[TWN team] Recent changes to the wiki pages
Lunar
lunar at torproject.org
Wed Mar 25 14:00:06 UTC 2015
===========================================================================
=== https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews/2015/12 ===
===========================================================================
version 3
Author: harmony
Date: 2015-03-25T13:28:41+00:00
this week
--- version 2
+++ version 3
@@ -1,6 +1,6 @@
''90th issue of Tor Weekly News. Covering what's happening from March 17th, 2015 to March 24th, 2015. To be released on March 25th, 2015.''
-'''Editor:'''
+'''Editor:''' Harmony
'''Subject:''' Tor Weekly News — March 25th, 2015
@@ -10,84 +10,179 @@
========================================================================
Welcome to the twelfth issue in 2015 of Tor Weekly News, the weekly
-newsletter that covers what’s happening in the XXX Tor community.
+newsletter that covers what’s happening in the Tor community.
-Feature XXX
------------
+Tor 0.2.4.26, 0.2.5.11, and 0.2.6.5-rc are out
+----------------------------------------------
-Feature 1 with cited source [XXX]
+Nick Mathewson announced three new releases by the core Tor team.
+Versions 0.2.4.26 and 0.2.5.11 [XXX] are updates to the stable release
+series, featuring backports from later releases and an updated list of
+Tor directory authorities.
- [XXX]:
+Tor 0.2.6.5-rc, meanwhile, is the second release candidate in the
+upcoming Tor 0.2.6 series. It fixes a couple of possible crashes, and
+makes it easier to run Tor inside the Shadow network simulator. To find
+out more about all the new features that are expected in this release
+series, take a look at Nick’s guide [XXX] on the Tor blog.
-Monthly status reports for XXX month 2015
------------------------------------------
+Please see the release announcements for details of all changes, and
+download the source code from the distribution directory [XXX].
-The wave of regular monthly reports from Tor project members for the
-month of XXX has begun. XXX released his report first [XXX], followed
-by reports from name 2 [XXX], name 3 [XXX], and name 4 [XXX].
+ [XXX]: https://blog.torproject.org/blog/tor-02426-and-02511-are-released
+ [XXX]: https://blog.torproject.org/blog/tor-0265-rc-released
+ [XXX]: https://blog.torproject.org/blog/coming-tor-026
+ [XXX]: https://dist.torproject.org/
- [XXX]:
- [XXX]:
- [XXX]:
- [XXX]:
+Tor Browser 4.0.5 is out
+------------------------
+
+Following the disclosure of two potentially serious security flaws in
+Firefox, the Tor Browser team announced [XXX] a pointfix release of the
+privacy-preserving browser. Tor Browser 4.0.5 is based on Firefox 31.5.3
+ESR, fixing flaws in the handling of SVG files [XXX] and Javascript
+bounds checking [XXX] that could have allowed an adversary to run
+malicious code on a target machine.
+
+This is an important security update, and all users of the stable Tor
+Browser should upgrade as soon as possible. Users of the alpha Tor
+Browser release channel will need to wait another week for an updated
+version; in the meantime, as Georg Koppen explained, they “are strongly
+recommended to use Tor Browser 4.0.5”. Download your copy of the new Tor
+Browser from the project page [XXX].
+
+ [XXX]: https://blog.torproject.org/blog/tor-browser-405-released
+ [XXX]: https://www.mozilla.org/en-US/security/advisories/mfsa2015-28/
+ [XXX]: https://www.mozilla.org/en-US/security/advisories/mfsa2015-29/
+ [XXX]: https://www.torproject.org/projects/torbrowser.html
+
+Tails 1.3.1 is out
+------------------
+
+The Tails 1.3.1 emergency release was put out on March 23 [XXX],
+following the Firefox security announcement. As well as Tor Browser
+4.0.5, this release includes updates to key software, fixing numerous
+security issues [XXX]. All Tails users must upgrade as soon as possible;
+see the announcement for download instructions.
+
+This release is also the first to be signed by the Tails team’s new
+OpenPGP signing key. For full details of the new key, see the team’s
+announcement [XXX].
+
+ [XXX]: https://tails.boum.org/news/version_1.3.1/
+ [XXX]: https://tails.boum.org/security/Numerous_security_holes_in_1.3/
+ [XXX]: https://tails.boum.org/news/signing_key_transition/
+
+Who runs most of the Tor network?
+---------------------------------
+
+The Tor network is a diverse and mostly decentralized system, and it
+would not exist without the efforts of thousands of volunteer relay
+operators around the world. Some focus on the task of maintaining a
+single relay, while others set up “families” of nodes that handle a
+larger share of Tor traffic.
+
+In an effort to identify the largest (publicly-declared) groupings of
+relays on the Tor network today, Nusenu posted [XXX] a list of entries
+found in the MyFamily field [XXX] of Tor relay configuration files,
+grouped by total “consensus weight” [XXX]. This list also includes other
+relevant data such as the number of Autonomous Systems, /16 IP address
+blocks, and country codes in which these relays are located; as Nusenu
+says, “more is better” for these statistics, at least as far as
+diversity is concerned. If the concentration of relays in one location
+is too high, there is a greater risk that a single adversary will be
+able to see a large proportion of Tor traffic.
