wiki:TorWeeklyNews/2014/9

Version 43 (modified by lunar, 7 years ago) (diff)

another item… gosh

35th issue of Tor Weekly News. Covering what's happening from February 25th, 2014 to March 4th, 2014. To be released on March 5th, 2014.

Editor: Lunar

Subject: Tor Weekly News — March 5th, 2014

========================================================================
Tor Weekly News                                          March 5th, 2014
========================================================================

Welcome to the ninth issue of Tor Weekly News in 2014, the weekly
newsletter that covers what is happening in the XXX Tor community.

Tor 0.2.4.21 is out
-------------------

Roger Dingledine announced [XXX] the release of Tor 0.2.4.21, whose
major new feature is the forced inclusion of at least one NTor-capable
relay in any given three-hop circuit as a defence against adversaries
who might be able to break 1024-bit encryption; this feature was first
seen in the latest alpha release (0.2.5.2-alpha) three weeks ago [XXX],
but is here incorporated into the current stable series.

You can find full details of this release’s other features and bugfixes
in Roger’s announcement.

 [XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-March/032242.html
 [XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-February/032150.html

Tor in Google Summer of Code 2014
---------------------------------

As has been the case over the past several years, Tor will once again
be participating [XXX] in Google’s annual Summer of Code program —
aspiring software developers have the chance to work on a Tor-related
project with financial assistance from Google and expert guidance from a
core Tor Project member. Several prospective students have already
contacted the community with questions about the program, and Damian
Johnson took to the Tor Blog [XXX] to give a brief summary of what
students can expect from the Summer of Code, and what the Tor Project
expects from its students.

In particular, Damian encouraged potential applicants to discuss their
ideas with the community on the tor-dev mailing list or IRC channel
before submitting an application: “Communication is essential to success
in the summer of code, and we’re unlikely to accept students we haven’t
heard from before reading their application.”

If you are hoping to contribute to Tor as part of the Summer of Code
program, please have a look through Damian’s advice and then, as he
says, “come to the list or IRC channel and talk to us!”

 [XXX]: https://www.google-melange.com/gsoc/org2/google/gsoc2014/tor
 [XXX]: https://blog.torproject.org/blog/tor-google-summer-code-2014

Two ways to help with Tails development
---------------------------------------

One of the most interesting upcoming additions to the Tails operating
system is the ability to thwart attempts at tracking the movements
of network-enabled devices by spoofing the MAC address on each boot.
As part of the testing process for this new feature, the Tails
developers have released [XXX] an experimental disk image which
turns it on by default, alongside a step-by-step guide to trying it
out and reporting any issues encountered. However, as the developers
state, “this is a test image. Do not use it for anything other than
testing this feature.” If you are willing to take note of this caveat,
please feel free to download the test image and let the community
know what you find.

Turning to the longer-term development of the project, the team also
published [XXX] a detailed set of guidelines for anyone who wants to
help improve Tails itself by contributing to the development of Debian,
the operating system on which Tails is based. They include advice on the
relationship between the two distributions, tasks in need of attention,
and channels for discussing issues with the Tails community; if you are
keen on the idea of helping two free-software projects at one stroke,
please have a look!

 [XXX]: https://tails.boum.org/news/spoof-mac/
 [XXX]: https://tails.boum.org/contribute/how/debian/

Monthly status reports for February 2014
----------------------------------------

The wave of regular monthly reports from Tor project members for the
month of February has begun. Georg Koppen released his report
first [XXX], followed by reports from Sherief Alaa [XXX], Pearl
Crescent [XXX], Nick Mathewson [XXX], Colin C. [XXX], Lunar [XXX],
Kelley Misata [XXX], and Damian Johnson [XXX].

Lunar also reported on behalf of the help desk [XXX], while Mike Perry
did the same on behalf of the Tor Browser team [XXX].

 [XXX]: https://lists.torproject.org/pipermail/tor-reports/2014-February/000464.html
 [XXX]: https://lists.torproject.org/pipermail/tor-reports/2014-February/000465.html
 [XXX]: https://lists.torproject.org/pipermail/tor-reports/2014-February/000466.html
 [XXX]: https://lists.torproject.org/pipermail/tor-reports/2014-February/000467.html
 [XXX]: https://lists.torproject.org/pipermail/tor-reports/2014-March/000468.html
 [XXX]: https://lists.torproject.org/pipermail/tor-reports/2014-March/000471.html
 [XXX]: https://lists.torproject.org/pipermail/tor-reports/2014-March/000472.html
 [XXX]: https://lists.torproject.org/pipermail/tor-reports/2014-March/000474.html
 [XXX]: https://lists.torproject.org/pipermail/tor-reports/2014-March/000469.html
 [XXX]: https://lists.torproject.org/pipermail/tor-reports/2014-March/000473.html

Miscellaneous news
------------------

Mike Perry announced [XXX] the start of a weekly Tor Browser developer’s
meeting, to be held on #tor-dev on irc.oftc.net. These meetings are
tentatively scheduled for 19:00 UTC on Wednesdays. Details on the format
and flow of the meetings can be found on the tor-dev and tbb-dev [XXX]
mailing lists.

  [XXX]: https://lists.torproject.org/pipermail/tbb-dev/2014-February/000000.html
  [XXX]: https://lists.torproject.org/cgi-bin/mailman/listinfo/tbb-dev

Roger Dingledine and Nick Mathewson were among the signatories of an
open letter published by the EFF which offers ten principles for
technology companies to follow in protecting users from illegal
surveillance [XXX].

 [XXX]: https://www.eff.org/deeplinks/2014/02/open-letter-to-tech-companies

Nick Mathewson also detailed [XXX] a change in the way that the core Tor
development team will use the bugtracker’s “milestone” feature to
separate tickets marked for resolution in a given Tor version from those
that can be deferred to a later release.

 [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-February/006341.html

Nick then sent out [XXX] the latest in his irregular series of
Tor proposal status updates, containing summaries of each open proposal,
guidance for reviewers, and notes for further work. If you'd like to
help Tor’s development by working on one of these proposals, start here!

 [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-February/006342.html

On the subject of proposals, two new ones were sent to the tor-dev list
for review: proposal 228 [XXX], which offers a way for relays to prove
ownership of their onion keys as well as their identity key, and
proposal 229 [XXX] based on Yawning Angel’s unnumbered submission from
last week, which concerns improvements to the SOCKS5 protocol for
communication between clients, Tor, and pluggable transports.

 [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-February/006304.html
 [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-February/006340.html

Nicholas Merrill wrote [XXX] to the Liberationtech list to announce that
xmpp.net now lists XMPP servers that are reachable over hidden
services [XXX], and that xmpp.net’s server scanner works with these as
well.

 [XXX]: https://mailman.stanford.edu/pipermail/liberationtech/2014-February/013041.html
 [XXX]: https://xmpp.net/reports.php#onions

Kelley Misata wrote up an account of her talk “Journalists — Staying
Safe in a Digital World”, which she delivered at the Computer-Assisted
Reporting Conference in Baltimore [XXX].

 [XXX]: https://lists.torproject.org/pipermail/tor-reports/2014-March/000470.html

Having co-authored a paper in 2012 on usability issues connected with
the Tor Browser Bundle [XXX], Greg Norcie drew attention [XXX] to a
follow-up study named “Why Johnny Can’t Blow the Whistle”, [XXX] which
focuses on verifying the conclusions of the earlier tests while
exploring a number of other possible usability improvements. The study
unfortunately occurred before the release Tor Browser version 3 which
improved usability based on earlier suggestions.

 [XXX]: http://petsymposium.org/2012/papers/hotpets12-1-usability.pdf
 [XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-February/032205.html
 [XXX]: http://www.norcie.com/papers/torUSEC.pdf

Tor help desk roundup
---------------------

Summary of some questions sent to the Tor help desk. 

Vulnerabilities
---------------

XXX: Reported vulnerabilities [XXX].

 [XXX]: vulnerability report source

Upcoming events
---------------

Mar 05 18:00 UTC | Tor Weather development meeting
                 | #tor-dev, irc.oftc.net
                 |
Mar 05 21:00 UTC | Tails contributors meeting
                 | #tails-dev, irc.oftc.net
                 | https://mailman.boum.org/pipermail/tails-dev/2014-February/004934.html
                 |
Mar XX-XX        | Event XXX brief description
                 | Event City, Event Country
                 | Event website URL
                 |
Mar XX-XX        | Event XXX brief description
                 | Event City, Event Country
                 | Event website URL


This issue of Tor Weekly News has been assembled by XXX, XXX, and
Mike Perry.

Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page [XXX], write down your
name and subscribe to the team mailing list [XXX] if you want to
get involved!

  [XXX]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
  [XXX]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team

Possible items: