[TWN team] Recent changes to the wiki pages
Lunar
lunar at torproject.org
Mon Oct 7 15:00:07 UTC 2013
===========================================================================
=== https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews/2013/14 ===
===========================================================================
version 50
Author: cypherpunks
Date: 2013-10-07T14:29:55+00:00
--
--- version 49
+++ version 50
@@ -65,7 +65,7 @@
[XXX] https://lists.torproject.org/pipermail/tor-talk/2013-October/030269.html
[XXX] https://www.torproject.org/dist/
-How did Tor achieved reproducible builds of byte-to-byte identical binaries
+How did Tor achieve reproducible builds of byte-to-byte identical binaries
---------------------------------------------------------------------------
At the end of June, Mike Perry announced [XXX] the first release of the
version 49
Author: dope457
Date: 2013-10-07T13:57:15+00:00
Silk Road taken down, again :-)
--- version 48
+++ version 49
@@ -64,32 +64,6 @@
[XXX] https://lists.torproject.org/pipermail/tor-talk/2013-October/030269.html
[XXX] https://www.torproject.org/dist/
-
-Tor and the Silk Road takedown
-------------------------------
-
-On 2nd October, Ross Ulbricht a.k.a Dread Pirate Roberts got arrested and
-his hidden service site Silk Road was taken down [XXX].
-
-After several requests by the press and others to talk about the Silk Road
-situation, Roger Dingledine released official statement on the blog [XXX],
-saying there were probably no flaws used, based mainly on the information
-from the official Criminal complaint againts Ulbricht [XXX].
-“So far, nothing about this case makes us think that there are new ways to
-compromise Tor (the software or the network).”
-
-Even though Tor hasn’t been compromised, it does not work when used improperly
-or as Roger puts it: “Tor does not anonymize individuals when they use their
-legal name on a public forum [XXX?], use a VPN with logs that are subject to a
-subpoena, or provide personal information to other services.”
-
-If you really want Tor to work, stick to these basic rules [XXX].
-
- [XXX] http://articles.washingtonpost.com/2013-10-02/business/42613812_1_digital-currency-federal-authorities-reputation
- [XXX] http://www1.icsi.berkeley.edu/~nweaver/UlbrichtCriminalComplaint.pdf
- [XXX] https://blog.torproject.org/blog/tor-and-silk-road-takedown
- [XXX?] http://stackoverflow.com/questions/15445285/how-can-i-connect-to-a-tor-hidden-service-using-curl-in-php
- [XXX] https://www.torproject.org/download/download#warning
How did Tor achieved reproducible builds of byte-to-byte identical binaries
---------------------------------------------------------------------------
version 48
Author: harmony
Date: 2013-10-07T13:28:22+00:00
finish nsa item/small fixes
--- version 47
+++ version 48
@@ -10,7 +10,7 @@
========================================================================
Welcome to the fifteenth issue of Tor Weekly News, the weekly newsletter that
-covers what is happening in the community of Tor — “king of high-secure,
+covers what's happening in the world of Tor — “king of high-secure,
low-latency anonymity” [XXX].
[XXX] http://www.theguardian.com/world/interactive/2013/oct/04/tor-high-secure-internet-anonymity
@@ -36,12 +36,17 @@
Despite the understandable concern provoked among users by these
disclosures, Tor developers themselves were encouraged by the often
relatively basic or out-of-date nature of the attacks described.
-
-[...TBC]
+In response to one journalist's request for comment, Roger Dingledine
+wrote that “we still have a lot of work to do to make Tor both safe and
+usable, but we don't have any new work based on these slides” [XXX].
+
+Have a look at the documents yourself, and feel free to raise any
+questions with the community on the mailing lists or IRC channels.
[XXX] https://blog.torproject.org/blog/tor-nsa-gchq-and-quick-ant-speculation
[XXX] http://media.encrypted.cc/files/nsa
[XXX] https://twitter.com/EFF/status/386291345301581825
+ [XXX] https://blog.torproject.org/blog/yes-we-know-about-guardian-article#comment-35793
tor 0.2.5.1-alpha is out
------------------------
@@ -89,25 +94,25 @@
How did Tor achieved reproducible builds of byte-to-byte identical binaries
---------------------------------------------------------------------------
-By the end of June, Mike Perry announced [XXX] the first release of the
-Tor Browser Bundle 3.0 alpha series, featuring released binaries “exactly reproducible
-from the source code by anyone”. In a first blog [XXX] published in August, he explained
+At the end of June, Mike Perry announced [XXX] the first release of the
+Tor Browser Bundle 3.0 alpha series, featuring release binaries “exactly reproducible
+from the source code by anyone”. In a subsequent blog [XXX] published in August, he explained
why it mattered.
-Mike has just published the promised follow-up piece [XXX] describing how this was achieved
+Mike has just published the promised follow-up piece [XXX] describing how this feat was achieved
in the new Tor Browser Bundle build process.
He explains how Gitian [XXX] is used to create a reproducible build environment, the tools
used to produce cross-platform binaries for Windows and OS X from a Linux environment, and several issues
-that prevented the builds to be deterministic. The latter ranges from timestamps to file ordering
-differences when looking up a directory with an extra twist of 3 bytes of pure random mystery.
+that prevented the builds from being entirely deterministic. The latter range from timestamps to file ordering
+differences when looking up a directory, with an added 3 bytes of pure mystery.
There is more work to be done to “prevent the adversary from compromising the (substantially weaker)
-Ubuntu build and packaging processes” currently used for the toolchain. Mike writes about making the
+Ubuntu build and packaging processes” currently used for the toolchain. Mike also wrote about making the
build of the compiler and toolchain part of the build process, cross-compilation between multiple
-architectures, and work being done by Linux distributions to get deterministic builds of their package.
-
-If you are interested in helping, or working on your own software project, there is a lot to learn by
+architectures, and the work being done by Linux distributions to produce deterministic builds from their packages.
+
+If you are interested in helping, or working on your own software project, there is a lot to be learned by
reading the blog post in full.
[XXX] https://blog.torproject.org/blog/tor-browser-bundle-30alpha2-released
@@ -123,7 +128,7 @@
Gunasekaran [XXX], Ximin Luo [XXX], Matt Pagan [XXX], Pearl Crescent [XXX],
Colin C. [XXX], Arlo Breault [XXX], Karsten Loesing [XXX], Jason Tsai [XXX],
the Tor help desk [XXX], Sukhbir Singh [XXX], Nick Mathewson [XXX], Mike Perry [XXX], Andrew Lewman [XXX],
-Aaron G [XXX], and Tails folks [XXX].
+Aaron G [XXX], and the Tails folks [XXX].
[XXX] https://lists.torproject.org/pipermail/tor-reports/2013-October/000346.html
[XXX] https://lists.torproject.org/pipermail/tor-reports/2013-October/000347.html
@@ -147,26 +152,26 @@
---------------------
A number of users wanted to know if Tor was still safe to use given the recent news that
-Tor users have been targetted by the NSA. We directed these users to the Tor Project's
+Tor users have been targeted by the NSA. We directed these users to the Tor Project's
official statement on the subject [XXX].
One of the most popular questions the help desk receives continues to be whether or not
Tor is available on iOS devices. Currently there is no officially supported solution,
-although more than project has been presented [XXX] [XXX].
+although more than one project has been presented [XXX] [XXX].
The United Kingdom is now one of the countries where citizens request assistance
circumventing a national firewall [XXX].
-[XXX]: https://blog.torproject.org/blog/yes-we-know-about-guardian-article
-[XXX]: https://lists.torproject.org/pipermail/tor-dev/2013-October/005542.html
-[XXX]: https://trac.torproject.org/projects/tor/ticket/8933
-[XXX]: https://lists.torproject.org/pipermail/tor-talk/2013-July/029054.html
+[XXX] https://blog.torproject.org/blog/yes-we-know-about-guardian-article
+[XXX] https://lists.torproject.org/pipermail/tor-dev/2013-October/005542.html
+[XXX] https://trac.torproject.org/projects/tor/ticket/8933
+[XXX] https://lists.torproject.org/pipermail/tor-talk/2013-July/029054.html
Miscellaneous news
------------------
Thanks to Grozdan [XXX], Simon Gattner from Netzkonstrukt Berlin [XXX],
-Wollomatic [XXX], and Haskell [XXX] for setting up new mirrors for the
+Wollomatic [XXX], and Haskell [XXX] for setting up new mirrors of the
Tor project website.
[XXX] https://lists.torproject.org/pipermail/tor-mirrors/2013-September/000366.html
@@ -191,10 +196,10 @@
[XXX] https://lists.torproject.org/pipermail/tor-talk/2013-October/030252.html
-Not strictly Tor related but Mike Perry started an interesting discussion [XXX] about the
+Not strictly Tor-related, but Mike Perry started an interesting discussion [XXX] about the
“web of trust” system, as found in OpenPGP. The discussion was also held on the MonkeySphere
-mailing list which prompted Daniel Kahn Gilmor to reply with many clarifications on the
-various properties and processes of the current implementation. In order to sum it up,
+mailing list, which prompted Daniel Kahn Gilmor to reply with many clarifications regarding the
+various properties and processes of the current implementation. To sum it up,
Ximin Luo started [XXX] a new documentation project [XXX] “to describe and explain security
issues relating to identity, in (hopefully) simple and non-implementation-specific language”.
@@ -202,7 +207,7 @@
[XXX] https://lists.riseup.net/www/arc/monkeysphere/2013-10/msg00000.html
[XXX] https://github.com/infinity0/idsec/
-The listmaster role has been better defined [XXX] and is now carried by a team made of
+The listmaster role has been better defined [XXX] and is now performed by a team consisting of
Andrew Lewman, Damian Johnson, and Karsten Loesing. Thanks to them!
[XXX] https://trac.torproject.org/projects/tor/wiki/org/operations/Infrastructure/lists.torproject.org
@@ -214,7 +219,7 @@
[XXX] https://github.com/globaleaks/Tor2web-3.0/wiki/Performance-tuning
As part of the Attentive Otter project [XXX] which aims to come up with a new bundle for
-instant messaging, Thijs Alkemade wrote a summary about the option to use Pidgin/libpurple
+instant messaging, Thijs Alkemade wrote a summary about the option of using Pidgin/libpurple
as the core component.
[XXX] https://trac.torproject.org/projects/tor/wiki/org/sponsors/Otter/Attentive
@@ -236,7 +241,7 @@
| http://www.sigsac.org/ccs/CCS2013/
-This issue of Tor Weekly News has been assembled by harmony, Lunar,
+This issue of Tor Weekly News has been assembled by Lunar, harmony,
dope457 and Matt Pagan.
Want to continue reading TWN? Please help us create this newsletter.
@@ -247,8 +252,4 @@
[XXX] https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
[XXX] https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
-}}}
-
-Possible item :
-
- * NSA/GCHQ Tor documents http://www.theguardian.com/world/2013/oct/04/nsa-gchq-attack-tor-network-encryption and http://media.encrypted.cc/files/nsa/ +}}}
--
Your friendly TWN monitoring script
In case of malfunction, please reach out for lunar at torproject.org
or for the worst cases, tell weasel at torproject.org to kill me.
More information about the news-team
mailing list