[TWN team] Recent changes to the wiki pages
Lunar
lunar at torproject.org
Tue Feb 4 12:20:09 UTC 2014
===========================================================================
==== https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews/2014/5 ====
===========================================================================
version 38
Author: lunar
Date: 2014-02-04T11:45:54+00:00
incomplete writeup about hidden service key revocation
--- version 37
+++ version 38
@@ -47,6 +47,33 @@
for the whole picture.
[XXX]: https://lists.torproject.org/pipermail/tor-reports/2014-February/000438.html
+
+Key revocation in next generation hidden services
+-------------------------------------------------
+
+It looks like every public-key infrastructure [XXX] struggles on how to handle
+revocation. And hidden services are no different as the current design
+completely ignored the problem of preventing a stolen key from being
+reused by an attacker.
+
+With the on-going effort to create a new protocol for hidden
+services [XXX], now seemed a good time for George Kadianakis
+to raise the issue [XXX]. Previously, there was little control for the
+hidden services operators over their secret key. As the new design
+enables offline management operations, enabling revocation procedures
+should just fit in.
+
+XXX
+put it, currently solutions “are always messy and don't work really
+well (look at SSL's OCSP [XXX] and CRLs [XXX]).”
+
+
+ [XXX]: https://en.wikipedia.org/wiki/Public-key_infrastructure
+ [XXX]: https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/224-rend-spec-ng.txt
+ [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-January/006146.html
+
+ [XXX]: https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol
+ [XXX]: https://en.wikipedia.org/wiki/Certificate_revocation_list
Help needed to remove DNS leaks from Mumble
-------------------------------------------
version 37
Author: lunar
Date: 2014-02-04T11:17:58+00:00
write about microdesc tarballs
--- version 36
+++ version 37
@@ -114,6 +114,14 @@
[XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-January/031959.html
[XXX]: https://bugzilla.mozilla.org/show_bug.cgi?id=925570
+As planned [XXX], to help “developers to analyze the directory protocol and for
+researchers to understand what information is available to clients to
+make path selection decisions”, Karsten Loesing has made [XXX]
+microdescriptor archives available on the metrics website.
+
+ [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-January/006061.html
+ [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-January/006141.html
+
Tor help desk roundup
---------------------
@@ -162,7 +170,6 @@
Possible items:
* DC Trip Report 24-26 January 2014 https://lists.torproject.org/pipermail/tor-reports/2014-January/000434.html
- * Microdescriptor tarballs are now available on the metrics website https://lists.torproject.org/pipermail/tor-dev/2014-January/006141.html; for some background why it's useful to provide these tarballs, see https://lists.torproject.org/pipermail/tor-dev/2014-January/006061.html
* Key revocation in Next Generation Hidden Services https://lists.torproject.org/pipermail/tor-dev/2014-January/006146.html
* integrate PTs in other projets https://lists.torproject.org/pipermail/tor-talk/2014-January/031984.html
* YouTube Unscripted https://lists.torproject.org/pipermail/tor-talk/2014-February/032010.html XXX add warning about GreaseMonkey, find previous discussion regarding Greasemonkey + Youtube on tor-talk
version 36
Author: lunar
Date: 2014-02-04T11:15:00+00:00
write about TBB sandboxing
--- version 35
+++ version 36
@@ -107,6 +107,13 @@
[XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-January/006142.html
[XXX]: https://github.com/baumanno/tor-weather-rewrite
+Andreas Jonsson gave an update [XXX] on how Mozilla is moving to a multi-process
+model for Firefox [XXX] and how this should positively affect the possibility
+of sandboxing the Tor Browser in the future.
+
+ [XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-January/031959.html
+ [XXX]: https://bugzilla.mozilla.org/show_bug.cgi?id=925570
+
Tor help desk roundup
---------------------
@@ -155,7 +162,6 @@
Possible items:
* DC Trip Report 24-26 January 2014 https://lists.torproject.org/pipermail/tor-reports/2014-January/000434.html
- * Updates on Firefox sandboxing plans https://lists.torproject.org/pipermail/tor-talk/2014-January/031959.html
* Microdescriptor tarballs are now available on the metrics website https://lists.torproject.org/pipermail/tor-dev/2014-January/006141.html; for some background why it's useful to provide these tarballs, see https://lists.torproject.org/pipermail/tor-dev/2014-January/006061.html
* Key revocation in Next Generation Hidden Services https://lists.torproject.org/pipermail/tor-dev/2014-January/006146.html
* integrate PTs in other projets https://lists.torproject.org/pipermail/tor-talk/2014-January/031984.html
version 35
Author: lunar
Date: 2014-02-04T11:12:36+00:00
I'll do editing
--- version 34
+++ version 35
@@ -1,6 +1,6 @@
''31st issue of Tor Weekly News. Covering what's happening from January 28th, 2014 to February 4th, 2014. To be released on February 5th, 2014.''
-'''Editor:'''
+'''Editor:''' Lunar
'''Subject:''' Tor Weekly News — February 4th, 2014
version 34
Author: lunar
Date: 2014-02-04T11:11:17+00:00
write about TBB news
--- version 33
+++ version 34
@@ -11,6 +11,42 @@
Welcome to the fifth issue of Tor Weekly News in 2014, the weekly
newsletter that covers what is happening in the Tor community.
+
+News from the browser team front
+--------------------------------
+
+Mike Perry has sent a detailed report [XXX] about what the growing
+Tor Browser team has been up to. Among the good news, new fingerprinting
+defenses are getting close to be merged for “screen resolution, default
+character sets, site permissions, and local service enumeration”. Some
+other changes that will reduce the attack surface include “disabling
+addon update requests for addons that should not update, a potential
+fix for a disk leak in the browser's video cache, […], and a potential
+fix to prevent the Flash plugin from being loaded into the browser
+at all until the user actually requests to use it.”
+
+Most censored users currently have to use a separate browser bundle
+dubbed “pluggable transports bundle”. This has proven quite inconvenient
+for both users and those trying to support them. But finally, Mike reports
+progress on “unifying the pluggable transport bundles with the official bundles,
+so that both censored and uncensored users can use the same bundles. […] The
+progress is sufficient that we are very likely to be able to deploy a
+3.6-beta1 release in February to test these unified bundles.”
+
+Another important topic is how the privacy issues that have been
+identified by the Tor Project can benefit even more users in the future.
+The team has “continued the merge process with Mozilla, and have worked
+to ensure that every patch of ours is on their radar […]. Two patches,
+one for an API we require to manage the Tor subprocess, and another
+to give us a filter to remove potentially dangerous drag-and-drop events
+to the desktop have already been merged. Next steps will include filing
+more bugs, continual contact with their development team, and touching
+up patches as needed.”
+
+There are even more things to smile about in the report. Read it in full
+for the whole picture.
+
+ [XXX]: https://lists.torproject.org/pipermail/tor-reports/2014-February/000438.html
Help needed to remove DNS leaks from Mumble
-------------------------------------------
version 33
Author: lunar
Date: 2014-02-04T10:56:25+00:00
write about mumble
--- version 32
+++ version 33
@@ -11,6 +11,30 @@
Welcome to the fifth issue of Tor Weekly News in 2014, the weekly
newsletter that covers what is happening in the Tor community.
+
+Help needed to remove DNS leaks from Mumble
+-------------------------------------------
+
+Mumble [XXX] is a “low-latency, high quality voice chat software
+primarily intended for use while gaming”.
+
+It has proven to be a reliable solution to do voice chat among multiple
+parties over Tor. Matt and Colin have worked on a documentation on how to setup both the
+client and the server side [XXX] for Tor users.
+
+But the client is currently only safely usable on Linux system with
+torsocks and on Tails. On other operating systems, the Mumble client
+will unfortunately leak the address of the server to the local DNS
+resolver [XXX].
+
+The changes that need to be made to the Mumble code are less trivial
+than one can think. Matt describe the issue in more details in his call
+for help [XXX]. Have a look if you are up to some C++/Qt hacking.
+
+ [XXX]: http://mumble.sourceforge.net/
+ [XXX]: https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/Mumble
+ [XXX]: https://github.com/mumble-voip/mumble/issues/1033
+ [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-January/006158.html
Monthly status reports for January 2014
---------------------------------------
@@ -98,10 +122,9 @@
* Updates on Firefox sandboxing plans https://lists.torproject.org/pipermail/tor-talk/2014-January/031959.html
* Microdescriptor tarballs are now available on the metrics website https://lists.torproject.org/pipermail/tor-dev/2014-January/006141.html; for some background why it's useful to provide these tarballs, see https://lists.torproject.org/pipermail/tor-dev/2014-January/006061.html
* Key revocation in Next Generation Hidden Services https://lists.torproject.org/pipermail/tor-dev/2014-January/006146.html
- * Help hacking Mumble https://lists.torproject.org/pipermail/tor-dev/2014-January/006158.html
* integrate PTs in other projets https://lists.torproject.org/pipermail/tor-talk/2014-January/031984.html
* YouTube Unscripted https://lists.torproject.org/pipermail/tor-talk/2014-February/032010.html XXX add warning about GreaseMonkey, find previous discussion regarding Greasemonkey + Youtube on tor-talk
* FOSDEM: https://twitter.com/anthraxx42/status/429600652399247361 https://lists.torproject.org/pipermail/tor-reports/2014-February/000443.html https://twitter.com/FrennVunDerEnn/status/429636610603233280
* New mirror: John Ricketts from Quintex Alliance Consulting https://lists.torproject.org/pipermail/tor-mirrors/2014-February/000464.html
* JavaScript-less version of Globe to test https://lists.torproject.org/pipermail/tor-talk/2014-February/032012.html ; Looking up bridges in Globe et al. by fingerprint https://lists.torproject.org/pipermail/tor-dev/2014-February/006165.html
- * HTTPS Everywhere for Android https://lists.eff.org/pipermail/https-everywhere/2014-February/001964.html+ * HTTPS Everywhere for Android https://lists.eff.org/pipermail/https-everywhere/2014-February/001964.html
--
Your friendly TWN monitoring script
In case of malfunction, please reach out for lunar at torproject.org
or for the worst cases, tell weasel at torproject.org to kill me.
More information about the news-team
mailing list