The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2024-01-29T19:18:54Zhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42307Consider adjusting Nightly app icon color for a11y2024-01-29T19:18:54ZThorinConsider adjusting Nightly app icon color for a11yI used https://www.color-blindness.com/coblis-color-blindness-simulator/ cc @donuts to triage
![colors](/uploads/9a40f550015248dda2a429d6ad58843e/colors.png)I used https://www.color-blindness.com/coblis-color-blindness-simulator/ cc @donuts to triage
![colors](/uploads/9a40f550015248dda2a429d6ad58843e/colors.png)nicobnicobhttps://gitlab.torproject.org/tpo/core/arti/-/issues/1138Shall we start setting the Host header in our HTTP requests?2023-11-27T14:46:20ZNick MathewsonShall we start setting the Host header in our HTTP requests?We only claim to be speaking HTTP 1.0, so we aren't strictly required to set the Host header. (The Host header became mandatory in HTTP 1.1.) Nonetheless, C tor sets the Host header unconditionally; it may be that we want to do so as we...We only claim to be speaking HTTP 1.0, so we aren't strictly required to set the Host header. (The Host header became mandatory in HTTP 1.1.) Nonetheless, C tor sets the Host header unconditionally; it may be that we want to do so as well.
See #1024 for a little discussion.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42305(Semi-)Automatically merge translation resources across tor browser releases ...2024-03-26T20:31:08Zhenry(Semi-)Automatically merge translation resources across tor browser releases (desktop)/cc @emmapeel @pierov
When I had my time offline the week before last I wrote a script to which takes a `tor-browser` or `firefox-android` translation file (`.dtd`, `.properties`, `.ftl`, or android `.xml`), and a new and an old branch.../cc @emmapeel @pierov
When I had my time offline the week before last I wrote a script to which takes a `tor-browser` or `firefox-android` translation file (`.dtd`, `.properties`, `.ftl`, or android `.xml`), and a new and an old branch name, and merges the versions found in both branches together with a comment added for strings that will be dropped at the next release. Here is the initial draft of the script if you want a quick look: [combine-translation-versions.py](/uploads/83cf1424566cf3b3222e6a60682bcc56/combine-translation-versions.py)
We could use the output as the `en-US` source files for weblate, combining both the strings needed for the next release as well as for the current stable release. The idea being that in tor-browser we can stop trying to maintain all the old strings in the current development branch that are still needed for the current stable release. And we can avoid having to manual clean ups of old strings, like in https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42221.
E.g., if we have `tor-browser.ftl` in tor-browser-xxx-13.5 with the content
```
string1 = String 1
new-string = New String
string2 = String 2
```
and in tor-browser-xxx-13.0 with the content
```
old-string = Old String
string1 = String 1
string2 = String 2
```
the script would output
```
string1 = String 1
new-string = New String
string2 = String 2
## Will be unused in Tor Browser 13.5!
old-string = Old String
```
The reason I add the comment is to provide a little notification to weblate translators in the "Source string description" to let them know that a string has a short lifetime. Weblate doesn't support descriptions for `.dtd` though so it won't work for that format.
@emmapeel and @pierov what do you think? And where would we want to run this script?
I guess we basically want to merge the translations files from both the branch used for current nightly and current stable. I'm not sure if this can be automatically pulled from `tor-browser-build` in a convenient way, or whether we would need some manual input.henryhenryhttps://gitlab.torproject.org/tpo/network-health/metrics/descriptorParser/-/issues/62Add `dirauth_nickname` as label in Victoria Metrics2024-01-16T13:49:10ZjugaAdd `dirauth_nickname` as label in Victoria Metricsto be able to filter by bwauth, in a similar way we can filter by `fingeprint` and `node`. This needs #61to be able to filter by bwauth, in a similar way we can filter by `fingeprint` and `node`. This needs #61https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42300Do not store logs inside TorProvider2023-12-21T09:04:03ZPier Angelo VendrameDo not store logs inside TorProviderDropping the entire `TorProvider` in case of failure has some advantages, but also a big disadvantage: logs are stored in the `TorProvider` object.
When we drop it we also drop logs.
If Tor died for an actual bug/problem, we remove the ...Dropping the entire `TorProvider` in case of failure has some advantages, but also a big disadvantage: logs are stored in the `TorProvider` object.
When we drop it we also drop logs.
If Tor died for an actual bug/problem, we remove the way of knowing that.
So, we shouldn't store the logs in the provider, but store them elsewhere.
/related #41921https://gitlab.torproject.org/tpo/tpa/team/-/issues/41412fail2ban ineffective on submit-012023-11-22T18:01:51Zanarcatfail2ban ineffective on submit-01We're seeing repeated failed authentication attempts in the postfix logs and they do not seem to get picked up by fail2ban, investigate.We're seeing repeated failed authentication attempts in the postfix logs and they do not seem to get picked up by fail2ban, investigate.https://gitlab.torproject.org/tpo/core/torspec/-/issues/242Followups from cert-spec revision2023-11-22T17:32:35ZNick MathewsonFollowups from cert-spec revisionWhile reviewing !221, @Diziet made a bunch of good suggestions. I should implement them _after !226 (which is based on !221) also goes in, to avoid conflicts.While reviewing !221, @Diziet made a bunch of good suggestions. I should implement them _after !226 (which is based on !221) also goes in, to avoid conflicts.Nick MathewsonNick Mathewsonhttps://gitlab.torproject.org/tpo/core/onionmasq/-/issues/81Make the CI build the Docker images used for other CI tasks2024-02-02T00:04:30ZetaMake the CI build the Docker images used for other CI taskshttps://gitlab.torproject.org/tpo/core/onionmasq/-/commit/4f410442a8baf3c0898ffe31520e7c8ee6708b4c switched the image used in CI to one I built locally on my machine. We should get the image to be built in CI instead, and run that regula...https://gitlab.torproject.org/tpo/core/onionmasq/-/commit/4f410442a8baf3c0898ffe31520e7c8ee6708b4c switched the image used in CI to one I built locally on my machine. We should get the image to be built in CI instead, and run that regularly (for example, when the Renovate bot bumps the versions used).https://gitlab.torproject.org/tpo/ux/design/-/issues/63Develop a workflow to use Firefox's libraries2023-12-08T21:18:55ZdonutsDevelop a workflow to use Firefox's librariesMozilla have generously provided us with guest access to their Figma libraries for Firefox. Since they're on a separate team from us, it doesn't look like we can "add" these libraries to our files in the same manner we can with internal ...Mozilla have generously provided us with guest access to their Figma libraries for Firefox. Since they're on a separate team from us, it doesn't look like we can "add" these libraries to our files in the same manner we can with internal libraries.
We can export each library as a .fig, and re-import it into our Figma team, however I think Figma will drop the associations between each file in the process (e.g. color styles from the Styles file that get reused in design files). Alternatively, we can copy/paste individual components across where needed.
With both approaches, we'd lose updates from the canonical libraries on Mozilla's end in the process too.https://gitlab.torproject.org/tpo/tpa/team/-/issues/41410monitor GitLab's incoming email processing2023-11-21T21:39:07Zanarcatmonitor GitLab's incoming email processingIn #41409, incoming email stopped being processed by GitLab. No alarm was raised, and only because @boklm noticed did we even know we need to do something.
We should monitor the number of mails in /srv/mail/git@gitlab.torproject.org/Mai...In #41409, incoming email stopped being processed by GitLab. No alarm was raised, and only because @boklm noticed did we even know we need to do something.
We should monitor the number of mails in /srv/mail/git@gitlab.torproject.org/Maildir/. If it's above zero for, say, two minutes, a flag should be raised. We should also check the age of that mailbox so that it's not older than, say, a week or so, to confirm that email is coming in as well, although this is a poor replacement for end-to-end testing...https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42290"DuckDuckGoOnion" is a weird naming format for onion search engines2024-03-01T23:19:31Zdonuts"DuckDuckGoOnion" is a weird naming format for onion search enginesAt some point, we seem to have adopted this naming convention for default search engine options provided over onions in Tor Browser.
For example, on desktop we have:
- DuckDuckGoOnion
- BlockchairOnion
and on Android:
- DuckDuckGoOni...At some point, we seem to have adopted this naming convention for default search engine options provided over onions in Tor Browser.
For example, on desktop we have:
- DuckDuckGoOnion
- BlockchairOnion
and on Android:
- DuckDuckGoOnion
Our naming conventions for onion sites can be inconsistent at best, but I think "DuckDuckGo onion" would be an improvement, and "DuckDuckGo onion site" seems like the most official way to describe an onion search engine (see [Glossary / onion site](https://support.torproject.org/glossary/#onion-site)).https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/4228913.5 FP list [part 1: the easy stuff]2024-02-27T15:03:37ZThorin13.5 FP list [part 1: the easy stuff]details to follow
cc: @pierov @richard @cypherpunks1details to follow
cc: @pierov @richard @cypherpunks1https://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/39Make lox-distributor listening port configurable2024-01-22T15:15:35ZCecylia BocovichMake lox-distributor listening port configurableRight now we have the lox distributor [hard-coded to listen on port 8001](https://gitlab.torproject.org/tpo/anti-censorship/lox/-/blob/main/crates/lox-distributor/src/main.rs?ref_type=heads#L351). We should make this configurable.Right now we have the lox distributor [hard-coded to listen on port 8001](https://gitlab.torproject.org/tpo/anti-censorship/lox/-/blob/main/crates/lox-distributor/src/main.rs?ref_type=heads#L351). We should make this configurable.https://gitlab.torproject.org/tpo/core/arti/-/issues/1134Create new introduction circuit when DosParams changes2024-02-22T14:55:45ZNick MathewsonCreate new introduction circuit when DosParams changesWhen the DosParams extension changes, we should create new circuits to our introduction points with the updated value.
From a comment introduced in arti!1740:
```rust
// TODO HSS:
//
// We want to make a new introduction ci...When the DosParams extension changes, we should create new circuits to our introduction points with the updated value.
From a comment introduced in arti!1740:
```rust
// TODO HSS:
//
// We want to make a new introduction circuit if our dos parameters change,
// which means that we should possibly be watching for changes in our
// configuration. Right now, though, we only copy out the configuration
// on startup.
```Arti: Onion service supporthttps://gitlab.torproject.org/tpo/core/arti/-/issues/1133Clean up references to DOS_PARAMS to match spec.2023-11-16T16:49:06ZNick MathewsonClean up references to DOS_PARAMS to match spec.See discussion at arti!1740.
Once the torspec cleanups in torspec!229 are merged, and all the relevant parts of the `DOS_PARAMS` description have nice anchors and clean text, we should change our documentation to quote the spec rather t...See discussion at arti!1740.
Once the torspec cleanups in torspec!229 are merged, and all the relevant parts of the `DOS_PARAMS` description have nice anchors and clean text, we should change our documentation to quote the spec rather than paraphrase it (as appropriate).Arti: Onion service supportNick MathewsonNick Mathewsonhttps://gitlab.torproject.org/tpo/core/arti/-/issues/1132Make sure the publisher handles upload failures gracefully2023-12-04T18:01:18Zgabi-250Make sure the publisher handles upload failures gracefully```
// TODO HSS: if upload_all fails, we don't reattempt the upload until a state
// change is triggered by an external event (such as a consensus or IPT change)
``````
// TODO HSS: if upload_all fails, we don't reattempt the upload until a state
// change is triggered by an external event (such as a consensus or IPT change)
```Arti: Onion service supportgabi-250gabi-250https://gitlab.torproject.org/tpo/core/arti/-/issues/1130Revisit descriptor publisher rate-limiting logic2023-12-04T18:01:18Zgabi-250Revisit descriptor publisher rate-limiting logicWe have several TODOs about deciding whether our current rate-limiting approach is good enough, or if we should rate-limit uploads on a per-hsdir basis.We have several TODOs about deciding whether our current rate-limiting approach is good enough, or if we should rate-limit uploads on a per-hsdir basis.Arti: Onion service supportgabi-250gabi-250https://gitlab.torproject.org/tpo/core/arti/-/issues/1128Use a postage::watch channel for receiving onion svc config changes in publis...2024-01-11T18:46:12Zgabi-250Use a postage::watch channel for receiving onion svc config changes in publisher.~~This is needed by the publisher (if the config changes, it may need to republish the descriptor).~~
This now exists, and just needs to get used.~~This is needed by the publisher (if the config changes, it may need to republish the descriptor).~~
This now exists, and just needs to get used.Arti: Onion service supporthttps://gitlab.torproject.org/tpo/core/arti/-/issues/1126Consider making arti_pattern() usable more generally2024-01-13T21:11:31Zgabi-250Consider making arti_pattern() usable more generallyContext https://gitlab.torproject.org/tpo/core/arti/-/merge_requests/1733#note_2966402Context https://gitlab.torproject.org/tpo/core/arti/-/merge_requests/1733#note_2966402Arti: Onion service supportgabi-250gabi-250https://gitlab.torproject.org/tpo/core/arti/-/issues/1123Descriptor publisher status2024-01-09T16:43:48Zgabi-250Descriptor publisher statusImplement `Publisher::status()`.Implement `Publisher::status()`.Arti: Onion service supportgabi-250gabi-250