Re: [tor-bugs] #29431 [Core Tor/Nyx]: nyx tool not working

[Tor Bug Tracker & Wiki]

#29431: nyx tool not working
--+--
 Reporter:  cypherpunks   |  Owner:  atagar
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Core Tor/Nyx  |Version:  Tor: unspecified
 Severity:  Major | Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by gk):

 * owner:  (none) => atagar
 * keywords:  nyx =>
 * component:  Applications => Core Tor/Nyx


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29408 [Internal Services/Tor Sysadmin Team]: Can we move TB downloads to CDN?

[Tor Bug Tracker & Wiki]

#29408: Can we move TB downloads to CDN?
-+-
 Reporter:  ln5  |  Owner:  ln5
 Type:  task | Status:
 |  assigned
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * cc: gk (added)


Comment:

 I don't know Fastly but what made me reluctant so far is that the risk of
 getting malware delivered in "official" Tor Browser binaries seems
 slightly higher if we are out of control here, given that we don't have
 content signing available for all platforms and who is checking signatures
 anyway. While this risk might seem not pretty strong, given that chances
 are not so bad that this will get detected, the potential damage in trust
 for us is pretty high, even if it turns out that was due to Fastly getting
 some NSLs and not "done" by us.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28940 [Obfuscation/Pluggable transport]: Add support for LOG to goptlib

[Tor Bug Tracker & Wiki]

#28940: Add support for LOG to goptlib
-+-
 Reporter:  dcf  |  Owner:  dcf
 Type:  enhancement  | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Obfuscation/Pluggable transport  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  goptlib  |  Actual Points:
Parent ID:   | Points:  0.3
 Reviewer:   |Sponsor:  Sponsor19
-+-
Changes (by dcf):

 * status:  needs_revision => needs_review


Comment:

 Replying to [comment:8 ahf]:
 > Let's do this as an extension and keep `goptlib` for the low level
 details. `goptlibext` could be the name.

 I definitely want a basic `Log` function in goptlib itself. A higher-level
 interface, using `log.Logger` for example, is a good candidate for a
 separate library that builds on goptlib, I agree.

 Here's an implementation of `Log` along the lines of what I was thinking.
 The [attachment:0001-Bug-28940-add-support-for-LOG.patch full patch]
 includes more documentation and tests.
 {{{
 // Severity levels for the Log function.
 const (
 LogLevelError   = "error"
 LogLevelWarning = "warning"
 LogLevelNotice  = "notice"
 LogLevelInfo= "info"
 LogLevelDebug   = "debug"
 )

 // Encode a string according to the CString rules of section 2.1.1 in
 // control-spec.txt.
 //
 // We additionally need to ensure that whatever we return passes
 argIsSafe,
 // because strings encoded by this function are printed verbatim by Log.
 func encodeCString(s string) string {
 result := bytes.NewBuffer([]byte{})
 result.WriteByte('"')
 for _, c := range []byte(s) {
 if c == 32 || c == 33 || (35 <= c && c <= 91) || (93 <= c
 && c <= 126) {
 result.WriteByte(c)
 } else {
 fmt.Fprintf(result, "\\%03o", c)
 }
 }
 result.WriteByte('"')
 return result.String()
 }

 // Emit a LOG message with the given severity (one of LogLevelError,
 // LogLevelWarning, LogLevelNotice, LogLevelInfo, or LogLevelDebug).
 func Log(severity, message string) {
 // " contains the log message which can be a String or
 CString..."
 // encodeCString always makes the string safe to emit; i.e., it
 // satisfies argIsSafe.
 line("LOG", "SEVERITY="+encodeCString(severity),
 "MESSAGE="+encodeCString(message))
 }
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28940 [Obfuscation/Pluggable transport]: Add support for LOG to goptlib

[Tor Bug Tracker & Wiki]

#28940: Add support for LOG to goptlib
-+-
 Reporter:  dcf  |  Owner:  dcf
 Type:  enhancement  | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:
Component:  Obfuscation/Pluggable transport  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  goptlib  |  Actual Points:
Parent ID:   | Points:  0.3
 Reviewer:   |Sponsor:  Sponsor19
-+-
Changes (by dcf):

 * Attachment "0001-Bug-28940-add-support-for-LOG.patch" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28940 [Obfuscation/Pluggable transport]: Add support for LOG to goptlib

[Tor Bug Tracker & Wiki]

#28940: Add support for LOG to goptlib
-+-
 Reporter:  dcf  |  Owner:  dcf
 Type:  enhancement  | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:
Component:  Obfuscation/Pluggable transport  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  goptlib  |  Actual Points:
Parent ID:   | Points:  0.3
 Reviewer:   |Sponsor:  Sponsor19
-+-
Changes (by dcf):

 * Attachment "0001-Bug-28940-add-support-for-LOG.patch" removed.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28940 [Obfuscation/Pluggable transport]: Add support for LOG to goptlib

[Tor Bug Tracker & Wiki]

#28940: Add support for LOG to goptlib
-+-
 Reporter:  dcf  |  Owner:  dcf
 Type:  enhancement  | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:
Component:  Obfuscation/Pluggable transport  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  goptlib  |  Actual Points:
Parent ID:   | Points:  0.3
 Reviewer:   |Sponsor:  Sponsor19
-+-
Changes (by dcf):

 * Attachment "0001-Bug-28940-add-support-for-LOG.patch" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29432 [Core Tor/Tor]: QuotedString and CString in control-spec.txt technically require escaping ascii 32 (space)

[Tor Bug Tracker & Wiki]

#29432: QuotedString and CString in control-spec.txt technically require 
escaping
ascii 32 (space)
--+--
 Reporter:  dcf   |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:  tor-spec
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 control-spec.txt 2.1 [https://gitweb.torproject.org/torspec.git/tree
 /control-spec.txt?id=795420240305a6d67c0f4322993a65da4c7b6f2f#n110 says]:
 > === 2.1. Description format ===
 > We use the following nonterminals from RFC 2822: `atom`, `qcontent`
 > ...
 > {{{QuotedString = DQUOTE *qcontent DQUOTE}}}
 > ...
 > === 2.1.1. Notes on an escaping bug ===
 > {{{CString = DQUOTE *qcontent DQUOTE}}}

 RFC 2822 [https://tools.ietf.org/html/rfc2822#section-3.2.5 defines]
 `qcontent` thus:
 {{{
 qtext   =   NO-WS-CTL / ; Non white space controls

 %d33 /  ; The rest of the US-ASCII
 %d35-91 /   ;  characters not including "\"
 %d93-126;  or the quote character

 qcontent=   qtext / quoted-pair
 }}}
 where `NO-WS-CTL` [https://tools.ietf.org/html/rfc2822#section-3.2.1
 expands to]
 {{{
 NO-WS-CTL   =   %d1-8 / ; US-ASCII control characters
 %d11 /  ;  that do not include the
 %d12 /  ;  carriage return, line feed,
 %d14-31 /   ;  and white space characters
 %d127
 }}}

 In short, `qcontent` does not include the space character (ascii 32), and
 so according to a strict reading of the spec, anything that produces a
 QuotedString or CString has to escape spaces as `\ ` or `\040`.

 The reason why RFC 2822 does not require space to be escaped is that the
 definition of `quoted-string` is not `DQUOTE *qcontent DQUOTE` as in
 control-spec.txt, but also allows whitespace as part of the `[FWS]`
 production:
 {{{
 quoted-string   =   [CFWS]
 DQUOTE *([FWS] qcontent) [FWS] DQUOTE
 [CFWS]
 }}}

 I notice that tor doesn't escape the space character (in `esc_for_log` and
 `unescape_string` for example). IMO tor is doing the right, expected thing
 and the spec should be clarified.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29431 [Applications]: nyx tool not working

[Tor Bug Tracker & Wiki]

#29431: nyx tool not working
--+--
 Reporter:  cypherpunks   |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Component:  Applications
  Version:  Tor: unspecified  |   Severity:  Major
 Keywords:  nyx   |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
 There is a file not found error, see below
 Traceback (most recent call last):
 File "/usr/bin/nyx", line 11, in 
 load_entry_point('nyx==2.0.4', 'console_scripts', 'nyx')()
 File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 480,
 in load_entry_point
 return get_distribution(dist).load_entry_point(group, name)
 File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line
 2693, in load_entry_point
 return ep.load()
 File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line
 2324, in load
 return self.resolve()
 File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line
 2330, in resolve
 module = __import__(self.module_name, fromlist=['__name__'], level=0)
 File "/usr/lib/python3/dist-packages/nyx/__init__.py", line 46, in
 import distutils.spawn
 ModuleNotFoundError: No module named 'distutils.spawn'

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29308 [Obfuscation/Snowflake]: Remove Appspot-facing proxy-go instances

[Tor Bug Tracker & Wiki]

#29308: Remove Appspot-facing proxy-go instances
---+
 Reporter:  dcf|  Owner:  (none)
 Type:  task   | Status:  closed
 Priority:  Medium |  Milestone:
Component:  Obfuscation/Snowflake  |Version:
 Severity:  Normal | Resolution:  fixed
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer:  cohosh |Sponsor:
---+

Comment (by dcf):

 I deleted the 3 instances at about 2019-02-07 23:45:00 and
 
[https://trac.torproject.org/projects/tor/wiki/doc/MetricsTimeline?action=diff&version=310
 noted the change] at MetricsTimeline. This is what I did:
 {{{
 sv stop snowflake-proxy-{17h,23h,29h}
 rm -vr /etc/service/snowflake-proxy-{17h,23h,29h} /etc/runit/snowflake-
 proxy-{17h,23h,29h}
 etckeeper commit
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser

[Tor Bug Tracker & Wiki]

#29430: Use uTLS for meek TLS camouflage in Tor Browser
--+--
 Reporter:  dcf   |  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  meek utls |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by dcf):

 * Attachment "meek-client-utls_2.pcap" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser

[Tor Bug Tracker & Wiki]

#29430: Use uTLS for meek TLS camouflage in Tor Browser
--+--
 Reporter:  dcf   |  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  meek utls |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by dcf):

 Here is a sample branch that uses the same meek repo.
  * [https://gitweb.torproject.org/user/dcf/tor-browser-build.git/log/?h
 =meek-client-utls_2&id=616fbe2c19a9fce7a9d0adbc466b259c18c45fb8 meek-
 client-utls_2 branch]
  * [https://gitweb.torproject.org/user/dcf/tor-browser-build.git/diff/?h
 =meek-client-
 
utls_2&id=616fbe2c19a9fce7a9d0adbc466b259c18c45fb8&id2=86ebdafc28a55042fea553ad7f23f796ea963b75
 cumulative diff]

 It's pretty straightforward; I think the noteworthy changes are:
  * It only activates uTLS on alpha. I feel this is the kind of thing that
 should be tested on alpha before going into stable.
  * meek-client uses the mainline utls repo, not the fork that obfs4proxy
 uses, so I moved the goutls project to goutls-yawning and re-added a
 goutls project pointing to the original repo. I'm not sure what's best to
 do here :/
  * It requires a small tor-launcher patch: attachment:0001-Make-uTLS-
 aware.patch, which I didn't upload to a branch anywhere.

 There are a few additional changes that could happen, namely deleting the
 meek-client-torbrowser executable and the meek-http-helper browser
 profile.

