-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Agreed. Thanks for pulling together the statistics, too. However, I'd like to make an argument for OpenBSD specifically.
I openly acknowledge that, at least for non-experts (and I'm one of them), OpenBSD isn't ideal for many uses. It isn't used much because of its conservative/cautious philosophy and its lack of bells and whistles. It doesn't have the greatest hardware support, it's a little slower than FreeBSD and Linux, and it isn't very inviting for people that don't know at least intermediate Unix.
However, there is at least one field in which OpenBSD has a big market share: firewalls. It's perfect for this use because of its simplicity, its great networking software (pf, etc.) and its bulletproof out-of-the-box security. These same features make it excellent for Tor relays as well.
It's possible that governments like China's are trying to hack Tor relays in an attempt to deanonymize users. It's almost definite that malicious hackers try to break into exit nodes to troll traffic. Even an up-to-date, hardened Linux or FreeBSD system probably can't weather all such attacks. For such a simple, single-use, security-critical application, something as sturdy and impenetrable as OpenBSD is the best option.
I would love to start a larger conversation about running Tor on OpenBSD. I've been considering making a guide describing the process. However, that violates the OpenBSD philosophy to some extent. They tend to only help those who help themselves - in the long term, only those who want to learn Unix and who RTFMs continue using OpenBSD.[1] Hopefully, though, we can spark enough interest that node operators will take that initiative. I know there's been a lot more interest in OpenBSD on Hacker News et al. since the surveillance revelations.
[1] I hope this doesn't sound pretentious. I recognize that a lot of people are busy or distracted, or simply don't want to make the time commitment. That's reasonable.
Thanks for reading another rambling email, Libertas
On 11/05/2014 04:04 AM, grarpamp wrote:
On Tue, Nov 4, 2014 at 12:25 PM, Libertas libertas@mykolab.com wrote:
I think it would be a good idea to add OpenBSD to doc/TUNING because [...] promoting OpenBSD relays benefits the Tor network's security.
Absolutely. Not just due to OpenBSD's security positioning, but moreso from network diversity. Windows is its own world. But if you're a Unix admin there's no reason Linux should be deployed 20x more often than [Free/Open]BSD. It's ridiculously counter to meeting diversity goals, especially with bandwith weighting if one platform is getting grossly disproportionate traffic than another. Just pick one of the two BSD's and run it instead. FreeBSD in particular is well suited to the OS and network needs of Tor. And knowing how to admin more Unixes will serve any admin well.
5950 Linux 1593 Windows 173 FreeBSD 55 Darwin 44 OpenBSD 7 NetBSD 6 SunOS 4 Bitrig 2 GNU/kFreeBSD 1 DragonFly _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays