News
Analyzed 4 days
ago based on code collected 4 days ago.
|
Posted
about 2 years
ago
by
erinn
New Vidalia and Tor releases mean lots and lots of new packages. You can download most of them from the download page.
RPM users: we'll have all of the RPMs up within the next 24 hours. Everyone else, read on for Tor Browser Bundle ... [More] changelogs and other packages. Bridge-by-Default Bundle Windows Bridge by Default Vidalia Bundle (sig) Tor Browser Bundle with Firefox 4 Tor Browser Bundle (2.2.24-1) alpha; suite=osx 64-bit OS X Tor Browser Bundle with Firefox 4 (sig) 32-bit OS X Tor Browser Bundle with Firefox 4 (sig) Update Tor to 0.2.2.24-alpha Update Vidalia to 0.2.12 Update NoScript to 2.1.0.1 Tor Browser Bundle (2.2.24-1) alpha; suite=linux 64-bit GNU/Linux Tor Browser Bundle with Firefox 4 (sig) 32-bit GNU/Linux Tor Browser Bundle with Firefox 4 (sig) Update Tor to 0.2.2.24-alpha Update Vidalia to 0.2.12 Update NoScript to 2.1.0.1 Fix missing extensions by putting them in the right location (closes: #2828) Disable plugin searching (closes: #2827) Tor Browser Bundle with Firefox 3.6 https://www.torproject.org/projects/torbrowser Windows 1.3.23: Released 2011-04-13 Update Vidalia to 0.2.12 Fix langpack mistake that made Firefox only use English Linux 1.1.7: Released 2011-04-12 Update Tor to 0.2.2.24-alpha Update Vidalia to 0.2.12 Update NoScript to 2.1.0.1 OS X 1.0.15: Released 2011-04-11 Update Tor to 0.2.2.24-alpha Update Vidalia to 0.2.12 Update NoScript to 2.1.0.1 [Less] |
||||||
|
Posted
about 2 years
ago
by
erinn
Tor 0.2.2.24-alpha fixes a variety of bugs, including a big bug that
prevented Tor clients from effectively using "multihomed" bridges, that is, bridges that listen on multiple ports or IP addresses so users can continue to use some of ... [More] their addresses even if others get blocked. https://www.torproject.org/download/download Major bugfixes: Fix a bug where bridge users who configure the non-canonical address of a bridge automatically switch to its canonical address. If a bridge listens at more than one address, it should be able to advertise those addresses independently and any non-blocked addresses should continue to work. Bugfix on Tor 0.2.0.x. Fixes bug 2510. If you configured Tor to use bridge A, and then quit and configured Tor to use bridge B instead, it would happily continue to use bridge A if it's still reachable. While this behavior is a feature if your goal is connectivity, in some scenarios it's a dangerous bug. Bugfix on Tor 0.2.0.1-alpha; fixes bug 2511. Directory authorities now use data collected from their own uptime observations when choosing whether to assign the HSDir flag to relays, instead of trusting the uptime value the relay reports in its descriptor. This change helps prevent an attack where a small set of nodes with frequently-changing identity keys can blackhole a hidden service. (Only authorities need upgrade; others will be fine once they do.) Bugfix on 0.2.0.10-alpha; fixes bug 2709. Minor bugfixes: When we restart our relay, we might get a successful connection from the outside before we've started our reachability tests, triggering a warning: "ORPort found reachable, but I have no routerinfo yet. Failing to inform controller of success." This bug was harmless unless Tor is running under a controller like Vidalia, in which case the controller would never get a REACHABILITY_SUCCEEDED status event. Bugfix on 0.1.2.6-alpha; fixes bug 1172. Make directory authorities more accurate at recording when relays that have failed several reachability tests became unreachable, so we can provide more accuracy at assigning Stable, Guard, HSDir, etc flags. Bugfix on 0.2.0.6-alpha. Resolves bug 2716. - Fix an issue that prevented static linking of libevent on some platforms (notably Linux). Fixes bug 2698; bugfix on versions 0.2.1.23/0.2.2.8-alpha (the versions introducing the --with-static-libevent configure option). We now ask the other side of a stream (the client or the exit) for more data on that stream when the amount of queued data on that stream dips low enough. Previously, we wouldn't ask the other side for more data until either it sent us more data (which it wasn't supposed to do if it had exhausted its window!) or we had completely flushed all our queued data. This flow control fix should improve throughput. Fixes bug 2756; bugfix on the earliest released versions of Tor (svn commit r152). Avoid a double-mark-for-free warning when failing to attach a transparent proxy connection. (We thought we had fixed this in 0.2.2.23-alpha, but it turns out our fix was checking the wrong connection.) Fixes bug 2757; bugfix on 0.1.2.1-alpha (the original bug) and 0.2.2.23-alpha (the incorrect fix). When warning about missing zlib development packages during compile, give the correct package names. Bugfix on 0.2.0.1-alpha. Minor features: Directory authorities now log the source of a rejected POSTed v3 networkstatus vote. Make compilation with clang possible when using --enable-gcc-warnings by removing two warning optionss that clang hasn't implemented yet and by fixing a few warnings. Implements ticket 2696. When expiring circuits, use microsecond timers rather than one-second timers. This can avoid an unpleasant situation where a circuit is launched near the end of one second and expired right near the beginning of the next, and prevent fluctuations in circuit timeout values. Use computed circuit-build timeouts to decide when to launch parallel introduction circuits for hidden services. (Previously, we would retry after 15 seconds.) Packaging fixes: Create the /var/run/tor directory on startup on OpenSUSE if it is not already created. Patch from Andreas Stieger. Fixes bug 2573. Documentation changes: Modernize the doxygen configuration file slightly. Fixes bug 2707. Resolve all doxygen warnings except those for missing documentation. Fixes bug 2705. Add doxygen documentation for more functions, fields, and types. [Less] |
||||||
|
Posted
about 2 years
ago
by
erinn
The new release of Vidalia 0.2.12 is out. We'd also like to congratulate Tomás Touceda on his first release and thank him for all his work and patience in getting this out!
https://www.torproject.org/download 0.2.12 ... [More] 10-Apr-2011 Vidalia's SVN repository has been migrated to Git. All branches but master have been archived for later review, since SVN trunk had changed significantly; they should be reviewed later to determine whether they can and should still be merged. All \version $Id$ headers have been removed since Git does not support $Id$. As part of the move, Vidalia's Trac is now at: https://trac.torproject.org/ All Trac numbers in Vidalia 0.2.12 and beyond refer to the new Trac entries. The old Trac is archived for posterity at: https://trac-vidalia.torproject.org/projects/vidalia Add support for Tor's ControlSocket as an alternative to ControlPort. It can be used for Linux maintainers to build a better default interaction between Tor and Vidalia by just setting the right permissions and file owner on the socket file for the connection. Using ControlSocket means you don't need to worry about authentication methods with ControlPort. Resolves bug 2091. Add a way to edit arbitrary torrc entries while Tor is running. Now Vidalia users have more flexibility for configuring Tor. This change doesn't replace editing torrc directly, because on some systems (like Debian) Tor can't write to its torrc file. Resolves bug 2083. Remove Vidalia's direct dependency on OpenSSL. This dependency had caused Vidalia to fail to run on FreeBSD (due to a bug in the FreeBSD ports collection) and Fedora 14 (due to an incompatibility between OpenSSL and Fedora's SELinux configuration). Resolves bug 2287 and 2611. Restore compatibility with Windows 2000. An update to the MiniUPnPc library had introduced an unnecessary dependency on a system library not included in Windows 2000. Fixes bug 2612. Fix how the advanced message log window displays message updates when messages are coming in too quickly, for example when you're listening to debug-level messages from Tor. Fixes bug 2093. Add a what's this? link to the bridge option to explain in a more verbose fashion what being a bridge involves. Resolves bug 1995. Prompt users to restart Tor after changing the path to torrc. Fixes bug 2086. Disable the directory port configuration field when configuring a bridge. A bridge does not need to operate a separate directory port, and operating one can make a bridge easier to detect. Fixes bug 2431. When Vidalia asks Tor for a bridge's usage history before anyone has used it, correctly report that no clients have used the bridge recently. Previously, it would incorrectly warn that it was unable to retrieve the bridge's usage history. Fixes bug 2186. [Less] |
||||||
|
Posted
about 2 years
ago
by
phobos
Introducing a new monthly progress report format. Since June 2008, I've been posting the monthly reports we write for our sponsors as blog posts. The goal is to share with you, our community, what we do every month in an easy to understand
... [More]
, summarized way.
