[TWN team] Recent changes to the wiki pages
Lunar
lunar at torproject.org
Tue Jan 28 14:40:07 UTC 2014
===========================================================================
==== https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews/2014/4 ====
===========================================================================
version 38
Author: dope457
Date: 2014-01-28T13:59:16+00:00
rest of the sentence was mising
--- version 37
+++ version 38
@@ -22,7 +22,7 @@
An update to the Tor Browser Bundle has been released [1] on January
27th. The new release contains Tor 0.2.4.20 which fixes a bug [2]
creating useless extra circuits. It also fixes a denial of service
-condition in OpenSSL and removes
+condition in OpenSSL and removes “addons.mozilla.org” from NoScript whitelist.
Arabic bundles are back after a short hiatus. Support for screen readers
is also enabled again and has been confirmed working [3].
version 37
Author: lunar
Date: 2014-01-28T13:13:00+00:00
typo
--- version 36
+++ version 37
@@ -13,7 +13,7 @@
Tor Weekly News January 29th, 2014
========================================================================
-Welcome to the fourth issue in 2014 of Tor Weekly News,, the weekly
+Welcome to the fourth issue in 2014 of Tor Weekly News, the weekly
newsletter that covers what is happening in the Tor community.
Tor Browser Bundle 3.5.1 is released
version 36
Author: lunar
Date: 2014-01-28T13:08:53+00:00
FREEZE
--- version 35
+++ version 36
@@ -1,6 +1,10 @@
''30th issue of Tor Weekly News. Covering what's happening from January 21st, 2014 to January 28th, 2014. To be released on January 29th, 2014.''
'''Editor:''' Lunar
+
+'''Status:''' FROZEN! Only language and technical fixes welcome. New
+items should go to [wiki:TorWeeklyNews/2014/5 next week's edition].
+Expected publication time: 2014-01-29 12:00 UTC.
'''Subject:''' Tor Weekly News — January 29th, 2014
@@ -9,49 +13,46 @@
Tor Weekly News January 29th, 2014
========================================================================
-Welcome to the fourth issue in 2014 of Tor Weekly News,, the weekly
-newsletter that covers what is happening in the XXX Tor community.
+Welcome to the fourth issue in 2014 of Tor Weekly News,, the weekly
+newsletter that covers what is happening in the Tor community.
Tor Browser Bundle 3.5.1 is released
------------------------------------
-An update to the Tor Browser Bundle has been released [XXX] on
-January 27th. The new release contains Tor 0.2.4.20 which fixes
-a bug [XXX] creating useless extra circuits. It also fixes
-a denial of service condition in OpenSSL and removes
-
-Arabic bundles are back after a short hiatus. Support for
-screen readers is also enabled again and has been confirmed
-working.
-
-HTTPS Everywhere has been updated to version 3.4.5. It contains
-a new rule to secure connections to Stack Exchange and its
-Tor corner [XXX].
+An update to the Tor Browser Bundle has been released [1] on January
+27th. The new release contains Tor 0.2.4.20 which fixes a bug [2]
+creating useless extra circuits. It also fixes a denial of service
+condition in OpenSSL and removes
+
+Arabic bundles are back after a short hiatus. Support for screen readers
+is also enabled again and has been confirmed working [3].
+
+HTTPS Everywhere has been updated to version 3.4.5. It contains a new
+rule to secure connections to Stack Exchange and its Tor corner [4].
Look at the blog post for a more detailed changelog. And now, head over
-to the download page [XXX] and upgrade!
-
- [XXX] https://blog.torproject.org/blog/tor-browser-351-released
- [XXX] https://bugs.torproject.org/10456
- [XXX] https://lists.torproject.org/pipermail/tor-talk/2014-January/031575.html
- [XXX] https://tor.stackexchange.com/
- [XXX] https://www.torproject.org/download/download-easy.html
+to the download page [5] and upgrade!
+
+ [1] https://blog.torproject.org/blog/tor-browser-351-released
+ [2] https://bugs.torproject.org/10456
+ [3] https://lists.torproject.org/pipermail/tor-talk/2014-January/031575.html
+ [4] https://tor.stackexchange.com/
+ [5] https://www.torproject.org/download/download-easy.html
New Tor denial of service attacks and defenses
----------------------------------------------
Rob Jansen, Florian Tschorsch, Aaron Johnson, and Björn Scheuermann have
-been working on a new paper [XXX] entitled “The Sniper Attack:
-Anonymously Deanonymizing and Disabling the Tor Network”. As research
-paper are sometimes hard to fully understand, Rob Jansen has published
-a new blog post [XXX] giving an overview of the attacks, the
-defenses what has been modified in Tor so far and what open questions
-remain.
-
-“We found a new vulnerability in the design of Tor's flow control
+been working on a new paper [6] entitled “The Sniper Attack: Anonymously
+Deanonymizing and Disabling the Tor Network”. As research paper are
+sometimes hard to fully understand, Rob Jansen has published a new blog
+post [7] giving an overview of the attacks, the defenses what has been
+modified in Tor so far and what open questions remain.
+
+“We found a new vulnerability in the design of Tor’s flow control
algorithm that can be exploited to remotely crash Tor relays. The attack
-is an extremely low resource attack in which an adversary's bandwidth
-may be traded for a target relay's memory (RAM) at an amplification rate
+is an extremely low resource attack in which an adversary’s bandwidth
+may be traded for a target relay’s memory (RAM) at an amplification rate
of one to two orders of magnitude” explains Rob.
The authors have been working with Tor developers on integrating
@@ -64,152 +65,152 @@
Be sure to read the blog post and the paper in full if you want to know
more.
- [XXX] https://www-users.cs.umn.edu/~jansen/publications/sniper-ndss2014.pdf
- [XXX] https://blog.torproject.org/blog/new-tor-denial-service-attacks-and-defenses
+ [6] https://www-users.cs.umn.edu/~jansen/publications/sniper-ndss2014.pdf
+ [7] https://blog.torproject.org/blog/new-tor-denial-service-attacks-and-defenses
Good times at Real World Crypto 2014
------------------------------------
On the second week of January, a bunch of Tor developers attended the
-Real World Crypto (RWC) workshop [XXX] in New York City.
-
-The workshop featured a nice blend of industry and academic crypto
-talks and a fruitful hallway track. Many researchers involved with Tor
-and privacy technologies were also present.
+Real World Crypto (RWC) workshop [8] in New York City.
+
+The workshop featured a nice blend of industry and academic crypto talks
+and a fruitful hallway track. Many researchers involved with Tor and
+privacy technologies were also present.
As far as talks were concerned, Tom Shrimpton presented the
-Format-Transforming Encryption (FTE) traffic obfuscation tool [XXX]
-which is currently being developed to work as a Tor pluggable
-transport [XXX]. During RWC we also worked with Kevin Dyer, one of the
-paper authors and developers of FTE, towards including FTE in the
-Pluggable Transport Tor bundles.
+Format-Transforming Encryption (FTE) traffic obfuscation tool [9] which
+is currently being developed to work as a Tor pluggable transport [10].
+During RWC we also worked with Kevin Dyer, one of the paper authors and
+developers of FTE, towards including FTE in the Pluggable Transport Tor
+bundles.
On the censorship circumvention front, I2P seemed interested in using
pluggable transports and we worked with them to identify various
problems with the current PT spec that need to be fixed so that other
-projects can use pluggable transports more smoothly [XXX].
-
-Furthermore, we talked with the developers of UProxy [XXX] (a
-censorship circumvention tool made by Google) and helped them
-understand how PTs work and what they would need to do if they wanted
-to use them in UProxy. They seemed interested and motivated to work on
-this.
-
-The Tor developers present also worked on the “Next Generation
-Hidden Services” project [XXX], and sketched out some ways to move
-forward even though there are some open research questions with
-the current design [XXX].
-
-Nick Mathewson commented on IRC: “I think the hallway track to
-main conference utility ratio was higher than usual, since the conference
-actually sticks practitioners and cryptographers in the same room
-pretty reliably.” Let's hope for next year!
-
- [XXX] https://realworldcrypto.wordpress.com/
- [XXX] https://fteproxy.org/
- [XXX] https://bugs.torproject.org/10362
- [XXX] https://bugs.torproject.org/10629
- [XXX] https://en.wikipedia.org/wiki/UProxy
- [XXX] https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/224-rend-spec-ng.txt
- [XXX] https://lists.torproject.org/pipermail/tor-dev/2014-January/006099.html
+projects can use pluggable transports more smoothly [11].
+
+Furthermore, we talked with the developers of UProxy [12] (a censorship
+circumvention tool made by Google) and helped them understand how PTs
+work and what they would need to do if they wanted to use them in
+UProxy. They seemed interested and motivated to work on this.
+
+The Tor developers present also worked on the “Next Generation Hidden
+Services” project [13], and sketched out some ways to move forward even
+though there are some open research questions with the current
+design [14].
+
+Nick Mathewson commented on IRC: “I think the hallway track to main
+conference utility ratio was higher than usual, since the conference
+actually sticks practitioners and cryptographers in the same room pretty
+reliably.” Let’s hope for next year!
+
+ [8] https://realworldcrypto.wordpress.com/
+ [9] https://fteproxy.org/
+ [10] https://bugs.torproject.org/10362
+ [11] https://bugs.torproject.org/10629
+ [12] https://en.wikipedia.org/wiki/UProxy
+ [13] https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/224-rend-spec-ng.txt
+ [14] https://lists.torproject.org/pipermail/tor-dev/2014-January/006099.html
The media and some terminology
------------------------------
BusinessWeek published “The inside story of Tor, the best Internet
-anonymity tool the government ever built” [XXX]. Better that what one
-can usually read about Tor in the press, the piece — courtesy of Dune
+anonymity tool the government ever built” [15]. Better that what one can
+usually read about Tor in the press, the piece — courtesy of Dune
Lawrence — still sparkled a discussion on the tor-talk mailing list
-about terminology [XXX].
+about terminology [16].
Katya Titov quoted a misleading part of the article: “In addition to
facilitating anonymous communication online, Tor is an access point to
-the "dark Web," vast reaches of the Internet that are intentionally kept
-hidden and don't show up in Google or other search engines, […].”
+the ‘dark Web’, vast reaches of the Internet that are intentionally kept
+hidden and don’t show up in Google or other search engines, […].”
As references to the “dark web”, the “deep web”, or the “dark deep shady
Knockturn Alley of the Internet” have been popping up more and more in
the media over the past months, Katya wanted to come up with proper
definitions of commonly misunderstood terms to reduce misinformation and
-FUD [XXX].
+FUD [17].
She summarized the result of the discussion in a new
-“HowBigIsTheDarkWeb” wiki page [XXX]. Be sure to point it to your fellow
+“HowBigIsTheDarkWeb” wiki page [18]. Be sure to point it to your fellow
jounalists!
- [XXX] http://www.businessweek.com/articles/2014-01-23/tor-anonymity-software-vs-dot-the-national-security-agency
- [XXX] https://lists.torproject.org/pipermail/tor-talk/2014-January/031863.html
- [XXX] http://en.wikipedia.org/wiki/Fear,_uncertainty_and_doubt
- [XXX] https://trac.torproject.org/projects/tor/wiki/doc/HowBigIsTheDarkWeb
+ [15] http://www.businessweek.com/articles/2014-01-23/tor-anonymity-software-vs-dot-the-national-security-agency
+ [16] https://lists.torproject.org/pipermail/tor-talk/2014-January/031863.html
+ [17] http://en.wikipedia.org/wiki/Fear,_uncertainty_and_doubt
+ [18] https://trac.torproject.org/projects/tor/wiki/doc/HowBigIsTheDarkWeb
Miscellaneous news
------------------
-To follow up on last week's Tor Weekly News coverage, Philipp Winter
-wrote a blog post to explain “what the ‘Spoiled Onions’ paper means for Tor
-users” [XXX].
-
- [XXX] https://blog.torproject.org/blog/what-spoiled-onions-paper-means-tor-users
-
-Andrew Lewman reported [XXX] that the Tor Browser Bundle was working on FreeBSD
-version 9 and 10 using the Linux compatibility layer.
-
- [XXX] https://lists.torproject.org/pipermail/tor-relays/2014-January/003757.html
-
-Thanks to Sukhbir Singh, users with @outlook.com email addresses can now request
-bridges and bundles via email [XXX].
-
- [XXX] https://bugs.torproject.org/6591#comment:4
-
-Karsten Loesing dug some statistics [XXX] about the Tor Weather service.
+To follow up on last week’s Tor Weekly News coverage, Philipp Winter
+wrote a blog post to explain “what the ‘Spoiled Onions’ paper means for
+Tor users” [19].
+
+ [19] https://blog.torproject.org/blog/what-spoiled-onions-paper-means-tor-users
+
+Andrew Lewman reported [20] that the Tor Browser Bundle was working on
+FreeBSD version 9 and 10 using the Linux compatibility layer.
+
+ [20] https://lists.torproject.org/pipermail/tor-relays/2014-January/003757.html
+
+Thanks to Sukhbir Singh, users with @outlook.com email addresses can now
+request bridges and bundles via email [21].
+
+ [21] https://bugs.torproject.org/6591#comment:4
+
+Karsten Loesing dug some statistics [22] about the Tor Weather service.
They are currently 1846 different email addresses subscribed for 2349
Tor relays.
- [XXX] https://bugs.torproject.org/10699#comment:3
-
-Tor developers will be present at the Mozilla booth during FOSDEM’14 [XXX].
-Drop by if you have questions or want to get involved in Tor!
-
- [XXX] https://twitter.com/torproject/status/427922491948818432
+ [22] https://bugs.torproject.org/10699#comment:3
+
+Tor developers will be present at the Mozilla booth during
+FOSDEM’14 [23]. Drop by if you have questions or want to get involved
+in Tor!
+
+ [23] https://twitter.com/torproject/status/427922491948818432
Tor help desk roundup
---------------------
Users repeatedly contact Tor help desk about unreachable hidden
-services. If that happens, please first make sure the system clock
-is accurate and try to visit the hidden service for the Tor Project's
-website. If it works, it means that Tor is working as it should and
-there's nothing more the Tor Project can do. Hidden services are solely
+services. If that happens, please first make sure the system clock is
+accurate and try to visit the hidden service for the Tor Project’s
+website [24]. If it works, it means that Tor is working as it should and
+there’s nothing more the Tor Project can do. Hidden services are solely
under the responsibility of their operators and they are the only one
that can do something when a hidden service goes offline.
- [XXX] http://idnxcnkne4qt76tg.onion/
+ [24] http://idnxcnkne4qt76tg.onion/
News from Tor StackExchange
---------------------------
Alex Ryan has been experiencing crashes of his relay running on a
-Raspberry Pi [XXX] due to circuit creation storms. He found out that
-the problem disappeared after upgrading to the new 0.2.4 series of Tor.
-They are currently no official Raspbian packages, so users will have
-to build the package manually from source.
-
- [XXX] https://tor.stackexchange.com/q/1302/88
-
-User cypherpunks wanted to know how to report security issues to the
-Tor Project [XXX]. Until a proper process is decided [XXX], the best
-way at the moment is to contact Nick Mathewson, Andrea Shepard or
-Roger Dingledine privately using their GnuPG key.
-
- [XXX] https://tor.stackexchange.com/q/1339/88
- [XXX] https://bugs.torproject.org/9186
+Raspberry Pi [25] due to circuit creation storms. He found out that the
+problem disappeared after upgrading to the new 0.2.4 series of Tor.
+They are currently no official Raspbian packages, so users will have to
+build the package manually from source.
+
+ [25] https://tor.stackexchange.com/q/1302/88
+
+User cypherpunks wanted to know how to report security issues to the Tor
+Project [26]. Until a proper process is decided [27], the best way at
+the moment is to contact Nick Mathewson, Andrea Shepard or Roger
+Dingledine privately using their GnuPG key.
+
+ [26] https://tor.stackexchange.com/q/1339/88
+ [27] https://bugs.torproject.org/9186
How many hidden services can be served from a single Tor instance?
-Syrian Watermelon is looking to know if there is a hard limit and
+Syrian Watermelon is looking to know [28] if there is a hard limit and
how memory usage will go. The question is still open and has attracted
some interest from other users.
- [XXX] https://tor.stackexchange.com/q/1337/88
+ [28] https://tor.stackexchange.com/q/1337/88
Upcoming events
---------------
@@ -226,18 +227,15 @@
| Winnipeg, Canada
| http://wiki.skullspace.ca/CryptoParty
-This issue of Tor Weekly News has been assembled by XXX, XXX, and
-XXX.
+This issue of Tor Weekly News has been assembled by Lunar, George
+Kadianakis, qbi and dope457.
Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
-important news. Please see the project page [XXX], write down your
-name and subscribe to the team mailing list [XXX] if you want to
+important news. Please see the project page [29], write down your
+name and subscribe to the team mailing list [30] if you want to
get involved!
- [XXX] https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
- [XXX] https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
+ [29] https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
+ [30] https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
}}}
-
-Possible items:
-
===========================================================================
==== https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews/2014/5 ====
===========================================================================
version 1
Author: lunar
Date: 2014-01-28T13:16:01+00:00
import template
---
+++ version 1
@@ -0,0 +1,87 @@
+''31st issue of Tor Weekly News. Covering what's happening from January 28th, 2014 to February 4th, 2014. To be released on February 5th, 2014.''
+
+'''Editor:'''
+
+'''Subject:''' Tor Weekly News — February 4th, 2014
+
+{{{
+========================================================================
+Tor Weekly News February 4th, 2014
+========================================================================
+
+Welcome to the fifth issue in 2014 of Tor Weekly News, the weekly
+newsletter that covers what is happening in the XXX Tor community.
+
+New Release of XXX
+------------------
+
+XXX: cite specific release date, numbers, and developers responsible
+
+XXX: details about release
+
+ [XXX]
+
+Monthly status reports for XXX month 2014
+-----------------------------------------
+
+The wave of regular monthly reports from Tor project members for the
+month of XXX has begun. XXX released his report first [XXX], followed
+by reports from name 2 [XXX], name 3 [XXX], and name 4 [XXX].
+
+ [XXX]
+ [XXX]
+ [XXX]
+ [XXX]
+
+Miscellaneous news
+------------------
+
+Item 1 with cited source [XXX].
+
+Item 2 with cited source [XXX].
+
+Item 3 with cited source [XXX].
+
+ [XXX]
+ [XXX]
+ [XXX]
+
+Tor help desk roundup
+---------------------
+
+Summary of some questions sent to the Tor help desk.
+
+Vulnerabilities
+---------------
+
+XXX: Reported vulnerabilities [XXX].
+
+ [XXX] vulnerability report source
+
+Upcoming events
+---------------
+
+Jul XX-XX | Event XXX brief description
+ | Event City, Event Country
+ | Event website URL
+ |
+Jul XX-XX | Event XXX brief description
+ | Event City, Event Country
+ | Event website URL
+
+
+This issue of Tor Weekly News has been assembled by XXX, XXX, and
+XXX.
+
+Want to continue reading TWN? Please help us create this newsletter.
+We still need more volunteers to watch the Tor community and report
+important news. Please see the project page [XXX], write down your
+name and subscribe to the team mailing list [XXX] if you want to
+get involved!
+
+ [XXX] https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
+ [XXX] https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
+}}}
+
+Possible items:
+
--
Your friendly TWN monitoring script
In case of malfunction, please reach out for lunar at torproject.org
or for the worst cases, tell weasel at torproject.org to kill me.
More information about the news-team
mailing list