Changes between Version 62 and Version 63 of TorWeeklyNews/2013/10


Ignore:
Timestamp:
Sep 10, 2013, 12:37:56 PM (6 years ago)
Author:
lunar
Comment:

prepare for freeze

Legend:

Unmodified
Added
Removed
Modified
  • TorWeeklyNews/2013/10

    v62 v63  
    1010========================================================================
    1111
    12 Welcome to the eleventh issue of Tor Weekly News, the weekly newsletter that
    13 covers what is happening in the taut Tor community.
    14 
    15 Tor 0.2.4.17-rc is out
     12Welcome to the eleventh issue of Tor Weekly News, the weekly newsletter
     13that covers what is happening in the taut Tor community.
     14
     15tor 0.2.4.17-rc is out
    1616----------------------
    1717
    18 There are now confirmations [XXX] that the sudden influx of Tor clients which
    19 started mid-August [XXX] is indeed coming from a botnet. “I guess all that
    20 work we've been doing on scalability was a good idea” wrote Roger
    21 Dingledine wrote in a blog post about “how to handle millions of new
    22 Tor clients” [XXX].
    23 
    24 On September 5th, Roger Dingledine announced the release of the third 
    25 release candidate for the tor 0.2.4 series [XXX]. This is an emergency
    26 release “to help us tolerate the massive influx of users: 0.2.4 clients 
    27 using the new (faster and safer) ‘NTor’ circuit-level handshakes now 
    28 effectively jump the queue compared to the 0.2.3 clients using ‘TAP’ 
    29 handshakes” [XXX].
     18There are now confirmations [1] that the sudden influx of Tor clients
     19which started mid-August [2] is indeed coming from a botnet. “I guess
     20all that work we've been doing on scalability was a good idea” wrote
     21Roger Dingledine wrote in a blog post about “how to handle millions of
     22new Tor clients” [3].
     23
     24On September 5th, Roger Dingledine announced the release of the third
     25release candidate for the tor 0.2.4 series [4]. This is an emergency
     26release “to help us tolerate the massive influx of users: 0.2.4 clients
     27using the new (faster and safer) ‘NTor’ circuit-level handshakes now
     28effectively jump the queue compared to the 0.2.3 clients using ‘TAP’
     29handshakes” [5].
    3030
    3131It also contains several minor bugfixes and some new status messages for
    3232better monitoring of the current situation.
    3333
    34 Roger asked relay operators to upgrade to 0.2.4.17-rc [XXX]: “the more
     34Roger asked relay operators to upgrade to 0.2.4.17-rc [6]: “the more
    3535relays that upgrade to 0.2.4.17-rc, the more stable and fast Tor will be
    3636for 0.2.4 users, despite the huge circuit overload that the network is
    3737seeing.”
    3838
    39 For relays running Debian or Ubuntu, upgrading to the development branch 
    40 can be done using the Tor project's package repository [XXX]. New
    41 versions of the beta branch of the Tor Browser Bundle are also
    42 available [XXX] since September 6th. The next Tails release, scheduled
    43 for September 19th [XXX] will also contain 0.2.4.17-rc [XXX].
    44 
    45 Hopefully, this will be the last release candidate. What looks missing 
     39For relays running Debian or Ubuntu, upgrading to the development branch
     40can be done using the Tor project's package repository [7]. New versions
     41of the beta branch of the Tor Browser Bundle are also available [8]
     42since September 6th. The next Tails release, scheduled for September
     4319th [9] will also contain 0.2.4.17-rc [10].
     44
     45Hopefully, this will be the last release candidate. What looks missing
    4646at this point to declare the 0.2.4.x series stable is simply enough time
    4747to finish the release notes.
    4848
    49   [XXX] http://blog.fox-it.com/2013/09/05/large-botnet-cause-of-recent-tor-network-overload/
    50   [XXX] https://lists.torproject.org/pipermail/tor-talk/2013-September/029822.html
    51   [XXX] https://blog.torproject.org/blog/how-to-handle-millions-new-tor-clients
    52   [XXX] https://lists.torproject.org/pipermail/tor-talk/2013-September/029857.html
    53   [XXX] https://trac.torproject.org/projects/tor/ticket/9574
    54   [XXX] https://lists.torproject.org/pipermail/tor-relays/2013-September/002701.html
    55   [XXX] https://www.torproject.org/docs/debian.html.en#development
    56   [XXX] https://blog.torproject.org/blog/new-tor-02417-rc-packages
    57   [XXX] https://mailman.boum.org/pipermail/tails-dev/2013-September/003622.html
    58   [XXX] https://mailman.boum.org/pipermail/tails-dev/2013-September/003621.html
     49   [1] http://blog.fox-it.com/2013/09/05/large-botnet-cause-of-recent-tor-network-overload/
     50   [2] https://lists.torproject.org/pipermail/tor-talk/2013-September/029822.html
     51   [3] https://blog.torproject.org/blog/how-to-handle-millions-new-tor-clients
     52   [4] https://lists.torproject.org/pipermail/tor-talk/2013-September/029857.html
     53   [5] https://bugs.torproject.org/9574
     54   [6] https://lists.torproject.org/pipermail/tor-relays/2013-September/002701.html
     55   [7] https://www.torproject.org/docs/debian.html.en#development
     56   [8] https://blog.torproject.org/blog/new-tor-02417-rc-packages
     57   [9] https://mailman.boum.org/pipermail/tails-dev/2013-September/003622.html
     58  [10] https://mailman.boum.org/pipermail/tails-dev/2013-September/003621.html
    5959
    6060The future of Tor cryptography
     
    6262
    6363After the last round of revelations from Edward Snowden, described as
    64 “explosive” by Bruce Schneier [XXX], several threads started on the
     64“explosive” by Bruce Schneier [11], several threads started on the
    6565tor-talk mailing list to discuss Tor cryptography.
    6666
    6767A lot of what has been written is speculative at this point. But some
    68 have raised concerns [XXX] about 1024 bit Diffie-Helmank key exchange [XXX].
    69 This has already been adressed with the introduction of the “ntor”
    70 handshake [XXX] in 0.2.4 and Nick Mathewson encourages everybody to
    71 upgrade [XXX].
    72 
    73 Another thread [XXX] prompted Nick to summarize [XXX] its
    74 views on the future of Tor cryptography. Regarding public keys, “with
    75 Tor 0.2.4, forward secrecy uses 256-bit ECC, which is certainly
    76 better, but RSA-1024 is still used in some places for signatures.
    77 I want to fix all that in 0.2.5 — see proposal 220 [XXX], and George
    78 Kadianakis’ draft hidden service improvements [XXX,XXX], and so forth.”
    79 Regarding symmetric keys, Nick wrote: “We’re using AES128.  I’m hoping
    80 to move to XSalsa20 or something like it.” In response to a query, Nick
    81 clarifies that he doesn't think AES is broken: only hard to implement right,
    82 and only provided in TLS in concert with modes that are somewhat (GCM)
    83 or fairly (CBC) problematic.
     68have raised concerns [12] about 1024 bit Diffie-Helmank key
     69exchange [13]. This has already been adressed with the introduction of
     70the “ntor” handshake [14] in 0.2.4 and Nick Mathewson encourages
     71everybody to upgrade [15].
     72
     73Another thread [16] prompted Nick to summarize [17] its views on the
     74future of Tor cryptography. Regarding public keys, “with Tor 0.2.4,
     75forward secrecy uses 256-bit ECC, which is certainly better, but
     76RSA-1024 is still used in some places for signatures.  I want to fix all
     77that in 0.2.5 — see proposal 220 [18], and George Kadianakis’ draft
     78hidden service improvements [19,20], and so forth.” Regarding symmetric
     79keys, Nick wrote: “We’re using AES128. I’m hoping to move to XSalsa20
     80or something like it.” In response to a query, Nick clarifies that he
     81doesn't think AES is broken: only hard to implement right, and only
     82provided in TLS in concert with modes that are somewhat (GCM) or fairly
     83(CBC) problematic.
    8484
    8585The effort to design better cryptography for the Tor protocols is not
    86 new. More than a year ago, Nick Mathewson presented proposal 202 [XXX]
    87 outlining two possible new relay encryption protocols for Tor cells. Nick
    88 mentioned that he's waiting for a promising paper to get finished here
    89 before implementation.
    90 
    91 A third question was raised [XXX] regarding the trust in algorithms
    92 certified by the US NIST [XXX]. Nick speculations put aside, he also
     86new. More than a year ago, Nick Mathewson presented proposal 202 [21]
     87outlining two possible new relay encryption protocols for Tor cells.
     88Nick mentioned that he's waiting for a promising paper to get finished
     89here before implementation.
     90
     91A third question was raised [22] regarding the trust in algorithms
     92certified by the US NIST [23]. Nick speculations put aside, he also
    9393emphasised that several NIST algorithms were “hard to implement
    94 correctly” [XXX].
    95 
    96 Nick also plans to change more algorithms [XXX]: “Over the 0.2.5
    97 series, I want to move even more things (including hidden services) to
    98 curve25519 and its allies for public key crypto.  I also want to add
     94correctly” [24].
     95
     96Nick also plans to change more algorithms [25]: “Over the 0.2.5 series,
     97I want to move even more things (including hidden services) to
     98curve25519 and its allies for public key crypto. I also want to add
    9999more hard-to-implement-wrong protocols to our mix: Salsa20 is looking
    100100like a much better choice to me than AES nowadays, for instance.”
     
    103103crypto”. It sounds like a good way to put it.
    104104
    105   [XXX] https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html
    106   [XXX] https://lists.torproject.org/pipermail/tor-talk/2013-September/029917.html
    107   [XXX] https://en.wikipedia.org/wiki/Diffie–Hellman_key_exchange
    108   [XXX] https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/216-ntor-handshake.txt
    109   [XXX] https://lists.torproject.org/pipermail/tor-talk/2013-September/029930.html
    110   [XXX] https://lists.torproject.org/pipermail/tor-talk/2013-September/029927.html
    111   [XXX] https://lists.torproject.org/pipermail/tor-talk/2013-September/029941.html
    112   [XXX] https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/220-ecc-id-keys.txt
    113   [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-August/005279.html
    114   [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-August/005280.html
    115   [XXX] https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/202-improved-relay-crypto.txt
    116   [XXX] https://lists.torproject.org/pipermail/tor-talk/2013-September/029933.html
    117   [XXX] https://en.wikipedia.org/wiki/National_Institute_of_Standards_and_Technology
    118   [XXX] https://lists.torproject.org/pipermail/tor-talk/2013-September/029937.html
    119   [XXX] https://lists.torproject.org/pipermail/tor-talk/2013-September/029929.html
     105  [11] https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html
     106  [12] https://lists.torproject.org/pipermail/tor-talk/2013-September/029917.html
     107  [13] https://en.wikipedia.org/wiki/Diffie–Hellman_key_exchange
     108  [14] https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/216-ntor-handshake.txt
     109  [15] https://lists.torproject.org/pipermail/tor-talk/2013-September/029930.html
     110  [16] https://lists.torproject.org/pipermail/tor-talk/2013-September/029927.html
     111  [17] https://lists.torproject.org/pipermail/tor-talk/2013-September/029941.html
     112  [18] https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/220-ecc-id-keys.txt
     113  [19] https://lists.torproject.org/pipermail/tor-dev/2013-August/005279.html
     114  [20] https://lists.torproject.org/pipermail/tor-dev/2013-August/005280.html
     115  [21] https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/202-improved-relay-crypto.txt
     116  [22] https://lists.torproject.org/pipermail/tor-talk/2013-September/029933.html
     117  [23] https://en.wikipedia.org/wiki/National_Institute_of_Standards_and_Technology
     118  [24] https://lists.torproject.org/pipermail/tor-talk/2013-September/029937.html
     119  [25] https://lists.torproject.org/pipermail/tor-talk/2013-September/029929.html
    120120
    121121Toward a better performance measurement tool
    122122--------------------------------------------
    123123
    124 “I just finished […] sketching out the requirements and a software design
    125 for a new Torperf implementation“ announced Karsten Loesing [XXX] on
    126 the tor-dev mailing list.
     124“I just finished […] sketching out the requirements and a software
     125design for a new Torperf implementation“ announced Karsten Loesing [26]
     126on the tor-dev mailing list.
    127127
    128128The report begins with: “Four years ago, we presented a simple tool to
    129 measure performance of the Tor network.  This tool, called Torperf,
     129measure performance of the Tor network. This tool, called Torperf,
    130130requests static files of three different sizes over the Tor network and
    131131logs timestamps of various request substeps. These data turned out to be
    132 quite useful to observe user-perceived network performance over 
    133 time [XXX]. However, static file downloads are not the typical use case
     132quite useful to observe user-perceived network performance over
     133time [27]. However, static file downloads are not the typical use case
    134134of a user browsing the web using Tor, so absolute numbers are not very
    135135meaningful. Also, Torperf consists of a bunch of shell scripts which
     
    143143on upload capacity.
    144144
    145 Karsten added “neither the requirements nor the software design
    146 are set in stone, and the implementation, well, does not exist yet.
    147 Plenty of options for giving feedback and helping out, and most parts
    148 don't even require specific experience with hacking on Tor. Just in case
    149 somebody's looking for an introductory Tor project to hack on.”
    150 
    151 Saytha already wrote that this was enough material to get the 
    152 implementation started [XXX]. The project needs enough work for anyone
     145Karsten added “neither the requirements nor the software design are set
     146in stone, and the implementation, well, does not exist yet.  Plenty of
     147options for giving feedback and helping out, and most parts don't even
     148require specific experience with hacking on Tor. Just in case somebody's
     149looking for an introductory Tor project to hack on.”
     150
     151Saytha already wrote that this was enough material to get the
     152implementation started [28]. The project needs enough work for anyone
    153153interested. Feel free to join him!
    154154
    155   [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-September/005386.html
    156   [XXX] https://metrics.torproject.org/performance.html
    157   [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-September/005388.html
     155  [26] https://lists.torproject.org/pipermail/tor-dev/2013-September/005386.html
     156  [27] https://metrics.torproject.org/performance.html
     157  [28] https://lists.torproject.org/pipermail/tor-dev/2013-September/005388.html
    158158
    159159More monthly status reports for August 2013
     
    161161
    162162The wave of regular monthly reports from Tor project members continued
    163 this week with Sukhbir Singh [XXX], Matt Pagan [XXX], Ximin Luo [XXX],
    164 mrphs [XXX], Pearl Crescent [XXX], Andrew Lewman [XXX], Mike Perry
    165 [XXX], Kelley Misata [XXX], Nick Mathewson [XXX], Jason Tsai [XXX],
    166 Tails [XXX], Aaron [XXX], and Damian Johnson [XXX].
    167 
    168   [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000326.html
    169   [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000327.html
    170   [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000328.html
    171   [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000329.html
    172   [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000330.html
    173   [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000331.html
    174   [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000332.html
    175   [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000333.html
    176   [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000334.html
    177   [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000335.html
    178   [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000336.html
    179   [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000337.html
    180   [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000338.html
     163this week with Sukhbir Singh [29], Matt Pagan [30], Ximin Luo [31],
     164mrphs [32], Pearl Crescent [33], Andrew Lewman [34], Mike Perry [35],
     165Kelley Misata [36], Nick Mathewson [37], Jason Tsai [38], Tails [39],
     166Aaron [40], and Damian Johnson [41].
     167
     168  [29] https://lists.torproject.org/pipermail/tor-reports/2013-September/000326.html
     169  [30] https://lists.torproject.org/pipermail/tor-reports/2013-September/000327.html
     170  [31] https://lists.torproject.org/pipermail/tor-reports/2013-September/000328.html
     171  [32] https://lists.torproject.org/pipermail/tor-reports/2013-September/000329.html
     172  [33] https://lists.torproject.org/pipermail/tor-reports/2013-September/000330.html
     173  [34] https://lists.torproject.org/pipermail/tor-reports/2013-September/000331.html
     174  [35] https://lists.torproject.org/pipermail/tor-reports/2013-September/000332.html
     175  [36] https://lists.torproject.org/pipermail/tor-reports/2013-September/000333.html
     176  [37] https://lists.torproject.org/pipermail/tor-reports/2013-September/000334.html
     177  [38] https://lists.torproject.org/pipermail/tor-reports/2013-September/000335.html
     178  [39] https://lists.torproject.org/pipermail/tor-reports/2013-September/000336.html
     179  [40] https://lists.torproject.org/pipermail/tor-reports/2013-September/000337.html
     180  [41] https://lists.torproject.org/pipermail/tor-reports/2013-September/000338.html
    181181
    182182Miscellaneous news
     
    184184
    185185Not all new Tor users are computer programs! According to their latest
    186 report [XXX], Tails is now booted twice as much as six months ago
    187 (from 100 865 to 190 521 connections to the security feed).
    188 
    189   [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000336.html
    190 
    191 Thanks Frenn vun der Enn [XXX] for setting up a new mirror [XXX] of the
     186report [42], Tails is now booted twice as much as six months ago (from
     187100 865 to 190 521 connections to the security feed).
     188
     189  [42] https://lists.torproject.org/pipermail/tor-reports/2013-September/000336.html
     190
     191Thanks Frenn vun der Enn [43] for setting up a new mirror [44] of the
    192192Tor project website.
    193193
    194   [XXX] http://enn.lu/
    195   [XXX] https://lists.torproject.org/pipermail/tor-mirrors/2013-September/000351.html
    196 
    197 With the Google Summer of Code ending in two weeks, the students have 
    198 sent their the next to last reports: Kostas Jakeliunas for the 
    199 Searchable metrics archive [XXX], Johannes Fürmann for EvilGenius [XXX],
    200 Hareesan for the Steganography Browser Extension [XXX], and Cristian-Matei
    201 Toader for Tor capabilities [XXX].
    202 
    203   [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-September/005380.html
    204   [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-September/005394.html
    205   [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-September/005409.html
    206   [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-September/005412.html
    207 
    208 Damian Johnson anounced [XXX] he had completed the rewrite of DocTor in
    209 Python [XXX], “a service that pulls hourly consensus information and
     194  [43] http://enn.lu/
     195  [44] https://lists.torproject.org/pipermail/tor-mirrors/2013-September/000351.html
     196
     197With the Google Summer of Code ending in two weeks, the students have
     198sent their the next to last reports: Kostas Jakeliunas for the
     199Searchable metrics archive [45], Johannes Fürmann for EvilGenius [46],
     200Hareesan for the Steganography Browser Extension [47], and
     201Cristian-Matei Toader for Tor capabilities [48].
     202
     203  [45] https://lists.torproject.org/pipermail/tor-dev/2013-September/005380.html
     204  [46] https://lists.torproject.org/pipermail/tor-dev/2013-September/005394.html
     205  [47] https://lists.torproject.org/pipermail/tor-dev/2013-September/005409.html
     206  [48] https://lists.torproject.org/pipermail/tor-dev/2013-September/005412.html
     207
     208Damian Johnson anounced [49] he had completed the rewrite of DocTor in
     209Python [50], “a service that pulls hourly consensus information and
    210210checks it for a host of issues (directory authority outages, expiring
    211211certificates, etc). In the case of a problem it notifies
    212 tor-consensus-health@ [XXX], and we in turn give the authority operator
    213 a heads up.”
    214 
    215   [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000338.html
    216   [XXX] https://gitweb.torproject.org/doctor.git
    217   [XXX] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-consensus-health
    218 
    219 Matt Pagan has migrated [XXX] several Frequently Asked Questions from the wiki to the
    220 official Tor website [XXX]. This should enable more users to find the answers they need!
    221 
    222   [XXX] https://svn.torproject.org/cgi-bin/viewvc.cgi/Tor?view=revision&revision=26333
    223   [XXX] https://www.torproject.org/docs/faq.html
    224 
    225 In his previous call for help to collect more statistics [XXX],
    226 addressed at bridge operators, George Kadianakis forgot to mention that
    227 an extra line with “ExtORPort 6669” needed to be added to tor
    228 configuration file [XXX]. Make sure you do have it if you are running a
    229 bridge on tor master branch.
    230 
    231   [XXX] https://lists.torproject.org/pipermail/tor-relays/2013-August/002477.html
    232   [XXX] https://lists.torproject.org/pipermail/tor-relays/2013-September/002691.html
     212tor-consensus-health@ [51], and we in turn give the authority operator a
     213heads up.”
     214
     215  [49] https://lists.torproject.org/pipermail/tor-reports/2013-September/000338.html
     216  [50] https://gitweb.torproject.org/doctor.git
     217  [51] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-consensus-health
     218
     219Matt Pagan has migrated [52] several Frequently Asked Questions from the
     220wiki to the official Tor website [53]. This should enable more users to
     221find the answers they need!
     222
     223  [52] https://svn.torproject.org/cgi-bin/viewvc.cgi/Tor?view=revision&revision=26333
     224  [53] https://www.torproject.org/docs/faq.html
     225
     226In his previous call for help to collect more statistics [54], addressed
     227at bridge operators, George Kadianakis forgot to mention that an extra
     228line with “ExtORPort 6669” needed to be added to tor configuration
     229file [55]. Make sure you do have it if you are running a bridge on tor
     230master branch.
     231
     232  [54] https://lists.torproject.org/pipermail/tor-relays/2013-August/002477.html
     233  [55] https://lists.torproject.org/pipermail/tor-relays/2013-September/002691.html
    233234
    234235For the upgrade of tor to the 0.2.4.x series in Tails, a tester spotted
    235236a regression while “playing with an ISO built from experimental, thanks
    236 to our Jenkins autobuilder” [XXX]. This mark a significant milestone in the
    237 work on automated builds [XXX] done by the several member of the Tails
    238 team in the course of the last year!
    239 
    240   [XXX] https://mailman.boum.org/pipermail/tails-dev/2013-September/003617.html
    241   [XXX] https://labs.riseup.net/code/issues/5324
     237to our Jenkins autobuilder” [56]. This mark a significant milestone in
     238the work on automated builds [57] done by the several member of the
     239Tails team in the course of the last year!
     240
     241  [56] https://mailman.boum.org/pipermail/tails-dev/2013-September/003617.html
     242  [57] https://labs.riseup.net/code/issues/5324
    242243
    243244Tails next low-hanging fruits session will be on September 21st at
    244 08:00 UTC [XXX]. Mark the date if you want to get involved!
    245 
    246   [XXX] https://mailman.boum.org/pipermail/tails-dev/2013-September/003566.html
    247 
    248 David Fifield gave some tips on how to setup a test infrastructure [XXX] for
    249 flash proxy [XXX].
    250 
    251   [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-September/005402.html
    252   [XXX] https://crypto.stanford.edu/flashproxy/
    253 
    254 Marek Majkowski reported [XXX] on how one can use his fluxcapacitor tool [XXX]
    255 to get a test Tor network started with Chutney [XXX] ready is only 6.5
    256 seconds. A vast improvement over the 5 minutes he initially had to wait!
    257 
    258   [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-September/005403.html
    259   [XXX] https://github.com/majek/fluxcapacitor.git
    260   [XXX] https://gitweb.torproject.org/chutney.git
    261   [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-September/005413.html
    262 
    263 Eugen Leitl drew attention [XXX] to a new research paper which aims to analyse
    264 content and popularity of Hidden Services by Alex Biryukov, Ivan Pustogarov,
    265 and Ralf-Philipp Weinmann from University of Luxembourg [XXX].
    266  
    267   [XXX] https://lists.torproject.org/pipermail/tor-talk/2013-September/029856.html
    268   [XXX] http://cryptome.org/2013/09/tor-analysis-hidden-services.pdf
     24508:00 UTC [58]. Mark the date if you want to get involved!
     246
     247  [58] https://mailman.boum.org/pipermail/tails-dev/2013-September/003566.html
     248
     249David Fifield gave some tips on how to setup a test infrastructure [59]
     250for flash proxy [60].
     251
     252  [59] https://lists.torproject.org/pipermail/tor-dev/2013-September/005402.html
     253  [60] https://crypto.stanford.edu/flashproxy/
     254
     255Marek Majkowski reported [61] on how one can use his fluxcapacitor
     256tool [62] to get a test Tor network started with Chutney [63] ready is
     257only 6.5 seconds. A vast improvement over the 5 minutes he initially had
     258to wait [64]!
     259
     260  [61] https://lists.torproject.org/pipermail/tor-dev/2013-September/005403.html
     261  [62] https://github.com/majek/fluxcapacitor.git
     262  [63] https://gitweb.torproject.org/chutney.git
     263  [64] https://lists.torproject.org/pipermail/tor-dev/2013-September/005413.html
     264
     265Eugen Leitl drew attention [65] to a new research paper which aims to
     266analyse content and popularity of Hidden Services by Alex Biryukov, Ivan
     267Pustogarov, and Ralf-Philipp Weinmann from University of
     268Luxembourg [66].
