[TWN team] Recent changes to the wiki pages
Lunar
lunar at torproject.org
Tue Apr 15 13:00:11 UTC 2014
===========================================================================
=== https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews/2014/15 ===
===========================================================================
version 38
Author: lunar
Date: 2014-04-15T12:11:40+00:00
FREEZE
--- version 37
+++ version 38
@@ -1,6 +1,8 @@
''41st issue of Tor Weekly News. Covering what's happening from April 8th, 2014 to April 15th, 2014. To be released on April 16th, 2014.''
'''Editor:''' Lunar
+
+'''Status:''' FROZEN! Technical and language fixes only. New items should go in [wiki:TorWeeklyNews/2014/16 next week's edition]. Expected publication time 2014-04-16 12:00 UTC.
'''Subject:''' Tor Weekly News — April 16th, 2014
version 37
Author: lunar
Date: 2014-04-15T12:09:05+00:00
prepare for freeze
--- version 36
+++ version 37
@@ -10,51 +10,51 @@
========================================================================
Welcome to the fifteenth issue of Tor Weekly News in 2014, the weekly
-newsletter that covers what is happening in the XXX Tor community.
+newsletter that covers what is happening in the Tor community.
New beta version of Tor Browser 3.6
-----------------------------------
-The second beta release of the next major Tor Browser release [XXX]
-is out. Version 3.6 main highlight is the seamless integration of
-pluggable transports [XXX] in the browser.
-
-The update is important to users already using version 3.6-beta1
-as it contains an updated OpenSSL to address potential client-side
-vectors for CVE-2014-0160 [XXX] (also known as “Heartbleed”).
+The second beta release of the next major Tor Browser release [1] is
+out. Version 3.6 main highlight is the seamless integration of pluggable
+transports [2] in the browser.
+
+The update is important to users already using version 3.6-beta1 as it
+contains an updated OpenSSL to address potential client-side vectors for
+CVE-2014-0160 [3] (also known as “Heartbleed”).
The new beta also features “a Turkish language bundle, experimental
-Javascript hardening options, fixes for pluggable transport issues,
-and a fix for improper update notification while extracting the
-bundle over an already existing copy.”
-
-Jump to the release announcement to know more. Enjoy the
-update [XXX] and report any bug you may find.
-
- [XXX]: https://blog.torproject.org/blog/tor-browser-36-beta-2-released
- [XXX]: https://www.torproject.org/docs/pluggable-transports.html
- [XXX]: https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
- [XXX]: https://www.torproject.org/dist/torbrowser/3.6-beta-2/
+Javascript hardening options, fixes for pluggable transport issues, and
+a fix for improper update notification while extracting the bundle over
+an already existing copy.”
+
+Jump to the release announcement to know more. Enjoy the update [4] and
+report any bug you may find.
+
+ [1]: https://blog.torproject.org/blog/tor-browser-36-beta-2-released
+ [2]: https://www.torproject.org/docs/pluggable-transports.html
+ [3]: https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
+ [4]: https://www.torproject.org/dist/torbrowser/3.6-beta-2/
Key rotation at every level
---------------------------
The “Heartbleed” issue forces system administrators to consider private
keys of network facing application affected by the bug as compromised.
-As Tor has no shortage of private keys in its design [XXX], a serious
+As Tor has no shortage of private keys in its design [5], a serious
amount of new keys have to be generated.
Roger Dingledine prompted relay operators to get new identity keys,
“especially from the big relays, and we'll be happier tolerating a
-couple of bumpy days while the network recovers.” [XXX]. Switching to a
-new relay identity key means that the relay is seen as new [XXX] to the
+couple of bumpy days while the network recovers.” [6]. Switching to a
+new relay identity key means that the relay is seen as new [7] to the
authorities again: they will loose their Guard status and bandwidth
measurement. It seems that a number of operators followed the advice, as
the network lost around 1 Gbit/s of advertised capacity between April
-7th and April 10th [XXX].
+7th and April 10th [8].
For a brighter future if such massive RSA1024 relay key migration was in
-order, Nick Mathewson wrote proposal 230 [XXX]. The proposal describes a
+order, Nick Mathewson wrote proposal 230 [9]. The proposal describes a
mechanism for relays to advertise their old identity to directory
authorities and clients.
@@ -63,158 +63,160 @@
seemed and can subject its users to impersonation attacks. As relays
switch to new identity key, those who keep the same name will loose
their Named flag for the next six months. So now seems a good time to
-“throw out the Named and Unnamed flags entirely” [XXX]. Sebsatian Hahn
-acted on the idea and started a draft proposal [XXX].
+“throw out the Named and Unnamed flags entirely” [10]. Sebsatian Hahn
+acted on the idea and started a draft proposal [11].
How should potentially compromised relays which have not switched to a
-new key be handled? On April 8th, grarpamp observed [XXX] that more than
+new key be handled? On April 8th, grarpamp observed [12] that more than
3000 relays had been restarted — hopefully to use the fixed version of
OpenSSL. It is unknown how many of those relays have switched to a new
-key since. Andrea Shepard has been working on a survey [XXX] to identify
+key since. Andrea Shepard has been working on a survey [13] to identify
them. What is known though are relays that are unfortunately still
vulnerable. Sina Rabbani has set up a visible list for guards and
-exits [XXX]. To protect Tor users, directory authority operators have
-started to remove the Valid flag for vulnerable relays [XXX].
+exits [14]. To protect Tor users, directory authority operators have
+started to remove the Valid flag for vulnerable relays [15].
The identity key for directory authorities are kept offline. But they
are used to certify medium-term signing keys. Roger Dingledine's
-analysis [XXX] reports “two (moria1 and urras) of the directory
+analysis [16] reports “two (moria1 and urras) of the directory
authorities were unaffected by the openssl bug, and seven were
affected”.
At the time of writing, five of the seven affected authorities got new
signing keys. In the meantime, Nick and Andrea have been busy writing
-code to prevent the old keys from being accepted by Tor clients [XXX].
+code to prevent the old keys from being accepted by Tor clients [17].
Changing the relay identity keys of the directory authorities has not
been do so far “because current clients expect them to be at their
current IP:port:fingerprint and would scream in their logs and refuse to
connect if the relay identity key changes”. The specification of the
missing piece of code to allow a smoother transition has been written by
-Nick Mathewson in proposal 231 [XXX].
-
-Finally, hidden service operators are also generating new keys [XXX].
+Nick Mathewson in proposal 231 [18].
+
+Finally, hidden service operators are also generating new keys [19].
Unfortunately, this forces every users of the service to update the
address in their bookmarks or configuration.
As Roger summarized it: “fun times”.
- [XXX]: https://gitweb.torproject.org/torspec.git
- [XXX]: https://lists.torproject.org/pipermail/tor-relays/2014-April/004256.html
- [XXX]: https://blog.torproject.org/blog/lifecycle-of-a-new-relay
- [XXX]: https://metrics.torproject.org/network.html?graph=bandwidth&start=2014-04-01&end=2014-04-15#bandwidth
- [XXX]: https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/230-rsa1024-relay-id-migration.txt
- [XXX]: https://lists.torproject.org/pipermail/tor-relays/2014-April/004254.html
- [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-April/006671.html
- [XXX]: https://lists.torproject.org/pipermail/tor-relays/2014-April/004259.html
- [XXX]: http://charon.persephoneslair.org/~andrea/private/tor-heartbleed-survey/
- [XXX]: https://encrypted.redteam.net/bleeding_edges/
- [XXX]: (XXX -- Roger owes a mail about this ; plan B is to link to consusus-health).
- [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-April/006663.html
- [XXX]: https://bugs.torproject.org/11464
- [XXX]: https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/231-migrate-authority-rsa1024-ids.txt
- [XXX]: https://twitter.com/freenodestaff/status/455425032203022337
+ [5]: https://gitweb.torproject.org/torspec.git
+ [6]: https://lists.torproject.org/pipermail/tor-relays/2014-April/004256.html
+ [7]: https://blog.torproject.org/blog/lifecycle-of-a-new-relay
+ [8]: https://metrics.torproject.org/network.html?graph=bandwidth&start=2014-04-01&end=2014-04-15#bandwidth
+ [9]: https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/230-rsa1024-relay-id-migration.txt
+ [10]: https://lists.torproject.org/pipermail/tor-relays/2014-April/004254.html
+ [11]: https://lists.torproject.org/pipermail/tor-dev/2014-April/006671.html
+ [12]: https://lists.torproject.org/pipermail/tor-relays/2014-April/004259.html
+ [13]: http://charon.persephoneslair.org/~andrea/private/tor-heartbleed-survey/
+ [14]: https://encrypted.redteam.net/bleeding_edges/
+ [15]: (XXX -- Roger owes a mail about this ; plan B is to link to consusus-health).
+ [16]: https://lists.torproject.org/pipermail/tor-dev/2014-April/006663.html
+ [17]: https://bugs.torproject.org/11464
+ [18]: https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/231-migrate-authority-rsa1024-ids.txt
+ [19]: https://twitter.com/freenodestaff/status/455425032203022337
Monthly status reports for March 2014
-------------------------------------
The wave of regular monthly reports from Tor project members for the
-month of March continued, with submissions from Andrew Lewman [XXX],
-Roger Dingledine [XXX], Kelley Misata [XXX].
-
-Roger also sent out the report for SponsorF [XXX], and the Tails team
-on its progress [XXX].
-
- [XXX]: https://lists.torproject.org/pipermail/tor-reports/2014-April/000505.html
- [XXX]: https://lists.torproject.org/pipermail/tor-reports/2014-April/000507.html
- [XXX]: https://lists.torproject.org/pipermail/tor-reports/2014-April/000508.html
- [XXX]: https://lists.torproject.org/pipermail/tor-reports/2014-April/000506.html
- [XXX]: https://tails.boum.org/news/report_2014_03/
+month of March continued, with submissions from Andrew Lewman [20],
+Roger Dingledine [21], Kelley Misata [22].
+
+Roger also sent out the report for SponsorF [23], and the Tails team on
+its progress [24].
+
+ [20]: https://lists.torproject.org/pipermail/tor-reports/2014-April/000505.html
+ [21]: https://lists.torproject.org/pipermail/tor-reports/2014-April/000507.html
+ [22]: https://lists.torproject.org/pipermail/tor-reports/2014-April/000508.html
+ [23]: https://lists.torproject.org/pipermail/tor-reports/2014-April/000506.html
+ [24]: https://tails.boum.org/news/report_2014_03/
Miscellaneous news
------------------
-CVE-2014-0160 prompted Anthony Basile to release version 20140409 [XXX] of
-Tor-ramdisk. OpenSSL has been updated and so was the kernel. Upgrading is
-strongly recommended.
-
- [XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-April/032642.html
-
-David Fifield released new browser bundles configured to use the meek [XXX]
-transport automatically. These bundles “use a web browser extension to make the
-HTTPS requests, so that the TLS layer looks like Firefox” — because it is
-Firefox [XXX]. Meek is a promising censorship circumvention solution, so please
-try them!
-
- [XXX]: https://lists.torproject.org/pipermail/tor-qa/2014-April/000390.html
- [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-April/006662.html
+CVE-2014-0160 prompted Anthony Basile to release version 20140409 [25]
+of Tor-ramdisk. OpenSSL has been updated and so was the kernel.
+Upgrading is strongly recommended.
+
+ [25]: https://lists.torproject.org/pipermail/tor-talk/2014-April/032642.html
+
+David Fifield released new browser bundles configured to use the
+meek [26] transport automatically. These bundles “use a web browser
+extension to make the HTTPS requests, so that the TLS layer looks like
+Firefox” — because it is Firefox [27]. Meek is a promising censorship
+circumvention solution, so please try them!
+
+ [26]: https://lists.torproject.org/pipermail/tor-qa/2014-April/000390.html
+ [27]: https://lists.torproject.org/pipermail/tor-dev/2014-April/006662.html
-The Tails developers announced [XXX] that Tchou’s proposal is the winner
+The Tails developers announced [28] that Tchou’s proposal is the winner
of the recent Tails logo contest: “in the coming days we will keep on
fine-tuning it and integrating it in time for Tails 1.0. So don't
hesitate to comment on it.”
- [XXX]: https://tails.boum.org/news/and_the_winner_is/
-
-Andrew Lewman reported on his week in Stockholm [XXX] for the Civil Rights
-Defender’s [XXX] Defender’s Days where he trained activists and “learned more
-about the situation in Moldova, Transnistria, Burma, Vietnam, and Bahrain”.
-
- [XXX]: https://lists.torproject.org/pipermail/tor-reports/2014-April/000504.html
- [XXX]: https://www.civilrightsdefenders.org/
-
-Andrew also updated the instructions [XXX] for mirror operators wishing
-to have their sites listed on the Tor Project website. Thanks to
-Andreas Reich [XXX], Sebastian M. Bobrecki [XXX], and Jeremy L.
-Gaddis [XXX] for running new mirrors!
-
- [XXX]: https://lists.torproject.org/pipermail/tor-mirrors/2014-April/000534.html
- [XXX]: https://lists.torproject.org/pipermail/tor-mirrors/2014-April/000536.html
- [XXX]: https://lists.torproject.org/pipermail/tor-mirrors/2014-April/000537.html
- [XXX]: https://lists.torproject.org/pipermail/tor-mirrors/2014-April/000541.html
-
-Arlo Breault announced [XXX] the release of Bulb [XXX], a Tor relay web
-status dashboard. “There's not much to it yet, but I thought I'd share […]
-Contributions welcome!”
-
- [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-April/006661.html
- [XXX]: https://github.com/arlolra/bulb
-
-Alan Shreve requested [XXX] feedback on “Shroud”, a proposal for “a new
-system to provide public hidden services […] whose network location cannot
-be determined (like Tor hidden services) but are accessible by any client
-on the internet”.
-
- [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-April/006657.html
+ [28]: https://tails.boum.org/news/and_the_winner_is/
+
+Andrew Lewman reported on his week in Stockholm [29] for the Civil
+Rights Defender’s [30] Defender’s Days where he trained activists and
+“learned more about the situation in Moldova, Transnistria, Burma,
+Vietnam, and Bahrain”.
+
+ [29]: https://lists.torproject.org/pipermail/tor-reports/2014-April/000504.html
+ [30]: https://www.civilrightsdefenders.org/
+
+Andrew also updated the instructions [31] for mirror operators wishing
+to have their sites listed on the Tor Project website. Thanks to Andreas
+Reich [32], Sebastian M. Bobrecki [33], and Jeremy L. Gaddis [34] for
+running new mirrors!
+
+ [31]: https://lists.torproject.org/pipermail/tor-mirrors/2014-April/000534.html
+ [32]: https://lists.torproject.org/pipermail/tor-mirrors/2014-April/000536.html
+ [33]: https://lists.torproject.org/pipermail/tor-mirrors/2014-April/000537.html
+ [34]: https://lists.torproject.org/pipermail/tor-mirrors/2014-April/000541.html
+
+Arlo Breault announced [35] the release of Bulb [36], a Tor relay web
+status dashboard. “There's not much to it yet, but I thought I'd
+share […] Contributions welcome!”
+
+ [35]: https://lists.torproject.org/pipermail/tor-dev/2014-April/006661.html
+ [36]: https://github.com/arlolra/bulb
+
+Alan Shreve requested [37] feedback on “Shroud”, a proposal for “a new
+system to provide public hidden services […] whose network location
+cannot be determined (like Tor hidden services) but are accessible by
+any client on the internet”.
+
+ [37]: https://lists.torproject.org/pipermail/tor-dev/2014-April/006657.html
Tor help desk roundup
---------------------
-Users often ask for steps they can take to maximize their anonymity while using
-Tor. Tips for staying anonymous when using Tor are visible on the download
-page [XXX].
-
-[XXX]: https://www.torproject.org/download/download#warning
+Users often ask for steps they can take to maximize their anonymity
+while using Tor. Tips for staying anonymous when using Tor are visible
+on the download page [38].
+
+ [38]: https://www.torproject.org/download/download#warning
News from Tor StackExchange
---------------------------
-Jack Gundo uses Windows 7 with the built-in firewall and wants to block all
-traffic except Tor traffic [XXX]. Guest suggested that on a closed source
-system one can never be sure to block really all traffic. So the original
-poster might be better off using a router which does the job. Another
-possible solution is PeerBlock. It also allows to block all traffic from
-a machine.
-
- [XXX]: https://tor.stackexchange.com/q/1882/88
+Jack Gundo uses Windows 7 with the built-in firewall and wants to block
+all traffic except Tor traffic [39]. Guest suggested that on a closed
+source system one can never be sure to block really all traffic. So the
+original poster might be better off using a router which does the job.
+Another possible solution is PeerBlock. It also allows to block all
+traffic from a machine.
+
+ [39]: https://tor.stackexchange.com/q/1882/88
Broot uses obfs3 to route the OpenVPN traffic and can't get obfsproxy
-running because the latest version only implements SOCKS4 [XXX]. Yawning
+running because the latest version only implements SOCKS4 [40]. Yawning
Angel answered that version 0.2.7 of obfsproxy uses SOCKS5 and works
-with OpenVPN. However there is a bug that needs to be worked around [XXX].
-
- [XXX]: https://tor.stackexchange.com/q/693/88
- [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-March/006427.html
+with OpenVPN. However there is a bug that needs to be worked
+around [41].
+
+ [40]: https://tor.stackexchange.com/q/693/88
+ [41]: https://lists.torproject.org/pipermail/tor-dev/2014-March/006427.html
Upcoming events
---------------
@@ -227,15 +229,15 @@
| #tor-dev, irc.oftc.net
| https://lists.torproject.org/pipermail/tbb-dev/2014-March/000026.html
-This issue of Tor Weekly News has been assembled by Lunar, harmony, Matt Pagan,
-qbi and the Tails team.
+This issue of Tor Weekly News has been assembled by Lunar, harmony,
+Matt Pagan, qbi and the Tails team.
Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
-important news. Please see the project page [XXX], write down your
-name and subscribe to the team mailing list [XXX] if you want to
+important news. Please see the project page [42], write down your
+name and subscribe to the team mailing list [43] if you want to
get involved!
- [XXX]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
- [XXX]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
+ [42]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
+ [43]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
}}}
version 36
Author: lunar
Date: 2014-04-15T12:05:26+00:00
add credits
--- version 35
+++ version 36
@@ -227,8 +227,8 @@
| #tor-dev, irc.oftc.net
| https://lists.torproject.org/pipermail/tbb-dev/2014-March/000026.html
-This issue of Tor Weekly News has been assembled by XXX, XXX, and
-XXX.
+This issue of Tor Weekly News has been assembled by Lunar, harmony, Matt Pagan,
+qbi and the Tails team.
Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
version 35
Author: lunar
Date: 2014-04-15T11:38:52+00:00
formating
--- version 34
+++ version 35
@@ -174,8 +174,8 @@
[XXX]: https://lists.torproject.org/pipermail/tor-mirrors/2014-April/000541.html
Arlo Breault announced [XXX] the release of Bulb [XXX], a Tor relay web
-status dashboard. “There's not much to it yet, but I thought I'd share
-[…] Contributions welcome!”
+status dashboard. “There's not much to it yet, but I thought I'd share […]
+Contributions welcome!”
[XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-April/006661.html
[XXX]: https://github.com/arlolra/bulb
version 34
Author: lunar
Date: 2014-04-15T11:38:14+00:00
reword
--- version 33
+++ version 34
@@ -191,7 +191,8 @@
---------------------
Users often ask for steps they can take to maximize their anonymity while using
-Tor. We have tips for staying anonymous on our download page [XXX].
+Tor. Tips for staying anonymous when using Tor are visible on the download
+page [XXX].
[XXX]: https://www.torproject.org/download/download#warning
version 33
Author: lunar
Date: 2014-04-15T11:36:18+00:00
add events
--- version 32
+++ version 33
@@ -218,14 +218,13 @@
Upcoming events
---------------
-Jul XX-XX | Event XXX brief description
- | Event City, Event Country
- | Event website URL
- |
-Jul XX-XX | Event XXX brief description
- | Event City, Event Country
- | Event website URL
-
+Apr 16 19:00 UTC | little-t tor development meeting
+ | #tor-dev, irc.oftc.net
+ | https://lists.torproject.org/pipermail/tor-dev/2014-March/006616.html
+ |
+Apr 18 18:00 UTC | Tor Browser online meeting
+ | #tor-dev, irc.oftc.net
+ | https://lists.torproject.org/pipermail/tbb-dev/2014-March/000026.html
This issue of Tor Weekly News has been assembled by XXX, XXX, and
XXX.
===========================================================================
=== https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews/2014/16 ===
===========================================================================
version 1
Author: lunar
Date: 2014-04-15T12:10:47+00:00
import template
---
+++ version 1
@@ -0,0 +1,82 @@
+''42nd issue of Tor Weekly News. Covering what's happening from April 15th, 2014 to April 22nd, 2014. To be released on April 23rd, 2014.''
+
+'''Editor:'''
+
+'''Subject:''' Tor Weekly News — April 23rd, 2014
+
+{{{
+========================================================================
+Tor Weekly News April 23rd, 2014
+========================================================================
+
+Welcome to the sixteenth issue of Tor Weekly News in 2014, the weekly
+newsletter that covers what is happening in the XXX Tor community.
+
+Feature XXX
+-----------
+
+Feature 1 with cited source [XXX]
+
+ [XXX]:
+
+Monthly status reports for XXX month 2014
+-----------------------------------------
+
+The wave of regular monthly reports from Tor project members for the
+month of XXX has begun. XXX released his report first [XXX], followed
+by reports from name 2 [XXX], name 3 [XXX], and name 4 [XXX].
+
+ [XXX]:
+ [XXX]:
+ [XXX]:
+ [XXX]:
+
+Miscellaneous news
+------------------
+
+Item 1 with cited source [XXX].
+
+Item 2 with cited source [XXX].
+
+Item 3 with cited source [XXX].
+
+ [XXX]:
+ [XXX]:
+ [XXX]:
+
+Tor help desk roundup
+---------------------
+
+Summary of some questions sent to the Tor help desk.
+
+News from Tor StackExchange
+---------------------------
+
+Text with cited source [XXX].
+
+ [XXX]:
+
+Upcoming events
+---------------
+
+Jul XX-XX | Event XXX brief description
+ | Event City, Event Country
+ | Event website URL
+ |
+Jul XX-XX | Event XXX brief description
+ | Event City, Event Country
+ | Event website URL
+
+
+This issue of Tor Weekly News has been assembled by XXX, XXX, and
+XXX.
+
+Want to continue reading TWN? Please help us create this newsletter.
+We still need more volunteers to watch the Tor community and report
+important news. Please see the project page [XXX], write down your
+name and subscribe to the team mailing list [XXX] if you want to
+get involved!
+
+ [XXX]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
+ [XXX]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
+}}}
--
Your friendly TWN monitoring script
In case of malfunction, please reach out for lunar at torproject.org
or for the worst cases, tell weasel at torproject.org to kill me.
More information about the news-team
mailing list