- tor-project - lists.torproject.org

[TSoP 2018] Bandwidth scanner update - report #5
by juga 27 Jul '18

27 Jul '18

Hi, since the report #4, these has been the tasks i have worked on: - dir-spec: DirAuths should expose bwauth bandwidth files (#26694) - sbws: Warn when there is not enough disk space (#26937) - Create Debian package for sbws (#26848) - Create Debian ITP bug - Binaries should have manual pages (man) (#26926) - sbws should allow a configuration file argument (#26862) - ask to upload sbws releases in dist.torproject.org (#26849) - Ask to upload sbws Debian package in deb.torproject.org (#26906) - Ask about using "tor-" namespace - Stop requiring to change the sbws version in more than one place (#26736) - cleanup old v3bw files (#26701) - Don't require sbws tests to set log level, refactor tests configuration (#26644) - Add possibility to log to system log (#26683) - Make sbws generate bandwidth files atomically, and document (#26740) - Check that the scaling is working: check how sbws results compare to itself when scaling and not scaling [0] - Initial Makefile to include sbws in OpenBSD ports The next weeks i plan to work on: - Check that the scaling is working [0] - Run sbws and Torflow from same box and do more graphs about results - maybe refactor code to have the possibility to generate bw results without rtt - maybe refactor code to easier generating (csv) files to compare in graphs - maybe refactor graphs code to easier generating them with several files - Debian package: - include autopkgtest - get it reviewed - get it uploaded to deb.torproject.org or/and Debian archive - Fix any critical sbws that we might find Maybe out of SoP time in case no remaining time during it: - continue with Relays should regularly do a larger bandwidth self-test (#22453) - implement DirAuths should expose bwauth bandwidth files (#21377) Best, juga [0] https://github.com/pastly/simple-bw-scanner/issues/182

1 0

Notes from July 26 2018 Vegas team meeting
by Karsten Loesing 27 Jul '18

27 Jul '18

Notes for July 26 2018 meeting: Georg: 1) Shari: Gentle ping for the bug bounty contract expiration date :) [Sorry for the delay! August 31, 2018 is the expiration date.-Shari][GeKo: Thanks!] 2) Do we have a vacation calendar somewhere, at least for vegas-team folks? Should we? (It would be useful for me at least :) ) AM: +1 on usefulness; [we don't have one yet as far as I know-Shari] 3) Tor Browser alpha preparations (both desktop and mobile) Alison: 1) HOPE happened and it was a great success! Lots of people stopped by our table, the talk went really well, we got great questions and no trolling, and we demonstrated great community engagement by joining with other orgs and individuals to stand up to the trolls. :) Lots of great ideas for future conferences. The panel discussion model seems to work really well, especially if we have multiple teams/projects represented. Honestly we could have made it into just an AMA, kinda how EFF does. [I think having the quick presentation was helpful so everyone was on the same page. a couple ppl even used the word "onionize" in their questions after hearing it. maybe it is also why the questions were so good, direct. -Steph] 2) Colin reports that the PETS relay operator meetup went really well! More than 50 people attended and then lots of them hung out after. He's already gotten a lot of folks telling him they want to run new relays, plus there are more people getting in touch about that after HOPE. Community engagement really works, yay. [This is amazing news!-Shari] 3) Very busy with Library Freedom Institute this week and next as we prepare for our in-person meetup on August 3-5. 4) Gus and I are working on documentation for Tor Browser 8.0 (support portal articles and TB Manual updates to start, then training slides). After we finish this we'll work on TB Android docs. 5) We have another Mexico City planners meeting on Monday. I will send out the agenda solicitation email after that. I also hope that we can get the open days blog post out sometime very soon. We're also connecting with community members in Mexico City. Mike: 1) Following up on blog posts, doing vanguards improvements based on feedback. Steph: 1) HOPE (presentation and booth) went well, and it was inspiring to see the community rally together. We got $1900 in donations and over 100 newsletter signups. Tommy got them into civi, and Sarah and I got a thank you note out to all who signed up. We are talking more about how to maximize our booth presence in the future. 2) Doing TBA copy 3) Leading a media training workshop for LFI next weekend 4) Still to do: blog catchup, TPO copy Sarah: 1) Working with Jon and Tommy to understand and optimize procedures around gift entry, acknowledgment, monthly giving follow-up 2) Putting together revisions for the Donate pages on the website for Giant Rabbit 3) beginning to network to fill the open Grant Writer position 4) Starting to plan for a monthly giving solicitation campaign 5) Reviewing current major donors and starting to build a strategy to reach out and build relationships Karsten: 1) Published a new Reproducible Metrics page ( https://metrics.torproject.org/reproducible-metrics.html ) which is still a work in progress, but which is a big step towards completing our Sponsor 13 deliverable 2. Remaining steps are to get it reviewed some more and then link it from all over Tor Metrics. 2) Made progress with adding our first graph based on OONI data. Coming soon. 3) Started making some improvements to the Onionoo API to allow more powerful queries. 4) Removed one of the remaining road blocks preventing us from integrating ExoneraTor more smoothly into Tor Metrics. Shari: 1) Working on funding proposal to OSC, new group which seems to get its funding from USAID, SIDA, and Bill and Melinda Gates Foundation. 2) Selected recipients of next Shuttleworth Fellowships. Fun to be part of that process! 3) Spoke with staffer for US Select Committee on Intelligence about our funding. 4) Finished up job description for new sysadmin position and pushed to get it posted. 5) Handled/handling a few personnel things. Arturo: 1) We kicked off our UX research for the new OONI Probe mobile apps. We created a survey which we circulated on social media, mailing lists, and via push notifications. See: https://ooni.torproject.org/post/ooniprobe-ux-survey-and-interviews/. We have also started interviewing community members, and conducted 4 interviews this week. 2) Progress on OONI Probe desktop apps 3) Made some progress on reviewing tor_api.h. See: https://trac.torproject.org/projects/tor/ticket/25510#comment:7 & https://trac.torproject.org/projects/tor/ticket/26948 & https://trac.torproject.org/projects/tor/ticket/26947 & https://trac.torproject.org/projects/tor/ticket/23846. 4) Briar's Torsten mapped the blocking of Tor worldwide based on OONI data: https://grobox.de/tor 5) Maria presented OONI in Kiev and facilitated a UX workshop (2 weekends ago) 6) The OONI team be taking the second of the two tor meeting open days off, to recuperate before our internal meeting happening the days after. If there are open day things we should be part of, let's be sure to put them on the first of the two days.

1 0

Job Opening - Senior Systems Administrator
by Erin Wyatt 25 Jul '18

25 Jul '18

Hello Everyone, We are happy to announce a new opening with The Tor Project - the paid, employee position of Senior Systems Administrator! We've been growing, and we've added more systems to do our day-to-day work, so it makes sense to have a full-time person to set things up and keep them running. Job description pasted below, attached as PDF, and will soon be on our website at https://www.torproject.org/about/jobs.html.en In more than any other area, the Tor Project has depended on the work of volunteers to keep our systems running and maintained to the highest security standards. We cannot thank our dedicated team of volunteers enough for their years of service and for making it look so easy — it's incredible how effective they've been at this thankless job. Thank you all! Please help us get the word out about this position. As stated in the job description, this person "must be or become strongly trusted by our community." If you are or know someone who would be good for this job, please apply or share the job description! Thank you all! Sincerely, Erin Wyatt HR Manager ewyatt(a)torproject.org GPG Fingerprint: 35E7 2A9F 6655 45F9 2CB6 6624 BA0C 9400 F80F 91CE -----------------------8<-----------------------8<-----------------------8<----------------------- Internet Freedom Nonprofit Seeks Senior Systems Administrator July 25, 2018 The Tor Project, Inc., a 501(c)(3) nonprofit organization advancing human rights and freedoms by creating and deploying free and open source anonymity and privacy technologies, is seeking a Senior Systems Administrator to maintain, upgrade and manage our organization’s software, hardware, and networks. The goal of the Tor Project’s sysadmin will be to ensure that our technology infrastructure runs securely, smoothly, and efficiently and that Tor Project employees, contractors, and volunteers have the knowledge and resources to do their work. The ideal candidate is resourceful, creative, and able to diagnose and resolve problems quickly. Our sysadmin must have the patience to communicate with a variety of interdisciplinary teams and users, including some who are not technical and others who are extremely technical. The sysadmin will set and guide the strategy for all of our internal technology infrastructure with the participation and assistance of our open source community. This job requires a jack-of-all-trades, and every day is likely to present new and different challenges. The ideal candidate will have at least five years of experience running open source systems. This is a senior level position that reports directly to the Executive Director and is part of the organization’s leadership team. This person will manage one direct report, our Junior Services Administrator. This will be the organization’s first paid sysadmin, and a willingness to work with our highly effective, long-term volunteer sysadmins is essential. Responsibilities: • Install and configure software and hardware • Manage network servers and technology tools • Set up accounts and workstations • Monitor performance and maintain systems according to requirements Must have experience monitoring infrastructure for downtime and compromise • Troubleshoot issues and outages • Ensure security through access controls, backups and firewalls Must understand the security implications of configuration choices • Upgrade systems with new releases and models Must have experience keeping many systems well-patched • Administrate infrastructure, including firewalls, databases, malware protection software and other processes • Assist our staff in selection of new technologies • Develop expertise to train our staff on new technologies • Provide technical support for both hardware and software issues our staff encounter • Build an internal wiki with technical documentation, manuals and IT policies • Supervise the Junior Services Administrator Requirements: • Proven experience as a System Administrator, Network Administrator or similar role • Experience with databases, networks (LAN, WAN) and patch management • Experience with automation tools that scale (e.g., puppet) • Knowledge of system security (e.g., intrusion detection systems) and data backup/recovery • Ability to create scripts in Python, Perl or other language • Familiarity with various operating systems and platforms • Experience helping users think through how best to achieve their tasks (ie, the right combination of sustainable, safe, easy to deploy and use, does what they want) • Great intuition about what service and config choices will keep things from going out of control • Must be or become strongly trusted by our community • Resourcefulness and problem-solving aptitude • Excellent communication skills The Tor Project's workforce is smart and committed. Experience working with open source communities is required. Dedication to Internet freedom is an added plus. The Tor Project currently has a paid staff of around 40 developers and operational support staff, plus many thousands of volunteers who contribute to our work. The ideal candidate will be energetic, unflappable and flexible, and will thrive in a highly-technical collaborative environment. This is a full-time, hands-on position, which can be done remotely or in our office in Seattle, WA. Flexible salary, depending on experience. The Tor Project has a competitive benefits package, including a generous PTO policy; 14 paid holidays per year (including the week between Christmas and New Year's, when the office is closed); health, vision, dental, disability, and life insurance paid in full for employee; flexible work schedule; and occasional travel opportunities. To apply, send your resume to hr at torproject dot org with the subject "Systems Administrator." Include a cover letter that tells us why you think you're the right person for this job. No phone calls please! The Tor Project, Inc., is an equal opportunity, affirmative action employer.

1 0

Use of "tor" as part of the name for sbws Debian package
by juga 25 Jul '18

25 Jul '18

Hi, we're going to package sbws [0] for Debian. We would like to provide the package in deb.torproject.org and probably also in the official Debian archive. teor, irl [1] and others [2] proposed to used the "tor-" namespace for the sbws package. Ulrike pointed out [2] that software using "tor-" in their name needs to be acknowledged by the Tor Project [3]. So, would it be fine to call the sbws Debian package something like "tor-sbws"?. Thanks, juga. [0] https://gitweb.torproject.org/sbws.git/ [1] https://trac.torproject.org/projects/tor/ticket/26848#comment:19 [2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903977 [3] https://www.torproject.org/docs/trademark-faq.html