     269
     270  [65] https://lists.torproject.org/pipermail/tor-talk/2013-September/029856.html
     271  [66] http://cryptome.org/2013/09/tor-analysis-hidden-services.pdf
    269272
    270273Tor Help Desk roundup
     
    278281There is absolutely no backdoor in Tor. Tor project members have been
    279282vocal in the past about how tremendously irresponsible it would be to
    280 backdoor our users [XXX]. As it is a frequently asked question,
    281 users have been encouraged to read how the project would respond to
    282 institutional pressure [XXX].
    283 
    284 The Tor project does not have any more facts about NSA’s cryptanalysis 
     283backdoor our users [67]. As it is a frequently asked question, users
     284have been encouraged to read how the project would respond to
     285institutional pressure [68].
     286
     287The Tor project does not have any more facts about NSA’s cryptanalysis
    285288capabilities than what have been published in newspapers. Even if there
    286 is no actual evidence that Tor encryption is actually broken, the
    287 idea is to pace on the safe side by using more trusted algorithms for
    288 the Tor protocols. See above for a more detailed write-up.
    289 
    290   [XXX] https://blog.torproject.org/blog/calea-2-and-tor
    291   [XXX] http://www.torproject.org/docs/faq.html.en#Backdoor
     289is no actual evidence that Tor encryption is actually broken, the idea
     290is to pace on the safe side by using more trusted algorithms for the Tor
     291protocols. See above for a more detailed write-up.
     292
     293  [67] https://blog.torproject.org/blog/calea-2-and-tor
     294  [68] http://www.torproject.org/docs/faq.html.en#Backdoor
    292295
    293296Help the Tor community!
    294297-----------------------
    295298
    296 Tor is about protecting everyone’s freedom and privacy. There are many 
    297 way to help [XXX] but getting involved in such a busy community can be
     299Tor is about protecting everyone’s freedom and privacy. There are many
     300way to help [69] but getting involved in such a busy community can be
    298301daunting. Here's a selection of tasks on which one can get started:
    299302
    300 Get tor to log the source of control port connection [XXX]. It would
    301 help developping controller applications or libraries (like Stem [XXX])
    302 to know which program is responsible for a given access to the control
    303 facilities of the tor daemon. Knowledge required: C programming,
    304 basic understanding of network sockets.
    305 
    306 Diagnose what is currently wrong with Tor Cloud images [XXX]. Tor
    307 Cloud [XXX] is an easy way to deploy bridges and it looks like
    308 the automatic upgrade procedure had troubles. Let's have these
    309 virtual machines be again useful for censored users. Knowledge
    310 required: basic understanding of Ubuntu system administration.
    311 
    312   [XXX] https://www.torproject.org/getinvolved/volunteer.html.en
    313   [XXX] https://trac.torproject.org/projects/tor/ticket/9698
    314   [XXX] https://stem.torproject.org/
    315   [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-September/005417.html
    316   [XXX] https://cloud.torproject.org
     303Get tor to log the source of control port connection [70]. It would help
     304developping controller applications or libraries (like Stem [71]) to
     305know which program is responsible for a given access to the control
     306facilities of the tor daemon. Knowledge required: C programming, basic
     307understanding of network sockets.
     308
     309Diagnose what is currently wrong with Tor Cloud images [72]. Tor
     310Cloud [73] is an easy way to deploy bridges and it looks like the
     311automatic upgrade procedure had troubles. Let's have these virtual
     312machines be again useful for censored users. Knowledge required: basic
     313understanding of Ubuntu system administration.
     314
     315  [69] https://www.torproject.org/getinvolved/volunteer.html.en
     316  [70] https://bugs.torproject.org/9698
     317  [71] https://stem.torproject.org/
     318  [72] https://lists.torproject.org/pipermail/tor-dev/2013-September/005417.html
     319  [73] https://cloud.torproject.org/
    317320
    318321Upcoming events
     
    337340Want to continue reading TWN? Please help us create this newsletter.
    338341We still need more volunteers to watch the Tor community and report
    339 important news. Please see the project page [XXX], write down your
    340 name and subscribe to the team mailing list [XXX] if you want to
     342important news. Please see the project page [74], write down your
     343name and subscribe to the team mailing list [75] if you want to
    341344get involved!
    342345
    343   [XXX] https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
    344   [XXX] https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
     346  [74] https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
     347  [75] https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
    345348}}}
    346349