On Wed, 05 Nov 2014 10:35:01 -0500, Libertas libertas@mykolab.com wrote:
Agreed. Thanks for pulling together the statistics, too. However, I'd like to make an argument for OpenBSD specifically.
It isn't very inviting for people that don't know at least intermediate Unix.
You're wrong, OpenBSD's documentation (and other BSDs' too) is awesome. I learn to use Unix systems with OpenBSD.
It's possible that governments like China's are trying to hack Tor relays in an attempt to deanonymize users. It's almost definite that malicious hackers try to break into exit nodes to troll traffic. Even an up-to-date, hardened Linux or FreeBSD system probably can't weather all such attacks. For such a simple, single-use, security-critical application, something as sturdy and impenetrable as OpenBSD is the best option.
You have to find OS vulnerabilities when the sysadmin does the job correctly. You think that all the relays have their (for instance) sshd configured correctly? (like PermitRootLogin set to no, no password and so on). And that's only one daemon.
I would love to start a larger conversation about running Tor on OpenBSD. I've been considering making a guide describing the process. However, that violates the OpenBSD philosophy to some extent.
What? One of the point of OpenBSD is to provide a correct documentation. The only problem is people asking for stuff which is already written down in the FAQ or in the man page.
Just write the guide, I'd be happy to review it. You can even ask for help on the Tor-BSD mailing list[1].
[1]: http://lists.nycbug.org/mailman/listinfo/tor-bsd
Cheers, Vigdis