6 8

[TSoP] stem.client - status report #5
by Dave Rolek 25 Jul '18

25 Jul '18

Hi everyone! This is my fifth status report for the stem.client TSoP project [1]. You may see my previous reports on the tor-project ml. [2][3][4][5] This report is a few days late. # Updates It's been roughly a week and a half since my last update. I've focused on some loose ends over this time. I've found it's bad if I let things sit in a partial state too long, so I wanted to push a few things forward. ## stem.client Nothing directly on the stem.client codebase. Oi. ## tor-spec Having been pretty deep in the spec, I've been noting a number of things to address. When tor-spec was being discussed on #tor-dev, I contributed some to the conversation and resultant tickets. The discussion spawned the following tickets, which I filed: * #26859 - improve contextual description of EXTEND->CREATE / CREATED->EXTENDED handling and payloads [6] * #26860 - decryption order appears to be wrongly specified [7] I also took #26228, which I previously filed, and split it into smaller parts, to move forward: * #26228 - Clarify/determine specification for padding bytes, (formerly also PADDING cell) [8] * #26870 - clarify inconsistency for [V]PADDING/DROP cell content vs. padding bytes [9] In a bit of relation, another part discussed in #26228 - randomized padding - made it into a ticket thanks to teor and prop#289 review: * #26871 - prop289: randomize the unused part of relay payloads [10] I submitted a PR for #26860 and another for #26228. #26859 and #26860 were addressed together; now merged. [11] #26228, #26870, and #26871 are also being addressed together, the others mostly by teor; current status is a PR. [12] ## stem, general I filed/implemented a few tox-related tickets to make development/testing easier: * #26811 - tox fails with pip 10 [13] * #26916 - Make tox config more useful/friendly for running multiple interpreters/versions [14] * #26822 - Investigate relying on tox's default install capabilities | instead of an explicit command [15] +- better tox stuff of #26811, filed only ## tor, general I ran into a few tor bugs during the past few weeks: * #26709 - Onion V3 addresses not always working [16] +- I reproduced this (or something similar) and have a log that I will post this week * #26882 - ~one case of IP address not scrubbed in logs~ [17] +- filed (noticed in scrubbing a log manually) I ran into an exit that seems to be undergoing general censorship in the area (tpo unreachable). Will be emailing bad-relays(a)torproject.org with the details. (Thanks teor!) # other bookkeeping A few other general cleanup things: * closed out #26197 - GitHub mirroring for stem [18] * closed out stem's GitHub PRs #1-#4 [19] * various other Trac triage/bookkeeping, e.g. ... - making the current status of #24321 clear in the ticket [20] - closing out #26852 [21] * (probably other stuff) # What's next There's a bit more cleanup I want to do, but I recognized this update has been proportionally much more of that than I had intended. So next I plan to focus as much as possible on stem.client. ## stem.client 1. refactor: Relay cell encryption/decryption/processing 2. centralize ORPort reads/sends (demux/mux) at connection level 3. implement required RelayCell subclasses (e.g. parsing of decrypted body) ## tor-spec File tickets to track spec improvements resulting from TSoP experience. (These are bookkeeping / awareness tickets for my WIP changes.) ## tor, general Post log for #26709. [15] Email about potentially censored exit. ## other File a GitHub mirroring ticket for nyx. A bit of TSoP administrativia. # Other Tor things Multiple in-person chats. Seems to be a decently consistent interest in Tor. :) # Closing I'm proactively reading a *bit* of IRC scrollback again now, but please still mention my nick (dmr) if you want to get my attention! As with before, please don't hesitate to reach out to me via IRC or email! Thanks, Dave [1] https://lists.torproject.org/pipermail/tor-dev/2018-April/013090.html [2] https://lists.torproject.org/pipermail/tor-project/2018-May/001811.html [3] https://lists.torproject.org/pipermail/tor-project/2018-June/001830.html [4] https://lists.torproject.org/pipermail/tor-project/2018-June/001858.html [5] https://lists.torproject.org/pipermail/tor-project/2018-July/001886.html [6] https://trac.torproject.org/projects/tor/ticket/26859 [7] https://trac.torproject.org/projects/tor/ticket/26860 [8] https://trac.torproject.org/projects/tor/ticket/26228 [9] https://trac.torproject.org/projects/tor/ticket/26870 [10] https://trac.torproject.org/projects/tor/ticket/26871 [11] https://gitweb.torproject.org/torspec.git/log/tor-spec.txt?id=b592584b6ae33… [12] https://github.com/torproject/torspec/pull/28 [13] https://trac.torproject.org/projects/tor/ticket/26811 [14] https://trac.torproject.org/projects/tor/ticket/26916 [15] https://trac.torproject.org/projects/tor/ticket/26822 [16] https://trac.torproject.org/projects/tor/ticket/26709 [17] https://trac.torproject.org/projects/tor/ticket/26882 [18] https://trac.torproject.org/projects/tor/ticket/26197 [19] https://github.com/torproject/stem/pulls?q=is%3Aclosed [20] https://trac.torproject.org/projects/tor/ticket/24321 [21] https://trac.torproject.org/projects/tor/ticket/26852

1 0

Tor Browser team meeting notes, 23 July 2018
by Georg Koppen 24 Jul '18

24 Jul '18

Hello! Below are the notes from our latest Tor Browser meeting. As usual the IRC log can be found at meetbot.debian.org: http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-07-23-17.59.log… The notes from our pad are: Tor Browser Meeting Notes Monday July 23, 2018 Discussion: -I [tjr] read through the Hacking document. Had a few observations: "For historical reasons, Tor Browser tickets are spread across several Trac components: "Tor bundles/installation", "TorBrowserButton", "Firefox Patch Issues", and "Tor Launcher". We are considering consolidating many of these components and switching to keywords instead, but that hasn't happened yet." I don't think this is still true? https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Hacking#Howweu… Maybe we could move Orfox/Orbot to another page? [GeKo: I'll open a ticket for restructuring the Hacking document] when a new nightly build is available on https://people.torproject.org/~linus/builds/. <- I don't think this is active anymore? [boklm: ah yes, this part of the page (about QA and Testing) needs some updates][GeKo: I'll open a ticket for this item] -How do we want to use Github (if at all)? [GeKo: I'll think a bit more about it and then wil write a mail later this week as reply to Isa getting the discussion started on the mailing list taking into account what we discussed during the meeting] -Moving away from storm to some etherpad for meeting notes? [GeKo: We'll decide that next week when Arthur is back] - Sandboxing meeting: what should we prepare? Any agenda? (Did I miss it?) mcs and brade: Last week: - Finished reviewing undocumented bugs since FF52esr for #22074. - Debugged and created a workaround for #26514 (intermittent updater failures on Win64 (Error 19)). - Tried to test Snowflake on macOS 10.9 for #26251 (Adapt macOS snowflake compilation). - Got sidelined due to #26876 (tor.real fails to start on macOS 10.9). - Helped with triage of incoming tickets. - Reviewed a couple of patches: - #26603 (remove obsolete HTTP pipelining prefs) - #26353 (First request goes over catch-all circuit) This week: - Prepare for and attend sandboxing futures meeting. - Start on #25695: Activity 5.1: Redesign Tor Browser homepage ("about:tor") - Review our notes from #22074 (undocumented bugs since FF52esr) and file additional tickets if necessary. - Get back to #26381 (about:tor page does not load on first start in localized Windows bundle) - After the Tor Browser nightly builds include the network team's fix for #26876, do some testing for #26251 (Adapt macOS snowflake compilation to new toolchain). pospeselr: Moving house tomorrow and Tuesday so won't be in the meeting Won't have internet installed until *sometime* on Wednesday Last week: - Portland - #26540 patch works now (pdfjs range-based request first party isolation) - failed to reproduce windows DNS leak we got email'd about - fixed up #26456 patch and ran automated try server tests to verify changes don't break anything (haven't had a chance to look at results yet) This Week: - moving - #21785 (storage api) - #tbbfingerprinting boklm: Note: currently traveling to PETS so I will be missing second half of the meeting (after 18:30 UTC) Last week: - vacation This week: - finish dealing with backlog - attending PETS - can help with building a new alpha if we want to do one this week [GeKo: Not this week, but hopefully next week] - fill binutils ticket tjr - More #26476 work. I have reduced even more differences between the two toolchains, still crashes. - Confirmed that the TC build runs though: https://treeherder.mozilla.org/#/jobs?repo=try&revision=9a1a8cc2c8224e38c0b… - Confusingly though, if I remove --disable-maintenance-service I get a NSS build error.... If nothing else gives me a result I guess I'll dig into that more - I'm getting pushback on landing required NSS patches into -esr60... so I am delaying pushing back on that until I have more ducks in a row regarding tests running [GeKo: What are we talking about here? And what would be the impact if we don't get those patches landed? I wonder if we could cope with that and maybe it would be more useful to focus on getting nightlies with mingw-w64 running again?] [tjr: The impact would be that we can't get the gcc or clang MinGW builds running in ESR branch. I have been focusing on that rather than mingw-clang on -central.] [GeKo: Well, RyanVM told me a while ago, that tests for mingw-w64 are running (to catch regressions due to security bugfixes etc. so, I was under the impression that there are things running on ESR60 for us, even it is not exactly what we ship, hence my question][tjr: esr60 is running the x86 build only. I forgot about that. These NSS patches are holding up the x64 build and tests (assuming I can the damn tests fixed for whatever else is breaking them).] [GeKo: Okay, the plan here is to let the 32bit esr60 on Mozilla's infrastructure and the manual 64bit testing before release be enough and focus on mozilla-central again instead] - But that is going slowly/hard to allocate time for - This is holding up landing the build jobs for x64 or mingw-clang - I don't think the mingw-clang build (with stylo) is as stable as Jacek thinks it is [GeKo: Why not? Any bug reports/pointers?][tjr: I don't know anything more than "I tried to run it and it didn't always start for me, or stay running. Haven't investigated, or compared with/without stylo or asked Jacek.] - A few other outstanding issues for MinGW: - jemalloc on mingw-gcc (This is a shame, because it means Tor Browser will be lacking exploit mitigations) - mingw-clang sandbox sysrqb: Last week: Received good feedback on TBA/Orfox rebased patches (26401) and worked on revisions Attended HOPE Spoke at HOPE Contributed to joint statement against white nationalists/fascists at HOPE and in our spaces Talked with some people about sandboxing Tor Browser This week: Finish 26401 Read Isa's sponsor 8 mail and respond Sandboxing meeting tomorrow at 15:00 UTC Review igt0's torbutton modification for mobile sisbell: Last Week: Android toolchain + licenses working in RBM Worked on getting arm target working on Rust (nearly complete) This week: Complete arm target on rust Working browser on Android Create branch for public review Cleanup build changes GeKo: Last week: -coped with my backlog -bunch of reviews (most importantly, and most time-consuming the one for #26401; then #26590, #26795, #26477, #26569, #26216, #9145, #25485) -worked further on #26475 (there might be light on the end of the tunnel due to alex's last comment given that I can already feel glandium's "this-drives-me-crazy" mentioned in https://github.com/rust-lang/rust/issues/52044. Thus the bug has to be the same. :) ) -helped with Sponsor8 reporting (sysrqb, igt0: please add items I forgot, see tbb-dev mail) [sysrqb: yes!] -worked a bit on #26628 (backporting an Origin Attributes bug that could lead to browser crashes) -looked a bit a proxy bypasses on mobile and resumed network code review (#22176) -looked over remaining UX issues for both mobile and desktop alphas This week: -finally tracking down #26475 and hopefully finding a fix for it -more reviews -more network code review (#22176) -I need someone looking at #26874 (pospeselr can you do that?) and I need someone working on the onboarding part (#25695) (mcs/brade could you do that); sysrqb, igt0: who has #25696 on his plate? [sysrqb: I can put it on my plate, unless igt0 wants it] [igt0: either way is fine] -PSA: I have to be AFK from 8/2-8/12, alas (this is one of the things I could not postpone as the planning for it where already done before Mozilla moved the ESR release, I am sorry for that) igt0: Last week: - Tried to make the preferences.xul work on mobile, started to migrate the code to xhtml (#26884) - Investigated how the onboarding works on android and reviewed #25696 (Design of alpha onboarding for Tor Browser for Android) - Investigated about MAR on android. (Firefox team never used it) This Week: - Finish #26884 - Review again #26401 sukhe: Last Week: - I continue with #26476 (crash on Windows) with tjr, #12968 (HEASLR). - I have given up on up #26251 (Snowflake) again. I am going to wait for the mingw-w64/clang builds perhaps. - Worked on #25485; waiting for more discussion to finalize This Week: - Continue the above tickets unless something comes up. Georg

1 0

services updates - june 2018
by silvia [hiro] 23 Jul '18

23 Jul '18

Hi, here is the service report for June. Continuing translation work for support portal. We have been working on translations via transifex and we now have the PO files build within Lektor. Newsletter is being built via Lektor now and uses the Tor Styleguide. Trac status update As you all know trac has been having issues for a while now. In the last month I have been implementing a few configuration options as described in: https://trac.edgewall.org/wiki/TracPerformance More specifically I have set: * max_daysback: 30 (It was set to 90 days before and this is known to cause issues with trac installation with 'some history' like ours) * use_chunked_encoding: true Also Teor started a Trac permissions cleanup. Thanks Teor for this! I went I bit further and cleaned up a few more not really needed groups. I think now everything will be easier to follow. I have also restricted cypherpunks powers following the vandalism of the last few days. I think this is a temporary middle ground till things are quieter. Talk soon, -hiro

1 0

US congress wrote a letter to Google and Amazon on domain fronting
by Arturo Filastò 22 Jul '18

22 Jul '18

In case you missed here is a letter to Google and Amazon on the blocking of domain fronting by Senator Rubio and Wyden: https://www.wyden.senate.gov/imo/media/doc/Wyden%20Rubio%20Letter%20to%20Am… Press coverage: https://www.cyberscoop.com/domain-fronting-ban-letter-ron-wyden-marco-rubio… https://www.accessnow.org/access-now-supports-bipartisan-questioning-of-goo… ~ A.

7 15

[TSoP 2018] Ahmia status update ~ report #5
by Stelios Barberakis 20 Jul '18

20 Jul '18

Hello all, Bi-weekly update for ahmia: --- Ahmia Site ---: * Finished Usage statistics [1] * I have been playing around with Elasticsearch's `fuzziness` feature, to find out if we can utilize it to improve results. This is still R&D, my current proposal is [2] * I have been trying out weighted fields on Elasticsearch, to find out if search results are improved or not. Both deciding which results are better, and checking on multiple input combinations, are tricky ~ this is still R&D. --- Ahmia Crawler ---: * Fixed [3], [4] Thank you, Stelios [1] https://github.com/ahmia/ahmia-site/commit/5c36f95e58d90b322f5e8dabf39c18e3… [2] https://github.com/ahmia/ahmia-site/issues/25 [3] https://github.com/ahmia/ahmia-crawler/issues/7 [4] https://github.com/ahmia/ahmia-crawler/issues/9

1 0

Notes from July 19 2018 Vegas team meeting
by Karsten Loesing 20 Jul '18

20 Jul '18

Notes for July 19 2018 meeting: Georg: 1) Back from vacation and dealing with backlog 2) Work with UX team to prepare the next desktop alpha (hopefully ready in about two weeks) and the first Tor Browser for Mobile alpha (hopefully ready in about two weeks as well) 3) Shari: Do you know when our current bug bounty contract is supposed to expire? Shari: 1) Welcome, Sarah! 2) getting caught up from week out of the office 3) general stuff related to getting Sarah acclimated, plans for Mexico City, upcoming grants 4) sorting through Shuttleworth Fellowship candidates Nick: 1) Away next week at PETS 2) Teor is onboarding this week; all seems well. 3) new bridge auth deployment seems to be going okay. 4) Planning to revise roadmap to reflect reality and staffing changes once Isa is back online in early nov. Steph: 1) presented at NYU Tandon with Matt, thanks to gman and Yin for helping out! 2) preparing for HOPE tomorrow. Our presentation is Friday, and we have a booth all weekend. Bringing lots of swag. 3) whipped up a 1pager for the NYU students and HOPE table 4) got travel and lodging squared away for Def Con - Roger’s AMA is Sat Aug 11 at 6pm in the crypto village 5) responded to a couple press inquiries 6) helping spread the word about upcoming meetups 7) working on copy for TBA Karsten: 1) Released CollecTor 1.7.0 to recognize the new bridge authority. 2) Released Onionoo 6.1-1.15.0 with several new features. Mike: 1) Vanguards post hopefully going up today/early tomorrow before asn's HOPE talk [can i check out the posts? -steph] 2) Research post following soon after (Roger has seen it, had some comments) Roger: 1) I owe Heather a "staff x sponsor" matrix. Going to do that before I leave for PETS. Alison: 0) HOPE is tomorrow! I'm spending today making sure all of our plans are in place. 1) PETS is this weekend! Colin is very excited for the relay operators meetup and has been getting lots of last minute RSVPs 2) Gus and I are working on TB 8.0 documentation 3) LFI is in week 7 and we're preparing for our in-person meetup the first weekend in August 4) Continuing to work on the Mexico City meeting. Planning to send the agenda ideas email out the first week of August.

1 0