[tor-relays] FreeBSD 11.1 ZFS Tor Image

Mon Feb 26 17:24:37 UTC 2018

2018-02-25 21:23 GMT+00:00 Conrad Rockenhaus <conrad at rockenhaus.com>:
>
> On Sunday, February 25, 2018 3:05:00 PM CST George wrote:
> > Conrad Rockenhaus:
> > > Hello All,
> > >
> > > If anyone is interested, I have a RAW image of a FreeBSD 11.1 ZFS
image
> > > that is fully configured and ready to run Tor. Right now it's an
eight GB
> > > image, but I'm reducing the size by removing all of the extra stuff
on it
> > > from the upgrade from FreeBSD 11 to 11.1.
> >
> > I think it's great to ease the implementation of Tor relays,
> > particularly on BSDs.
>
> My main thought process behind trying to ease the implementation of BSD
relays
> is the fact that we should diversify what we have online within the
network.
> Most of our nodes are Linux. What if we have another vulnerability that
comes
> out that hits Linux specifically again?
>
> >
> > However, I'd be wary of an image that I didn't build myself, personally.
> >
> That's your opinion. The AWS relay project was very successful. Numerous
> people ran an image that they didn't build. Numerous people also run
Docker
> containers that they didn't build. Numerous people run Vagrant boxes they
> didn't build. You have the right to be weary, but there's numerous people
out
> there who run other people's images everyday.
>
> > > If you're interested in the image let me know. This image has been
fully
> > > tested on OVH's Openstack infrastructure, so if you're interested in
> > > running it on their infrastructure, let me know and I can walk you
> > > through it, or you're more than welcome to host is within my cloud at
> > > cost (it's a low monthly rate and unlimited bandwidth).
> >
> > Another issue is that OVH is over relied upon for public nodes. It's the
> > leading ASN with almost 15%.
>
> They're one of the few providers out there that allow exits. That's why
15% of
> our exits are on OVH.
>
> >
> > https://torbsd.org/oostats/relays-bw-by-asn.txt
> >
> > OTOH, I do think we (in particular BSD people) need to facilitate the
> > implementation of BSD relays, including for VPS services for those
> > looking to test the waters.
>
> I completely agree.

I wonder if people hosting Tor relays in any sort of VPS are doing
filesystem encryption.

> >
> > The TDP wiki has a list of other BSD-offering VPSs, plus a script for
> > Vultur to build on OpenBSD. I tend to think using other people's scripts
> > that can be reviewed and hacked is a better gateway for new relay
> > operators than images.

you can combine the FreeBSD jails feature with your idea.
plus, do not share many Tor instances on the same machine/server/jail.

> It would actually be very easy to find tampering within a BSD operating
system.
> Again, you're welcome to your opinion, but this is no the first time an
image
> has been offered to assist people within in the network, and again, with
your
> view, let's get rid of the tor docker containers, the AWS AMIs, etc.
>
> Regards,
>
> Conrad
>
> >
> > http://wiki.torbsd.org/doku.php?id=en:bsd-vps
> >
> > g

--
Vinícius Zavam
keybase.io/egypcio/key.asc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20180226/38496356/attachment.html>