November 2014 - tor-relays - lists.torproject.org

onionoo backend seems to be down.
by jason＠icetor.is 21 Apr '15

21 Apr '15

Hello All, Anyone else notice onionoo and the tools that rely on it (globe.torproject.org atlas.torproject.org) seem to be down? -Jason

5 4

Re: [tor-relays] building Tor against LibreSSL 2.1.1 fails with "undefined reference to `EVP_aes_128_ctr'" error
by teor 15 Jan '15

15 Jan '15

> Date: Fri, 21 Nov 2014 07:22:10 -0800 > From: Seth <list(a)sysfu.com> > > I'm trying to build tor-0.2.5.10 from source against LibreSSL 2.1.1 on a > FreeBSD 9.3x jail system. > > It fails with this message > > ----------------------------------- > > CC src/tools/tor-gencert.o > CCLD src/tools/tor-gencert > src/common/libor-crypto.a(aes.o): In function `aes_new_cipher': > /usr/local/src/tor-0.2.5.10/src/common/aes.c:100: undefined reference to > `EVP_aes_128_ctr' > *** [src/tools/tor-gencert] Error code 1 > > Stop in /usr/local/src/tor-0.2.5.10. > *** [all] Error code 1 > > Stop in /usr/local/src/tor-0.2.5.10. > > -------------------------------------- > > Has anyone has any luck building Tor against LibreSSL? > Yes, on OS X, but it wasn't easy, and it didn't bootstrap for me due to SSL errors. Others have had more luck, but mostly on Linux AFAIK. Do you perhaps have a system-installed OpenSSL 0.9.* which is lacking EVP_aes_128_ctr? See https://trac.torproject.org/projects/tor/ticket/13817 for a similar failure, due to the following issues: configure --with-openssl-dir= detects the wrong bin/openssl if "$OPENSSL_DIR/bin/openssl" isn't in the path before all other openssl executables. configure --enable-static-openssl requires LDFLAGS="$OPENSSL_DIR/lib":$LDFLAGS to link properly, at least on OS X. If you do run into runtime SSL errors, see this bug: https://trac.torproject.org/projects/tor/ticket/13816 teor pgp 0xABFED1AC hkp://pgp.mit.edu/ https://gist.github.com/teor2345/d033b8ce0a99adbc89c5 http://0bin.net/paste/Mu92kPyphK0bqmbA#Zvt3gzMrSCAwDN6GKsUk7Q8G-eG+Y+BLpe7w…

4 11

boost CPU on a Tor relay
by s7r 28 Dec '14

28 Dec '14

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, A Tor relay currently going 33MB/s could go a lot faster but CPU is at 93% usage - this is the bottleneck. Here is the output of /proc/cpuinfo processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 26 model name : Intel(R) Core(TM) i7 CPU 950 @ 3.07GHz stepping : 5 microcode : 0x11 cpu MHz : 3068.000 cache size : 8192 KB physical id : 0 siblings : 8 core id : 0 cpu cores : 4 apicid : 0 initial apicid : 0 fpu : yes fpu_exception : yes cpuid level : 11 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf pni dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm sse4_1 sse4_2 popcnt lahf_lm ida dtherm tpr_shadow vnmi flexpriority ept vpid bogomips : 6132.24 clflush size : 64 cache_alignment : 64 address sizes : 36 bits physical, 48 bits virtual power management: it also goes down to processor 1 - processor 7 Any ideas how this could be boosted? OS is Debian wheezy. No aes-ni hardware acceleration, no openssl benchmarking or customization currently. advices? Thank you. - -- s7r PGP Fingerprint: 7C36 9232 5ABD FB0B 3021 03F1 837F A52C 8126 5B11 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUDuRTAAoJEIN/pSyBJlsRLqYH/iSCtC9r/7/DBCG2qqUGPEgY TELvt+UMGyMP6ncNJH+vDEdHO4BBlSMzFQdj2sKyO3hOT5492cIOaT3gGokaDApL W913yqUkIfiUT6FUWJ6g4/LUt25pMG25Ednr/ZJJXR/pR+Ym3T3ytg+MSwRBmpEe +h26Q7qvd/p4f6VhTR0sEsxQfDLVXrEsj3kn0BL0rLklN5zH/bqmIsK2hio5Nl3H KBvbvyt+JbLhA/4+jygT6AygHDH9arpXWEh3ZcJVn7mE0OmPAvukdlLUj70K5F7r cCeMakcGBbSzit5tY7jUmSvkUewVBhAxAZmv1hgNnuCoSrGPtQZseCbM06cry+k= =TyKF -----END PGP SIGNATURE-----

6 10

Platform diversity in Tor network [was: OpenBSD doc/TUNING]
by grarpamp 16 Dec '14

16 Dec '14

On Tue, Nov 4, 2014 at 12:25 PM, Libertas <libertas(a)mykolab.com> wrote: > I think it would be a good idea to add OpenBSD to doc/TUNING because [...] > promoting OpenBSD relays benefits the Tor network's security. Absolutely. Not just due to OpenBSD's security positioning, but moreso from network diversity. Windows is its own world. But if you're a Unix admin there's no reason Linux should be deployed 20x more often than [Free/Open]BSD. It's ridiculously counter to meeting diversity goals, especially with bandwith weighting if one platform is getting grossly disproportionate traffic than another. Just pick one of the two BSD's and run it instead. FreeBSD in particular is well suited to the OS and network needs of Tor. And knowing how to admin more Unixes will serve any admin well. 5950 Linux 1593 Windows 173 FreeBSD 55 Darwin 44 OpenBSD 7 NetBSD 6 SunOS 4 Bitrig 2 GNU/kFreeBSD 1 DragonFly

12 29

doc/HARDENING Draft
by Libertas 01 Dec '14

01 Dec '14

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I thought I'd share an initial draft of doc/HARDENING. Please share any opinions or contributions you have. This was written in a little more than an hour, so it's still a work in progress. However, in the spirit of prototyping before polishing, I thought I'd share early. Here's the relevant ticket: https://trac.torproject.org/projects/tor/ticket/13703 A specific topic of conversation is how much of the advice should be in the document itself as opposed to linked sources. It could also use more OS diversity. After reading it, you can probably guess which *nix flavors I'm familiar with. Enjoy, Libertas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJUc7qtAAoJELxHvGCsI27NOwsP/1bP+g4W2y1NHefR5bd+5hwo V927TXzarNneNFxfhKJsVewVnU593Ex13iHv+WgA+XM39xiK8KkhpxOaw2IpahZp pIRCk4/XX78YaEc/K3ci2AsNGFVXPBX7nm4/VOZ5qiGfo+FVeipykweF1dF+X1Wc 1wr8Q9LWKoIab+klu/BG5nG5NtwICYslbgXMvNnapHuy0Xn1+fvBx3mW9teMkJ0N Npssiy7XUqJx1XpdYNJr4XI28aHOV2p4FeCdsAgaQ1OBkOvpzMd+fw2Yb3FOiX/l 5pNCPMXFsS/+OXp1qOFKDQoOb7fEP6mY4NqdSovuJU0oWdurnHVk/X3SidALfH/L vFPdTwpCJSMLuYO7HsLLiLx6LkDtrDZ2y9+tUfpqKGAN0upXrIi5GWsbUeLcCqwY UFYdSg1GHsWJz7fU6F1vDLpGsiXU5yVqgaxfP06+nZ/smRt5sA3nlMDCZJi3BDes k0+c4+tAPZ5Yt6kJ5b1GBgxQMokDqnLm/4pb/qlp0EzDfhWpA+Un2lGdvInrz1ds VsVvbq/LLuxYylC3hlF8pNxBVMdbXycWM1w/VHtDjPZFdo9AO4CJHXeShYQa2O0W cBXdU+O59wWoxiCuEfo0O2xaJw2UIRfxauQbcp/A0rg8FKU1c2QeP2t7y8VdVC1Y SgQNVCUKYPBMCywJw9PA =yY3r -----END PGP SIGNATURE-----

9 14

Fast Exit Node Operators - ISP in US
by SiNA Rabbani 29 Nov '14

29 Nov '14

Dear Relay Operators, I noticed there are very few US based exit nodes in the network. And more and more people are jumping on the same set of AS numbers in Europe. I am not if the reason is lack of Tor friendly ISPs or people are just too freaked out about the summer of Snowden. I think it's very wrong to assume that EU countries are not part of the world-wide-wiretap, packets are going through a few internet exchanges anyways. I have been hosting/operating Faravahar (one of the authority directory servers) at Rethem Hosting (rethemhosting.net) for a couple of years now, and never had any issues. I also just brought up 2 exit nodes there: https://atlas.torproject.org/#details/A5B1C342B316C2AE5695B903CED18F619A836… https://atlas.torproject.org/#details/6FFCDF910C32D620FCC6EEF7A8A57F3E9A234… If anyone is interested in running fast Tor Exit nodes at Rethem Hosting. Feel free to contact me directly, so I can make proper referral/introductions. Rethem Hosting is also able to provide hosting In IceLand, but you get the most bang for your buck in the US datacenter. Thank you for contributing to Tor. All the best, SiNA # Consensus Weights Advertised Bandwidth Guard Probability Middle Probability Exit Probability Nickname Fingerprint Exit Guard Country Autonomous System 1.5958% 0.0000% 0.0000% 0.0000% 4.8946% (11 other relay groups) 17.6751% 0.0000% 0.0000% 0.0000% 54.2124% (total in selection) 1 4.1722% 0.0000% 0.0000% 0.0000% 12.7968% * (26 relays) (26) (22) FR (4) 2 3.8256% 0.0000% 0.0000% 0.0000% 11.7338% * (19 relays) (19) (16) DE (6) 3 2.1098% 0.0000% 0.0000% 0.0000% 6.4712% * (10 relays) (10) (8) NL (6) 4 1.4620% 0.0000% 0.0000% 0.0000% 4.4843% * (5 relays) (5) (5) RO (1) 5 0.9090% 0.0000% 0.0000% 0.0000% 2.7881% * (6 relays) (6) (5) SE (4) 6 0.8788% 0.0000% 0.0000% 0.0000% 2.6955% * (4 relays) (4) (4) CH (2) 7 0.8560% 0.0000% 0.0000% 0.0000% 2.6255% * (3 relays) (3) (3) LU (1) 8 0.6510% 0.0000% 0.0000% 0.0000% 1.9967% * (1 relays) (1) (1) LR (1) 9 0.6433% 0.0000% 0.0000% 0.0000% 1.9731% * (10 relays) (10) (8) US (10) 10 0.5715% 0.0000% 0.0000% 0.0000% 1.7528% * (2 relays) (2) (2) GB (1)

17 40

Re: [tor-relays] Fast Exit Node Operators - ISP in US
by teor 23 Nov '14

23 Nov '14

> Date: Sat, 22 Nov 2014 17:58:37 -0800 > From: Seth <list(a)sysfu.com> > ... > > I should have also mentioned in my previous post I put the following in > /etc/tor/torrc > > # Bandwidth and data caps > AccountingStart day 19:45 # calculate once a day at 7:45pm > AccountingMax 33 GBytes # 33GB X 30 days = 10GB shy of 1000GB/mo. > RelayBandwidthRate 3000 KBytes > RelayBandwidthBurst 3750 KBytes # allow higher bursts but maintain average There are 7/12 months that have 31 days, where your 33GB per day will result in a (potential) 23GB overuse. (And that's not including non-tor traffic like OS updates.) Why not use 32GB x 31 days = 992GB, or 31GB x 31 days = 961GB ? teor pgp 0xABFED1AC hkp://pgp.mit.edu/ https://gist.github.com/teor2345/d033b8ce0a99adbc89c5 http://0bin.net/paste/Mu92kPyphK0bqmbA#Zvt3gzMrSCAwDN6GKsUk7Q8G-eG+Y+BLpe7w…

3 2

(no subject)
by Chris Boyd 23 Nov '14

23 Nov '14

http://estudiohalabi.cl/problem.php?4z0oxj4vkg5 wodencafe wodencafe(a)gmail.com +++++++++++++ Penalty for premature evacuation. -- Reality Bites

2 1

wild swings in Advertised Bandwidth
by jchase 23 Nov '14

23 Nov '14

Hi, I'm running a low-volume bridge on a raspberry pi. Globe.torproject says that my fingerprint is 1BCD3EBEFE17EEB86EEDE21D5E2DB8468E2864CF . I'm keeping an eye on myself and traffic via globe.torproject and my advertised bandwidth makes wild swings: one day its 56 kB/s and the next day it's 8 kB/s. When I read that "The minimum BandwidthRate setting is 20 kilobytes per second", I am confronted with the fact that 8 is less than 20 and it doesn't seem worth it keeping my bridge up and working. Why would a bridge make such swings in advertised bandwidth? And is there any good reason to keep the bridge up and working if it sinks to 8 kB/s? Thanks, J Chase

2 1

Decision on Dedicated Server for Exit Node
by Libertas 22 Nov '14

22 Nov '14

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I've been looking for a budget dedicated server to host an exit node on, and the best option I've found is BalticServers. However, they're already listed on the GoodBadISPs wiki page, and because they're in Northeast Europe (Lithuania, to be precise) I'm concerned that their ISP already has more exit nodes than is healthy for network diversity. Is it a good idea to host another exit node there? If you think there's a better option, I'd appreciate it if you could tell me either publicly or privately. Thanks, Libertas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJUb8qfAAoJELxHvGCsI27Nx0sP/j5wBhV7EJZZ4EJoPgnoEH8A i6cDB3sL+Q50MgZivZLG47U+wdj95EJeIRl16RsaL0JaShVwyvbpStaIuhpOoujX FN0oumg3Z27fists+CSImLAHHHyr3a526XbWQazKZ7ReBvBZeIOa4PKA/OWsI8wg CWogwEWxbVNMojWaHMID3Y43qEeSH/T0R9ibqyrvqoZrOhnVqH1+1HzVs4FAWoST UMS2m/+b1qL4riL20XyaS0SUO0OkNbL3ecBnCN9LZJwMMuXVB4QNrsBSNFtDTpeu r8ZPJ/DxLJuQOtOvluSqqriKZCCi2lFAHovcXAf2ele0xqPrnJLFXDvhKkuAlv2o wQb+hdpBZ95u073cu/md8vTYVzA8NJ/sRTPmsWtxdRR8PMVpx59+BOAWNYMLWgEu JdTVinsbaWuKKTCtsZY0KAmYRbYC8E0O46z3OnOaeLX2s4MLUK/rPV3FoOAJ0tA3 ixnJ0kjuaFiBN7SRn+N4imBEmt5DP3cbPmai6YX5FzaL0RjlD+1uWk/ZxV66iK3c YrisgQ0bWFbVCGeztblvBGQF3o6cElCJ26Cvy3EaTn7No+1d4f+/1rYwYCmNHjYY mdfUhSfWWFNv+oaF9MU/IHek45l+yrTHHZlhrk3pmFX/bcUWWcfcYX1D/aMhgH58 7p48+5liXZOtSuVK44aS =/fUH -----END PGP SIGNATURE-----

4 4