Changes between Version 67 and Version 68 of TorWeeklyNews/2014/13


Ignore:
Timestamp:
Apr 2, 2014, 12:33:42 PM (6 years ago)
Author:
lunar
Comment:

sent

Legend:

Unmodified
Added
Removed
Modified
  • TorWeeklyNews/2014/13

    v67 v68  
    33'''Editor:''' Lunar
    44
    5 '''Status:''' FROZEN. Language and technical fixes only. New items should go in [wiki:TorWeeklyNews/2014/14 next week's edition]. Expected publication time 2014-04-02 12:00 UTC.
    6 
    7 '''Subject:''' Tor Weekly News — April 2nd, 2014
    8 
    9 {{{
    10 ========================================================================
    11 Tor Weekly News                                          April 2nd, 2014
    12 ========================================================================
    13 
    14 Welcome to the thirteenth issue of Tor Weekly News in 2014, the weekly
    15 newsletter that covers what is happening in the Tor community.
    16 
    17 Tor Project website redesign takes two steps forward
    18 ----------------------------------------------------
    19 
    20 Andrew Lewman put out two calls for help with the ongoing Tor Project
    21 website redesign: one for the sponsor page [1], and another for the
    22 download area [2]. Both were immediately met with proposals and design
    23 suggestions from the www-team mailing list: Olssy produced two
    24 mock-ups [3] of the sponsorship page as possible models for further
    25 work, while William Papper and Lance Tuller have been working on a
    26 repository [4] for the download page, with comments from other list
    27 members on topics such as the use of Javascript and possible layout
    28 decisions.
    29 
    30 If you’d like to give the website redesign further momentum, please see
    31 the dedicated project page on the wiki [5] for open tickets and advice
    32 on how to contribute, then come to the www-team mailing list [6] and
    33 join in!
    34 
    35    [1]: https://lists.torproject.org/pipermail/www-team/2014-March/000238.html
    36    [2]: https://lists.torproject.org/pipermail/www-team/2014-March/000249.html
    37    [3]: http://tor.harrytuttle.net/
    38    [4]: https://github.com/wpapper/tor-download-web
    39    [5]: https://trac.torproject.org/projects/tor/wiki/Website
    40    [6]: https://lists.torproject.org/cgi-bin/mailman/listinfo/www-team
    41 
    42 QR codes for bridge addresses
    43 -----------------------------
    44 
    45 Since most pocket computers (sometimes called “phones”) and laptops
    46 began incorporating cameras, QR codes [7] have become a ubiquitous way
    47 to enter short sequences of data into our devices. URLs are the
    48 canonical example, but the process also works for Bitcoin addresses or
    49 OpenPGP fingerprints [8].
    50 
    51 Bridges are the standard tool for circumventing filters that prevent
    52 access to the Tor network. Users currently enter bridge addresses in Tor
    53 by copy/pasting from the BridgeDB web page [9] or auto-responder email.
    54 But manually giving IP addresses and fingerprints to Orbot on
    55 keyboard-less devices is an error-prone process.
    56 
    57 QR codes might be a solution to this problem. They could also enable
    58 peer-to-peer exchange among friends, or circumvention strategies
    59 involving IPv6 addresses and paper. According to Isis Lovecruft, adding
    60 QR codes to the BridgeDB web interface would be easy [10]. Would any
    61 reader feel like hacking Orbot [11] or the Tor Launcher [12] Firefox
    62 extension (see relevant documentation [13] and API [14])?
    63 
    64    [7]: https://en.wikipedia.org/wiki/QR_code
    65    [8]: http://web.monkeysphere.info/monkeysign/
    66    [9]: https://bridges.torproject.org/
    67   [10]: https://bugs.torproject.org/11345
    68   [11]: https://bugs.torproject.org/5096
    69   [12]: https://gitweb.torproject.org/tor-launcher.git
    70   [13]: https://developer.mozilla.org/en-US/docs/WebRTC/taking_webcam_photos
    71   [14]: https://developer.mozilla.org/en-US/docs/Web/API/Navigator.getUserMedia
    72 
    73 Client identification in hidden service applications
    74 ----------------------------------------------------
    75 
    76 Applications behind hidden services currently cannot easily
    77 differentiate between client connections. Tor will make a different
    78 local TCP connection for each connections it receives, but the software
    79 is unable to tell if they are coming from the same circuit. Harry
    80 SeventyOne felt [15] the latter would be useful to enable applications
    81 for diagnostic log analysis, identifying traffic trends, rate-limiting
    82 or temporarily blocking operations coming from the same client.
