[TWN team] Recent changes to the wiki pages
Lunar
lunar at torproject.org
Tue Sep 10 13:40:15 UTC 2013
===========================================================================
=== https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews/2013/10 ===
===========================================================================
version 67
Author: lunar
Date: 2013-09-10T12:53:44+00:00
proper apostrophes
--- version 66
+++ version 67
@@ -2,7 +2,7 @@
'''Editor:''' Lunar
-'''Status:''' '''FROZEN'''. New items should go to [wiki:TorWeeklyNews/2013/11 next week edition]. Expected release time 2013-09-11 12:00 UTC. ''
+'''Status:''' '''FROZEN'''. New items should go to [wiki:TorWeeklyNews/2013/11 next week edition]. Expected release time 2013-09-11 12:00 UTC. ''
'''Subject:''' Tor Weekly News — September, 11th 2013
@@ -17,85 +17,85 @@
tor 0.2.4.17-rc is out
----------------------
-There are now confirmations [1] that the sudden influx of Tor clients
-which started mid-August [2] is indeed coming from a botnet. “I guess
-all that work we've been doing on scalability was a good idea” wrote
+There are now confirmations [1] that the sudden influx of Tor clients
+which started mid-August [2] is indeed coming from a botnet. “I guess
+all that work we’ve been doing on scalability was a good idea” wrote
Roger Dingledine wrote in a blog post about “how to handle millions of
-new Tor clients” [3].
+new Tor clients” [3].
On September 5th, Roger Dingledine announced the release of the third
-release candidate for the tor 0.2.4 series [4]. This is an emergency
+release candidate for the tor 0.2.4 series [4]. This is an emergency
release “to help us tolerate the massive influx of users: 0.2.4 clients
using the new (faster and safer) ‘NTor’ circuit-level handshakes now
effectively jump the queue compared to the 0.2.3 clients using ‘TAP’
-handshakes” [5].
+handshakes” [5].
It also contains several minor bugfixes and some new status messages for
better monitoring of the current situation.
-Roger asked relay operators to upgrade to 0.2.4.17-rc [6]: “the more
+Roger asked relay operators to upgrade to 0.2.4.17-rc [6]: “the more
relays that upgrade to 0.2.4.17-rc, the more stable and fast Tor will be
for 0.2.4 users, despite the huge circuit overload that the network is
seeing.”
For relays running Debian or Ubuntu, upgrading to the development branch
-can be done using the Tor project's package repository [7]. New versions
-of the beta branch of the Tor Browser Bundle are also available [8]
+can be done using the Tor project’s package repository [7]. New versions
+of the beta branch of the Tor Browser Bundle are also available [8]
since September 6th. The next Tails release, scheduled for September
-19th [9] will also contain 0.2.4.17-rc [10].
+19th [9] will also contain 0.2.4.17-rc [10].
Hopefully, this will be the last release candidate. What looks missing
at this point to declare the 0.2.4.x series stable is simply enough time
to finish the release notes.
- [1] http://blog.fox-it.com/2013/09/05/large-botnet-cause-of-recent-tor-network-overload/
- [2] https://lists.torproject.org/pipermail/tor-talk/2013-September/029822.html
- [3] https://blog.torproject.org/blog/how-to-handle-millions-new-tor-clients
- [4] https://lists.torproject.org/pipermail/tor-talk/2013-September/029857.html
- [5] https://bugs.torproject.org/9574
- [6] https://lists.torproject.org/pipermail/tor-relays/2013-September/002701.html
- [7] https://www.torproject.org/docs/debian.html.en#development
- [8] https://blog.torproject.org/blog/new-tor-02417-rc-packages
- [9] https://mailman.boum.org/pipermail/tails-dev/2013-September/003622.html
- [10] https://mailman.boum.org/pipermail/tails-dev/2013-September/003621.html
+ [1] http://blog.fox-it.com/2013/09/05/large-botnet-cause-of-recent-tor-network-overload/
+ [2] https://lists.torproject.org/pipermail/tor-talk/2013-September/029822.html
+ [3] https://blog.torproject.org/blog/how-to-handle-millions-new-tor-clients
+ [4] https://lists.torproject.org/pipermail/tor-talk/2013-September/029857.html
+ [5] https://bugs.torproject.org/9574
+ [6] https://lists.torproject.org/pipermail/tor-relays/2013-September/002701.html
+ [7] https://www.torproject.org/docs/debian.html.en#development
+ [8] https://blog.torproject.org/blog/new-tor-02417-rc-packages
+ [9] https://mailman.boum.org/pipermail/tails-dev/2013-September/003622.html
+ [10] https://mailman.boum.org/pipermail/tails-dev/2013-September/003621.html
The future of Tor cryptography
------------------------------
After the last round of revelations from Edward Snowden, described as
-“explosive” by Bruce Schneier [11], several threads started on the
+“explosive” by Bruce Schneier [11], several threads started on the
tor-talk mailing list to discuss Tor cryptography.
A lot of what has been written is speculative at this point. But some
-have raised concerns [12] about 1024 bit Diffie-Helmank key
-exchange [13]. This has already been adressed with the introduction of
-the “ntor” handshake [14] in 0.2.4 and Nick Mathewson encourages
-everybody to upgrade [15].
-
-Another thread [16] prompted Nick to summarize [17] its views on the
+have raised concerns [12] about 1024 bit Diffie-Helmank key
+exchange [13]. This has already been adressed with the introduction of
+the “ntor” handshake [14] in 0.2.4 and Nick Mathewson encourages
+everybody to upgrade [15].
+
+Another thread [16] prompted Nick to summarize [17] its views on the
future of Tor cryptography. Regarding public keys, “with Tor 0.2.4,
forward secrecy uses 256-bit ECC, which is certainly better, but
RSA-1024 is still used in some places for signatures. I want to fix all
-that in 0.2.5 — see proposal 220 [18], and George Kadianakis’ draft
-hidden service improvements [19,20], and so forth.” Regarding symmetric
+that in 0.2.5 — see proposal 220 [18], and George Kadianakis’ draft
+hidden service improvements [19,20], and so forth.” Regarding symmetric
keys, Nick wrote: “We’re using AES128. I’m hoping to move to XSalsa20
or something like it.” In response to a query, Nick clarifies that he
-doesn't think AES is broken: only hard to implement right, and only
+doesn’t think AES is broken: only hard to implement right, and only
provided in TLS in concert with modes that are somewhat (GCM) or fairly
(CBC) problematic.
The effort to design better cryptography for the Tor protocols is not
-new. More than a year ago, Nick Mathewson presented proposal 202 [21]
+new. More than a year ago, Nick Mathewson presented proposal 202 [21]
outlining two possible new relay encryption protocols for Tor cells.
-Nick mentioned that he's waiting for a promising paper to get finished
+Nick mentioned that he’s waiting for a promising paper to get finished
here before implementation.
-A third question was raised [22] regarding the trust in algorithms
-certified by the US NIST [23]. Nick speculations put aside, he also
+A third question was raised [22] regarding the trust in algorithms
+certified by the US NIST [23]. Nick speculations put aside, he also
emphasised that several NIST algorithms were “hard to implement
-correctly” [24].
-
-Nick also plans to change more algorithms [25]: “Over the 0.2.5 series,
+correctly” [24].
+
+Nick also plans to change more algorithms [25]: “Over the 0.2.5 series,
I want to move even more things (including hidden services) to
curve25519 and its allies for public key crypto. I also want to add
more hard-to-implement-wrong protocols to our mix: Salsa20 is looking
@@ -104,27 +104,27 @@
Nick concluded one of his email with “these are interesting times for
crypto”. It sounds like a good way to put it.
- [11] https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html
- [12] https://lists.torproject.org/pipermail/tor-talk/2013-September/029917.html
- [13] https://en.wikipedia.org/wiki/Diffie–Hellman_key_exchange
- [14] https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/216-ntor-handshake.txt
- [15] https://lists.torproject.org/pipermail/tor-talk/2013-September/029930.html
- [16] https://lists.torproject.org/pipermail/tor-talk/2013-September/029927.html
- [17] https://lists.torproject.org/pipermail/tor-talk/2013-September/029941.html
- [18] https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/220-ecc-id-keys.txt
- [19] https://lists.torproject.org/pipermail/tor-dev/2013-August/005279.html
- [20] https://lists.torproject.org/pipermail/tor-dev/2013-August/005280.html
- [21] https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/202-improved-relay-crypto.txt
- [22] https://lists.torproject.org/pipermail/tor-talk/2013-September/029933.html
- [23] https://en.wikipedia.org/wiki/National_Institute_of_Standards_and_Technology
- [24] https://lists.torproject.org/pipermail/tor-talk/2013-September/029937.html
- [25] https://lists.torproject.org/pipermail/tor-talk/2013-September/029929.html
+ [11] https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html
+ [12] https://lists.torproject.org/pipermail/tor-talk/2013-September/029917.html
+ [13] https://en.wikipedia.org/wiki/Diffie–Hellman_key_exchange
+ [14] https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/216-ntor-handshake.txt
+ [15] https://lists.torproject.org/pipermail/tor-talk/2013-September/029930.html
+ [16] https://lists.torproject.org/pipermail/tor-talk/2013-September/029927.html
+ [17] https://lists.torproject.org/pipermail/tor-talk/2013-September/029941.html
+ [18] https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/220-ecc-id-keys.txt
+ [19] https://lists.torproject.org/pipermail/tor-dev/2013-August/005279.html
+ [20] https://lists.torproject.org/pipermail/tor-dev/2013-August/005280.html
+ [21] https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/202-improved-relay-crypto.txt
+ [22] https://lists.torproject.org/pipermail/tor-talk/2013-September/029933.html
+ [23] https://en.wikipedia.org/wiki/National_Institute_of_Standards_and_Technology
+ [24] https://lists.torproject.org/pipermail/tor-talk/2013-September/029937.html
+ [25] https://lists.torproject.org/pipermail/tor-talk/2013-September/029929.html
Toward a better performance measurement tool
--------------------------------------------
-“I just finished […] sketching out the requirements and a software
-design for a new Torperf implementation“ announced Karsten Loesing [26]
+“I just finished […] sketching out the requirements and a software
+design for a new Torperf implementation“ announced Karsten Loesing [26]
on the tor-dev mailing list.
The report begins with: “Four years ago, we presented a simple tool to
@@ -132,7 +132,7 @@
requests static files of three different sizes over the Tor network and
logs timestamps of various request substeps. These data turned out to be
quite useful to observe user-perceived network performance over
-time [27]. However, static file downloads are not the typical use case
+time [27]. However, static file downloads are not the typical use case
of a user browsing the web using Tor, so absolute numbers are not very
meaningful. Also, Torperf consists of a bunch of shell scripts which
makes it neither very user-friendly to set up and run, nor extensible to
@@ -145,132 +145,132 @@
on upload capacity.
Karsten added “neither the requirements nor the software design are set
-in stone, and the implementation, well, does not exist yet. Plenty of
-options for giving feedback and helping out, and most parts don't even
-require specific experience with hacking on Tor. Just in case somebody's
+in stone, and the implementation, well, does not exist yet. Plenty of
+options for giving feedback and helping out, and most parts don’t even
+require specific experience with hacking on Tor. Just in case somebody’s
looking for an introductory Tor project to hack on.”
Saytha already wrote that this was enough material to get the
-implementation started [28]. The project needs enough work for anyone
+implementation started [28]. The project needs enough work for anyone
interested. Feel free to join him!
- [26] https://lists.torproject.org/pipermail/tor-dev/2013-September/005386.html
- [27] https://metrics.torproject.org/performance.html
- [28] https://lists.torproject.org/pipermail/tor-dev/2013-September/005388.html
+ [26] https://lists.torproject.org/pipermail/tor-dev/2013-September/005386.html
+ [27] https://metrics.torproject.org/performance.html
+ [28] https://lists.torproject.org/pipermail/tor-dev/2013-September/005388.html
More monthly status reports for August 2013
-------------------------------------------
The wave of regular monthly reports from Tor project members continued
-this week with Sukhbir Singh [29], Matt Pagan [30], Ximin Luo [31],
-mrphs [32], Pearl Crescent [33], Andrew Lewman [34], Mike Perry [35],
-Kelley Misata [36], Nick Mathewson [37], Jason Tsai [38], Tails [39],
-Aaron [40], and Damian Johnson [41].
-
- [29] https://lists.torproject.org/pipermail/tor-reports/2013-September/000326.html
- [30] https://lists.torproject.org/pipermail/tor-reports/2013-September/000327.html
- [31] https://lists.torproject.org/pipermail/tor-reports/2013-September/000328.html
- [32] https://lists.torproject.org/pipermail/tor-reports/2013-September/000329.html
- [33] https://lists.torproject.org/pipermail/tor-reports/2013-September/000330.html
- [34] https://lists.torproject.org/pipermail/tor-reports/2013-September/000331.html
- [35] https://lists.torproject.org/pipermail/tor-reports/2013-September/000332.html
- [36] https://lists.torproject.org/pipermail/tor-reports/2013-September/000333.html
- [37] https://lists.torproject.org/pipermail/tor-reports/2013-September/000334.html
- [38] https://lists.torproject.org/pipermail/tor-reports/2013-September/000335.html
- [39] https://lists.torproject.org/pipermail/tor-reports/2013-September/000336.html
- [40] https://lists.torproject.org/pipermail/tor-reports/2013-September/000337.html
- [41] https://lists.torproject.org/pipermail/tor-reports/2013-September/000338.html
+this week with Sukhbir Singh [29], Matt Pagan [30], Ximin Luo [31],
+mrphs [32], Pearl Crescent [33], Andrew Lewman [34], Mike Perry [35],
+Kelley Misata [36], Nick Mathewson [37], Jason Tsai [38], Tails [39],
+Aaron [40], and Damian Johnson [41].
+
+ [29] https://lists.torproject.org/pipermail/tor-reports/2013-September/000326.html
+ [30] https://lists.torproject.org/pipermail/tor-reports/2013-September/000327.html
+ [31] https://lists.torproject.org/pipermail/tor-reports/2013-September/000328.html
+ [32] https://lists.torproject.org/pipermail/tor-reports/2013-September/000329.html
+ [33] https://lists.torproject.org/pipermail/tor-reports/2013-September/000330.html
+ [34] https://lists.torproject.org/pipermail/tor-reports/2013-September/000331.html
+ [35] https://lists.torproject.org/pipermail/tor-reports/2013-September/000332.html
+ [36] https://lists.torproject.org/pipermail/tor-reports/2013-September/000333.html
+ [37] https://lists.torproject.org/pipermail/tor-reports/2013-September/000334.html
+ [38] https://lists.torproject.org/pipermail/tor-reports/2013-September/000335.html
+ [39] https://lists.torproject.org/pipermail/tor-reports/2013-September/000336.html
+ [40] https://lists.torproject.org/pipermail/tor-reports/2013-September/000337.html
+ [41] https://lists.torproject.org/pipermail/tor-reports/2013-September/000338.html
Miscellaneous news
------------------
Not all new Tor users are computer programs! According to their latest
-report [42], Tails is now booted twice as much as six months ago (from
+report [42], Tails is now booted twice as much as six months ago (from
100 865 to 190 521 connections to the security feed).
- [42] https://lists.torproject.org/pipermail/tor-reports/2013-September/000336.html
-
-Thanks Frenn vun der Enn [43] for setting up a new mirror [44] of the
+ [42] https://lists.torproject.org/pipermail/tor-reports/2013-September/000336.html
+
+Thanks Frenn vun der Enn [43] for setting up a new mirror [44] of the
Tor project website.
- [43] http://enn.lu/
- [44] https://lists.torproject.org/pipermail/tor-mirrors/2013-September/000351.html
+ [43] http://enn.lu/
+ [44] https://lists.torproject.org/pipermail/tor-mirrors/2013-September/000351.html
With the Google Summer of Code ending in two weeks, the students have
sent their the next to last reports: Kostas Jakeliunas for the
-Searchable metrics archive [45], Johannes Fürmann for EvilGenius [46],
-Hareesan for the Steganography Browser Extension [47], and
-Cristian-Matei Toader for Tor capabilities [48].
-
- [45] https://lists.torproject.org/pipermail/tor-dev/2013-September/005380.html
- [46] https://lists.torproject.org/pipermail/tor-dev/2013-September/005394.html
- [47] https://lists.torproject.org/pipermail/tor-dev/2013-September/005409.html
- [48] https://lists.torproject.org/pipermail/tor-dev/2013-September/005412.html
-
-Damian Johnson anounced [49] he had completed the rewrite of DocTor in
-Python [50], “a service that pulls hourly consensus information and
+Searchable metrics archive [45], Johannes Fürmann for EvilGenius [46],
+Hareesan for the Steganography Browser Extension [47], and
+Cristian-Matei Toader for Tor capabilities [48].
+
+ [45] https://lists.torproject.org/pipermail/tor-dev/2013-September/005380.html
+ [46] https://lists.torproject.org/pipermail/tor-dev/2013-September/005394.html
+ [47] https://lists.torproject.org/pipermail/tor-dev/2013-September/005409.html
+ [48] https://lists.torproject.org/pipermail/tor-dev/2013-September/005412.html
+
+Damian Johnson anounced [49] he had completed the rewrite of DocTor in
+Python [50], “a service that pulls hourly consensus information and
checks it for a host of issues (directory authority outages, expiring
certificates, etc). In the case of a problem it notifies
-tor-consensus-health@ [51], and we in turn give the authority operator a
+tor-consensus-health@ [51], and we in turn give the authority operator a
heads up.”
- [49] https://lists.torproject.org/pipermail/tor-reports/2013-September/000338.html
- [50] https://gitweb.torproject.org/doctor.git
- [51] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-consensus-health
-
-Matt Pagan has migrated [52] several Frequently Asked Questions from the
-wiki to the official Tor website [53]. This should enable more users to
+ [49] https://lists.torproject.org/pipermail/tor-reports/2013-September/000338.html
+ [50] https://gitweb.torproject.org/doctor.git
+ [51] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-consensus-health
+
+Matt Pagan has migrated [52] several Frequently Asked Questions from the
+wiki to the official Tor website [53]. This should enable more users to
find the answers they need!
- [52] https://svn.torproject.org/cgi-bin/viewvc.cgi/Tor?view=revision&revision=26333
- [53] https://www.torproject.org/docs/faq.html
-
-In his previous call for help to collect more statistics [54], addressed
+ [52] https://svn.torproject.org/cgi-bin/viewvc.cgi/Tor?view=revision&revision=26333
+ [53] https://www.torproject.org/docs/faq.html
+
+In his previous call for help to collect more statistics [54], addressed
at bridge operators, George Kadianakis forgot to mention that an extra
line with “ExtORPort 6669” needed to be added to tor configuration
-file [55]. Make sure you do have it if you are running a bridge on tor
+file [55]. Make sure you do have it if you are running a bridge on tor
master branch.
- [54] https://lists.torproject.org/pipermail/tor-relays/2013-August/002477.html
- [55] https://lists.torproject.org/pipermail/tor-relays/2013-September/002691.html
+ [54] https://lists.torproject.org/pipermail/tor-relays/2013-August/002477.html
+ [55] https://lists.torproject.org/pipermail/tor-relays/2013-September/002691.html
For the upgrade of tor to the 0.2.4.x series in Tails, a tester spotted
a regression while “playing with an ISO built from experimental, thanks
-to our Jenkins autobuilder” [56]. This mark a significant milestone in
-the work on automated builds [57] done by the several member of the
+to our Jenkins autobuilder” [56]. This mark a significant milestone in
+the work on automated builds [57] done by the several member of the
Tails team in the course of the last year!
- [56] https://mailman.boum.org/pipermail/tails-dev/2013-September/003617.html
- [57] https://labs.riseup.net/code/issues/5324
+ [56] https://mailman.boum.org/pipermail/tails-dev/2013-September/003617.html
+ [57] https://labs.riseup.net/code/issues/5324
Tails next low-hanging fruits session will be on September 21st at
-08:00 UTC [58]. Mark the date if you want to get involved!
-
- [58] https://mailman.boum.org/pipermail/tails-dev/2013-September/003566.html
-
-David Fifield gave some tips on how to setup a test infrastructure [59]
-for flash proxy [60].
-
- [59] https://lists.torproject.org/pipermail/tor-dev/2013-September/005402.html
- [60] https://crypto.stanford.edu/flashproxy/
-
-Marek Majkowski reported [61] on how one can use his fluxcapacitor
-tool [62] to get a test Tor network started with Chutney [63] ready is
+08:00 UTC [58]. Mark the date if you want to get involved!
+
+ [58] https://mailman.boum.org/pipermail/tails-dev/2013-September/003566.html
+
+David Fifield gave some tips on how to setup a test infrastructure [59]
+for flash proxy [60].
+
+ [59] https://lists.torproject.org/pipermail/tor-dev/2013-September/005402.html
+ [60] https://crypto.stanford.edu/flashproxy/
+
+Marek Majkowski reported [61] on how one can use his fluxcapacitor
+tool [62] to get a test Tor network started with Chutney [63] ready is
only 6.5 seconds. A vast improvement over the 5 minutes he initially had
-to wait [64]!
-
- [61] https://lists.torproject.org/pipermail/tor-dev/2013-September/005403.html
- [62] https://github.com/majek/fluxcapacitor.git
- [63] https://gitweb.torproject.org/chutney.git
- [64] https://lists.torproject.org/pipermail/tor-dev/2013-September/005413.html
-
-Eugen Leitl drew attention [65] to a new research paper which aims to
+to wait [64]!
+
+ [61] https://lists.torproject.org/pipermail/tor-dev/2013-September/005403.html
+ [62] https://github.com/majek/fluxcapacitor.git
+ [63] https://gitweb.torproject.org/chutney.git
+ [64] https://lists.torproject.org/pipermail/tor-dev/2013-September/005413.html
+
+Eugen Leitl drew attention [65] to a new research paper which aims to
analyse content and popularity of Hidden Services by Alex Biryukov, Ivan
Pustogarov, and Ralf-Philipp Weinmann from University of
-Luxembourg [66].
-
- [65] https://lists.torproject.org/pipermail/tor-talk/2013-September/029856.html
- [66] http://cryptome.org/2013/09/tor-analysis-hidden-services.pdf
+Luxembourg [66].
+
+ [65] https://lists.torproject.org/pipermail/tor-talk/2013-September/029856.html
+ [66] http://cryptome.org/2013/09/tor-analysis-hidden-services.pdf
Tor Help Desk roundup
---------------------
@@ -282,9 +282,9 @@
There is absolutely no backdoor in Tor. Tor project members have been
vocal in the past about how tremendously irresponsible it would be to
-backdoor our users [67]. As it is a frequently asked question, users
+backdoor our users [67]. As it is a frequently asked question, users
have been encouraged to read how the project would respond to
-institutional pressure [68].
+institutional pressure [68].
The Tor project does not have any more facts about NSA’s cryptanalysis
capabilities than what have been published in newspapers. Even if there
@@ -292,33 +292,33 @@
is to pace on the safe side by using more trusted algorithms for the Tor
protocols. See above for a more detailed write-up.
- [67] https://blog.torproject.org/blog/calea-2-and-tor
- [68] http://www.torproject.org/docs/faq.html.en#Backdoor
+ [67] https://blog.torproject.org/blog/calea-2-and-tor
+ [68] http://www.torproject.org/docs/faq.html.en#Backdoor
Help the Tor community!
-----------------------
Tor is about protecting everyone’s freedom and privacy. There are many
-way to help [69] but getting involved in such a busy community can be
-daunting. Here's a selection of tasks on which one can get started:
-
-Get tor to log the source of control port connection [70]. It would help
-developping controller applications or libraries (like Stem [71]) to
+way to help [69] but getting involved in such a busy community can be
+daunting. Here’s a selection of tasks on which one can get started:
+
+Get tor to log the source of control port connection [70]. It would help
+developping controller applications or libraries (like Stem [71]) to
know which program is responsible for a given access to the control
facilities of the tor daemon. Knowledge required: C programming, basic
understanding of network sockets.
-Diagnose what is currently wrong with Tor Cloud images [72]. Tor
-Cloud [73] is an easy way to deploy bridges and it looks like the
-automatic upgrade procedure had troubles. Let's have these virtual
+Diagnose what is currently wrong with Tor Cloud images [72]. Tor
+Cloud [73] is an easy way to deploy bridges and it looks like the
+automatic upgrade procedure had troubles. Let’s have these virtual
machines be again useful for censored users. Knowledge required: basic
understanding of Ubuntu system administration.
- [69] https://www.torproject.org/getinvolved/volunteer.html.en
- [70] https://bugs.torproject.org/9698
- [71] https://stem.torproject.org/
- [72] https://lists.torproject.org/pipermail/tor-dev/2013-September/005417.html
- [73] https://cloud.torproject.org/
+ [69] https://www.torproject.org/getinvolved/volunteer.html.en
+ [70] https://bugs.torproject.org/9698
+ [71] https://stem.torproject.org/
+ [72] https://lists.torproject.org/pipermail/tor-dev/2013-September/005417.html
+ [73] https://cloud.torproject.org/
Upcoming events
---------------
@@ -341,10 +341,10 @@
Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
-important news. Please see the project page [74], write down your
-name and subscribe to the team mailing list [75] if you want to
+important news. Please see the project page [74], write down your
+name and subscribe to the team mailing list [75] if you want to
get involved!
- [74] https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
- [75] https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
+ [74] https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
+ [75] https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
}}}
version 66
Author: lunar
Date: 2013-09-10T12:47:48+00:00
fix release time
--- version 65
+++ version 66
@@ -2,7 +2,7 @@
'''Editor:''' Lunar
-'''Status:''' '''FROZEN'''. New items should go to [wiki:TorWeeklyNews/2013/11 next week edition]. Expected release time 2013-09-11 14:00 UTC. ''
+'''Status:''' '''FROZEN'''. New items should go to [wiki:TorWeeklyNews/2013/11 next week edition]. Expected release time 2013-09-11 12:00 UTC. ''
'''Subject:''' Tor Weekly News — September, 11th 2013
version 65
Author: lunar
Date: 2013-09-10T12:45:31+00:00
reword freeze message
--- version 64
+++ version 65
@@ -2,7 +2,7 @@
'''Editor:''' Lunar
-'''Status:''' '''FROZEN'''. Changes should go to [wiki:TorWeeklyNews/2013/11 next week edition]. Expected release time 2013-09-11 14:00 UTC. ''
+'''Status:''' '''FROZEN'''. New items should go to [wiki:TorWeeklyNews/2013/11 next week edition]. Expected release time 2013-09-11 14:00 UTC. ''
'''Subject:''' Tor Weekly News — September, 11th 2013
version 64
Author: lunar
Date: 2013-09-10T12:43:46+00:00
FREEZE
--- version 63
+++ version 64
@@ -1,6 +1,8 @@
''Eleventh issue of Tor Weekly News. Covering what's happening from from September 4th, 2013 to September 10th, 2013. To be released on September 11th, 2013.''
