[tor-relays] Platform diversity in Tor network [was: OpenBSD doc/TUNING]

[Libertas]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Agreed. Thanks for pulling together the statistics, too. However, I'd
like to make an argument for OpenBSD specifically.

I openly acknowledge that, at least for non-experts (and I'm one of
them), OpenBSD isn't ideal for many uses. It isn't used much because
of its conservative/cautious philosophy and its lack of bells and
whistles. It doesn't have the greatest hardware support, it's a little
slower than FreeBSD and Linux, and it isn't very inviting for people
that don't know at least intermediate Unix.

However, there is at least one field in which OpenBSD has a big market
share: firewalls. It's perfect for this use because of its simplicity,
its great networking software (pf, etc.) and its bulletproof
out-of-the-box security. These same features make it excellent for Tor
relays as well.

It's possible that governments like China's are trying to hack Tor
relays in an attempt to deanonymize users. It's almost definite that
malicious hackers try to break into exit nodes to troll traffic. Even
an up-to-date, hardened Linux or FreeBSD system probably can't weather
all such attacks. For such a simple, single-use, security-critical
application, something as sturdy and impenetrable as OpenBSD is the
best option.

I would love to start a larger conversation about running Tor on
OpenBSD. I've been considering making a guide describing the process.
However, that violates the OpenBSD philosophy to some extent. They
tend to only help those who help themselves - in the long term, only
those who want to learn Unix and who RTFMs continue using OpenBSD.[1]
Hopefully, though, we can spark enough interest that node operators
will take that initiative. I know there's been a lot more interest in
OpenBSD on Hacker News et al. since the surveillance revelations.

[1] I hope this doesn't sound pretentious. I recognize that a lot of
people are busy or distracted, or simply don't want to make the time
commitment. That's reasonable.

Thanks for reading another rambling email,
Libertas

On 11/05/2014 04:04 AM, grarpamp wrote:
> On Tue, Nov 4, 2014 at 12:25 PM, Libertas <libertas at mykolab.com>
> wrote:
>> I think it would be a good idea to add OpenBSD to doc/TUNING
>> because [...] promoting OpenBSD relays benefits the Tor network's
>> security.
> 
> Absolutely. Not just due to OpenBSD's security positioning, but 
> moreso from network diversity. Windows is its own world. But if 
> you're a Unix admin there's no reason Linux should be deployed 20x
> more often than [Free/Open]BSD. It's ridiculously counter to
> meeting diversity goals, especially with bandwith weighting if one
> platform is getting grossly disproportionate traffic than another. 
> Just pick one of the two BSD's and run it instead. FreeBSD in
> particular is well suited to the OS and network needs of Tor. And
> knowing how to admin more Unixes will serve any admin well.
> 
> 5950 Linux 1593 Windows 173 FreeBSD 55 Darwin 44 OpenBSD 7 NetBSD 6
> SunOS 4 Bitrig 2 GNU/kFreeBSD 1 DragonFly 
> _______________________________________________ tor-relays mailing
> list tor-relays at lists.torproject.org 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJUWkNLAAoJELxHvGCsI27NjdwP/jic9VAaDu1fON/IZmaFu+gr
5CiuP8njzCQfKHSnN6QHFC0LSraipXqFOfHpK3HLN3Mf2BaC84eM0wkburB4fdfs
oqxg9cLii7YftzDTCCOyxC3FXhrpKueH6cWY2eJFvWKkFxOtBpSx/U+sP7ZX9NSW
syOL3KtvQ9MZqwgrCfx0xPwrQAshFqJaUf+nd5vwgiIFrLmKdnnOx3/63D9bBZ0b
Awid7ABFVerUDXi2bDbW++PgtPsZ9GZxgU+MzLzBITz+ZkW9pJmT5d9T6W4nAOEh
tLUCbakmdi5pBLZzSt9OlPuYfhoa7udl4cVKOeZo3iPrCTxLePUy5PYE0aZ7eVd6
e9DvXnepiYVFoLP/tUxNNDNwy4VX0x/3dy5bey9zy5Hd019z1U8mtlBWrb548qEz
s3WfzlJW30KTyLy8dVvE/MCgaE/VjanDLWtInLa5GinxwtV9pskXn4RdluM/m9qS
xznx/TLzdFzyOPtr834xtvMcuIG1BruFEHQJ80bG4cNmazBhYWly5pU96A6XKQm+
FQ+jD+7UvfAoHiilV9hX8dliC730ffKWTHyOv6CALUTe4o6HZkCYo2W4vKiuVwVa
11Z/V1jhk3hMDyA8hLlXjqbNCfzS7Hm2t8Ickuo0SOk2b0le7bGkFUu+5lIKmyG8
P9I/7pAf0HRWAautAnOM
=Qqad
-----END PGP SIGNATURE-----