The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2023-09-21T01:19:30Zhttps://gitlab.torproject.org/tpo/tpa/team/-/issues/40826materculae will run out of disk space in a year2023-09-21T01:19:30Zanarcatmaterculae will run out of disk space in a yearso we've just had a soft warning that materculae has hit our magic 15% free disk limit. looking at this graph, it seems we've taken up about 17GB in the last year, with 20 remaining:
![image](/uploads/e4118ed09adfc0dc1d86b88b60acb63c/im...so we've just had a soft warning that materculae has hit our magic 15% free disk limit. looking at this graph, it seems we've taken up about 17GB in the last year, with 20 remaining:
![image](/uploads/e4118ed09adfc0dc1d86b88b60acb63c/image.png)
https://grafana.torproject.org/d/zbCoGRjnz/disk-usage?orgId=1&var-instance=materculae.torproject.org&from=now-1y&to=now
so this will become a real problem, but not before a year (!). i'd still like to figure out what to do with this to keep nagios clean... is it normal that the disk usage keeps growing? maybe we can grow available disk space already? `/var/lib/postgresql` is at 150GB right now.
/cc @hirohttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake-webext/-/issues/45Daily number of users helped gone to zero.2023-01-02T16:07:01ZcypherpunksDaily number of users helped gone to zero.Ever since the update to version 0.6.0 of the Webextension, I've stopped seeing active or past connections. I only got a single connected user a few hours ago, several days after I updated to this version. I'm used to seeing around 5-15 ...Ever since the update to version 0.6.0 of the Webextension, I've stopped seeing active or past connections. I only got a single connected user a few hours ago, several days after I updated to this version. I'm used to seeing around 5-15 users helped daily.
Maybe there are practically no users connecting to my snowflake, or they are connecting but aren't being counted properly anymore.
I see "Distributed Snowflake Server Support" in the version release notes. Could this have something to do with this?shelikhooshelikhoohttps://gitlab.torproject.org/tpo/tpa/team/-/issues/40825silence errors from MegaRAID arrays on chi-node-XX2023-02-21T19:37:35Zanarcatsilence errors from MegaRAID arrays on chi-node-XXin #40732, we have reported that
> Since chi-node-11 was deployed we have been seeing errors like this in Nagios:
>
> ```
> WARNING: 0:0:RAID-1:2 drives:465.25GB:Optimal Drives:2 (1750 Errors: 0 media, 0 predictive, 1750 other)
> ```
>...in #40732, we have reported that
> Since chi-node-11 was deployed we have been seeing errors like this in Nagios:
>
> ```
> WARNING: 0:0:RAID-1:2 drives:465.25GB:Optimal Drives:2 (1750 Errors: 0 media, 0 predictive, 1750 other)
> ```
>
> In the controller event log (`megacli -AdpEventLog -GetEvents -f /dev/stdout -A0`) these messages are repeated:
>
> ```
> seqNum: 0x00005010
> Time: Wed Apr 20 19:53:54 2022
>
> Code: 0x00000071
> Class: 0
> Locale: 0x02
> Event Description: Unexpected sense: PD 00(e0x20/s0) Path 1221000000000000, CDB: 4d 00 4d 00 00 00 00 00 20 00, Sense: 5/24/00
> Event Data:
> ===========
> Device ID: 0
> Enclosure Index: 32
> Slot Number: 0
> CDB Length: 10
> CDB Data:
> 004d 0000 004d 0000 0000 0000 0000 0000 0020 0000 0000 0000 0000 0000 0000 0000 Sense Length: 18
> Sense Data:
> 0070 0000 0005 0000 0000 0000 0000 000a 0000 0000 0000 0000 0024 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
> ```
Those errors were ultimately determined to be harmless, but we still have recurring alerts in Nagios about this problem.
and while we can ACK those errors, in the long run it would be better if the monitoring system could tell what is a real error and what is not. It could mean ignoring "other" errors like those, or refining the group of errors to better qualify whether it's worth alerting on.Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40567Set up new signing machine for non-macOS signing2023-08-22T19:45:30ZGeorg KoppenSet up new signing machine for non-macOS signingThis ticket is mostly driven by our need to getting the android token running. But it might be smart to do it anyway to deal with a bunch of other tickets/issues, too.This ticket is mostly driven by our need to getting the android token running. But it might be smart to do it anyway to deal with a bunch of other tickets/issues, too.Sponsor 131 - Phase 4 - Browser Release Managementboklmboklmhttps://gitlab.torproject.org/tpo/core/arti/-/issues/516invalid permissions for cache directories on windows2022-07-14T13:06:17ZYnethinvalid permissions for cache directories on windows### Summary
Cannot use arti client on windows, it fails on error `Error { detail: DirMgr(CantAdvanceState) `
DirMgr log says it has invalid permissions for cache directory, but I am able to see some sqlite fires there.
### Steps to rep...### Summary
Cannot use arti client on windows, it fails on error `Error { detail: DirMgr(CantAdvanceState) `
DirMgr log says it has invalid permissions for cache directory, but I am able to see some sqlite fires there.
### Steps to reproduce:
1. get windows
2. start arti client
### What is the current bug behavior?
It fails to start arti client
### What is the expected behavior?
It should start arti client
### Environment
- Version: 0.5.0
- Operating system: Windows 10
- Install method: cargo install arti, or art-client crate in my app.
### Relevant logs and/or screenshots:
Logs from my program:
thread 'main' panicked at 'called Result::unwrap() on an Err value: Error { detail: DirMgr(CantAdvanceState) }'
### Possible fixes:
-Alexander Færøyahf@torproject.orgAlexander Færøyahf@torproject.orghttps://gitlab.torproject.org/tpo/onion-services/onion-launchpad/-/issues/24Deployment documentation for the Landing Page2024-03-27T21:42:12ZSilvio RhattoDeployment documentation for the Landing Page* [x] Include deployment documentation in the Landing Page's [README.md](https://gitlab.torproject.org/tpo/onion-services/sponsor123-landing-page/-/blob/main/README.md) and/or `docs/` folder.
* [ ] Document the simpler procedure (user fo...* [x] Include deployment documentation in the Landing Page's [README.md](https://gitlab.torproject.org/tpo/onion-services/sponsor123-landing-page/-/blob/main/README.md) and/or `docs/` folder.
* [ ] Document the simpler procedure (user forks Onion Launchpad's mirror on GitLab or GitHub, then configure and trigger a build).
* [ ] Document logo filename convention for automatic translations.
* [ ] Include a screenshot.
* [ ] Explain that it's useful both as a censorship circumvention tool
and as a landing portal for onion-only sites that needs to include
documentation for their users about how to get access.Onion Launchpad - 2024.Q2Silvio RhattoSilvio Rhatto2024-04-30https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conjure/-/issues/12Use safelog at the server2022-11-28T20:37:45ZCecylia BocovichUse safelog at the serverWe're already using it at the client, we should use it for the deployed server now that we have that up and running.We're already using it at the client, we should use it for the deployed server now that we have that up and running.Ship Conjure in Alpha versions of Tor BrowserCecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurement/logcollector/-/issues/2Connection Speed Info Collection2023-10-25T15:47:43ZshelikhooConnection Speed Info CollectionCurrently we are not collecting connection speed info, which is required for performance evaluation. We should collect this info.Currently we are not collecting connection speed info, which is required for performance evaluation. We should collect this info.shelikhooshelikhoohttps://gitlab.torproject.org/tpo/network-health/metrics/collector/-/issues/40029Clean up torperf archive and stop archiving "new" data2024-03-21T17:14:43ZGeorg KoppenClean up torperf archive and stop archiving "new" dataTorperf is long gone but we are still archiving "new" data, see: https://metrics.torproject.org/collector/archive/torperf/. We should stop that and remove the "archives" from 2020-06 on (inclusive).Torperf is long gone but we are still archiving "new" data, see: https://metrics.torproject.org/collector/archive/torperf/. We should stop that and remove the "archives" from 2020-06 on (inclusive).HiroHirohttps://gitlab.torproject.org/tpo/tpa/team/-/issues/40806gitlabCI jobs cannot find host gitlab.torproject.org and are failing2022-07-19T18:54:27ZemmapeelgitlabCI jobs cannot find host gitlab.torproject.org and are failingsome jobs, for ex.
