On Wednesday, February 28, 2018 6:46:00 PM CST George wrote: > Vinícius Zavam: > > 2018-02-25 21:23 GMT+00:00 Conrad Rockenhaus <conrad@xxxxxxxxxxxxxx>: > >> On Sunday, February 25, 2018 3:05:00 PM CST George wrote: > >>> Conrad Rockenhaus: > >>>> Hello All, > >>>> > >>>> If anyone is interested, I have a RAW image of a FreeBSD 11.1 ZFS > > > > image > > > >>>> that is fully configured and ready to run Tor. Right now it's an > > > > eight GB > > > >>>> image, but I'm reducing the size by removing all of the extra stuff > > > > on it > > > >>>> from the upgrade from FreeBSD 11 to 11.1. > >>> > >>> I think it's great to ease the implementation of Tor relays, > >>> particularly on BSDs. > >> > >> My main thought process behind trying to ease the implementation of BSD > > > > relays > > > >> is the fact that we should diversify what we have online within the > > > > network. > > > >> Most of our nodes are Linux. What if we have another vulnerability that > > > > comes > > > >> out that hits Linux specifically again? > >> > >>> However, I'd be wary of an image that I didn't build myself, personally. > >> > >> That's your opinion. The AWS relay project was very successful. Numerous > >> people ran an image that they didn't build. Numerous people also run > > > > Docker > > > >> containers that they didn't build. Numerous people run Vagrant boxes they > >> didn't build. You have the right to be weary, but there's numerous people > > > > out > > > >> there who run other people's images everyday. > >> > >>>> If you're interested in the image let me know. This image has been > > > > fully > > > >>>> tested on OVH's Openstack infrastructure, so if you're interested in > >>>> running it on their infrastructure, let me know and I can walk you > >>>> through it, or you're more than welcome to host is within my cloud at > >>>> cost (it's a low monthly rate and unlimited bandwidth). > >>> > >>> Another issue is that OVH is over relied upon for public nodes. It's the > >>> leading ASN with almost 15%. > >> > >> They're one of the few providers out there that allow exits. That's why > > > > 15% of > > > >> our exits are on OVH. > >> > >>> https://torbsd.org/oostats/relays-bw-by-asn.txt > >>> > >>> OTOH, I do think we (in particular BSD people) need to facilitate the > >>> implementation of BSD relays, including for VPS services for those > >>> looking to test the waters. > >> > >> I completely agree. > > > > I wonder if people hosting Tor relays in any sort of VPS are doing > > filesystem encryption. > > > >>> The TDP wiki has a list of other BSD-offering VPSs, plus a script for > >>> Vultur to build on OpenBSD. I tend to think using other people's scripts > >>> that can be reviewed and hacked is a better gateway for new relay > >>> operators than images. > > > > you can combine the FreeBSD jails feature with your idea. > > plus, do not share many Tor instances on the same machine/server/jail. > > Actually, that raises a side point... > > FreeBSD jails are usually viewed as a tool to create full system with > the glorious addition of root. > > But they can also be used to build minimal chroot-looking systems, in > that they can be deliciously small, yet incredibly secure, especially > compared to chroot. > > FreeBSD jails started as a simple http hosting solution a long while > back, very much a "unorthodox solution to a traditional problem." But > they have a utility that gets confused when they are considered > just-another-virtualization alternative to delude users into thinking > they have full system control. > > <snip> > > g We could always make it more fun and throw FreeBSD/Docker on top of the mess: https://wiki.freebsd.org/Docker I was looking at Jails before, but I ruled it out because I'm looking at this project from the level of I'm running a VM on a OpenStack/VMware, or AWS infrastructure as a small VM dedicated to just Tor. So the who VM is dedicated to just Tor. So, basically instead of virtualizing an environment already running in a virtual machine dedicated to the task of running that run task, I figured just keep things on the VM. Of course, I may be looking at that wrong, but I think that would be the best option to weigh all of the factors that go into the project. Conrad
Attachment:
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays