> Date: Fri, 21 Nov 2014 07:22:10 -0800
> From: Seth <list(a)sysfu.com>
>
> I'm trying to build tor-0.2.5.10 from source against LibreSSL 2.1.1 on a
> FreeBSD 9.3x jail system.
>
> It fails with this message
>
> -----------------------------------
>
> CC src/tools/tor-gencert.o
> CCLD src/tools/tor-gencert
> src/common/libor-crypto.a(aes.o): In function `aes_new_cipher':
> /usr/local/src/tor-0.2.5.10/src/common/aes.c:100: …
[View More]undefined reference to
> `EVP_aes_128_ctr'
> *** [src/tools/tor-gencert] Error code 1
>
> Stop in /usr/local/src/tor-0.2.5.10.
> *** [all] Error code 1
>
> Stop in /usr/local/src/tor-0.2.5.10.
>
> --------------------------------------
>
> Has anyone has any luck building Tor against LibreSSL?
>
Yes, on OS X, but it wasn't easy, and it didn't bootstrap for me due to SSL errors. Others have had more luck, but mostly on Linux AFAIK.
Do you perhaps have a system-installed OpenSSL 0.9.* which is lacking EVP_aes_128_ctr?
See https://trac.torproject.org/projects/tor/ticket/13817 for a similar failure, due to the following issues:
configure --with-openssl-dir= detects the wrong bin/openssl if "$OPENSSL_DIR/bin/openssl" isn't in the path before all other openssl executables.
configure --enable-static-openssl requires LDFLAGS="$OPENSSL_DIR/lib":$LDFLAGS to link properly, at least on OS X.
If you do run into runtime SSL errors, see this bug:
https://trac.torproject.org/projects/tor/ticket/13816
teor
pgp 0xABFED1AC
hkp://pgp.mit.edu/https://gist.github.com/teor2345/d033b8ce0a99adbc89c5http://0bin.net/paste/Mu92kPyphK0bqmbA#Zvt3gzMrSCAwDN6GKsUk7Q8G-eG+Y+BLpe7w…
[View Less]
On Tue, Nov 4, 2014 at 12:25 PM, Libertas <libertas(a)mykolab.com> wrote:
> I think it would be a good idea to add OpenBSD to doc/TUNING because [...]
> promoting OpenBSD relays benefits the Tor network's security.
Absolutely. Not just due to OpenBSD's security positioning, but
moreso from network diversity. Windows is its own world. But if
you're a Unix admin there's no reason Linux should be deployed
20x more often than [Free/Open]BSD. It's ridiculously counter
to meeting …
[View More]diversity goals, especially with bandwith weighting
if one platform is getting grossly disproportionate traffic than another.
Just pick one of the two BSD's and run it instead. FreeBSD
in particular is well suited to the OS and network needs of Tor.
And knowing how to admin more Unixes will serve any admin well.
5950 Linux
1593 Windows
173 FreeBSD
55 Darwin
44 OpenBSD
7 NetBSD
6 SunOS
4 Bitrig
2 GNU/kFreeBSD
1 DragonFly
[View Less]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
I thought I'd share an initial draft of doc/HARDENING. Please share
any opinions or contributions you have. This was written in a little
more than an hour, so it's still a work in progress. However, in the
spirit of prototyping before polishing, I thought I'd share early.
Here's the relevant ticket:
https://trac.torproject.org/projects/tor/ticket/13703
A specific topic of conversation is how much of the advice should be
in the document itself …
[View More]as opposed to linked sources.
It could also use more OS diversity. After reading it, you can
probably guess which *nix flavors I'm familiar with.
Enjoy,
Libertas
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJUc7qtAAoJELxHvGCsI27NOwsP/1bP+g4W2y1NHefR5bd+5hwo
V927TXzarNneNFxfhKJsVewVnU593Ex13iHv+WgA+XM39xiK8KkhpxOaw2IpahZp
pIRCk4/XX78YaEc/K3ci2AsNGFVXPBX7nm4/VOZ5qiGfo+FVeipykweF1dF+X1Wc
1wr8Q9LWKoIab+klu/BG5nG5NtwICYslbgXMvNnapHuy0Xn1+fvBx3mW9teMkJ0N
Npssiy7XUqJx1XpdYNJr4XI28aHOV2p4FeCdsAgaQ1OBkOvpzMd+fw2Yb3FOiX/l
5pNCPMXFsS/+OXp1qOFKDQoOb7fEP6mY4NqdSovuJU0oWdurnHVk/X3SidALfH/L
vFPdTwpCJSMLuYO7HsLLiLx6LkDtrDZ2y9+tUfpqKGAN0upXrIi5GWsbUeLcCqwY
UFYdSg1GHsWJz7fU6F1vDLpGsiXU5yVqgaxfP06+nZ/smRt5sA3nlMDCZJi3BDes
k0+c4+tAPZ5Yt6kJ5b1GBgxQMokDqnLm/4pb/qlp0EzDfhWpA+Un2lGdvInrz1ds
VsVvbq/LLuxYylC3hlF8pNxBVMdbXycWM1w/VHtDjPZFdo9AO4CJHXeShYQa2O0W
cBXdU+O59wWoxiCuEfo0O2xaJw2UIRfxauQbcp/A0rg8FKU1c2QeP2t7y8VdVC1Y
SgQNVCUKYPBMCywJw9PA
=yY3r
-----END PGP SIGNATURE-----
[View Less]
Dear Relay Operators,
I noticed there are very few US based exit nodes in the network. And more and more
people are jumping on the same set of AS numbers in Europe.
I am not if the reason is lack of Tor friendly ISPs or people are just too freaked out about
the summer of Snowden.
I think it's very wrong to assume that EU countries are not part of the world-wide-wiretap, packets are
going through a few internet exchanges anyways.
I have been hosting/operating Faravahar (one of the authority …
[View More]directory servers) at Rethem Hosting (rethemhosting.net)
for a couple of years now, and never had any issues.
I also just brought up 2 exit nodes there:
https://atlas.torproject.org/#details/A5B1C342B316C2AE5695B903CED18F619A836…https://atlas.torproject.org/#details/6FFCDF910C32D620FCC6EEF7A8A57F3E9A234…
If anyone is interested in running fast Tor Exit nodes at Rethem Hosting. Feel free to contact me directly,
so I can make proper referral/introductions. Rethem Hosting is also able to provide hosting In IceLand, but you
get the most bang for your buck in the US datacenter.
Thank you for contributing to Tor.
All the best,
SiNA
# Consensus Weights Advertised Bandwidth Guard Probability Middle Probability Exit Probability Nickname Fingerprint Exit Guard Country Autonomous System
1.5958% 0.0000% 0.0000% 0.0000% 4.8946% (11 other relay groups)
17.6751% 0.0000% 0.0000% 0.0000% 54.2124% (total in selection)
1 4.1722% 0.0000% 0.0000% 0.0000% 12.7968% * (26 relays) (26) (22) FR (4)
2 3.8256% 0.0000% 0.0000% 0.0000% 11.7338% * (19 relays) (19) (16) DE (6)
3 2.1098% 0.0000% 0.0000% 0.0000% 6.4712% * (10 relays) (10) (8) NL (6)
4 1.4620% 0.0000% 0.0000% 0.0000% 4.4843% * (5 relays) (5) (5) RO (1)
5 0.9090% 0.0000% 0.0000% 0.0000% 2.7881% * (6 relays) (6) (5) SE (4)
6 0.8788% 0.0000% 0.0000% 0.0000% 2.6955% * (4 relays) (4) (4) CH (2)
7 0.8560% 0.0000% 0.0000% 0.0000% 2.6255% * (3 relays) (3) (3) LU (1)
8 0.6510% 0.0000% 0.0000% 0.0000% 1.9967% * (1 relays) (1) (1) LR (1)
9 0.6433% 0.0000% 0.0000% 0.0000% 1.9731% * (10 relays) (10) (8) US (10)
10 0.5715% 0.0000% 0.0000% 0.0000% 1.7528% * (2 relays) (2) (2) GB (1)
[View Less]
> Date: Sat, 22 Nov 2014 17:58:37 -0800
> From: Seth <list(a)sysfu.com>
>
...
>
> I should have also mentioned in my previous post I put the following in
> /etc/tor/torrc
>
> # Bandwidth and data caps
> AccountingStart day 19:45 # calculate once a day at 7:45pm
> AccountingMax 33 GBytes # 33GB X 30 days = 10GB shy of 1000GB/mo.
> RelayBandwidthRate 3000 KBytes
> RelayBandwidthBurst 3750 KBytes # allow higher bursts but maintain average
There are 7/…
[View More]12 months that have 31 days, where your 33GB per day will result in a (potential) 23GB overuse. (And that's not including non-tor traffic like OS updates.)
Why not use 32GB x 31 days = 992GB, or 31GB x 31 days = 961GB ?
teor
pgp 0xABFED1AC
hkp://pgp.mit.edu/https://gist.github.com/teor2345/d033b8ce0a99adbc89c5http://0bin.net/paste/Mu92kPyphK0bqmbA#Zvt3gzMrSCAwDN6GKsUk7Q8G-eG+Y+BLpe7w…
[View Less]
Hi,
I'm running a low-volume bridge on a raspberry pi. Globe.torproject says
that my fingerprint is 1BCD3EBEFE17EEB86EEDE21D5E2DB8468E2864CF . I'm
keeping an eye on myself and traffic via globe.torproject and my
advertised bandwidth makes wild swings: one day its 56 kB/s and the next
day it's 8 kB/s. When I read that "The minimum BandwidthRate setting is
20 kilobytes per second", I am confronted with the fact that 8 is less
than 20 and it doesn't seem worth it keeping my bridge up and working.
…
[View More]Why would a bridge make such swings in advertised bandwidth? And is
there any good reason to keep the bridge up and working if it sinks to 8
kB/s?
Thanks,
J Chase
[View Less]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
I've been looking for a budget dedicated server to host an exit node
on, and the best option I've found is BalticServers. However, they're
already listed on the GoodBadISPs wiki page, and because they're in
Northeast Europe (Lithuania, to be precise) I'm concerned that their
ISP already has more exit nodes than is healthy for network diversity.
Is it a good idea to host another exit node there? If you think
there's a better option, I'd …
[View More]appreciate it if you could tell me either
publicly or privately.
Thanks,
Libertas
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJUb8qfAAoJELxHvGCsI27Nx0sP/j5wBhV7EJZZ4EJoPgnoEH8A
i6cDB3sL+Q50MgZivZLG47U+wdj95EJeIRl16RsaL0JaShVwyvbpStaIuhpOoujX
FN0oumg3Z27fists+CSImLAHHHyr3a526XbWQazKZ7ReBvBZeIOa4PKA/OWsI8wg
CWogwEWxbVNMojWaHMID3Y43qEeSH/T0R9ibqyrvqoZrOhnVqH1+1HzVs4FAWoST
UMS2m/+b1qL4riL20XyaS0SUO0OkNbL3ecBnCN9LZJwMMuXVB4QNrsBSNFtDTpeu
r8ZPJ/DxLJuQOtOvluSqqriKZCCi2lFAHovcXAf2ele0xqPrnJLFXDvhKkuAlv2o
wQb+hdpBZ95u073cu/md8vTYVzA8NJ/sRTPmsWtxdRR8PMVpx59+BOAWNYMLWgEu
JdTVinsbaWuKKTCtsZY0KAmYRbYC8E0O46z3OnOaeLX2s4MLUK/rPV3FoOAJ0tA3
ixnJ0kjuaFiBN7SRn+N4imBEmt5DP3cbPmai6YX5FzaL0RjlD+1uWk/ZxV66iK3c
YrisgQ0bWFbVCGeztblvBGQF3o6cElCJ26Cvy3EaTn7No+1d4f+/1rYwYCmNHjYY
mdfUhSfWWFNv+oaF9MU/IHek45l+yrTHHZlhrk3pmFX/bcUWWcfcYX1D/aMhgH58
7p48+5liXZOtSuVK44aS
=/fUH
-----END PGP SIGNATURE-----
[View Less]