    83 
    84 Harry sent a very rough patch to the Tor development mailing which
    85 enables circuit distinction by using a different source IP address from
    86 the IPv4 localhost pool (127.0.0.0/8) for each circuit. Nick Mathewson
    87 liked the idea [16] and gave several comments about the preliminary
    88 patch. Hopefully this work will make the life of hidden service
    89 operators easier in the future.
    90 
    91   [15]: https://lists.torproject.org/pipermail/tor-dev/2014-March/006576.html
    92   [16]: https://lists.torproject.org/pipermail/tor-dev/2014-March/006610.html
    93 
    94 Monthly status reports for March 2014
    95 -------------------------------------
    96 
    97 The wave of regular monthly reports from Tor project members for the
    98 month of March has begun. Georg Koppen released his report first [17],
    99 followed by reports from Pearl Crescent [18], Damian Johnson [19],
    100 Sherief Alaa [20], Nick Mathewson [21], Matt Pagan [22], Lunar [23], and
    101 Karsten Loesing [24].
    102 
    103 Lunar also reported help desk statistics [25].
    104 
    105   [17]: https://lists.torproject.org/pipermail/tor-reports/2014-March/000487.html
    106   [18]: https://lists.torproject.org/pipermail/tor-reports/2014-March/000488.html
    107   [19]: https://lists.torproject.org/pipermail/tor-reports/2014-March/000489.html
    108   [20]: https://lists.torproject.org/pipermail/tor-reports/2014-April/000490.html
    109   [21]: https://lists.torproject.org/pipermail/tor-reports/2014-April/000491.html
    110   [22]: https://lists.torproject.org/pipermail/tor-reports/2014-April/000492.html
    111   [23]: https://lists.torproject.org/pipermail/tor-reports/2014-April/000494.html
    112   [24]: https://lists.torproject.org/pipermail/tor-reports/2014-April/000495.html
    113   [25]: https://lists.torproject.org/pipermail/tor-reports/2014-April/000493.html
    114 
    115 Miscellaneous news
    116 ------------------
    117 
    118 An extensive guide to hacking on Tor Browser was posted [26] to the Tor
    119 Project’s wiki by Mike Perry. Among other things, it covers the
    120 browser’s build instructions, design principles and testing procedures,
    121 as well as a summary of how browser team members organize and
    122 communicate. If you’d like to get involved in Tor Browser development,
    123 please take a look!
    124 
    125   [26]: https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Hacking
    126 
    127 Nicholas Hopper followed up [27,28] on George Kadianakis’ research on
    128 switching to a single guard. He used Aaron Johnson’s TorPS simulator to
    129 find out the “typical” bandwidth for a client. The conclusions match
    130 George’s: a single guard and a bandwidth cutoff of 2 Mbit/s would
    131 improve over the current situation. George subsequently sent an initial
    132 draft proposal [29] to start the formal process.
    133 
    134   [27]: https://lists.torproject.org/pipermail/tor-dev/2014-March/006563.html
    135   [28]: https://lists.torproject.org/pipermail/tor-dev/2014-March/006575.html
    136   [29]: https://lists.torproject.org/pipermail/tor-dev/2014-March/006570.html
    137 
    138 BridgeDB version 1.6 was deployed on March 26th [30]. Thanks to Isis
    139 Lovecruft, users should now be able to solve the CAPTCHA again [31]. A
    140 custom solution is now used instead of Google’s reCAPTCHA services which
    141 will give more flexibility in the future.
    142 
    143   [30]: https://gitweb.torproject.org/bridgedb.git/commit/f266f32
    144   [31]: https://trac.torproject.org/projects/tor/ticket/10809
    145 
    146 John Brooks presented [32] Torsion, “a ready-to-use hidden service
    147 instant messaging client”. “I’m looking for people to try it out,
    148 validate my ideas and implementation, and help plan the future”, wrote
    149 John. You can consult the design documentation and build instructions on
    150 Github [33]; please share your comments with the community!
    151 
    152   [32]: https://lists.torproject.org/pipermail/tor-talk/2014-March/032476.html
    153   [33]: https://github.com/special/torsion
    154 
    155 Martin Weinelt shared [34] a plugin [35] that generates graphs in the
    156 Munin network monitoring tool [36] from data provided by Tor, using
    157 Stem [37]. “At the moment it supports a connection graph, getting its
    158 data from orconn-status. More graphs are possible, but not yet
    159 implemented. Ideas are welcome,” wrote Martin.
