From mboxrd@z Thu Jan  1 00:00:00 1970
From: ng0 <ng0@infotropique.org>
Subject: Re: tor with --expensive-hardening is using way too much memory
Date: Sat, 29 Jul 2017 17:19:48 +0000
Message-ID: <20170729171948.agnagrkch56mpqg6@abyayala>
References: <20170719230500.vrbv2qqksjd5g4gh@abyayala>
	<8760enzwk5.fsf@openmailbox.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="o2tvyomzje4z3vvd"
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:44696)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ng0@infotropique.org>) id 1dbVPO-0000gy-4Q
	for guix-devel@gnu.org; Sat, 29 Jul 2017 13:20:11 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ng0@infotropique.org>) id 1dbVPK-0001AF-VU
	for guix-devel@gnu.org; Sat, 29 Jul 2017 13:20:10 -0400
Received: from aibo.runbox.com ([91.220.196.211]:43650)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <ng0@infotropique.org>)
	id 1dbVPK-00016w-NZ
	for guix-devel@gnu.org; Sat, 29 Jul 2017 13:20:06 -0400
Content-Disposition: inline
In-Reply-To: <8760enzwk5.fsf@openmailbox.org>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Kei Kebreau <kei@openmailbox.org>
Cc: guix-devel@gnu.org


--o2tvyomzje4z3vvd
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

I will prepare a patch and open a new bug at guix-patches, I see no one
in favor of keeping it the way it is.

Kei Kebreau transcribed 2.8K bytes:
> ng0 <ng0@infotropique.org> writes:
>=20
> > I noticed this before the contribution entered master, so this message
> > is not really a news.
> >
> > To quote myself from earlier today:
> >
> > <ng0>      I think we should revert one piece of the tor hardened build=
=2E. 3 hours
> >            uptime: 684.3 MiB + 753.0 KiB =3D 685.1 MiB       tor
> >
> > Comparison: my Chromium with 55 tabs open uses 2.2GB.
> >
> >  Private  +   Shared  =3D  RAM used       Program
> > =E2=80=A6=20
> >  12.4 MiB +   1.1 MiB =3D  13.4 MiB       vim
> >  15.5 MiB + 959.0 KiB =3D  16.4 MiB       Xorg
> >  17.3 MiB +   5.6 MiB =3D  22.9 MiB       guix substitute
> >  22.8 MiB +   1.3 MiB =3D  24.1 MiB       shepherd
> >  26.7 MiB + 551.5 KiB =3D  27.3 MiB       emacs-25.2
> > 131.1 MiB +   6.2 MiB =3D 137.3 MiB       .guix-real
> > 732.7 MiB + 932.0 KiB =3D 733.6 MiB       tor
> > =E2=80=A6
> > uptime: 6:24h
> >
> > Now I wouldn't consider tor to be problematic when this would be the
> > default for tor. But it isn't, and --enable-expensive-hardening is an
> > experimental function which is not enabled by default from upstream (as
> > all our recently added config options for tor (not sure right now if all
> > are experimental, but they are not standard).
> >
> > Comparison, Debian running for a very long time (months) and using the
> > same config:
> >
> >  40.6 MiB + 486.0 KiB =3D  41.1 MiB       tor
> >
> >
> > I'm convinced that removing --enable-expensive-hardening will improve
> > the situation, I have watched an VM with tor without this config switch.
> > Whoever needs or wants this switch can make use of the easy way to
> > create custom packages in Guix.
> >
> > If someone else can confirm my observations, I'll prepare an patch.
>=20
> The top(1) command tells me that tor is taking up just short of a
> gigabyte of RAM. I haven't tried disabling the --enable-expensive-hardeni=
ng
> flag, yet.



--=20
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://n0is.noblogs.org/my-keys
https://www.infotropique.org https://krosos.org

--o2tvyomzje4z3vvd
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEqIyK3RKYKNfqwC5S4i+bv+40hYgFAll8w7QACgkQ4i+bv+40
hYgxjRAAj9TEQwmw9gqPG2mRoDRr7oOpOAFsxtbkb00Y43tLm5Gs+rOe0sqbJEbi
kNldkz3riY3Lib6+03dL4feARhcoTLj5nrZPfZq2KaaqQa8iY16qBsrToKFHm6j7
o9Eh6ruE8W7pGat0DwlY9JI/pAswYVI5uImIl9ozRJ3laJqQ2XQoxQSFg0plFVcA
Zy9Hdp7dlzE90d8j3heMCuInmoV2MYgllfPFsY5GBBcIbDLMdHa+eA0yq6FKLTjX
qT9rREO9eABNidK1RsNtOnlo7unlhmogMY4dBKb42tnyiaeLsRKQjVOZiX1QdZj6
GHhArHMQ7IhFQt6LivKltmgr3j+ixCwLdgJinfP3l8I8ldYosiuBP8y9DSrWTQXN
v68tLEcFMC6V7mThcNnbxQby7xxgl25+lF/vBV2u/pi61lCjdbUqtCZuNcoao0vO
b984Oswalfbc/iVkdYMgXvhOXkwrHBpHEDmy1/Qt2RTNFgi9t6jQYnCZN+X7GfL0
IeLDhiiAOYnmDAoD6ZAh2DFFNSJQXI8ZQrm3YOptVfjPjLyVAenhEweekO93pOER
wA+Rj6wJCIUBDcpD6rL1GrCtt4bZAI0RSLsSTuAWWHZpNCE354itSVx9Pl0UczoJ
baZqRtSfLLYk7QAqHxbofCvjBw6JU4Yygx+CC9wWqAmM5QGqJaM=
=zEcK
-----END PGP SIGNATURE-----

--o2tvyomzje4z3vvd--