[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Platform diversity in Tor network [was: OpenBSD doc/TUNING]



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I don't want to spam this list with OS discussion, but I think yours
is an important point, so I'll give my perspective briefly.

This is one of the main aspects of OpenBSD that make it better suited
for firewalls etc. than for desktops. One of the main tenets of
OpenBSD is "secure by default". There have only been two remote holes
in the default install in the last seventeen or so years, so there
generally isn't a serious need for base updates. Keeping up with the
occasional patches is a good idea, which is done manually by default.
This generally takes a file download and about three copied-and-pasted
commands. The announce mailing list lets you know about these, and
there are scripts to apply them automatically.

If you're running a Tor relay,, Tor might be the only thing you
install. I also have Vim, SSHGuard, and possibly a library or two for
Arm, but that's it. Hopefully, all relay operators keep up with the
Tor community enough to stay on a supported version, if not the newest
one. The updates are rare enough that I haven't found manual
compilation an issue. My OpenBSD node is currently on 0.2.5.10.

If compilation is considered tedious, though, I or someone like me
could start more aggressively maintaining the Tor port. I was actually
considering this recently, although I have no prior experience with
port development. There are almost 9,000 ports, and they're only
updated as quickly as they're developed.

Libertas

On 11/05/2014 12:07 PM, Zack Weinberg wrote:
> On Wed, Nov 5, 2014 at 11:20 AM, Niklas Kielblock 
> <niklas@xxxxxxxxxxxxxx> wrote:
>> Is there much of a difference between setting up Tor on OpenBSD 
>> vs. Linux or other Unix(like) systems?
>> 
>> Or is this just about setting up OpenBSD in general, or 
>> additional security for relays (disk encryption, memory 
>> protection) whose use isn't common on most general servers?
> 
> Well, the thing *I* don't feel I have the least idea even where to
>  begin with, with *BSD in general, is reliable automatic 
> installation of security updates for both the base system and the 
> ports.  I can figure everything else out once and write it into 
> /etc and be done with it.  But if I have to manually monitor for 
> bug fixes in all the installed software, and manually update local 
> source code copies and recompile every time, well, that's three 
> chores that computers are better at than I am.
> 
> (Actually, the ports system has blown up in my face often enough 
> that I'm convinced it has fundamental design flaws -- and this was 
> in the much less demanding environment of a development VM.  I 
> would be much more comfortable with a BSD that accepted the maxim 
> that there can be only one package manager and nothing may escape 
> its gaze.)
> 
> zw _______________________________________________ tor-relays 
> mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJUWoXZAAoJELxHvGCsI27NYf4P/A27HILCy9dCsQqWZFQYP2H4
jX9mo1cHX41qKmgNZMK23Fk1hQsmwrxMFQzVZ0pXV9wvCrNv6DnZJTWaJFPnX0Wf
0vK2Ykdj1KPHaizKCkGLaIwsKVXN/Pp2KM3CvEYsgTVvKuZQaNJsFEvtMcqwskDB
ugusE8FCJ7A1QrkZgyN05uugoU6JCkQd1z+QXRLrzH1xYUDl69I0sAb5e+VO0Nd+
ydvVo4CFbNepWw/PF0RqwzEnYaAnsjGxWgHlHtzA81uRonTROreYuaMYgjQWkpgw
V4fHyAlVJLEnWhJ1KqTeoidjYMecAoFSO3wj8tU4aYqsW89lQxkK2RxcQvJmH5QX
kIElFMpU97eWup+jXmvFjZbDLEj7v4kSOtBiS0LiO0jHAfiHPzrfIPCI3pOv/Rh7
n6HO+RblzQs6nimZGb/SpXJ9PbVK3fF6X8QX5ti5l+RcWD5lDPIX3GPV5q3ThxRI
OU7y0+yDSE2PEuLMK5ovuHfbwmDqc8gdt0lF6zly+VB9GF1v0tCWxCWe5poiePOB
x1a2dnbJFwWRDyL+KpVzTkeAuC5G2m2k6EuINHROb9JG5kkuxijAio5F8xz9X4Ki
9A5dfdTEU0YZlM257w8BV84t0YYFvVZfpZxxFqtAIn6zergJkre0fYhwH0NqEovq
jmXUys81fEUG40Y0Iscq
=4hKG
-----END PGP SIGNATURE-----
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays