Vanguards v0.2.1 is tagged on github at https://github.com/mikeperry-tor/vanguards. The tag is signed with the gpg key that signed this mail, and all of my other mails.
Again, the preferred interpreter for vanguards is pypy, but you must use either stem 1.5.4 (or below), or stem 1.6.0 with this patch: https://gitweb.torproject.org/stem.git/commit/?id=c52db04
The tests will fail on pypy with an affected stem (which is how I discovered the stem issue).
If you previously had issues with the tests, please see: https://github.com/mikeperry-tor/vanguards/blob/master/README_TESTS.md
Hopefully the new test README can help you ensure that you have working versions of everything.
Iain also wrote a systemd service wrapper that may be useful: https://salsa.debian.org/pkg-privacy-team/vanguards/blob/master/debian/vangu...
I want to write a Tor blog post announcing this new version, but I want to mention distribution packages in that blog post, since that was a FAQ in the comments of the initial blogpost. If you are packaging this addon, please let me know which repositories it will appear at, and give me a link to instructions for how users can add or enable them on their systems.
I haven't heard anything from Fedora/RPM people. That would be super useful. :)
Overall, I think this release is a significant improvement over v0.1.1. Here's the changelog:
- Read ExcludeNodes from Tor and don't pick layer2 or layer3 guards in this set. #11 - Add --one_shot_vanguards and --disable_vanguards options (to enable OnionBalance synchronization). #12 - Don't write to torrc by default. #18 - Keep attempting to reconnect if the control port dies. #19 - Support tighter bounds on dropped data to defend against DropMark, and change circ_max_dropped_bytes_percent to circ_max_dropped_cells. However, leave these at NOTICE pending Tor patch #25573. #20. - Limit rend requests from relays that are not in our consensus. #22. - Added connectivity accounting: WARN if we're disconnected or can't build circuits for more than 'conn_max_disconnected_secs' and 'circ_max_disconnected_secs'. Also emit a NOTICE if a connection dies while there are live circuits on it. #23 - Fix several false positive cases in rendguard. More may remain, so demote logline to NOTICE for now. #24 - Change rendguard params to lower the false positive rate. If you use a conf file, be sure to update the values there, if specified. #24. - Standardize using WARN for messages that we're confident represent serious issues, and use NOTICE for heuristics that may need more tuning.