- tor-project - lists.torproject.org

Automatic storm.torproject.org accounts for people with @torproject.org addresses
by isis 20 Apr '16

20 Apr '16

Hello all, Asheesh Laroia of the Sandstorm team offered us an API key for Sandstorm Business, which means that there are now some extra features. One of the ones I've already enabled is that anyone who proves control of an @torproject.org email address is able to have a Sandstorm account on https://storm.torproject.org. There are additional features which likely allow us, once the server is moved to official Tor Project infrastructure (rather than a server that I personally maintain), to hook up to Tor's LDAP, which maybe requires a bit of hacking because we have a somewhat odd LDAP setup, but it should allow us to have passphrases for Sandstorm which are controlled in LDAP. This would mean that we don't need to use the "passwordless email login" anymore. Best, -- ♥Ⓐ isis agora lovecruft _________________________________________________________ OpenPGP: 4096R/0A6A58A14B5946ABDE18E207A3ADB67A2CDB8B35 Current Keys: https://fyb.patternsinthevoid.net/isis.txt

1 0

[VISIBLE CHANGE] New plug-ins installed on Trac and reorg of components
by isabela 20 Apr '16

20 Apr '16

Hello Tor, tl;dr; We installed a few new plug-ins to Trac and re-organized the components - please check out and give us feedback or report any issues! I am very happy to announce that we now have new plug-ins on Trac that will hopefully make the life of those who uses it all the time a little bit less painful ;) ==> What plug-ins? Ticket Organisation Improvements: Plug-in: https://trac-hacks.org/wiki/SubcomponentsPlugin This plugin would allow for subcomponents of a component in a way that is still easy to interact with the component as a whole. Ticket Triaging Improvements: Plug-in: https://trac-hacks.org/wiki/DuplicateTicketSearchPlugin Shows a list of possibly matching/related tickets (and their current status) when you're making a new ticket. UI Improvements Plug-in https://trac-hacks.org/wiki/AutocompleteUsersPlugin Autocompletion for CC field (by "real" name and trac username). This should help remove errors where Alice thinks Bob has been CCed (but the trac username that Alice entered was typoed or doesn't exist), and then Alice gets angry that Bob didn't help/comment. Plug-in https://trac-hacks.org/wiki/DefaultCcPlugin Add a default list of people to the CC list for new tickets, based on their component. Should be helpful when a component is commonly worked on by multiple people. ==> Loving it! But what if I have some feedback? We will be collecting feedback over email or here in this pad: https://storm.torproject.org/shared/5L7ynPhbqVIKHuFfiubFgWgsfa3FPluiibmZvPy… Please use this pad especially if you have feedback on how we re-organized the components and named the master ones. If you want to just share over email list is fine. I will be aggregating them in the pad too. ==> Oops! I found a bug! If you find a bug please use Trac to file a ticket! The old 'Service - trac' component - is now under 'Internal Services': https://trac.torproject.org/projects/tor/newticket ==> Who did this? Where this came from? When I started at Tor almost one year ago I wrote this proposal for how we could be using trac to organize our work: https://docs.google.com/document/d/1luDGhBRw2eJxJ4JKlPlF2CCIqMRCFP35NRuM2sc… If you look at it you will that it actually has way more plug-ins than we actually ended up installing. The reason is that I got some great help from Isis who looked at them and gave some suggestion on what to actually use and what to not use. (Thanks Isis!!!) Later, I got a small budget to pay a person to do this gig for us. Which is how Juga got involved :) She was hired to do all the process of getting these goodies there. Once she had things working in a testing environment I sent an email to this list inviting folks to test the plug-ins where I also asked for feedback on the re-org of components, which I got from a few people and since there were no bugs we decided we could move forward with actually getting these changes into production. (thanks juga!! ps: no she is not on this list but I am thanking her anw) We also got amazing help from weasel who stet up the dev environment for juga as well as getting things on production today. (thanks weasel!!) ==> Why it took so long tho? Mostly my fault :( I was too busy to get Juga what she wanted in a good timing -- but better late than never! Ufa! that's it. If you have any technical specific questions I can get them to Juga too. Thanks everyone, hope you enjoy it. Isabela -- PM at TorProject.org gpg fingerprint = 8F2A F9B6 D4A1 4D03 FDF1 B298 3224 4994 1506 4C7B @isa

3 2

irssi and OFTC new cert
by Nima Fatemi 19 Apr '16

19 Apr '16

Hi, Those of you who use irssi to get on IRC and had OFTC cert hardcoded into your client might find this useful. OFTC has just moved to Let's Encrypt. Yay! But that means the old cert isn't valid anymore and if your irssi tries to reconnect, it's going to fail with a warning that the client has failed to verify the cert. You need to edit your irssi config file (~/.irssi/config) and remove the hardcoded ssl_cafile path. After that you need to either close your irssi and reopen it, or do a /reload and then /rmconnect oftc and then /connect oftc. Note that doing a /reload isn't enough. irssi auto reconnect doesn't read the new config. This silliness just ate about half an hour of mine. Thought I'd let others know. Best, -- Nima 0XC009DB191C92A77B | @mrphs "I disapprove of what you say, but I will defend to the death your right to say it" --Evelyn Beatrice Hall

1 0

Re: [tor-project] Notes from April 7 2016 Vegas team meeting
by Nathan Freitas 15 Apr '16

15 Apr '16

On Fri, Apr 15, 2016, at 03:16 AM, Karsten Loesing wrote: > Isabela: > 1) meeting Laura w/ Shari this Friday. Hope to hear better news from > her. I emailed DRL requesting the follow up phone call they offered in > the rejection email. I also pinged Dan to see if he is around, should > be good to check in with him as well. ... > 4) Next week on implementers meetings at DRL till the 20th (Wed). 20th > is also the soft deadline for OTF full proposal and deadline for > sponsorT report. >From my perspective in hindsight, I think neither of the SoIs emphasized mobile enough, based on the previous excitement and interest DRL seemed to express earlier in that area. I think writing a "Funding All Things Mobile Tor" SoI would likely be funded by DRL and/or OTF. We would need to go very big in the vision of supporting both Android and iOS as first tier platforms, including support for community projects like OnionShare and Ricochet. All of the core work on little t-tor, infrastructure, metrics, etc would be supported by this funding, but it is just that instead of starting with those things as end results or outputs, they become highly funded critical dependencies. If Tor Project as an organization isn't prepared to propose such a thing directly, then I am happy to, either as Guardian Project or through a partner like Internews who is currently funding our work on pluggable transports and mobile browsers. All the best, Nathan

2 1

CCP Grey on the Crypto Backdoor
by Tom Ritter 14 Apr '16

14 Apr '16

https://www.youtube.com/watch?v=VPBH1eW28mo CCP Grey makes awesome youtube videos, this one is particularly relevant to us. Might be worth tweeting =) -tom

1 0

Starting a Ph.D. in September
by isis 14 Apr '16

14 Apr '16

Hello, I'm very happy to announce I'll be starting a position as a Ph.D. researcher in Applied Cryptography at the Institute for Computing and Information Sciences of Radboud Universiteit in Nijmegen, starting in September this year. I'll be working with Lejla Batina as my supervisor, and Joan Daemen and Peter Schwabe as advisors. My topic is broadly "make tor's crypto better". More specifically, it's "make tor post-quantum"; beyond that, it could reasonably include working with other cryptographers to design some of the weirder constructions which tor needs, e.g. the 509-byte chained wide-block cipher that Nick's been going on about. The position lasts for four years, but covers only 50% of my time, because my supervisor and I are in full agreement that it would be more beneficial — both to Tor and to my thesis — if the other 50% of my time is spent doing development for Tor. As a non-academic, I feel that this is a somewhat unique opportunity. I've no desire to publish papers just for the sake of publishing something with my name on it — I care about improving Tor. My hope is that this Ph.D. results in the design and implementation of things that we've needed for a while. Best Regards, -- ♥Ⓐ isis agora lovecruft _________________________________________________________ OpenPGP: 4096R/0A6A58A14B5946ABDE18E207A3ADB67A2CDB8B35 Current Keys: https://fyb.patternsinthevoid.net/isis.txt

13 12

Re: [tor-project] Starting a Ph.D. in September
by Nathan Freitas 13 Apr '16

13 Apr '16

On Wed, Apr 13, 2016, at 03:48 PM, isis wrote: > I'm very happy to announce I'll be starting a position as a Ph.D. > researcher > in Applied Cryptography at the Institute for Computing and Information > ♥Ⓐ isis agora lovecruft doctor lovecruft has a nice sound and look to it. Thanks for working to protect the future.

1 0

Funding sources for developers in Latin America / Africa
by Virgil Griffith 13 Apr '16

13 Apr '16

Latin America * http://programafrida.net/en/grants * 20-40k USD grants Africa * http://www.fireafrica.org/grant-2016 * 25-30k USD grants -V

1 0

Fwd: Equipment Donation: Servers?
by Shari Steele 12 Apr '16

12 Apr '16

Hey all. This seems like a very generous offer. Anyone interested in running these 50 to 60 servers? Shari Begin forwarded message: > From: "Don Hejna" <donhejna(a)alumni.stanfordgsb.org> > Subject: Equipment Donation: Servers? > Date: April 8, 2016 at 1:10:01 PM PDT > To: <execdir(a)torproject.org> > > Hi I am hoping to reach someone regarding a potential donation of a 50 to 60 Servers for use as relays or exit nodes. Servers are mostly Del 1950’s with several gigabit ports each. Currently located in Silicon valley. > > I will be in Cambridge on Monday if meeting in person is appropriate, otherwise, phone is preferred. > > -Don > > Don Hejna > Stanford Graduate School of Business > Sloan Fellow 2007 > donhejna(a)alumni.gsb.stanford.edu > (650) 279-0187 >

2 2

Pro tip: Comment on media articles (at the bottom of the article)
by Kate Krauss 11 Apr '16

11 Apr '16

Hi, One small but useful thing that people can do to help Tor's image is to make a comment at the bottom of articles about Tor (especially negative ones). I'm not trying to add more work to people's TODO lists, but if you do wonder if it's helpful to comment, the answer is Yes, it's helpful. This is advice you could share with friends who want to help Tor--anyone can use it. I wouldn't necessarily post it to a list besides this one, because it's advice about strategy. As an example, I'm not loving this Christian Science Monitor Article (http://www.csmonitor.com/World/Passcode/2016/0408/Tor-aims-to-grow-amid-nat…) which was then re-posted on Drudge.com. We don't want to generate lots of interest or controversy on Drudge.com, or Matt Drudge will start posting more negative articles about us--which he has mostly stayed away from over the years (interesting). But a couple positive comments would be useful. As a general rule, it's better to post the comment right after the article ends, or close to that, so you know more people see it (my bad this time). Our strategy here is to educate people, rally our supporters, and convert people who are neutral or unknowledgeable about Tor into supporters. Anyway, as an example for a general or conservative audience, here's what I posted at the end of the article on drudge.com--it focuses on researching health information and keeping the Man out of your business: "Tor is used by people who don't want either the government or companies like Google to know that they are trying to research sensitive health information--like about breast cancer--or about politics--or anything that they think is no one's business but theirs. It's super safe and private to use--that's the point. It's developed by a nonprofit organization and you can download it for free on torproject.org." Lots of people understand wanting to research breast cancer or birth control or drug treatment centers without having Google or your government spying on you. So those are good starting points. Health information, especially, resonates with older people and/or conservative people. Here are some basic talking points about Tor for comments after articles: Use a few; you don't have to use all of them. 1. We help human rights activists in countries like China hop over the Great Fire Wall (LOTS of people care about this from across the political spectrum in many countries) 2. We help people research health information privately (ditto) 3. We support the right to read and write freely 4. We support the right to privacy 5. We are safe to use--safer than what they are using now; very safe. 6. I often contrast our browser with onion services for people who have never used Tor by saying: With a web browser you are like a fish swimming in the ocean visiting different places. If you use the Tor browser, you are an anonymous fish. A web site or service you visit is like a coral reef. When the coral reef is also anonymous, that's an onion service. After people understand the difference between the fish and the coral reef, you can get into finer distinctions (Facebook, NAT punching, etc.). But fish vs. coral reef is a good start. 7. Tor is like hanging curtains on your window. Never get in to a flame war--one comment per person is fine. Your temperature should be cool, friendly, and educational--not angry. If you can't keep the temperature cool, it's good to skip doing this particular thing. (I'll be thinking of things you can do when you are mad.) Commenting is also a good thing to do on reddit, slash/dot, etc. You can use more sophisticated talking points for these audiences. It seems like a small thing but it really does help; it adds up--we want to rally and educate potential supporters, like the people on reddit, and we want to nicely educate people who read magazines like PC Magazine or CIO Magazine who might not know much about Tor. The key is to be the nice, reasonable person--I try to channel Roger :) Cheers, -Katie A list of places that could often use Tor-friendly comments: https://www.reddit.com/r/tor https://www.reddit.com/r/onions/ https://slashdot.org/tag/tor What else should be on this list? -- Kate Krauss Director of Communications and Public Policy kate(a)torproject.org @TorProject 1-718-864-6647 (works for Signal also) PGP: CC0D 9B42 DE89 D4D0 619B A606 DDEB 3937 7D18 973B

1 0