https://gitlab.torproject.org/tpo/translation/-/jobs/146229
https://gitlab.torproject.org/tpo/web/manual/-/jobs/146185
https://gitlab.torproject.org/tpo/onion-services/sponsor123-landing-page/-/jobs/146168/
are fai...some jobs, for ex.
https://gitlab.torproject.org/tpo/translation/-/jobs/146229
https://gitlab.torproject.org/tpo/web/manual/-/jobs/146185
https://gitlab.torproject.org/tpo/onion-services/sponsor123-landing-page/-/jobs/146168/
are failing with a message of **Could not resolve host: gitlab.torproject.org**
lavamind has said 'those are the new runners'Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/core/tor/-/issues/40629Allow ignoring of SIGINT2022-06-23T21:13:51ZtlaAllow ignoring of SIGINT### Summary
Add an option (.e.g `--IgnoreSigint 1`) which allows to ignore `SIGINT`.
iOS has a feature which enables apps to keep running in the background for a certain amount of time:
https://developer.apple.com/documentation/uikit/...### Summary
Add an option (.e.g `--IgnoreSigint 1`) which allows to ignore `SIGINT`.
iOS has a feature which enables apps to keep running in the background for a certain amount of time:
https://developer.apple.com/documentation/uikit/uiapplication/1623031-beginbackgroundtask
However, even when we're making use of that, iOS is sending `SIGINT` to the app process, as soon as the user swipes away the app. (Sends it into background.)
Tor is currently hardcoded to stop working, when it receives that `SIGINT`:
https://gitlab.torproject.org/tpo/core/tor/-/blob/main/src/app/main/main.c#L223-228
### What is the expected behavior?
When the mentioned configuration option is set, Tor just ignores the `SIGINT` and continues running, to enable processing in the background.Tor: 0.4.8.x-freezeAlexander Færøyahf@torproject.orgAlexander Færøyahf@torproject.orghttps://gitlab.torproject.org/tpo/web/donate-static/-/issues/80Correct T-shirt names in donate.tpo/CiviCRM2022-11-10T17:09:26ZmattlavCorrect T-shirt names in donate.tpo/CiviCRMI process swag orders by exporting a spreadsheet from CiviCRM's [Perks Fulfillment page](https://crm.torproject.org/perks-fulfillment). Here's what that page looks like:
![perks_fulfillment_screenshot](/uploads/2af5e52ce41bfc62e22f3a18...I process swag orders by exporting a spreadsheet from CiviCRM's [Perks Fulfillment page](https://crm.torproject.org/perks-fulfillment). Here's what that page looks like:
![perks_fulfillment_screenshot](/uploads/2af5e52ce41bfc62e22f3a18aa83c6ff/perks_fulfillment_screenshot.png)
And here's what the exported spreadsheet looks like - no content just column headers:
[perks_fulfillment_export.xls](/uploads/c71333451c2a80215eae91750b7bafb3/perks_fulfillment_export.xls)
An issue with this is that the web form and spreadsheet display five different unavailable and obsolete T-shirts. We only offer donors two at a a time, neither of which are mentioned here, so when I get the swag data export, I have to know which column represents which shirt, and which I can ignore, et cetera.
So. What would be nice would be:
1. Reduce the number of T-shirt categories in this form from 5 to 2
2. Ensure that names are correct - a donor requesting one shirt receives this year's shirt (short name: "Privacy Is..."), a donor requesting two shirts also gets last year's shirt (short name: "WAM"), and that the size options for these shirts remain the same
3. In October, at the beginning of the Year End Campaign, this year's T-shirt will become the second shirt in the two-shirt-pack, and a new shirt will be on offer in its place. Let's make sure that when the campaign begins, we can correctly "rotate" the shirt names and size selection.
4. While we're at it, change the string "Stickers or Mask" on this form to just "Stickers"
THANK YOU in advance, and don't hesitate to ask if I can provide any more guidance
-mhttps://gitlab.torproject.org/tpo/web/community/-/issues/280add information about contacting new relay operators in the requirements2023-04-05T19:00:27Zemmapeeladd information about contacting new relay operators in the requirementsThere was a thread the other day in reddit about tor project wanting to contact a new relay operator that added lots of relays to the network in a very short time.
The whole thread was about why the tor project wanted to do a video call...There was a thread the other day in reddit about tor project wanting to contact a new relay operator that added lots of relays to the network in a very short time.
The whole thread was about why the tor project wanted to do a video call and how bad that was.
We should maybe add some information about this to https://community.torproject.org/relay/relays-requirements/
We can also mention starting an asociation as a good way to preserve the anonimity of individuals, while still keeping certain accountability to benefit the netwrok.
One good phrase about this issue is:
```
Remember that running a relay is an act of transparency
(even though being a Tor user is an act of privacy),
because the way to strengthen trust in relays is by having a stronger community
Be sure to set your ContactInfo to a working email address in case we need to reach you
```
which is part of the sysadmin101 howto gman999 did for the relay operators.GusGushttps://gitlab.torproject.org/tpo/ux/research/-/issues/87Collect and analyze feedback from trainings in EA2022-08-12T18:18:59ZNahCollect and analyze feedback from trainings in EAOrganizations that will be running Tor and digital security trainings are being instructed to collect feedback during their trainings, either using a survey hosted by Tor (for remote trainings) or a printed form (for in person trainings)...Organizations that will be running Tor and digital security trainings are being instructed to collect feedback during their trainings, either using a survey hosted by Tor (for remote trainings) or a printed form (for in person trainings).
After the trainings are done, we will need to gather all user and trainer feedback, compile and report it. This ticket is to track this activity.Sponsor 9 - Phase 6 - Usability and Community Intervention on Support for Democracy and Human RightsNahNahhttps://gitlab.torproject.org/tpo/core/arti/-/issues/500define_list_builder_accessors contrives to hide documentation2022-10-20T21:09:13ZIan Jacksoniwj@torproject.orgdefine_list_builder_accessors contrives to hide documentationBecause `define_list_builder_accessors` is not a derive macro, it does not receive the struct definition. So the docs for the generated accessors are formulaic. That part is kind of OK, but the actual docs for the field end up *only* i...Because `define_list_builder_accessors` is not a derive macro, it does not receive the struct definition. So the docs for the generated accessors are formulaic. That part is kind of OK, but the actual docs for the field end up *only* in the docs for the main struct field. Which is private.
So overall, the docs are hidden.
I think the fix is to move the public docs from the list struct fields to into the macro call. I experimented with this and it seems to work.Arti 1.0.0: Ready for production useIan Jacksoniwj@torproject.orgIan Jacksoniwj@torproject.orghttps://gitlab.torproject.org/tpo/onion-services/onion-support/-/issues/120Create an EOTK Ansible Role2022-10-04T21:13:34ZSilvio RhattoCreate an EOTK Ansible RoleCreate an EOTK Ansible Role that:
* [ ] Clones the EOTK repository.
* [ ] Builds EOTK.
* [ ] Sets up the `sites.conf`.
* [ ] Manages `secrets.d`.
* [ ] Manages `projects.d/sites.d/ssl.d`.
* [ ] Make sure that the instance is running.
* ...Create an EOTK Ansible Role that:
* [ ] Clones the EOTK repository.
* [ ] Builds EOTK.
* [ ] Sets up the `sites.conf`.
* [ ] Manages `secrets.d`.
* [ ] Manages `projects.d/sites.d/ssl.d`.
* [ ] Make sure that the instance is running.
* [ ] Sets up system initialization.Sponsor 123: Tor Secure Access Package for USAGM [First Phase]Silvio RhattoSilvio Rhattohttps://gitlab.torproject.org/tpo/network-health/metrics/collector/-/issues/40028Create a collector component to save data in a database2023-06-15T10:36:05ZHiroCreate a collector component to save data in a databaseAs part of the new metrics pipeline we are testing saving all descriptor data in a DB. We should have a collector module that while parsing descriptors can send data to a DB for storage.
Some previous work on this in: https://gitlab.tor...As part of the new metrics pipeline we are testing saving all descriptor data in a DB. We should have a collector module that while parsing descriptors can send data to a DB for storage.
Some previous work on this in: https://gitlab.torproject.org/hiro/descriptorParserHiroHirohttps://gitlab.torproject.org/tpo/network-health/metrics/website/-/issues/40050Onion service traffic v2 graph should be retired or archived2022-06-13T13:24:08ZHiroOnion service traffic v2 graph should be retired or archivedWe are now showing two different graphs at https://metrics.torproject.org/hidserv-rend-relayed-cells.html one is onion service v3 traffic and the other one is v2. This is nowadays a flat, close to 0, line. I think we should either stop s...We are now showing two different graphs at https://metrics.torproject.org/hidserv-rend-relayed-cells.html one is onion service v3 traffic and the other one is v2. This is nowadays a flat, close to 0, line. I think we should either stop showing v2 traffic or make a new tab where we show v2 traffic separately.https://gitlab.torproject.org/tpo/tpa/team/-/issues/40783Onionoo-backend-02 possible dns issue2022-10-13T13:03:57ZHiroOnionoo-backend-02 possible dns issueWe run a script on the onionoo backends which query https://onionoo.torproject.org every 5 minutes and aggregate and collect some network metrics. On occasion on onionoo-backend-02 I get a name resolution error that disappears on its own...We run a script on the onionoo backends which query https://onionoo.torproject.org every 5 minutes and aggregate and collect some network metrics. On occasion on onionoo-backend-02 I get a name resolution error that disappears on its own:
```
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 169, in _new_conn
conn = connection.create_connection(
File "/usr/lib/python3/dist-packages/urllib3/util/connection.py", line 73, in create_connection
for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM):
File "/usr/lib/python3.9/socket.py", line 953, in getaddrinfo
for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
socket.gaierror: [Errno -3] Temporary failure in name resolution
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 699, in urlopen
httplib_response = self._make_request(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 382, in _make_request
self._validate_conn(conn)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 1012, in _validate_conn
conn.connect()
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 353, in connect
conn = self._new_conn()
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 181, in _new_conn
raise NewConnectionError(
urllib3.exceptions.NewConnectionError: <urllib3.connection.HTTPSConnection object at 0x7f81e6eb3eb0>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 439, in send
resp = conn.urlopen(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 755, in urlopen
retries = retries.increment(
File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 574, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='onionoo.torproject.org', port=443): Max retries exceeded with url: /details (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f81e6eb3eb0>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/srv/onionoo.torproject.org/onionoo/monitoring/network/onionoo", line 11, in <module>
details = json.loads(requests.get("https://onionoo.torproject.org/details").text)
File "/usr/lib/python3/dist-packages/requests/api.py", line 76, in get
return request('get', url, params=params, **kwargs)
File "/usr/lib/python3/dist-packages/requests/api.py", line 61, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 542, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 655, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 516, in send
raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='onionoo.torproject.org', port=443): Max retries exceeded with url: /details (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f81e6eb3eb0>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution'))
```
As you see in the stack trace the error is specifically: "Temporary failure in name resolution". This has been happening sporadically in the last few weeks.
cc: @gkanarcatanarcathttps://gitlab.torproject.org/tpo/network-health/exitmap/-/issues/41Allow specifying a target host/website per command line2023-12-05T11:08:05ZGeorg KoppenAllow specifying a target host/website per command lineWe are used to hardcode destinations which `exitmap` is supposed to check but it would be useful to have the option to pass target hosts/websites per command line instead. We could think about allowing host:port changes of destinations o...We are used to hardcode destinations which `exitmap` is supposed to check but it would be useful to have the option to pass target hosts/websites per command line instead. We could think about allowing host:port changes of destinations or maybe just host changes at first.Corl3ssCorl3ss