[tor-relays] Unsubscribing
Dear list, The last days on this list were stunning, to say the least. I'm going to unsubscribe today and i will decide tomorrow if i shut down all my relays. -- Sincerely yours / M.f.G. / Sincères salutations Sebastian Urbach ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] I was banned from PayPal
Hi Potlatch, Is that an Exit relay ? The tineframe is really odd ... -- Sincerely yours / M.f.G. / Sincères salutations Sebastian Urbach Am 11. März 2021 08:59:24 schrieb potlatch : Today I received a message from PayPal that paying for Tor relay server leases was a direct violation of my usage agreement. I have been paying off-shore VPS hosts for my Tor server leases with PayPal for at least ten years. Very interesting that they act now. They specifically state the ban was for: Providing file sharing services or access to newsgroups; or selling alcoholic beverages, non-cigarette tobacco products, e-cigarettes or prescription drugs/devices. They further state that the ban is permanent and not reversible. I liked using PayPal because it was a safe way to pay and didn't expose my credit card information. Before PayPal I used a prepaid card which I will probably go back too. --Potlatch Sent with [ProtonMail](https://protonmail.com) Secure Email. -- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Internal Services
Hi Damian, s7r replied off-list, let's see what he can do. -- Sincerely yours / M.f.G. / Sincères salutations Sebastian Urbach -- Alissa Sinowjewna Rosenbaum aka Ayn Rand (1905-1982): We can igenore reality, but we cannot ignore the consequences of ignoring reality. Am 14. Oktober 2018 23:13:13 schrieb Damian Johnson : If someone on this list can take care of trac tickets directed to internal services please contact me. Hi Sebastian. Different services are maintained by different people. Without more detail this can't be answered. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor Relay Setup
Hi, Am 24. Februar 2018 18:24:07 schrieb "Gabe D." <ga...@protonmail.com>: Hey Guys, Ive an issue... I wanted to aid the network and setup a tor exit node, however its failing to do so, everything looks perfect config wise and it says "publishing server descriptor" no errors but the node never shows up in tor atlas, is there something i may be doing wrong? This is my config: ORPort 9001 ExitRelay 1 Nickname ** ContactInfo ** DirPort 80 DisableDebuggerAttachment 0 ControlPort 9051 CookieAuthentication 1 -- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays The Exit Policy ? -- Sincerely yours / M.f.G. / Sincères salutations Sebastian Urbach We can igenore reality, but we cannot ignore the consequences of ignoring reality. Alissa Sinowjewna Rosenbaum (1905-1982) ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] ISP is aking me to send a selfie holding my identity card
Hi, I'm a online.net customer for a few yeas (france) and never have been asked for an id card or social media account. Every few month or so i get a complaint regaring my fast Exit (500 mbit+). I have to respond within 48 or 72 hours (do no recall exactly) via their web console and everything is fine. If there is no reply within this timeframe they block the system. Hope that helps. -- Sincerely yours / M.f.G. / Sincères salutations Sebastian Urbach We can igenore reality, but we cannot ignore the consequences of ignoring reality. Alissa Sinowjewna Rosenbaum (1905-1982) Am 8. Dezember 2017 02:56:09 schrieb niftybunny <ab...@to-surf-and-protect.net>: I do not think they will compromise and this is “normal” behaviour for a ISP from Europe. Online.net <http://online.net/> is cheap, fast and has good support. I would send them what they demanded. In Germany you have to send them a copy of your passport before they even get you a server. Got this with Hetzner. So, nothing to worry about. Cheers, Markus On 8. Dec 2017, at 02:41, Tanous <tan...@protonmail.com> wrote: Thanks Markus, I'll ask them if there is another way to unlock my account. In this situations i'm never certain if I have been hacked or something... Regards, Tanous Original Message Subject: Re: [tor-relays] ISP is aking me to send a selfie holding my identity card Local Time: December 7, 2017 11:26 PM UTC Time: December 8, 2017 1:26 AM From: ab...@to-surf-and-protect.net To: tor-relays@lists.torproject.org Same happened here. Sent them their stuff they demanded and 2 days later my account was restored and they are “fine” with abuse. Cheers, Markus On 8. Dec 2017, at 02:24, Tanous <tan...@protonmail.com <mailto:tan...@protonmail.com>> wrote: it is Online.net <http://online.net/>. Sent with ProtonMail <https://protonmail.com/> Secure Email. Original Message Subject: Re: [tor-relays] ISP is aking me to send a selfie holding my identity card Local Time: December 7, 2017 10:57 PM UTC Time: December 8, 2017 12:57 AM From: ab...@to-surf-and-protect.net <mailto:ab...@to-surf-and-protect.net> To: tor-relays@lists.torproject.org <mailto:tor-relays@lists.torproject.org> DigitalOcean demanded access to my FaceBook and Twitter account for verification … I do not own a Twitter or Facebook account … Which ISP is it? Cheers, Markus On 8. Dec 2017, at 01:54, Tanous tan...@protonmail.com <mailto:tan...@protonmail.com> wrote: Hi, Im running an exit relay for 116 days. Today i received an email from my ISP saying that my account has been locked for security reasons. They asked me to send a copy of my identity card and a selfie holding it. I found that very odd and i feel uncomfortable sending that data to them. Should i give up to running my exit relay and find another ISP? By the way, i had received an abuse complaint a day before, due to Brute force attempts. Best Regards, Tanous tor-relays mailing list tor-relays@lists.torproject.org <mailto:tor-relays@lists.torproject.org> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays> tor-relays mailing list tor-relays@lists.torproject.org <mailto:tor-relays@lists.torproject.org> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays> ___ tor-relays mailing list tor-relays@lists.torproject.org <mailto:tor-relays@lists.torproject.org> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Atlas / Onionoo ...
Back on the road ;-) -- Sincerely yours / M.f.G. / Sincères salutations Sebastian Urbach --- Those who surrender freedom for security will not have, nor do they deserve, either one. --- Benjamin Franklin (1706-1790) ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor t-shirts
Hi, Regarding the shirts: https://www.torproject.org/getinvolved/tshirt.html -- Sincerely yours / M.f.G. / Sincères salutations Sebastian Urbach --- Those who surrender freedom for security will not have, nor do they deserve, either one. --- Benjamin Franklin (1706-1790) Am 20. Oktober 2017 21:46:46 schrieb Tyler Johnson <tylrcjh...@gmail.com>: On Oct 20, 2017 14:38, "Vasilis" <a...@torproject.org> wrote: Has everyone eligible for a Tor t-shirt got one already? What is the criteria for said eligibility? -- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Blocking outbound 22 or no?
Good Evening, What Dirk just described is exactly what happened here. Timeframe matches and i disabled port 22 as well. Adjusting the port for your own system seems to be a good idea and it is working very well for me. -- Sincerely yours / M.f.G. / Sincères salutations Sebastian Urbach --- Those who surrender freedom for security will not have, nor do they deserve, either one. --- Benjamin Franklin (1706-1790) Am 5. Oktober 2017 20:55:54 schrieb tor-relay.d...@o.banes.ch: Hello AMuse, we faced the same about 1-2 month ago. Actuall people use fail2ban which creates abuse mails to you provider. Thats not new. But recently the abuse mails have risen to numbers which lead us to believe there are acutally more people abusing ssh via tor than people really using it. In the end we disabled port 22. After all - any sysadmin who wants to have peace and ever looked a ssh config will have its listen port somewhere else than 22. best regards Dirk On 05.10.2017 19:08, AMuse wrote: Hi all! I'm getting a number of ISP Abuse complaints around outbound ssh brute-forcing from our exit relay. I'm personally of the opinion that people should run fail2ban (or equiv) and get on with life and I generally ignore the complaints - but wondered, what are other operators doing? Is anyone exit-policy blocking outbound 22 to make the internet a kinder place? Is anyone refusing to on principle? ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Info about HW Encryption on Raspberry
Hi, You could try to set the loglevel to "debug". As far as i can remember you should get that info when you restart the daemon. -- Sincerely yours / M.f.G. / Sincères salutations Sebastian Urbach --- Those who surrender freedom for security will not have, nor do they deserve, either one. --- Benjamin Franklin (1706-1790) Am 29. September 2017 14:42:14 schrieb Fr33d0m4all <fr33d0m4...@riseup.net>: Hi, I have a Raspberry Pi3 that runs a Tor mid-relay and I’ve noticed that in the last weeks it reaches high temperatures (about 76°C) due to high CPU usage when Tor traffic increases. It did not reach this temperature until this summer (but it is not due to an higher environment temperature), so I don’t know if it can be related to 0.3 version. Now I’m running Tor 0.3.1.7. Should Tor 0.3.x use Raspberry Pi3 AES-NI hardware acceleration to reduce high cpu usage? Is there a way to check and enable it if disabled? # openssl speed -evp aes-256-cbc Doing aes-256-cbc for 3s on 16 size blocks: 5560204 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 64 size blocks: 1631984 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 256 size blocks: 425826 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 1024 size blocks: 107776 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 8192 size blocks: 13489 aes-256-cbc's in 3.00s OpenSSL 1.0.1t 3 May 2016 built on: Fri Jan 27 22:44:27 2017 options:bn(64,32) rc4(ptr,char) des(idx,cisc,16,long) aes(partial) blowfish(ptr) compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-z,relro -Wa,--noexecstack -Wall -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DGHASH_ASM The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes aes-256-cbc 29654.42k34815.66k36337.15k36787.54k36833.96k Best regards, Fr33d0m4All ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] NTor
Dear List, I just noticed an increase from 670k to 8.8 million NTor handshakes. CPU load reached the limit and Consensus Weight dropped. Something is going around ... https://atlas.torproject.org/#details/4198BD138E5E11B15B05C826B427148CED7D99FE -- Sincerely yours / M.f.G. / Sincères salutations Sebastian Urbach --- Those who surrender freedom for security will not have, nor do they deserve, either one. --- Benjamin Franklin (1706-1790) ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Bug Report for 3.1.7 (Debian)
Good Morning, I just updated my Exit to 3.1.7 (Debian) a few hours ago and found this: [warn] tor_bug_occurred_(): Bug: ../src/common/compress.c 576: Sep 22 15:01:46.000 [warn] Bug: Non-fatal assertion !((rv == TOR_COMPRESS_OK) && *iSep 22 15:01:46.000 [warn] Bug: /usr/bin/tor(log_backtrace+0x43) [0x560c022013eSep 22 15:01:46.000 [warn] Bug: /usr/bin/tor(tor_bug_occurred_+0xb9) [0x560c022Sep 22 15:01:46.000 [warn] Bug: /usr/bin/tor(tor_compress_process+0x135) [0x560Sep 22 15:01:46.000 [warn] Bug: /usr/bin/tor(+0x18e715) [0x560c02223715] (on To 1Help 2Wrap 3Quit 4Hex5Goto6 7Search 8Raw9Format 10Quit Please contact me for further information if needed. -- Sincerely yours / M.f.G. / Sincères salutations Sebastian Urbach --- Those who surrender freedom for security will not have, nor do they deserve, either one. --- Benjamin Franklin (1706-1790) ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] A Common Thread: Guard Status
Hi Kurt, Guard" -- A router is a possible Guard if all of the following apply: - It is Fast. - It is Stable. - Its Weighted Fractional Uptime is at least the median for "familiar" active routers, - It is "familiar", - Its bandwidth is at least AuthDirGuardBWGuarantee (if set, 2 MB by default), OR its bandwidth is among the 25% fastest relays. You don't have the stable flag. Details: https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt -- Sincerely yours / M.f.G. / Sincères salutations Sebastian Urbach --- Those who surrender freedom for security will not have, nor do they deserve, either one. --- Benjamin Franklin (1706-1790) Am 20. September 2017 01:39:20 schrieb "K. Besig" <supr...@gmail.com>: E65D300F11E1DB12C534B0146BDAB6972F1A8A48 On Sep 19, 2017 9:33 AM, "Sebastian Urbach" <sebast...@urbach.org> wrote: Hi Kurt, Am 19. September 2017 18:11:02 schrieb Kurt Besig <kbe...@socal.rr.com>: Just curious and I know it's probably been answered 100x times... I recently updated Tor to an, 'approved version', after 340+ days of up time. Upon restarting the relay, 25 days ago, Ive not been given the 'guard flag' again. Why? Please provide the Fingerprint or Name of your relay. -- Sincerely yours / M.f.G. / Sincères salutations Sebastian Urbach --- Those who surrender freedom for security will not have, nor do they deserve, either one. --- Benjamin Franklin (1706-1790) ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] A Common Thread: Guard Status
Hi Kurt, Am 19. September 2017 18:11:02 schrieb Kurt Besig <kbe...@socal.rr.com>: Just curious and I know it's probably been answered 100x times... I recently updated Tor to an, 'approved version', after 340+ days of up time. Upon restarting the relay, 25 days ago, Ive not been given the 'guard flag' again. Why? Please provide the Fingerprint or Name of your relay. -- Sincerely yours / M.f.G. / Sincères salutations Sebastian Urbach --- Those who surrender freedom for security will not have, nor do they deserve, either one. --- Benjamin Franklin (1706-1790) ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Shirts
Hi Roger, They saw me wearing: https://www.torservers.net/wiki/_media/ttshirt/tor-green.jpg That's the shirt they don't like: https://www.torproject.org/images/torshirtsob.jpg Thanks for the contact info. -- Sincerely yours / M.f.G. / Sincères salutations Sebastian Urbach --- Those who surrender freedom for security will not have, nor do they deserve, either one. --- Benjamin Franklin (1706-1790) Am 17. August 2017 10:17:10 schrieb Roger Dingledine <a...@mit.edu>: On Thu, Aug 17, 2017 at 09:53:12AM +0200, Sebastian Urbach wrote: I was asked recently by friends & family if i could get the traditional Tor shirt for them. I showed them the new Tor shirt and well let's say they really want the traditional shirt. Which one is new and which one is traditional? There have been like eight Tor shirt designs by now. :) I would suggest contacting tshirt@tp.o among the other steps you take. --Roger ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Shirts
Good Morning, I was asked recently by friends & family if i could get the traditional Tor shirt for them. I showed them the new Tor shirt and well let's say they really want the traditional shirt. Any chance to get it anywhere ? torservers.net is just offering size M /L and that's not going to work ... Thanks -- Sincerely yours / M.f.G. / Sincères salutations Sebastian Urbach --- Those who surrender freedom for security will not have, nor do they deserve, either one. --- Benjamin Franklin (1706-1790) ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] no abuse complaints?
Hi Erik, You seem to have a rather limited Exit Policy and not that much bandwidth. You are flying a bit under the radar for complaints ;-) I had 4 complaints since i started: 4198BD138E5E11B15B05C826B427148CED7D99FE -- Sincerely yours / M.f.G. / Sincères salutations Sebastian Urbach --- Those who surrender freedom for security will not have, nor do they deserve, either one. --- Benjamin Franklin (1706-1790) Am 13. Juli 2017 10:25:00 schrieb Erik Winter <djh...@zerocontent.org>: This might be a bit of a weird question, but I keep wondering about it, so I'll try it anyway. Since April I run an exit node, this one to be precise: 84FAA41C7A7E83EC18964683E1DBA4B6C9E63492 According to Atlas, it works as it should. I have an exit page and a whois, both with valid email adresses. There is some spam filtering, but I also check that folder. In those months, I have received no complaints at all. Not one mail was sent about the exit. Now, this is of course a good thing. We don't want complaints. But it is not what I expected and what I prepared for, so I keep wondering whether I'm doing something wrong. I live in The Netherlands and the level of education about Tor is supposed be high. That might keep authoroties from complaining, but I also heard about bots that send copyright violation notices. So far, they haven't been able to find me Any ideas? Erik Winter ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Exit / Bad Gateway
Dear list,
Well Faravahar is finally back but im still wondering why my System
(located in France) is measured by exactly 1 System a few thousand miles away.
--
Sincerely yours / M.f.G. / Sincères salutations
Sebastian Urbach
---
Those who surrender freedom for security will
not have, nor do they deserve, either one.
---
Benjamin Franklin (1706-1790)
Am 27. Juni 2017 14:04:50 schrieb teor <teor2...@gmail.com>:
TL;DR:
Faravahar is down, that's probably what's causing it.
On 27 Jun 2017, at 21:05, Florentin Rochet <florentin.roc...@uclouvain.be>
wrote:
...
Same for my exit. I just count that 220 exit relays over 869 have their
Consensus Weight at 20.
...
On 2017-06-27 12:49, Logforme wrote:
On 2017-06-27 12:35:21, "Sebastian Urbach" <sebast...@urbach.org> wrote:
...
My Exit:
https://atlas.torproject.org/#details/4198BD138E5E11B15B05C826B427148CED7D99FE
My Consendus Weight dropped to 20 today
Hi Florentin, Sebastian,
Faravahar is down, so we are down to 3 bandwidth authorities, which
changes the median bandwidth for some relays. It also means that
relays that were only measured by Faravahar will get a bandwidth of
20. (Relays with 1 or 2 measurements will have unstable bandwidths.)
You can just wait it out until North America wakes up :-)
You can check the measurement details for your relay if you want.
There's a wiki page for relay operators with slow relays:
https://trac.torproject.org/projects/tor/wiki/doc/MyRelayIsSlow
and i found the following in notices.log:
Jun 27 12:03:35.000 [warn] http status 502 ("Bad Gateway") reason
unexpected while uploading descriptor to server '154.35.175.225:80').
Jun 27 12:07:35.000 [warn] Received http status code 502 ("Bad Gateway")
from server '154.35.175.225:80' while fetching
"/tor/server/d/C8B7BA97808F42802FCC2DF231A85ACB5B8D848A.z". I'll try again
soon.
…
Faravahar is down, so that might be why its caching proxy is giving
this response.
https://atlas.torproject.org/#details/CF6D0AAFB385BE71B8E111FC5CFF4B47923733BC
T
--
Tim Wilson-Brown (teor)
teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
--
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Exit / Bad Gateway
Dear list,
My Exit:
https://atlas.torproject.org/#details/4198BD138E5E11B15B05C826B427148CED7D99FE
My Consendus Weight dropped to 20 today and i found the following in
notices.log:
Jun 27 12:03:35.000 [warn] http status 502 ("Bad Gateway") reason
unexpected while uploading descriptor to server '154.35.175.225:80').
Jun 27 12:07:35.000 [warn] Received http status code 502 ("Bad Gateway")
from server '154.35.175.225:80' while fetching
"/tor/server/d/C8B7BA97808F42802FCC2DF231A85ACB5B8D848A.z". I'll try again
soon.
Any ideas what to do or just sit it out ?
--
Sincerely yours / M.f.G. / Sincères salutations
Sebastian Urbach
---
Those who surrender freedom for security will
not have, nor do they deserve, either one.
---
Benjamin Franklin (1706-1790)
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Performance
Dear list, I noticed a higher CPU load on my Exit since i recently upgraded from 0.2.9.x to 0.3.0.x and thought maybe it is just a matter of tweaking the config for 0.3.0. I could not find anything wrong and checked: https://metrics.torproject.org/torperf.html Is it just me or does that looks like a major Performance Downgrade for the whole Network since 0.3.0.x was introduced ? Looks to me like roughly 50% or more loss of Performance depending on the File size. Was that to be expected for 0.3.0.x ? -- Sincerely yours / M.f.G. / Sincères salutations Sebastian Urbach --- Those who surrender freedom for security will not have, nor do they deserve, either one. --- Benjamin Franklin (1706-1790) ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] TROVE-2017-002: deb.torproject.org 0.3.0.x repos updated
Exactly Ralph, the same here. -- Sincerely yours / M.f.G. / Sincères salutations Sebastian Urbach --- Those who surrender freedom for security will not have, nor do they deserve, either one. --- Benjamin Franklin (1706-1790) Am 21. Mai 2017 13:50:59 schrieb Ralph Seichter <tor-relays...@horus-it.de>: On 19.05.2017 16:16, nusenu wrote: tor 0.3.0.7 reached the deb.tpo repos Just to make sure I don't misunderstand: As of today, should using deb http://deb.torproject.org/torproject.org jessie main deb-src http://deb.torproject.org/torproject.org jessie main result in Tor 0.3.0.7 being used? I still see Tor 0.2.9.10 (git-e28303bcf90b842d) and it won't update. -Ralph ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Tor Exit & Law
Hi, It is almost never a good idea to run an Exit@home: https://www.torproject.org/eff/tor-legal-faq.html.en -- Sincerely yours / M.f.G. / Sincères salutations Sebastian Urbach --- Those who surrender freedom for security will not have, nor do they deserve, either one. --- - Benjamin Franklin (1706-1790) ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Relay not receiving Guard flag
Hi, Not enough bandwidth for a guard as far as i can tell. -- Sincerely yours / M.f.G. / Sincères salutations Sebastian Urbach --- Those who surrender freedom for security will not have, nor do they deserve, either one. --- - Benjamin Franklin (1706-1790) Am 3. März 2017 23:34:49 schrieb Norris Thomlinson <nor...@aktivix.org>: Hi all, I've had a relay running for 41 days, with Flags: Fast HSDir Running Stable V2Dir Valid...but no Guard flag. My impression from "Lifecycle of a new relay" at https://blog.torproject.org/blog/lifecycle-of-a-new-relay is that the Guard flag should be added within about 2 weeks of starting a relay. Is that post out of date? Or am I missing something I need to enable to allow my relay to be a Guard? Atlas entry for my relay: https://atlas.torproject.org/#details/9C2BF9B1E30EBB1A3836FA04BEEE8CC192CC1E5B Thanks! Norris Thomlinson Deep Green Resistance Webmaster -- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] T-shirts and Confirming Relay Control
On May 3, 2015 7:45:39 PM Matthew Finkel matthew.fin...@gmail.com wrote:
Hi Matthew,
Hi Ops,
We recently began responding to t-shirt requests again. Sorry for the
long silence. There's been a lot happening around here but not enough
0 time or people to do everything, so the t-shirt requests simply remained
untouched. But, despite the overload, t-shirts are important because
they are a small token of our thanks and appreciation for making the
network what it is today.
We responded to around 70 t-shirt requests from relay operators in
April, which comprised all requests for which we could verify (within
reason) the request came from the person who controlled the qualifying
relay. We still have another 20 requests where the requestor is not
obviously the owner of the relay. Currently the content of a relay's
Contact field is used, but this does not always provide enough (or any)
information. For this case, we need an authentication mechanism which
proves control of the relay but is something relay operators won't mind
running.
I'm really not amused. As i recall a bunch of people including myself
offered to help. I get the distinct impression that you keep everything
within a small circle of people, no matter what. Even if that means that
services are suffering.
My currently plan is to ask relay operators to sign the fingerprint file
which tor creates. The major disadvantage of this method is that it must
be run as root (or a user with access to tor's data directory).
The following process is the current plan, but does anyone have a better
idea? Does it seem logical?
When we receive a t-shirt request from someone who isn't obviously in
control of the relay, we ask them to sign their fingerprint file with
a unique salt.
Assuming the path to their data dir is /var/lib/tor, we ask them to run:
$ (echo -n salt ; cat /var/lib/tor/fingerprint) | openssl sha256 \
-binary | openssl pkeyutl -inkey /var/lib/tor/keys/secret_id_key \
-sign -pkeyopt digest:sha256 -pkeyopt rsa_padding_mode:pss \
-pkeyopt rsa_pss_saltlen:32 | openssl base64 signed_fingerprint
They send us both /var/lib/tor/fingerprint and signed_fingerprint.
When we receive them, we confirm the fingerprint in the fingerprint file
matches the qualifying relay. Then we retrieve the relay's public key
from its descriptor and convert it into pkcs#8 format using:
$ openssl rsa -pubin -in pubkey_pkcs1 -RSAPublicKey_in -out pubkey
and then we verify the sig using following commands:
$ (echo -n salt ; cat fingerprint) | openssl sha256 -binary | \
openssl pkeyutl -pubin -verify -inkey pubkey -sigfile \
$(OUT=/tmp/signed_fingerprint_bin; base64 -d signed_fingerprint \
${OUT}; echo ${OUT}) -pkeyopt digest:sha256 -pkeyopt \
rsa_padding_mode:pss -pkeyopt rsa_pss_saltlen:32; rm \
/tmp/signed_fingerprint_bin;
This should yield Signature Verified Successfully.
Another disadvantage of this is PSS wasn't implemented in openssl's
apps until 1.0.1. I wonder how many relays are running on servers which
are still using openssl 0.9.8 (and 1.0.0?). For these servers we can
fallback on pkcs#1 v1.5 signatures.
The signature can be created using a command similar to the one above:
$ (echo -n salt ; cat /var/lib/tor/fingerprint) | openssl dgst \
-sha256 | openssl rsautl -inkey /var/lib/tor/keys/secret_id_key \
-sign | openssl base64 signed_fingerprint
Again, they provide /var/lib/tor/fingerprint and signed_fingerprint,
and we verify using:
$ test $(openssl base64 -d -in signed_fingerprint | openssl rsautl \
-pubin -verify -inkey pubkey) = $((echo -n salt ; cat \
fingerprint) | openssl dgst -sha256); echo $?
In addition, again, we confirm the fingerprint in the fingerprint file
matches the fingerprint of the qualifying relay.
Originally I used a few bashisms which made these simpler, but for
this I suspect portability is important.
Sorry this is a bit long.
Thanks,
Matt
--
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
--
Sincerely yours / Sincères salutations / M.f.G.
Sebastian Urbach
-
Religion is fundamentally opposed to
everything I hold in veneration - courage,
clear thinking, honesty, fairness, and,
above all, love of the truth.
-
Henry Louis Mencken (1880 - 1956),
American journalist, essayist, magazine
editor, satirist and critic.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Unreachable ORPort - Potential ISP block?
On April 5, 2015 9:32:37 PM CJ Barlow iamthech...@gmail.com wrote: Hi, I'm attempting to run a Relay but I haven't been able to get it the ORPort to be confirm as reachable. I've tried lots of things but I'm hoping there is something I haven't thought of yet that can make this work! I've got a 50Mbps symmetrical connection (without data caps) that I would love to have the Tor network utilize. Hardware info: - Asus RT-N66U running DD-WRT - Raspberry Pi 2 running Raspbian - SanDisk MicroSDHC UHS-I 16GB Here are all the steps I've taken: - Formatted the MicroSDHC with Win32DiskImager. - Followed the Instructables Raspberry Pi Tor Relay configuration guide. - Port forwarded via NAT/QoS then Port Forwarding. Protocol is set to TCP, double-checked IP is what is assigned to Raspberry Pi 2 and enable box is checked. - ORPort set to 9001. Also changed ORPort to 443, did sudo service tor reload and changed the port in the forwarding section of my router. - Tried router DMZ for Raspberry Pi LAN IP. I would really like to get this to work, if possible. I can't run an Exit node on my connection but since my connection sits unused for most of the day it should be put to good relay use. Could you provide your fingerprint ? -- Sincerely yours / Sincères salutations / M.f.G. Sebastian Urbach - Religion is fundamentally opposed to everything I hold in veneration - courage, clear thinking, honesty, fairness, and, above all, love of the truth. - Henry Louis Mencken (1880 - 1956), American journalist, essayist, magazine editor, satirist and critic. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] New relay not recognised by weathermap
On March 31, 2015 12:41:42 AM Sharif Olorin s...@tesser.org wrote: Hi Sharif, Hi all, I configured a new relay[0] yesterday, and recently tried to sign up for the Weathermap[1], wherein I get a could not locate a Tor node with that fingerprint error message. The node's definitely been up for more than an hour, and Atlas can see it[2]. Is this expected behaviour, or might it indicate an issue with my configuration? I've checked everything on the potential problems list - the node does exist, the fingerprint is correct, it's been up for more than an hour, hasn't been down for over a year, and running a recent (0.2.5.11) version of Tor. It can take a while, just try again in the next 24-48 hours. Don't worry right now. Thanks, Sharif [0] dendrocyte.wiredlaboratories.com.au/03B5C7B81CA56DF3CCC31FDA8032A7763B8B50B4 [1] https://weather.torproject.org/subscribe/ [2] https://atlas.torproject.org/#details/03B5C7B81CA56DF3CCC31FDA8032A7763B8B50B4 -- PGP: 6FB7 ED25 BFCF 3E22 72AE 6E8C 47D4 CE7F 6B9F DF57 -- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Sincerely yours / Sincères salutations / M.f.G. Sebastian Urbach - Religion is fundamentally opposed to everything I hold in veneration - courage, clear thinking, honesty, fairness, and, above all, love of the truth. - Henry Louis Mencken (1880 - 1956), American journalist, essayist, magazine editor, satirist and critic. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] New relay not recognised by weathermap
On March 31, 2015 1:12:21 AM Sharif Olorin s...@tesser.org wrote: Hi, It can take a while, just try again in the next 24-48 hours. Don't worry right now. Ah, thanks, good to know. Might it be worth updating the fingerprint not found page to say a few days rather than an hour? The current version seems to imply that it's expected to be working inside that timeframe. From what i understand we are a bit short of weather developers at the moment ... It should work in the mentioned timeframe but i think that's not going to happen until the code is reviewed and maintained. The weather issues are well known. -- Sincerely yours / Sincères salutations / M.f.G. Sebastian Urbach - Religion is fundamentally opposed to everything I hold in veneration - courage, clear thinking, honesty, fairness, and, above all, love of the truth. - Henry Louis Mencken (1880 - 1956), American journalist, essayist, magazine editor, satirist and critic. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] New relay not recognised gy weathermap
Sharuf, I completely forgot to welcome you and thank you for running a relay ! So, welcome and i hope you stay for quite a while :-) -- Sincerely yours / Sincères salutations / M.f.G. Sebastian Urbach - Religion is fundamentally opposed to everything I hold in veneration - courage, clear thinking, honesty, fairness, and, above all, love of the truth. - Henry Louis Mencken (1880 - 1956), American journalist, essayist, magazine editor, satirist and critic. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Hardware specs for Tor Relay
On March 26, 2015 8:59:45 PM yl t...@yl.ms wrote: Hi, Hello, I clicked myself a cheap vserver 20 days ago and it runs Tor since then. I mainly did this to play a bit with the relay, try around and so. I took over another relay a while ago, an exit, I don't want to try around on that. It runs well, I got about 4,4 TB data up AND down since then, I have it running with 20-40Mb/s on a 100Mb/s connection (according to the hoster 100Mb/s), it runs as a non exit. CPU load it pretty high all the time according to arm it's about 80-100%, but with htop I can see that only one core of the CPU is busy, the others are not. I figured that the CPU is so busy because the vserver doesn't have AES-NI, which I confirmed by some command I run (forgot the command). Did you ask them if you can get it ? I had a VPS a while ago and they said we disabled that for compatibility reasons but if you want it we will turn it on. And they did it for free :-) So I thought I might wanna move that relay to another server, maybe at the same hoster to get higher data transfer. What hardware specs do you have and is my assumption correct with the AES-NI being one part of the bottleneck? It is the no. 1 bottleneck from my experience. I still hope that we are going to see the crypto-multithreading feature at some point in the future. -- Sincerely yours / Sincères salutations / M.f.G. Sebastian Urbach - Religion is fundamentally opposed to everything I hold in veneration - courage, clear thinking, honesty, fairness, and, above all, love of the truth. - Henry Louis Mencken (1880 - 1956), American journalist, essayist, magazine editor, satirist and critic. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] keeping tor relays operational
On March 14, 2015 7:46:16 AM Larry Brandt lbra...@cni.net wrote: Hi Larry, Sorry if this question has been answered dozens of times before. I have a middle relay that has been operational since last summer. I wish to make some alterations to my torrc file and make these changes operationally active without stopping and restarting tor. Is this possible? I experience a bit of down time whenever I up bandwidth, change contact info, etc. I'm also disapointed when ubuntu sends updates that require a server restart. What is the best method to handle this on a stand-alone server? You can use the -reload option after changing your torrc. The daemon keeps running but reloads the config file. -- Sincerely yours / Sincères salutations / M.f.G. Sebastian Urbach - Religion is fundamentally opposed to everything I hold in veneration - courage, clear thinking, honesty, fairness, and, above all, love of the truth. - Henry Louis Mencken (1880 - 1956), American journalist, essayist, magazine editor, satirist and critic. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Legal situation of tor in Europe
On March 9, 2015 3:14:37 PM s7r s...@sky-ip.org wrote: Hi, -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 3/9/2015 1:17 PM, Sebastian Urbach wrote: On March 9, 2015 7:17:20 AM oneoft...@riseup.net wrote: Hi John, Can someone point me to an overview of the different legal situations for running tor relays in European countries? I'm especially interested how the situation differs per country. I don't think that we have something like that anywhere, sorry. The only offered list is this one, afaik: https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs From what i hear a few countries are starting to crack down on Tor or Encryption more generally and some are planning to do so in the near future. Hard to keep up with the changing laws. What is the source for this? I read this on spiegel.de but since that was a few weeks ago i don't have the article at hand. In the European Union Tor running a Tor exit relay _is legal_, and the rights for privacy and anonymity are guaranteed by European Court. I can't find the source now to give exact data, but about one year ago declared the laws from multiple EU member countries enforcing to retain user navigation data or metadata of communications (who calls who and when, internet browsing history) as incompatible with the universal human rights which guarantee the right to privacy and private life. Majority of Tor exit power in is Europe. We have no reports of relay operators being prosecuted or punished by any means for running Tor exit relays. Which countries started to crack down on Tor and which ones are planning to do so in the near future? I recall that at least David Cameron (UK) talked about an key escrow, mass data storage and that the police / secret service should have access any time. This is a speculation and it's not backed up by anything real. Can you define crack down on Tor? People and organizations are researching and trying to find a flaw in Tor since Tor was born - there is a good side here, being widely studied and getting a lot of attention makes it the best anonymity network available. All the bugs and flaws discovered until now were fixed, and this only made Tor stronger, so I want to thank this way for everyone who is doing research and tries to find flaws in Tor, assuming they do this in a transparent and fair way and share the results with everyone. I only know of one case, outside the European Union, in Russia to be exact, where they've put a bounty of $100.000 or $150.000 9can't remember the exact amount) for whoever manages to crack Tor. This is under no circumstances reason to worry. Still there are many exit relays in Russia, so not even there Tor is illegal. P.S. Not everything is illegal, except what is authorized and regulated by law. It's the other way around, anything is legal and permitted unless clearly prohibited by law. At least theoretically speaking :-) You are right, the European Court ruled not to long ago in that matter. But since then, the german government at least wants to give the mass data storage another shot because they don't want to wait for a European Initiative any longer as they say. And no, thats not speculation as you can read here (german): http://spon.de/aer55 Just because the Eurooean Court ruled once it's not good forever. They just ruled that the system used before was against the law and as you can see different governments are trying to find ways around that. Im not sure though how serious some of these politicians are because in some countries (like UK) elections are coming up -- Sincerely yours / Sincères salutations / M.f.G. Sebastian Urbach - Religion is fundamentally opposed to everything I hold in veneration - courage, clear thinking, honesty, fairness, and, above all, love of the truth. - Henry Louis Mencken (1880 - 1956), American journalist, essayist, magazine editor, satirist and critic. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Legal situation of tor in Europe
On March 9, 2015 11:16:34 PM yl t...@yl.ms wrote: Am 09.03.2015 um 22:53 schrieb Markus Hitter: It certainly wasn't meant this way. The point of these considerations is: of what use is an anonymous network if virtually no website accepts connections from it? Right: it's of not much use, with most of the public internet blocked you can communicate inside the network, only. To take your webmail example: if the site admin decides there's too much spam coming from Tor connections and blocks the entire network, then you're done with your webmailing, even with full freedom inside Tor its self. So wouldn't the correct solution also be to educate the administrators of such services? I mean the only reason, why there is more Tor-Exit-IPs in the abuse log than any other single unique IP is that there is tens of thousand of users using each Tor-Exit. +1 I had such a case some days ago on an exit relay, someone with an Google account complained that there where abusive logins from the Tor Exits IP, so what should I do then? Block the whole login page domain of Google in my exit? Surely that is not the right solution if there is a few thousand users not trying to brute force that one account. I didn't even get any more reply from the Google user when I asked if this was only a single event or if it was multiple repeated. As such the only solution can be to play nice with public sites. I don't mean to have all answers to all problems here. Opening only selected ports, a common practice, could also be seen as censoring, still it's generally considered to be acceptable. Apparently it's not enough to gain a good reputation. Sure, but always answer to the abuse emails and try to explain, if you receive a few a week then prepare some text modules that you just copy an paste, make it look unique and many people will understand. +1 -- Sincerely yours / Sincères salutations / M.f.G. Sebastian Urbach - Religion is fundamentally opposed to everything I hold in veneration - courage, clear thinking, honesty, fairness, and, above all, love of the truth. - Henry Louis Mencken (1880 - 1956), American journalist, essayist, magazine editor, satirist and critic. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Onion Tip Uptime?
On March 9, 2015 12:20:36 AM Donncha O'Cearbhaill donn...@donncha.is wrote: Hi Donncha, On 08/03/15 15:58, Sebastian Urbach wrote: On March 8, 2015 3:13:29 PM Corey Wood co...@corky.me.uk wrote: Hi Corey, Hi all, i've been noticing over the last few days oniontip.com has been flaky. As I'm writing this the site is down again. Does anyone have contact with some of the developers, because it's a really cool project and I want to know what's going on Thanks for the mail Corey, there was some disc problems on the box and I hadn't got a chance to look at it until now. It should be up and running again now. Main dev is Donncha O'Cearbhaill and he is a member of this list. You can reach him here: donn...@donncha.is Donncha, if you need hardware / bandwidth then please just say so. I hereby volunteer :-) Im sure that most Ops want to see oniontip up and running. Thanks for the offer Sebastian. I should be good for now but I might take you up on that offer I have more trouble with the current host in the future. Ok, offer stands. Would the Tor Project be interested in listing OnionTip on the torproject.org Donations page? I recall that i requested that a while ago, now i made it official: https://trac.torproject.org/projects/tor/ticket/15191 -- Sincerely yours / Sincères salutations / M.f.G. Sebastian Urbach - Religion is fundamentally opposed to everything I hold in veneration - courage, clear thinking, honesty, fairness, and, above all, love of the truth. - Henry Louis Mencken (1880 - 1956), American journalist, essayist, magazine editor, satirist and critic. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] 0.2.5.10 / 0.2.6.x and ticket 9682
On March 6, 2015 11:32:01 PM Tom van der Woerdt i...@tvdw.eu wrote: Hi Tom, Sebastian Urbach schreef op 06/03/15 om 21:52: Dear list members, I hope that some of you compared 0.2.5.10 with 0.2.6.x regarding the performance (ticket 9682). How big/small is the difference in the wild ? I would appreciate it if someone with Linux / BSD could say a few words ;-) Hi Sebastian, As far as I can tell the change happened between 0.2.6.2 and 0.2.6.3 so I'll describe the performance difference between those. You're right, got 0.2.5.10 stuck in my head because it's the last stable release ;-) The patch came up with 0.2.6.3, indeed. Just had a look on a server of mine that is bottlenecked by the CPU. I noticed that there was indeed a big drop in CPU usage. However, there was also a similar drop in network usage, most likely caused by the restart. It took about a week to fully recover to normal levels. It is incredibly hard to tell from the data whether there was a big performance difference as a direct result of the 0.2.6.2-0.2.6.3 upgrade. It's definitely not going to be a 10% improvement, as far as I can tell. Hard to tell pretty much says it all :-( Not much of a change. Now the multithread feature becomes the last hope :-) Despite my nodes all running with 'NumCPUs 2', none of the worker queues seem to be doing much : $ ps H -o etime,time,args -u toranon | grep node2 3-01:46:17 1-20:35:33 /usr/bin/tor -f /etc/tor/torrc-node2 3-01:46:13 00:17:09 /usr/bin/tor -f /etc/tor/torrc-node2 3-01:46:13 00:17:09 /usr/bin/tor -f /etc/tor/torrc-node2 If those threads are what the patch addressed, I'm afraid it's not going to have a massive impact. In case it's relevant: these measurements are taken from an exit relay with two processes each doing ~150Mbit/s (x2 if you count up+down). Upgrade was done at 2015-02-24 21:26, relevant graphs : * cpu: http://www.imgdumper.nl/uploads8/54fa2a823bc62/54fa2a823434f-cpu.png * network: http://www.imgdumper.nl/uploads8/54fa2a8ce3db5/54fa2a8cdd05c-if_eth1.png Thanks gor your reply, domehow i expected it zo be more of a boost after reading Nick's text: https://blog.torproject.org/blog/coming-tor-026 -- Sincerely yours / Sincères salutations / M.f.G. Sebastian Urbach - Religion is fundamentally opposed to everything I hold in veneration - courage, clear thinking, honesty, fairness, and, above all, love of the truth. - Henry Louis Mencken (1880 - 1956), American journalist, essayist, magazine editor, satirist and critic. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] 7 relays gone because of spammers
with the complaint, etc... But I've come to realize this wasn't because of any complaint. Some john at OVH saw my IP addresses on a set of lists, most likely siphoned from the publicly available exit-relay lists, and decided I must be doing something bad. Because they're no longer talking, most of this is all a guessing game. How can you have any pudding if you don't eat your meat? How can you get your t-shirt if you don't run your relay? Sorry, but that made me smile. :) Speak Freely ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Sincerely yours / Sincères salutations / M.f.G. Sebastian Urbach - Religion is fundamentally opposed to everything I hold in veneration - courage, clear thinking, honesty, fairness, and, above all, love of the truth. - Henry Louis Mencken (1880 - 1956), American journalist, essayist, magazine editor, satirist and critic. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] eventdns: Address mismatch on received DNS packet.
On February 21, 2015 2:09:48 AM Libertas liber...@mykolab.com wrote: Hi, On 02/20/2015 06:31 PM, Jacob Corbin wrote: I'm sorry for the late reply on this but I've been having problems with my Internet connection and am trying to catch up on emails. I've never received that message but months ago I started getting messages in the posts you referenced like: Jan 05 12:36:58.138 [warn] eventdns: All nameservers have failed Jan 05 12:36:58.354 [notice] eventdns: Nameserver 192.0.2.7 is back up I get this constantly on my exit node running OpenBSD with a local Unbound caching DNS server. I think libevent (this is part of libevent, right?) is just a little too trigger-happy with reporting DNS requests as failed, as my failures never last more than a second. I was considering opening a ticket about this. Unbound@Debian here, the same effect. Thanks in advance if you do open a ticket. -- Sincerely yours / Sincères salutations / M.f.G. Sebastian Urbach - Religion is fundamentally opposed to everything I hold in veneration - courage, clear thinking, honesty, fairness, and, above all, love of the truth. - Henry Louis Mencken (1880 - 1956), American journalist, essayist, magazine editor, satirist and critic. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Value of an unused bridge?
On February 13, 2015 5:58:41 PM mattia sowd...@autistici.org wrote: Hi, 10 Feb 15 14.02, Elliott: - Is there value in having a marginal unused bridge in reserve? - Is this value greater than that of an active middle relay? I am interested in this topic too. Any opinion ? The FAQ is pretty specific about this: https://www.torproject.org/docs/faq.html.en#RelayOrBridge It's more a matter of capacity. Every type of Relay is useful. But you asked for opinions, so here we go. It seems to be the case that the network is well equipped with middle Relays at the moment. If your Bridge is located in a critical country my preference would be to keep it there as a Bridge because access to the network is critical. Just my 0.2 bitcoins ... -- Sincerely yours / Sincères salutations / M.f.G. Sebastian Urbach - Religion is fundamentally opposed to everything I hold in veneration - courage, clear thinking, honesty, fairness, and, above all, love of the truth. - Henry Louis Mencken (1880 - 1956), American journalist, essayist, magazine editor, satirist and critic. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] question and concering about probability of exitnode
On February 8, 2015 6:47:12 PM t...@viisauksena.de wrote: Hi, hi, just want to note, i am proud to have an german exit node with 11Mbs .. Thank you for running an Exit :-) but also concerned about this raising exit node probability, actually it reads for me like 1 of 400 tor-users is going through this exit (by recalculating a exit probability of 0.25 %) - this concerns me because it should not be so easy (running just some days on a vserver) and i don't know how high this will raise ? i mean, its easy for me to guess a nsa/gchq/bnd bad-ass-club can get some hundred vservers running, and get tor exclusively exits .. and guard (which was much more easy, i lost it because i quickly run out of maximum limit for a month, so i cut it, but the 1 day downtime lost me the guard flag) just my opinion .. and if you can show me some more information over the numbers of exits and guards and so on, i would be happy, cant believe there are so less many exit nodes out there ... If you want other people to look into it you should provide your fingerprint. A lot of infos about Exits in the network can be found at: https://metrics.torproject.org https://compass.torproject.org thx, Jens ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Sincerely yours / Sincères salutations / M.f.G. Sebastian Urbach - Religion is fundamentally opposed to everything I hold in veneration - courage, clear thinking, honesty, fairness, and, above all, love of the truth. - Henry Louis Mencken (1880 - 1956), American journalist, essayist, magazine editor, satirist and critic. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Minimizing service interruption when reloading torrc?
On February 9, 2015 3:45:20 AM Elliott Jin elliott@gmail.com wrote: Hi Elliott, Hi all, I'd like to reload torrc; I think I can do this by either restarting tor or by sending a SIGHUP to the tor process, but I'm not sure how much of a service interruption each of these approaches will cause. What's the best way to reload torrc (i.e. how can I do this in a way that minimizes the service interruption)? If it is just reloading the torrc and nothing else then SIGHUP ie the best way to do that. Thanks! -Elliott -- Anonymous Feedback http://www.admonymous.com/eyjin -- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Sincerely yours / Sincères salutations / M.f.G. Sebastian Urbach - Religion is fundamentally opposed to everything I hold in veneration - courage, clear thinking, honesty, fairness, and, above all, love of the truth. - Henry Louis Mencken (1880 - 1956), American journalist, essayist, magazine editor, satirist and critic. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Long running relay keeping low bandwidth utilization
On February 3, 2015 11:45:13 PM m...@dotjhw.pw wrote: Hi, Is there anything I can do to improve the relay? Please provide the fingerprint. -- Sincerely yours / Sincères salutations / M.f.G. Sebastian Urbach - Religion is fundamentally opposed to everything I hold in veneration - courage, clear thinking, honesty, fairness, and, above all, love of the truth. - Henry Louis Mencken (1880 - 1956), American journalist, essayist, magazine editor, satirist and critic. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Hibernating / Traffic limit and consequrnces for the network.
Dear list, I would like to discuss hibernating and the consequences for the network. As someone running unmetered GBit systems i like to point out that there is a downside for the network when it comes to hibernating. Usually a few days before the end of every month my systems are getting slammed with traffic / directory requests. I thought about that and came up with the theory that a lot of systems with traffic limitations are dropping out a few days before the end of the month. This means more pressure on the remaining systems in the network. If the trend that more systems with limitations are participating increases we are going to see a serious imbalance in the network at some point. I know, poor unmetered systems ;-) I would like everybody to bear this in mind when it comes to the decision Adjust the Rate or just open the gates and burn it as fast as possible. I'm in the fortunate position to be able to tribute a nice amount of money / traffic, but even systems with unmetered traffic can just help until the bandwidth / hardware limits are reached. It would be awesome if i could conbince some of you to take a step back and take a moment to look at the bigger picture. I would like to provide a good service for everyone, even at the end of the month. That's getting harder the more systems are not present at the end of the month. At this point i like to quote G. K. Chesterton: “We are all in the same boat in a stormy sea, and we owe each other a terrible loyalty.” Thank you for reading this and my best wishes for all of you. -- Sincerely yours / Sincères salutations / M.f.G. Sebastian Urbach - Religion is fundamentally opposed to everything I hold in veneration - courage, clear thinking, honesty, fairness, and, above all, love of the truth. - Henry Louis Mencken (1880 - 1956), American journalist, essayist, magazine editor, satirist and critic. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Hibernating / Traffic limit and consequrnces for the network.
On February 1, 2015 10:48:25 PM Markus Hitter m...@jump-ing.de wrote: Am 01.02.2015 um 20:02 schrieb Sebastian Urbach: I would like to provide a good service for everyone, even at the end of the month. That's getting harder the more systems are not present at the end of the month. I could understand the discussion if it were about providing 500 kBit continuously vs. 1 Mbit for 2 of 4 weeks. But the particular case was about providing no less than 6 Mbit continuously, which is easily enough to comfortably browse the web, for doing large downloads and probably exhausts most internet connections in unfree countries. Accordingly it's unlikely a single connection is hobbled by such a bandwidth limitation. Ah, thats a misunderstanding. This is not part 2 of the discussion from a few days ago. I brought it up because i see this for quite a while right now and observed it again within the last days. I thought it was time for a broader discussion. -- Sincerely yours / Sincères salutations / M.f.G. Sebastian Urbach - Religion is fundamentally opposed to everything I hold in veneration - courage, clear thinking, honesty, fairness, and, above all, love of the truth. - Henry Louis Mencken (1880 - 1956), American journalist, essayist, magazine editor, satirist and critic. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Digital Ocean: Moving to better Plan
On January 31, 2015 2:09:14 AM Abhiram Chintangal abhiram.chintan...@gmail.com wrote: Hi Abhiram, I have been running a tor middle relay[1] for the past few months. Thank you very much ! One thing that I noticed in the last two months is that my relay is eating up the 1tb bandwidth in the first three weeks. So I am thinking of moving to a better plan or tweaking the current config to serve the bandwidth so that the relay is up for the entire month. I assume that you want a recommendation. A better plan probably means spending more money. Would be better for the network. If you can spare the money, go for it. If you dont want to spend more money than it would be a good idea to lower the Rate value until you end up within your traffic limit for the month. The benefit would be a permanent available relay. -- Sincerely yours / Sincères salutations / M.f.G. Sebastian Urbach - Religion is fundamentally opposed to everything I hold in veneration - courage, clear thinking, honesty, fairness, and, above all, love of the truth. - Henry Louis Mencken (1880 - 1956), American journalist, essayist, magazine editor, satirist and critic. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Mozilla's 'deploying tor relays' blog post
Hi, The ramp up time is not 2 months. It's 3 months with the actual version. Lets see if they read the comments ;-) -- Sincerely yours / Sincères salutations / M.f.G. Sebastian Urbach - Religion is fundamentally opposed to everything I hold in veneration - courage, clear thinking, honesty, fairness, and, above all, love of the truth. - Henry Louis Mencken (1880 - 1956), American journalist, essayist, magazine editor, satirist and critic. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] MiB / metrics
Hi, Karsten, thank you very much for your outstanding performance. I never expected that my wish/ticket would be implemented that fast ! -- Sincerely yours / Sincères salutations / M.f.G. Sebastian Urbach - Religion is fundamentally opposed to everything I hold in veneration - courage, clear thinking, honesty, fairness, and, above all, love of the truth. - Henry Louis Mencken (1880 - 1956), American journalist, essayist, magazine editor, satirist and critic. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] MiB/s / metrics
Hi, I opened a ticket recently with the intention to use a more common unit than MiB/s for metrics. Karsten basically agrees but is waiting for more input. If someone is interested : https://trac.torproject.org/projects/tor/ticket/14257 -- Sincerely yours / Sincères salutations / M.f.G. Sebastian Urbach - Religion is fundamentally opposed to everything I hold in veneration - courage, clear thinking, honesty, fairness, and, above all, love of the truth. - Henry Louis Mencken (1880 - 1956), American journalist, essayist, magazine editor, satirist and critic. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] New Arris TG1672 Cable Modem, relay not reachable...help!
On January 18, 2015 11:26:47 PM Kurt Besig kbe...@socal.rr.com wrote: Hi, -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've been running a middle relay for nine months with great success, however yesterday my ISP, TWC, upgraded my cable modem and everything went south. Then unfortunately there was a firmware upgrade for my Asus RT-N66U router. Perfect storm, now My relay is down, DirPort[80] and ORPort[443] unreachable. The new router admin interface looks like something written in Greek to me and although I've forwarded 443 and 80 there's still no joy. I try to help via private mail, talk to you soon. After almost a year of seamless connectivity I may have forgotten some important setup fact, but other than the modem and router firmware update my setup hasn't changed same computer, same Ubuntu LTS 14.04, same Tor 0.2.5.10... Anyone familiar with this Arris TG1672 modem, Assus' latest RT-N66U firmware 3.0.0.4.376.3754, or any general help would be most appreciated.. horizons3 My old IP:76.91.226.105 New IP:108.185.28.227 dhcp -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUvDFDAAoJEJQqkaGlFNDPIroH/1iXuYVs/aktiL8OhsCoKUbd uarWayXPQSh6DXT+OMFSpy/qkE1kQVP3dNqwuaP9GVwxrJ7Qqr6Suhrmlak7Npel 6BvgQGcTwhsGGtI+KiS4IyVAjjkPcltXOyHCgOELeE8tBjyWsaYuoRJkI48CnZM9 GE+dWy2MXribEZ75IpCl3/qmE1vqdSU4LONtqfMNZ+buFkCp5BhQ5QkiRH+qpOBG tbEuV2CK+2smlWOnK84v0bqfgcj08iWGOOSMu3+Cwc+8j2XI4fi2qMfsbfrq9Qqp spwOhlTtafxJvgf57ul5gY5Vdo9HH5OtZYBwd+SjVGOE0f4qNgXjqRxostKRSmE= =XGLP -END PGP SIGNATURE- --- This email has been checked for viruses by Avast antivirus software. http://www.avast.com ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Sincerely yours / Sincères salutations Sebastian Urbach - Religion is fundamentally opposed to everything I hold in veneration - courage, clear thinking, honesty, fairness, and, above all, love of the truth. - Henry Louis Mencken (1880 - 1956), American journalist, essayist, magazine editor, satirist and critic. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] weather torproject buggy?
On January 17, 2015 10:17:14 AM elrippo elri...@elrippoisland.net wrote: Hi elrippo, Hy all, i wanted to list my relay on weather.torproject.org. When i submit, i get a 403FORBIDDEN [CSRF verification failed. Request aborted] What does that mean? Check out: https://lists.torproject.org/pipermail/tor-talk/2011-February/006808.html Kind regards, elrippo -- We don't bubble you, we don't spoof you ;) Keep your data encrypted! Log you soon, your Admin elri...@elrippoisland.net Encrypted messages are welcome. 0x84DF1F7E6AE03644 -- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Sincerely yours / Sincères salutations Sebastian Urbach - Definition of Tor: 10% luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50% pain and 100% reason to remember the name! - ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor in Spain
On January 9, 2015 4:40:51 PM Torizen tori...@rambler.ru wrote: Hi, David Serrano: On 2015-01-09 12:35:02 (+), Torizen wrote: Only Tor exit relays are against EDIS TOS. As far as I can tell EDIS is also listed on the GoodBadISPs on the Tor wiki where it states bridges and non-exit relays are allowed. What worries me is the fact that according to them some new law here in Spain forbids Tor relays. Then it would be interesting if they were so kind to point to that alleged new law that was put in place. And if indeed no tor relays are allowed, you could update the GoodBadISPs. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays Hello, After asking them to tell me exactly what law was forbidding Tor relays from being placed in Spain I've been told I can still run the relay for now. Scare tactics or just incompetent supporter ? What's your impression ? Torizen. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Sincerely yours / Sincères salutations Sebastian Urbach - Definition of Tor: 10% luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50% pain and 100% reason to remember the name! - ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Help - My relay consensus has been stripped back to 20
On January 4, 2015 11:14:17 PM bigbud...@safe-mail.net wrote: Hi, Message: 3 Date: Sat, 03 Jan 2015 02:30:55 +0100 From: Sebastian Urbach sebast...@urbach.org To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] Help - My relay consensus has been stripped backto 20 Message-ID: 14aad6973e8.27ae.e04ee758f2dadc1889b5b423dda55...@urbach.org Content-Type: text/plain; charset=UTF-8; format=flowed On January 3, 2015 2:03:33 AM bigbud...@safe-mail.net wrote: Hi, As i recall there was a mail from Giovanny a few days ago and he reported his relay being down. But he had log file entries like: [warn] http status 400 (Authdir is rejecting routers in this range.) response from dirserver '128.31.0.39:9131'. Any of those in your log ? No I don't see anything resembling that, although I am seeing these events messages in the logs every couple of hours: Dec 30 07:52:28.000 [info] router_pick_dirserver_generic(): No dirservers are reachable. Trying them all again. Dec 30 09:55:29.000 [info] router_pick_dirserver_generic(): No dirservers are reachable. Trying them all again. Dec 30 11:52:24.000 [info] router_pick_dirserver_generic(): No dirservers are reachable. Trying them all again. Dec 30 13:53:23.000 [info] router_pick_dirserver_generic(): No dirservers are reachable. Trying them all again. Dec 30 15:52:20.000 [info] router_pick_dirserver_generic(): No dirservers are reachable. Trying them all again. Dec 30 16:06:34.000 [info] router_upload_dir_desc_to_dirservers(): Uploading relay descriptor to directory authorities Dec 30 16:06:34.000 [info] directory_post_to_dirservers(): Uploading an extrainfo too (length 3891) Dec 30 16:06:34.000 [info] directory_post_to_dirservers(): Uploading an extrainfo too (length 3891) Dec 30 16:06:34.000 [info] directory_post_to_dirservers(): Uploading an extrainfo too (length 3891) Dec 30 16:06:34.000 [info] directory_post_to_dirservers(): Uploading an extrainfo too (length 3891) Dec 30 16:06:34.000 [info] directory_post_to_dirservers(): Uploading an extrainfo too (length 3891) Dec 30 16:06:34.000 [info] directory_post_to_dirservers(): Uploading an extrainfo too (length 3891) Dec 30 16:06:34.000 [info] directory_post_to_dirservers(): Uploading an extrainfo too (length 3891) Dec 30 16:06:34.000 [info] directory_post_to_dirservers(): Uploading an extrainfo too (length 3891) Dec 30 16:06:34.000 [info] directory_post_to_dirservers(): Uploading an extrainfo too (length 3891) Dec 30 17:52:19.000 [info] router_pick_dirserver_generic(): No dirservers are reachable. Trying them all again. Dec 30 19:53:18.000 [info] router_pick_dirserver_generic(): No dirservers are reachable. Trying them all again. Dec 30 21:39:02.000 [info] router_pick_dirserver_generic(): No dirservers are reachable. Trying them all again. Dec 30 23:33:58.000 [info] router_pick_dirserver_generic(): No dirservers are reachable. Trying them all again. Dec 31 01:32:55.000 [info] router_pick_dirserver_generic(): No dirservers are reachable. Trying them all again. Dec 31 02:52:13.000 [info] router_pick_dirserver_generic(): No dirservers are reachable. Trying them all again. Dec 31 05:05:32.000 [info] router_pick_dirserver_generic(): No dirservers are reachable. Trying them all again. I don't appear to have any routing issues, resolution issues or similar but don't have logs old enough to see if this is an unusual log event or not, it may be completely unrelated. As it stands I am afraid that there doesn't seem to be any real alternative other than decommissioning this exit relay. It is costing money and doing nobody any good right now. No dirservers reachable sounds like a pretty good reason why your not getting anything anymore. Did you try to reach any of them manually ? That sounds to me like there is either something wrong with the connectivity or it is massive blocking. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Sincerely yours / Sincères salutations Sebastian Urbach - Definition of Tor: 10% luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50% pain and 100% reason to remember the name! - ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] HardwareAccel: Current proper use???
On January 3, 2015 2:42:44 PM usprey usp...@gmail.com wrote: Hi, On 3 January 2015 at 13:56, Sebastian Urbach sebast...@urbach.org wrote: On January 3, 2015 10:41:42 AM usprey usp...@gmail.com wrote: Hi usprey, Summary: The documentation is still somewhat vague on the best use of the HardwareAccel option. *HardwareAccel* *0*|*1* The docu is not exactly a high-performance howto :-) np, would just like to elaborate this option in the manual for people not fluent in OpenSSL. Since the hardware feature became more relevant in the last time i'm really looking forward to have a fresh set of eyes looking into it. Sometimes i find myself assuming things that shouldn't be assumed when it comes to new relays. If you feel the docu lacks something, please provide some input :-) If non-zero, try to use built-in (static) crypto hardware acceleration when available. (Default: 0) I could not find a definitive answer in the archives or in https://gitweb.torproject.org/tor.git/log/?qt=grepq=hardwareaccelshowmsg=1 . https://www.torservers.net/wiki/setup/server#aes-ni_crypto_acceleration claims no intervention is needed in regards of aes-ni accelaration, but I would like to add an explanation or source to this recommendation. Question_1: If my CPU supports and have loaded aesni_intel on linux with OpenSSL is 1.0.1.j-1, should I leave HardwareAccel off or explicitly enable it? You don't have to change anything with 1.0.1.j-1, leave the default. Question_2: What does *built-in (static) crypto hardware acceleration* refer to? Dedicated hardware, CPU-support or...? It specifically means that you have the aes_ni cpu capabilities / flag. I have seen this flag on dedicated systems and also on vps systems as well. If the cpu / bios provides the flag and all other requirements are met (as stated in the torservers.net docu) you can use that feature on any system. k, ty, will venture into OpenSSL docs. I would very much appreciate it if you would switch to text mail format, thanks. k, is that the preferred default on these lists? All lists i know prefer plain text, just better readable for everybody. Thank you very much for running a relay ! Best regards -- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Sincerely yours / Sincères salutations Sebastian Urbach - Definition of Tor: 10% luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50% pain and 100% reason to remember the name! - ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Sincerely yours / Sincères salutations Sebastian Urbach - Definition of Tor: 10% luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50% pain and 100% reason to remember the name! - ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] HardwareAccel: Current proper use???
On January 3, 2015 10:41:42 AM usprey usp...@gmail.com wrote: Hi usprey, Summary: The documentation is still somewhat vague on the best use of the HardwareAccel option. *HardwareAccel* *0*|*1* The docu is not exactly a high-performance howto :-) If non-zero, try to use built-in (static) crypto hardware acceleration when available. (Default: 0) I could not find a definitive answer in the archives or in https://gitweb.torproject.org/tor.git/log/?qt=grepq=hardwareaccelshowmsg=1 . https://www.torservers.net/wiki/setup/server#aes-ni_crypto_acceleration claims no intervention is needed in regards of aes-ni accelaration, but I would like to add an explanation or source to this recommendation. Question_1: If my CPU supports and have loaded aesni_intel on linux with OpenSSL is 1.0.1.j-1, should I leave HardwareAccel off or explicitly enable it? You don't have to change anything with 1.0.1.j-1, leave the default. Question_2: What does *built-in (static) crypto hardware acceleration* refer to? Dedicated hardware, CPU-support or...? It specifically means that you have the aes_ni cpu capabilities / flag. I have seen this flag on dedicated systems and also on vps systems as well. If the cpu / bios provides the flag and all other requirements are met (as stated in the torservers.net docu) you can use that feature on any system. I would very much appreciate it if you would switch to text mail format, thanks. Thank you very much for running a relay ! Best regards -- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Sincerely yours / Sincères salutations Sebastian Urbach - Definition of Tor: 10% luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50% pain and 100% reason to remember the name! - ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Location of Tor relays being incorrectly reported in Atlas
On January 3, 2015 6:22:59 PM isis i...@torproject.org wrote: Hi, Joshua Lee Tucker transcribed 4.6K bytes: Hi guys, Two of my Tor relays are being reported as being located within the USA within Atlas; these nodes are actually located within London, UK - the location is correctly identified when using an IP-Location service. I’m just wondering why this would occur? The two IP addresses are: 178.62.75.82 178.62.77.54 Thanks guys, Joshua Lee Tucker Hey Joshua, This used to happen to my exit relay in Japan, which was reported by Atlas to be in China (causing me to have a minor freakout). The explanation that I was given was that the Maxmind GeoIP database (which Tor uses in a slightly modified form) is created by Maxmind in some manner where, even if the IP assignments show that the IP should be in one region, if the IP happens to be more frequently in communication with another region, then it's marked as being in that other region. However, this explanation seems erroneous and doesn't really make sense to me… so perhaps someone else can explain more. :) I just tried the ip's on the maxmind website, out of curiosity and its 2x US. -- Sincerely yours / Sincères salutations Sebastian Urbach - Definition of Tor: 10% luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50% pain and 100% reason to remember the name! - ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] High speed exit question
Hi Kura, On January 2, 2015 4:58:42 PM Kura k...@kura.io wrote: Hey guys, I recently decided to get myself an 8 core, 16 GB RAM machine to use for running an exit relay and was wondering, Tor only works on one core, even setting NumCPUs to 2 doesn't do a whole lot so, how is it even possible to get more than maybe, 300Mbps or so from one relay? Maybe I'm missing something but, running multiple Tor processes is just going to have multiple relays with different OR and Dir ports for each, right? You are right, the multithreading capabilities are very limited. You need to set up more than one to handle more traffic. -- Kura t: @kuramanga [https://twitter.com/kuramanga] w: https://kura.io/ [https://kura.io/] g: @kura [http://git.io/kura] -- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Sincerely yours / Sincères salutations Sebastian Urbach - Definition of Tor: 10% luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50% pain and 100% reason to remember the name! - ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Reduced number of HSDir's
Hi, https://metrics.torproject.org shows a big nose dive recently regarding the number of HSDir's. Did i miss anything relevant in the last days ? That seem to be the reason why i see increasing download numbers on my system. Thanks for any lind of info. -- Sincerely yours / Sincères salutations Sebastian Urbach - Definition of Tor: 10% luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50% pain and 100% reason to remember the name! - ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Help - My relay consensus has been stripped back to 20
On January 3, 2015 2:03:33 AM bigbud...@safe-mail.net wrote: Hi, Thanks Sebastian, That explains the loss of guard status back in August at least. I totally missed that announcement. Back to the main issue, it does look like one or two others at least are having this problem. Is it simply as a result of being in a Lizard-blacklisted netblock? Bigbud is in 85.119.0.0/16. Is the current Lizard-blacklist published or is it only known to the directory authorities? As i recall there was a mail from Giovanny a few days ago and he reported his relay being down. But he had log file entries like: [warn] http status 400 (Authdir is rejecting routers in this range.) response from dirserver '128.31.0.39:9131'. Any of those in your log ? thanks BB Hi, Found the snippet with the changes for the guards: Tor Weekly News, 30th of July 2014 Once directory authorities have upgraded, they will “assign the Guard flag to the fastest 25% of the network”. Some experiments showed that “for the current network, this results in about 1100 guards, down from 2500.” -- Sincerely yours / Sincères salutations Sebastian Urbach ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Sincerely yours / Sincères salutations Sebastian Urbach - Definition of Tor: 10% luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50% pain and 100% reason to remember the name! - ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Help - My relay consensus has been stripped back to 20
On January 3, 2015 12:29:48 AM bigbud...@safe-mail.net wrote: Hi, On a related note the relay lost guard status too a few months ago and I couldn't see why that would be. The criterias for the guards changed a few months ago but i can't find the text right now. You can see a nose dive regarding the guards a few months ago (metrics.torproject.org) -- Sincerely yours / Sincères salutations Sebastian Urbach - Definition of Tor: 10% luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50% pain and 100% reason to remember the name! - ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Help - My relay consensus has been stripped back to 20
Hi, Found the snippet with the changes for the guards: Tor Weekly News, 30th of July 2014 Once directory authorities have upgraded, they will “assign the Guard flag to the fastest 25% of the network”. Some experiments showed that “for the current network, this results in about 1100 guards, down from 2500.” -- Sincerely yours / Sincères salutations Sebastian Urbach - Definition of Tor: 10% luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50% pain and 100% reason to remember the name! - ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Relay is down
On December 31, 2014 7:45:32 PM Giovanny Andres Gongora Granada gio...@gmail.com wrote: Hi Giovanny, Well my relay continues being down. Will my relay up someday again? I think, doesn't have sense to have relay on my server configured if it will not be available because was blacklisted for some reason that I don't know, nobody contacts me explaining why was my relay down or a notice about it. Please give the Directory Authority people some time to react. Until yesterday a lot of Tor prople were at the 31C3 conference (Chaos Computer Club) and are now celebrating the new year. Things are a bit slow right now. Regards, Gio 2014-12-30 19:19 GMT-05:00 Christian Krbusek christ...@ph3x.at: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Actually there are 10 dir auth servers, see [1] Cheers, Christian [1] https://atlas.torproject.org/#search/flag:authority Am 2014-12-31 um 01:01 schrieb Josef 'veloc1ty' Stautner: Hi List, maybe it's a little bit off-topic but how many authoritative directory servers exist? ~Josef Am 30.12.2014 um 23:37 schrieb Matthew Puckey: On Tue, 30 Dec 2014 16:39:15 -0500 Giovanny Andres Gongora Granada gio...@gmail.com wrote: So, my relay will be down for ever? I need to move it to a different host? It is run on Rackspace https://globe.torproject.org/#/relay/4C90453B94DAC00BE356283F427CECE024B9D224 Thanks A couple of hundred relays started up earlier today (another stupid sybil attack). A lot of them on that /16, so your relay probably got blacklisted as it was in that range. I can see your relay being down a little while; not forever. I'm sure one of the directory authority guys will reply and advise! :) ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays Transition statement: http://blog.ph3x.at/2014/11/13/new-pgp-keys/ - -- Christian Krbusek m: christ...@ph3x.at -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQGcBAEBAgAGBQJUo0EZAAoJEDuBlk6mYW0i+MwL/0eVZ8kohelszYULXKnkApvw T0C28wP7uAhnTSmi/MwKNhrVv3YGAyug7F8U2A8aHAKWo/8ezir08huF7PE9q2b1 wm4CQN62qVkZIp7MhfQpcsV1Umndgy0KHT0kNsJfrxqq7M1foFW2RObTatE5h94P eDv/x7+iGfNYciTYOal/6dwjZG9GTvVyjfdg6y+qSE0BQd8s9r3HEdhwdv4QU3KV 1brU+ltW2aheXp7jlMpMgIp2Y9W33aORgE93SMgwOuj+/OFHbtps6tVP8DAU3CjV nM9SLT1xNZO0VlcgiP8F1svdT2mt/RABh6afQlF/tAJOc5qEMSmHIFkZFk+RdnxF u7siLBA8IOHcN/kDNYpmKg7+wERHIXPaVigp7j9EkuUw8Mraj/AY9WwbnpZV83fq x8LBdlTwpC658NHrSBMfxTyulhkPkiyjUjKdg9eVkKD/crAKHNUwTNzH0deCA1YM tJvW1H4kkU4ruhnBzF7vNSlYb6S7rL0/OWhzSZN3YA== =IN+L -END PGP SIGNATURE- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Mozilla Hispano: http://mozilla-hispano.org Mentor en mozilla-hispano.org: Gioyik https://www.mozilla-hispano.org/documentacion/Usuario:Gioyik Mozilla Colombia: Miembro en MozillaColombia http://mozillacolombia.org/our-contributors/ twitter: Gioyik https://twitter.com/Gioyik Blog: gioyik.wordpress.com irc: gioyik -- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Sincerely yours / Sincères salutations Sebastian Urbach - Definition of Tor: 10% luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50% pain and 100% reason to remember the name! - ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] OT: folding@home
On December 28, 2014 9:52:47 AM Don Nelson 3angl...@gmail.com wrote: Hi, Please make it public. Here we go with the installation instructions for the folding@home client (console). 1) Visit http://folding.stanford.edu and use the download button at the top of the page. Choose your OS and just load down the client, not the viewer and controller. 2) Get a passkey: http://fah-web.stanford.edu/cgi-bin/getpasskey.py 3) For Debian like systems just run: dpkg -i package-name 4) Choose a username as you like, enter the team id 227615 if you want to help the Tor Project (Umofficial) team and adjust tue power level. Please take a look at this nice table for more infos regarding the power level: http://folding.stanford.edu/home/faq/faq-v7-intermediate/#ntoc5 5) There may be some minor error messages when the post-installation script is running. As i recall it is just about the symlinks for the runlevels, no drama. The client works fine. 6) This is just a quick dirty guide to get things going. There are way more options to configure the client but i think thats something you may want to get into when the client is purring like a cat ;-) On Sat, Dec 27, 2014 at 6:45 PM, Sebastian Urbach sebast...@urbach.org wrote: On December 28, 2014 12:00:13 AM Josef 'veloc1ty' Stautner he...@veloc1ty.de wrote: Hi, I recently asked if there is an headless application for it. I got the answer that that something like that exists and after some scrolling I found it on the page. But I never got it to run so I lost interest in it. If you found a way to get it to work please notify me :-) That was me, i will contact you via private mail shortly. ~Josef Am 27.12.2014 um 23:54 schrieb I: I'd be happy to sneak it onto my VPSs with help to remotely get it going via SSH. Rob Dear list members, I would like to invite any operator, who has some idle Cores (CPU or GPU) left,to join the folding@home distributed computing project: http://folding.stanford.edu/ There is now a brandnew team called Tor Project (Unofficial) with the id 227615. Hope to see some of you there :-) ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Sincerely yours / Sincères salutations Sebastian Urbach - Definition of Tor: 10% luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50% pain and 100% reason to remember the name! - ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Sincerely yours / Sincères salutations Sebastian Urbach - Definition of Tor: 10% luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50% pain and 100% reason to remember the name! - ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] OT: folding@home
On December 27, 2014 11:55:12 PM I beatthebasta...@inbox.com wrote: Hi, I'd be happy to sneak it onto my VPSs with help to remotely get it going via SSH. I will contact you via private mail for assistance. Rob Dear list members, I would like to invite any operator, who has some idle Cores (CPU or GPU) left,to join the folding@home distributed computing project: http://folding.stanford.edu/ There is now a brandnew team called Tor Project (Unofficial) with the id 227615. Hope to see some of you there :-) ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Sincerely yours / Sincères salutations Sebastian Urbach - Definition of Tor: 10% luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50% pain and 100% reason to remember the name! - ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] OT: folding@home
On December 28, 2014 12:00:13 AM Josef 'veloc1ty' Stautner he...@veloc1ty.de wrote: Hi, I recently asked if there is an headless application for it. I got the answer that that something like that exists and after some scrolling I found it on the page. But I never got it to run so I lost interest in it. If you found a way to get it to work please notify me :-) That was me, i will contact you via private mail shortly. ~Josef Am 27.12.2014 um 23:54 schrieb I: I'd be happy to sneak it onto my VPSs with help to remotely get it going via SSH. Rob Dear list members, I would like to invite any operator, who has some idle Cores (CPU or GPU) left,to join the folding@home distributed computing project: http://folding.stanford.edu/ There is now a brandnew team called Tor Project (Unofficial) with the id 227615. Hope to see some of you there :-) ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Sincerely yours / Sincères salutations Sebastian Urbach - Definition of Tor: 10% luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50% pain and 100% reason to remember the name! - ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Possible DDoS
On December 26, 2014 12:41:51 PM Christian Burkert p...@cburkert.de wrote: Hi, I'm running a non-exit Tor node for a few months now on a virtual server hosted in a professional datacenter. Thank you ! Yesterday, December 25th, the support wrote me, that my server is under a DDoS attack with 2GBit/s lasting over more than two hours. So, the hoster black holed my traffic to protect the other customers. I've seen this behaviour from some ISP's before and it's rather sad. If something like this happens my ISP is taking care of it without disabling my systems. I'm just getting a note with all the technical information and that's it. The hoster wanted to know which services I'm running and told me that if I continue running Tor and further attacks will happen, then I would have to bear the costs. Eventually, I took down the Tor node to avoid further confrontation. That's interesting, they gave you some infos like the time and the amount but nothing else ? Seems to me that they're pretty clueless and are fishing in the dark. Another reason for their behaviour could be that they want to get rid of you / your Tor node. Threatening customers is really sad, sounds like they heard the word Tor from you and then concluded oh, than he basically asked for the attack. Now I seek for your interpretation of this event: - - Has there been more recent incidents against Tor nodes? Nothing with that magnitude on my end for weeks. - - How can I investigate it? You can ask your ISP for their logs regarding that attack. Do you have any logs on your system, maybe from a intrusion detection or anything else ? - - How should one react to a hoster? I mean they could have made up the whole thing... If you are already considering this than i would recommend changing to another ISP, sounds like there is already some distrust. Looking forward to your comments Chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iQIcBAEBCgAGBQJUnUdDAAoJEHAzZ6ooPDSy0nMP/1lyHPPFBxpAOvEiWL+ijrvA SPViJvZH/cPUS/11M7qm+bsZa/fbiRk6kY8ADcY8abe1Z8lHzMYPGwZvKaIijiZG M8hjCHtMWLipO6iLmVfFskDtRn37Ga2ibEhGkVesDV53kPcotgg4i7tIqIuNb11X Gnkk+WpYwkrS9nPZjYNLmce093s4lux/N5GyRY/gQii+h9mfDJ++W+1ueNU94UQ0 bvK1wF7MdicWlu0kR49hCgFtDFh7uUjP87MPZmmQYHI82qWhTJxqOuuImrnJew2k pCFSzn03x/hXg1QFNPNLsqHU9OhUob3/z17Azcpbir15mY4/YE7Gq14/LBM+FKh0 LqGjzaVbQo0hs0kE2yFk5sEP0Dsv5aiOUItqFIMTG52FYZ6cUh/eTxMd6vblHwfU ujil0rFCRqtmbF6wIDBuXDxc0fmdaRMWTDfSlPxYGkfUaq1tSea1OAvjFpheOcNM wu9QiTSq9BTLY010iHSYQDknSr+gFkc/ooNLsPV1AAZFyMlG0epLww6tqR7C9hZq RyEX9piqGal7mU56gETxhDrD0Z/aKgXMbS+KvYfZhopGWEVg5vbWPGxAId53nhr6 hjvLyFmy68hBdbOB/pvp8qvw8veQR3niiHIxhxAl+BIQzXX45x0uVCPHFUpbbLp5 POIwpEJ46oaz7+cddAHf =TcPt -END PGP SIGNATURE- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Sincerely yours / Sincères salutations Sebastian Urbach - Definition of Tor: 10% luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50% pain and 100% reason to remember the name! - ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] OT: folding@home
Dear list members, I would like to invite any operator, who has some idle Cores (CPU or GPU) left,to join the folding@home distributed computing project: http://folding.stanford.edu/ There is now a brandnew team called Tor Project (Unofficial) with the id 227615. Hope to see some of you there :-) -- Sincerely yours / Sincères salutations Sebastian Urbach - Definition of Tor: 10% luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50% pain and 100% reason to remember the name! - ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] OT: folding@home
On December 26, 2014 11:31:18 PM Josef 'veloc1ty' Stautner he...@veloc1ty.de wrote: Hi, Seems like you have to use a graphical environment. Is there any client for headless installations? Yes, there are 3 packages for Unixish systems. The client itself, the viewer and the controller. Just use the client package, no need for a graphical environment. ~Josef Am 26.12.2014 um 23:09 schrieb Larry Brandt: This is a worthwhile project aimed at diseases such as cancer, Alzheimers, Parkinson's. Takes little internet bandwidth and only 600 MB memory (amd64) but is a cpu hog. Each distributed project takes 1-3 days to calculate. Works via browser ports. LB On 12/26/2014 9:55 AM, Sebastian Urbach wrote: Dear list members, I would like to invite any operator, who has some idle Cores (CPU or GPU) left,to join the folding@home distributed computing project: http://folding.stanford.edu/ There is now a brandnew team called Tor Project (Unofficial) with the id 227615. Hope to see some of you there :-) ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Sincerely yours / Sincères salutations Sebastian Urbach - Definition of Tor: 10% luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50% pain and 100% reason to remember the name! - ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Changing ulimit for debian-tor
On December 12, 2014 12:49:58 PM Lluís ms...@sde12.jazztel.es wrote: Hi, Where can I read about the conditions to get the guard flag ? If you are looking for details you may want to check out: https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt Jeremy Olexa: On Thu, Dec 11, 2014 at 2:56 AM, Lluís ms...@sde12.jazztel.es wrote: Hello everyone, Tor can generally raise the limits itself, though, when started as root. Can you post the error message that caused you to ask this question ? There's no error message, I followed this thread: Tor Server - DDOS or High Load there were talking about ulimits and I checked mine. I also have to confess that there is no rc_ulimit=-n NN option in my torrc file. and tell us how you start Tor? I start tor as the debian-tor user and with the delivered tools, that is: /etc/init.d/tor start Besides that, it seems to be very difficult for my relay (nickname ione) to get the guard flag, and I wondered if it may have any relation. You are setting your BandwidthRate to 256K - it will never get the Guard flag. If you raise the rate limiting, it might get the flag in time (if the bandwidth rate is higher than a critical number of nodes) -Jeremy ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Sincerely yours / Sincères salutations Sebastian Urbach - Definition of Tor: 10% luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50% pain and 100% reason to remember the name! - ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Running a New Relay
On December 6, 2014 6:15:20 PM Abhiram Chintangal abhiram.chintan...@gmail.com wrote: Hi, About two days ago, I started running my first tor relay using a digital ocean vps instance. Welcome and i hope you are going to stay for a long time. Currently, my relay[2] whose up-time is roughly 2 days 18 hours doesn't have any active circuits ( via tor-arm). Since its in the unmeasured phase( days 0-3) shouldn't it be making circuits back to itself? I believe the number that was mentioned in the article was four. This is part of the first contact so to say and triggers the passive measuring. It is not permanent. -- Sincerely yours / Sincères salutations Sebastian Urbach - Definition of Tor: 10% luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50% pain and 100% reason to remember the name! - ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Guard flag and some irregularities
On December 6, 2014 9:41:34 PM Rafael Rodriguez rafa...@icctek.com wrote: Hi, https://atlas.thecthulhu.com/#details/48ADFCC561402D7EBB1CDE233F206B01D8FA0765 1- Is it ok for the Guard flag to come and go so often? I do not see anything wrong with my relay and it is pushing up to 12MBs at times. From what i can see the numbers are way lower than that. Recently the criterias to qualify as a guard changed, i assume that you drop out of the guard position because you don't make the cut all the time. If im not mistaken the number of guards dropped roughly 50 % after the changes were implemented. Most of the time, my relay pushes between 3-7MB/s constantly and that's fine. But there are occasions in which I see it spike and send out as much as 12MB/s I'm struggling with the numbers, if you take a look at the graphs you are not getting this much traffic. Maybe your system is under attack (DoS, DDoS) ? It does not look like it's regular Tor traffic ... -- Sincerely yours / Sincères salutations Sebastian Urbach - Definition of Tor: 10% luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50% pain and 100% reason to remember the name! - ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] FYI: ISP's and blocked Authorities
Hi Philipp, Thats what he tried first, ping / traceroute was more or less to confirm the suspicion. -- Mit freundlichen Grüssen / Sincerely yours Sebastian Urbach - Definition of Tor: 10% luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50% pain and 100% reason to remember the name! - On November 17, 2014 12:15:01 PM Philipp Winter p...@nymity.ch wrote: On Sat, Nov 15, 2014 at 07:08:55PM +0100, Sebastian Urbach wrote: The operator i talked to tried ping / tracetoute. There was 100 % package loss. It's probably better to directly connect to an authority's OR port. ICMP can be blocked by an ISP while direct TCP connections to the OR port can still succeed. Cheers, Philipp ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] iptables / dump
Hi,
Thank you for catching the cert problem, i will fix this soon.
Please use the following instead:
https://www.ccc-hanau.de/~sebastian/rules.v4
Sorry.
--
Mit freundlichen Grüssen / Sincerely yours
Sebastian Urbach
-
Definition of Tor:
10% luck, 20% skill, 15% concentrated
power of will, 5% pleasure, 50% pain and
100% reason to remember the name!
-
On November 15, 2014 8:43:33 AM Ch'Gans chg...@gna.org wrote:
On 11/11/14 02:03, Sebastian Urbach wrote:
Dear list members,
My iptables dump, as promised (v4). Updated every hour and available as
long as my relay is alive ;-)
I run a pretty tight ship, just one ssh user and harsh fail2ban
settings. All these listed IP's are considered to be the usual suspects.
Please feel free to use it, should give you a jump start. It is getting
pretty quiet now since i passed the 300+ ip's milestone.
Download:
https://www.urbach.org/~sebastian/rules.v4
Is it just me? Here is the error i get when accessing your website with
firefox:
--
Secure Connection Failed
An error occurred during a connection to www.urbach.org. The OCSP server
has no status for the certificate. (Error code:
sec_error_ocsp_unknown_cert) :
--
Krys
--
QtCreator/qmakeparser.cpp:42
// Parser ///
#define fL1S(s) QString::fromLatin1(s)
namespace { // MSVC2010 doesn't seem to know the semantics of static ...
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] iptables / dump
On November 15, 2014 2:33:23 PM Libertas liber...@mykolab.com wrote: Hi, Honestly, the safest thing to do is to NOT USE PASSWORD BASED LOGINS. Im aware of that. I wrote a script to scan the Tor network for password-based login availability. If I have the time and no one beats me to it, it'll lead to a site that warns relay operators about security problems with their servers. For example, I can combine it with basic, non-invasive nmap results to warn about non-essential network applications, old OS versions, and old Tor versions as well. Awesome, like to see that. Sebastian ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] iptables / dump
On November 15, 2014 1:53:50 PM eric gisse jowr...@gmail.com wrote: Hi, Sebastian, how do you distinguish between the usual low level noise of ssh brute force bots out there from more invasive attacks? There is a bunch of other software (ids etc.) for that. Because this list is most likely just a bunch of internet background noise. It is, thats why i wrote usual suspects ;-) Honestly, the safest thing to do is to NOT USE PASSWORD BASED LOGINS. But what would be even better is to firewall ssh out so you can't get in except from specific ips and/or through say port knocking. Im aware of that but the sad truth is that i have to make some compromises even if i really don't like them :-( But that is a whole other story, i'm afraid. Sebastian ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] FYI: ISP's and blocked Authorities
Hi Jeremy, The operator i talked to tried ping / tracetoute. There was 100 % package loss. If you need more details / help i suggest we talk via private mail. -- Mit freundlichen Grüssen / Sincerely yours Sebastian Urbach - Definition of Tor: 10% luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50% pain and 100% reason to remember the name! - On November 15, 2014 6:23:31 PM Jeremy Olexa jol...@jolexa.net wrote: Hi Sebastian, Is there a way to manually check this? I'm curious to why my non-exit relay, C1B84214, only gets fast/stable/running flags from some authorities but not all of them, as seen here: https://consensus-health.torproject.org/ -Jeremy On Fri, Nov 14, 2014 at 4:37 AM, Sebastian Urbach sebast...@urbach.org wrote: Hi, It seems to be the case that a few ISP's are not up to date and still using old IP's to block Authorities. That means if you are able to connect to just 1 or 2 Authorities but not to all of them your ISP could be one of those candidates. I saw this behaviour in one case just today. Connectivity with Gabelmoo and longclaw was possible but no other Authority was reachable. Gabelmoo recently changed the IP and longclaw is brand new afaik. That ISP is clearly using an old list of IPs to block Tor for their VPS systems. What makes it even worse is that this system was going to be a Non-Exit relay :-( I will ask the operator for more details and the good/bad ISP page will be updated accordingly. If you can reach some Authorities (not all) and you are not getting indexed and measured (also you can't find your system on the Atlas / Tor site), this could be the reason why. -- Mit freundlichen Grüssen / Sincerely yours Sebastian Urbach - Definition of TOR: 10% luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50% pain and 100% reason to remember the name! - ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] FYI: ISP's and blocked Authorities
Hi, It seems to be the case that a few ISP's are not up to date and still using old IP's to block Authorities. That means if you are able to connect to just 1 or 2 Authorities but not to all of them your ISP could be one of those candidates. I saw this behaviour in one case just today. Connectivity with Gabelmoo and longclaw was possible but no other Authority was reachable. Gabelmoo recently changed the IP and longclaw is brand new afaik. That ISP is clearly using an old list of IPs to block Tor for their VPS systems. What makes it even worse is that this system was going to be a Non-Exit relay :-( I will ask the operator for more details and the good/bad ISP page will be updated accordingly. If you can reach some Authorities (not all) and you are not getting indexed and measured (also you can't find your system on the Atlas / Tor site), this could be the reason why. -- Mit freundlichen Grüssen / Sincerely yours Sebastian Urbach - Definition of TOR: 10% luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50% pain and 100% reason to remember the name! - ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Why isn't my relay getting indexed?
Hi, It would be helpful if you could share the Fingerprint of your relay with us. On November 12, 2014 7:52:57 AM Dedalo m...@dedalo.in wrote: I was running 2 relays but I'm currently running 1 (with no problem) since some months ago, One of my VPS accounts got suspended and I'm now trying to setup another relay, a middle relay. This new VPS has been running the tor relay since about 12 hours ago but It's not getting indexed in http://torstatus.blutmagie.de/ neither atlas :/ not sure why, I can see I'm getting connections to 9001 but I can't understand why is this happening... Regards, Dedalo. -- Twitter: @SeguridadBlanca Site: Blog.Dedalo.In ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] iptables / dump
Dear list members, My iptables dump, as promised (v4). Updated every hour and available as long as my relay is alive ;-) I run a pretty tight ship, just one ssh user and harsh fail2ban settings. All these listed IP's are considered to be the usual suspects. Please feel free to use it, should give you a jump start. It is getting pretty quiet now since i passed the 300+ ip's milestone. Download: https://www.urbach.org/~sebastian/rules.v4 -- Mit freundlichen Grüssen / Sincerely yours Sebastian Urbach - Definition of TOR: 10% luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50% pain and 100% reason to remember the name! - ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Iptables dump
Dear list members, I want to offer my iptables dump so that everybody who's interested can use it to fill up the firewall with the usual suspects. My system basically runs just TOR and SSH, so it's not a big surprise that the file contains almost only ip's which attacked SSH. Iptables is fed by fail2ban and then dumped every hour iptables-save so that this collection is automatically loaded via iptables-persistent after a reboot. I will publish this file just once so that this list is not stressed too much. If there is a certain amount of interest i'm willing to offer the file for download permanently. Please contact me if you are interested in that. -- Mit freundlichen Grüssen / Sincerely yours Sebastian Urbach - Definition of TOR: 10% luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50% pain and 100% reason to remember the name! - rules.v4 Description: Binary data ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Oniontip
Dear list members, Since i was the One who asked to put Oniontip on the tor-website (donate section), what is the current discussion status ? -- Mit freundlichen Grüssen / Sincerely yours Sebastian Urbach - Definition of TOR: 10% luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50% pain and 100% reason to remember the name! - ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Oniontip
Hi, Mike, your questions are all valid. Remember where this project is coming from. Donncha put this together at the Dublin Bitcoin Hackathon and it was designed to give back a little bit to the Relay Operators. I never expected anything in return for my relays but im glad that onintip exists and the approach seems to be to give everybody a little bit back based on the consensus. Exit operators can get a lot of legal trouble and i acknowledge that but without Middle Relays, Guards, Bridges etc. TOR would not be possible. It seems to be always about the Exit's. There are different organizations for Exit's and now they should be preferred on oniontip.com ? It is hard not to feel like a second class Relay operator when you don't run an Exit. Im happy that there is a possibility like oniontip and btw. there is nothing similar on the torproject website. You can donate to the torproject via bitcoin but there is no way to choose who should receive this donation like you can do on oniontip.com Im not sure if it is necessary for oniontip to provide the best possible distribution of the donations from the projects point of view (diversity etc.) It seems to be a different approach just to give back to everybody and it has a certain amount of charme. It is easy to use and it seems to be working and becoming more and more popular. I like it. -- Mit freundlichen Grüssen / Sincerely yours Sebastian Urbach - Definition of TOR: 10% luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50% pain and 100% reason to remember the name! - ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Multithreading progress
Dear list members, I asked Mikhail Belous for a quick status update regarding the multithread feature for the tor-daemon. Here's what he said: Good news: My version of multi-thread tor passes the test and doesn't shows mem racing problems. Bad news: 1)Processing channel is only big enough operation to be paralysed. Tor daemon uses a lot of global variables that should be locked. I have already done this for some resources. 2) Multithread branch is behind master for over 1000 commits. What should be done before release: 1) Merge master in better_workqueue branch. 2) Find all global resources, that are available from command_proccess_cells. I already sent you a list, but it should be checked. 3) Lock all global resources. 4) Code review 5) Compare performance of one thread and multi-thread daemons. -- Mit freundlichen Grüssen / Sincerely yours Sebastian Urbach - Definition of TOR: 10% luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50% pain and 100% reason to remember the name! - ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Where to report relay warnings
Hi, I also found a lot of the mentioned log entries. The comment from Arma within the ticket is just right Bonus points for using the name in the NSA document Rofl :-) -- Mit freundlichen Grüssen / Sincerely yours Sebastian Urbach - Definition of TOR: 10% luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50% pain and 100% reason to remember the name! - ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] RELAY_EARLY tor network update status (CVE-2014-5117)
Hi, I just opened a ticket. -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have checked the whois records for the IP addresses of the outdated relays which you earlier advised and found their providers. Opened support requests and sent them a message. Records were as follows: 93.174.90.30 supp...@ecatel.info n...@ecatel.info 82.165.197.129 supp...@1and1.com supp...@1and1.com 91.205.172.16 supp...@contabo.de These 2 are in online.net network where they don't provide an email address, you need account registered with them to contact them. Maybe someone with account there can open a ticket and send the draft letter provided below? IPs of Online.net relays which need contacted (to include so they will know which customers to notify): 195.154.243.53 195.154.226.66 Dear Provider, I am a Tor supporter (www.torproject.org). I contact you with a request: I have identified your customer with IP address IP runnig a Tor relay to help the network (very nice) but unfortunately running an outdated version for which we have a security CVE and there is a patch available. Latest Tor release is 0.2.4.23 and your customer needs to upgrade to this one. Patching the relay is a good practice which will make the network safer. The bug discovered IS NOT CRITICAL so there are no serious security threats (no cause to panic), but updating is always better. The reason I am contacting you (the provider) is that your customer has not provided valid contact information in his Tor relay settings. Can you please kindly forward this notification to your customer and confirm that it was done? It is in the benefit of everyone, so it won't get anyone annoyed. I am sending you this message as an individual Tor supporter and not on behalf of Torproject.org to which I am in no way related other than supporting the network as a volunteer. Thank you in advance for your cooperation and sorry for the approach but I have no other way to reach your customer. On 9/19/2014 12:00 AM, Nusenu wrote: (if you are on the CC list of this email you are probably one of the tor relay operators running one of the 10 fastest vulnerable [CVE-2014-5117] relays on the tor network. Please upgrade your tor relay) The tor network is currently at 64% of the bandwidth being served by relays running a recommended version according to torstatus.blutmagie.de. I updated a previous metrics feature request so we might see nice graphs about patching progress in the future [2]. Since we are seeing active RELAY_EARLY attacks again (or new buggy tor implemantations) I was wondering what the current update stats look like. ~85%* of the tor network's bandwidth is provided by patched relays. (~66% 0.2.4.23, ~11% 0.2.5.6-alpha, ~7% 0.2.5.7-rc) *) according to data from torstatus.blutmagie.de 10 fastest relays still running a vulnerable version: https://atlas.torproject.org/#details/EC98311F9EC02BEAA183651CE8402249CD036D0A https://atlas.torproject.org/#details/D1271A1E15C568DA709D3A1E68188EEAE8DDB834 https://atlas.torproject.org/#details/12AD30E5D25AA67F519780E2111E611A455FDC89 https://atlas.torproject.org/#details/1B9FACF25E17D26E307EA7CFA7D455B144B032E5 https://atlas.torproject.org/#details/2F57987F3942BA0BBD706D623F1FF86A896842C2 https://atlas.torproject.org/#details/379FB450010D17078B3766C2273303C358C3A442 https://atlas.torproject.org/#details/935BABE2564F82016C19AEF63C0C40B5753BA3D2 https://atlas.torproject.org/#details/B83DC1558F0D34353BB992EF93AFEAFDB226A73E https://atlas.torproject.org/#details/104A9453FD93BDBEAE9E2024898266AD2051A1BD https://atlas.torproject.org/#details/C11650E31F83E149C855D574B3171CC9CF9BEE19 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays - -- s7r PGP Fingerprint: 7C36 9232 5ABD FB0B 3021 03F1 837F A52C 8126 5B11 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUG1JpAAoJEIN/pSyBJlsRbgQH/0k2+9+U2EbVomPdMPvOvi94 wLcI7wGe7dUeOGHh746+0cZvUi5EtCX4T4JjeP8iUY0+uMiIw+iCcBekQNzSjieW l78++e3HZ1e5CNZIJjAPRt1fPbba87DVF2ms8SjVCClDSjPxeSC7QZpNtNQonDIK QZ7JZyNi0zn+nffd3i32pSh5YWJoIbI2GbF1RYNJwq906XuvFfagNokDZnRB56ko bx2CPPWxVWLN5K9pkH4WXRaFCaX0o2KkijU+KvU+rsT3ukIWMhahIT19lX+mIzTA KX08C42sH0V8+IxCjjWq6+wAaGj3EPRT4JyAaDAerB2cCqs3qMDMupMxUGxHvnQ= =PpB0 -END PGP SIGNATURE- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Multithreading
Hi, Is someone able to provide a timetable for the multithreading implementation into the alpha branch ? I'll take anything ;-) Thanks -- Mit freundlichen Grüssen / Sincerely yours Sebastian Urbach - Definition of TOR: 10% luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50% pain and 100% reason to remember the name! - ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] IPv6 - status
Hi, You overestimate IPv6, the TOR capacity is not going to grow much just because there is v6 support. In fact we've been told for years that v4 addresses are out and pretty much everything is still business as usual. My experience is that most people don't like it and don't want it. Every ISP i work with still offers v4 and v6 optional at best. Don't get me wrong, v6 support would be nice to have but it's far from being at the top of the list. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] boost CPU on a Tor relay
Hi, AES-NI is by far the most powerful feature from your list. From my point of view absolutely necessary. If theres no CPU Upgrade reachable for you i suppose you can wait for the tor alpha version to become fully multithread capable. This should be reality in the near future. -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, A Tor relay currently going 33MB/s could go a lot faster but CPU is at 93% usage - this is the bottleneck. Here is the output of /proc/cpuinfo processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 26 model name : Intel(R) Core(TM) i7 CPU 950 @ 3.07GHz stepping: 5 microcode : 0x11 cpu MHz : 3068.000 cache size : 8192 KB physical id : 0 siblings: 8 core id : 0 cpu cores : 4 apicid : 0 initial apicid : 0 fpu : yes fpu_exception : yes cpuid level : 11 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf pni dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm sse4_1 sse4_2 popcnt lahf_lm ida dtherm tpr_shadow vnmi flexpriority ept vpid bogomips: 6132.24 clflush size: 64 cache_alignment : 64 address sizes : 36 bits physical, 48 bits virtual power management: it also goes down to processor 1 - processor 7 Any ideas how this could be boosted? OS is Debian wheezy. No aes-ni hardware acceleration, no openssl benchmarking or customization currently. advices? Thank you. - -- s7r PGP Fingerprint: 7C36 9232 5ABD FB0B 3021 03F1 837F A52C 8126 5B11 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUDuRTAAoJEIN/pSyBJlsRLqYH/iSCtC9r/7/DBCG2qqUGPEgY TELvt+UMGyMP6ncNJH+vDEdHO4BBlSMzFQdj2sKyO3hOT5492cIOaT3gGokaDApL W913yqUkIfiUT6FUWJ6g4/LUt25pMG25Ednr/ZJJXR/pR+Ym3T3ytg+MSwRBmpEe +h26Q7qvd/p4f6VhTR0sEsxQfDLVXrEsj3kn0BL0rLklN5zH/bqmIsK2hio5Nl3H KBvbvyt+JbLhA/4+jygT6AygHDH9arpXWEh3ZcJVn7mE0OmPAvukdlLUj70K5F7r cCeMakcGBbSzit5tY7jUmSvkUewVBhAxAZmv1hgNnuCoSrGPtQZseCbM06cry+k= =TyKF -END PGP SIGNATURE- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] TTTT
Dear list members, Just a quick update regarding : Currently we are working on a technical paper based on the so far collected data. ETA is roughly 4 weeks from now on. The paper is going to hit this list asap. -- Mit freundlichen Grüssen / Sincerely yours Sebastian Urbach -- Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin (1706 - 1790), Inventor, journalist, printer, diplomat and statesman ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Expired Key
Hi, The key from deb.torproject.org archive is expired, a new one would be nice. The installation information in the docu should be updated to the new key id as well. Thanks -- Mit freundlichen Grüssen / Sincerely yours Sebastian Urbach -- Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin (1706 - 1790), Inventor, journalist, printer, diplomat and statesman ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] oniontip.com
Hi, I like to suggest adding oniontip.com to the Donate section on the tor website. It's a nice possibility to help the Relay-Oerators. Have a nice day. -- Mit freundlichen Grüssen / Sincerely yours Sebastian Urbach -- Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin (1706 - 1790), Inventor, journalist, printer, diplomat and statesman -- Mit freundlichen Grüssen / Sincerely yours Sebastian Urbach -- Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin (1706 - 1790), Inventor, journalist, printer, diplomat and statesman ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Trying Trusted Tor Traceroutes
Dear Renke, Dear list-members, Yes, the project is alive. Thank you for asking and for your ongoing support. Yes the repo was updated but it is not ready for review yet. We are making changes for the next traceroute round and will ask for testing / testers as soon as it is ready. There is also being worked on a reverse traceroute and we had people at the last tor-dev meeting as well who are trying to figure out what step to do next. Regarding your comment on Dynamic download of relay IPs. It's just downloading the current list of relay IP instead of using a static list. I don't see any harm in that as one of the participant in the past pointed out to use the latest IPs anyway. Theres a lot of work to do with limited human resources, please stay tuned. We will be back ;-) Hi Sebestian, Just a quick update regarding the project. There are multiple GB's of data to analyse and it is still being worked on. We are also working on the public script(s) as well. is your project still on-going? I'm asking because your score board was not updated since May (except one test(?) upload in the phase foo-foo) and though the repository updates are interesting (dynamic download of relay ips) they were never approved for usage according to your installation notes. Renke -- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Heartbleed Exchange of keys now or later?
Hi, I recall that Roger Dingledine pointed out that this is a stress situation for the whole network, but the flags should be in order in just a few days time. Better to update OpenSSL right now, discard everything in /keys and wait for the recovery. I expect that the vast majority of the systems should be back to business as usual in about 2-3 days. After updating the OpenSSL, I chopped our relay's keys at noon EST yesterday. The traffic has indeed collapsed since then. Old configuration was averaging around 55Mb/s per my Cacti. A URL here: https://atlas.torproject.org/#details/566B0F92197A9D855846E68D2AEEF8266B147D35 This morning my Cacti graphs say it is still sitting at near nothing, like 1.5Mb. arm says between 500-600Kb/s. The new URL is here and at least at this time, you can really see the dropoff in the 3-day graph. https://atlas.torproject.org/#details/30C19B81981F450C402306E2E7CFB6C3F79CB6B2 I wonder how long it will take our relays to recover? I wonder if it is a good idea, or technically feasible, to do a one time kick-over of something in the Tor network so that the system sees what the relay flags etc. should be on these emergency-redefined relays. Certainly if everyone updated at once and the traffic died like this everywhere, Tor would be pretty messed. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Clarification regardind business as usual
Hi, I want to clarify my mail from earlier today regarding the recovery of the network / relays. I wrote that i expect business as usual within 2-3 days for the vast majority of the relays. That does not mean that everything is the way it was before. When the content of the /keys directory is gone you have basically a new relay and therefore the process of getting flags starts from scratch. Roger posted an excellent article regarding the life cycle of relays: https://blog.torproject.org/blog/lifecycle-of-a-new-relay -- Mit freundlichen Grüssen / Sincerely yours Sebastian Urbach -- Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin (1706 - 1790), Inventor, journalist, printer, diplomat and statesman ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] TTTT
Dear list members, It will take a bit longer than expected to bring the scoreboard and surrounding systems up again. As it turns out one system was compromised and another machine ran in some hardware trouble. We need to change settings and possible buy new hardware as well. We are working as fast as possible to get everything back on track, so please stay with us. Sorry for the interruption. -- Mit freundlichen Grüssen / Sincerely yours Sebastian Urbach -- Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin (1706 - 1790), Inventor, journalist, printer, diplomat and statesman ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] TTTT scoreboard
Dear list members, The scoreboard and the involved systems are in need for some adjustments. Anupam is working on it and we expect that the issues are resolved on this weekend. Sorry for the interruption. -- Mit freundlichen Grüssen / Sincerely yours Sebastian Urbach -- Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin (1706 - 1790), Inventor, journalist, printer, diplomat and statesman ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] botnets run on Tor
Thanks, I was about to write pretty much the same. What is the response to this news? http://www.kaspersky.com/about/news/virus/2014/Number-of-the-week-an-average-of-900-online-resources-are-active-on-TOR-daily This is old news, not news in general, and has been well covered in the list archives for the year to date [1]. Anonymous networks can and will be used for both good and bad. To ensure the good within any network, you must accept some bad. We believe the good outweighs the bad. So enjoy that some precious and valuable anonymity exits in the world, and/or quit trolling. [1] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] TTTT
Hi, Do you still have this error occurring ? Checked the download, should be working. On Mon, Mar 3, 2014 at 6:10 AM, Sebastian Urbach sebast...@urbach.orgwrote: We are very close to 100 complete runs from different IP's, in fact 99 right now. I hope that we will reach this goal very soon :-) Decided to run it on another 3 servers today, at different data centres. All show similar to below. (summary: https not working to retrieve archive). root@aqserver:~/TorTraceroute# wget https://web.engr.illinois.edu/~das17/traceroute-from-tor-relays-4493e7c21199.tar.bz2 --2014-03-03 09:35:06-- https://web.engr.illinois.edu/~das17/traceroute-from-tor-relays-4493e7c21199.tar.bz2 Resolving web.engr.illinois.edu (web.engr.illinois.edu)... 130.126.112.112, 130.126.112.114 Connecting to web.engr.illinois.edu (web.engr.illinois.edu)|130.126.112.112|:443... connected. HTTP request sent, awaiting response... 403 Forbidden 2014-03-03 09:35:14 ERROR 403: Forbidden. root@aqserver:~/TorTraceroute# wget https://web.engr.illinois.edu/~das17/traceroute-from-tor-relays-4493e7c21199.tar.bz2 --2014-03-03 09:35:21-- https://web.engr.illinois.edu/~das17/traceroute-from-tor-relays-4493e7c21199.tar.bz2 Resolving web.engr.illinois.edu (web.engr.illinois.edu)... 130.126.112.114, 130.126.112.112 Connecting to web.engr.illinois.edu (web.engr.illinois.edu)|130.126.112.114|:443... connected. HTTP request sent, awaiting response... 403 Forbidden 2014-03-03 09:35:32 ERROR 403: Forbidden. root@aqserver:~/TorTraceroute# wget http://web.engr.illinois.edu/~das17/traceroute-from-tor-relays-4493e7c21199.tar.bz2 --2014-03-03 09:35:37-- http://web.engr.illinois.edu/~das17/traceroute-from-tor-relays-4493e7c21199.tar.bz2 Resolving web.engr.illinois.edu (web.engr.illinois.edu)... 130.126.112.114 Connecting to web.engr.illinois.edu (web.engr.illinois.edu)|130.126.112.114|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 3900916 (3.7M) [application/x-tar] Saving to: `traceroute-from-tor-relays-4493e7c21199.tar.bz2' 100%[==] 3,900,916288K/s in 15s 2014-03-03 09:35:59 (261 KB/s) - `traceroute-from-tor-relays-4493e7c21199.tar.bz2' saved [3900916/3900916] -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] TTTT
Dear list members, The next big data review regarding the Trying Trusted Tor Traceroutes project was initiated this week. It will probably take a while (weeks) before we have solid conclusions. We are very close to 100 complete runs from different IP's, in fact 99 right now. I hope that we will reach this goal very soon :-) We are not sure yet if we gathered enough data, but time will tell. We want to thank you for your support and if you want to make sure that we have more data in case the amount we collected turns out to be insufficient, then join us or keep running multiple rounds. Project: http://web.engr.illinois.edu/~das17/tor-traceroute_v1.html Results: http://datarepo.cs.illinois.edu/relay_scoreboard.html I make sure that this list is getting the results from the data review before anyone else. -- Mit freundlichen Grüssen / Sincerely yours Sebastian Urbach -- Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin (1706 - 1790), Inventor, journalist, printer, diplomat and statesman ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] TTTT
Hi, I'm sorry but there is no Windows executable available or planned due to the insignificant number of Windows relays. Is it necessary to run it by scripts or is it possible to create a exe or dmg file -Original Message- From: tor-relays [mailto:tor-relays-boun...@lists.torproject.org] On Behalf Of Sebastian Urbach Sent: Sunday, March 2, 2014 2:10 PM To: tor-relays@lists.torproject.org Subject: [tor-relays] Dear list members, The next big data review regarding the Trying Trusted Tor Traceroutes project was initiated this week. It will probably take a while (weeks) before we have solid conclusions. We are very close to 100 complete runs from different IP's, in fact 99 right now. I hope that we will reach this goal very soon :-) We are not sure yet if we gathered enough data, but time will tell. We want to thank you for your support and if you want to make sure that we have more data in case the amount we collected turns out to be insufficient, then join us or keep running multiple rounds. Project: http://web.engr.illinois.edu/~das17/tor-traceroute_v1.html Results: http://datarepo.cs.illinois.edu/relay_scoreboard.html I make sure that this list is getting the results from the data review before anyone else. -- Mit freundlichen Grüssen / Sincerely yours Sebastian Urbach -- Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin (1706 - 1790), Inventor, journalist, printer, diplomat and statesman ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] TTTT, multiple runs
Dear list members, The multiple runs question is now added to the FAQ at the Trying Trusted Tor Traceroutes project site. Right now we are at 95 ip's with at least 1 completed run. Hopefully we can add another 5 to that number and reach the 100 milestone before the next data review in 03/2014. Multiple run's from the same ip are very welcome as well. Thank you for your support ! Want to help ? Project site: http://web.engr.illinois.edu/~das17/tor-traceroute_v1.html Want to see the results ?: http://datarepo.cs.illinois.edu/relay_scoreboard.html -- Mit freundlichen Grüssen / Sincerely yours Sebastian Urbach -- Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin (1706 - 1790), Inventor, journalist, printer, diplomat and statesman ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] TTTT, multiple runs
Hi Sanjeev, Basically yes. Here are the details: http://web.engr.illinois.edu/~das17/tor-traceroute_v1.html#q-canrunelsewhere Feel free to ask if anything is unclear. -- Mit freundlichen Grüssen / Sincerely yours Sebastian Urbach -- Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin (1706 - 1790), Inventor, journalist, printer, diplomat and statesman On Wed, Feb 19, 2014 at 6:53 PM, Sebastian Urbach sebast...@urbach.orgwrote: Right now we are at 95 ip's with at least 1 completed run. Hopefully we can add another 5 to that number and reach the 100 milestone before the next data review in 03/2014. Multiple run's from the same ip are very welcome as well. Sebastian, Does this have to be run on a Tor Relay? I thought so, for my first run, but re-reading it now I am not sure. If running this on a non-relay would help, I can add a few more servers tonight. -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] TTTT project
Hi Mateusz, 19 days with 1/5 of the default pps value (1000) That would be around 4 days with pps 1000. That's exactly the value estimated in the project faq. Everything seems to be fine. Project site / faq: http://web.engr.illinois.edu/~das17/tor-traceroute_v1.html#faq Results: http://datarepo.cs.illinois.edu/relay_scoreboard.html Thank you for participating ! -- Mit freundlichen Grüssen / Sincerely yours Sebastian Urbach -- Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin (1706 - 1790), Inventor, journalist, printer, diplomat and statesman On 13 Feb 2014, at 13:10, Sebastian Urbach wrote: Dear honorable list members, Some stats from my side: bash-3.2$ PPS=200 DONTERASE=yes time ./traceroutes.sh 1645980.86 real 28760.92 user181530.51 sys Started on 27 Jan 2014 00:49 GMT Finished on 15 Feb 2014 02:02 GMT ca. 19 days to complete with scamper on OSX 10.7 Thanks, -mateusz ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] TTTT project
Dear honorable list members, If anybody has questions regarding his / her submitted results than please include your public ip address in your mail. We can process your requests way faster if we have this essential information and don't have to ask for it. Btw. we are at 88 ip's with at least 1 complete run. Come on, let's make it 100 before the data review in March :-) Thank you very much for your attention ! The project: http://web.engr.illinois.edu/~das17/tor-traceroute_v1.html The results: http://datarepo.cs.illinois.edu/relay_scoreboard.html -- Mit freundlichen Grüssen / Sincerely yours Sebastian Urbach -- Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin (1706 - 1790), Inventor, journalist, printer, diplomat and statesman ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
