- tor-project - lists.torproject.org

WWW February 2020 report
by Hiro 16 Mar '20

16 Mar '20

Hi all, Here is what has happened in February in the Tor www world * We debugged errors in the build process for the websites. Now there are no more randomly broken builds and less resources are spend on jenkins. * Looking at lego documentation for giant rabbit: https://gitlab.dip.torproject.org/torproject/web/wiki/blob/master/lego.md * Updated template for creating a new website: https://gitlab.torproject.org/torproject/web/template * WWW contributing workflow: https://gitlab.torproject.org/torproject/web/wiki/blob/master/Our-Workflows… * Started planning to migrate the blog to a static website https://trac.torproject.org/projects/tor/ticket/33115 Meeting notes for February can be found: https://gitlab.torproject.org/torproject/web/www-meeting-notes/blob/master/… This summary and past and future ones can be accessed online: https://gitlab.torproject.org/torproject/web/www-monthly Please notice that we will not be using trac to collect new issues for the website but gitlab.torproject.org. You can log an issue here: https://gitlab.torproject.org/groups/torproject/web/-/issues Gitlab will ask you to chose a project. If unsure feel free to use tpo which is our main website www.torproject.org Thanks all! -hiro

1 0

Network Team Meeting Notes, 9 March 2020
by Alexander Færøy 16 Mar '20

16 Mar '20

Hello, Here is a short summary of the network team meeting from Monday the 9th of March 2020. 1) We started out with roadmap. 2) Reviews seemed alright. 3) We went over our 0.4.3 status page. 4) We discussed if we should do post-TROVE retrospectives. We should discuss that at our next retrospective. 5) To focus on S55 Teor has dropped some tasks that the rest of us should be better at keeping up with if we have capacity for it. 6) We discussed a queue system for topics for our larger team voice meetings. 7) Nick asked if there was any objections to using CBOR for Walking Onions. 8) Nobody had anything else to discuss. --- end of summary --- You can read the network team meeting log at: http://meetbot.debian.net/tor-meeting/2020/tor-meeting.2020-03-09-16.59.html Below are the contents of our meeting pad: Nick: Week of 2 Mar (planned): - Start on walking onions spec work: - Write a working schedule - Identify areas of uncertainty, start investigating them. - Start outlining proposals - Speaking at a workshop about decntralized web stuff on Wed, possibly Thu. - Team retrospective on Tuesday, right? - Finish all peer evaluations Week of 2 Mar (actual): - Started on walking onions spec work. Made LOTS of progress. See https://lists.torproject.org/pipermail/tor-dev/2020-March/014178.html for details - Spoke at workshop on Wednesday. Was interesting and met good people; not sure if I should have spent a full day. - Wrote peer evaluations - Updated HS config refactor branch - Review and merge - Peer feedback evaluations Week of 9 Mar (planned): - Continue work on walking onions spec: - Write initial draft spec for ENDIVE and SNIP formats. - Schedule the rest of the work - Prepare for new stable and alpha releases, targetting 16 March: - Finalize TROVE fixes? - Write draft advisories, get comments - Review and merge - Send an email to grants@ about stuff we should seek funding for. - Draft bug retrospective notes, using https://pad.riseup.net/p/tor-bugs-retro-042-keep as input. - Meetings: library size work (monday), NY meeting planning (thursday??) Currently postponing on: - progress on C autoformatting - 043 tickets, including some that seem important: - Build issue 33437 - Windows issue 24857 catalyst: week of 03/02 (2020-W10) (planned): - retrospective 03/03 - catch up on reviews - write feedback week of 03/02 (2020-W10) (actual): - reviewed #32921, #33460 - retrospective 03/03 - wrote some feedback week of 03/09 (2020-W11) (planned): - reviews - refresh expired PGP key on various infrastructure - finish writing feedback ahf: Week of 2/3 2020 (planned): - Talk about Tor Browser at the Engineering Union here in DK on Thursday. Will be AFK some of that day DK time, but online in the evening. - Retrospective - Work on Git migration to new GL instance - Start merging peer review. - Lots of discussions. - Slightly behind on reviews. Planning on catching up on that Friday. Week of 2/3 2020 (actually): - Had retrospective. - Did talk at the Engineering Union. - Tracked incoming peer reviews from network team folks. I have everything now from everybody! Thanks. - Caught up on reviews. - Continued GL migration work, but still not on the new instance yet. Week of 9/3 2020 (planned): - Focus on TROVE and Windows CPU issue with cache dir (#24857). - Try to close IRC and email a bit this week to focus :-) asn: Week of 02/03 (actual): - Reviews - Peer feedback - Did another call for testing for OBv3. - Worked on HTTPS-Everywhere S27 deliverable. - Worked on onion services DoS meeting planning. Week of 09/03 (planned): - Finish CI work for OBv3. - Write blog post for OBv3 testing. - Prepare packages for OBv3. - More planning for DoS stuff. dgoulet: Last week (actual): - Review and merges. - Wrote feedback reviews - DoS meeting logistics - Spent some times figuring out #33491. Week of March 9th (planned): - Tor binary and library size meeting. Some work will probably spawn from that. - Planning for DoS meeting. Meeting on Wed. for that. - A series of tickets in the pipe that needs code: #33458, #33491, #32542, #32910, #33072, #33400 Gaba: Last week (actual): - s30 check-ins - s69 kick-off - nyc traveling Week of February 24th (planned) - more nyc traveling teor: (online first meeting of the month, offline at the usual meeting time) Week of 24 February (planned): (No plans) Week of 24 February (actual): Important: - Emails and IRC - Meetings - Outreachy IPv6 project - Feedback - Network Health / Sponsor 55 Relay Proposal Roadmap: - (No progress) Other: - Ticket triage, backport deciding, quick code reviews and ticket help Week of 2 March (planned): (No plans) Week of 2 March (actual): Important: - Emails and IRC - Meetings - Outreachy IPv6 project - Feedback - Network Health / Sponsor 55 Relay Proposal Roadmap: - (No progress) Other: - Ticket triage, backport deciding, quick code reviews and ticket help Mike: week of 19 Feb (planned): - Investigate/reproduce circpad shutdown bugs (#30992 and chutney warns); plan some fixes - Mull over Research Janitor responsibilities and priorites - Maybe review metrics-team tickets week of 19 Feb (actual): - Still discussing Reasearch Janitor role priorities - Performance funding proposal work week of 24 Feb (planned): - Cashing in some banked overtime dayz (Monday+Tuesday) - Probably keep discussing Reasearch Janitor role priorities - Performance funding proposal work - Metrics-team flashflow experiment+sbws review - circpad bugs I hope? Coin toss for that vs metrics-team review (though the metrics work is pretty cold now anyway... maybe it can wait some more) jnewsome: week of 03/02 (2020-W09) (planned): - Phantom design and prototyping - Create Tor tickets for "build for shadow" - Add nightly CI workflow to shadow repo to test against tor@head week of 03/02 (2020-W09) (actual): - Rebased Shadow-Phantom onto tip of Shadow-master and got CI passing again (by disabling most of it) - Solidified plan for Shadow-Phantom's interposition strategy, sent a PR to use it and re-enable now-covered CI tests - Sent out proposal for shared-memory-IPC plan - Added a CI configuration matrix to shadow-plugin-tor to test against last few releases of Tor week of 03/09 (2020-W10) (planned): - Flesh out Shadow-Phantom libc/syscall coverage to run phold (simple network benchmark) - Migrate shadow and shadow-plugin-tor to tgen v1.0.0 - Create Tor tickets for "build for shadow" - Add nightly CI workflow to shadow repo to test against tor@head All the best, Alex. -- Alexander Færøy

1 0

New Tor Browser Meeting time
by Matthew Finkel 16 Mar '20

16 Mar '20

Hi everyone, This is only a reminder that the weekly Tor Browser meeting is now held at 18:00 UTC in #tor-meeting2 (on Mondays, as usual). See some of you later today! - Matt

1 0

Anti-censorship team monthly report: February 2020
by Philipp Winter 13 Mar '20

13 Mar '20

Hi friends, Here's what the anti-censorship team has accomplished in February 2020: Snowflake ========= * Did a trial deployment of Tor Browser with Snowflake and Turbo Tunnel. This branch of development enables Snowflake to work for a long time, by migrating across temporary proxies. <https://bugs.torproject.org/33336> <https://lists.torproject.org/pipermail/tor-talk/2020-February/045499.html> One known major usability bug remains: <https://bugs.torproject.org/33519> * Update webextension and webpage with new translations. * Debugged some pion library performance issues. <https://bugs.torproject.org/33211> * Worked on a throughput check for Snowflake proxies. <https://bugs.torproject.org/32938> GetTor ====== * Fixed broken localisation for some locales. <https://bugs.torproject.org/33002> * Fixed the email rate-limiter and delete old requests. <https://bugs.torproject.org/33123> * Added database tests for GetTor and fixed the database handling code. <https://bugs.torproject.org/33191> * Worked on fix to ignore quoted help text in GetTor emails. <https://bugs.torproject.org/33343> BridgeDB ======== * We finally finished porting BridgeDB to Python 3. * Did another analysis round to better understand how our new CAPTCHAs affected users: <https://bugs.torproject.org/24607#comment:17> * Updated BridgeDB's documentation. <https://bugs.torproject.org/31427> * Made some progress towards an easier-to-understand email response. <https://bugs.torproject.org/30941> * Retired obfs3, ScrambleSuit, and FTE from BridgeDB. <https://bugs.torproject.org/33299> * Refactored a Python script that will help us test BridgeDB's email distributor using Nagios. <https://bugs.torproject.org/12802> Miscellaneous ============= * Created a preliminary process for the distribution of private bridges to NGOs. <https://bugs.torproject.org/31872> * Fixed a synchronisation issue in bridgestrap and wrote unit tests for it. * Made some progress towards building docker images for architectures other than amd64. <https://bugs.torproject.org/33088> * Started using Debian "slim" to reduce the size of our obfs4 docker image. The size went from approximately 120 MB to 70 MB. <https://bugs.torproject.org/32860> * Created a pull request that adds our latest default bridges to OONI. <https://github.com/ooni/sysadmin/pull/424> <https://github.com/ooni/spec/pull/177> Outreach ======== * Wrote a blog post introducing BridgeDB version 0.9.3. <https://blog.torproject.org/new-release-bridgedb-093> * Wrapped up our bridge campaign retrospective. <https://bugs.torproject.org/33007>

1 0

Anti-censorship meeting notes, 12 Mar 2020
by Philipp Winter 12 Mar '20

12 Mar '20

Here is our meeting log: http://meetbot.debian.net/tor-meeting/2020/tor-meeting.2020-03-12-17.59.html And here is our meeting pad: Anti-censorship work meeting pad -------------------------------- Next meeting: Thursday March 19th 18:00 UTC Weekly meetings, every Thursday at 18:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress). == Goal of this meeting == Weekly checkin about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at Tor. == Links to Useful documents == * Our anti-censorship roadmap: https://gitlab.torproject.org/torproject/anti-censorship/roadmap/boards * Our roadmap consists of a subset of trac tickets. For 2020 Q1, the trac keyword is anti-censorship-roadmap-2020Q1 * Next planning session: last week of April * The anti-censorship team's wiki page: https://trac.torproject.org/projects/tor/wiki/org/teams/AntiCensorshipTeam * Past meetings' notes can be found at: https://lists.torproject.org/pipermail/tor-project/ * GetTor's roadmap: https://gitlab.torproject.org/groups/torproject/anti-censorship/gettor-proj… * Tickets that need reviews: from sponsors we are working on: * https://trac.torproject.org/projects/tor/wiki/org/sponsors/Sponsor30 * https://trac.torproject.org/projects/tor/wiki/org/sponsors/Sponsor28 ------------------------- --- March 12th 2020 -- ------------------------- == Announcements == * Tor participating in Google Summer of Code, ideas page: https://community.torproject.org/gsoc/ == Discussion == * obfs4proxy currently cannot build because of deleted dependency. how should we fix this short-term and long-term? #33464 == Actions == * Please help phw compile our monthly report by adding your highlights to this pad: * https://pad.riseup.net/p/vGR0zvyXCuV3HG09VX-j == Interesting links == * https://gfw.report/blog/gfw_looking_glass/en/ * Heartbleed-like memory disclosure (out-of-bounds read) in GFW's DNS parser. Worked circa 2010, doesn't work now. * https://www.sciencedirect.com/science/article/pii/S0167404820300626 * "Protocol Proxy: An FTE-based covert channel" * We present a proof-of-concept format transforming encryption (FTE)-based covert channel for tunneling TCP traffic through protected static protocols. Protected static protocols are UDP-based protocols with variable fields that cannot be blocked without collateral damage, such as power grid failures. We (1) convert TCP traffic to UDP traffic, (2) introduce observation-based FTE, and (3) model interpacket timing with a deterministic Hidden Markov Model (HMM). * Open access copy: https://sci-hub.se/http://www.sciencedirect.com/science/article/pii/S016740… == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week (related to anti-censorship work). Help with: - Something you may need help with. Hiro: (last updated before 2020-01-09) Started restoring Twitter Responder. When retrieving tweets I need to check for new tweets only otherwise Gettor will end up responding to old back log and already answered messages. <-- is this #27330 ? Next Week: - Work on gettor specs <-- Is this #3781? - More with review of strings and website content and translation phw: This week (2020-03-12): * Back from vacation and still catching up. Please let me know if you need me to prioritise something. * Finished peer feedback. * Created new info page on BridgeDB explaining our distribution mechanisms (#33008). * Another round of analysis for the success rate of our new captchas (#24607). * There's much more to study here but not enough time :/ Next week: * Write a summary of our current BridgeDB distribution mechanisms and brainstorm new ones * Pay attention to volunteer work (help agix with BridgeDB reviews; thymbahutymba with docker; Sergey with https proxy) * Make BridgeDB report internal metrics (#31422) * Catch up on RACE; in particular wrt obfs4 improvements Help with: * Gaba: () Last week (2020-03-12): * sponsor 30 coordination * talking with catalyst to start work on the network team roadmap related to s28 and s30. They are the person to go to with anything needed from core Tor. This week (planned): * not much related to anti-censorship cecylia (cohosh): last updated 2020-03-12 Last week: - worked with GSoC students on proposals - debugged and pushed a fix for GetTor to always send a response email (#33543) - drafted a revision for GetTor message body (#23226) - made a tbb patch for #33330 (#33578) - made a patch to upgrade the version of pion-webrtc in tor browser (#33576) - merged gitlab provider fix for gettor (#33034) - added an update on obfs4 reachability tests (#31701) - merged and deployed fix for ignoring quoted messages in gettor (#23225) - started looking at update notification for proxy-go instances (#32677), i think #19409 is the way to go though This week: - maybe continue work on throughput check (#32938) - make a Snowflake package for debian (#19409) - Aggregate and write up a report of snowflake throughput changes (#32545) - Revise GetTor help message (#23226) - look at options for getting STUN information to snowflake clients (#25591) - see if there's anything else we need to do for nsf ttp grant Needs help with: - review of tor browser patches #33578 and #33576 (tb-team) - should we continue obfs4 reachability tests (this might be taken over by sponsor 30 work) - any thoughts on snowflake versioning (#33593)? (required for debian packaging) arlolra: 2020-03-12 Last week: - Next week: - maybe the proxy parts of #19026 - pick another task? (#31201, #33112, #33365, ?) Help with: - dcf: 2020-03-12 Last week: - reviewed go.mod for snowflake (#33330) - started reviewing snowflake throughput tests (#32928) Next week: - finish reviewing snowflake throughput tests (#32938) - work on a fix for multiple SOCKS connections (#33519) - maybe make new packages with 9.5a7 Help with: cjb: 2019-03-12 Last week: - split out #31011 into just the client-side change Next week: - hoping to find time to poke at golang snowflake proxy Android app Help with: agix:2020-03-12 Last week: - Still on #31426 - Submitted patch for #31528 - Got familiar with HYPHAE and Salmon Next week: - Continue on #31426 - Work on the GSoC proposal for Salmon Help with: - catalyst: 2020-03-12 (offline for this meeting) next week: - look at s28/s30 tickets i can help with (coordinating with ahf) thymbahutymba: 2020-03-12 Last week: - docker-compose for obfs4-bridge (#31834) - multiarch docker obfs4 images #33461 (even though is more then a week ago) - reported issue concerning #31834 (comment 25) Next week: Help with:

1 0

Tails report for February 2020
by sajolida 11 Mar '20

11 Mar '20

https://tails.boum.org/news/report_2020_02/ Releases ======== * Tails 4.3 was released on February 11. (bugfix release) * Tails 4.4 is scheduled for March 12. The following changes were introduced in Tails 4.3: - We included the `trezor` package, which provides a command line tool to use a Trezor hardware wallet for cryptocurrencies. - Fix the progress bar and prevent closing the window while an upgrade is being applied. (#16603) Code ==== - We made great progress on Secure boot support (#6560) and are now quite confident we can ship this in Tails 4.5 (April 7). Thanks to everyone who answered our call for testing! - In order to make the development process a bit smoother, we improved the performance of our builds (#17439, #17386). - We kept working on replacing Sikuli in our test suite (#15460), which will allow running it on recent Debian systems. We're almost there! :) Hot topics on our help desk =========================== 1. Users are still complaining about Seahorse failing to import public keys. (#17183) 1. Several users reported that Stefano Zacchiroli's public key being expired since 2020-02-07 broke our documentation about using the command line and GnuPG to install Tails. (#17475) https://tails.boum.org/install/expert/usb/ 1. And people are still reporting GDM errors with Intel HD 630 (while their issue is usually with their NVidia Maxwell discreet GPU) (#16875) Infrastructure ============== - We've been working towards making our CI feedback loop shorter (#16960, #17439). - We organized the sysadmin work we will need to do as part of migrating to GitLab. Funding ======= - We worked on the full proposal for the joint grant proposal with Tor and the Guardian Project to the DRL Internet Freedom program. - We started working on a grant proposal to the Prototype Fund. Jobs ==== - Privacy loving Linux generalist: https://tails.boum.org/jobs/Linux_generalist/ On-going discussions ==================== - Reconsider the terminology around "persistence": https://lists.autistici.org/message/20200227.123500.9aee624d.en.html Press and testimonials ====================== - 2020-02-26: Tails : le logiciel qui a permis à Snowden d’échapper aux services secrets by Tibor Van Cutsem in Solidaire: https://www.solidaire.org/articles/tails-le-logiciel-qui-permis-snowden-d-e… Translations ============ ## All the website - de: 34% (2176) strings translated, 10% strings fuzzy - es: 53% (3373) strings translated, 2% strings fuzzy - fa: 27% (1714) strings translated, 10% strings fuzzy - fr: 90% (5671) strings translated, 0% strings fuzzy - it: 30% (1948) strings translated, 7% strings fuzzy - pt: 22% (1432) strings translated, 8% strings fuzzy ## Core pages of the website - de: 65% (1168) strings translated, 15% strings fuzzy - es: 94% (1691) strings translated, 1% strings fuzzy - fa: 34% (615) strings translated, 14% strings fuzzy - fr: 98% (1755) strings translated, 0% strings fuzzy - it: 64% (1147) strings translated, 15% strings fuzzy - pt: 45% (820) strings translated, 14% strings fuzzy Metrics ======= * Tails has been started more than 808 936 times this month. This makes 27 894 boots a day on average. [[How do we know this?|support/faq#boot_statistics]]

1 0

February 2020 report for the user experience team
by Antonela Debiasi 11 Mar '20

11 Mar '20

Hello Tor, We started February in the rainy Berlin. We met Firefox's folks at their bi-annual All Hands gathering and we discussed regular topics around our collaboration. After that, many of us met at FOSDEM. We specially enjoyed the talk diogosergio gave at the Open Design Track. You may want to watch it! https://fosdem.org/2020/schedule/event/git_workflow_for_design_in_os_projec… S27 Onion services ================== We spent February on implementing an approach to move forward with the onion names' problem. We found that organically, developers have been approaching this problem in different ways, mostly with solutions tailored for the pleasure of their own service. Given that there is not a complete solution that works perfectly for all our user groups, we also approached this problem with a broad angle. From headers to centralized lists we are trying to allow end-users to have an experience close to the defaults without losing security: type a memorable domain at the URL bar and reach an onionsite, anonymously. As we update the URL bar to show the alias, the circuit display will allow users to check the origin onion address for integrity. Impressive work, acat! You can read more about this process here https://trac.torproject.org/projects/tor/ticket/28005 OTF Usability Lab: Tor Metrics ============================== Last year we applied with Simply Secure for an OTF Usability Labs grant for working on the next iteration of the metrics portal. The proposal went through,and Nina Vizz will lead this project. Gaba and I as well Metrics Team folks, we will be the stakeholders of this project. User Research ============= Nah and Piliattended the Open Design meetup, theusability testing workshop before FOSDEM. They built together a "Download Page" research that S9 partners will be running in March along with trainings. We made progress on setting a workflow in git for our upcoming user research. https://dip.torproject.org/torproject/ux/research/issues/1 We worked on the Onion Services Research, we expect to run it virtually and in person. https://dip.torproject.org/torproject/ux/research/issues/3 Since we may need to localize some of this materials, emmapeel suggested to have it in .md format. We will be working on it during March. https://dip.torproject.org/torproject/ux/research/issues/2 WWW === We finally iterated torproject.org/download. We included a label for each operative system, we improved the discoverability of the signature files and we also made it look better in small screens. https://dip.torproject.org/torproject/web/tpo/issues/59 https://dip.torproject.org/torproject/web/tpo/issues/6 https://trac.torproject.org/projects/tor/ticket/32460 S30 === During February, ICFP fellowship Babatunde has been traveling through Nigeria and Cameroon interviewing users who have been experiencing information controls. He is now digesting all this material and we will work together on expanding Tor personas in order to inform our work on s30. L10n ==== We have updated more websites with new contentstill, no new languages added but soon we will. Also, we helped Snowflake and Tor Browser teams with the translations and reviewsof the next features release. We got some more reviewers but still, more is needed. If you are interested in being a reviewer of a language just ping emmapeel on irc! Fundraising =========== Emmapeel and alsmith helped draft the MOSS proposal for the Linguine project, to prepare an open platform for translation. We submited a joint DRL proposal for continuing our work on user research with communities with Guardian Project and Tails. Thanks Al and Pili for working on this narrative and estimations! Open Team ========= If you missed those, February weekly meetings notes are here: https://lists.torproject.org/pipermail/ux/2020-February/000487.html https://lists.torproject.org/pipermail/ux/2020-February/000488.html https://lists.torproject.org/pipermail/ux/2020-February/000490.html Peace and love, A -- Antonela Debiasi UX Team Lead @antonela E2330A6D1EB5A0C8 https://torproject.org

1 0

minutes from the sysadmin meeting
by Antoine Beaupré 10 Mar '20

10 Mar '20

Hello everyone! here's your monthly minutes digest. :) # Roll call: who's there and emergencies anarcat, gaba, hiro, and linus present. # What has everyone been up to ## hiro - migrate gitlab-01 to a new VM (gitlab-02) and use the omnibus package instead of ansible (#32949) - automate upgrades (#31957 ) - anti-censorship monitoring (external prometheus setup assistance) (#31159) - blog migration planning and setting up expectations ## anarcat <https://trac.torproject.org/projects/tor/query?owner=anarcat&status=closed&…> AKA: Major work: * retire textile [#31686][] * new gnt-fsn node (fsn-node-04) [#33081][] * fsn-node-03 disk problems [#33098][] * fix up /etc/aliases with puppet [#32283][] * decomission storm / bracteata on February 11, 2020 [#32390][] * review the puppet bootstrapping process [#32914][] * ferm: convert BASE_SSH_ALLOWED rules into puppet exported rules [#33143][] * decomission savii [#33441][] * decomission build-x86-07 [#33442][] * adopt puppetlabs apt module [#33277][] * provision a VM for the new exit scanner [#33362][] * started work on unifolium decom [#33085][] * improved installer process (reduced the number of steps by half) * audited nagios puppet module to work towards puppetization ([#32901][]) [#32901]: https://bugs.torproject.org/32901 Routine tasks: * Add aliases to apache config on check-01 [#33536][] * New RT queue and alias iff@tpo [#33138][] * migrate sysadmin roadmap in trac wiki [#33141][] * Please update karsten's new PGP subkey [#33261][] * Please no longer delegate onionperf-dev.torproject.net zone to AWS [#33308][] * Please update GPG key for irl [#33492][] * peer feedback work * taxes form wrangling * puppet patch reviews * znc irc bouncer debugging [#33483][] * CiviCRM mail rate expansion monitoring [#33189][] * mail delivery problems [#33413][] * [meta-policy process][] adopted * package installs ([#33295][]) * RT root noises ([#33314][]) * debian packaging and bugtracking * SVN discussion * contacted various teams to followup on buster upgrades (translation [#33110][] and metrics [#33111][]) - see also [progress followup][] * nc.riseup.net retirement coordination #32391 [progress followup]: https://help.torproject.org/tsa/howto/upgrades/buster/#Per_host_progress [meta-policy process]: https://help.torproject.org/tsa/policy/tpa-rfc-1-policy/ [#33111]: https://bugs.torproject.org/33111 [#33110]: https://bugs.torproject.org/33110 [#33314]: https://bugs.torproject.org/33314 [#33295]: https://bugs.torproject.org/33295 [#33413]: https://bugs.torproject.org/33413 [#33189]: https://bugs.torproject.org/33189 [#33483]: https://bugs.torproject.org/33483 [#33536]: https://bugs.torproject.org/33536 [#31686]: https://bugs.torproject.org/31686 [#33081]: https://bugs.torproject.org/33081 [#33098]: https://bugs.torproject.org/33098 [#33138]: https://bugs.torproject.org/33138 [#33141]: https://bugs.torproject.org/33141 [#32283]: https://bugs.torproject.org/32283 [#32390]: https://bugs.torproject.org/32390 [#32914]: https://bugs.torproject.org/32914 [#33143]: https://bugs.torproject.org/33143 [#33261]: https://bugs.torproject.org/33261 [#33308]: https://bugs.torproject.org/33308 [#33362]: https://bugs.torproject.org/33362 [#33441]: https://bugs.torproject.org/33441 [#33442]: https://bugs.torproject.org/33442 [#33492]: https://bugs.torproject.org/33492 [#33277]: https://bugs.torproject.org/33277 [#33085]: https://bugs.torproject.org/33085 ## qbi - created several new trac components (for new sponsors) - disabled components (moved to archive) - changed mailing list settings on request of moderators # What we're up to next I suggest we move this to the systematic roadmap / ticket review instead in the future, but that can be discussed in the roadmap review section below. For now: ## anarcat * unifolium retirement (cupani, polyanthum, omeiense still to migrate) * chase cymru and replace moly? * retire kvm3 * new ganeti node ## hiro - retire gitlab-01 - TPA-RFC-2: define how users get support, what's an emergency and what is supported (#31243) - Migrating the blog to a static website with lektor. Make a test with discourse as comment platform. # Roadmap review We keep on using this system for march: <https://trac.torproject.org/projects/tor/wiki/org/teams/SysadminTeam> Many things have been rescheduled to march and april because we ran out of time to do what we wanted. In particular, the libvirt/kvm migrations are taking more time than expected. # Policies review TPA-RFC-1: policy; marked as adopted TPA-RFC-2; support; hiro to write up a draft. TPA-RFC-3: tools; to be brainstormed here The goal of the new RFC is to define which *tools* we use in TPA. This does not concern service admins, at least not in the short term, but only sysadmin stuff. "Tools", in this context, are programs we use to implement a "service". For example, the "mailing list" service is being ran by the "mailman" tool (but could be implemented with another). Similarly, the "web cache proxy" service is implemented by varnish and haproxy, but is being phased out in favor of Varnish. Another goal is to *limit* the number of tools team members should know to be functional in the team, and formalize past decisions (like "we use debian"). We particularly discussed the idea of introducing Fabric as an "ad-hoc changes tool" to automate host installation, retirement, and reboots. It's already in use to automate libvirt/ganeti migrations and is serving us well there. # Other discussions A live demo of the Fabric code was performed some time after the meeting and no one raised objections to the new project. # Next meeting No discussed, but should be on april 6th 2020. # Metrics of the month * hosts in Puppet: 77, LDAP: 81, Prometheus exporters: 124 * number of apache servers monitored: 31, hits per second: 148 * number of nginx servers: 2, hits per second: 2, hit ratio: 0.89 * number of self-hosted nameservers: 6, mail servers: 10 * pending upgrades: 174, reboots: 0 * average load: 0.63, memory available: 308.91 GiB/1017.79 GiB, running processes: 411 * bytes sent: 169.04 MB/s, received: 101.53 MB/s * planned buster upgrades completion date: 2020-06-24 -- Antoine Beaupré torproject.org system administration

1 0

cupani AKA git-rw IP address changed
by Antoine Beaupré 10 Mar '20

10 Mar '20

The main git server, cupani, is the machine you connect to when you push or pull git repositories over ssh to git-rw.torproject.org. That machines has been migrated to the new Ganeti cluster. This required an IP address change from: 78.47.38.228 2a01:4f8:211:6e8:0:823:4:1 to: 116.202.120.182 2a01:4f8:fff0:4f:266:37ff:fe32:cfb2 DNS has been updated and preliminary tests show that everything is mostly working. You *will* get a warning about the IP address change when connecting over SSH, which will go away after the first connection. That is normal. The SSH fingerprints of the host did *not* change. Please do report any other anomaly using the normal channels: https://help.torproject.org/tsa/doc/how-to-get-help/ The service was unavailable for about an hour during the migration. Thank you for your patience, A. PS: details of the work are available here: https://trac.torproject.org/projects/tor/ticket/33446 -- Antoine Beaupré torproject.org system administration

1 0

February 2020 report for the Tor Browser team
by Pili Guerra 10 Mar '20

10 Mar '20

Hi everyone, During February the team has been working hard on finishing off work around improving Onion Service usability in Tor Browser as part of our work for Sponsor 27[1]. This work includes some exciting updates to HSv3 client authorization[2], including authorization key management[3] in Tor Browser. We have also been working on improvements to the way connection errors to onion services are presented[4][5] to a user when connection to an onion service fails[6][7]. Related to this, we have also been working on how we present warnings about self-signed certificates for .onion sites[8] and improving the url bar onion indicators[9]. We have also been working on a proof of concept to support human memorable addresses for onion services[10] by supporting .onions in HTTPSEverywhere[11]. We made two releases this past month: 9.0.5[12] and 9.5a5[13]. We have also moved closer to getting automatic nightly updates working and we hope to share some exciting news in this area soon. Finally, we have started working on the transition away from Mozilla's ESR train and onto the Release train. As part of this work we have started to rebase Tor Browser patches onto mozilla-central and reviewing our testsuite. A few of us were at FOSDEM in Brussels where we gave a talk[14] sharing our plans for the year ahead for the Tor Browser Team. The full list of tickets closed by the Tor Browser team in February is accessible using the TorBrowserTeam202020[15] keyword in our bug tracker. All tickets on our radar for March can be seen with the `TorBrowserTeam202003` keyword in our bug tracker.[16] Thanks for reading! Pili [1] https://trac.torproject.org/projects/tor/wiki/org/sponsors/Sponsor27 [2] https://trac.torproject.org/projects/tor/ticket/30237 [3] https://trac.torproject.org/projects/tor/ticket/19757 [4] https://trac.torproject.org/projects/tor/ticket/30022 [5] https://trac.torproject.org/projects/tor/ticket/30025 [6] https://trac.torproject.org/projects/tor/ticket/19251 [7] https://trac.torproject.org/projects/tor/ticket/23545 [8] https://trac.torproject.org/projects/tor/ticket/13410 [9] https://trac.torproject.org/projects/tor/ticket/32645 [10] https://trac.torproject.org/projects/tor/ticket/30029 [11] https://trac.torproject.org/projects/tor/ticket/28005 [12] https://blog.torproject.org/new-release-tor-browser-905 [13] https://blog.torproject.org/new-release-tor-browser-95a5 [14] https://fosdem.org/2020/schedule/event/tor/ [15] https://trac.torproject.org/projects/tor/query?status=closed&keywords=~TorB… [16] https://trac.torproject.org/projects/tor/query?status=accepted&status=assig… <https://trac.torproject.org/projects/tor/query?status=accepted&status=assig…> — Project Manager: Tor Browser, UX and Community teams pili at torproject dot org gpg 3E7F A89E 2459 B6CC A62F 56B8 C6CB 772E F096 9C45

1 0