Meltdown and Spectre are interesting intellectually but real world breaches tend to be more prosaic. It's the boring stuff that gets us: social engineering, shitty passwords, out-of-date software. We see it over and over in the news and in overviews like the DBIR.
I'm not saying we should ignore those vulns but we shouldn't dig a deeper moat while leaving the drawbridge down. Let's make sure we're doing a good job on the basics. --mkb > On Sep 2, 2018, at 6:21 AM, Gary <[email protected] > <mailto:[email protected]>> wrote: > > Conrad, > > Thank you for your reply. I can now see that 4 big + 1 small (or 5 big) > providers is definitely better than only 4 big ones for diversity, but it > leads to another diversity question which needs some background: > > For a while, earlier this year during the spectre / meltdown vulnerability > commotion I ran a couple of relays in VM's using Amazon Web Services (AWS). I > was confident in the knowledge that the AWS provided kernels / VM's switched > to the spectre mitigation measures. Sure they slowed down a bit for a while, > but they speeded up again when after AWS tweaked it a little. Because I know > my VM's were using the mitigation I know other VM's can't spy on the tor > traffic & what ever encryption keys happens to been in the VM's memory at > that time (the really paranoid can supply their own kernel / boot image to > run). > > My VM's were probably running in a rack containing hardware that also runs > websites, web applications, corporate cloud email and backup systems the list > could go on, but it importantly it is about diversity. > > If one person were to run a hardware rack full of VM's that ALL run tor - > that is a prime target for, for example, some spying government or > international hacker group. For an admittedly far fetched example, some > government can fly in, flash a court warrant to an underpaid security guard > and do whatever they want to the rack, and then ALL the tor relays that are > hosted there are compromised. Yes thats unlikely to happen but its still a > risk. > > I am interested to hear your opinion on the diversity question of - How does > having many relays in one place not damage diversity, even if they are > connected to different networks / AS's are are technically controlled by > different people. > > Again I want to point out what you are doing is good - I apologise if I > appear to be "trolling" you, I am genuinely interested in learning the > technical pro's and con's relating to this topic. > > Thanks again, > > Gary. > > On Sun, 2 Sep 2018 at 02:26, Conrad Rockenhaus <[email protected] > <mailto:[email protected]>> wrote: > Gary, > > It’s bad in the same way it’s bad as the other numerous other exit relays > that run under the OVH umbrella. I am not my own independent upstream and run > my servers at a colocation facility at OVH. I also plan on running my servers > at a colocation facility at another location for AS-diversity purposes but > donations aren’t enough to cover all of the bills to be honest, but I’m > partnering up with a fellow Texan and we’ll make sure this nonprofit grows at > the rate needed to support diversity. > > But if you ignore the emails sounding alarm about this or that, you should > realize - Greypony is no different than Hetzner, OVH, or DigitialOcrean - > which rank in the top 5 of the Tor relay providers by size and bandwidth, by > node count, AS, and bandwidth. Someone should ask those providers the exact > same thing, because they’re setup just like me - I don’t have root access to > a customer’s server - they don’t have access. > > I’m actually a little drop in the big bucket But I’ve been trying to promote > diversity through the use of other providers. > > Thanks, > > Conrad > > > On Sep 1, 2018, at 6:53 AM, Gary <[email protected] > > <mailto:[email protected]>> wrote: > > > > Conrad, > > > > I have been following this thread and would be grateful if you could clear > > up some confusion for me. > > > > Firstly, I am not 1337 haxorz, I dont have a technical profession. However > > I do believe in tor and anything that can increase the number of relays is > > good. You are donating your time and resources freely to tor for the > > benefit of everyone. You have helped me, others on this list, as well as > > countless others contribute to the Tor Project. > > > > All these large relays that you are managing - surely this is bad in terms > > of AS diversity? One user / network provider shouldn't have a large control > > over the network. > > > > My question: > > > > Is there anyway that these relays can be added to the network in such a way > > that does not damage diversity? > > > > Dont get me wrong - I believe in what you do. If these relays are been > > added without damaging diversity then I apologise for my misunderstanding > > of the topic. > > > > Thanks, > > > > Gary > > > > On Sat, 1 Sep 2018 at 00:12, Conrad Rockenhaus <[email protected] > > <mailto:[email protected]>> wrote: > > Hi teor, > > > > It seems the criticism originated from one guy (Ralph) and one troll who > > bravely refuses to identify himself. > > > > You want me to stop talking about even the cool things we’re accomplishing > > thing (like pumping lots of ultra fast bandwidth into the community) > > because of these two, perhaps one yahoos? > > > > Thanks, > > > > Conrad > > > > On Tue, Aug 28, 2018 at 11:37 PM teor <[email protected] > > <mailto:[email protected]>> wrote: > > Hi Conrad (and staff and operators), > > > > > On 28 Aug 2018, at 22:16, Conrad Rockenhaus <[email protected] > > > <mailto:[email protected]>> wrote: > > > > > >> > > >> On Aug 27, 2018, at 8:02 PM, Jordan <[email protected] > > >> <mailto:[email protected]>> wrote: > > >> > > >>> ... > > >>> The research in this paper > > >>> (https://www.freehaven.net/anonbib/cache/DBLP:conf/ccs/EdmanS09.pdf > > >>> <https://www.freehaven.net/anonbib/cache/DBLP:conf/ccs/EdmanS09.pdf>) > > >>> is becoming more relevent and is worth discussing as more ISPs come out > > >>> with the goal of hosting lots and lots of exit relays. > > >> > > >> ... > > >> I have the utmost belief your intentions are good, but the concentration > > >> of exits under a non-advertised central control warrants conversation, > > >> at least. > > >> > > >> If the end goal is turning $ into relays, not all paths are paved with > > >> equal mind to security and it might be worth considering donation-backed > > >> alternatives. > > > > > > Actually, Jordan, I appreciate your input, but Greypony is technically > > > operating as a nonprofit organization right now. We’re completing the > > > paperwork to be considered an official nonprofit. We allow people to > > > operate their own relay, on their own HVM instance (which we don’t have > > > access to) for a donation of $15/month for a basic model A instance. > > > > > > They’re totally separately and independently operated relays. We don’t > > > tell them how to operate their relays. We provide support, we provide > > > suggestions, but we don’t operate it for them, we don’t install anything > > > for them, and we’re completely hands off unless they need support with > > > something. Our job is to provide the instance and the bandwidth. > > > > This is the 5th list post in the last few weeks describing Greypony IT's > > services, operators, or relays. > > > > There have also been several critical posts. > > > > Please take a break from promoting or criticising Greypony on this list > > until at least October 2018. > > > > If you feel the need to respond, please use another platform. > > > > Thanks > > > > T > > _______________________________________________ > > tor-relays mailing list > > [email protected] <mailto:[email protected]> > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays> > > -- > > Conrad Rockenhaus > > https://www.rockenhaus.com <https://www.rockenhaus.com/> > > ------ > > Get started with GreyPony Anonymization Today! > > https://www.greyponyit.com <https://www.greyponyit.com/> > > _______________________________________________ > > tor-relays mailing list > > [email protected] <mailto:[email protected]> > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays> > > _______________________________________________ > > tor-relays mailing list > > [email protected] <mailto:[email protected]> > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays> > > _______________________________________________ > tor-relays mailing list > [email protected] <mailto:[email protected]> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays> > _______________________________________________ > tor-relays mailing list > [email protected] <mailto:[email protected]> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