 It works; I'm using it to post this comment. I ran a [attachment:meek-
 client-utls_2.pcap packet capture] of me using Moat and then starting to
 bootstrap using meek-azure. There are 5 Client Hellos in the packet
 capture, all with TLS fingerprint
 [https://tlsfingerprint.io/id/71a81bafd58e1301 71a81bafd58e1301], which
 uTLS calls `HelloIOS_11_1`. The first 4 are me struggling with the Moat
 captcha (lol) and the 5th is starting the bootstrap itself.

 I'm not marking this needs_review because I'm not necessarily proposing
 this branch for merge, just using it as an example of what integration
 could look like. I don't want to exclude the possibility of using
 obfs4proxy. I think it's more like needs_discussion at this point.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser

[Tor Bug Tracker & Wiki]

#29430: Use uTLS for meek TLS camouflage in Tor Browser
--+--
 Reporter:  dcf   |  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  meek utls |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by dcf):

 * Attachment "0001-Make-uTLS-aware.patch" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser

[Tor Bug Tracker & Wiki]

#29430: Use uTLS for meek TLS camouflage in Tor Browser
--+---
 Reporter:  dcf   |  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:  meek utls
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+---
 Now that meek and meek_lite have or will soon have support for TLS
 camouflage using uTLS (#29077), we have the option of using that instead
 of the meek-http-helper headless Firefox extension.

 The torrc line:
 {{{
 ClientTransportPlugin meek exec ./TorBrowser/Tor/PluggableTransports/meek-
 client-torbrowser -- ./TorBrowser/Tor/PluggableTransports/meek-client
 }}}
 will lose the meek-client-torbrowser to become just
 {{{
 ClientTransportPlugin meek exec ./TorBrowser/Tor/PluggableTransports/meek-
 client
 }}}

 In bridge_prefs.js, the bridge line will get an additional `utls`
 parameter:
 {{{
 meek 0.0.2.0:2 97700DFE9F483596DDA6264C4D7DF7641E1E39CE
 url=https://meek.azureedge.net/ front=ajax.aspnetcdn.com
 utls=HelloIOS_Auto
 }}}

 There's the option of continuing to use the same meek repo as we do now;
 or of removing that code and using obfs4proxy instead, since they both
 have uTLS support. Using obfs4proxy will have the advantage of smaller
 packaging, because there will be one binary instead of two.

 There's one more complication, which is tor-launcher and Moat. tor-
 launcher has its own meek configuration separate from Tor Browser's. It
 gets the path to the meek-client executable [https://gitweb.torproject.org
 /tor-launcher.git/tree/src/chrome/content/network-
 settings.js?h=0.2.18#n539 from the control port] (ultimately from torrc-
 defaults), but it has [https://gitweb.torproject.org/tor-
 launcher.git/tree/src/defaults/preferences/prefs.js?h=0.2.18#n48 its own
 version] of the `url=` and `front=` parameters, and it
 [https://gitweb.torproject.org/tor-launcher.git/tree/src/modules/tl-
 bridgedb.jsm?h=0.2.18#n211 passes those to the executable] to the
 executable as `-url` and `-front` command line arguments, not as SOCKS
 args. meek-client with uTLS has a `-utls` command line arg, so that's easy
 to adapt; but since obfs4proxy doesn't understand those command line args,
 either obfs4proxy would have to add them, or tor-launcher would have to
 start passing them as SOCKS args.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29429 [Core Tor/Tor]: Tor 0.3.5.7 may be generating v2 RSA keys that are unparsable by STEM/PyCrypto? (was: Tor 0.3.5.7 on latest Raspbian may be generating v2 RSA keys that are unpars

[Tor Bug Tracker & Wiki]

#29429: Tor 0.3.5.7 may be generating v2 RSA keys that are unparsable by
STEM/PyCrypto?
--+
 Reporter:  alecmuffett   |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor:
  |  unspecified
Component:  Core Tor/Tor  |Version:  Tor: 0.3.5.7
 Severity:  Normal| Resolution:
 Keywords:  rsa key format not supported  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by alecmuffett):

 Amended title because it's not just Raspbian.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29429 [Core Tor/Tor]: Tor 0.3.5.7 on latest Raspbian may be generating v2 RSA keys that are unparsable by STEM/PyCrypto?

[Tor Bug Tracker & Wiki]

#29429: Tor 0.3.5.7 on latest Raspbian may be generating v2 RSA keys that are
unparsable by STEM/PyCrypto?
--+
 Reporter:  alecmuffett   |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor:
  |  unspecified
Component:  Core Tor/Tor  |Version:  Tor: 0.3.5.7
 Severity:  Normal| Resolution:
 Keywords:  rsa key format not supported  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by alecmuffett):

 Traceback from another example:

 {{{
 yk4dvcfi6uwk5j2s.key RSA key format is not supported
 Traceback (most recent call last):
   File "/Users/alecm/scripts/pemtest.py", line 10, in 
 rsa = Crypto.PublicKey.RSA.importKey(pem, passphrase=None)
   File "build/bdist.macosx-10.14-intel/egg/Crypto/PublicKey/RSA.py", line
 665, in importKey
 return self._importKeyDER(der)
   File "build/bdist.macosx-10.14-intel/egg/Crypto/PublicKey/RSA.py", line
 588, in _importKeyDER
 raise ValueError("RSA key format is not supported")
 ValueError: RSA key format is not supported
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29429 [Core Tor/Tor]: Tor 0.3.5.7 on latest Raspbian may be generating v2 RSA keys that are unparsable by STEM/PyCrypto?

[Tor Bug Tracker & Wiki]

#29429: Tor 0.3.5.7 on latest Raspbian may be generating v2 RSA keys that are
unparsable by STEM/PyCrypto?
--+
 Reporter:  alecmuffett   |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor:
  |  unspecified
Component:  Core Tor/Tor  |Version:  Tor: 0.3.5.7
 Severity:  Normal| Resolution:
 Keywords:  rsa key format not supported  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by alecmuffett):

 A quick check through my archive of ~ 100 private keys, generated on my
 Mac running Mojave with Tor via Homebrew, shows 3x keys generated on the
 Mac, on January 21st, which show the same issue. That was also 0.3.5.7

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28655 [Obfuscation/BridgeDB]: If a bridge supports obfs4, don't give out its other flavors

[Tor Bug Tracker & Wiki]

#28655: If a bridge supports obfs4, don't give out its other flavors
--+---
 Reporter:  arma  |  Owner:  dgoulet
 Type:  defect| Status:  assigned
 Priority:  High  |  Milestone:
Component:  Obfuscation/BridgeDB  |Version:
 Severity:  Normal| Resolution:
 Keywords:  bridgedb  |  Actual Points:
Parent ID:| Points:  2
 Reviewer:|Sponsor:  Sponsor19
--+---

Comment (by arma):

 Replying to [comment:6 dcf]:
 > Linking #7349, which is like this ticket, but more comprehensive

 I would say differently comprehensive, but not a superset of this one.

 In this ticket, I want us to e.g. stop giving out the obfs3 port when
 there is an obfs4 port.

 More broadly, if a bridge supports both active-probing-resistant and
 active-probing-vulnerable options, then we should give out only the
 active-probing-resistant ones.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29429 [Core Tor/Tor]: Tor 0.3.5.7 on latest Raspbian may be generating v2 RSA keys that are unparsable by STEM/PyCrypto?

[Tor Bug Tracker & Wiki]

#29429: Tor 0.3.5.7 on latest Raspbian may be generating v2 RSA keys that are
unparsable by STEM/PyCrypto?
--+--
 Reporter:  alecmuffett   |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:  Tor: 0.3.5.7
 Severity:  Normal|   Keywords:  rsa key format not supported
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 I am developing EOTK - https://blog.torproject.org/volunteer-spotlight-
 alec-helps-companies-activate-onion-services - this means a lot of work
 with OnionBalance and STEM, and a lot of disposable Onion addresses; so I
 am going to break a cardinal rule and intentionally paste some private
 keys into this bug report. It's okay, they are trash anyway.

 This evening I have found behaviour that I have not seen before, and I
 would like to report it.

 I have built Tor from source:

 Feb 07 21:35:37.251 [notice] Tor 0.3.5.7 running on Linux with Libevent
 2.0.21-stable, OpenSSL 1.0.2q, Zlib 1.2.8, Liblzma N/A, and Libzstd N/A.

 I am running it on Raspbian Stretch, latest-everything, compilers, etc;
 happy to give specific details upon request.

 I have generated 12 onion addresses by means of launching Tor with a
 configuration file that looks like this:

 {{{
 DataDirectory $dir/
 Log info file $dir/tor.log
 PidFile $dir/tor.pid
 RunAsDaemon 1
 SocksPort 0
 HiddenServiceDir $dir
 HiddenServicePort 1 127.0.0.1:1
 HiddenServiceVersion 2
 }}}

 ...running it as "tor -f $dir/config", killing the daemon after a few
 seconds, and then scraping $dir for the onion private key for deployment /
 reuse.  Relevant source code at:
 https://github.com/alecmuffett/eotk/blob/master/lib.d/generate-onion-
 key.sh

 This gives me the 12 onion addresses that I need, and normally this would
 work, however OnionBalance is not accepting some of the addresses; I cut
 the OnionBalance python code down to this simple test:

 {{{
 #!/usr/bin/env python
 import sys
 import Crypto
 from Crypto.PublicKey import RSA
 for fname in sys.argv[1:]:
 with open (fname, 'rt') as fh:
 pem = fh.read() # slurp
 try:
 rsa = Crypto.PublicKey.RSA.importKey(pem, passphrase=None)
 except Exception as e:
 print fname, e
 else:
 print fname, rsa.size()
 }}}

 ...which I then run against my 12 keys:

 {{{
 $ ./pemtest.py  secrets.d/*.key
 secrets.d/3rxg2cbaolntggg6.key 1023
 secrets.d/gno6yqj4uik34nbk.key 1023
 secrets.d/gpozevhubaeuimoy.key RSA key format is not supported
 secrets.d/l4gymyc6r3zbkafu.key 1023
 secrets.d/mrukxceh7grqzmbr.key 1023
 secrets.d/ntz22knrkak4od7q.key RSA key format is not supported
 secrets.d/pjclxtjzo7g7wiwd.key 1023
 secrets.d/qjgqctbh2rkm3ov2.key 1023
 secrets.d/sr4xt3tiz4lietmo.key RSA key format is not supported
 secrets.d/udtev77zeo6x7bli.key RSA key format is not supported
 secrets.d/y62hgkk2ztzhkfzz.key 1023
 secrets.d/zdsv5364zgb6m7l6.key RSA key format is not supported
 }}}

 ...and the problem is fairly evident; to take this one as an example:

 {{{
 $ cat secrets.d/ntz22knrkak4od7q.key
 -BEGIN RSA PRIVATE KEY-
 MIICXQIBAAKBgQDsCx3zjT0R13eQkUuhJgb6pG5z2zF+6baeJrc3JSCstQh/8tR4
 5yI3Gwo7c1sRGA4Yjy8RrOKhMg3uXd+NyekySGlxpK4evKq22g2+TX73yOpJ5yVH
 h655rZEUwoYq1M3HBL4nhIwSBt5js2/pGVyvMT2aZeMDo45NQ7Bb/t3/AQIDAQAB
 AoGAMUgk6bu8W2REJ1/ejXe2D1CTawcBr4C2SxDEQfQzfTuS2bvmVpPTVfQET+NG
 ySvfjYsfha415vffZrwct6rHT/yed7KBN3l4DeF4PfQNBfBNHUj08Z3WQBwuhTZQ
 Sh15Oc2iuZ2ZwEzH7bjP7sMz6FW3hQ10MY/Fe7zGAOd4Is0CQQD2zJp/7jr9ySnI
 ciu7VXO1wsxKKmrswTod+V/R0teTTZemDKNtEtX9ol61MOfoAjXhyRRmk3JgkXtA
 r2XdvOXvAkEA9Nfcy1bWR+E1LmFg6S4GarG95a4fvQlQNEKvJLjHw25GZ1iRKdbb
 orP0qiw6enA0PhOwKy373kFvzTNVQfHaDwJBAITLHIqfZbBuUAQhonQ/C26ObRuu
 7S+M3LeKGcutlf8VbfaTsE+dJfU+K5V0xiNpJRLi/g4fYhihzt7EQZxo6pMCQAtQ
 8sZ/I/Y8hW24WHdOhkNmJaW474SYKpnPvzKOS8VPkndyU3tAj/QsJxG6a5V/HBsG
 Y+0K+goish0k0zryB6cCQQDo/u8TeKKiJbH2I8PJNtja6+yRcS2IashnqMLQYHBS
 4W1lcmZcXxyj7Re7jexM7W83s3XG6rpLoLNzmmUoFyZI
 -END RSA PRIVATE KEY-
 }}}

 I ran it through a online validator which appeared happy, so I am
 wondering if there is some edge-case recently arrived in Tor v2 Key
 Generation, which is breaking PyCrypto and hence OnionBalance and/or other
 STEM-dependent code?

