Re: [tor-relays] Operator straw poll: Reasons why you use Tor LTS versions?

[Conrad Rockenhaus]

> On Sep 5, 2019, at 10:21 PM, grarpamp  wrote:
> 
>> never relied on the OS Package of Tor, mainly because OS’s OpenSSL versions
>> are behind the current version of OpenSSL, so I normally compile Tor against
>> the latest OpenSSL. Example, FreeBSD 12.0-RELEASE has OpenSSL
>> 1.1.1a-freebsd, which generates a slight crypto error during the startup of
>> Tor. If you download OpenSSL 1.1.1c and just compile against it, eh, problem
>> fixed.
> 
> As to realtime, hardly any behind...
> ver openssl   12-stable   ports-head
> 1.1.1c 20190528 20190528 20190528
> 1.1.1b 20190226 20190226 20180227
> 1.1.1a 20181120 20181120 20181120
> ... not including any 'responsible disclosure' bs
> around any HW / SW that users may or may not
> be affected by.
> 
> As to release mechanics...
> 12.0-release base had latest 1.1.1a at release,
> release ports tags were one letter rev behind
> at 1.0.2p and 1.1.0i, release ports head was
> latest at 1.0.2q and 1.1.1a, quarterly was similar.
> 
> tor follows same pattern, people can research
> and post those datas if they want.
> 
> Of course people's boxes will be behind if they never
> update them beyond release, that's not fault of any OS.
> 
> https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/updating-upgrading.html
> https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ports.html
> https://download.freebsd.org/ftp/snapshots/
> 
> Either update base per binary, snapshot, releng, or stable...
> or track and install ports (packages) quarterly, latest / head...
> and compile against that as needed.
> 
> Or get the upstream sources and do by hand.
> 
> If people aren't on FreeBSD or a well supported
> Linux distro they should expect their OS to be
> laggy in areas.
> 
> Many FreeBSD tor users would be fine tracking
> base stable and packages latest (ports head).
> pkg.conf:  url: "pkg+https://pkg.FreeBSD.org/${ABI}/latest;,
> 
> If their OS of choice is still a bit laggy for them, they
> can join their OS community and start generating
> update commits... :)
> 
> https://freebsd.org/
> https://openbsd.org/
> etc
> or whatever pump and dump linux distro is hot this year.

Grampamp,

You know I love you tons - but the problem with the FreeBSD release of Tor 
isn’t fixed by switching to “latest”, you’ll still get the error upon startup. 
It’s compiled against an older version of OpenSSL. Since it already has an 
active maintainer I can’t just go in and take it over. That would be rude.

Yes, OpenSSL on mainline 12.0-RELEASE is fixed, but what they compiled the 
package against isn’t, so it’s either compile the port or don’t use pkgs. I for 
one believe in the philosophy of not mixing pkgs and ports so…. Ports it is.

Thanks,

Conrad







signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Operator straw poll: Reasons why you use Tor LTS versions?

[Conrad Rockenhaus]

> On Sep 5, 2019, at 11:44 AM, Matt Traudt  wrote:
> 
> On 9/4/19 22:43, teor wrote:
>> Hi Mike,
>> 
>> Here's some other reasons that might affect a few operators:
>> 
>>> On 5 Sep 2019, at 12:11, Mike Perry  wrote:
>>> 
>>> Unfortunately, we still have something like 2500 relays on either Tor
>>> 0.2.9-LTS or Tor 0.3.5-LTS.
>>> 
>>> What are the reasons for this? My guess is the top 5 most common
>>> responses are:
>>> 
>>> 1. "I didn't know that Debian's backports repo has latest-stable Tor!"
>>> 2. "I didn't see the Tor Project repos mentioned in Tor's Relay docs!"
>>> 3. "I'm running a distribution that Tor Project doesn't have repos for."
>>> 4. "I rolled my own custom Tor from git and forgot about it."
>>> 5. "My relay machine was not getting any updates at all. Oops."
>>> 
>>> Does anyone have a reason that they think many other relay operators
>>> also share?
>> 
>> 6. When I tried to update, it didn't work with my old config
>> 7. I need features that only exist in older Tors
>>  - I can think of Tor2web, there may be others
>> 8. I am maintaining research or other patches against tor, and rebases
>>   are difficult
>> 
> 
> Regarding my relays, which currently are [0]
> 
> - Two were stuck on 0.3.4.11 because I had to install Tor from source on
> that machine and am bad about updating it (just updated)
> - Two are stuck on 0.3.5.7 because research and rebasing to new versions
> is liable to create inconsistencies and general doubt about results
> 
> [0]: https://metrics.torproject.org/rs.html#search/contact:pastly
> 
>>> How can we fix that for you, or at least, how can we make it easier to
>>> run the very latest stable series Tor on your relay?
> 
> This is a huge ask and I don't expect anything to come of this
> suggestion, but:
> 
> Auto updates from within Tor itself (not relying on distro package
> managers). Put it behind a torrc option, allow the authorities to tell
> relays with the option enabled to download a new tor binary from $PLACE,
> create a bunch of infrastructure that builds Tor for all supported
> platforms reliably and efficiently, use a bunch of signatures everywhere
> so nothing bad can happen, done. So easy a caveman could do it, nothing
> bad could ever happen, absolutely no downsides, it's $CURRENT_YEAR so
> why don't we have this, etc. etc.
> 
> --
> Matt

This may not matter for LTS versions, but I just wanted to mention it it in 
reference it to the possible idea that Tor possibly updating itself. I’ve never 
relied on the OS Package of Tor, mainly because OS’s OpenSSL versions are 
behind the current version of OpenSSL, so I normally compile Tor against the 
latest OpenSSL. Example, FreeBSD 12.0-RELEASE has OpenSSL 1.1.1a-freebsd, which 
generates a slight crypto error during the startup of Tor. If you download 
OpenSSL 1.1.1c and just compile against it, eh, problem fixed. Sorry, maybe I 
just don’t like seeing errors :).

Anyway, why don’r we try to simplify the update process even further and just 
ship Tor with some ansible scripts that will replace the binary, check the 
config file and comment out any settings that will break the new version, then 
restart? It’s pretty simple to write an sensible script to do this function.

---
Conrad Rockenhaus
con...@rockenhaus.com
https://www.rockenhaus.com/
(254) 292-3350






signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Please test bandwidth and resiliency of greyponyitnyc002

[Conrad Rockenhaus]

Hello,

I was wondering if Rob would be willing to perform speed measurements on this 
node, it’s. 20 vcpu running CentOS 7 with manually compiled Tor against OpenSSL 
1.1.1 on a 30Gbit link. I know it’s not going to see all of that bandwidth, 
it’s meant as a high powered VM platform because my intention is to start 
giving VMs back to the guys on my old infrastructure, and hopefully setup a 
“Torservers” type arrangement down the road, since this is hosted on unique ASN 
and addresses.

Thanks,

Conrad

Rock Rockenhaus
Greypony IT Consulting
(254) 292-3350
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Cherryservers (formerly balticservers) account terminated for exit relay

[conrad]

Actually, Server Room/Primcast will allow you to operate with an unrestricted 
exit policy if you use their Data Center in Romania of if you want to use a 
server in the NYC datacenter, you could use one of my IP ranges I have out 
there.

--Conrad

-Original Message-
From: tor-relays  On Behalf Of Neel 
Chauhan
Sent: Tuesday, July 30, 2019 12:18 PM
To: tor-relays@lists.torproject.org
Subject: Re: [tor-relays] Cherryservers (formerly balticservers) account 
terminated for exit relay

If you want an alternative exit relay host (other than the common ones like 
OVH, Scaleway, or Hetzner), one option is Server Room/Primcast (same company). 
I use Primcast for a 300 Mbps FreeBSD exit and have been happy with them.

Server Room/Primcast is not the "best" provider, but they are good enough for 
the purpose of an exit and being less popular (as of now) helps with relay 
diversity.

However, you will need a reduced exit policy with SR/Primcast. I have a
**very** restrictive exit policy only allowing Ports 53, 80, 443, and
8080 (so I get less complaints). If you want a custom OS, you will need iLO 
(HP/HPE's remote management, Primcast uses HP/HPE servers). An older server 
(pre-2011) may mean you'll need Windows and Internet Explorer (NOT MS Edge) to 
use the console, while a newer server will work with
HTML5 on Windows/Mac/Linux/BSD/etc.

-Neel

===

https://www.neelc.org/

On 2019-07-30 02:15, Chris Kerr wrote:
> I just heard from the hosting provider cherryservers.com that they are
> terminating my account (after 2.5 years) where I run the exit relay
> "ostwaldripening" (46.166.162.53), because they no longer wish to host 
> tor
> exit nodes.
> 
> I tried to create an account on trac.torproject.org to edit the 
> "GoodBadISPs"
> wiki page, but the spam blocking stopped me from doing so.
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] exit operators: overall DNS failure rate above 5% - please check your DNS resolver

[Conrad Rockenhaus]

> On Jun 30, 2019, at 8:32 PM, Matt Westfall  wrote:
> 
> Just set your exit relay DNS to 8.8.8.8 and 1.1.1.1 I mean dns traffic isn't 
> bulk traffic, let google and CloudFlare do the “work"
> 

Utilizing Google DNS (and possibly Cloudflare DNS) provides a significant 
security flaw that allows outside entities to determine what Tor network users 
are looking at. Utilizing your own DNS server, a trusted DNS server, or just 
running Unbound on the same instance is significantly more secure.

Google DNS keeps their logs…Cloudflare claims to wipe after 24 hours, but 
what’s not known if there’s an open FISA, for example, to continuously turn 
over Tor originated DNS requests over that 24 hour period.

There’s multiple Open Source Intelligence sources that have developed that 
governments are doing this exact thing to monitor Tor users, amongst other 
things. I would say this, a friend of mine who previously worked with the US IC 
says run Unbound or use trusted DNS.

Thanks,

Conrad Rockenhaus
https://www.greyponyit.com/

smime.p7s
Description: S/MIME cryptographic signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Tor Performance on Xen vs KVM

[Conrad Rockenhaus]

Hello,

I’m just curious on how people feel about relay performance on Tor nodes 
running on Xen vs KVM. I’ve noticed on Xen I have increased network performance 
and I do like the improved modular architecture of Xen vs KVM (right now I’m 
working on an experimental OpenStack w/ XCP-ng environment). I was wondering if 
any others on the list had experience running high performance Tor nodes on Xen 
and KVM and have a preference for one over the other… I’m just trying to 
compare and contrast here.

Of course, I built a XCP-ng pool with a compute VM, then I have a regular KVM 
compute instance running under the Openstack framework.

Thanks,

Conrad Rockenhaus
http://www.greyponyit.com/

smime.p7s
Description: S/MIME cryptographic signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Onionoo and ASN Number/AS Name

[Conrad Rockenhaus]

Hello,

Onionoo returns “unknown” for my ASN for some reason (should return 63080) and 
returns “unknown” for AS Name (Should be GreyPony Consultants - as named in 
ARIN). I’m trying to find out where things might be potentially breaking here 
before I start connecting to the route servers at DE-CIX next week. Has anyone 
seen this type of issue before?

Thanks,

Conrad

smime.p7s
Description: S/MIME cryptographic signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Tor relay says it is reachable, but is not appearing on the network.

[Conrad Rockenhaus]

Hello,

My bust, confirmation bias.

Thanks,

Conrad

On Thu, May 23, 2019 at 11:45 PM teor  wrote:

> Hi,
>
> > On 24 May 2019, at 14:08, Conrad Rockenhaus 
> wrote:
> >
> > In April 2018 Google released an update that caused VPNs and Tor
> services to stop working on GCE and App Engine. It was a long planned
> network update.
> >
> > The following ticket refers:
> https://trac.torproject.org/projects/tor/ticket/25804
>
> That ticket is about domain-fronting, which is used by meek and snowflake
> bridges.
> But these issues do not affect other relays.
>
> Do you have any information about Google blocking relays?
>
> T
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
-- 
Conrad Rockenhaus
https://www.rockenhaus.com
Cell: (254) 292-3350
Fax: (254) 875-0459
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Tor relay says it is reachable, but is not appearing on the network.

[Conrad Rockenhaus]

Hi,

I apologize for top posting, but it’ll be the simplest way to convey the 
message.

In April 2018 Google released an update that caused VPNs and Tor services to 
stop working on GCE and App Engine. It was a long planned network update.

The following ticket refers: 
https://trac.torproject.org/projects/tor/ticket/25804

Thanks,

Conrad

> On May 23, 2019, at 8:15 PM, teor  wrote:
> 
> Hi,
> 
>> On 24 May 2019, at 09:19, Keifer Bly  wrote:
>> 
>> Hi all, so this is the tor log since the last restart. It includes the relay 
>> fingerprint. The tor version is (0.2.9.16-1).
> 
> The log you posted is missing a few lines at the start, including the lines
> that tell us the tor version.
> 
> We need to see the tor version that is *running*, not the tor version that
> you installed. Just in case they are different. (Authorities reject really old
> Tor versions.)
> 
>> When I tried updating tor I got a message saying that was the
>> newest version.
> 
> It looks like you're on Debian or Ubuntu, please follow these instructions
> to update:
> https://2019.www.torproject.org/docs/debian.html.en
> 
>> The relay has an assigned static ip and port which are both allowed by the 
>> firewall. It seems strange that
>> Dmitrii Tcvetkov was able to reach the relay though teor cannot,
> 
> We looked in different places:
> 
> Dmitrii connected to the IP and ports of your relay using SSL.
> I looked for your relay in the votes and the consensus, but I did not find it.
> 
>> also that the relay says it is reachable and receiving traffic but not 
>> appearing in the relay list.
> 
> I think your relay is not publishing its descriptor. See my comments below
> about the relay log.
> 
>> It seems like the relay
>> would not be able to start at all if Google was blocking it.
> 
> There are lots of different ways to block relays. Some let the relay start, 
> but
> it never gets in the consensus. But I don't think that has happened to your
> relay.
> 
>> May 21 20:01:32.000 [warn] You are running Tor as root. You don't need to, 
>> and you probably shouldn't.
> 
> I don't know how you are configuring and running your relay. Using a guided
> relay configuration tool might help you. See my suggestion below.
> 
>> May 21 20:01:33.000 [notice] Your Tor server's identity key fingerprint is 
>> 'torworld 3A4E582092E7C6B822EC01F4D76F680F6C65B0A2'
> 
> I have confirmed that this fingerprint is not in the votes or consensus.
> 
>> May 21 20:01:33.000 [notice] Bootstrapped 0%: Starting
>> May 21 20:03:53.000 [notice] Bootstrapped 80%: Connecting to the Tor network
>> May 21 20:03:54.000 [notice] Guessed our IP address as 104.154.93.253 
>> (source: 128.31.0.34).
> 
> 128.31.0.34 is the IP address of moria1, so your relay can connect to the 
> directory
> authorities. That means that Google isn't blocking connections out.
> 
>> May 21 20:03:58.000 [notice] Bootstrapped 100%: Done
>> May 21 20:03:58.000 [notice] Now checking whether ORPort 
>> 104.154.93.253:65534 is reachable... (this may take up to 20 minutes -- 
>> lookfor log messages indicating success)
>> May 21 20:04:01.000 [notice] Self-testing indicates your ORPort is reachable 
>> from the outside. Excellent.
> 
> Your relay and Dmitrii have confirmed that this port is reachable from the
> outside.
> 
> But your relay log does not say "Publishing server descriptor." That's why 
> your
> relay is not in the votes or the consensus.
> 
> So we need to answer these questions:
> * Is your relay configured as a bridge?
> * Is your relay configured to *not* publish its descriptor?
>  (Relays publish their descriptors by default.)
> 
> Please copy and paste your torrc into your next email.
> 
> Your logs were also missing these things:
> 
>> * tor version,
>> * role (relay or bridge), and
>> * descriptor posts to authorities.
> 
> Please post the parts of your logs that contain this information.
> There is no need to paste more than 2 repetitions of the
> Heartbeat/Cell/Circuit/Connection/DoS lines.
> 
> You seem to have a lot of trouble configuring relays manually.
> You might have a better experience with a guided setup tool, like this
> Tor Relay role in Ansible:
> https://github.com/nusenu/ansible-relayor
> 
> T
> 
>> On Thu, May 23, 2019 at 2:09 PM teor  wrote:
>> 
>> On 23 May 2019, at 18:41, Dmitrii Tcvetkov  wrote:
>> 
>>> On Tue, 21 May 2019 23:36:28 -0700
>>> Keifer Bly  wrote:
>>> 
>>>> Hi, so the relay in question does indeed have a reserved Static IP
>>>> (104.154.93.253), and the traffic is allowe

Re: [tor-relays] new tor middle relay error

[Conrad Rockenhaus]

> On May 16, 2019, at 10:31 PM, Keifer Bly  wrote:
> 
> Hi all,
> 
> So I am running a new tor middle relay via a Google Cloud VPS but after the 
> relay running for 1 day I am seeing this error
> 
> May 16 18:23:50.000 [notice] Heartbeat: It seems like we are not in the 
> cached consensus.
> 
Have you done a ps aux | grep tor and determined how many tor processes are 
running? If you’re running more than one tor process, are they bind to either 
separate IPs or different ports?

Thanks,

Conrad



smime.p7s
Description: S/MIME cryptographic signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] forward relay connections

[Conrad Rockenhaus]

> On May 23, 2019, at 3:54 AM, tor-re...@riseup.net wrote:
> 
> I think that a network based to much on remotes VMs, with closed source 
> software running on the most deep machine level, is not very resilient and 
> secure.
> 

Actually, it’s very secure. By default, Tor doesn’t log anything but simple 
notice messages. In addition, if you use Offline Master Keys 
(https://trac.torproject.org/projects/tor/wiki/doc/TorRelaySecurity/OfflineKeys)
 the security of your node is greatly enhanced. As long as you have direct root 
access to the VM, you’re fine. Also, most VM use OSS HyperVisors such as KVM or 
Xen.

> So the reason why I was thinking to do so is that I wanted to run a small 
> exit relay on a device running only open source software, like Olimex Lime2 
> does, and under my direct control.
> 
If you really want to use this device as an exit, I would strongly suggest that 
you don’t do it at home, there’s actually a few companies that specialize in 
colocation for small hardware platforms such as the Lime2.

> The latency from my home and the VM is not so high (45-50 ms), and I was 
> pretty sure that with a proper configuration I didn't risk that users exit 
> through my home connection.  But If you say that with a so small bandwidth It 
> can't run properly, I trust you, so I keep a non-exit relay.

That’s actually very high latency to add to the hop because you’re going to add 
SSH encryption on top of it, which will add more latency, just to get to the 
VM? I wouldn’t consider it feasible.

Now that I’m thinking about it, you could try finding a VPN provider that 
allows Tor and using that VPN provider on your Lime2.

-Conrad

> 
> Anyway thanks for your advices
> 
> Il 22/05/19 11:05, nusenu ha scritto:
>> tor-re...@riseup.net
>> :
>> 
>>> I'm running a non exit relay on a debian machine (in the next few
>>> months I will switch to *BSD) on a Lime2. 
>>> 
>> I assume you are referring to a relay run at home.
>> 
>> 
>>> I'm running an exit relay
>>> too on a remote VM.
>>> 
>>> I would turn my non-exit relay in an exit one, but for obvious
>>> reasons, I don't want to run It from my shitty ISP IP. I could give
>>> 10-14 mbps from my home connection, so I think that the lime2 would
>>> be  powerful enough to run It properly.
>>> 
>> I would discourage such a setup for the following reasons:
>> 
>> - this setup includes the risk that users will exit 
>> through your home broadband IP address (bad!) if tunnels break down
>> - such setups that introduce an additional hop decrease the user-experience
>> - most users will not be happy with an "10-14mbps" exit at a home broadband 
>> connection
>> - it is not clear to me why you would involve your home IP at all for your 
>> exit
>> if you have a VM in a datacenter
>> 
>> 
>> nonetheless, thanks for running relays,
>> nusenu
>> 
>> 
>> 
>> 
>> 
>> 
>> ___
>> tor-relays mailing list
>> 
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



smime.p7s
Description: S/MIME cryptographic signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] forward relay connections

[Conrad Rockenhaus]

> On May 22, 2019, at 1:24 AM, tor-re...@riseup.net wrote:
> 
> Hello dear friends
> 
> I'm running a non exit relay on a debian machine (in the next few months I 
> will switch to *BSD) on a Lime2. I'm running an exit relay too on a remote VM.
> 
> I would turn my non-exit relay in an exit one, but for obvious reasons, I 
> don't want to run It from my shitty ISP IP. I could give 10-14 mbps from my 
> home connection, so I think that the lime2 would be  powerful enough to run 
> It properly.
> 
> Do you think would be feasible to use SSH to forward all connections, except 
> DNS queries, between my Lime2 and the remote VM in order to use an additional 
> VM's IP?
> 
> Could you give me some tips please?
> 

I would highly advise against this, namely because you’re exposing yourself the 
risk of the tunnel going down and exit traffic possibly going out the default 
route, which is your home ISP connection, or a misconfiguration occurring, 
which would mean your home is detected as a Tor exit, or so forth. If you want 
to run a relay at home, run an entry or middle. If you want an exit, get a VM, 
a Colo, or a Dedicated Server. Just my $0.02.

> 
> cheers
> 
> Gigi
> 
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



smime.p7s
Description: S/MIME cryptographic signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Tor relay problem

[Conrad Rockenhaus]

> On May 17, 2019, at 6:16 PM, findmei  wrote:
> 
> Thank you for replying to my mail.
> 
> Damn it. My isp is blocking me. Is it possible to run this node in some way?
> 

Do you happen to know if you have a transparent proxy in your path to the 
internet from your box? Run “curl ifconfig.me” does that return the IP address 
of your box or a different IP address altogether?

> Sent from ProtonMail mobile
> 
> 
> 
>  Original Message 
> On May 17, 2019, 01:24, Roger Dingledine < a...@torproject.org> wrote:
> 
> On Thu, May 16, 2019 at 06:56:10PM +, findmei wrote:
> > May 15 14:42:13.000 [warn] Unable to stat resolver configuration in 
> > '/etc/resolv.conf': Permission denied
> 
> This one is weird and unexpected. Your relay can't do any dns resolves
> of its own if it can't read that file. For a non-exit relay (which you
> appear to be), that's not so bad.
> 
> As for why that might happen, my first thought is some sort of apparmor
> permissions that intercept the file access attempt and block it.
> 
> > May 15 14:49:13.000 [warn] HTTP status 307 ("Temporary Redirect") was 
> > unexpected while uploading descriptor to server '86.59.21.38:80'. Possibly 
> > the server is misconfigured?
> 
> This one is most likely something on your network trying to attack or
> censor or intercept your outgoing traffic. Maybe there is something
> that calls itself antivirus, or firewall, or web cleaner, or something
> like that? Or maybe your ISP or your country does something like that
> 'for' you automatically?
> 
> > I try to chmod 777 /etc/resolv.conf for this warning " /etc/resolv.conf': 
> > Permission denied".But it didnt work it.And then i searched it on google 
> > for "HTTP status 307 ("Temporary Redirect")" .But i didn't find 
> > solution.Any suggestions?
> >
> > /var/log/tor/notices.log => https://paste.ubuntu.com/p/JsPGdgFJyT/
> 
> A possible reason why the relay wasn't listed as Running was that there
> were three different relays running at that IP address in the past day,
> and Tor tries to limit to at most two relays per IP address.
> 
> Anyway, it looks like it is now listed.
> 
> --Roger
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



smime.p7s
Description: S/MIME cryptographic signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Well, what exactly are you trying to contribute with your efforts?

[Conrad Rockenhaus]

On Sun, Apr 28, 2019 at 4:58 AM I  wrote:
>
> It is a bit expensive if there's no profit.

That was the before, prior to my complete change to a 501(c)(3), now
it's changed to a completely donation driven way of doing things. In
order for people to get a clear idea of what they should donate what
I'm doing is posting the invoices and a "total donated" hour glass
type thing, just to keep things simple accounting wise and
transparent, the way they should be. As people sign up I might
establish tiers, but for now, it's just going to be completely open
with the accounting and everything.

-- 
Conrad Rockenhaus
https://www.rockenhaus.com
Cell: (254) 292-3350
Fax: (254) 875-0459
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Well, what exactly are you trying to contribute with your efforts?

[Conrad Rockenhaus]

On Sun, Apr 28, 2019 at 6:05 AM Olaf Grimm  wrote:

> Conrad, why did you suddenly go underground and not be reachable
> anymore? Greypony IT was offline and you were just gone. I was a paying
> customer and my two servers were suddenly offline.
>
> now you come back and promise paradise again. No, i go my own way. Guys
> like you are not trustworthy.
>
> Olaf
>
>
> Am 28.04.19 um 10:34 schrieb Conrad Rockenhaus:
> > On Wed, Apr 17, 2019 at 5:49 PM Seby  wrote:
> >> Here we go again...
> >> This dude just won't stop harassing us with masked advertising,
> commercial
> >> offers and monetary asks. Every time even the most boring thing needs
> to be
> >> publicly shouted on these mail lists, every time he does something
> >> extraordinary, something quite unusual that none of you mortals could
> ever
> >> do like running a middle relay on a small virtual machine, or a 500KB/s
> >> bridge.
> >>
> > Actually, it's not masked advertising for commercial offers. It's
> > nonprofit solicitation to assist other users that are interested in
> > expanding Tor's FreeBSD Resiliency. There's quite a few people that
> > would like to help but aren't comfortable making the plunge on their
> > own. Increasing the number of FreeBSD machines ensures we don't have a
> > single point of failure as the number of Linux machines presently on
> > Tor greatly outweighs the number of FreeBSD machines on Tor.
> >
> > This was previously discussed, but I'm sure you weren't paying
> > attention, but that's where the project started from and it was always
> > a nonprofit project to begin with.
> >
> > In addition, we're now assisting with AS divestment as well, to try to
> > get people off of highly populated ASes so those don't form single
> > points of failure. Which is another goal of the Project, from what I
> > have been told. I understand you may not get that, so I'll explain it
> > as simply as possible - too many middle relays and exits are getting
> > service from the same service providers. We are trying to help provide
> > another Tor friendly service provider to the table (which runs
> > separately from this since that's a commercial operation).
> >
> > When we had are stuff fully online, we occupied all 15 top spots of
> > the highest bandwidth exits in Canada. Right now my highest performing
> > exit in the US is in the Top 10 but I've been scaling that exit down
> > as I'm not sure if I'm keeping my personal items online anymore at
> > this point.
> >
> > Finally, the GreyPony project has been there to make it be able for an
> > enduser be able to easily setup and get going on their first new relay
> > with dedicated support, sometimes people want that extra hand.
> >
> > Before you trash a project before you should learn about it, but all
> > you've been doing is trashing things. Maybe you should try
> > contributing to something and ignoring things you disagree with or
> > asking questions if you don't understand it, instead of just resorting
> > to talking trash about a project. I just makes it look like you have
> > plenty of free time to mock others because you aren't helping others,
> > but that's my take on things.
> >
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
-- 
Conrad Rockenhaus
https://www.rockenhaus.com
Cell: (254) 292-3350
Fax: (254) 875-0459
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Well, what exactly are you trying to contribute with your efforts?

[Conrad Rockenhaus]

On Wed, Apr 17, 2019 at 5:49 PM Seby  wrote:
>
> Here we go again...
> This dude just won't stop harassing us with masked advertising, commercial
> offers and monetary asks. Every time even the most boring thing needs to be
> publicly shouted on these mail lists, every time he does something
> extraordinary, something quite unusual that none of you mortals could ever
> do like running a middle relay on a small virtual machine, or a 500KB/s
> bridge.
>

Actually, it's not masked advertising for commercial offers. It's
nonprofit solicitation to assist other users that are interested in
expanding Tor's FreeBSD Resiliency. There's quite a few people that
would like to help but aren't comfortable making the plunge on their
own. Increasing the number of FreeBSD machines ensures we don't have a
single point of failure as the number of Linux machines presently on
Tor greatly outweighs the number of FreeBSD machines on Tor.

This was previously discussed, but I'm sure you weren't paying
attention, but that's where the project started from and it was always
a nonprofit project to begin with.

In addition, we're now assisting with AS divestment as well, to try to
get people off of highly populated ASes so those don't form single
points of failure. Which is another goal of the Project, from what I
have been told. I understand you may not get that, so I'll explain it
as simply as possible - too many middle relays and exits are getting
service from the same service providers. We are trying to help provide
another Tor friendly service provider to the table (which runs
separately from this since that's a commercial operation).

When we had are stuff fully online, we occupied all 15 top spots of
the highest bandwidth exits in Canada. Right now my highest performing
exit in the US is in the Top 10 but I've been scaling that exit down
as I'm not sure if I'm keeping my personal items online anymore at
this point.

Finally, the GreyPony project has been there to make it be able for an
enduser be able to easily setup and get going on their first new relay
with dedicated support, sometimes people want that extra hand.

Before you trash a project before you should learn about it, but all
you've been doing is trashing things. Maybe you should try
contributing to something and ignoring things you disagree with or
asking questions if you don't understand it, instead of just resorting
to talking trash about a project. I just makes it look like you have
plenty of free time to mock others because you aren't helping others,
but that's my take on things.

-- 
Conrad Rockenhaus
https://www.rockenhaus.com
Cell: (254) 292-3350
Fax: (254) 875-0459
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Anyone interested in running FreeBSD or Linux Exit Relays on AS19624?

[Conrad Rockenhaus]

Nope, not really.

On Wed, Apr 17, 2019 at 6:57 AM Old Man Tor 
wrote:

> So, did I call it? Or did I call it
>
> ‐‐‐ Original Message ‐‐‐
> On Wednesday, April 17, 2019 11:29 AM, Conrad Rockenhaus <
> ad...@rockenhaus.com> wrote:
>
> For a small donation in relation to the number of physical CPUs (and x
> cores each) plus bandwidth you want, (mbp/s or gbp/s) I can provide you
> your own instance on my OpenStack cloud that I just built out on AS19624.
> No exit policy restrictions, I handle all abuse complaints, so you won’t
> have to worry about any abuse takedowns.
>
> This is the only time I’ll mention it here. If anyone is interested,
> please email me directly.
>
> Thanks,
>
> Conrad
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>


-- 
Conrad Rockenhaus
https://www.rockenhaus.com
Cell: (254) 292-3350
Fax: (254) 875-0459
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Anyone interested in running FreeBSD or Linux Exit Relays on AS19624?

[Conrad Rockenhaus]

For a small donation in relation to the number of physical CPUs (and x
cores each) plus bandwidth you want, (mbp/s or gbp/s) I can provide you
your own instance on my OpenStack cloud that I just built out on AS19624.
No exit policy restrictions, I handle all abuse complaints, so you won’t
have to worry about any abuse takedowns.

This is the only time I’ll mention it here. If anyone is interested, please
email me directly.

Thanks,

Conrad
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Making use of new bandwidth

[Conrad Rockenhaus]

Hello,

If Tor doesn't scale on multicore CPUs, setting NumCPUs to 2 and
running two threads has no effect at all on throughput?

Thanks,

Conrad

On Sun, Apr 7, 2019 at 7:02 AM  wrote:
>
> Am 06.04.2019 21:19, schrieb Logforme:
>
> > The reason I ask is that I wonder if I should run a second Tor
> > instance or if the current one will be able to make use a a reasonable
> > part of the 500Mps.
>
> I'm also testing it with one to three instances.
> My problem is, I only have 30TB traffic / month. Unfortunately, that
> does not make sense with multiple instances. :-(
>
>
>  From https://www.torservers.net/wiki/setup/server:
>
> Currently, Tor does not scale on multicore CPUs. If the CPU supports
> AES-NI crypto extensions (most modern CPUs do),
> one Tor process is able to handle around 400 Mbps of throughput –
> without AES-NI, around 100 Mbps.
>
> --
> Ciao Marco!
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



-- 
Conrad Rockenhaus
https://www.rockenhaus.com
Cell: (254) 292-3350
Fax: (254) 875-0459
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] FallbackDir

[Conrad Rockenhaus]

Is their a need for any more FallbackDirs?

Thanks,

Conrad

-- 
Conrad Rockenhaus
https://www.rockenhaus.com
Cell: (254) 292-3350
Fax: (254) 875-0459
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] High Speed Exit Relay or just a plain Relay?

[Conrad Rockenhaus]

AS19624 only has four exits, two instances run on another person's
FreeBSD server, and I have two dedicated servers, with one more
dedicated server sitting idle. Currently, total bandwidth contribution
is 81.27 MiB/s, but note that the first relay in this AS came online
on March 15th. This AS is announced from two datacenters, one in NYC
and the other in Bucharest, Hungry.

I'm not worried about cancellation or legal exposure, they are very
Tor friendly, and I'm working on their OpenStack Cloud, so I have some
interaction with them. They understand the wonderful automated bots
that send emails and the occasional real human that may ask for
information, so that portion is covered.

Now, the two datacenters sites have a sufficient bandwidth and are
connected to three providers (one Tier 1) with a significant number of
peers to support more Tor relays. I know there's a desire for AS
diversity within the network, given the large amount of relays
concentrated in three or four major providers. So, in this AS, traffic
is disproportionally low compared to other ASes. I would like your
recommendations.

Thanks,

Conrad




On Thu, Apr 4, 2019 at 1:35 PM grarpamp  wrote:
>
> On 4/4/19, Conrad Rockenhaus  wrote:
> > I have a FreeBSD box on a 1 Gbit/s connection. I'm trying to determine
> > if we need more high speed relays or high speed exit relays. The AS
> > it's on has no plain relays, just exit relays. That's what has me
> > wondering what to do.
>
> https://metrics.torproject.org/bandwidth-flags.html
> Exit and non-exit appear both roughly equal at
> around 50% utilization. Perhaps a coin toss there.
>
> https://metrics.torproject.org/torperf.html
> There may be long term performance trends
> to try enhancing or reversing as desired.
>
> https://metrics.torproject.org/relayflags.html
> There's 1000 exits, fraction that are
> variously p0wn3d is unknown.
>
> Was mentioned above the AS is already represented by
> exits, so diversity needs there may be moot, unless traffic
> there is added up and found to be disproportionally low
> compared to other AS, region, etc.
>
> https://metrics.torproject.org/services.html
> https://metrics.torproject.org/
> There are more resources here.
>
> If all else equal, the answer may be... do you prefer to
> grow the ISP relationship as an exit from today, including
> any extra fraffic costs and cancellation or legal exposure,
> or prefer to enable the exit forms of those four later on.
>
> Or survey other ISP and locations for the tor node.
>
> Or even assist other network overlay projects with their nodes.
>
> Lots of considerations can go into success and diversity
> of the privacy anonymity freedom space overall when
> wondering "what to do with my box" :)
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



--
Conrad Rockenhaus
https://www.rockenhaus.com
Cell: (254) 292-3350
Fax: (254) 875-0459
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Hello

[Conrad Rockenhaus]

On Thu, Apr 4, 2019 at 2:50 PM Old Man Tor  wrote:
>
> Sorry to hear that, that's really unfortunate and I would never want to wish 
> that upon anyone. I wish you a speedy recovery with hopefully no lasting side 
> effects.

Thank you, I appreciate that. Unfortunately, I am unable to walk anymore.

>
> That said, it has been a GOOD amount of quiet while you've been gone.
>
> For the love of god/shiva/onions, please don't let these new relays turn into 
> Conrad and Nathaniel 'Cordially' Suchy's DeadGreyPonyIT show again.

My sin was over advertising on the list, I will take that. Oh, and
arguing with an arrogant asghshole. Otherwise, it was others. I can't
control the actions of other people. They did what they did.

As far as the 12 year old douche bag, don't worry about my association
with him. When I came home and I was catching up on the list and I
read his "disassociation" email, I felt this sharp pain in my back,
and I realized that Mr. Cordially just stabbed me in front of all of
the relay operators. It's all good though, I was able to stop the
bleeding and continue catching up on the list.

> No one else cares about you and your confused lackeys attempts to be big-boy 
> tor relay operators.

Yes, I understand that, which is why I went silent after I was told to
stop advertising.

>
> If you wish to join the network again, please do it in the style of someone 
> respectable like Quintex - He just 'does' it, and doesn't clog up everyone's 
> inboxes with useless messages about new nodes/downtime/'customers'/things 
> that should be experimented with or tested on your own first. It's not a 
> competition to get the fastest speeds from a box, the most nodes (maybe a 
> personal goal, being mindful of operator percentages) or anything else. We're 
> just here for the bigger cause.

I mainly sent my email to explain my absence for the past couple of
months. I apologize that it offended all of the operators. Since y'all
are so easily offended by my email explaining my absence shall I just
take my shit down and do something else?
>
> We, and all tor users appreciate your efforts in running a relay of any kind, 
> we can just do without the 'look at me' circus again.

I don't give a shit about the 'Look at me' circus. Previously, my main
goal was to get more FreeBSD nodes on Tor, and it turned into a 'Look
at me' shit show, I'll admit that, but I was no part of that. I
thought that was a respectable goal.

>
> Love,
> Old Man Tor.
>
> [Sent from a throwaway account, over Tor of course. Cowardly, but I said what 
> needed to be said that a lot of other relay operators are thinking but are 
> too scared to say.]
>
>
> From:Conrad Rockenhaus
> Date: Thu Apr 4 04:48:01 UTC 2019
> Subject: [tor-relays] Hello
> To: Tor Relay Mailinglist 
>
> Hi Tor-Relays,
>
> I apologize that I just disappeared, I wound up with a massive stroke
> last year which was more significant than the last one and was
> hospitalized longer for recovery and rehabilitation. Things just kind
> of fell to the wayside since it's kind of hard to computer when you
> can't computer :P.
>
> Anyway, I've been home for the past few weeks and starting to get back
> into my old hobbies again. I brought two new exit relays up in NYC,
> one Linux, and one FreeBSD on 1 Gb/s Links. I have another FreeBSD box
> in NYC on a 1 Gb/s link that I'm trying to think if I should make an
> exit relay or just a regular relay.
>
> Relay names - greyponyitnyc001 and greyponyitnyc002.
>
> I hope everyone is having a good day!
>
> --
> Conrad Rockenhaus
> https://www.rockenhaus.com
> Cell: (254) 292-3350
> Fax: (254) 875-0459
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



-- 
Conrad Rockenhaus
https://www.rockenhaus.com
Cell: (254) 292-3350
Fax: (254) 875-0459
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] High Speed Exit Relay or just a plain Relay?

[Conrad Rockenhaus]

Hello,

I have a FreeBSD box on a 1 Gbit/s connection. I'm trying to determine
if we need more high speed relays or high speed exit relays. The AS
it's on has no plain relays, just exit relays. That's what has me
wondering what to do.

So, what is the general consensus - should it be an exit or just a plain relay?

Thanks,

Conrad

-- 
Conrad Rockenhaus
https://www.rockenhaus.com
Cell: (254) 292-3350
Fax: (254) 875-0459
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Emerald Onion's new relays

[Conrad Rockenhaus]

> I'm also encouraging you to use separate IP addresses for exit traffic [1] 
> because that helps eliminate the impact on relay-to-relay communication when 
> ISPs are ordered to BGP blackhole some exit IP addresses (as we have seen 
> recently in the news).

I've been assigning a second set of IP addresses to my servers in case
I want to run another instance of Tor. Would it be more prudent to use
that second set of IP addresses as an OutboundBindAddressExit instead
and use different ports as a better practice?

Thanks,

Conrad


On Tue, Apr 2, 2019 at 12:35 PM nusenu  wrote:
>
> > We are in the process of creating an RPKI ROA for our prefixes
>
> Thanks for taking the extra steps to create a RPKI ROA to reduce
> the impact of BGP routing attacks on your prefixes. Extra points for
> doing RPKI-based Route Origin Validation on your BGP routers.
>
> I hope to convince everyone with such a high concentration of tor network
> capacity to make use of tor's OfflineMasterKey mode to safeguard your relay
> identity keys even in the event of a system compromise.
> Which basically implies automation because no one wants to handle (renew) 
> more than
> 3 keys manually.
>
>
> I'm also encouraging you to use separate IP addresses for exit traffic [1]
> because that helps eliminate the impact on relay-to-relay communication
> when ISPs are ordered to BGP blackhole some exit IP addresses
> (as we have seen recently in the news).
>
> > 40 new uncapped and unfiltered exit relays
>
> I would suggest to not run uncapped tor instances
> but to set a per-instance limit of around 80-90% what a single core
> is able to handle, to avoid poor performance for the user.
> With growing bandwidth the CPU will spend considerable amount of resources
> just handling packets (kernel).
>
> > This work is part of our efforts to saturate our new unmetered 10Gbps
> > transit link
>
> As teor usually says, saturated links is not what we should be aiming for
> if we like performance.
>
>
> Thanks for adding such a significant amount of exit capacity.
>
>
>
> [1] 
> https://2019.www.torproject.org/docs/tor-manual.html.en#OutboundBindAddressExit
>
> --
> https://twitter.com/nusenu_
> https://mastodon.social/@nusenu
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



-- 
Conrad Rockenhaus
https://www.rockenhaus.com
Cell: (254) 292-3350
Fax: (254) 875-0459
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Hello

[Conrad Rockenhaus]

Hi Tor-Relays,

I apologize that I just disappeared, I wound up with a massive stroke
last year which was more significant than the last one and was
hospitalized longer for recovery and rehabilitation. Things just kind
of fell to the wayside since it's kind of hard to computer when you
can't computer :P.

Anyway, I've been home for the past few weeks and starting to get back
into my old hobbies again. I brought two new exit relays up in NYC,
one Linux, and one FreeBSD on 1 Gb/s Links. I have another FreeBSD box
in NYC on a 1 Gb/s link that I'm trying to think if I should make an
exit relay or just a regular relay.

Relay names - greyponyitnyc001 and greyponyitnyc002.

I hope everyone is having a good day!

--
Conrad Rockenhaus
https://www.rockenhaus.com
Cell: (254) 292-3350
Fax: (254) 875-0459
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] exit operators: overall DNS failure rate above 5% - please check your DNS

[Conrad Rockenhaus]

Would you make a recommendation of running unbound on the local exit nodes to 
resolve local DNS server congestion to get around this issue?

Thanks,

Conrad

> On Oct 19, 2018, at 5:30 PM, nusenu  wrote:
> 
> Signed PGP part
> Dear Exit relay operators,
> 
> (you are getting this email because you are a subscriber of the tor-relays 
> mailing
> list or because you are among the top 10 affected parties - addressed via BCC 
> to protect the address)
> 
> first of all thanks for running exit relays!
> 
> One of the crucial service that you provide in addition to forwarding
> TCP streams is DNS resolution for tor clients.
> Exits relays which fail to resolve hostnames
> are barely useful for tor clients.
> 
> We noticed that lately the failure rates did increase again and would like
> to urge you to visit Arthur's "Tor Exit DNS Timeouts"
> page that shows you the DNS error rate for exit relays:
> 
> https://arthuredelstein.net/exits/
> (the page is usually updated once a day)
> 
> Please consider checking your DNS if your exit relay consistently shows a non 
> zero
> timeout rate - and make sure you run an up to date tor version.
> 
> If you are an exit operator but have no (or no working) ContactInfo, please 
> consider
> updating that field in your torrc so we can reach you if something is wrong
> with your relay.
> 
> kind regards
> nusenu
> 
> --
> https://twitter.com/nusenu_
> 
> 
> 
> 
> 



signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Thank You

[Conrad Rockenhaus]

Thank you everyone for the well wishes. I have been discharged from the 
hospital and I’m recovering slowly at home. I appreciate all of the kind notes 
that I received and again, thank you.

Regards,

Conrad


signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Court Order

[Conrad Rockenhaus]

S7R,

I emailed you privately with evidence hoping you would retract your statement. 
Unfortunately, you’ve decided to not reply, so I’ll gladly post a redacted copy 
of the court order to my blog: 
https://www.rockenhaus.com/2018/09/hey-now-court-order.html as well as respond 
to some of your finer points.

> On Sep 9, 2018, at 8:25 AM, s7r  wrote:
> 
> I can see this way too often in the mail list and it looks like some
> pour attempts of advertising of a small hosting/server/vps company
> start-up. I sincerely doubt any court order was received on such short
> notice, especially because these procedures take significant time from
> the date an action happen to the date subpoena/court order is physically
> received. Subject of this email thread chosen to attract attention, yet
> with 0 proof.

My, oh my, you really need some education about Court Orders if you think they 
really need to “take some time” to get one. All a Police Officer has to do is 
convince a judge that they believe Party X holds evidence related to the crime, 
and they need Party X to release the evidence to bolster their case to probable 
cause for arrest or to determine who the suspect is. If a judge agrees, the 
court order is signed. It’s up to you to fight the court order.

I would like to see how I was advertising. I didn’t mention my company once, I 
sent it from my personal account, and I sent the email just to inform that 
another relay operator received a court order, which is an atypical topic 
brought up here.


> Secondly, the said company could not have received a court order, or
> even an abuse email, it is OVH who could have received them, and if it
> really was a court order they would not pass it further downstream, they
> would just tell them who the user of the IP address was at the given time.

Thank you for educating me about my network, but too bad the servers weren’t 
hosted at OVH. However, I’m contacted directly about my IP space at OVH as 
well, because it’s reassigned to me. I have servers at other locations, but I 
greatly appreciate you knowing my network oh so well.

> 
> HIGHLIGHT: I appreciate and respect and am thankful to people doing any
> efforts at all to run exit nodes running, including setting up small
> re-seller accounts with big providers and do it. We do not have to
> advertise these facts to the mail list over and over again.
> 
> After all this company does not even own any IP address space at all, it
> is an OVH re-seller with a different html website, and all those exits
> can be shut down the minute OVH decides they received too many abuse
> complaints, and that is it. They can state as long as they want that
> they will not shut them down, just one day some person in management
> changes and decides they are not worth it, so bye-bye.
> 
> Quite some people here are running exits under their own AS numbers and
> own IP address space with different upstream providers that provide real
> diversity yet none of them advertise it so heavily.

HIGHLIGHT: No, you don’t appreciate and respect people doing any efforts at all 
to keep exit nodes running, otherwise, you wouldn’t of sent this email. No one 
was advertising, you could of easily emailed me and asked me for proof before 
launching into your little tirade like another gentleman here did because he 
was angry that he wasn’t getting three servers for free anymore on an one 
server trial. Too many people decide to draft an email and send to everyone 
instead of actually getting their facts straight for a change.

Oh, and no, again, we’re not just an OVH reseller, but thank you, maybe I 
should become one and maybe they’ll actually pay me something. I heard they 
have a good referral program.

> 
> ANOTHER HIGHLIGHT SO MY WORDS DO NOT GET TWISTED: I am not saying these
> relays are useless, they are just not such a big deal to keep reading
> about them over and over again.
> 
> Thanks for not understanding it wrong.

Well, it came across completely wrong.

Conrad


signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Court Order

[Conrad Rockenhaus]

Greypony received its first Court Order yesterday. Unfortunately, we have no 
records to provide since it was a Tor Exit, and we don’t even have records of 
who owned that relay at that IP address because we don’t keep records of the 
info. Oops.

It’s a pretty broad Court Order, and kind of funny. Oh well.

Conrad


signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] 4 of Conrad Rockenhaus trial servers are in the top ten exit relays for Canada

[Conrad Rockenhaus]

> 
> Thank you for your reply. I can now see that 4 big + 1 small (or 5 big) 
> providers is definitely better than only 4 big ones for diversity, but it 
> leads to another diversity question which needs some background:

> For a while, earlier this year during the spectre / meltdown vulnerability 
> commotion I ran a couple of relays in VM's using Amazon Web Services (AWS). I 
> was confident in the knowledge that the AWS provided kernels / VM's switched 
> to the spectre mitigation measures. Sure they slowed down a bit for a while, 
> but they speeded up again when after AWS tweaked it a little. Because I know 
> my VM's were using the mitigation I know other VM's can't spy on the tor 
> traffic & what ever encryption keys happens to been in the VM's memory at 
> that time (the really paranoid can supply their own kernel / boot image to 
> run).

All major operating systems provided mitigation/and or patches to correct this 
vulnerability. Just because you were using Amazon Linux doesn’t mean that 
Amazon did anything special. All the major Linux distributions had mitigation 
measures and/or patches, as well as FreeBSD. If you had automatic updated 
turned on for your respective OS they were brought online automatically, but 
most people I know don’t have automatic updates turned on because they like 
being able to control when updates are installed. There’s nothing special about 
what AWS does that major OS distributions aren’t doing already.

Plus, I’m sorry, but I don’t consider CPU meltdown attacks are great in theory 
and all, but your greatest threat is always going to be password compromise, 
social engineering, or something of that sort. It’s the small stuff that 
typically matters more than some major thing that looks like the end of the 
world on paper.


> My VM's were probably running in a rack containing hardware that also runs 
> websites, web applications, corporate cloud email and backup systems the list 
> could go on, but it importantly it is about diversity.
> 

So are mine. I don’t just provide Tor related services.w

> If one person were to run a hardware rack full of VM's that ALL run tor - 
> that is a prime target for, for example, some spying government or 
> international hacker group. For an admittedly far fetched example, some 
> government can fly in, flash a court warrant to an underpaid security guard 
> and do whatever they want to the rack, and then ALL the tor relays that are 
> hosted there are compromised. Yes thats unlikely to happen but its still a 
> risk.
> 

Who said they all run Tor? You’re just making an assumption here. There’s a 
variety of services that are ran, in fact, I host a high traffic website within 
the same rack; it was the excess capacity from that project that led to the 
donation driven project that is Greypony. The Government can do this anyway, 
and they’ve raided places before, even places that were running operations 
other than Tor at that location. It could be one server or 100 servers, if 
there’s governmental interest, the government will use their means to get into 
that server, It’s not exactly the best example.

> I am interested to hear your opinion on the diversity question of - How does 
> having many relays in one place not damage diversity, even if they are 
> connected to different networks / AS's are are technically controlled by 
> different people.

I’m interested in how that damages any sort of diversity, other than the fact 
that you have a concentrated number of relays in one location, which has been 
going on for a long time, prior to GreyPony putting up high bandwidth relays. 
People only started having concerns when Greypony came along with our high 
bandwidth relays, even though we have significant technical safeguards in place 
to prevent snooping of traffic (especially within our rack) or obtaining any 
discernible data off of the drives, which are encrypted. (Some of our users 
encrypt their data data on top of that as well, so, anyway.) You need to really 
look at the definition of diversity, because it seems according to you, I could 
setup a new datacenter that no existing tor services exist in and that would be 
damaging to Tor’s diversity for some reason…..which a significant amount of 
people would disagree.

> 
> Again I want to point out what you are doing is good - I apologise if I 
> appear to be "trolling" you, I am genuinely interested in learning the 
> technical pro's and con's relating to this topic.

I don’t consider this trolling, but this is the real world. There normally 
isn’t a huge grand conspiracy and someone’s not out there waiting to melt 
processors. It’s all fun to discuss in theory, but in the end, that’s not 
what’s happening in the real world.

Conrad

> 
> Thanks again,
> 
> Gary.
> 
> On Sun, 2 Sep 2018 at 02:26, Conrad Rockenhaus  wrote:
> Ga

Re: [tor-relays] 4 of Conrad Rockenhaus trial servers are in the top ten exit relays for Canada

[Conrad Rockenhaus]

Gary,

It’s bad in the same way it’s bad as the other numerous other exit relays that 
run under the OVH umbrella. I am not my own independent upstream and run my 
servers at a colocation facility at OVH. I also plan on running my servers at a 
colocation facility at another location for AS-diversity purposes but donations 
aren’t enough to cover all of the bills to be honest, but I’m partnering up 
with a fellow Texan and we’ll make sure this nonprofit grows at the rate needed 
to support diversity.

But if you ignore the emails sounding alarm about this or that, you should 
realize - Greypony is no different than Hetzner, OVH, or DigitialOcrean - which 
rank in the top 5 of the Tor relay providers by size and bandwidth, by node 
count, AS, and bandwidth. Someone should ask those providers the exact same 
thing, because they’re setup just like me - I don’t have root access to a 
customer’s server - they don’t have access.

I’m actually a little drop in the big bucket But I’ve been trying to promote 
diversity through the use of other providers.

Thanks,

Conrad

> On Sep 1, 2018, at 6:53 AM, Gary  wrote:
> 
> Conrad,
> 
> I have been following this thread and would be grateful if you could clear up 
> some confusion for me.
> 
> Firstly, I am not 1337 haxorz, I dont have a technical profession. However I 
> do believe in tor and anything that can increase the number of relays is 
> good. You are donating your time and resources freely to tor for the benefit 
> of everyone. You have helped me, others on this list, as well as countless 
> others contribute to the Tor Project.
> 
> All these large relays that you are managing - surely this is bad in terms of 
> AS diversity? One user / network provider shouldn't have a large control over 
> the network.
> 
> My question:
> 
> Is there anyway that these relays can be added to the network in such a way 
> that does not damage diversity?
> 
> Dont get me wrong - I believe in what you do. If these relays are been added 
> without damaging diversity then I apologise for my misunderstanding of the 
> topic.
> 
> Thanks,
> 
> Gary
> 
> On Sat, 1 Sep 2018 at 00:12, Conrad Rockenhaus  wrote:
> Hi teor,
> 
> It seems the criticism originated from one guy (Ralph) and one troll who 
> bravely refuses to identify himself.
> 
> You want me to stop talking about even the cool things we’re accomplishing 
> thing (like pumping lots of ultra fast bandwidth into the community) because 
> of these two, perhaps one yahoos?
> 
> Thanks,
> 
> Conrad
> 
> On Tue, Aug 28, 2018 at 11:37 PM teor  wrote:
> Hi Conrad (and staff and operators),
> 
> > On 28 Aug 2018, at 22:16, Conrad Rockenhaus  wrote:
> >
> >>
> >> On Aug 27, 2018, at 8:02 PM, Jordan  wrote:
> >>
> >>> ...
> >>> The research in this paper 
> >>> (https://www.freehaven.net/anonbib/cache/DBLP:conf/ccs/EdmanS09.pdf) is 
> >>> becoming more relevent and is worth discussing as more ISPs come out with 
> >>> the goal of hosting lots and lots of exit relays.
> >>
> >> ...
> >> I have the utmost belief your intentions are good, but the concentration 
> >> of exits under a non-advertised central control warrants conversation, at 
> >> least.
> >>
> >> If the end goal is turning $ into relays, not all paths are paved with 
> >> equal mind to security and it might be worth considering donation-backed 
> >> alternatives.
> >
> > Actually, Jordan, I appreciate your input, but Greypony is technically 
> > operating as a nonprofit organization right now. We’re completing the 
> > paperwork to be considered an official nonprofit. We allow people to 
> > operate their own relay, on their own HVM instance (which we don’t have 
> > access to) for a donation of $15/month for a basic model A instance.
> >
> > They’re totally separately and independently operated relays. We don’t tell 
> > them how to operate their relays. We provide support, we provide 
> > suggestions, but we don’t operate it for them, we don’t install anything 
> > for them, and we’re completely hands off unless they need support with 
> > something. Our job is to provide the instance and the bandwidth.
> 
> This is the 5th list post in the last few weeks describing Greypony IT's
> services, operators, or relays.
> 
> There have also been several critical posts.
> 
> Please take a break from promoting or criticising Greypony on this list
> until at least October 2018.
> 
> If you feel the need to respond, please use another platform.
> 
> Thanks
> 
> T
> ___
> t

Re: [tor-relays] Policy Question: Tor Exits at Universities, Corporate Networks, etc

[Conrad Rockenhaus]

I know this is an issue of semantics here, but when you say “Tor Exit in Turkey 
censoring access to various access to various websites” you’re kind of putting 
the onus on them directly instead of the repressive anti-free speech regime 
that they are operating the the exit under. Why not be more clear and direct 
with your language and state the “Tor Exit in Turkey that is being actively 
censored by it’s upstream” or the “Tor Exit that is being actively censored by 
an unknown third party” instead of putting the blame on them?

Furthermore, even western countries have limits to what you can access from 
those countries. As others have said - you can’t access torrent sites from the 
UK, heck, you can’t even access EncyclopediaDramatica (certain pages of it 
anyway) from Australia. Should we mark those exits as bad because they can’t 
access certain pages as well?



> On Sep 1, 2018, at 4:56 PM, Nathaniel Suchy  wrote:
> 
> Recently we've been discussing a Tor Exit in Turkey censoring access to 
> various websites.
> 
> It's less to some err, disagreements on what should and should not be 
> allowed. I've seen a few opinions:
> *) It grants an outside view at what Turkey censors
> *) It could push new tor users away
> 
> This leads me to question if it's okay for a Tor Exit to be on a censored 
> network are the following scenarios now allowed?
> *) A Tor Exit behind a Corporate Network and Web Filter
> *) A Tor Exit behind a University Network and Web Filter
> Under the logic with the Turkey exit relay it should be right?
> 
> Cordially,
> Nathaniel
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Lets increase Routing Security for Tor related BGP Prefixes

[Conrad Rockenhaus]

Here’s OVH’s non-response:

Start OVH
Thank you for contacting OVH with regards to BGP hijacking; we apologize for 
the delay in response.

From the current status of discussion on the subject, it appears implementing 
ROA / RPKI is still in development but not a priority; I am afraid at the 
moment we have no information on a possible ETA for it.

The goal would be to eventually implement BGPSec , as ROA / RPKI only verifies 
the origin of an IP address regarding the AS which is announcing it.

At the moment, what we propose to you is to ensure you have ways of detecting 
BGP hijacks on your services; for instance you may search online for "how to 
detect BGP hijacking on my service".

Shall you have any doubts or concerns, please let us know.

For any other questions or concerns, please feel free to contact us through a 
support ticket or through our toll-free line at 1-855-684-5463. We’re here 24/7 
to help you!

We thank you again for choosing OVH,
<<< On Aug 26, 2018, at 10:30 AM, nusenu  wrote:
> 
> Signed PGP part
> 
> 
> Paul Templeton:
>> Ticket number 165858113 created. We will wait for a response and I will post 
>> it.
>> 
>> :-) Paul
> 
> 
> 
> 
>> OVH Ticket Number 6993458396 created.
> 
> 
> thanks appreciated,
> looking forward to the answers.
> 
> 
> 
> 
> --
> https://twitter.com/nusenu_
> https://mastodon.social/@nusenu
> 
> 
> 



signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] 4 of Conrad Rockenhaus trial servers are in the top ten exit relays for Canada

[Conrad Rockenhaus]

Hi teor,

It seems the criticism originated from one guy (Ralph) and one troll who
bravely refuses to identify himself.

You want me to stop talking about even the cool things we’re accomplishing
thing (like pumping lots of ultra fast bandwidth into the community)
because of these two, perhaps one yahoos?

Thanks,

Conrad

On Tue, Aug 28, 2018 at 11:37 PM teor  wrote:

> Hi Conrad (and staff and operators),
>
> > On 28 Aug 2018, at 22:16, Conrad Rockenhaus 
> wrote:
> >
> >>
> >> On Aug 27, 2018, at 8:02 PM, Jordan  wrote:
> >>
> >>> ...
> >>> The research in this paper (
> https://www.freehaven.net/anonbib/cache/DBLP:conf/ccs/EdmanS09.pdf) is
> becoming more relevent and is worth discussing as more ISPs come out with
> the goal of hosting lots and lots of exit relays.
> >>
> >> ...
> >> I have the utmost belief your intentions are good, but the
> concentration of exits under a non-advertised central control warrants
> conversation, at least.
> >>
> >> If the end goal is turning $ into relays, not all paths are paved with
> equal mind to security and it might be worth considering donation-backed
> alternatives.
> >
> > Actually, Jordan, I appreciate your input, but Greypony is technically
> operating as a nonprofit organization right now. We’re completing the
> paperwork to be considered an official nonprofit. We allow people to
> operate their own relay, on their own HVM instance (which we don’t have
> access to) for a donation of $15/month for a basic model A instance.
> >
> > They’re totally separately and independently operated relays. We don’t
> tell them how to operate their relays. We provide support, we provide
> suggestions, but we don’t operate it for them, we don’t install anything
> for them, and we’re completely hands off unless they need support with
> something. Our job is to provide the instance and the bandwidth.
>
> This is the 5th list post in the last few weeks describing Greypony IT's
> services, operators, or relays.
>
> There have also been several critical posts.
>
> Please take a break from promoting or criticising Greypony on this list
> until at least October 2018.
>
> If you feel the need to respond, please use another platform.
>
> Thanks
>
> T
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
-- 
Conrad Rockenhaus
https://www.rockenhaus.com
--
Get started with GreyPony Anonymization Today!
https://www.greyponyit.com
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [tor-talk] Exit in Turkey blocking torproject (komm EA93C), BadExit, Node Subscription Services, Censorship

[Conrad Rockenhaus]

Good God every conversation, now. Anyway.

This exit isn’t bad exit material. Turkey has been known to block Tor though, 
I’m actually proud of this guy for having the cajones (also known as balls to 
those of you who don’t habla espanol) to operate an exit in country such as 
Turkey, which absolutely hates freedom inducing technologies such as Tor. Let’s 
give this guy (or gal) the atto-boy by marking the exit as a bad-exit just 
because stuff gets blocked in autocratic regimes that this operator has no 
control over. None, absolutely none. They screw with the DNS servers over 
there, that’s why during the last uprising they were tagging “8.8.8.8” on the 
walls.

Now they’re doing things a little more sophisticated. Either way, this guy 
gives us a window to see what is blocked and what isn’t blocked within the 
Turkish thunderdome.

-Conrad

> On Aug 30, 2018, at 9:24 PM, Nathaniel Suchy  wrote:
> 
> What if a Tor Bridge blocked connections to the tor network to selective
> client IPs? Would we keep it in BridgeDB because its sometimes useful?
> 
> On Thu, Aug 30, 2018 at 10:02 PM arisbe  wrote:
> 
>> Children should be seen and not herd.  The opposite goes for Tor relays.
>> Arisbe
>> 
>> 
>> On 8/30/2018 2:11 PM, Nathaniel Suchy wrote:
>> 
>> So this exit node is censored by Turkey. That means any site blocked in
>> Turkey is blocked on the exit. What about an exit node in China or Syria or
>> Iraq? They censor, should exits there be allowed? I don't think they
>> should. Make them relay only, (and yes that means no Guard or HSDir flags
>> too) situation A could happen. The odds might not be in your favor. Don't
>> risk that!
>> 
>> Cordially,
>> Nathaniel Suchy
>> 
>> On Thu, Aug 30, 2018 at 3:25 PM grarpamp  wrote:
>> 
>>> This particular case receiving mentions for at least a few months...
>>> D1E99DE1E29E05D79F0EF9E083D18229867EA93C kommissarov 185.125.33.114
>>> 
>>> The relay won't [likely] be badexited because neither it nor its upstream
>>> is
>>> shown to be doing anything malicious. Simple censorship isn't enough.
>>> And except for such limited censorship, the nodes are otherwise fully
>>> useful, and provide a valuable presence inside such regions / networks.
>>> 
>>> Users, in such censoring regimes, that have sucessfully connected
>>> to tor, already have free choice of whatever exits they wish, therefore
>>> such censorship is moot for them.
>>> 
>>> For everyone else, and them, workarounds exist such as,,,
>>> https://onion.torproject.org/
>>> http://yz7lpwfhhzcdyc5y.onion/
>>> search engines, sigs, vpns, mirrors, etc
>>> 
>>> Further, whatever gets added to static exitpolicy's might move out
>>> from underneath them or the censor, the censor may quit, or the exit
>>> may fail to maintain the exitpolicy's. None of which are true
>>> representation
>>> of the net, and are effectively censorship as result of operator action
>>> even though unintentional / delayed.
>>> 
>>> Currently many regimes do limited censorship like this,
>>> so you'd lose all those exits too for no good reason, see...
>>> https://ooni.torproject.org/
>>> 
>>> https://en.wikipedia.org/wiki/Internet_censorship_and_surveillance_by_country
>>> 
>>> And arbitrarily hamper spirits, tactics, and success of volunteer
>>> resistance communities and operators in, and fighting, such regimes
>>> around the world.
>>> 
>>> And if the net goes chaotic, majority of exits will have limited
>>> visibility,
>>> for which exitpolicy / badexit are hardly manageable solutions either,
>>> and would end up footshooting out many partly useful yet needed
>>> exits as well.
>>> 
>>> 
>>> If this situation bothers users, they can use... SIGNAL NEWNYM,
>>> New Identity, or ExcludeExitNodes.
>>> 
>>> They can also create, maintain and publish lists of whatever such
>>> classes of nodes they wish to determine, including various levels
>>> of trust, contactability, verification, ouija, etc... such that others
>>> can subscribe to them and Exclude at will.
>>> They can further publish patches to make tor automatically
>>> read such lists, including some modes that might narrowly exclude
>>> and route stream requests around just those lists of censored
>>> destination:exit pairings.
>>> 
>>> Ref also...
>>> https://metrics.torproject.org/rs.html#search/as:AS197328%20flag:exit
>>> https://metrics.torproject.org/rs

Re: [tor-relays] Individual Operator Exit Probability Threshold

[Conrad Rockenhaus]

The website is old and has been updated. We are providing up do 100 MiB/s now.

Thanks,

Conrad

> On Aug 28, 2018, at 7:16 AM, livak  wrote:
> 
> 10 MiB/s may right for me, but I would try to get
> as much bandwidth as I could, up to the 10% of the
> consensus weight limit criteria.
> 
> Livak
> 
> 
> Sent with ProtonMail Secure Email.
> 
> ‐‐‐ Original Message ‐‐‐
> On August 25, 2018 11:56 PM, Paul Templeton  wrote:
> 
>>> About finding sponsors for high speed exits, it could be nice
>>> to gather ideas.
>> 
>> Can I ask what is a high speed/capacity exit? For me it would be >10MiB/s am 
>> I correct?
>> 
>> Paul
>> 
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Individual Operator Exit Probability Threshold

[Conrad Rockenhaus]

Hi Livak,

Yes, there are compiled tor relay packages for BSD, they exist in packages - 
for FreeBSD is pkg install tor and for OpenBSD it’s pkg_add tor.

For FreeBSD, you’ll want to switch packages from quarterly to latest prior to 
installing tor though.

You may also compile from source - the ports collection is available on each 
instance.

Thanks,

Conrad

> On Aug 28, 2018, at 7:09 AM, livak  wrote:
> 
> Hi Conrad:
> 
> I'm pretty sure I'm taking your offer about the free trial.
> 
> I'm having a question, though:
> 
> I think there are no compiled tor relay packages for BSD,
> so I may compile it on my own, right ?
> 
> Livak
> 
> 
> Sent with ProtonMail Secure Emai



signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] 4 of Conrad Rockenhaus trial servers are in the top ten exit relays for Canada

[Conrad Rockenhaus]

> On Aug 27, 2018, at 8:02 PM, Jordan  wrote:
> 
>> Tor will already avoid making circuits where two IP Addresses in the same 
>> /24 are involved. The research in this paper 
>> (https://www.freehaven.net/anonbib/cache/DBLP:conf/ccs/EdmanS09.pdf) is 
>> becoming more relevent and is worth discussing as more ISPs come out with 
>> the goal of hosting lots and lots of exit relays.
> 
> A valid point, thanks for linking the paper. I have the utmost belief your 
> intentions are good, but the concentration of exits under a non-advertised 
> central control warrants conversation, at least.
> 
> If the end goal is turning $ into relays, not all paths are paved with equal 
> mind to security and it might be worth considering donation-backed 
> alternatives.
> 
> Have a good one,
> 
> --
> Jordan
> https://yui.cat/

Actually, Jordan, I appreciate your input, but Greypony is technically 
operating as a nonprofit organization right now. We’re completing the paperwork 
to be considered an official nonprofit. We allow people to operate their own 
relay, on their own HVM instance (which we don’t have access to) for a donation 
of $15/month for a basic model A instance.

They’re totally separately and independently operated relays. We don’t tell 
them how to operate their relays. We provide support, we provide suggestions, 
but we don’t operate it for them, we don’t install anything for them, and we’re 
completely hands off unless they need support with something. Our job is to 
provide the instance and the bandwidth.

Thank you,

Conrad



signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] 4 of Conrad Rockenhaus trial servers are in the top ten exit relays for Canada

[Conrad Rockenhaus]

The trial period was for 30 days for one server. You were able to try out three 
servers at the same time. WHMCS calculated your trial period at 10 days and 
scheduled your instances for deletion.

You didn’t even give me half of a day before you started acting paranoid that 
your instances were deleted because you didn’t want to pay for the service, 
which wasn’t the case at all, I didn’t even get the chance to look at the 
reason at what happened, or to even correct what happened, before you became 
hateful and became abusive. I decided the best course of action was to just 
disengage because I will not tolerate abuse of myself nor any employee of 
GreyPony.

However, I won’t tolerate slander on the mailing list either. You received 
excellent service during your free trial. You had a custom Gentoo Image, just 
for you, deployed, which you were quite happy with, and now you have the 
audacity to slander Nathaniel’s and I’s work?

Thank you, Have a good day.

> On Aug 27, 2018, at 12:59 PM, Ralph Seichter  wrote:
> 
> On 27.08.18 19:11, zimmer linux wrote:
> 
>> Well done to Conrad - I say. The more, the merrier.
> 
> I disagree. My personal experience with the trial, or more specifically
> with Conrad's behaviour, made it clear to me that he is not the kind of
> person I want to have a business relationship with. The honeymoon phase
> was quickly over after I said I would not rent VMs for the rest of this
> year, and what followed convinced me that I definitely can NOT recommend
> GreyPony IT. Your mileage may vary.
> 
> -Ralph
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Congrats to Nullvoid

[Conrad Rockenhaus]

> On Aug 26, 2018, at 12:43 PM, grarpamp  wrote:
> 
> On 8/26/18, nusenu  wrote:
>> Conrad Rockenhaus:
>>> I just wanted to say congratulations to Nullvoid, who is currently running
>>> the second fastest exit in France in my colo in Europe.
> 
>> allowing port 25 on purpose or accidentally?
> 
> Either way, up to the operator, some do it for the lols.
> 
>>> Also, go FreeBSD!
>> 
>> consider updating that tor version
> 
> Not a problem with FreeBSD.
> 
> Switch over to https and latest...
> 
> /etc/pkg/FreeBSD.conf:
> 
>  url: "pkg+https://pkg.FreeBSD.org/${ABI}/latest;,
> 
> and run 'pkg upgrade' .
> 
> If it's a shared box, you probably also want
> devcpu-data,  and optionally cpupdate.

Luckily, the instances aren’t running on shared boxes, each user runs on their 
own XenServer HVM instance, so they have dedicated control of their own 
instance. What Nullvoid does is basically up to him at this point, but I 
strongly agree with the recommendations that everyone is recommending.

-Conrad



signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Congrats to Nullvoid

[Conrad Rockenhaus]

I just wanted to say congratulations to Nullvoid, who is currently running the 
second fastest exit in France in my colo in Europe.

https://metrics.torproject.org/rs.html#details/51420DFB2047A33803A9A6E456D627937DD6E316

Also, go FreeBSD!

Thanks,

Conrad


signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Individual Operator Exit Probability Threshold

[Conrad Rockenhaus]

> On Aug 25, 2018, at 6:56 PM, Paul Templeton  wrote:
> 
> 
>> About finding sponsors for high speed exits, it could be nice
>> to gather ideas.
> 
> Can I ask what is a high speed/capacity exit? For me it would be >10MiB/s am 
> I correct?
> 
> Paul

I’m not advertising, but I run a nonprofit organization that offers instances 
to run Tor exits that burst up to 1 Gbit/s for $15/month with no caps on data 
transfer and guaranteed bandwidth. One person who runs an exit within this 
group has the fastest exit in Canada at this point. $15/mo is three cups of 
coffee from Starbucks, a meal at a restaurant, or going to a movie. I have been 
told that this is an excessive charge and quite frankly some of the excuses I 
read were ridiculous.

Do people really need to pursue corporate sponsorship when you can get fast 
exits starting at $15/mo? Get three guys to give up a cup of coffee and you 
have an exit. Done.

There’s other organizations as well, but I just brought up my own because, 
well, I know my own pricing the best.

Livak-

Would you like to have a server dedicated just to you? I’m game, I’ll even chip 
in, if you put some skin in the game. I have some conditions:

1)  It has to run a BSD Operating System

2)  No Corporate sponsorship. Corporate Sponsors want governance, which we 
don’t want. A sponsor is never hands off.

3)  You must find some people that are willing to chip in to pay for the 
bandwidth costs of this server. I’m not going to completely sponsor you. I have 
spent enough supporting Tor exits over the past three months.

4)  Over 9000?

Excluding colocation costs, power, and all of that stuff I pay, it’s about 
$85/server, and I’m estimating here, so you’re probably winning in the end. Get 
a couple of people to throw you $10, you throw in a couple of bucks, then bam, 
done. Easy day, mission accomplished, and not in the Bush way either.

Thanks,

Conrad


signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Lets increase Routing Security for Tor related BGP Prefixes

[Conrad Rockenhaus]

OVH Ticket Number 6993458396 created.



signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Individual Operator Exit Probability Threshold

[Conrad Rockenhaus]

> On Aug 25, 2018, at 8:39 AM, livak  wrote:
> 
> Thanks "I",
> 
> About finding sponsors for high speed exits, it could be nice
> to gather ideas.
> On the other side, if someone wants to contact me to develop
> the idea, I'm ready for it.
> 
> Livak
> 
> 
> Sent with ProtonMail Secure Email.
> 

The first thing corporate sponsors always ask when you ask them for money (or 
services in kind), and I know this as I have done nonprofit work in the past 
after I retired from the US Navy, is the following question, paraphrased for 
brevity:

“What skin are you going to have in the game?”

You’re not going to administer a relay for multiple hours each day, how many 
hours are you going to spend fundraising for this project each day, oh and 
you’re running something that has the chance to give us bad publicity anyway 
(to the average user of XYZ Internet Services.)

More times than not, accepting something for donation is more work than just 
purchasing it yourself, or getting a person or two together and pooling your 
money together. Things can be cheaper in the long run, just my $0.02 from 
experience.

I do wish you success in developing this idea though, I really do. Don’t 
consider this me crapping all over your idea, just consider this practical 
experience from me having the door slammed in my face numerous times while 
trying to help inner city youth with technology, a noble goal that still 
resulted in many door slams.

Thanks,

Conrad



signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Yay, Complaints

[Conrad Rockenhaus]

> On Aug 24, 2018, at 3:50 PM, Dave Warren  wrote:
> 
> On 2018-08-23 17:56, Conrad Rockenhaus wrote:
>> This mainly seemed to be an issue of miscommunication - I had one party that 
>> I was in communication with at the beginning who said that this was going to 
>> be a perfectly okay endeavor, equipment gets plugged in, day one passes with 
>> a couple of abuse complaints, no problems. Day two comes around, and a new 
>> guy comes in. That’s when it hit the fan.
> 
> Do you think it was an actual miscommunication, or perhaps just a salesdroid 
> selling something different than they actually offer?
> 

Since I contacted someone in their abuse department, I believe it’s more of the 
lines of miscommunication. Maybe the abuse people are confused :/


signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Yay, Complaints

[Conrad Rockenhaus]

> On Aug 23, 2018, at 6:20 PM, I  wrote:
> 
> When I've met the same attitude I've had some luck by immediately saying they 
> could wipe the hard drive to exterminate all devils, and even give me a 
> different ip address, to show my interest in keeping our relationship going. 
> I told them torrenting is not what tor's for and I want to get rid of them as 
> much as anybody.
> 
> Since they didn't comprehend or listen properly to the longer sensible 
> explanation it was surprising that they liked the simple story.
> 
> Rob
> 

This mainly seemed to be an issue of miscommunication - I had one party that I 
was in communication with at the beginning who said that this was going to be a 
perfectly okay endeavor, equipment gets plugged in, day one passes with a 
couple of abuse complaints, no problems. Day two comes around, and a new guy 
comes in. That’s when it hit the fan.

They listened to reason and that was good enough with me. This gives me a 
chance to repair the relationship to the point where I can eventually open the 
relays back up at some point. In fact, they’ve stated that they don’t care if 
the relays are completely open, they just don’t want to deal with the 
complaints. If Irdeto actually followed emailed me per the ARIN database (like 
the other complaining parties did today), there wouldn’t be any problem. The 
problem lays with the fact that Irdeto has consistently decided to disregard 
the fact that these IPs are reassigned and just emails the upstream, probably 
because they know they would get more of a reaction that way.

Thanks,

Conrad



signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Yay, Complaints

[Conrad Rockenhaus]

It’s located in Denver, but Colin had a good suggestion to have everyone run a 
reduced exit policy for now until things cool down a little, and the provider 
seemed to cool down their stance after I approached them with that idea and 
stated that they just wanted the flood of abuse emails to stop, and even 
suggested that I reach out to the copyright holders and try to get them to 
contact me directly, since the IPs are SWIPped to me and that is the proper 
procedure anyway.

So, the new colo stays alive for now…. I’ll let things cool down for a bit then 
we’ll open the exit policies back up and see where things go from there.

Thanks,

Conrad

> On Aug 23, 2018, at 2:30 PM, Franklin Bynum  wrote:
> 
> Where is your hardware physically located? If it’s in the United States, I 
> can probably help you get your stuff back.
> 
> —
> Franklin Bynum
> Lawyer
> Bynum Law Office
> 708 Main Street
> Houston, Texas 77002
> Dial “713 LAW FIRM”
> +1 713 529-3476
> 
>> On Aug 23, 2018, at 07:51, Conrad Rockenhaus  wrote:
>> 
>> So, new equipment gets plugged into a colo…. I’m a dude that was looking to 
>> increase AS diversity on Tor and well, decided to add a new colo to the mix.
>> 
>> Two exit relays are brought online on properly SWIPed IP addresses. These 
>> exit relays have only been online for about 24 hours.
>> 
>> An organization, known as Irdeto Intelligence, ignores the fact that the IP 
>> addresses are SWIPed and sends abuse complaints to my upstream providers 
>> asking them to straighten me out, because I’m a pox on society because 
>> people are torrenting via Tor. They have sent over 40 emails in the last 12 
>> hours.
>> 
>> Some dude-man, who calls himself a “Network Security Administrator” who 
>> asked me to explain what Tor is……….because he’s a Network Security 
>> Administrator……..has told me that due to the volume of complaints I need to 
>> block the offending applications from their network.
>> 
>> I told him that I spoke with them prior to bringing this stuff online, 
>> explained what Tor was, explained what a Tor exit was, explained that it 
>> will generate complaints, explained the DCMA liability, explained the whole 
>> thing…..and was told that they were okay with it.
>> 
>> I’m sorry for the bitching and moaning…it’s just another case of doing 
>> everything right and now I’m quite worried that they’ll not only pull the 
>> plug, that I’ll have to fight to get my Cisco UCS blade server back (and 
>> other assorted equipment) which is totally not going to be cool.
>> 
>> Conrad
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Yay, Complaints

[Conrad Rockenhaus]

So, new equipment gets plugged into a colo…. I’m a dude that was looking to 
increase AS diversity on Tor and well, decided to add a new colo to the mix.

Two exit relays are brought online on properly SWIPed IP addresses. These exit 
relays have only been online for about 24 hours.

An organization, known as Irdeto Intelligence, ignores the fact that the IP 
addresses are SWIPed and sends abuse complaints to my upstream providers asking 
them to straighten me out, because I’m a pox on society because people are 
torrenting via Tor. They have sent over 40 emails in the last 12 hours.

Some dude-man, who calls himself a “Network Security Administrator” who asked 
me to explain what Tor is……….because he’s a Network Security 
Administrator……..has told me that due to the volume of complaints I need to 
block the offending applications from their network.

I told him that I spoke with them prior to bringing this stuff online, 
explained what Tor was, explained what a Tor exit was, explained that it will 
generate complaints, explained the DCMA liability, explained the whole 
thing…..and was told that they were okay with it.

I’m sorry for the bitching and moaning…it’s just another case of doing 
everything right and now I’m quite worried that they’ll not only pull the plug, 
that I’ll have to fight to get my Cisco UCS blade server back (and other 
assorted equipment) which is totally not going to be cool.

Conrad


signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Interested in running a FreeBSD Relay on Cogent?

[Conrad Rockenhaus]

Would you like to trial a FreeBSD Relay on Cogent until October 1st?

Yes, it has to be FreeBSD, because I use Bhyve as my hypervisor and some of my 
blades don’t support UG, which means, I support FreeBSD only on these series of 
servers.

If you’re interested in a Model “A” (25GB HDD, 1vCPU, 2GB RAM, burstable up to 
1gbit of bandwidth/unlimited transfer) running FreeBSD and would like to try it 
out until October 1st, just send me your Public Key. My hope is you will keep 
it online and hopefully increase the BSD Relay percentage to 7%. After October 
1st its only $15/mo, which is my costs alone.

You don’t have to worry about abuse complaints, I handle that for you. You just 
worry about running your exit and maintaining your OS. I take care of 
everything else.

If you’re interested, send me a public key.

Thanks,

Conrad


signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] public relay stats

[conrad]

We’re still getting the archive together, we have a bunch from July to put up 
still, but we are noticing a trend, of course, of automated DCMAs specifically 
just for torrented copyrighted works.

 

--

Conrad Rockenhaus

Public Key: 
http://www.sks-keyservers.net:11371/pks/lookup?op=get=0x0F72F2B526DAE93F 
<http://www.sks-keyservers.net:11371/pks/lookup?op=get=0x0F72F2B526DAE93F>
 

https://www.rockenhaus.com <https://www.rockenhaus.com> 

--

Get started with GreyPony Anonymization Today!

https://www.greyponyit.com <https://www.greyponyit.com/> 

 

From: tor-relays  On Behalf Of 
Nathaniel Suchy
Sent: Friday, August 10, 2018 4:30 PM
To: tor-relays@lists.torproject.org
Subject: Re: [tor-relays] public relay stats

 

A link to the DMCA Archive for those who want to see them: 
https://github.com/GreyPony/dmca

On Fri, Aug 10, 2018 at 4:38 PM mailto:con...@rockenhaus.com> > wrote:

I'm gathering them for all of the Greypony relays...if you're 
interested in that information, I can give you some charts if you want. I plan 
to start publishing them soon, we're still revamping our website and just 
started publishing all of the DCMAs we receive.

    --
Conrad Rockenhaus
Public Key: 
http://www.sks-keyservers.net:11371/pks/lookup?op=get=0x0F72F2B526DAE93F
https://www.rockenhaus.com
--
Get started with GreyPony Anonymization Today!
https://www.greyponyit.com

-Original Message-
From: tor-relays mailto:tor-relays-boun...@lists.torproject.org> > On Behalf Of nusenu
Sent: Friday, August 10, 2018 3:31 PM
To: tor-relays@lists.torproject.org 
<mailto:tor-relays@lists.torproject.org> 
Subject: [tor-relays] public relay stats

Hi,

if you are publishing traffic/bandwidth stats for your relays, please 
send me a pointer to them (off-list)

thanks,
nusenu


--
https://twitter.com/nusenu_
https://mastodon.social/@nusenu


___
tor-relays mailing list
tor-relays@lists.torproject.org 
<mailto:tor-relays@lists.torproject.org> 
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


pgp93AFuGFvLp.pgp
Description: PGP signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] public relay stats

[conrad]

Just to clarify this, since there's some confusion - by publish, I meant on 
XOA, which requires a username/password to access. It's not a public site. 
Forgive me for not making that clearer.

And yes, the users know these statistics are being gathered, they have 
commented on how pretty the charts are.

Respectfully,

Conrad Rockenhaus

--
Conrad Rockenhaus
Public Key: 
http://www.sks-keyservers.net:11371/pks/lookup?op=get=0x0F72F2B526DAE93F
https://www.rockenhaus.com
--
Get started with GreyPony Anonymization Today!
https://www.greyponyit.com

-Original Message-
From: con...@rockenhaus.com  
Sent: Friday, August 10, 2018 3:38 PM
To: tor-relays@lists.torproject.org
Subject: RE: [tor-relays] public relay stats

I'm gathering them for all of the Greypony relays...if you're interested in 
that information, I can give you some charts if you want. I plan to start 
publishing them soon, we're still revamping our website and just started 
publishing all of the DCMAs we receive.

--
Conrad Rockenhaus
Public Key: 
http://www.sks-keyservers.net:11371/pks/lookup?op=get=0x0F72F2B526DAE93F
https://www.rockenhaus.com
--
Get started with GreyPony Anonymization Today!
https://www.greyponyit.com

-Original Message-
From: tor-relays  On Behalf Of nusenu
Sent: Friday, August 10, 2018 3:31 PM
To: tor-relays@lists.torproject.org
Subject: [tor-relays] public relay stats

Hi,

if you are publishing traffic/bandwidth stats for your relays, please send me a 
pointer to them (off-list)

thanks,
nusenu


--
https://twitter.com/nusenu_
https://mastodon.social/@nusenu



___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] public relay stats

[conrad]

I'm gathering them for all of the Greypony relays...if you're interested in 
that information, I can give you some charts if you want. I plan to start 
publishing them soon, we're still revamping our website and just started 
publishing all of the DCMAs we receive.

--
Conrad Rockenhaus
Public Key: 
http://www.sks-keyservers.net:11371/pks/lookup?op=get=0x0F72F2B526DAE93F
https://www.rockenhaus.com
--
Get started with GreyPony Anonymization Today!
https://www.greyponyit.com

-Original Message-
From: tor-relays  On Behalf Of nusenu
Sent: Friday, August 10, 2018 3:31 PM
To: tor-relays@lists.torproject.org
Subject: [tor-relays] public relay stats

Hi,

if you are publishing traffic/bandwidth stats for your relays, please send me a 
pointer to them (off-list)

thanks,
nusenu


--
https://twitter.com/nusenu_
https://mastodon.social/@nusenu


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Canned Abuse Response

[conrad]

Hello,

I'm just curious, does anyone happen to have a canned abuse response that
contains the safe harbor provisions of the DCMA? I figured I would ask
before I wrote up a really long email.

Thanks,

Conrad

--
Conrad Rockenhaus
Fingerprint: 8049 CDBA C385 C451 3348 776D 0F72 F2B5 26DA E93F
Public Key:
https://pgp.key-server.io/pks/lookup?op=get=0x0F72F2B526DAE93F
https://www.rockenhaus.com
--
Get started with GreyPony Anonymization Today!
https://www.greyponyit.com


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Emails

[conrad]

I'm suddenly without my tor-relays emails and I'm beginning to
withdrawal test 1...2...3?

Thanks,

Conrad

--
Conrad Rockenhaus
Fingerprint: 8049 CDBA C385 C451 3348 776D 0F72 F2B5 26DA E93F
Public Key:
https://pgp.key-server.io/pks/lookup?op=get=0x0F72F2B526DAE93F
https://www.rockenhaus.com
--
Get started with GreyPony Anonymization Today!
https://www.greyponyit.com


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] AS awareness

[conrad]

I did want to note one thing about these big ASes... sure, they may be big 
ASes, but they are still lacking in one major area - Exits.

OVH has almost 4.5 Gbit/s of relay bandwidth available within the AS. However, 
if you search for exits, that rapidly drops to just under 750 mbit/s.

I'm more than positive all of the other big ASes are the same way.

A little off topic, but it just amazes me how much exit capacity these sites 
actually have, but people aren't willing to sign up for services whose TOS 
permits running an exit (or can't afford it), so they run a relay at an overly 
saturated site.

Thanks,

Conrad

--
Conrad Rockenhaus
Fingerprint: 8049 CDBA C385 C451 3348 776D 0F72 F2B5 26DA E93F
Public Key: 
https://pgp.key-server.io/pks/lookup?op=get=0x0F72F2B526DAE93F
https://www.rockenhaus.com
--
Get started with GreyPony Anonymization Today!
https://www.greyponyit.com

-Original Message-
From: tor-relays  On Behalf Of nusenu
Sent: Sunday, July 29, 2018 4:43 PM
To: tor-relays@lists.torproject.org
Subject: Re: [tor-relays] AS awareness



Mirimir:
> On 07/29/2018 02:26 PM, nusenu wrote:
>>>> If I know the relays IP I could give you the probabilities of your 
>>>> relay relaying traffic to others in the same AS (since a relay will 
>>>> usually not be used with others in the same /16 netblock)
>>>
>>> It'd be better for relays to avoid connecting within an AS, right?
>>
>> better according to what metric?
> 
> Risk of coordinated compromise.

that is a very generic and short description



--
https://twitter.com/nusenu_
https://mastodon.social/@nusenu


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Question regarding variables in torrc

[conrad]

Hello All,

I haven't had a chance to experiment with it yet, but can I source a
variable from the tor startup script, let's say the IPv6 address of an
instance, and define that within torrc as follows

ORPort [$Instance_IPv6_ADDR]:443

I'm sure if it's possible it would of already been done. I just wanted to
see if there was an easy fix for simplifying templates for end users.

Thanks,

Conrad

--
Conrad Rockenhaus
Fingerprint: 8049 CDBA C385 C451 3348 776D 0F72 F2B5 26DA E93F
Public Key:
https://pgp.key-server.io/pks/lookup?op=get=0x0F72F2B526DAE93F
https://www.rockenhaus.com
--
Get started with GreyPony Anonymization Today!
https://www.greyponyit.com


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] greyponyit.com free trial report

[Conrad Rockenhaus]

On Friday, July 27, 2018 3:32:28 AM CDT Dmitrii Tcvetkov wrote:
> Since 25.07.2018 I'm running Tor exit relay
> BBF17F784433635FA28E7E585D05FE3B15A31A6B on FreeBSD VPS. Although
> AS16276 is quite crowded, fact that IP address space is SWIPed to Conrad
> Rockenhaus means that I, as relay operator, don't need to deal with a
> torrent of abuse complaints because of usual exit activity. This allows
> to run relay with default exit policy.
> 
> The VPS has OS FreeBSD 11.2 on KVM hypervisor (hypervisor maybe
> different for newer VPS though), storage is ZFS on GPT.
> 
> The relay is too young to reach it's full potential, I may post
> updates in the future.

Thank you for the note. I just wanted to advise that the AS that I'm provising 
new nodes on presently is crowded as my other site isn't ready yet (it's a 
colo so I have to physically ship new equipment there) but my intention is to 
introduce more FreeBSD Exits to Tor, not just ordinary relays. I think we 
could always use a few more exits even in this AS.

The newer infrastructure is Xen based now. So far we've successfully added 
nine FreeBSD Tor Exits in the past few days. I think that's great for OS 
Diversity and for expanding the amount of capacity and overal quaility of 
service we provide to our end users.

Thank you to everyone for your interest and if you are interested in running a 
FreeBSD or even a...Linux Exit relay with a one month trial please don't 
hesitate to let me know.

Finally, I've been asked - what's my motivation here? Honestly, I'm supporting 
the community and the Torproject, and I wish I could do it for free, but I 
have to charge for the cost of hosting+slight overhead. I don't make a profit. 
This project is here because I see a huge gap in high speed exits and want to 
provide the community the opportunity to help. I hope that smooths over any 
questions anyone has.

Conrad 

-- 
Conrad Rockenhaus
https://www.rockenhaus.com
--
Get started with GreyPony Anonymization Today!
https://www.greyponyit.com

signature.asc
Description: This is a digitally signed message part.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Expanded Free Trial For Exit Relays

[Conrad Rockenhaus]

Hello,

One of the guys trying out my services suggested that I offer a free trial to 
those who would like to run Linux Tor Exit Relays or just plain relays or even 
bridges. So I am. I would prefer you would use FreeBSD (Still working on 
OpenBSD) but I'll offer Linux if it helps expand Tor.

So, I'll offer this - 1 vCPU, 2GB RAM, 10GB HDD, 100mbit/unmetered bandwidth. 
Address space is SWIPed to me. I'm still automating things so I don't have a 
nice control panel online yet, should have it by this weekend though.

If you're interested, please email me a public RSA key and I will create an 
instance for you.

Thanks,

Conrad

-- 
Conrad Rockenhaus
https://www.rockenhaus.com
--
Get started with GreyPony Anonymization Today!
https://www.greyponyit.com

signature.asc
Description: This is a digitally signed message part.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Discounts/Free Trials on BSD instances to promote BSD relays?

[Conrad Rockenhaus]

Completely unrelated, but I just realized- why the heck am I using
XenServer or even Xen when I can just use bhyve? Shoot, I just solved most
of my automation issues right there.

I’m not running jails only because I’m promising a complete 100% your own
VM and because I have people asking for OpenBSD. Of course, I could always
offer a jail environment as the freebie for a month package from now on,
except for those I’ve already promised OpenBSD to.

What are thr thoughts on just using HardenedBSD Jails as the free/try BSD
and tor out environment?

Thanks,

Rock

On Fri, Jul 20, 2018 at 2:20 AM Conrad Rockenhaus 
wrote:

> On Thu, Jul 19, 2018 at 5:10 PM, nusenu  wrote:
> >
> >
> > Conrad Rockenhaus:
> >> 1 vCPU
> >> 2 GB RAM
> >> 30 GB Disk
> >> 10 mbit/Unlimited Traffic
> >>
> >> I'll adjust the numbers as I assess demand, I just don't want a
> >> potential high level of interest and have to turn people away. Do
> >> these numbers sound reasonable?
> >
> > maybe increase the bw to ~20 mbps to make guards possible
>
> Ok, that sounds reasonable. Please note, this is for a free
> trial/basic XenU VM. I will make other flavors available.
>
> I will also make sure that these are burstable to a certain extent, I
> don't want to oversubscribe or slow things down.
>
> Thanks,
>
> Conrad
>
> --
> Conrad Rockenhaus
>
> Get started with GreyPony Anonymization Today!
>
> https://www.greyponyit.com
>
-- 
Conrad Rockenhaus
https://www.rockenhaus.com
--
Get started with GreyPony Anonymization Today!
https://www.greyponyit.com
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Discounts/Free Trials on BSD instances to promote BSD relays?

[Conrad Rockenhaus]

On Thu, Jul 19, 2018 at 5:10 PM, nusenu  wrote:
>
>
> Conrad Rockenhaus:
>> 1 vCPU
>> 2 GB RAM
>> 30 GB Disk
>> 10 mbit/Unlimited Traffic
>>
>> I'll adjust the numbers as I assess demand, I just don't want a
>> potential high level of interest and have to turn people away. Do
>> these numbers sound reasonable?
>
> maybe increase the bw to ~20 mbps to make guards possible

Ok, that sounds reasonable. Please note, this is for a free
trial/basic XenU VM. I will make other flavors available.

I will also make sure that these are burstable to a certain extent, I
don't want to oversubscribe or slow things down.

Thanks,

Conrad

-- 
Conrad Rockenhaus

Get started with GreyPony Anonymization Today!

https://www.greyponyit.com
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Discounts/Free Trials on BSD instances to promote BSD relays?

[Conrad Rockenhaus]

On Wed, Jul 18, 2018 at 8:42 PM, I  wrote:

> Conrad,
>
> For diversity I would participate and learn to use BSD to run a relay.
>
> Robert

Robert,

You (and anyone else who's interested) is more than welcome to send me
an email with an RSA public key, along with your choice of OS (FreeBSD
or OpenBSD) and a RSA Public Key for your authorized_keys file, and
once I'm ready to start spinning up instances, which should be
hopefully this weekend if not by Monday, I will email everyone and let
you know what your IP/hostname is. If you have a preferred
hostname.greyponyit.com or hostname.yourdomainname.com please let me
know that as well. I should have that part somewhat automated at some
point as well, just trying to get things off the ground.

Thanks,

Conrad

-- 
Conrad Rockenhaus

Get started with GreyPony Anonymization Today!

https://www.greyponyit.com
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Discounts/Free Trials on BSD instances to promote BSD relays?

[Conrad Rockenhaus]

Thank you for letting me know, I will look into this! I greatly
appreciate the tip.

On Wed, Jul 18, 2018 at 9:03 PM, Alejandro Andreu
 wrote:
> Hi,
>
> For automating the setup please consider using `gibson`[1], an effort made
> by the folks at Emerald Onion to better manage a Tor relay through a set of
> shell scripts. It's still in development, but just as you do, they run
> everything in BSD boxes.
>
> Cheers!
>
> [1]: https://emeraldonion.org/introducing-gibson/
>
>
>
>  Original Message ----
>
> On Jul 19, 2018, 09:34, Conrad Rockenhaus < con...@rockenhaus.com> wrote:
>
>
> Howdy,
>
> So, anyway, I was previously more active, but I decided on a midlife
> career change and was on a training path to become a Physician
> Assistant. Then I was hit by a drunk driver. Now I had to drop out of
> the program for the next year at least, if at all, so I'm going back
> to working IT. That's the sob story.
>
> I like BSD, primarily FreeBSD (please flame me about how my relays
> aren't secure later :P) and like promoting the use of it. I have
> excess capacity on dedicated servers that I personally pay for that
> are used to host portions of a very popular Wiki based Satire/Dark
> Humor website. Some of that capacity is already going to Tor. On the
> servers that have address space SWIPed to me, I would like to resell
> that capacity specifically to host BSD based Tor relays, exits,
> bridges, and hidden services. Right now I'm working on infrastructure
> and a website and trying to somewhat automate things.
>
> The question I would like to ask, and honestly, I'm not trying to
> generate customers, I honestly believe that if a Linux user actually
> logs into a BSD box for the first time and sees the beauty and grace
> that the differences between BSD and Linux are that they would want to
> switch their own personal relay. I'm a firm believer of this. I know
> there's some hardcore Linux fans out there and that's fine, there's a
> legion of BSD fans too :).
>
> To the point - would it be fair to network stability to offer a week
> long free trial to run a tor instance, well, that is if that's what
> the user hopefully runs? Would such a model even have an affect on
> increasing the number of BSD instances we have on Tor presently?
>
> And again, per a suggestion in a previous email chain that I was
> involved in, I setup my ARIN and RIPE ids, and my providers have
> SWIPed the address spaces to me so any and all abuse complaints will
> be coming to me for the address spaces for now on.
>
> Thanks,
>
> Conrad
> _______
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



-- 
Conrad Rockenhaus

Get started with GreyPony Anonymization Today!

https://www.greyponyit.com
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Discounts/Free Trials on BSD instances to promote BSD relays?

[Conrad Rockenhaus]

On Wed, Jul 18, 2018 at 11:10 PM, teor  wrote:
>
>> On 19 Jul 2018, at 11:34, Conrad Rockenhaus  wrote:
>>
>> To the point - would it be fair to network stability to offer a week
>> long free trial to run a tor instance, well, that is if that's what
>> the user hopefully runs? Would such a model even have an affect on
>> increasing the number of BSD instances we have on Tor presently?
>
> Exits typically see some traffic after a week.
>
> It can take guards and middles a few months to get decent traffic.
>
> So maybe a month-long trial would be more rewarding?
>

This sounds pretty reasonable. Right now I'm working on trying to
automate as much as I can with bsd-cloudinit and such as well as
getting the Tax Exempt status paperwork in order, as I'm trying to
pursue this as an opportunity as another avenue about the educational
and security benefits of using BSD systems. I don't expect to turn a
profit...my hope is to break even sometime though.

Anyway, I'm not sure what the level of interest would be, so I figure
I would be very conservative and configure the free trial instances
with the following parameters for now:

1 vCPU
2 GB RAM
30 GB Disk
10 mbit/Unlimited Traffic

I'll adjust the numbers as I assess demand, I just don't want a
potential high level of interest and have to turn people away. Do
these numbers sound reasonable? I have room to work within.

I did a horrible job of creating a web page. I had to use something to
help me as my web page skills stopped at...html, maybe some JS...
people expect pretty these days and I even made the machine that
generates pretty pages generate ugly. That's impressive.

Thanks,

Conrad

-- 
Conrad Rockenhaus

Get started with GreyPony Anonymization Today!

https://www.greyponyit.com
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Discounts/Free Trials on BSD instances to promote BSD relays?

[Conrad Rockenhaus]

Howdy,

So, anyway, I was previously more active, but I decided on a midlife
career change and was on a training path to become a Physician
Assistant. Then I was hit by a drunk driver. Now I had to drop out of
the program for the next year at least, if at all, so I'm going back
to working IT. That's the sob story.

I like BSD, primarily FreeBSD (please flame me about how my relays
aren't secure later :P) and like promoting the use of it. I have
excess capacity on dedicated servers that I personally pay for that
are used to host portions of a very popular Wiki based Satire/Dark
Humor website. Some of that capacity is already going to Tor. On the
servers that have address space SWIPed to me, I would like to resell
that capacity specifically to host BSD based Tor relays, exits,
bridges, and hidden services. Right now I'm working on infrastructure
and a website and trying to somewhat automate things.

The question I would like to ask, and honestly, I'm not trying to
generate customers, I honestly believe that if a Linux user actually
logs into a BSD box for the first time and sees the beauty and grace
that the differences between BSD and Linux are that they would want to
switch their own personal relay. I'm a firm believer of this. I know
there's some hardcore Linux fans out there and that's fine, there's a
legion of BSD fans too :).

To the point - would it be fair to network stability to offer a week
long free trial to run a tor instance, well, that is if that's what
the user hopefully runs? Would such a model even have an affect on
increasing the number of BSD instances we have on Tor presently?

And again, per a suggestion in a previous email chain that I was
involved in, I setup my ARIN and RIPE ids, and my providers have
SWIPed the address spaces to me so any and all abuse complaints will
be coming to me for the address spaces for now on.

Thanks,

Conrad
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question regarding ethical torrent blocking

[Conrad Rockenhaus]

On Sun, Jul 15, 2018 at 2:18 PM, Mirimir  wrote:
>
> I think that you'll find blocking bittorrent to be harder than expected.
> Modern protocols are well-encrypted, and DPI doesn't really touch them.
>

DPI was never even under consideration. I wasn't comfortable calling
it "Free Speech" when I was indeed limiting access to something by
implementing an exit policy. I forgot that the default policy in
itself limits SMTP, and other things and my comfort level increased.

-Conrad
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question regarding ethical torrent blocking

[Conrad Rockenhaus]

On Sun, Jul 15, 2018 at 12:36 PM, Nagaev Boris  wrote:


> I think that modern copyright lays violate non aggression principle,
> which includes free speech.

As I agree, which is why I typically ignored such threats until my
provider started enforcing said threats.