    160 
    161   [34]: https://lists.torproject.org/pipermail/tor-relays/2014-March/004168.html
    162   [35]: https://github.com/mweinelt/munin-tor
    163   [36]: http://munin-monitoring.org/
    164   [37]: https://stem.torproject.org/
    165 
    166 Amid the ongoing censorship of internet services in Turkey, there were
    167 reports that the Tor Project’s website was unavailable over connections
    168 supplied by some Turkish ISPs [38]. Feel free to try one of the
    169 mirrors [39]!
    170 
    171   [38]: https://lists.torproject.org/pipermail/tor-talk/2014-March/032487.html
    172   [39]: https://www.torproject.org/getinvolved/mirrors.html
    173 
    174 Karsten Loesing published [40] a draft of a guide [41] to running a blog
    175 over a Tor hidden service using the Jekyll static site generator [42].
    176 “The intended audience are bloggers who can handle a terminal window but
    177 who don’t know the typical pitfalls of securely setting up a web server
    178 over a hidden service”, he wrote. However, the guide is in its first
    179 stages, and “may contain severe problems harming your privacy!” Feedback
    180 on its content, wording, and layout would be greatly appreciated.
    181 
    182   [40]: https://lists.torproject.org/pipermail/tor-dev/2014-March/006602.html
    183   [41]: http://csxeeumg5ynu2rk7.onion/
    184   [42]: http://jekyllrb.com/
    185 
    186 Yawning Angel called [43] for help with testing obfsclient-0.0.2 [44], a
    187 C++ implementation of the obfs3 and ScrambleSuit pluggable transports:
    188 “This is mostly a bug fix release that addresses issues found in
    189 testing/actual use […] Questions, comments, feedback appreciated as
    190 always.”
    191 
    192   [43]: https://lists.torproject.org/pipermail/tor-dev/2014-March/006592.html
    193   [44]: https://github.com/Yawning/obfsclient/archive/v0.0.2.tar.gz
    194 
    195 Michael Rogers has been “working on a messaging app that uses Tor hidden
    196 services to provide unlinkability (from the point of view of a network
    197 observer) between users and their contacts”. But as “users know who
    198 their contacts are”, the mutual anonymity provided by hidden services is
    199 not a requirement. Michael asked [45] how hidden services performance
    200 could be improved for this use case.
    201 
    202   [45]: https://lists.torproject.org/pipermail/tor-dev/2014-March/006572.html
    203 
    204 On the Tor Blog, Sukhbir Singh posted [46] a round-up of the various
    205 methods by which users can download and run the Tor Browser, covering
    206 download mirrors, GetTor, bridge address distribution, and pluggable
    207 transports usage. If you’re having trouble acquiring or using a copy of
    208 the Tor Browser, please look here for links and guidance.
    209 
    210   [46]: https://blog.torproject.org/blog/ways-get-tor-browser-bundle
    211 
    212 Mike Perry discovered [47] “that the Linux kernel appears to have a leak
    213 in how it applies transproxy rules to the TCP CLOSE_WAIT shutdown
    214 condition under certain circumstances”. Be sure to look at Mike’s email
    215 if you use Tor’s TransProxy feature. velope later improved [48] the
    216 original mitigating firewall rule.
    217 
    218   [47]: https://lists.torproject.org/pipermail/tor-talk/2014-March/032503.html
    219   [48]: https://lists.torproject.org/pipermail/tor-talk/2014-March/032507.html
    220 
    221 As part of the ongoing project to rewrite the Tor Weather service,
    222 Sreenatha Bhatlapenumarthi and Karsten Loesing collaborated [49] to
    223 produce a Python script that enables it to determine whether or not
    224 relay operators have fulfilled the requirements [50] for a free Tor
    225 T-shirt.
    226 
    227   [49]: https://bugs.torproject.org/9889
    228   [50]: https://www.torproject.org/getinvolved/tshirt
    229 
    230 Lukas Erlacher announced the avaibility of OnionPy [51], “a Python
    231 wrapper for OnionOO with support for transparently caching OnionOO
    232 replies in memcached”. It should be useful to the on-going rewrite of
    233 the Tor Weather service [52].
    234 
    235   [51]: https://lists.torproject.org/pipermail/tor-dev/2014-March/006603.html
    236   [52]: https://weather.torproject.org/
    237 
    238 The deadline for submissions to the Tails logo contest passed on March
    239 31st; you can review all of the proposed designs, from the minimalist to
    240 the psychedelic, on the Tails website [53].
    241 
    242   [53]: https://tails.boum.org/blueprint/logo/
    243 
    244 Tor help desk roundup
    245 ---------------------
    246 
    247 The help desk often gets confusing reports that after being directed to
    248 download the latest Tor Browser version by a flashing TorBrowserButton,
    249 users still sometimes see a message that their Tor Browser is out of
    250 date. This happens when the new Tor Browser version was installed over
    251 the previous one. Fortunately the underlying bug [54] will be fixed in
    252 the next Tor Browser release. We recommend extracting each Tor Browser
    253 update to an empty directory rather than overwriting the old one, to
    254 prevent similar unexpected behaviors. The longer-term solution for
    255 issues like this is an auto-updating Tor Browser [55].
    256 
    257   [54]: https://bugs.torproject.org/11242
    258   [55]: https://bugs.torproject.org/4234
    259 
    260 News from Tor StackExchange
    261 ---------------------------
    262 
    263 saurav wanted to know the total bandwidth of all guard nodes in the
    264 current network [56]. gacar pointed to the bandwidth.csv file [57] and
    265 explained the format of the file.
    266 
    267   [56]: https://tor.stackexchange.com/q/1824/88
    268   [57]: https://metrics.torproject.org/stats/bandwidth.csv
    269 
    270 Tor’s StackExchange site is doing a self-evaluation [58]. If you have an
    271 account, please log in and evaluate the questions as well as their
    272 answers. It helps to improve the answers and the site in general.
    273 
    274 Furthermore, if you happen to visit the site, check the list of
    275 unanswered questions [59]. If you know an answer, please share your
    276 knowledge with the people.
    277 
    278   [58]: https://tor.stackexchange.com/review/site-eval
    279   [59]: https://tor.stackexchange.com/unanswered
    280 
    281 Upcoming events
    282 ---------------
    283 
    284 April 1-4        | Civil Rights Defenders’ Days
    285                  | Stockholm, Sweden
    286                  | http://defendersdays.civilrightsdefenders.org/
    287                  |
    288 Apr  2 19:00 UTC | little-t tor development meeting
    289                  | #tor-dev, irc.oftc.net
    290                  | https://lists.torproject.org/pipermail/tor-dev/2014-March/006616.html
    291                  |
    292 Apr  4 17:00 UTC | Pluggable transports online meeting
    293                  | #tor-dev, irc.oftc.net
    294                  |
    295 Apr  4 18:00 UTC | Tor Browser online meeting
    296                  | #tor-dev, irc.oftc.net
    297                  | https://lists.torproject.org/pipermail/tbb-dev/2014-March/000026.html
    298                  |
    299 Apr  9 20:00 UTC | Tails contributors meeting
    300                  | #tails-dev, irc.oftc.net
    301                  | https://mailman.boum.org/pipermail/tails-dev/2014-March/005267.html
    302                  |
    303 Apr 10 10:00 EDT | Andrew speaking at F.ounders NYC
    304                  | New York City, New York, USA
    305                  | http://f.ounders.com/
    306 
    307 
    308 This issue of Tor Weekly News has been assembled by Lunar, harmony,
    309 David Fifield, Matt Pagan, qbi and Karsten Loesing.
    310 
    311 Want to continue reading TWN? Please help us create this newsletter.
    312 We still need more volunteers to watch the Tor community and report
    313 important news. Please see the project page [60], write down your
    314 name and subscribe to the team mailing list [61] if you want to
    315 get involved!
    316 
    317   [60]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
    318   [61]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
    319 }}}
     5'''Status:''' [https://lists.torproject.org/pipermail/tor-news/2014-April/000039.html Sent]!