Delivery-Date: Wed, 25 Jun 2014 09:41:48 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.8 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD,UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 098AF1E0B82
	for <archiver@seul.org>; Wed, 25 Jun 2014 09:41:45 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 51AA62F75C;
	Wed, 25 Jun 2014 13:41:39 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id E10982F6E4;
 Wed, 25 Jun 2014 13:31:03 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id TT1a0RF2HljZ; Wed, 25 Jun 2014 13:31:03 +0000 (UTC)
Received: from mail.potager.org (quatre.potager.org [91.194.60.100])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "*.potager.org",
 Issuer "StartCom Class 2 Primary Intermediate Server CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 949D92F64C;
 Wed, 25 Jun 2014 13:31:03 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1]) with ESMTPSA id 65A7CC2B5F6
Date: Wed, 25 Jun 2014 15:30:57 +0200
From: Lunar <lunar@torproject.org>
To: tor-news@lists.torproject.org, tor-talk@lists.torproject.org
Message-ID: <20140625133057.GD5619@loar>
Mail-Followup-To: tor-news@lists.torproject.org, tor-talk@lists.torproject.org
MIME-Version: 1.0
User-Agent: Mutt/1.5.23 (2014-03-12)
Subject: [tor-talk] =?utf-8?q?Tor_Weekly_News_=E2=80=94_June_25th=2C_2014?=
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============7621735918245700138=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>


--===============7621735918245700138==
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="3Gf/FFewwPeBMqCJ"
Content-Disposition: inline


--3Gf/FFewwPeBMqCJ
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Tor Weekly News                                          June 25th, 2014
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

Welcome to the twenty-fifth issue of Tor Weekly News in 2014, the weekly
newsletter that covers what is happening in the community around Tor,
the =E2=80=9Cfine-meshed net=E2=80=9D=C2=A0[1].

   [1]:=C2=A0https://lists.torproject.org/pipermail/tor-talk/2014-June/0333=
58.html

Tor 0.2.5.5-alpha is out
------------------------

Tor 0.2.5.5-alpha was released=C2=A0[2], fixing =E2=80=9Ca wide variety of =
remaining
issues in the Tor 0.2.5.x release series, including a couple of DoS
issues, some performance regressions, a large number of bugs affecting
the Linux seccomp2 sandbox code, and various other bugfixes=E2=80=9D, in Ni=
ck
Mathewson=E2=80=99s words. Among the major security improvements is an
adjustment to the way Tor decides when to close TLS connections, which
=E2=80=9Cshould improve Tor=E2=80=99s resistance against some kinds of traf=
fic analysis,
and lower some overhead from needlessly closed connections=E2=80=9D.

You can download the source tarball=C2=A0[3], or install the package by
following the instructions for your system=C2=A0[4]. This release is also n=
ow
available in the Debian=C2=A0[5] and Tor Project=C2=A0[6] repositories.

   [2]:=C2=A0https://lists.torproject.org/pipermail/tor-talk/2014-June/0333=
47.html
   [3]:=C2=A0https://www.torproject.org/dist/
   [4]:=C2=A0https://www.torproject.org/docs/installguide
   [5]:=C2=A0http://packages.qa.debian.org/t/tor/news/20140619T120436Z.html
   [6]:=C2=A0https://www.torproject.org/docs/debian.html.en#development

Debian Wheezy=E2=80=99s tor version to be updated
-----------------------------------------

Following a suggestion by Peter Palfrader=C2=A0[7], Debian developers are
preparing to update the version of tor found in the Debian stable
repositories from 0.2.3.25 to 0.2.4.22. Among the chief motives for
doing so is that =E2=80=9Cabout a quarter of the Tor network (just consider=
ing
the relays, not any clients), is on 0.2.3.25, presumably because they
run Debian stable. If they all upgraded to the 0.2.4.x tree, the network
as a whole would become a lot more secure as 0.2.4.x allows clients to
use stronger crypto for connections built through these nodes.=E2=80=9D Oth=
er
benefits, including the various measures taken to defend against OpenSSL
vulnerabilities discovered earlier this year, make this an attractive
proposal.

The update=C2=A0[8] will be shipped in the forthcoming point release (7.6) =
of
Debian Wheezy, on July 12th.

   [7]:=C2=A0https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D751977
   [8]:=C2=A0https://lists.debian.org/debian-changes/2014/06/msg00072.html

Miscellaneous news
------------------

Building on the May release of experimental Tor Browsers hardened with
AddressSanitizer (ASan)=C2=A0[9], Georg Koppen announced=C2=A0[10] a new se=
t of
experimental Linux builds that include both AddressSanitizer and
Undefined Behaviour Sanitizer (UBSan), asking for testing and feedback.
See Georg=E2=80=99s message for download and build instructions, as well as=
 a
couple of known issues.

   [9]:=C2=A0https://lists.torproject.org/pipermail/tor-qa/2014-May/000414.=
html
  [10]:=C2=A0https://lists.torproject.org/pipermail/tor-qa/2014-June/000428=
=2Ehtml

Nick Mathewson reminded=C2=A0[11] Tor users, relay operators, and especially
hidden service administrators that tor=E2=80=99s 0.2.2 series is no longer
supported, and many features will soon stop working entirely; if you are
affected, then please upgrade!

  [11]:=C2=A0https://lists.torproject.org/pipermail/tor-talk/2014-June/0333=
76.html

Several of Tor=E2=80=99s Google Summer of Code students submitted their reg=
ular
progress reports: Daniel Mart=C3=AD on the implementation of consensus
diffs=C2=A0[12], Mikhail Belous on the multicore tor daemon=C2=A0[13], Juha=
 Nurmi
on the ahmia.fi project=C2=A0[14], Zack Mullaly on the HTTPS Everywhere
secure ruleset update mechanism=C2=A0[15], Amogh Pradeep on the Orbot+Orfox
project=C2=A0[16], Sreenatha Bhatlapenumarthi on the Tor Weather
rewrite=C2=A0[17], Marc Juarez on the link-padding pluggable transport
development=C2=A0[18], Israel Leiva on the GetTor revamp=C2=A0[19], Quinn J=
arrell
on the pluggable transport combiner=C2=A0[20], Kostas Jakeliunas on the
BridgeDB Twitter Distributor=C2=A0[21], and Noah Rahman on Stegotorus
security enhancement=C2=A0[22].

  [12]:=C2=A0https://lists.torproject.org/pipermail/tor-dev/2014-June/00703=
0.html
  [13]:=C2=A0https://lists.torproject.org/pipermail/tor-dev/2014-June/00703=
4.html
  [14]:=C2=A0https://lists.torproject.org/pipermail/tor-reports/2014-June/0=
00564.html
  [15]:=C2=A0https://lists.eff.org/pipermail/https-everywhere/2014-June/002=
147.html
  [16]:=C2=A0https://lists.torproject.org/pipermail/tor-dev/2014-June/00703=
6.html
  [17]:=C2=A0https://lists.torproject.org/pipermail/tor-dev/2014-June/00703=
7.html
  [18]:=C2=A0https://lists.torproject.org/pipermail/tor-reports/2014-June/0=
00567.html
  [19]:=C2=A0https://lists.torproject.org/pipermail/tor-dev/2014-June/00703=
9.html
  [20]:=C2=A0https://lists.torproject.org/pipermail/tor-dev/2014-June/00704=
0.html
  [21]:=C2=A0https://lists.torproject.org/pipermail/tor-dev/2014-June/00704=
1.html
  [22]:=C2=A0https://lists.torproject.org/pipermail/tor-dev/2014-June/00704=
3.html

Researchers from the Internet Geographies project at the Oxford Internet
Institute produced a cartogram=C2=A0[23] of Tor users by country, using
archived data freely available from the Tor Project=E2=80=99s own Metrics
portal=C2=A0[24], along with an analysis of the resulting image. =E2=80=9CA=
s ever
more governments seek to control and censor online activities, users
face a choice to either perform their connected activities in ways that
adhere to official policies, or to use anonymity to bring about a freer
and more open Internet=E2=80=9D, they conclude.

  [23]:=C2=A0http://geography.oii.ox.ac.uk/?page=3Dtor
  [24]:=C2=A0https://metrics.torproject.org

Andrew Lewman reported=C2=A0[25] that users with email addresses at Yahoo a=
nd
AOL have been removed from the tor-relays mailing list=C2=A0[26], as these
addresses have been bouncing list emails.

  [25]:=C2=A0https://lists.torproject.org/pipermail/tor-relays/2014-June/00=
4752.html
  [26]:=C2=A0https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-rela=
ys

Thanks to the FoDT.it webteam=C2=A0[27] and Maxanoo=C2=A0[28] for running m=
irrors
of the Tor Project=E2=80=99s website!

  [27]:=C2=A0https://lists.torproject.org/pipermail/tor-mirrors/2014-June/0=
00617.html
  [28]:=C2=A0https://lists.torproject.org/pipermail/tor-mirrors/2014-June/0=
00619.html

fr33tux shared=C2=A0[29] the slides=C2=A0[30] for a French-language present=
ation
on Tor, delivered at Universit=C3=A9 de technologie Belfort-Montb=C3=A9liar=
d. The
source code (in the LaTeX markup language) is also available=C2=A0[31]: =E2=
=80=9Cfeel
free to borrow whatever you want from it!=E2=80=9D

  [29]:=C2=A0https://lists.torproject.org/pipermail/tor-talk/2014-June/0333=
37.html
  [30]:=C2=A0http://fr33tux.org/data/prez.pdf
  [31]:=C2=A0http://git.fr33tux.org/conference_tor_utbm.git

Thanks to Ximin Luo, the server component of Flashproxy=C2=A0[32] is now
available in Debian=C2=A0[33] in the =E2=80=9Cpt-websocket=E2=80=9D package.

  [32]:=C2=A0https://crypto.stanford.edu/flashproxy/
  [33]:=C2=A0https://packages.debian.org/sid/pt-websocket

A couple of weeks ago, Roger Dingledine wondered =E2=80=9Chow many relays a=
re
firewalling certain outbound ports (and thus messing with connectivity
inside the Tor network)=E2=80=9D. ra has just published the results=C2=A0[3=
4] of a
three-week-long test of the interconnectivity between 6730 relays.
Contacting the operators of problematic relays is probably the next step
for those who wish to keep the network at its best.

  [34]:=C2=A0https://bugs.torproject.org/12131#comment:11

George Kadianakis slipped on his storyteller costume to guide us=C2=A0[35]
through layers of the Tor core, motivated by the quest for knowledge.
That accursed riddle, =E2=80=9CWhy does Roger have so many guards?=E2=80=9D=
, now has an
answer. Be prepared for a =E2=80=9Cbeautiful stalagmite=E2=80=9D and the =
=E2=80=9Ctruly amazing=E2=80=9D
nature of Tor!

  [35]:=C2=A0https://lists.torproject.org/pipermail/tor-dev/2014-June/00704=
2.html

Tor help desk roundup
---------------------

If the Tor Browser stalls while =E2=80=9Cloading the network status=E2=80=
=9D, please
double-check that the system clock is accurate; the same goes for the
timezone and daylight saving time settings. Tor needs an accurate clock
in order to prevent several classes of attacks on its protocol. It won=E2=
=80=99t
work properly when the local time does not match the one used by other
network participants.

Easy development tasks to get involved with
-------------------------------------------

When the tor daemon is configured to open a SOCKS port on a public
address, it warns about this possible configuration problem twice: once
when it reads the configuration file, and a second time when it opens
the listener. One warning should be enough. We had a friendly volunteer
two years ago who sketched out possible fixes and even wrote a patch,
but then concluded that his patch had a problem and went away. If you=E2=80=
=99re
up to some digging into tor=E2=80=99s configuration file handling, and want=
 to
clean up a two-year-old patch potentially to be included in tor 0.2.6,
please find the details in the ticket=C2=A0[36]. It=E2=80=99s tagged as eas=
y, so how
hard can it be?

  [36]:=C2=A0https://bugs.torproject.org/4019

Upcoming events
---------------

June 25 19:00 UTC | little-t tor development meeting
                  | #tor-dev, irc.oftc.net
                  | https://lists.torproject.org/pipermail/tor-dev/2014-May=
/006888.html
                  |
June 27 15:00 UTC | Tor Browser online meeting
                  | #tor-dev, irc.oftc.net
                  | https://lists.torproject.org/pipermail/tbb-dev/2014-Apr=
il/000049.html
                  |
 June 30 =E2=80=94 July 4 | Tor=E2=80=99s Summer Dev Meeting
                  | Paris, France
                  | https://trac.torproject.org/projects/tor/wiki/org/meeti=
ngs/2014SummerDevMeeting
                  |
        July 5-11 | Lunar @ Libre Software Meeting 2014
                  | Montpellier, France
                  | https://2014.rmll.info/?lang=3Den


This issue of Tor Weekly News has been assembled by harmony, Lunar,
Matt Pagan, Karsten Loesing, and Roger Dingledine.

Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page=C2=A0[37], write down your
name and subscribe to the team mailing list=C2=A0[38] if you want to
get involved!

  [37]:=C2=A0https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
  [38]:=C2=A0https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team

--3Gf/FFewwPeBMqCJ
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBCAAGBQJTqs8RAAoJEEgU3sIrMHw85p0P/RX/wr4oUefEI+5J86ihWMBc
8JLdmdaD9fpXN8bVK4DRwDuhtZeG7m41TOXDW/xJ0tobRFGjiSlsGSrifxbd/Q/T
qzWKualmfYXRD8T6d08wmOj5W9KUVTaHCygzaT8KODF6TuXbLu19QtUrVwBymH+t
zDfmjV1mUfv2NzHWG/CDuvDFhJt6d0jNvB5wTlcJrjrazBdhdYUQWTUdzEwuyq2F
n6ftAP1T5aJN8nXX5qT/ZlVMfPEK78neOouGFDjZ6uo/Zfko/YaFCn2BdtfS3xfU
7fRXdfubbPMsCw6dGLHtd0UQQwGumbTKxLCMVO0p7UOrNahNQ1mvJsMaC0wExoWf
RlMqmVuGvf5DwZye2IO3jdGwA+KMVNnZgA/XAbf1ShdhsfBi/3vbuL+U5bAiY6ix
Psd0/Rr2+++vRJ68Tiba1bm0AGDGGQKMiPDBh6JrzZq9kB7RhUALtCqtHNJeNgV4
6Phjf8ysccy/9wRGXgdPNPQFuaXVBfPOd+dl5GLHeWbmVG51db8i1ecbVgSF/ZWJ
xH7Aka6dIvCWu08TM+Fzv83dpBLvO0Ps3ccQA5L6jZLNpaTIOikMAwja9He2urXE
IXHCGlJ0RX0Puyd7okIcSMTuuGWa+8mgJIUJt+f4IYdDFWPP2wfd8oJFe/zQk75D
1JbwhzwII0ACDVIxxMJf
=QfrY
-----END PGP SIGNATURE-----

--3Gf/FFewwPeBMqCJ--

--===============7621735918245700138==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============7621735918245700138==--