'''Editor:''' Lunar
+
+'''Status:''' '''FROZEN'''. Changes should go to [wiki:TorWeeklyNews/2013/11 next week edition]. Expected release time 2013-09-11 14:00 UTC. ''
'''Subject:''' Tor Weekly News — September, 11th 2013
@@ -345,7 +347,4 @@
[74] https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
[75] https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
-}}}
-
-Possible items:
-* How about mention Stack Exchange page for Tor? It is getting closer http://area51.stackexchange.com/proposals/56447/tor-online-anonymity-privacy-and-security+}}}
version 63
Author: lunar
Date: 2013-09-10T12:37:56+00:00
prepare for freeze
--- version 62
+++ version 63
@@ -9,128 +9,128 @@
Tor Weekly News September 11th, 2013
========================================================================
-Welcome to the eleventh issue of Tor Weekly News, the weekly newsletter that
-covers what is happening in the taut Tor community.
-
-Tor 0.2.4.17-rc is out
+Welcome to the eleventh issue of Tor Weekly News, the weekly newsletter
+that covers what is happening in the taut Tor community.
+
+tor 0.2.4.17-rc is out
----------------------
-There are now confirmations [XXX] that the sudden influx of Tor clients which
-started mid-August [XXX] is indeed coming from a botnet. “I guess all that
-work we've been doing on scalability was a good idea” wrote Roger
-Dingledine wrote in a blog post about “how to handle millions of new
-Tor clients” [XXX].
-
-On September 5th, Roger Dingledine announced the release of the third
-release candidate for the tor 0.2.4 series [XXX]. This is an emergency
-release “to help us tolerate the massive influx of users: 0.2.4 clients
-using the new (faster and safer) ‘NTor’ circuit-level handshakes now
-effectively jump the queue compared to the 0.2.3 clients using ‘TAP’
-handshakes” [XXX].
+There are now confirmations [1] that the sudden influx of Tor clients
+which started mid-August [2] is indeed coming from a botnet. “I guess
+all that work we've been doing on scalability was a good idea” wrote
+Roger Dingledine wrote in a blog post about “how to handle millions of
+new Tor clients” [3].
+
+On September 5th, Roger Dingledine announced the release of the third
+release candidate for the tor 0.2.4 series [4]. This is an emergency
+release “to help us tolerate the massive influx of users: 0.2.4 clients
+using the new (faster and safer) ‘NTor’ circuit-level handshakes now
+effectively jump the queue compared to the 0.2.3 clients using ‘TAP’
+handshakes” [5].
It also contains several minor bugfixes and some new status messages for
better monitoring of the current situation.
-Roger asked relay operators to upgrade to 0.2.4.17-rc [XXX]: “the more
+Roger asked relay operators to upgrade to 0.2.4.17-rc [6]: “the more
relays that upgrade to 0.2.4.17-rc, the more stable and fast Tor will be
for 0.2.4 users, despite the huge circuit overload that the network is
seeing.”
-For relays running Debian or Ubuntu, upgrading to the development branch
-can be done using the Tor project's package repository [XXX]. New
-versions of the beta branch of the Tor Browser Bundle are also
-available [XXX] since September 6th. The next Tails release, scheduled
-for September 19th [XXX] will also contain 0.2.4.17-rc [XXX].
-
-Hopefully, this will be the last release candidate. What looks missing
+For relays running Debian or Ubuntu, upgrading to the development branch
+can be done using the Tor project's package repository [7]. New versions
+of the beta branch of the Tor Browser Bundle are also available [8]
+since September 6th. The next Tails release, scheduled for September
+19th [9] will also contain 0.2.4.17-rc [10].
+
+Hopefully, this will be the last release candidate. What looks missing
at this point to declare the 0.2.4.x series stable is simply enough time
to finish the release notes.
- [XXX] http://blog.fox-it.com/2013/09/05/large-botnet-cause-of-recent-tor-network-overload/
- [XXX] https://lists.torproject.org/pipermail/tor-talk/2013-September/029822.html
- [XXX] https://blog.torproject.org/blog/how-to-handle-millions-new-tor-clients
- [XXX] https://lists.torproject.org/pipermail/tor-talk/2013-September/029857.html
- [XXX] https://trac.torproject.org/projects/tor/ticket/9574
- [XXX] https://lists.torproject.org/pipermail/tor-relays/2013-September/002701.html
- [XXX] https://www.torproject.org/docs/debian.html.en#development
- [XXX] https://blog.torproject.org/blog/new-tor-02417-rc-packages
- [XXX] https://mailman.boum.org/pipermail/tails-dev/2013-September/003622.html
- [XXX] https://mailman.boum.org/pipermail/tails-dev/2013-September/003621.html
+ [1] http://blog.fox-it.com/2013/09/05/large-botnet-cause-of-recent-tor-network-overload/
+ [2] https://lists.torproject.org/pipermail/tor-talk/2013-September/029822.html
+ [3] https://blog.torproject.org/blog/how-to-handle-millions-new-tor-clients
+ [4] https://lists.torproject.org/pipermail/tor-talk/2013-September/029857.html
+ [5] https://bugs.torproject.org/9574
+ [6] https://lists.torproject.org/pipermail/tor-relays/2013-September/002701.html
+ [7] https://www.torproject.org/docs/debian.html.en#development
+ [8] https://blog.torproject.org/blog/new-tor-02417-rc-packages
+ [9] https://mailman.boum.org/pipermail/tails-dev/2013-September/003622.html
+ [10] https://mailman.boum.org/pipermail/tails-dev/2013-September/003621.html
The future of Tor cryptography
------------------------------
After the last round of revelations from Edward Snowden, described as
-“explosive” by Bruce Schneier [XXX], several threads started on the
+“explosive” by Bruce Schneier [11], several threads started on the
tor-talk mailing list to discuss Tor cryptography.
A lot of what has been written is speculative at this point. But some
-have raised concerns [XXX] about 1024 bit Diffie-Helmank key exchange [XXX].
-This has already been adressed with the introduction of the “ntor”
-handshake [XXX] in 0.2.4 and Nick Mathewson encourages everybody to
-upgrade [XXX].
-
-Another thread [XXX] prompted Nick to summarize [XXX] its
-views on the future of Tor cryptography. Regarding public keys, “with
-Tor 0.2.4, forward secrecy uses 256-bit ECC, which is certainly
-better, but RSA-1024 is still used in some places for signatures.
-I want to fix all that in 0.2.5 — see proposal 220 [XXX], and George
-Kadianakis’ draft hidden service improvements [XXX,XXX], and so forth.”
-Regarding symmetric keys, Nick wrote: “We’re using AES128. I’m hoping
-to move to XSalsa20 or something like it.” In response to a query, Nick
-clarifies that he doesn't think AES is broken: only hard to implement right,
-and only provided in TLS in concert with modes that are somewhat (GCM)
-or fairly (CBC) problematic.
+have raised concerns [12] about 1024 bit Diffie-Helmank key
+exchange [13]. This has already been adressed with the introduction of
+the “ntor” handshake [14] in 0.2.4 and Nick Mathewson encourages
+everybody to upgrade [15].
+
+Another thread [16] prompted Nick to summarize [17] its views on the
+future of Tor cryptography. Regarding public keys, “with Tor 0.2.4,
+forward secrecy uses 256-bit ECC, which is certainly better, but
+RSA-1024 is still used in some places for signatures. I want to fix all
+that in 0.2.5 — see proposal 220 [18], and George Kadianakis’ draft
+hidden service improvements [19,20], and so forth.” Regarding symmetric
+keys, Nick wrote: “We’re using AES128. I’m hoping to move to XSalsa20
+or something like it.” In response to a query, Nick clarifies that he
+doesn't think AES is broken: only hard to implement right, and only
+provided in TLS in concert with modes that are somewhat (GCM) or fairly
+(CBC) problematic.
The effort to design better cryptography for the Tor protocols is not
-new. More than a year ago, Nick Mathewson presented proposal 202 [XXX]
-outlining two possible new relay encryption protocols for Tor cells. Nick
-mentioned that he's waiting for a promising paper to get finished here
-before implementation.
-
-A third question was raised [XXX] regarding the trust in algorithms
-certified by the US NIST [XXX]. Nick speculations put aside, he also
+new. More than a year ago, Nick Mathewson presented proposal 202 [21]
+outlining two possible new relay encryption protocols for Tor cells.
+Nick mentioned that he's waiting for a promising paper to get finished
+here before implementation.
+
+A third question was raised [22] regarding the trust in algorithms
+certified by the US NIST [23]. Nick speculations put aside, he also
emphasised that several NIST algorithms were “hard to implement
-correctly” [XXX].
-
-Nick also plans to change more algorithms [XXX]: “Over the 0.2.5
-series, I want to move even more things (including hidden services) to
-curve25519 and its allies for public key crypto. I also want to add
+correctly” [24].
+
+Nick also plans to change more algorithms [25]: “Over the 0.2.5 series,
+I want to move even more things (including hidden services) to
+curve25519 and its allies for public key crypto. I also want to add
more hard-to-implement-wrong protocols to our mix: Salsa20 is looking
like a much better choice to me than AES nowadays, for instance.”
Nick concluded one of his email with “these are interesting times for
crypto”. It sounds like a good way to put it.
- [XXX] https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html
- [XXX] https://lists.torproject.org/pipermail/tor-talk/2013-September/029917.html
- [XXX] https://en.wikipedia.org/wiki/Diffie–Hellman_key_exchange
- [XXX] https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/216-ntor-handshake.txt
- [XXX] https://lists.torproject.org/pipermail/tor-talk/2013-September/029930.html
- [XXX] https://lists.torproject.org/pipermail/tor-talk/2013-September/029927.html
- [XXX] https://lists.torproject.org/pipermail/tor-talk/2013-September/029941.html
- [XXX] https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/220-ecc-id-keys.txt
- [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-August/005279.html
- [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-August/005280.html
- [XXX] https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/202-improved-relay-crypto.txt
- [XXX] https://lists.torproject.org/pipermail/tor-talk/2013-September/029933.html
- [XXX] https://en.wikipedia.org/wiki/National_Institute_of_Standards_and_Technology
- [XXX] https://lists.torproject.org/pipermail/tor-talk/2013-September/029937.html
- [XXX] https://lists.torproject.org/pipermail/tor-talk/2013-September/029929.html
+ [11] https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html
+ [12] https://lists.torproject.org/pipermail/tor-talk/2013-September/029917.html
+ [13] https://en.wikipedia.org/wiki/Diffie–Hellman_key_exchange
+ [14] https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/216-ntor-handshake.txt
+ [15] https://lists.torproject.org/pipermail/tor-talk/2013-September/029930.html
+ [16] https://lists.torproject.org/pipermail/tor-talk/2013-September/029927.html
+ [17] https://lists.torproject.org/pipermail/tor-talk/2013-September/029941.html
+ [18] https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/220-ecc-id-keys.txt
+ [19] https://lists.torproject.org/pipermail/tor-dev/2013-August/005279.html
+ [20] https://lists.torproject.org/pipermail/tor-dev/2013-August/005280.html
+ [21] https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/202-improved-relay-crypto.txt
+ [22] https://lists.torproject.org/pipermail/tor-talk/2013-September/029933.html
+ [23] https://en.wikipedia.org/wiki/National_Institute_of_Standards_and_Technology
+ [24] https://lists.torproject.org/pipermail/tor-talk/2013-September/029937.html
+ [25] https://lists.torproject.org/pipermail/tor-talk/2013-September/029929.html
Toward a better performance measurement tool
--------------------------------------------
-“I just finished […] sketching out the requirements and a software design
-for a new Torperf implementation“ announced Karsten Loesing [XXX] on
-the tor-dev mailing list.
+“I just finished […] sketching out the requirements and a software
+design for a new Torperf implementation“ announced Karsten Loesing [26]
+on the tor-dev mailing list.
The report begins with: “Four years ago, we presented a simple tool to
-measure performance of the Tor network. This tool, called Torperf,
+measure performance of the Tor network. This tool, called Torperf,
requests static files of three different sizes over the Tor network and
logs timestamps of various request substeps. These data turned out to be
-quite useful to observe user-perceived network performance over
-time [XXX]. However, static file downloads are not the typical use case
+quite useful to observe user-perceived network performance over
+time [27]. However, static file downloads are not the typical use case
of a user browsing the web using Tor, so absolute numbers are not very
meaningful. Also, Torperf consists of a bunch of shell scripts which
makes it neither very user-friendly to set up and run, nor extensible to
@@ -142,130 +142,133 @@
canonical web page, measuring hidden service performance, and checking
on upload capacity.
-Karsten added “neither the requirements nor the software design
-are set in stone, and the implementation, well, does not exist yet.
-Plenty of options for giving feedback and helping out, and most parts
-don't even require specific experience with hacking on Tor. Just in case
-somebody's looking for an introductory Tor project to hack on.”
-
-Saytha already wrote that this was enough material to get the
-implementation started [XXX]. The project needs enough work for anyone
+Karsten added “neither the requirements nor the software design are set
+in stone, and the implementation, well, does not exist yet. Plenty of
+options for giving feedback and helping out, and most parts don't even
+require specific experience with hacking on Tor. Just in case somebody's
+looking for an introductory Tor project to hack on.”
+
+Saytha already wrote that this was enough material to get the
+implementation started [28]. The project needs enough work for anyone
interested. Feel free to join him!
- [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-September/005386.html
- [XXX] https://metrics.torproject.org/performance.html
- [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-September/005388.html
+ [26] https://lists.torproject.org/pipermail/tor-dev/2013-September/005386.html
+ [27] https://metrics.torproject.org/performance.html
+ [28] https://lists.torproject.org/pipermail/tor-dev/2013-September/005388.html
More monthly status reports for August 2013
-------------------------------------------
The wave of regular monthly reports from Tor project members continued
-this week with Sukhbir Singh [XXX], Matt Pagan [XXX], Ximin Luo [XXX],
-mrphs [XXX], Pearl Crescent [XXX], Andrew Lewman [XXX], Mike Perry
-[XXX], Kelley Misata [XXX], Nick Mathewson [XXX], Jason Tsai [XXX],
-Tails [XXX], Aaron [XXX], and Damian Johnson [XXX].
-
- [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000326.html
- [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000327.html
- [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000328.html
- [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000329.html
- [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000330.html
- [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000331.html
- [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000332.html
- [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000333.html
- [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000334.html
- [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000335.html
- [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000336.html
- [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000337.html
- [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000338.html
+this week with Sukhbir Singh [29], Matt Pagan [30], Ximin Luo [31],
+mrphs [32], Pearl Crescent [33], Andrew Lewman [34], Mike Perry [35],
+Kelley Misata [36], Nick Mathewson [37], Jason Tsai [38], Tails [39],
+Aaron [40], and Damian Johnson [41].
+
+ [29] https://lists.torproject.org/pipermail/tor-reports/2013-September/000326.html
+ [30] https://lists.torproject.org/pipermail/tor-reports/2013-September/000327.html
+ [31] https://lists.torproject.org/pipermail/tor-reports/2013-September/000328.html
+ [32] https://lists.torproject.org/pipermail/tor-reports/2013-September/000329.html
+ [33] https://lists.torproject.org/pipermail/tor-reports/2013-September/000330.html
+ [34] https://lists.torproject.org/pipermail/tor-reports/2013-September/000331.html
+ [35] https://lists.torproject.org/pipermail/tor-reports/2013-September/000332.html
+ [36] https://lists.torproject.org/pipermail/tor-reports/2013-September/000333.html
+ [37] https://lists.torproject.org/pipermail/tor-reports/2013-September/000334.html
+ [38] https://lists.torproject.org/pipermail/tor-reports/2013-September/000335.html
+ [39] https://lists.torproject.org/pipermail/tor-reports/2013-September/000336.html
+ [40] https://lists.torproject.org/pipermail/tor-reports/2013-September/000337.html
+ [41] https://lists.torproject.org/pipermail/tor-reports/2013-September/000338.html
Miscellaneous news
------------------
Not all new Tor users are computer programs! According to their latest
-report [XXX], Tails is now booted twice as much as six months ago
-(from 100 865 to 190 521 connections to the security feed).
-
- [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000336.html
-
-Thanks Frenn vun der Enn [XXX] for setting up a new mirror [XXX] of the
+report [42], Tails is now booted twice as much as six months ago (from
+100 865 to 190 521 connections to the security feed).
+
+ [42] https://lists.torproject.org/pipermail/tor-reports/2013-September/000336.html
+
+Thanks Frenn vun der Enn [43] for setting up a new mirror [44] of the
Tor project website.
- [XXX] http://enn.lu/
- [XXX] https://lists.torproject.org/pipermail/tor-mirrors/2013-September/000351.html
-
-With the Google Summer of Code ending in two weeks, the students have
-sent their the next to last reports: Kostas Jakeliunas for the
-Searchable metrics archive [XXX], Johannes Fürmann for EvilGenius [XXX],
-Hareesan for the Steganography Browser Extension [XXX], and Cristian-Matei
-Toader for Tor capabilities [XXX].
-
- [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-September/005380.html
- [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-September/005394.html
- [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-September/005409.html
- [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-September/005412.html
-
-Damian Johnson anounced [XXX] he had completed the rewrite of DocTor in
-Python [XXX], “a service that pulls hourly consensus information and
+ [43] http://enn.lu/
+ [44] https://lists.torproject.org/pipermail/tor-mirrors/2013-September/000351.html
+
+With the Google Summer of Code ending in two weeks, the students have
+sent their the next to last reports: Kostas Jakeliunas for the
+Searchable metrics archive [45], Johannes Fürmann for EvilGenius [46],
+Hareesan for the Steganography Browser Extension [47], and
+Cristian-Matei Toader for Tor capabilities [48].
+
+ [45] https://lists.torproject.org/pipermail/tor-dev/2013-September/005380.html
+ [46] https://lists.torproject.org/pipermail/tor-dev/2013-September/005394.html
+ [47] https://lists.torproject.org/pipermail/tor-dev/2013-September/005409.html
+ [48] https://lists.torproject.org/pipermail/tor-dev/2013-September/005412.html
+
+Damian Johnson anounced [49] he had completed the rewrite of DocTor in
+Python [50], “a service that pulls hourly consensus information and
checks it for a host of issues (directory authority outages, expiring
certificates, etc). In the case of a problem it notifies
-tor-consensus-health@ [XXX], and we in turn give the authority operator
-a heads up.”
-
- [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000338.html
- [XXX] https://gitweb.torproject.org/doctor.git
- [XXX] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-consensus-health
-
-Matt Pagan has migrated [XXX] several Frequently Asked Questions from the wiki to the
-official Tor website [XXX]. This should enable more users to find the answers they need!
-
- [XXX] https://svn.torproject.org/cgi-bin/viewvc.cgi/Tor?view=revision&revision=26333
- [XXX] https://www.torproject.org/docs/faq.html
-
-In his previous call for help to collect more statistics [XXX],
-addressed at bridge operators, George Kadianakis forgot to mention that
-an extra line with “ExtORPort 6669” needed to be added to tor
-configuration file [XXX]. Make sure you do have it if you are running a
-bridge on tor master branch.
-
- [XXX] https://lists.torproject.org/pipermail/tor-relays/2013-August/002477.html
- [XXX] https://lists.torproject.org/pipermail/tor-relays/2013-September/002691.html
+tor-consensus-health@ [51], and we in turn give the authority operator a
+heads up.”
+
+ [49] https://lists.torproject.org/pipermail/tor-reports/2013-September/000338.html
+ [50] https://gitweb.torproject.org/doctor.git
+ [51] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-consensus-health
+
+Matt Pagan has migrated [52] several Frequently Asked Questions from the
+wiki to the official Tor website [53]. This should enable more users to
+find the answers they need!
+
+ [52] https://svn.torproject.org/cgi-bin/viewvc.cgi/Tor?view=revision&revision=26333
+ [53] https://www.torproject.org/docs/faq.html
+
+In his previous call for help to collect more statistics [54], addressed
+at bridge operators, George Kadianakis forgot to mention that an extra
+line with “ExtORPort 6669” needed to be added to tor configuration
+file [55]. Make sure you do have it if you are running a bridge on tor
+master branch.
+
+ [54] https://lists.torproject.org/pipermail/tor-relays/2013-August/002477.html
+ [55] https://lists.torproject.org/pipermail/tor-relays/2013-September/002691.html
For the upgrade of tor to the 0.2.4.x series in Tails, a tester spotted
a regression while “playing with an ISO built from experimental, thanks
-to our Jenkins autobuilder” [XXX]. This mark a significant milestone in the
-work on automated builds [XXX] done by the several member of the Tails
-team in the course of the last year!
-
- [XXX] https://mailman.boum.org/pipermail/tails-dev/2013-September/003617.html
- [XXX] https://labs.riseup.net/code/issues/5324
+to our Jenkins autobuilder” [56]. This mark a significant milestone in
+the work on automated builds [57] done by the several member of the
+Tails team in the course of the last year!
+
+ [56] https://mailman.boum.org/pipermail/tails-dev/2013-September/003617.html
+ [57] https://labs.riseup.net/code/issues/5324
Tails next low-hanging fruits session will be on September 21st at
-08:00 UTC [XXX]. Mark the date if you want to get involved!
-
- [XXX] https://mailman.boum.org/pipermail/tails-dev/2013-September/003566.html
-
-David Fifield gave some tips on how to setup a test infrastructure [XXX] for
-flash proxy [XXX].
-
- [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-September/005402.html
- [XXX] https://crypto.stanford.edu/flashproxy/
-
-Marek Majkowski reported [XXX] on how one can use his fluxcapacitor tool [XXX]
-to get a test Tor network started with Chutney [XXX] ready is only 6.5
-seconds. A vast improvement over the 5 minutes he initially had to wait!
-
- [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-September/005403.html
- [XXX] https://github.com/majek/fluxcapacitor.git
- [XXX] https://gitweb.torproject.org/chutney.git
- [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-September/005413.html
-
-Eugen Leitl drew attention [XXX] to a new research paper which aims to analyse
-content and popularity of Hidden Services by Alex Biryukov, Ivan Pustogarov,
-and Ralf-Philipp Weinmann from University of Luxembourg [XXX].
-
- [XXX] https://lists.torproject.org/pipermail/tor-talk/2013-September/029856.html
- [XXX] http://cryptome.org/2013/09/tor-analysis-hidden-services.pdf
+08:00 UTC [58]. Mark the date if you want to get involved!
+
+ [58] https://mailman.boum.org/pipermail/tails-dev/2013-September/003566.html
+
+David Fifield gave some tips on how to setup a test infrastructure [59]
+for flash proxy [60].
+
+ [59] https://lists.torproject.org/pipermail/tor-dev/2013-September/005402.html
+ [60] https://crypto.stanford.edu/flashproxy/
+
+Marek Majkowski reported [61] on how one can use his fluxcapacitor
+tool [62] to get a test Tor network started with Chutney [63] ready is
+only 6.5 seconds. A vast improvement over the 5 minutes he initially had
+to wait [64]!
+
+ [61] https://lists.torproject.org/pipermail/tor-dev/2013-September/005403.html
+ [62] https://github.com/majek/fluxcapacitor.git
+ [63] https://gitweb.torproject.org/chutney.git
+ [64] https://lists.torproject.org/pipermail/tor-dev/2013-September/005413.html
+
+Eugen Leitl drew attention [65] to a new research paper which aims to
+analyse content and popularity of Hidden Services by Alex Biryukov, Ivan
+Pustogarov, and Ralf-Philipp Weinmann from University of
+Luxembourg [66].
+
+ [65] https://lists.torproject.org/pipermail/tor-talk/2013-September/029856.html
+ [66] http://cryptome.org/2013/09/tor-analysis-hidden-services.pdf
Tor Help Desk roundup
---------------------
@@ -277,43 +280,43 @@
There is absolutely no backdoor in Tor. Tor project members have been
vocal in the past about how tremendously irresponsible it would be to
-backdoor our users [XXX]. As it is a frequently asked question,
-users have been encouraged to read how the project would respond to
-institutional pressure [XXX].
-
-The Tor project does not have any more facts about NSA’s cryptanalysis
+backdoor our users [67]. As it is a frequently asked question, users
+have been encouraged to read how the project would respond to
+institutional pressure [68].
+
+The Tor project does not have any more facts about NSA’s cryptanalysis
capabilities than what have been published in newspapers. Even if there
-is no actual evidence that Tor encryption is actually broken, the
-idea is to pace on the safe side by using more trusted algorithms for
-the Tor protocols. See above for a more detailed write-up.
-
- [XXX] https://blog.torproject.org/blog/calea-2-and-tor
- [XXX] http://www.torproject.org/docs/faq.html.en#Backdoor
+is no actual evidence that Tor encryption is actually broken, the idea
+is to pace on the safe side by using more trusted algorithms for the Tor
+protocols. See above for a more detailed write-up.
+
+ [67] https://blog.torproject.org/blog/calea-2-and-tor
+ [68] http://www.torproject.org/docs/faq.html.en#Backdoor
Help the Tor community!
-----------------------
-Tor is about protecting everyone’s freedom and privacy. There are many
-way to help [XXX] but getting involved in such a busy community can be
+Tor is about protecting everyone’s freedom and privacy. There are many
+way to help [69] but getting involved in such a busy community can be
daunting. Here's a selection of tasks on which one can get started:
-Get tor to log the source of control port connection [XXX]. It would
-help developping controller applications or libraries (like Stem [XXX])
-to know which program is responsible for a given access to the control
-facilities of the tor daemon. Knowledge required: C programming,
-basic understanding of network sockets.
-
-Diagnose what is currently wrong with Tor Cloud images [XXX]. Tor
-Cloud [XXX] is an easy way to deploy bridges and it looks like
-the automatic upgrade procedure had troubles. Let's have these
-virtual machines be again useful for censored users. Knowledge
-required: basic understanding of Ubuntu system administration.
-
- [XXX] https://www.torproject.org/getinvolved/volunteer.html.en
- [XXX] https://trac.torproject.org/projects/tor/ticket/9698
- [XXX] https://stem.torproject.org/
- [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-September/005417.html
- [XXX] https://cloud.torproject.org
+Get tor to log the source of control port connection [70]. It would help
+developping controller applications or libraries (like Stem [71]) to
+know which program is responsible for a given access to the control
+facilities of the tor daemon. Knowledge required: C programming, basic
+understanding of network sockets.
+
+Diagnose what is currently wrong with Tor Cloud images [72]. Tor
+Cloud [73] is an easy way to deploy bridges and it looks like the
+automatic upgrade procedure had troubles. Let's have these virtual
+machines be again useful for censored users. Knowledge required: basic
+understanding of Ubuntu system administration.
+
+ [69] https://www.torproject.org/getinvolved/volunteer.html.en
+ [70] https://bugs.torproject.org/9698
+ [71] https://stem.torproject.org/
+ [72] https://lists.torproject.org/pipermail/tor-dev/2013-September/005417.html
+ [73] https://cloud.torproject.org/
Upcoming events
---------------
@@ -336,12 +339,12 @@
Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
-important news. Please see the project page [XXX], write down your
-name and subscribe to the team mailing list [XXX] if you want to
+important news. Please see the project page [74], write down your
+name and subscribe to the team mailing list [75] if you want to
get involved!
- [XXX] https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
- [XXX] https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
+ [74] https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
+ [75] https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
}}}
Possible items:
===========================================================================
=== https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews/2013/10 ===
===========================================================================
version 67
Author: lunar
Date: 2013-09-10T12:53:44+00:00
proper apostrophes
--- version 66
+++ version 67
@@ -2,7 +2,7 @@
'''Editor:''' Lunar
-'''Status:''' '''FROZEN'''. New items should go to [wiki:TorWeeklyNews/2013/11 next week edition]. Expected release time 2013-09-11 12:00 UTC. ''
+'''Status:''' '''FROZEN'''. New items should go to [wiki:TorWeeklyNews/2013/11 next week edition]. Expected release time 2013-09-11 12:00 UTC. ''
'''Subject:''' Tor Weekly News — September, 11th 2013
@@ -17,85 +17,85 @@
tor 0.2.4.17-rc is out
----------------------
-There are now confirmations [1] that the sudden influx of Tor clients
-which started mid-August [2] is indeed coming from a botnet. “I guess
-all that work we've been doing on scalability was a good idea” wrote
+There are now confirmations [1] that the sudden influx of Tor clients
+which started mid-August [2] is indeed coming from a botnet. “I guess
+all that work we’ve been doing on scalability was a good idea” wrote
Roger Dingledine wrote in a blog post about “how to handle millions of
-new Tor clients” [3].
+new Tor clients” [3].
On September 5th, Roger Dingledine announced the release of the third
-release candidate for the tor 0.2.4 series [4]. This is an emergency
+release candidate for the tor 0.2.4 series [4]. This is an emergency
release “to help us tolerate the massive influx of users: 0.2.4 clients
using the new (faster and safer) ‘NTor’ circuit-level handshakes now
effectively jump the queue compared to the 0.2.3 clients using ‘TAP’
-handshakes” [5].
+handshakes” [5].
It also contains several minor bugfixes and some new status messages for
better monitoring of the current situation.
-Roger asked relay operators to upgrade to 0.2.4.17-rc [6]: “the more
+Roger asked relay operators to upgrade to 0.2.4.17-rc [6]: “the more
relays that upgrade to 0.2.4.17-rc, the more stable and fast Tor will be
for 0.2.4 users, despite the huge circuit overload that the network is
seeing.”
For relays running Debian or Ubuntu, upgrading to the development branch
-can be done using the Tor project's package repository [7]. New versions
-of the beta branch of the Tor Browser Bundle are also available [8]
+can be done using the Tor project’s package repository [7]. New versions
+of the beta branch of the Tor Browser Bundle are also available [8]
since September 6th. The next Tails release, scheduled for September
-19th [9] will also contain 0.2.4.17-rc [10].
+19th [9] will also contain 0.2.4.17-rc [10].
Hopefully, this will be the last release candidate. What looks missing
at this point to declare the 0.2.4.x series stable is simply enough time
to finish the release notes.
- [1] http://blog.fox-it.com/2013/09/05/large-botnet-cause-of-recent-tor-network-overload/
- [2] https://lists.torproject.org/pipermail/tor-talk/2013-September/029822.html
- [3] https://blog.torproject.org/blog/how-to-handle-millions-new-tor-clients
- [4] https://lists.torproject.org/pipermail/tor-talk/2013-September/029857.html
- [5] https://bugs.torproject.org/9574
- [6] https://lists.torproject.org/pipermail/tor-relays/2013-September/002701.html
- [7] https://www.torproject.org/docs/debian.html.en#development
- [8] https://blog.torproject.org/blog/new-tor-02417-rc-packages
- [9] https://mailman.boum.org/pipermail/tails-dev/2013-September/003622.html
- [10] https://mailman.boum.org/pipermail/tails-dev/2013-September/003621.html
+ [1] http://blog.fox-it.com/2013/09/05/large-botnet-cause-of-recent-tor-network-overload/
+ [2] https://lists.torproject.org/pipermail/tor-talk/2013-September/029822.html
+ [3] https://blog.torproject.org/blog/how-to-handle-millions-new-tor-clients
+ [4] https://lists.torproject.org/pipermail/tor-talk/2013-September/029857.html
+ [5] https://bugs.torproject.org/9574
+ [6] https://lists.torproject.org/pipermail/tor-relays/2013-September/002701.html
+ [7] https://www.torproject.org/docs/debian.html.en#development
+ [8] https://blog.torproject.org/blog/new-tor-02417-rc-packages
+ [9] https://mailman.boum.org/pipermail/tails-dev/2013-September/003622.html
+ [10] https://mailman.boum.org/pipermail/tails-dev/2013-September/003621.html
The future of Tor cryptography
------------------------------
After the last round of revelations from Edward Snowden, described as
-“explosive” by Bruce Schneier [11], several threads started on the
+“explosive” by Bruce Schneier [11], several threads started on the
tor-talk mailing list to discuss Tor cryptography.
A lot of what has been written is speculative at this point. But some
-have raised concerns [12] about 1024 bit Diffie-Helmank key
-exchange [13]. This has already been adressed with the introduction of
-the “ntor” handshake [14] in 0.2.4 and Nick Mathewson encourages
-everybody to upgrade [15].
-
-Another thread [16] prompted Nick to summarize [17] its views on the
+have raised concerns [12] about 1024 bit Diffie-Helmank key
+exchange [13]. This has already been adressed with the introduction of
+the “ntor” handshake [14] in 0.2.4 and Nick Mathewson encourages
+everybody to upgrade [15].
+
+Another thread [16] prompted Nick to summarize [17] its views on the
future of Tor cryptography. Regarding public keys, “with Tor 0.2.4,
forward secrecy uses 256-bit ECC, which is certainly better, but
RSA-1024 is still used in some places for signatures. I want to fix all
-that in 0.2.5 — see proposal 220 [18], and George Kadianakis’ draft
-hidden service improvements [19,20], and so forth.” Regarding symmetric
+that in 0.2.5 — see proposal 220 [18], and George Kadianakis’ draft
+hidden service improvements [19,20], and so forth.” Regarding symmetric
keys, Nick wrote: “We’re using AES128. I’m hoping to move to XSalsa20
or something like it.” In response to a query, Nick clarifies that he
-doesn't think AES is broken: only hard to implement right, and only
+doesn’t think AES is broken: only hard to implement right, and only
provided in TLS in concert with modes that are somewhat (GCM) or fairly
(CBC) problematic.
The effort to design better cryptography for the Tor protocols is not
-new. More than a year ago, Nick Mathewson presented proposal 202 [21]
+new. More than a year ago, Nick Mathewson presented proposal 202 [21]
outlining two possible new relay encryption protocols for Tor cells.
-Nick mentioned that he's waiting for a promising paper to get finished
+Nick mentioned that he’s waiting for a promising paper to get finished
here before implementation.
-A third question was raised [22] regarding the trust in algorithms
-certified by the US NIST [23]. Nick speculations put aside, he also
+A third question was raised [22] regarding the trust in algorithms
+certified by the US NIST [23]. Nick speculations put aside, he also
emphasised that several NIST algorithms were “hard to implement
-correctly” [24].
-
-Nick also plans to change more algorithms [25]: “Over the 0.2.5 series,
+correctly” [24].
+
+Nick also plans to change more algorithms [25]: “Over the 0.2.5 series,
I want to move even more things (including hidden services) to
curve25519 and its allies for public key crypto. I also want to add
more hard-to-implement-wrong protocols to our mix: Salsa20 is looking
@@ -104,27 +104,27 @@
Nick concluded one of his email with “these are interesting times for
crypto”. It sounds like a good way to put it.
- [11] https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html
- [12] https://lists.torproject.org/pipermail/tor-talk/2013-September/029917.html
- [13] https://en.wikipedia.org/wiki/Diffie–Hellman_key_exchange
- [14] https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/216-ntor-handshake.txt
- [15] https://lists.torproject.org/pipermail/tor-talk/2013-September/029930.html
- [16] https://lists.torproject.org/pipermail/tor-talk/2013-September/029927.html
- [17] https://lists.torproject.org/pipermail/tor-talk/2013-September/029941.html
- [18] https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/220-ecc-id-keys.txt
- [19] https://lists.torproject.org/pipermail/tor-dev/2013-August/005279.html
- [20] https://lists.torproject.org/pipermail/tor-dev/2013-August/005280.html
- [21] https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/202-improved-relay-crypto.txt
- [22] https://lists.torproject.org/pipermail/tor-talk/2013-September/029933.html
- [23] https://en.wikipedia.org/wiki/National_Institute_of_Standards_and_Technology
- [24] https://lists.torproject.org/pipermail/tor-talk/2013-September/029937.html
- [25] https://lists.torproject.org/pipermail/tor-talk/2013-September/029929.html
+ [11] https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html
+ [12] https://lists.torproject.org/pipermail/tor-talk/2013-September/029917.html
+ [13] https://en.wikipedia.org/wiki/Diffie–Hellman_key_exchange
+ [14] https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/216-ntor-handshake.txt
+ [15] https://lists.torproject.org/pipermail/tor-talk/2013-September/029930.html
+ [16] https://lists.torproject.org/pipermail/tor-talk/2013-September/029927.html
+ [17] https://lists.torproject.org/pipermail/tor-talk/2013-September/029941.html
+ [18] https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/220-ecc-id-keys.txt
+ [19] https://lists.torproject.org/pipermail/tor-dev/2013-August/005279.html
+ [20] https://lists.torproject.org/pipermail/tor-dev/2013-August/005280.html
+ [21] https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/202-improved-relay-crypto.txt
+ [22] https://lists.torproject.org/pipermail/tor-talk/2013-September/029933.html
+ [23] https://en.wikipedia.org/wiki/National_Institute_of_Standards_and_Technology
+ [24] https://lists.torproject.org/pipermail/tor-talk/2013-September/029937.html
+ [25] https://lists.torproject.org/pipermail/tor-talk/2013-September/029929.html
Toward a better performance measurement tool
--------------------------------------------
-“I just finished […] sketching out the requirements and a software
-design for a new Torperf implementation“ announced Karsten Loesing [26]
+“I just finished […] sketching out the requirements and a software
+design for a new Torperf implementation“ announced Karsten Loesing [26]
on the tor-dev mailing list.
The report begins with: “Four years ago, we presented a simple tool to
@@ -132,7 +132,7 @@
requests static files of three different sizes over the Tor network and
logs timestamps of various request substeps. These data turned out to be
quite useful to observe user-perceived network performance over
-time [27]. However, static file downloads are not the typical use case
+time [27]. However, static file downloads are not the typical use case
of a user browsing the web using Tor, so absolute numbers are not very
meaningful. Also, Torperf consists of a bunch of shell scripts which
makes it neither very user-friendly to set up and run, nor extensible to
@@ -145,132 +145,132 @@
on upload capacity.
Karsten added “neither the requirements nor the software design are set
-in stone, and the implementation, well, does not exist yet. Plenty of
-options for giving feedback and helping out, and most parts don't even
-require specific experience with hacking on Tor. Just in case somebody's
+in stone, and the implementation, well, does not exist yet. Plenty of
+options for giving feedback and helping out, and most parts don’t even
+require specific experience with hacking on Tor. Just in case somebody’s
looking for an introductory Tor project to hack on.”
Saytha already wrote that this was enough material to get the
-implementation started [28]. The project needs enough work for anyone
+implementation started [28]. The project needs enough work for anyone
interested. Feel free to join him!
- [26] https://lists.torproject.org/pipermail/tor-dev/2013-September/005386.html
- [27] https://metrics.torproject.org/performance.html
- [28] https://lists.torproject.org/pipermail/tor-dev/2013-September/005388.html
+ [26] https://lists.torproject.org/pipermail/tor-dev/2013-September/005386.html
+ [27] https://metrics.torproject.org/performance.html
+ [28] https://lists.torproject.org/pipermail/tor-dev/2013-September/005388.html
More monthly status reports for August 2013
-------------------------------------------
The wave of regular monthly reports from Tor project members continued
-this week with Sukhbir Singh [29], Matt Pagan [30], Ximin Luo [31],
-mrphs [32], Pearl Crescent [33], Andrew Lewman [34], Mike Perry [35],
-Kelley Misata [36], Nick Mathewson [37], Jason Tsai [38], Tails [39],
-Aaron [40], and Damian Johnson [41].
-
- [29] https://lists.torproject.org/pipermail/tor-reports/2013-September/000326.html
- [30] https://lists.torproject.org/pipermail/tor-reports/2013-September/000327.html
- [31] https://lists.torproject.org/pipermail/tor-reports/2013-September/000328.html
- [32] https://lists.torproject.org/pipermail/tor-reports/2013-September/000329.html
- [33] https://lists.torproject.org/pipermail/tor-reports/2013-September/000330.html
- [34] https://lists.torproject.org/pipermail/tor-reports/2013-September/000331.html
- [35] https://lists.torproject.org/pipermail/tor-reports/2013-September/000332.html
- [36] https://lists.torproject.org/pipermail/tor-reports/2013-September/000333.html
- [37] https://lists.torproject.org/pipermail/tor-reports/2013-September/000334.html
- [38] https://lists.torproject.org/pipermail/tor-reports/2013-September/000335.html
- [39] https://lists.torproject.org/pipermail/tor-reports/2013-September/000336.html
- [40] https://lists.torproject.org/pipermail/tor-reports/2013-September/000337.html
- [41] https://lists.torproject.org/pipermail/tor-reports/2013-September/000338.html
+this week with Sukhbir Singh [29], Matt Pagan [30], Ximin Luo [31],
+mrphs [32], Pearl Crescent [33], Andrew Lewman [34], Mike Perry [35],
+Kelley Misata [36], Nick Mathewson [37], Jason Tsai [38], Tails [39],
+Aaron [40], and Damian Johnson [41].
+
+ [29] https://lists.torproject.org/pipermail/tor-reports/2013-September/000326.html
+ [30] https://lists.torproject.org/pipermail/tor-reports/2013-September/000327.html
+ [31] https://lists.torproject.org/pipermail/tor-reports/2013-September/000328.html
+ [32] https://lists.torproject.org/pipermail/tor-reports/2013-September/000329.html
+ [33] https://lists.torproject.org/pipermail/tor-reports/2013-September/000330.html
+ [34] https://lists.torproject.org/pipermail/tor-reports/2013-September/000331.html
+ [35] https://lists.torproject.org/pipermail/tor-reports/2013-September/000332.html
+ [36] https://lists.torproject.org/pipermail/tor-reports/2013-September/000333.html
+ [37] https://lists.torproject.org/pipermail/tor-reports/2013-September/000334.html
+ [38] https://lists.torproject.org/pipermail/tor-reports/2013-September/000335.html
+ [39] https://lists.torproject.org/pipermail/tor-reports/2013-September/000336.html
+ [40] https://lists.torproject.org/pipermail/tor-reports/2013-September/000337.html
+ [41] https://lists.torproject.org/pipermail/tor-reports/2013-September/000338.html
Miscellaneous news
------------------
Not all new Tor users are computer programs! According to their latest
-report [42], Tails is now booted twice as much as six months ago (from
+report [42], Tails is now booted twice as much as six months ago (from
100 865 to 190 521 connections to the security feed).
- [42] https://lists.torproject.org/pipermail/tor-reports/2013-September/000336.html
-
-Thanks Frenn vun der Enn [43] for setting up a new mirror [44] of the
+ [42] https://lists.torproject.org/pipermail/tor-reports/2013-September/000336.html
+
+Thanks Frenn vun der Enn [43] for setting up a new mirror [44] of the
Tor project website.
- [43] http://enn.lu/
- [44] https://lists.torproject.org/pipermail/tor-mirrors/2013-September/000351.html
+ [43] http://enn.lu/
+ [44] https://lists.torproject.org/pipermail/tor-mirrors/2013-September/000351.html
With the Google Summer of Code ending in two weeks, the students have
sent their the next to last reports: Kostas Jakeliunas for the
-Searchable metrics archive [45], Johannes Fürmann for EvilGenius [46],
-Hareesan for the Steganography Browser Extension [47], and
-Cristian-Matei Toader for Tor capabilities [48].
-
- [45] https://lists.torproject.org/pipermail/tor-dev/2013-September/005380.html
- [46] https://lists.torproject.org/pipermail/tor-dev/2013-September/005394.html
- [47] https://lists.torproject.org/pipermail/tor-dev/2013-September/005409.html
- [48] https://lists.torproject.org/pipermail/tor-dev/2013-September/005412.html
-
-Damian Johnson anounced [49] he had completed the rewrite of DocTor in
-Python [50], “a service that pulls hourly consensus information and
+Searchable metrics archive [45], Johannes Fürmann for EvilGenius [46],
+Hareesan for the Steganography Browser Extension [47], and
+Cristian-Matei Toader for Tor capabilities [48].
+
+ [45] https://lists.torproject.org/pipermail/tor-dev/2013-September/005380.html
+ [46] https://lists.torproject.org/pipermail/tor-dev/2013-September/005394.html
+ [47] https://lists.torproject.org/pipermail/tor-dev/2013-September/005409.html
+ [48] https://lists.torproject.org/pipermail/tor-dev/2013-September/005412.html
+
+Damian Johnson anounced [49] he had completed the rewrite of DocTor in
+Python [50], “a service that pulls hourly consensus information and
checks it for a host of issues (directory authority outages, expiring
certificates, etc). In the case of a problem it notifies
-tor-consensus-health@ [51], and we in turn give the authority operator a
+tor-consensus-health@ [51], and we in turn give the authority operator a
heads up.”
- [49] https://lists.torproject.org/pipermail/tor-reports/2013-September/000338.html
- [50] https://gitweb.torproject.org/doctor.git
- [51] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-consensus-health
-
-Matt Pagan has migrated [52] several Frequently Asked Questions from the
-wiki to the official Tor website [53]. This should enable more users to
+ [49] https://lists.torproject.org/pipermail/tor-reports/2013-September/000338.html
+ [50] https://gitweb.torproject.org/doctor.git
+ [51] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-consensus-health
+
+Matt Pagan has migrated [52] several Frequently Asked Questions from the
+wiki to the official Tor website [53]. This should enable more users to
find the answers they need!
- [52] https://svn.torproject.org/cgi-bin/viewvc.cgi/Tor?view=revision&revision=26333
- [53] https://www.torproject.org/docs/faq.html
-
-In his previous call for help to collect more statistics [54], addressed
+ [52] https://svn.torproject.org/cgi-bin/viewvc.cgi/Tor?view=revision&revision=26333
+ [53] https://www.torproject.org/docs/faq.html
+
+In his previous call for help to collect more statistics [54], addressed
at bridge operators, George Kadianakis forgot to mention that an extra
line with “ExtORPort 6669” needed to be added to tor configuration
-file [55]. Make sure you do have it if you are running a bridge on tor
+file [55]. Make sure you do have it if you are running a bridge on tor
master branch.
- [54] https://lists.torproject.org/pipermail/tor-relays/2013-August/002477.html
- [55] https://lists.torproject.org/pipermail/tor-relays/2013-September/002691.html
+ [54] https://lists.torproject.org/pipermail/tor-relays/2013-August/002477.html
+ [55] https://lists.torproject.org/pipermail/tor-relays/2013-September/002691.html
For the upgrade of tor to the 0.2.4.x series in Tails, a tester spotted
a regression while “playing with an ISO built from experimental, thanks
-to our Jenkins autobuilder” [56]. This mark a significant milestone in
-the work on automated builds [57] done by the several member of the
+to our Jenkins autobuilder” [56]. This mark a significant milestone in
+the work on automated builds [57] done by the several member of the
Tails team in the course of the last year!
- [56] https://mailman.boum.org/pipermail/tails-dev/2013-September/003617.html
- [57] https://labs.riseup.net/code/issues/5324
+ [56] https://mailman.boum.org/pipermail/tails-dev/2013-September/003617.html
+ [57] https://labs.riseup.net/code/issues/5324
Tails next low-hanging fruits session will be on September 21st at
-08:00 UTC [58]. Mark the date if you want to get involved!
-
- [58] https://mailman.boum.org/pipermail/tails-dev/2013-September/003566.html
-
-David Fifield gave some tips on how to setup a test infrastructure [59]
-for flash proxy [60].
-
- [59] https://lists.torproject.org/pipermail/tor-dev/2013-September/005402.html
- [60] https://crypto.stanford.edu/flashproxy/
-
-Marek Majkowski reported [61] on how one can use his fluxcapacitor
-tool [62] to get a test Tor network started with Chutney [63] ready is
+08:00 UTC [58]. Mark the date if you want to get involved!
+
+ [58] https://mailman.boum.org/pipermail/tails-dev/2013-September/003566.html
+
+David Fifield gave some tips on how to setup a test infrastructure [59]
+for flash proxy [60].
+
+ [59] https://lists.torproject.org/pipermail/tor-dev/2013-September/005402.html
+ [60] https://crypto.stanford.edu/flashproxy/
+
+Marek Majkowski reported [61] on how one can use his fluxcapacitor
+tool [62] to get a test Tor network started with Chutney [63] ready is
only 6.5 seconds. A vast improvement over the 5 minutes he initially had
-to wait [64]!
-
- [61] https://lists.torproject.org/pipermail/tor-dev/2013-September/005403.html
- [62] https://github.com/majek/fluxcapacitor.git
- [63] https://gitweb.torproject.org/chutney.git
- [64] https://lists.torproject.org/pipermail/tor-dev/2013-September/005413.html
-
-Eugen Leitl drew attention [65] to a new research paper which aims to
+to wait [64]!
+
+ [61] https://lists.torproject.org/pipermail/tor-dev/2013-September/005403.html
+ [62] https://github.com/majek/fluxcapacitor.git
+ [63] https://gitweb.torproject.org/chutney.git
+ [64] https://lists.torproject.org/pipermail/tor-dev/2013-September/005413.html
+
+Eugen Leitl drew attention [65] to a new research paper which aims to
analyse content and popularity of Hidden Services by Alex Biryukov, Ivan
Pustogarov, and Ralf-Philipp Weinmann from University of
-Luxembourg [66].
-
- [65] https://lists.torproject.org/pipermail/tor-talk/2013-September/029856.html
- [66] http://cryptome.org/2013/09/tor-analysis-hidden-services.pdf
+Luxembourg [66].
+
+ [65] https://lists.torproject.org/pipermail/tor-talk/2013-September/029856.html
+ [66] http://cryptome.org/2013/09/tor-analysis-hidden-services.pdf
Tor Help Desk roundup
---------------------
@@ -282,9 +282,9 @@
There is absolutely no backdoor in Tor. Tor project members have been
vocal in the past about how tremendously irresponsible it would be to
-backdoor our users [67]. As it is a frequently asked question, users
+backdoor our users [67]. As it is a frequently asked question, users
have been encouraged to read how the project would respond to
-institutional pressure [68].
+institutional pressure [68].
The Tor project does not have any more facts about NSA’s cryptanalysis
capabilities than what have been published in newspapers. Even if there
@@ -292,33 +292,33 @@
is to pace on the safe side by using more trusted algorithms for the Tor
protocols. See above for a more detailed write-up.
- [67] https://blog.torproject.org/blog/calea-2-and-tor
- [68] http://www.torproject.org/docs/faq.html.en#Backdoor
+ [67] https://blog.torproject.org/blog/calea-2-and-tor
+ [68] http://www.torproject.org/docs/faq.html.en#Backdoor
Help the Tor community!
-----------------------
Tor is about protecting everyone’s freedom and privacy. There are many
-way to help [69] but getting involved in such a busy community can be
-daunting. Here's a selection of tasks on which one can get started:
-
-Get tor to log the source of control port connection [70]. It would help
-developping controller applications or libraries (like Stem [71]) to
+way to help [69] but getting involved in such a busy community can be
+daunting. Here’s a selection of tasks on which one can get started:
+
+Get tor to log the source of control port connection [70]. It would help
+developping controller applications or libraries (like Stem [71]) to
know which program is responsible for a given access to the control
facilities of the tor daemon. Knowledge required: C programming, basic
understanding of network sockets.
-Diagnose what is currently wrong with Tor Cloud images [72]. Tor
-Cloud [73] is an easy way to deploy bridges and it looks like the
-automatic upgrade procedure had troubles. Let's have these virtual
+Diagnose what is currently wrong with Tor Cloud images [72]. Tor
+Cloud [73] is an easy way to deploy bridges and it looks like the
+automatic upgrade procedure had troubles. Let’s have these virtual
machines be again useful for censored users. Knowledge required: basic
understanding of Ubuntu system administration.
- [69] https://www.torproject.org/getinvolved/volunteer.html.en
- [70] https://bugs.torproject.org/9698
- [71] https://stem.torproject.org/
- [72] https://lists.torproject.org/pipermail/tor-dev/2013-September/005417.html
- [73] https://cloud.torproject.org/
+ [69] https://www.torproject.org/getinvolved/volunteer.html.en
+ [70] https://bugs.torproject.org/9698
+ [71] https://stem.torproject.org/
+ [72] https://lists.torproject.org/pipermail/tor-dev/2013-September/005417.html
+ [73] https://cloud.torproject.org/
Upcoming events
---------------
@@ -341,10 +341,10 @@
Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
-important news. Please see the project page [74], write down your
-name and subscribe to the team mailing list [75] if you want to
+important news. Please see the project page [74], write down your
+name and subscribe to the team mailing list [75] if you want to
get involved!
- [74] https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
- [75] https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
+ [74] https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
+ [75] https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
}}}
version 66
Author: lunar
Date: 2013-09-10T12:47:48+00:00
fix release time
--- version 65
+++ version 66
@@ -2,7 +2,7 @@
'''Editor:''' Lunar
-'''Status:''' '''FROZEN'''. New items should go to [wiki:TorWeeklyNews/2013/11 next week edition]. Expected release time 2013-09-11 14:00 UTC. ''
+'''Status:''' '''FROZEN'''. New items should go to [wiki:TorWeeklyNews/2013/11 next week edition]. Expected release time 2013-09-11 12:00 UTC. ''
'''Subject:''' Tor Weekly News — September, 11th 2013
version 65
Author: lunar
Date: 2013-09-10T12:45:31+00:00
reword freeze message
--- version 64
+++ version 65
@@ -2,7 +2,7 @@
'''Editor:''' Lunar
-'''Status:''' '''FROZEN'''. Changes should go to [wiki:TorWeeklyNews/2013/11 next week edition]. Expected release time 2013-09-11 14:00 UTC. ''
+'''Status:''' '''FROZEN'''. New items should go to [wiki:TorWeeklyNews/2013/11 next week edition]. Expected release time 2013-09-11 14:00 UTC. ''
'''Subject:''' Tor Weekly News — September, 11th 2013
version 64
Author: lunar
Date: 2013-09-10T12:43:46+00:00
FREEZE
--- version 63
+++ version 64
@@ -1,6 +1,8 @@
''Eleventh issue of Tor Weekly News. Covering what's happening from from September 4th, 2013 to September 10th, 2013. To be released on September 11th, 2013.''
'''Editor:''' Lunar
+
+'''Status:''' '''FROZEN'''. Changes should go to [wiki:TorWeeklyNews/2013/11 next week edition]. Expected release time 2013-09-11 14:00 UTC. ''
'''Subject:''' Tor Weekly News — September, 11th 2013
@@ -345,7 +347,4 @@
[74] https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
[75] https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
-}}}
-
-Possible items:
-* How about mention Stack Exchange page for Tor? It is getting closer http://area51.stackexchange.com/proposals/56447/tor-online-anonymity-privacy-and-security+}}}
version 63
Author: lunar
Date: 2013-09-10T12:37:56+00:00
prepare for freeze
--- version 62
+++ version 63
@@ -9,128 +9,128 @@
Tor Weekly News September 11th, 2013
========================================================================
-Welcome to the eleventh issue of Tor Weekly News, the weekly newsletter that
-covers what is happening in the taut Tor community.
-
-Tor 0.2.4.17-rc is out
+Welcome to the eleventh issue of Tor Weekly News, the weekly newsletter
+that covers what is happening in the taut Tor community.
+
+tor 0.2.4.17-rc is out
----------------------
-There are now confirmations [XXX] that the sudden influx of Tor clients which
-started mid-August [XXX] is indeed coming from a botnet. “I guess all that
-work we've been doing on scalability was a good idea” wrote Roger
-Dingledine wrote in a blog post about “how to handle millions of new
-Tor clients” [XXX].
-
-On September 5th, Roger Dingledine announced the release of the third
-release candidate for the tor 0.2.4 series [XXX]. This is an emergency
-release “to help us tolerate the massive influx of users: 0.2.4 clients
-using the new (faster and safer) ‘NTor’ circuit-level handshakes now
-effectively jump the queue compared to the 0.2.3 clients using ‘TAP’
-handshakes” [XXX].
+There are now confirmations [1] that the sudden influx of Tor clients
+which started mid-August [2] is indeed coming from a botnet. “I guess
+all that work we've been doing on scalability was a good idea” wrote
+Roger Dingledine wrote in a blog post about “how to handle millions of
+new Tor clients” [3].
+
+On September 5th, Roger Dingledine announced the release of the third
+release candidate for the tor 0.2.4 series [4]. This is an emergency
+release “to help us tolerate the massive influx of users: 0.2.4 clients
+using the new (faster and safer) ‘NTor’ circuit-level handshakes now
+effectively jump the queue compared to the 0.2.3 clients using ‘TAP’
+handshakes” [5].
It also contains several minor bugfixes and some new status messages for
better monitoring of the current situation.
-Roger asked relay operators to upgrade to 0.2.4.17-rc [XXX]: “the more
+Roger asked relay operators to upgrade to 0.2.4.17-rc [6]: “the more
relays that upgrade to 0.2.4.17-rc, the more stable and fast Tor will be
for 0.2.4 users, despite the huge circuit overload that the network is
seeing.”
-For relays running Debian or Ubuntu, upgrading to the development branch
-can be done using the Tor project's package repository [XXX]. New
-versions of the beta branch of the Tor Browser Bundle are also
-available [XXX] since September 6th. The next Tails release, scheduled
-for September 19th [XXX] will also contain 0.2.4.17-rc [XXX].
-
-Hopefully, this will be the last release candidate. What looks missing
+For relays running Debian or Ubuntu, upgrading to the development branch
+can be done using the Tor project's package repository [7]. New versions
+of the beta branch of the Tor Browser Bundle are also available [8]
+since September 6th. The next Tails release, scheduled for September
+19th [9] will also contain 0.2.4.17-rc [10].
+
+Hopefully, this will be the last release candidate. What looks missing
at this point to declare the 0.2.4.x series stable is simply enough time
to finish the release notes.
- [XXX] http://blog.fox-it.com/2013/09/05/large-botnet-cause-of-recent-tor-network-overload/
- [XXX] https://lists.torproject.org/pipermail/tor-talk/2013-September/029822.html
- [XXX] https://blog.torproject.org/blog/how-to-handle-millions-new-tor-clients
- [XXX] https://lists.torproject.org/pipermail/tor-talk/2013-September/029857.html
- [XXX] https://trac.torproject.org/projects/tor/ticket/9574
- [XXX] https://lists.torproject.org/pipermail/tor-relays/2013-September/002701.html
- [XXX] https://www.torproject.org/docs/debian.html.en#development
- [XXX] https://blog.torproject.org/blog/new-tor-02417-rc-packages
- [XXX] https://mailman.boum.org/pipermail/tails-dev/2013-September/003622.html
- [XXX] https://mailman.boum.org/pipermail/tails-dev/2013-September/003621.html
+ [1] http://blog.fox-it.com/2013/09/05/large-botnet-cause-of-recent-tor-network-overload/
+ [2] https://lists.torproject.org/pipermail/tor-talk/2013-September/029822.html
+ [3] https://blog.torproject.org/blog/how-to-handle-millions-new-tor-clients
+ [4] https://lists.torproject.org/pipermail/tor-talk/2013-September/029857.html
+ [5] https://bugs.torproject.org/9574
+ [6] https://lists.torproject.org/pipermail/tor-relays/2013-September/002701.html
+ [7] https://www.torproject.org/docs/debian.html.en#development
+ [8] https://blog.torproject.org/blog/new-tor-02417-rc-packages
+ [9] https://mailman.boum.org/pipermail/tails-dev/2013-September/003622.html
+ [10] https://mailman.boum.org/pipermail/tails-dev/2013-September/003621.html
The future of Tor cryptography
------------------------------
After the last round of revelations from Edward Snowden, described as
-“explosive” by Bruce Schneier [XXX], several threads started on the
+“explosive” by Bruce Schneier [11], several threads started on the
tor-talk mailing list to discuss Tor cryptography.
A lot of what has been written is speculative at this point. But some
-have raised concerns [XXX] about 1024 bit Diffie-Helmank key exchange [XXX].
-This has already been adressed with the introduction of the “ntor”
-handshake [XXX] in 0.2.4 and Nick Mathewson encourages everybody to
-upgrade [XXX].
-
-Another thread [XXX] prompted Nick to summarize [XXX] its
-views on the future of Tor cryptography. Regarding public keys, “with
-Tor 0.2.4, forward secrecy uses 256-bit ECC, which is certainly
-better, but RSA-1024 is still used in some places for signatures.
-I want to fix all that in 0.2.5 — see proposal 220 [XXX], and George
-Kadianakis’ draft hidden service improvements [XXX,XXX], and so forth.”
-Regarding symmetric keys, Nick wrote: “We’re using AES128. I’m hoping
-to move to XSalsa20 or something like it.” In response to a query, Nick
-clarifies that he doesn't think AES is broken: only hard to implement right,
-and only provided in TLS in concert with modes that are somewhat (GCM)
-or fairly (CBC) problematic.
+have raised concerns [12] about 1024 bit Diffie-Helmank key
+exchange [13]. This has already been adressed with the introduction of
+the “ntor” handshake [14] in 0.2.4 and Nick Mathewson encourages
+everybody to upgrade [15].
+
+Another thread [16] prompted Nick to summarize [17] its views on the
+future of Tor cryptography. Regarding public keys, “with Tor 0.2.4,
+forward secrecy uses 256-bit ECC, which is certainly better, but
+RSA-1024 is still used in some places for signatures. I want to fix all
+that in 0.2.5 — see proposal 220 [18], and George Kadianakis’ draft
+hidden service improvements [19,20], and so forth.” Regarding symmetric
+keys, Nick wrote: “We’re using AES128. I’m hoping to move to XSalsa20
+or something like it.” In response to a query, Nick clarifies that he
+doesn't think AES is broken: only hard to implement right, and only
+provided in TLS in concert with modes that are somewhat (GCM) or fairly
+(CBC) problematic.
The effort to design better cryptography for the Tor protocols is not
-new. More than a year ago, Nick Mathewson presented proposal 202 [XXX]
-outlining two possible new relay encryption protocols for Tor cells. Nick
-mentioned that he's waiting for a promising paper to get finished here
-before implementation.
-
-A third question was raised [XXX] regarding the trust in algorithms
-certified by the US NIST [XXX]. Nick speculations put aside, he also
+new. More than a year ago, Nick Mathewson presented proposal 202 [21]
+outlining two possible new relay encryption protocols for Tor cells.
+Nick mentioned that he's waiting for a promising paper to get finished
+here before implementation.
+
+A third question was raised [22] regarding the trust in algorithms
+certified by the US NIST [23]. Nick speculations put aside, he also
emphasised that several NIST algorithms were “hard to implement
-correctly” [XXX].
-
-Nick also plans to change more algorithms [XXX]: “Over the 0.2.5
-series, I want to move even more things (including hidden services) to
-curve25519 and its allies for public key crypto. I also want to add
+correctly” [24].
+
+Nick also plans to change more algorithms [25]: “Over the 0.2.5 series,
+I want to move even more things (including hidden services) to
+curve25519 and its allies for public key crypto. I also want to add
more hard-to-implement-wrong protocols to our mix: Salsa20 is looking
like a much better choice to me than AES nowadays, for instance.”
Nick concluded one of his email with “these are interesting times for
crypto”. It sounds like a good way to put it.
- [XXX] https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html
- [XXX] https://lists.torproject.org/pipermail/tor-talk/2013-September/029917.html
- [XXX] https://en.wikipedia.org/wiki/Diffie–Hellman_key_exchange
- [XXX] https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/216-ntor-handshake.txt
- [XXX] https://lists.torproject.org/pipermail/tor-talk/2013-September/029930.html
- [XXX] https://lists.torproject.org/pipermail/tor-talk/2013-September/029927.html
- [XXX] https://lists.torproject.org/pipermail/tor-talk/2013-September/029941.html
- [XXX] https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/220-ecc-id-keys.txt
- [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-August/005279.html
- [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-August/005280.html
- [XXX] https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/202-improved-relay-crypto.txt
- [XXX] https://lists.torproject.org/pipermail/tor-talk/2013-September/029933.html
- [XXX] https://en.wikipedia.org/wiki/National_Institute_of_Standards_and_Technology
- [XXX] https://lists.torproject.org/pipermail/tor-talk/2013-September/029937.html
- [XXX] https://lists.torproject.org/pipermail/tor-talk/2013-September/029929.html
+ [11] https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html
+ [12] https://lists.torproject.org/pipermail/tor-talk/2013-September/029917.html
+ [13] https://en.wikipedia.org/wiki/Diffie–Hellman_key_exchange
+ [14] https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/216-ntor-handshake.txt
+ [15] https://lists.torproject.org/pipermail/tor-talk/2013-September/029930.html
+ [16] https://lists.torproject.org/pipermail/tor-talk/2013-September/029927.html
+ [17] https://lists.torproject.org/pipermail/tor-talk/2013-September/029941.html
+ [18] https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/220-ecc-id-keys.txt
+ [19] https://lists.torproject.org/pipermail/tor-dev/2013-August/005279.html
+ [20] https://lists.torproject.org/pipermail/tor-dev/2013-August/005280.html
+ [21] https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/202-improved-relay-crypto.txt
+ [22] https://lists.torproject.org/pipermail/tor-talk/2013-September/029933.html
+ [23] https://en.wikipedia.org/wiki/National_Institute_of_Standards_and_Technology
+ [24] https://lists.torproject.org/pipermail/tor-talk/2013-September/029937.html
+ [25] https://lists.torproject.org/pipermail/tor-talk/2013-September/029929.html
Toward a better performance measurement tool
--------------------------------------------
-“I just finished […] sketching out the requirements and a software design
-for a new Torperf implementation“ announced Karsten Loesing [XXX] on
-the tor-dev mailing list.
+“I just finished […] sketching out the requirements and a software
+design for a new Torperf implementation“ announced Karsten Loesing [26]
+on the tor-dev mailing list.
The report begins with: “Four years ago, we presented a simple tool to
-measure performance of the Tor network. This tool, called Torperf,
+measure performance of the Tor network. This tool, called Torperf,
requests static files of three different sizes over the Tor network and
logs timestamps of various request substeps. These data turned out to be
-quite useful to observe user-perceived network performance over
-time [XXX]. However, static file downloads are not the typical use case
+quite useful to observe user-perceived network performance over
+time [27]. However, static file downloads are not the typical use case
of a user browsing the web using Tor, so absolute numbers are not very
meaningful. Also, Torperf consists of a bunch of shell scripts which
makes it neither very user-friendly to set up and run, nor extensible to
@@ -142,130 +142,133 @@
canonical web page, measuring hidden service performance, and checking
on upload capacity.
-Karsten added “neither the requirements nor the software design
-are set in stone, and the implementation, well, does not exist yet.
-Plenty of options for giving feedback and helping out, and most parts
-don't even require specific experience with hacking on Tor. Just in case
-somebody's looking for an introductory Tor project to hack on.”
-
-Saytha already wrote that this was enough material to get the
-implementation started [XXX]. The project needs enough work for anyone
+Karsten added “neither the requirements nor the software design are set
+in stone, and the implementation, well, does not exist yet. Plenty of
+options for giving feedback and helping out, and most parts don't even
+require specific experience with hacking on Tor. Just in case somebody's
+looking for an introductory Tor project to hack on.”
+
+Saytha already wrote that this was enough material to get the
+implementation started [28]. The project needs enough work for anyone
interested. Feel free to join him!
- [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-September/005386.html
- [XXX] https://metrics.torproject.org/performance.html
- [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-September/005388.html
+ [26] https://lists.torproject.org/pipermail/tor-dev/2013-September/005386.html
+ [27] https://metrics.torproject.org/performance.html
+ [28] https://lists.torproject.org/pipermail/tor-dev/2013-September/005388.html
More monthly status reports for August 2013
-------------------------------------------
The wave of regular monthly reports from Tor project members continued
-this week with Sukhbir Singh [XXX], Matt Pagan [XXX], Ximin Luo [XXX],
-mrphs [XXX], Pearl Crescent [XXX], Andrew Lewman [XXX], Mike Perry
-[XXX], Kelley Misata [XXX], Nick Mathewson [XXX], Jason Tsai [XXX],
-Tails [XXX], Aaron [XXX], and Damian Johnson [XXX].
-
- [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000326.html
- [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000327.html
- [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000328.html
- [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000329.html
- [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000330.html
- [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000331.html
- [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000332.html
- [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000333.html
- [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000334.html
- [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000335.html
- [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000336.html
- [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000337.html
- [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000338.html
+this week with Sukhbir Singh [29], Matt Pagan [30], Ximin Luo [31],
+mrphs [32], Pearl Crescent [33], Andrew Lewman [34], Mike Perry [35],
+Kelley Misata [36], Nick Mathewson [37], Jason Tsai [38], Tails [39],
+Aaron [40], and Damian Johnson [41].
+
+ [29] https://lists.torproject.org/pipermail/tor-reports/2013-September/000326.html
+ [30] https://lists.torproject.org/pipermail/tor-reports/2013-September/000327.html
+ [31] https://lists.torproject.org/pipermail/tor-reports/2013-September/000328.html
+ [32] https://lists.torproject.org/pipermail/tor-reports/2013-September/000329.html
+ [33] https://lists.torproject.org/pipermail/tor-reports/2013-September/000330.html
+ [34] https://lists.torproject.org/pipermail/tor-reports/2013-September/000331.html
+ [35] https://lists.torproject.org/pipermail/tor-reports/2013-September/000332.html
+ [36] https://lists.torproject.org/pipermail/tor-reports/2013-September/000333.html
+ [37] https://lists.torproject.org/pipermail/tor-reports/2013-September/000334.html
+ [38] https://lists.torproject.org/pipermail/tor-reports/2013-September/000335.html
+ [39] https://lists.torproject.org/pipermail/tor-reports/2013-September/000336.html
+ [40] https://lists.torproject.org/pipermail/tor-reports/2013-September/000337.html
+ [41] https://lists.torproject.org/pipermail/tor-reports/2013-September/000338.html
Miscellaneous news
------------------
Not all new Tor users are computer programs! According to their latest
-report [XXX], Tails is now booted twice as much as six months ago
-(from 100 865 to 190 521 connections to the security feed).
-
- [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000336.html
-
-Thanks Frenn vun der Enn [XXX] for setting up a new mirror [XXX] of the
+report [42], Tails is now booted twice as much as six months ago (from
+100 865 to 190 521 connections to the security feed).
+
+ [42] https://lists.torproject.org/pipermail/tor-reports/2013-September/000336.html
+
+Thanks Frenn vun der Enn [43] for setting up a new mirror [44] of the
Tor project website.
- [XXX] http://enn.lu/
- [XXX] https://lists.torproject.org/pipermail/tor-mirrors/2013-September/000351.html
-
-With the Google Summer of Code ending in two weeks, the students have
-sent their the next to last reports: Kostas Jakeliunas for the
-Searchable metrics archive [XXX], Johannes Fürmann for EvilGenius [XXX],
-Hareesan for the Steganography Browser Extension [XXX], and Cristian-Matei
-Toader for Tor capabilities [XXX].
-
- [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-September/005380.html
- [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-September/005394.html
- [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-September/005409.html
- [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-September/005412.html
-
-Damian Johnson anounced [XXX] he had completed the rewrite of DocTor in
-Python [XXX], “a service that pulls hourly consensus information and
+ [43] http://enn.lu/
+ [44] https://lists.torproject.org/pipermail/tor-mirrors/2013-September/000351.html
+
+With the Google Summer of Code ending in two weeks, the students have
+sent their the next to last reports: Kostas Jakeliunas for the
+Searchable metrics archive [45], Johannes Fürmann for EvilGenius [46],
+Hareesan for the Steganography Browser Extension [47], and
+Cristian-Matei Toader for Tor capabilities [48].
+
+ [45] https://lists.torproject.org/pipermail/tor-dev/2013-September/005380.html
+ [46] https://lists.torproject.org/pipermail/tor-dev/2013-September/005394.html
+ [47] https://lists.torproject.org/pipermail/tor-dev/2013-September/005409.html
+ [48] https://lists.torproject.org/pipermail/tor-dev/2013-September/005412.html
+
+Damian Johnson anounced [49] he had completed the rewrite of DocTor in
+Python [50], “a service that pulls hourly consensus information and
checks it for a host of issues (directory authority outages, expiring
certificates, etc). In the case of a problem it notifies
-tor-consensus-health@ [XXX], and we in turn give the authority operator
-a heads up.”
-
- [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000338.html
- [XXX] https://gitweb.torproject.org/doctor.git
- [XXX] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-consensus-health
-
-Matt Pagan has migrated [XXX] several Frequently Asked Questions from the wiki to the
-official Tor website [XXX]. This should enable more users to find the answers they need!
-
- [XXX] https://svn.torproject.org/cgi-bin/viewvc.cgi/Tor?view=revision&revision=26333
- [XXX] https://www.torproject.org/docs/faq.html
-
-In his previous call for help to collect more statistics [XXX],
-addressed at bridge operators, George Kadianakis forgot to mention that
-an extra line with “ExtORPort 6669” needed to be added to tor
-configuration file [XXX]. Make sure you do have it if you are running a
-bridge on tor master branch.
-
- [XXX] https://lists.torproject.org/pipermail/tor-relays/2013-August/002477.html
- [XXX] https://lists.torproject.org/pipermail/tor-relays/2013-September/002691.html
+tor-consensus-health@ [51], and we in turn give the authority operator a
+heads up.”
+
+ [49] https://lists.torproject.org/pipermail/tor-reports/2013-September/000338.html
+ [50] https://gitweb.torproject.org/doctor.git
+ [51] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-consensus-health
+
+Matt Pagan has migrated [52] several Frequently Asked Questions from the
+wiki to the official Tor website [53]. This should enable more users to
+find the answers they need!
+
+ [52] https://svn.torproject.org/cgi-bin/viewvc.cgi/Tor?view=revision&revision=26333
+ [53] https://www.torproject.org/docs/faq.html
+
+In his previous call for help to collect more statistics [54], addressed
+at bridge operators, George Kadianakis forgot to mention that an extra
+line with “ExtORPort 6669” needed to be added to tor configuration
+file [55]. Make sure you do have it if you are running a bridge on tor
+master branch.
+
+ [54] https://lists.torproject.org/pipermail/tor-relays/2013-August/002477.html
+ [55] https://lists.torproject.org/pipermail/tor-relays/2013-September/002691.html
For the upgrade of tor to the 0.2.4.x series in Tails, a tester spotted
a regression while “playing with an ISO built from experimental, thanks
-to our Jenkins autobuilder” [XXX]. This mark a significant milestone in the
-work on automated builds [XXX] done by the several member of the Tails
-team in the course of the last year!
-
- [XXX] https://mailman.boum.org/pipermail/tails-dev/2013-September/003617.html
- [XXX] https://labs.riseup.net/code/issues/5324
+to our Jenkins autobuilder” [56]. This mark a significant milestone in
+the work on automated builds [57] done by the several member of the
+Tails team in the course of the last year!
+
+ [56] https://mailman.boum.org/pipermail/tails-dev/2013-September/003617.html
+ [57] https://labs.riseup.net/code/issues/5324
Tails next low-hanging fruits session will be on September 21st at
-08:00 UTC [XXX]. Mark the date if you want to get involved!
-
- [XXX] https://mailman.boum.org/pipermail/tails-dev/2013-September/003566.html
-
-David Fifield gave some tips on how to setup a test infrastructure [XXX] for
-flash proxy [XXX].
-
- [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-September/005402.html
- [XXX] https://crypto.stanford.edu/flashproxy/
-
-Marek Majkowski reported [XXX] on how one can use his fluxcapacitor tool [XXX]
-to get a test Tor network started with Chutney [XXX] ready is only 6.5
-seconds. A vast improvement over the 5 minutes he initially had to wait!
-
- [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-September/005403.html
- [XXX] https://github.com/majek/fluxcapacitor.git
- [XXX] https://gitweb.torproject.org/chutney.git
- [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-September/005413.html
-
-Eugen Leitl drew attention [XXX] to a new research paper which aims to analyse
-content and popularity of Hidden Services by Alex Biryukov, Ivan Pustogarov,
-and Ralf-Philipp Weinmann from University of Luxembourg [XXX].
-
- [XXX] https://lists.torproject.org/pipermail/tor-talk/2013-September/029856.html
- [XXX] http://cryptome.org/2013/09/tor-analysis-hidden-services.pdf
+08:00 UTC [58]. Mark the date if you want to get involved!
+
+ [58] https://mailman.boum.org/pipermail/tails-dev/2013-September/003566.html
+
+David Fifield gave some tips on how to setup a test infrastructure [59]
+for flash proxy [60].
+
+ [59] https://lists.torproject.org/pipermail/tor-dev/2013-September/005402.html
+ [60] https://crypto.stanford.edu/flashproxy/
+
+Marek Majkowski reported [61] on how one can use his fluxcapacitor
+tool [62] to get a test Tor network started with Chutney [63] ready is
+only 6.5 seconds. A vast improvement over the 5 minutes he initially had
+to wait [64]!
+
+ [61] https://lists.torproject.org/pipermail/tor-dev/2013-September/005403.html
+ [62] https://github.com/majek/fluxcapacitor.git
+ [63] https://gitweb.torproject.org/chutney.git
+ [64] https://lists.torproject.org/pipermail/tor-dev/2013-September/005413.html
+
+Eugen Leitl drew attention [65] to a new research paper which aims to
+analyse content and popularity of Hidden Services by Alex Biryukov, Ivan
+Pustogarov, and Ralf-Philipp Weinmann from University of
+Luxembourg [66].
+
+ [65] https://lists.torproject.org/pipermail/tor-talk/2013-September/029856.html
+ [66] http://cryptome.org/2013/09/tor-analysis-hidden-services.pdf
Tor Help Desk roundup
---------------------
@@ -277,43 +280,43 @@
There is absolutely no backdoor in Tor. Tor project members have been
vocal in the past about how tremendously irresponsible it would be to
-backdoor our users [XXX]. As it is a frequently asked question,
-users have been encouraged to read how the project would respond to
-institutional pressure [XXX].
-
-The Tor project does not have any more facts about NSA’s cryptanalysis
+backdoor our users [67]. As it is a frequently asked question, users
+have been encouraged to read how the project would respond to
+institutional pressure [68].
+
+The Tor project does not have any more facts about NSA’s cryptanalysis
capabilities than what have been published in newspapers. Even if there
-is no actual evidence that Tor encryption is actually broken, the
-idea is to pace on the safe side by using more trusted algorithms for
-the Tor protocols. See above for a more detailed write-up.
-
- [XXX] https://blog.torproject.org/blog/calea-2-and-tor
- [XXX] http://www.torproject.org/docs/faq.html.en#Backdoor
+is no actual evidence that Tor encryption is actually broken, the idea
+is to pace on the safe side by using more trusted algorithms for the Tor
+protocols. See above for a more detailed write-up.
+
+ [67] https://blog.torproject.org/blog/calea-2-and-tor
+ [68] http://www.torproject.org/docs/faq.html.en#Backdoor
Help the Tor community!
-----------------------
-Tor is about protecting everyone’s freedom and privacy. There are many
-way to help [XXX] but getting involved in such a busy community can be
+Tor is about protecting everyone’s freedom and privacy. There are many
+way to help [69] but getting involved in such a busy community can be
daunting. Here's a selection of tasks on which one can get started:
-Get tor to log the source of control port connection [XXX]. It would
-help developping controller applications or libraries (like Stem [XXX])
-to know which program is responsible for a given access to the control
-facilities of the tor daemon. Knowledge required: C programming,
-basic understanding of network sockets.
-
-Diagnose what is currently wrong with Tor Cloud images [XXX]. Tor
-Cloud [XXX] is an easy way to deploy bridges and it looks like
-the automatic upgrade procedure had troubles. Let's have these
-virtual machines be again useful for censored users. Knowledge
-required: basic understanding of Ubuntu system administration.
-
- [XXX] https://www.torproject.org/getinvolved/volunteer.html.en
- [XXX] https://trac.torproject.org/projects/tor/ticket/9698
- [XXX] https://stem.torproject.org/
- [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-September/005417.html
- [XXX] https://cloud.torproject.org
+Get tor to log the source of control port connection [70]. It would help
+developping controller applications or libraries (like Stem [71]) to
+know which program is responsible for a given access to the control
+facilities of the tor daemon. Knowledge required: C programming, basic
+understanding of network sockets.
+
+Diagnose what is currently wrong with Tor Cloud images [72]. Tor
+Cloud [73] is an easy way to deploy bridges and it looks like the
+automatic upgrade procedure had troubles. Let's have these virtual
+machines be again useful for censored users. Knowledge required: basic
+understanding of Ubuntu system administration.
+
+ [69] https://www.torproject.org/getinvolved/volunteer.html.en
+ [70] https://bugs.torproject.org/9698
+ [71] https://stem.torproject.org/
+ [72] https://lists.torproject.org/pipermail/tor-dev/2013-September/005417.html
+ [73] https://cloud.torproject.org/
Upcoming events
---------------
@@ -336,12 +339,12 @@
Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
-important news. Please see the project page [XXX], write down your
-name and subscribe to the team mailing list [XXX] if you want to
+important news. Please see the project page [74], write down your
+name and subscribe to the team mailing list [75] if you want to
get involved!
- [XXX] https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
- [XXX] https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
+ [74] https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
+ [75] https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
}}}
Possible items:
--
Your friendly TWN monitoring script
In case of malfunction, please reach out for lunar at torproject.org
or for the worst cases, tell weasel at torproject.org to kill me.
More information about the news-team
mailing list