Tor Weekly News — June 25th, 2014
lunar at torproject.org
Wed Jun 25 13:30:57 UTC 2014
Tor Weekly News June 25th, 2014
Welcome to the twenty-fifth issue of Tor Weekly News in 2014, the weekly
newsletter that covers what is happening in the community around Tor,
the “fine-meshed net” .
Tor 0.2.5.5-alpha is out
Tor 0.2.5.5-alpha was released , fixing “a wide variety of remaining
issues in the Tor 0.2.5.x release series, including a couple of DoS
issues, some performance regressions, a large number of bugs affecting
the Linux seccomp2 sandbox code, and various other bugfixes”, in Nick
Mathewson’s words. Among the major security improvements is an
adjustment to the way Tor decides when to close TLS connections, which
“should improve Tor’s resistance against some kinds of traffic analysis,
and lower some overhead from needlessly closed connections”.
You can download the source tarball , or install the package by
following the instructions for your system . This release is also now
available in the Debian  and Tor Project  repositories.
Debian Wheezy’s tor version to be updated
Following a suggestion by Peter Palfrader , Debian developers are
preparing to update the version of tor found in the Debian stable
repositories from 0.2.3.25 to 0.2.4.22. Among the chief motives for
doing so is that “about a quarter of the Tor network (just considering
the relays, not any clients), is on 0.2.3.25, presumably because they
run Debian stable. If they all upgraded to the 0.2.4.x tree, the network
as a whole would become a lot more secure as 0.2.4.x allows clients to
use stronger crypto for connections built through these nodes.” Other
benefits, including the various measures taken to defend against OpenSSL
vulnerabilities discovered earlier this year, make this an attractive
The update  will be shipped in the forthcoming point release (7.6) of
Debian Wheezy, on July 12th.
Building on the May release of experimental Tor Browsers hardened with
AddressSanitizer (ASan) , Georg Koppen announced  a new set of
experimental Linux builds that include both AddressSanitizer and
Undefined Behaviour Sanitizer (UBSan), asking for testing and feedback.
See Georg’s message for download and build instructions, as well as a
couple of known issues.
Nick Mathewson reminded  Tor users, relay operators, and especially
hidden service administrators that tor’s 0.2.2 series is no longer
supported, and many features will soon stop working entirely; if you are
affected, then please upgrade!
Several of Tor’s Google Summer of Code students submitted their regular
progress reports: Daniel Martí on the implementation of consensus
diffs , Mikhail Belous on the multicore tor daemon , Juha Nurmi
on the ahmia.fi project , Zack Mullaly on the HTTPS Everywhere
secure ruleset update mechanism , Amogh Pradeep on the Orbot+Orfox
project , Sreenatha Bhatlapenumarthi on the Tor Weather
rewrite , Marc Juarez on the link-padding pluggable transport
development , Israel Leiva on the GetTor revamp , Quinn Jarrell
on the pluggable transport combiner , Kostas Jakeliunas on the
BridgeDB Twitter Distributor , and Noah Rahman on Stegotorus
security enhancement .
Researchers from the Internet Geographies project at the Oxford Internet
Institute produced a cartogram  of Tor users by country, using
archived data freely available from the Tor Project’s own Metrics
portal , along with an analysis of the resulting image. “As ever
more governments seek to control and censor online activities, users
face a choice to either perform their connected activities in ways that
adhere to official policies, or to use anonymity to bring about a freer
and more open Internet”, they conclude.
Andrew Lewman reported  that users with email addresses at Yahoo and
AOL have been removed from the tor-relays mailing list , as these
addresses have been bouncing list emails.
Thanks to the FoDT.it webteam  and Maxanoo  for running mirrors
of the Tor Project’s website!
fr33tux shared  the slides  for a French-language presentation
on Tor, delivered at Université de technologie Belfort-Montbéliard. The
source code (in the LaTeX markup language) is also available : “feel
free to borrow whatever you want from it!”
Thanks to Ximin Luo, the server component of Flashproxy  is now
available in Debian  in the “pt-websocket” package.
A couple of weeks ago, Roger Dingledine wondered “how many relays are
firewalling certain outbound ports (and thus messing with connectivity
inside the Tor network)”. ra has just published the results  of a
three-week-long test of the interconnectivity between 6730 relays.
Contacting the operators of problematic relays is probably the next step
for those who wish to keep the network at its best.
George Kadianakis slipped on his storyteller costume to guide us 
through layers of the Tor core, motivated by the quest for knowledge.
That accursed riddle, “Why does Roger have so many guards?”, now has an
answer. Be prepared for a “beautiful stalagmite” and the “truly amazing”
nature of Tor!
Tor help desk roundup
If the Tor Browser stalls while “loading the network status”, please
double-check that the system clock is accurate; the same goes for the
timezone and daylight saving time settings. Tor needs an accurate clock
in order to prevent several classes of attacks on its protocol. It won’t
work properly when the local time does not match the one used by other
Easy development tasks to get involved with
When the tor daemon is configured to open a SOCKS port on a public
address, it warns about this possible configuration problem twice: once
when it reads the configuration file, and a second time when it opens
the listener. One warning should be enough. We had a friendly volunteer
two years ago who sketched out possible fixes and even wrote a patch,
but then concluded that his patch had a problem and went away. If you’re
up to some digging into tor’s configuration file handling, and want to
clean up a two-year-old patch potentially to be included in tor 0.2.6,
please find the details in the ticket . It’s tagged as easy, so how
hard can it be?
June 25 19:00 UTC | little-t tor development meeting
| #tor-dev, irc.oftc.net
June 27 15:00 UTC | Tor Browser online meeting
| #tor-dev, irc.oftc.net
June 30 — July 4 | Tor’s Summer Dev Meeting
| Paris, France
July 5-11 | Lunar @ Libre Software Meeting 2014
| Montpellier, France
This issue of Tor Weekly News has been assembled by harmony, Lunar,
Matt Pagan, Karsten Loesing, and Roger Dingledine.
Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page , write down your
name and subscribe to the team mailing list  if you want to
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: Digital signature
More information about the tor-news