[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor Weekly News â April 23rd, 2014



I apologize for the formatting errors in this first version of the
email; I have sent it again with corrections.

harmony:
> ========================================================================
> Tor Weekly News                                         April 23rd, 2014
> ========================================================================
> 
> Welcome to the sixteenth issue of Tor Weekly News in 2014, the weekly
> newsletter that covers what is happening in the Tor community.
> 
> Cutting out relays running version 0.2.2.x
> ------------------------------------------
> 
> Tor relays running the now ancient Tor 0.2.2.x are scheduled to be
> removed from the consensus [1]. The change has already been merged in
> the master branch and will be out with the next Tor 0.2.5 alpha.
> 
> Even if most relay operators have been warned, the change has not yet
> been widely announced. But as three directory authorities are already
> not voting for the deprecated versions, the downtime of two others while
> cleaning up after the OpenSSL âHeartbleedâ issue was sufficient to get
> these relays removed from the consensus [2] for a couple of days, as
> Roger Dingledine explained [3].
> 
> Eventually relays running versions prior to 0.2.3.16-alpha might also be
> removed from the consensus. âI think 0.2.3.16-alphaâs fix of #6033 makes
> that one a plausible ânot below this oneâ cutoffâ, Roger writes in the
> relevant Trac entry [4].
> 
> Relay operators should always make sure to run a recommended Tor
> version [5]. The Tor Weather service [6] can be used by relay operators
> to get email notifications if an outdated version is detected.
> 
>   [1]: https://bugs.torproject.org/11149
>   [2]:
> https://metrics.torproject.org/network.html?graph=versions&start=2014-04-01&end=2014-04-23#versions
>   [3]:
> https://lists.torproject.org/pipermail/tor-relays/2014-April/004422.html
>   [4]: https://bugs.torproject.org/11149#comment:7
>   [5]: https://consensus-health.torproject.org/#recommendedversions
>   [6]: https://weather.torproject.org/subscribe/
> 
> Miscellaneous news
> ------------------
> 
> Nathan Freitas announced [7] the third (and probably final) release
> candidate for Orbot 13.0.6: âThe big improvements in this build are a
> fix for the disconnected UI/activity (Tor is on, but UI shows off), and
> improvements to the transparent proxying iptables scriptsâ.
> 
>   [7]:
> https://lists.mayfirst.org/pipermail/guardian-dev/2014-April/003436.html
> 
> The Tails developers put out two calls for testing: the first [8] is for
> the first release candidate of Tails 1.0; while the second [9] is for
> UEFI support, which âallows you to start Tails using a USB stick on
> recent hardware, and especially on Macâ. âTest wildlyâ, and report any
> bugs you find!
> 
>   [8]: https://tails.boum.org/news/test_1.0-rc1/index.en.html
>   [9]: https://tails.boum.org/news/test_UEFI/index.en.html
> 
> Andrea Shepard sent [10] a list of 1777 fingerprints for relays âwhich
> have ever turned up as potentially exposed by Heartbleedâ. It appears
> that enough directory authority operators now reject relays known to be
> problematic [11]: sssheep reported [12] that the still-vulnerable
> section of the network was down to 0.01% of the consensus weight.
> 
>  [10]:
> https://lists.torproject.org/pipermail/tor-relays/2014-April/004340.html
>  [11]:
> https://lists.torproject.org/pipermail/tor-relays/2014-April/004362.html
>  [12]: https://lists.torproject.org/pipermail/tor-talk/2014-April/032762.html
> 
> Mick drew attention [13] to the fact that in its current state, arm [14]
> â the command-line relay status monitor â wrongly advises relay
> operators to run it with the same user as Tor, in order to access
> information about the relayâs connections. This is in fact a very bad
> idea, and a ticket [15] is already open to address this issue. Lunar
> detailed [16] the correct method of doing this, which is also explained
> in the ticket.
> 
>  [13]:
> https://lists.torproject.org/pipermail/tor-relays/2014-April/004414.html
>  [14]: https://www.atagar.com/arm/
>  [15]: https://bugs.torproject.org/10702
>  [16]:
> https://lists.torproject.org/pipermail/tor-relays/2014-April/004412.html
> 
> On the tor-relays mailing list, David Stainton mentioned [17] his Tor
> role [18] for the Ansible [19] automation tool. David hoped that ârelay
> operators will find this useful for deploying and maintaining large
> numbers of Tor relays and bridgesâ. The documentation specifies that it
> currently works with Debian and Ubuntu systems, and contains several
> configuration examples.
> 
>  [17]:
> https://lists.torproject.org/pipermail/tor-relays/2014-April/004373.html
>  [18]: https://github.com/david415/ansible-tor
>  [19]: http://www.ansible.com/
> 
> David Fifield continued his progress on meek [20], a pluggable transport
> âthat routes your traffic through a third-party web service in a way
> that should be difficult to blockâ. David sent a call for wider
> testing [21] of experimental Tor Browser builds and a call for reviews
> of the code [22]. âThere are a lot of components that make up the meek
> transport [â] This is your chance to get in on the ground floor of a
> new transport!â
> 
>  [20]: https://trac.torproject.org/projects/tor/wiki/doc/meek
>  [21]: https://lists.torproject.org/pipermail/tor-dev/2014-April/006718.html
>  [22]: https://lists.torproject.org/pipermail/tor-dev/2014-April/006719.html
> 
> Ximin Luo raised [23] several points regarding how âindirectâ pluggable
> transports like flashproxy [24] or meek are currently handled by Tor.
> Whereas obfs3 or ScrambleSuit connect directly to the specified peer,
> transforming the data flow along the way, Ximin describes meek and
> flashproxy as providing âthe metaphor of connecting to a global
> homogeneous serviceâ. The latter being âincompatible with the metaphor
> of connecting to a specific endpointâ. Solutions on how to make the
> design, code, and configuration better are up for discussion.
> 
>  [23]: https://lists.torproject.org/pipermail/tor-dev/2014-April/006689.html
>  [24]: http://crypto.stanford.edu/flashproxy/
> 
> Nicolas Vigier submitted his status report for March [25].
> 
>  [25]:
> https://lists.torproject.org/pipermail/tor-reports/2014-April/000510.html
> 
> Philipp Winter relayed [26] the call for papers for the 4th USENIX
> Workshop on Free and Open Communications on the Internet [27]. The
> workshop will be held on August 18th, and should bring together the
> wider community of researchers and practitioners interested in Tor and
> other ways to study, detect, or circumvent censorship. Papers have to be
> submitted before May 13th.
> 
>  [26]: https://blog.torproject.org/blog/call-papers-foci14-workshop
>  [27]: https://www.usenix.org/conference/foci14/call-for-papers
> 
> Fabio Pietrosanti wondered [28] whether anyone had âever tried to start
> Tor from a Python application using Ctypesâ, making it possible to
> âsandbox the Python application using AppArmor without enabling any kind
> of execve() callâ.
> 
>  [28]: https://lists.torproject.org/pipermail/tor-dev/2014-April/006723.html
> 
> Tor help desk roundup
> ---------------------
> 
> Many people email the Tor Help Desk from behind restrictive university
> firewalls that require them to connect using a proxy. Often these
> firewalls, Cyberoam and Fortiguard are two examples, use Deep Packet
> Inspection and block Tor traffic. Unfortunately Tor Browser users canât
> use a proxy to connect to the internet and also use a pluggable
> transport. The Tor Browser team plans to include this capability in a
> future release [29].
> 
>  [29]: https://bugs.torproject.org/8402
> 
> Upcoming events
> ---------------
> 
> Apr 23 19:00 UTC | little-t tor development meeting
>                  | #tor-dev, irc.oftc.net
>                  |
> https://lists.torproject.org/pipermail/tor-dev/2014-March/006616.html
>                  |
> Apr 25 17:00 UTC | Pluggable transports online meeting
>                  | #tor-dev, irc.oftc.net
>                  |
> Apr 25 18:00 UTC | Tor Browser online meeting
>                  | #tor-dev, irc.oftc.net
>                  |
> https://lists.torproject.org/pipermail/tbb-dev/2014-March/000026.html
> 
> 
> This issue of Tor Weekly News has been assembled by Lunar, harmony, Matt
> Pagan, and an anonymous contributor.
> 
> Want to continue reading TWN? Please help us create this newsletter.
> We still need more volunteers to watch the Tor community and report
> important news. Please see the project page [30], write down your
> name and subscribe to the team mailing list [31] if you want to
> get involved!
> 
>  [30]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
>  [31]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
> 
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk