[tor-relays] We're trying out guard-n-primary-guards-to-use=2

2022-06-27 Thread Roger Dingledine 
Hi folks,

As part of the hackweek projects
( https://gitlab.torproject.org/tpo/community/hackweek/ ),
some of us are thinking about simple tweaks we can do to tune the network
to better handle this month's traffic overload.

The long term answer is to try out proposal 327:
https://gitweb.torproject.org/torspec.git/tree/proposals/327-pow-over-intro.txt
because we think a lot of the overload has to do with people sending
way too many intro cells to some onion services, and giving the onion
services ways to defend themselves is the only real answer.

But while we're thinking about implementing that proposal, one of our
earlier steps is to set the guard-n-primary-guards-to-use consensus
parameter from 1 to 2.

Now that it's taken effect (you can watch the votes at
https://consensus-health.torproject.org/#consensusparams ), this change
means that clients will now choose between two guard relays by default
(rather than just one) when building circuits.

This is potentially a big deal, since it puts us into a different point
in the performance vs safety tradeoff space.

Here is some reading for why we originally moved down to 1 guard by default:
https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters/
https://www-users.cse.umn.edu/~hoppernj/single_guard.pdf

But on the theory that some guards are way overloaded right now and
some aren't, giving clients two bites at the apple might make a dramatic
improvement in terms of reliable and consistent performance.

There is also some argument in favor of using two guards anyway. One
reason (explained more in proposal 291) is that there are already
some edge cases where clients use their second guard. And also, in the
glorious future, we will want to be using multiple guards because we
have switched to the multi-path Conflux design (proposal 329) -- though
we're not there yet.

So: I am giving you all here some early warning, in case you see anything
odd on the network when we make this change. Let us know if you do. :)

--Roger

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [Event] Tor relay operator meetup - June 25th @ 1900 UTC

2022-06-27 Thread gus 
Hello,

Thanks everyone for joining the meetup last saturday!

You can find the meetup notes below.

Thanks!,
Gus


## Tor Relay Operator Meetup - June 2022

### Notes

0. Review Agenda

1. Tor Project updates:
- Hackweek - https://hackweek.onionize.space/hackweek/talk/#0
  https://forum.torproject.net/t/online-hacking-week-at-the-tor-project/3594
- Sysadmin 101 workshop update
  
https://gitlab.torproject.org/tpo/community/relays/-/issues/36#note_2816664
- should it be repeated with tweaks or maybe other languages, or
  move on to a 200-level class?

2. The ongoing d(d)os:
https://status.torproject.org/issues/2022-06-09-network-ddos/

Ongoing attack for quite a while now. You might have seen the status page we 
set up:

- https://status.torproject.org/issues/2022-06-09-network-ddos/
- 
http://hctxrvjzfpvmzh2jllqhgvvkoepxb4kfzdjm6h7egcwlumggtktiftid.onion/hidserv-rend-relayed-cells.html
- https://metrics.torproject.org/hidserv-rend-relayed-cells.html

3. Tor 0.4.7.7 (0.4.7.8) update and Congestion control

4. Tor weather GSoC project
https://lists.torproject.org/pipermail/tor-relays/2022-June/020651.html

5. Relay operator transparency
https://gitlab.torproject.org/tpo/community/team/-/wikis/Expectations-for-Relay-Operators

6. Next meetup: we will announce on Tor relays mailing list :)

Note that there will be an in-person relay operator meetup at MCH in the
Nederlands, sometime in the July 22-26 range. Stay tuned for details:
https://mch2022.org/

7. Q & A

Add your questions here and we will try to answer them all!

- Because of DDoS. Has anyone with their own AS ever used the Team Cymru
  service? https://team-cymru.com/community-services/utrs/

If the answer from anybody is yes, please share your experience on
the tor-relays@ list!

- Is the current DDoS defense (tuning the number of circuits that can be
  built) actually working? Or is it denying service to honest users too?
  https://metrics.torproject.org/hidserv-rend-relayed-cells.html

Answer: nobody knows yet! Maybe we are harming performance for
honest users? Maybe we are reducing the DDoS or maybe we're not even
doing that? We will look further on Monday.

Long term the fix is to implement the proof-of-something proposals:
- 
https://gitweb.torproject.org/torspec.git/tree/proposals/327-pow-over-intro.txt
-https://gitweb.torproject.org/torspec.git/tree/proposals/331-res-tokens-for-anti-dos.md

It is unclear whether the current DDoS is the same as the one we saw
a year ago, where some jerk was trying to knock an onion service off
the network and they did it by sending millions of introduction
attempts. It seems plausible that it is related / similar.

- DDos: is it getting worse(10Gb/s normally upto 40Gb/s now)
http://hctxrvjzfpvmzh2jllqhgvvkoepxb4kfzdjm6h7egcwlumggtktiftid.onion/hidserv-rend-relayed-cells.html
- A few weeks ago we had 100Gb/s DDoS against our AS AS208294 in Berlin.
  Therefore my ixbge driver killing problems.

- It would be good to get some network team people attending these relay
  operator meetups -- to be able to answer questions and explain what
the network team has been doing on the network lately. (In some past
ones we had ahf and that was useful, but it doesn't necessarily need to
be ahf.)

- What are the links to the reddit discussion where people were
surprised to learn that the network health team was reaching out to
relay operators to meet them?
  - 
https://www.reddit.com/r/TOR/comments/v8nmdp/tor_relay_family_100_servers_blocked_for_refusing/
  - There is also a link on the forum with further discussion:

https://forum.torproject.net/t/tor-relay-family-100-servers-blocked-for-refusing-kyc-procedure/3607
  - The reality is much more nuanced than those people presented in that
reddit discussion. GeKo and gus explain in more detail.

- Is torservers.eu related to torservers.net? No

What is torservers.eu? Seems like a blank page? Must be fake,
torservers.net is actual leibi (CCCS)

- Speaking of relay operator meetups, who is going to MCH?
  - ahf has a Tor talk there. I hear a lot of people are going!
  - Add your name here if you want. :)
  - Artikel10 folks will be at MCH! <3
  
- what About the Gamification project That was  Presented 3 months ago?

It was a 3-month internship. We did part of the user experience
(UX). Because of timing, we made some mock-ups of the ideas. We
don't have capacity to move it forward quite yet but we still have a
goal of setting up a gamification portal. Ideally we want to integrate
these points into the metrics portal.

- Is there an output posted anywhere? Blog post? Collection of images?
Gitlab ticket?

Yes, it's all on gitlab:

findings:
- https://gitlab.torproject.org/tpo/community/relays/-/issues/41
- https://gitlab.torproject.org/tpo/community/relays/-/issues/39
- https://gitlab.torproject.org/tpo/community/relays/-/issues/38
mockups:
-

Re: [tor-relays] Relay "unmeasured" after update to 0.4.7.8

2022-06-27 Thread Georg Koppen 

Martin:

Hi all!

After updatering to the latest version, my relay consensus went down to 20
and was marked unmeasured. However it still serves a couple of thousand
connections (capped at 10 MB/s) and all flags are still there, but when I
try to use it to build a circuit manually it won't let me...


Which relay is that?

Georg


OpenPGP_signature
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays