[TWN team] Recent changes to the wiki pages

Lunar lunar at torproject.org
Wed Apr 9 00:20:05 UTC 2014


===========================================================================
=== https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews/2014/14 ===
===========================================================================

version 56
Author: harmony
Date:   2014-04-08T23:45:53+00:00

   add 3.5.4 link after all

--- version 55
+++ version 56
@@ -28,21 +28,27 @@
 describing how it affects different areas of the Tor ecosystem.
 
 “The short version is: upgrade your openssl” [4]. Tor Browser users
-should await the imminent release of new packages, while those using a
-system Tor should upgrade their OpenSSL version and manually restart
-their Tor process. For relay operators, “best practice would be to
-update your OpenSSL package, discard all the files in keys/ in your
-DataDirectory, and restart your Tor to generate new keys”, and for
-hidden service administrators, “to move to a new hidden-service address
-at your convenience”. Clients, relays, and services using an older
-version of OpenSSL, including Tails, are not affected by this bug.
-
-For mobile devices, Nathan Freitas called [5] for immediate testing of
+should upgrade as soon as possible to the new 3.5.4 release [5], which
+includes OpenSSL 1.0.1g, fixing the vulnerability. “The browser itself
+does not use OpenSSL…however, this release is still considered an
+important security update, because it is theoretically possible to
+extract sensitive information from the Tor client sub-process”, wrote
+Mike Perry.
+
+Those using a system Tor should upgrade their OpenSSL version and
+manually restart their Tor process. For relay operators, “best practice
+would be to update your OpenSSL package, discard all the files in keys/
+in your DataDirectory, and restart your Tor to generate new keys”, and
+for hidden service administrators, “to move to a new hidden-service
+address at your convenience”. Clients, relays, and services using an
+older version of OpenSSL, including Tails, are not affected by this bug.
+
+For mobile devices, Nathan Freitas called [6] for immediate testing of
 Orbot 13.0.6-beta-3, which not only upgrades OpenSSL but also contains a
-fix for the transproxy leak described by Mike Perry two weeks ago [6],
-in addition to smaller fixes and improvements from 13.0.6-beta-1 [7] and
+fix for the transproxy leak described by Mike Perry two weeks ago [7],
+in addition to smaller fixes and improvements from 13.0.6-beta-1 [8] and
 subsequently. You can obtain a copy of the .apk file directly from the
-Guardian Project’s distribution page [8].
+Guardian Project’s distribution page [9].
 
 Ultimately, “if you need strong anonymity or privacy on the Internet,
 you might want to stay away from the Internet entirely for the next few
@@ -54,10 +60,11 @@
   [2]: http://heartbleed.com/
   [3]: https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
   [4]: https://lists.torproject.org/pipermail/tor-talk/2014-April/032602.html
-  [5]: https://lists.mayfirst.org/pipermail/guardian-dev/2014-April/003383.html
-  [6]: https://lists.torproject.org/pipermail/tor-talk/2014-March/032503.html
-  [7]: https://lists.mayfirst.org/pipermail/guardian-dev/2014-April/003375.html
-  [8]: https://guardianproject.info/releases/
+  [5]: https://blog.torproject.org/blog/tor-browser-354-released
+  [6]: https://lists.mayfirst.org/pipermail/guardian-dev/2014-April/003383.html
+  [7]: https://lists.torproject.org/pipermail/tor-talk/2014-March/032503.html
+  [8]: https://lists.mayfirst.org/pipermail/guardian-dev/2014-April/003375.html
+  [9]: https://guardianproject.info/releases/
 
 A hall of Tor mirrors
 ---------------------
@@ -66,7 +73,7 @@
 as a well-researched and -developed censorship circumvention tool — and,
 regrettably, so are censorship authorities. Events such as last month’s
 (short-lived) disruption of access to the main Tor Project website from
-some Turkish internet connections [9] have reaffirmed the need for
+some Turkish internet connections [10] have reaffirmed the need for
 multiple distribution channels that users can turn to during a
 censorship event in order to acquire a copy of the Tor Browser, secure
 their browsing, and beat the censors. One of the simplest ways of
@@ -74,39 +81,39 @@
 somewhere else.
 
 Recent days have seen the establishment of a large number of new Tor
-website mirrors, for which thanks must go to Max Jakob Maass [10], Ahmad
-Zoughbi [11], Darren Meyer [12], Piratenpartei Bayern [13], Bernd
-Fix [14], Florian Walther [15], the Electronic Frontier Foundation (on a
-subdomain formerly housing the Tor Project’s official site) [16], the
-Freedom of the Press Foundation [17], Caleb Xu [18], George
-Kargiotakis [19], and Tobias Markus [20], as well as to all the mirror
-operators of longer standing [21].
+website mirrors, for which thanks must go to Max Jakob Maass [11], Ahmad
+Zoughbi [12], Darren Meyer [13], Piratenpartei Bayern [14], Bernd
+Fix [15], Florian Walther [16], the Electronic Frontier Foundation (on a
+subdomain formerly housing the Tor Project’s official site) [17], the
+Freedom of the Press Foundation [18], Caleb Xu [19], George
+Kargiotakis [20], and Tobias Markus [21], as well as to all the mirror
+operators of longer standing [22].
 
 If you’d like to participate in the effort to render blocking of the Tor
 website even more futile, please see the instructions for running a
-mirror [22], and then come to the tor-mirrors mailing list [23] to
+mirror [23], and then come to the tor-mirrors mailing list [24] to
 notify the community!
 
-  [9]: https://www.eff.org/deeplinks/2014/03/when-tor-block-not-tor-block
- [10]: https://lists.torproject.org/pipermail/tor-mirrors/2014-March/000497.html
- [11]: https://lists.torproject.org/pipermail/tor-mirrors/2014-March/000499.html
- [12]: https://lists.torproject.org/pipermail/tor-mirrors/2014-March/000500.html
- [13]: https://lists.torproject.org/pipermail/tor-mirrors/2014-March/000501.html
- [14]: https://lists.torproject.org/pipermail/tor-mirrors/2014-March/000505.html
- [15]: https://lists.torproject.org/pipermail/tor-mirrors/2014-March/000506.html
- [16]: https://lists.torproject.org/pipermail/tor-mirrors/2014-March/000507.html
- [17]: https://lists.torproject.org/pipermail/tor-mirrors/2014-March/000508.html
- [18]: https://lists.torproject.org/pipermail/tor-mirrors/2014-March/000509.html
- [19]: https://lists.torproject.org/pipermail/tor-mirrors/2014-March/000510.html
- [20]: https://lists.torproject.org/pipermail/tor-mirrors/2014-April/000512.html
- [21]: https://www.torproject.org/getinvolved/mirrors
- [22]: https://www.torproject.org/docs/running-a-mirror
- [23]: https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-mirrors
+ [10]: https://www.eff.org/deeplinks/2014/03/when-tor-block-not-tor-block
+ [11]: https://lists.torproject.org/pipermail/tor-mirrors/2014-March/000497.html
+ [12]: https://lists.torproject.org/pipermail/tor-mirrors/2014-March/000499.html
+ [13]: https://lists.torproject.org/pipermail/tor-mirrors/2014-March/000500.html
+ [14]: https://lists.torproject.org/pipermail/tor-mirrors/2014-March/000501.html
+ [15]: https://lists.torproject.org/pipermail/tor-mirrors/2014-March/000505.html
+ [16]: https://lists.torproject.org/pipermail/tor-mirrors/2014-March/000506.html
+ [17]: https://lists.torproject.org/pipermail/tor-mirrors/2014-March/000507.html
+ [18]: https://lists.torproject.org/pipermail/tor-mirrors/2014-March/000508.html
+ [19]: https://lists.torproject.org/pipermail/tor-mirrors/2014-March/000509.html
+ [20]: https://lists.torproject.org/pipermail/tor-mirrors/2014-March/000510.html
+ [21]: https://lists.torproject.org/pipermail/tor-mirrors/2014-April/000512.html
+ [22]: https://www.torproject.org/getinvolved/mirrors
+ [23]: https://www.torproject.org/docs/running-a-mirror
+ [24]: https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-mirrors
 
 Mission Impossible: Hardening Android for Security and Privacy
 --------------------------------------------------------------
 
-On the Tor Blog, Mike Perry posted [24] another large and comprehensive
+On the Tor Blog, Mike Perry posted [25] another large and comprehensive
 hacking guide, this time describing “the installation and configuration
 of a prototype of a secure, full-featured, Android telecommunications
 device with full Tor support, individual application firewalling, true
@@ -130,129 +137,129 @@
 suggestions for future work at the bottom of the guide, and feel free to
 share your ideas with the community.
 
- [24]: https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy
+ [25]: https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy
 
 More monthly status reports for March 2014
 ------------------------------------------
 
 The wave of regular monthly reports from Tor project members for the
-month of March continued, with submissions from Arlo Breault [25], Colin
-Childs [26], George Kadianakis [27], Michael Schloh von Bennewitz [28],
-Philipp Winter [29], and Kevin Dyer [30].
-
-Arturo Filastò reported on behalf of the OONI team [31], while Mike
-Perry did likewise for the Tor Browser team [32].
-
- [25]: https://lists.torproject.org/pipermail/tor-reports/2014-April/000497.html
- [26]: https://lists.torproject.org/pipermail/tor-reports/2014-April/000499.html
- [27]: https://lists.torproject.org/pipermail/tor-reports/2014-April/000500.html
- [28]: https://lists.torproject.org/pipermail/tor-reports/2014-April/000501.html
- [29]: https://lists.torproject.org/pipermail/tor-reports/2014-April/000502.html
- [30]: https://lists.torproject.org/pipermail/tor-reports/2014-April/000503.html
- [31]: https://lists.torproject.org/pipermail/tor-reports/2014-April/000496.html
- [32]: https://lists.torproject.org/pipermail/tor-reports/2014-April/000498.html
+month of March continued, with submissions from Arlo Breault [26], Colin
+Childs [27], George Kadianakis [28], Michael Schloh von Bennewitz [29],
+Philipp Winter [30], and Kevin Dyer [31].
+
+Arturo Filastò reported on behalf of the OONI team [32], while Mike
+Perry did likewise for the Tor Browser team [33].
+
+ [26]: https://lists.torproject.org/pipermail/tor-reports/2014-April/000497.html
+ [27]: https://lists.torproject.org/pipermail/tor-reports/2014-April/000499.html
+ [28]: https://lists.torproject.org/pipermail/tor-reports/2014-April/000500.html
+ [29]: https://lists.torproject.org/pipermail/tor-reports/2014-April/000501.html
+ [30]: https://lists.torproject.org/pipermail/tor-reports/2014-April/000502.html
+ [31]: https://lists.torproject.org/pipermail/tor-reports/2014-April/000503.html
+ [32]: https://lists.torproject.org/pipermail/tor-reports/2014-April/000496.html
+ [33]: https://lists.torproject.org/pipermail/tor-reports/2014-April/000498.html
 
 Miscellaneous news
 ------------------
 
-Michael Schloh von Bennewitz introduced himself [33] as the Tor
+Michael Schloh von Bennewitz introduced himself [34] as the Tor
 Project’s new browser hacker: “since I want to improve third party
 cookie logic (increase granularity & improve intuitive UI) and remove
 nasty clipboard temp files left around, I’m starting by getting to know
 the TBB build process…and compiling documentation of irregularities as
 well as requirements”. Amongst other things, Michael has already started
-work on a “semiofficial” guide [34] to configuring a virtual machine for
+work on a “semiofficial” guide [35] to configuring a virtual machine for
 building the Tor Browser. A warm welcome to him!
 
- [33]: https://lists.torproject.org/pipermail/tor-dev/2014-April/006655.html
- [34]: https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/VMSetup
-
-David Goulet announced [35] the seventh release candidate for Torsocks
-2.0.0 [36], the updated version of the wrapper for safely using network
+ [34]: https://lists.torproject.org/pipermail/tor-dev/2014-April/006655.html
+ [35]: https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/VMSetup
+
+David Goulet announced [36] the seventh release candidate for Torsocks
+2.0.0 [37], the updated version of the wrapper for safely using network
 applications with Tor. “Nothing major, fixes and some code refactoring
 went in”, said David. Please review, test, and report any issues you
 find.
 
- [35]: https://lists.torproject.org/pipermail/tor-dev/2014-April/006649.html
- [36]: https://gitweb.torproject.org/torsocks.git
-
-Nathan Freitas posted [37] a brief analysis of the role played by Orbot
+ [36]: https://lists.torproject.org/pipermail/tor-dev/2014-April/006649.html
+ [37]: https://gitweb.torproject.org/torsocks.git
+
+Nathan Freitas posted [38] a brief analysis of the role played by Orbot
 in the recent Turkish internet service disruption: “it might be good to
 think about Turkey’s Twitter block as a “censorship-lite” event, not
 unlike the UK or Indonesia, and then figure out how we can encourage
 more adoption.”
 
- [37]: https://lists.torproject.org/pipermail/tor-talk/2014-April/032574.html
-
-Jann Horn drew attention [38] to a potential issue caused by some Tor
+ [38]: https://lists.torproject.org/pipermail/tor-talk/2014-April/032574.html
+
+Jann Horn drew attention [39] to a potential issue caused by some Tor
 relays sending out globally-sequential IP IDs. Roger Dingledine
-linked [39] to an academic paper connected with the same question, while
-Daniel Bilik suggested [40] one method of preventing this from happening
+linked [40] to an academic paper connected with the same question, while
+Daniel Bilik suggested [41] one method of preventing this from happening
 on FreeBSD. Exactly how significant this issue is (or is not) for the
 Tor network is very much an open question; further research into which
 operating systems it affects, and how it might be related to known
 attacks against anonymity, would be very welcome.
 
- [38]: https://lists.torproject.org/pipermail/tor-relays/2014-March/004199.html
- [39]: https://lists.torproject.org/pipermail/tor-relays/2014-April/004206.html
- [40]: https://lists.torproject.org/pipermail/tor-relays/2014-April/004207.html
-
-As part of their current campaign [41] to fund usable encryption tools
+ [39]: https://lists.torproject.org/pipermail/tor-relays/2014-March/004199.html
+ [40]: https://lists.torproject.org/pipermail/tor-relays/2014-April/004206.html
+ [41]: https://lists.torproject.org/pipermail/tor-relays/2014-April/004207.html
+
+As part of their current campaign [42] to fund usable encryption tools
 (including Tor) for journalists, the Freedom of the Press Foundation
-published [42] a blog post on the “little-known” Tails operating system,
+published [43] a blog post on the “little-known” Tails operating system,
 featuring quotes from three of the journalists most prominently
 associated with the recent Snowden disclosures (Laura Poitras, Glenn
 Greenwald, and Barton Gellman) attesting to the important role Tails has
 played in their ability to carry out their work. If you’re impressed by
 what you read, please donate to the campaign — or become a Tails
-contributor [43]!
-
- [41]: https://pressfreedomfoundation.org/bundle/encryption-tools-journalists#donate
- [42]: https://pressfreedomfoundation.org/blog/2014/04/help-support-little-known-privacy-tool-has-been-critical-journalists-reporting-nsa
- [43]: https://tails.boum.org/contribute/index
+contributor [44]!
+
+ [42]: https://pressfreedomfoundation.org/bundle/encryption-tools-journalists#donate
+ [43]: https://pressfreedomfoundation.org/blog/2014/04/help-support-little-known-privacy-tool-has-been-critical-journalists-reporting-nsa
+ [44]: https://tails.boum.org/contribute/index
 
 Two Tor-affiliated projects — the Open Observatory of Network
 Interference and Tails — have each submitted a proposal to this year’s
-Knight News Challenge [44]. The OONI proposal [45] involves further
+Knight News Challenge [45]. The OONI proposal [46] involves further
 developing the ooni-probe software suite and deploying it in countries
 around the world, as well as working on analysis and visualization of
-the data gathered, in collaboration with the Chokepoint Project [46];
-while Tails’ submission [47] proposes to “improve Tails to limit the
+the data gathered, in collaboration with the Chokepoint Project [47];
+while Tails’ submission [48] proposes to “improve Tails to limit the
 impact of security flaws, isolate critical applications, and provide
 same-day security updates”. Voting is limited to the Knight Foundation’s
 trustees, but feel free to read each submission and leave your comments
 for the developers.
 
- [44]: https://www.newschallenge.org
- [45]: https://www.newschallenge.org/challenge/2014/submissions/global-internet-monitoring-project
- [46]: https://chokepointproject.net/
- [47]: https://www.newschallenge.org/challenge/2014/submissions/improve-tails-to-limit-the-impact-of-security-flaws-isolate-critical-applications-and-provide-same-day-security-updates
-
-Robert posted [48] a short proposal for “a prototype of a
+ [45]: https://www.newschallenge.org
+ [46]: https://www.newschallenge.org/challenge/2014/submissions/global-internet-monitoring-project
+ [47]: https://chokepointproject.net/
+ [48]: https://www.newschallenge.org/challenge/2014/submissions/improve-tails-to-limit-the-impact-of-security-flaws-isolate-critical-applications-and-provide-same-day-security-updates
+
+Robert posted [49] a short proposal for “a prototype of a
 next-generation Tor control interface, aiming to combine the strengths
 of both the present control protocol and the state-of-the-art
 libraries”. The idea was originally destined for this year’s GSoC
 season, but in the end Robert opted instead to “get some feedback and
 let the idea evolve.”
 
- [48]: https://lists.torproject.org/pipermail/tor-dev/2014-April/006627.html
-
-After the end of the Tails logo contest [49] last week, sajolida
-announced [50] that the winner will be declared by April 9th, after a
+ [49]: https://lists.torproject.org/pipermail/tor-dev/2014-April/006627.html
+
+After the end of the Tails logo contest [50] last week, sajolida
+announced [51] that the winner will be declared by April 9th, after a
 week of voting by the most active Tails contributors.
 
- [49]: https://tails.boum.org/blueprint/logo/
- [50]: https://mailman.boum.org/pipermail/tails-dev/2014-April/005390.html
+ [50]: https://tails.boum.org/blueprint/logo/
+ [51]: https://mailman.boum.org/pipermail/tails-dev/2014-April/005390.html
 
 Following last week’s progress on the Tor website redesign campaign,
-William Papper presented [51] a functioning beta version [52] of the new
+William Papper presented [52] a functioning beta version [53] of the new
 download page that he and a team of contributors have been building.
-Have a look, and let the www-team list [53] know what works and what
+Have a look, and let the www-team list [54] know what works and what
 doesn’t!
 
- [51]: https://lists.torproject.org/pipermail/www-team/2014-April/000301.html
- [52]: http://wpapper.github.io/tor-download-web/
- [53]: https://lists.torproject.org/cgi-bin/mailman/listinfo/www-team
+ [52]: https://lists.torproject.org/pipermail/www-team/2014-April/000301.html
+ [53]: http://wpapper.github.io/tor-download-web/
+ [54]: https://lists.torproject.org/cgi-bin/mailman/listinfo/www-team
 
 Tor help desk roundup
 ---------------------
@@ -260,38 +267,38 @@
 Tor Browser users often try to set a proxy when they don’t need to.
 Many users think they can circumvent website bans or get additional
 security by doing this. Discussion on clarifying the tor-launcher
-interface is taking place on the bug tracker [54].
-
- [54]: https://bugs.torproject.org/11405
+interface is taking place on the bug tracker [55].
+
+ [55]: https://bugs.torproject.org/11405
 
 News from Tor StackExchange
 ---------------------------
 
-Tor’s StackExchange did its second site self-evaluation [55]. Users were
+Tor’s StackExchange did its second site self-evaluation [56]. Users were
 asked to review ten questions and their respective answers. This should
 help to improve the site's overall quality.
 
 The question “Why does GnuPG show the signature of Erinn Clark as not
-trusted?” [56] got the best rating. When a user verified the downloaded
+trusted?” [57] got the best rating. When a user verified the downloaded
 copy of Tor Browser Bundle, GnuPG showed Erinn’s signature as
 not-trusted. Jens Kubieziel explained the trust model of GnuPG in his
-answer, and gapz referred to the handbook [57].
+answer, and gapz referred to the handbook [58].
 
 The following questions need better answers: “How to validate
-certificates?” [58]; “Why does Atlas sometimes show a different IP
-address from https://check.torproject.org?” [59]; “Site login does not
-persist” [60]; and “My Atlas page is blank” [61].
+certificates?” [59]; “Why does Atlas sometimes show a different IP
+address from https://check.torproject.org?” [60]; “Site login does not
+persist” [61]; and “My Atlas page is blank” [62].
 
 If you know good answers to these questions, please help the users of
 Tor StackExchange.
 
- [55]: https://meta.tor.stackexchange.com/q/196/88
- [56]: https://tor.stackexchange.com/q/1573/88
- [57]: http://gnupg.org/gph/en/manual/x334.html
- [58]: https://tor.stackexchange.com/q/1584/88
- [59]: https://tor.stackexchange.com/q/1439/88
- [60]: https://tor.stackexchange.com/q/1536/88
- [61]: https://tor.stackexchange.com/q/1587/88
+ [56]: https://meta.tor.stackexchange.com/q/196/88
+ [57]: https://tor.stackexchange.com/q/1573/88
+ [58]: http://gnupg.org/gph/en/manual/x334.html
+ [59]: https://tor.stackexchange.com/q/1584/88
+ [60]: https://tor.stackexchange.com/q/1439/88
+ [61]: https://tor.stackexchange.com/q/1536/88
+ [62]: https://tor.stackexchange.com/q/1587/88
 
 Upcoming events
 ---------------
@@ -329,10 +336,10 @@
 
 Want to continue reading TWN? Please help us create this newsletter.
 We still need more volunteers to watch the Tor community and report
-important news. Please see the project page [62], write down your
-name and subscribe to the team mailing list [63] if you want to
+important news. Please see the project page [63], write down your
+name and subscribe to the team mailing list [64] if you want to
 get involved!
 
- [62]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
- [63]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
+ [63]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
+ [64]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
 }}}


-- 
Your friendly TWN monitoring script

      In case of malfunction, please reach out for lunar at torproject.org
          or for the worst cases, tell weasel at torproject.org to kill me.


More information about the news-team mailing list