Hi all. I generate* the packages that make up those UbuntuCore relays and bridges you hear about some time in here.
I intended it to be a low-friction way normal joes can help Tor. There have been a good number of volunteers.
The automatic-update system of Snap means the security update of a few days ago gives some population info through download stats.
About 2200+ machines updated to last week's release. Almost all are amd64, though a few percent are i386 or armhf. I don't know of any arm64 yet. They're mostly desktops and servers. I see several new downloads every day.
Judging from the new Atlas, about 800 are have checked in to try to join the consensus, and a little more than 100 are active at any time.
Some working details: The package has a kill-switch so that it no longer starts after a few months of staleness (if I'm ever hit by a bus). At first launch, Tor creates a key and the last two bits of the key determines the role of the instance, with a 1/4 chance of becoming a obfs4 bridge. The default bandwidth limit is a modest 4 megabits per second. Also by default, it tries to punch holes in NAT to make itself available for incoming connections, but I don't have a lot of confidence that is often successful.
I remain on this list and am always happy to answer questions or suggestions.
* http://bazaar.launchpad.net/~privacy-squad/+junk/tor-middle-relay-snap/files
Dear Chad, The last I read from nusenu a few months ago was that you have tor is running as root, which sort of wiped it off my radar. Is that still true? I do like your idea of democratizing tor relays so normal people can run them.
TIA,
--torix
Sent with [ProtonMail](https://protonmail.com) Secure Email.
-------- Original Message -------- Subject: [tor-relays] UbuntuCore stats update Local Time: December 4, 2017 10:18 PM UTC Time: December 5, 2017 3:18 AM From: chad@cornsilk.net To: tor-relays@lists.torproject.org
Hi all. I generate* the packages that make up those UbuntuCore relays and bridges you hear about some time in here. I intended it to be a low-friction way normal joes can help Tor. There have been a good number of volunteers.
The automatic-update system of Snap means the security update of a few days ago gives some population info through download stats.
About 2200+ machines updated to last week's release. Almost all are amd64, though a few percent are i386 or armhf. I don't know of any arm64 yet. They're mostly desktops and servers. I see several new downloads every day.
Judging from the new Atlas, about 800 are have checked in to try to join the consensus, and a little more than 100 are active at any time.
Some working details: The package has a kill-switch so that it no longer starts after a few months of staleness (if I'm ever hit by a bus). At first launch, Tor creates a key and the last two bits of the key determines the role of the instance, with a 1/4 chance of becoming a obfs4 bridge. The default bandwidth limit is a modest 4 megabits per second. Also by default, it tries to punch holes in NAT to make itself available for incoming connections, but I don't have a lot of confidence that is often successful.
I remain on this list and am always happy to answer questions or suggestions.
-- Chad Miller chad.org gpg:a806deac30420066
Torix, that's still true. Snaps restrict syscalls so tightly that switching users is not possible.
- chad
On Tue, Dec 5, 2017 at 8:35 AM, Torix torix@protonmail.com wrote:
Dear Chad, The last I read from nusenu a few months ago was that you have tor is running as root, which sort of wiped it off my radar. Is that still true? I do like your idea of democratizing tor relays so normal people can run them.
TIA,
--torix
Sent with ProtonMail https://protonmail.com Secure Email.
-------- Original Message -------- Subject: [tor-relays] UbuntuCore stats update Local Time: December 4, 2017 10:18 PM UTC Time: December 5, 2017 3:18 AM From: chad@cornsilk.net To: tor-relays@lists.torproject.org
Hi all. I generate* the packages that make up those UbuntuCore relays and bridges you hear about some time in here. I intended it to be a low-friction way normal joes can help Tor. There have been a good number of volunteers.
The automatic-update system of Snap means the security update of a few days ago gives some population info through download stats.
About 2200+ machines updated to last week's release. Almost all are amd64, though a few percent are i386 or armhf. I don't know of any arm64 yet. They're mostly desktops and servers. I see several new downloads every day.
Judging from the new Atlas, about 800 are have checked in to try to join the consensus, and a little more than 100 are active at any time.
Some working details: The package has a kill-switch so that it no longer starts after a few months of staleness (if I'm ever hit by a bus). At first launch, Tor creates a key and the last two bits of the key determines the role of the instance, with a 1/4 chance of becoming a obfs4 bridge. The default bandwidth limit is a modest 4 megabits per second. Also by default, it tries to punch holes in NAT to make itself available for incoming connections, but I don't have a lot of confidence that is often successful.
I remain on this list and am always happy to answer questions or suggestions.
middle-relay-snap/files
-- Chad Miller chad.org gpg:a806deac30420066
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Chad MILLER:
Torix, that's still true. Snaps restrict syscalls so tightly that switching users is not possible.
Is it possible to start tor with a non-root user directly (without using tor's user parameter to drop privileges)?
On 11 Dec 2017, at 09:50, nusenu nusenu-lists@riseup.net wrote:
Chad MILLER:
Torix, that's still true. Snaps restrict syscalls so tightly that switching users is not possible.
Is it possible to start tor with a non-root user directly (without using tor's user parameter to drop privileges)?
Yes, but you must pre-configure tor's directories with the correct user and permissions. Tor has strict requirements for private key security.
If this doesn't work, let us know: there have been bugs in this code in the past.
-- Tim / teor
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n ------------------------------------------------------------------------
teor:
Chad MILLER:
Torix, that's still true. Snaps restrict syscalls so tightly that switching users is not possible.
Is it possible to start tor with a non-root user directly (without using tor's user parameter to drop privileges)?
Yes, but you must pre-configure tor's directories with the correct user and permissions. Tor has strict requirements for private key security.
Generally speaking tor supports it (FreeBSD does it) but my question was more towards Chad's tor snap package. Was your answer also for the snap?
thanks, nusenu
tor-relays@lists.torproject.org
-
Chad MILLER -
nusenu -
teor -
Torix