[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Tor Weekly News â April 30th, 2014

Tor Weekly News                                         April 30th, 2014

Welcome to the seventeenth issue of Tor Weekly News in 2014, the weekly
newsletter that covers what is happening in the Tor community.

Tor is released

The latest incarnation of the current development branch of Tor, dubbed, was released on April 26thÂ[1]. This release brings
mainly security and performance improvements for clients and relays.

As a preventive measure (there being no evidence that the keys have been
compromised), authority signing keys that were used while susceptible to
the OpenSSL âheartbleedâ bug are now blacklisted.

Other improvements include fixing two expensive functions on busy
relays, better TLS ciphersuite preference lists, support for run-time
hardening on compilers that support AddressSanitizerÂ[2], and more work
on the Linux sandbox code. There are also several usability fixes for
clients (especially clients that use bridges), two new TransPort
protocols supported (one on OpenBSD, one on FreeBSD), and various other

As Nick Mathewson wrote: âThis release marks end-of-life for Tor
0.2.2.x; those Tor versions have accumulated many known flawsâ.

Source code is available at the usual locationÂ[3] and binary packages
have already started to be updated.


Introducing the 2014 Google Summer of Code projects

As announced in FebruaryÂ[4], Tor is once again participating in
Googleâs Summer of Code program, allowing students and aspiring
developers the chance to work on a Tor-related project with funding from
Google and expert guidance from Tor Project members. After several
months of coordination and discussion, this summerâs successful
proposals have now been chosen, and some of the students took to the
tor-dev mailing list to introduce themselves and their upcoming work.

Juha NurmiÂ[5] will continue to work on the already-operational ahmia.fi
hidden service search engine, while Marc JuarezÂ[6] will be
âimplementing the building blocks for a future padding-based website
fingerprinting countermeasure as a pluggable transportâ. Daniel
MartÃÂ[7] has taken up the challenge of implementing proposal 140Â[8],
which aims to considerably reduce the size of the network consensus data
that Tor clients fetch every hour, and Israel LeivaÂ[9] plans to spruce
up the neglected GetTor service, which allows users to download the Tor
Browser Bundle even if the Tor website and its mirrors are inaccessible.
Amogh PradeepÂ[10] will be contributing to the Guardian Projectâs
development of Orfox, a new Android web browser to be used with Orbot,
while Kostas JakeliunasÂ[11] returns to Tor GSoC to construct a new
BridgeDB distributor, serving bridge addresses to users in censored
areas over Twitter, and possibly other channels as well. Quinn
JarrellÂ[12] will be working on building a pluggable transports combiner
that âwill allow transports to be chained together to form more
varieties of transports and make them harder to detect and blockâ.
Sreenatha BhatlapenumarthiÂ[13] will pick up the effort of rewriting Tor

You can read more about each proposal in the respective introductory
messages and their replies; a full list of accepted projects is
available on the Google Summer of Code websiteÂ[14]. As Daniel wrote,
âcomments are very welcomeâ!

  [13]: https://lists.torproject.org/pipermail/tor-dev/2014-April/006752.html

Miscellaneous news

Meejah released version 0.9.2 of txtorconÂ[15] â the Tor controller
library for the Twisted Python framework: âthis release adds a few minor
bug-fixes and a few API enhancementsâ.


The Tails team is looking for enthusiasts equipped with a Bluetooth
keyboard and mouseÂ[16] to ensure that Tails works properly with such


Matthew Finkel forwarded a copy of the email that was sent to bridge
operatorsÂ[17] to warn them about the âHeartbleedâ vulnerability, and
the actions that should be taken as a result. If you know any bridge
operator who might not have filled in their contact information, please
forward the message!


Karsten Loesing has been working on switching Onionoo â the web service
to retrieve information about the Tor network â to use the Gson library
instead of plain string concatenation to format its JSON output. As the
change might break some applications, client authors should test their
applicationsÂ[18] and see if everything still works as it should.


Tor help desk roundup

The help desk has been asked why the Tor Projectâs hidden service site
mirrors are offline. The sites were taken down during the fallout from
the Heartbleed security vulnerability. New hidden service addresses were
not generated. The sysadmin team has expressed that they no longer wish
to maintain these servicesÂ[19].


News from Tor StackExchange

Kristopher Ives is working on a card game using Tor. Each user accepts
inbound connections through hidden services, and also needs to make
outbound connectionsÂ[20]. Tom Ritter acknowledged it was possible to
use only one Tor daemon to do both.


Dan gets the error message âCannot load XPCOMâ whenever Tor Browser is
startedÂ[21]. Jens Kubieziel pointed to the discussion at #10789Â[22].
The culprit is WebRoot Internet Security as it prevents the proper
loading of all browser components; either uninstalling it or adding DLL
files to the whitelist has helped other usersÂ[23].


Upcoming events

Apr 30 19:00 UTC | little-t tor development meeting
                 | #tor-dev, irc.oftc.net
                 | https://lists.torproject.org/pipermail/tor-dev/2014-March/006616.html
May  2 15:00 UTC | Tor Browser online meeting
                 | #tor-dev, irc.oftc.net
                 | https://lists.torproject.org/pipermail/tbb-dev/2014-April/000049.html
May 27-28        | Tor @ Stockholm Internet Forum
                 | Stockholm, Sweden
                 | http://www.stockholminternetforum.se/

This issue of Tor Weekly News has been assembled by Lunar, harmony,
Matt Pagan, qbi, and Karsten Loesing.

Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project pageÂ[24], write down your
name and subscribe to the team mailing listÂ[25] if you want to
get involved!


Attachment: signature.asc
Description: Digital signature

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to