[TWN team] Recent changes to the wiki pages
Lunar
lunar at torproject.org
Wed May 28 14:20:04 UTC 2014
===========================================================================
=== https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews/2014/21 ===
===========================================================================
version 58
Author: harmony
Date: 2014-05-28T13:38:28+00:00
send
--- version 57
+++ version 58
@@ -2,238 +2,4 @@
'''Editor:''' harmony
-'''Status:''' FROZEN. Only technical and language fixes allowed. New items should go in [wiki:TorWeeklyNews/2014/22 next week's edition]. Expected publication time: 2014-05-28 12:00 UTC.
-
-'''Subject:''' Tor Weekly News — May 28th, 2014
-
-{{{
-========================================================================
-Tor Weekly News May 28th, 2014
-========================================================================
-
-Welcome to the twenty-first issue of Tor Weekly News in 2014, the weekly
-newsletter that covers what is happening in the Tor community.
-
-OnionShare and tor’s ControlPort
---------------------------------
-
-Micah Lee published OnionShare [1], a program that “makes it simple to
-share a file securely using a password-protected Tor hidden service”. It
-originally ran only in Tails, but has now been made compatible with
-other GNU/Linux distros, Windows, and OS X. As part of that process,
-Micah wondered [2] about the best way to make the program work with a
-Tor Browser or system tor process, as “I would really like to not be in
-the business of distributing Tor myself”. meejah [3] and David
-Stainton [4] responded with relevant details of the Stem [5] and
-txtorcon [6] controller libraries, which allow this kind of operation to
-take place via tor’s ControlPort.
-
- [1]: https://github.com/micahflee/onionshare
- [2]: https://lists.torproject.org/pipermail/tor-dev/2014-May/006895.html
- [3]: https://lists.torproject.org/pipermail/tor-dev/2014-May/006896.html
- [4]: https://lists.torproject.org/pipermail/tor-dev/2014-May/006899.html
- [5]: https://stem.torproject.org/
- [6]: https://github.com/meejah/txtorcon
-
-The “Tor and HTTPS” visualization made translatable
----------------------------------------------------
-
-Lunar announced [7] the creation of a repository [8] for an
-SVG+Javascript version of the EFF’s interactive “Tor and HTTPS”
-visualization [9], which has proven useful in explaining to users the
-types of data that can be leaked or intercepted, and by whom, when using
-Tor or HTTPS (or both, or neither). As Lunar wrote, “The good news is
-that it’s translatable”: copies have so far been published in over
-twenty languages. The amount of translation required is very small, so
-if you’d like to contribute in your language then download the POT
-file [10] and submit a patch!
-
- [7]: https://lists.torproject.org/pipermail/tor-talk/2014-May/033001.html
- [8]: https://people.torproject.org/~lunar/tor-and-https/
- [9]: https://www.eff.org/pages/tor-and-https/
- [10]: https://gitweb.torproject.org/user/lunar/tor-and-https.git/blob/HEAD:/tor-and-https.pot
-
-A Child’s Garden of Pluggable Transports
-----------------------------------------
-
-David Fifield published [11] “A Child’s Garden of Pluggable
-Transports” [12], a detailed visualization of different pluggable
-transport protocols, including “aspects of different transports that I
-think are hard to intuit, such as what flash proxy rendezvous looks
-like, and how transports look under the encrypted layer that is visible
-to a censor”. A few other transports supported by Tor [13] are not yet
-discussed in the guide; “if you know how to run any of those transports,
-and you know an effective way to visualize it, please add it to the
-page”, wrote David.
-
- [11]: https://lists.torproject.org/pipermail/tor-dev/2014-May/006891.html
- [12]: https://trac.torproject.org/projects/tor/wiki/doc/AChildsGardenOfPluggableTransports
- [13]: https://www.torproject.org/docs/pluggable-transports
-
-Miscellaneous news
-------------------
-
-Anthony G. Basile released [14] version 20140520 of tor-ramdisk [15],
-the micro Linux distribution “whose only purpose is to host a Tor server
-in an environment that maximizes security and privacy”. The new version
-upgrades Tor to version 0.2.4.22, which “adds an important block to
-authority signing keys that were used on authorities vulnerable to the
-“heartbleed” bug in OpenSSL”, among other fixes; upgrading “is strongly
-recommended”.
-
- [14]: http://opensource.dyc.edu/pipermail/tor-ramdisk/2014-May/000131.html
- [15]: http://opensource.dyc.edu/tor-ramdisk
-
-Cure53 audited the security [16] of the Onion Browser [17], a web
-browser for iOS platforms tunneling traffic through Tor. From the
-conclusion: “we believe that the Onion Browser project is on the right
-track, however there is still a long way ahead for the project to be
-appropriately ‘ripe’ for usage in actually privacy-relevant and
-critically important scenarios.” All reported issues should have been
-fixed in release 1.5 [18] on May 14th.
-
- [16]: https://cure53.de/pentest-report_onion-browser.pdf
- [17]: https://mike.tig.as/onionbrowser/
- [18]: https://mike.tig.as/onionbrowser/security/#v1_5
-
-A new pluggable transport, currently named obfs4 [19], is being crafted
-by Yawning Angel: “obfs4 is ScrambleSuit with djb crypto. Instead of
-obfs3 style UniformDH and CTR-AES256/HMAC-SHA256, obfs4 uses a
-combination of Curve25519, Elligator2, HMAC-SHA256, XSalsa20/Poly1305
-and SipHash-2-4”. The feature set offered by obfs4 is comparable to
-ScrambleSuit, with minor differences. Yawning is now asking the
-community for comments, reviews, and tests [20].
-
- [19]: https://github.com/Yawning/obfs4
- [20]: https://lists.torproject.org/pipermail/tor-dev/2014-May/006897.html
-
-Stem now offers a control interpreter, “a new method for interacting
-with Tor’s control interface that combines an interactive python
-interpreter with raw access similar to telnet” [21]. Damian Johnson
-wrote a new tutorial [22] to give an overview of what can be done with
-it.
-
- [21]: https://blog.torproject.org/blog/new-feature-tor-interpreter
- [22]: https://stem.torproject.org/tutorials/down_the_rabbit_hole.html
-
-Also on the controller front, Yawning Angel hacked on or-applet [23], a
-Gtk+ system tray applet to monitor Tor circuits.
-
- [23]: https://github.com/yawning/or-applet
-
-Arlo Breault is making progress on the Tor Instant Messenger Bundle: a
-minimalistic user interface for OTR encryption in Instantbird [24], one
-of the key features missing from the finished software, has now been
-implemented.
-
- [24]: https://bugs.torproject.org/11533
-
-Nicolas Vigier has been working [25] on improving the Mbox sandboxing
-environment [26] to test the Tor Browser for disk or network leaks.
-
- [25]: https://lists.torproject.org/pipermail/tor-dev/2014-May/006911.html
- [26]: https://github.com/tsgates/mbox/
-
-Israel Leiva published [27] the initial version of a design
-proposal [28] for the “Revamp GetTor” Google Summer of Code project,
-having concluded that a full rewrite is needed.
-
- [27]: https://lists.torproject.org/pipermail/tor-dev/2014-May/006903.html
- [28]: https://github.com/ileiva/gettor/blob/master/spec/overview.txt
-
-Juha Nurmi submitted [29] the first weekly report for the ahmia.fi GSoC
-project.
-
- [29]: https://lists.torproject.org/pipermail/tor-reports/2014-May/000536.html
-
-kzhm sent out [30] instructions for installing obfsproxy on Fedora 20,
-to go with those for other Linux distributions [31].
-
- [30]: https://lists.torproject.org/pipermail/tor-talk/2014-May/033032.html
- [31]: https://www.torproject.org/projects/obfsproxy-instructions.html
-
-AddressSanitizer [32] (ASan) is a powerful memory error detector:
-software built with such technology makes it a lot harder to exploit
-programming errors related to memory management. Happily, Georg Koppen
-has announced [33] the first test packages of the Tor Browser built with
-ASan hardening.
-
- [32]: https://code.google.com/p/address-sanitizer/wiki/AddressSanitizer
- [33]: https://lists.torproject.org/pipermail/tor-qa/2014-May/000414.html
-
-Karsten Loesing is planning on spinning off the directory archive from
-the metrics portal [34].
-
- [34]: https://lists.torproject.org/pipermail/tor-dev/2014-May/006909.html
-
-Tor help desk roundup
----------------------
-
-Multiple Mac OS X users complained that despite seeing the
-“Congratulations” welcome page, they were unable to reach any website
-with the Tor Browser. It appears that with a recent update, the Sophos
-anti-virus solution interferes with the Tor Browser. In order to be able
-to use the Tor Browser again, one must open Sophos Anti-Virus, then
-“Preferences”, and in the “Web Protection” panel position all switches
-to off.
-
-News from Tor StackExchange
----------------------------
-
-yohann2008 doesn’t want their hidden service to be indexed by search
-engines [35]. puser suggested using a robots.txt file [36], as on a
-normal webpage. Jens Kubieziel later received confirmation on the IRC
-channel of ahmia.fi [37] that this search engine does indeed respect the
-robots.txt; however, it is unknown whether others do.
-
- [35]: https://tor.stackexchange.com/q/2130/88
- [36]: https://en.wikipedia.org/wiki/Robots_exclusion_standard
- [37]: https://ahmia.fi/
-
-Herbalist saw the following line in their log file [38] and wonders what
-it could mean: “Rejecting INTRODUCE1 on non-OR or non-edge circuit
-7503”. If you can unravel this mystery, please submit your answer to the
-question.
-
- [38]: https://tor.stackexchange.com/q/1866/88
-
-Easy development tasks to get involved with
--------------------------------------------
-
-The metrics website displays graphs on bridge users by pluggable
-transport [39], but we’d like to have another graph with total pluggable
-transport usage [40]. Karsten Loesing outlined the steps for adding such
-a graph, which require some knowledge of R and ggplot2. If you enjoy
-writing R and want to add this new graph to the metrics website, give it
-a try and post your results on the ticket.
-
- [39]: https://metrics.torproject.org/users.html#userstats-bridge-transport
- [40]: https://bugs.torproject.org/11799
-
-Upcoming events
----------------
-
- May 28 19:00 UTC | little-t tor development meeting
- | #tor-dev, irc.oftc.net
- | https://lists.torproject.org/pipermail/tor-dev/2014-May/006888.html
- |
- May 30 15:00 UTC | Tor Browser online meeting
- | #tor-dev, irc.oftc.net
- | https://lists.torproject.org/pipermail/tbb-dev/2014-April/000049.html
- |
- Jun 06 17:30 EDT | Tails 1.0 Launch Party
- | Washington, DC, USA
- | http://tailslaunch.eventbrite.com/
-
-This issue of Tor Weekly News has been assembled by Lunar, harmony, qbi,
-and Karsten Loesing.
-
-Want to continue reading TWN? Please help us create this newsletter.
-We still need more volunteers to watch the Tor community and report
-important news. Please see the project page [41], write down your
-name and subscribe to the team mailing list [42] if you want to
-get involved!
-
- [41]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
- [42]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
-}}}
+'''Status:''' Sent.
--
Your friendly TWN monitoring script
In case of malfunction, please reach out for lunar at torproject.org
or for the worst cases, tell weasel at torproject.org to kill me.
More information about the news-team
mailing list