[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] How to Run High Capacity Tor Relays



> On 22 Jul 2015, at 22:14 , Ben Serebin <ben@xxxxxxxxxxxxxxxxx> wrote:
> 
> Robert: you're right. The group in general isn't very knowledge about Windows. I'm a Windows sysadmin and spent a long time deciphering the Tor documentation on windows and it's poor. Best info was another operator who posted on the mailing list months ago. I've reached out to the website maintainers and gotten radio silence on updating the Wiki for Windows.

What's the specific issue?
Is it the (static) website, or the wiki, that you want to edit?

I've made all sorts of edits to the OS X portion of the wiki, and the only trouble I had was replacing an attachment. (But I could add another attachment as a workaround.)

The website, on the other hand, probably needs a Trac ticket logged or, even better, a patch submitted to get updates.

> I've added other things to the wiki though (on exits). I'm a bit perplexed on the OS religiousness since we need more inclusive for Tor relays. We need a status of liberty, and the EFF's push isn't enough.

There are all sorts of security risks associated with an operating system monoculture (or a library monoculture, for that matter).

Once the OpenSSL monoculture developed a nasty rash of bugs (for example, heartbleed), alternatives were developed.

As Linux configurations are considerably more diverse than OpenSSL installs (were), it's less likely, but I'd hate to see something similar happen to Linux in general, or Tor-on-Linux in particular. Because a single bug in a common configuration carries the risk of compromising large portions of the Tor network.

And there are known state and non-state actors who would take a childish delight in making it happen.

As an aside:

The 20 July 2015 platform percentages on https://metrics.torproject.org/servers-data.html are:
87.9 Linux
 6.9 Windows
 4.5 FreeBSD
 0.5 Darwin (OS X, OpenDarwin, â)
 0.1 Other

It's an engineering question whether the proportion of any operating system should be  increased or decreased in the Tor network. (Not a social question.) We could consider attributes like security, closed-source, performance, and ease of configuration, and many others, when making this decision; as well as the dangers of an OS monoculture.

Looking at the stats above, I wonder:

Should any OS comprise more than (for example) half the Tor network?
Should OSs with poor security records comprise more than (for example) 10% of the Tor network? In total, or separately?
Should closed-source OSs comprise more than (for example) 10% of the Tor network? In total, or separately?

I don't know the answers to these questions, but I wonder if we could reach a consensus on them. (Of course, a human consensus is very much a question of group culture, as much as it is of engineering tradeoffs. Are we dogmatically OS religious? I hope not.)

As these questions have been considered for the Tor Directory Authorities, perhaps a (relaxed) version could be used for the diversity of the entire network?
(Is there a policy on OS diversity among directory authorities?)

Tim

> -----Original Message-----
> From: tor-relays [mailto:tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx] On Behalf Of I
> Sent: Tuesday, July 21, 2015 8:29 PM
> To: tor-relays@xxxxxxxxxxxxxxxxxxxx
> Subject: Re: [tor-relays] How to Run High Capacity Tor Relays
> 
> Moritz and all,
> 
> I mean no offence to anyone since we're all in this for the greater good, but really approaching joining the Tor community is pretty hard if you are not a Linux wiz and know about servers or a number of other things.
> 
> I have tried to look around the multitude of interconnecting links but a lot are out of sync slightly or are not clear because of presumed knowledge and understanding or are irrelevant because of evolution
> 
> Wouldn't it be better to be clear and neat in the way Torservers guides are?
> Would someone presume the Torproject installation guide was not complete and know where to look?
> 
> Robert
> 
> 
>> On 07/22/2015 01:34 AM, I wrote:
>>> https://www.torservers.net/wiki/setup/server  has excellent guidance
>>> for setting-up relays seriously.
>>> Would those at Torproject think about linking to it from their
>>> installation guides?
>>> 
>>> Robert
>> 
>> https://trac.torproject.org/projects/tor/wiki/doc/TorExitGuidelines
>> links to it, as well as to
>> https://trac.torproject.org/projects/tor/wiki/doc/TorRelaySecurity .
>> Both these pages could use some overhaul, but they're not too bad.
>> 
>> --
>> Moritz Bartl
> 
> 
> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
pgp ABFED1AC
https://gist.github.com/teor2345/d033b8ce0a99adbc89c5

teor at blah dot im
OTR D5BE4EC2 255D7585 F3874930 DB130265 7C9EBBC7

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays