Re: [tor-relays] "Relay info kit" for Tor exits at universities

2012-08-24 Thread Scott Bennett 
 On Sat, 11 Aug 2012 04:08:57 -0400 Roger Dingledine 
wrote:
>I've spent the week talking to my contacts at US universities, to get
>them to spin up fast exits. Currently the fast exits in North American
>universities are:
>
>- University of Waterloo (Ian Goldberg)
>- Boston University (Leo Reyzin)
>
>We're now on track to add:
>- UPenn (Matt Blaze)
>- UMichigan (Alex Halderman)
>- CMU (Nicolas Christin)
>- Georgia Tech (Dave Dagon)
>
>and I have professors from George Mason, Illinois, UNM, UMN, UConn,
>UW, and others looking into it.
>
>Wendy and I are talking to some lawyers to try to write up a short
>(several paragraph) document targeted toward the university's general
>counsel, for preemptive use by the computer science professors who plan
>to run the Tor exit.
>
>What else should go in a "so you want to run a big exit" info kit?
>
>- Pointers to the legal-faq (and dmca template) and abuse-faq.
>
>- Pointers to Mike's blog entry:
>https://blog.torproject.org/blog/tips-running-exit-node-minimal-harassment
>and my old Tor-at-universities wiki page:
>https://trac.torproject.org/projects/tor/wiki/doc/TorGuideUniversities
>
>- Is there some document suggesting how to SWIP your address, and
>explaining the importance of having your abuse mails go to someplace
>other than your general university abuse team? It's touched on in several
>places but we should make it even clearer.
>
>- What are the good answers now to "what hardware should I use, and how
>should I configure it?" I've been telling people they'll be happiest with
>Debian, and that something 64-bit and/or with AESNI support will be best.

 Fast relays use lots of memory, which vastly worsens the effects of
the "small TLB" problem inherent in all modern CPUs, so running a fast relay
on a FreeBSD kernel with superpages support enabled is likely to reduce
considerably the CPU load for the traffic served, which is more or less
equivalent to increasing the traffic capacity for any given CPU speed.
 Superpages support has been available since 7.2 for i386 and amd64
platforms, but will likely be available on other platforms at some point.
Support on another platform was supposed to appear in 9.0, IIRC, but I don't
remember which (ia64?).  I'm not sure what will be in later releases, but my
understanding is that the kernel development team planned to add superpages
support eventually to the rest of the FreeBSD-supported hardware platforms
that are capable of it (not, for example, powerpc because that hardware does
not support the multiple page sizes involved).
 Rather than risk triggering OS religious wars here, it might be better
to limit OS recommendations to merely which to avoid because they have
limitations likely to prevent successful operation of a fast exit node
(e.g., non-server versions of Windows).  The administrators of fast nodes
already know what their current setups are and the current knowledge bases
of their staffs are.
>
>- [remainder deleted  -SB]


  Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet:   bennett at cs.niu.edu  *
**
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."   *
*-- Gov. John Hancock, New York Journal, 28 January 1790 *
**
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] "Relay info kit" for Tor exits

2012-08-24 Thread Tom Ritter 
On 23 August 2012 20:40, Roger Dingledine  wrote:
> On Fri, Aug 17, 2012 at 09:15:46AM -0400, Tom Ritter wrote:
>> It would be good to add the exit IP to services that allow Tor Exits
>> to register to proactively stop abuse emails.
>>
>> http://www.blocklist.de is one I had to add mine to within the first month.
>
> Is this generally accepted as a good idea?
>
> What are the implications to signing yourself up on the list -- that
> is, what services are you asking to block your users?

For that one in particular, I don't believe they add you to the
blocklist, but rather stop emailing you.  The exact response I
received was

> Thank you for your request.
>
> We have marked the IP  [IP]
>
> as an Tor-Exit-Node.
> So, we dont send ne Reports now for Spam-Comments or other Attacks to you.

-tom
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] "Relay info kit" for Tor exits

2012-08-24 Thread Moritz Bartl 
On 24.08.2012 08:07, Rejo Zenger wrote:
>> Also, my statement about "RIPE uses something similar" could use some
>> fleshing out.
> You need a more descriptive text? I can provide that. Is it just a
> pointer you need, or do you want the text describing how to change the
> IP assignment registration itself?

Both. A pointer to something similar to
https://www.arin.net/resources/request/reassignments.html would be nice
for TorExitGuidelines, a short text improving
https://www.torservers.net/wiki/hoster/inquiry#ripe also.

-- 
Moritz Bartl
https://www.torservers.net/
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] "Relay info kit" for Tor exits

2012-08-23 Thread Rejo Zenger 

On 24 aug. 2012, at 02:14, Roger Dingledine wrote:

> Also, my statement about "RIPE uses something similar" could use some
> fleshing out.

You need a more descriptive text? I can provide that. Is it just a pointer you 
need, or do you want the text describing how to change the IP assignment 
registration itself?

-- 
Rejo Zenger .  . 0x21DBEFD4 . 
GPG encrypted e-mail preferred . +31.6.39642738 . @rejozenger



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] "Relay info kit" for Tor exits

2012-08-23 Thread Roger Dingledine 
On Fri, Aug 17, 2012 at 09:15:46AM -0400, Tom Ritter wrote:
> It would be good to add the exit IP to services that allow Tor Exits
> to register to proactively stop abuse emails.
> 
> http://www.blocklist.de is one I had to add mine to within the first month.

Is this generally accepted as a good idea?

What are the implications to signing yourself up on the list -- that
is, what services are you asking to block your users?

I guess I'm torn, since preemptively choosing to make your relay less
useful to users is both bad and good here.

I wish more services would consider
https://www.torproject.org/docs/faq-abuse#Bans

--Roger

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] "Relay info kit" for Tor exits

2012-08-23 Thread Roger Dingledine 
On Thu, Aug 16, 2012 at 01:00:56PM +0200, Moritz Bartl wrote:
> https://trac.torproject.org/projects/tor/wiki/doc/TorExitGuidelines
> 
> Comments? Do you want to see something else in an article that says "Tor
> Exit Guidelines"?

Thanks!

I've updated the page to include some more suggestions. Please let me
know if I screwed it up in any way.

Also, my statement about "RIPE uses something similar" could use some
fleshing out.

--Roger

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] "Relay info kit" for Tor exits

2012-08-17 Thread Tom Ritter 
It would be good to add the exit IP to services that allow Tor Exits
to register to proactively stop abuse emails.

http://www.blocklist.de is one I had to add mine to within the first month.

-tom
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] "Relay info kit" for Tor exits

2012-08-16 Thread Andrew 
Small groups is exactly what I had in mind.  Just having 1 other person
also running a relay or exit to be able to work with directly would be
great.  Any smaller groups that would take a TORB (TOR noob) let me know :)

On Thu, Aug 16, 2012 at 5:49 AM, Moritz Bartl  wrote:

> Hi Andrew,
>
> On 16.08.2012 13:20, Andrew wrote:
> > As a prospective 100mbit+ exit or relay operator anything I can find to
> > read about guidelines is awesome.  The things relating to legal in
> > particular, especially given the recent harshness from various orgs.
> >  Would it be possible to run multiple exits/relays under the same US
> > based LLC?  I am thinking that a few of us US based operators could
> > pool resources to accomplish this and have 1 point of contact for the
> > group.  Would this cause more problems that it would solve?
>
> Good question. I don't think it would hurt to have another larger
> player, but it probably isn't easy to organize. It also depends on the
> size. I don't think any org should run more than a handful of servers.
>
> --
> Moritz Bartl
> https://www.torservers.net/
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] "Relay info kit" for Tor exits

2012-08-16 Thread Moritz Bartl 
Hi Andrew,

On 16.08.2012 13:20, Andrew wrote:
> As a prospective 100mbit+ exit or relay operator anything I can find to
> read about guidelines is awesome.  The things relating to legal in
> particular, especially given the recent harshness from various orgs.
>  Would it be possible to run multiple exits/relays under the same US
> based LLC?  I am thinking that a few of us US based operators could
> pool resources to accomplish this and have 1 point of contact for the
> group.  Would this cause more problems that it would solve?

Good question. I don't think it would hurt to have another larger
player, but it probably isn't easy to organize. It also depends on the
size. I don't think any org should run more than a handful of servers.

-- 
Moritz Bartl
https://www.torservers.net/
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] "Relay info kit" for Tor exits

2012-08-16 Thread andrew 
On Thu, Aug 16, 2012 at 01:00:56PM +0200, mor...@torservers.net wrote 1.0K 
bytes in 27 lines about:
: The page lacks a direct contact for support. Should we add
: tor-assistants, or send people towards me?

I'm fine with tor-assistants. More people will see any emails in case
you're on holiday or sleeping. You may want to add
https://blog.torproject.org/blog/start-tor-legal-support-directory
as well.

-- 
Andrew
http://tpo.is/contact
pgp 0x6B4D6475
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] "Relay info kit" for Tor exits

2012-08-16 Thread Andrew 
As a prospective 100mbit+ exit or relay operator anything I can find to
read about guidelines is awesome.  The things relating to legal in
particular, especially given the recent harshness from various orgs.  Would
it be possible to run multiple exits/relays under the same US based LLC?  I
am thinking that a few of us US based operators could pool resources to
accomplish this and have 1 point of contact for the group.  Would this
cause more problems that it would solve?

On Thu, Aug 16, 2012 at 5:00 AM, Moritz Bartl  wrote:

> On 11.08.2012 10:08, Roger Dingledine wrote:
> > What else should go in a "so you want to run a big exit" info kit?
> > What other resources exist already that would be especially useful for
> > new fast exits?
> > What resources don't exist but should?
>
> I've thought hard about this for the past hours, and put together what I
> consider the first edition of a "Relay info kit". It ended up to be more
> a short checklist than anything else.
> I think we already have excellent resources, and it does not help much
> to throw another large article at people that they just won't read.
>
> The page lacks a direct contact for support. Should we add
> tor-assistants, or send people towards me?
>
> https://trac.torproject.org/projects/tor/wiki/doc/TorExitGuidelines
>
> Comments? Do you want to see something else in an article that says "Tor
> Exit Guidelines"?
>
> --
> Moritz Bartl
> https://www.torservers.net/
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] "Relay info kit" for Tor exits

2012-08-16 Thread Moritz Bartl 
On 11.08.2012 10:08, Roger Dingledine wrote:
> What else should go in a "so you want to run a big exit" info kit?
> What other resources exist already that would be especially useful for
> new fast exits?
> What resources don't exist but should?

I've thought hard about this for the past hours, and put together what I
consider the first edition of a "Relay info kit". It ended up to be more
a short checklist than anything else.
I think we already have excellent resources, and it does not help much
to throw another large article at people that they just won't read.

The page lacks a direct contact for support. Should we add
tor-assistants, or send people towards me?

https://trac.torproject.org/projects/tor/wiki/doc/TorExitGuidelines

Comments? Do you want to see something else in an article that says "Tor
Exit Guidelines"?

-- 
Moritz Bartl
https://www.torservers.net/
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] "Relay info kit" for Tor exits at universities

2012-08-12 Thread Rejo Zenger 

On 12 aug. 2012, at 15:23, Moritz Bartl wrote:

> RIPE: I could not find a location that explains how to reassign IP
> space, but from what I know ISPs can do it via web interface.

There are two ways of updating the RIPE database. There's a form on the website 
one can use, alternatively one can send updates by e-mail. 

-- 
Rejo Zenger .  . 0x21DBEFD4 . 
GPG encrypted e-mail preferred . +31.6.39642738 . @rejozenger



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] "Relay info kit" for Tor exits at universities

2012-08-12 Thread Moritz Bartl 
On 11.08.2012 10:08, Roger Dingledine wrote:
> - What are the good answers now to "what hardware should I use, and how
> should I configure it?" I've been telling people they'll be happiest with
> Debian, and that something 64-bit and/or with AESNI support will be best.

Seconded. We have moved to Ubuntu 12.04 LTS for machines with AES-NI
support as it comes with a packaged OpenSSL 1.01. All that remains is
enabling the BIOS option and the kernel module as documented at
https://www.torservers.net/wiki/setup/server#aes-ni_crypto_acceleration

Machines without AES-NI can do ~150 Mbps max per Tor process (and core).
With AES-NI, you can see >200 Mbps. If your pipe is bigger, you need to
run multiple Tor processes and likely tweak some of your kernel settings
(
https://www.torservers.net/wiki/setup/server#high_bandwidth_tweaks_100_mbps
)

> - Is there some document suggesting how to SWIP your address, and
> explaining the importance of having your abuse mails go to someplace
> other than your general university abuse team? It's touched on in several
> places but we should make it even clearer.

ARIN: https://www.arin.net/resources/request/reassignments.html
The relevant template/process is called "IPv4 Reassign-Detailed".

RIPE: I could not find a location that explains how to reassign IP
space, but from what I know ISPs can do it via web interface.

-- 
Moritz Bartl
https://www.torservers.net/



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] "Relay info kit" for Tor exits at universities

2012-08-11 Thread Sam Whited 
On Sat, Aug 11, 2012 at 4:08 AM, Roger Dingledine  wrote:
> - Georgia Tech (Dave Dagon)
>

This is fantastic news, I used to run an exit relay out of my dorm
room at Georgia Tech. It was a bit of a pain to get set up initially —
ResNET and OIT didn't really understand the concept, but ended up
letting me run it. I've been wanting to set something up with the
College of Computing or GTRI for a while now, so it's good to see that
this is being done. Let me know if you need any help (I'll get in
touch with Dave and mention it to him as well).

> - We should set up a mailing list for university relay operators to share
> experiences and feel solidarity. I'll also encourage them to sign up here.
> We might also post a list of university Tor exits somewhere obvious,
> so new ones can gain more confidence in the idea.
>

Both great ideas. Unfortunately I don't have a lot of feedback on
these issues except to say that I love the idea, and I'm glad to see
that Georgia Tech (which has substantial network resources) will be on
board.

—Sam

-- 
Sam Whited
pub 4096R/EC2C9934

SamWhited.com
s...@samwhited.com
404.492.6008
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays