>>> tested on OVH's Openstack infrastructure, so if you're interested in > >>>> running it on their infrastructure, let me know and I can walk you > >>>> through it, or you're more than welcome to host is within my cloud at > >>>> cost (it's a low monthly rate and unlimited bandwidth). > >>> > >>> Another issue is that OVH is over relied upon for public nodes. It's the > >>> leading ASN with almost 15%. > >> > >> They're one of the few providers out there that allow exits. That's why > > > > 15% of > > > >> our exits are on OVH. > >> > >>> https://torbsd.org/oostats/relays-bw-by-asn.txt > >>> > >>> OTOH, I do think we (in particular BSD people) need to facilitate the > >>> implementation of BSD relays, including for VPS services for those > >>> looking to test the waters. > >> > >> I completely agree. > > > > I wonder if people hosting Tor relays in any sort of VPS are doing > > filesystem encryption. > > > >>> The TDP wiki has a list of other BSD-offering VPSs, plus a script for > >>> Vultur to build on OpenBSD. I tend to think using other people's scripts > >>> that can be reviewed and hacked is a better gateway for new relay > >>> operators than images. > > > > you can combine the FreeBSD jails feature with your idea. > > plus, do not share many Tor instances on the same machine/server/jail. > > Actually, that raises a side point... > > FreeBSD jails are usually viewed as a tool to create full system with > the glorious addition of root. > > But they can also be used to build minimal chroot-looking systems, in > that they can be deliciously small, yet incredibly secure, especially > compared to chroot. > > FreeBSD jails started as a simple http hosting solution a long while > back, very much a "unorthodox solution to a traditional problem." But > they have a utility that gets confused when they are considered > just-another-virtualization alternative to delude users into thinking > they have full system control. > > > > g We could always make it more fun and throw FreeBSD/Docker on top of the mess: https://wiki.freebsd.org/Docker I was looking at Jails before, but I ruled it out because I'm looking at this project from the level of I'm running a VM on a OpenStack/VMware, or AWS infrastructure as a small VM dedicated to just Tor. So the who VM is dedicated to just Tor. So, basically instead of virtualizing an environment already running in a virtual machine dedicated to the task of running that run task, I figured just keep things on the VM. Of course, I may be looking at that wrong, but I think that would be the best option to weigh all of the factors that go into the project. Conrad signature.asc Description: This is a digitally signed message part. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] FreeBSD 11.1 ZFS Tor Image
On Monday, February 26, 2018 11:24:37 AM CST Vinícius Zavam wrote: > 2018-02-25 21:23 GMT+00:00 Conrad Rockenhaus <con...@rockenhaus.com>: > > On Sunday, February 25, 2018 3:05:00 PM CST George wrote: > > > Conrad Rockenhaus: > > > > Hello All, > > > > > > > > If anyone is interested, I have a RAW image of a FreeBSD 11.1 ZFS > > image > > > > > that is fully configured and ready to run Tor. Right now it's an > > eight GB > > > > > image, but I'm reducing the size by removing all of the extra stuff > > on it > > > > > from the upgrade from FreeBSD 11 to 11.1. > > > > > > I think it's great to ease the implementation of Tor relays, > > > particularly on BSDs. > > > > My main thought process behind trying to ease the implementation of BSD > > relays > > > is the fact that we should diversify what we have online within the > > network. > > > Most of our nodes are Linux. What if we have another vulnerability that > > comes > > > out that hits Linux specifically again? > > > > > However, I'd be wary of an image that I didn't build myself, personally. > > > > That's your opinion. The AWS relay project was very successful. Numerous > > people ran an image that they didn't build. Numerous people also run > > Docker > > > containers that they didn't build. Numerous people run Vagrant boxes they > > didn't build. You have the right to be weary, but there's numerous people > > out > > > there who run other people's images everyday. > > > > > > If you're interested in the image let me know. This image has been > > fully > > > > > tested on OVH's Openstack infrastructure, so if you're interested in > > > > running it on their infrastructure, let me know and I can walk you > > > > through it, or you're more than welcome to host is within my cloud at > > > > cost (it's a low monthly rate and unlimited bandwidth). > > > > > > Another issue is that OVH is over relied upon for public nodes. It's the > > > leading ASN with almost 15%. > > > > They're one of the few providers out there that allow exits. That's why > > 15% of > > > our exits are on OVH. > > > > > https://torbsd.org/oostats/relays-bw-by-asn.txt > > > > > > OTOH, I do think we (in particular BSD people) need to facilitate the > > > implementation of BSD relays, including for VPS services for those > > > looking to test the waters. > > > > I completely agree. > > I wonder if people hosting Tor relays in any sort of VPS are doing > filesystem encryption. I can tell you on OVH, a basic level VPS (one for $5.00/mo) is not encrypted. If a customer is willing to spend $7.00/mo more for an additional partition, they will be able to have storage to encrypt the the Tor relay information at rest. On the Cloud side, you encrypt the primary volume, so all storage is encrypted at rest. I can't speak of any of the other providers that provide BSD VPSes or BSD Cloud Instances. > > > > The TDP wiki has a list of other BSD-offering VPSs, plus a script for > > > Vultur to build on OpenBSD. I tend to think using other people's scripts > > > that can be reviewed and hacked is a better gateway for new relay > > > operators than images. > > you can combine the FreeBSD jails feature with your idea. > plus, do not share many Tor instances on the same machine/server/jail. What my plan is to utilize the official FreeBSD Virtual Machine Images from their site and build on top of them with my Ansible Scripts. I should hopefully have a beta released next week that we can start hacking on. > > > It would actually be very easy to find tampering within a BSD operating > > system. > > > Again, you're welcome to your opinion, but this is no the first time an > > image > > > has been offered to assist people within in the network, and again, with > > your > > > view, let's get rid of the tor docker containers, the AWS AMIs, etc. > > > > Regards, > > > > Conrad > > > > > http://wiki.torbsd.org/doku.php?id=en:bsd-vps > > > > > > g > > -- > Vinícius Zavam > keybase.io/egypcio/key.asc signature.asc Description: This is a digitally signed message part. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor Relay Setup
You're currently not measured, per atlas it's been only 12 hours since this node has been online. It takes about three days to get a nominal measurement. I had a node on a 200mbps connection sit at 0bps for two days straight, then it finally had some movement in the evening of day three. I would wait at least another day and a half before worrying about this issue because it does take some time for the bandwidth measurements to complete. Please also review: https://blog.torproject.org/lifecycle-new-relay Regards, Conrad On Sunday, February 25, 2018 4:49:00 PM CST Gabe D. wrote: > https://metrics.torproject.org/rs.html#details/53CDD268FAD52B0236A4E7F478425 > 9A41C6E3414 > > > > ‐‐‐ Original Message ‐‐‐ > > On 24 February 2018 5:59 PM, s7r <s...@sky-ip.org> wrote: > > Gabe D. wrote: > > > Feb 24 10:45:08.668 \[notice\] Tor 0.3.2.9 (git-64a719dd25a21acb) > > > running on Linux with Libevent 2.0.19-stable, OpenSSL 1.0.1t, Zlib > > > 1.2.7, Liblzma N/A, and Libzstd N/A. > > > > > > Feb 24 10:45:08.668 \[notice\] Tor can't help you if you use it wrong! > > > Learn how to be safe at https://www.torproject.org/downl > > > oad/download#warning > > > > > > Feb 24 10:45:08.668 \[notice\] Read configuration file "/etc/tor/torrc". > > > > > > Feb 24 10:45:08.671 \[notice\] Based on detected system memory, > > > MaxMemInQueues is set to 2891 MB. You can override this by sett ing > > > MaxMemInQueues by hand. > > > > > > Feb 24 10:45:08.671 \[notice\] Scheduler type KIST has been enabled. > > > > > > Feb 24 10:45:08.671 \[notice\] Opening Socks listener on 127.0.0.1:9050 > > > > > > Feb 24 10:45:08.671 \[notice\] Opening Control listener on > > > 127.0.0.1:9051 > > > > > > Feb 24 10:45:08.671 \[notice\] Opening OR listener on 0.0.0.0:9001 > > > > > > Feb 24 10:45:08.671 \[notice\] Opening Directory listener on 0.0.0.0:80 > > > > > > Feb 24 10:45:08.000 \[notice\] Not disabling debugger attaching for > > > unprivileged users. > > > > > > Feb 24 10:45:08.000 \[notice\] Parsing GEOIP IPv4 file > > > /usr/share/tor/geoip. > > > > > > Feb 24 10:45:08.000 \[notice\] Parsing GEOIP IPv6 file > > > /usr/share/tor/geoip6. > > > > > > Feb 24 10:45:08.000 \[notice\] Configured to measure statistics. Look > > > for the *-stats files that will first be written to the d ata directory > > > in 24 hours from now. > > > > > > Feb 24 10:45:08.000 \[warn\] You are running Tor as root. You don't need > > > to, and you probably shouldn't. > > > > > > Feb 24 10:45:08.000 \[notice\] Your Tor server's identity key > > > fingerprint is '123' > > > > > > Feb 24 10:45:08.000 \[notice\] Bootstrapped 0%: Starting > > > > > > Feb 24 10:45:09.000 \[notice\] Starting with guard context "default" > > > > > > Feb 24 10:45:09.000 \[notice\] Bootstrapped 80%: Connecting to the Tor > > > network > > > > > > Feb 24 10:45:10.000 \[notice\] Bootstrapped 85%: Finishing handshake > > > with first hop > > > > > > Feb 24 10:45:11.000 \[notice\] Bootstrapped 90%: Establishing a Tor > > > circuit > > > > > > Feb 24 10:45:12.000 \[notice\] Tor has successfully opened a circuit. > > > Looks like client functionality is working. > > > > > > Feb 24 10:45:12.000 \[notice\] Bootstrapped 100%: Done > > > > > > Feb 24 10:45:12.000 \[notice\] Now checking whether ORPort ***:9001 and > > > DirPort ***:80 are reachable... (th is may take up to 20 minutes -- > > > look for log messages indicating success) > > > > > > Feb 24 10:45:13.000 \[notice\] Self-testing indicates your DirPort is > > > reachable from the outside. Excellent. > > > > > > Feb 24 10:45:13.000 \[notice\] Self-testing indicates your ORPort is > > > reachable from the outside. Excellent. Publishing server d escriptor. > > > > > > Feb 24 10:45:14.000 \[notice\] Performing bandwidth self-test...done. > > > > You need to give us the IP address of the relay so that one can check if > > > > the ORPort is reachable. It should be, since that is indicated in the > > > > log messages but doesn't hurt to check. > > > > It takes some time until you can see it on atlas / relay search, it's > > > > not instant. Give it up to 24 hours. You will see it earlier here (but > > > > not instantly under any c
Re: [tor-relays] FreeBSD 11.1 ZFS Tor Image
On Sunday, February 25, 2018 11:13:12 PM CST grarpamp wrote: > On Sun, Feb 25, 2018 at 4:05 PM, Georgewrote: > > However, I'd be wary of an image that I didn't build myself, personally. > > Yes, especially of image without source [script] > (not to diminish such work). > > FreeBSD is largely reproducible these days, > OpenBSD maybe not yet (you'd have to test it). > > In general, if anyone wants to offer an image, > they really should also be posting the latest release > from the vendor, then a diff script that recreates > the image, including overlay network bits, etc. > To the user, it's the same choice as using a prebuilt > binary, or the sourcecode. > > That routes around any remaining reproducibility > issues in the base OS. > > FreeBSD and OpenBSD are trivial to install a > well outfitted box by script. And if you can't > script it, you're not doing it right, try again. > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays I'm more than willing to offer source :D, but I'm just going to make it a script only project instead based on what seems to be the consensus opinion. I'm just going to clean up some small things now that could be automated that I was doing by hand prior to releasing it for review/comments. signature.asc Description: This is a digitally signed message part. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] FreeBSD 11.1 ZFS Tor Image
On Sunday, February 25, 2018 4:03:30 PM CST Jordan wrote: > >> Another issue is that OVH is over relied upon for public nodes. It's the > >> leading ASN with almost 15%. > > > > They're one of the few providers out there that allow exits. That's why > > 15% of our exits are on OVH. > > For what it's worth, my entire OVH account was terminated as a result of > hosting an exit on their VPS line, citing "hosting a proxy" as grounds > for termination. They're slow to act on abuse (if you reply with *any* > response it satisfies their automated system until a human looks at it), > but they do not explicitly support Tor when it comes to VPS's. That clause is in the TOS for the VPS services but it's not in the TOS for the OpenStack Public/Private cloud services. Of course, You're paying more than $4.99/mo to run an OpenStack instance to run a Tor node. signature.asc Description: This is a digitally signed message part. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] FreeBSD 11.1 ZFS Tor Image
George, I'm sorry, I didn't take your points as accusatory at all. I apologize if I came across that way. You had valid points, and after everyone on the mailing list pouncing me about these points, I can completely understand now that providing an image for production use is a bad idea. I know I've just started with the project, and I still have quite a bit to learn, so I apologize for offending anyone and stepping on any toes. Anyway, I know the BSD/Linux relay counts are totally skewed to Linux, which is why I converted all five of my exits to FreeBSD. Hopefully that helps a little. Thanks, Conrad On Sunday, February 25, 2018 4:03:00 PM CST George wrote: > Conrad Rockenhaus: > > On Sunday, February 25, 2018 3:05:00 PM CST George wrote: > >> Conrad Rockenhaus: > >>> Hello All, > >>> > >>> If anyone is interested, I have a RAW image of a FreeBSD 11.1 ZFS image > >>> that is fully configured and ready to run Tor. Right now it's an eight > >>> GB > >>> image, but I'm reducing the size by removing all of the extra stuff on > >>> it > >>> from the upgrade from FreeBSD 11 to 11.1. > >> > >> I think it's great to ease the implementation of Tor relays, > >> particularly on BSDs. > > > > My main thought process behind trying to ease the implementation of BSD > > relays is the fact that we should diversify what we have online within > > the network. Most of our nodes are Linux. What if we have another > > vulnerability that comes out that hits Linux specifically again? > > Oh, absolutely. Completely valid and the reason for The Tor BSD > Diversity Project's existence. > > It's even uglier with bridges than with public relays. Our stats give > daily snapshots to back your point: > > https://torbsd.org/oostats.html > > >> However, I'd be wary of an image that I didn't build myself, personally. > > > > That's your opinion. The AWS relay project was very successful. Numerous > > people ran an image that they didn't build. Numerous people also run > > Docker > > containers that they didn't build. Numerous people run Vagrant boxes they > > didn't build. You have the right to be weary, but there's numerous people > > out there who run other people's images everyday. > > Yes, being wary should be a guiding principle IMHO. > > I'm aware of the other image-based roll-outs, but I just wanted to add a > disclaiming comment. > > Personally, I'm purely for bare-metal server solutions to minimize > (although it doesn't eliminate) external trust. I understand that images > from whatever method are a gateway, but caution is compulsory. > > >>> If you're interested in the image let me know. This image has been fully > >>> tested on OVH's Openstack infrastructure, so if you're interested in > >>> running it on their infrastructure, let me know and I can walk you > >>> through it, or you're more than welcome to host is within my cloud at > >>> cost (it's a low monthly rate and unlimited bandwidth). > >> > >> Another issue is that OVH is over relied upon for public nodes. It's the > >> leading ASN with almost 15%. > > > > They're one of the few providers out there that allow exits. That's why > > 15% of our exits are on OVH. > > Yes, of course. However, you refer to the lack of diversity in operating > systems, but monocultures in providers/ASNs is another danger we should > be conscious of. > > >> https://torbsd.org/oostats/relays-bw-by-asn.txt > >> > >> OTOH, I do think we (in particular BSD people) need to facilitate the > >> implementation of BSD relays, including for VPS services for those > >> looking to test the waters. > > > > I completely agree. > > > >> The TDP wiki has a list of other BSD-offering VPSs, plus a script for > >> Vultur to build on OpenBSD. I tend to think using other people's scripts > >> that can be reviewed and hacked is a better gateway for new relay > >> operators than images. > > > > It would actually be very easy to find tampering within a BSD operating > > system. Again, you're welcome to your opinion, but this is no the first > > time an image has been offered to assist people within in the network, > > and again, with your view, let's get rid of the tor docker containers, > > the AWS AMIs, etc. > All hardware, all operating systems can be tampered with. From network > cards to your shell. That is an accepted reality. > > IMHO think virtualization in the current trend is dangerous and should > be avoided, from clouds to
Re: [tor-relays] FreeBSD 11.1 ZFS Tor Image
Wow, I didn't expect my friendly gesture to start another debate, but the reasoning behind offering this image was mainly for people who were operating on OpenStack clouds who wanted to upload the image to their infrastructure using glance and start things up quickly. I'm more than willing to provide the ansible scripts I use to initially spin things up, once I clean things up since there's still some manual things that can be automated. I'll just consider this idea dead in the water. That being said: On Sunday, February 25, 2018 3:50:44 PM CST Shawn Webb wrote: > On Sun, Feb 25, 2018 at 09:05:00PM +, George wrote: > > Conrad Rockenhaus: > > > Hello All, > > > > > > If anyone is interested, I have a RAW image of a FreeBSD 11.1 ZFS image > > > that is fully configured and ready to run Tor. Right now it's an eight > > > GB image, but I'm reducing the size by removing all of the extra stuff > > > on it from the upgrade from FreeBSD 11 to 11.1. > > > > I think it's great to ease the implementation of Tor relays, > > particularly on BSDs. > > > > However, I'd be wary of an image that I didn't build myself, personally. > > I agree with that sentiment. I would rather Tor relay operators set up > their systems themselves so that they know how that system is > configured. > > I would also suggest users run operating systems that specialize in > security, like OpenBSD or HardenedBSD. Running Tor on FreeBSD opens > the door to mass exploitation via copy and paste style exploits. I > would caution against such setups. Tor has a very unique threat > landscape and the security of the relay should be of upmost > importance. I'll be honest, I have never heard of a copy and paste style exploit. What is it? Could you provide me a link with info about it, because I run several FreeBSD instances and if I have a ticking timebomb on my hands, I need to fix it. > > > The TDP wiki has a list of other BSD-offering VPSs, plus a script for > > Vultur to build on OpenBSD. I tend to think using other people's scripts > > that can be reviewed and hacked is a better gateway for new relay > > operators than images. > > Agreed. Not only does the Tor network need to be diversified with > regards to operating system, but it also needs to be diversified with > regards to hosting providers. Tor needs to be resilient against any > and all attacks. > > Thanks, Thanks, Conrad signature.asc Description: This is a digitally signed message part. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] FreeBSD 11.1 ZFS Tor Image
On Sunday, February 25, 2018 3:05:00 PM CST George wrote: > Conrad Rockenhaus: > > Hello All, > > > > If anyone is interested, I have a RAW image of a FreeBSD 11.1 ZFS image > > that is fully configured and ready to run Tor. Right now it's an eight GB > > image, but I'm reducing the size by removing all of the extra stuff on it > > from the upgrade from FreeBSD 11 to 11.1. > > I think it's great to ease the implementation of Tor relays, > particularly on BSDs. My main thought process behind trying to ease the implementation of BSD relays is the fact that we should diversify what we have online within the network. Most of our nodes are Linux. What if we have another vulnerability that comes out that hits Linux specifically again? > > However, I'd be wary of an image that I didn't build myself, personally. > That's your opinion. The AWS relay project was very successful. Numerous people ran an image that they didn't build. Numerous people also run Docker containers that they didn't build. Numerous people run Vagrant boxes they didn't build. You have the right to be weary, but there's numerous people out there who run other people's images everyday. > > If you're interested in the image let me know. This image has been fully > > tested on OVH's Openstack infrastructure, so if you're interested in > > running it on their infrastructure, let me know and I can walk you > > through it, or you're more than welcome to host is within my cloud at > > cost (it's a low monthly rate and unlimited bandwidth). > > Another issue is that OVH is over relied upon for public nodes. It's the > leading ASN with almost 15%. They're one of the few providers out there that allow exits. That's why 15% of our exits are on OVH. > > https://torbsd.org/oostats/relays-bw-by-asn.txt > > OTOH, I do think we (in particular BSD people) need to facilitate the > implementation of BSD relays, including for VPS services for those > looking to test the waters. I completely agree. > > The TDP wiki has a list of other BSD-offering VPSs, plus a script for > Vultur to build on OpenBSD. I tend to think using other people's scripts > that can be reviewed and hacked is a better gateway for new relay > operators than images. It would actually be very easy to find tampering within a BSD operating system. Again, you're welcome to your opinion, but this is no the first time an image has been offered to assist people within in the network, and again, with your view, let's get rid of the tor docker containers, the AWS AMIs, etc. Regards, Conrad > > http://wiki.torbsd.org/doku.php?id=en:bsd-vps > > g signature.asc Description: This is a digitally signed message part. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] FreeBSD 11.1 ZFS Tor Image
On Sunday, February 25, 2018 2:59:38 PM CST TorGate wrote: > i am iterrested :-) > have you a ovm or harddiskimage ? Right now it's a RAW image, but it can be converted to whatever format you need with QEMU-image... I just converted it to VDI right now to start nuking the /usr/src stuff. > > regards Steffen > TorGate > torgate(at)linux-hus.dk > OpenGPG 7FD5 65EF A4EF EEF3 7A13 4372 8409 49D6 01A2 0890 > > > Am 25.02.2018 um 21:50 schrieb Conrad Rockenhaus <con...@rockenhaus.com>: > > > > Hello All, > > > > If anyone is interested, I have a RAW image of a FreeBSD 11.1 ZFS image > > that is fully configured and ready to run Tor. Right now it's an eight GB > > image, but I'm reducing the size by removing all of the extra stuff on it > > from the upgrade from FreeBSD 11 to 11.1. > > > > If you're interested in the image let me know. This image has been fully > > tested on OVH's Openstack infrastructure, so if you're interested in > > running it on their infrastructure, let me know and I can walk you > > through it, or you're more than welcome to host is within my cloud at > > cost (it's a low monthly rate and unlimited bandwidth). > > > > Regards, > > > > Conrad Rockenhaus___ > > tor-relays mailing list > > tor-relays@lists.torproject.org > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays signature.asc Description: This is a digitally signed message part. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] FreeBSD 11.1 ZFS Tor Image
Hello All, If anyone is interested, I have a RAW image of a FreeBSD 11.1 ZFS image that is fully configured and ready to run Tor. Right now it's an eight GB image, but I'm reducing the size by removing all of the extra stuff on it from the upgrade from FreeBSD 11 to 11.1. If you're interested in the image let me know. This image has been fully tested on OVH's Openstack infrastructure, so if you're interested in running it on their infrastructure, let me know and I can walk you through it, or you're more than welcome to host is within my cloud at cost (it's a low monthly rate and unlimited bandwidth). Regards, Conrad Rockenhaus signature.asc Description: This is a digitally signed message part. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor Relay Setup
Ok, so you’re going to censor your IP address even though it’s getting broadcasted worldwide through not only the atlas search engine, but the Tor network itself. If you run a relay, expect to have your IP address broadcasted. In addition, if you run a relay, expect that that some way to contact you is associated with that IP address. We give up our anonymity so others may have it. Conrad Rockenhaus (254) 292-3350 On Feb 24, 2018, at 3:03 PM, teor <teor2...@gmail.com> wrote: >>> Feb 24 10:45:08.000 [warn] You are running Tor as root. You don't need to, >>> and you probably shouldn't. > > > You should set the User option to an unprivileged user in your torrc. > >> On 25 Feb 2018, at 04:59, s7r <s...@sky-ip.org> wrote: >> >> The IP addresses of all relays in the network are public and not >> considered sensible information, but I can see a possibility where you >> don't want a certain IP address tied to the email you are posting here >> with, so it's up to you to decide but you can go to a port checking >> website (google it) and check the relay IP address ORPort if open or not. > > From the log messages, it seems like the ORPort and DirPort are > reachable from at least a few relays. But they need to be reachable all > over the world. > >> If yes, wait for 24 hours and check back on relay search. > > Relay search appears to be down right now. > > T > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] torservers are not rechable
Ok, I’m sorry but I’m trying to make sense of this,,, You start Tor, and then your server IP changes after a certain uptime, the DNS changes with it. So what’s the issue with accessing it if the DNS changes with it? Do you have to use the IP address explicitly? Thanks, Conrad > On Feb 11, 2018, at 9:24 AM, TorGate <torg...@linux-hus.dk> wrote: > > Hi to all, > i have started my servers again and changed the wan ip adress. > But the servers have the old ip after uptime of 2 times. > Can i update manualy the wan ips ? > The dns names are changed to the new ipadresses. > > regards Steffen > TorGate > torgate(at)linux-hus.dk <http://linux-hus.dk/> > > > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Question regarding exit sizing
The 500 Mbps instance would either be one of my private servers in my co-lo, or a dedicated server in one of my private cloud hosting locations. With both contacts, bandwidth costs aren’t an issue, but if one big instance would work I would put it on the same hardware that I am running a server that averages about 700+ mbps consistently. The small servers that I’m hitting 100 mbps on, I’m just getting low cost VPSes for since….they do the job and they do the job well, they’re guaranteed a minimum of 100mbps bandwidth to the first tier 1 hop and Atlas shows them consistently used at that level, so I’m happy. I mainly wanted to give back big to the community because Tor gave me the idea for my latest free for personal/charge for business use idea that I’m going to roll out soon (I’ll gladly send y’all a link, as I think it’s something that would be very useful). I haven’t noticed any bad measurements…the three relays I run now, well, one just started this week so we can throw that one out for now, but the other two are showing 12.55 MiB/s and 12.28 MiB/s, and I’m guaranteed 100 mbps, so I’m doing pretty well on those two. Since the priority is exit nodes, I’ll probably add two more exit nodes in Canada, leaving four exits, and one relay there. But I do get your points, and the more I do think about it, it would be better to just spread it all out, so I guess whenever I start spinning up nodes in Europe I’ll just use VPSes. One other thing I forgot to realize is I’m seeing a steady increase in the amount of DDoS attacks on my exits as of late. My provider tries to mitigate them as much as possible, but it’s annoying for the end users going through the node and it’s annoying for the people who are getting affected by the DDoS. Putting everything on one big box is just screaming “Here, attack me right here plz, kthx." > On Feb 10, 2018, at 1:44 AM, torwrote: > >> What scenario is better for the network - adding five 100mbps nodes, or one >> 500 mbps node? > > > Are we talking bare metal or VPS? A VPS will probably bottleneck on RAM or > CPU before hitting 500 Mpbs. > > Bare metal would stand a chance with the right hardware and tuning, but I > wouldn't assume you'll hit 500 Mbps on any given node. > > Due to the nature of the bandwidth measurements, physical location matters > too. You're at the mercy of Tor's bandwidth authorities and in my experience, > the further away from Europe, the worse your measurements will be, and so > again you may not hit 500 Mbps. > > Basically, you shouldn't assume that whatever bandwidth you plan for and > advertise will come your way. > > I think you'd have better luck with 5x 100 Mbps nodes, or maybe 3x 200 Mbps > nodes. You can also run 2 relays per IP. > > There are advantages to spreading out the load (like redundancy). I also > think Tor's bandwidth measurements and consensus weights are fickle, and some > of the variables are out of your control (what else is going on in your rack, > datacenter, upstream, etc.). You could use ansible-relayor to turn up a bunch > of nodes, wait to see which ones are the most performant, and then keep the > best ones. That's what I would do. :) > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Question regarding exit sizing
Hello, I have a question regarding relay sizing to add additional nodes to the network. What scenario is better for the network - adding five 100mbps nodes, or one 500 mbps node? Let’s keep it easy and say all five of those 100 mbps nodes would be in the same datacenter, configured in the same configuration, etc. I’m just curious, because I”m getting ready to add a few more nodes, but I’m wondering if it’ll be better to go big, or just stay small. Thanks, Conrad Rockenhaus ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Exit Relay Up
Hello All, I just brought up my third relay, ConradsOVHRelay03, as an exit. I appreciate the feedback that everyone provided me with before and I hope that this relay is configured perfectly. I’m glad to add more bandwidth to the cause. Thanks, Conrad ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] What's the priority right now?
I’m ready to get node #3 up right now…so what’s the priority for high speed nodes right now, exits or relays? Just wanted to know before I brought it online. This one is based in the great land of Canada :D. Thanks, Conrad ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Question about downtime
Hello, Note - to others that have sent me emails about a proposed project, I will respond, I’m sorry I just got caught up in a huge emergency project. Anyway, I had a quick question, on the relay side I run ConradsOVHRelay01 (Relay) and ConradsOVHRelay02 (Exit). They’re running on CentOS, so I have to manually install the latest version of tor to keep up with the security updates. I am considering migrating to Ubuntu or Debian to make the update process simpler. To avoid downtime, would it be better to spin up two more boxes and migrate or would bringing them down for maintenance be acceptable? I would like to avoid downtime personally, as they’re stable, fast relays. I’m just looking for thoughts and ideas. Thanks, Conrad ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] first impression with 0.3.2.8-rcant a fast exit relay
I just brought a 0.3.2.8 relay online at OVH, ConradsOVHRelay, A5C6D2EBCCA77D0B09364DD6B75FEC817AF977FA. For some reason Atlas says the bandwidth is 0, but I have it set to 625. I guess we’ll see how it does later. Conrad > On Dec 22, 2017, at 8:48 AM, David Goulet <dgou...@torproject.org> wrote: > > On 22 Dec (00:20:38), Toralf Förster wrote: >> With 0.3.2.7-rc the command >> /usr/sbin/iftop -B -i eth0 -P -N -n -m 320M >> showed every then and when (few times in a hour) for 10-20 sec a traffic >> value of nearly 0 bytes for the short-term period (the left of the 3 values). >> Usuaally I do poberve between 6 and 26 MByte/sec. >> With the Tor version from today now the outage is about 1-2 sec, but does >> still occur. > > Not sure I fully understand here what you mean. For 1 to 2 sec you see > 0 bytes of outbound traffic :| ? > > Doing the same on my fast non-Exit relay (~20MB/s) on the latest 0.3.2, I'm > always capped both ways on the connection. > > This systematic delay really sounds more on the kernel side of things. > > Are you on BSD or Linux? > > Thanks! > David > >> Not sure, if this is an expected behaviour or a local problem. >> >> -- >> Toralf >> PGP C4EACDDE 0076E94E >> > > > > >> ___ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > > -- > DMdcRweJVXVbzthX2gDiX2OwwF5dP4HgkREJLd+rUJM= > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] IPv6 Issue with Relay
Thank you. It’s always the small things, huh? :D Conrad > On Dec 21, 2017, at 6:12 PM, teor <teor2...@gmail.com> wrote: > > >> On 22 Dec 2017, at 09:13, Conrad Rockenhaus <con...@rockenhaus.com> wrote: >> >>>> I’ve confirmed that the following entries are in torrc: >>>> >>>> ORPort 9001 >>>> ORPort [2600:1f14:ede:d601:e107:1a4b:ba3:803]:9001 >>>> IPv6Exit 1 >>> ... >>> Also, you have set IPv6Exit, but Relay Search says: >>> >>> IPv6 Exit Policy Summary >>> reject >>> 1-65535 >>> >> >> Exactly. If I have torrc set to the defaults, what’s going on here? > > You did not set "IPv6Exit 1" in the torrc you attached to your last > email. > > I opened this ticket so we include IPv6Exit in the torrc templates: > https://trac.torproject.org/projects/tor/ticket/24703 > > T > > -- > Tim Wilson-Brown (teor) > > teor2345 at gmail dot com > PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B > ricochet:ekmygaiu4rzgsk6n > xmpp: teor at torproject dot org > > > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] IPv6 Issue with Relay
On Dec 21, 2017, at 3:01 AM, teor <teor2...@gmail.com> wrote:On 21 Dec 2017, at 16:33, Conrad Rockenhaus <con...@rockenhaus.com> wrote:Hello,One of the relays that I brought online yesterday, ConradsAWSExit (Hash 1B47E33F9D422CC97BD2DDA1F082BFF2FC58E79A) is showing up on Atlas that the IPv6 OR is unreachable.The other relay is working just fine with IPv6.I’ve confirmed that the following entries are in torrc:ORPort 9001ORPort [2600:1f14:ede:d601:e107:1a4b:ba3:803]:9001IPv6Exit 1Are these the only ORPort entries in your torrc?Have you restarted or HUP'd the relay since you last edited the torrc?Yes sir, I did. I see Atlas now shows that IPv6 is reachable, but the exit policy is rejecting everything. I have the reject policy in the torrc set to the defaults (I have all of the exit policies in torrc commented out).Just to confirm, here’s the output from ifconfig, that is the IP:inet6 2600:1f14:ede:d601:e107:1a4b:ba3:803 prefixlen 64 scopeid 0x0This is what Relay Search (Atlas) says:Unreachable OR Addresses[2600:1f14:ede:d601:72c2:a87d:960d:c334]:9001The last 8 bytes of the address your relay is advertising,are not the same as the address on your machine.Also, you have set IPv6Exit, but Relay Search says:IPv6 Exit Policy Summaryreject1-65535Exactly. If I have torrc set to the defaults, what’s going on here?Relay Search data is usually up to 2.5 hours behind, but it can lag more.Please copy and paste the notice-level Tor logs that mention your ORPort,DirPort, and Exit settings, so we can see what Tor is actually doing.Dec 20 21:24:17.937 [warn] Tor is running as an exit relay with the default exit policy. If you did not want this behavior, please set the ExitRelay option to 0. If you do want to run an exit Relay, please set the ExitRelay option to 1 to disable this warning, and for forward compatibility.Dec 20 21:24:17.937 [warn] In a future version of Tor, ExitRelay 0 may become the default when no ExitPolicy is given.Dec 20 21:24:17.937 [notice] Opening OR listener on 0.0.0.0:9001Dec 20 21:24:17.937 [notice] Opening OR listener on [2600:1f14:ede:d601:72c2:a87d:960d:c334]:9001Dec 20 21:24:17.938 [notice] Opening Directory listener on 0.0.0.0:9030I have confirmed that all of the applicable Security Group rules are configured correctly:Custom TCP RuleTCP90010.0.0.0/0ORPortCustom TCP RuleTCP9001::/0ORPortCustom TCP RuleTCP90300.0.0.0/0DIRPortCustom TCP RuleTCP9030::/0DIRPortBy the way, there are no IPv6 DirPorts :-)I know that now from reading the docs, I removed that rule :DPlus, I have confirmed with a telnet -6 to port 9001 from both my house and my servers at OVH in Canada that I’m able to connect to port 9001 via the IPv6 address on this node.What are the exact commands you used?This shows that the relay is listening on whatever IPv6 address and portyou checked, but it doesn't show which IPv6 address the relay isadvertising.I just checked if it was listening with a telnet -6 9001, but this is a non-issue now since atlas shows it reachable.So, my question is…what could I be missing here that is causing atlas to say that IPv6 is unreachable? I’ve been looking into this through the day and would like to kind of close it out, got a bunch of emails to catch up on hehe :D, so any input would be appreciated.There are a few more detailed troubleshooting things we can try,like checking consensus health and the exact content of yourrelay's descriptor and the authorities' votes.If the above steps don't help, I'm happy to go through them later,when I'm using a more capable device.My main issue now is trying to fix the issue with the default exit policy - the logs say I’m running the defaults, yet all IPv6 traffic is getting blocked. I’ve looked over the documentation and I’ve done what it says. What am I doing wrong?Just for further troubleshooting, I attached this exit’s torrc file.Thanks,Rock torrc Description: Binary data T___tor-relays mailing listtor-relays@lists.torproject.orghttps://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] IPv6 Issue with Relay
Hello, One of the relays that I brought online yesterday, ConradsAWSExit (Hash 1B47E33F9D422CC97BD2DDA1F082BFF2FC58E79A) is showing up on Atlas that the IPv6 OR is unreachable. The other relay is working just fine with IPv6. I’ve confirmed that the following entries are in torrc: ORPort 9001 ORPort [2600:1f14:ede:d601:e107:1a4b:ba3:803]:9001 IPv6Exit 1 Just to confirm, here’s the output from ifconfig, that is the IP: inet6 2600:1f14:ede:d601:e107:1a4b:ba3:803 prefixlen 64 scopeid 0x0 I have confirmed that all of the applicable Security Group rules are configured correctly: Custom TCP Rule TCP 9001 0.0.0.0/0 ORPort Custom TCP Rule TCP 9001 ::/0 ORPort Custom TCP Rule TCP 9030 0.0.0.0/0 DIRPort Custom TCP Rule TCP 9030 ::/0 DIRPort Plus, I have confirmed with a telnet -6 to port 9001 from both my house and my servers at OVH in Canada that I’m able to connect to port 9001 via the IPv6 address on this node. So, my question is…what could I be missing here that is causing atlas to say that IPv6 is unreachable? I’ve been looking into this through the day and would like to kind of close it out, got a bunch of emails to catch up on hehe :D, so any input would be appreciated. Thanks, Conrad ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] New Relay Online/Working on AWS Cloud Torproject
Hello, ConradsAWSRelay was started back up on a new AWS instance running Amazon Linux and it’s hash is now 9F7F05699131E1E2A22F70B83E8CBB4671F5FEE2. I have upgraded to Tor 0.3.1.9…. I had issues with getting the libevent development header dependencies resolved on Amazon Linux so I just compiled it on Red Hat and brought it over. More than likely I overlooked something and caused a cascade of failures from there, anyway, it’s up. Additionally, I brought up ConradsAWSExit, 1B47E33F9D422CC97BD2DDA1F082BFF2FC58E79A, to help out with that area. I may bandwidth limit this one depending on load, I will have to wait and see how much traffic it gets since I don’t have unlimited $$$ to allocate to my new hobby :). If someone could take another look and provide me any feedback/constructive criticism about these two nodes, I would greatly appreciate it. Thank you for everyone’s advise! I also appreciate the input regarding the revitalization of the Cloud project again. Another person has also volunteered to assist in the project so hopefully things should start moving here pretty soon! Thanks, Conrad > On Dec 19, 2017, at 9:02 PM, Conrad Rockenhaus <con...@rockenhaus.com> wrote: > > > >> On Dec 19, 2017, at 8:55 PM, teor <teor2...@gmail.com >> <mailto:teor2...@gmail.com>> wrote: >> >> >> On 20 Dec 2017, at 13:28, Conrad Rockenhaus <con...@rockenhaus.com >> <mailto:con...@rockenhaus.com>> wrote: >> >>> Howdy, >>> >>> Early this morning (3 AM CST) I brought a non-exit relay named >>> “ConradsAWSRelay” online. I would appreciate it if someone would take an >>> objective look at it to see if the relay is fast enough and bringing useful >>> services to the tor network. >> >> Please upgrade your relay to the latest Tor version: >> https://lists.torproject.org/pipermail/tor-announce/2017-December/000147.html >> >> <https://lists.torproject.org/pipermail/tor-announce/2017-December/000147.html> >> > > I noticed this when I started it up. It appears that the version of Tor on > EPEL is out of date. I’ll build it out of source to fix it. I’ll probably > have to do that for the Cloud solution as well since the lifecycle of EPEL is > normally behind. I’ll fix this now. > >> Your relay might take a few weeks to be used: >> https://blog.torproject.org/lifecycle-new-relay >> <https://blog.torproject.org/lifecycle-new-relay> > I completely forgot about that. Thank you for reminding me :D. > >> >>> Additionally, I know that people have been working on ansible solutions >>> regarding the installation of tor and what not, but that being said, I’m >>> working on an AWS specific solution to replace the previous Cloud >>> torproject that we had years ago. I will keep everyone in the loop, but I >>> think its time that we have a cloud specific solution for rolling out tor. >> >> Thanks! >> It would be great to have this again. > > I’m making progress and will advise all when I hit certain points so I can > get feedback. I would like this new solution to have significant community > input so I have all of my i’s dotted and my t’s crossed. > > Thanks, > > Conrad > >> >> T >> ___ >> tor-relays mailing list >> tor-relays@lists.torproject.org <mailto:tor-relays@lists.torproject.org> >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] New Relay Online/Working on AWS Cloud Torproject
> On Dec 19, 2017, at 8:55 PM, teor <teor2...@gmail.com> wrote: > > > On 20 Dec 2017, at 13:28, Conrad Rockenhaus <con...@rockenhaus.com > <mailto:con...@rockenhaus.com>> wrote: > >> Howdy, >> >> Early this morning (3 AM CST) I brought a non-exit relay named >> “ConradsAWSRelay” online. I would appreciate it if someone would take an >> objective look at it to see if the relay is fast enough and bringing useful >> services to the tor network. > > Please upgrade your relay to the latest Tor version: > https://lists.torproject.org/pipermail/tor-announce/2017-December/000147.html > <https://lists.torproject.org/pipermail/tor-announce/2017-December/000147.html> > I noticed this when I started it up. It appears that the version of Tor on EPEL is out of date. I’ll build it out of source to fix it. I’ll probably have to do that for the Cloud solution as well since the lifecycle of EPEL is normally behind. I’ll fix this now. > Your relay might take a few weeks to be used: > https://blog.torproject.org/lifecycle-new-relay > <https://blog.torproject.org/lifecycle-new-relay> I completely forgot about that. Thank you for reminding me :D. > >> Additionally, I know that people have been working on ansible solutions >> regarding the installation of tor and what not, but that being said, I’m >> working on an AWS specific solution to replace the previous Cloud torproject >> that we had years ago. I will keep everyone in the loop, but I think its >> time that we have a cloud specific solution for rolling out tor. > > Thanks! > It would be great to have this again. I’m making progress and will advise all when I hit certain points so I can get feedback. I would like this new solution to have significant community input so I have all of my i’s dotted and my t’s crossed. Thanks, Conrad > > T > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] New Relay Online/Working on AWS Cloud Torproject
Howdy, Early this morning (3 AM CST) I brought a non-exit relay named “ConradsAWSRelay” online. I would appreciate it if someone would take an objective look at it to see if the relay is fast enough and bringing useful services to the tor network. Additionally, I know that people have been working on ansible solutions regarding the installation of tor and what not, but that being said, I’m working on an AWS specific solution to replace the previous Cloud torproject that we had years ago. I will keep everyone in the loop, but I think its time that we have a cloud specific solution for rolling out tor. Thanks, Conrad Rockenhaus ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Relay / Bridge
I built a new EC2 bridge at US East (NOVA) due to the fact that the one at California was published as a public relay. I apologize for the error Roger. On an unrelated note, has there been any success in expanding the Tor cloud project to other cloud service providers? Is there anyway to volunteer to try to help out, if there's a willingness to expand it to other providers? Thanks. --Rock On Tue, Dec 10, 2013 at 4:37 PM, Conrad Rockenhaus con...@rockenhaus.com wrote: I apologize for the delay in responding, getting ready to move to Texas, but anyway. My original intention was to run one EC2 as a public relay and another as a bridge, subject to bandwidth throttling, however, after thinking about it for about a day (I saw your email last night) I realized that a bridge that is bandwidth throttling might be more useful than a public relay that is bandwidth throttling. So I'll fix it this evening, unless there's a reason not to. Thanks. On Sun, Dec 8, 2013 at 1:39 PM, Roger Dingledine a...@mit.edu wrote: On Sun, Dec 01, 2013 at 10:32:09PM +0100, Sebastian Urbach wrote: Your system is now lsted: ec2bridgerocks001 https://atlas.torproject.org/#details/50855F45464DBE84E917B0ED74E2144E785BA024 It appears that you're running a *relay* on EC2? With a nickname implying that you think it's a bridge? Making it a public relay might be more expensive than you are expecting. Did you have to reconfigure it manually to be a public relay, or was this an easy-to-make accident? --Roger ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Conrad Rockenhaus http://www.rockenhaus.com/ http://www.lagparty.org/~conradr/ -- Conrad Rockenhaus http://www.rockenhaus.com/ http://www.lagparty.org/~conradr/ ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Relay / Bridge
I apologize for the delay in responding, getting ready to move to Texas, but anyway. My original intention was to run one EC2 as a public relay and another as a bridge, subject to bandwidth throttling, however, after thinking about it for about a day (I saw your email last night) I realized that a bridge that is bandwidth throttling might be more useful than a public relay that is bandwidth throttling. So I'll fix it this evening, unless there's a reason not to. Thanks. On Sun, Dec 8, 2013 at 1:39 PM, Roger Dingledine a...@mit.edu wrote: On Sun, Dec 01, 2013 at 10:32:09PM +0100, Sebastian Urbach wrote: Your system is now lsted: ec2bridgerocks001 https://atlas.torproject.org/#details/50855F45464DBE84E917B0ED74E2144E785BA024 It appears that you're running a *relay* on EC2? With a nickname implying that you think it's a bridge? Making it a public relay might be more expensive than you are expecting. Did you have to reconfigure it manually to be a public relay, or was this an easy-to-make accident? --Roger ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Conrad Rockenhaus http://www.rockenhaus.com/ http://www.lagparty.org/~conradr/ ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Newly configured relay questions
Sir, That was it. Didn't even check it when I brought it online, I figured the EC2 image just had setup the defaults for a non-exit relay. I'll be more vigilant next time and avoid assumptions. --Conradrock On Sat, Nov 30, 2013 at 5:23 PM, Roger Dingledine a...@mit.edu wrote: On Sat, Nov 30, 2013 at 02:22:55PM -0500, Conrad Rockenhaus wrote: I brought a new non-exit relay online: ec2bridgerocks001 D06C B145 56C1 F73A F317 B555 C279 2F7B 105C 95B4 It's been operational for 6 days now, Tor has been reporting bandwidth usage, but when I try to look for it in the TorStatus page, it's not listed. I'm operating this relay on EC2 and I've opened all the usual ports. It sounds very much like you're running a bridge relay, not a public relay: https://www.torproject.org/docs/bridges https://www.torproject.org/docs/faq#RelayOrBridge I've also checked the Tor metric portal, can't find it there either. So, I'm wondering - is there something I missed in the configuration? The torrc is pretty much the default EC2 one. Thank you I appreciate any thoughts/assistance. It's probably the 'bridgerelay 1' in your torrc that is doing it. That said, running a public relay on EC2 is quite expensive, since Amazon's prices for bandwidth are not competitive. --Roger ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Conrad Rockenhaus http://www.rockenhaus.com/ http://www.lagparty.org/~conradr/ ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Localized TOR exit notices?
Hi all, I recently decided I should run a TOR exit node. I am new to the list and still in the process of setting things up. One thing I noticed is that the TOR exit notice [1] contains a US-specific section (it even says so in the comments). Is there a resource anywhere as to how this paragraph might look in other countries? I am located in Germany for example, and I suppose a short mention of the TMG [2], specifically § 8 and § 15 would be suitable replacement for the above mentioned paragraph. I guess that even if not in the git repo, at least a collection in the wiki might be a neat idea? Or did I just not find it? Cheers and thanks for any hints, Conrad [1] https://gitweb.torproject.org/tor.git/blob/HEAD:/contrib/tor-exit-notice.html [2] http://www.gesetze-im-internet.de/tmg/index.html (in german) signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays