[tor-talk] Tor Weekly News — October 2nd, 2013
Eugen Leitl
eugen@leitl.org
Wed Oct 2 05:33:05 PDT 2013
----- Forwarded message from harmony <harmony01@riseup.net> -----
Date: Wed, 02 Oct 2013 12:00:09 +0000
From: harmony <harmony01@riseup.net>
To: tor-talk@lists.torproject.org, tor-news@lists.torproject.org
Subject: [tor-talk] Tor Weekly News — October 2nd, 2013
Reply-To: tor-talk@lists.torproject.org
========================================================================
Tor Weekly News October 2nd, 2013
========================================================================
Welcome to the fourteenth issue of Tor Weekly News, the weekly
newsletter that covers what’s happening in the much-discussed Tor
community.
Tor Browser Bundle 3.0alpha4 released
-------------------------------------
On September 28th, Mike Perry released the fourth alpha of the new Tor
Browser Bundle 3.0 series [1]. The main highlights of this series are
the important usability improvements that integrate Tor configuration
and control into the browser itself, rather than relying on the
unmaintained Vidalia interface.
The latest iteration is based on Firefox 10.0.9esr, which brings with it
a lot of important security fixes. It also fixes a fingerprinting issue
by randomizing the timestamp sent when establishing an HTTPS connection.
Two small but important usability improvements in the new Tor Launcher
component were made: users can now directly copy and paste “bridge”
lines from the bridge database [2], while clock-skews that would prevent
Tor from functioning properly are now reported to users.
Download your copy, test it, and report any problems you find. If you're
feeling adventurous, you can also try out the crucial new security
process by independently reproducing the binaries from the
publicly-reviewable source code [3].
[1] https://blog.torproject.org/blog/tor-browser-bundle-30alpha4-released
[2] https://bridges.torproject.org/
[3] https://gitweb.torproject.org/builders/tor-browser-bundle.git/blob/HEAD:/gitian/README.build
Tor mini-hackathon at GNU 30th anniversary
------------------------------------------
The Tor mini-hackathon at the GNU 30th anniversary event [4] took place
over the weekend, and Nick Mathewson sent out a brief report [5] on how
things went. As well as working on proposal 220, which involves
improvements to Tor server identity keys, Nick merged some small patches
into the Tor mainline branch, and collected promises of several more to
come. He also directed a few enquiring minds towards Tor's online
community, saying “I hope we’ll be seeing more of some of the folks I
talked to on our mailing lists and IRC channels soon”.
[4] https://lists.torproject.org/pipermail/tor-talk/2013-September/030238.html
[5] https://www.gnu.org/gnu30/
Tor Stack Exchange page in private beta
---------------------------------------
The Tor Stack Exchange page [6], which reached 100% commitment last
week [7], has now been moved into the ‘private beta’ stage. Runa Sandvik
clarified that “the purpose behind it is to ensure that users who
committed to the site’s proposal have a chance to start asking and
answering questions, as well as help with the initial community building
activities that will define and shape the site” [8]. She added that “the
more experts who participate in the private beta, the more certain it is
that our page will move on to the next stage (i.e. the public beta).”
Fruitful discussions are already taking place: Karsten Loesing wrote to
the wider community on the question of what to do about contact
information for bridge operators after it was posed on Stack
Exchange. [9]
Roger Dingledine put out a call [10] for Tor developers and anonymity
researchers to participate in answering questions on the site, adding
“Steven, Philipp, Jens, and I can't do it by ourselves.” If you have
expert knowledge to contribute, please send an email to
help@rt.torproject.org to get an invitation!
[6] http://tor.stackexchange.com
[7] http://area51.stackexchange.com/proposals/56447/tor-online-anonymity-privacy-and-security
[8] https://lists.torproject.org/pipermail/tor-talk/2013-September/030187.html
[9] https://lists.torproject.org/pipermail/tor-relays/2013-September/002936.html
[10] https://lists.torproject.org/pipermail/tor-dev/2013-September/005519.html
liballium: Pluggable Transports utility library in C
----------------------------------------------------
Yawning Angel announced a new library to ease the task of writing
pluggable transports [11]. liballium is a “simple library that handles
the Tor Pluggable Transport Configuration protocol. The idea is for this
library to be the C/C++ equivalent to pyptlib [12] (and maybe more,
depending on how much time I have to work on it).”
The code is available for review [13] featuring “a reasonably well
commented example.”
Feel free to follow up with “questions, comments, feedback”!
[11] https://www.torproject.org/docs/pluggable-transports.html
[12] https://gitweb.torproject.org/pluggable-transports/pyptlib.git
[13] https://github.com/Yawning/liballium
Tor Help Desk Roundup
---------------------
Multiple users wrote to the help desk asking for guidance setting up
hidden service sites. The most straightforward documentation for hidden
services is in the torrc file itself [14]. A more in-depth guide can be
found on the Tor Project website [15]. The website also documents how
hidden services work [16]. Technical details can be found in the
Rendezvous Specification document [17].
[14] https://www.torproject.org/docs/faq.html.en#torrc
[15] https://www.torproject.org/docs/tor-hidden-service.html.en
[16] https://www.torproject.org/docs/hidden-services.html.en
[17] https://gitweb.torproject.org/torspec.git?a=blob_plain;hb=HEAD;f=rend-spec.txt
Monthly status reports for September 2013
-----------------------------------------
The wave of regular monthly reports from Tor project members for the
month of September has begun. Runa Sandvik released her report
first [18], followed by reports from Damian Johnson [19], Philipp
Winter [20], Sherief Alaa [21], and Noel David Torres Taño [22].
[18] https://lists.torproject.org/pipermail/tor-reports/2013-September/000341.html
[19] https://lists.torproject.org/pipermail/tor-reports/2013-September/000342.html
[20] https://lists.torproject.org/pipermail/tor-reports/2013-October/000343.html
[21] https://lists.torproject.org/pipermail/tor-reports/2013-October/000344.html
[22] https://lists.torproject.org/pipermail/tor-reports/2013-October/000345.html
Miscellaneous news
------------------
Mike Perry published his new GPG public key, adding: “this new key will
be used to sign email from me going forward, and will be used to sign
software releases until such time as I get around to creating a second
set of keys on a hardware token for that purpose” [23].
[23] https://lists.torproject.org/pipermail/tor-dev/2013-September/005518.html
David Fifield updated the Pluggable Transports bundles using the latest
Tor Browser Bundle [24]. In order to benefit from the improvements and
security fixes, please update!
[24] https://blog.torproject.org/blog/pluggable-transports-bundles-2417-beta-2-pt3-firefox-1709esr
intrigeri sent a release schedule for Tails 0.21 [25]. The first release
candidate should be out on October 20th.
[25] https://mailman.boum.org/pipermail/tails-dev/2013-September/003719.html
Roger Dingledine sent out “a list of criteria to consider when
evaluating pluggable transports for readiness of deployment to users”,
asking for comments on his initial draft [26].
[26] https://lists.torproject.org/pipermail/tor-dev/2013-September/005528.html
If you have the necessary hardware and want to help Tails out, please
test two upcoming features: persistent printer settings [27] and support
for more SD card readers (the “sdio” type) [28].
[27] https://mailman.boum.org/pipermail/tails-dev/2013-September/003744.html
[28] https://mailman.boum.org/pipermail/tails-dev/2013-September/003757.html
Upcoming events
---------------
Oct 09-10 | Andrew speaking at Secure Poland 2013
| Warszawa, Poland
| http://www.secure.edu.pl/
|
Nov 04-05 | 20th ACM Conference on Computer and Communications Security,
| Berlin, Germany
| http://www.sigsac.org/ccs/CCS2013/
This issue of Tor Weekly News has been assembled by harmony, Lunar,
dope457, and Matt Pagan.
Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page [29], write down your
name and subscribe to the team mailing list [30] if you want to
get involved!
[29] https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
[30] https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
More information about the cypherpunks
mailing list