Re: [tor-relays] Bridge on Raspberry Pi Zero

2020-02-12 Thread Santiago R.R. 
El 12/02/20 a las 07:02, ylms escribió:
> 
> 
> On 2/12/20 5:28 AM, skarz wrote:
> > 70 Mbps isn’t fast enough for Tor?
> 
> I'd say it is not fast enough for Tor, we did some tests with a
> Raspberry Pi4 lately, these can utilize close to 100 MBit/s.

100Mbps used by Tor connections? Or what kind of test did you perform
and how?

Cheers,

 -- S


signature.asc
Description: PGP signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] FreeBSD pkg repo configuration

2018-09-04 Thread Santiago R.R. 
El 04/09/18 a las 17:51, nusenu escribió:
…
> > Certificate verification failed for /C=US/O=Let's Encrypt/CN=Let's Encrypt 
> > Authority X3
> > 34405378632:error:14090086:SSL 
> > routines:ssl3_get_server_certificate:certificate verify 
> > failed:/usr/src/crypto/openssl/ssl/s3_clnt.c:1269:
> > Certificate verification failed for /C=US/O=Let's Encrypt/CN=Let's Encrypt 
> > Authority X3
> > 34405378632:error:14090086:SSL 
> > routines:ssl3_get_server_certificate:certificate verify 
> > failed:/usr/src/crypto/openssl/ssl/s3_clnt.c:1269:
> > Certificate verification failed for /C=US/O=Let's Encrypt/CN=Let's Encrypt 
> > Authority X3
> > 34405378632:error:14090086:SSL 
> > routines:ssl3_get_server_certificate:certificate verify 
> > failed:/usr/src/crypto/openssl/ssl/s3_clnt.c:1269:
> > pkg: https://pkg.FreeBSD.org/FreeBSD:11:amd64/latest/meta.txz: 
> > Authentication error
> > repository FreeBSDlatest has no meta file, using default settings
> > Certificate verification failed for /C=US/O=Let's Encrypt/CN=Let's Encrypt 
> > Authority X3
> > 34405378632:error:14090086:SSL 
> > routines:ssl3_get_server_certificate:certificate verify 
> > failed:/usr/src/crypto/openssl/ssl/s3_clnt.c:1269:
> > Certificate verification failed for /C=US/O=Let's Encrypt/CN=Let's Encrypt 
> > Authority X3
> > 34405378632:error:14090086:SSL 
> > routines:ssl3_get_server_certificate:certificate verify 
> > failed:/usr/src/crypto/openssl/ssl/s3_clnt.c:1269:
> > Certificate verification failed for /C=US/O=Let's Encrypt/CN=Let's Encrypt 
> > Authority X3
> > 34405378632:error:14090086:SSL 
> > routines:ssl3_get_server_certificate:certificate verify 
> > failed:/usr/src/crypto/openssl/ssl/s3_clnt.c:1269:
> > pkg: https://pkg.FreeBSD.org/FreeBSD:11:amd64/latest/packagesite.txz: 
> > Authentication error
> > Unable to update repository FreeBSDlatest
> > Error updating repositories!
> > 
> 
> 
> is the package 'ca_root_nss' installed?
> 
> does installing it solve the problem?

Yes, thanks!

I wanted to updated the TorRelayGuide/FreeBSD wiki page, but it didn't
find how. I suppose it is not editable by anyone, is that correct?


signature.asc
Description: PGP signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Congrats to Nullvoid

2018-09-04 Thread Santiago R.R. 
El 04/09/18 a las 17:12, nusenu escribió:
> 
> 
> Paul:
> > 
> > For me running several FreeBSD relays this is a great hint!
> > 
> > Maybe it will find its way to
> > https://trac.torproject.org/projects/tor/wiki/TorRelayGuide/FreeBSD
> > 
> 
> http replaced with https
> https://trac.torproject.org/projects/tor/wiki/TorRelayGuide/FreeBSD?sfp_email=_mail==diff=6_version=5

Trying that, but I am currently getting this:

 % sudo pkg update
Updating FreeBSDlatest repository catalogue...
pkg: Repository FreeBSDlatest load error: access repo 
file(/var/db/pkg/repo-FreeBSDlatest.sqlite) failed: No such file or directory
Certificate verification failed for /C=US/O=Let's Encrypt/CN=Let's Encrypt 
Authority X3
34405378632:error:14090086:SSL routines:ssl3_get_server_certificate:certificate 
verify failed:/usr/src/crypto/openssl/ssl/s3_clnt.c:1269:
Certificate verification failed for /C=US/O=Let's Encrypt/CN=Let's Encrypt 
Authority X3
34405378632:error:14090086:SSL routines:ssl3_get_server_certificate:certificate 
verify failed:/usr/src/crypto/openssl/ssl/s3_clnt.c:1269:
Certificate verification failed for /C=US/O=Let's Encrypt/CN=Let's Encrypt 
Authority X3
34405378632:error:14090086:SSL routines:ssl3_get_server_certificate:certificate 
verify failed:/usr/src/crypto/openssl/ssl/s3_clnt.c:1269:
pkg: https://pkg.FreeBSD.org/FreeBSD:11:amd64/latest/meta.txz: Authentication 
error
repository FreeBSDlatest has no meta file, using default settings
Certificate verification failed for /C=US/O=Let's Encrypt/CN=Let's Encrypt 
Authority X3
34405378632:error:14090086:SSL routines:ssl3_get_server_certificate:certificate 
verify failed:/usr/src/crypto/openssl/ssl/s3_clnt.c:1269:
Certificate verification failed for /C=US/O=Let's Encrypt/CN=Let's Encrypt 
Authority X3
34405378632:error:14090086:SSL routines:ssl3_get_server_certificate:certificate 
verify failed:/usr/src/crypto/openssl/ssl/s3_clnt.c:1269:
Certificate verification failed for /C=US/O=Let's Encrypt/CN=Let's Encrypt 
Authority X3
34405378632:error:14090086:SSL routines:ssl3_get_server_certificate:certificate 
verify failed:/usr/src/crypto/openssl/ssl/s3_clnt.c:1269:
pkg: https://pkg.FreeBSD.org/FreeBSD:11:amd64/latest/packagesite.txz: 
Authentication error
Unable to update repository FreeBSDlatest
Error updating repositories!

Is there something missing I am missing?

 -- Santiago


signature.asc
Description: PGP signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] DNS-over-TLS and DNSPrivacy.org (was: lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare))

2018-05-18 Thread Santiago R.R. 
El 11/05/18 a las 14:52, Ralph Seichter escribió:
> On 11.05.18 13:55, Nathaniel Suchy (Lunorian) wrote:
> 
> > My first thought is to use ISP DNS if it’s available - one of the best
> > things about Tor is the split of trust so why aren’t we doing that
> > with DNS? Another alternative is to use trusted recursive DNSCrypt
> > Resolvers (for example dnscrypt.ca - there are plenty of resolvers
> > like this so use a search engine of your choice to find them).
> 
> Assuming you can install whatever software you like, I recommend running
> your own instance of Unbound on your exit node machines. Current Unbound
> versions support DNSSEC validation, QNAME minimisation, etc. While using
> your ISP's resolvers works as a fallback, a local resolver is better and
> easy enough to set up.

The inconvenient with running a "standard" local resolver from the
exit relays is the queries are forwarded in clear. So ISP and others
could inspect them.

I think I already mentioned about DNS-over-TLS in this list, so sorry for
duplicating a message, but I think it is a good alternative to encrypt the
queries, even if that means relying on third parties (that can be
different to Quad9, Cloudflare, etc.) as resolvers. 

I think https://dnsprivacy.org material worth a reading. The project
also provides a list of several test resolvers available. Some of them
do not log or censor traffic: 
https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Test+Servers

Disclaimer: I am part of the team who runs one of the no-logging test
servers. 

And of course, anyone can run a privacy-aware DNS resolver in a
different machine, to be used to forward the queries from the relays
from a privacy-aware stub resolver, such as stubby.

cheers,

Santiago


signature.asc
Description: PGP signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Relay failed logins

2018-02-24 Thread Santiago R.R. 
El 24/02/18 a las 19:54, Spiros Andreou escribió:
> Hi Olaf,
> 
> SSH brute force attacks are commonplace on any internet facing server with 
> port
> 22 open. You have a number of countermeasure options:
> 
> 1) install fail2ban which will block anyone who fails a login 3 times

libpam-abl could be a good option too, since it doesn't rely on parsing
the log files.


signature.asc
Description: PGP signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] DoS mitigation

2018-02-16 Thread Fabian A. Santiago 
Hello,

I've been browsing the list archives looking for mentions of DOS mitigation. 
last night my exit relay went offline and when i logged into it, CPU was 
sitting at 100% and atlas reported mine as down and another service i have 
checking up time also did as well. so i rebooted my server and it was fine. 

i found this thread:


1) Drops off consensus for 1-2hours and returns w/o hsdir:
DOS_CC_CIRCUIT_BURST_DEFAULT 90
DOS_CONN_MAX_CONCURRENT_COUNT_DEFAULT 100
FW: 20 connects per /32 ip, rate limited to 3 per sec.

2) Good (stable):
DOS_CC_CIRCUIT_BURST_DEFAULT 50
DOS_CONN_MAX_CONCURRENT_COUNT_DEFAULT 50
FW: 20 connects per /32 ip, rate limited to 3 per sec.

3) Good (stable):
DOS_CC_CIRCUIT_BURST_DEFAULT 20
DOS_CONN_MAX_CONCURRENT_COUNT_DEFAULT 20
FW: 20 connects per /32 ip, rate limited to 3 per sec.

4) Too conservative:
DOS_CC_CIRCUIT_BURST_DEFAULT 10
DOS_CONN_MAX_CONCURRENT_COUNT_DEFAULT 10
FW: 20 connects per /32 ip, rate limited to 3 per sec.

5) Good (newly):
DOS_CC_CIRCUIT_BURST_DEFAULT 50
DOS_CONN_MAX_CONCURRENT_COUNT_DEFAULT 50
FW: 100 connects per /32 ip, rate limited to 15 per sec.

are these good mitigations? 

what else can or should be done? limiting memory use helpful? I'm running on 
ubuntu 16.04 and am using ufw for my firewall currently. are there any other 
suggestions given my platform? 

thanks for your help. 

--

Thanks,

Fabian S.

OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Become a Fallback Directory Mirror

2018-01-21 Thread Fabian A. Santiago 
January 8, 2018 3:29 PM, "Spiros Andreou"  wrote:

> Normalcitizen: E51620B90DCB310138ED89EDEDD0A5C361AAE24E
> 
>>  Original Message 
>> 
>> Subject: [tor-relays] Become a Fallback Directory Mirror
>> 
>> Local Time: 21 December 2017 12:50 AM
>> 
>> UTC Time: 20 December 2017 23:50
>> 
>> From: teor2...@gmail.com
>> 
>> To: tor-relays@lists.torproject.org
>> 
>> Dear Relay Operators,
>> 
>> Do you want your relay to be a Tor fallback directory mirror?
>> 
>> Will it have the same address and port for the next 2 years?
>> 
>> Just reply to this email with your relay's fingerprint.
>> 
>> If your relay is on the current list, you don't need to do anything.
>> 
>> If you're asking:
>> 
>> Q: What's a fallback directory mirror?
>> 
>> Fallback directory mirrors help Tor clients connect to the network.
>> 
>> For more details, see [1].
>> 
>> Q: Is my relay on the current list?
>> 
>> Search [2] and [3] for your relay fingerprint or IP address and port.
>> 
>> [2] is the current list of fallbacks in Tor.
>> 
>> [3] is used to create the next list of fallbacks.
>> 
>> Q: What do I need to do if my relay is on the list?
>> 
>> Keep the same IP address, keys, and ports.
>> 
>> Email tor-relays if the relay's details change.
>> 
>> Q: Can my relay be on the list next time?
>> 
>> We need fast relays that will be on the same IP address and port for 2
>> 
>> years. Reply to this email to get on the list, or to update the details
>> of your relay.
>> 
>> Once or twice a year, we run a script to choose about 150-200 relays
>> from the potential list [3] for the list in Tor [2].
>> 
>> Q: Why didn't my relay get on the list last time?
>> 
>> We check a relay's uptime, flags, and speed [4]. Sometimes, a relay might
>> be down when we check. That's ok, we will check it again next time.
>> 
>> It's good to have some new relays on the list every release. That helps
>> tor clients, because blocking a changing list is harder.
>> 
>> Q: What about the current relay DDoS?
>> 
>> We don't think the DDoS will have much impact on the fallback list.
>> 
>> If your relay is affected, please:
>> 
>> * make sure it has enough available file descriptors, and
>> * set MaxMemInQueues to the amount of RAM you have available per tor
>> instance (or maybe a few hundred MB less).
>> 
>> We're also working on some code changes. See [5] for more details.
>> 
>> [1]: 
>> https://trac.torproject.org/projects/tor/wiki/doc/FallbackDirectoryMirrors
>> [2]: https://gitweb.torproject.org/tor.git/tree/src/or/fallback_dirs.inc
>> [3]: 
>> https://gitweb.torproject.org/tor.git/tree/scripts/maint/fallback.whitelist
>> [4]:
>> https://trac.torproject.org/projects/tor/attachment/ticket/21564/fallbacks_2017-05-16-0815-09cd78886
>> log
>> [5]: 
>> https://lists.torproject.org/pipermail/tor-relays/2017-December/013881.html
>> 
>> --
>> Tim / teor
>> 
>> PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
>> ricochet:ekmygaiu4rzgsk6n
>> 
>> ___
>> 
>> ___

Hello,

I've moved my relay to an unmetered provider, and intend to keep it up long 
term. Here you are, if you can still use it:

D122094E396DF8BA560843E7B983B0EA649B7DF9

Thanks.

--

Thanks,

Fabian S.

OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Good vsp providers

2018-01-19 Thread Fabian A. Santiago 
On January 19, 2018 4:16:33 AM EST, niftybunny <ab...@to-surf-and-protect.net> 
wrote:
>Okay, you are from the US. Tor is legal in the US and legal in EU. You
>should be fine. I would not recommend  running a Tor Exit if you are
>from  Russia, UAE or Turkey. I used to have 20 Exists with Online.net
><http://online.net/> and I got lots of abuse but they were fine after
>verifying me. And by the way, you dont have much choice with traffic
>flat and Tor exit friendly anyway.
>
>Markus
>
>
>> On 19. Jan 2018, at 01:20, Fabian A. Santiago
><fsanti...@garbage-juice.com> wrote:
>> 
>> On January 18, 2018 6:26:40 PM EST, Mirimir <miri...@riseup.net>
>wrote:
>>> On 01/18/2018 11:54 AM, niftybunny wrote:
>>>> You will held responsible to your actions (traffic). So worst case
>>> scenario is: They give your personal data to a LEA and you are now
>in
>>> charge to explain to a LEO that this is a Tor Exit. 
>>>> Depends on your country if this is a good idea. If you dont want
>any
>>> personal data with your VPS, get a bulletproof VPS but even offshore
>>> ISPs ban Tor Exists together with CP and hate speech. 
>>>> 
>>>> Welcome to the wonderful world of Tor Exists.
>>>> Enjoy your stay.
>>>> 
>>>> Markus
>>> 
>>> How about HostSailor? They accept Bitcoin, and don't authenticate
>>> customers. But I don't know how they'd handle Tor relays.
>>> 
>>>>> On 18. Jan 2018, at 23:45, Fabian A. Santiago
>>> <fsanti...@garbage-juice.com> wrote:
>>>>> 
>>>>> January 18, 2018 4:50 PM, "George" <geo...@queair.net> wrote:
>>>>> 
>>>>>> niftybunny:
>>>>>> 
>>>>>>> online.net <http://online.net>
>>>>>>> trabia.com <http://trabia.com> (ask first)
>>>>>>> 
>>>>>>> both offer 100mbit for less than 5 euros
>>>>>> 
>>>>>> This is a CSV file that TDP is slowly tinkering with. While it's
>>> focused
>>>>>> on BSD-providing VPSs, most offer more.
>>>>>> 
>>>>>> 
>>>
>https://github.com/torbsd/torbsd.github.io/blob/master/docs/bsd-vps.md
>>>>>> 
>>>>>> g
>>>>>> 
>>>>>> --
>>>>>> 
>>>>>> 34A6 0A1F F8EF B465 866F F0C5 5D92 1FD1 ECF6 1682
>>>>>> 
>>>>>> ___
>>>>>> tor-relays mailing list
>>>>>> tor-relays@lists.torproject.org
>>>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>>> 
>>>>> I asked online.net about their cloud ssd vps service and tor and
>>> have the following dialog going:
>>>>> 
>>>>> "
>>>>> Hello. I'm interested in running a Tor relay exit node on your
>cloud
>>> SSD vps product. Is this allowed? I would be running a reduced
>reduced
>>> exit policy. Thank you.
>>>>> 
>>>>> 
>>>>> 
>>>>> Flavio Pastore 1/18/18 5:13 PM
>>>>> Hello,
>>>>> 
>>>>> Thanks for your ticket.
>>>>> Our platform is a IaaS one. So, if you're willing to set up legal
>>> activities, you're more than welcome regardless of the service used.
>If
>>> not, you will reported accordingly.
>>>>> 
>>>>> I hope I have this point clear, but we remain here at your entire
>>> disposal for any further information.
>>>>> 
>>>>> Best regards,
>>>>> 
>>>>> Flavio 
>>>>> Online / Scaleway
>>>>> Looking for an amazing job? Join us NOW !
>>> https://careers.scaleway.com/
>>>>> 
>>>>> 
>>>>> 
>>>>> fabian.santi...@gmail.com 1/18/18 5:40 PM
>>>>> By legal services, do you mean a mechanism in order to respond to
>>> abuse reports? if so, i have covered that need by the following:
>>>>> 
>>>>> 1.> i publish a tor readme html page on the server for anyone to
>>> browse to learn about tor and what my server is doing. it also
>includes
>>> links to the tor project's own pages with additional information. I
>>> would also be published in th

Re: [tor-relays] Good vsp providers

2018-01-18 Thread Fabian A. Santiago 
On January 18, 2018 7:13:42 PM EST, I  wrote:
>They mean that what you are intending to do on their servers should be
>within the law.
>
>Rob
>
>> 
>> I asked online.net about their cloud ssd vps service and tor and have
>the
>> following dialog going:
>> 
>> "
>> Hello. I'm interested in running a Tor relay exit node on your cloud
>SSD
>> vps product. Is this allowed? I would be running a reduced reduced
>exit
>> policy. Thank you.
>> 
>> 
>> 
>>  Flavio Pastore 1/18/18 5:13 PM
>> Hello,
>> 
>> Thanks for your ticket.
>> Our platform is a IaaS one. So, if you're willing to set up legal
>> activities, you're more than welcome regardless of the service used.
>If
>> not, you will reported accordingly.
>> 
>> I hope I have this point clear, but we remain here at your entire
>> disposal for any further information.
>> 
>
>
>___
>tor-relays mailing list
>tor-relays@lists.torproject.org
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Agreed. Thanks.
--

Thanks,

Fabian S.

OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Good vsp providers

2018-01-18 Thread Fabian A. Santiago 
On January 18, 2018 6:26:40 PM EST, Mirimir <miri...@riseup.net> wrote:
>On 01/18/2018 11:54 AM, niftybunny wrote:
>> You will held responsible to your actions (traffic). So worst case
>scenario is: They give your personal data to a LEA and you are now in
>charge to explain to a LEO that this is a Tor Exit. 
>> Depends on your country if this is a good idea. If you dont want any
>personal data with your VPS, get a bulletproof VPS but even offshore
>ISPs ban Tor Exists together with CP and hate speech. 
>> 
>> Welcome to the wonderful world of Tor Exists.
>> Enjoy your stay.
>> 
>> Markus
>
>How about HostSailor? They accept Bitcoin, and don't authenticate
>customers. But I don't know how they'd handle Tor relays.
>
>>> On 18. Jan 2018, at 23:45, Fabian A. Santiago
><fsanti...@garbage-juice.com> wrote:
>>>
>>> January 18, 2018 4:50 PM, "George" <geo...@queair.net> wrote:
>>>
>>>> niftybunny:
>>>>
>>>>> online.net <http://online.net>
>>>>> trabia.com <http://trabia.com> (ask first)
>>>>>
>>>>> both offer 100mbit for less than 5 euros
>>>>
>>>> This is a CSV file that TDP is slowly tinkering with. While it's
>focused
>>>> on BSD-providing VPSs, most offer more.
>>>>
>>>>
>https://github.com/torbsd/torbsd.github.io/blob/master/docs/bsd-vps.md
>>>>
>>>> g
>>>>
>>>> --
>>>>
>>>> 34A6 0A1F F8EF B465 866F F0C5 5D92 1FD1 ECF6 1682
>>>>
>>>> ___
>>>> tor-relays mailing list
>>>> tor-relays@lists.torproject.org
>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>
>>> I asked online.net about their cloud ssd vps service and tor and
>have the following dialog going:
>>>
>>> "
>>> Hello. I'm interested in running a Tor relay exit node on your cloud
>SSD vps product. Is this allowed? I would be running a reduced reduced
>exit policy. Thank you.
>>>
>>> 
>>>
>>> Flavio Pastore 1/18/18 5:13 PM
>>> Hello,
>>>
>>> Thanks for your ticket.
>>> Our platform is a IaaS one. So, if you're willing to set up legal
>activities, you're more than welcome regardless of the service used. If
>not, you will reported accordingly.
>>>
>>> I hope I have this point clear, but we remain here at your entire
>disposal for any further information.
>>>
>>> Best regards,
>>>
>>> Flavio 
>>> Online / Scaleway
>>> Looking for an amazing job? Join us NOW !
>https://careers.scaleway.com/
>>>
>>> 
>>>
>>> fabian.santi...@gmail.com 1/18/18 5:40 PM
>>> By legal services, do you mean a mechanism in order to respond to
>abuse reports? if so, i have covered that need by the following:
>>>
>>> 1.> i publish a tor readme html page on the server for anyone to
>browse to learn about tor and what my server is doing. it also includes
>links to the tor project's own pages with additional information. I
>would also be published in the tor atlas showing my node's information
>for all to see that i am a tor node. 
>>> 2.> i publish contact information so that complaint concerns can be
>addressed to me directly as needed.
>>>
>>> will this suffice in your opinion? could you also make a note on
>your end that I would be running an exit relay so that you know, in
>case you do wind up receiving complaints about my node's traffic? I
>find (and have read) that with a reduced reduced exit policy the chance
>for complaint generating traffic is greatly minimized anyway. thank
>you.
>>> "
>>>
>>> so they seem to be kewl with it but in your opinions, what does he
>mean by "legal activities"? Thanks. 
>>>
>>> --
>>>
>>> Thanks,
>>>
>>> Fabian S.
>>>
>>> OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
>>> ___
>>> tor-relays mailing list
>>> tor-relays@lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> 
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> 
>___

Re: [tor-relays] Good vsp providers

2018-01-18 Thread Fabian A. Santiago 
January 18, 2018 4:50 PM, "George"  wrote:

> niftybunny:
> 
>> online.net 
>> trabia.com  (ask first)
>> 
>> both offer 100mbit for less than 5 euros
> 
> This is a CSV file that TDP is slowly tinkering with. While it's focused
> on BSD-providing VPSs, most offer more.
> 
> https://github.com/torbsd/torbsd.github.io/blob/master/docs/bsd-vps.md
> 
> g
> 
> --
> 
> 34A6 0A1F F8EF B465 866F F0C5 5D92 1FD1 ECF6 1682
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

I asked online.net about their cloud ssd vps service and tor and have the 
following dialog going:

"
Hello. I'm interested in running a Tor relay exit node on your cloud SSD vps 
product. Is this allowed? I would be running a reduced reduced exit policy. 
Thank you.



 Flavio Pastore 1/18/18 5:13 PM
Hello,

Thanks for your ticket.
Our platform is a IaaS one. So, if you're willing to set up legal activities, 
you're more than welcome regardless of the service used. If not, you will 
reported accordingly.

I hope I have this point clear, but we remain here at your entire disposal for 
any further information.

Best regards,

Flavio 
Online / Scaleway
Looking for an amazing job? Join us NOW ! https://careers.scaleway.com/



 fabian.santi...@gmail.com 1/18/18 5:40 PM
By legal services, do you mean a mechanism in order to respond to abuse 
reports? if so, i have covered that need by the following:

1.> i publish a tor readme html page on the server for anyone to browse to 
learn about tor and what my server is doing. it also includes links to the tor 
project's own pages with additional information. I would also be published in 
the tor atlas showing my node's information for all to see that i am a tor 
node. 
2.> i publish contact information so that complaint concerns can be addressed 
to me directly as needed.

will this suffice in your opinion? could you also make a note on your end that 
I would be running an exit relay so that you know, in case you do wind up 
receiving complaints about my node's traffic? I find (and have read) that with 
a reduced reduced exit policy the chance for complaint generating traffic is 
greatly minimized anyway. thank you.
"

so they seem to be kewl with it but in your opinions, what does he mean by 
"legal activities"? Thanks. 

--

Thanks,

Fabian S.

OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Good vsp providers

2018-01-18 Thread Fabian A. Santiago 
On January 18, 2018 3:39:22 PM EST, niftybunny <ab...@to-surf-and-protect.net> 
wrote:
>exit or guard?
>
>> On 18. Jan 2018, at 21:37, Fabian A. Santiago
><fsanti...@garbage-juice.com> wrote:
>> 
>> Does anyone here use a vsp hosting provider which offers unlimited
>bandwidth usage at a reasonable cost monthly? 
>> 
>> Would need to run / offer Ubuntu.
>> 
>> Country is of little importance. 
>> 
>> Thanks. 
>> --
>> 
>> Thanks,
>> 
>> Fabian S.
>> 
>> OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>___
>tor-relays mailing list
>tor-relays@lists.torproject.org
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Exit, specifically I like to run a reduced reduced policy.
--

Thanks,

Fabian S.

OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Good vsp providers

2018-01-18 Thread Fabian A. Santiago 
Does anyone here use a vsp hosting provider which offers unlimited bandwidth 
usage at a reasonable cost monthly? 

Would need to run / offer Ubuntu.

Country is of little importance. 

Thanks. 
--

Thanks,

Fabian S.

OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Relay not listed in atlas

2018-01-09 Thread Fabian A. Santiago 
On January 9, 2018 2:29:00 PM EST, nusenu  wrote:
>> Working one:  
>> 
>> E911A899D51036A5D2A9DE0931A0A1E8DA4C6148
>
>this one is offline since 2018-01-04 23:00
>
>> Disappeared one:
>> 
>> D122094E396DF8BA560843E7B983B0EA649B7DF9
>offline since 2018-01-02 03:00
>
>onionoo/atlas only shows relays that were online at some point during
>the last 7 days.

Ok so as I thought eventually, because it's been hibernating / offline for too 
long, it's not listed. That's fine then. I wanted to ensure there was no issue. 
I've been seeing mentions of ddos attacks so I wasn't sure if I had become 
victim of that and this was a symptom. Thank you.


--

Thanks,

Fabian S.

OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Relay not listed in atlas

2018-01-09 Thread Fabian A. Santiago 
On January 9, 2018 1:59:12 PM EST, Karsten Loesing <kars...@torproject.org> 
wrote:
>On 2018-01-09 19:18, Fabian A. Santiago wrote:
>> On January 9, 2018 8:29:50 AM EST, "Fabian A. Santiago"
><fsanti...@garbage-juice.com> wrote:
>>> One of my relays is no longer listed in atlas. I'm curious why and
>how
>>> can I go about examining the issue? It had been running for several
>>> weeks at this point seemingly fine. 
>>>
>>> My other relay lists it as an alleged family member but it's id is
>>> listed in a different color (yellow). 
>>>
>>> Is this part of the ddos issue I've seen spoken of here? 
>>>
>>> The server is accessible and Tor is running. System stats look fine.
>
>>>
>>> Any ideas? Thanks.
>>> --
>>>
>>> Thanks,
>>>
>>> Fabian S.
>>>
>>> OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
>>> ___
>>> tor-relays mailing list
>>> tor-relays@lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> 
>> Or is it just out of atlas due to hibernation? 
>> 
>> The other one still listed is also hibernating though currently.
>Unless it only stays visible for a short time? 
>
>Can you tell us the fingerprints or nicknames or IP addresses of your
>relays?
>
>All the best,
>Karsten
>
>
>
>> 
>> Thanks everyone. 
>> --
>> 
>> Thanks,
>> 
>> Fabian S.
>> 
>> OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> 

Working one:  

E911A899D51036A5D2A9DE0931A0A1E8DA4C6148

Disappeared one:

D122094E396DF8BA560843E7B983B0EA649B7DF9
--

Thanks,

Fabian S.

OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Relay not listed in atlas

2018-01-09 Thread Fabian A. Santiago 
On January 9, 2018 8:29:50 AM EST, "Fabian A. Santiago" 
<fsanti...@garbage-juice.com> wrote:
>One of my relays is no longer listed in atlas. I'm curious why and how
>can I go about examining the issue? It had been running for several
>weeks at this point seemingly fine. 
>
>My other relay lists it as an alleged family member but it's id is
>listed in a different color (yellow). 
>
>Is this part of the ddos issue I've seen spoken of here? 
>
>The server is accessible and Tor is running. System stats look fine. 
>
>Any ideas? Thanks.
>--
>
>Thanks,
>
>Fabian S.
>
>OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
>___
>tor-relays mailing list
>tor-relays@lists.torproject.org
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Or is it just out of atlas due to hibernation? 

The other one still listed is also hibernating though currently. Unless it only 
stays visible for a short time? 

Thanks everyone. 
--

Thanks,

Fabian S.

OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Relay not listed in atlas

2018-01-09 Thread Fabian A. Santiago 
One of my relays is no longer listed in atlas. I'm curious why and how can I go 
about examining the issue? It had been running for several weeks at this point 
seemingly fine. 

My other relay lists it as an alleged family member but it's id is listed in a 
different color (yellow). 

Is this part of the ddos issue I've seen spoken of here? 

The server is accessible and Tor is running. System stats look fine. 

Any ideas? Thanks.
--

Thanks,

Fabian S.

OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Setting myfamily

2018-01-04 Thread Fabian A. Santiago 
When setting myfamily on a particular relay, do you list itself plus others or 
only others? 

I ask because it's my understanding that you set itself + others but on atlas, 
for one relay I see in its family listing, it shows itself plus the 2nd one. 
And therefore it receives a (3) after it's nickname in the atlas listing.

On the other relay it only lists the other in family listing. And it has a (2) 
in it's atlas listing next to nickname.

They're both set the same as in they each list themselves + the other. 

Thanks.
--

Thanks,

Fabian S.

OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Become a Fallback Directory Mirror

2017-12-22 Thread Fabian A. Santiago 
On December 22, 2017 5:55:16 PM EST, "Fabian A. Santiago" 
<fsanti...@garbage-juice.com> wrote:
>On December 22, 2017 5:48:59 PM EST, teor <teor2...@gmail.com> wrote:
>>
>>> On 23 Dec 2017, at 04:09, Fabian A. Santiago
>><fsanti...@garbage-juice.com> wrote:
>>> 
>>> well, i intend to keep mine up indefinitely (barring the unforeseen)
>>so why not?
>>> 
>>> 2 relays:
>>> 
>>> D122094E396DF8BA560843E7B983B0EA649B7DF9
>>> E911A899D51036A5D2A9DE0931A0A1E8DA4C6148
>>
>>Hi,
>>
>>Fallbacks need a DirPort.
>>Please let me know when you've configured one.
>>
>>For details, see:
>>https://lists.torproject.org/pipermail/tor-relays/2017-December/013927.html
>>
>>T
>>
>>--
>>Tim Wilson-Brown (teor)
>>
>>teor2345 at gmail dot com
>>PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
>>ricochet:ekmygaiu4rzgsk6n
>>xmpp: teor at torproject dot org
>>
>
>Oh I did. But the startup log (journalctl) states since I call
>AccountingMax in torrc, Tor wouldn't publish it. Didn't even consider
>that. So deal breaker I suppose? Will it never publish it with that
>parameter in place? These are new (less than 2 weeks) and I was
>initially told by the list that it wouldn't get published right away
>until Tor figures out that my Max value won't be surpassed. They're
>both on port 80 in my torrc files.
>
>--
>
>Thanks,
>
>Fabian S.
>
>OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
>___
>tor-relays mailing list
>tor-relays@lists.torproject.org
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

I just saw another reply of yours answering my question. Then please disregard 
my submittal. Sorry. 

--

Thanks,

Fabian S.

OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Become a Fallback Directory Mirror

2017-12-22 Thread Fabian A. Santiago 
On December 22, 2017 5:48:59 PM EST, teor <teor2...@gmail.com> wrote:
>
>> On 23 Dec 2017, at 04:09, Fabian A. Santiago
><fsanti...@garbage-juice.com> wrote:
>> 
>> well, i intend to keep mine up indefinitely (barring the unforeseen)
>so why not?
>> 
>> 2 relays:
>> 
>> D122094E396DF8BA560843E7B983B0EA649B7DF9
>> E911A899D51036A5D2A9DE0931A0A1E8DA4C6148
>
>Hi,
>
>Fallbacks need a DirPort.
>Please let me know when you've configured one.
>
>For details, see:
>https://lists.torproject.org/pipermail/tor-relays/2017-December/013927.html
>
>T
>
>--
>Tim Wilson-Brown (teor)
>
>teor2345 at gmail dot com
>PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
>ricochet:ekmygaiu4rzgsk6n
>xmpp: teor at torproject dot org
>

Oh I did. But the startup log (journalctl) states since I call AccountingMax in 
torrc, Tor wouldn't publish it. Didn't even consider that. So deal breaker I 
suppose? Will it never publish it with that parameter in place? These are new 
(less than 2 weeks) and I was initially told by the list that it wouldn't get 
published right away until Tor figures out that my Max value won't be 
surpassed. They're both on port 80 in my torrc files.

--

Thanks,

Fabian S.

OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Become a Fallback Directory Mirror

2017-12-22 Thread Fabian A. Santiago 
December 20, 2017 6:51 PM, "teor"  wrote:

> Dear Relay Operators,
> 
> Do you want your relay to be a Tor fallback directory mirror?
> Will it have the same address and port for the next 2 years?
> Just reply to this email with your relay's fingerprint.
> 
> If your relay is on the current list, you don't need to do anything.
> 
> If you're asking:
> 
> Q: What's a fallback directory mirror?
> 
> Fallback directory mirrors help Tor clients connect to the network.
> For more details, see [1].
> 
> Q: Is my relay on the current list?
> 
> Search [2] and [3] for your relay fingerprint or IP address and port.
> [2] is the current list of fallbacks in Tor.
> [3] is used to create the next list of fallbacks.
> 
> Q: What do I need to do if my relay is on the list?
> 
> Keep the same IP address, keys, and ports.
> Email tor-relays if the relay's details change.
> 
> Q: Can my relay be on the list next time?
> 
> We need fast relays that will be on the same IP address and port for 2
> years. Reply to this email to get on the list, or to update the details
> of your relay.
> 
> Once or twice a year, we run a script to choose about 150-200 relays
> from the potential list [3] for the list in Tor [2].
> 
> Q: Why didn't my relay get on the list last time?
> 
> We check a relay's uptime, flags, and speed [4]. Sometimes, a relay might
> be down when we check. That's ok, we will check it again next time.
> 
> It's good to have some new relays on the list every release. That helps
> tor clients, because blocking a changing list is harder.
> 
> Q: What about the current relay DDoS?
> 
> We don't think the DDoS will have much impact on the fallback list.
> 
> If your relay is affected, please:
> * make sure it has enough available file descriptors, and
> * set MaxMemInQueues to the amount of RAM you have available per tor
> instance (or maybe a few hundred MB less).
> 
> We're also working on some code changes. See [5] for more details.
> 
> [1]: 
> https://trac.torproject.org/projects/tor/wiki/doc/FallbackDirectoryMirrors
> [2]: https://gitweb.torproject.org/tor.git/tree/src/or/fallback_dirs.inc
> [3]: 
> https://gitweb.torproject.org/tor.git/tree/scripts/maint/fallback.whitelist
> [4]:
> https://trac.torproject.org/projects/tor/attachment/ticket/21564/fallbacks_2017-05-16-0815-09cd78886
> log
> [5]: 
> https://lists.torproject.org/pipermail/tor-relays/2017-December/013881.html
> 
> --
> Tim / teor
> 
> PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
> ricochet:ekmygaiu4rzgsk6n
> 
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

well, i intend to keep mine up indefinitely (barring the unforeseen) so why not?

2 relays:

D122094E396DF8BA560843E7B983B0EA649B7DF9
E911A899D51036A5D2A9DE0931A0A1E8DA4C6148

thanks.


--

Thanks,

Fabian S.

OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] restarting tor service after AccountingMax has been reached

2017-12-21 Thread Fabian A. Santiago 
On December 21, 2017 4:26:11 AM EST, Sebastian Hahn <m...@sebastianhahn.net> 
wrote:
>
>> On 20. Dec 2017, at 22:46, Fabian A. Santiago
><fsanti...@garbage-juice.com> wrote:
>>>> so how i first noticed was when i couldn't browse to my dirport
>readme html page after a tor
>>>> restart. are you saying when it normally hibernates, that page goes
>down too?
>>> 
>>> Yes.
>>> 
>>> When Tor hibernates, it doesn't send or receive any data.
>>> That includes ORPort and DirPort requests.
>> 
>> That makes me sad, :-( ;-)
>
>It's the only sensible way Tor can try and limit the bandwidth usage.
>Someone repeatedly fetching the page could make you waste tons of
>bandwidth otherwise.
>
>Cheers
>Sebastian
>___
>tor-relays mailing list
>tor-relays@lists.torproject.org
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

I gotcha. That makes sense. No worries here. Thanks. 
--

Thanks,

Fabian S.

OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] restarting tor service after AccountingMax has been reached

2017-12-20 Thread Fabian A. Santiago 
December 20, 2017 4:44 PM, "teor" <teor2...@gmail.com> wrote:

>> On 21 Dec 2017, at 08:39, Fabian A. Santiago <fsanti...@garbage-juice.com> 
>> wrote:
>> 
>> December 20, 2017 4:32 PM, "teor" <teor2...@gmail.com> wrote:
>> 
>> On 21 Dec 2017, at 08:10, Fabian A. Santiago <fsanti...@garbage-juice.com> 
>> wrote:
>> 
>> December 20, 2017 3:32 PM, "teor" <teor2...@gmail.com> wrote:
>> 
>> On 21 Dec 2017, at 03:07, Fabian A. Santiago <fsanti...@garbage-juice.com> 
>> wrote:
>> 
>> I'm noticing that if i attempt to restart tor AFTER AccountingMax has been 
>> reached (meaning it's
>> currently hibernating), tor itself fails to start.
>> What do you mean by "fails to start"?
>> What are the log messages?
>> 
>> if i increase AccountingMax in torrc, then it restarts just fine.
>> 
>> normal?
>> It's hard to say, without any log messages.
>> 
>> Teor,
>> 
>> the logs look normal. maybe I've misinterpreted not opening the listening 
>> ports as not starting. I
>> didn't check the actual systemd service status (silly me, I know). it's 
>> running now so next time I
>> encounter this, I'll double check.
>>> It is normal for Tor to close its listening ports when hibernating.
>>> It is normal for hibernation to persist across a restart.
>>> 
>>> If you check the logs, it probably says something about this on startup,
>>> and when it starts hibernating.
>>> 
>>> (When Tor doesn't have the right permissions to re-open these ports, the
>>> process will exit when it resumes from hibernation. That's a config issue,
>>> not a bug.)
>> 
>> I also noticed in journalctl that it (Tor) wanted me to add 'ExitRelay 1' in 
>> my torrc to disable
>> the exit relay warning and for future config requirements (it said). so i 
>> did that as well. all
>> seems well as of now.
>> 
>> so how i first noticed was when i couldn't browse to my dirport readme html 
>> page after a tor
>> restart. are you saying when it normally hibernates, that page goes down too?
> 
> Yes.
> 
> When Tor hibernates, it doesn't send or receive any data.
> That includes ORPort and DirPort requests.
> 
> T
> 
> --
> Tim / teor
> 
> PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
> ricochet:ekmygaiu4rzgsk6n
> 
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

That makes me sad, :-( ;-)

Many thanks.

--

Thanks,

Fabian S.

OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] restarting tor service after AccountingMax has been reached

2017-12-20 Thread Fabian A. Santiago 
December 20, 2017 4:32 PM, "teor" <teor2...@gmail.com> wrote:

>> On 21 Dec 2017, at 08:10, Fabian A. Santiago <fsanti...@garbage-juice.com> 
>> wrote:
>> 
>> December 20, 2017 3:32 PM, "teor" <teor2...@gmail.com> wrote:
>> 
>> On 21 Dec 2017, at 03:07, Fabian A. Santiago <fsanti...@garbage-juice.com> 
>> wrote:
>> 
>> I'm noticing that if i attempt to restart tor AFTER AccountingMax has been 
>> reached (meaning it's
>> currently hibernating), tor itself fails to start.
>>> What do you mean by "fails to start"?
>>> What are the log messages?
>> 
>> if i increase AccountingMax in torrc, then it restarts just fine.
>> 
>> normal?
>>> It's hard to say, without any log messages.
>> 
>> Teor,
>> 
>> the logs look normal. maybe I've misinterpreted not opening the listening 
>> ports as not starting. I
>> didn't check the actual systemd service status (silly me, I know). it's 
>> running now so next time I
>> encounter this, I'll double check.
> 
> It is normal for Tor to close its listening ports when hibernating.
> It is normal for hibernation to persist across a restart.
> 
> If you check the logs, it probably says something about this on startup,
> and when it starts hibernating.
> 
> (When Tor doesn't have the right permissions to re-open these ports, the
> process will exit when it resumes from hibernation. That's a config issue,
> not a bug.)
> 
>> I also noticed in journalctl that it (Tor) wanted me to add 'ExitRelay 1' in 
>> my torrc to disable
>> the exit relay warning and for future config requirements (it said). so i 
>> did that as well. all
>> seems well as of now.
> 
> T
> 
> --
> Tim / teor
> 
> PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
> ricochet:ekmygaiu4rzgsk6n
> 
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

so how i first noticed was when i couldn't browse to my dirport readme html 
page after a tor restart. are you saying when it normally hibernates, that page 
goes down too? 

--

Thanks,

Fabian S.

OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] restarting tor service after AccountingMax has been reached

2017-12-20 Thread Fabian A. Santiago 
December 20, 2017 3:32 PM, "teor" <teor2...@gmail.com> wrote:

>> On 21 Dec 2017, at 03:07, Fabian A. Santiago <fsanti...@garbage-juice.com> 
>> wrote:
>> 
>> I'm noticing that if i attempt to restart tor AFTER AccountingMax has been 
>> reached (meaning it's
>> currently hibernating), tor itself fails to start.
> 
> What do you mean by "fails to start"?
> What are the log messages?
> 
>> if i increase AccountingMax in torrc, then it restarts just fine.
>> 
>> normal?
> 
> It's hard to say, without any log messages.
> 
> T
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Teor,

the logs look normal. maybe I've misinterpreted not opening the listening ports 
as not starting. I didn't check the actual systemd service status (silly me, I 
know). it's running now so next time I encounter this, I'll double check. 

I also noticed in journalctl that it (Tor) wanted me to add 'ExitRelay 1' in my 
torrc to disable the exit relay warning and for future config requirements (it 
said). so i did that as well. all seems well as of now. 

--

Thanks,

Fabian S.

OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] restarting tor service after AccountingMax has been reached

2017-12-20 Thread Fabian A. Santiago 
I'm noticing that if i attempt to restart tor AFTER AccountingMax has been 
reached (meaning it's currently hibernating), tor itself fails to start. if i 
increase AccountingMax in torrc, then it restarts just fine. 

normal?


--

Thanks,

Fabian S.

OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] botnet? abusing/attacking guard nodes

2017-12-20 Thread Santiago 
El 19/12/17 a las 11:13, teor escribió:
…
> If there are 65535 connections open from a source IP, and they all go to
> Tor Guards, and the clients weight connections according to Guard
> probability, then the largest guard will have 0.91% of 65535 connections,
> or approximately 597.
> 
> Most guards would see 10-200 connections per IP.
…

My relay B33BFA9AA0005730C1C0E8F7E6F53CF3C5716BD6 is not currently
tagged as Guard, and I am seeing more than twenty IPv4s with more than
10 connections, and one with 147. Should that be considered normal for a
non-guard relay?

Cheers,

 -- Santiago
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Image asset in Tor readme html

2017-12-19 Thread Fabian A. Santiago 
On December 19, 2017 9:52:01 PM EST, teor <teor2...@gmail.com> wrote:
>
>> On 20 Dec 2017, at 12:59, Fabian A. Santiago
><fsanti...@garbage-juice.com> wrote:
>> 
>> Can the Tor service not serve up a locally referenced PNG file in the
>readme HTML file used for dirportfrontpage? Mine keeps showing as a
>broken link.
>
>Tor doesn't have this feature, it simply serves the page as a single
>file.
>There are probably some tricks you could use with newer browsers
>to embed a PNG file in the page.
>
>If the tor website has broken the link, please let us know what it is,
>and
>we'll get it fixed.
>
>T
>___
>tor-relays mailing list
>tor-relays@lists.torproject.org
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Ok. Nothing broken. The Tor readme sample suggests perhaps serving the one 
image asset yourself locally so I was just following that. It's listed as a 
"FIXME" I believe. But no worries.

--

Thanks,

Fabian S.

OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Image asset in Tor readme html

2017-12-19 Thread Fabian A. Santiago 
Can the Tor service not serve up a locally referenced PNG file in the readme 
HTML file used for dirportfrontpage? Mine keeps showing as a broken link.

--

Thanks,

Fabian S.

OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] How long to delist from atlas?

2017-12-18 Thread Fabian A. Santiago 
Hello,

I stood up a second Tor relay on an isp who's tos I didn't read carefully and 
they booted me. That's fine, my mistake. I had a vps and they only allow Tor on 
dedicated hosts. 

So I stood it up again on another known good vps provider and gave it the same 
Nick as the prior attempt.

Now both are listed in atlas, same Nick, but one being offline. 

Is this ok and how long until the offline one is removed from the atlas 
listing? Thanks.
--

Thanks,

Fabian S.

OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Dir address none

2017-12-14 Thread Fabian A. Santiago 
December 14, 2017 3:39 PM, "Fabian A. Santiago" <fsanti...@garbage-juice.com> 
wrote:

> December 14, 2017 1:10 PM, "teor" <teor2...@gmail.com> wrote:
> 
>>> On 15 Dec 2017, at 05:01, Fabian A. Santiago <fsanti...@garbage-juice.com> 
>>> wrote:
>>> 
>>> December 14, 2017 11:50 AM, "teor" <teor2...@gmail.com> wrote:
>>> 
>>> On 15 Dec 2017, at 03:31, Fabian A. Santiago <fsanti...@garbage-juice.com> 
>>> wrote:
>>> 
>>> I'm checking my Tor relay on atlas and the dir address is listed as 'none'. 
>>> I have dirport set in
>>> my torrc file to just a number with no other flags. I can hit the HTML page 
>>> in my browser. I did
>>> just stand up my relay less than 24 hours ago.
>> 
>> Thanks for helping Tor!
>>> Anything I'm missing?
>> 
>> Did you set AccountingMax?
>> Tor disables the DirPort when it doesn't know if you will reach the limit.
>> 
>> Do you have low bandwidth or RAM?
>> 
>> Without more details, like your relay fingerprint, specs, and torrc,
>> it is a bit of a guessing game.
>> 
>> T
>>> Hi,
>>> 
>>> RelayBandwidthRate 10102 KBytes
>>> RelayBandwidthBurst 15102 KBytes
>>> 
>>> AccountingMax 150 GBytes
>> 
>> Tor will turn your DirPort back on when it's sure you won't go over
>> the limit. It's best to just let tor manage this.
>> 
>>> ram = 4gb
>>> 
>>> fingerprint = D122094E396DF8BA560843E7B983B0EA649B7DF9
>>> 
>>> ubuntu 16.04 LTS
>>> 
>>> tor installed via the official tor repo
>>> 
>>> i've also noticed it doesn't seem to be making use of ipv6 but that could 
>>> be my torrc. the file has
>>> been posted here for your review:
>>> 
>>> https://pastebin.com/F6H9ypsL
>> 
>> IPv6 needs to be manually configured in your torrc.
>> (We're working on it.)
>> 
>> Try:
>> 
>> ORPort [IPv6]:9001
>> IPv6Exit 1
>> 
>> T
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> what does 'IPv6Exit 1' tell it to do?
> 
> --
> 
> Thanks,
> 
> Fabian S.
> 
> OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

nvm, found it online. thanks. working now on ipv6. 

--

Thanks,

Fabian S.

OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Dir address none

2017-12-14 Thread Fabian A. Santiago 
December 14, 2017 1:10 PM, "teor" <teor2...@gmail.com> wrote:

>> On 15 Dec 2017, at 05:01, Fabian A. Santiago <fsanti...@garbage-juice.com> 
>> wrote:
>> 
>> December 14, 2017 11:50 AM, "teor" <teor2...@gmail.com> wrote:
>> 
>> On 15 Dec 2017, at 03:31, Fabian A. Santiago <fsanti...@garbage-juice.com> 
>> wrote:
>> 
>> I'm checking my Tor relay on atlas and the dir address is listed as 'none'. 
>> I have dirport set in
>> my torrc file to just a number with no other flags. I can hit the HTML page 
>> in my browser. I did
>> just stand up my relay less than 24 hours ago.
>>> Thanks for helping Tor!
>> 
>> Anything I'm missing?
>>> Did you set AccountingMax?
>>> Tor disables the DirPort when it doesn't know if you will reach the limit.
>>> 
>>> Do you have low bandwidth or RAM?
>>> 
>>> Without more details, like your relay fingerprint, specs, and torrc,
>>> it is a bit of a guessing game.
>>> 
>>> T
>> 
>> Hi,
>> 
>> RelayBandwidthRate 10102 KBytes
>> RelayBandwidthBurst 15102 KBytes
>> 
>> AccountingMax 150 GBytes
> 
> Tor will turn your DirPort back on when it's sure you won't go over
> the limit. It's best to just let tor manage this.
> 
>> ram = 4gb
>> 
>> fingerprint = D122094E396DF8BA560843E7B983B0EA649B7DF9
>> 
>> ubuntu 16.04 LTS
>> 
>> tor installed via the official tor repo
>> 
>> i've also noticed it doesn't seem to be making use of ipv6 but that could be 
>> my torrc. the file has
>> been posted here for your review:
>> 
>> https://pastebin.com/F6H9ypsL
> 
> IPv6 needs to be manually configured in your torrc.
> (We're working on it.)
> 
> Try:
> 
> ORPort [IPv6]:9001
> IPv6Exit 1
> 
> T
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

what does 'IPv6Exit 1' tell it to do?

--

Thanks,

Fabian S.

OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Dir address none

2017-12-14 Thread Fabian A. Santiago 
December 14, 2017 11:50 AM, "teor" <teor2...@gmail.com> wrote:

>> On 15 Dec 2017, at 03:31, Fabian A. Santiago <fsanti...@garbage-juice.com> 
>> wrote:
>> 
>> I'm checking my Tor relay on atlas and the dir address is listed as 'none'. 
>> I have dirport set in
>> my torrc file to just a number with no other flags. I can hit the HTML page 
>> in my browser. I did
>> just stand up my relay less than 24 hours ago.
> 
> Thanks for helping Tor!
> 
>> Anything I'm missing?
> 
> Did you set AccountingMax?
> Tor disables the DirPort when it doesn't know if you will reach the limit.
> 
> Do you have low bandwidth or RAM?
> 
> Without more details, like your relay fingerprint, specs, and torrc,
> it is a bit of a guessing game.
> 
> T
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Hi,

RelayBandwidthRate 10102 KBytes 
RelayBandwidthBurst 15102 KBytes

AccountingMax 150 GBytes

ram = 4gb

fingerprint = D122094E396DF8BA560843E7B983B0EA649B7DF9

ubuntu 16.04 LTS

tor installed via the official tor repo

i've also noticed it doesn't seem to be making use of ipv6 but that could be my 
torrc. the file has been posted here for your review:

https://pastebin.com/F6H9ypsL

thanks.

--

Thanks,

Fabian S.

OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] unbound and DNS-over-TLS (dnsmasq configuration for an exit relay (Debian))

2017-10-09 Thread Santiago R.R. 
El 09/10/17 a las 09:32, Ralph Seichter escribió:
> On 08.10.2017 23:05, Santiago R.R. wrote:
> 
> > I would also suggest to use DNS-over-TLS, so (exit) relays could be
> > able to encrypt their queries to a privacy-aware DNS resolver [...]
> 
> I like SSL for the resulting cost increase in listening to a connection.

AFAIU, some recursive implementations already support TCP fast open
(RFC7413) to reduce the cost of opening a connection.
They also pipeline to send multiple queries over a single TCP
connection.

> However, the Unbound documentation states:
> 
>   ssl-upstream:  Enabled (sic) or disable whether the
>   upstream queries use SSL only for transport. Default is no. Useful
>   in tunneling scenarios.
> 
> Do you have any data on the percentage of queries that fail with SSL
> *only* because upstream nameservers don't support SSL? I imagine the
> majority of servers don't support it (my own authoritative nameservers
> among them).

No, I don't. And I suppose you're right, the majority of upstream
nameservers don't support it. Related RFCs are quite recent, so it's not
surprising.
My stubby resolver works well, and I don't realize about issues querying
external domains.

> Also, manually adding forward-zone entries implies trusting specific
> servers beyond the regular root zone servers, which rubs me the wrong
> way.

Yes, indeed. I trust the people running the relays I listed.

And there is also DNSSEC, where available.

  -- Santiago
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] unbound and DNS-over-TLS (dnsmasq configuration for an exit relay (Debian))

2017-10-08 Thread Santiago R.R. 
El 08/10/17 a las 09:17, Ralph Seichter escribió:
> On 07.10.17 19:39, jpmvtd...@laposte.net wrote:
> 
> > It looks like this package could introduce vulnerabilities if not
> > handled properly, because it provides more than just local DNS cache.
> 
> Unless you have a particular reason to use "dnsmasq", I strongly suggest
> you use "unbound" (https://www.unbound.net) instead. It supports DNSSEC
> and is very easy to configure. Here's a config file for a Tor node with
> both IPv4 and IPv6 interfaces:
> 
>   # /etc/unbound/unbound.conf
>   server:
> interface: 127.0.0.1
> interface: ::1
> root-hints: "/etc/unbound/named.cache"
> log-queries: no
> verbosity: 0
> 
> Optional: If your node has multiple IP addresses and you want to use a
> specific one (usually one not used for Tor) for outbound connections,
> add the line "outgoing-interface: {your-ip-here}" to unbound.conf.
> 
> While "log-queries: no" is the default setting, I always add it anyway,
> in case the unbound authors decide to change this in future releases,
> however unlikely.

I would also suggest to use DNS-over-TLS, so (exit) relays could be able
to encrypt their queries to a privacy-aware DNS resolver, such as those
found in:
https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Test+Servers

server:
 ssl-upstream: yes

forward-zone:
  name: "."
  forward-addr: 2001:470:1c:76d::53@853 # dkg - dns.cmrg.net
  forward-addr: 199.58.81.218@853   # dkg - dns.cmrg.net
  forward-addr: 2a04:b900:0:100::37@853 # getdnsapi.net
  forward-addr: 185.49.141.37@853   # getdnsapi.net
  forward-addr: 2001:913::8@853 # LDN
  forward-addr: 80.67.188.188@853   # LDN
  ...

Other more privacy-aware option is to use the Stubby DNS privacy daemon,
but it is still to experimental:

https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] SSH brute force attempts to connect to my Middle Relay IP address

2017-10-04 Thread Santiago 
El 04/10/17 a las 08:41, Fr33d0m4all escribió:
> I know, I know about how internet works :) I’ve just simply noted a large 
> increase in SSH brute force attempts in the last two weeks. BTW I don’t have 
> root login enabled and I have two factor authentication on my SSH port (not 
> standard), which is enabled only for a single low privileges user, so there’s 
> no problem. I work for a provider and I manage IPS devices, so I know that it 
> is common to have a large amount of intrusion attempts, I was just wondering 
> if there was some attack against Tor nodes going on since the increase of 
> intrusion attempts in the last few weeks :)
> 
> Best regards,

Also, you could consider pam-abl (auto blacklisting) instead of
fail2ban. Relying on PAM, it doesn't need to process the logs to ban
hosts or users.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] About relay size

2017-10-02 Thread Santiago 
El 02/10/17 a las 13:19, Scott Bennett escribió:
> grarpamp <grarp...@gmail.com> wrote:
> 
> > On Mon, Oct 2, 2017 at 3:53 AM, Santiago <santiag...@riseup.net> wrote:
…
> 
>  Huh?  What kind of ISP NATs its customers' connections?  Your ISP
> should be assigning your machine/router a legitimate, unique IPv4 address.
> The assignment is often, even usually, a temporary assignment via DHCP,
> but it should not be a private address.  If NAT is a factor, that should
> happen at the boundary of your own private network, not at an ISP's facility.

It seems that a French ISP was also planning to share an IPv4 address
per four costumers.

…
>  I'll second the above comments.  Most of those little router boxes are
> running some form of LINUX or FreeBSD as an embedded configuration, which
> includes swapping and paging being disabled due to the absence of secondary
> storage.  All of them have limited RAM.  One typical problem with running tor
> on a NATed machine behind such a device is that the NAT table grows until all
> of the real memory on the device has been consumed and there is no more room
> for new NAT entries.

I am not currently able to replace the modem/router my ISP provides. But
I'd plan to give it away in the future.

In the meantime, I think it would be great to have IPv6-only relays, to
avoid this kind of NAT-related issues.

Cheers,

 -- S
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] About relay size

2017-10-02 Thread Santiago 
Hi tor-relay list,

El 30/09/17 a las 14:02, teor escribió:
> On 30 Sep 2017, at 09:55, Andy Isaacson  wrote:
…
> And you can only have 2 tor instances per public IPv4 address.

Why? Is there any place where I can find this kind of info?

Maybe it's another issue, but I have recently tried to run a second
relay behind the same IPv4 address than my first relay, and the
connection quality strongly diminished. I suppose my ISP equipment was
not able to handle the two relays on NAT, but I would need to
investigate further.

Cheers,

-- S
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question on warnings

2016-05-30 Thread Santiago Roland 
Ok thanks both of you, i'll look into it. The control port is blocked from 
outside. I'm using openWRT router as firewall which it is the best i can do for 
the moment, but it gives decent control features so far. The relay itself is 
running on an encrypted LVM debian virtual machine and it has SSH key only 
login, its pretty secure. Hist system is also debian, both frecuently updated, 
and monitored for tootkits with rkhunter and brute force attacks mitogation 
with fail2ban, any other suggestion is welcome.

Best regards,

El 30 de mayo de 2016 6:44:23 PM GMT-03:00, Tristan <supersluet...@gmail.com> 
escribió:
>Not sure where I found this, but I remember reading that Tor changed
>how it
>stored bandwidth information. Arm wasn't updated yet, so it throws an
>error.
>On May 30, 2016 4:32 PM, "Green Dream" <greendream...@gmail.com> wrote:
>
>Hi. Thanks for running a relay. These notice messages are from the
>monitoring tool Arm, and should not affect the Tor process.
>
>If you don't care about Arm and Tor seems to be working okay otherwise,
>you
>could safely ignore these messages. In case you want to look into them
>further, I'll share some thoughts below. It looks like you're running
>on a
>Unix or Linux system, I'll assume Debian or Ubuntu for the moment.
>
>> 20:42:57 [ARM_NOTICE] Unable to prepopulate bandwidth information
>> (unable to read the state file)
>
>
>This is normal in my experience. Arm is trying to read your node's
>bandwidth history to populate the graphs with data collected before you
>started Arm. I don't know why it fails, but you could squelch it by
>adding
>the following config line to ~/.arm/armrc:
>
>  features.graph.bw.prepopulate false
>
>
>> 20:42:56 [ARM_WARN] Unable to read tor's log file:
>> /var/log/tor/log [1duplicate hidden]
>
>
>It looks like Arm doesn't have permission to read /var/log/tor/log. I
>normally start Arm with something like this, so it has the same
>permissions
>as the Tor daemon:
>
>  sudo -u debian-tor arm
>
>
>> 20:42:56 [ARM_NOTICE] Tor is preventing system utilities like netstat
>>  and lsof from working. This means that arm can't provide you with
>> connection information. You can change this by adding
>> 'DisableDebuggerAttachment 0' to your torrc and restarting tor. For
>> more information see... https://trac.torproject.org/3313
>
>
>You need to add the following to /etc/tor/torrc if you want to utilize
>all
>the features of Arm:
>
>  DisableDebuggerAttachment 0
>
>It's disabled by default for security (with a value of '1'), so think
>carefully before doing this. It "reduces security by enabling debugger
>attachment to the Tor process. This can be used by an adversary to
>extract
>keys." (Quoting from
>https://trac.torproject.org/projects/tor/ticket/13880).
>If you do enable the deubgger attachment for Arm, make sure your
>control
>port is locked down (not reachable from the Internet or from other
>hosts
>you don't control, etc.)
>
>
>
>___
>tor-relays mailing list
>tor-relays@lists.torproject.org
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
>
>
>___
>tor-relays mailing list
>tor-relays@lists.torproject.org
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Santiago Roland.-
--
Jabber: santi...@jabber.undernet.uy
Diaspora*: http://bit.ly/diasr
GNU Social: http://bit.ly/gnusr
openPGP ID: 7BE512C5
openPGP key: http://bit.ly/pgpsr
CX1DR - Grid Locator: GF25bf
--___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Question on warnings

2016-05-30 Thread Santiago Roland 
Hi, i have installed a non-exit relay in my home server and for many
days i have had this warnings:

20:42:57 [ARM_NOTICE] Unable to prepopulate bandwidth information
(unable to read the state file)
 20:42:56 [ARM_WARN] Unable to read tor's log file: /var/log/tor/log [1
duplicate hidden]
 20:42:56 [ARM_NOTICE] Tor is preventing system utilities like netstat
and lsof from working. This means that arm can't provide you with
connection information. You can change this by adding
'DisableDebuggerAttachment 0' to your torrc
   and restarting tor. For more information see...
   https://trac.torproject.org/3313
 20:42:52 [ARM_NOTICE] No armrc loaded, using defaults. You can
customize arm by placing a configuration file at
'/home/santiago/.arm/armrc' (see the armrc.sample for its options).

I just wanted to know if there are safe warnings or should i modify
something in my config

Best regards,

-- 
Santiago Roland.-
-
Jabber: santi...@undernet.uy
GNU Social: http://bit.ly/gnusr
openPGP ID: 5ADF0F53
openPGP key: http://bit.ly/pgpun
CX1DR - Grid Locator: GF25bf
-



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] What's this Abuse

2016-05-20 Thread Santiago Roland 
Well there is one, MontevideoCOMM, they are run by the Opus Dei right wing 
company owners, gossip say. I simply don't trust them. I do run my stuff in my 
self hosted home server. I think they charge like 50 usd/month for 1Mbps 
bandwidth, 10gb hdd, 1 core and 1gb ram, i host myself a 5-core, 2.5Mbps, 1TB 
hdd and 4gb ram for 10usd of electricity.

El 20 de mayo de 2016 7:53:06 PM GMT-03:00, I <beatthebasta...@inbox.com> 
escribió:
>Do you know of a VPS for an exit?
>
>Robert
>
>
>___
>tor-relays mailing list
>tor-relays@lists.torproject.org
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Santiago Roland.-
--
Jabber: santi...@jabber.undernet.uy
Diaspora*: http://bit.ly/diasr
GNU Social: http://bit.ly/gnusr
openPGP ID: 7BE512C5
openPGP key: http://bit.ly/pgpsr
CX1DR - Grid Locator: GF25bf
--___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] What's this Abuse

2016-05-20 Thread Santiago Roland 
I agree with Green, the mail is very impolite and looks very
unprofessional, and saying just "stop" and pasting that raw log, makes
me think that they just wanted your attention, hey i see you what you
got there, nothing more than that. They should be addressing you in a
more educated fashion, other than "stop".

I would like to salute everyone and tell everybody that i started a
non-exit tor relay in Uruguay (as well as OONI probe also), where i
live, place that appears not to have any tor relays of any kind. Let's
see how this turns out.

Best regards,

Santiago Roland.-
-
Jabber: santi...@undernet.uy
GNU Social: http://bit.ly/gnusr
openPGP ID: 5ADF0F53
openPGP key: http://bit.ly/pgpun
CX1DR - Grid Locator: GF25bf
-

El 20/05/16 a las 14:33, Green Dream escribió:
> I'm questioning the competency of the ISP for several reasons. 1) They
> should be clear in communicating about whatever they view as abuse. Just
> telling you to "stop" without explanation is unprofessional at best. 2)
> This doesn't even look like abuse worth reporting (i.e., "welcome to the
> Internet"). 3) They sent you non-redacted logs containing what looks
> like browsing history of other customers? Wow.
> 
> I would personally just explain you are running a Tor relay. If they
> object, that's within their right really, but it might be time to find a
> new ISP in any case.
> 
> 
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays