Changes between Version 50 and Version 51 of TorWeeklyNews/2014/25


Ignore:
Timestamp:
Jun 25, 2014, 1:32:05 PM (5 years ago)
Author:
lunar
Comment:

sent!

Legend:

Unmodified
Added
Removed
Modified
  • TorWeeklyNews/2014/25

    v50 v51  
    33'''Editor:''' Lunar
    44
    5 '''Status:''' Frozen. Technical and languages fixes only. New items should go to [wiki:TorWeeklyNews/2014/26 next week's edition]. Expected publication time 2014-06-25 12:00 UTC
    6 
    7 '''Subject:''' Tor Weekly News — June 25th, 2014
    8 
    9 {{{
    10 ========================================================================
    11 Tor Weekly News                                          June 25th, 2014
    12 ========================================================================
    13 
    14 Welcome to the twenty-fifth issue of Tor Weekly News in 2014, the weekly
    15 newsletter that covers what is happening in the community around Tor,
    16 the “fine-meshed net” [1].
    17 
    18    [1]: https://lists.torproject.org/pipermail/tor-talk/2014-June/033358.html
    19 
    20 Tor 0.2.5.5-alpha is out
    21 ------------------------
    22 
    23 Tor 0.2.5.5-alpha was released [2], fixing “a wide variety of remaining
    24 issues in the Tor 0.2.5.x release series, including a couple of DoS
    25 issues, some performance regressions, a large number of bugs affecting
    26 the Linux seccomp2 sandbox code, and various other bugfixes”, in Nick
    27 Mathewson’s words. Among the major security improvements is an
    28 adjustment to the way Tor decides when to close TLS connections, which
    29 “should improve Tor’s resistance against some kinds of traffic analysis,
    30 and lower some overhead from needlessly closed connections”.
    31 
    32 You can download the source tarball [3], or install the package by
    33 following the instructions for your system [4]. This release is also now
    34 available in the Debian [5] and Tor Project [6] repositories.
    35 
    36    [2]: https://lists.torproject.org/pipermail/tor-talk/2014-June/033347.html
    37    [3]: https://www.torproject.org/dist/
    38    [4]: https://www.torproject.org/docs/installguide
    39    [5]: http://packages.qa.debian.org/t/tor/news/20140619T120436Z.html
    40    [6]: https://www.torproject.org/docs/debian.html.en#development
    41 
    42 Debian Wheezy’s tor version to be updated
    43 -----------------------------------------
    44 
    45 Following a suggestion by Peter Palfrader [7], Debian developers are
    46 preparing to update the version of tor found in the Debian stable
    47 repositories from 0.2.3.25 to 0.2.4.22. Among the chief motives for
    48 doing so is that “about a quarter of the Tor network (just considering
    49 the relays, not any clients), is on 0.2.3.25, presumably because they
    50 run Debian stable. If they all upgraded to the 0.2.4.x tree, the
    51 network as a whole would become a lot more secure as 0.2.4.x allows
    52 clients to use stronger crypto for connections built through these
    53 nodes.” Other benefits, including the various measures taken to defend
    54 against OpenSSL vulnerabilities discovered earlier this year, make this
    55 an attractive proposal.
    56 
    57 The update [8] will be shipped in the forthcoming point release (7.6) of
    58 Debian Wheezy, on July 12th.
    59 
    60    [7]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751977
    61    [8]: https://lists.debian.org/debian-changes/2014/06/msg00072.html
    62 
    63 Miscellaneous news
    64 ------------------
    65 
    66 Building on the May release of experimental Tor Browsers hardened with
    67 AddressSanitizer (ASan) [9], Georg Koppen announced [10] a new set of
    68 experimental Linux builds that include both AddressSanitizer and
    69 Undefined Behaviour Sanitizer (UBSan), asking for testing and feedback.
    70 See Georg’s message for download and build instructions, as well as a
    71 couple of known issues.
    72 
    73    [9]: https://lists.torproject.org/pipermail/tor-qa/2014-May/000414.html
    74   [10]: https://lists.torproject.org/pipermail/tor-qa/2014-June/000428.html
    75 
    76 Nick Mathewson reminded [11] Tor users, relay operators, and especially
    77 hidden service administrators that tor’s 0.2.2 series is no longer
    78 supported, and many features will soon stop working entirely; if you are
    79 affected, then please upgrade!
    80 
    81   [11]: https://lists.torproject.org/pipermail/tor-talk/2014-June/033376.html
    82 
    83 Several of Tor’s Google Summer of Code students submitted their regular
    84 progress reports: Daniel Martí on the implementation of consensus
    85 diffs [12], Mikhail Belous on the multicore tor daemon [13], Juha Nurmi
    86 on the ahmia.fi project [14], Zack Mullaly on the HTTPS Everywhere
    87 secure ruleset update mechanism [15], Amogh Pradeep on the Orbot+Orfox
    88 project [16], Sreenatha Bhatlapenumarthi on the Tor Weather
    89 rewrite [17], Marc Juarez on the link-padding pluggable transport
    90 development [18], Israel Leiva on the GetTor revamp [19], Quinn Jarrell
    91 on the pluggable transport combiner [20], Kostas Jakeliunas on the
    92 BridgeDB Twitter Distributor [21], and Noah Rahman on Stegotorus
    93 security enhancement [22].
    94 
    95   [12]: https://lists.torproject.org/pipermail/tor-dev/2014-June/007030.html
    96   [13]: https://lists.torproject.org/pipermail/tor-dev/2014-June/007034.html
    97   [14]: https://lists.torproject.org/pipermail/tor-reports/2014-June/000564.html
    98   [15]: https://lists.eff.org/pipermail/https-everywhere/2014-June/002147.html
    99   [16]: https://lists.torproject.org/pipermail/tor-dev/2014-June/007036.html
    100   [17]: https://lists.torproject.org/pipermail/tor-dev/2014-June/007037.html
    101   [18]: https://lists.torproject.org/pipermail/tor-reports/2014-June/000567.html
    102   [19]: https://lists.torproject.org/pipermail/tor-dev/2014-June/007039.html
    103   [20]: https://lists.torproject.org/pipermail/tor-dev/2014-June/007040.html
    104   [21]: https://lists.torproject.org/pipermail/tor-dev/2014-June/007041.html
    105   [22]: https://lists.torproject.org/pipermail/tor-dev/2014-June/007043.html
    106 
    107 Researchers from the Internet Geographies project at the Oxford Internet
    108 Institute produced a cartogram [23] of Tor users by country, using
    109 archived data freely available from the Tor Project’s own Metrics
    110 portal [24], along with an analysis of the resulting image. “As ever
    111 more governments seek to control and censor online activities, users
    112 face a choice to either perform their connected activities in ways that
    113 adhere to official policies, or to use anonymity to bring about a freer
    114 and more open Internet”, they conclude.
    115 
    116   [23]: http://geography.oii.ox.ac.uk/?page=tor
    117   [24]: https://metrics.torproject.org
    118 
    119 Andrew Lewman reported [25] that users with email addresses at Yahoo and
    120 AOL have been removed from the tor-relays mailing list [26], as these
    121 addresses have been bouncing list emails.
    122 
    123   [25]: https://lists.torproject.org/pipermail/tor-relays/2014-June/004752.html
    124   [26]: https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
    125 
    126 Thanks to the FoDT.it webteam [27] and Maxanoo [28] for running mirrors
    127 of the Tor Project’s website!
    128 
    129   [27]: https://lists.torproject.org/pipermail/tor-mirrors/2014-June/000617.html
    130   [28]: https://lists.torproject.org/pipermail/tor-mirrors/2014-June/000619.html
    131 
    132 fr33tux shared [29] the slides [30] for a French-language presentation
    133 on Tor, delivered at Université de technologie Belfort-Montbéliard. The
    134 source code (in the LaTeX markup language) is also available [31]: “feel
    135 free to borrow whatever you want from it!”
    136 
    137   [29]: https://lists.torproject.org/pipermail/tor-talk/2014-June/033337.html
    138   [30]: http://fr33tux.org/data/prez.pdf
    139   [31]: http://git.fr33tux.org/conference_tor_utbm.git
    140 
    141 Thanks to Ximin Luo, the server component of Flashproxy [32] is now
    142 available in Debian [33] in the “pt-websocket” package.
    143 
    144   [32]: https://crypto.stanford.edu/flashproxy/
    145   [33]: https://packages.debian.org/sid/pt-websocket
    146 
    147 A couple of weeks ago, Roger Dingledine wondered “how many relays are
    148 firewalling certain outbound ports (and thus messing with connectivity
    149 inside the Tor network)”. ra has just published the results [34] of a
    150 three-week-long test of the interconnectivity between 6730 relays.
    151 Contacting the operators of problematic relays is probably the next step
    152 for those who wish to keep the network at its best.
    153 
    154   [34]: https://bugs.torproject.org/12131#comment:11
    155 
    156 George Kadianakis slipped on his storyteller costume to guide us [35]
    157 through layers of the Tor core, motivated by the quest for knowledge.
    158 That accursed riddle, “Why does Roger have so many guards?”, now has an
    159 answer. Be prepared for a “beautiful stalagmite” and the “truly amazing”
    160 nature of Tor!
    161 
    162   [35]: https://lists.torproject.org/pipermail/tor-dev/2014-June/007042.html
    163 
    164 Tor help desk roundup
    165 ---------------------
    166 
    167 If the Tor Browser stalls while “loading the network status”, please
    168 double-check that the system clock is accurate; the same goes for the
    169 timezone and daylight saving time settings. Tor needs an accurate clock
    170 in order to prevent several classes of attacks on its protocol. It won’t
    171 work properly when the local time does not match the one used by other
    172 network participants.
    173 
    174 Easy development tasks to get involved with
    175 -------------------------------------------
    176 
    177 When the tor daemon is configured to open a SOCKS port on a public
    178 address, it warns about this possible configuration problem twice: once
    179 when it reads the configuration file, and a second time when it opens
    180 the listener. One warning should be enough. We had a friendly volunteer
    181 two years ago who sketched out possible fixes and even wrote a patch,
    182 but then concluded that his patch had a problem and went away. If you’re
    183 up to some digging into tor’s configuration file handling, and want to
    184 clean up a two-year-old patch potentially to be included in tor 0.2.6,
    185 please find the details in the ticket [36]. It’s tagged as easy, so how
    186 hard can it be?
    187 
    188   [36]: https://bugs.torproject.org/4019
    189 
    190 Upcoming events
    191 ---------------
    192 
    193 June 25 19:00 UTC | little-t tor development meeting
    194                   | #tor-dev, irc.oftc.net
    195                   | https://lists.torproject.org/pipermail/tor-dev/2014-May/006888.html
    196                   |
    197 June 27 15:00 UTC | Tor Browser online meeting
    198                   | #tor-dev, irc.oftc.net
    199                   | https://lists.torproject.org/pipermail/tbb-dev/2014-April/000049.html
    200                   |
    201  June 30 — July 4 | Tor’s Summer Dev Meeting
    202                   | Paris, France
    203                   | https://trac.torproject.org/projects/tor/wiki/org/meetings/2014SummerDevMeeting
    204                   |
    205         July 5-11 | Lunar @ Libre Software Meeting 2014
    206                   | Montpellier, France
    207                   | https://2014.rmll.info/?lang=en
    208 
    209 
    210 This issue of Tor Weekly News has been assembled by harmony, Lunar,
    211 Matt Pagan, Karsten Loesing, and Roger Dingledine.
    212 
    213 Want to continue reading TWN? Please help us create this newsletter.
    214 We still need more volunteers to watch the Tor community and report
    215 important news. Please see the project page [37], write down your
    216 name and subscribe to the team mailing list [38] if you want to
    217 get involved!
    218 
    219   [37]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
    220   [38]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
    221 }}}
     5'''Status:''' [https://lists.torproject.org/pipermail/tor-news/2014-June/000051.html Sent!]