- tor-relays - lists.torproject.org

Re: [tor-relays] More consensus weight problems
by Aaron Gibson 29 Jun '15

29 Jun '15

On 2015-06-29 17:51, Speak Freely wrote: > Hello, > > First of all, I love Tor. I love Tor Browser, and I love running > relays. > > When the problems are solved, I will most likely spin up more relays. > > I'm leaving my fastest relay running, as a method of checking the > status > for myself. The rest have already started to expire, and within the > next > week or so most of the other ones will have expired as well. > > I'm going to try tor-dev-alpha 2.7.1 and change fingerprints, as per a > suggestion from s7r, seeing as how I have nothing to lose. > > I just wish the bwauths could scan relays based off previous relative > consensus weights... If this particular relay was at 27000, it should > be > higher on the list to check compared to another one I have that is at > 487. My one relay was blazing fast with thousands of connections, my Well, relays are ranked by capacity, and split over several scanner processes - they do get measured against their relative peers. But it seems that, when they fall out of the measurement process ('Unmeasured') they must start again at the beginning. This is expected because all relays start Unmeasured, and gradually increase their position in the consensus (per relative capacity), in order to dampen sudden changes and limit sybil attacks by requiring relays to stick around for a while, increasing the cost to an adversary. It likely should not be the case that historically long running relays should start at the bottom if they are unmeasured for a short period of time. We are in the process of testing increasing the number of scanner and accompanying tor instances from 4 to 9 (double, plus one for currently unmeasured relays) in order to decrease the amount of time each fraction of the network takes to measure and ensure that new relays or unmeasured relays are measured often. There are additional patches that introduce extra exits into the slice of relays, if there are no suitable exits to measure with. This likely won't address the above behavior, but we hope it will reduce the number of relays that go missing. Currently we seem to have mixed results, with one Bandwidth Authority operator claiming minimal (50) unmeasured relays, and another claiming ~600 mixed relays. These numbers are not directly comparable because they were not sampled at the same time, and may not be representative of typical behavior - it's a little too soon to tell. It's a bit tricky to both test these changes, on the live tor network, demonstrate that they produce sane results, and convince the directory authority operators and partner bandwidth authority operators to upgrade - nor do we want to do that all at once - gradual change is better. So, the goal is to produce results that will convince operators they should update, improve the situation for relay operators, and then start looking at longer term solutions for the measurement problem that are more maintainable and scalable in the long run. > other is painfully useless with dozens, but my fastest one lost its > consensus while the slowest one kept it's consensus. It just seems > silly. That being said, I don't know how/if the bwauths scan in any > order or just willy-nilly, (that's not entirely true, I know it's > segmented to some degree as I recall reading a blog post about how it's > chopped up) but... I'd be much less upset if my best relays worked and > my worst relays didn't. More complaining... bleh. > I hope to have a testable hypothesis as to why your faster relays suffer(ed) more than the slower relays - it could be that the fraction of network by capacity allocated to a particular scanner is not well balanced, and that fraction is taking significantly longer to measure. In order to evaluate that statement I need to understand the common characteristics of relays that become unmeasured/lose rank and see if they are from a similar segment of the network, and whether or not that segment of the network takes longer to measure than other segments. Another hypothesis is that your relays are on the boundary between two segments, and that a transition between scanner instances causes enough missed measurements to drop your relays. It would be helpful to know what rank the last good measurement your or other relays had before becoming unmeasured. It will require some cooperation with the existing deployed Bandwidth Authorities, in order to learn what their current scan times are - I will be writing some simple scripts to scrape these results so that we can collect and publish some useful heuristics about the scanner processes to better try and debug this problem. > > One thing I would like to point out though... it appears... These > problems have at least a casual relationship with MyFamily. > > One group of MyFamily is completely done - all of them stuck at 20. > Another group of MyFamily is working happily. > I've been doing some tests over the past few months trying to > understand > why I keep having problems, and one thing has consistently popped up... > MyFamily. That is very interesting, because MyFamily should have nothing to do with the scanner process at all - I'll need to think about this some more. > > As one of MyFamily lost consensus, another family gained consensus back > on or around the same time. > > Yes, especially nusenu, I know I'm supposed to have it all configured > to > be under 1 MyFamily... But in a way I'm glad I didn't, as the casual > relationship I see really could only be seen having done what I did. > > I say casual because I have no proof of causation. But... it is > interesting. If no one else has experienced similar problems, then I'd > chock it up to a completely unexpected unrelated set of mysterious > circumstances that should not have happened for which there is no > explanation. > > Aaron, if there is anything I can do to help you please let me know. If anything that I said above sparks a thought, please let me know :) > > > So in conclusion, I'm not done, I'm just not happy. > > This was supposed to be a short email, oops. > > > Matt > Speak Freely

1 0

default value (after reboot ) of controller.get_server_descriptor.uptime changed ?
by Toralf Förster 28 Jun '15

28 Jun '15

I do wonder, why a python script [1], lines 22 and 113, nowadays returns "00:00:00" for the uptime of my exit relay, when the system was rebooted, whereas in former times '00:01:01' (= 61 sec) was returned. FWIW the only local change before reboot here was to switch from Gentoo hardened kernel 4.0.6 to 4.0.6-r1. [1] http://www.zwiebeltoralf.de/pub/info.py -- Toralf pgp key: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 0076 E94E

2 1

be in time or not to be in time ?
by Toralf Förster 28 Jun '15

28 Jun '15

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hhm, found this in the log: Jun 28 03:58:37.000 [warn] Our clock is 1 minutes, 23 seconds behind the time published in the consensus network status document (2015-06-28 02:00:00 UTC). Tor needs an accurate clock to work correctly. Please check your time and date settings! NTP runs fine at this exit relay since months, and I found nothing in the log which would tell me that sth was wrong with the time. Any hints / explanations ? - -- Toralf pgp key: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 0076 E94E -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iF4EAREIAAYFAlWPuw0ACgkQxOrN3gB26U71+wD+PIH6JSVqR8SJ/43wwDZKNibH UdvUWwDG4eQQ5kn/3N4A/AydwluUvBMXXSy7fh+Zphg1dCUF+zq7jKmxzRYcAZ2A =bnzu -----END PGP SIGNATURE-----

2 2

More consensus weight problems
by Speak Freely 27 Jun '15

27 Jun '15

Just thought I'd throw it out there. About 5 days ago I setup a new relay - it's consensus weight is still at 20. Then, I noticed a relay I've been running for about a month all of sudden lost all of it's consensus weight. It was ~17000, now at 20. It's uptime is 25 days, and has downloaded 4.8TB and updated 5.0TB in that time. Normally, when I have a consensus weight of 20, I also see a measured speed in arm of 160b/s. However, my month old relay's measured speed is showing 136.7Kb/s. This relay was averaging 15-25Mbit/s up until today, but now jumps between 600Kbit - 8Mbit, but mainly between 800Kbit-2Mbit. My other relays with the same provider have not experienced this, nor have my relays with different providers. Just this one. The interesting one: https://atlas.torproject.org/#details/D60B02A13F5D9CAFD6EC27A5332C5FEF5B769… Matt Speak Freely

4 6

circuit_unlink_all_from_channel
by Logforme 26 Jun '15

26 Jun '15

FYI I run the relay 855BC2DABE24C861CD887DB9B2E950424B49FC34. Today I found a message in the log file I have not seen before: Jun 26 18:05:20.000 [warn] circuit_unlink_all_from_channel(): Bug: Circuit on detached list which I had no reason to mark Relay continues to run fine with 30 days uptime.

2 1

Re: [tor-relays] No Exit flag on Exit node
by spiros_spiros＠freemail.gr 25 Jun '15

25 Jun '15

Aha thank you, so simple! I will make the changes. Spiros Στις 25 Ιούνη, 2015, στις 19:18, ο Tom van der Woerdt <info(a)tvdw.eu> έγραψε: Hi, You need two of the ports [80,443,6667] allowed to get the Exit flag. Of these, your exit configuration only allows 80. Tom spiros_spiros(a)freemail.gr schreef op 25/06/15 om 20:19: Good evening all, An exit that I have been running for over one month now has not yet achieved the Exit flag in arm/atlas (I know it is working because regular spam/hacking/abuse emails I am receiving). I though this was related to recent bwauth issue, but have concerns now because the exit now has a Guard flag. I think the problem will lie in the torrc and some mistake in the config. Please can I ask for some advice on where the mistake might be? I have pasted torrc below, with sensitive information changed in the brackets <>. Thanks very much Spiros #:~ cat /etc/tor/torrc RunAsDaemon 1 DataDirectory /var/lib/tor ControlPort 9051 CookieAuthentication 1 ORPort 443 ORPort [<<valid IPv6 address>>]:9090 Nickname <<nickname of this exit>> RelayBandwidthRate 10 MB RelayBandwidthBurst 12.5 MB DirPort 9030 DirPortFrontPage /etc/tor/tor-exit-notice.html MyFamily <<nicknames of other exits and relays>> ExitPolicy accept *:20-23 ExitPolicy accept *:53 ExitPolicy accept *:79-81 ExitPolicy accept *:88 ExitPolicy accept *:110 ExitPolicy accept *:143 ExitPolicy accept *:1194 ExitPolicy accept *:5900 ExitPolicy accept *:8008 ExitPolicy accept *:8080 ExitPolicy accept *:8082 ExitPolicy accept *:8332-8333 ExitPolicy accept *:50002 ExitPolicy reject *:* ExitPolicy reject6 *:* IPv6Exit 1 DisableDebuggerAttachment 0 _______________________________________________ tor-relays mailing list tor-relays(a)lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays _______________________________________________ tor-relays mailing list tor-relays(a)lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

1 0

No Exit flag on Exit node
by spiros_spiros＠freemail.gr 25 Jun '15

25 Jun '15

Good evening all, An exit that I have been running for over one month now has not yet achieved the Exit flag in arm/atlas (I know it is working because regular spam/hacking/abuse emails I am receiving). I though this was related to recent bwauth issue, but have concerns now because the exit now has a Guard flag. I think the problem will lie in the torrc and some mistake in the config. Please can I ask for some advice on where the mistake might be? I have pasted torrc below, with sensitive information changed in the brackets <>. Thanks very much Spiros #:~ cat /etc/tor/torrc RunAsDaemon 1 DataDirectory /var/lib/tor ControlPort 9051 CookieAuthentication 1 ORPort 443 ORPort [<<valid IPv6 address>>]:9090 Nickname <<nickname of this exit>> RelayBandwidthRate 10 MB RelayBandwidthBurst 12.5 MB DirPort 9030 DirPortFrontPage /etc/tor/tor-exit-notice.html MyFamily <<nicknames of other exits and relays>> ExitPolicy accept *:20-23 ExitPolicy accept *:53 ExitPolicy accept *:79-81 ExitPolicy accept *:88 ExitPolicy accept *:110 ExitPolicy accept *:143 ExitPolicy accept *:1194 ExitPolicy accept *:5900 ExitPolicy accept *:8008 ExitPolicy accept *:8080 ExitPolicy accept *:8082 ExitPolicy accept *:8332-8333 ExitPolicy accept *:50002 ExitPolicy reject *:* ExitPolicy reject6 *:* IPv6Exit 1 DisableDebuggerAttachment 0

2 1

Qualities of a good relay (Sean Saito)
by saitosean＠ymail.com 25 Jun '15

25 Jun '15

I’m currently working with Dr. Virgil Griffith on Roster, a tor project that aims to reward relay operators with good relays. Right now we are brainstorming how to measure/quantify a good relay. Besides the obvious requirements of a good relay (e.g. speed, geo-diversity, constant uptime), what qualities make a relay valuable to the Tor network and its users? Thanks, Sean

9 9

Re: [tor-relays] Qualities of a good relay (Sean Saito)
by Magnus Hedemark 25 Jun '15

25 Jun '15

These ideas are quite good. I think it would be interesting for a partner organization like the EFF maybe to gamify Tor relay best practices by issuing Mozilla type merit badges [ http://openbadges.org/ ] to relay operators. Setting it up is not free, volunteer time is not free, but it's a way to recognize volunteers in meaningful ways that does not require sending out tee shirts around the world. Importantly, badges should also be revoked if a relay operator is found to be behaving in less than meritorious ways. This is easily done. [ https://github.com/mozilla/openbadges-backpack/wiki/Revoking-Issued-Badges ] Magnus : E0B7C731568AC72AE848EDE91F857A3FED19ED0B @Magnus919 Sent from [ProtonMail](https://protonmail.ch), encrypted email based in Switzerland. -------- Original Message -------- Subject: Re: [tor-relays] Qualities of a good relay (Sean Saito) Time (GMT): Jun 25 2015 15:12:17 From: moritz(a)torservers.net To: tor-relays(a)lists.torproject.org Hi Sean, On 06/24/2015 03:07 AM, saitosean(a)ymail.com wrote: > Besides the obvious requirements of a good relay (e.g. speed, > geo-diversity, constant uptime), what qualities make a relay valuable to > the Tor network and its users? George posted some ideas a while ago: https://lists.torproject.org/pipermail/tor-dev/2014-July/007181.html I also remember another list of "diversity criteria" that someone posted, but I can't remember who or in which thread. -- Moritz Bartl https://www.torservers.net/ _______________________________________________ tor-relays mailing list tor-relays(a)lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

2 1

Let's talk incentives: addressing the social questions
by Ori Shimony 25 Jun '15

25 Jun '15

Hi All, I am an undergraduate researcher at the University of Virginia looking into the Tor Incentives Problem. I recently started running an exit-relay and plan on finding effective ways of encouraging others to do so as well! As a student of Computer Science and Anthropology, I am prioritizing both the technical and social angles of Tor's ecosystem in my approach to this problem. Thus far, many of the unanswered social questions regarding motivation and Tor have barred progress in efforts to scale the relay community. It is my objective to move this issue forward by conducting systematic research on the human-systems underlying Tor while developing proposals grounded in these socio-technical realities. One idea I’ve had is to discuss these issues and potential approaches one-on-one with some of the individuals currently operating relays. I think it would be really helpful to hear your ideas, questions, and personal insights on relay-volunteering and its future. If you are interested please email me at os7hf(a)virginia.edu with dates/times that would be convenient for a Skype or phone call. For general questions, comments, concerns, etc. feel free to respond on the mailing list as well. Thanks, Ori

1 0