Re: [tor-relays] tor hidden services & SSL EV certificate

2016-01-01 Thread Jesse V
ct.org/blog/facebook-hidden-services-and-https-certs -- Jesse V signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] tor hidden services & SSL EV certificate

2015-12-31 Thread Jesse V
y want to examine forks, but I've had success with Shallot as it is. -- Jesse V signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] tor hidden services & SSL EV certificate

2015-12-29 Thread Jesse V
ed an HTTPS cert but I think that's mostly for a publicity stunt than anything else. -- Jesse V signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] tor hidden services & SSL EV certificate

2015-12-29 Thread Jesse V
hat case you don't need an SSL cert. This can sometimes be superior to trusting the centralized CA model, but I agree that the points you've listed are useful applications as well. -- Jesse V signature.asc Description: OpenPGP digital signature ___ tor-relays

Re: [tor-relays] Delete

2015-12-30 Thread Jesse V
On 12/30/2015 08:24 AM, OM Healing wrote: > Me too fuck, I can't get off this thing either. > Please!!! Use https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays You can always unsubscribe yourself, same as most other mailing lists. -- Jesse V signature.asc Description: O

Re: [tor-relays] Debugging my small relay

2016-01-06 Thread Jesse V
system standards, near as I can tell. See https://en.wikipedia.org/wiki/Filesystem_Hierarchy_Standard -- Jesse V signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.o

Re: [tor-relays] Debugging my small relay

2016-01-06 Thread Jesse V
lay/C1B80BA2D97C33851DE08FD061F531A129705988 It will be a few days before it sees more traffic, since it's a very new relay at this point. With a speed like that, you might consider switching to an obfs4 bridge rather than a relay. You'll probably contribute more to the network that way. -- Jess

Re: [tor-relays] Running an exit? Please secure your DNS with DNSCrypt+Unbound

2015-12-20 Thread Jesse V
EC. Although DNSSEC doesn't provide confidentiality for DNS queries, it does provide authentication and integrity checks. Unbound with a large cache and DNSSEC re-enabled is probably superior to Unbound+DNSCrypt without DNSSEC. The point still stands though; you can secure and optimize an exit's DNS

Re: [tor-relays] Running an exit? Please secure your DNS with DNSCrypt+Unbound

2015-12-20 Thread Jesse V
red this? Certainly. My configuration files are here: https://gist.github.com/Jesse-V/66fe794bf1b9e4ccf852 Unbound does most of the hard work already and by default queries authoritative DNS servers. My configuration is based on the manpage, Fedora's default Unbound configuration, and the optimization

Re: [tor-relays] Running an exit? Please secure your DNS with DNSCrypt+Unbound

2015-12-20 Thread Jesse V
On 12/20/2015 04:11 PM, Jesse V wrote: > On 12/20/2015 03:47 PM, Green Dream wrote: >>> Weasel and velope on #tor-project suggested that I remove DNSCrypt >>> entirely and let Unbound be a recursive resolver against the root DNS >>> servers, which I have now don

[tor-relays] Running an exit? Please secure your DNS with DNSCrypt+Unbound

2015-12-19 Thread Jesse V
scrypt-proxy#installation may be helpful here. 3) I modified Unbound's configuration per the instructions in https://www.dnscrypt.org/#dnscrypt-proxy. For the sake of convenience, you can find my configuration here: https://gist.github.com/Jesse-V/675b7ec87eca864887e6 I then reloaded Unbound to apply

Re: [tor-relays] Running an exit? Please secure your DNS with DNSCrypt+Unbound

2015-12-19 Thread Jesse V
earnet somewhere. It's probably not a good idea to build infinite loops through the Tor network. -- Jesse V signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cg

Re: [tor-relays] Running an exit? Please secure your DNS with DNSCrypt+Unbound

2015-12-26 Thread Jesse V
you pointed out. -- Jesse V signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Any experience with Pulse Servers?

2015-11-27 Thread Jesse V
and the UK and have really low prices on VPSs, which I'm trying to understand. I've been trying to learn more but I think they have a pretty small setup (apparently the owner does tech support) and documentation is limited. Does anyone have any experience or opinions on them? -- Jesse V signature.asc

Re: [tor-relays] VPS for Exits

2016-05-25 Thread Jesse V
You can add Pulse Servers to the list. I think they are happy as long as you don't use an excessive amount of bandwidth per month. A rough estimate of the maximum is 10 TB per month per tier, but less is better. -- Jesse V signature.asc Description: OpenPGP digital signature

Re: [tor-relays] How to update tor on my raspberry

2016-01-10 Thread Jesse V
On 01/10/2016 09:00 AM, Peter Garner wrote: > I just download the source code and do a build. It takes a while but at least > you can grab a coffee! It's generally a better idea to use software repositories, primarily because it's easier to stay up-to-date. -- Jesse V signatu

Re: [tor-relays] Suggestion to make Tor usage more disguised

2016-01-16 Thread Jesse V
ne they wrote themselves. It just makes the whole network more friendly for the rest of the Internet. It's "Tor", not "TOR". -- Jesse V signature.asc Description: OpenPGP digital signature ___ tor-relays mailin

Re: [tor-relays] What does this message mean in my tor logs?

2016-01-29 Thread Jesse V
th packet forwarding on a personal machine and had duplicated packets (which manifested itself as log warnings, double ping replies, and slow performance) until I fixed my iptables rules. -- Jesse V signature.asc Description: OpenPGP digital signature ___ t

Re: [tor-relays] tor middle node question

2016-02-02 Thread Jesse V
know. I guess I heard incorrectly. -- Jesse V signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Netflix overblocking non-exit Tor relays

2016-02-28 Thread Jesse V
bly need to try to talk to someone above the average tech support responder, since they are trained to how to diagnose and repair common issues, and "Netflix is blocking non-exit Tor relays" certainly isn't high on that list. -- Jesse V signature.asc Description:

Re: [tor-relays] Any known Tor relay seizures (in Germany)?

2016-02-28 Thread Jesse V
ate a significant amount of spam and attacks by using a reduced exit policy, especially if you get rid of the standard ports for SSH and Telnet traffic. A custom landing page doesn't hurt either; mine looks like this: http://198.50.200.131/ -- Jesse V signature.asc Description: O

Re: [tor-relays] tor middle node question

2016-01-26 Thread Jesse V
obe.torproject.org. The choice of Atlas or Globe is a personal preference. I prefer Globe, but both are far better than torstatus.blutmagie.de -- Jesse V signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.to

Re: [tor-relays] Tor Bridges

2016-01-22 Thread Jesse V
On 01/22/2016 05:59 PM, Roots Babilonia wrote: > Please send me bridges > This is not the place to ask for bridges. -- Jesse V signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org

Re: [tor-relays] unbound bogs down strangely, degrading exit relay

2016-03-20 Thread Jesse V
On 03/18/2016 02:02 PM, Dhalgren Tor wrote: > This issue is a PIA and if it continues I'll give up on 'unbound' and > follow the previous operator, switching to bind9 despite the lesser > performance. Could you try switching to a different upstream DNS provider? -- Jesse V sign

Re: [tor-relays] please send me the hosters you use

2016-03-19 Thread Jesse V
nth plan meet your criteria. They give you a Xeon-class CPU and a 1 Gbits link, but there's a clause about reasonable use, so typically it's best to keep it under 100 Mbits unless you buy a higher tier. Servers are in CA and UK. I don't remember what container they use though. -- Jesse V signatu

Re: [tor-relays] Don't use Google's DNS server

2016-05-16 Thread Jesse V
oot servers is slow. https://www.dnscrypt.org/ can also be useful for preventing interception. -- Jesse V signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.

Re: [tor-relays] Tiny computers (RPi-like) for exit nodes?

2016-08-21 Thread Jesse V
cal roles, so they may have a possibility of standing up to the job. If not, a low-end old laptop will have AES acceleration. Something to consider. -- Jesse V signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Linux kernel vulnerability

2016-10-22 Thread Jesse V
On 10/22/2016 08:02 PM, Tristan wrote: > Would it be acceptable to configure unattended-upgrades to automatically > reboot the system when required? I already have it configured to check > for and install all updates to Ubuntu and Tor once a day, but I still > need to manually reboot to apply

Re: [tor-relays] Why do 40% of Tor exits uses 8.8.8.8 for DNS resolving ?

2016-10-17 Thread Jesse V
On 10/17/2016 12:34 PM, Hoshpak wrote: >> # chattr +i /etc/resolv.conf >> >> Exact it works fine :) > > Please only do this if your are sure your server is not running in a > Virtuozzo/OpenVZ container environment. On Virtuozzo, the startup > procedure includes scripts that rewrite resolv.conf

Re: [tor-relays] Linux kernel vulnerability

2016-10-21 Thread Jesse V
On 10/21/2016 06:23 PM, Tristan wrote: > And? > > Honestly, the way people create names and websites for these things, > you'd think it's a fund-raiser for something, not a critical security bug. Tristan, they know this. They are even good-natured enough to make fun of it themselves. From

Re: [tor-relays] Why do 40% of Tor exits uses 8.8.8.8 for DNS resolving ?

2016-10-16 Thread Jesse V
On 10/16/2016 04:54 PM, Petrusko wrote: > Thx for this share. > > But I'm not sure how Unbound is "speaking" with the roots DNS servers... > Somewhere I've read that DNS queries can be forwarded by a "man in the > middle", and the server operator can't be sure about this :s > An ISP is able to do

Re: [tor-relays] Fwd: Your TOR relay

2017-08-08 Thread Jesse V
On 08/07/2017 10:53 PM, Dennis Emory Hannon wrote: > No attitude or hurt feelings. What’s different from my servers compared > to others? Probably nothing at all….this is just a hobby of mine. One > would think if I wanted to collect information I would just run an exit > node myself since I have