> Rationale. Skip this paragraph if you already agree with the above
> statement. When a person buys a hard drive they become an owner of it.
> Of all its parts, including parts happen to be Fallout 4, The Elder
> Scrolls V, Sweetbitter, and The Evil Within 2. Another person
> establishes a private communication channel between their hard drive
> and the first person's hard drive. The line between them is private,
> hard drives are private property of these two people => any
> intervention of force into this voluntarily interaction is an
> aggression.
>
> If one agrees that copyright laws are incompatible with free speech
> and are immoral, then he has to admit that all solutions including Tor
> are technical, not fundamental. Thus the "quality" of a solution is
> based not on morality but on technical properties (e.g. how much data
> is transmitted, how many people can use it, etc). Free speech
> considerations are not a measure at this point. If to continue
> providing the service the node has to drop some connections is the
> lesser evil to be accepted. You can compare it with treating an
> incurable disease: you can not fix the problem in a right way but you
> can reduce the suffering and increase life time of the patient.
>

Thank you for your very thoughtful answer. I just implemented the
first choice in the ReducedExit policies in my exits to try to block
the bittorrent threat from taking service away from everyone else.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question regarding ethical torrent blocking

[Conrad Rockenhaus]

Hello,

> Tor is designed in such a way that you can separately decide whether or
> not you want to contribute to the network, and also whether or not you
> are willing to deal with abuse notices. This is configured via exit
> policies.

I never said that, I asked if people felt it was ethical to still
consider themselves contributing to "Full Free Speech" by running the
default exit policy then to start deviating from the default exit
policy and blocking items such as access to bittorrent. Basically, my
concern is I see a legitimate use of bittorrent, which is why I never
blocked it on my exits. Now I'm being forced to. I'm asking if other
people view themselves as "Full Free Speech" still or are we starting
to arbitrate free speech?


> If abuse is threatening the continued running of your relay, then you
> should take action to avoid not having a relay anymore.

I am, but I'm in an ethical quandary. Do I like watching scat porn?
No, but I'll defend your right to the death to watch it.


> There is a page on the wiki about various reduced exit policies that
> will reduce the amount of abuse notices your relay may attract:

Again, we can answer the technical questions all day long, but it's
not answering my true question here.

>
> https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy
>
> Exit policies are the way to configure this. Please do not try to filter
> specific uses of a protocol using DPI. Application-level
> filtering/firewalls is a good way to get the BadExit flag.

Never thought of doing it that way. I do business by the book, what
I'm questioning is am I right to call myself a Defender of the Faith
by the book or should I try fighting this or what?

Thanks,

Conrad
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Question regarding ethical torrent blocking

[Conrad Rockenhaus]

Hello,

I was going to ask someone off-list, but the amount of abuse and DCMA
complaints I have received now have been so much that I have decided that
the best action to take is to set an exit policy. I run a couple of exit
nodes and I have people apparently using them to torrent, which we ask
people politely not to do through Torbut the policy gets ignored I
guess. Anyway, I'm receiving a sufficient amount of complaints to where I'm
worried that my service may be terminated unless I take action, which would
affect the greater good.

So the question is - I run the default exit policy. I don't like being the
arbiter of what goes through and what doesn't. Is it okay, ethically, from
a free speech standpoint, to reach this point to where we say "we need to
block this content from transversing my node" in response to legal
complaints from others? Are others implementing these blocks and do you
feel that such a block doesn't violate any ethical norm to provide
uncensored access to the Internet?

I'm just curious on what thoughts on this are. I know how to technically
perform the block, I guess I feel like we're one of the last bastions
against censorship on the Internet and people do torrent legitimate stuff.
I don't consider pirating Fallout 4, The Elder Scrolls V, Sweetbitter, and
The Evil Within 2 to be protected speech FYI... my worry is just blocking
the legitimate uses of bittorrent.

Thanks,

Conrad Rockenhaus
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Alternative hoster (Re: DigitalOcean bandwidth billing changes)

[conrad]

Hello,

In reference to this issue, I am willing to provide an alternative
solution that doesn't rely on thge big 3 remaining providers that are
over saturated ASNs within the network, however, I would like to gauge
how many people would be generally interested in such an endeavor
before I go out and execute on it.

So before I invest in the hardware for a nonprofit "collective" of
sorts at my friendly downtown colo facility, I would like to get an
idea of how many people are interested in this, because then I could do
some formulations to determine what to offer to break even. Easy Peasy.

Please respond to my personal email and not to the list. Thank you.

Rock

On Wed, 2018-04-25 at 16:55 +0200, Ralph Seichter wrote:
> On 25.04.18 16:48, Tobias Sachs wrote:
> 
> > The interesting thing about Hetzer is that only outgoing traffic is
> > counted towards the billing.
> 
> D.O. does the same. Still, $0.01 per extra GB is theft in my book.
> 
> > https://twitter.com/Knight1/status/988868691868749825
> 
> Unfortunately I beat your stats by quite a margin. :-P
> 
> -Ralph
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] FreeBSD 11.1 ZFS Tor Image

[Conrad Rockenhaus]

On 03/03/2018 04:27 AM, Moritz Bartl wrote:
> On 03.03.2018 07:11, Roger Dingledine wrote:
>> Apparently the link from my blog post, to
>> https://trac.torproject.org/projects/tor/wiki/doc/TorExitGuidelines
>> no longer has any mention pro or con disk encryption. I wonder if that
>> was intentionally removed by the torservers.net folks (maybe they have
>> even changed their mind on the advice?), or if it just fell out because
>> it's a wiki.
> I added the recommendation for "no disk encryption" back then, and it
> wasn't me who removed it.
>
> My own opinion has changed slightly: My general advice would still be to
> not do disk encryption, to reduce the amount of hassle and allow easier
> 'audits'. For additional protection, you better move the relay keys to a
> RAM disk.
>
> However, in our case, we don't really care how long they keep the
> machines for analysis, and we do not reuse hardware that was seized (it
> goes back into the provider pool, so some other customer might be in for
> a surprise...). In that case, a relay operator may decide to use disk
> encryption for integrity reasons: They at least have to ask you for the
> decryption key and cannot silently copy content or easily manipulate the
> file system.
>
Personally, I think entire disk encryption just to protect the keys is
way too much of a hassle. I completely agree with your solution - place
the keys in a ramdisk, that's actually a great idea. I'll put that into
what I'm building up right now.

Regards,

Conrad Rockenhaus


0x424F4C61.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Running a relay at home

[Conrad Rockenhaus]

On Friday, March 2, 2018 2:22:00 PM CST George wrote:
> Matthew Finkel:
> > On Fri, Mar 02, 2018 at 03:01:31PM -0500, Roger Dingledine wrote:
> >> On Fri, Mar 02, 2018 at 07:42:11PM +, Matthew Finkel wrote:
> >>> Are you running this relay at your home? If yes, then that is not
> >>> recommended, but
> >> 
> >> For the record, it's running *exit* relays at home that is not
> >> recommended. Running non-exit relays at home is typically fine -- the
> >> most likely problems are that some overzealous blacklist will put your
> >> IP address on their list, making some websites not work so well for you
> >> if you also use that IP address for your own traffic. Some of these
> >> overzealous blacklists are just being stupid, because they don't
> >> understand about exit policies:
> >> https://www.torproject.org/docs/faq#ExitPolicies
> >> but others of them are intentionally trying to harm people who are
> >> trying to support Tor:
> >> http://paulgraham.com/spamhausblacklist.html
> > 
> > Just for the record, this is exactly why I don't recommend it from my
> > exerience. I lost access to my bank's website (plus some other sites)
> > for a while because I did this. It's must less risky running a non-exit
> > than running an exit, but there may be unintended side effects that make
> > the experience less fun overall for the operator.
> 
> +1 on that.
> 
> With the direction things are moving (. . .), I tend to think avoiding
> the possibility of residential IPs being blacklisted is a smart move.
> Run a bridge at home, and install a pluggable transport.
> 
> I was first aware of non-exit Tor IPs being blacklisted by a bank
> several years ago in Latin America... in a country which, at that point,
> had few relays.
> 
> It's good node operator practices IMHO.  Being blacklisted on a
> residential connection is a bad gateway into the relay operator club.
> 
> g

Other than running a bridge at home, if you would like to run a relay or exit, 
there are many VPS providers or even present Relay operators that operate 
their own private clouds that will be more than willing to let you run tor on 
a VPS or VM for a small monthly fee.

Also, once I'm done with the final stage of a project I'm working on,, several 
of us on this list are going to start working on the reboot of the AWS relay 
project, which takes advantage of the AWS free tier rules. You could look into 
running a relay on AWS and making sure your relay only runs within the free 
tier rules, but make sure you only run a relay on AWS and not an exit.

Regards,

Conrad


signature.asc
Description: This is a digitally signed message part.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] FreeBSD 11.1 ZFS Tor Image

[Conrad Rockenhaus]

On Wednesday, February 28, 2018 6:46:00 PM CST George wrote:
> Vinícius Zavam:
> > 2018-02-25 21:23 GMT+00:00 Conrad Rockenhaus <con...@rockenhaus.com>:
> >> On Sunday, February 25, 2018 3:05:00 PM CST George wrote:
> >>> Conrad Rockenhaus:
> >>>> Hello All,
> >>>> 
> >>>> If anyone is interested, I have a RAW image of a FreeBSD 11.1 ZFS
> > 
> > image
> > 
> >>>> that is fully configured and ready to run Tor. Right now it's an
> > 
> > eight GB
> > 
> >>>> image, but I'm reducing the size by removing all of the extra stuff
> > 
> > on it
> > 
> >>>> from the upgrade from FreeBSD 11 to 11.1.
> >>> 
> >>> I think it's great to ease the implementation of Tor relays,
> >>> particularly on BSDs.
> >> 
> >> My main thought process behind trying to ease the implementation of BSD
> > 
> > relays
> > 
> >> is the fact that we should diversify what we have online within the
> > 
> > network.
> > 
> >> Most of our nodes are Linux. What if we have another vulnerability that
> > 
> > comes
> > 
> >> out that hits Linux specifically again?
> >> 
> >>> However, I'd be wary of an image that I didn't build myself, personally.
> >> 
> >> That's your opinion. The AWS relay project was very successful. Numerous
> >> people ran an image that they didn't build. Numerous people also run
> > 
> > Docker
> > 
> >> containers that they didn't build. Numerous people run Vagrant boxes they
> >> didn't build. You have the right to be weary, but there's numerous people
> > 
> > out
> > 
> >> there who run other people's images everyday.
> >> 
> >>>> If you're interested in the image let me know. This image has been
> > 
> > fully
> > 
> >>>> tested on OVH's Openstack infrastructure, so if you're interested in
> >>>> running it on their infrastructure, let me know and I can walk you
> >>>> through it, or you're more than welcome to host is within my cloud at
> >>>> cost (it's a low monthly rate and unlimited bandwidth).
> >>> 
> >>> Another issue is that OVH is over relied upon for public nodes. It's the
> >>> leading ASN with almost 15%.
> >> 
> >> They're one of the few providers out there that allow exits. That's why
> > 
> > 15% of
> > 
> >> our exits are on OVH.
> >> 
> >>> https://torbsd.org/oostats/relays-bw-by-asn.txt
> >>> 
> >>> OTOH, I do think we (in particular BSD people) need to facilitate the
> >>> implementation of BSD relays, including for VPS services for those
> >>> looking to test the waters.
> >> 
> >> I completely agree.
> > 
> > I wonder if people hosting Tor relays in any sort of VPS are doing
> > filesystem encryption.
> > 
> >>> The TDP wiki has a list of other BSD-offering VPSs, plus a script for
> >>> Vultur to build on OpenBSD. I tend to think using other people's scripts
> >>> that can be reviewed and hacked is a better gateway for new relay
> >>> operators than images.
> > 
> > you can combine the FreeBSD jails feature with your idea.
> > plus, do not share many Tor instances on the same machine/server/jail.
> 
> Actually, that raises a side point...
> 
> FreeBSD jails are usually viewed as a tool to create full system with
> the glorious addition of root.
> 
> But they can also be used to build minimal chroot-looking systems, in
> that they can be deliciously small, yet incredibly secure, especially
> compared to chroot.
> 
> FreeBSD jails started as a simple http hosting solution a long while
> back, very much a "unorthodox solution to a traditional problem." But
> they have a utility that gets confused when they are considered
> just-another-virtualization alternative to delude users into thinking
> they have full system control.
> 
> 
> 
> g

We could always make it more fun and throw FreeBSD/Docker on top of the mess:

https://wiki.freebsd.org/Docker

I was looking at Jails before, but I ruled it out because I'm looking at this 
project from the level of I'm running a VM on a OpenStack/VMware, or AWS 
infrastructure as a small VM dedicated to just Tor.

So the who VM is dedicated to just Tor. So, basically instead of virtualizing  
an environment already running in a virtual machine dedicated to the task of 
running that run task, I figured just keep things on the VM.

Of course, I may be looking at that wrong, but I think that would be the best 
option to weigh all of the factors that go into the project.

Conrad


signature.asc
Description: This is a digitally signed message part.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] FreeBSD 11.1 ZFS Tor Image

[Conrad Rockenhaus]

On Monday, February 26, 2018 11:24:37 AM CST Vinícius Zavam wrote:
> 2018-02-25 21:23 GMT+00:00 Conrad Rockenhaus <con...@rockenhaus.com>:
> > On Sunday, February 25, 2018 3:05:00 PM CST George wrote:
> > > Conrad Rockenhaus:
> > > > Hello All,
> > > > 
> > > > If anyone is interested, I have a RAW image of a FreeBSD 11.1 ZFS
> 
> image
> 
> > > > that is fully configured and ready to run Tor. Right now it's an
> 
> eight GB
> 
> > > > image, but I'm reducing the size by removing all of the extra stuff
> 
> on it
> 
> > > > from the upgrade from FreeBSD 11 to 11.1.
> > > 
> > > I think it's great to ease the implementation of Tor relays,
> > > particularly on BSDs.
> > 
> > My main thought process behind trying to ease the implementation of BSD
> 
> relays
> 
> > is the fact that we should diversify what we have online within the
> 
> network.
> 
> > Most of our nodes are Linux. What if we have another vulnerability that
> 
> comes
> 
> > out that hits Linux specifically again?
> > 
> > > However, I'd be wary of an image that I didn't build myself, personally.
> > 
> > That's your opinion. The AWS relay project was very successful. Numerous
> > people ran an image that they didn't build. Numerous people also run
> 
> Docker
> 
> > containers that they didn't build. Numerous people run Vagrant boxes they
> > didn't build. You have the right to be weary, but there's numerous people
> 
> out
> 
> > there who run other people's images everyday.
> > 
> > > > If you're interested in the image let me know. This image has been
> 
> fully
> 
> > > > tested on OVH's Openstack infrastructure, so if you're interested in
> > > > running it on their infrastructure, let me know and I can walk you
> > > > through it, or you're more than welcome to host is within my cloud at
> > > > cost (it's a low monthly rate and unlimited bandwidth).
> > > 
> > > Another issue is that OVH is over relied upon for public nodes. It's the
> > > leading ASN with almost 15%.
> > 
> > They're one of the few providers out there that allow exits. That's why
> 
> 15% of
> 
> > our exits are on OVH.
> > 
> > > https://torbsd.org/oostats/relays-bw-by-asn.txt
> > > 
> > > OTOH, I do think we (in particular BSD people) need to facilitate the
> > > implementation of BSD relays, including for VPS services for those
> > > looking to test the waters.
> > 
> > I completely agree.
> 
> I wonder if people hosting Tor relays in any sort of VPS are doing
> filesystem encryption.

I can tell you on OVH, a basic level VPS (one for $5.00/mo) is not encrypted. 
If a customer is willing to spend $7.00/mo more for an additional partition, 
they will be able to have storage to encrypt the the Tor relay information at 
rest.

On the Cloud side, you encrypt the primary volume, so all storage is encrypted 
at rest. 

I can't speak of any of the other providers that provide BSD VPSes or BSD 
Cloud Instances.

> 
> > > The TDP wiki has a list of other BSD-offering VPSs, plus a script for
> > > Vultur to build on OpenBSD. I tend to think using other people's scripts
> > > that can be reviewed and hacked is a better gateway for new relay
> > > operators than images.
> 
> you can combine the FreeBSD jails feature with your idea.
> plus, do not share many Tor instances on the same machine/server/jail.

What my plan is to utilize the official FreeBSD Virtual Machine Images from 
their site and build on top of them with my Ansible Scripts. I should 
hopefully have a beta released next week that we can start hacking on.

> 
> > It would actually be very easy to find tampering within a BSD operating
> 
> system.
> 
> > Again, you're welcome to your opinion, but this is no the first time an
> 
> image
> 
> > has been offered to assist people within in the network, and again, with
> 
> your
> 
> > view, let's get rid of the tor docker containers, the AWS AMIs, etc.
> > 
> > Regards,
> > 
> > Conrad
> > 
> > > http://wiki.torbsd.org/doku.php?id=en:bsd-vps
> > > 
> > > g
> 
> --
> Vinícius Zavam
> keybase.io/egypcio/key.asc



signature.asc
Description: This is a digitally signed message part.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Tor Relay Setup

[Conrad Rockenhaus]

You're currently not measured, per atlas it's been only 12 hours since this 
node has been online. It takes about three days to get a nominal measurement. 
I had a node on a 200mbps connection sit at 0bps for two days straight, then 
it finally had some movement in the evening of day three. I would wait at least 
another day and a half before worrying about this issue because it does take 
some time for the bandwidth measurements to complete.

Please also review: https://blog.torproject.org/lifecycle-new-relay

Regards,

Conrad

On Sunday, February 25, 2018 4:49:00 PM CST Gabe D. wrote:
> https://metrics.torproject.org/rs.html#details/53CDD268FAD52B0236A4E7F478425
> 9A41C6E3414
> 
> 
> 
> ‐‐‐ Original Message ‐‐‐
> 
> On 24 February 2018 5:59 PM, s7r <s...@sky-ip.org> wrote:
> > Gabe D. wrote:
> > > Feb 24 10:45:08.668 \[notice\] Tor 0.3.2.9 (git-64a719dd25a21acb)
> > > running on Linux with Libevent 2.0.19-stable, OpenSSL 1.0.1t, Zlib
> > > 1.2.7, Liblzma N/A, and Libzstd N/A.
> > > 
> > > Feb 24 10:45:08.668 \[notice\] Tor can't help you if you use it wrong!
> > > Learn how to be safe at https://www.torproject.org/downl
> > > oad/download#warning
> > > 
> > > Feb 24 10:45:08.668 \[notice\] Read configuration file "/etc/tor/torrc".
> > > 
> > > Feb 24 10:45:08.671 \[notice\] Based on detected system memory,
> > > MaxMemInQueues is set to 2891 MB. You can override this by sett ing
> > > MaxMemInQueues by hand.
> > > 
> > > Feb 24 10:45:08.671 \[notice\] Scheduler type KIST has been enabled.
> > > 
> > > Feb 24 10:45:08.671 \[notice\] Opening Socks listener on 127.0.0.1:9050
> > > 
> > > Feb 24 10:45:08.671 \[notice\] Opening Control listener on
> > > 127.0.0.1:9051
> > > 
> > > Feb 24 10:45:08.671 \[notice\] Opening OR listener on 0.0.0.0:9001
> > > 
> > > Feb 24 10:45:08.671 \[notice\] Opening Directory listener on 0.0.0.0:80
> > > 
> > > Feb 24 10:45:08.000 \[notice\] Not disabling debugger attaching for
> > > unprivileged users.
> > > 
> > > Feb 24 10:45:08.000 \[notice\] Parsing GEOIP IPv4 file
> > > /usr/share/tor/geoip.
> > > 
> > > Feb 24 10:45:08.000 \[notice\] Parsing GEOIP IPv6 file
> > > /usr/share/tor/geoip6.
> > > 
> > > Feb 24 10:45:08.000 \[notice\] Configured to measure statistics. Look
> > > for the *-stats files that will first be written to the d ata directory
> > > in 24 hours from now.
> > > 
> > > Feb 24 10:45:08.000 \[warn\] You are running Tor as root. You don't need
> > > to, and you probably shouldn't.
> > > 
> > > Feb 24 10:45:08.000 \[notice\] Your Tor server's identity key
> > > fingerprint is '123'
> > > 
> > > Feb 24 10:45:08.000 \[notice\] Bootstrapped 0%: Starting
> > > 
> > > Feb 24 10:45:09.000 \[notice\] Starting with guard context "default"
> > > 
> > > Feb 24 10:45:09.000 \[notice\] Bootstrapped 80%: Connecting to the Tor
> > > network
> > > 
> > > Feb 24 10:45:10.000 \[notice\] Bootstrapped 85%: Finishing handshake
> > > with first hop
> > > 
> > > Feb 24 10:45:11.000 \[notice\] Bootstrapped 90%: Establishing a Tor
> > > circuit
> > > 
> > > Feb 24 10:45:12.000 \[notice\] Tor has successfully opened a circuit.
> > > Looks like client functionality is working.
> > > 
> > > Feb 24 10:45:12.000 \[notice\] Bootstrapped 100%: Done
> > > 
> > > Feb 24 10:45:12.000 \[notice\] Now checking whether ORPort ***:9001 and
> > > DirPort ***:80 are reachable... (th is may take up to 20 minutes --
> > > look for log messages indicating success)
> > > 
> > > Feb 24 10:45:13.000 \[notice\] Self-testing indicates your DirPort is
> > > reachable from the outside. Excellent.
> > > 
> > > Feb 24 10:45:13.000 \[notice\] Self-testing indicates your ORPort is
> > > reachable from the outside. Excellent. Publishing server d escriptor.
> > > 
> > > Feb 24 10:45:14.000 \[notice\] Performing bandwidth self-test...done.
> > 
> > You need to give us the IP address of the relay so that one can check if
> > 
> > the ORPort is reachable. It should be, since that is indicated in the
> > 
> > log messages but doesn't hurt to check.
> > 
> > It takes some time until you can see it on atlas / relay search, it's
> > 
> > not instant. Give it up to 24 hours. You will see it earlier here (but
> > 
> > not instantly under any c

Re: [tor-relays] FreeBSD 11.1 ZFS Tor Image

[Conrad Rockenhaus]

On Sunday, February 25, 2018 11:13:12 PM CST grarpamp wrote:
> On Sun, Feb 25, 2018 at 4:05 PM, George  wrote:
> > However, I'd be wary of an image that I didn't build myself, personally.
> 
> Yes, especially of image without source [script]
> (not to diminish such work).
> 
> FreeBSD is largely reproducible these days,
> OpenBSD maybe not yet (you'd have to test it).
> 
> In general, if anyone wants to offer an image,
> they really should also be posting the latest release
> from the vendor, then a diff script that recreates
> the image, including overlay network bits, etc.
> To the user, it's the same choice as using a prebuilt
> binary, or the sourcecode.
> 
> That routes around any remaining reproducibility
> issues in the base OS.
> 
> FreeBSD and OpenBSD are trivial to install a
> well outfitted box by script. And if you can't
> script it, you're not doing it right, try again.
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

I'm more than willing to offer source :D, but I'm just going to make it a 
script only project instead based on what seems to be the consensus opinion. 
I'm just going to clean up some small things now that could be automated that 
I was doing by hand prior to releasing it for review/comments.


signature.asc
Description: This is a digitally signed message part.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] FreeBSD 11.1 ZFS Tor Image

[Conrad Rockenhaus]

On Sunday, February 25, 2018 4:03:30 PM CST Jordan wrote:
> >> Another issue is that OVH is over relied upon for public nodes. It's the
> >> leading ASN with almost 15%.
> > 
> > They're one of the few providers out there that allow exits. That's why
> > 15% of our exits are on OVH.
> 
> For what it's worth, my entire OVH account was terminated as a result of
> hosting an exit on their VPS line, citing "hosting a proxy" as grounds
> for termination. They're slow to act on abuse (if you reply with *any*
> response it satisfies their automated system until a human looks at it),
> but they do not explicitly support Tor when it comes to VPS's.

