Pardon the thread necromancy, but I'm wondering if this document ever made its way off this mailing list and onto a blog? Or perhaps there is some other modern doc covering this topic?
I've recently setup a relay on a Gb/s fiber connection, and am struggling to understand how to optimize performance. It's not clear 5 years later which if any of the tweaks listed below are still relevant. I'm running a modern debian-based system.
Thanks in advance.
On 07/22/2015 12:57 AM, Green Dream wrote:
We have https://www.torservers.net/wiki/setup/server . Most of the high bandwidth optimization parts are obsolete (and marked as such), modern kernels and modern OpenSSL do much better by default.
https://www.torservers.net/wiki/setup/server has excellent guidance for setting-up relays seriously.
Would those at Torproject think about linking to it from their installation guides?
Robert
On 07/22/2015 01:34 AM, I wrote:
https://trac.torproject.org/projects/tor/wiki/doc/TorExitGuidelines links to it, as well as to https://trac.torproject.org/projects/tor/wiki/doc/TorRelaySecurity . Both these pages could use some overhaul, but they're not too bad.
Moritz and all,
I mean no offence to anyone since we're all in this for the greater good, but really approaching joining the Tor community is pretty hard if you are not a Linux wiz and know about servers or a number of other things.
I have tried to look around the multitude of interconnecting links but a lot are out of sync slightly or are not clear because of presumed knowledge and understanding or are irrelevant because of evolution
Wouldn't it be better to be clear and neat in the way Torservers guides are? Would someone presume the Torproject installation guide was not complete and know where to look?
Robert
Robert: you're right. The group in general isn't very knowledge about Windows. I'm a Windows sysadmin and spent a long time deciphering the Tor documentation on windows and it's poor. Best info was another operator who posted on the mailing list months ago. I've reached out to the website maintainers and gotten radio silence on updating the Wiki for Windows. I've added other things to the wiki though (on exits). I'm a bit perplexed on the OS religiousness since we need more inclusive for Tor relays. We need a status of liberty, and the EFF's push isn't enough.
Sigh.... -Ben
-----Original Message----- From: tor-relays [mailto:tor-relays-bounces@lists.torproject.org] On Behalf Of I Sent: Tuesday, July 21, 2015 8:29 PM To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] How to Run High Capacity Tor Relays
Moritz and all,
I mean no offence to anyone since we're all in this for the greater good, but really approaching joining the Tor community is pretty hard if you are not a Linux wiz and know about servers or a number of other things.
I have tried to look around the multitude of interconnecting links but a lot are out of sync slightly or are not clear because of presumed knowledge and understanding or are irrelevant because of evolution
Wouldn't it be better to be clear and neat in the way Torservers guides are? Would someone presume the Torproject installation guide was not complete and know where to look?
Robert
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 22 Jul 2015, at 22:14 , Ben Serebin ben@reefsolutions.com wrote:
Robert: you're right. The group in general isn't very knowledge about Windows. I'm a Windows sysadmin and spent a long time deciphering the Tor documentation on windows and it's poor. Best info was another operator who posted on the mailing list months ago. I've reached out to the website maintainers and gotten radio silence on updating the Wiki for Windows.
What's the specific issue? Is it the (static) website, or the wiki, that you want to edit?
I've made all sorts of edits to the OS X portion of the wiki, and the only trouble I had was replacing an attachment. (But I could add another attachment as a workaround.)
The website, on the other hand, probably needs a Trac ticket logged or, even better, a patch submitted to get updates.
I've added other things to the wiki though (on exits). I'm a bit perplexed on the OS religiousness since we need more inclusive for Tor relays. We need a status of liberty, and the EFF's push isn't enough.
There are all sorts of security risks associated with an operating system monoculture (or a library monoculture, for that matter).
Once the OpenSSL monoculture developed a nasty rash of bugs (for example, heartbleed), alternatives were developed.
As Linux configurations are considerably more diverse than OpenSSL installs (were), it's less likely, but I'd hate to see something similar happen to Linux in general, or Tor-on-Linux in particular. Because a single bug in a common configuration carries the risk of compromising large portions of the Tor network.
And there are known state and non-state actors who would take a childish delight in making it happen.
As an aside:
The 20 July 2015 platform percentages on https://metrics.torproject.org/servers-data.html are: 87.9 Linux 6.9 Windows 4.5 FreeBSD 0.5 Darwin (OS X, OpenDarwin, …) 0.1 Other
It's an engineering question whether the proportion of any operating system should be increased or decreased in the Tor network. (Not a social question.) We could consider attributes like security, closed-source, performance, and ease of configuration, and many others, when making this decision; as well as the dangers of an OS monoculture.
Looking at the stats above, I wonder:
Should any OS comprise more than (for example) half the Tor network? Should OSs with poor security records comprise more than (for example) 10% of the Tor network? In total, or separately? Should closed-source OSs comprise more than (for example) 10% of the Tor network? In total, or separately?
I don't know the answers to these questions, but I wonder if we could reach a consensus on them. (Of course, a human consensus is very much a question of group culture, as much as it is of engineering tradeoffs. Are we dogmatically OS religious? I hope not.)
As these questions have been considered for the Tor Directory Authorities, perhaps a (relaxed) version could be used for the diversity of the entire network? (Is there a policy on OS diversity among directory authorities?)
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com pgp ABFED1AC https://gist.github.com/teor2345/d033b8ce0a99adbc89c5
teor at blah dot im OTR D5BE4EC2 255D7585 F3874930 DB130265 7C9EBBC7
I attempted to edit the following page under Win32 to add a Windows install guide and not able to (like I said, I was able to edit the exit page)
https://trac.torproject.org/projects/tor/wiki
And Under Win32 This page is 404 "Vidalia is a cross-platform controller GUI for Tor"
I'd like to get the Windows documentation much improved since there's a lot of good info out there and I have experience too.
-Ben
-----Original Message----- From: tor-relays [mailto:tor-relays-bounces@lists.torproject.org] On Behalf Of teor Sent: Wednesday, July 22, 2015 11:08 AM To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] How to Run High Capacity Tor Relays
On 22 Jul 2015, at 22:14 , Ben Serebin ben@reefsolutions.com wrote:
Robert: you're right. The group in general isn't very knowledge about Windows. I'm a Windows sysadmin and spent a long time deciphering the Tor documentation on windows and it's poor. Best info was another operator who posted on the mailing list months ago. I've reached out to the website maintainers and gotten radio silence on updating the Wiki for Windows.
What's the specific issue? Is it the (static) website, or the wiki, that you want to edit?
I've made all sorts of edits to the OS X portion of the wiki, and the only trouble I had was replacing an attachment. (But I could add another attachment as a workaround.)
The website, on the other hand, probably needs a Trac ticket logged or, even better, a patch submitted to get updates.
I've added other things to the wiki though (on exits). I'm a bit perplexed on the OS religiousness since we need more inclusive for Tor relays. We need a status of liberty, and the EFF's push isn't enough.
There are all sorts of security risks associated with an operating system monoculture (or a library monoculture, for that matter).
Once the OpenSSL monoculture developed a nasty rash of bugs (for example, heartbleed), alternatives were developed.
As Linux configurations are considerably more diverse than OpenSSL installs (were), it's less likely, but I'd hate to see something similar happen to Linux in general, or Tor-on-Linux in particular. Because a single bug in a common configuration carries the risk of compromising large portions of the Tor network.
And there are known state and non-state actors who would take a childish delight in making it happen.
As an aside:
The 20 July 2015 platform percentages on https://metrics.torproject.org/servers-data.html are: 87.9 Linux 6.9 Windows 4.5 FreeBSD 0.5 Darwin (OS X, OpenDarwin, …) 0.1 Other
It's an engineering question whether the proportion of any operating system should be increased or decreased in the Tor network. (Not a social question.) We could consider attributes like security, closed-source, performance, and ease of configuration, and many others, when making this decision; as well as the dangers of an OS monoculture.
Looking at the stats above, I wonder:
Should any OS comprise more than (for example) half the Tor network? Should OSs with poor security records comprise more than (for example) 10% of the Tor network? In total, or separately? Should closed-source OSs comprise more than (for example) 10% of the Tor network? In total, or separately?
I don't know the answers to these questions, but I wonder if we could reach a consensus on them. (Of course, a human consensus is very much a question of group culture, as much as it is of engineering tradeoffs. Are we dogmatically OS religious? I hope not.)
As these questions have been considered for the Tor Directory Authorities, perhaps a (relaxed) version could be used for the diversity of the entire network? (Is there a policy on OS diversity among directory authorities?)
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com pgp ABFED1AC https://gist.github.com/teor2345/d033b8ce0a99adbc89c5
teor at blah dot im OTR D5BE4EC2 255D7585 F3874930 DB130265 7C9EBBC7
That page is WikiStart and it's locked down (most users can't edit it, myself included).
You can edit or create any other page on the wiki, though. Is there an existing Windows install guide?
If not, a URL like https://trac.torproject.org/projects/tor/wiki/doc/WindowsRelayInstall should allow you to create the page WindowsRelayInstall.
Once the page is there, it should be easier to get it linked from the front page. Please log a Trac ticket for the link from WikiStart once the Windows install page is ready.
And Under Win32 This page is 404 "Vidalia is a cross-platform controller GUI for Tor"
We should get that removed. Vidalia is unmaintained. Please log a Trac ticket for this, too. It makes sure it won't get lost.
I'd like to get the Windows documentation much improved since there's a lot of good info out there and I have experience too.
Please do, with 6.9% of the network on Windows (#2 OS after Linux), the least we can do is document how to set it up correctly / securely, and any tradeoffs involved in using Windows vs Linux.
Tim
On Wed, Jul 22, 2015 at 11:08 AM, teor teor2345@gmail.com wrote:
with counts... 6042 Linux 83% 889 Windows 12% 220 FreeBSD 3% 71 OpenBSD 1% 41 Darwin .5% 10 NetBSD .1% 5 SunOS 4 DragonFly 4 Bitrig 1 GNU/kFreeBSD 1 ElectroBSD
Market share doesn't really say anything about ability to fill the relay role, after all, any well managed OS can run a daemon and pass packets relatively securely. If you're not bent on Linux, or are already on one OS, choose any other OS, learn something new. Diversity is not just about diversity in relays. Personal diversity feeds back into the crypto, privacy, freedom sphere in more ways than one.
On Fri, Jul 24, 2015 at 04:06:14AM -0400, grarpamp wrote:
Good point. This also may not be the revealing indication of market share. The distribution can be quite different if the question is not number of relays per platform but fraction of bandwidth by platform or probability of being chosen as exit (or guard, etc.) by platform.
aloha, Paul
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
+--------+---------+----------+--------+---------+ | OS | #relays | cw_fract | exit_p | guard_p | +--------+---------+----------+--------+---------+ | Linux | 5691 | 94.654 | 95.137 | 94.690 | | FreeBSD| 207 | 3.728 | 2.847 | 4.457 | | Windows| 473 | 0.547 | 0.390 | 0.103 | | SunOS | 5 | 0.507 | 1.172 | 0.336 | | OpenBSD| 67 | 0.313 | 0.233 | 0.171 | | Darwin | 29 | 0.126 | 0.090 | 0.115 | | Electr | 1 | 0.054 | 0.000 | 0.088 | | Bitrig | 4 | 0.032 | 0.128 | 0.000 | | NetBSD | 9 | 0.032 | 0.000 | 0.037 | | Dragon | 4 | 0.002 | 0.000 | 0.000 | | GNU/kF | 1 | 0.002 | 0.000 | 0.000 | +--------+---------+----------+--------+---------+
onionoo.thecthulhu.com's data from 2015-07-24 14:00 UTC (running relays only)
https://trac.torproject.org/projects/tor/ticket/14862 https://trac.torproject.org/projects/tor/ticket/6856
tor-relays@lists.torproject.org
-
Ben Serebin -
grarpamp -
Green Dream -
I -
Moritz Bartl -
nusenu -
Paul Syverson -
teor