VinÃcius Zavam: > 2018-02-25 21:23 GMT+00:00 Conrad Rockenhaus <[email protected]>: >> >> On Sunday, February 25, 2018 3:05:00 PM CST George wrote: >>> Conrad Rockenhaus: >>>> Hello All, >>>> >>>> If anyone is interested, I have a RAW image of a FreeBSD 11.1 ZFS > image >>>> that is fully configured and ready to run Tor. Right now it's an > eight GB >>>> image, but I'm reducing the size by removing all of the extra stuff > on it >>>> from the upgrade from FreeBSD 11 to 11.1. >>> >>> I think it's great to ease the implementation of Tor relays, >>> particularly on BSDs. >> >> My main thought process behind trying to ease the implementation of BSD > relays >> is the fact that we should diversify what we have online within the > network. >> Most of our nodes are Linux. What if we have another vulnerability that > comes >> out that hits Linux specifically again? >> >>> >>> However, I'd be wary of an image that I didn't build myself, personally. >>> >> That's your opinion. The AWS relay project was very successful. Numerous >> people ran an image that they didn't build. Numerous people also run > Docker >> containers that they didn't build. Numerous people run Vagrant boxes they >> didn't build. You have the right to be weary, but there's numerous people > out >> there who run other people's images everyday. >> >>>> If you're interested in the image let me know. This image has been > fully >>>> tested on OVH's Openstack infrastructure, so if you're interested in >>>> running it on their infrastructure, let me know and I can walk you >>>> through it, or you're more than welcome to host is within my cloud at >>>> cost (it's a low monthly rate and unlimited bandwidth). >>> >>> Another issue is that OVH is over relied upon for public nodes. It's the >>> leading ASN with almost 15%. >> >> They're one of the few providers out there that allow exits. That's why > 15% of >> our exits are on OVH. >> >>> >>> https://torbsd.org/oostats/relays-bw-by-asn.txt >>> >>> OTOH, I do think we (in particular BSD people) need to facilitate the >>> implementation of BSD relays, including for VPS services for those >>> looking to test the waters. >> >> I completely agree. > > I wonder if people hosting Tor relays in any sort of VPS are doing > filesystem encryption. > >>> >>> The TDP wiki has a list of other BSD-offering VPSs, plus a script for >>> Vultur to build on OpenBSD. I tend to think using other people's scripts >>> that can be reviewed and hacked is a better gateway for new relay >>> operators than images. > > you can combine the FreeBSD jails feature with your idea. > plus, do not share many Tor instances on the same machine/server/jail. >
Actually, that raises a side point... FreeBSD jails are usually viewed as a tool to create full system with the glorious addition of root. But they can also be used to build minimal chroot-looking systems, in that they can be deliciously small, yet incredibly secure, especially compared to chroot. FreeBSD jails started as a simple http hosting solution a long while back, very much a "unorthodox solution to a traditional problem." But they have a utility that gets confused when they are considered just-another-virtualization alternative to delude users into thinking they have full system control. <snip> g -- 34A6 0A1F F8EF B465 866F F0C5 5D92 1FD1 ECF6 1682 _______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
