Greetings all, I wanted to take a minute and introduce myself. I'm Cr1m3Pi and am a new relay operator. https://atlas.torproject.org/#details/8D3ABE5B3B4ADE5C1A40BF7D5277830BCDB5DF...
The relay is running on a RPi3 {hey, every little bit helps, right?} while I get my feet wet as an operator. Any advice regarding security and general maintenance is appreciated.
Cr1m3Pi
As an RPi2 owner, I welcome you to the bakery!
On Jul 20, 2016 11:50 AM, "Cr1m3Pi" m0nk3y13@protonmail.ch wrote:
Greetings all, I wanted to take a minute and introduce myself. I'm Cr1m3Pi and am a new relay operator.
https://atlas.torproject.org/#details/8D3ABE5B3B4ADE5C1A40BF7D5277830BCDB5DF...
The relay is running on a RPi3 {hey, every little bit helps, right?} while I get my feet wet as an operator. Any advice regarding security and general maintenance is appreciated.
Cr1m3Pi
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Thank you, Tristan. Any advice you can give me to lock my Pi down? I have key auth on ssh and ufw enabled.
-------- Original Message -------- Subject: Re: [tor-relays] Introduction Local Time: July 20, 2016 11:55 AM UTC Time: July 20, 2016 4:55 PM From: supersluether@gmail.com To: tor-relays@lists.torproject.org
As an RPi2 owner, I welcome you to the bakery!
On Jul 20, 2016 11:50 AM, "Cr1m3Pi" m0nk3y13@protonmail.ch wrote:
Greetings all, I wanted to take a minute and introduce myself. I'm Cr1m3Pi and am a new relay operator. https://atlas.torproject.org/#details/8D3ABE5B3B4ADE5C1A40BF7D5277830BCDB5DF...
The relay is running on a RPi3 {hey, every little bit helps, right?} while I get my feet wet as an operator. Any advice regarding security and general maintenance is appreciated.
Cr1m3Pi
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I've never really "locked down" my Raspberry Pi. I have SSH set up with a normal password login, and I only have the necessary ports forwarded to the Pi. As for UFW, I've never used it on my Pi or my main PC (Ubuntu). It's off by default, so I just assumed that was fine since it's behind a router.
On Wed, Jul 20, 2016 at 1:53 PM, Cr1m3Pi m0nk3y13@protonmail.ch wrote:
Thank you, Tristan. Any advice you can give me to lock my Pi down? I have key auth on ssh and ufw enabled.
-------- Original Message -------- Subject: Re: [tor-relays] Introduction Local Time: July 20, 2016 11:55 AM UTC Time: July 20, 2016 4:55 PM From: supersluether@gmail.com To: tor-relays@lists.torproject.org
As an RPi2 owner, I welcome you to the bakery!
On Jul 20, 2016 11:50 AM, "Cr1m3Pi" m0nk3y13@protonmail.ch wrote:
Greetings all, I wanted to take a minute and introduce myself. I'm Cr1m3Pi and am a new relay operator.
https://atlas.torproject.org/#details/8D3ABE5B3B4ADE5C1A40BF7D5277830BCDB5DF...
The relay is running on a RPi3 {hey, every little bit helps, right?} while I get my feet wet as an operator. Any advice regarding security and general maintenance is appreciated.
Cr1m3Pi
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
So what are we going to do when Green shuts down the Bridge Authority server next month? Will it have a serious effect, or will there be any apparent issues or slowdowns?
Me _______________________________________________
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
One source said the code will have to be rewritten to adapt and the intervening month Green has allowed will be the time to do that.
On Wed, Jul 20, 2016 at 11:20:33PM -0400, Me wrote:
So what are we going to do when Green shuts down the Bridge Authority server next month? Will it have a serious effect, or will there be any apparent issues or slowdowns?
Me
Please don't hijack an existing thread for a completely unrelated topic. Start a new thread instead of replying to an existing thread.
--Sean
On 21 Jul 2016, at 05:20, Me info@gumbyzee.torzone.net wrote: So what are we going to do when Green shuts down the Bridge Authority server next month? Will it have a serious effect, or will there be any apparent issues or slowdowns?
We'll have to act before that. We're currently looking for a new operator for the bridge authority and a suitable hosting location, which we will want to include in Tor releases asap. For a while we will feed the data from the two concurrently running bridge authorities to the bridge database for distribution to users, then when Tonga (Lucky's auth) is shut down the new one will have taken over. We will lose the data about all bridges that aren't updated after the time Tonga is shut off. This means fewer bridges for bridge db to give out and potentially a drop in counted (not necessarily actual) bridge users of Tor.
Cheers Sebastian
On 21 Jul 2016, at 14:17, Sebastian Hahn sebastian@torproject.org wrote:
On 21 Jul 2016, at 05:20, Me info@gumbyzee.torzone.net wrote: So what are we going to do when Green shuts down the Bridge Authority server next month? Will it have a serious effect, or will there be any apparent issues or slowdowns?
We'll have to act before that. We're currently looking for a new operator for the bridge authority and a suitable hosting location, which we will want to include in Tor releases asap. For a while we will feed the data from the two concurrently running bridge authorities to the bridge database for distribution to users, then when Tonga (Lucky's auth) is shut down the new one will have taken over. We will lose the data about all bridges that aren't updated after the time Tonga is shut off. This means fewer bridges for bridge db to give out and potentially a drop in counted (not necessarily actual) bridge users of Tor.
Old bridges will continue to function after the old authority is shut down, regardless of whether they are updated to the new Tor release. So existing users of those bridges will be ok.
Old bridges won't be able to send their details to the new bridge authority. So a Tor update is required on bridges, so they send their details to the new bridge authority. Then they can be given out to users.
Also, old Tor clients won't be able to get updated bridge descriptors from the new authority, but as far as I know, bridge descriptor updates aren't essential for clients to continue to use a bridge. (I may be wrong about this.)
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B OTR 8F39BCAC 9C9DDF9A DF5FAE48 1D7D99D4 3B406880 ricochet:ekmygaiu4rzgsk6n
I run two lower bandwidth middle relays, and have been considering changing one to a bridge to provide for a different level and type of users. It sounds like this may only be a temporary bump in the system, so I will continue with my thinking. Surprising to see some of the recent changes, we never know what tomorrow brings.
G
On 07/21/2016 12:28 AM, Tim Wilson-Brown - teor wrote:
On 21 Jul 2016, at 14:17, Sebastian Hahn sebastian@torproject.org wrote:
On 21 Jul 2016, at 05:20, Me info@gumbyzee.torzone.net wrote: So what are we going to do when Green shuts down the Bridge Authority server next month? Will it have a serious effect, or will there be any apparent issues or slowdowns?
We'll have to act before that. We're currently looking for a new operator for the bridge authority and a suitable hosting location, which we will want to include in Tor releases asap. For a while we will feed the data from the two concurrently running bridge authorities to the bridge database for distribution to users, then when Tonga (Lucky's auth) is shut down the new one will have taken over. We will lose the data about all bridges that aren't updated after the time Tonga is shut off. This means fewer bridges for bridge db to give out and potentially a drop in counted (not necessarily actual) bridge users of Tor.
Old bridges will continue to function after the old authority is shut down, regardless of whether they are updated to the new Tor release. So existing users of those bridges will be ok.
Old bridges won't be able to send their details to the new bridge authority. So a Tor update is required on bridges, so they send their details to the new bridge authority. Then they can be given out to users.
Also, old Tor clients won't be able to get updated bridge descriptors from the new authority, but as far as I know, bridge descriptor updates aren't essential for clients to continue to use a bridge. (I may be wrong about this.)
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B OTR 8F39BCAC 9C9DDF9A DF5FAE48 1D7D99D4 3B406880 ricochet:ekmygaiu4rzgsk6n
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Thu, Jul 21, 2016 at 02:28:24PM +1000, Tim Wilson-Brown - teor wrote:
Also, old Tor clients won't be able to get updated bridge descriptors from the new authority, but as far as I know, bridge descriptor updates aren't essential for clients to continue to use a bridge.
Yes, correct.
See also https://trac.torproject.org/projects/tor/ticket/19728
--Roger
Hi.
What are the requirements, apart from long-term stability, for this?
On 21 Jul 2016 12:18 pm, "Sebastian Hahn" sebastian@torproject.org wrote:
On 21 Jul 2016, at 05:20, Me info@gumbyzee.torzone.net wrote: So what are we going to do when Green shuts down the Bridge Authority
server next month? Will it have a serious effect, or will there be any apparent issues or slowdowns?
We'll have to act before that. We're currently looking for a new operator for the bridge authority and a suitable hosting location, which we will want to include in Tor releases asap. For a while we will feed the data from the two concurrently running bridge authorities to the bridge database for distribution to users, then when Tonga (Lucky's auth) is shut down the new one will have taken over. We will lose the data about all bridges that aren't updated after the time Tonga is shut off. This means fewer bridges for bridge db to give out and potentially a drop in counted (not necessarily actual) bridge users of Tor.
Cheers Sebastian
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I believe also being highly known and trusted by the Tor project leads, likely the current dirauths, and the community as a whole.
On Jul 21, 2016, at 6:03 AM, Sanjeev Gupta ghane0@gmail.com wrote:
Hi.
What are the requirements, apart from long-term stability, for this?
On 21 Jul 2016 12:18 pm, "Sebastian Hahn" sebastian@torproject.org wrote:
On 21 Jul 2016, at 05:20, Me info@gumbyzee.torzone.net wrote: So what are we going to do when Green shuts down the Bridge Authority server next month? Will it have a serious effect, or will there be any apparent issues or slowdowns?
We'll have to act before that. We're currently looking for a new operator for the bridge authority and a suitable hosting location, which we will want to include in Tor releases asap. For a while we will feed the data from the two concurrently running bridge authorities to the bridge database for distribution to users, then when Tonga (Lucky's auth) is shut down the new one will have taken over. We will lose the data about all bridges that aren't updated after the time Tonga is shut off. This means fewer bridges for bridge db to give out and potentially a drop in counted (not necessarily actual) bridge users of Tor.
Cheers Sebastian
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 07/21/2016 11:23 AM, Alex Chang-Lam wrote:
I believe also being highly known and trusted by the Tor project leads, likely the current dirauths, and the community as a whole.
On Jul 21, 2016, at 6:03 AM, Sanjeev Gupta <ghane0@gmail.com mailto:ghane0@gmail.com> wrote:
Hi.
What are the requirements, apart from long-term stability, for this?
On 21 Jul 2016 12:18 pm, "Sebastian Hahn" <sebastian@torproject.org mailto:sebastian@torproject.org> wrote:
> On 21 Jul 2016, at 05:20, Me <info@gumbyzee.torzone.net <mailto:info@gumbyzee.torzone.net>> wrote: > So what are we going to do when Green shuts down the Bridge Authority server next month? Will it have a serious effect, or will there be any apparent issues or slowdowns? We'll have to act before that. We're currently looking for a new operator for the bridge authority and a suitable hosting location, which we will want to include in Tor releases asap. For a while we will feed the data from the two concurrently running bridge authorities to the bridge database for distribution to users, then when Tonga (Lucky's auth) is shut down the new one will have taken over. We will lose the data about all bridges that aren't updated after the time Tonga is shut off. This means fewer bridges for bridge db to give out and potentially a drop in counted (not necessarily actual) bridge users of Tor. Cheers Sebastian _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org <mailto:tor-relays@lists.torproject.org> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org mailto:tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Maybe i am out of line for suggesting this but i will suggest anyway. Might i suggest that the next bridge authority be hosted on tor inc ip space and perhaps be 2 hosts instead of one.
It looks like this was a single point of failure. It would be easy enough to have a volunteer bgp announce a specific ip address. If they decided to drop out then it would not cause this type of consternation in the future. Having more than one bridge auth has obvious benefits.
Flame me away for my ignorance. It has been years since i last poured over the tor source code.
--- Marina Brown
On 21.07.2016 17:36, Marina Brown wrote:
Maybe i am out of line for suggesting this but i will suggest anyway. Might i suggest that the next bridge authority be hosted on tor inc ip space and perhaps be 2 hosts instead of one.
It looks like this was a single point of failure. It would be easy enough to have a volunteer bgp announce a specific ip address. If they decided to drop out then it would not cause this type of consternation in the future. Having more than one bridge auth has obvious benefits.
While hijacking the bridge authority does not directly and immediately harm the Tor network, and an evil BGP entry could most probably not be upheld for more than 24h worst-case, I still support the idea of introducing more authority nodes than just a single one.
But then again, I don't have much knowledge about the related source code either.
I could run one here in Iceland if it would help.
-Jason
On 7/21/2016 4:22 PM, simon wrote:
On 21.07.2016 17:36, Marina Brown wrote:
Maybe i am out of line for suggesting this but i will suggest anyway. Might i suggest that the next bridge authority be hosted on tor inc ip space and perhaps be 2 hosts instead of one.
It looks like this was a single point of failure. It would be easy enough to have a volunteer bgp announce a specific ip address. If they decided to drop out then it would not cause this type of consternation in the future. Having more than one bridge auth has obvious benefits.
While hijacking the bridge authority does not directly and immediately harm the Tor network, and an evil BGP entry could most probably not be upheld for more than 24h worst-case, I still support the idea of introducing more authority nodes than just a single one.
But then again, I don't have much knowledge about the related source code either. _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays@lists.torproject.org
-
Alex Chang-Lam -
Cr1m3Pi -
Gumby -
I -
Jason -
Marina Brown -
Me
-
Roger Dingledine -
Sanjeev Gupta -
Sean Greenslade -
Sebastian Hahn -
simon -
Tim Wilson-Brown - teor -
Tristan