On Wednesday, February 28, 2018 6:46:00 PM CST George wrote:
Vinícius Zavam:
2018-02-25 21:23 GMT+00:00 Conrad Rockenhaus conrad@rockenhaus.com:
On Sunday, February 25, 2018 3:05:00 PM CST George wrote:
Conrad Rockenhaus:
Hello All,
If anyone is interested, I have a RAW image of a FreeBSD 11.1 ZFS
image
that is fully configured and ready to run Tor. Right now it's an
eight GB
image, but I'm reducing the size by removing all of the extra stuff
on it
from the upgrade from FreeBSD 11 to 11.1.
I think it's great to ease the implementation of Tor relays, particularly on BSDs.
My main thought process behind trying to ease the implementation of BSD
relays
is the fact that we should diversify what we have online within the
network.
Most of our nodes are Linux. What if we have another vulnerability that
comes
out that hits Linux specifically again?
However, I'd be wary of an image that I didn't build myself, personally.
That's your opinion. The AWS relay project was very successful. Numerous people ran an image that they didn't build. Numerous people also run
Docker
containers that they didn't build. Numerous people run Vagrant boxes they didn't build. You have the right to be weary, but there's numerous people
out
there who run other people's images everyday.
If you're interested in the image let me know. This image has been
fully
tested on OVH's Openstack infrastructure, so if you're interested in running it on their infrastructure, let me know and I can walk you through it, or you're more than welcome to host is within my cloud at cost (it's a low monthly rate and unlimited bandwidth).
Another issue is that OVH is over relied upon for public nodes. It's the leading ASN with almost 15%.
They're one of the few providers out there that allow exits. That's why
15% of
our exits are on OVH.
https://torbsd.org/oostats/relays-bw-by-asn.txt
OTOH, I do think we (in particular BSD people) need to facilitate the implementation of BSD relays, including for VPS services for those looking to test the waters.
I completely agree.
I wonder if people hosting Tor relays in any sort of VPS are doing filesystem encryption.
The TDP wiki has a list of other BSD-offering VPSs, plus a script for Vultur to build on OpenBSD. I tend to think using other people's scripts that can be reviewed and hacked is a better gateway for new relay operators than images.
you can combine the FreeBSD jails feature with your idea. plus, do not share many Tor instances on the same machine/server/jail.
Actually, that raises a side point...
FreeBSD jails are usually viewed as a tool to create full system with the glorious addition of root.
But they can also be used to build minimal chroot-looking systems, in that they can be deliciously small, yet incredibly secure, especially compared to chroot.
FreeBSD jails started as a simple http hosting solution a long while back, very much a "unorthodox solution to a traditional problem." But they have a utility that gets confused when they are considered just-another-virtualization alternative to delude users into thinking they have full system control.
<snip>
g
We could always make it more fun and throw FreeBSD/Docker on top of the mess:
https://wiki.freebsd.org/Docker
I was looking at Jails before, but I ruled it out because I'm looking at this project from the level of I'm running a VM on a OpenStack/VMware, or AWS infrastructure as a small VM dedicated to just Tor.
So the who VM is dedicated to just Tor. So, basically instead of virtualizing an environment already running in a virtual machine dedicated to the task of running that run task, I figured just keep things on the VM.
Of course, I may be looking at that wrong, but I think that would be the best option to weigh all of the factors that go into the project.
Conrad