Re: [tor-relays] Pool of IP Addresses

[Andreas Krey]

On Sat, 04 May 2019 23:41:19 +, Iain Learmonth wrote:
...
> It is not uncommon that a login session is tied to an IP address,

That is already broken, at least for mobile devices - switching
between WiFi and mobile data, and T-Mobile Germany also has the
habit of changing IPv6 addresses when moving bigger distances.

- Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] german plans on banning TOR

[Andreas Krey]

On Wed, 06 Mar 2019 21:19:23 +, niftybunny wrote:
...
> Thats every ISP on the world. Every ISP on the world lets you connect to the 
> internet.

No, that legislation is restricted to restricted-access sites, i.e. tor onion 
services,
or technially i2p as well (but nobody cares about that).

> What they want to do is outlaw the running of markets who promote drugs, 
> weapons and cheese pizza.
> Thats already the case. The just want it in one law so they don't have to 
> process several accusations.

No, they want to make the 'silkroad' operators more easily targetable.
At the moment you can operate a trading platform on an an onion site
and claim to not know what is actually traded on that platfrom. This
legislation feels like it is attempting to change that (probably
in reaction to the platfrom that faciltated selling the waepon
for the munich shooting).

As for the broadness of the text - basically unless you're an
onion site that isn't as well-known as walmart, you might always
find yourself to be considere to fall under this law.

It's not targeting tor node operators. Neither it is trying to
make the tor project into a criminal organisation - it's the
other way round trying to get at 'bad' onion site operators
even if they are not part of a traditional 'organization',
as in the internet time and gig economy there are les and
less such.

- Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Torproject onion-repo down (sdscoq7snqtznauu.onion/torproject.org) ?

[Andreas Krey]

On Tue, 15 Jan 2019 14:52:37 +, petra...@protonmail.ch wrote:
> Is it just me having issues - today, I couldn't reach the onion-repository of 
> torproject.org at sdscoq7snqtznauu.onion anymore.

Works for me. It's probably your tor node. I have the experience that
any given tor instance sometimes fails to access specific onions for
some hours. And then it just works again.

- Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Jerk spammers on tor-relays

[Andreas Krey]

On Fri, 21 Sep 2018 18:23:48 +, Ralph Seichter wrote:
...
> I'm not sure what type of spam you are referring to, but when I post to
> this mailing list I see spamming attempts that are directly targeting my
> MX, without using the mailing list infrastructure. The list admins would
> not be able to reliably correlate which subscribed address is "A" even
> if I shared my mail logs.

Create a dummy mail address. Make the list server send out mails from
that address very slowly at random times to the recipients. See when
the spam arrives on the dummy address. Repeat as many times as needed
to get sufficient correlation between spam arrival and mail distribution
timepoints.

- Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Jerk spammers on tor-relays

[Andreas Krey]

On Fri, 21 Sep 2018 16:57:29 +, Ralph Seichter wrote:
...
> Imagine an address A subscribed to this mailing list in a read-only
> fashion (a.k.a. "lurker"). A uses list posts as triggers to send spam
> from address B, which does not even need to be subscribed. How would
> the list admins ever be able to connect A to B?

Traffic modulation and analysis. Unfortunately that requires that every spam
addressee to respond quickly, and that mails to the subscribers are either 
selectively
suppressed or greatly delayed (both not very acceptable), to correlate resulting
spams with list adressees.

Don't want to enumerate obvious countermeasures by spammer here - at the end
it still can just resubscribe with a different address.

Probably only acceptably doable by only using postings made by agreeing
'spamtrap' posters, and letting the mailing list randomly delay only
those postings.

- Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Updating relay using killall -hup command

[Andreas Krey]

On Wed, 18 Jul 2018 15:01:36 +, Matt Traudt wrote:
...
> No. You have to restart the process, thus the relay. (Can you update any
> other program without restarting it entirely?

Wasn't exactly a feature but under SunOS/Solaris when you ran a program
from an NFS mount, and recompiled it, the compiler would write into the
existing file, and that would change the actual code mapping the program
ran on (in its process).

Needless to say, in most cases of nontrivial changes this just lead
to the program crashing.

- Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Is it possible to run a Web server and tor ORPort on the same port?

[Andreas Krey]

On Wed, 21 Feb 2018 21:38:56 +, pikami wrote:
...
> I was wondering if it's possible to run a Web server and tor ORPort on the 
> same port.

Not without code changes inside tor. There can only be one instance
who accepts the SSL connections. This would be reasonably be the tor
process, which would need an addition to act as a SSL terminator for
other domains/certs/SNI names, and forward those (decrypted) to some
nginx instances.

Unless, obviously, you have two IP addresses to use. Then it's just binding.

> Is there any way to accomplish this?

Erm, happy hacking. I don't expect to see something like this in the tor code 
base.

Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] No graph update for my relay in ATLAS

[Andreas Krey]

On Fri, 26 Jan 2018 08:40:46 +, teor wrote:
...
> > Clients address guards by their IP address, and they try hard
> > to only talk to their selected guard. If that guards hops to
> > another address, they have no chance of noticing that and
> > need to select another one.
> 
> When the client gets the new descriptor (1-4 hours after each change),
> it will use the new IP address. Until then, the client would use its other
> primary guard.

Obviously, I need to read up on the spec before making comments.

...
> This is probably why your relay does not have the stable and guard flags.

That isn't my node we're talking about here.

But mine (5B1F0DAF378A1FAFCFD5FA9CDC66D1023DC0276E) lost guard status 
as well in december, and I have no idea as to why either - except
possibly because of running a non-recommended tor version (i.e. too
bleeding edge release branch state). That is fixed since two weeks or so,
and the addresses never changed.

Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] No graph update for my relay in ATLAS

[Andreas Krey]

On Thu, 25 Jan 2018 19:06:40 +, Peter Ott wrote:
...
> release upgrade-. A change of the IP-adress seems to be handled fine by TOR.

That is only true for the client side.

> This change by the ISP occurs at least every 3 days or so).

Clients address guards by their IP address, and they try hard
to only talk to their selected guard. If that guards hops to
another address, they have no chance of noticing that and
need to select another one.

That makes your node pretty useless as a guard, and it shouldn't
be elevated to guard status.

- Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Marker branch for current tor release(s)

[Andreas Krey]

(Earlier reply has somehow vanished...)

On Mon, 08 Jan 2018 00:49:16 +, teor wrote:
...
> When there are multiple supported tor versions, which one should be stable?
> At the moment, we support 0.2.5 and 0.2.9 as long-term support, and 0.3.0 and
> 0.3.1 as regular releases.

The newest/highest, probably. Essentially the one also
proclaimed as stable on the source download page.

> Should stable be 0.3.1 (and change to 0.3.2 next week)?

Yes.

> Do you want a long-term support branch as well?

No. I just need one version to build a relay.

...
> If you want something that's easier to scrape, and signed, check for
> new source releases at:

Scraping would be a fallback.

...
> $ curl 
> http://197.231.221.211:9030/tor/status-vote/current/consensus-microdesc | 
> grep server-versions | tr "," "\n" | tail -1
> 0.3.2.8-rc

Basically current would be the highest non-rc on the list,
and alpha would be the -rc (or current if no -rc present).

Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] collecting info on Wikipedia blocking non-exits

[Andreas Krey]

On Tue, 02 Jan 2018 15:13:16 +, Alison Macrina wrote:
> Hi friends,
> 
> I'd like to collect some anecdata about this issue regarding Wikipedia
> blocking edits from Tor non-exit relays:
> https://trac.torproject.org/projects/tor/ticket/24758 
> 
> If you run a non-exit relay, would you be so kind as to go to
> wikipedia.org from that IP, click "edit" on any page, and report to me
> off-list if your relay is blocked or not? In your message, please give
> me your relay address and let me know if it's ever functioned as an exit

Wikipedia says:

  Your IP address is in a range which has been blocked on all wikis.

  The block was made by Masti (meta.wikimedia.org). The reason given is Open 
proxy.

Start of block: 18:42, 13 July 2017
Expiration of block: 18:42, 13 July 2018

   You can contact Masti to discuss the block. You cannot
   use the "Email this user" feature unless a valid email
   address is specified in your account preferences and
   you have not been blocked from using it. Your current IP
   address is 2a01:4f8:141:608d::2, and the blocked range is
   2A01:4F8:0:0:0:0:0:0/32. Please include all above details in
   any queries you make.

Interestingly they are blocking the entire /32 which probably means
all of Hetzner at least at that site. Which probably means they are
not using a tor-specific block list here.)

Unfortunately I don't have a non-tor-node server there to cross-check.

Tor node is 'fastlane'.

- Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Marker branch for current tor release(s)

[Andreas Krey]

Hi everybody,

https://www.torproject.org/download/download.html.en in the source code 'tab'
states the current stable and alpha version of tor.

Would it be possible to publish the current states as branches 'stable' and
'alpha' (or 'testing', or 'unstable') in the git repo?

That would help us tor-from-source builders to just fetch the repo, and
if the respective branch changes, to rebuild and redeploy. Looking for a
new release tag or screen-scraping said web page is a bit hairy, and feels
unnecessary.

- Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] git branch to run from?

[Andreas Krey]

Hi everybody,

what is the proper git branch to build and run a relay from?

So far I was on release-0.2.9 and just switched to release-0.3.2,
but it seems that on either what I pick up there isn't actually
a recommended version.

- Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] About relay size

[Andreas Krey]

On Mon, 02 Oct 2017 13:19:59 +, Scott Bennett wrote:
...
>  Huh?  What kind of ISP NATs its customers' connections?

All kinds of ISPs that were too late to grab enough IPv4 space
for their customer base. Here in germany these are mostly the
cable companies.

Also, generally mobile IP.

Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Some Dir Authorities blocked

[Andreas Krey]

On Sun, 17 Sep 2017 08:13:43 +, Scott Bennett wrote:
...
> connections to other relays somewhere, those of us using packet filters could
> include the rest of the missing addresses in aid of the connectivity you want.

I really don't see what the point is in this filtering. Any attacker
can just fire up its own relay and attack from there once its address
in the consensus.

Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Rate setting in tor

[Andreas Krey]

On Thu, 07 Sep 2017 22:56:17 +, r1610091651 wrote:
> RelayBandwidthRate 2048 KBytes
> RelayBandwidthBurst 2048 KBytes
> 
> But using arm, I'm seeing that tor is not honoring these settings, with
> bursts frequently exceeding the value.

That's the point of the Burst - there is a bucket that is
filled up with unused bandwidth, up to the Burst value,
and before the relay throttles down to RB-Rate it also
lets as many byte pass as the bucket currently has.

Means that with your setting your relay can pass up to
4 MByte in any given second (but not in every second).

- Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] blocking >1 connections per ip address onto Tor DirPort

[Andreas Krey]

On Tue, 15 Aug 2017 23:52:31 +, Toralf Förster wrote:
...
> Does a particular Tor server/client will open more than 1 connection at a 
> time from to the DirPort ?

Even if not per se, multiple (old) clients behind a common NAT may do so.

Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Tor exit nodes attacking SSH?

[Andreas Krey]

On Wed, 09 Aug 2017 10:58:01 +, Roman Mamedov wrote:
...
> Did you try ssh'ing into 8.8.8.8 (outside of Tor)? It does not run a public
> SSH server at all (obviously).

8.8.8.8 is (pretty certainly) anycast, and might have
different setups in different instances. But, being google,
they probably *are* identical.

ssh 8.8.8.8 just times out here.

Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Go home GeoIP, you're drunk.

[Andreas Krey]

On Mon, 07 Aug 2017 08:41:31 +, Alexander Nasonov wrote:
...
> It sounds like a country should be set by an operator in torrc rather
> than relying on GeoIP.

NSA: There are people excluding US exits? Just let's set some
of ours to india. (Where that is probably not their modus

...
> Does ExcludeExitNodes option change a number of packets/packet sizes sent
> or received by a client or do you mean a distributed fingerprint collected
> over a number of nodes?

When twitter notices one of their users always comes via tor,
but never from US exits, and $otherservice does the same, they
can collude and suspect that these two users are, in fact,
the same person.

Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] What kind of hardware do I need for my relay

[Andreas Krey]

On Mon, 20 Mar 2017 22:49:53 +, Farid Joubbi wrote:
> I do mean Megabits.
> I have learned a long time ago that Tor traffic throughput can't be compared 
> with ssh.

No, but it can be used to roughly judge what the hardware is capable of.
It doesn't help to throw more hardware at a node when it just doesn't get
more traffic from the network.

Last year one of my node's traffic increased about tenfold
in the span of a month, without reason or rhyme as seen in
https://blog.apk.li/2017/01/29/tor-relay-traffic-again.html

- Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] What kind of hardware do I need for my relay

[Andreas Krey]

On Mon, 20 Mar 2017 21:03:57 +, Farid Joubbi wrote:
> I have tried a Banana Pi Pro 1,2 GHz Allwinner A20 -> 10 Mbit/s max (debian)

You do mean Mbit/s and not Mbyte/s? Even my old raspi B (first gen)
needs only 30% CPU to process 12MBit/s (ssh), and my bananas transfer
data via scp at 6 MByte/s (also ssh).

- Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] What kind of hardware do I need for my relay

[Andreas Krey]

On Mon, 20 Mar 2017 22:27:59 +, Olaf Grimm wrote:
...
> My personal usage drives the internet line to full power, but Tor as my
> MIDDLE RELAY doesn't use the full internet line power.

Which is a good thing, by the way. Tor traffic is bursty, so when your
tor node actually saturating the link it means that the latency goes up,
which means poor user experience. (This is generally so in networks -
full pipes are bad.)

- Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] How can we trust the guards?

[Andreas Krey]

On Tue, 03 Jan 2017 11:34:19 +, Aeris wrote:
...
> And there is also an hardware bottleneck, because every components (mainly 
> ethernet & SD card here) are connected to the same physical USB controller 
> limited to 480Mbps for *overall* transfer (network + disk + others USB).

Which isn't that small. tor does not do disk (or 'other'), and 25MByte/s
is quite a lot - more than I can push with big iron due to traffic limits.

...
> No no, GB. 128GB is usual on server. We even begin to see 1TB RAM machine.

You mean 'this is what you usually get as a server machine',
not 'this is what tor typically uses, right?

Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] How can we trust the guards?

[Andreas Krey]

On Mon, 02 Jan 2017 08:28:52 +, Rana wrote:
...
> That US agencies are actively working to destroy anonymity of (hopefully only 
> selected, but who knows?) Tor users is an undisputable fact. Your implicit 
> assumption that Russia is also attacking Tor is, however, unfounded.

Now, what is the reasoning behind that?

> There is, however, ZERO evidence that they are going head to head with 
> America doing that.

Is there any evidence that America is doing this?
(Outside the snowden leaks, o/c, because they don't cover russia.)

> I believe that what is needed is changing Tor to accommodate a lot of small 
> relays running by a very large number of volunteers, and to push real traffic 
> through them.

And where do you want to get these?

Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] How can we trust the guards?

[Andreas Krey]

On Sun, 01 Jan 2017 23:54:03 +, Rana wrote:
...
> I do not see how Sybil attacks relate to my question. The adversary will 
> simply set up new nodes, without messing with attacking identities of 
> existing ones.

It will not go quite unnoticed when the set of major relays changes
substantially over a few months.

...
> That???s  $1million a year to control most of the Tor nodes., You call this 
> "costly"? This amount is a joke, a trifle, petty cash for any US or Russian 
> government agency. FIFTY times this amount is STILL petty cash, so in case 
> you think $20/month is not enough to run a relay, make it $1000 a month.

This assumes that there is only one entity wanting to do that.
When there are multiple the game isn't that easy.

Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] What's a "useful" relay?

[Andreas Krey]

On Sat, 24 Dec 2016 10:11:51 +, Rana wrote:
> @balbea16
...
> I am even more confused than you. My 1300 connections relay has a consensus 
> weight 
> 
>   of 38 (thirty eight). That???s less than 1% of your weight, despite having 
> 26% the number of connections you have.

Number of connections is a very indirect metric. Especially any
somewhat-used relay will have connections open to most of the bigger
relays, since the paths for which this relay is selected come from and
go to arbitrary relays, weighted by their bandwidth. So if you have
few connection, this is an indication that your relay doesn't get used
much. (My numbers are around 4000 and 2000 for the two of mine, with a
factor of eight between them in the carried traffic).

> Besides, I could never understand why people measure the ???size??? of the 
> relay by the number of connections.

I never noticed anybody did. The number of connections only come into play when

- your VPS has a connection limit that is too low,

- you're connected to the internet via a NAT/state-keeping router/modem/thingy
  that can't handle as many simultaneous connections.

> My guess is you can have a large number of dead connections.

Actually no. They time out. And probably actually yes, as many
connections may not be in use at a specific given point.

Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Unwarranted discrimination of relays with dynamic IP

[Andreas Krey]

On Thu, 22 Dec 2016 11:25:11 +, Rana wrote:
...
> I realize there could be pros and contras. Among the contras there could be 
> (for example) many small relays overloading the dirauths. I would like to 
> hear more about the contras.

A Pi running at its line speed isn't exactly a small relay.

...
> Additional info about my experiment: I have just fired up an additional relay 
> on Pi Zero. That's a fucking $9 Tor relay, including flash card and case.  
> Looks like an oversized USB stick and plugs directly into a USB port of a 
> computer. No need even for power supply.

Why wouldn't you run the relay directly on the connection/powering
computer? Also, is the external USB network interface included in
the pricing calculation?

- Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Tor relay from home - end of experiment?

[Andreas Krey]

On Wed, 14 Dec 2016 21:43:28 +, teor wrote:
...
> The bwauth calculations do take latency into account, and they should:
> if CPU usage or bandwidth are near their limit, the latency through the
> relay will be high.

I stand corrected.

I observed my relays (a few years ago) to often run into the bandwidth limit,
aka 'flatlining', and this having latency. I then started to set lower
advertised bandwidth, and this went away. Problem here is that these are
short-term event in relation to the bandwidth probes, so the probing
can't really control this.

...
> This has the drawback that relays located away from the US/Western
> Europe get poor scores.

What kind of latencies are we talking about here? And how much
latency makes up for what bandwidth?

Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Tor relay from home - end of experiment?

[Andreas Krey]

On Wed, 14 Dec 2016 12:46:58 +, Rana wrote:
>...
> I beg to differ. My experiment with two identical Pies in the same country 
> showed that the alleged volume that the relay can carry IS dependent on how 
> well it is connected to the specific DirAuths (which represent "particular 
> places in the world").

What I was pointing out is that a single relay suddenly started picking up
traffic after being way-too-long for months, without changing location. So
there seem to be more factors to it.

> On the other hand, your parenthesized sentence is very relevant - it seems 
> that you have given up on home based relay, too.

I have an uplink of a whopping 2MBit/s. There is no point running a
relay behind that anymore.

Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Tor relay from home - end of experiment?

[Andreas Krey]

On Wed, 14 Dec 2016 10:47:12 +, Rana wrote:

> I want to reiterate my opinion that Tor network is "mistreating" home-based 
> relays without good reason:

I was just about to jump in and state that it is similar with
lower-bandwidth regular relays, but I checked.  I have two relays, one new
(https://atlas.torproject.org/#details/5B1F0DAF378A1FAFCFD5FA9CDC66D1023DC0276E)
and one moved at that time
(https://atlas.torproject.org/#details/26220AEA188B8D0E47BB541E1A616EB3AD70295F),
and the latter was doing a lot less that you would suspect from ratio
of the advertised bandwith of the two relays.

But this apparently changed after two months of operation, and now q is
moving data as expected. So it seems patience does play a part here.
(See the year graphs.)

> A. The fact that the Authorities are located in West Europe and North America 
> does not mean that the USERS are there.

That does not matter - they themselves are well connected, and measure
bandwidth, not ping times. It might just be that home dsl providers
have bad peering, as rumoured for german telekom and some north american
providers. Putting bandwidth auths behind some net curtain would optimize
the bandwidth measurements for that specific curtain, which would not
help people behind other curtains with different holes/peerings. The
question is what volume a relay can carry, and not how well it is
connected to a particular place in the world.

- Andreas

> B.  There are about 7000 relays total, many of them probably limping just 
> like my 2 relays and not being useful. There are tens of thousands of Pi 
> owners who have their Pis just sitting there and many of them would be happy 
> to run relays if Tor network would let them do so usefully.

I may soon have an opportunity to hook up a pi to a sufficiently large
pipe. (My home connection makes such things pointless.)

Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Smallest, cheapest, lightest computer for tor relay

[Andreas Krey]

On Mon, 17 Oct 2016 08:18:51 +, Neel Chauhan wrote:
...
> The disadvantage of the PC approach is space and higher power 
> consumption, but the advantage is that you can use *BSD and Windows, 

At least NetBSD is available for raspberries, and bananapi as well.

Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] 'No space left on device' glitch causing log failure

[Andreas Krey]

On Mon, 10 Oct 2016 15:15:46 +, Geoff Down wrote:
...
> Needless to say, the disk is not full and 'tor' can write to that
> directory just fine now.

Question is whether it was full (or out of quota) at the time
of these messages. MacOS has/had a habit of throwing a few GB on
the disk and then removing them again.

Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

[Andreas Krey]

On Wed, 05 Oct 2016 14:52:53 +, Mirimir wrote:
...
> >> no? Why should "... ssh foo@w.x.y.z ... ssh bar@w.x.y.z ... ssh
> >> baz@w.x.y.z ..." get through, if it destroys exits? Maybe someone could
...
> >   for i in subdir/*; do ssh host mkdir -p "$i"; done
> > 
> > with an ssh-agent would look pretty exactly the same to the exit node.
> 
> OK, so I left out the "Permission denied, please try again." bits :)

The exit node doesn't see that - that's the point of ssh. It can
at best look at the session length and timing and infer flakily
from that.

Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

[Andreas Krey]

On Wed, 05 Oct 2016 13:48:19 +, Mirimir wrote:
...
> exits unpredictably unreliable. On the other hand, IPS that only blocked
> automated crap would be a win for real users, relay operators and ISPs,
> no? Why should "... ssh foo@w.x.y.z ... ssh bar@w.x.y.z ... ssh
> baz@w.x.y.z ..." get through, if it destroys exits? Maybe someone could
> forget their username. But maybe after 10-20 tries, can't we safely
> assume that they're brute forcing logins?

No.

  for i in subdir/*; do ssh host mkdir -p "$i"; done

with an ssh-agent would look pretty exactly the same to the exit node.

Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

[Andreas Krey]

On Wed, 05 Oct 2016 15:40:49 +, Ralph Seichter wrote:
...
> I can see what motivates you. Personally, I can't think of a scenario
> where I would use automation to set outbound traffic policies (inbound
> traffic is a different matter, fail2ban comes to mind).

How this? Everything to the OR port needs to pass in, esp. when you
act as a guard, and fail2banning the ssh port, hmm. Everything else
is closed anyway.

- Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] DigitalOcean pricing (Re: tomhek - the (new) biggest guard relay operator)

[Andreas Krey]

On Tue, 13 Sep 2016 15:26:05 +, Admin Kode-IT wrote:
...
> It's like you're running a Rasperry Pi 1 with an SSD and a good Network for 
> 5$/month.

A Raspberry doesn't do GBit. Also, you forget to mention the traffic;
I pay somewhat more to have more traffic allowance at my hoster
even though the lowest VPS are cheap. And apparently DO currently
neither accounts traffic nor throw you out for 'abusing' 'unlimited'
traffic, as some hosters do.

Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Exit relay funding

[Andreas Krey]

On Wed, 03 Aug 2016 13:40:03 +, t...@as250.net wrote:
...
> our support. Just to make it clear: "appreciate" in this context
> doesn't mean funding. All those yearswe didn't get as much as a "thank
> you!" from anyone.

Operating tor nodes is - like operating any
invisible infrastructure - inherently thankless.

...
> How's that for a "change in strategy"?

Well, sad. So long, and thanks
for the exit bandwith past.

Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Darknet Shenanigans [was: suspicious "Relay127001" relays]

[Andreas Krey]

On Wed, 06 Jul 2016 15:06:00 +, grarpamp wrote:
...
> https://boingboing.net/2016/07/01/researchers-find-over-100-spyi.html

Is there a way to make tor log connection attempts to any ports
on an hidden service address, independent of whether the port
actually has a HiddenServicePort?

> All quite expected and well known ever since the
> dawn of overlay networks. Same with the Internet.

Also, wasn't there a change that made discovery impossible?

Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Why are you using torproject's RPMs? (was: We need a new RPM maintainer)

[Andreas Krey]

On Thu, 16 Jun 2016 21:08:49 +, nusenu wrote:
...
> are you using torproject's RPMs (instead of those provided by your
> distro maintainer)?

Neither. I build from tor (and openssl) sources myself.

Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Bandwidth Fallen Off Drastically

[Andreas Krey]

On Mon, 14 Mar 2016 22:06:24 +, stea...@nym.mixmin.net wrote:
...
> What concerns me is that while running arm in graph mode, I rarely
> see the bandwidth rate steadily flow around 500kb/s.

It would surprise me if it did. I've posted two graphs
on http://blog.apk.li/2016/03/15/tor-relay-traffic.html
and these are already smoothed by lumping together several
minutes into individual plot points.

But, as you can see, the smaller relay is also
losing traffic slowly (it was recently moved to
a new host and IP, and was back to the previous
traffic pretty fast - within the hour or so).

Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Tor exit node companion

[Andreas Krey]

On Tue, 17 Nov 2015 13:29:30 +, Eran Sandler wrote:
...
> > Would serving port 25 also require a MX record in DNS, or do webiron and
> > others send mail direct to the relay regardless of MX records?
> >
> 
> It will require an MX record.

Not as far as I know. When there is no MX record on mynode.torexitnode.net
the A record on it will be used as the address of the SMTP server for that
domain.

Or did that change some time this millenium?

Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Delete keys on reboot

[Andreas Krey]

On Wed, 22 Apr 2015 22:56:31 +, CJ Barlow wrote:
 If I run
 
 rm -f /var/lib/tor/keys/* 21  /home/[me]/reboot.txt
 
 it  doesn't error (as long as I run it with sudo) but it also doesn't do
 anything,

You might do

(ls -lart /var/lib/tor/keys
 echo /var/lib/tor/keys/*
 rm -f /var/lib/tor/keys/*
 ls -lart /var/lib/tor/keys
 ) 21  /home/[me]/reboot.txt

too see if it does (and match) anything.

 checking *keys *shows it still contains files.

Sure that those aren't already regenerated keys
from a new tor instance?

Andreas

-- 
Totally trivial. Famous last words.
From: Linus Torvalds torvalds@*.org
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Reminder: exit nodes probably shouldn't be using Google's DNS servers

[Andreas Krey]

On Thu, 08 Jan 2015 18:20:42 +, eric gisse wrote:
...
 forwarders  = [ '2001:4860:4860::8844',
 '2001:1608:10:25::1c04:b12f', '2600::1' ],

What are these addresses? (Did I miss that upthread?)

Esp. the 2600::1 looks nice, and suitable for a certain magazine. :-)

(And the ::8844 is eerily similar to Google's 8.8.4.4.)

Andreas

-- 
Totally trivial. Famous last words.
From: Linus Torvalds torvalds@*.org
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] List of Relays' Available SSH Auth Methods

[Andreas Krey]

On Tue, 18 Nov 2014 18:10:02 +, Dan Rogers wrote:
 
 
 IMO there could occasionally be reasons not to use key logins (although 
 I do normally disable pwd login). E.g. if I have a key, I then have 
 evidence somewhere (USB/HD),

Oh, that ssh key? That is for accessing my home server on DSL.

You need to clean your .ssh/known_hosts with password auth just as well.

Andreas

-- 
Totally trivial. Famous last words.
From: Linus Torvalds torvalds@*.org
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Port-Based Best-Fit Circuit Selection

[Andreas Krey]

On Wed, 17 Sep 2014 19:40:02 +, Paritesh Boyeyoko wrote:
...
 The actual connection is fast enough to not suffer real latency issues, it's 
 just the relay doing the throttling 
 - do you think throttling to 0.5Mbit/s or 1Mbit/s will create issues of high 
 latency?

I've set the advertized bandwidth lower than the throttling bandwidth
the node uses. That way I apparently only get a share of the traffic
that the node can handle without actually running into rate limiting,
and there should be no issues with the latency in my node.

Andreas

-- 
Totally trivial. Famous last words.
From: Linus Torvalds torvalds@*.org
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Speed of my relay not correct on global list

[Andreas Krey]

On Mon, 21 Jul 2014 17:28:42 +, Josh wrote:
...
 There are exploits that do not require any interaction from the user.
 The sentiment that the rest of the list is trying to impress on you is
 that by running a Tor nod on XP you are potential putting the entire Tor
 network at risk to a malicious actor.

How more so than the malicious actor simply running his own node(s)?

Andreas

-- 
Totally trivial. Famous last words.
From: Linus Torvalds torvalds@*.org
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] NHS UK blocking Tor?

[Andreas Krey]

On Mon, 14 Apr 2014 23:37:35 +, Chris Whittleston wrote:
...
 Access DeniedYou don't have permission to access http://www.nhs.uk/; on
 this server.

I could access them this morning via tor (unfortunately
I can't tell which exit was used). May well be just
not-yet-blacklisted.

Andreas

-- 
Totally trivial. Famous last words.
From: Linus Torvalds torvalds@*.org
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Relays vulnerable to OpenSSL bug: Please upgrade

[Andreas Krey]

On Tue, 08 Apr 2014 17:01:18 +, Moritz Bartl wrote:
...
 immediately, especially larger relays. But don't worry too much, you'll
 get your flags back eventually. :)

But my name only very eventually?

Andreas

-- 
Totally trivial. Famous last words.
From: Linus Torvalds torvalds@*.org
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] is comcast throttling relays?

[Andreas Krey]

On Wed, 26 Feb 2014 07:47:31 +, Martin Kepplinger wrote:
 Am 26.02.2014 06:09 schrieb Andreas Krey:
...
 Do you have 4Mbit/s uplink? That would be
 the 250k which is kBytes/s, not kBit/s.
 
 That's 2Mbit/s i'd say.

Correct. I chalk that up to my cold. :-(

 I don't know what ISP that is but I think 
 private home connections sometimes are not as reliable as connections 
 in server plans from hosting companys.

At least 2MBit sounds more plausible than 4MBit.

Andreas

-- 
Totally trivial. Famous last words.
From: Linus Torvalds torvalds@*.org
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] is comcast throttling relays?

[Andreas Krey]

On Tue, 25 Feb 2014 19:43:02 +, Steve Rich wrote:
 Hey,
 I am running the following relay, and never see traffic going more than 250k. 
 Is Comcast throttling non-exit tor proxies?

Do you have 4Mbit/s uplink? That would be
the 250k which is kBytes/s, not kBit/s.

 https://atlas.torproject.org/#details/7E6183143778259F025576A5803E3334AB95CB01
   

Hmm. I'm not sure whether that looks like being rate-limited.

Andreas

-- 
Totally trivial. Famous last words.
From: Linus Torvalds torvalds@*.org
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [WARN] Your system clock just jumped 100 seconds forward; assuming established circuits no longer work.

[Andreas Krey]

On Tue, 18 Feb 2014 22:02:21 +, Zenaan Harkness wrote:
 My tor logs (running on Debian) are showing this warning:
 [WARN] Your system clock just jumped 100 seconds forward; assuming
 established circuits no longer work.

It may just be that your machine completely hangs for a while
occasionally; that will look to tor like a clock jump in that
direction. Either hard disk timeouts of some kind, or serious
swapping. If VM then also possibly the entire VM being starved
occasionally.

Andreas

-- 
Totally trivial. Famous last words.
From: Linus Torvalds torvalds@*.org
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Relay bandwidth

[Andreas Krey]

On Sat, 08 Feb 2014 11:56:23 +, Tora Tora Tora wrote:
...
 On a similar subject, is there a way to limit Tor's per connection
 speed, i.e., not total speed.

No.

 Assuming that a single connection carries
 only one conversation between two parties at a time, wouldn't limiting
 a single connection speed to, say 50-100Kb/s,

Actually, what would that be good for? As long as a relay is so lightly
loaded that the active connections each can have more than than, there
is no point in throttling them, and as soon as there isn't, they're
fair-share-throttled down below that anyway.

Andreas

-- 
Totally trivial. Famous last words.
From: Linus Torvalds torvalds@*.org
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Understanding bandwidth rate

[Andreas Krey]

On Wed, 11 Dec 2013 04:14:41 +, BugZ wrote:
...
 If the amount of data is not measured relative to time, how is it relevant?
 
 the internal variable is Relay_*Bandwidth*_Burst
 
 Doesn't bandwidth infer rate?

You'd think, but it doesn't here. The algorithm is as follows: There is a
variable that holds the current number of bytes allowed to be transferred.

As long as it is smaller than the next packet to be transferred, the
packet is kept waiting.

The variable is decreased by the size of each packet transferred, and is
increased by BandwidthRate's value every second(*). It is also limited
to BandwidthBurst's value. That means, when BandwidthRate hasn't been
used up recently the node may transfer up to BandwidthBurst bytes as
fast as it can.

But describing BandwidthBurst as bytes per second is pointless because the
burst isn't something that can happen *every* second; the burst just can
(or can't, depending on the hardware and values) happen within a single
second (or a millisecond).

The BandwidthBurst is simply the amount of bytes the node may transmit
at max speed if it hasn't used up the BandwidthRate previously.

Andreas

(*) Or a tenth of the per-second value every tenth of a second,
or one every 1/BandwidthRate seconds.

-- 
Totally trivial. Famous last words.
From: Linus Torvalds torvalds@*.org
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Proper bandwidth units [was: Exit nodes on Gandi]

[Andreas Krey]

On Sat, 23 Nov 2013 02:50:03 +, grarpamp wrote:
  Why not just accept KB/sec, KiB/sec, GB/mo, GiB/mo in the config file?
 
 Because KB/sec would be rejected as not conforming to
 either SI or IEC prefix specs.

Why so? The SI prefix spec only specifies that K means 1000,
it does not limit the base units. (And neither bytes not bits
are SI units.)

Andreas

-- 
Totally trivial. Famous last words.
From: Linus Torvalds torvalds@*.org
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Proper bandwidth units [was: Exit nodes on Gandi]

[Andreas Krey]

On Mon, 18 Nov 2013 00:26:32 +, Roger Dingledine wrote:
...
 I understand your perspective, but Tor is an overlay application just
 like bittorrent. Tor moves bytes around. It happens that it moves the
 bytes over the network,

Is there anything nowadays that does move data on networks
in finer grain than bytes?

Andreas

-- 
Totally trivial. Famous last words.
From: Linus Torvalds torvalds@*.org
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Proper bandwidth units [was: Exit nodes on Gandi]

[Andreas Krey]

On Mon, 18 Nov 2013 00:14:15 +, grarpamp wrote:
...
 People, can we please mind using the proper units.

How is 'bytes' improper when that is the basic transfer unit of TCP/IP,
and half of the underlying protocols? The only ones who really don't
care about bytes are the layer 1 guys.

 I know Tor doesn't make it easy because Tor itself incorrectly
 uses Bytes. But Tor is a network application, and real network
 apps are measured in 'bits per second',

So, neither scp nor wget are real network applications? Nor ftp, nor firefox?

Andreas

-- 
Totally trivial. Famous last words.
From: Linus Torvalds torvalds@*.org
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Traffic in port 9050 in a relay (denial of service attack?)

[Andreas Krey]

On Tue, 05 Nov 2013 14:09:40 +, Thomas Hand wrote:
...
 Also, use iptables! If it is a dedicated VPS then drop anything you dont
 recognize,

What for? The ports that you want to block are rejected by the kernel
anyway, as there is no one listening. (The minor added protection that
malware needs to be root to disable iptables and effectively listen -
is that worth the work?)

Andreas

-- 
Totally trivial. Famous last words.
From: Linus Torvalds torvalds@*.org
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Amazon abuse report

[Andreas Krey]

On Thu, 31 Oct 2013 10:43:41 +, Paritesh Boyeyoko wrote:
...
 This is something which has always confused/annoyed me.  How can a Tor node 
 (unless it's exposing its SOCKS interface to the whole world) be classed as 
 an 
 open proxy?

The 'open proxy' is simply a tag on the IP address; it does not say that
the openness actually exists at that address.

 Yes, Exit Relays exit to the clear Internet but they're not exactly open to 
 clients for connection (unless specifically configured that way).

Oh, but they are. Anybody with a tor client can use them, and if only a
single tor client is run with its socks port exposed then all of the
exit relays become 'open proxies' more along your definition.

Andreas

-- 
Totally trivial. Famous last words.
From: Linus Torvalds torvalds@*.org
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] node list or moral discussion forum

[Andreas Krey]

On Mon, 02 Sep 2013 21:39:35 +, Yoriz wrote:
 That Guy wrote:
  to remove this soap opera from a technical mailing list.
 
 
 Soap opera? Apparently you are missing the point.

The soap opera was the part where someone tried to filter tor traffic
on moral grounds which is obviously not feasible.

 Obviously malware writers will use Tor for various purposes, but connecting 
 to a CC via Tor would not make sense since they have the largest anonymising 
 botnet themselves.

It would still be the question what the botnet is for - anonymization
isn't usually the goal. Using a hidden service for CC access gets you
around all the stuff with fastflux deployment.

Which in turn makes me wonder: How much code change and deployment
would it take to take down (as in 'make inaccessible via the tor
network') a given hidden service?

Andreas

-- 
Totally trivial. Famous last words.
From: Linus Torvalds torvalds@*.org
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] A bit more evidence on circuit creation storms

[Andreas Krey]

On Thu, 29 Aug 2013 19:35:37 +, Gordon Morehouse wrote:
...
 Aug 29 18:19:14.000 [notice] Your network connection speed appears to
 have changed. Resetting timeout to 60s after 18 timeouts and 172
 buildtimes.

Random data point: I had these yesterday on a VPS-based relay.

 My main question:  How do circuit creation requests on one's Tor relay
 cause load on one's network infrastructure?  Is it DNS requests?  Is
 it TCP connection state entries?  It's not bandwidth, we observed that
 above, and my router can handle far faster pipes than the one it's on
 currently.  The DNS failing is a sign that the router is under severe
 stress.

Possibly your uplink is full (supposing you're on some DSL), and is
starting to build up ping time; then DNS requests to the outside can
start to timeout.

Andreas

-- 
Totally trivial. Famous last words.
From: Linus Torvalds torvalds@*.org
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] new relays

[Andreas Krey]

On Tue, 27 Aug 2013 11:08:34 +, Jon Gardner wrote:
...
 Then why have exit policies?

To keep spammers at bay (or getting your exit blacklisted);
to keep traffic at bay (bittorrent), to keep law harrassment
at bay (again bittorrent, others as well).

 Exit nodes regularly block unwelcome traffic like bittorrent, and there's 
 only a slight functional difference between that and using a filter in front 
 of the node to block things like porn

THe point is that the exit policy is a decision of the exit operator
in question, not of the network as a whole. If you want to access
something you just need to find some exit that allows it.

Who should even decide what 'porn' means, or do you expect each
exit operator to maintain his own blacklist?

 The very idea of Tor is based on moral convictions (e.g., that personal 
 privacy is a good thing, that human rights violations and abuse of power are 
 bad things, etc.). So Tor is most definitely not neutral, nor can it 
 be--because, if it is to exist and flourish, those moral convictions must 
 remain at its foundation.

No. The underlying conviction of tor is that communication shall be free,
not censored. Besides there is pretty little whose transport via a
network should reasonably be illegal.

 One cannot on the one hand claim that human rights violations are wrong 
 while on the other hand claiming that pornography (especially child porn) is 
 right. If one wants further proof that Tor has a moral component, one has 
 only to visit http://www.torproject.org, click the About Tor link, and 
 notice the discussion points. I doubt that anyone could convince the Tor team 
 to add ...for unfettered access to pornography... as a bullet point under 
 Why we need Tor.

No. But if you want to ensure unfettered access to X, that necessarily
implies unfettered access ot Y, for any values of X and Y. Any mean to
disable access to Y implies that the tor network can be forced as well
to disable access to X.

 The Tor devs go to great lengths to try to keep evil governments from using 
 Tor against itself. Why not devote some effort toward keeping evil traffic 
 off of Tor? Given the fact that we need more relays is the common mantra, 
 it seems to me that if the Tor community could come up with a technical 
 answer to address at least some of the most egregious abuses of Tor--things 
 like child porn, or even porn in general, that either have nothing to do with 
 Tor's foundational mission, or (like child porn) are antithetical to it--the 
 result would be greater public support for the technology, and a wider 
 deployment base.

What do you think how long it takes, when we block X, we start getting
requests (or worse, think NSL) to block Y. The moment tor gets a global
block list I will pull the plug on my relays.

Besides: You didn't mention any idea how to actually find and enumerate
the things you apparently want to block. Or how not to overblock. There
isn't even a government entity that has this problem solved.

Andreas

-- 
Totally trivial. Famous last words.
From: Linus Torvalds torvalds@*.org
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] new relays

[Andreas Krey]

On Tue, 27 Aug 2013 23:12:01 +, Tor Exit wrote:
GET /index.php?file=../../../../../../../etc/passwd
 
 Why not employ similar techniques on a Tor exit? We can be 100% sure about 
 the malicious intent.

No, you can't be sure. That request could quite well be totally legitimate;
you are not in a position to judge for the site owner.

(I'm just fighting against a 'transparent proxy' that thinks
POST with more than 1000 bytes are evil. Please don't add
more points of failure to an already fragile web.)

Andreas

-- 
Totally trivial. Famous last words.
From: Linus Torvalds torvalds@*.org
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Config Tor Exit Node

[Andreas Krey]

On Wed, 21 Aug 2013 18:04:53 +, var wrote:
...
 The exit node is directly plugged in to the gateway. Its an DIR-655 
 http://support.dlink.com.tw/ which just have to run our internet 
 traffic + the tor exit node.

Does the exit node get a public IP address there?

...
 Problem is that when the node is running i lose my internet on every 
 other PC around. Connection is still there but it take years to resolve 
 the namesso i figured it must be an DNS problem.

It may also be that your uplink is simply building up some delay
when under heavy traffic (esp. uplink). I've seen ping times go
up to several seconds on smallish DSL links under heavy upload
so that DNS resolution times out.

Try to run, like, 'ping 8.8.8.8' and look at the ping times.

(8.8.8.8 is one of google's DNS servers, but that is only relevant
as I can remember that address; we just need the ping replies.)

Andreas

-- 
Totally trivial. Famous last words.
From: Linus Torvalds torvalds@*.org
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Home broadband - worth running a relay?

[Andreas Krey]

On Tue, 30 Jul 2013 19:48:22 +, Gordon Morehouse wrote:
...
 True.  And veering OT, but have you tried mosh yet?  It's ideal for some
 situations over Tor, or where the client changes connections often.

No, I built something for that situation myself around the same time
and am just rewriting it. (Just a transport, no terminal prediction,
with the intention of also using it as a transport plugin for tor
bridge access.)

Btw. if mosh 'works over tor' you may want to check if you're not
just sending the UDP around tor.

Andreas

-- 
Totally trivial. Famous last words.
From: Linus Torvalds torvalds@*.org
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] relay uptime

[Andreas Krey]

On Mon, 22 Jul 2013 10:40:59 +, l3thal wrote:
 Hi,
 
 I recently edited my torrc and accidentally did restart instead of reload
 so my uptime was reset.
 Will this negatively impact the 60 days to get a tshirt?

If you're really into it for the tshirt you can have mine
in the interim (which I still didn't claim and is now too
late to get it in munich).

Andreas

-- 
Totally trivial. Famous last words.
From: Linus Torvalds torvalds@*.org
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Bandwidth Spike

[Andreas Krey]

On Fri, 19 Jul 2013 00:20:20 +, Bryan Carey wrote:
 I'm a fairly new Tor relay operator and noticed something peculiar with my
 bandwidth for the relay recently. It seems to have jumped WAY up and just
 plateaued at what I have the peak bandwidth limit set at.

Someone is doing a big download, and it happens to go through your relay?

My relays often ran into 'flatline' (capacity continuously used up)
until I set the AdvertizedBandwith lower than the actual limit.

...
 Here's a screenshot I took of the bandwidth history:
 https://i.imgur.com/mRyKp9L.jpg (note that both R/W plateau at the same
 point in time)

What bandwidth exactly (OS or tor)? After all what comes into the
relay must go out again - the strange thing is that the burst
does more 'Read' (150k) than 'write' (20k) while otherwise the
traffic is symmetric. Sure that there isn't anything else running
on your relay?

Andreas

-- 
Totally trivial. Famous last words.
From: Linus Torvalds torvalds@*.org
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Checking my Tor bridge and adventage of dynamic ip addresses

[Andreas Krey]

On Fri, 19 Jul 2013 09:05:15 +, nobleeightfoldp...@lavabit.com wrote:
...
 How can I check my bridge is really working?

Take a tor browser bundle and set it up to use only your bridge,
and run it on another internet connection. (That does not check
whether it is in the bridge database.)

 Another question comes up. I use a cable connection to my ISP and they
 don't change my IP address, until plugging off my modem and wait an
 hour... I think if my bridge IP address is some day on some black lists,
 it could be an adventage if my IP address changes, right? If so, what
 changing time is fine, every day?

No, that's a bad idea. People that use your bridge can do so only
as long it has the same address; they wouldn't know when (and how)
the address changes and just see that the bridge thew are using
has disappeared.

Andreas

-- 
Totally trivial. Famous last words.
From: Linus Torvalds torvalds@*.org
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [tor-talk] Theft of Tor relay private keys?

[Andreas Krey]

On Tue, 02 Jul 2013 12:33:10 +, Mike Perry wrote:
...
 But I got distracted by more pressing issues before I could finish the
 scripts.. Also, many of those encrypted+authenticated Tor container
 things probably don't make much sense without Secure Boot to
 authenticate the boot process up until you can start up Tor. :/

What's the difference between subverting that and
the NSA starting their own tor nodes in the first place?

...
 First, it takes the bandwidth measurement servers a couple days to ramp
 up your capacity of your new identity key, so you will spend a lot of
 time below your max throughput.

That specific part could be helped by having two tor instances on
the same machine, with an interleaved re-keying schedule.

Andreas

-- 
Totally trivial. Famous last words.
From: Linus Torvalds torvalds@*.org
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] big spike in cpu usage

[Andreas Krey]

On Mon, 08 Apr 2013 08:47:56 +, Sebastian Hahn wrote:
 
...
 Now, it's entirely possible I'm missing something big here; or that the
 code changed and now does something different; or that it used to do
 something different, etc. Andreas, can you please explain more?

At least the original change explains different:

+--- ReleaseNotes -
| 
Changes in version 0.0.2pre20 - 2004-01-30
| ...
| 
| - I've split the TotalBandwidth option into BandwidthRate (how many
|   bytes per second you want to allow, long-term) and
|   BandwidthBurst (how many bytes you will allow at once before the cap
|   kicks in).  This better token bucket approach lets you, say, set
|   BandwidthRate to 10KB/s and BandwidthBurst to 10MB, allowing good
|   performance while not exceeding your monthly bandwidth quota.
+-

..which is pretty much my usage scenario, just with smaller numbers.

And the code looks likewise. We have the global_*_buckets that are
initialized from *BandwidthBurst, and get incremented regularly by
*BandwidthRate (divide by increment frequency; TokenBucketRefillInterval)
and then capped to the *BandwidthBurst.

Thus *BandwidthBurst ist the total amount of unused traffic we can
save up to later fire with more than *BandwidthRate. No 'per second'.

(The interesting part is that the global_*_bucket are ints;
 much more than the 1 GB default could behave strangely.)

Andreas

-- 
Totally trivial. Famous last words.
From: Linus Torvalds torvalds@*.org
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] big spike in cpu usage

[Andreas Krey]

On Sun, 07 Apr 2013 19:42:25 +, Moritz Bartl wrote:
...
 1000 MB (per second!) is not a useful setting.

No, its not 'per second'. It is the amount of allowed traffic that can
be saved up while not hitting the BandwidthRate to be used up when the
BandwidthRate is exceeded. Using up that savings may happen must faster
or much slower than a second depending on settings and use; and it's
doesn't make sense to label the Burst in 'per seconds' just like it
doesn't make sense to label your credit limit in 'dollars per month'.

In my case, I only care that my average bandwith usage doesn't exceed,
say, 1 TB/month; the resulting BandwithRate is 385 KB/s. But I don't
mind it transferring much more as long as this is compensated by earlier
unused BandwithRate. So I don't see a reason why I shouldn't set the
Burst to 1 GB or even 100 GB. (As long as the authorities don't take
the higher traffic as a hint to advertise my relay with more than the
set BandwithRate.)

 (Relay)BandwidthBurst
 should ideally reflect the maximum actual line speed.

That is only useful when you want to save up some bandwith
on a DSL link for your own use; then a big burst would
clog you line. (And I guess Burst=0 would be the proper
thing in that case, unless the implementation is weird
about that.)

Andreas

-- 
Totally trivial. Famous last words.
From: Linus Torvalds torvalds@*.org
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] On the way to more diversity

[Andreas Krey]

On Wed, 03 Apr 2013 09:47:06 +, Moritz Bartl wrote:
...
 The next step is to also professionalize bridges hosting. It is quite a
 shame that we only have a few hundred bridges in total. The situation
 got worse now that regular bridges are blocked in several countries, and
 in China only obfs3 bridges work -- of which we only have a few.

How much traffic is expected on a obfs3 bridge?
(I guess it heavily depends on how and where they are announced,
esp. as bundle defauls... I have some dozen GB/month to spare.)

And do obfs3 bridge help that are run on IPs
also used for regular relays?

Andreas

-- 
Totally trivial. Famous last words.
From: Linus Torvalds torvalds@*.org
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Newbie question

[Andreas Krey]

On Fri, 01 Feb 2013 15:56:48 +, Chuck Bevitt wrote:
 I'm running an exit node using my home ISP (yes, I've read the warnings). My 
 question is: what happens when my ISP changes my IPAddress? Will existing 
 connections to my node be lost and will the node reestablish itself?

When your address changes, all circuits and exit connections currently
active on your node will die, and furthermore, your exit will still
be in the consensus with it's previous address for some time, causing
entry nodes to try to build paths through your node using the old
address. This will a) obviously fail and b) annoy the pour soul that
got your old address.  (This goes for non-exit nodes as well.)

If your address changes daily, as is usual on DSL in some parts of the
world, it's not the best place to run a relay (IMHO).

Andreas

-- 
Totally trivial. Famous last words.
From: Linus Torvalds torvalds@*.org
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] MaxAdvertisedBandwidth advice please

[Andreas Krey]

On Fri, 04 Jan 2013 13:36:20 +, mick wrote:
...
 But this morning I noticed that the new server had stopped and tor
 says in it's log Your computer is too slow to handle this many circuit
 creation requests! Please consider using the MaxAdvertisedBandwidth
 config option or choosing a m ore restricted exit policy.
 
 I've never had the luxury of encountering this problem before,

I had. As it happened on a node with 50KB/s advertised bandwidth,
I assume that it's not actually the bandwidth, but a (mostly)
unrelated factor. My suspicion is that this happens when you
happen to become a crucial position for a hidden service.
(Or some rogue nodes are doing something strange.)

The problem is simply that the many circuit creation requests
cause a lot of CPU to be used, and the node can't keep up with
that. MaxAdvertisedBandwidth only very indirectly influences that.

...
 The manual entry for MaxAdvertisedBandwidth is not particularly
 clear because it does not specify whether the bytes|KB|MB|GB is per
 second or a maximum for some other period.

It isn't; one may deduce from the units of the referenced BandwidthRate
that MaxAdvertisedBandwidth is also per seconds.

...
 So my question is, what can colleages recommend as a suitable maximum
 rate which will allow my node to provide maximum utility to the tor
 network without falling over? 

As far as I can tell, tor is pretty much self-scaling in that regard,
but I only have nodes with a relatively low BandwidthRate (500k).

Do you have an explicit BandwidthRate set?

Andreas

-- 
Totally trivial. Famous last words.
From: Linus Torvalds torvalds@*.org
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] setting up a Tor exit node

[Andreas Krey]

On Thu, 29 Nov 2012 11:50:13 +, esolve esolve wrote:
...
 You mean I can't make it only function as an exit node using TBB?
 or it is no way to make it function only as an exit node except that I
 modify the source codes?

Path selection is done on the originating tor node; if you announce
yourself as an exit node you implicitly also announce yourself as a
potential entry/middle node. You'd have to change everybody else's
source to be exit-only.

Andreas

-- 
Totally trivial. Famous last words.
From: Linus Torvalds torvalds@*.org
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] setting up a Tor exit node

[Andreas Krey]

On Thu, 29 Nov 2012 11:16:35 +, Julian Yon wrote:
...
 Well, no. You could add some code to drop any connections you don't
 like (i.e. those you can't snoop).

Yes, but that would make you stand out detectably, wouldn't it?

Andreas

-- 
Totally trivial. Famous last words.
From: Linus Torvalds torvalds@*.org
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Permissible traffic volume log density

[Andreas Krey]

On Tue, 23 Oct 2012 20:32:25 +, admin wrote:
...
   I do similar, but I run a simple cronjob around ifconfig. :-) Also for 
   seeing the total traffic consumption on my relays (and my home DSL). 
   I then feed that into gnuplot for some graphs for me to see; and 
   the interplay of RelayBandwithRate and RelayBandwidthBurst ist 
   pretty plain to see in there. 
   
 Nice approach. Would you mind sharing your fingerprint/nickname? I'd love to 
 look at it with Atlas.

Atlas is too coarse to see that... or rather it looks like it doesn't
believe in traffic that exceed the advertized bandwidth:

http://atlas.torproject.org/?#details/26220AEA188B8D0E47BB541E1A616EB3AD70295F

My graphs look like (not the near realtime one; just a sample):

http://ch.iocl.org/tor/relay.png

There you have the overruns and the following flatline in traffic
as long as the 'Burst' is consumed.

For comparison, my home dsl, where another relay does a burst
(the part where out is half of in+out0:

http://ch.iocl.org/tor/dsl.png

(I also do plots of volume over time.)

...
 Ok, to be brutally honest, I'm obviously too naive at the moment to 
 understand the actual issue thoroughly. Are you referring to some opportunity 
 to draw conclusions about specific Tor users and effectively track/uncover 
 them?

Yes; although it's probably too little data indeed as long as you don't
know where it's going; and most relays (esp. the exits) are too busy
to produce discernible patterns this way.

...
 We use the stats for a better understanding of total traffic, especially over 
 time (e.g. I already noticed that there are some adjustments to the config 
 needed for daily accounting/bandwidthrate/-burst for our higher bw relays 
 utilizing these very traffic stats - as it seems, while the higher bw relays 
 are blowing traffic out the door like crazy ;-), especially asurahosting1, 
 the lower bw relays, e.g. tailoredvps1, do not even utilize the accounting to 
 its full potential without a slightly higher bw_adv)

Indeed. Q is mostly burning its assigned bandwidth (and I wouldn't like
to have circuits through it while it is in 'flatline'), while the
home relay only sees occasional downloads (flat bursts), and the
bridges hardly have any traffic.

Andreas

-- 
Totally trivial. Famous last words.
From: Linus Torvalds torvalds@*.org
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Min. Bandwidth for Bridge Relay?

[Andreas Krey]

On Thu, 20 Sep 2012 08:28:46 +, Jon wrote:
 Why not run an exit relay from home? I have done it for 4 yrs,

Depending on your jurisdiction and what people happen to do via your
exit this may earn you a police search of your home and confiscation of
all computers there. If you don't mind that risk, or it doesn't exist
where you live, have fun.

Relays are more easily operated on deicated/virtual servers; the latter
don't come that expensive either, and with more upstream bandwidth.

Andreas

-- 
Totally trivial. Famous last words.
From: Linus Torvalds torvalds@*.org
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays