[TWN team] Updates to the wiki pages

[Lunar]

***************************************************************************
CHANGED: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews/2013/9
***************************************************************************
--- @	Tue, 03 Sep 2013 12:05:03 +0000
+++ @	Tue, 03 Sep 2013 14:05:03 +0000
@@ -3,6 +3,9 @@
    2013.
 
    Editor: Lunar
+
+   Status: FROZEN. Changes should go to [1]next week edition. Expected
+   release time 2013-09-04 10:00 UTC.
 
    Subject: Tor Weekly News — September 4th, 2013
 ========================================================================
@@ -10,7 +13,7 @@
 ========================================================================
 
 Welcome to the tenth issue of Tor Weekly News, the weekly newsletter
-that covers what is happening in the “unruhig” Tor community.
+that covers what is happening in the skyrocketing Tor community.
 
 Serious network overload
 ------------------------
@@ -19,17 +22,17 @@
                size of the regular tor network i'm much surprised tor is
                still usable at all — #tor, 2013-09-02 18:38 UTC
 
-The tremendous influx of new clients that started mid-August [XXX] is
+The tremendous influx of new clients that started mid-August [1] is
 stretching the current Tor network and software to its limits.
 
-Several relay operators reported their relays to be saturated [XXX] by
-the amount of connections and circuits that relays currently have to
-handle [XXX].
-
-Mike Perry wishing to “compare load characteristics since 8/19
-for nodes with different types of flags” issued a call to relay
-operators [XXX]: “especially useful [are] links/graph images for connection
-counts, bandwidth, and CPU load since 8/19.”
+Several relay operators reported their relays to be saturated [2] by the
+amount of connections and circuits that relays currently have to
+handle [3].
+
+Mike Perry wishing to “compare load characteristics since 8/19 for nodes
+with different types of flags” issued a call to relay operators [4]:
+“especially useful [are] links/graph images for connection counts,
+bandwidth, and CPU load since 8/19.”
 
 It was reported on IRC that on some relays, only one circuit was
 successfully created out of four attempts. This unfortunately imply that
@@ -37,94 +40,90 @@
 relays.
 
 The tor 0.2.4 series introduced a new circuit extension handshake dubbed
-“ntor” [XXX]. This new handshake is faster (especially on the relay side) than
-the original circuit extension handshake, “TAP”. Roger Dingledine came
-up with a patch to prioritize circuit creations using ntor over TAP [XXX]. Vario
-us
-observators reported that these overwhelming unidentified new clients
-were likely to be using Tor 0.2.3. Prioritizing ntor is then likely to
-make them less a burden for the network, and should help the network to
-function despite being overloaded by circuit creations.
+“ntor” [5]. This new handshake is faster (especially on the relay side)
+than the original circuit extension handshake, “TAP”. Roger Dingledine
+came up with a patch to prioritize circuit creations using ntor over
+TAP [6]. Various observators reported that these overwhelming
+unidentified new clients were likely to be using Tor 0.2.3. Prioritizing
+ntor is then likely to make them less a burden for the network, and
+should help the network to function despite being overloaded by circuit
+creations.
 
 Sathya and Isis both reported the patch to work. Nick Mathewson pointed
-a few issues in the current implementation [XXX] but overall it looks
-like a band-aid good enough for the time being.
-
-  [XXX] https://metrics.torproject.org/users.html?graph=direct-users&start=2013-
-08-15&end=2013-09-02#direct-users
-  [XXX] https://lists.torproject.org/pipermail/tor-relays/2013-August/002594.htm
-l
-  [XXX] https://lists.torproject.org/pipermail/tor-relays/2013-August/002589.htm
-l
-  [XXX] https://lists.torproject.org/pipermail/tor-relays/2013-August/002612.htm
-l
-  [XXX] https://bugs.torproject.org/9574#comment:10
-  [XXX] https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/216
--ntor-handshake.txt
-  [XXX] https://trac.torproject.org/projects/tor/ticket/9574#comment:12
+a few issues in the current implementation [7] but overall it looks like
+a band-aid good enough for the time being.
+
+   [1] https://metrics.torproject.org/users.html?graph=direct-users&start=2013-0
+8-15&end=2013-09-02#direct-users
+   [2] https://lists.torproject.org/pipermail/tor-relays/2013-August/002594.html
+   [3] https://lists.torproject.org/pipermail/tor-relays/2013-August/002589.html
+   [4] https://lists.torproject.org/pipermail/tor-relays/2013-August/002612.html
+   [5] https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/216-
+ntor-handshake.txt
+   [6] https://bugs.torproject.org/9574#comment:10
+   [7] https://bugs.torproject.org/9574#comment:12
 
 Latest findings regarding traffic correlation attacks
 -----------------------------------------------------
 
-Erik de Castro Lopo pointed tor-talk readers [XXX] to a new well written paper n
-amed
-“Users Get Routed: Traffic Correlation on Tor by Realistic
-Adversaries.” [XXX] To be presented at the upcoming CCS 2013 conference [XXX]
-this November in Berlin, Aaron Johnson, Chris Wacek, Rob Jansen, Micah
-Sherr, and Paul Syverson describe their experiments on traffic correlation attac
-ks.
+Erik de Castro Lopo pointed tor-talk readers [8] to a new well written
+paper named “Users Get Routed: Traffic Correlation on Tor by Realistic
+Adversaries.” [9] To be presented at the upcoming CCS 2013
+conference [10] this November in Berlin, Aaron Johnson, Chris Wacek, Rob
+Jansen, Micah Sherr, and Paul Syverson describe their experiments on
+traffic correlation attacks.
 
 This research paper follows on a long series of earlier research papers
 to better understand how Tor is vulnerable to adversaries controlling
 portions of the Tor network or monitoring users and relays at the
 network level.
 
-Roger Dingledine [XXX] wrote to tor-talk readers: “Yes, a
-big enough adversary can screw Tor users. But we knew that. I think it's
-great that the paper presents the dual risks of relay adversaries and
-link adversaries, since most of the time when people are freaking out
-about one of them they're forgetting the other one. And we really should
-raise the guard rotation period. If you do their compromise graphs again
-with guards rotated every nine months, they look way different."
-
-One tricky question with raising guard rotation period [XXX] is:
-“How do we keep clients properly balanced to match the guard
-capacities?” [XXX] It is also probably another signal for any Tails
-supporter that wish to help implementing guard persistence [XXX].
+Roger Dingledine [11] wrote to tor-talk readers: “Yes, a big enough
+adversary can screw Tor users. But we knew that. I think it’s great that
+the paper presents the dual risks of relay adversaries and link
+adversaries, since most of the time when people are freaking out about
+one of them they’re forgetting the other one. And we really should raise
+the guard rotation period. If you do their compromise graphs again with
+guards rotated every nine months, they look way different.”
+
+One tricky question with raising guard rotation period [12] is: “How do
+we keep clients properly balanced to match the guard capacities?” [13]
+It is also probably another signal for any Tails supporter that wish to
+help implementing guard persistence [14].
 
 “I have plans for writing a blog post about the paper, to explain what
-it means, what it doesn't mean, what we should do about it, and what
-research questions remain open” wrote Roger. Let's stay tuned!
-
-  [XXX] https://lists.torproject.org/pipermail/tor-talk/2013-September/029755.ht
-ml
-  [XXX] http://www.ohmygodel.com/publications/usersrouted-ccs13.pdf
-  [XXX] http://www.sigsac.org/ccs/CCS2013/
-  [XXX] https://lists.torproject.org/pipermail/tor-talk/2013-September/029756.ht
-ml
-  [XXX] https://bugs.torproject.org/8240
-  [XXX] https://bugs.torproject.org/9321
-  [XXX] https://labs.riseup.net/code/issues/5462
+it means, what it doesn’t mean, what we should do about it, and what
+research questions remain open” wrote Roger. Let’s stay tuned!
+
+   [8] https://lists.torproject.org/pipermail/tor-talk/2013-September/029755.htm
+l
+   [9] http://www.ohmygodel.com/publications/usersrouted-ccs13.pdf
+  [10] http://www.sigsac.org/ccs/CCS2013/
+  [11] https://lists.torproject.org/pipermail/tor-talk/2013-September/029756.htm
+l
+  [12] https://bugs.torproject.org/8240
+  [13] https://bugs.torproject.org/9321
+  [14] https://labs.riseup.net/code/issues/5462
 
 A peek inside the Pirate Browser
 --------------------------------
 
 Torrent-sharing website The Pirate Bay started shipping a custom
-browser — the Pirate Browser — on August 10th. They advertised using
-Tor to circumvent censorship but unfortunately did not provide any
-source code for their project.
-
-Matt Pagan examined the contents of the package [XXX] in order to get a
+browser — the Pirate Browser — on August 10th. They advertised using Tor
+to circumvent censorship but unfortunately did not provide any source
+code for their project.
+
+Matt Pagan examined the contents of the package [15] in order to get a
 better idea of what it was. He compared the contents of the Pirate
 Browser 0.6b archive using cryptographic checksums to the contents of
 the Tor Browser Bundle 2.3.25-12 (en-US version).
 
-According to Matt's findings the Pirate Browser includes unmodified
+According to Matt’s findings the Pirate Browser includes unmodified
 versions of tor 0.2.3.25 and Vidalia 0.2.20. The tor configuration
 contains slight deviation from the one shipped with the Tor Browser
 Bundle. One section labeled “Configured for speed” unfortunately shows
 wrong understanding of the Tor network. Roger Dingledine commented in a
-subsequent email [XXX]: “Just for the record, the three lines here don't
+subsequent email [16]: “Just for the record, the three lines here don’t
 help speed much (or maybe at all).”
 
 The remaining configuration change that “probably has the biggest impact
@@ -135,161 +134,144 @@
 Internet topologies.”
 
 The browser itself is based of Firefox 23.0, with FoxyProxy configured
-to use Tor only for a few specific of addresses, and a few extra
+to use Tor only for a few specific of addresses [17], and a few extra
 bookmarks.
 
-Later, Matt also highlighted [XXX] that some important extensions of the
-Tor Browser, namely HTTPS Everywhere, NoScript, and Torbutton were
-also missing from the Pirate Browser.
+Later, Matt also highlighted [18] that some important extensions of the
+Tor Browser, namely HTTPS Everywhere, NoScript, and Torbutton were also
+missing from the Pirate Browser.
 
 In any cases, the Pirate Browser is unlikely to explain the sudden
 influx of new Tor clients. grarpamp forwarded an email exchanged with
-the Pirate Browser admin contact [XXX] which shows that numbers
+the Pirate Browser admin contact [19] which shows that numbers
 (550 000 known direct downloads) and dates (“most downloads during the
 first week”) do not match.
 
-  [XXX] https://lists.torproject.org/pipermail/tor-talk/2013-August/029703.html
-  [XXX] https://lists.torproject.org/pipermail/tor-talk/2013-August/029729.html
-  [XXX] http://piratebrowser.com/piratebrowser_patterns.json
-  [XXX] https://lists.torproject.org/pipermail/tor-talk/2013-August/029707.html
-  [XXX] https://lists.torproject.org/pipermail/tor-talk/2013-August/029736.html
+  [15] https://lists.torproject.org/pipermail/tor-talk/2013-August/029703.html
+  [16] https://lists.torproject.org/pipermail/tor-talk/2013-August/029729.html
+  [17] http://piratebrowser.com/piratebrowser_patterns.json
+  [18] https://lists.torproject.org/pipermail/tor-talk/2013-August/029707.html
+  [19] https://lists.torproject.org/pipermail/tor-talk/2013-August/029736.html
 
 Monthly status reports for August 2013
 --------------------------------------
 
 The wave of regular monthly reports from Tor project members for the
-month of August has begun. Sherief Alaa released his report first [XXX], followe
-d
-by reports from George Kadianakis [XXX], Lunar [XXX], Arturo Filastò [XXX], Coli
-n C,
-Arlo Breault [XXX], Philipp Winter [XXX], Roger Dingledine [XXX] & Karsten Loesi
-ng [XXX].
-
-  [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000314
-.html
-  [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000315
-.html
-  [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000316
-.html
-  [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000317
-.html
-  [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000318
-.html
-  [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000319
-.html
-  [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000320
-.html
-  [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000321
-.html
-  [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000322
-.html
-
+month of August has begun. Sherief Alaa released his report first [20],
+followed by reports from George Kadianakis [21], Lunar [22], Arturo
+Filastò [23], Colin C. [24], Arlo Breault [25], Philipp Winter [26],
+Roger Dingledine [27], Karsten Loesing [28], and Isis Lovecruft [29].
+The later also catched up with June [30], and July [31].
+
+  [20] https://lists.torproject.org/pipermail/tor-reports/2013-September/000314.
+html
+  [21] https://lists.torproject.org/pipermail/tor-reports/2013-September/000315.
+html
+  [22] https://lists.torproject.org/pipermail/tor-reports/2013-September/000316.
+html
+  [23] https://lists.torproject.org/pipermail/tor-reports/2013-September/000317.
+html
+  [24] https://lists.torproject.org/pipermail/tor-reports/2013-September/000318.
+html
+  [25] https://lists.torproject.org/pipermail/tor-reports/2013-September/000319.
+html
+  [26] https://lists.torproject.org/pipermail/tor-reports/2013-September/000320.
+html
+  [27] https://lists.torproject.org/pipermail/tor-reports/2013-September/000321.
+html
+  [28] https://lists.torproject.org/pipermail/tor-reports/2013-September/000322.
+html
+  [29] https://lists.torproject.org/pipermail/tor-reports/2013-September/000323.
+html
+  [30] https://lists.torproject.org/pipermail/tor-reports/2013-September/000324.
+html
+  [31] https://lists.torproject.org/pipermail/tor-reports/2013-September/000325.
+html
 
 Help Desk Roundup
 -----------------
 
-This week Tor help desk saw an increase in the number of users wanting to downlo
-ad
-or install Orbot. Orbot can be downloaded from the Google Play store,
-the Amazon App store, f-droid.org, and guardianproject.info. Guides on
-using Orbot can be found on the Guardian Project's Orbot page [XXX], or
-on the Tor Project's Android page [XXX]. On the tor-talk mailing list,
-people are having a discussion about accessing Google Play store from Iran [XXX]
-.
-Join the discussion and share your experience, if you're an Android user from Ir
-an.
-
-  [XXX] https://guardianproject.info/apps/orbot/
-  [XXX] https://www.torproject.org/docs/android.html.en
-  [XXX] https://lists.torproject.org/pipermail/tor-talk/2013-September/029780.ht
-ml
-
-All the TBBs with Tor 2.4.x are working in Iran.
-This includes the latest Pluggable Transport Bundle, TBB 3.0, TBB alpha and beta
-.
-Follow our Farsi blog [XXX] for Iran related news.
-
-  [XXX] https://fa-blog.torproject.org
+This week Tor help desk saw an increase in the number of users wanting
+to download or install Orbot. Orbot can be downloaded from the Google
+Play store, the Amazon App store, f-droid.org, and guardianproject.info.
+Guides on using Orbot can be found on the Guardian Project’s Orbot
+page [32], or on the Tor Project’s Android page [33]. It looks like
+Orbot is currently inaccessible from the Google Play store in Iran.
+Please join the discussion on tor-talk [34] if you have input about the
+later.
+
+  [32] https://guardianproject.info/apps/orbot/
+  [33] https://www.torproject.org/docs/android.html
+  [34] https://lists.torproject.org/pipermail/tor-talk/2013-August/029684.html
+
+All versions of the Tor Browser Bundle which includes tor 0.2.4.x has
+been reported to work in Iran. This includes the latest Pluggable
+Transport Bundle, the 3.0 alpha series, and the 2.4 beta series.  Follow
+our Farsi blog [35] for more Iran related news.
+
+  [35] https://fa-blog.torproject.org/
 
 Miscellaneous news
 ------------------
 
-The next Tails contributors meeting [XXX] will happen on IRC the
-September 4th at 8pm UTC (10pm CEST). “Every one interested in contributing to
-Tails is welcome” to join #tails-dev on the OFTC network.
-
-  [XXX] https://mailman.boum.org/pipermail/tails-dev/2013-August/003523.html
+The next Tails contributors meeting [36] will happen on IRC the
+September 4th at 8pm UTC (10pm CEST). “Every one interested in
+contributing to Tails is welcome” to join #tails-dev on the OFTC
+network.
+
+  [36] https://mailman.boum.org/pipermail/tails-dev/2013-August/003523.html
 
 Yawning Angel has been “designing a UDP based protocol to serve as the
 bulk data transport for something along the lines of ‘obfs3, but over
 UDP’.” They are sollicitating feedback on their initial draft of the
-Lightweight Obfuscated Datagram Protocol (LODP) [XXX].
-
-  [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-August/005334.html
-
-Kévin Dunglas announced [XXX] their work on a PHP library for the Tor Control
-Port [XXX], released under the MIT license.
-
-  [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-August/005340.html
-  [XXX] https://github.com/dunglas/php-torcontrol/
-
-Kathy Brade and Mark Smith have released a first patch [XXX] for Mozilla's
-update mechanism which “successfully updated TBB on Linux, Windows, and
-Mac OS ‘in the lab’ using both incremental and ‘full replace’ updates.”
-This is meant for the 3.x series of the Tor Browser Bundle and
-is still a work a progress, but this is a significant milestone toward
-streamlined updates for TBB users.
-
-  [XXX] https://trac.torproject.org/projects/tor/ticket/4234#comment:19
+Lightweight Obfuscated Datagram Protocol (LODP) [37].
+
+  [37] https://lists.torproject.org/pipermail/tor-dev/2013-August/005334.html
+
+Kévin Dunglas announced [38] their work on a PHP library for the Tor
+Control Port [39], released under the MIT license.
+
+  [38] https://lists.torproject.org/pipermail/tor-dev/2013-August/005340.html
+  [39] https://github.com/dunglas/php-torcontrol/
+
+Kathy Brade and Mark Smith have released a first patch [40] for
+Mozilla’s update mechanism which “successfully updated TBB on Linux,
+Windows, and Mac OS ‘in the lab’ using both incremental and ‘full
+replace’ updates.” This is meant for the 3.x series of the Tor Browser
+Bundle and is still a work a progress, but this is a significant
+milestone toward streamlined updates for TBB users.
+
+  [40] https://bugs.torproject.org/4234#comment:19
 
 Erinn Clark announced that the software powering trac.torproject.org has
-been upgraded to version 0.12.3 [XXX]. Among several other improvements,
+been upgraded to version 0.12.3 [41]. Among several other improvements,
 this new version allowed Erinn to experiment with the often requested
-Git integration [XXX].
-
-  [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-August/005328.html
-  [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-September/005346.htm
-l
-
-David Goulet has released the second release candidate for the 2.0 rewrite
-of Torsocks [XXX]: “Please continue to test, review and contribute it!”
-
-  [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-September/005359.htm
-l
-
-Much to her surprise, Erinn Clark found a “fraudulent PGP key with [her] email a
-ddress”
-on the keyservers [XXX]. “Do not under any circumstances trust
-anything that may have ever been signed or encrypted with this key” of short id
-0xCEE1590D.
-She reminded that the Tor Project official signatures are listed on the project'
-s website [XXX].
-
-  [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-September/005348.htm
-l
-  [XXX] https://www.torproject.org/docs/signing-keys.html
-
-Philipp Winter published final paper version of the ScrambleSuit pluggable trans
-port [XXX],
-dubbed “A Polymorphic Network Protocol to Circumvent Censorship”.
-
-  [XXX] http://www.cs.kau.se/philwint/scramblesuit/
-  [XXX] http://www.cs.kau.se/philwint/pdf/wpes2013.pdf
-
-
-Easy Ways to Contribute This Week
----------------------------------
-
-Each week will be listed here some simple tasks that people who want to begin to
- contribute to the Tor Project could do.
-If you're hacking on Tor and want a ticket featured here, add "easy" to the keyw
-ords field.
-
-Highlighted this week: simple edit to Tor's man page [XXX], a usability issue wi
-th the check.torproject.org page [XXX]
-
-  [XXX] https://trac.torproject.org/projects/tor/ticket/9222
-  [XXX] https://trac.torproject.org/projects/tor/ticket/9631
+Git integration [42].
+
+  [41] https://lists.torproject.org/pipermail/tor-dev/2013-August/005328.html
+  [42] https://lists.torproject.org/pipermail/tor-dev/2013-September/005346.html
+
+David Goulet has released the second release candidate for the 2.0
+rewrite of Torsocks [43]: “Please continue to test, review and
+contribute it!”
+
+  [43] https://lists.torproject.org/pipermail/tor-dev/2013-September/005359.html
+
+Much to her surprise, Erinn Clark found a “fraudulent PGP key with [her]
+email address” on the keyservers [44]. “Do not under any circumstances
+trust anything that may have ever been signed or encrypted with this
+key” of short id 0xCEE1590D.  She reminded that the Tor Project official
+signatures are listed on the project’s website [45].
+
+  [44] https://lists.torproject.org/pipermail/tor-dev/2013-September/005348.html
+  [45] https://www.torproject.org/docs/signing-keys.html
+
+Philipp Winter published final paper version [46] of the ScrambleSuit
+pluggable transport [47], dubbed “A Polymorphic Network Protocol to
+Circumvent Censorship”.
+
+  [46] http://www.cs.kau.se/philwint/pdf/wpes2013.pdf
+  [47] http://www.cs.kau.se/philwint/scramblesuit/
 
 Upcoming events
 ---------------
@@ -311,11 +293,13 @@
 
 Want to continue reading TWN? Please help us create this newsletter.
 We still need more volunteers to watch the Tor community and report
-important news. Please see the project page [XXX], write down your
-name and subscribe to the team mailing-list [XXX] if you want to
+important news. Please see the project page [48], write down your
+name and subscribe to the team mailing list [49] if you want to
 get involved!
 
-  [XXX] https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
-  [XXX] https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
-
-   Possible items:
+  [48] https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
+  [49] https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
+
+References
+
+   1. file://localhost/projects/tor/wiki/TorWeeklyNews/2013/10

***************************************************************************


-- 
urlwatch 1.11, Copyright 2008-2010 Thomas Perl
Website: http://thpinfo.com/2008/urlwatch/
watched 1 URLs in 1 seconds