[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Platform diversity in Tor network [was: OpenBSD doc/TUNING]

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Platform diversity in Tor network [was: OpenBSD doc/TUNING]
From: Libertas <libertas@xxxxxxxxxxx>
Date: Wed, 05 Nov 2014 13:02:30 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 05 Nov 2014 13:03:06 -0500
In-reply-to: <20141105182835.631fe12e@xxxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <CAD2Ti28BFsedyPC7VBR-Rz8c2_4CAQDnBFopnRHEX45sgqmjtA@xxxxxxxxxxxxxx> <545A43A5.5040609@xxxxxxxxxxx> <20141105182835.631fe12e@xxxxxxxxxxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> You're wrong, OpenBSD's documentation (and other BSDs' too) is
> awesome. I learn to use Unix systems with OpenBSD.

I never said the docs are bad - one of my previous emails mentioned
how great the man pages are. What I meant was that there are less
wizards, tutorials, guides, and autoconfigs - you're responsible for
actually editing raw /etc config files and understanding what you're
doing.

> You have to find OS vulnerabilities when the sysadmin does the job 
> correctly. You think that all the relays have their (for instance)
> sshd configured correctly? (like PermitRootLogin set to no, no
> password and so on). And that's only one daemon.

This is indeed a problem. I'm actually working on a website to
identify these vulnerabilities, warn operators of them, and show
people how to fix them. OpenBSD does come with more sane default
options for these kinds of things, though. For example,
PermitRootLogin is set to no by default if you add a user during install.

> What? One of the point of OpenBSD is to provide a correct
> documentation. The only problem is people asking for stuff which is
> already written down in the FAQ or in the man page.

Ad hoc guides aren't documentation, though. Everything is already in
the FAQ and man pages. What we're discussing is a more specific and
user-friendly guide.

Libertas

On 11/05/2014 12:28 PM, Daniel Jakots wrote:
> On Wed, 05 Nov 2014 10:35:01 -0500, Libertas
> <libertas@xxxxxxxxxxx> wrote:
> 
>> Agreed. Thanks for pulling together the statistics, too. However,
>> I'd like to make an argument for OpenBSD specifically.
>> 
>> It isn't very inviting for people that don't know at least
>> intermediate Unix.
> 
> You're wrong, OpenBSD's documentation (and other BSDs' too) is
> awesome. I learn to use Unix systems with OpenBSD.
> 
>> It's possible that governments like China's are trying to hack
>> Tor relays in an attempt to deanonymize users. It's almost
>> definite that malicious hackers try to break into exit nodes to
>> troll traffic. Even an up-to-date, hardened Linux or FreeBSD
>> system probably can't weather all such attacks. For such a
>> simple, single-use, security-critical application, something as
>> sturdy and impenetrable as OpenBSD is the best option.
> 
> You have to find OS vulnerabilities when the sysadmin does the job 
> correctly. You think that all the relays have their (for instance)
> sshd configured correctly? (like PermitRootLogin set to no, no
> password and so on). And that's only one daemon.
> 
>> I would love to start a larger conversation about running Tor on 
>> OpenBSD. I've been considering making a guide describing the
>> process. However, that violates the OpenBSD philosophy to some
>> extent.
> 
> What? One of the point of OpenBSD is to provide a correct
> documentation. The only problem is people asking for stuff which is
> already written down in the FAQ or in the man page.
> 
> Just write the guide, I'd be happy to review it. You can even ask
> for help on the Tor-BSD mailing list[1].
> 
> [1]: http://lists.nycbug.org/mailman/listinfo/tor-bsd
> 
> Cheers, Vigdis _______________________________________________ 
> tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJUWmY2AAoJELxHvGCsI27NfQ0P/0P5YFLkavWp0UiyZ7NqKKQG
bely9MBMZCQRjVBHyPFMuu7u5fP3I/aWmNjqWuYyP92dXcgAp7MRXz41Oi7J9/h/
KGxYvF5/xIiZ+rKUy0mfP1aNAQLbolVdOcBO6qCU07r+hWAIB9xxKXxmp5o3BBgu
WyAb8286Lc42pxWtFPMATp4hogKHDP2CKJtLVbOc2Wn94cdrLODP16F7O5CWXkHz
nQfdahYeLKqyUMFRW0u5xh2yjqmz7UgizuvaeUVkuefyitVkOwl8UpM3YceK67rX
QepRLXeFhMeIkBKskIl+LVxdxDyt33jXNq92l0pbXpCvB1EtscPy/8AMrNcQ0V//
oQ2MhS6Q/tSUT3dvbjZ3Wctg8OZmfq8cvk35SycUnbiNxPBCfT1QH9XYCULnPYWM
XfzCToHvUhcyZC2z/nytopobQAod76fZDHi14JJeHGD90VARApkjiyhXm1hGDFC8
+r3Pj2W/1JfwggRI51+lfQnsKUW/3S/VxrsUWuZZkH9ftOgDbeKZyLQ4vc2Y/WxO
vwcngswgMc+KeKz826rRNX2ndYz873JJDgHaCxgox2E4X7ZZ5zHY7K1WrOQI25c1
HfCvLl3CKDqeEGiNM/nN+2v1e0aPafh9buYH8+9uDg5pr3ob3lWHxjrGmwhbGQKH
gc4UEAgVxnZ/3+QlWmA6
=Udja
-----END PGP SIGNATURE-----
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] Platform diversity in Tor network [was: OpenBSD doc/TUNING]
  - From: grarpamp
- Re: [tor-relays] Platform diversity in Tor network [was: OpenBSD doc/TUNING]
  - From: Libertas
- Re: [tor-relays] Platform diversity in Tor network [was: OpenBSD doc/TUNING]
  - From: Daniel Jakots

Prev by Author: Re: [tor-relays] [tor-talk] Platform diversity in Tor network [was: OpenBSD doc/TUNING]
Next by Author: Re: [tor-relays] Platform diversity in Tor network [was: OpenBSD doc/TUNING]
Previous by thread: Re: [tor-relays] Platform diversity in Tor network [was: OpenBSD doc/TUNING]
Next by thread: Re: [tor-relays] [tor-talk] Platform diversity in Tor network [was: OpenBSD doc/TUNING]
Index(es):
- Author
- Thread