 The full set of keys (good and bad) is available on request.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22137 [Applications/Tor Browser]: Provide the same scrollbar size across different platforms

[Tor Bug Tracker & Wiki]

#22137: Provide the same scrollbar size across different platforms
---+--
 Reporter:  gk |  Owner:  tbb-team
 Type:  defect | Status:  new
 Priority:  High   |  Milestone:
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:
 Keywords:  tbb-fingerprinting-resolution  |  Actual Points:
Parent ID:  #18283 | Points:
 Reviewer: |Sponsor:
---+--

Comment (by concerneduser):

 Obviously patching is better no doubt.

 Though seeing how old the issue here and over at mozillas tracker is I
 would highly suggest to include the userChrome while this is "natively"
 implemented. I did not know that different GTK themes provide different
 widths this should be considered a severe fingerprinting issue. This
 should be resolved as fast as possible. We all want everyone to look the
 same right?

 Another, very easy, way to resolve this is to simply set the env var
 GTK_THEME=Adwaita since Adwaita is the default GTK theme. Though keep in
 mind Tor should strive to have every OS display the same clientWidth (ie
 1000), meaning this as well should only be a temporary solution.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29308 [Obfuscation/Snowflake]: Remove Appspot-facing proxy-go instances

[Tor Bug Tracker & Wiki]

#29308: Remove Appspot-facing proxy-go instances
---+
 Reporter:  dcf|  Owner:  (none)
 Type:  task   | Status:  closed
 Priority:  Medium |  Milestone:
Component:  Obfuscation/Snowflake  |Version:
 Severity:  Normal | Resolution:  fixed
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer:  cohosh |Sponsor:
---+
Changes (by cohosh):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 Verified that nothing in the source code refers to snowflake-
 reg.appspot.com.

 Don't see any reason to not do it.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28168 [Obfuscation/meek]: Use ESNI via Firefox HTTPS helper

[Tor Bug Tracker & Wiki]

#28168: Use ESNI via Firefox HTTPS helper
--+-
 Reporter:  dcf   |  Owner:  dcf
 Type:  project   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Obfuscation/meek  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+-
Changes (by dcf):

 * keywords:  easy =>


Comment:

 Removing the "easy" tag as it seems that the helper will have to be
 rewritten as a WebExtension first (#29347) in order to work with versions
 of Firefox that are recent enough to support ESNI.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29077 [Obfuscation/meek]: uTLS for meek-client camouflage

[Tor Bug Tracker & Wiki]

#29077: uTLS for meek-client camouflage
--+--
 Reporter:  dcf   |  Owner:  dcf
 Type:  enhancement   | Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Obfuscation/meek  |Version:
 Severity:  Normal| Resolution:
 Keywords:  moat utls |  Actual Points:
Parent ID:| Points:
 Reviewer:  ahf   |Sponsor:
--+--
Changes (by ahf):

 * reviewer:   => ahf


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29427 [Core Tor/Tor]: kist: Poor performance with a small amount of sockets

[Tor Bug Tracker & Wiki]

#29427: kist: Poor performance with a small amount of sockets
-+
 Reporter:  dgoulet  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor: 0.4.1.x-final
Component:  Core Tor/Tor |Version:  Tor: 0.3.2.1-alpha
 Severity:  Major| Resolution:
 Keywords:  tor-sched, kist  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+
Changes (by robgjansen):

 * cc: robgjansen (added)


Comment:

 # More intuition about the problem:

 KIST tries not to overload the kernel when there are many sockets, and so
 it only runs every 10 msec. On high performance relays with lots of
 sockets, this is a good thing.

 But on a relay with only 1 active socket, it is possible that you fill the
 kernel socket buffer, and the NIC only takes e.g. 2 msec to send it, but
 then KIST doesn't run again for another 8 msec. So the NIC is sitting
 there idle for those 8 msec.

 This is only an issue when the sum of bytes in all kernel-level socket
 buffers is less than the number of bytes the NIC could send in 10 msec.
 This can happen when there are only a few sockets, or on a really really
 fast NIC.

 -

 # What to do:

 ## Clients:

 KIST was designed for relays. Clients don't need to prioritize traffic the
 same way relays do, so they don't really need KIST. Clients can simply run
 the vanilla scheduler so that they read/write ASAP (rather than deferring
 I/O like KIST does). Or clients can run KIST with a 1 msec scheduling
 frequency.

 ## Relays:

 For relays, we could guess how long it would take the kernel to send out
 all of the notsent bytes sitting in kernel buffers plus all outbuf bytes
 sitting in Tor outbufs. If the time we guess is less than 10 msec, then we
 could run KIST sooner. This guess would probably involve knowing or
 estimating the NIC speed.

 Slightly more formally, if we know we can write b bytes per KIST
 scheduling run, i.e. b bytes per m milliseconds, but we only actually
 wrote w bytes where w < b, then we know that we need to call back sooner
 than m milliseconds. We can dynamically compute the time it will take us
 to write the w bytes as:

 new_callback_time = m * (w/b)

 Then we check back again in new_callback_time milliseconds (the time when
 the kernel will be empty) instead of m milliseconds.

 Then also, KIST will never let itself write more than b bytes across all
 sockets, because it knows that its network card can't possibly write more
 than b bytes.

 -

 # Issues:

 I don't know how each relay can reliably compute the value of b. Maybe we
 start with the "observed bandwidth" as an estimate? But then we need to
 allow b to grow in case the relay suddenly got faster, or for new relays?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29308 [Obfuscation/Snowflake]: Remove Appspot-facing proxy-go instances

[Tor Bug Tracker & Wiki]

#29308: Remove Appspot-facing proxy-go instances
---+--
 Reporter:  dcf|  Owner:  (none)
 Type:  task   | Status:  needs_review
 Priority:  Medium |  Milestone:
Component:  Obfuscation/Snowflake  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer:  cohosh |Sponsor:
---+--
Changes (by ahf):

 * reviewer:   => cohosh


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28925 [Core Tor/Tor]: distinguish PT vs proxy for real in bootstrap tracker

[Tor Bug Tracker & Wiki]

#28925: distinguish PT vs proxy for real in bootstrap tracker
-+-
 Reporter:  catalyst |  Owner:
 |  catalyst
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.0.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  s8-bootstrap, usability, ux, tor-pt  |  Actual Points:
Parent ID:  #28018   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor19
-+-

Comment (by catalyst):

 #29341 is a duplicate.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29341 [Core Tor/Tor]: conn_proxy reported instead of conn_pt

[Tor Bug Tracker & Wiki]

#29341: conn_proxy reported instead of conn_pt
--+
 Reporter:  mcs   |  Owner:  (none)
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:  Tor: 0.4.0.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:  duplicate
 Keywords:  tbb-needs |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by catalyst):

 * status:  new => closed
 * resolution:   => duplicate


Comment:

 Replying to [comment:1 nickm]:
 > Could this be a duplicate of #28925?
 Thanks, yes this looks like a duplicate of #28925.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28655 [Obfuscation/BridgeDB]: If a bridge supports obfs4, don't give out its other flavors

[Tor Bug Tracker & Wiki]

#28655: If a bridge supports obfs4, don't give out its other flavors
--+---
 Reporter:  arma  |  Owner:  dgoulet
 Type:  defect| Status:  assigned
 Priority:  High  |  Milestone:
Component:  Obfuscation/BridgeDB  |Version:
 Severity:  Normal| Resolution:
 Keywords:  bridgedb  |  Actual Points:
Parent ID:| Points:  2
 Reviewer:|Sponsor:  Sponsor19
--+---

Comment (by dcf):

 Linking #7439, which is like this ticket, but more comprehensive in that
 it would allow bridges not to expose their ORPort at all, not merely
 prevent BridgeDB from advertising it. That would also prevent mass-
 scanning discovery like
  * https://lists.torproject.org/pipermail/tor-
 dev/2014-December/007957.html
  * https://censorbib.nymity.ch/#Matic2017a

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29426 [Obfuscation/Snowflake]: proxy-go instances not available

[Tor Bug Tracker & Wiki]

#29426: proxy-go instances not available
---+---
 Reporter:  cohosh |  Owner:  (none)
 Type:  defect | Status:  closed
 Priority:  High   |  Milestone:
Component:  Obfuscation/Snowflake  |Version:
 Severity:  Normal | Resolution:  duplicate
 Keywords:  snowflake  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:  Sponsor19
---+---
Changes (by cohosh):

 * status:  new => closed
 * resolution:   => duplicate


Comment:

 Okay 2/3 instances are reported up again and logging. The one that's still
 down isn't logging so I'm marking this as duplicate of #25688.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29277 [Obfuscation/Pluggable transport]: Look into getting default Tor bridges scanned by external reachability tests (was: Get default bridges scanned by Spooky Scan)

[Tor Bug Tracker & Wiki]

#29277: Look into getting default Tor bridges scanned by external reachability
tests
-+---
 Reporter:  cohosh   |  Owner:  cohosh
 Type:  task | Status:  assigned
 Priority:  Medium   |  Milestone:
Component:  Obfuscation/Pluggable transport  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:  Sponsor19
-+---
Description changed by cohosh:

Old description:

> Take to Roya about getting Spooky scan to check for the blocking of
> default bridges. Spooky scan checks for blocking remotely and so might
> tell us something different from OONI.

New description:

 Take to Roya or Paul about tests available for checking the blocking of
 default bridges.

 First determine where development/research is at with Spooky Scan or
 possibly Censored planet (https://censoredplanet.org/).

 These systems check for blocking remotely and so might tell us something
 different from OONI.

--

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29360 [Applications/Tor Browser]: Tor-Browser Linux: no audio playback (pulseaudio)

[Tor Bug Tracker & Wiki]

#29360: Tor-Browser Linux: no audio playback (pulseaudio)
--+---
 Reporter:  tries |  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by tries):

 One way to reproduce this (existing installation where audio is working):
 - in the Tor-Browser installation filder (.../Browser/) remove the
 pulsaudio related files & directories
 `rm -rf  .pulse-cookie .pulse .esd_auth`
 - start some other application that plays audio (and starts an pulseaudiod
 instance), e.g. xmms
 - ensure that audio is played OK
 - start tor-browser
 - go to some URL that plays some audio content (e.g. /www.audiocheck.net)
 - tor-browser tries to launch an pulseaudio instance (which fails as there
 is already a running instance) and recreates the above removed files.
 - the above described error is triggered (warnings about "OpenCubeb()
 failed to init", etc)
 - from now on, audio will always fail to play.

 After copying the above files from the real users HOME to .../Browser/ and
 restarting tor-browser,  audio playback is working again.


 I also tried this with a fresh install:
 - download tor-browser-linux64-8.0.5_en-US.tar.xz
 - untar
 - start tor-browser
 Results in no audio. Which makes sense and confirms my findings above (as
 the tar archive contains no pulseaudio config files).

 So the question actually should be: why did it work at all before? Might
 be something CentOS / pulseaudio version specific?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29426 [Obfuscation/Snowflake]: proxy-go instances not available

[Tor Bug Tracker & Wiki]

#29426: proxy-go instances not available
---+---
 Reporter:  cohosh |  Owner:  (none)
 Type:  defect | Status:  new
 Priority:  High   |  Milestone:
Component:  Obfuscation/Snowflake  |Version:
 Severity:  Normal | Resolution:
 Keywords:  snowflake  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:  Sponsor19
---+---

Comment (by dcf):

 Replying to [comment:3 cohosh]:
 > Is this likely a duplicate of #25688?

 It's possible--though if proxy-go is still writing log messages, then it's
 likely not the same as #25688--at least I think proxy-go stops logging if
 that kind of deadlock happens.

 I'm not sure what you're looking at, whether the process is still actively
 logging or not. I would check the most recent timestamp in each of the
 logs; it should be within the last 30 seconds (UTC), and if you `tail -f`
 it, it should keep scrolling.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29426 [Obfuscation/Snowflake]: proxy-go instances not available

[Tor Bug Tracker & Wiki]

#29426: proxy-go instances not available
---+---
 Reporter:  cohosh |  Owner:  (none)
 Type:  defect | Status:  new
 Priority:  High   |  Milestone:
Component:  Obfuscation/Snowflake  |Version:
 Severity:  Normal | Resolution:
 Keywords:  snowflake  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:  Sponsor19
---+---

Comment (by cohosh):

 Added a comment to #29207 RE the log messages

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29207 [Obfuscation/Snowflake]: New design for broker -- proxy protocol for snowflakes

[Tor Bug Tracker & Wiki]

#29207: New design for broker -- proxy protocol for snowflakes
---+---
 Reporter:  cohosh |  Owner:  (none)
 Type:  task   | Status:  new
 Priority:  Very High  |  Milestone:
Component:  Obfuscation/Snowflake  |Version:
 Severity:  Normal | Resolution:
 Keywords:  snowflake, design  |  Actual Points:
Parent ID: | Points:  5
 Reviewer: |Sponsor:  Sponsor19
---+---

Comment (by cohosh):

 As referenced in #29426, the broker currently gives proxies a 504 message
 if no client is available which is a questionable design:

 2019/02/07 12:11:51 broker returns: 504
 INFO: peerconnection.go:468: fired OnIceCandidateError:  143
 2019/02/07 12:12:01 broker returns: 504

 At the very least it makes logs confusing.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29426 [Obfuscation/Snowflake]: proxy-go instances not available (was: proxy-go instances receiving 504 errors from broker)

[Tor Bug Tracker & Wiki]

#29426: proxy-go instances not available
---+---
 Reporter:  cohosh |  Owner:  (none)
 Type:  defect | Status:  new
 Priority:  High   |  Milestone:
Component:  Obfuscation/Snowflake  |Version:
 Severity:  Normal | Resolution:
 Keywords:  snowflake  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:  Sponsor19
---+---

Old description:

> Log output:
> 2019/02/07 12:11:51 broker returns: 504
> INFO: peerconnection.go:468: fired OnIceCandidateError:  143
> 2019/02/07 12:12:01 broker returns: 504
>
> The broker is reporting no available snowflakes despite the fact that the
> proxies are running. Not sure if this is due to the deadlock problem or
> if these 504 errors indicate a problem with the proxy-broker
> communication.

New description:

 The broker is reporting no available snowflakes despite the fact that the
 proxies are running. Not sure if this is due to the deadlock problem or if
 these 504 errors indicate a problem with the proxy-broker communication.

--

Comment (by cohosh):

 Thanks for the clarification. I updated the ticket summary to not focus on
 the 504 message but rather the fact they aren't reachable.

 Is this likely a duplicate of #25688?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29426 [Obfuscation/Snowflake]: proxy-go instances receiving 504 errors from broker

[Tor Bug Tracker & Wiki]

#29426: proxy-go instances receiving 504 errors from broker
---+---
 Reporter:  cohosh |  Owner:  (none)
 Type:  defect | Status:  new
 Priority:  High   |  Milestone:
Component:  Obfuscation/Snowflake  |Version:
 Severity:  Normal | Resolution:
 Keywords:  snowflake  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:  Sponsor19
---+---

Comment (by dcf):

 I might have misinterpreted the ticket. I read the title as "'''clients'''
 receiving 504 errors from broker".

 The 504 code itself isn't an error. That's the way the broker indicates to
 a client that no proxy is available, or to a proxy that no clients are
 available (`StatusGatewayTimeout` is 504):
  * https://gitweb.torproject.org/pluggable-
 
transports/snowflake.git/tree/broker/broker.go?id=bf82ef519230682820edefa1cd4f64262b4ce5aa#n138
  * https://gitweb.torproject.org/pluggable-
 
transports/snowflake.git/tree/broker/broker.go?id=bf82ef519230682820edefa1cd4f64262b4ce5aa#n180
 I think the intention behind using status code 504 was a kind of REST
 thing, but IMO it was a questionable decision to use an "internal server"
 error code to stand for a common occurrence, and could stand to be
 redesigned. It's really confusing.

 The dearth of proxies I noted in comment:1 is a (possibly recurring)
 problem, but if you run proxy-go and it logs `broker returns: 504`, that
 in itself isn't an error.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27210 [Applications/Tor Browser]: TBA - Support i386 target

[Tor Bug Tracker & Wiki]

#27210: TBA - Support i386 target
-+-
 Reporter:  sysrqb   |  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:  new
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-mobile, tbb-rbm, TBA-a3, |  Actual Points:
  TorBrowserTeam201902, GeorgKoppen201902|
Parent ID:  #5709| Points:
 Reviewer:   |Sponsor:
 |  Sponsor8
-+-

Comment (by gk):

 Okay, that was surprisingly easy it seems. I have a patch which I'll clean
 up tomorrow for review and will post a test bundle for folks with access
 to x86 android.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29171 [Obfuscation/meek]: Redeploy meek-server instances with go1.11.5

[Tor Bug Tracker & Wiki]

#29171: Redeploy meek-server instances with go1.11.5
--+-
 Reporter:  dcf   |  Owner:  dcf
 Type:  task  | Status:  closed
 Priority:  Medium|  Milestone:
Component:  Obfuscation/meek  |Version:
 Severity:  Normal| Resolution:  implemented
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+-
Changes (by dcf):

 * status:  new => closed
 * resolution:   => implemented


Comment:

 cymrubridge02 is now done too.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29426 [Obfuscation/Snowflake]: proxy-go instances receiving 504 errors from broker

[Tor Bug Tracker & Wiki]

#29426: proxy-go instances receiving 504 errors from broker
---+---
 Reporter:  cohosh |  Owner:  (none)
 Type:  defect | Status:  new
 Priority:  High   |  Milestone:
Component:  Obfuscation/Snowflake  |Version:
 Severity:  Normal | Resolution:
 Keywords:  snowflake  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:  Sponsor19
---+---

Comment (by dcf):

 I happened to be testing against the broker yesterday, and then there were
 3 proxies reported at https://snowflake-broker.bamsoftware.com/debug.
 Checking just now, I see either 0 or 1 as I refresh. I suspect, as you
 suggested, that something went wrong with the proxy-go instances.

 The proxy-go instances are set to restart themselves periodically (about
 once per day). However there is also a special proxy-go-restartless
 instance that doesn't get restarted--you could check that one with gdb to
 see where it's stuck, or create more instances like that to get more
 samples.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29333 [Core Tor/Stem]: Use the bandwidth-file-spec.txt keywords as BandwidthFile attributes

[Tor Bug Tracker & Wiki]

#29333: Use the bandwidth-file-spec.txt keywords as BandwidthFile attributes
---+
 Reporter:  juga   |  Owner:  atagar
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:
Component:  Core Tor/Stem  |Version:
 Severity:  Normal | Resolution:
 Keywords:  tor-bwauth |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+

Comment (by atagar):

 > Sounds good, the changes i might need to do must be done before April
 and i'll try to do them even earlier, before we start collecting the
 bandwidth files.

 Great! Sounds like a fine plan. Keeping things as-is until I hear
 otherwise.

 > header attribute doesn't return timestamp, should it rather return a key
 timestamp and value timestamp?

 Would you like it to? In our spec the timestamp is a weird exception made
 for backward compatibility with TorFlow. Personally I think we should
 change it to 'timestamp=' with a note saying 'in bandwidth file
 version x the 'timetamp=' key MAY not be present, but MUST be present in
 future versions'. But clearly not a big whoop.

 BandwidthFiles have a separate 'timestamp' attribute but you're right that
 I don't include it in the 'header' dictionary.

 > measurements attribute returns a dictionary, should it rather return a
 list? (the fingerprint is in node_id key)

 Structuring this as a dictionary gives more flexibility. Callers can
 process the measurements as a list...

 {{{
 for measurement in bwfile.measurements.values():
   ... do stuff...
 }}}

 ... or get the measurement of a specific relay...

 {{{
 myMeasurement =
 bwfile.measurements.get('3BB34C63072D9D10E836EE42968713F7B9325F66')

 if myMeasurement:
   print('My bandwidth authority measurement was: %s' % myMeasurement)
 else:
   print('My relay was not measured by the bandwidth authorities')
 }}}

 Modeling this as a list prevents us from doing the later in constant time.
 Other descriptor objects (such as the Consensus class) model its entries
 as a 'fingerprint => record' dictionary for this reason too.

 > When using create (should it have an alias from_dict?):

 That's an interesting idea but there's actually two different methods:
 create() and content(). These are methods of our base Descriptor class...

 https://stem.torproject.org/tutorials/mirror_mirror_on_the_wall.html#can-i
 -create-descriptors

 > timestamp is not required. Is there a way to pass it?

 Yup, provide 'timestamp' as the key. This is included in the pydoc
 example...

 
https://stem.torproject.org/api/descriptor/bandwidth_file.html#stem.descriptor.bandwidth_file.BandwidthFile.content

 > should the headers be passed in a key header to be consistent with
 header attribute?

 I'd rather keep create() and content() as consistent with other descriptor
 types as I can. Timestamps and content are already weird unavoidable
 exceptions.

 > should content be named measurements to be consistent with measurements
 attribute?

 Their differing types would probably cause confusion. Measurements is a
 parsed dictionary whereas content are raw lines. Their types differ.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28181 [Core Tor/Tor]: spec: Add to pt-spec.txt control messages going back to main process (tor)

[Tor Bug Tracker & Wiki]

#28181: spec: Add to pt-spec.txt control messages going back to main process 
(tor)
-+-
 Reporter:  dgoulet  |  Owner:  dgoulet
 Type:  enhancement  | Status:
 |  merge_ready
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.0.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-spec, tor-pt, 040-roadmap-   |  Actual Points:
  subtask, postfreeze-ok |
Parent ID:   | Points:  1
 Reviewer:  ahf  |Sponsor:
 |  Sponsor19
-+-
Changes (by dgoulet):

 * status:  needs_review => merge_ready


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28181 [Core Tor/Tor]: spec: Add to pt-spec.txt control messages going back to main process (tor)

[Tor Bug Tracker & Wiki]

#28181: spec: Add to pt-spec.txt control messages going back to main process 
(tor)
-+-
 Reporter:  dgoulet  |  Owner:  dgoulet
 Type:  enhancement  | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.0.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-spec, tor-pt, 040-roadmap-   |  Actual Points:
  subtask, postfreeze-ok |
Parent ID:   | Points:  1
 Reviewer:  ahf  |Sponsor:
 |  Sponsor19
-+-
Changes (by ahf):

 * status:  reopened => needs_review


Comment:

 It looks like we tried to do a change to both tor.git and torspec.git in
 the same comments here which caused some confusion.

 We are still missing to merge the pt-spec.txt changes of this. They can be
 found in dgoulet's branch `ticket28181_05` available at
 https://gitweb.torproject.org/user/dgoulet/torspec.git/log/?h=ticket28181_05

 David requested review of this in comment 25 and I ack'ed the changes in
 comment 26.

 The patches needs to be squashed prior to merging.

 Leaving this comment as needs_review to let dgoulet give an ack on whether
 I got all the details right.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28181 [Core Tor/Tor]: spec: Add to pt-spec.txt control messages going back to main process (tor)

[Tor Bug Tracker & Wiki]

#28181: spec: Add to pt-spec.txt control messages going back to main process 
(tor)
-+-
 Reporter:  dgoulet  |  Owner:  dgoulet
 Type:  enhancement  | Status:
 |  reopened
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.0.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-spec, tor-pt, 040-roadmap-   |  Actual Points:
  subtask, postfreeze-ok |
Parent ID:   | Points:  1
 Reviewer:  ahf  |Sponsor:
 |  Sponsor19
-+-
Changes (by ahf):

 * status:  closed => reopened
 * resolution:  implemented =>
 * parent:  #28180 =>


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29364 [Obfuscation/meek]: Tone down [WARN] log messages resulting from meek-client output

[Tor Bug Tracker & Wiki]

#29364: Tone down [WARN] log messages resulting from meek-client output
--+-
 Reporter:  dcf   |  Owner:  dcf
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Obfuscation/meek  |Version:
 Severity:  Minor | Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+-

Comment (by ahf):

 We do have the option of lowering the log level of the standard error
 handler in Tor if we feel like that is the best option.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29428 [- Select a component]: Paytm

[Tor Bug Tracker & Wiki]

#29428: Paytm
--+--
 Reporter:  baby_kiss_me_143  |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Component:  - Select a component
  Version:|   Severity:  Normal
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28940 [Obfuscation/Pluggable transport]: Add support for LOG to goptlib

[Tor Bug Tracker & Wiki]

#28940: Add support for LOG to goptlib
-+-
 Reporter:  dcf  |  Owner:  dcf
 Type:  enhancement  | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:
Component:  Obfuscation/Pluggable transport  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  goptlib  |  Actual Points:
Parent ID:   | Points:  0.3
 Reviewer:   |Sponsor:  Sponsor19
-+-

Comment (by ahf):

 Let's do this as an extension and keep `goptlib` for the low level
 details. `goptlibext` could be the name.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29364 [Obfuscation/meek]: Tone down [WARN] log messages resulting from meek-client output

[Tor Bug Tracker & Wiki]

#29364: Tone down [WARN] log messages resulting from meek-client output
--+-
 Reporter:  dcf   |  Owner:  dcf
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Obfuscation/meek  |Version:
 Severity:  Minor | Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+-

Comment (by dcf):

 Replying to [comment:1 ahf]:
 > Shouldn't this be solved by making the log messages output the `LOG`
 message instead of writing to standard error?

 No, not necessarily; for example meek-client has a `--log` option to write
 the log to a file instead of stderr. We want that to still work.

 More generally, in my opinion the PT LOG mechanism is not meant to be a
 full replacement for application-level logging. I don't think
 ''everything'' a PT might care to log should be written by default to the
 tor log.

 Also, remember that tor is not the only consumer of PTs. The LOG feature
 is brand new, not even documented yet in the public pt-spec.txt, and
 barely in any released versions of tor. It's not something PTs can widely
 rely on to be present yet (especially as older versions of tor will
 deadlock if a PT uses LOG too much!).

 In this particular case, clearly, the defaults are bad and ''something''
 needs to change, because we should not be surfacing a user-visible
 warning. It's not necessarily tor's responsibility to fix it, but it could
 be. I'm not sure that WARN-by-default is the right choice: it's enforcing
 a contract on PTs that never existed before, and also isn't reflected in
 the spec. In this case, meek-client doesn't write ''that'' much to stderr,
 so making a change in meek-client is probably the sensible thing to do.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29427 [Core Tor/Tor]: kist: Poor performance with a small amount of sockets

[Tor Bug Tracker & Wiki]

#29427: kist: Poor performance with a small amount of sockets
-+
 Reporter:  dgoulet  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor: 0.4.1.x-final
Component:  Core Tor/Tor |Version:  Tor: 0.3.2.1-alpha
 Severity:  Major| Resolution:
 Keywords:  tor-sched, kist  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+
Changes (by pastly):

 * cc: pastly (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29427 [Core Tor/Tor]: kist: Poor performance with a small amount of sockets

[Tor Bug Tracker & Wiki]

#29427: kist: Poor performance with a small amount of sockets
-+
 Reporter:  dgoulet  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor: 0.4.1.x-final
Component:  Core Tor/Tor |Version:  Tor: 0.3.2.1-alpha
 Severity:  Major| Resolution:
 Keywords:  tor-sched, kist  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+
Changes (by dgoulet):

 * Attachment "perf-10ms.png" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29427 [Core Tor/Tor]: kist: Poor performance with a small amount of sockets

[Tor Bug Tracker & Wiki]

#29427: kist: Poor performance with a small amount of sockets
--+
 Reporter:  dgoulet   |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.4.1.x-final
Component:  Core Tor/Tor  |Version:  Tor: 0.3.2.1-alpha
 Severity:  Major |   Keywords:  tor-sched, kist
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 We just recently found that KIST is performing very poorly if tor has very
 little amount of sockets.

 == How KIST operates

 KIST is scheduled if some cells are put on a circuit queue. A scheduler
 run might not handle all cells because it depends on the available space
 in the TCP buffer for the socket. What KIST does at the moment is
 reschedule itself in 10ms (static value).

 The problem here is that if there are very few sockets (like most tor
 clients), then KIST will be able to handle one socket very fast, let say
 in 1ms, and then it will sleep for another 9ms until KIST is rescheduled.

 That 9ms waiting time means that tor is not pushing bytes on the wire even
 though it could during that time. See the attached graph made by pastly,
 you can see how much KIST badly under performs with the current 10ms.

 == Consequences

 (Might be more, don't treat this as an exhaustive list)

 1. Clients are basically capped in bandwidth because they in general only
 talk to the Guard on a single socket.

 2. A new relay joining the network won't have any connections so when the
 authority measures it, or our bw. scanners, they will only be able to
 measure a capped value compared to what the relay could actually do (if
 higher). This measurement will recover after a while once the relay starts
 seeing traffic and the number of sockets ramps up.

 == Solution

 As you can see on the attached graph, bringing the scheduler interval time
 down to 2ms gives us better performance than Vanilla. That could be a
 short term solution.

 A better solution, a bit more medium-term, would be to make that
 scheduling interval dynamic depending on how fast tor thinks the TCP
 buffer on the socket will get emptied. That depends on the connection
 throughput basically. For example, a 100mbit NIC towards a Guard might
 only push through 10mbit so we would need a way for tor to learn that per-
 connection which would allow KIST to estimate when it needs to be
 rescheduled for that connection.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29333 [Core Tor/Stem]: Use the bandwidth-file-spec.txt keywords as BandwidthFile attributes

[Tor Bug Tracker & Wiki]

#29333: Use the bandwidth-file-spec.txt keywords as BandwidthFile attributes
---+
 Reporter:  juga   |  Owner:  atagar
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:
Component:  Core Tor/Stem  |Version:
 Severity:  Normal | Resolution:
 Keywords:  tor-bwauth |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+

Comment (by juga):

 As a first step to adapt sbws, i was creating `from_dict` and `to_dict`
 methods in the sbws class.
 These are some other things i realized that i'm doing in sbws and/or i
 think for consistency should probably done differently.

 - `header` attribute doesn't return timestamp, should it rather return a
 key `timestamp` and value timestamp?
 - `measurements` attribute returns a dictionary, should it rather return a
 list? (the fingerprint is in node_id key)

 When using `create` (should it have an alias `from_dict`?):
 - timestamp is not required. Is there a way to pass it?
 - should the headers be passed in a key `header` to be consistent with
 `header` attribute?
 - should `content` be named `measurements` to be consistent with
 `measurements` attribute?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29333 [Core Tor/Stem]: Use the bandwidth-file-spec.txt keywords as BandwidthFile attributes

[Tor Bug Tracker & Wiki]

#29333: Use the bandwidth-file-spec.txt keywords as BandwidthFile attributes
---+
 Reporter:  juga   |  Owner:  atagar
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:
Component:  Core Tor/Stem  |Version:
 Severity:  Normal | Resolution:
 Keywords:  tor-bwauth |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+

Comment (by juga):

 Replying to [comment:3 atagar]:
 [...]
 > To be clear we can only await the tickets you cite until Stem's next
 release. That won't be for a long while (rough guess: six months?), but
 once Stem makes a release these attribute names can no longer change. (*)
 [...]
 Sounds good, the changes i might need to do must be done before April and
 i'll try to do them even earlier, before we start collecting the bandwidth
 files.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29352 [Core Tor/Stem]: AttributeError when running bandwidth_file.py test

[Tor Bug Tracker & Wiki]

#29352: AttributeError when running bandwidth_file.py test
---+
 Reporter:  juga   |  Owner:  atagar
 Type:  defect | Status:  closed
 Priority:  Medium |  Milestone:
Component:  Core Tor/Stem  |Version:
 Severity:  Normal | Resolution:  worksforme
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+

Comment (by atagar):

 Hi juga. That's because you attempted to start to write a Stem integ test
 but didn't include it in 'test/settings.cfg'. Simply add a line below its
 'test.integ_tests' field (which determines the order that tests are ran
 in) or remove the test you were working on.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29205 [Obfuscation/Snowflake]: Look into using Firefox for the WebRTC implementation (was: Use Firefox for the WebRTC implementation)

[Tor Bug Tracker & Wiki]

#29205: Look into using Firefox for the WebRTC implementation
---+---
 Reporter:  cohosh |  Owner:  (none)
 Type:  task   | Status:  new
 Priority:  Medium |  Milestone:
Component:  Obfuscation/Snowflake  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:  Sponsor19
---+---

Old description:

> Reduce fingerprintability and solve Windows reproducible builds problem
> by replacing the current Chome-based C++ WebRTC implementation with
> Firefox's built-in WebRTC implementation

New description:

 Reduce fingerprintability and solve Windows reproducible builds problem by
 replacing the current Chome-based C++ WebRTC implementation with Firefox's
 built-in WebRTC implementation.

 Update: After discussions with dcf, it looks like fingerprintability is
 not much of a concern and in any case would be no different with Firefox
 vs Chrome. Also, since meek is moving to uTLS instead of Firefox this
 isn't necessarily more convenient.

 Leaving this ticket open just as another alternative for looking at
 different WebRTC implementations (related: #28942)

--

Comment (by cohosh):

 Firefox is likely not the answer here as the workflow and details are very
 close to Chrome. Fingerprintability is not at the moment a problem, nor
 would Firefox likely provide a solution better than the current Chrome
 library.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29272 [Obfuscation/Pluggable transport]: Assess Marionette for interation with Tor

[Tor Bug Tracker & Wiki]

#29272: Assess Marionette for interation with Tor
-+---
 Reporter:  cohosh   |  Owner:  (none)
 Type:  project  | Status:  new
 Priority:  Low  |  Milestone:
Component:  Obfuscation/Pluggable transport  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:  Sponsor19
-+---

Comment (by kat5):

 Related: [ticket:26920
 https://trac.torproject.org/projects/tor/ticket/26920]

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29426 [Obfuscation/Snowflake]: proxy-go instances receiving 504 errors from broker

[Tor Bug Tracker & Wiki]

#29426: proxy-go instances receiving 504 errors from broker
---+---
 Reporter:  cohosh |  Owner:  (none)
 Type:  defect | Status:  new
 Priority:  High   |  Milestone:
Component:  Obfuscation/Snowflake  |Version:
 Severity:  Normal |   Keywords:  snowflake
Actual Points: |  Parent ID:
   Points: |   Reviewer:
  Sponsor:  Sponsor19  |
---+---
 Log output:
 2019/02/07 12:11:51 broker returns: 504
 INFO: peerconnection.go:468: fired OnIceCandidateError:  143
 2019/02/07 12:12:01 broker returns: 504

 The broker is reporting no available snowflakes despite the fact that the
 proxies are running. Not sure if this is due to the deadlock problem or if
 these 504 errors indicate a problem with the proxy-broker communication.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29278 [Obfuscation/Pluggable transport]: Assess HTTP proxy

[Tor Bug Tracker & Wiki]

#29278: Assess HTTP proxy
-+---
 Reporter:  cohosh   |  Owner:  (none)
 Type:  task | Status:  new
 Priority:  Low  |  Milestone:
Component:  Obfuscation/Pluggable transport  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:  Sponsor19
-+---

Comment (by kat5):

 Related: [ticket:26923
 https://trac.torproject.org/projects/tor/ticket/26923]

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29425 [Metrics/Statistics]: Write integration tests for data-processing modules

[Tor Bug Tracker & Wiki]

#29425: Write integration tests for data-processing modules
+--
 Reporter:  karsten |  Owner:  metrics-team
 Type:  enhancement | Status:  new
 Priority:  Medium  |  Milestone:
Component:  Metrics/Statistics  |Version:
 Severity:  Normal  |   Keywords:
Actual Points:  |  Parent ID:
   Points:  |   Reviewer:
  Sponsor:  |
+--
 We discussed in Brussels that we'll need at least integration tests for
 metrics-web in order to make code changes like the Java 8 Date/Time API
 update.

 I started working on this. Here's what I did:
  - Pick a small set of descriptors as test data that are sufficient to
 produce at least something as .csv files.
  - Write a script that runs all data-processing modules.
  - Run the script once to get output that we would expect from future test
 runs.

 The result is too big (IMHO) to add to the Git repository. That's why I
 uploaded it here:

 https://people.torproject.org/~karsten/volatile/metrics-web-integ-
 tests.tar

 {{{
 shasum -a 256 metrics-web-integ-tests.tar
 728c4e4ee184f2260cd30286f2925aa627d7b3d572a236b646021cc1b461de10  metrics-
 web-integ-tests.tar
 }}}

 It would be great if somebody else besides me tries this out and verifies
 that their run produces the same output.

 A next good step after that would be to talk about where/how to put this
 under version control. If that's impossible, we might be able to reduce
 the test data size a bit more, but maybe not as substantial as we'd want.

 Oh, and we could probably fetch libs from Debian rather than shipping
 them. I didn't bother for now.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29425 [Metrics/Statistics]: Write integration tests for data-processing modules

[Tor Bug Tracker & Wiki]

#29425: Write integration tests for data-processing modules
+--
 Reporter:  karsten |  Owner:  metrics-team
 Type:  enhancement | Status:  needs_review
 Priority:  Medium  |  Milestone:
Component:  Metrics/Statistics  |Version:
 Severity:  Normal  | Resolution:
 Keywords:  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--
Changes (by karsten):

 * status:  new => needs_review


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29424 [Webpages/Styleguide]: Differentiate between internal and external links

[Tor Bug Tracker & Wiki]

#29424: Differentiate between internal and external links
-+--
 Reporter:  irl  |  Owner:  hiro
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Webpages/Styleguide  |Version:
 Severity:  Normal   |   Keywords:
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+--
 Currently Tor Metrics opens external links in a new tab. This is bad for
 two reasons:

 1) It gives external pages access to window.opener.location which could be
 used to redirect Tor Metrics users discreetly to a non-Tor Metrics site
 that does malicious things but looks like Tor Metrics
 2) It is bad for accessibility where users may use assistive technology
 that is upset when new tabs appear
 3) It is bad for users that might not want new tabs all over the place and
 are perfectly capable of using the back button

 It would still be good to be able to distinguish visually where there are
 external vs. internal links. I will leave the actual design/implementation
 up to UX people as I have no suggestions that I think are great.

 The following StackOverflow post talks about a CSS selector that can be
 used for external links:

 https://stackoverflow.com/questions/5379752/css-style-external-links

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29065 [Core Tor/Tor]: shellcheck: test_switch_id.sh issues

[Tor Bug Tracker & Wiki]

#29065: shellcheck: test_switch_id.sh issues
+
 Reporter:  rl1987  |  Owner:  rl1987
 Type:  defect  | Status:  needs_review
 Priority:  Medium  |  Milestone:  Tor: 0.4.1.x-final
Component:  Core Tor/Tor|Version:
 Severity:  Normal  | Resolution:
 Keywords:  technical-debt  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+
Changes (by nickm):

 * milestone:   => Tor: 0.4.1.x-final


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29068 [Core Tor/Tor]: shellcheck: zero_length_keys.sh issues

[Tor Bug Tracker & Wiki]

#29068: shellcheck: zero_length_keys.sh issues
+
 Reporter:  rl1987  |  Owner:  (none)
 Type:  defect  | Status:  needs_review
 Priority:  Medium  |  Milestone:  Tor: 0.4.1.x-final
Component:  Core Tor/Tor|Version:
 Severity:  Normal  | Resolution:
 Keywords:  technical-debt  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+
Changes (by nickm):

 * milestone:   => Tor: 0.4.1.x-final


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28716 [Applications/Tor Browser]: Create a mingw-w64-clang project

[Tor Bug Tracker & Wiki]

#28716: Create a mingw-w64-clang project
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  needs_review
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-rbm, TorBrowserTeam201902R,  |  Actual Points:
  GeorgKoppen201902  |
Parent ID:  #28238   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by cypherpunks33):

 Additional notes:
 > The build script follows mostly https://hg.mozilla.org/releases/mozilla-
 esr60/file/e93a8e6c81dc/taskcluster/scripts/misc/build-clang-trunk-
 mingw.sh.
 `echo "Provide either x86 or x64 to specify a toolchain."`
 There is no reason to ignore all ARM toolchains.

 `  crt_flags="--enable-lib32 --disable-lib64"`
 `  crt_flags="--disable-lib32 --enable-lib64"`
 For bi-arch x86 toolchain only.

 `  WRAPPER_FLAGS="-fsjlj-exceptions"`
 Better to have no exceptions than that. In short for now: it should be
 removed. Yes, it requires activating SafeSEH throughout the toolchain by
 default.

 `make_flags="-j$(nproc)"`
 Official builds use Ninja, and we should.

 `  patch -p1 < $HOME_DIR/src/build/build-clang/math.patch`
 The problem here is that when you add LLVM as a drop-in replacement for
 GCC (and not only clang for gcc), you shouldn't forget about MinGW-w64 is
 part of the GCC toolchain and expects to see GNU C/C++. Therefore, we
 should compile clang with `-std=gnu++14` instead of `-std=c++14`, used for
 clang-cl in build-clang.py

 `git clone https://github.com/llvm-mirror`
 We should use the official svn repo as in build-clang.py or the official
 github repo as recommended in https://llvm.org/docs/GettingStarted.html
 #checkout-llvm-from-git
 What's the reason of using unofficial repo from google dog?

 `  compiler_flags="--sysroot \$DIR/../$machine-w64-mingw32 -rtlib
 =compiler-rt -stdlib=libc++ -fuse-ld=lld $WRAPPER_FLAGS -fuse-cxa-atexit
 -Qunused-arguments"`
 Briefly, `-rtlib=compiler-rt -stdlib=libc++ -fuse-ld=lld $WRAPPER_FLAGS
 -fuse-cxa-atexit` should be added to defaults in compiler driver as in
 GCC.

 ` --enable-sdk=all \`
 Useless.

 ` --with-default-
 msvcrt=ucrt \`
 It should be set as default in upstream, because targeting ancient MS
 VC7's `msvcrt.dll` in project that dropped support for Windows XP is a
 nonsense, and it is forbidden by MS.

 {{{
  CC="$CC" \
  AR=llvm-ar \
  RANLIB=llvm-ranlib \
  DLLTOOL=llvm-dlltool \
 }}}
 and similar. Generally, they shouldn't be needed when symlinks from
 previous comment are used.

 `  -DCMAKE_C_COMPILER_TARGET=$compiler_rt_machine-windows-gnu \`
 We want native Windows, not GNU.

 `  # Below, we specify -g -gcodeview to build static libraries with debug
 information.`
 Official build-clang.py supports these:

 `* build_type: The type of build to make.  Supported types: Release,
 Debug, RelWithDebInfo or MinSizeRel.`
 The bug here seems to be that they add `-g -gcodeview` to `Release`
 instead of `RelWithDebInfo`.
 Also adding `build_type` feature to our LLVM toolchain could help to make
 true `Release` and `Debug` builds!

 `  -DCMAKE_CXX_FLAGS="${DEBUG_FLAGS} -nostdinc++
 -I$SRC_DIR/libcxx/include -DPSAPI_VERSION=2" \`
 This requires thorough investigation.

 `  -DCMAKE_CXX_FLAGS="${DEBUG_FLAGS}
 -D_LIBCPP_DISABLE_VISIBILITY_ANNOTATIONS -D_LIBCPP_HAS_THREAD_API_WIN32"
 \`
 These should be set automatically in upstream.

 {{{
   -DLIBCXX_ENABLE_EXPERIMENTAL_LIBRARY=OFF \
   -DLIBCXX_ENABLE_FILESYSTEM=OFF \
 }}}
 Really? What else? It's better to minimize the number of explicitly set
 defines.
 To be continued...

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29422 [Community/Tor Support]: Add to support portal how to verify Tor Browser signature

[Tor Bug Tracker & Wiki]

#29422: Add to support portal how to verify Tor Browser signature
---+--
 Reporter:  ggus   |  Owner:  ggus
 Type:  task   | Status:  assigned
 Priority:  Immediate  |  Milestone:
Component:  Community/Tor Support  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+--

Comment (by ggus):

 Example:

 https://tails.boum.org/install/linux/usb-download/index.en.html#install-
 inc-steps-download.inline.basic-openpgp

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29423 [Internal Services/Service - trac]: Enable search for non-logged in users on trac

[Tor Bug Tracker & Wiki]

#29423: Enable search for non-logged in users on trac
+--
 Reporter:  ln5 |  Owner:  qbi
 Type:  task| Status:  assigned
 Priority:  Medium  |  Component:  Internal Services/Service - trac
  Version:  |   Severity:  Normal
 Keywords:  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--
 Once apache2 qos is in place, #29421, enable search for non-loggedin users
 again.

 cf
 
https://trac.torproject.org/projects/tor/wiki/org/meetings/2019BrusselsAdminTeamMinutes#Trac

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29421 [Internal Services/Service - trac]: Install the qos apache module

[Tor Bug Tracker & Wiki]

#29421: Install the qos apache module
--+--
 Reporter:  ln5   |  Owner:  ln5
 Type:  task  | Status:  assigned
 Priority:  Medium|  Milestone:
Component:  Internal Services/Service - trac  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by ln5):

 * component:  Internal Services/Tor Sysadmin Team => Internal
 Services/Service - trac


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29422 [Community/Tor Support]: Add to support portal how to verify Tor Browser signature

[Tor Bug Tracker & Wiki]

#29422: Add to support portal how to verify Tor Browser signature
---+--
 Reporter:  ggus   |  Owner:  ggus
 Type:  task   | Status:  assigned
 Priority:  Immediate  |  Milestone:
Component:  Community/Tor Support  |Version:
 Severity:  Normal |   Keywords:
Actual Points: |  Parent ID:
   Points: |   Reviewer:
  Sponsor: |
---+--


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29421 [Internal Services/Tor Sysadmin Team]: Install the qos apache module

[Tor Bug Tracker & Wiki]

#29421: Install the qos apache module
+-
 Reporter:  ln5 |  Owner:  ln5
 Type:  task| Status:  assigned
 Priority:  Medium  |  Component:  Internal Services/Tor Sysadmin Team
  Version:  |   Severity:  Normal
 Keywords:  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+-
 When geyeri, serving donate.tpo, got hammered in December last year, we
 added the qos module to its apache2 and configured it to allow for at most
 11 or so simultaneous connections from a single source IP address. This
 saved donate.tpo, at the price of possibly making the site unusable for
 some people behind the same IP address.

 We should do that for the host serving trac and see if it helps with the
 sad trac situation when we're being crawled.

 cf
 
https://trac.torproject.org/projects/tor/wiki/org/meetings/2019BrusselsAdminTeamMinutes#Trac

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29420 [Internal Services/Service - trac]: Delete inactive users

[Tor Bug Tracker & Wiki]

#29420: Delete inactive users
--+--
 Reporter:  ln5   |  Owner:  qbi
 Type:  task  | Status:  assigned
 Priority:  Medium|  Milestone:
Component:  Internal Services/Service - trac  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by ln5):

 qf
 
https://trac.torproject.org/projects/tor/wiki/org/meetings/2019BrusselsAdminTeamMinutes#Trac

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29068 [Core Tor/Tor]: shellcheck: zero_length_keys.sh issues

[Tor Bug Tracker & Wiki]

#29068: shellcheck: zero_length_keys.sh issues
+--
 Reporter:  rl1987  |  Owner:  (none)
 Type:  defect  | Status:  needs_review
 Priority:  Medium  |  Milestone:
Component:  Core Tor/Tor|Version:
 Severity:  Normal  | Resolution:
 Keywords:  technical-debt  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--
Changes (by rl1987):

 * status:  new => needs_review


Comment:

 https://github.com/torproject/tor/pull/687

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29420 [Internal Services/Service - trac]: Delete inactive users

[Tor Bug Tracker & Wiki]

#29420: Delete inactive users
+--
 Reporter:  ln5 |  Owner:  qbi
 Type:  task| Status:  assigned
 Priority:  Medium  |  Component:  Internal Services/Service - trac
  Version:  |   Severity:  Normal
 Keywords:  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--
 We have tens of thousands of users, most of them created by bots and never
 used.

 Create a script that queries the db for last login time of all users and
 removes users that hasn't logged in for a year.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29419 [Internal Services/Service - dist]: Implement something resembling uploading to Debian

[Tor Bug Tracker & Wiki]

#29419: Implement something resembling uploading to Debian
+--
 Reporter:  ln5 |  Owner:  hiro
 Type:  task| Status:  assigned
 Priority:  Medium  |  Component:  Internal Services/Service - dist
  Version:  |   Severity:  Normal
 Keywords:  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--
 cf
 
https://trac.torproject.org/projects/tor/wiki/org/meetings/2019BrusselsAdminTeamMinutes#Cleaningunusedpackagesondist.tpo

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29418 [Internal Services/Service - dist]: Clean up dist.tpo once

[Tor Bug Tracker & Wiki]

#29418: Clean up dist.tpo once
+--
 Reporter:  ln5 |  Owner:  hiro
 Type:  task| Status:  assigned
 Priority:  Medium  |  Component:  Internal Services/Service - dist
  Version:  |   Severity:  Normal
 Keywords:  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--
 cf
 
https://trac.torproject.org/projects/tor/wiki/org/meetings/2019BrusselsAdminTeamMinutes#Cleaningunusedpackagesondist.tpo

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29417 [Internal Services/Tor Sysadmin Team]: Find test group and give them data to work with

[Tor Bug Tracker & Wiki]

#29417: Find test group and give them data to work with
+-
 Reporter:  ln5 |  Owner:  tpa
 Type:  task| Status:  new
 Priority:  Medium  |  Component:  Internal Services/Tor Sysadmin Team
  Version:  |   Severity:  Normal
 Keywords:  |  Actual Points:
Parent ID:  #29415  | Points:
 Reviewer:  |Sponsor:
+-
 Enroll ~10 Tor people to test NC. This would be the NC test group.

 Investigate if data in Sandstorm and SVN can be locked for updates, and
 with what granularity.
 The goal would be to _copy_ data from Sandstorm and SVN into NC during the
 evaulation period.

 Educate the test group enough to get them going.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29416 [Internal Services/Tor Sysadmin Team]: Decide whom to buy NC from and apply for resources

[Tor Bug Tracker & Wiki]

#29416: Decide whom to buy NC from and apply for resources
+-
 Reporter:  ln5 |  Owner:  tpa
 Type:  task| Status:  new
 Priority:  Medium  |  Component:  Internal Services/Tor Sysadmin Team
  Version:  |   Severity:  Normal
 Keywords:  |  Actual Points:
Parent ID:  #29415  | Points:
 Reviewer:  |Sponsor:
+-
 Try finding a provider of NC with decent presence in the US wrt network
 capacity, latency.

 Ask for $monetary-resources for a test period of 6 months for buying NC
 for evaluation.

 The ask for Hetzner is probably 10 EUR/month for the size of instance we'd
 want.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29065 [Core Tor/Tor]: shellcheck: test_switch_id.sh issues

[Tor Bug Tracker & Wiki]

#29065: shellcheck: test_switch_id.sh issues
+--
 Reporter:  rl1987  |  Owner:  rl1987
 Type:  defect  | Status:  needs_review
 Priority:  Medium  |  Milestone:
Component:  Core Tor/Tor|Version:
 Severity:  Normal  | Resolution:
 Keywords:  technical-debt  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--
Changes (by rl1987):

 * status:  accepted => needs_review


Comment:

 https://github.com/torproject/tor/pull/688

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29415 [Internal Services/Tor Sysadmin Team]: Evaluating NextCloud as replacement for Sandstorm and SVN

[Tor Bug Tracker & Wiki]

#29415: Evaluating NextCloud as replacement for Sandstorm and SVN
-+-
 Reporter:  ln5  |  Owner:  tpa
 Type:  project  | Status:  new
 Priority:  Medium   |  Component:  Internal Services/Tor Sysadmin Team
  Version:   |   Severity:  Normal
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
 Tracking the progress of evaluating NC.

 cf
 
https://trac.torproject.org/projects/tor/wiki/org/meetings/2019BrusselsAdminTeamMinutes#NextCloudNCasaSandstormandSVNreplacement

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29414 [Internal Services/Tor Sysadmin Team]: Find out who could help maintain survey.tp.o

[Tor Bug Tracker & Wiki]

#29414: Find out who could help maintain survey.tp.o
+-
 Reporter:  ln5 |  Owner:  tpa
 Type:  task| Status:  new
 Priority:  Medium  |  Component:  Internal Services/Tor Sysadmin Team
  Version:  |   Severity:  Normal
 Keywords:  |  Actual Points:
Parent ID:  #29412  | Points:
 Reviewer:  |Sponsor:
+-


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29413 [Internal Services/Tor Sysadmin Team]: Find out who could help maintain storm.tp.o

[Tor Bug Tracker & Wiki]

#29413: Find out who could help maintain storm.tp.o
+-
 Reporter:  ln5 |  Owner:  tpa
 Type:  task| Status:  new
 Priority:  Medium  |  Component:  Internal Services/Tor Sysadmin Team
  Version:  |   Severity:  Normal
 Keywords:  |  Actual Points:
Parent ID:  #29412  | Points:
 Reviewer:  |Sponsor:
+-


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29411 [Internal Services/Tor Sysadmin Team]: Find out who should be on tormedia and who could be a co-maintainer

[Tor Bug Tracker & Wiki]

#29411: Find out who should be on tormedia and who could be a co-maintainer
-+-
 Reporter:  ln5  |  Owner:  tpa
 Type:  task | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:  #29412   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by ln5):

 * parent:   => #29412


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29412 [Internal Services/Tor Sysadmin Team]: Find co-maintainers for hiro

[Tor Bug Tracker & Wiki]

#29412: Find co-maintainers for hiro
+-
 Reporter:  ln5 |  Owner:  tpa
 Type:  task| Status:  new
 Priority:  Medium  |  Component:  Internal Services/Tor Sysadmin Team
  Version:  |   Severity:  Normal
 Keywords:  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+-
 Being the only service owner is never good, and especially not for someone
 who's also in the sysadmin team.

 This ticket tracks the progress of identifying services where hiro is the
 sole maintainer, and fixing them.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29410 [Internal Services/Tor Sysadmin Team]: Can Prometheus help with multiple checks turning into one single alarm?

[Tor Bug Tracker & Wiki]

#29410: Can Prometheus help with multiple checks turning into one single alarm?
+-
 Reporter:  ln5 |  Owner:  tpa
 Type:  task| Status:  new
 Priority:  Medium  |  Component:  Internal Services/Tor Sysadmin Team
  Version:  |   Severity:  Normal
 Keywords:  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+-
 This question came up when discussing doing more checks of services over
 IPv6.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29411 [Internal Services/Tor Sysadmin Team]: Find out who should be on tormedia and who could be a co-maintainer

[Tor Bug Tracker & Wiki]

#29411: Find out who should be on tormedia and who could be a co-maintainer
+-
 Reporter:  ln5 |  Owner:  tpa
 Type:  task| Status:  new
 Priority:  Medium  |  Component:  Internal Services/Tor Sysadmin Team
  Version:  |   Severity:  Normal
 Keywords:  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+-


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29400 [Internal Services/Tor Sysadmin Team]: Evaluation of Gitlab

[Tor Bug Tracker & Wiki]

#29400: Evaluation of Gitlab
-+-
 Reporter:  ln5  |  Owner:  tpa
 Type:  project  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by ahf):

 Replying to [comment:1 gk]:
 > I don't know Gitlab but if we switch to a new bug tracker, then please
 one which has built-in features to deal with security bugs. That's the
 first thing that comes to my mind here.

 Gitlab have a concept called "confidential issues". Please see:
 https://docs.gitlab.com/ee/user/project/issues/confidential_issues.html

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29409 [Internal Services/Tor Sysadmin Team]: Host-alive checks (ping) on IPv6

[Tor Bug Tracker & Wiki]

#29409: Host-alive checks (ping) on IPv6
+-
 Reporter:  ln5 |  Owner:  weasel
 Type:  task| Status:  assigned
 Priority:  Medium  |  Component:  Internal Services/Tor Sysadmin Team
  Version:  |   Severity:  Normal
 Keywords:  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+-


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29400 [Internal Services/Tor Sysadmin Team]: Evaluation of Gitlab

[Tor Bug Tracker & Wiki]

#29400: Evaluation of Gitlab
-+-
 Reporter:  ln5  |  Owner:  tpa
 Type:  project  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by arma):

 For the trac side, be sure to involve gaba, pili, and isa since they have
 considered our trac requirements.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29315 [Metrics/Website]: Write down guidelines for adding new stats

[Tor Bug Tracker & Wiki]

#29315: Write down guidelines for adding new stats
-+--
 Reporter:  karsten  |  Owner:  karsten
 Type:  enhancement  | Status:  needs_review
 Priority:  Medium   |  Milestone:
Component:  Metrics/Website  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:  3
 Reviewer:   |Sponsor:
-+--

Comment (by karsten):

 Replying to [comment:2 juga]:
 > Read it, sounds good to me.
 > I'd just add the links to all the projects you mention and Tor
 proposals.

 Yep, agreed.

 > Nitpick: "your data", i never thought i was asking metrics to publish
 "my data" but rather Tor network data.

 Ah, interesting point.

 The reason why the document says "you" and "me" is that it's basically the
 transcription of an imaginary conversation I had with dgoulet or ahf or
 teor or you. And of course I didn't mean "your data" as in "juga's data",
 but I think you didn't mean that either.

 The decision how to refer to the tool providing data is an important one.
 I wanted to make clear that Tor Metrics does not suddenly become the owner
 of the tool, neither with respect to its code nor to its operation, not
 even of the part that exports data to Tor Metrics. There must be a clear
 interface, and the owner of the tool providing the data will always stay
 in charge of the parts beyond that interface from a Tor Metrics point of
 view. It's not that Tor network data magically lands on Tor Metrics and
 nobody feels responsible anymore. I think I implicitly wanted to make that
 clear by using "you" and "we" in the document.

 I'm open to different suggestions, though. This is just the very first
 draft, and we'll improve it as we add more of ''"your"'' Tor network data
 to Tor Metrics. :)

 Thanks for the feedback!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29408 [Internal Services/Tor Sysadmin Team]: Can we move TB downloads to CDN?

[Tor Bug Tracker & Wiki]

#29408: Can we move TB downloads to CDN?
+-
 Reporter:  ln5 |  Owner:  ln5
 Type:  task| Status:  assigned
 Priority:  Medium  |  Component:  Internal Services/Tor Sysadmin Team
  Version:  |   Severity:  Normal
 Keywords:  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+-
 Talk to TB team about the possibilities of moving TB downloads to fast.ly.
 TB upgrades are there already.

 cf
 
https://trac.torproject.org/projects/tor/wiki/org/meetings/2019BrusselsAdminTeamMinutes#CDNusevs.ownstaticrotationnetwork

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29407 [Internal Services/Tor Sysadmin Team]: Get search.tpo going

[Tor Bug Tracker & Wiki]

#29407: Get search.tpo going
+-
 Reporter:  ln5 |  Owner:  hiro
 Type:  defect  | Status:  assigned
 Priority:  Medium  |  Component:  Internal Services/Tor Sysadmin Team
  Version:  |   Severity:  Normal
 Keywords:  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+-
 Refresh the email thread from November 2018 with the options from the
 
[https://trac.torproject.org/projects/tor/wiki/org/meetings/2019BrusselsAdminTeamMinutes#Search
 Brussels meeting outcome].

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29406 [Internal Services/Tor Sysadmin Team]: Retire brulloi

[Tor Bug Tracker & Wiki]

#29406: Retire brulloi
+-
 Reporter:  ln5 |  Owner:  tpa
 Type:  task| Status:  new
 Priority:  Medium  |  Component:  Internal Services/Tor Sysadmin Team
  Version:  |   Severity:  Normal
 Keywords:  |  Actual Points:
Parent ID:  #29403  | Points:
 Reviewer:  |Sponsor:
+-
 Once the new backup box has full backups for all our systems, retire
 brulloi and cancel it with Hetzner (ie stop paying for it).

 We've got money for two months of overlap, running both boxes, approved.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29405 [Internal Services/Tor Sysadmin Team]: Install new box and configure bacula on it

[Tor Bug Tracker & Wiki]

#29405: Install new box and configure bacula on it
+-
 Reporter:  ln5 |  Owner:  tpa
 Type:  task| Status:  new
 Priority:  Medium  |  Component:  Internal Services/Tor Sysadmin Team
  Version:  |   Severity:  Normal
 Keywords:  |  Actual Points:
Parent ID:  #29403  | Points:
 Reviewer:  |Sponsor:
+-
 See brulloi for current setup.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29404 [Internal Services/Tor Sysadmin Team]: Order an SX132 from Hetzner

[Tor Bug Tracker & Wiki]

#29404: Order an SX132 from Hetzner
+-
 Reporter:  ln5 |  Owner:  tpa
 Type:  task| Status:  new
 Priority:  Medium  |  Component:  Internal Services/Tor Sysadmin Team
  Version:  |   Severity:  Normal
 Keywords:  |  Actual Points:
Parent ID:  #29403  | Points:
 Reviewer:  |Sponsor:
+-
 See https://www.hetzner.com/dedicated-rootserver/matrix-sx

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29065 [Core Tor/Tor]: shellcheck: test_switch_id.sh issues

[Tor Bug Tracker & Wiki]

#29065: shellcheck: test_switch_id.sh issues
+--
 Reporter:  rl1987  |  Owner:  rl1987
 Type:  defect  | Status:  accepted
 Priority:  Medium  |  Milestone:
Component:  Core Tor/Tor|Version:
 Severity:  Normal  | Resolution:
 Keywords:  technical-debt  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--
Changes (by rl1987):

 * owner:  (none) => rl1987
 * status:  new => accepted


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29403 [Internal Services/Tor Sysadmin Team]: Replace current backup box with a newer one

[Tor Bug Tracker & Wiki]

#29403: Replace current backup box with a newer one
-+-
 Reporter:  ln5  |  Owner:  tpa
 Type:  project  | Status:  new
 Priority:  Medium   |  Component:  Internal Services/Tor Sysadmin Team
  Version:   |   Severity:  Normal
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
 We're replacing brulloi, used for backup storage, with a new beefier one.
 This ticket tracks the progress of this.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29400 [Internal Services/Tor Sysadmin Team]: Evaluation of Gitlab

[Tor Bug Tracker & Wiki]

#29400: Evaluation of Gitlab
-+-
 Reporter:  ln5  |  Owner:  tpa
 Type:  project  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * cc: gk (added)


Comment:

 I don't know Gitlab but if we switch to a new bug tracker, then please one
 which has built-in features to deal with security bugs. That's the first
 thing that comes to my mind here.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29402 [Internal Services/Tor Sysadmin Team]: New VM for gitlab

[Tor Bug Tracker & Wiki]

#29402: New VM for gitlab
+-
 Reporter:  ln5 |  Owner:  tpa
 Type:  task| Status:  new
 Priority:  Medium  |  Component:  Internal Services/Tor Sysadmin Team
  Version:  |   Severity:  Normal
 Keywords:  |  Actual Points:
Parent ID:  #29400  | Points:
 Reviewer:  |Sponsor:
+-
 Create a test VM. similar to godard.debian.org (the host running salsa).

 It should definitely have apache2 and likely have postfix and dovecot
 installed and configured. These services are run by tpa.

 Ping the gitlab team once the VM is up and running, due week 7 (March 17).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29401 [Internal Services/Tor Sysadmin Team]: New group for gitlab

[Tor Bug Tracker & Wiki]

#29401: New group for gitlab
+-
 Reporter:  ln5 |  Owner:  tpa
 Type:  task| Status:  new
 Priority:  Medium  |  Component:  Internal Services/Tor Sysadmin Team
  Version:  |   Severity:  Normal
 Keywords:  |  Actual Points:
Parent ID:  #29400  | Points:
 Reviewer:  |Sponsor:
+-
 - ahf
 - dgoulet
 - hiro

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29400 [Internal Services/Tor Sysadmin Team]: Evaluation of Gitlab

[Tor Bug Tracker & Wiki]

#29400: Evaluation of Gitlab
-+-
 Reporter:  ln5  |  Owner:  tpa
 Type:  project  | Status:  new
 Priority:  Medium   |  Component:  Internal Services/Tor Sysadmin Team
  Version:   |   Severity:  Normal
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
 We are going to evaluate Gitlab as a replacement for trac, gitweb.tpo,
 git-rw.tpo, github.com.

 This ticket tracks the progress of the setup of a Gitlab service.

 cf
 
https://trac.torproject.org/projects/tor/wiki/org/meetings/2019BrusselsAdminTeamMinutes#gitlabservice

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29399 [Internal Services/Tor Sysadmin Team]: Retire host and services for tordnsel and check

[Tor Bug Tracker & Wiki]

#29399: Retire host and services for tordnsel and check
+-
 Reporter:  ln5 |  Owner:  tpa
 Type:  task| Status:  new
 Priority:  Medium  |  Component:  Internal Services/Tor Sysadmin Team
  Version:  |   Severity:  Normal
 Keywords:  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+-
 Metrics team will re-implement the tordnsel and check services and have
 them deployment ready by end of March 2019. Once up on a new host, retire
 chiwui.tpo.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29391 [Core Tor/Tor]: Put git branch-maintenance scripts into scripts directory

[Tor Bug Tracker & Wiki]

#29391: Put git branch-maintenance scripts into scripts directory
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  enhancement   | Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.4.0.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:  0
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by rl1987):

 Perhaps let's use `.sh` extensions for the new script files, so that they
 are covered by shellcheck on Travis?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29398 [Internal Services/Tor Sysadmin Team]: Create a template for requesting infrastructure resources

[Tor Bug Tracker & Wiki]

#29398: Create a template for requesting infrastructure resources
+-
 Reporter:  ln5 |  Owner:  tpa
 Type:  task| Status:  new
 Priority:  Medium  |  Component:  Internal Services/Tor Sysadmin Team
  Version:  |   Severity:  Normal
 Keywords:  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+-
 Publish the template decided upon in the Brussels meeting and announce it
 internaly.

 cf
 
https://trac.torproject.org/projects/tor/wiki/org/meetings/2019BrusselsAdminTeamMinutes#Helpusersimprovewhenrequestingresources

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs