[tor-relays] FreeBSD 11.1 ZFS Tor Image

George george at queair.net
Thu Mar 1 00:46:00 UTC 2018


Vinícius Zavam:
> 2018-02-25 21:23 GMT+00:00 Conrad Rockenhaus <conrad at rockenhaus.com>:
>>
>> On Sunday, February 25, 2018 3:05:00 PM CST George wrote:
>>> Conrad Rockenhaus:
>>>> Hello All,
>>>>
>>>> If anyone is interested, I have a RAW image of a FreeBSD 11.1 ZFS
> image
>>>> that is fully configured and ready to run Tor. Right now it's an
> eight GB
>>>> image, but I'm reducing the size by removing all of the extra stuff
> on it
>>>> from the upgrade from FreeBSD 11 to 11.1.
>>>
>>> I think it's great to ease the implementation of Tor relays,
>>> particularly on BSDs.
>>
>> My main thought process behind trying to ease the implementation of BSD
> relays
>> is the fact that we should diversify what we have online within the
> network.
>> Most of our nodes are Linux. What if we have another vulnerability that
> comes
>> out that hits Linux specifically again?
>>
>>>
>>> However, I'd be wary of an image that I didn't build myself, personally.
>>>
>> That's your opinion. The AWS relay project was very successful. Numerous
>> people ran an image that they didn't build. Numerous people also run
> Docker
>> containers that they didn't build. Numerous people run Vagrant boxes they
>> didn't build. You have the right to be weary, but there's numerous people
> out
>> there who run other people's images everyday.
>>
>>>> If you're interested in the image let me know. This image has been
> fully
>>>> tested on OVH's Openstack infrastructure, so if you're interested in
>>>> running it on their infrastructure, let me know and I can walk you
>>>> through it, or you're more than welcome to host is within my cloud at
>>>> cost (it's a low monthly rate and unlimited bandwidth).
>>>
>>> Another issue is that OVH is over relied upon for public nodes. It's the
>>> leading ASN with almost 15%.
>>
>> They're one of the few providers out there that allow exits. That's why
> 15% of
>> our exits are on OVH.
>>
>>>
>>> https://torbsd.org/oostats/relays-bw-by-asn.txt
>>>
>>> OTOH, I do think we (in particular BSD people) need to facilitate the
>>> implementation of BSD relays, including for VPS services for those
>>> looking to test the waters.
>>
>> I completely agree.
> 
> I wonder if people hosting Tor relays in any sort of VPS are doing
> filesystem encryption.
> 
>>>
>>> The TDP wiki has a list of other BSD-offering VPSs, plus a script for
>>> Vultur to build on OpenBSD. I tend to think using other people's scripts
>>> that can be reviewed and hacked is a better gateway for new relay
>>> operators than images.
> 
> you can combine the FreeBSD jails feature with your idea.
> plus, do not share many Tor instances on the same machine/server/jail.
> 

Actually, that raises a side point...

FreeBSD jails are usually viewed as a tool to create full system with
the glorious addition of root.

But they can also be used to build minimal chroot-looking systems, in
that they can be deliciously small, yet incredibly secure, especially
compared to chroot.

FreeBSD jails started as a simple http hosting solution a long while
back, very much a "unorthodox solution to a traditional problem." But
they have a utility that gets confused when they are considered
just-another-virtualization alternative to delude users into thinking
they have full system control.

<snip>

g

-- 


34A6 0A1F F8EF B465 866F F0C5 5D92 1FD1 ECF6 1682


More information about the tor-relays mailing list