That clause is in the TOS for the VPS services but it's not in the TOS for the 
OpenStack Public/Private cloud services. Of course, You're paying more than 
$4.99/mo to run an OpenStack instance to run a Tor node.


signature.asc
Description: This is a digitally signed message part.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] FreeBSD 11.1 ZFS Tor Image

[Conrad Rockenhaus]

George,

I'm sorry, I didn't take your points as accusatory at all. I apologize if I 
came across that way. You had valid points, and after everyone on the mailing 
list pouncing me about these points, I can completely understand now that 
providing an image for production use is a bad idea. I know I've just started 
with the project, and I still have quite a bit to learn, so I apologize for 
offending anyone and stepping on any toes. 

Anyway, I know the BSD/Linux relay counts are totally skewed to Linux, which 
is why I converted all five of my exits to FreeBSD. Hopefully that helps a 
little.

Thanks,

Conrad

On Sunday, February 25, 2018 4:03:00 PM CST George wrote:
> Conrad Rockenhaus:
> > On Sunday, February 25, 2018 3:05:00 PM CST George wrote:
> >> Conrad Rockenhaus:
> >>> Hello All,
> >>> 
> >>> If anyone is interested, I have a RAW image of a FreeBSD 11.1 ZFS image
> >>> that is fully configured and ready to run Tor. Right now it's an eight
> >>> GB
> >>> image, but I'm reducing the size by removing all of the extra stuff on
> >>> it
> >>> from the upgrade from FreeBSD 11 to 11.1.
> >> 
> >> I think it's great to ease the implementation of Tor relays,
> >> particularly on BSDs.
> > 
> > My main thought process behind trying to ease the implementation of BSD
> > relays is the fact that we should diversify what we have online within
> > the network. Most of our nodes are Linux. What if we have another
> > vulnerability that comes out that hits Linux specifically again?
> 
> Oh, absolutely. Completely valid and the reason for The Tor BSD
> Diversity Project's existence.
> 
> It's even uglier with bridges than with public relays.  Our stats give
> daily snapshots to back your point:
> 
> https://torbsd.org/oostats.html
> 
> >> However, I'd be wary of an image that I didn't build myself, personally.
> > 
> > That's your opinion. The AWS relay project was very successful. Numerous
> > people ran an image that they didn't build. Numerous people also run
> > Docker
> > containers that they didn't build. Numerous people run Vagrant boxes they
> > didn't build. You have the right to be weary, but there's numerous people
> > out there who run other people's images everyday.
> 
> Yes, being wary should be a guiding principle IMHO.
> 
> I'm aware of the other image-based roll-outs, but I just wanted to add a
> disclaiming comment.
> 
> Personally, I'm purely for bare-metal server solutions to minimize
> (although it doesn't eliminate) external trust. I understand that images
> from whatever method are a gateway, but caution is compulsory.
> 
> >>> If you're interested in the image let me know. This image has been fully
> >>> tested on OVH's Openstack infrastructure, so if you're interested in
> >>> running it on their infrastructure, let me know and I can walk you
> >>> through it, or you're more than welcome to host is within my cloud at
> >>> cost (it's a low monthly rate and unlimited bandwidth).
> >> 
> >> Another issue is that OVH is over relied upon for public nodes. It's the
> >> leading ASN with almost 15%.
> > 
> > They're one of the few providers out there that allow exits. That's why
> > 15% of our exits are on OVH.
> 
> Yes, of course. However, you refer to the lack of diversity in operating
> systems, but monocultures in providers/ASNs is another danger we should
> be conscious of.
> 
> >> https://torbsd.org/oostats/relays-bw-by-asn.txt
> >> 
> >> OTOH, I do think we (in particular BSD people) need to facilitate the
> >> implementation of BSD relays, including for VPS services for those
> >> looking to test the waters.
> > 
> > I completely agree.
> > 
> >> The TDP wiki has a list of other BSD-offering VPSs, plus a script for
> >> Vultur to build on OpenBSD. I tend to think using other people's scripts
> >> that can be reviewed and hacked is a better gateway for new relay
> >> operators than images.
> > 
> > It would actually be very easy to find tampering within a BSD operating
> > system. Again, you're welcome to your opinion, but this is no the first
> > time an image has been offered to assist people within in the network,
> > and again, with your view, let's get rid of the tor docker containers,
> > the AWS AMIs, etc.
> All hardware, all operating systems can be tampered with.  From network
> cards to your shell.  That is an accepted reality.
> 
> IMHO think virtualization in the current trend is dangerous and should
> be avoided, from clouds to

Re: [tor-relays] FreeBSD 11.1 ZFS Tor Image

[Conrad Rockenhaus]

Wow, I didn't expect my friendly gesture to start another debate, but the 
reasoning behind offering this image was mainly for people who were operating 
on OpenStack clouds who wanted to upload the image to their infrastructure 
using glance and start things up quickly. I'm more than willing to provide the 
ansible scripts I use to initially spin things up, once I clean things up 
since there's still some manual things that can be automated.

I'll just consider this idea dead in the water. That being said:

On Sunday, February 25, 2018 3:50:44 PM CST Shawn Webb wrote:
> On Sun, Feb 25, 2018 at 09:05:00PM +, George wrote:
> > Conrad Rockenhaus:
> > > Hello All,
> > > 
> > > If anyone is interested, I have a RAW image of a FreeBSD 11.1 ZFS image
> > > that is fully configured and ready to run Tor. Right now it's an eight
> > > GB image, but I'm reducing the size by removing all of the extra stuff
> > > on it from the upgrade from FreeBSD 11 to 11.1.
> > 
> > I think it's great to ease the implementation of Tor relays,
> > particularly on BSDs.
> > 
> > However, I'd be wary of an image that I didn't build myself, personally.
> 
> I agree with that sentiment. I would rather Tor relay operators set up
> their systems themselves so that they know how that system is
> configured.
> 
> I would also suggest users run operating systems that specialize in
> security, like OpenBSD or HardenedBSD. Running Tor on FreeBSD opens
> the door to mass exploitation via copy and paste style exploits. I
> would caution against such setups. Tor has a very unique threat
> landscape and the security of the relay should be of upmost
> importance.

I'll be honest, I have never heard of a copy and paste style exploit. What is 
it? Could you provide me a link with info about it, because I run several 
FreeBSD instances and if I have a ticking timebomb on my hands, I need to fix 
it.

> 
> > The TDP wiki has a list of other BSD-offering VPSs, plus a script for
> > Vultur to build on OpenBSD. I tend to think using other people's scripts
> > that can be reviewed and hacked is a better gateway for new relay
> > operators than images.
> 
> Agreed. Not only does the Tor network need to be diversified with
> regards to operating system, but it also needs to be diversified with
> regards to hosting providers. Tor needs to be resilient against any
> and all attacks.
> 
> Thanks,

Thanks,

Conrad

signature.asc
Description: This is a digitally signed message part.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] FreeBSD 11.1 ZFS Tor Image

[Conrad Rockenhaus]

On Sunday, February 25, 2018 3:05:00 PM CST George wrote:
> Conrad Rockenhaus:
> > Hello All,
> > 
> > If anyone is interested, I have a RAW image of a FreeBSD 11.1 ZFS image
> > that is fully configured and ready to run Tor. Right now it's an eight GB
> > image, but I'm reducing the size by removing all of the extra stuff on it
> > from the upgrade from FreeBSD 11 to 11.1.
> 
> I think it's great to ease the implementation of Tor relays,
> particularly on BSDs.

My main thought process behind trying to ease the implementation of BSD relays 
is the fact that we should diversify what we have online within the network. 
Most of our nodes are Linux. What if we have another vulnerability that comes 
out that hits Linux specifically again?

> 
> However, I'd be wary of an image that I didn't build myself, personally.
> 
That's your opinion. The AWS relay project was very successful. Numerous 
people ran an image that they didn't build. Numerous people also run Docker 
containers that they didn't build. Numerous people run Vagrant boxes they 
didn't build. You have the right to be weary, but there's numerous people out 
there who run other people's images everyday.

> > If you're interested in the image let me know. This image has been fully
> > tested on OVH's Openstack infrastructure, so if you're interested in
> > running it on their infrastructure, let me know and I can walk you
> > through it, or you're more than welcome to host is within my cloud at
> > cost (it's a low monthly rate and unlimited bandwidth).
> 
> Another issue is that OVH is over relied upon for public nodes. It's the
> leading ASN with almost 15%.

They're one of the few providers out there that allow exits. That's why 15% of 
our exits are on OVH.

> 
> https://torbsd.org/oostats/relays-bw-by-asn.txt
> 
> OTOH, I do think we (in particular BSD people) need to facilitate the
> implementation of BSD relays, including for VPS services for those
> looking to test the waters.

I completely agree.

> 
> The TDP wiki has a list of other BSD-offering VPSs, plus a script for
> Vultur to build on OpenBSD. I tend to think using other people's scripts
> that can be reviewed and hacked is a better gateway for new relay
> operators than images.

It would actually be very easy to find tampering within a BSD operating system. 
Again, you're welcome to your opinion, but this is no the first time an image 
has been offered to assist people within in the network, and again, with your 
view, let's get rid of the tor docker containers, the AWS AMIs, etc.

Regards,

Conrad

> 
> http://wiki.torbsd.org/doku.php?id=en:bsd-vps
> 
> g



signature.asc
Description: This is a digitally signed message part.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] FreeBSD 11.1 ZFS Tor Image

[Conrad Rockenhaus]

On Sunday, February 25, 2018 2:59:38 PM CST TorGate wrote:
> i am iterrested :-)
> have you a ovm or harddiskimage ?

Right now it's a RAW image, but it can be converted to whatever format you 
need with QEMU-image... I just converted it to VDI right now to start nuking 
the /usr/src stuff.



> 
> regards Steffen
> TorGate
> torgate(at)linux-hus.dk
> OpenGPG 7FD5 65EF A4EF EEF3 7A13  4372 8409 49D6 01A2 0890
> 
> > Am 25.02.2018 um 21:50 schrieb Conrad Rockenhaus <con...@rockenhaus.com>:
> > 
> > Hello All,
> > 
> > If anyone is interested, I have a RAW image of a FreeBSD 11.1 ZFS image
> > that is fully configured and ready to run Tor. Right now it's an eight GB
> > image, but I'm reducing the size by removing all of the extra stuff on it
> > from the upgrade from FreeBSD 11 to 11.1.
> > 
> > If you're interested in the image let me know. This image has been fully
> > tested on OVH's Openstack infrastructure, so if you're interested in
> > running it on their infrastructure, let me know and I can walk you
> > through it, or you're more than welcome to host is within my cloud at
> > cost (it's a low monthly rate and unlimited bandwidth).
> > 
> > Regards,
> > 
> > Conrad Rockenhaus___
> > tor-relays mailing list
> > tor-relays@lists.torproject.org
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



signature.asc
Description: This is a digitally signed message part.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] FreeBSD 11.1 ZFS Tor Image

[Conrad Rockenhaus]

Hello All,

If anyone is interested, I have a RAW image of a FreeBSD 11.1 ZFS image that 
is fully configured and ready to run Tor. Right now it's an eight GB image, but 
I'm reducing the size by removing all of the extra stuff on it from the 
upgrade from FreeBSD 11 to 11.1.

If you're interested in the image let me know. This image has been fully 
tested on OVH's Openstack infrastructure, so if you're interested in running 
it on their infrastructure, let me know and I can walk you through it, or 
you're more than welcome to host is within my cloud at cost (it's a low 
monthly rate and unlimited bandwidth).

Regards,

Conrad Rockenhaus

signature.asc
Description: This is a digitally signed message part.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Tor Relay Setup

[Conrad Rockenhaus]

Ok, so you’re going to censor your IP address even though it’s getting 
broadcasted worldwide through not only the atlas search engine, but the Tor 
network itself. 

If you run a relay, expect to have your IP address broadcasted. In addition, if 
you run a relay, expect that that some way to contact you is associated with 
that IP address. We give up our anonymity so others may have it.

Conrad Rockenhaus
(254) 292-3350

On Feb 24, 2018, at 3:03 PM, teor <teor2...@gmail.com> wrote:

>>> Feb 24 10:45:08.000 [warn] You are running Tor as root. You don't need to, 
>>> and you probably shouldn't.
> 
> 
> You should set the User option to an unprivileged user in your torrc.
> 
>> On 25 Feb 2018, at 04:59, s7r <s...@sky-ip.org> wrote:
>> 
>> The IP addresses of all relays in the network are public and not
>> considered sensible information, but I can see a possibility where you
>> don't want a certain IP address tied to the email you are posting here
>> with, so it's up to you to decide but you can go to a port checking
>> website (google it) and check the relay IP address ORPort if open or not.
> 
> From the log messages, it seems like the ORPort and DirPort are
> reachable from at least a few relays. But they need to be reachable all
> over the world.
> 
>> If yes, wait for 24 hours and check back on relay search.
> 
> Relay search appears to be down right now.
> 
> T
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] torservers are not rechable

[Conrad Rockenhaus]

Ok, I’m sorry but I’m trying to make sense of this,,,

You start Tor, and then your server IP changes after a certain uptime, the DNS 
changes with it. So what’s the issue with accessing it if the DNS changes with 
it? Do you have to use the IP address explicitly?

Thanks,

Conrad

> On Feb 11, 2018, at 9:24 AM, TorGate <torg...@linux-hus.dk> wrote:
> 
> Hi to all,
> i have started my servers again and changed the wan ip adress.
> But the servers have the old ip after uptime of 2 times.
> Can i update manualy the wan ips ?
> The dns names are changed to the new ipadresses.
> 
> regards Steffen
> TorGate
> torgate(at)linux-hus.dk <http://linux-hus.dk/>
> 
> 
> 
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question regarding exit sizing

[Conrad Rockenhaus]

The 500 Mbps instance would either be one of my private servers in my co-lo, or 
a dedicated server in one of my private cloud hosting locations. With both 
contacts, bandwidth costs aren’t an issue, but if one big instance would work I 
would put it on the same hardware that I am running a server that averages 
about 700+ mbps consistently.  The small servers that I’m hitting 100 mbps on, 
I’m just getting low cost VPSes for since….they do the job and they do the job 
well, they’re guaranteed a minimum of 100mbps bandwidth to the first tier 1 hop 
and Atlas shows them consistently used at that level, so I’m happy.

I mainly wanted to give back big to the community because Tor gave me the idea 
for my latest free for personal/charge for business use idea that I’m going to 
roll out soon (I’ll gladly send y’all a link, as I think it’s something that 
would be very useful).

I haven’t noticed any bad measurements…the three relays I run now, well, one 
just started this week so we can throw that one out for now, but the other two  
are showing 12.55 MiB/s and 12.28 MiB/s, and I’m guaranteed 100 mbps, so I’m 
doing pretty well on those two. Since the priority is exit nodes, I’ll probably 
add two more exit nodes in Canada, leaving four exits, and one relay there.

But I do get your points, and the more I do think about it, it would be better 
to just spread it all out, so I guess whenever I start spinning up nodes in 
Europe I’ll just use VPSes. One other thing I forgot to realize is I’m seeing a 
steady increase in the amount of DDoS attacks on my exits as of late. My 
provider tries to mitigate them as much as possible, but it’s annoying for the 
end users going through the node and it’s annoying for the people who are 
getting affected by the DDoS. Putting everything on one big box is just 
screaming “Here, attack me right here plz, kthx."




> On Feb 10, 2018, at 1:44 AM, tor  wrote:
> 
>> What scenario is better for the network - adding five 100mbps nodes, or one 
>> 500 mbps node?
> 
> 
> Are we talking bare metal or VPS? A VPS will probably bottleneck on RAM or 
> CPU before hitting 500 Mpbs.
> 
> Bare metal would stand a chance with the right hardware and tuning, but I 
> wouldn't assume you'll hit 500 Mbps on any given node.
> 
> Due to the nature of the bandwidth measurements, physical location matters 
> too. You're at the mercy of Tor's bandwidth authorities and in my experience, 
> the further away from Europe, the worse your measurements will be, and so 
> again you may not hit 500 Mbps.
> 
> Basically, you shouldn't assume that whatever bandwidth you plan for and 
> advertise will come your way. 
> 
> I think you'd have better luck with 5x 100 Mbps nodes, or maybe 3x 200 Mbps 
> nodes. You can also run 2 relays per IP.
> 
> There are advantages to spreading out the load (like redundancy). I also 
> think Tor's bandwidth measurements and consensus weights are fickle, and some 
> of the variables are out of your control (what else is going on in your rack, 
> datacenter, upstream, etc.). You could use ansible-relayor to turn up a bunch 
> of nodes, wait to see which ones are the most performant, and then keep the 
> best ones. That's what I would do. :)
> 
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Question regarding exit sizing

[Conrad Rockenhaus]

Hello,

I have a question regarding relay sizing to add additional nodes to the network.

What scenario is better for the network - adding five 100mbps nodes, or one 500 
mbps node? Let’s keep it easy and say all five of those 100 mbps nodes would be 
in the same datacenter, configured in the same configuration, etc.

I’m just curious, because I”m getting ready to add a few more nodes, but I’m 
wondering if it’ll be better to go big, or just stay small.

Thanks,

Conrad Rockenhaus
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Exit Relay Up

[Conrad Rockenhaus]

Hello All,

I just brought up my third relay, ConradsOVHRelay03, as an exit. I appreciate 
the feedback that everyone provided me with before and I hope that this relay 
is configured perfectly. I’m glad to add more bandwidth to the cause.

Thanks,

Conrad
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] What's the priority right now?

[Conrad Rockenhaus]

I’m ready to get node #3 up right now…so what’s the priority for high speed 
nodes right now, exits or relays? Just wanted to know before I brought it 
online.

This one is based in the great land of Canada :D.

Thanks,

Conrad
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Question about downtime

[Conrad Rockenhaus]

Hello,

Note - to others that have sent me emails about a proposed project, I will 
respond, I’m sorry I just got caught up in a huge emergency project.

Anyway, I had a quick question, on the relay side I run ConradsOVHRelay01 
(Relay) and ConradsOVHRelay02 (Exit). They’re running on CentOS, so I have to 
manually install the latest version of tor to keep up with the security 
updates. 

I am considering migrating to Ubuntu or Debian to make the update process 
simpler. To avoid downtime, would it be better to spin up two more boxes and 
migrate or would bringing them down for maintenance be acceptable? I would like 
to avoid downtime personally, as they’re stable, fast relays.

I’m just looking for thoughts and ideas.

Thanks,

Conrad
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] first impression with 0.3.2.8-rcant a fast exit relay

[Conrad Rockenhaus]

I just brought a 0.3.2.8 relay online at OVH, ConradsOVHRelay, 
A5C6D2EBCCA77D0B09364DD6B75FEC817AF977FA. For some reason Atlas says the 
bandwidth is 0, but I have it set to 625. I guess we’ll see how it does later.

Conrad


> On Dec 22, 2017, at 8:48 AM, David Goulet <dgou...@torproject.org> wrote:
> 
> On 22 Dec (00:20:38), Toralf Förster wrote:
>> With 0.3.2.7-rc the command
>>  /usr/sbin/iftop -B -i eth0 -P -N -n -m 320M
>> showed every then and when (few times in a hour) for 10-20 sec a traffic 
>> value of nearly 0 bytes for the short-term period (the left of the 3 values).
>> Usuaally I do poberve between 6 and 26 MByte/sec.
>> With the Tor version from today now the outage is about 1-2 sec, but does 
>> still occur.
> 
> Not sure I fully understand here what you mean. For 1 to 2 sec  you see
> 0 bytes of outbound traffic :| ?
> 
> Doing the same on my fast non-Exit relay (~20MB/s) on the latest 0.3.2, I'm
> always capped both ways on the connection.
> 
> This systematic delay really sounds more on the kernel side of things.
> 
> Are you on BSD or Linux?
> 
> Thanks!
> David
> 
>> Not sure, if this is an expected behaviour or a local problem.
>> 
>> -- 
>> Toralf
>> PGP C4EACDDE 0076E94E
>> 
> 
> 
> 
> 
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> 
> -- 
> DMdcRweJVXVbzthX2gDiX2OwwF5dP4HgkREJLd+rUJM=
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] IPv6 Issue with Relay

[Conrad Rockenhaus]

Thank you. It’s always the small things, huh? :D

Conrad

> On Dec 21, 2017, at 6:12 PM, teor <teor2...@gmail.com> wrote:
> 
> 
>> On 22 Dec 2017, at 09:13, Conrad Rockenhaus <con...@rockenhaus.com> wrote:
>> 
>>>> I’ve confirmed that the following entries are in torrc:
>>>> 
>>>> ORPort 9001
>>>> ORPort [2600:1f14:ede:d601:e107:1a4b:ba3:803]:9001
>>>> IPv6Exit 1
>>> ...
>>> Also, you have set IPv6Exit, but Relay Search says:
>>> 
>>> IPv6 Exit Policy Summary
>>> reject
>>> 1-65535
>>> 
>> 
>> Exactly. If I have torrc set to the defaults, what’s going on here?
> 
> You did not set "IPv6Exit 1" in the torrc you attached to your last
> email.
> 
> I opened this ticket so we include IPv6Exit in the torrc templates:
> https://trac.torproject.org/projects/tor/ticket/24703
> 
> T
> 
> --
> Tim Wilson-Brown (teor)
> 
> teor2345 at gmail dot com
> PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
> ricochet:ekmygaiu4rzgsk6n
> xmpp: teor at torproject dot org
> 
> 
> 
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] IPv6 Issue with Relay

[Conrad Rockenhaus]

On Dec 21, 2017, at 3:01 AM, teor <teor2...@gmail.com> wrote:On 21 Dec 2017, at 16:33, Conrad Rockenhaus <con...@rockenhaus.com> wrote:Hello,One of the relays that I brought online yesterday, ConradsAWSExit (Hash 1B47E33F9D422CC97BD2DDA1F082BFF2FC58E79A) is showing up on Atlas that the IPv6 OR is unreachable.The other relay is working just fine with IPv6.I’ve confirmed that the following entries are in torrc:ORPort 9001ORPort [2600:1f14:ede:d601:e107:1a4b:ba3:803]:9001IPv6Exit 1Are these the only ORPort entries in your torrc?Have you restarted or HUP'd the relay since you last edited the torrc?Yes sir, I did. I see Atlas now shows that IPv6 is reachable, but the exit policy is rejecting everything. I have the reject policy in the torrc set to the defaults (I have all of the exit policies in torrc commented out).Just to confirm, here’s the output from ifconfig, that is the IP:inet6 2600:1f14:ede:d601:e107:1a4b:ba3:803  prefixlen 64  scopeid 0x0This is what Relay Search (Atlas) says:Unreachable OR Addresses[2600:1f14:ede:d601:72c2:a87d:960d:c334]:9001The last 8 bytes of the address your relay is advertising,are not the same as the address on your machine.Also, you have set IPv6Exit, but Relay Search says:IPv6 Exit Policy Summaryreject1-65535Exactly. If I have torrc set to the defaults, what’s going on here?Relay Search data is usually up to 2.5 hours behind, but it can lag more.Please copy and paste the notice-level Tor logs that mention your ORPort,DirPort, and Exit settings, so we can see what Tor is actually doing.Dec 20 21:24:17.937 [warn] Tor is running as an exit relay with the default exit policy. If you did not want this behavior, please set the ExitRelay option to 0. If you do want to run an exit Relay, please set the ExitRelay option to 1 to disable this warning, and for forward compatibility.Dec 20 21:24:17.937 [warn] In a future version of Tor, ExitRelay 0 may become the default when no ExitPolicy is given.Dec 20 21:24:17.937 [notice] Opening OR listener on 0.0.0.0:9001Dec 20 21:24:17.937 [notice] Opening OR listener on [2600:1f14:ede:d601:72c2:a87d:960d:c334]:9001Dec 20 21:24:17.938 [notice] Opening Directory listener on 0.0.0.0:9030I have confirmed that all of the applicable Security Group rules are configured correctly:Custom TCP RuleTCP90010.0.0.0/0ORPortCustom TCP RuleTCP9001::/0ORPortCustom TCP RuleTCP90300.0.0.0/0DIRPortCustom TCP RuleTCP9030::/0DIRPortBy the way, there are no IPv6 DirPorts :-)I know that now from reading the docs, I removed that rule :DPlus, I have confirmed with a telnet -6 to port 9001 from both my house and my servers at OVH in Canada that I’m able to connect to port 9001 via the IPv6 address on this node.What are the exact commands you used?This shows that the relay is listening on whatever IPv6 address and portyou checked, but it doesn't show which IPv6 address the relay isadvertising.I just checked if it was listening with a telnet -6  9001, but this is a non-issue now since atlas shows it reachable.So, my question is…what could I be missing here that is causing atlas to say that IPv6 is unreachable? I’ve been looking into this through the day and would like to kind of close it out, got a bunch of emails to catch up on hehe :D, so any input would be appreciated.There are a few more detailed troubleshooting things we can try,like checking consensus health and the exact content of yourrelay's descriptor and the authorities' votes.If the above steps don't help, I'm happy to go through them later,when I'm using a more capable device.My main issue now is trying to fix the issue with the default exit policy - the logs say I’m running the defaults, yet all IPv6 traffic is getting blocked. I’ve looked over the documentation and I’ve done what it says. What am I doing wrong?Just for further troubleshooting, I attached this exit’s torrc file.Thanks,Rock

torrc
Description: Binary data
T___tor-relays mailing listtor-relays@lists.torproject.orghttps://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] IPv6 Issue with Relay

[Conrad Rockenhaus]

Hello,

One of the relays that I brought online yesterday, ConradsAWSExit (Hash 
1B47E33F9D422CC97BD2DDA1F082BFF2FC58E79A) is showing up on Atlas that the IPv6 
OR is unreachable.

The other relay is working just fine with IPv6.

I’ve confirmed that the following entries are in torrc:

ORPort 9001
ORPort [2600:1f14:ede:d601:e107:1a4b:ba3:803]:9001
IPv6Exit 1

Just to confirm, here’s the output from ifconfig, that is the IP:

inet6 2600:1f14:ede:d601:e107:1a4b:ba3:803  prefixlen 64  scopeid 0x0

I have confirmed that all of the applicable Security Group rules are configured 
correctly:

Custom TCP Rule
TCP
9001
0.0.0.0/0
ORPort
Custom TCP Rule
TCP
9001
::/0
ORPort
Custom TCP Rule
TCP
9030
0.0.0.0/0
DIRPort
Custom TCP Rule
TCP
9030
::/0
DIRPort

Plus, I have confirmed with a telnet -6 to port 9001 from both my house and my 
servers at OVH in Canada that I’m able to connect to port 9001 via the IPv6 
address on this node.

So, my question is…what could I be missing here that is causing atlas to say 
that IPv6 is unreachable? I’ve been looking into this through the day and would 
like to kind of close it out, got a bunch of emails to catch up on hehe :D, so 
any input would be appreciated.

Thanks,

Conrad
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New Relay Online/Working on AWS Cloud Torproject

[Conrad Rockenhaus]

Hello,

ConradsAWSRelay was started back up on a new AWS instance running Amazon Linux 
and it’s hash is now 9F7F05699131E1E2A22F70B83E8CBB4671F5FEE2. I have upgraded 
to Tor 0.3.1.9…. I had issues with getting the libevent development header 
dependencies resolved on Amazon Linux so I just compiled it on Red Hat and 
brought it over. More than likely I overlooked something and caused a cascade 
of failures from there, anyway, it’s up.

Additionally, I brought up ConradsAWSExit, 
1B47E33F9D422CC97BD2DDA1F082BFF2FC58E79A, to help out with that area. I may 
bandwidth limit this one depending on load,  I will have to wait and see how 
much traffic it gets since I don’t have unlimited $$$ to allocate to my new 
hobby :).

If someone could take another look and provide me any feedback/constructive 
criticism about these two nodes, I would greatly appreciate it.

Thank you for everyone’s advise! I also appreciate the input regarding the 
revitalization of the Cloud project again. Another person has also volunteered 
to assist in the project so hopefully things should start moving here pretty 
soon!

Thanks,

Conrad

> On Dec 19, 2017, at 9:02 PM, Conrad Rockenhaus <con...@rockenhaus.com> wrote:
> 
> 
> 
>> On Dec 19, 2017, at 8:55 PM, teor <teor2...@gmail.com 
>> <mailto:teor2...@gmail.com>> wrote:
>> 
>> 
>> On 20 Dec 2017, at 13:28, Conrad Rockenhaus <con...@rockenhaus.com 
>> <mailto:con...@rockenhaus.com>> wrote:
>> 
>>> Howdy,
>>> 
>>> Early this morning (3 AM CST) I brought a non-exit relay named 
>>> “ConradsAWSRelay” online. I would appreciate it if someone would take an 
>>> objective look at it to see if the relay is fast enough and bringing useful 
>>> services to the tor network.
>> 
>> Please upgrade your relay to the latest Tor version:
>> https://lists.torproject.org/pipermail/tor-announce/2017-December/000147.html
>>  
>> <https://lists.torproject.org/pipermail/tor-announce/2017-December/000147.html>
>> 
> 
> I noticed this when I started it up. It appears that the version of Tor on 
> EPEL is out of date. I’ll build it out of source to fix it. I’ll probably 
> have to do that for the Cloud solution as well since the lifecycle of EPEL is 
> normally behind. I’ll fix this now.
> 
>> Your relay might take a few weeks to be used:
>> https://blog.torproject.org/lifecycle-new-relay 
>> <https://blog.torproject.org/lifecycle-new-relay>
> I completely forgot about that. Thank you for reminding me :D.
> 
>> 
>>> Additionally, I know that people have been working on ansible solutions 
>>> regarding the installation of tor and what not, but that being said, I’m 
>>> working on an AWS specific solution to replace the previous Cloud 
>>> torproject that we had years ago. I will keep everyone in the loop, but I 
>>> think its time that we have a cloud specific solution for rolling out tor.
>> 
>> Thanks!
>> It would be great to have this again.
> 
> I’m making progress and will advise all when I hit certain points so I can 
> get feedback. I would like this new solution to have significant community 
> input so I have all of my i’s dotted and my t’s crossed.
> 
> Thanks,
> 
> Conrad
> 
>> 
>> T
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org <mailto:tor-relays@lists.torproject.org>
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New Relay Online/Working on AWS Cloud Torproject

[Conrad Rockenhaus]

> On Dec 19, 2017, at 8:55 PM, teor <teor2...@gmail.com> wrote:
> 
> 
> On 20 Dec 2017, at 13:28, Conrad Rockenhaus <con...@rockenhaus.com 
> <mailto:con...@rockenhaus.com>> wrote:
> 
>> Howdy,
>> 
>> Early this morning (3 AM CST) I brought a non-exit relay named 
>> “ConradsAWSRelay” online. I would appreciate it if someone would take an 
>> objective look at it to see if the relay is fast enough and bringing useful 
>> services to the tor network.
> 
> Please upgrade your relay to the latest Tor version:
> https://lists.torproject.org/pipermail/tor-announce/2017-December/000147.html 
> <https://lists.torproject.org/pipermail/tor-announce/2017-December/000147.html>
> 

I noticed this when I started it up. It appears that the version of Tor on EPEL 
is out of date. I’ll build it out of source to fix it. I’ll probably have to do 
that for the Cloud solution as well since the lifecycle of EPEL is normally 
behind. I’ll fix this now.

> Your relay might take a few weeks to be used:
> https://blog.torproject.org/lifecycle-new-relay 
> <https://blog.torproject.org/lifecycle-new-relay>
I completely forgot about that. Thank you for reminding me :D.

> 
>> Additionally, I know that people have been working on ansible solutions 
>> regarding the installation of tor and what not, but that being said, I’m 
>> working on an AWS specific solution to replace the previous Cloud torproject 
>> that we had years ago. I will keep everyone in the loop, but I think its 
>> time that we have a cloud specific solution for rolling out tor.
> 
> Thanks!
> It would be great to have this again.

I’m making progress and will advise all when I hit certain points so I can get 
feedback. I would like this new solution to have significant community input so 
I have all of my i’s dotted and my t’s crossed.

Thanks,

Conrad

> 
> T
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] New Relay Online/Working on AWS Cloud Torproject

[Conrad Rockenhaus]

Howdy,

Early this morning (3 AM CST) I brought a non-exit relay named 
“ConradsAWSRelay” online. I would appreciate it if someone would take an 
objective look at it to see if the relay is fast enough and bringing useful 
services to the tor network.

Additionally, I know that people have been working on ansible solutions 
regarding the installation of tor and what not, but that being said, I’m 
working on an AWS specific solution to replace the previous Cloud torproject 
that we had years ago. I will keep everyone in the loop, but I think its time 
that we have a cloud specific solution for rolling out tor.

Thanks,

Conrad Rockenhaus
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Relay / Bridge

[Conrad Rockenhaus]

I built a new EC2 bridge at US East (NOVA) due to the fact that the
one at California was published as a public relay.  I apologize for
the error Roger.

On an unrelated note, has there been any success in expanding the Tor
cloud project to other cloud service providers?  Is there anyway to
volunteer to try to help out, if there's a willingness to expand it to
other providers?  Thanks.

--Rock

On Tue, Dec 10, 2013 at 4:37 PM, Conrad Rockenhaus
con...@rockenhaus.com wrote:
 I apologize for the delay in responding, getting ready to move to
 Texas, but anyway.  My original intention was to run one EC2 as a
 public relay and another as a bridge, subject to bandwidth throttling,
 however, after thinking about it for about a day (I saw your email
 last night) I realized that a bridge that is bandwidth throttling
 might be more useful than a public relay that is bandwidth throttling.

 So I'll fix it this evening, unless there's a reason not to.

 Thanks.

 On Sun, Dec 8, 2013 at 1:39 PM, Roger Dingledine a...@mit.edu wrote:
 On Sun, Dec 01, 2013 at 10:32:09PM +0100, Sebastian Urbach wrote:
 Your system is now lsted:

 ec2bridgerocks001

 https://atlas.torproject.org/#details/50855F45464DBE84E917B0ED74E2144E785BA024

 It appears that you're running a *relay* on EC2?

 With a nickname implying that you think it's a bridge?

 Making it a public relay might be more expensive than you are expecting.

 Did you have to reconfigure it manually to be a public relay, or was
 this an easy-to-make accident?

 --Roger

 ___
 tor-relays mailing list
 tor-relays@lists.torproject.org
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



 --
 Conrad Rockenhaus

 http://www.rockenhaus.com/
 http://www.lagparty.org/~conradr/



-- 
Conrad Rockenhaus

http://www.rockenhaus.com/
http://www.lagparty.org/~conradr/
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Relay / Bridge

[Conrad Rockenhaus]

I apologize for the delay in responding, getting ready to move to
Texas, but anyway.  My original intention was to run one EC2 as a
public relay and another as a bridge, subject to bandwidth throttling,
however, after thinking about it for about a day (I saw your email
last night) I realized that a bridge that is bandwidth throttling
might be more useful than a public relay that is bandwidth throttling.

So I'll fix it this evening, unless there's a reason not to.

Thanks.

On Sun, Dec 8, 2013 at 1:39 PM, Roger Dingledine a...@mit.edu wrote:
 On Sun, Dec 01, 2013 at 10:32:09PM +0100, Sebastian Urbach wrote:
 Your system is now lsted:

 ec2bridgerocks001

 https://atlas.torproject.org/#details/50855F45464DBE84E917B0ED74E2144E785BA024

 It appears that you're running a *relay* on EC2?

 With a nickname implying that you think it's a bridge?

 Making it a public relay might be more expensive than you are expecting.

 Did you have to reconfigure it manually to be a public relay, or was
 this an easy-to-make accident?

 --Roger

 ___
 tor-relays mailing list
 tor-relays@lists.torproject.org
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



-- 
Conrad Rockenhaus

http://www.rockenhaus.com/
http://www.lagparty.org/~conradr/
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Newly configured relay questions

[Conrad Rockenhaus]

Sir,

That was it.  Didn't even check it when I brought it online, I figured
the EC2 image just had setup the defaults for a non-exit relay.  I'll
be more vigilant next time and avoid assumptions.

--Conradrock

On Sat, Nov 30, 2013 at 5:23 PM, Roger Dingledine a...@mit.edu wrote:
 On Sat, Nov 30, 2013 at 02:22:55PM -0500, Conrad Rockenhaus wrote:
 I brought a new non-exit relay online:

 ec2bridgerocks001 D06C B145 56C1 F73A F317 B555 C279 2F7B 105C 95B4

 It's been operational for 6 days now, Tor has been reporting bandwidth
 usage, but when I try to look for it in the TorStatus page, it's not
 listed.  I'm operating this relay on EC2 and I've opened all the usual
 ports.

 It sounds very much like you're running a bridge relay, not a public
 relay:
 https://www.torproject.org/docs/bridges
 https://www.torproject.org/docs/faq#RelayOrBridge

 I've also checked the Tor metric portal, can't find it there either.

 So, I'm wondering - is there something I missed in the configuration?
 The torrc is pretty much the default EC2 one.

 Thank you I appreciate any thoughts/assistance.

 It's probably the 'bridgerelay 1' in your torrc that is doing it.

 That said, running a public relay on EC2 is quite expensive, since
 Amazon's prices for bandwidth are not competitive.

 --Roger

 ___
 tor-relays mailing list
 tor-relays@lists.torproject.org
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



-- 
Conrad Rockenhaus

http://www.rockenhaus.com/
http://www.lagparty.org/~conradr/
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Localized TOR exit notices?

[Conrad Hoffmann]

Hi all,

I recently decided I should run a TOR exit node. I am new to the list
and still in the process of setting things up.

One thing I noticed is that the TOR exit notice [1] contains a
US-specific section (it even says so in the comments). Is there a
resource anywhere as to how this paragraph might look in other countries?

I am located in Germany for example, and I suppose a short mention of
the TMG [2], specifically § 8 and § 15 would be suitable replacement for
the above mentioned paragraph.

I guess that even if not in the git repo, at least a collection in the
wiki might be a neat idea? Or did I just not find it?

Cheers and thanks for any hints,
Conrad

[1]
https://gitweb.torproject.org/tor.git/blob/HEAD:/contrib/tor-exit-notice.html
[2] http://www.gesetze-im-internet.de/tmg/index.html (in german)



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays