Changes between Version 63 and Version 64 of TorWeeklyNews/2014/2


Ignore:
Timestamp:
Jan 21, 2014, 8:38:16 AM (5 years ago)
Author:
dope457
Comment:

sent

Legend:

Unmodified
Added
Removed
Modified
  • TorWeeklyNews/2014/2

    v63 v64  
    33'''Editor:''' Lunar
    44
    5 '''Status:''' FROZEN! Only language and technical fixes allowed. New topics should go to [wiki:TorWeeklyNews/2014/3 next week's edition]. Expected publication time 2014-01-15 12:00 UTC.
    6 
    7 '''Subject:''' Tor Weekly News — January 15th, 2014
    8 
    9 {{{
    10 ========================================================================
    11 Tor Weekly News                                       January 15th, 2014
    12 ========================================================================
    13 
    14 Welcome to the second issue in 2014 of Tor Weekly News, the weekly
    15 newsletter that covers what is happening in the Tor community.
    16 
    17 Orbot 13 is out
    18 ---------------
    19 
    20 Orbot [1] — the Guardian Project's port of Tor on Android platforms —
    21 has received a major update [2]. Version 13 includes “all the latest
    22 bling across the board” meaning Tor 0.2.4.20 and updated versions of
    23 OpenSSL and XTables. Nathan also mentions “some important fixes to the
    24 Orbot service, to ensure it remains running in the background, and the
    25 active notification keeps working, as well. Finally, we've changed the
    26 way the native binaries are installed, making it more reliable and clean
    27 across devices.”
    28 
    29 After the initial release candidates, 13.0.1 [3], 13.0.2 and then 13.0.3
    30 were quickly made available to fix various reported issues.
    31 
    32 The new release is available from the Guardian Project's website [4],
    33 F-Droid repository or Google Play.
    34 
    35    [1] https://guardianproject.info/apps/orbot/
    36    [2] https://lists.mayfirst.org/pipermail/guardian-dev/2014-January/002973.html
    37    [3] https://lists.mayfirst.org/pipermail/guardian-dev/2014-January/003016.html
    38    [4] https://guardianproject.info/releases/
    39 
    40 Who are the Tor Project's website visitors?
    41 -------------------------------------------
    42 
    43 Last week's call for help regarding the Tor Project's website [5] has
    44 seen a pretty impressive response. Discussions then quickly sparkled on
    45 the newly created mailing list [6].
    46 
    47 As one of the first concrete outcomes, Rey Dhuny contributed an initial
    48 set of “personas”, later improved by Max Jakob Maass, Silviu Riley with
    49 suggestions from others. Quoting Wikipedia [7]: “personas are fictional
    50 characters created to represent the different user types within a
    51 targeted demographic, attitude and/or behavior set that might use a
    52 site, brand or product in a similar way.”
    53 
    54 One can have a look at the wiki page [8] to learn more about the seven
    55 different users of the Tor website that have been currently identified:
    56 The Student, The Journalist, The Researcher, The Donor, The Engineer,
    57 The Activist, The Dissident. These personas should probably be further
    58 refined, but are already a very useful tool to think about how to
    59 structure a new website.
    60 
    61 For anyone interested in following the effort, Andrew Lewman has spent
    62 time triaging all website related tickets [9] and setting up a new
    63 milestone [10] to keep tabs on tasks and issues.
    64 
    65    [5] https://blog.torproject.org/blog/tor-website-needs-your-help
    66    [6] https://lists.torproject.org/cgi-bin/mailman/listinfo/www-team
    67    [7] https://en.wikipedia.org/wiki/Persona_%28user_experience%29
    68    [8] https://trac.torproject.org/projects/tor/wiki/Website#Personas
    69    [9] https://trac.torproject.org/projects/tor/report/45
    70   [10] https://trac.torproject.org/projects/tor/milestone/Tor%20Website%203.0
    71 
    72 Let's save Tor Weather!
    73 -----------------------
    74 
    75 The Tor network would not exist without all its volunteers — currently more than
    76 3,000 all around the world — who run the 5,000+ relays anonymizing our
    77 connections.
    78 
    79 Tor Weather is one of these small services run by the Tor Project that is meant
    80 to make the life of relay operators easier. It can warn them when their
    81 relay is down or when a new version of tor is available… and when they can
    82 receive the rewarding t-shirt [11]. Unfortunately, Tor Weather has been
    83 unmaintained for quite a while, and issues have accumulated [12] over time.
    84 
    85 Karsten Loesing has sent a call for help [13] for suggestions on how the code
    86 can be simplified and improved. Abhiram Chintangal and Norbert Kurz have
    87 already stated their interests. Coordination is done through the tor-dev
    88 mailing list [14] and a design wiki page [15]. Join them if you are up to
    89 some Python hacking or spiffing up the web interface!
    90 
    91   [11] https://www.torproject.org/getinvolved/tshirt.html
    92   [12] https://trac.torproject.org/projects/tor/query?component=Tor+Weather&order=status
    93   [13] https://lists.torproject.org/pipermail/tor-dev/2014-January/006039.html
    94   [14] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
    95   [15] https://trac.torproject.org/projects/tor/wiki/doc/weather-in-2014
    96 
    97 More monthly status reports for December 2013
    98 ---------------------------------------------
    99 
    100 The wave of regular monthly reports from Tor project members for the
    101 month of December 2013 continued this week as well with the extended
    102 report form the Tails team [16] followed by reports from George
    103 Kadianakis [17], Kevin P Dyer [18], and Andrew Lewman [19].
    104 
    105   [16] https://tails.boum.org/news/report_2013_12/
    106   [17] https://lists.torproject.org/pipermail/tor-reports/2014-January/000427.html
    107   [18] https://lists.torproject.org/pipermail/tor-reports/2014-January/000428.html
    108   [19] https://lists.torproject.org/pipermail/tor-reports/2014-January/000430.html
    109 
    110 Miscellaneous news
    111 ------------------
    112 
    113 The Tails team has put out a call for testing the first release
    114 candidate for Tails 0.22.1 [20]. The new version will bring several
    115 bugfixes, an updated kernel, and many improvements to the upgrader
    116 application.
    117 
    118   [20] https://tails.boum.org/news/test_0.22.1-rc1/
    119 
    120 Directory authorities are in the process [21] of upgrading their
    121 directory signing key to RSA 2048. This has been done for five out of
    122 nine authorities [22]. The changes might result in some temporary error
    123 messages in logs of Tor relays, as it did [23] when “gabelmoo” [24]
    124 changed its key on January 11th.
    125 
    126   [21] https://bugs.torproject.org/10324
    127   [22] https://people.torproject.org/~linus/sign2048.html
    128   [23] https://lists.torproject.org/pipermail/tor-relays/2014-January/003592.html
    129   [24] https://atlas.torproject.org/#details/7EA6EAD6FD83083C538F44038BBFA077587DD755
    130 
    131 Nicolas Vigier has sent a proposal [25] about replacing the current
    132 Gitian-based build system for the Tor Browser Bundle by a system based
    133 on burps [26]. Nicolas also worked on a prototype [27] to go with his
    134 proposal.
    135 
    136   [25] https://lists.torproject.org/pipermail/tor-dev/2014-January/006047.html
    137   [26] http://burps.boklm.eu/
    138   [27] https://github.com/boklm/burps-tor
    139 
    140 Nick Mathewson mentioned [28] that the “Sniper Attack” paper [29] by Rob
    141 Jansen, Florian Tschorsch, Aaron Johnson, and Björn Scheuermann is now
    142 available. This paper describes serious Denial of Service attacks
    143 through memory exhaustion. The issue is fixed “thanks to advice from
    144 the paper's authors, in Tor 0.2.4.x and later”.
    145 
    146   [28] https://lists.torproject.org/pipermail/tor-dev/2014-January/006038.html
    147   [29] http://www-users.cs.umn.edu/~jansen/papers/sniper-ndss2014.pdf
    148 
    149 In order to prevent attacks [30] on hidden services based on predicting
    150 which directory will be used, directory authorities need to periodically
    151 produce shared unpredictable random strings. To address the issue,
    152 Nicholas Hopper has sent “a threshold signature-based proposal for a
    153 shared RNG” [31] which is now up for reviews.
    154 
    155   [30] https://bugs.torproject.org/8244
    156   [31] https://lists.torproject.org/pipermail/tor-dev/2014-January/006053.html
    157 
    158 The next session of low-hanging fruits for Tails will happen [32] on
    159 February 8th in the #tails IRC channel OFTC at 10:00 CET.
    160 
    161   [32] https://tails.boum.org/contribute/meetings/201401/
    162 
    163 Thanks to stalkr.net [33], Maki Hoshisawa [34] and cYbergueRrilLa
    164 AnonyMous NeXus [35] for running new mirrors of the Tor Project website.
    165 
    166   [33] https://lists.torproject.org/pipermail/tor-mirrors/2014-January/000439.html
    167   [34] https://lists.torproject.org/pipermail/tor-mirrors/2014-January/000442.html
    168   [35] https://lists.torproject.org/pipermail/tor-mirrors/2014-January/000443.html
    169 
    170 Jaromil announced [36] the release of Dowse [37], “a transparent proxy
    171 setup supporting Tor”. One feature is that it detects “all URLs whose
    172 domain ends in .onion, routing them directly to Tor, effectively making
    173 the onion network accessible without any plugin or software installed.”
    174 The transport proxy approach has known issues [38] but can still be of
    175 interest to some users. Jaromil is seeking feedback and opinions from
    176 the community.
    177 
    178   [36] https://lists.torproject.org/pipermail/tor-talk/2014-January/031632.html
    179   [37] http://dyne.org/software/dowse
    180   [38] https://lists.torproject.org/pipermail/tor-talk/2013-July/028833.html
    181 
    182 Microsoft's Geoff McDonald wrote a blog post [39] describing how they
    183 have helped remove half of the estimated four millions of Tor
    184 clients [40] installed by the Sefnit botnet without the computer owner's
    185 knowledge.
    186 
    187   [39] https://blogs.technet.com/b/mmpc/archive/2014/01/09/tackling-the-sefnit-botnet-tor-hazard.aspx
    188   [40] https://blog.torproject.org/blog/how-to-handle-millions-new-tor-clients
    189 
    190 Koumbit has been working on Torride [41], a live distribution to run Tor
    191 relays — not unlike Tor-ramdisk [42] — but based on Debian. Version
    192 1.1.0 has been released [43] on January 10th.
    193 
    194   [41] https://redmine.koumbit.net/projects/torride
    195   [42] http://opensource.dyc.edu/tor-ramdisk/
    196   [43] https://redmine.koumbit.net/news/17
    197 
    198 Tor help desk roundup
    199 ---------------------
    200 
    201 Many users have been emailing for clarification on Tor Browser's
    202 interface. The first time Tor Browser is started, users are asked if
    203 their network is free of obstacles. Many users do not know if their
    204 network is free of obstacles or not. A network is free of obstacles
    205 if it does not censor connections to the Tor network. Ticket #10610 [44]
    206 has been opened to discuss possible improvements.
    207 
    208 A number of users have reported problems using the Tor Browser in
    209 Backtrack Linux. Backtrack is unusual among Linux distributions in which
    210 the user can only log in as root; there are no other user accounts. The
    211 Tor Browser cannot be run as root. One solution for Backtrack users is
    212 to create a new account with the `useradd` command and then run the Tor
    213 Browser as that user with the `sudo` command.
    214 
    215   [44] https://bugs.torproject.org/10610
    216 
    217 Upcoming events
    218 ---------------
    219 
    220 Feb 1-2   | Tor @ FOSDEM
    221           | Brussels, Belgium
    222           | https://fosdem.org/2014/
    223           |
    224 April 11  | Roger @ George Mason University
    225           | Washington, DC, USA
    226           | http://today.gmu.edu/64330/
    227 
    228 
    229 This issue of Tor Weekly News has been assembled by Lunar, Matt Pagan,
    230 dope457, Sandeep, Karsten Loesing, Nicolas Vigier, Philipp Winter and
    231 the Tails developers.
    232 
    233 Tor Weekly News needs reviewers! 24 hours before being
    234 published, the content of the next newsletter is frozen so there
    235 is time to improve the language. We are really missing native or
    236 good English speakers who could spend just about 20 minutes
    237 each week. See the project page [45], and subscribe to the team
    238 mailing list [46] if you want to get involved!
    239 
    240   [45] https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
    241   [46] https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
    242 }}}
     5'''Status:''' [https://lists.torproject.org/pipermail/tor-news/2014-January/000028.html Sent]