[tor-relays] Relay data limit
Hi all, I've been running a middle relay on a VPS for about 2 months now. The provider limits the monthly data transferred to 5TB but does not charge for over-usage. Instead, the bandwidth is throttled to 1Mb/s after the limit is reached until the 1st of the next month. I currently have AccountingMax set to 2.5 TB (since it's the max in each direction) and AccountingStart set to "month 1 00:00". Generally that 5TB limit is hit between the 15th and 17th of the month, causing the relay to go dormant until the 1st. What I'm wondering is: 1 - Is it better for the network if the relay is active 24/7, even if sometimes it's much slower? 2 - Will it negatively affect my relay's reputation if sometimes it's very slow? Thank you -- Dan ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Dutch Relays
Dear nifty, thank you for the valuable feedback. <3 Let's continue the discussion off-list. ### Dear all, I think ColoClue is a great place to run relays. It's self-organized infrastructure and not some Hetzner foo where everyone else is running relays. They run a reliable colo and they are great people. Only drawback is that we (Artikel10) were capped at 500Mbit/s. But there might be ways around this limit that we never tried. Thank you @ all ColoClue people for housing our first colocated Artikel10 exit relay. Much appreciated :) -- please reach out to me if you are attending 37C3. Best kantorkel Am 12/18/23 um 14:59 schrieb ab...@relayon.org 2023: These are complete and utter shit. avoid like the plague! nifty On 11. Dec 2023, at 09:06, Jordan Savoca via tor-relays wrote: On 12/10/23 2:41 PM, Christopher Sheats wrote: Emerald Onion is looking for co-location and IP transit opportunities in the Netherlands for deploying new exit relays. We have our own ASN, v4 and v6 IP space. Hi yawnbox, You may want to check out ColoClue[1], they're a volunteer-based not-for-profit association operated by folks in the commercial ISP space who needed a way to host their own systems. Today they support ~200 engineering hobbyists with low-cost infrastructure. They have cross-connects to AMS-IX and NL-IX[2] and diverse transit connectivity[3] in their racks. Job Snijders has given a couple talks at NLNOG and NANOG about operations-related things, like effective DDoS mitigation[4] with fastnetmon and automated peering solutions[5]. I'm not a member personally, but if I lived in the area I'd definitely include them in my list of potential options. ^^ [1]: https://coloclue.net/en/ [2]: https://github.com/coloclue/peering/blob/master/peers.yaml [3]: https://bgp.tools/as/8283#connectivity [4]: https://www.youtube.com/watch?v=0ahdxp_btHY [5]: https://www.youtube.com/watch?v=C7pkab8n7ys -- Jordan Savoca https://jordan.im/ ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Dutch Relays
On Dienstag, 19. Dezember 2023 16:23:27 CET Jordan Savoca via tor-relays wrote: > On 12/18/23 6:59 AM, ab...@relayon.org 2023 wrote: > > These are complete and utter shit. > > > > avoid like the plague! > > > > nifty ;-) You've landed in the sun again, I envy you. > Oh? I'm curious to hear more about your reasons/experience, if you're > open to sharing. They're pretty well-regarded in networking spaces. ColoClue is nice if you have _low_ traffic and want to learn about routing BGP, OSPF... Artikel10 has server running there. Christopher Sheats could ask for traffic prices at https://serverius.net/colocation/server-colocation/ -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom! signature.asc Description: This is a digitally signed message part. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Dutch Relays
On 12/18/23 6:59 AM, ab...@relayon.org 2023 wrote: These are complete and utter shit. avoid like the plague! nifty Oh? I'm curious to hear more about your reasons/experience, if you're open to sharing. They're pretty well-regarded in networking spaces. -- Jordan Savoca https://jordan.im/ ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Declining Relay Usage
Please read the code, not only Tor's code, but also OpenSSL's code. Yes, AES is not displayed as engine itself, however, it still does not seem to use aes-ni instructions unless told to initialize engines via the code I deducted. If this proves anything, I ran an Exit Relay in 2013 before my host forced me to switch to a Guard one because of excessive abuse, and even though my VM supported aesni instructions, OpenSSL would not actually use them until I added the config parameter, the peak CPU usage (single core) dropped from 88-95% avg to around 23% avg once I added it. Maybe some developer can comment on the deeper workings of OpenSSL and Tor, and terminology might get weird between the Tor and OpenSSL (both very big code-bases). Also, regarding the e-mail, I post regularly on here and tor-dev, so no worries :) Let's just end this pointless discussion here, I will do some more research the next few days because I actually want to know, but to me everything seems pretty clear (from the code I've YET SEEN, not the one I DID NOT YET SEE). Peace, friend. P.S: I included the tor-dev mailing list to my recipients, they should be more knowledgeable, I am just an employed C/C++ programmer on mostly Windows and POSIX-compatible systems, with a little over 15 years of experience, with some reverse engineering experience on both PE and MACHO binaries (x86 & x64). > On Mon, 18 Dec 2023 15:58:52 + > George Hartley hartley_geo...@proton.me wrote: > > > I had a quick look at the manual, and it stated: > > > > > HardwareAccel 0|1 > > > > > If non-zero, try to use built-in (static) crypto hardware acceleration > > > > when available. Can not be changed while tor is running. (Default: 0) > > > > A quick look at the source code tells me that Tor relies entirely on > > OpenSSL. > > > > The call-chain here is as follows: > > > > crypto_set_options first determines whether to enable any available OpenSSL > > engines based on if the variable mentioned above is non-zero or if an > > accelerator name has been set: > > > > > const bool hardware_accel = options->HardwareAccel || options->AccelName; > > > > This bool is then passed into crypto_global_init, where it is the first > > argument, fittingly named "useAccel". > > > > useAccel is then passed into crypto_openssl_late_init, where if > > HardwareAccel is the default (0) or no engine name has been specified, > > OpenSSL will make no attempt to load any acceleration engines. > > > > Here is a permalink to that last relevant function in the call chain: > > > > https://gitlab.torproject.org/tpo/core/tor/-/blob/main/src/lib/crypt_ops/crypto_openssl_mgt.c?ref_type=heads#L382 > > > > So yes, I think it is pretty safe to assume that if you do not set either > > configuration option, no OpenSSL engine will be used. > > > > Thank you for questioning me though, thanks to you I learned some more > > about Tor's inner workings, and you hopefully too :) > > > It is not entirely clear to me what conclusion you came to after this > research. If you mean that HardwareAccel is needed, I would still disagee. > > If I'm not mistaken the AES-NI support is implemented in OpenSSL not via an > "engine" that you have to "use", it is just built-in internally on some deeper > level. For a proof you can run "openssl engine" in the console of any > AES-supporting machine, and you will not see any loadable engines there, aside > from rdrand, which is unrelated, and "dynamic" which just means it can load > some acceleration engines if it had any. And for instance VIA Padlock would > show up as "padlock" in that list. > > Please use reply to all the mailing list. Sorry for bringing out your mail > into the public, but it didn't seem to be strictly private in any case. > > -- > With respect, > Roman > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays publickey - hartley_george@proton.me - 0xAEE8E00F.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor relay operator meetups
Hey telekobold, > will there be a Tor relay operators meetup @37C3 [*]? There seems to be a Tor meetup as SoS (Self-organized session) by Q Misell: https://events.ccc.de/congress/2023/hub/en/event/tor-meetup fossdd signature.asc Description: PGP signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Dutch Relays
These are complete and utter shit. avoid like the plague! nifty > On 11. Dec 2023, at 09:06, Jordan Savoca via tor-relays > wrote: > > On 12/10/23 2:41 PM, Christopher Sheats wrote: >> Emerald Onion is looking for co-location and IP transit opportunities in the >> Netherlands for deploying new exit relays. We have our own ASN, v4 and v6 IP >> space. > > Hi yawnbox, > > You may want to check out ColoClue[1], they're a volunteer-based > not-for-profit association operated by folks in the commercial ISP space who > needed a way to host their own systems. Today they support ~200 engineering > hobbyists with low-cost infrastructure. > > They have cross-connects to AMS-IX and NL-IX[2] and diverse transit > connectivity[3] in their racks. Job Snijders has given a couple talks at > NLNOG and NANOG about operations-related things, like effective DDoS > mitigation[4] with fastnetmon and automated peering solutions[5]. > > I'm not a member personally, but if I lived in the area I'd definitely > include them in my list of potential options. ^^ > > [1]: https://coloclue.net/en/ > [2]: https://github.com/coloclue/peering/blob/master/peers.yaml > [3]: https://bgp.tools/as/8283#connectivity > [4]: https://www.youtube.com/watch?v=0ahdxp_btHY > [5]: https://www.youtube.com/watch?v=C7pkab8n7ys > > -- > Jordan Savoca > https://jordan.im/ > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays signature.asc Description: Message signed with OpenPGP ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays