Hi!
The call for proposals is open for fosdem [0] as well as the stand
submission [1] . It would be great to have Tor people from Europe giving
a talk in the main track and setting up a stand.
Any volunteer?
[0] https://fosdem.org/2020/news/2019-08-13-call-for-participation/
[1] https://submission.fosdem.org/submission/stand
--
Project Manager: Network, Anti-Censorship and Metrics teams
gaba at torproject.org
she/her are my pronouns
GPG Fingerprint EE3F DF5C AD91 643C 21BE 8370 180D B06C 59CA BD19
Hello Tor world. Here is the Fundraising team’s report for August. As always, let us know if you have any questions.
## Events
We ran our first booth at DEF CON in August. It was an exhausting few days, but we exceeded our goal and raised over $43,000! We also made several connections with folks who want to help us with projects in the coming months. We have compiled lessons learned and are looking forward to attending again next year.
## Appeals
The Bug Smash campaign[1] ran from August 1 to August 31. We raised a little over $86K across postal mail, social media, email appeal, and in-person gifts at DEF CON and CCCamp. We received a mixture of currencies, including a variety of cryptocurrencies. This a strong increase over August 2018 when we raised $13K.
## Grants
We submitted a grant to RIPE NCC Community Project’s support program for 50,000 EUR to improve our IPv6 support. Thanks to teor, Nick, & Gaba for their help writing this proposal.
We submitted a concept note to OTF for a large Tor Browser project which would move us away from the ESR cycle and onto Mozilla’s regular release cycle; it would also allow us to implement some of Firefox’s Enhanced Tracking Protection features. Thanks to the Browser team and Pili for making this happen!
We found out that two of our grant requests were declined, one to NLnet for ESR migration and the other to the Deer Creek Foundation for Communications work.
Upcoming grant requests:
DRL SOIs for Community and Scalability, due 9/20
MOSS Scalability project, due 9/?? (rolling)
NLnet, due 10/1
Herb Block Foundation, due 10/3
NSF Dark Decoys project, due ?? (rolling)
## Cryptocurrency
We made a connection with a company called The Giving Block[2] that helps nonprofits accept cryptocurrency donations called. We are now listed on their website and will participate in their Giving Tuesday efforts this coming December. We are also discussing other ways to collaborate.
## Monthly Donors
We continue to see growth in our monthly donor program, Defenders of Privacy. In August we received $5,386.75 from this group. As you can see in the chart below, our efforts to recognize and communicate with these donors has resulted in more stable income and less attrition. We should expect the group to continue to grow through the end of the year and then have a dip again in January when people tend to reassess their monthly commitments.
[1] https://blog.torproject.org/tors-bug-smash-fund-help-tor-smash-all-bugs <https://blog.torproject.org/tors-bug-smash-fund-help-tor-smash-all-bugs>
[2] https://www.thegivingblock.com/donate-bitcoin <https://www.thegivingblock.com/donate-bitcoin>
Hello!
We held our weekly Tor Browser meeting on Monday in #tor-meeting2. Here
is the IRC log:
http://meetbot.debian.net/tor-meeting2/2019/tor-meeting2.2019-09-16-17.30.l…
>From the weekly updates, we discussed and planned a Tor Browser Alpha
release for
Mac OS X due to the new notarization requirement. This will allow for
additional
testing before Tor Browser 9.0 becomes the stable version. We also
discussed
backporting a patch onto Tor Browser 8.5 for this and including it in
the next
stable release.
>From the discussions, we decided on making about:blank the default New
Tab page
(instead of Firefox's new about:home page), and about:tor will be an
alternative
option.
We are also beginning the triage of Tor Browser tickets for Bug Smashing
and we
are adding the keyword "BugSmashFund" on the applicable tickets.
Finally, we are aiming at releasing the new Tor Network Settings UI in
an upcoming
alpha release. This moves the configuration settings menu from Tor
Launcher into
the browser's preferences screen (about:preferences#tor).
Below are the notes from our meeting pad:
Discussion:
(acat) Should we allow users to change New Tab page to "Firefox
Home" (Firefox default new tab page)? see
https://trac.torproject.org/projects/tor/ticket/31575
(pili) BugSmashFund: if you see any bugs that are outside sponsor
work and would be good to fix after ESR68 work is over please tag on
trac with "BugSmashFund" keyword
(pili) Gentle reminder to update tickets for September with points
estimate and actual points once closed.
(anto) could we have #31286 (Tor Network Settings on
about:preferences#tor) on alpha channel?
GeKo:
Last week:
- Bug 30126: Apple notarization
- Bug 31538: Windows reproducibility
- Bug 31584: Clean-up mingw-w64 project (currently testing a
final patch)
- fixed Windows nightly build failure (#31732)
- wrote a patch for #31725 (mk localization did not work
properly)
- worked on missing pieces for #30429
- acat/sysrqb where are we with the reviews/fixups for
#31010? Is there anything left from your side?
- reviews (#24653, #26345, #30304, #31575)
- double-checked our hardening flag situation for Windows and
Linux bundles after toolchain updates; I think there a no surprises and
unknown issues that popped up
- caught up with blog comments (having 4 active blog posts to
take care of in parallel is harder than thought :) )
This week:
- stack smashing protection for Windows binaries (#29013)
- #31597 (Mozilla bug review for bugs squashed between Firefox
61-68)
- finish missing pieces for #30429
- maybe release for testing #30126 on alpha channel? we'd need
#31702 for that which is supposed to apply cleanly for esr68 at least;
apple is saying Catalina gets out in October so, we might have a bit
more time here?
- reviews
mcs and brade:
Last week:
- Testing and research for #30126 (Make Tor Browser on macOS
compatible with Apple's notarization).
- Verified that #31464 is no longer an issue (meek and moat are
broken on macOS 10.9).
- Debugged #31607 (App menu items stop working).
- On macOS, menu-related objects are being freed too soon or
at the wrong time.
- This is a strange issue that is proving to be difficult to
debug. (GeKo: Do we know which patch is causing that? If not, could we
track down this bug easier that way? mcs: We think it is not caused by a
patch but by Tor Launcher opening a modal window during startup but we
will confirm)
This week/upcoming:
- Continue work on #31607 (App menu items stop working).
- #31491 (clean up the old meek http helper browser profiles).
- Work on other tbb-9.0-must-alpha tickets if time permits.
- Reminder: we will be on vacation next week.
sysrqb:
Last week:
Mostly afk.
Releases
Began dog-fooding 9.0a6
This week:
- Pick up #30943 again (only private tabs as the default)
- Investigate auto-complete not working on 9.0a6 Android
(#31720)
- Maybe look at showing Tor Browser version number on Android
(#30943)
- Maybe help with getting x86_64 Android builds (#31192)
_hc/eighthave:
Last week:
tor-android clean-up work, 64-bit builds and configure.ac
--enable-android path
tor-android reproducible build (given the same docker container)
This week:
Android-native TorService
tjr:
- Worked on the WASM patch but waiting on help:
https://bugzilla.mozilla.org/show_bug.cgi?id=1576254
- Landed the alloc/dealloc patch in 68:
https://bugzilla.mozilla.org/show_bug.cgi?id=1547519#c32
- There are a couple of concerning test failures for the MinGW build
in the esr68 branch that might/are probably related to this.
- I need to fix my IDA installation to be able to dig into these
though...
boklm:
Last week:
- Did some reviews:
- #31450 (Still use GCC for 64bit Linux debug builds after
switch to 68 ESR)
- #31264 (tar.gz output files contain non-reproducible
timestamps)
- #31621 (Fix node bug that makes large writes to stdout
fail)
- #31641 (Provide link to Tor Browser for Android alpha on
our alpha download page)
- #31596 (Bump mingw-w64 version to pick up fix for #31567)
- #31732 (Windows nightly build failure)
- Made a patch for #31448 (gold and lld break linking 32bit
Linux bundles we need to resort to bfd)
- Opened #31755 (Separate update pings and update requests
graphs for Tor Browser alpha and release users)
- Looked at #31646 (Update abicheck to require newer
libstdc++.so.6)
This week:
- Test patch for #31538 (Windows bundles based on ESR 68 are not
built reproducibly)
- Review #27493 ('mk_add_options' or 'export' MOZILLA_OFFICIAL)
- Make patch for #31646 (Update abicheck to require newer
libstdc++.so.6)
- will be afk on Tuesday (tomorrow)
acat:
Last week:
- #26345 - Finish Disable tracking protection UI in FF67-esr (in
review)
- Investigated if serviceworkers can still see localized msgs
in #30683.
- Investigated a bit RemoteSettings background requests: #31740
- Created Bugzilla ticket for #30683
(https://bugzilla.mozilla.org/show_bug.cgi?id=1581537)
This week:
- 31303: Browser Toolbox fails to open when tor-launcher is
present V(is it fine if I take this one pospeselr?)
- tbb-9.0-must-alpha tickets
sisbell:
Last Week:
- #31564: Android bundles not reproducible - implemented solution
using apktool. Need verification if it works across build machines with
different OS. (GeKo: I'll do that while reviewing)
- #31568: Gradle how-to. Found solution to remove missing resources
that was causing double artifact entries. Documented this.
This week:
- open tickets for tor-android-service patches
- 31564 (if additional changes needed)
- 31192 - x86_64 support
Pili:
Last week:
- mostly afk
- Gave a talk on using onion services for APIs at API Days
Barcelona
This week:
- Looking at our roadmap and capacity
- Moving forward with team lead transition tasks
Antonela:
- #31660 - Investigating about ESR68 Onboarding >
https://trac.torproject.org/projects/tor/ticket/31660
- #31286 - TB9 Network Settings is almost done. Shared with phw and
the anti-censorship team to have them in the same page. >
https://trac.torproject.org/projects/tor/ticket/31286
- #27511 - Working with TB New Identity >
https://trac.torproject.org/projects/tor/ticket/27511
- Back to S27 Onion Services
pospeselr:
Last Week:
got moat bridgedb requests mostly working with new
about:preferences#tor page (#31286)
CAPTCHA displayed, guesses can be made and submitted, bridge strings
returned back but aren't displayed or saved anywhere
This Week:
rebase current patches to latest esr68 branch >:[
port over the read/write logic for the tor proxy settings, and
integrate that into the bridgedb request logic
Have a good week!
Matt
Hi!
What?
=====
The Tor Project's jabber server will be shutdown in thirty days.
Why?
====
In a recent review of provided services, the sysadmin team has decided
to retire the XMPP/Jabber services offered by the Torproject.org
domain. The service was used by only four persons in the last month, out
of over thirty registered users and over a hundred users which could use
the service. The service is also maintained only by a single person, who
agrees on retiring the service.
This is not a statement on the merits of the XMPP protocol, the Jabber
project, or federation as a whole. Those principles are dear to our
hearts, we just feel it's better to direct our energies on services that
are used by a larger community.
When?
=====
In thirty days, the server will be shutdown and unreachable. The machine
itself will be kept up for an extra 7 days in case of a serious problem
and then decomissioned using our [normal process][].
[normal process]: https://help.torproject.org/tsa/howto/retire-a-host/
How?
====
If you still wish to use another XMPP, you can follow the [Getting
started][] instructions on the xmpp.net website. It links to two sites
with lists of alternative servers that you could easily switch to.
One which we particularly recommend you consider is ran by the good
birds at [Riseup.net][], a donation based service ran "for people and
groups working on liberatory social change". If you already have an
account there, you can already use their XMPP server, see their [chat
documentation][] for more information. Riseup is an invite-only service:
if you know a friend on Riseup, they can send you an invite, but please
do not go around bugging them for invites, they don't give invites to
people they don't know.
[Getting started]: https://xmpp.org/getting-started/
[Riseup.net]: https://riseup.net/
[chat documentation]: https://riseup.net/en/chat
Migrating to a different XMPP server can be done by downloading your
roster on one host and uploading it on the other. Then you need to ask
all your contacts to readd you to *their* roster, on the new
server. It's a lossy process because people might have you on their
roster without you having them on yours, but it might mean you get rid
of spammers, on the upside.
Here are instructions on how to migrate your roster from various
clients.
Gajim
-----
1. register with the new server and configure it in Gajim -> Accounts
(control-shift-a) -> Add account
2. click on the new account
3. choose "Import contacts"
4. select the old account
Gajim will then transfer the roster between the two accounts. This was
tested in Gajim 1.1.2
Pidgin
------
As far as we could tell, there's no easy way to transfer rosters between
accounts in Pidgin.
Tkabber
-------
1. log into the old account (Tkabber -> Log in...)
2. export the roster (Tkabber -> Roster -> Export roster...)
3. log out (Tkabber -> Log out...)
4. log into the new account (Tkabber -> Log in...)
5. import the roster (Tkabber -> Roster -> Import roster...)
Tkabber will then create the contacts in the roster of the new
account. Tested with Tkabber 1.1.2.
Jabber Migrate
--------------
Finally, there's a tool that's designed specifically for migrating
roster between servers, simply called "migrate". It used to be
maintained on [Sourceforge][], but it seems to be abandoned there. Two
forks have shown up on GitHub, from [jirutka][] and [spiculator][].
Note of those tools have been tested or reviewed by Torproject.org
people. Use at your own risk.
[Sourceforge]: http://migrate.sourceforge.net/
[jirutka]: https://github.com/jirutka/jabber-migrate
[spiculator]: https://github.com/spiculator/jabber-migrate
Who?
====
This effort has been accepted by the current service admin (dgoulet) and
is led by the current sysadmin team lead (anarcat). Either person can be
reached for comments or just by replying to this email.
--
Antoine Beaupré
torproject.org system administration
Hi!
We met today to talk about the migration from trac into gitlab. The
agenda and notes are in the pad
(https://pad.riseup.net/p/e-q1GP43W4gsY_tYUNxf) and in the body of this
mail.
You can look at the logs for the meeting in:
http://meetbot.debian.net/tor-meeting/2019/tor-meeting.2019-09-17-18.01.html
Next meeting will be on October 1st.
CONTENT OF THE PAD:
References:
mail with context:
https://lists.torproject.org/pipermail/tor-project/2019-July/002407.html
planning document: https://nc.riseup.net/s/SnQy3yMJewRBwA7
migration code: https://dip.torproject.org/ahf/trac-migration
ticket: https://trac.torproject.org/projects/tor/ticket/30857
Agenda September 17th
* Revisit agenda
* Update that where we are at
* Stuff that seems that still needs to be resolved or decided upon:
* IRC ticket number bot
* redirection from bugs.torproject.org to gitlab ticket (legacy
project resolve links?)
* structure for projects
* anonymous users/ user registration
* Preserving existing trac data
* data migration process
* Next steps
Notes
Logs:
http://meetbot.debian.net/tor-meeting/2019/tor-meeting.2019-09-17-18.01.html
On ticket numbers:
1) IRC bot for tickets (zwiebelbot) - get ticket's title and a link to
the ticket when we write #TICKET-NUMBER. In gitlab tickets are per project.
possible solutions:
1. write a plug-in for the bot that is running zwiebelbot to fetch
the data via gitlab's api. we will lose the short hand ticket id syntax
(#xxx) and have to use project-name#xxx instead with that
2) redirect from bugs.torproject.org/#TICKET-NUMBER to the right issue
in gitlab
possible solutions:
1. a part of the migration from tickets from trac to all the
different gitlab project, we save a mapping between the old ticket ID's
and their new project paths, which would allow us to update the
redirection service with a tool that looks at htis mapping and does the
redirect
2. all tickets first get migrated to a single project where there's
a one to one mapping between ticket IDs in trac and gitlab so bugs.tpo/N
point to dip.tpo/legacy/N
for future issues (not legacy) we will have
bugs.torproject.org/project/NNN
3) the question is how to keep ticket numbers consistent across the
migration if we want to have tickets split between mut roject
Nick's Absolute Requirements:
1. If there is #NN in trac, and there is tor#NN in gitlab, then
they must be the same bug.
2. If there is tor#MM in gitlab, and it is the same as some bug
#NN in trac, then MM must equal NN.
NEXT STEP: AHF will experiment with aproach 2.2 on moving tickets from
legacy project into its own. (ahf will move forward)
Structure for projects:
Proposed structure:
Group TEAM X - all team members have ownership on this group.
Project X1 - the ones related to repositories. Example:
snowflake or little-t tor.
Group XX1 - example pluggable transports for anti-censorship
team
Project Y - at organization level, example scalability that may
touch all teams.
NEXT STEP: rename the group 'torproject' to tpo (gaba will do it)
NEXT STEP: add the rule "do not have two elements in the project naming
tree with the same name, even if they are not ambiguous"
NEXT STEP: add the rule "short names when possible for projects or groups"
Anonymous users/ user registration:
Options:
(1) cypherpunks - people not ok with this one as there are trolls
(2) salsa custom signup form - some people say this is not totally
effective
(3) akismet + recaptcha - not really an option because it blocks tor
users and tracks people
(4) write a custom captcha plugin - some people say this is not totally
effective
(5) open registration - spam is a huge issue here
Proposals:
1) i suggest we manually register gitlab accounts for known good
contributors and open up contributions from github issues (from catalyst)
2) open registration with some spam-limiter, and moderate accounts
(from nick)
3) consider experimenting with the salsa custom signup form
NEXT STEP: We need more research on how to deal with spam in gitlab.
NOTHING DECIDED YET. (gaba will check)
Preserving existing trac data:
NEXT STEP with a list of things that you will not see in gitlab from trac
Data migration process:
NEXT STEP: write down a more concrete plan for migration. What do we
test for? When we do it? Who is helping? - (gaba will do it)
Issues about migration will be deal here:
https://dip.torproject.org/ahf/trac-migration
--
Project Manager: Network, Anti-Censorship and Metrics teams
gaba at torproject.org
she/her are my pronouns
GPG Fingerprint EE3F DF5C AD91 643C 21BE 8370 180D B06C 59CA BD19
Hi all. Non-technical aspects of life have kept me occupied the last
few months but I should soon have more time to get back into the thick
of things.
https://blog.atagar.com/september2019/
SEPTEMBER 26 2019
Items Discussed:
+ Gaba:
- Ongoing discussion: We checked with Gitlab to see if we could get a license for the ultimate tier (https://about.gitlab.com/pricing/#self-managed) and we could get it for free because we are an open source project. thoughts? Features comparison: https://about.gitlab.com/pricing/self-managed/feature-comparison/ <https://about.gitlab.com/pricing/self-managed/feature-comparison/>
* Discussion: Many people are wary of hosting or depending on proprietary software, but we use proprietary software for other things. Some team really want and need it, others are not so sure. Most want to try and see how it goes and all present at the meeting agreed to proceed; a few are very hesitant and followed up the meeting by email for further discussion, so we shall have further discussion.
+ Georg:
- Planning for Mozilla All Hands, FOSDEM, ShmooCon. Who goes where? [For where we are with this item regarding planning see notes from last week.]; all of them moving along.
* Discussion: general (continued) discussion about the conferences; We need to decide on a main track talk to submit to FOSDEM asap. Re: schmoocon - waiting to hear if we have a boot.
+ Pili:
- Should we participate in Hacktoberfest as project maintainers? (https://hacktoberfest.digitalocean.com/faq/)
* Discussion: questions about what would be required of us. Answer: we can tag issues in github with hacktoberfest if we want to encourage people but otherwise people can just participate without us getting involved. If we really wanted to go for it, we might want to run some sort of social media campaign about it e.g about contributing to open source projects but not sure we have the capacity for this right now.
Which repos would be participating then? website? community? is this similar to the docshackaton?
OONI will participate.
+ Antoine
- just FYI: opened up grafana semi-publicly see the beautiful dashboards at https://grafana.torproject.org/
--------------->8
General Notes:
isabela:
1. Tea time on #tor-internal - will follow up on edits of employee handbook w/ erin
2. Last week in Seattle I worked w/ Sue on auditors requests, also met w/ a major donor in Seattle
3. Helped review and submit 2 proposals for DRL (done last Friday)
4. Catching up with backlog of emails (to sponsors and donors)
5. Met with OutRight for possible partnership on trainings
6. Will be part of a webinar on 'there is no dark web'
Gaba:
1. DRL scalability proposal submitted by Al last week
2. Sponsor 30 signed and officially starting.
3. Checking anti-censorship roadmap
4. Small tasks
5. Gitlab moving forward. New meeting next week.
Alex:
1. Getting a lot of help from Nick and Gaba with the transition work that is happening.
2. Building an overview of all the deliverables for the team in the near'ish future.
3. Working on Tor PT related tickets and Tor 0.4.2 tickets.
4. Continue progress on Gitlab migration.
Gus:
1. Pili and I submitted an outreachy proposal for Community Team, "Help Tor Project support our users"
- https://www.outreachy.org/apply/project-selection/#tor-project
2. Wrapping up #DocsHackathon
3. A lot of work on support portal - migrating resources from old FAQ
4. Answering RT/frontdesk
5. Working on S9 partnership agreement with local trainers
6. Blog comments layout: asked a Drupal freelancer to take a look and give an answer to us until next Monday (oct 1)
7. If you're going to FOSDEM, please help to fill this wiki page: https://trac.torproject.org/projects/tor/wiki/org/meetings/2020Brussels
Sarah:
1. Took three classes on CiviCRM last week. Prepping database for EOY campaign emails.
2. Sending Isa's vision update to donors who have not yet given this year.
3. Working to set up Uphold account so we can access Brave reward tips sent to us.
4. Continuing to plan for party in Boston on October 28th. Let me know if you know someone who should be invited. <-- what is the profile of people that could be invited? --> Ideally we are looking for people who could now or eventually be a major donor - $1K+ per year.
Steph:
1. EOY prep
2. Outreachy initial application closed. Contributions begin Oct 1, then we choose interns after a contribution period.
3. Drafted 'there is no dark web' presentation for a Friday call with DC area folks
4. Editing the community portal
5. Newsletter draft in the works
6. Working with emma on a post for International Translation Day
Antonela
1. Updating the UX Team roadmap.
2. S9
2.1 regular website maintenance/review.
2.2 community.tpo.org/user-research needs content review
2.3 Narriral contract ends this week. We organized the user research done in 2018 and Q1/Q2 2019, wrote reports and set up the process for future user research with communities.
3. S27
3.1 The UX part of O2A1, O2A3, O2A5 is done
3.2 progress with .onion errors (O2A2, O2A4)
3.x are our OTF sponsors reports public? If yes, should we share those with OTF lists or TPO lists (even better)?
4. TB9.0
4.1 network settings UI review, dunqan will work on the onboarding update (#31768)
4.2 working on new identity UI
4.3 doing UI QA with TBA and TB alphas
5. OONI Probe UI/UX tasks
6. Reviewing Tunde's OTF progress
7. Working on the EOY Campaign
Antoine
1. just FYI: opened up grafana semi-publicly see the beautiful dashboards at https://grafana.torproject.org/
2. worked around stability issue on the new ganeti cluster, which has now entered a production phase with two new web mirrors in place
3. continued Puppet refactoring, review and cleanup, as usual
4. will send announcement for LDAP sudo changes tomorrow, pending for 3 years now
5. grafana dashboards now have support for "per role" displays (e.g. "show me the bandwidth usage of all the web mirrors")
Georg
1. Helped with paper review
2. A lot of esr68 transition work
Mike:
1. Circuit padding doc work
2. Paper review
3. Circuit padding bugs/ticket comments
4. Need to not be distracted by urgent things for next 2-3 weeks (lol), or ESR code review won't finish :/
Arturo:
1. Launched the new OONI Explorer, yay! https://ooni.org/post/next-generation-ooni-explorer/
2. Working on infrastructure cleanup
3. Preparing release of OONI Probe mobile 2.2.0
4. Investigating blocking of media sites in Egypt
7. A lot of progress on the data analysis fastpath that will allow near-realtime publication of data as well as generating alerts for blocking events
Pili:
1. Planning roadmaps for October
2. Working on S27 month end and work completion reports
3. Worked on Outreachy project for Community Team
4. Working on handing over parts of the website to new owners
5. Dockshackathon wrap up tasks
6. Still evaluating whether we want to participate in Hacktoberfest and how
7. Tor Browser release meeting
8. Hope to get around to more Fosdem organisation soon
Matt:
1. Ongoing discussions with Georg and Pili for transitioning Tor Browser team lead
2. 68esr transition work, with a focus on Android
3. Beginning to look at important Tor Browser tickets we should work before the end of the year
Erin:
1. Working on handbook clarifications
2. Exploring possibility of moving Seattle to small/cheap space in lieu of closing
Philipp
1. Added new default bridges and coordinated with operates of prospective private/default bridges
2. More work on improving obfs4's flow shape, and making obfs4 client store state
3. Worked with new obfs4 bridge operators (useful feedback on our guides is still coming in)
4. More progress with snowflake's new client/server protocol
5. Worked on BridgeDB Sponsor 30 deliverables
6. Helped with paper review
Karsten:
1. Made several smaller improvements to the code base (#31649, #31599)
Nick:
1. Various documentation/text tasks
2. Team is working on 0.4.2 stability
3. Talked with group working on gathering at Wendy's place.
Hi everyone,
Just a heads up that I’m planning to move the Website group[1] in gitlab under the Tor Project group[2] in gitlab in the next few days. This will mean that if you have bookmarked any issues here, the link to these will change. Also, any links and/or bookmarks to locations on the wiki will also break.
Are there any strong objections from anyone before I do this?
Thanks!
Pili
[1] https://dip.torproject.org/web
[2] https://dip.torproject.org/torproject
—
Project Manager: Tor Browser, UX and Community teams
pili at torproject dot org
gpg 3E7F A89E 2459 B6CC A62F 56B8 C6CB 772E F096 9C45
Hello!
What
====
In a month from now, the sudo configuration on torproject.org machines
will change. While right now your normal LDAP password can be used to
authenticate with sudo, but it will then require you to use the dedicated
sudo password.
When
====
For now, both the LDAP password and the new sudo password will work to
authenticate to sudo. Starting in the third week of October (around
October 14th), the LDAP password will no longer be accepted for sudo
authentication.
Note that this was previously announced in March 2016, but never enforced:
https://lists.torproject.org/pipermail/tor-project/2016-March/000199.html
How
===
The LDAP password is the one you got sent in encrypted mail when your
account was first created on db.torproject.org. You should have
changed that on the [web interface][]. This password is the one that
also allows you to log into the management interface there and change
for instance your mail forwarding configuration or your sudo password.
[web interface]: https://db.torproject.org/login.html
To set the sudo password:
1. go to the user management website above
2. pick "Update my info"
3. set a new (strong) sudo password
If you want, you can set a password that works for all the hosts that
are managed by torproject-admin, by using the "wildcard ("*").
Alternatively, or additionally, you can have per-host sudo passwords
-- just select the appropriate host in the pull-down box.
Once set on the web interface, you will have to confirm the new
settings by sending a signed challenge to the mail interface. Please
ensure you don't introduce any additional line breaks.
Note that setting a sudo password will only enable you to use sudo to
configured accounts on configured hosts. Consult the output of "sudo
-l" if you don't know what you may do. (If you don't know, chances are
you don't need to nor can use sudo.)
Why
===
We prefer to use two authentication factors to access the more
powerful "sudo" command, this is a security measure. We want a
different password for anything that elevates your privilege,
in other words.
Who
===
This change is operated by the Tor Project sysadmins (TPA). If you
have any questions or comments, feel free to respond to this message
or followup in ticket #6367.
--
Antoine Beaupré
torproject.org system administration
Here are our meeting notes:
http://meetbot.debian.net/tor-meeting/2019/tor-meeting.2019-09-26-17.00.html
And here is our meeting pad:
Anti-censorship work meeting pad
--------------------------------
Next meeting: Thursday September 26th 17:00 UTC
Weekly meetings, every Thursday at 17:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress).
== Goal of this meeting ==
Weekly checkin about the status of anti-censorship work at Tor.
Coordinate collaboration between people/teams on anti-censorship at Tor.
== Links to Useful documents ==
* Our anti-censorship roadmap: https://dip.torproject.org/torproject/anti-censorship/roadmap/boards
* Our roadmap consists of a subset of trac tickets.
* The anti-censorship team's wiki page: https://trac.torproject.org/projects/tor/wiki/org/teams/AntiCensorshipTeam
* GetTor's roadmap: https://dip.torproject.org/torproject/anti-censorship/gettor/boards
* Tickets that need reviews: https://trac.torproject.org/projects/tor/query?status=needs_review&componen…
---------------------------
--- 26th September 2019 ---
---------------------------
== Announcements ==
* Snowflake for Windows is going into the next alpha release \o/!
== Discussion ==
* Sponsor 30 is officially starting (gaba)
* Info about the sponsor: https://trac.torproject.org/projects/tor/wiki/org/sponsors/Sponsor30
* Master ticket for Objective 2: https://trac.torproject.org/projects/tor/ticket/31268
* Next:
* fill up doodle to confirm when we can meet (I assumed phw is going to be participating in the s30 meetings)
* create tickets for work that needs to be done with each activity
* Sponsor 28: update?
* phw on #30716 - Improve obfs4's flow obfuscation
* we want to improve obfs4's flow obfuscation and find a way to "regulate" per-packet entropy, so a high-entropy filter cannot easily block the protocol
* our georgetown colleagues are evaluating obfs4
* cohosh continues work on snowflake
* We are getting some more snowflake volunteers, it's probably time to update our CONTRIBUTING.md guidelines: https://trac.torproject.org/projects/tor/ticket/31847
== Actions ==
* Please summarise your month for our september report: https://pad.riseup.net/p/B8Um_zirxIsHD84D6iR_
== Interesting links ==
*
== Updates ==
FORMAT!
Name:
This week:
- What you worked on this week.
Next week:
- What you are planning to work on next week (related to anti-censorship work).
Help with:
- Something you may need help with.
hiro: (2019-09-09)(gettor days are Thursday - snippets https://dip.torproject.org/snippets)
- gettor was down due to a VM reboot. Phw added a systemd script to reboot the service.
- add archive.org
- add gdrive
- edit ansible scripts
- edit scripts to upload files to various distribution endpoints
Next week
- reach out to irl about sending gettor stats to metrics
- include reviews from code and website changes
- review specs: are specs up-to-date? should we change something in the specs?
- review docs: write documentation for web site and ansible playbooks.
Help with:
- probably more reviews.
hiro: (2019-09-02)(gettor days are Thursday - snippets https://dip.torproject.org/snippets)
- Coded ansible recipes for gettor so that the service can be easily maintained by more people: https://dip.torproject.org/torproject/anti-censorship/gettor-project/gettor…
- Fixing some issues about git history taking too much space quota on gitlab and github
Next week
- use archive.org as new distribution endpoint: upload files to archive.org
- reach out to irl about sending gettor stats to metrics
- review specs: are specs up-to-date? should we change something in the specs?
- review docs: write documentation for web site and ansible playbooks.
Help with:
- waiting to be told that's fine to upload files to archive.org? Can we start?
- review new website. New website should be reviewed. https://dip.torproject.org/torproject/anti-censorship/gettor-project/gettor…
phw:
This week (2019-09-26):
* Filed #31807 for outdated documentation of "BridgeDistribution" in tor's man page and wrote patch
* Updated documentation for obfs4 docker image, advising people to use 'latest' tag
* Moved exitmap-modules from private GitHub repository to dip.tp.o
* Started working on language switcher for BridgeDB (#26543)
* Tricky because it involved convoluted 3rd party library
* Helped add new default bridges to Tor Browser -> will be in next alpha version
* Worked with prospective operators of new private and default bridges
* More work on obfuscating obfs4's flow signature (#30716)
* Also made obfs4 client store state (only server would do that)
* Still no progress on reducing per-packet entropy. It's tricky.
* Filed #31834 to improve usability of obfs4 docker file
* Had a chat with a researcher who was trying to understand (D)DoS attack against Tor
Next week:
* Make progress with obfs4 improvements
* Figure out how to reduce per-packet entropy
Help with:
*
Gaba: (updated September 25th)
Last week ():
* checking roadmap
* sponsor 30 coordination
This week (planned):
* sponsor 30 triage of tickets
ahf
Last week:
- Worked on #28930
This week:
- Finished refactoring parts of #28930. Trying to figure out if we should begin the discussion on how PT's can report back on bootstrap info.
- Continued to work on a tool to convert Trac tickets into Gitlab tickets.
cecylia (cohosh): last updated 2019-09-26
Last week:
- reviewed #31780
- worked with sah on errors swallowed ticket (#31794)
- clean up logs (#30830)
- finally got sequencing layer fully working with test deployment of server (#29206)
- merged windows tbb build using pion branch of snowflake \o/ (#25483)
- created a ticket for adding locks to the safe logger (#31843)
- created a ticket for updating CONTRIBUTING.md (#31847)
- created and presented a short demo of snowflake at ournetworks.ca last weekend
This week (gonna try to clear out some backlog from sept):
- make a patch for the proxy---broker communication (#29207)
- snowflake dogfood and think about how to address bad snowflake health
- revisit reachability scripts and set up for new obfs4 tests
- squash commits for sequencing layer (#29206) and start working on upgrade strategy (#30704)
- grant outline for meeting next week
- refactor proxy-pair state machine (#31310)
- help sah finish up #31794 and with code coverage tickets
- see where we're at with #31384
- review #31391
- tag snowflake tickets with easy or starter
Help with:
- review of #30830, #31843
- i'll need a review of #29206 very soon, after i clean up the commits
- review of #28942
catalyst:
week of 09/19 (planned):
- reviews
- sponsor31 planning
- coding style discussion
- comment on draft network team review guidelines
- #30984
week of 09/19 (actual):
- reviews
- sponsor31 planning
- talking with people about proposed network team review processes
week of 09/26 (planned):
- reviews
- sponsor31 doc coordination
- checking in on Season of Docs work
- #30984
arlolra: 2019-09-26
Last week:
- mia
Next week:
- add a build step / documentation for code reuse in cupcake
- pick up another ticket
Help with:
- review of #31391
dcf: 2019-09-26
Last week:
- mostly not paying attention, sorry
- Turbo Tunnel prototyping
- posted summary of I2P paper from FOCI ( https://github.com/net4people/bbs/issues/12 )
Next week:
- catch up on pion updates and rbm build
- archive test pion builds from #28942
- Turbo Tunnel prototyping
Help with: