[tor-talk] Tor Weekly News â March 12th, 2014

[Lunar <lunar@xxxxxxxxxxxxxx>]

========================================================================
Tor Weekly News                                         March 12th, 2014
========================================================================

Welcome to the tenth issue of Tor Weekly News in 2014, the weekly
newsletter that covers what is happening in the Tor community.

New release of tor-ramdisk
--------------------------

On March 9th, Anthony G. Basile releasedÂ[1] a new version of
tor-ramdiskÂ[2]. Tor-ramdisk is a âmicro Linux distribution whose only
purpose is to host a Tor server in an environment that maximizes
security and privacy. Security is enhanced by hardening the kernel and
binaries, and privacy is enhanced by forcing logging to be off at all
levels so that even the Tor operator only has access to minimal
information. Finally, since everything runs in ephemeral memory, no
information survives a rebootÂ[â].â

The new version contains Tor 0.2.4.21 and an updated kernel. The main
change is the addition of âhaveged, a daemon to help generate entropy on
diskless systems, for a more cryptographically sound systemâ.

   [1]:Âhttp://opensource.dyc.edu/pipermail/tor-ramdisk/2014-March/000127.html
   [2]:Âhttp://opensource.dyc.edu/tor-ramdisk

Tails launches a logo contest
-----------------------------

Do you want to design a piece of artwork that might be seen by hundreds
of thousands of people every day? A drawing that will appear on
websites, t-shirts, stickers, and software that protects anonymity and
privacy?

Tails is starting a logo contestÂ[3] to âgive Tails the visual impact it
deservesâ. Designers have a precise list of requirements to follow that
was drawn from past discussions amongst Tails developers. Participants
should submit a version of the logo that incorporates the word âTailsâ
as well as one without text; there is also a list of suggestions for
complementary material that would be welcome.

As the Tails team wants to have the logo ready for its upcoming 1.0
release, designers have until March 31st to send their submission. Be
quick!

   [3]:Âhttps://tails.boum.org/news/logo_contest/

More status reports for February 2014
-------------------------------------

The wave of regular monthly reports from Tor project members for the
month of February continued, with Isis LovecruftÂ[4], Andrew LewmanÂ[5],
Matt PaganÂ[6], and Kevin P. DyerÂ[7] releasing their reports this week.

The Tails developers also reported on their recent progressÂ[8], and
Roger Dingledine sent out the report for SponsorFÂ[9].

   [4]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-March/000479.html
   [5]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-March/000480.html
   [6]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-March/000482.html
   [7]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-March/000483.html
   [8]:Âhttps://tails.boum.org/news/report_2014_02/
   [9]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-March/000484.html

Miscellaneous news
------------------

Tails issued the call for testing for its 0.23 releaseÂ[10]. At the very
least, the long awaited features that are MAC spoofing and bridge
integration would benefit from wider testing. Enthusiasts are encouraged
to report their findingsÂ[11] on the newly-created tails-tester mailing
listÂ[12].

  [10]:Âhttps://tails.boum.org/news/test_0.23-rc1/
  [11]:Âhttps://mailman.boum.org/pipermail/tails-testers/2014-March/000000.html
  [12]:Âhttps://tails.boum.org/news/tails-testers/

Nick Mathewson called on anyone who wants to make Tor relays 3% to 10%
faster to review his patches. Have a look at #9683Â[13] and #9841Â[14]
if you want to help out.

  [13]:Âhttps://bugs.torproject.org/9683
  [14]:Âhttps://bugs.torproject.org/9841

Testing of the upcoming Tor Browser Bundle 3.6 with pluggable transports
included has startedÂ[15].

  [15]:Âhttps://lists.torproject.org/pipermail/tor-qa/2014-March/000346.html

Many thanks to Samuel D. LeslieÂ[16] and MacLemonÂ[17] for running
mirrors of the Tor Project website!

  [16]:Âhttps://lists.torproject.org/pipermail/tor-mirrors/2014-March/000483.html
  [17]:Âhttps://lists.torproject.org/pipermail/tor-mirrors/2014-March/000484.html

Karsten Loesing sent out the minutes of the March 5th Weather rewrite
online meetingÂ[18].

  [18]:Âhttps://lists.torproject.org/pipermail/tor-dev/2014-March/006400.html

Alex reportedÂ[19] on an effort to use ScrambleSuitÂ[20] with OpenVPN.
Ultimately, Yawning Angel identified a flaw in OpenVPN implementation of
the SOCKS protocolÂ[21] and even wrote a patch for itÂ[22].

  [19]:Âhttps://lists.torproject.org/pipermail/tor-dev/2014-March/006394.html
  [20]:Âhttp://www.cs.kau.se/philwint/scramblesuit/
  [21]:Âhttps://lists.torproject.org/pipermail/tor-dev/2014-March/006427.html
  [22]:Âhttps://github.com/Yawning/openvpn/commit/7474f1acfc

Sebastian Urbach announcedÂ[23] that Trying Trusted Tor TraceroutesÂ[24]
has âreached 100 completed runs from different ipâs (not to mention the
multiple runs).â To all participating relay operators, he added: âThank
you very much for your support, you officially rock!â

  [23]:Âhttps://lists.torproject.org/pipermail/tor-relays/2014-March/004037.html
  [24]:Âhttp://web.engr.illinois.edu/~das17/tor-traceroute_v1.html

Tails reported on their 2013 bounty programÂ[25] which led to several
changes useful for Tails in upstream software.

  [25]:Âhttps://tails.boum.org/news/bounties_2013_report/

Erinn Clark discoveredÂ[26] another fake OpenPGP key with her name and
email address. Watch out! The canonical list of keys used for Tor
signaturesÂ[27] is still available on the Tor Projectâs website. Also
consider verifying all signaturesÂ[28] for the reproducible Tor Browser
BundlesÂ[29].

  [26]:Âhttps://lists.torproject.org/pipermail/tor-dev/2014-March/006422.html
  [27]:Âhttps://www.torproject.org/docs/signing-keys.html
  [28]:Âhttps://github.com/isislovecruft/scripts/blob/master/verify-gitian-builder-signatures
  [29]:Âhttps://blog.torproject.org/blog/deterministic-builds-part-one-cyberwar-and-global-compromise

Tor help desk roundup
---------------------

Users have asked us why âAbout TorBrowserâ in the Tor Browserâs Help
menu displays the Firefox Logo instead of the Tor logo. This has been a
known issue for some time, and fixing it is not as easy it would seem.
Relevant bug tickets here are #2176Â[30], #5194Â[31], #5698Â[32], and
#10888Â[33].

  [30]:Âhttps://bugs.torproject.org/2176
  [31]:Âhttps://bugs.torproject.org/5194
  [32]:Âhttps://bugs.torproject.org/5698
  [33]:Âhttps://bugs.torproject.org/10888

News from Tor StackExchange
---------------------------

The last few weeks have seen several vulnerabilities in the GnuTLS
library and the SSL protocol in generalÂ[34]. Ivar wanted to know if the
GnuTLS bug affected Tor somehowÂ[35]; as Tor uses OpenSSL instead of
GnuTLS, the answer is no.

  [34]:Âhttp://www.gnutls.org/security.html#GNUTLS-SA-2014-2
  [35]:Âhttps://tor.stackexchange.com/q/1652/88

tor_user found the option âSocks5Proxyâ in the Tor manual, and wanted to
know what OR connections are and if this option allows running a Tor
node over a SOCKS proxyÂ[36]. Jens Kubieziel explained that OR
connections are those between two relays or between a client and a
relay.  While this config option can be used to proxy outgoing OR
connections from a relay, it wonât proxy exit streams, and also the
relay still needs to be reachable on its advertised ORPort, so it is
simplest to say that no, it canât be used to run a relay over a SOCKS
proxy.

  [36]:Âhttps://tor.stackexchange.com/q/1654/88

Upcoming events
---------------

Mar 12 19:00 UTC | Tor Browser development meeting
                 | #tor-dev, irc.oftc.net
                 |
Mar 12 20:00 UTC | little-t tor development meeting
                 | #tor-dev, irc.oftc.net
                 | https://lists.torproject.org/pipermail/tor-dev/2014-March/006432.html
                 |
Mar 14 17:00 UTC | Pluggable transports online meeting
                 | #tor-dev OFTC
                 |
Mar 22-23        | Tor @ LibrePlanet 2014
                 | Cambridge, Massachusetts, USA
                 | http://libreplanet.org/2014/
                 |
Apr 11 11:00 EDT | Roger @ George Mason University
                 | Washington, DC, USA
                 | http://today.gmu.edu/64330/

This issue of Tor Weekly News has been assembled by Lunar, harmony,
Matt Pagan, qbi and Roger Dingledine.

Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project pageÂ[37], write down your
name and subscribe to the team mailing listÂ[38] if you want to
get involved!

  [37]:Âhttps://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
  [38]:Âhttps://lists.torproject.org/cgi-bin/mailman/listinfo/news-team

Attachment: signature.asc
Description: Digital signature

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk