e advertised address then this proposal could be problematic
for some.
Mick
-----
Mick Morgan
gpg fingerprint: FC23 3338
contact address to your relay(s). It will help the
project, and will hardly hurt you at all.
Best
Mick
--
Sent from a mobile device. Please excuse my brevity.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-
twork, and I am grateful for that, but I
have never been at all clear what your role is and how it is connected
to the core project.
Regards
Mick
-----
Mick Morgan
gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D31
utations
>
> Sebastian Urbach
>
Please don't do that Sebastian, The world needs Tor relays.
I too have found the discussions of the past few days problematic. But
please, please do not shut down your relays. That would
On Mon, 21 Dec 2020 00:15:49 +0100
li...@for-privacy.net allegedly wrote:
> On 18.12.2020 17:33, mick wrote:
>
> > So - you can get a twin core VPS with 2 Gig of RAM and 3500 gig of
> > traffic allowance for less than $20.00 for a /year/. Spend a little
> > more
>
g of traffic.
I bouught two VPS from them about a month ago and they have confirmed
that they are OK with Tor nodes, but probably NOT exits. (In their words
to me "As long as we will not receive any abuse complaints, then there
should be no problems.")
Abuse
F5D73F0868
Nov 02 04:30:00.000 [warn] Possible compression bomb; abandoning stream.
Nov 02 04:30:01.000 [warn] Possible compression bomb; abandoning stream.
Time is GMT.
Cheers
Mick
-
Mick Morgan
gpg fingerprint: FC23 3338
are /very/ expensive in terms of
bandwidth if you go over their 1TB limit.
Mick
-----
Mick Morgan
gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312
https://baldric.net/abo
Remote Management. But they don't
> allow exit. https://servdiscount.com/
>
> ¹15% discount is forever.
>
I haven't run an exit in over 8 years - I got too much aggravation, but
I will look at setting up another re
hey (along with OVH and currently DO) are
overrepresented and it would be better to find alternatives.
Best
Mick
-
Mick M
I shut it down before the automated charge kicks in.
Mick
-----
Mick Morgan
gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D3
P (2) and decide for themselves whether they will be affected.
My other guard relay at sink.rlogin.net on Hetzner's network will
continue in operation.
Mick
(1) https://www.digitalocean.com/legal/terms-of-service-agreement/
(2) https://www.digitalocean.com/le
-++
> 14 rows
>
> 14*3=42
>
> This should become a new OrNetRadar detector.
>
And given ColoCrossings advertised prices, even using single servers
that amounts to nearly $840 pcm or over $
just grateful that it exists and that there
are people prepared to defend it.
-----
Mick Morgan
gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312
https://bal
arly 20th century headline in the Times newspaper:
"Fog in channel. Europe isolated."
(Apologies)
Mick
-
Mick Morgan
gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312
https://baldr
. I
am also exceptionally grateful for the continued ability to provide my
Tor node to the community at its current usage level without
incurring the sort of financial penalty I could have expected.
My thanks to all at DO and to Rafael in particular for this.
Mick
--
> an extra 10 USD. Who has that kind of money?
>
Not me. I think I'm immensely lucky to get the service I do.
Mick
-----
Mick Morgan
gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312
htt
0.83 TiB | 10.78 TiB | 21.60 TiB | 69.28 Mbit/s
Apr '18 8.38 TiB |8.37 TiB | 16.76 TiB | 67.94 Mbit/s
----+-+-+---
estimated 10.26 TiB | 10.24 TiB | 20.50 TiB |
Mick
-
On Sat, 7 Apr 2018 09:54:46 -0400
"Grander Marizan" allegedly wrote:
> How can I unsubscribe from this mailing list?
>
Read the email. Scroll to the bottom and you will see a link to list
subscription instructions.
Viz: https://lists.torproject.org/cgi-bin/mailman/listinfo/
trust someone, somewhere, somehow,
sometime. What everyone has to decide for themselves is /how much/ trust
to give, to whom, when, where and why. And that depends entirely on your
threat model and your appetite for risk.
Mick
-
M
getting fewer complaints in my log now.
Mick
-
Mick Morgan
gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312
http://baldric.ne
,
at around 700-800 is 144.76.175/24 (Hetzner Online). I don't recall
seeing that level of connections in the past.
If anyone wants more info, let me know.
Best
Mick
-
r relay in Moldavia, for example (MivoCloud).
>
But note that Mivocloud's ToS specifically says:
"2.11 The Services may be used only for lawful purposes. MivoCloud
strictly prohibits:
Tor Exit relays;
SPAM;
any kind of DoS;
Scam, Malware, Bo
e done. It is much appreciated.
-
Mick Morgan
gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312
Sorry, I thought I had. I must have hit the wrong reply button. Now copied in.
Apologies for the top post...On 9 Feb 2017 21:58, Roger Dingledine wrote: >
> On Thu, Feb 09, 2017 at 09:57:03PM +, mick wrote: > > Done > > > > Now
running 0.2.9.9. > > Thanks!
irectory
authorities. Recommended versions are:
0.2.4.27,0
.2.4.28,0.2.5.12,0.2.5.13,0.2.7.6,0.2.7.7,0.2.8.9,0.2.8.10,0.2.8.11,0.2.8.12,0.2.9.9,0.3.0.2-alpha,0.3.0.3-alpha
Attempting an upgrade from 0.2.9.8 I get nothing.
Mick
-
Mick Morgan
gpg fingerprint: FC23 3338 F
On 11 January 2017 12:28:44 GMT+00:00, Ralph Seichter
wrote:
>On 11.01.2017 06:30, Roman Mamedov wrote:
>
>Roman, you nailed it. The "September that never ended" is now well into
>its 24th year,
Ralph
You are showing your age...
+1 to Roman BTW
Mick
--
Sent fr
/anywhere/ constitutes publication. And since the
report is widely reachable it will by now have been cached by search
engines.
Best
Mick
-----
Mick Morgan
gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D
other services you run
on the Tor node actually weaken the security of that node. Every service
you run on a server increases the attack surface. If your Tor node
happens to be running an insecure (or badly configured, or both) FTP
server, for example, then it could be compr
node (or my other high traffic VMs).
Mick
-
Mick Morgan
gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312
http://baldric.net
-
signatur
am I.
Mic
-
Mick Morgan
gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312
http://baldric.net
-
___
ful, snarky, smart ass
responses we sometimes see on this list and elsewhere.
Congratulations and thanks Christian.
Mick
-
Mick Morgan
gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312
http://baldric.
ot;in china".
-----
Mick Morgan
gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312
http://baldric.net
-
signature.asc
Description: PGP signature
___
tor-relays mailing
unteers choose to help fellow
list members, then good for them. However, if list posters whine and
castigate others then they should not be surprised if no-one helps in
future.
Mick
-----
Mick Morgan
gpg fingerprint: FC23 333
il/October 2015.
>
Any idea where that concentration of 16 relays South of Ghana in the
Gulf of Guinea is? The traffic there seems disproportionate to the size
of the location.
Mick
(Beautiful and really cool visualisation BTW. Many thanks to the
designer(s) and coder(s)).
----
On Thu, 15 Oct 2015 17:11:23 -0400
starlight.201...@binnacle.cx allegedly wrote:
> Choices are not simple.
>
Never have been. And they get tougher over time. Trust me.
-----
Mick Morgan
gpg fingerprint: FC23 3338 F664 5E6
/torusers.html.en no longer exists)
I also notice that
https://tor-svn.freehaven.net/svn/tor/trunk/contrib/exitlist cannot be
reached at all and the same page over http seems not to exist.
If other operators are similarly using a page based on the old
template, they may wish to update.
Best
Mick
orm of
email obfuscation.
I have seen images (usually PNG) being used - but then I have also
seen that ruined by the use of the mailto: tag around the image.
Mick
-
Mick Morgan
gpg fingerprint: FC23 3338 F664 5E66 876B
t; exit node.
Congratulations on a good outcome. Your response to DO support was
obviously good enough to be used as a model for others in a similar
position in future.
And congrats also to DO for seeing some sense and taking the right
decision.
Best
Mick
run a
middle node on DO (plus two tails/whonix mirrors) and would be
concerned if their policy is hardening against Tor.
Best
Mick
-
Mick Morgan
gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D
ons
page will be empty. This is usually permissions related so if you would
like to fix this then run arm with the same user as tor (ie, "sudo -u
arm"). "
Mick
-----
Mick Morgan
gpg fingerprint: FC23
from my original IP. It worked, I accessed the site.
>
That's interesting.
From the DNS responses I get from various places it looks as if the
NHS site is run on the Akamai CDN. So it may be that (some of) the
Akamai servers are blocking Tor.
Mick
--
look for some
support (and possible advice) from Ross Anderson
(http://www.cl.cam.ac.uk/~rja14/). You can bet that Ross uses Tor, and
he almost certainly has experience in dealing with awkward parts of
HMG.
Best
Mick
-
NHS address
NHS Connecting for Health
ou might want to restart tor after that.
-
Mick Morgan
gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312
http://baldric.net
-
signature.asc
Description: PGP signature
est
practice states this would be a good idea.
(I have regenerated mine and restarted so I too now have a shiny a new
relay).
Mick
-
Mick Morgan
gpg fingerp
ssh from the standard port can be a good
idea. Whilst offering no more than security through obscurity against
a determined adversary it does at least provide some protection against
the mindless robots which constantly probe port 22.
Eve
there is a whois record. See
https://torstatus.blutmagie.de/cgi-bin/whois.pl?ip=192.254.168.26
Mick
-
Mick Morgan
gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312
http://baldric.net
--
/www.theregister.co.uk/2014/02/03/nhs_choices_website_serves_up_100s_of_pages_of_malware/
Mick
-----
Mick Morgan
gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E
sses have to be visible to be reachable.
Mick
-
Mick Morgan
gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312
http://baldric.net
-
s
) finshed the scamper run
(with default settings) in just over 3.5 days. I've just kicked off a
second run.
Mick
-
Mick Morgan
gpg fingerprint: FC23 3338 F664 5E66 876B
the Hetzner experiences), I checked with my
VPS provider (DigitalOcean) that they were happy. They have said that
they see no problem, and even if they do later spot an issue they will
take no precipitate action because of my prior alert to them.
So. guard
re generous enough to share with me. In
return, I like to think that others may be able to benefit from whatever
small ability I may have by sharing on /my/ experience.
I am a firm believer in the maxim that the only dumb question is the
one you didn't ask.
Best
Mick
---
thanks to the donors for their generosity.
-----
Mick Morgan
gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312
http://baldric.net
-
mean. They might presume your lazy casing means
> 'Gib, KiB' but then your rocket might crash. Reference and
> enforcement is the proper cure.
>
This argument (Mbit/s versus GiB/month) reminds me of the old saw about
the most useless unit of velocity
On Sat, 9 Nov 2013 21:30:13 +0600
Roman Mamedov allegedly wrote:
> On Sat, 9 Nov 2013 12:50:18 +
> mick wrote:
>
> > I don't see any problem per se with a self-signed certificate on a
> > site which does not purport to protect anything sensitive (such as
> &
On Sat, 9 Nov 2013 09:22:12 -0500
Paul Syverson allegedly wrote:
> On Sat, Nov 09, 2013 at 12:50:18PM +0000, mick wrote:
> > >
> > I don't see any problem per se with a self-signed certificate on a
> > site which does not purport to protect anything sensitive (such
those errors can be corrected very quickly.
Why pay a CA if you don't trust the CA model?
Mick
-
Mick Morgan
gpg fingerprint: FC23 3338 F664 5E66 876B 72C0
On Wed, 06 Nov 2013 14:00:15 +0100
Jeroen Massar allegedly wrote:
> On 2013-11-06 13:47 , mick wrote:
> > On Wed, 06 Nov 2013 14:00:09 +0200
> > Lars Noodén allegedly wrote:
> >
> >> On 11/06/2013 01:26 PM, mick wrote:
> >>> I disagree. Dro
On Wed, 06 Nov 2013 14:00:09 +0200
Lars Noodén allegedly wrote:
> On 11/06/2013 01:26 PM, mick wrote:
> > I disagree. Dropping all traffic other than that which is
> > explicitly required is IMHO a better practice. (And how do you know
> > in advance which ports get attacke
that whilst /I/ believe those configurations to be
safe and useful, I would not recommend that you blindly trust my
scripts without first understanding what they do. Netfilter is
complex, and trusting some unknown third party (me) with your
firewall configuration may
ther than that which is explicitly
required is IMHO a better practice. (And how do you know in advance
which ports get attacked?)
Best
Mick
-
Mick Morgan
gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312
http:/
tent enough
to run tor in a VPS can be trusted to be competent enough to edit torrc
to allow exit (and apply an appropriate policy). A naive, or new, tor
user should not be bitten by a default exit. As I believe Gordon M said
earlier, that is a serious
On Sun, 20 Oct 2013 12:40:52 -0800
I allegedly wrote:
> Mick,
>
> Is Serverstack.nl particularly pro-tor exit nodes?
> By the front page it would seem so.
>
> Robert
Heh! I hadn't seen that before. (Though take a look at serverstack.com
for a more, erm, normal
ps://atlas.torproject.org/#details/C332113DF99E367E4190424CE825057D91337ADD
last rebooted when I upgraded to Tor 0.2.4.17-rc about three weeks
ago.
The limiting factor on a pi is not just memory. It is CPU.
Mick
-----
Mick Morgan
g
rt of Tor ended in October 2012."
So. How does this square with BBG's alleged support for financing new
fast exit relays?
https://lists.torproject.org/pipermail/tor-relays/2013-September/002824.html
Best
Mick
-
M
point. One drawback of the
advertisement of "tor friendly" ISPs (either on the list or on the
wiki) could be a tendency to cluster nodes to the detriment of the
network.
Mick
-
Mick Morgan
gpg fingerprint: FC23 333
widthRate 125 MBytes
> RelayBandwidthBurst 125 MBytes"
>
> Both relays are exactly the same, except for the IPv4 adress.
>
Neither relay shows any family members. That /may/ cause a problem
since they are obviously related.
Mick
---
On Sat, 31 Aug 2013 18:30:41 +0100
mick allegedly wrote:
> Here you go:
>
> https://pipe.rlogin.net/munin/network-month.html
>
etc
U. I've just had a (paranoid?) thought after reading the recent post
from Gordon Morehouse about DDOS.
I don't normally expose th
bin.rlogin.net. I am currently seeing close to 6000
established connections (or three times normal mean) but actual traffic
is only running slightly higher than normal. My vnstats for the last
month are at https://baldric.net/2013/08/31/vnstat-
s is related to the massive jump in connected clients
in the past few days and I assume that everyone else is seeing
something similar.
Mick
-
Mick Morgan
gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B
ex.en.html
But I'd recommend against running it on your relay. If you have free
capacity elsewhere then I'm sure the guys at tails would be happy to
hear from you.
Mick
-----
Mick Morgan
gpg fingerprint: FC23 3338 F
which rejects traffic based on the "proportion of flesh
coloured packets to the total" or some such nonsense. Second order
problem - define "flesh coloured".)
Best
Mick
-----
Mick Morgan
gpg fingerprint: F
e malicious intent.
>
> No, you can't be sure. That request could quite well be totally
> legitimate; you are not in a position to judge for the site owner.
>
Absolutely true. I could be using tor to test my own website's security
mechanisms. In fact, I /have/ u
On Tue, 27 Aug 2013 11:08:34 -0500
Jon Gardner allegedly wrote:
> On Aug 22, 2013, at 11:56 AM, mick wrote:
>
> > Tor is neutral. You and I may agree that certain usage is unwelcome,
> > even abhorrent, but we cannot dictate how others may use an
> > anonymising service
r if more can be
> done to make Tor resistant to evil usage.
>
Tor is neutral. You and I may agree that certain usage is unwelcome,
even abhorrent, but we cannot dictate how others may use an anonymising
service we agree to provide. If you have a problem with that, you
probably shou
.
I can recommend digitalocean.com at 5 USD. They have offerings in
Amsterdam, SanFrancisco and NYC. They are happy to allow relays, less
happy with exits.
HTH
Mick
-----
Mick Morgan
gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0
On Sat, 3 Aug 2013 16:54:20 -0400
George Herndon allegedly wrote:
> i'm happy with digitalocean
>
> George Herndon
> ghern...@eyeontech.com
And so am I - for a relay. DO are not very keen on exits. See
https://www.digitalocean.com/community/qu
ther than iptables to restrict the rate of
> port 22 connection attempts?
I find that there is a huge drop in ssh scanning activity if the
daemon is simply moved to a non-standard port. So if the problem is 1
or 2 above, a simple sshd reconfig may help.
HTH
Mick
---
On Thu, 18 Jul 2013 12:02:29 -0400
krishna e bera allegedly wrote:
> On 13-07-18 11:51 AM, mick wrote:
> >
> > I wonder if we are going to see more of this sort of thing now. I
> > think the tor network needs greater geographic diversity.
>
> Makes me wonder if
se I was thinking of making it a bridge.)
Hmm. Pretty crummy AUP. And /very/ crummy treatment of a customer.
I wonder if we are going to see more of this sort of thing now. I
think the tor network needs greater geographic diversity.
Mick
On Sat, 13 Jul 2013 10:03:11 -0700
Gordon Morehouse allegedly wrote:
> mick:
> > Gordon
> >
> > Thanks - useful to know. Any information on the openVZ offering?
>
>
> They told me it was rebooted much less often, but they didn't offer it
> in Iceland, whi
On Fri, 12 Jul 2013 19:04:22 -0700
Gordon Morehouse allegedly wrote:
> mick:
> > Forgot to add - take a look at http://www.edis.at/en/home for
> > example. They have reasonable offerings (but limited on the KVM
> > option) in a variety of countries and I have already esta
On Fri, 12 Jul 2013 14:22:44 +0100
mick allegedly wrote:
> On Thu, 11 Jul 2013 21:43:00 +0100
> Nick allegedly wrote:
>
> > Hi there,
> >
> > I have a reasonable ADSL connection, and a little always-on
> > server. The bandwidth is in the region of 2Mib/s d
fers on cheap VPS. Then do
some research on the suppliers, contact those you shortlist and be
open about what you intend to do.
HTH
Mick
-
Mick Morgan
gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312
http://bal
with source port 9050. Without a lot more detail
about configuration, and the exact details of the reporting from
CERT-FI it is difficult to make any assumptions.
If I were Steve, I would contact CERT-FI directly for more information.
They are likely to be very helpful.
Mick
> On 2013-07-1
_traffic) at http://munin-monitoring.org/wiki/PluginCat
beware that the old munin exchange site has disappeared.
Mick
-
blog: baldric.net
gpg fingerprint: FC23
On Tue, 9 Apr 2013 18:01:40 +0100
mick allegedly wrote:
>
> Though personally I'm with Romanov here.
Correction. "Roman" (forgive me Roman).
Mick
-
blog: baldric.net
gpg fingerprint: FC23 3338 F664
accept *:80
ExitPolicy accept *:443
ExitPolicy reject *.*
Though personally I'm with Romanov here. Just relay with no exit until
you have a better feel for tor.
Mick
-
blog: baldric.net
gpg fingerprint: FC23 3338
ould be
> occasionally allowed in peak times, not a "credit limit". If you're
> sure your description is correct, I may need to reconfigure my node.
Errr. Me too.
My RelayBandwidthBurst limit is set on the assumtion that that is the
ad the same problems you are seeing until I set the rate limits
above and increased MaxOnionsPending to 300. My CPU usage now hovers
around 65-85% for about 2000 established tor connections.
Mick
-
blog: baldric.net
gpg fingerpri
o run some more
tests. Digital Ocean sell their "droplets" by the hour. So you could
easily fire up a test VM for less than the cost of a coffee and
doughnuts...
Mick
-
blog: baldric.net
gpg fingerprint: FC23 3338 F664 5E66
; story. I did make a test file if anyone has the connection and 1GB of
> bw to try please let me know what you get
> http://torexit2.mttjocy.co.uk/1GBtest.bin
>
Here you go: http://rlogin.net/tor/torexit2.txt
Deeply unscientifi
On Mon, 18 Feb 2013 06:32:55 -0800
Andrea Shepard allegedly wrote:
> On Mon, Feb 18, 2013 at 01:26:26PM +0000, mick wrote:
> > Whilst not quite a 1:1 ratio, it is close enough I think to show
> > that this is simply an agnostic relay. However, would not an exit
> > node sh
) at http://rlogin.net/tor/bin-vnstats.txt
Whilst not quite a 1:1 ratio, it is close enough I think to show
that this is simply an agnostic relay. However, would not an exit node
show unbalanced traffic? Most net activity these days is
rs
usage and to understand how to best cater the service to their needs."
So - prices /will/ go up and/or bandwidth allowance /will/ go down.
Best
Mick
-
blog: baldric.net
gpg fi
On Tue, 08 Jan 2013 10:47:40 -0800
Micah Lee allegedly wrote:
> FYI, I just discovered a VPS provider DigitalOcean, and they seem fine
> with people running non-exit nodes:
>
> https://www.digitalocean.com/community/questions/tor
Yep - that "mick" was me. I contacted th
so it I'm having to play
with the configuration to prevent tor outpacing the VPS.
Cheers
Mick
-
blog: baldric.net
gpg fingerprint: FC23 3338 F
ited States, but they are still very affordable. I've contacted
> them in the past about running a TOR exit relay, and they said they
> had no problems with it.
Josh
Thanks for the pointer - but yes, I'd prefer to stay away from the US.
I think the US is probably already
So my question is, what can colleages recommend as a suitable maximum
rate which will allow my node to provide maximum utility to the tor
network without falling over?
Many thanks in advance.
Mick
-
blog: baldric.net
gpg fin
are rock solid (and I have run a tor node with them in
the past) but they don't offer the bandwidth I need at the price I am
prepared to pay either. (Two reasonably high bandwidth VPS at bytemark
prices would come to around 100 UKP per month (say 160 USD per month).
Call me cheap, but I do t
1 - 100 of 124 matches
Mail list logo
