- tor-relays - lists.torproject.org

06 Mar '14

Hello! I use tor-arm to manage my relay, at startup the following messages appear: [ARM_NOTICE] Unable to prepopulate bandwidth information (insufficient uptime) [ARM_NOTICE] Unable to save configuration descriptions (permission denied: '/home/username/.arm') Problem is the same for every user who runs arm (root, debian-tor) Already tried 777 this folder, and make "debian-tor" the owner - without success. Purge & reinstall does not change anything. I am running Ubuntu Server 12.04 x64. Whats wrong? best regards manu

2 1

(untrusted) Raspberry Pi binary .deb packages for Tor 0.2.4.18-rc
by Gordon Morehouse 06 Mar '14

06 Mar '14

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I've built Tor 0.2.4.18-rc for the Raspberry Pi and released unofficial packages[1]. They are signed with my GPG key, but as always, if you don't trust binary packages from some dude on the internet, please see the instructions to compile them for yourself[1]. 1. https://github.com/gordon-morehouse/cipollini/tree/master/raspbian_packages… 2. https://www.torproject.org/docs/debian.html.en#source Best, - -Gordon M. -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJSj5ghAAoJED/jpRoe7/ujpugIAL8U1aGVZQ4FSqCgRac0g4oW pqEGYT/aHI7GYX1J0ruS5kSjB7VGBqqskvb3LmWkSjMbJwX7MqTLbfUBj/wX8db8 sHTH/cdFNin3qazjrMnS0fe6bJ/AlimPcQSQfeEPQ3w5Wqk2Lb/qxVEY0cGxwYDn p6P4KItegJkWcT7pKHCcIkLcjUHjalS4N9xUOg0oFh1cXzA4YRrMbrmHuNuNYtOG OV09+56jlOJm6ApsYHNiDO/3lYB8xPnaMs8EbOVWUjBsh0kraTusXvNs9IquZEXd Pk83VhavdsiAmksz5u6q7+gVIXsBkwxTBlpybj5aWNOwze2D4DNe/eBKVzLTu2w= =7g1s -----END PGP SIGNATURE-----

2 1

Tor hidden services – a safe haven for cybercriminals
by an.to_n-73＠riseup.net 05 Mar '14

05 Mar '14

Hey folks! Something to read from Kaspersky Labs: https://www.securelist.com/en/blog/8187/Tor_hidden_services_a_safe_haven_fo… Interesting is, that Eugene Kaspersky hisself states in an interview: "We cooperate not only with the FSB, but also with the Americans and Brazilians, and with a variety of European agencies on security issues or cybercriminals. We sit a group of experts who break the code better than anyone in the world - perhaps only after the FBI. They understand, disassembles, analyze codes and understand what it is the best in the world. People come to us, "Guys, what is it?" - And we respond. We are not able to engage in all sorts of detective work, it's not our job, but we give them the information on which they continue to catch criminals. Or, conversely, we can see some information that may seem interesting to them, and we give them. Sometimes, in Germany looking for stolen laptops, we gave IPs" You can use Google translate to read the whole Russian interview in your language: http://lenta.ru/articles/2013/10/01/kaspersky Facing the overwhelming bulk surveillance I encourage everyone to start more relays/bridges! ==> Are there public statistics about the fraction of illegal content in/from Tor? Is it significantly more than in the "normal"net? We need some counter-arguments. Our "adversaries" will continue putting us in the criminal/terrorist/child-abuse category. But distributed P2P anonymizers like Tor, I2P, GNUnet, Bitmessage etc. are the only technology that helps against mass surveillance. Best regards Anton -- an.to_n-73 at riseup dot net PGP: 0B4C DF2C CB22 5DF4 25EA F212 49D1 ABF2 A2A9 7D7D Bitmessage: BM-2cTY8fuXGGXmh3fVgfQMaRCqTpgqp479ux (no metadata)

1 0

Advise on fully using a gigabit connection
by Jesse Victors 05 Mar '14

05 Mar '14

Hey everyone. I manage an exit at a university, and I recently moved it to a gigabit connection. I did some tests and the machine does appear to be capable of fully using the available bandwidth. Besides getting two Tor instances to run side-by-side on the same IP, is there anything else I can do to further contribute the connection besides waiting and maintaining uptime? I set my average and burst bandwidth limits to the maximum upload speed I have been able to achieve in my tests, is that an ideal setting? Please advise. Thanks.

3 3

TTTT - Reached 100 runs
by Sebastian Urbach 05 Mar '14

05 Mar '14

Dear list members, We are celebrating the century of submitted results, so to say. The "Trying Trusted Tor Traceroutes" project finally reached 100 completed runs from different ip's (not to mention the multiple runs). No one expected that just a few weeks ago when we were basically nowhere. Thank you very much for your support, you officially rock ! The data analysing is going on and hopefully we can draw conclusions from the collected data. The last time at the Chaos Communication Congress was not satisfying for all of us, but we are optimistic this time that there is sufficient data to do it. We will inform this list as soon as we have news. Thanks again from Anupam and myself (He's travelling at the moment) The project: http://web.engr.illinois.edu/~das17/tor-traceroute_v1.html The results: http://datarepo.cs.illinois.edu/relay_scoreboard.html -- Mit freundlichen Grüssen / Sincerely yours Sebastian Urbach ---------------------------------------------- Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. ---------------------------------------------- Benjamin Franklin (1706 - 1790), Inventor, journalist, printer, diplomat and statesman

1 0

Re: [tor-relays] tor-relays Digest, Vol 38, Issue 6
by herojideani＠live.com 05 Mar '14

05 Mar '14

PLS how does relay work and how can I set up my system to work with relay ----- Reply message ----- From: tor-relays-request(a)lists.torproject.org To: <tor-relays(a)lists.torproject.org> Subject: tor-relays Digest, Vol 38, Issue 6 Date: Tue, Mar 4, 2014 1:00 pm Send tor-relays mailing list submissions to tor-relays(a)lists.torproject.org To subscribe or unsubscribe via the World Wide Web, visit https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays or, via email, send a message with subject or body 'help' to tor-relays-request(a)lists.torproject.org You can reach the person managing the list at tor-relays-owner(a)lists.torproject.org When replying, please edit your Subject line so it is more specific than "Re: Contents of tor-relays digest..." Today's Topics: 1. Re: Single IP multiple OR Ports (Moritz Bartl) 2. Re: Exit Relay on VPS by WEDOS (dope457) ---------------------------------------------------------------------- Message: 1 Date: Tue, 04 Mar 2014 09:10:10 +0100 From: Moritz Bartl <moritz(a)torservers.net> To: tor-relays(a)lists.torproject.org Subject: Re: [tor-relays] Single IP multiple OR Ports Message-ID: <53158A62.1010306(a)torservers.net> Content-Type: text/plain; charset=ISO-8859-1 Hi, On 03/04/2014 08:19 AM, toxi roxi wrote: > With an upgrade to ubuntu 13.10 x64 there seem to be no more support for > aesni module - so it doesnt seem to be usable any more. With older > ubuntu releases it works. https://www.torservers.net/wiki/setup/server#aes-ni_crypto_acceleration Does this help already? > I've recognized that some configurations are running easily with an > higher throughput - but could not figure out whats the reason for it. > My VPS'es are almost running in an KVM environment - but the 2 fastest > ones running on OpenVZ hypervisor. I tried KVM and OpenVZ some years ago for high bandwidth relays, and couldn't get it to make decent throughput at all. I now run all our fast relays "on bare metal". > But anyway im interested on reactivating that function as it seems to > really speedup relay's speed. Unless you max out /all/ your CPU cores, you can and should simply spin up more Tor processes in parallel, one per CPU core, and limit their bandwidth so they never hit 100% CPU usage. -- Moritz Bartl https://www.torservers.net/ ------------------------------ Message: 2 Date: Tue, 4 Mar 2014 00:43:54 -0800 From: "dope457" <dope457(a)riseup.net> To: tor-relays(a)lists.torproject.org Subject: Re: [tor-relays] Exit Relay on VPS by WEDOS Message-ID: <0da23911717602772537f88415043d39.squirrel(a)fruiteater.riseup.net> Content-Type: text/plain;charset=utf-8 Thanks for the reply. Well, the bad thing is the ISP is already listed there as good one with no problem with exits. I also asked them about Tor before I even started and they acted cool... Best, dope457 > Hi, > > Thanks for going through the trouble of running an exit relay! > > On 03/04/2014 08:49 AM, dope457 wrote: >> Today, few weeks from last incident, they just pulled out ethernet cable >> from my VPS and I am not sure what to do. > > Looks like this ISP is not suitable for Tor exit relays. Please add it > to the https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs > page, and find a better one. I'm afraid there's not much else you can > do. Make sure to inform the ISP beforehand about the risks, be fast and > polite in answering abuse complaints, and as long as the ISP doesn't > know you well enough make sure the ISP of all places understands how you > handled the complaint and why. For example, for the POP3 case, you could > have offered to block POP3 altogether. > > In case you haven't seen it already, this is a must-read for exit > operators: > https://trac.torproject.org/projects/tor/wiki/doc/TorExitGuidelines > > -- > Moritz Bartl > https://www.torservers.net/ > _______________________________________________ > tor-relays mailing list > tor-relays(a)lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ------------------------------ Subject: Digest Footer _______________________________________________ tor-relays mailing list tor-relays(a)lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ------------------------------ End of tor-relays Digest, Vol 38, Issue 6 *****************************************

3 2

Single IP multiple OR Ports
by Felix 04 Mar '14

04 Mar '14

Hi to all - I have a question: In case there is a strong relay ie 1Gbit/s, enough cores and RAM so the HW is not limiting. Let's further assume only one IP. Could a single Tor daemon on Debian be a bottle neck? If yes, could be more performance to start two (or more) daemons and bind the first OR Port to :443 and the second to :8080. Both at the same 'eth' interface? Both OR Ports are based on the same IP so they would be the same family member. Thanks for your answer. My response might have some delay. Sorry for that. Regards, Felix ==========---------- - - - - - - - - - - ----------========== -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2.0.22 (MingW32) mQENBFL/5VoBCAC8l2gGmuy2hZf866dDkwzOvMkyJlfnFZU6T5LWe4uPIx0a8R1U cmj/Vut2yUCaJgvFpdOVA3mmXC58zoDeiW7Um6q6otD6BR2hXdgyBTAgqkQ0BsYx epb4UXBz/u3TJmv655fBnXeDgCB8L5BIkcsmX6EoBNUs6a3TPMhX3UXOtEKLXJeZ 2QtoDxwXqHNSmW7jLq+qkpriVDqxDTFv+muZRE+Zn/6PZpEASvpSdVdT/1giEMUL QQFIP6cBPY2GYIaNCO1dYRj9ebM7ewWjCiOiOw6/eylxan8vfFntgaPU3J7W2wJp RiRtUIjT+TDycVyNk7gy4wV2Rj8+58+Krk1tABEBAAG0IEZlbGl4IDx6d2llYmVs QHF1YW50ZW50dW5uZWwuZGU+iQE5BBMBAgAjBQJS/+VaAhsPBwsJCAcDAgEGFQgC CQoLBBYCAwECHgECF4AACgkQC2jb92rYqyMGxQf/d9oJf0qpgXZaUmcqujQ3DVsc uvYOnK2MJCpDIvvZYdQTcnG2jz8/na1ZyfAGeKhYZ18ypONwSQYthC17L5GHQ2H3 Pg/H0GARtx4aJR5TtIKnhPR8yYdlikCuTBb5QSFJUUtEz91SqDW7EXNbMC4RRSEd BWWirADCJWitoR3JCC13r+CF6TCFDluClAht/t56f7prBzARVYWmlbgYD2yx4Uzs FOl0vvhW2o9dpVaLZ6mSHAyNzefCFcNumRUxqa+V6nY94dd8BV8xH0lOd1xaMtZW HuxIU9Sbh13OlJyBAvVffVBL+4sEOpc8XB6Yl/pmyjEjUSvC7lP3T+Ix9Mnk/A== =kfXw -----END PGP PUBLIC KEY BLOCK-----

4 6

(no subject)
by Samual Carman 04 Mar '14

04 Mar '14

howdy i am interested in helping updating and patching the tor code van one of the developers contact me off list or some of you i am interested ih helping updating all parts of tor and any project of tor -- the wyer

1 0

Exit Relay on VPS by WEDOS
by dope457 04 Mar '14

04 Mar '14

Hello, I have been running Exit Relay for the last three months on VPS by czech company WEDOS. Even though I reduced exit policy ( https://atlas.torproject.org/#details/F12AFDB3FEC184E76944579579F762F1142C7… ) there were two "attacks" from this relay accompanied by abuse reports. 1) Jan 15 02:46:21 65.20.0.47 pop3: Failed password from 31.31.78.141 2) Dear Administrator, The CSIRT.CZ Intrusion Detection System has recorded connection attempt(s)from your hosts to our honeypots. This may indicate a security risk for your network and for the whole Internet. Would you please investigate this and/or inform all parties responsible that the following system(s)may be compromised? Both times I quickly replied with explanation it is Tor relay and offering further steps to do in case it is not going to stop. Today, few weeks from last incident, they just pulled out ethernet cable from my VPS and I am not sure what to do. I would like to contribute to the Tor network with this Exit and not just as a middle relay. Thanks for any suggestions, dope457

2 2

Problem encountered with Bandwith Authority algorithm (was : "bandwidth authority algorithm is cracked")
by julien.robin28＠free.fr 03 Mar '14

03 Mar '14

Hi everybody, 15 days, 16 hours and 15 minutes (without any restart) have passed since my 2 involved in this problem are restarted (started at the same time). And there is something very clear and interesting to see. They both have restarted from nearly zero (~100kB/s) in the first days, and a problem is still completly present on 1 of the 2 identity : -> The first one (the older one also) is stuck at less than 1MB/sec (5,510 in consensus weight) - ArachnideFR94 -> The second one is growing, growing and growing, now around 9MB/sec (and more than 75,000 in the consensus weight) - ArachnideFR94v2 It can be very clearly seen by observing graph on Tor Atlas. (But there is no more bandwith earthquake like I had on december.) On this machine, the first daemon is launched by /etc/init.d, while the second one is manually lauched via another non-admin user. No differences, same nice value, completely the same torrc file apart from nickname, DirPort, ORPort and MyFamily. Pretty large max bandwith for both of them : RelayBandwidthRate 25600 KB RelayBandwidthBurst 122070 KB ShutdownWaitLength 90 -- Into the log file : The only one difference was this (I just corrected it) - it was on the server that is working perfectly fine (ArachnideFR94v2) : Jan 30 06:07:03.000 [warn] Failing because we have 4063 connections already. Please raise your ulimit -n. [6978 similar message(s) suppressed in last 21600 seconds] Jan 30 12:07:17.000 [warn] Failing because we have 4063 connections already. Please raise your ulimit -n. [20004 similar message(s) suppressed in last 21600 seconds] -> Oops :s I know very well this problem and I just forgot to prevent it this time - Sorry for that - Corrected by editing /etc/security/limits.conf and adding some lines about the user used by my second tor daemon - I just restarted this one by SIGINT, wait and new launch (logged with a much better ulimit !) today at 12:35 UTC. Absolutely nothing else abnormal into the log of the 2 daemons. And the problem of ulimit was on the one that runs perfectly well! -- Any idea of why the first one is completely stuck at such a low value ? The next steps would be to set the 2 tor daemons on the /etc/init.d using the Multiple Tor Processes example at www.torservers.net on this machine, and to watch if ArachnideFR94v2 launched by /etc/init.d is still working as well as today. If no solution appears, may be trying to re-install the entire system, and watch what happens would be interesting. If still no solutions, it will be complicated to understand ! Best regards, and thank you in advance for your ideas Julien ROBIN

1 1