Changes between Version 60 and Version 61 of TorWeeklyNews/2014/23


Ignore:
Timestamp:
Jun 11, 2014, 1:34:56 PM (5 years ago)
Author:
harmony
Comment:

send

Legend:

Unmodified
Added
Removed
Modified
  • TorWeeklyNews/2014/23

    v60 v61  
    55'''Subject:''' Tor Weekly News — June 11th, 2014
    66
    7 '''Status:''' FROZEN. Only technical and language fixes allowed. New items should go in [wiki:TorWeeklyNews/2014/24 next week's edition]. Expected publication time 2014-06-11 12:00 UTC.
    8 
    9 {{{
    10 ========================================================================
    11 Tor Weekly News                                          June 11th, 2014
    12 ========================================================================
    13 
    14 Welcome to the twenty-third issue of Tor Weekly News in 2014, the weekly
    15 newsletter that covers what is happening in the Tor community.
    16 
    17 Tor Browser 3.6.2 is out
    18 ------------------------
    19 
    20 Version 3.6.2 of the Tor Browser has been released [1], featuring “a fix
    21 to allow the configuration of a local HTTP or SOCKS proxy with all
    22 included Pluggable Transports”, as well as important fixes to mitigate
    23 recent OpenSSL vulnerabilities, among other security updates. All users
    24 are advised to upgrade [2] as soon as possible.
    25 
    26   [1]: https://blog.torproject.org/blog/tor-browser-362-released
    27   [2]: https://www.torproject.org/download/download-easy.html
    28 
    29 The EFF announces its 2014 Tor Challenge
    30 ----------------------------------------
    31 
    32 As part of the wider “Reset the Net” event [3], the Electronic Frontier
    33 Foundation has launched [4] another in its occasional series of Tor
    34 Challenges. The goal of the campaign is to increase the Tor network’s
    35 capacity and diversity by encouraging members of the public to run
    36 relays, and directing them to the legal and technical guidance necessary
    37 to do so.
    38 
    39 So far, over 600 relays have been started (or had their capacity
    40 increased) as part of the campaign: you can see a running total of
    41 relays and bytes transferred on the campaign page [5]. Once you’ve set
    42 up your relay, you can register it on the page (anonymously or credited
    43 to your name); stickers and T-shirts are on offer for those who run
    44 relays of a certain size or for a certain period.
    45 
    46 If you run into trouble setting up your relay, you can also find expert
    47 advice and discussion on the tor-relays mailing list [6] or the #tor
    48 channel on irc.oftc.net.
    49 
    50   [3]: https://blog.torproject.org/blog/reset-net
    51   [4]: https://blog.torproject.org/blog/tor-challenge-2014
    52   [5]: https://www.eff.org/torchallenge/
    53   [6]: https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
    54 
    55 Tor and the “EarlyCCS” bug
    56 --------------------------
    57 
    58 Following April’s much-loved “Heartbleed” bug, another OpenSSL
    59 vulnerability was discovered — nicknamed “EarlyCCS” [7] — that could
    60 have an impact on the security of many internet services, including Tor.
    61 Nick Mathewson explained [8] that although “Tor is comparatively
    62 resilient to having one layer of crypto removed”, it may be affected to
    63 the extent that “an adversary in the position to run a MITM attack on a
    64 Tor client or relay could cause a TLS connection to be negotiated
    65 without real encryption or authentication.”
    66 
    67 Tor users and relay operators should make sure to update their OpenSSL
    68 and Tor packages as soon as possible; those using a system tor (rather
    69 than or in addition to the Tor Browser) should ensure that they restart
    70 it once the updates are installed; otherwise they will not take effect.
    71 
    72   [7]: http://ccsinjection.lepidum.co.jp/
    73   [8]: https://lists.torproject.org/pipermail/tor-talk/2014-June/033161.html
    74 
    75 A new website for the directory archive
    76 ---------------------------------------
    77 
    78 Karsten Loesing announced [9] the new CollecTor service [10], which
    79 spins off the directory archive section from the Metrics [11] portal.
    80 
    81 What’s different? Archive tarballs are now provided in a directory
    82 structure rather than a single directory [12], recently published
    83 descriptors can now be accessed much more easily [13], and the
    84 documentation of descriptor formats [14] has been updated.
    85 
    86 The now obsolete rsync access to metrics-archive and metrics-recent will
    87 be discontinued on August 4, 2014.
    88 
    89   [9]: https://lists.torproject.org/pipermail/tor-dev/2014-June/006942.html
    90  [10]: https://collector.torproject.org/
    91  [11]: https://metrics.torproject.org/
    92  [12]: https://collector.torproject.org/archive/
    93  [13]: https://collector.torproject.org/recent/
    94  [14]: https://collector.torproject.org/formats.html
    95 
    96 More monthly status reports for May 2014
    97 ----------------------------------------
    98 
    99 The wave of regular monthly reports from Tor project members for the
    100 month of May continued, with reports from Karsten Loesing [15], Isis
    101 Lovecruft (who submitted reports for both April [16] and May [17]),
    102 George Kadianakis [18], Nicolas Vigier [19], and Roger Dingledine [20].
    103 
    104 Roger also sent the report for SponsorF [21].
    105 
    106  [15]: https://lists.torproject.org/pipermail/tor-reports/2014-June/000551.html
    107  [16]: https://lists.torproject.org/pipermail/tor-reports/2014-June/000553.html
    108  [17]: https://lists.torproject.org/pipermail/tor-reports/2014-June/000552.html
    109  [18]: https://lists.torproject.org/pipermail/tor-reports/2014-June/000554.html
    110  [19]: https://lists.torproject.org/pipermail/tor-reports/2014-June/000556.html
    111  [20]: https://lists.torproject.org/pipermail/tor-reports/2014-June/000559.html
    112  [21]: https://lists.torproject.org/pipermail/tor-reports/2014-June/000558.html
    113 
    114 Miscellaneous news
    115 ------------------
    116 
    117 The Tails developers formally announced [22] the upcoming Tails
    118 Hackfest, inviting absolutely “anyone interested in making Tails more
    119 usable and more secure” to join them in Paris on the 5th and 6th of July
    120 (immediately after the Tor dev meeting) and “learn about the challenges
    121 faced by Tails, and how you can be part of the solution”. Fuller details
    122 of the venue and timetable can be found on the Tails website [23].
    123 
    124  [22]: https://tails.boum.org/news/Join_us_at_the_Tails_HackFest_2014/
    125  [23]: https://tails.boum.org/blueprint/HackFest_2014_Paris/
    126 
    127 Several of Tor’s Google Summer of Code students submitted their regular
    128 progress reports: Juha Nurmi on the ahmia.fi project [24], Israel Leiva
    129 on the GetTor revamp [25], Amogh Pradeep on the Orbot+Orfox
    130 project [26], Quinn Jarrell on the pluggable transport combiner [27],
    131 Marc Juarez on the link-padding pluggable transport development [28],
    132 Noah Rahman on the Stegotorus refactoring work [29], Sreenatha
    133 Bhatlapenumarthi on the Tor Weather rewrite [30], Daniel Martí on the
    134 implementation of consensus diffs [31], and Mikhail Belous on the
    135 multicore tor daemon [32].
    136 
    137  [24]: https://lists.torproject.org/pipermail/tor-reports/2014-June/000555.html
    138  [25]: https://lists.torproject.org/pipermail/tor-dev/2014-June/006959.html
    139  [26]: https://lists.torproject.org/pipermail/tor-dev/2014-June/006960.html
    140  [27]: https://lists.torproject.org/pipermail/tor-dev/2014-June/006961.html
    141  [28]: https://lists.torproject.org/pipermail/tor-reports/2014-June/000557.html
    142  [29]: https://lists.torproject.org/pipermail/tor-dev/2014-June/006962.html
    143  [30]: https://lists.torproject.org/pipermail/tor-dev/2014-June/006964.html
    144  [31]: https://lists.torproject.org/pipermail/tor-dev/2014-June/006966.html
    145  [32]: https://lists.torproject.org/pipermail/tor-dev/2014-June/006984.html
    146 
    147 Thanks to moparisthebest [33] for running a mirror of the Tor Project
    148 website!
    149 
    150  [33]: https://lists.torproject.org/pipermail/tor-mirrors/2014-June/000612.html
    151 
    152 Roger Dingledine asked [34] the tor-relays mailing list about the
    153 situation of Mac OS X users who would like to run Tor relays, and what
    154 steps should be taken to make it easier for them to do so “now that the
    155 Vidalia bundles are deprecated and hard to find”.
    156 
    157  [34]: https://lists.torproject.org/pipermail/tor-relays/2014-June/004642.html
    158 
    159 Isis Lovecruft has deployed BridgeDB version 0.2.2 [35] which contains
    160 many fixes and translation updates. The email autoresponder should not
    161 reply with empty emails any more.
    162 
    163  [35]: https://gitweb.torproject.org/bridgedb.git/blob_plain/cb8b01bc:/CHANGELOG
    164 
    165 Damian Johnson has written up [36] several ideas regarding a possible
    166 rewrite of the ExoneraTor service [37] in Python.
    167 
    168  [36]: https://lists.torproject.org/pipermail/tor-dev/2014-June/006970.html
    169  [37]: https://exonerator.torproject.org/
    170 
    171 HTTPS is sometimes heavily throttled by censors, making it hard to
    172 download the Tor Browser over an HTTPS link. Israel Leiva is asking for
    173 feedback [38] about making the GetTor email service reply with links to
    174 unencrypted HTTP servers as a work-around.
    175 
    176  [38]: https://lists.torproject.org/pipermail/tor-dev/2014-June/006977.html
    177 
    178 Tor help desk roundup
    179 ---------------------
    180 
    181 The help desk has been asked for information on TorCoin, a proposed
    182 cryptocurrency. TorCoin is not affiliated with or endorsed by the Tor
    183 Project. The Tor Project publishes guidelines on the use of its
    184 trademark to try to prevent confusing uses of the Tor name [39].
    185 
    186  [39]: https://www.torproject.org/docs/trademark-faq.html.en
    187 
    188 Easy development tasks to get involved with
    189 -------------------------------------------
    190 
    191 obfsproxy, the traffic obfuscator, opens the “authcookie” file for each
    192 new incoming connection. George Kadianakis suggests that it should
    193 instead read the file on startup and keep its content in memory during
    194 operation [40]. obfsproxy is written in Python/Twisted. The change
    195 should be pretty small, but if you like finding the right places that
    196 need changing, feel free to look at the ticket and post your patch
    197 there.
    198 
    199  [40]: https://bugs.torproject.org/9822
    200 
    201 Upcoming events
    202 ---------------
    203 
    204 June 11 19:00 UTC | little-t tor development meeting
    205                   | #tor-dev, irc.oftc.net
    206                   | https://lists.torproject.org/pipermail/tor-dev/2014-May/006888.html
    207                   |
    208 June 11 19:00 UTC | Tails contributors meeting
    209                   | #tails-dev, irc.oftc.net
    210                   | https://mailman.boum.org/pipermail/tails-dev/2014-May/005818.html
    211                   |
    212 June 13 15:00 UTC | Tor Browser online meeting
    213                   | #tor-dev, irc.oftc.net
    214                   | https://lists.torproject.org/pipermail/tbb-dev/2014-April/000049.html
    215                   |
    216 June 30 — Aug 4   | Tor’s Summer Dev Meeting
    217                   | Paris, France
    218                   | https://trac.torproject.org/projects/tor/wiki/org/meetings/2014SummerDevMeeting
    219 
    220 
    221 This issue of Tor Weekly News has been assembled by Lunar, harmony, Matt
    222 Pagan, Karsten Loesing, and Roger Dingledine.
    223 
    224 Want to continue reading TWN? Please help us create this newsletter.
    225 We still need more volunteers to watch the Tor community and report
    226 important news. Please see the project page [41], write down your
    227 name and subscribe to the team mailing list [42] if you want to
    228 get involved!
    229 
    230  [41]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
    231  [42]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
    232 }}}
     7'''Status:''' [https://lists.torproject.org/pipermail/tor-news/2014-June/000049.html Sent].