tomhek - the (new) biggest guard relay operator
Hi Tom, thank you for operating so many relays with such a perfect MyFamily configuration, you have become the biggest (known) guard relay operator on the tor network as of 2016-09-09 and once all your new relays will gain the guard flag your guard fraction will increase even further. https://raw.githubusercontent.com/ornetstats/stats/master/o/main_guard_opera... Unfortunately all your relays run in the most used guard capacity ASes, please consider choosing other ISPs as well when adding more relays to increase diversity. (A more diverse network should be considered more resilient to attacks and outages.) Considering digital oceans traffic pricing, I'm also wondering why DO is so popular? https://www.digitalocean.com/pricing/ regards, nusenu tomhek relays: +--------------+---------------------+-----------------+----------+ | nickname | as_name | IP | FP | +--------------+---------------------+-----------------+----------+ | DinoaurTor16 | OVH SAS | 5.39.76.158 | 0CD23887 | | DinoaurTor17 | OVH SAS | 5.196.73.86 | FA55B57C | | DinoaurTor18 | OVH SAS | 5.196.73.88 | 5959E696 | | DinoaurTor20 | ONLINE S.A.S. | 163.172.29.81 | E44B773C | | DinoaurTor19 | ONLINE S.A.S. | 163.172.211.135 | 5AD8B42D | | DinoaurTor24 | ONLINE S.A.S. | 163.172.29.9 | C61D1EA1 | | DinoaurTor21 | ONLINE S.A.S. | 163.172.38.173 | FB733C67 | | DinoaurTor22 | ONLINE S.A.S. | 163.172.38.175 | FBFE4534 | | DinoaurTor23 | ONLINE S.A.S. | 163.172.28.159 | 52E8508F | | DinoaurTor10 | Digital Ocean, Inc. | 45.55.162.210 | 434E2796 | | DinoaurTor14 | Digital Ocean, Inc. | 95.85.21.196 | CECA079E | | DinoaurTor12 | Digital Ocean, Inc. | 95.85.41.239 | 611CBC19 | | DinoaurTor9 | Digital Ocean, Inc. | 45.55.162.189 | 8F73A7FF | | DinoaurTor15 | Digital Ocean, Inc. | 188.166.58.190 | 2F479358 | | DinoaurTor3 | Digital Ocean, Inc. | 46.101.245.10 | C41F60F8 | | DinoaurTor2 | Digital Ocean, Inc. | 95.85.41.114 | 9B99C72B | | DinoaurTor5 | Digital Ocean, Inc. | 178.62.26.219 | 317E00F4 | | DinoaurTor13 | Digital Ocean, Inc. | 178.62.211.195 | 0DB81001 | | DinoaurTor11 | Digital Ocean, Inc. | 188.166.63.60 | B12A4EF2 | | DinoaurTor6 | Digital Ocean, Inc. | 45.55.159.232 | B70CFA35 | | DinoaurTor1 | Digital Ocean, Inc. | 178.62.12.24 | FCB6695F | | DinoaurTor4 | Digital Ocean, Inc. | 178.62.26.186 | F78F391C | | DinoaurTor7 | NULL (manual: DO) | 138.68.66.236 | CE91251C | | DinoaurTor8 | NULL (manual: DO) | 138.68.74.104 | FEA0CDB9 | +--------------+---------------------+-----------------+----------+ OVH, ONLINE SAS and DO are all within the top 4 guard capacity ASes: +------------+--------+---------------------+ | guard_prob | relays | as_name | +------------+--------+---------------------+ | 17.028 | 579 | OVH SAS | | 16.380 | 312 | ONLINE S.A.S. | | 9.678 | 373 | Hetzner Online GmbH | | 9.339 | 485 | Digital Ocean, Inc. | +------------+--------+---------------------+
On 11.09.2016 12:09, Markus Koch wrote:
That caught my attention, but browsing the DO pricing table and FAQs, I didn't see any notice that traffic would be free of charge? Don't all droplet servers have a traffic cap, as the pricing table would suggest? -Ralph
They do not bill traffic at the moment, this can change at will of DigitalOcean but atm there is no traffic limit and there is no extra traffic cost. I will move at once they start billing traffic. Markus 2016-09-11 12:24 GMT+02:00 Ralph Seichter <tor-relays-ml@horus-it.de>:
I asked this question as well. Currently, they don't have a way to monitor bandwidth, so they don't charge for usage. However, they ask that continuous transfer be limited to 300 Mbps. On Sep 11, 2016 5:46 AM, "Markus Koch" <niftybunny@googlemail.com> wrote:
On 11.09.2016 14:30, Markus Koch wrote:
So around 90 terabyte a month for $5. Seems fair :)
Yeah, it does, doesn't it... ;-) Leaves me with figuring out what Linux distro to use, as D.O. does not offer Gentoo. Debian or Ubuntu? Exclusive Tor use is what I have in mind. Your thoughts? -Ralph
Am 11.09.2016 um 15:53 schrieb Ralph Seichter:
I love using the Debian-to-Arch scripts to convert a DO Debian instance to Arch Linux. Works great and without any hassle (you could try several times if anything goes wrong :D). https://github.com/gh2o/digitalocean-debian-to-arch Best, Michael
No way to "add" an image .iso with the web interface ?
D.O. has images for Debian (8.5, 7.11), Ubuntu (16.04.1, 14.04.5, 12.04.5), but no Gentoo.
-- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5
Nope. You get root, so with a bit of creativity you could probably do whatever you want, but I don't think DO officially supports installing your own OS (and they might make assumptions about your OS version that cause you issues later) On Mon, Sep 12, 2016, at 21:20, Petrusko wrote:
Is there something special about D.O.? The server prices are quite high in my opinion.
Is there something special about D.O.? The server prices are quite high in my opinion.
SeFlow does not allow Tor nodes, though, if the good/bad isp wiki-page is any indication. Am 13.09.2016 um 16:14 schrieb Markus Koch:
--- Diese E-Mail wurde von Avast Antivirus-Software auf Viren geprüft. https://www.avast.com/antivirus
5$ for 512 MB RAM, 1 Core and 20 Gig SSD Space is actually bad if you ask me. Don't know if this is normal in the US but compared to my provider this is really expensive. That's why I asked if there's something special about D.O. that makes that price appropriate. It's like you're running a Rasperry Pi 1 with an SSD and a good Network for 5$/month. Am Di., Sept. 13, 2016 15:04 schrieb Tristan : Well, if $5 a month is high for you, I don't know what to say. On Sep 13, 2016 4:01 AM, "Admin Kode-IT" wrote: Is there something special about D.O.? The server prices are quite high in my opinion. _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org (mailto:tor-relays@lists.torproject.org) https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays (https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays)
I’m using Webtropia at the moment. There are worlds between a Rasperry Pi1 and the DigitalOcean VPS. $5 is dirt cheap. What provider do you use? Sent from my iPad
On Tue, 13 Sep 2016 15:26:05 +0000, Admin Kode-IT wrote: ...
It's like you're running a Rasperry Pi 1 with an SSD and a good Network for 5$/month.
A Raspberry doesn't do GBit. Also, you forget to mention the traffic; I pay somewhat more to have more traffic allowance at my hoster even though the lowest VPS are cheap. And apparently DO currently neither accounts traffic nor throw you out for 'abusing' 'unlimited' traffic, as some hosters do. Andreas -- "Totally trivial. Famous last words." From: Linus Torvalds <torvalds@*.org> Date: Fri, 22 Jan 2010 07:29:21 -0800
On Tue, 13 Sep 2016 15:26:05 +0000 "Admin Kode-IT" <admin@kode-it.de> wrote:
It's like you're running a Rasperry Pi 1 with an SSD and a good Network for 5$/month.
From my quick testing a DO droplet provides at least 6 times faster CPU than a Raspberry Pi 1, and more likely closer to 10-20x faster in real world usage. -- With respect, Roman
Hey, Since 1-2 months I'm using a VPS on this provider, don't want to advertise here, but only share my little experience: https://www.pcextreme.com/aurora/compute Starting price is 3€/month for a virtual machine - 20G SSD - 512 RAM - (Have to check bandwidth... hosted in a datacenter, so...) Bandwidth : fairly use... For a relay, never got a mail from them. About an exit, I don't know. I've imported a debian.iso in the web-interface, and possible to boot a custom install. Or of course you can use VPS templates...
Well, if $5 a month is high for you, I don't know what to say.
-- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5
On my last relay, the bandwidth max rate was set up to 20Mbits/s up+down, and no problem about this "1TB traffic" after 2 months with full bandwidth used ;) Sooo many TB were forwarded during those months without any mail or bottleneck on VPS router's side ;)
1 TB traffic :(
-- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5
On 09/13/2016 11:19 PM, Petrusko wrote:
I've had one complaint so far from an exit node within the last couple months -- they were awesome about it and have given me no trouble. Just gave the usual "this is a tor exit node" reply. See below for the example complaint. Dear User, We are contacting you because of unusual activity coming from your IP address towards the IT infrastructure of the European Commission. In specific, since 10/08/2016, IP *.*.*.* of Digital Ocean, located in the USA, has submitted a significantly large number of invalid VAT number requests as compared to the total number of requests (91,83%) towards VAT numbers of a multiple of EU Member States (MS) through the VIES on the Web service (http://ec.europa.eu/taxation_customs/vies/). For more information on Invalid VAT number requests please refer to FAQ, questions 7, 11, 12, 13 and 20 of the VIES on the WEB site (http://ec.europa.eu/taxation_customs/vies/faq.html). The scope of our team is to monitor on a daily basis the performance of the VIES-on-the-Web (VoW) service in order to ensure its performance in accordance with the standards agreed upon between EU's Directorate General for Taxation and Customs Union (DG TAXUD) and the EU Member States. Our objective is to secure constant and uninterrupted availability and flow of traffic (requests for VAT validation) at all times. Under this framework, our team intervenes whenever there is out of the ordinary, unusual and potentially suspicious use of the system that violates the rules of use as they are stated in the Specific disclaimer for this service, which is available at the VoW site (http://ec.europa.eu/taxation_customs/vies/disclaimer.html). Consequently, in order to allow flawless use of the service, we were obliged to block the access to VIES on the Web for the IP address *.*.*.*. Following our action, we would like to know if you are aware of this situation. Furthermore, your cooperation and contribution is necessary in order to determine the reason for this occurrence. Please inform us if this behaviour is normal and if such, how often it should occur; we would then take action to unblock the traffic coming from the corresponding IP address assuming you will agree to follow a set of rules as guidance for future use of the service. Best regards, ITSM VIES/Web Team -- Alecks Gates
If you're interested in knowing what happens when you scale up (in the USA), I recently went on a quest to move from a collection of virtual private servers to some sort of dedicated solution. * The cheapest I found in a tor friendly fully dedicated server is 70$/mo for 1Gbps transit (via OVH) * The cheapest 1 rack collocation I've found is 400$/mo for 1Gbps transit (via HurricaneElectric); this was substantially cheaper than most quarter and half rack colo options as well. This cost is broken out into two things * transit (when not using a discount network like HE) you can expect to pay upwards of $1000 / Gbit * power (and cooling), somewhere between 10~50$/mo per amp depending on how dense you are and if you want redundant A/B power. For not particularly dense installs on modern hardware, you can thumb about 1.5A per rack U. And that modern server is going to set you back a couple thousand as well (though you can get cheap 5year old hardware for a couple bucks if you have the power/cooling to spare.) I'm continually surprised by how cheap VPS providers can go. Either they're massively over-provisioning, or they get really good deals in bulk; probably both. ~Mwalker
This is somewhat inaccurate: OVH only allows 500Mbps download and 1Gbps upload, and does not even guarantee that 500Mbps for Tor and other (open) proxies. Guaranteed 1Gbps transit both ways will cost you another $105 per month until the end of September 2016, and $210 per month afterwards.
Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org
On 13.09.2016 00:01, Dave Warren wrote:
I know, and that's why I wrote "as D.O. does not offer Gentoo." ;-) I've settled for Debian 8.5 (Jessie), although being back on a 3.16.0 kernel feels odd. I do have to say that the DigitalOcean management UI is very smooth, and I guess the limited number of available Linux distributions is one of the hard to avoid downsides of providing customers with point- and-click server management. -Ralph
On 13.09.2016 12:34, Michael Armbruster wrote:
You all did read my message that Debian can be converted to Arch Linux on DigitalOcean, right?
Duly noted (speaking for myself only, of course).
That would leave you with bleeding edge software as you know it from Gentoo.
I checked https://www.torproject.org/docs/debian.html.en before settling with Debian Jessie. Using the newest stable Tor was my major concern, as Jessie comes with Tor 0.2.5.x, if I remember correctly. Getting packages from deb.torproject.org solves this. Beyond that I am mostly concerned with things like OpenSSL, where "cutting edge" is an important issue. I haven't used Debian for a long time, so I'll have to do some digging. -Ralph
If your concern is security you shouldn't use OpenSSL in the first place. My pick would be OpenBSD or Gentoo with LibreSSL if it's security wise. Stable is for servers great because bleeding edge might break once in awhile and for decent amount of uptime you want to keep it going without to worry about minor updates for packages. Kind regards, Y On September 13, 2016 1:00:24 PM GMT+02:00, Ralph Seichter <tor-relays-ml@horus-it.de> wrote:
-- PGP : 29A4CE52
Yep, there's no enforcement or extra billing for network traffic... at all. They have said this will change in the future.
participants (18)
-
Admin Kode-IT -
Admin Kode-it
-
Alecks Gates -
Andreas Krey -
Dave Warren -
Green Dream -
jensm1 -
Markus Koch -
Matthew Walker -
Matthias Fetzer -
Michael Armbruster -
nusenu -
Petrusko -
Ralph Seichter -
Roman Mamedov -
teor -
Tristan -
Xza