[tor-relays] Platform diversity in Tor network [was: OpenBSD doc/TUNING]
Libertas
libertas at mykolab.com
Wed Nov 5 20:13:07 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
I don't want to spam this list with OS discussion, but I think yours
is an important point, so I'll give my perspective briefly.
This is one of the main aspects of OpenBSD that make it better suited
for firewalls etc. than for desktops. One of the main tenets of
OpenBSD is "secure by default". There have only been two remote holes
in the default install in the last seventeen or so years, so there
generally isn't a serious need for base updates. Keeping up with the
occasional patches is a good idea, which is done manually by default.
This generally takes a file download and about three copied-and-pasted
commands. The announce mailing list lets you know about these, and
there are scripts to apply them automatically.
If you're running a Tor relay,, Tor might be the only thing you
install. I also have Vim, SSHGuard, and possibly a library or two for
Arm, but that's it. Hopefully, all relay operators keep up with the
Tor community enough to stay on a supported version, if not the newest
one. The updates are rare enough that I haven't found manual
compilation an issue. My OpenBSD node is currently on 0.2.5.10.
If compilation is considered tedious, though, I or someone like me
could start more aggressively maintaining the Tor port. I was actually
considering this recently, although I have no prior experience with
port development. There are almost 9,000 ports, and they're only
updated as quickly as they're developed.
Libertas
On 11/05/2014 12:07 PM, Zack Weinberg wrote:
> On Wed, Nov 5, 2014 at 11:20 AM, Niklas Kielblock
> <niklas at spiderschwe.in> wrote:
>> Is there much of a difference between setting up Tor on OpenBSD
>> vs. Linux or other Unix(like) systems?
>>
>> Or is this just about setting up OpenBSD in general, or
>> additional security for relays (disk encryption, memory
>> protection) whose use isn't common on most general servers?
>
> Well, the thing *I* don't feel I have the least idea even where to
> begin with, with *BSD in general, is reliable automatic
> installation of security updates for both the base system and the
> ports. I can figure everything else out once and write it into
> /etc and be done with it. But if I have to manually monitor for
> bug fixes in all the installed software, and manually update local
> source code copies and recompile every time, well, that's three
> chores that computers are better at than I am.
>
> (Actually, the ports system has blown up in my face often enough
> that I'm convinced it has fundamental design flaws -- and this was
> in the much less demanding environment of a development VM. I
> would be much more comfortable with a BSD that accepted the maxim
> that there can be only one package manager and nothing may escape
> its gaze.)
>
> zw _______________________________________________ tor-relays
> mailing list tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJUWoTTAAoJELxHvGCsI27NyaYP/iLcKMLJ2rPInFSNYB8PFVcg
jEqZOwZgDSeIC7RQ2o7MOmcc3oOm1wQK7qCZZzDgfg+rr1tWn4JuRGy0L+gLBDNW
MXx8PrVaZpBaHMnwBuHRd5jgKPr8/N0e6OcX+rsMS7I/qHa7qPbBV3lNBJkkHiG+
4XQreatlwfg5sBLqQLL9aZKwZnf/aewfT+tpLmlHAMrwEMlXxea4W30co9DM09Jq
twEfpuyHpD6BCrr18R/jTBgCjvmV7npCIOvYXbvuGcyPMcITbLWIKJBqYJSTl68+
NsheFznfQJMYMeXrO3BprcK+ioMtKe71prTU2SSql+JSjUzSz+cwGJzj0keXmV8t
pZeP+IE2UKS93vzbU6B7yFwuvNERrwxRiXVMQtYke98tYbuLh1UkMNjWA3atT3W6
2GRrbriZp3LpGyZH25xhNE0IWmJtT5BoMlYLxZNCQRGzDBoRgoPk5a8fU4TWO0Z/
01fAeVfe9Ro35vhbXk5rrkxd9LPdQrGk2vqxeZgAuS2yI5067Jg6PoTB1knQ571D
2C+aESq3dl/SkNJNTQkSP1JWNTbKKVjQ3sd2tdhY8iFJIRfximOjsWI7mcChyN81
wpWUj3MsPIHpYAQZComs3vV5s2vjypre/W/PmX2I00tHiit9ck/LuR9Jq0zlqc1z
atTaElYDVYN5EoRlhfkX
=BrW2
-----END PGP SIGNATURE-----
More information about the tor-relays
mailing list