Opened 18 months ago
Closed 15 months ago
#19690 closed task (fixed)
Tonga (Bridge Authority) Permanent Shutdown Notice
| Reported by: | shamrock | Owned by: | isis |
|---|---|---|---|
| Priority: | Very High | Milestone: | Tor: 0.2.8.x-final |
| Component: | Core Tor/DirAuth | Version: | Tor: 0.2.8.5-rc |
| Severity: | Critical | Keywords: | TorCoreTeam201608 |
| Cc: | Actual Points: | ||
| Parent ID: | Points: | ||
| Reviewer: | Sponsor: |
Description
Dear friends,
Given recent events, it is no longer appropriate for me to materially contribute to the Tor Project either financially, as I have so generously throughout the years, nor by providing computing resources. This decision does not come lightly; I probably ran one of the first five nodes in the system and my involvement with Tor predates it being called "Tor" by many years.
Nonetheless, I feel that I have no reasonable choice left within the bounds of ethics, but to announce the discontinuation of all Tor-related services hosted on every system under my control.
Most notably, this includes the Tor node "Tonga", the "Bridge Authority", which I recognize is rather pivotal to the network
Tonga will be permanently shut down and all associated crytographic keys destroyed on 2016-08-31. This should give the Tor developers ample time to stand up a substitute. I will terminate the chron job we set up so many years ago at that time that copies over the descriptors.
In addition to Tonga, I will shut down a number of fast Tor relays, but the directory authorities should detect that shutdown quickly and no separate notice is needed here.
I wish the Tor Project nothing but the best moving forward through those difficult times,
--Lucky
Child Tickets
Change History (19)
comment:1 Changed 18 months ago by
| Component: | - Select a component → Core Tor/DirAuth |
|---|---|
| Milestone: | → Tor: 0.2.8.x-final |
| Severity: | Normal → Critical |
| Version: | → Tor: 0.2.8.5-rc |
comment:2 Changed 18 months ago by
| Owner: | set to isis |
|---|---|
| Status: | new → assigned |
Thanks for the heads up, Lucky! And thank you so much for every way you've contributed over the years.
comment:3 Changed 18 months ago by
Thank for the longstanding help for Tor!
Which recent events gave the reason for quitting all?
comment:5 Changed 17 months ago by
To fully test the upcoming Tonga Bridge Authority key destruction procedure, I am shutting down an old IPv6-test bridge that I once set up based on a request received on #tor-dev when IPv6-capable bridges were a novelty and a test bridge was needed. This should have no discernible impact on the network. The sole purpose of this bridge (not Bridge Authority) shutdown test is to perform a full walkthrough of the key and key backups destruction procedure. Mentioning this here just to keep you all appraised.
comment:6 Changed 17 months ago by
Moving Tonga decommissioning date to 2016-09-02 per request by Karsten to enable the new Bridge Authority Bitfroest to catch up on the dataset.
comment:7 Changed 17 months ago by
If you haven't already, please take Tonga off the notification list that sends out an email to the operator if a directory authority is down. This doesn't have to wait until 2016-09-02, since in the off chance that Tonga between now and then were to suffer a catastrophic failure requiring manual operator intervention to restore, I would not engage in that manual effort given how little time remains.
comment:8 Changed 17 months ago by
No problem. Done: https://gitweb.torproject.org/stem.git/commit/?id=152fa89
comment:9 Changed 17 months ago by
Thank you, shamrock, for postponing the Tonga shutdown by two days! Here's a graph showing how bridges are transitioning from Tonga to Bifroest. That graph doesn't show recent numbers from Bifroest, because we're not done setting up scripts to copy descriptors to CollecTor. But we can assume that >1k bridges have switched over by now. Those extra two days will for sure help with getting more bridges from Tonga to Bifroest before Tonga disappears. Thanks!
comment:12 follow-up: 13 Changed 16 months ago by
New graph shows that transition has stopped. Guess we'll lose 1.3k bridges in two days from now.
comment:13 follow-up: 14 Changed 16 months ago by
Replying to karsten:
New graph shows that transition has stopped. Guess we'll lose 1.3k bridges in two days from now.
Windoze bridges?
@shamrock:
Who is guilty of it?
comment:14 follow-up: 15 Changed 16 months ago by
Replying to bugzilla:
Replying to karsten:
New graph shows that transition has stopped. Guess we'll lose 1.3k bridges in two days from now.
Windoze bridges?
Not Windows bridges, but Linux bridges for the most part:
421 Tor 0.2.7.6 on Linux 151 Tor 0.2.5.12 on Linux 124 Tor 0.2.8.6 on Linux 106 Tor 0.2.4.23 on Windows 8 94 Tor 0.2.4.23 on Windows 7 79 Tor 0.2.4.27 on Linux 59 Tor 0.2.6.10 on Linux 44 Tor 0.2.8.2-alpha on Linux 40 Tor 0.2.5.10 on Linux 22 Tor 0.2.4.22 on Windows 7
comment:15 Changed 16 months ago by
Replying to karsten:
Hmm, mandatory auto-update mechanism (take or die) from Tor consensus is required.
421 Tor 0.2.7.6 on Linux
Maybe, Tor should warn/info when the repository is different from the recommended.
124 Tor 0.2.8.6 on Linux
Suspiciously. But people that check manually for a new version can be aware since Aug 24 only...
44 Tor 0.2.8.2-alpha on Linux
What's the reason to allow alphas to be bridges? Separate "alpha bridges" category for clients who like experiments is preferable.
94 Tor 0.2.4.23 on Windows 7
There are no reasons not to update on Windows except that Expert Bundle lacks auto-updater. But it has 0.2.8.6 version now, so your data shows that all Windows bridges, except those 0.2.4.x highly outdated, are maintained by up-to-date rebuilding from source. Is it plausible?
comment:16 Changed 16 months ago by
I don't see anything in the suggestions above that would help move hundreds of bridges from Tonga to Bifroest in the next 24 hours. But that's okay, we already have plenty of bridges on Bifroest, and we have the bridges that come bundled with Tor Browser. Here's a new graph.
comment:17 Changed 16 months ago by
As previously announced Tonga will be decommissioned today, probably within the hour. You may wish to disable Tonga's ssh key on bridges.torproject.org and enable any IP-based ssh restrictions. This also is the kickoff for major scheduled maintenance on the underlying server hardware. Consequently, I will not receive email sent to the cypherpunks.to domain or be able to read IRC. If someone needs to get in touch with me, find me on other IM channels. I expect any non-Tor related services running on the same physical server, such as my email, to be back up by no later than Monday. Hopefully much sooner if all goes well.
comment:18 Changed 16 months ago by
Here's another graph, which will be the last graph in this series, unless there's a good reason to post another one.
See this Metrics graph for the total number of bridges, which includes both bridge authorities for the time when both made their descriptors available to CollecTor. The first dip is when Bifroest didn't report descriptors, the second is when Tonga went away.
Is there anything else to be done here? If not, how about we close this ticket?
comment:19 Changed 15 months ago by
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
This task was completed in late August. At the same time, code related to temporarily having multiple directory authorities was merged into BridgeDB, see #20088.
Thanks for letting us know and for running the bridge auth. Triaging so this goes to the right place.