Miskatonic University Press

Verified

reviews wikipedia

I just read Verified: How to Think Straight, Get Duped Less, and Make Better Decisions About What to Believe Online by Mike Caulfield and Sam Wineburg (University of Chicago Press, 2023) and I really liked it. This is a very good introduction to information and digital literacy, well written with a lively tone. I recommend it to anyone interested in assessing online information—from librarians doing IL to people wondering about apparent misinformation or vaguely conspiracy-minded links they get sent.

Book cover
Book cover

It uses the SIFT approach: Stop, Investigate the source, Find better coverage, and Trace back to the original context. (This is intentionally not a checklist like the PARCA test). There are many examples, illustrated with lots of images of web pages and Google searches. Someone new to this would learn good practices, and someone experienced would see a well-presented approach that gives insightful coverage of familiar issues. It’s good on the inherent “compellingness” of some web sites and sources, and how to do a vibe check. The chapter on Wikipedia is very good, and I like how they depend on Wikipedia as the best place for quick checks on the reliability of sources such as journals and think tanks. It is.

The book is grounded in an assumption of good faith—that someone wants to determine the truth and validity of some information they see online. Many do. But many don’t. If they don’t, they’re not going to read a solid, practical introduction like this. On the other hand, if you’re helping or teaching high school students or undergraduates, you have an ideal audience for this book.

There’s a postscript about ChatGPT and large language models, which went big just as the book was being finished. It’s as good as anyone could manage given the timing, but how well will the SIFT approach, or PARCA, or anything else, work if (when) everything is obscured by torrential amounts of bullshit? (Except Wikipedia, I hope.)

There’s a good review by Joel Blechinger in The Journal of Radical Librarianship (vol. 10, 2024) that goes deeper into some issues. See also this thoughtful review by Stephen Michaels in College & Research Libraries (vol. 85 no. 2, 2024).

Bonnie Clearwater quote

art quotes

There are two problems an artist faces: what to paint and how to paint it.

That’s Bonnie Clearwater in an interview about Frank Stella, in this week’s episode of The Week in Art. Later she adds, “Once you decide what to paint, you can just concentrate on how to paint it.”

J;ajsdf;ajdf;sjdaf;kjsdaf;kj af;sd jksd;f jsda;jlf sda;f s;adfj sda;jf dsa;fjj dsaj;f as;jf sadf

yorku

At York University, employees (including me) sometimes need to write documents (usually letters) on university-branded letterhead.

York letterhead example
York letterhead example

For decades this was specially-printed paper that had the logo and other information printed right on it, in colour. There would be boxes of it in the office supply cabinet. You’d put it into your typewriter and type on it. Over time that changed, and you’d put it in the office printer and print on it (after making sure your margins were correct so you didn’t print on top of the logo, and perhaps telling others not to print anything because you didn’t want their documents to use your paper). More than a decade ago we moved to doing it all digitally: people could print in colour or export to PDF.

At some point, I hypothesize before 2010, someone made a Word document that had the letterhead configured nicely and made it available as a template. People copied it and made new templates from it: perhaps a form that was updated annually, or a request for letters of reference that a committee would reuse over and over. That base template went into wide use, as a good template should.

But whoever made that original gave the document a title by mashing their fingers on the keyboard: J;ajsdf;ajdf;sjdaf;kjsdaf;kj af;sd jksd;f jsda;jlf sda;f s;adfj sda;jf dsa;fjj dsaj;f as;jf sadf. That title appears in the document properties—it’s not the title you can make by setting a style on text in the document, and it’s not the file name. You might never know it’s there. But if you export to PDF, it’s probably easier to see. Here’s the title bar on Evince, my PDF viewer, showing a document named foo.pdf that was generated using this template.

Evince title bar
Evince title bar

Here are the properties of the Word file, as shown in LibreOffice.

LibreOffice document properties
LibreOffice document properties

Try a DuckDuckGo search for the string. Scroll down, and down, and down … it goes on forever. The template has been used by every faculty, many branches of the admnistration, even in documents that people wrote for the faculty union.

DuckDuckGo screenshot
DuckDuckGo screenshot

The new brand templates say, “Please note that you no longer need to download the templates for PowerPoint, Word and Excel! Simply open a new document and select the York University option and you are set.” Even so, this old template will be around for years and years to come.

In my bashrc in Conforguration I define a function that uses ExifTool and QPDF to wipe all metadata from a PDF and make it more web-friendly. Running pdfwipe foo.pdf removes these titles. I use it before I send a template-sourced PDF to anyone outside York.

function pdfwipe() {
    for FILE in "$@"; do
	exiftool -all= "$FILE"
	qpdf --linearize --replace-input "$FILE"
    done
}

Keep scrolling … and scrolling … and scrolling …

STAPLR on hiatus

code4lib libraries sonification staplr

STAPLR (Sounds in Time Actively Performing Library Reference), my sonification of activity at the help and reference desks at York University Libraries, is on hiatus.

Yesterday we moved from a free and open source self-hosted system to LibAnswers (one of the proprietary hosted services rented out by Springshare, the most well known of which is LibGuides). I will look at how I can adapt STAPLR to use its API.

Illustration profile of Kady MacDonald Denton

kady.macdonald.denton

I was delighted today when the Autumn 2023 issue of Illustration magazine arrived in the mail. It has a long profile of my mother Kady MacDonald Denton, rich with examples of her work from various books. It was written by Warren Clements (publisher at Nestlings Press), who does regular features in the magazine. It’s a wonderful profile, covering her life and career with thoughtful and informed insight into her art.

Cover of the issue
Cover of the issue

If you’re at all interested in illustration in books and magazines from the Victoria era onwards, I highly recommend investigating Illustration if you don’t know it. It’s very good. Also look at the books Nestlings Press has done bringing back into print the work of Mervyn Peake, Peter Newell and others.

BBC Radio 6 Music

music radio

Another weekend, another batch of great listening on BBC Radio 6 Music (see also its schedule). These shows are two hours unless otherwise.

  • Freak Zone Playlist (Thursday 0000, one hour): “Hand-crafted playlists from creators of underground and experimental music.” Huge variation and always interesting.
  • The Craig Charles Funk and Soul Show (Saturday 1800, three hours): Live show, with a fantastic selection of funk, soul, R&B and disco; classics and new releases merge together perfectly. The half-hour guest-DJed Trunk of Funk is usually an incredible mix. It’s followed immediately by …
  • Don Letts’ Culture Clash Radio (Saturday 2100): It’s a treat to hear this voice I know from Big Audio Dynamite records. Letts plays a bass-heavy mix with a lot of dub and reggae, but mixes it up and you could hear King Tubby followed by Nancy Sinatra.
  • Iggy Confidential (Sunday 1600): Iggy Pop hosts this with a voice like a bucket in a coal mine, giving anecdotes and opinion (“I hate arena rock”) amidst a wildly varied selection: in one show you might hear some sixties garage rock followed by rhythmic noise, then Devo, then Zamrock from Chrissy “Zebby” Tengo, and Coleman Hawkins to cool things down.
  • Stuart Maconie’s Freak Zone (Sunday 2000): Underground, left-field, experimental music, with a lot of prog and psych folk, plus modern classical, Black Sabbath, the Residents, Peruvian funk, Valentina Magaletti, The Caretaker, Vietnamese disco, film scores, Sheffield industrial, and much more. I first heard “Go Dig My Grave” by Lankum here (video); it’s a traditional folk song that turns into a surging, yawing drone. (A couple of years ago I was delighted to hear Maconie reading a letter I sent.)

I also follow Radio 1’s Essential Mix, which every weekend does a new two-hour DJ mix, usually house music, and plays a classic from its thirty-year archive. Great DJs from all over the world doing some unbelievable sets of unstoppable dance music.

The secret of all the shows is that they have great DJs who pick music they want to play. Every host is drawing on enormous musical knowledge to put together sets that blend perfectly from start to finish, taking you through moods and themes and genres, slowing you down or getting you moving. They are the opposite of “Afternoon Focus” or “Late Night Chill” that are made so corporations can profit by renting forgettable music to people not paying attention.

A shelf full of bound volumes of Soviet Literature
A shelf full of bound volumes of Soviet Literature

The BBC shows are available for streaming for a few weeks after broadcast. It’s also possible to use get_iplayer to download them, if you know your way around the command line. My setup has this in ~/.get_iplayer/options:

outputradio /usr/local/media/audio/

And this in ~/.get_iplayer/presets/music:

type radio
search (freak zone|essential mix|craig charles funk and soul|culture clash radio|iggy pop)

I run this to download the shows, which go (as .m4a files) to the directory I configured.

get_iplayer --preset=music --get

And if you’re handy at the command line you might also try my own Whip Radio, which lets you tune in to 6 Music and other BBC Radio streams.

The Science Teacher

climate.change libraries

While doing some collection development work I was looking at our holdings of The Science Teacher, a publication of the National Science Teaching Association. I flipped through some issues from the late eighties and was very impressed. This is top-notch science literacy.

Here’s a quote from “Atmospheric Science: It’s More Than Meteorology,” by David R. Smith and Gerald H. Krockover (who died in 2020), in The Science Teacher vol. 55 no. 1 (January 1988) (JSTOR 24142757):

The amount of carbon dioxide has increased approximately 10 percent in the past 25 years. Because plants help to moderate the amount of carbon dioxide in the air by using the gas in photosynthesis, extensive deforestation operations only exacerbate the problem. Projections indicate that the level of carbon dioxide is likely to double in the next 50 to 100 years.

What will be the effect of such an increase in carbon dioxide on our atmosphere? Computer models suggest that doubling the amount of carbon dioxide could raise the global average temperature by 1.5 to 4.5°C, which would result in the warmest climate seen on Earth in 5000 years. The side effects of such a global warming could include melting of the polar ice caps, shifting of key crop zones, and changing of animal migration patterns.

And a few months later, from “The Greenhouse Effect in a Vial,” by Richard Golden (who also died in 2020) and Cary Sneider in The Science Teacher vol. 56 no. 5 (May 1989) (JSTOR 24141686).

For years, scientists have been warning us that the excessive burning of fossil fuels could bring on a general global warming through an enhanced greenhouse effect. Since the beginning of the industrial revolution, the industrialized world’s consumption of energy has increased the CO₂ content of the atmosphere by more than 25 percent. The concentration of CO₂ has increased by 9 percent in just the last 30 years. And at our current rate of fuel consumption, we release as much carbon each year, in the form of CO₂, as it took the Earth 130,000 years to bury (Postel, 1986).

Today’s high school students will be faced, through all their adult years, with decisions related to energy use. For these students to make intelligent and responsible choices, they need to comprehend the underlying scientific principles of the greenhouse effect, and they need to know what social, economic, and political consequences could result from even a moderate climactic change.

That’s from thirty-five years ago.

Upgrading my Tor bridges

conforguration emacs privacy tor

The Tor Project announced the release of version 0.4.8.11 of the Tor server, which meant it was time for me to upgrade the two relays I run, one of which I set up last week.

In brief

Here’s my Conforguration method:

  • I upgrade the version number to 0.4.8.11
  • I hit C-c C-v t to “tangle” a shell script
  • On a code block for copying scripts, I hit C-c C-c
  • I ssh to the remote machine
  • I run conforg/scripts/tor-install-system.sh
  • I run conforg/scripts/tor-run.sh

Aside from the time to compile the code, this takes under one minute.

The explanation

As I said in my earlier post, I use my own Conforguration tool to handle this sort of thing. It uses Org to edit and manage shell scripts that I can run locally or on remote servers. The list above is a great example of how Org can make things much easier if you’ve set things up just the way you want them, while remaining cryptic to non-Org users. Here’s an explanation of most of what’s going on.

In the Tor section of Conforguration, first I set a variable with the version number I want to install. Today I updated it.

#+NAME: TOR_VERSION
| 0.4.8.11 |

Under Install, I have this code block:

#+begin_src shell :tangle conforg/scripts/tor-install-system.sh :shebang "#!/bin/bash" :var TOR_VERSION=TOR_VERSION
cd /usr/local/src/tor/
curl --location --remote-name https://dist.torproject.org/tor-${TOR_VERSION}.tar.gz
tar --extract --verbose --gunzip --file tor-${TOR_VERSION}.tar.gz
cd tor-${TOR_VERSION}
./configure && make && sudo make install
echo "Now run ~/conforg/scripts/tor-run.sh"
#+end_src

(I say tar --extract --verbose --gunzip --file instead of tar xzvf because I like to use the most readable arguments in scripts. I do use short forms when I’m typing at the command line.)

The :tangle argument to the code block is covered under extracting source code in the manual. When I hit C-c C-v t (which runs org-babel-tangle) then that chunk of code is exported to the file named by the argument. It’s given a shebang and the TOR_VERSION variable is passed into it, resulting in this:

#!/bin/bash
  unset TOR_VERSION
  declare -a TOR_VERSION=( '0.4.8.11' )
  cd /usr/local/src/tor/
  curl --location --remote-name https://dist.torproject.org/tor-${TOR_VERSION}.tar.gz
  tar --extract --verbose --gunzip --file tor-${TOR_VERSION}.tar.gz
  cd tor-${TOR_VERSION}
  ./configure && make && sudo make install
  echo "Now run ~/conforg/scripts/tor-run.sh"

Now I need to get that script to one of the machines where I run a Tor relay. In my ssh configuration it’s aliased to the name tor, so I go down to this section of Conforguration and hit C-c C-c on the code block to execute:

Screenshot from Conforguration
Screenshot from Conforguration

In plain text:

:PROPERTIES:
:header-args: :var hostname="tor"
:END:

#+begin_src shell :results silent :noweb yes
<<install-conforg-remotely>>
#+end_src

The angle bracket thing is noweb syntax, which allows me to use this snippet of code that’s set up earlier in the file, with the hostname variable passed in:

#+NAME: install-conforg-remotely
#+begin_src shell
rsync --archive --compress --delete ~/src/conforguration/conforg/ ${hostname}:conforg/
ssh ${hostname} "conforg/dotfiles/link-dotfiles.sh"
#+end_src

That pushes the scripts and dot files to the other machine and freshens the symlinks for all the dot files. In other words, it refreshes everything on the remote machine—all by hitting C-c C-c.

Now ~/conforg/scripts/tor-install-system.sh is on the other machine. I could execute it remotely from inside Conforguration, but it takes a while to run, so I like to log in to the other machine and do it locally. I ssh over and run:

conforg/scripts/tor-install-system.sh

It downloads the source code and compiles it. When it’s done, it finishes up by installing files on the system, and then ends with:

make[1]: Leaving directory '/usr/local/src/tor/tor-0.4.8.11'
Now run ~/conforg/scripts/tor-run.sh

I run:

conforg/scripts/tor-run.sh

This detects that a Tor tmux session is running, kills it off while waiting for the Tor daemon to die nicely, then sets it up again. When it starts fresh, the new Tor server is running.

Another way

For my bridge running on another machine, I could do the upgrade the same way, but to match how I’d installed it I did it like this (after upgrading the version number and pushing the commit to the repository):

  • cd src/conforguration
  • git pull
  • install/install.sh
  • ~/conforg/scripts/tor-install-system.sh
  • ~/conforg/scripts/tor-run.sh

There are other ways to handle configuration management and upgrading servers, but I’ve built one I really like.

How I set up a Tor bridge

conforguration privacy tor

The Tor Project had a call out for people to set up bridges to help fight censorship. Here’s how I set one up in about ninety minutes.

About bridges

There are three types of relays in the Tor network: guard, middle and exit. They all run the same program but have different purposes. Exits are configured specially and require more care to run: they are where requests come out from the Tor network and hit the open web. The non-exit relays (the Tor network decides whether one should be an entry-point guard or in the middle) don’t require much attention except to make sure the system is working and up to date.

Relays are no secret: the Tor Project provides lists of exit relays and much other data; see also this Tor node list and TorMap. This makes it possible for someone with control of a network (perhaps a country’s network) to deny access to the Tor network.

Bridges are a way to get around this. Tor’s censorship page says:

Bridge relays are Tor relays that are not listed in the public Tor directory.

That means that ISPs or governments trying to block access to the Tor network can’t simply block all bridges. Bridges are useful for Tor users under oppressive regimes, and for people who want an extra layer of security because they’re worried somebody will recognize that they are contacting a public Tor relay IP address.

A bridge is just a normal relay with a slightly different configuration.

Bridges are special in that their IP address are not shared, so they are much less likely to get blocked. People have to do a bit of work to find out how to connect to a bridge, and this is apparently enough to confound repressive governments, for a while at least. Eventually bridges can be found and blocked. That’s one reason why Tor always needs more.

The default configuration file explains a little more:

Bridge relays (or “bridges”) are Tor relays that aren’t listed in the main directory. Since there is no complete public list of them, even an ISP that filters connections to all the known Tor relays probably won’t be able to block all the bridges. Also, websites won’t treat you differently because they won’t know you’re running Tor. If you can be a real relay, please do; but if not, be a bridge!

A bridge will move a lot of bandwidth in and out, but nothing will get out to the public web. It should be able to just do its job quietly without attracting attention. That’s what I want to run.

Setting up the system

I began with a fresh Ubuntu 22.04 LTS machine as a virtual private server run at a hosting company. The use policy doesn’t allow Tor exit nodes, but this won’t be one.

I made an account for myself and gave it sudo access.

I set up ssh access, then tightened the OpenSSH server (sshd) by making sure these were set in /etc/ssh/sshd_config:

PasswordAuthentication no
KbdInteractiveAuthentication no
PermitRootLogin no
StrictModes yes
MaxAuthTries 2

I set AllowUsers my_username as well. Only I can log in, only using my SSH key. That’s as secure as I can make that. (Change my_username to your username, of course.) I made sure my home directory and ~/.ssh/ were mode 700 and everything in that directory was mode 600.

(You can restart sshd with sudo /etc/init.d/ssh restart and this won’t kill off your login session. Run that in one window, where you stay logged in, and try connecting in another. If it works, great. If not, you’re still logged in and can fix it.)

Next I set up a firewall with UFW:

sudo ufw enable
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh

It warned me about doing that over ssh, but nothing bad happened.

The next step is to set up my environment. For this I used my own Conforguration, which is a set of configuration management tools done in Org. I use it to manage my dot files and to make it easy to install R, Ruby and Tor from source. These commands download Conforguration, set up some directories, and then install scripts and dot files.

git clone https://github.com/wdenton/conforguration.git ~/src/conforguration/
~/src/conforguration/conforg/scripts/initialize.sh
~/src/conforguration/install/install.sh
source ~/.bashrc

Bingo! The prompt changes and all my aliases work. My shell environment is just the way I like it and I feel at home. (If you try Conforguration yourself let me know how it goes.)

(I don’t usually install Conforguration scripts that way. My usual method is to do it all from inside Emacs on my laptop: I use a source code block in Org to run rsync to push the scripts to the other machine, then ssh to execute the scripts remotely. As so often with Org, once you have it set up right you just hit Ctrl-c Ctrl-c and magic happens.)

Setting up Tor

What’s next requires access to packages with source code, so I edited /etc/apt/sources.list to uncomment all of the deb-src lines, then I ran this to freshen everything up:

sudo apt update
sudo apt upgrade

Setting up a Tor server is part of Conforguration, so I just ran this to get it in place:

~/conforg/scripts/tor-install-requirements.sh
~/conforg/scripts/tor-install-system.sh

The first script installs a bunch of necessary stuff and then the second script gets and installs Tor from source. This took a little while. When it finished the Tor server was ready but not running. (If you don’t want to use Conforguration, just copy what’s in those scripts.)

From here on I followed the instructions on how to set up a bridge. I ran into some problems but worked around them.

First I needed to install obfs4. The glossary says, “Obfs4 is a pluggable transport that makes Tor traffic look random like obfs3, and also prevents censors from finding bridges by Internet scanning. Obfs4 bridges are less likely to be blocked than obfs3 bridges.” (I don’t find that understandable either. Worse, the definition of obfs3 is, “Obfs3 is a pluggable transport that makes Tor traffic look random, so that it does not look like Tor or any other protocol. Obfs3 is not supported anymore.”)

Nevertheless, it’s easy to install:

sudo apt-get install obfs4proxy

Configuring

Tor servers are configured in a torrc file, and mine is in /usr/local/etc/torrc. The Ubuntu instructions have a sample torrc, but I think it could be better. Here’s what I’m using (minus comments that are in the example):

BridgeRelay 1
PublishServerDescriptor bridge

AddressDisableIPv6 1
SocksPort 0

ORPort 2112 IPv4Only

ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
ServerTransportListenAddr obfs4 0.0.0.0:443

ExtORPort auto

ContactInfo William Denton <tor@williamdenton.org>
Nickname MyServerNicknameHere

Log notice file /usr/local/src/tor/log/notices.log

# Bandwidth
AccountingStart month 10 0:00
AccountingMax 450 GBytes
AccountingRule sum

The ORPort (where Tor talks) is on 2112 because Rush. I put the ServerTransportListenAddr[ess] on 443 because that’s where HTTPS normally is, so, as I understand it, incoming traffic to the bridge will be less noticeable because it will just blend in with other normal-looking web traffic.

Understanding the settings to manage bandwidth in Tor is not easy. The project needs a good torrc guide on its site, explaining all the options and what they mean. The information is in comments in the default torrc and in the man page, but that man page is on Ubuntu’s site—I can’t find it on Tor’s web site!

I looked at What bandwidth shaping options are available to Tor relays? but How can I limit the total amount of bandwidth used by my Tor relay? had the answers I needed, and I edited the torrc based on that. My server has 500 gigs of bandwidth per month (in and out, combined), so setting a limit of 450 (with AccountingMax 450 GBytes) seems safe. I’ll keep an eye on it. The advice is that a fast server that’s up some of the month is better than a slow server up all month, and the server is smart enough to manage that on its own, so I’ll let it do its work. Months here will begin on the tenth day at midnight, and AccountingRule sum means Tor is adding up traffic in and out.

The logging command sends the server’s notices to a file, which makes them easier to read than if they’re scrolling by on the screen. I needed to make the directory:

mkdir /usr/local/src/tor/log/

Running the bridge

Because I’m using port 443 I need to take a special step next.

sudo setcap cap_net_bind_service=+ep /usr/bin/obfs4proxy

That’s a new one to me. setcap allows one to “set file capabilities.” The capabilities man page says the cap_net_bind_service setting allows a program to “bind a socket to Internet domain privileged ports (port numbers less than 1024).” It seems the +ep makes this capability “effective” and “permitted,” which means the binary can do this binding. Putting all that together means I don’t need to be root to run this program and have it bind to port 443.

(A philosophical aside: Speaking of capabilities, it’s worth knowing about the capability approach of Amartya Sen and Martha Nussbaum. It “entails two normative claims: first, the claim that the freedom to achieve well-being is of primary moral importance and, second, that well-being should be understood in terms of people’s capabilities and functionings.”)

The instructions have some commands about systemctl and service but none of that worked for me, I think because I installed from source, not a package. But that’s no problem: I can run tor as myself, and to keep it running I can run it in a tmux session. This is managed by the third script from Conforguration:

~/conforg/scripts/tor-run.sh

Run this to attach to the session:

tmux attach

Then hit Ctrl-b 1 or Ctrl-b 2 or the like to move between windows. Tmux is great.

After running the script information began to scroll by, including this, with a link about the life cycle of a new relay.

[notice] You are running a new relay.
Thanks for helping the Tor network!
If you wish to know what will happen in the upcoming weeks regarding
its usage, have a look at https://blog.torproject.org/lifecycle-of-a-new-relay

[notice] Registered server transport 'obfs4' at '[::]:443'

Right away I used the TCP reachability test to make sure port 443 was working, and it was.

The log also gave me a link to check the status of the bridge (it’s here but that won’t work because I’m not sharing the ID), which a little while later said:

Bridge 123456789xxx advertises:

* obfs4: functional
  Last tested: 2024-04-05 00:55:33.26340596 +0000 UTC (26m26.501321898s ago)

Good! Everything seemed fine.

Finally, I ran this to check on open ports:

sudo apt install net-tools
sudo netstat --numeric --tcp --listen --program

It said (trimming some column headers):

Proto          Local Address      Foreign Addr  State     PID/Program name
tcp     0    0 0.0.0.0:2112       0.0.0.0:*     LISTEN    1093/tor
tcp     0    0 0.0.0.0:22         0.0.0.0:*     LISTEN    739/sshd: /usr/sbin
tcp     0    0 127.0.0.1:41357    0.0.0.0:*     LISTEN    1093/tor
tcp     0    0 127.0.0.53:53      0.0.0.0:*     LISTEN    653/systemd-resolve
tcp6    0    0 :::22              :::*          LISTEN    739/sshd: /usr/sbin
tcp6    0    0 :::443             :::*          LISTEN    1100/obfs4proxy

Aside from ssh (port 22) and DNS (port 53) everything is Tor-related. Good. The server is listening on port 443, just as I want.

I was confused about port 41357. Why was tor listening on localhost on that port? I asked about this on the Tor forums. (The port is different there because I’d restarted the server and it grabbed a new high port at random.) I will update when I have an answer.

To use ss (the replacement for netstat; I use the old program by habit) I would run this to see the same information, plus a little more about the programs running:

sudo ss --numeric --tcp --listen --processes

Traffic statistics

I recently discovered vnStat, which is a really useful command line tool for getting network traffic statistics. Here I run vnstat -h to have it show hourly stats. You can have it show daily or monthly or use -q for a general summary.

$ vnstat -h --iface ens3

 ens3  /  hourly

         hour        rx      |     tx      |    total    |   avg. rate
     ------------------------+-------------+-------------+---------------
     2024-04-06
         00:00     49.38 MiB |   24.51 MiB |   73.89 MiB |  172.18 kbit/s
         01:00    235.54 MiB |  234.17 MiB |  469.72 MiB |    1.09 Mbit/s
         02:00    207.27 MiB |  188.72 MiB |  395.99 MiB |  922.73 kbit/s
         03:00    726.50 MiB |  734.80 MiB |    1.43 GiB |    3.41 Mbit/s
         04:00    922.43 MiB |  924.49 MiB |    1.80 GiB |    4.30 Mbit/s
         05:00    623.17 MiB |  613.17 MiB |    1.21 GiB |    2.88 Mbit/s
         06:00    516.51 MiB |  493.94 MiB |    0.99 GiB |    2.35 Mbit/s
         07:00    547.88 MiB |  532.52 MiB |    1.06 GiB |    2.52 Mbit/s
         08:00    856.94 MiB |  870.95 MiB |    1.69 GiB |    4.03 Mbit/s
         09:00    622.55 MiB |  624.93 MiB |    1.22 GiB |    2.91 Mbit/s
     ------------------------+-------------+-------------+---------------

The tor-run.sh script runs speedometer, which shows a graph of bandwidth use marching by. I’ll probably work vnstat into it too. With these two scripts, and the log file, it’s easy to keep an eye on how busy the relay is.

For both of those you need to know the name of the network interface where the packets are moving. On this server it’s ens3, which I found by running

ifconfig

This reported

ens3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

and then a lot of technical details that show it’s online and moving traffic. The ens3 there is the name I needed. (The lo interface you will always see also listed is the loopback interface that lets a machine talk to itself.)

It’s also interesting to see the failed ssh login attempts. Here’s one way to do it:

$ sudo journalctl -u ssh -g "Invalid user" | sed -nE 's/.*user (.*) from.*/\1/p' | sort | uniq -c | sort -rn | head -10
    241 admin
    156 user
    147 ubuntu
     83 oracle
     83 debian
     62 test
     62 ftpuser
     45 usuario
     45 test2
     45 test1

So far the bridge is running well. I’ll report back about how it goes.

Upgrading

When it comes time to upgrade to the next Tor release, I’ll post about how I do that with Conforguration.

(If anyone notices any technical mistakes in any of this, I’d like to know so I can fix them—but up to the limit of getting a Tor bridge safely up and running, not arcane details about Linux networking.)

UPDATED 08 April 2024: This answer to my question explains about the high port: Because I configured ExtORPort auto (as the instructions set out) the Extended OR Port picks a random high port where it listens on localhost for connections from obfs4proxy. A regular Tor relay will have ORPort 9001 set, but this extended one does a little more.

The Testimony of Patience Kershaw

music

The Unthanks performing “The Testimony of Patience Kershaw” by Frank Higgins:

The song is based on actual testimony of Patience Kershaw, a seventeen-year-old girl who worked in a coal mine. The text is in Testimony Gathered by Ashley’s Mines Commission at the Victorian Web:

My father has been dead about a year; my mother is living and has ten children, five lads and five lasses; the oldest is about thirty, the youngest is four; three lasses go to mill; all the lads are colliers, two getters and three hurriers; one lives at home and does nothing; mother does nought but look after home.

All my sisters have been hurriers, but three went to the mill. Alice went because her legs swelled from hurrying in cold water when she was hot. I never went to day-school; I go to Sunday-school, but I cannot read or write; I go to pit at five o’clock in the morning and come out at five in the evening; I get my breakfast of porridge and milk first; I take my dinner with me, a cake, and eat it as I go; I do not stop or rest any time for the purpose; I get nothing else until I get home, and then have potatoes and meat, not every day meat. I hurry in the clothes I have now got on, trousers and ragged jacket; the bald place upon my head is made by thrusting the corves; my legs have never swelled, but sisters’ did when they went to mill; I hurry the corves a mile and more under ground and back; they weigh 300 cwt.; I hurry 11 a-day; I wear a belt and chain at the workings, to get the corves out; the getters that I work for are naked except their caps; they pull off all their clothes; I see them at work when I go up; sometimes they beat me, if I am not quick enough, with their hands; they strike me upon my back; the boys take liberties with me sometimes they pull me about; I am the only girl in the pit; there are about 20 boys and 15 men; all the men are naked; I would rather work in mill than in coal-pit.

I heard it on the 10 March 2024 episode of Stuart Maconie’s Freak Zone.

List of all blog posts