Over the past year, I've had a few requests to make these monthly progress reports into a file format people can take with them for reading offline. For all of 2011, I'm going to be attaching a PDF file (generated by LaTeX) to the reports. I've gone back to January 2011 and February 2011 and attached the files to each post, respectively. The PDF includes graphs and is generally much easier to read than printing the blog post to a PDF file. The March 2011 Progress Report is attached to this post. The standard text-based report is below. New releases, new hires, new funding New Hires Contracted Tomas Touceda to fix bugs and develop new features for the Tor graphical controller, Vidalia. New Funding Tor receives an anonymous donation to improve hidden services performance, reliability, and general bug fixes. New Releases On March 9th we released updated Tor Browser Bundles for Microsoft Windows, Apple OS X, and GNU/Linux operating systems. All of the Tor Browser Bundles have been updated with Firefox 3.6.15 and the alpha bundles for Mac OS X and Linux have also been updated with Tor 0.2.2.23-alpha. Windows bundles 1.3.20: Released 2011-03-07 Update Firefox to 3.6.15 Linux bundles 1.1.5: Released 2011-03-09 Update Tor to 0.2.2.23-alpha Update Firefox to 3.6.15 Update NoScript to 2.0.9.8 Update HTTPS-Everywhere to 0.9.9.development.3 OS X bundle 1.0.13: Released 2011-03-09 Update Tor to 0.2.2.23-alpha Update Firefox to 3.6.15, and use the Mozilla version until I get it to build on OS X 10.6 (Snow Leopard) Update NoScript to 2.0.9.8 Update HTTPS-Everywhere to 0.9.9.development.3 On March 8th, we released the latest in the tor -alpha series, 0.2.2.23. Tor 0.2.2.23-alpha lets relays record their bandwidth history so when they restart they don't lose their bandwidth capacity estimate. This release also fixes a diverse set of user-facing bugs, ranging from relays overrunning their rate limiting to clients falsely warning about clock skew to bridge descriptor leaks by our bridge directory authority. Changes in version 0.2.2.23-alpha - 2011-03-08 o Major bugfixes: - Stop sending a CLOCK_SKEW controller status event whenever we fetch directory information from a relay that has a wrong clock. Instead, only inform the controller when it's a trusted authority that claims our clock is wrong. Bugfix on 0.1.2.6-alpha; fixes the rest of bug 1074. - Fix an assert in parsing router descriptors containing IPv6 addresses. This one took down the directory authorities when somebody tried some experimental code. Bugfix on 0.2.1.3-alpha. - Make the bridge directory authority refuse to answer directory requests for "all" descriptors. It used to include bridge descriptors in its answer, which was a major information leak. Found by "piebeer". Bugfix on 0.2.0.3-alpha. - If relays set RelayBandwidthBurst but not RelayBandwidthRate, Tor would ignore their RelayBandwidthBurst setting, potentially using more bandwidth than expected. Bugfix on 0.2.0.1-alpha. Reported by Paul Wouters. Fixes bug 2470. - Ignore and warn if the user mistakenly sets "PublishServerDescriptor hidserv" in her torrc. The 'hidserv' argument never controlled publication of hidden service descriptors. Bugfix on 0.2.0.1-alpha. o Major features: - Relays now save observed peak bandwidth throughput rates to their state file (along with total usage, which was already saved) so that they can determine their correct estimated bandwidth on restart. Resolves bug 1863, where Tor relays would reset their estimated bandwidth to 0 after restarting. - Directory authorities now take changes in router IP address and ORPort into account when determining router stability. Previously, if a router changed its IP or ORPort, the authorities would not treat it as having any downtime for the purposes of stability calculation, whereas clients would experience downtime since the change could take a while to propagate to them. Resolves issue 1035. - Enable Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) by default on Windows to make it harder for attackers to exploit vulnerabilities. Patch from John Brooks. o Minor bugfixes (on 0.2.1.x and earlier): - Fix a rare crash bug that could occur when a client was configured with a large number of bridges. Fixes bug 2629; bugfix on 0.2.1.2-alpha. Bugfix by trac user "shitlei". - Avoid a double mark-for-free warning when failing to attach a transparent proxy connection. Bugfix on 0.1.2.1-alpha. Fixes bug 2279. - Correctly detect failure to allocate an OpenSSL BIO. Fixes bug 2378; found by "cypherpunks". This bug was introduced before the first Tor release, in svn commit r110. - Country codes aren't supported in EntryNodes until 0.2.3.x, so don't mention them in the manpage. Fixes bug 2450; issue spotted by keb and G-Lo. - Fix a bug in bandwidth history state parsing that could have been triggered if a future version of Tor ever changed the timing granularity at which bandwidth history is measured. Bugfix on Tor 0.1.1.11-alpha. - When a relay decides that its DNS is too broken for it to serve as an exit server, it advertised itself as a non-exit, but continued to act as an exit. This could create accidental partitioning opportunities for users. Instead, if a relay is going to advertise reject *:* as its exit policy, it should really act with exit policy "reject *:*". Fixes bug 2366. Bugfix on Tor 0.1.2.5-alpha. Bugfix by user "postman" on trac. - In the special case where you configure a public exit relay as your bridge, Tor would be willing to use that exit relay as the last hop in your circuit as well. Now we fail that circuit instead. Bugfix on 0.2.0.12-alpha. Fixes bug 2403. Reported by "piebeer". - Fix a bug with our locking implementation on Windows that couldn't correctly detect when a file was already locked. Fixes bug 2504, bugfix on 0.2.1.6-alpha. - Fix IPv6-related connect() failures on some platforms (BSD, OS X). Bugfix on 0.2.0.3-alpha; fixes first part of bug 2660. Patch by "piebeer". - Set target port in get_interface_address6() correctly. Bugfix on 0.1.1.4-alpha and 0.2.0.3-alpha; fixes second part of bug 2660. - Directory authorities are now more robust to hops back in time when calculating router stability. Previously, if a run of uptime or downtime appeared to be negative, the calculation could give incorrect results. Bugfix on 0.2.0.6-alpha; noticed when fixing bug 1035. - Fix an assert that got triggered when using the TestingTorNetwork configuration option and then issuing a GETINFO config-text control command. Fixes bug 2250; bugfix on 0.2.1.2-alpha. o Minor bugfixes (on 0.2.2.x): - Clients should not weight BadExit nodes as Exits in their node selection. Similarly, directory authorities should not count BadExit bandwidth as Exit bandwidth when computing bandwidth-weights. Bugfix on 0.2.2.10-alpha; fixes bug 2203. - Correctly clear our dir_read/dir_write history when there is an error parsing any bw history value from the state file. Bugfix on Tor 0.2.2.15-alpha. - Resolve a bug in verifying signatures of directory objects with digests longer than SHA1. Bugfix on 0.2.2.20-alpha. Fixes bug 2409. Found by "piebeer". - Bridge authorities no longer crash on SIGHUP when they try to publish their relay descriptor to themselves. Fixes bug 2572. Bugfix on 0.2.2.22-alpha. o Minor features: - Log less aggressively about circuit timeout changes, and improve some other circuit timeout messages. Resolves bug 2004. - Log a little more clearly about the times at which we're no longer accepting new connections. Resolves bug 2181. - Reject attempts at the client side to open connections to private IP addresses (like 127.0.0.1, 10.0.0.1, and so on) with a randomly chosen exit node. Attempts to do so are always ill-defined, generally prevented by exit policies, and usually in error. This will also help to detect loops in transparent proxy configurations. You can disable this feature by setting "ClientRejectInternalAddresses 0" in your torrc. - Always treat failure to allocate an RSA key as an unrecoverable allocation error. - Update to the March 1 2011 Maxmind GeoLite Country database. o Minor features (log subsystem): - Add documentation for configuring logging at different severities in different log domains. We've had this feature since 0.2.1.1-alpha, but for some reason it never made it into the manpage. Fixes bug 2215. - Make it simpler to specify "All log domains except for A and B". Previously you needed to say "[*,~A,~B]". Now you can just say "[~A,~B]". - Add a "LogMessageDomains 1" option to include the domains of log messages along with the messages. Without this, there's no way to use log domains without reading the source or doing a lot of guessing. o Packaging changes: - Stop shipping the Tor specs files and development proposal documents in the tarball. They are now in a separate git repository at git://git.torproject.org/torspec.git On March 24th, all of the Tor Browser Bundles have been updated with Firefox 3.6.16 and the alpha bundles for Mac OS X and Linux have also been updated to use Libevent 2, as well as a number of extension updates. The changelogs are below. Windows bundles 1.3.21: Released 2011-03-23 Update Firefox to 3.6.16 Update HTTPS-Everywhere to 0.9.9.development.4 Linux bundles 1.1.6: Released 2011-03-23 Update Firefox to 3.6.16 Update Libevent to 2.0.10-stable Update NoScript to 2.0.9.9 Update HTTPS-Everywhere to 0.9.9.development.4 Update BetterPrivacy to 1.49 OS X bundle 1.0.14: Released 2011-03-23 Update Firefox to 3.6.16 Update Libevent to 2.0.10-stable Update NoScript to 2.0.9.9 Update HTTPS-Everywhere to 0.9.9.development.4 Update BetterPrivacy to 1.49 On March 27th, we have new Firefox 4 Tor Browser Bundles available for OS X. They come in 64- and 32-bit versions, and one important fix for 10.6 64-bit users is that Firefox no longer crashes on initial startup. These are alpha, but they are going to be a permanent addition to the Tor Browser Bundle family and will be maintained from now on. These have thus far only been tested on Snow Leopard, but the 32-bit bundle ought to work on Leopard. Tor Browser Bundle (2.2.23-1) alpha; suite=osx Create new bundles for Firefox 4, both i386 and x86_64 (closes: #2140) Update Tor to 0.2.2.23-alpha Update Torbutton to 1.3.2-alpha Update OpenSSL to 1.0.0d Update HTTPS-Everywhere to 0.9.9.development.4 Update NoScript to 2.0.9.9 Update BetterPrivacy to 1.49 On March 31st, we released bridge by default bundles. These were previously released as a technology preview but we're going to bring them back on a consistent basis. We have an updated bridge by default Vidalia bundle for Windows available with Tor 0.2.2.23-alpha. On March 31st, we now have Firefox 4 bundles available for GNU/Linux. Tor Browser Bundle (2.2.23-1) alpha; suite=linux Create new bundles for Firefox 4, both i386 and x86_64 Update Tor to 0.2.2.23-alpha Update Torbutton to 1.3.2-alpha Update OpenSSL to 1.0.0d Update HTTPS-Everywhere to 0.9.9.development.4 Update NoScript to 2.0.9.9 Update BetterPrivacy to 1.49 On March 21st, we released the latest in the torbutton alpha branch, version 1.3.2. It fixes a few outstanding bugs and better supports Firefox 4. * bug 1624: Use nsIDOMCrypto::logout() instead of the SSLv2 pref hack * bug 1999: Disable tor:// urls by default * bug 1968: Reset window.name on tor toggle * bug 2148: Make refspoofing more uniform * bug 2359: Fix XHTML DTD errors on FF4 * bugs 2465+2421: Fix javascript hook exceptions+issues in FF4.0 * bug 2458: Opt out of Firefox addon usage pings * bug 2377: Limit the Google captcha cookies copied between google TLDs * bug 2491: Clean up checks for when to jar protected cookies * bug 1110: Add popup to ask if we should spoof English Accept: headers * misc: Remove a noisy FF2 nsICookieManager2 fallback check. Design, develop, and implement enhancements that make Tor a better tool for users in censored countries. Jacob did research into and wrote up his analysis of suspicious SSL certificates from Comodo, https://blog.torproject.org/blog/detecting-certificate-authority-compromises-and-web-browser-collusion. Mike wrote a client for EFF's SSL Observatory to provide users with the ability to opt-in to submitting ßtrange" SSL certificates. Mike helped write a paper for the W3C Workshop on Identity in the Browser, http://www.w3.org/2011/identity-ws/Overview.html. Karsten refactored metrics-db and metrics-web by moving a lot of code from metrics-db to metrics-web (#2627). metrics-db is now the tool for collecting and sanitizing metrics data, and metrics-web is the metrics website including the database schema and database import. This separation was necessary to enable people to run their own metrics-web without having to run their own metrics-db. Karsten improved detection of stale bridge descriptor tarballs from Tonga by comparing descriptor publication times to tarball modification times (https://trac.torproject.org/projects/tor/ticket/2570). Karsten extended BridgeDB to dump assignments to disk (https://trac.torproject.org/projects/tor/ticket/2372), wrote a script to convert old BridgeDB logs into assignment files, and extended metrics-db to sanitize these files. The files are now on the metrics website. Karsten provided bridge usage data in a format that researchers can analyze much easier than the original data (https://trac.torproject.org/projects/tor/ticket/2680). Karsten created a Thematic Mapping API prototype as a fancy example for visualizing Tor data (https://trac.torproject.org/projects/tor/ticket/2762). Architecture and technical design docs for Tor enhancements related to blocking-resistance. Karsten wrote a roadmap for the various metrics products or products that have a metrics part: metrics-web, metrics-db, ExoneraTor, VisiTor, BridgeDB, Torperf, Tor websites, bandwidth scanners, TorDNSEL, and Tor. Hide Tor's network signature. The pluggable transport protocol is an official proposal, number 180. https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/180-pluggable-transport.txt Design updates to the TLS cert and parameter normalizations proposal, number 179, https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/179-TLS-cert-and-parameter-normalization.txt. Grow the Tor network and user base. Outreach. Outreach and Advocacy We held a Privacy and Security Workshop at the University of London School of Oriental and African studies, https://blog.torproject.org/blog/london-internet-security-privacy-workshop. At LibrePlanet 2011, Tor received the 2010 FSF/GNU Project Award for Project of Social Benefit. https://blog.torproject.org/blog/tor-project-receives-fsf-award. Roger took a lengthy trip to Taiwan. Spoke at OSDC'11 among other locales. His trip report is at https://blog.torproject.org/blog/trip-report-taipei. Andrew was interviewed by the Washington Post about US firms helping censor the Internet, http://www.washingtonpost.com/wpdyn/content/article/2011/03/09/AR2011030905157_pf.html. Wendy attended ICANN in San Francisco. Andrew met with Gunilla Carlsson, the Swedish Minister of Foreign Development, and staff to discuss Tor, digital democracy, and democratic digitalization, http://www.nyteknik.se/nyheter/it_telekom/internet/article3123594.ece Roger and Robert met ISI to discuss Tor and network simulation, http://www3.isi.edu/home. Andrew was interviewed by Businessweek about social networking, http://www.businessweek.com/magazine/content/11_13/b4221043353206.htm Erinn gave a talk at PMF (mathematiÄki fakultet) Zagreb about Tor. Erinn met with a Zagreb hackerspace, http://www.mi2.hr/, to talk about Tor. Andrew was interviewed by The Telegraph to understand what's going on with Tor and Iran, http://www.telegraph.co.uk/news/worldnews/middleeast/iran/8388484/Iran-cracks-down-on-web-dissident-technology.html Jacob gave a speech at the Royal Military College of Canada, http://www.rmc.ca/ Andrew was featured by CNN on The Situation Room with Wolf Blitzer about US companies helping censor the Internet, http://edition.cnn.com/CNN/Programs/situation.room/ Nick gave a speech at the 4th Usenix Workshop on Large-scale Exploits and Emergent Threats, http://www.usenix.org/events/leet11/. Tor was a finalist in the Index on Censorship New Media award, http://www.indexoncensorship.org/2011/03/free-expression-awards-2011-new-media/ Andrew and Karen talked to the US Senate Committee on Foreign Relations about Tor, online anonymity and privacy. Preconfigured privacy (circumvention) bundles for USB or LiveCD. TAILS nears a 0.7 release through testing of Release Candidates, http://tails.boum.org/. See the "New Releases" section above for the various Tor Browser Bundles released. Bridge relay and bridge authority work. Torservers.net receives $10,000 to operate more bridges to support people in heavily censored areas, https://www.torservers.net/wiki/press. Robert and Christian fixed a few bugs and integrated some features into the Bridge Authority codebase, https://gitweb.torproject.org/bridgedb.git/shortlog. Scalability, load balancing, directory overhead, efficiency. Karsten and Mike started to design a tech report using the torperf to monitor the network through a series of experiments, the ticket list for which is here: https://trac.torproject.org/projects/tor/ticket/2769. Mike did a quick review of Ian, Damon, et al's paper on their flow control and simulator work: https://lists.torproject.org/pipermail/tor-dev/2011-March/002539.html Sebastian worked on libevent and Tor, to make it possible to compile them with clang with warnings. While doing so he started porting some of Tor's configure options to libevent, and fixed a few minor bugs that clang exposed. Sebastian and Tomas converted Vidalia's repository from svn to git. This will allow for more distributed patches and branches. Karsten reviewed and merged Mike's patch for Torperf's consolidate_stats script (https://trac.torproject.org/projects/tor/ticket/2672). Karsten started writing a paper/report on Torperf and the bwscanners together with Mike (https://trac.torproject.org/projects/tor/ticket/2769). Prepared new graphs (https://trac.torproject.org/projects/tor/ticket/2772, https://trac.torproject.org/projects/tor/ticket/2394) and set up Torperfs to determine the optimal circuit build timeout cutoff (https://trac.torproject.org/projects/tor/ticket/2770). Nick updates the core tor specification to include the optimistic data protocol, https://gitweb.torproject.org/torspec.git/commitdiff/ef0bff2ff3c14934a6cd056d8a9d03151741c675 Incentives work. Nothing to report. More reliable (e.g. split) download mechanism. Nothing to report. Footprints from Tor Browser Bundle. Nothing to report. Translation work, ultimately a browser-based approach. Runa did a bundle of work on translations, coordinating translators, and updating our various products with translations. The highlights are: - updated translations from transifex (in translation/trunk/projects/manpages/po: .tx af ak am arn ast az be bg bn bn_IN ca cs csb cy dz el eo eu fil fur ga gl gu gun ha he hi hr ht hu is kn kw lb ln lo lt lv mg mi mk ml mn mr ms mt nap nb ne nl nn nso oc pa pap pms ps pt pt_BR ro sco son su sw ta te tg th ti tk uk ur ve vi wa zh_CN zh_HK zh_TW zu) - updated translations from transifex for orbot (in translation/trunk/projects/orbot/po: .tx af ak am arn ast az be bg bn bn_IN cs csb dz el eo et eu fil fur ga gl gu gun ha he hi hr ht id kn kw lb ln lo lt lv mg mi ml mn mr ms mt my nap ne nn nso oc pa pap pms ps pt_BR ro sco son sw ta te tg th ti tk uk ve vi wa zh_HK zh_TW zu) - updated translations from transifex for torbutton (in translation/trunk/projects/torbutton/po: .tx af ak am arn ast be bg bn bn_IN csb cy dz eo eu fil fur ga gl gun ha he hi ht hu is kn kw lb ln lo lt lv mg mi ml mn mr ms mt nap ne nn nso oc pa pap pms ps sco son su sw ta te tg th ti tk uk ur ve wa zh_HK zu) - updated translations from transifex for torbutton-alpha (in translation/trunk/projects/torbutton-alpha/po: .tx af ak am arn ast az be bg bn bn_IN csb cy dz eo eu fil fur ga gl gun ha he ht hu is kn kw lb ln lo lt lv mg mi mk ml mn mr ms mt nap ne nn nso oc pa pap pms ps sco son su sw ta te tg ti tk ur ve wa zh_HK zu) - updated translations from transifex for torcheck (in translation/trunk/projects/torcheck/po: .tx af ak am arn ast az bg bn_IN csb de_CH dz eo eu fil fur ga gu gun ha he hr ht is kn lb ln lo lt lv mg mi ml mn mr ms mt nah nap ne nn nso oc pa pap pms ps sco son su ta te tg ti tk ur ve zh_HK zu) - updated translations from transifex for the website (in translation/trunk/projects/website/po: .tx zh_CN/about) - updated translations for vidalia (in vidalia/trunk/src/vidalia/i18n/po: .tx af ak am arn ast az be bg bn bn_IN bo br bs ca csb cy de_CH de_DE dz et eu fil fo fur fy ga gl gun ha hi hr ht hy is jv ka km kn ko ku kw ky lb ln lo lt lv mg mi mk ml mn mr ms mt nah nap ne nn nso oc or pa pap pms ps sco sk so son st su sw ta te tg th ti tk uk ur ve vi wa wo zh_HK zu) - updated translations for vidaliahelp (in vidalia/trunk/src/vidalia/help/content/po: .tx af ak am arn ast az be bg bn bn_IN ca cs csb cy dz el eo et eu fil fur ga gl gu gun ha he hi hr ht hu id is kn kw lb ln lo lt lv mg mi mk ml mn mr ms mt nap nb ne nl nn nso oc pa pap pms ps pt ro sco son su sw ta te tg th ti tk tr uk ur ve vi wa zh_HK zh_TW zu) - updated translations for vidalia installer (in vidalia/trunk/pkg/win32/po: .tx af ak am arn ast bg bn_IN csb cy de_CH dz eo eu fil fur ga gl gu gun ha hi hr ht hu is kn lb ln lo lt lv mg mi mk ml mn mr ms mt nah nap ne nn nso oc pa pap pms ps pt_BR sco son su sw ta te tg ti tk ur ve zh_HK zu) - translations for vidaliahelp as html files (in vidalia/trunk/src/vidalia/help/content: . my zh_CN) File translated from TEX by TTH, version 3.85. [Less] |
||||||
|
Posted
about 2 years
ago
by
chiiph
Hello everyone, for those who don't know me, I'm the one that's taking care of Vidalia these days.
The other day I was contacted by paulproteus in the #vidalia IRC channel about an initiative they (OpenHatch) are organizing called "Build ... [More] It". The idea Open Source projects live and die depending on contributors and people that want to see the project evolve, but this isn't so easy sometimes. The guys behind the Build It initiative have a theory about this difficulty: "...lots of users of free desktop software want to get involved in customizing or contributing to the project's development, but they haven't gotten to the first step of getting the program to compile." Since I'm a Gentoo user for years now, the compilation part comes naturally to me and I haven't thought of this issue that way but it's an interesting approach. The event This week, people involved in Vidalia and other Open Source projects will be at a specific time online to help users (future developers, may be :) ) jump over this compilation wall. Particularly, Vidalia is scheduled for this Friday at 13:00 UTC in the same place as usual: #vidalia at OFTC. While this event is taking place on a particular day and a particular time, I'm online all the time (even when I'm not in front of the computer). So if you want to contribute to Vidalia or any of the projects around Tor (or Tor itself), don't hesitate, just get online and start typing, but be patient and stick around. Also, you'd probably want to read this: https://www.torproject.org/getinvolved/volunteer.html.en If you want to know more about the Buld It initiative, you can ask in #openhatch at Freenode, or read here: https://openhatch.org/wiki/Build_it [Less] |
||||||
|
Posted
about 2 years
ago
by
phobos
The latest in the series, tail 0.7 livecd/liveusb anonymous operating system is released. The Amnesic Incognito Live System, version 0.7, is built on top of Debian Squeeze. The full changelog is available at
... [More]
https://tails.boum.org/news/version_0.7/
Highlight include updated Tor, better hardware and 3G modem support, https everywhere, more anonymity and privacy fixes, debian squeeze-based for updated software all around. You can get it at https://tails.boum.org/download/index.en.html [Less] |
||||||
|
Posted
about 2 years
ago
by
atagar
Hi, the next release of arm is now available. This one was focused on a full rewrite of the connection panel, improving its maintainability, performance, and (best of all) features. When rendered, the panel's baseline cpu usage is less than half of
... [More]
its previous incarnation, along with providing far more information...
http://www.atagar.com/transfer/tmp/armScreenshot-1.4.2.png - Full paths for your currently active Tor circuits - Identification of the applications attached to your socks, hidden service, and control ports - Identifying exit connections and the common uses for ports they're attached to - Much better accuracy in identifying client and directory connections - Expanded path information when there's space available (thanks to Fabian Keil) ... and many, many more enhancements and fixes. For the full list see: http://www.atagar.com/arm/releaseNotes.php#1.4.2 Also, thanks to pyllyukko arm is now on slackbuilds.org so there's simple install options available for: Debian, Ubuntu, Gentoo, Arch Linux, and Slackware As always, screenshots and downloads are available from the project's homepage: http://www.atagar.com/arm/ Cheers! -Damian [Less] |
||||||
|
Posted
about 2 years
ago
by
arma
I visited Taipei for several days at the end of March to do some Tor talks and generally spread the Tor gospel to another near-China country. I ended up doing five Tor talks in three days.
The motivation was to find technical people in ... [More] Taiwan and teach them more about the problems that Tor is facing, so they can be aware of these issues as they do their own part to make the world a safer place. I visited Hong Kong a few years ago, and did a talk at Hong Kong University as well as some meetings with human rights people. Many people I met said "if you want policy people, go to Hong Kong; if you want technical people, go to Taiwan." So I did. The first talk was at the Open Source Developers Conference (OSDC 2011). I had a 75 minute keynote slot, and there were perhaps 200 people in the audience — mostly industry people with an interest in free software. Some of the participants, like Shun-Yun Hu, were quite technical and would make great local Tor advocates. I also got a chance to teach other speakers like Ingy and Jesse Vincent about what needs doing in Tor-land. The second talk was to a group of 30 or 40 graduate students and professors at Táidà, the main Taiwanese university. They understood the security angles better than the OSDC audience, but what surprised me most was how few of them were aware of the recent political events in the Middle East. One of the most valuable aspects of Tor from an academic perspective is how it is a role model for security research influencing broader society. The third talk was to a group of human rights activists and nonprofit organizers. I've left out names to protect the innocent; let me know if you need an introduction and I'd be happy to connect you. There were some very interesting lawyers, as well as more technical activists who work hard to make sure that Taiwan remains a free society. The fourth talk was at the Institute of Information Science at Academia Sinica, the main Taiwanese research institution. I met with Peter Shwabe, a crypto post-doc who works with djb. I also did an interview for the Open Source Software Foundry — Taiwan's government-sponsored free software advocacy and education organization. You won't find one of those in the United States! My last talk was to the Taipei Open Source Software User Group (TOSSUG), a group of 10 or 20 quite smart technical folks. They were by far my best audience in terms of understanding the technical side and also knowing why Tor is relevant to their society. Hopefully we'll get some volunteer developers and/or Google Summer of Code students. Here are the slides I used, though the actual content changed from talk to talk. Overall, it was a worthwhile trip: I got to learn more about Taiwan's perspective on China and its censorship (which will help me in future talks and in planning Tor's future), people in Taiwan got to learn more about Tor, and I helped bootstrap a "human rights and Tor" community there. I've been invited back for two larger security conferences (in July and August), but alas they probably won't fit into my schedule, since I need to balance my time between advocacy, trainings, and actually getting development work done. If you are in Taiwan and want some introductions, or you're somewhere else and want a Tor person to come do some trainings or talks, let me know! [Less] |
||||||
|
Posted
about 2 years
ago
by
erinn
We now have Firefox 4 bundles available for GNU/Linux. If you encounter any problems with these, please let us know. (Windows users, you're next.)
64-bit GNU/Linux Tor Browser Bundle with Firefox 4 (sig) 32-bit GNU/Linux Tor Browser ... [More] Bundle with Firefox 4 (sig) Tor Browser Bundle (2.2.23-1) alpha; suite=linux Create new bundles for Firefox 4, both i386 and x86_64 Update Tor to 0.2.2.23-alpha Update Torbutton to 1.3.2-alpha Update OpenSSL to 1.0.0d Update HTTPS-Everywhere to 0.9.9.development.4 Update NoScript to 2.0.9.9 Update BetterPrivacy to 1.49 [Less] |
||||||
|
Posted
about 2 years
ago
by
erinn
Last year we had bridge by default bundles as a technology preview but we're going to bring them back on a consistent basis. We have an updated bridge by default Vidalia bundle (sig) for Windows available with Tor 0.2.2.23-alpha. We will soon have OS
... [More]
X bridge by default bundles as well -- you can follow along here if you're interested in the technical details.
We're very interested in getting feedback about how many new bridges these bundles create, so please comment here or on our bug tracking system and let us know. [Less] |
||||||
Code Data
SCM Data
Community Data
Copyright
©
2013
Black Duck Software, Inc.
and its contributors, Some Rights Reserved. Unless otherwise marked, this work is licensed under a
Creative Commons Attribution 3.0 Unported License
. Ohloh
®
and the Ohloh logo are trademarks of
Black Duck Software, Inc.
in the United States and/or other jurisdictions. All other trademarks are the property of their respective holders.