+
+Nusenu also posted shorter lists of the largest relay families sorted by
+contact information [XXX], and in the course of all this research was
+able to notify some relay operators of problems with their
+configuration. The future of the MyFamily setting is still being
+discussed [XXX]; in the meantime, thanks to Nusenu for this impressive
+effort!
+
+ [XXX]: https://lists.torproject.org/pipermail/tor-talk/2015-March/037305.html
+ [XXX]: https://www.torproject.org/docs/faq.html.en#MultipleRelays
+ [XXX]: https://metrics.torproject.org/about.html#consensus-weight
+ [XXX]: https://lists.torproject.org/pipermail/tor-relays/2015-March/006657.html
+ [XXX]: https://bugs.torproject.org/6676
Miscellaneous news
------------------
-The Tails 1.3.1 emergency release was put out on March 23 [XXX].
-It was triggered by the unscheduled Firefox 31.5.3 ESR release,
-and it fixes critical security issues [XXX]. All Tails users must
-upgrade as soon as possible.
+Nathan Freitas announced [XXX] Orbot version 15-alpha-5, bringing meek
+and obfs4 support, QR code bridge distribution, and other new features
+closer to a stable release.
-Item 2 with cited source [XXX].
+ [XXX]: https://lists.mayfirst.org/pipermail/guardian-dev/2015-March/004283.html
-Item 3 with cited source [XXX].
+George Kadianakis invited feedback on proposal 243 [XXX], which would
+require Tor relays to earn the “Stable” flag before they are allowed to
+act as onion service directories, making it harder for malicious relay
+operators to launch denial-of-service attacks on onion services.
- [XXX]:https://tails.boum.org/news/version_1.3.1/
- [XXX]:https://tails.boum.org/security/Numerous_security_holes_in_1.3/
- [XXX]:
- [XXX]:
+ [XXX]: https://lists.torproject.org/pipermail/tor-dev/2015-March/008532.html
-Tor help desk roundup
----------------------
+Nick Mathewson asked for comments [XXX] on a list of possible future
+improvements to Tor’s controller protocol: “This is a brainstorming
+exercise, not a declaration of intent. The goal right now is to generate
+a lot of ideas and thoughts now, and to make decisions about what to
+build later.
-Summary of some questions sent to the Tor help desk.
+ [XXX]: https://lists.torproject.org/pipermail/tor-dev/2015-March/008502.html
-News from Tor StackExchange
----------------------------
+David Fifield wondered [XXX] why many the graphs of Tor user numbers on
+the Metrics portal [XXX] appear to show weekly cycles.
-Text with cited source [XXX].
+ [XXX]: https://lists.torproject.org/pipermail/tor-dev/2015-March/008473.html
+ [XXX]: https://metrics.torproject.org
- [XXX]:
+Jens Kubieziel posted a list of ideas [XXX] for the further development
+of the Torservers organization, following recent discussions.
-Easy development tasks to get involved with
--------------------------------------------
+ [XXX]: https://lists.torproject.org/pipermail/tor-relays/2015-March/006670.html
-Text with cited source [XXX].
+Mashael AlSabah and Ian Goldberg published “Performance and Security
+Improvements for Tor: A Survey” [XXX], a detailed introduction to the
+current state of research into performance and security on the Tor
+network. If you want to get up to speed on the most important technical
+questions facing the Tor development community, start here!
- [XXX]:
+ [XXX]: https://eprint.iacr.org/2015/235
-This week in Tor history
-------------------------
+Aaron Johnson announced [XXX] that this year’s Workshop on Hot Topics in
+Privacy Enhancing Technologies (HotPETS) [XXX] is accepting two-page
+talk proposals, rather than full-length papers, in the hope that “this
+will make it even easier for more of the Tor community to participate,
+especially people who don’t write research papers for a living”. If you
+can offer “new ideas, spirited debates, or controversial perspectives on
+privacy (and lack thereof)”, see the Workshop’s website for submission
+guidelines.
-Text with cited source [XXX].
-
- [XXX]:
+ [XXX]: https://lists.torproject.org/pipermail/tor-talk/2015-March/037294.html
+ [XXX]: https://www.petsymposium.org/2015/hotpets.php
Upcoming events
---------------
-Jul XX-XX | Event XXX brief description
- | Event City, Event Country
- | Event website URL
- |
-Jul XX-XX | Event XXX brief description
- | Event City, Event Country
- | Event website URL
+ Mar 25 13:30 UTC | little-t tor development meeting
+ | #tor-dev, irc.oftc.net
+ |
+ Mar 30 18:00 UTC | Tor Browser online meeting
+ | #tor-dev, irc.oftc.net
+ |
+ Mar 30 18:00 UTC | OONI development meeting
+ | #ooni, irc.oftc.net
+ |
+ Mar 31 18:00 UTC | little-t tor patch workshop
+ | #tor-dev, irc.oftc.net
+ |
+ Apr 03 20:00 UTC | Tails contributors meeting
+ | #tails-dev, irc.oftc.net
+ | https://mailman.boum.org/pipermail/tails-project/2015-March/000159.html
-This issue of Tor Weekly News has been assembled by XXX, XXX, and
-XXX.
+This issue of Tor Weekly News has been assembled by Harmony and the
+Tails team.
Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
--
Your friendly TWN monitoring script
In case of malfunction, please reach out for lunar at torproject.org
or for the worst cases, tell weasel at torproject.org to kill me.
More information about the news-team
mailing list