The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2024-03-27T21:47:27Zhttps://gitlab.torproject.org/tpo/onion-services/oniongroove/-/issues/5Vendorize Onion MkDocs2024-03-27T21:47:27ZSilvio RhattoVendorize Onion MkDocsVendorize [Onion MkDocs](https://gitlab.torproject.org/rhatto/onion-mkdocs), so it's easier to retrieve updates.Vendorize [Onion MkDocs](https://gitlab.torproject.org/rhatto/onion-mkdocs), so it's easier to retrieve updates.Oniongroove 0.1.0Silvio RhattoSilvio Rhatto2024-05-16https://gitlab.torproject.org/tpo/onion-services/onionspray/-/issues/44Example configuration with Onionspray defaults2024-03-13T12:01:53ZSilvio RhattoExample configuration with Onionspray defaults# Description
It would be helpful for users if a canonical example configuration file had all/only Onionspray defaults.
# Tasks
* [ ] Create a `default.tconf` with just the default configuration, and
explanatory comments. Explai...# Description
It would be helpful for users if a canonical example configuration file had all/only Onionspray defaults.
# Tasks
* [ ] Create a `default.tconf` with just the default configuration, and
explanatory comments. Explain in the `example.tconf` that it's an example
that does not necessariliy has the default paramters. Or just rename
the `example.tconf` to `default.tconf`. Or something like that.
* [ ] Update the documentation accordingly.
# Time estimation
* Complexity: negligible (0.1 day)
* Uncertainty: low (x1.1)
* [Reference](https://jacobian.org/2021/may/25/my-estimation-technique/) (adapted)Onionspray 1.7.0https://gitlab.torproject.org/tpo/onion-services/onionspray/-/issues/37Documentation macros2024-02-29T19:10:44ZSilvio RhattoDocumentation macros# Tasks
* [ ] Setup the [MkDocs Macros plugin].
* [ ] Create macros to reuse some content (like the installation example using Debian bookworm).
[MkDocs Macros plugin]: https://mkdocs-macros-plugin.readthedocs.io/en/latest/
# Time est...# Tasks
* [ ] Setup the [MkDocs Macros plugin].
* [ ] Create macros to reuse some content (like the installation example using Debian bookworm).
[MkDocs Macros plugin]: https://mkdocs-macros-plugin.readthedocs.io/en/latest/
# Time estimation
* Complexity: negligible (0.1 day)
* Uncertainty: low (x1.1)
* [Reference](https://jacobian.org/2021/may/25/my-estimation-technique/) (adapted)Onionspray 1.7.0Silvio RhattoSilvio Rhatto2024-06-27https://gitlab.torproject.org/tpo/onion-services/onionspray/-/issues/36Documentation: terminology2024-02-29T19:10:44ZSilvio RhattoDocumentation: terminology# Tasks
* [x] Create a quick introductory terminology on the Onionspray elements: repository, installation, server, project, site etc.
* [ ] Review the documentation to make sure it's consistent with the terminology.
# Time estimation
...# Tasks
* [x] Create a quick introductory terminology on the Onionspray elements: repository, installation, server, project, site etc.
* [ ] Review the documentation to make sure it's consistent with the terminology.
# Time estimation
* Complexity: negligible (0.1 day)
* Uncertainty: low (x1.1)
* [Reference](https://jacobian.org/2021/may/25/my-estimation-technique/) (adapted)Onionspray 1.7.0Silvio RhattoSilvio Rhatto2024-06-27https://gitlab.torproject.org/tpo/ux/team/-/issues/89Project idea: Write a user research handbook2024-01-29T19:09:34ZdonutsProject idea: Write a user research handbookOnboarding partners who have little to no experience conducting user research simply isn't possible in a single session, and the existing material we have on the [community portal](https://community.torproject.org/user-research/guideline...Onboarding partners who have little to no experience conducting user research simply isn't possible in a single session, and the existing material we have on the [community portal](https://community.torproject.org/user-research/guidelines/) isn't sufficient either. Instead, I'd like to create a longer version of this content called the user research handbook, with graphic support provided by our designers, including topics like:
- Our methodology (i.e. the processes we follow)
- Research methods (i.e. the types of research we employ)
- Best practices (previously dubbed the privacy playbook)
- Assessing risk (i.e. our risk assessment procedure)
- Recruitment
- Reporting
This content may then be hosted on the future design-dot website (see [UX / milestone#17](https://gitlab.torproject.org/groups/tpo/ux/-/milestones/17)).Sponsor 9 - Phase 7 - Usability and Community Intervention on Support for Democracy and Human Rightshttps://gitlab.torproject.org/tpo/core/arti/-/issues/399Improve documentation and examples in `arti-client`2023-03-28T21:11:07ZNick MathewsonImprove documentation and examples in `arti-client`*(This is a placeholder ticket, made so that people can find it when they search for things to do under the ~"First Contribution" label.)*
Try to write a program using `arti`. (The interface in the `arti-client` crate is the place to s...*(This is a placeholder ticket, made so that people can find it when they search for things to do under the ~"First Contribution" label.)*
Try to write a program using `arti`. (The interface in the `arti-client` crate is the place to start.)
As you do this, you'll probably find that the documentation didn't explain something you wanted to know, or didn't explain it very well. After you figure out the issue (either by asking us, or reading the code), why not contribute a patch to improve the documentation?
----
Also, it's a good convention for all Rust code to have rustdoc examples for how to use it. These examples can be at the function level, the module level, or the type level. Right now, a lot of our crates are missing those. (`arti-client` is most important, but examples everywhere are welcome.)
When writing examples, please make sure that the example actually shows people how they would would _want_ to use the code, and what happens when they do.Arti: Feature parity with the C implementationhttps://gitlab.torproject.org/tpo/tpa/team/-/issues/40960Document our privacy-preserving webserver log setup for the world2024-03-11T21:39:34ZRoger DingledineDocument our privacy-preserving webserver log setup for the worldWe use a novel log format for our webservers, which makes sure we don't collect the IP addresses of our visitors, and doesn't record the precise timestamp of the visits, yet still produces a format compatible with various log parsing too...We use a novel log format for our webservers, which makes sure we don't collect the IP addresses of our visitors, and doesn't record the precise timestamp of the visits, yet still produces a format compatible with various log parsing tools.
Everybody in the world should be doing this.
We should document what we do and how and why, and tell the world so everybody else can do it too.
Apparently Debian uses the same approach we do, so we have some adoption already, but much more remains!
See
http://seclists.org/nmap-announce/2004/16
for some of our original motivation.
And see
http://lists.spi-inc.org/pipermail/spi-general/2016-December/003645.html
for a summary of what we do currently.
We should also invite/encourage people to find bugs in our set-up. It can always get better!
And lastly, a blog post like this will be really useful to point to when we start doing analysis and graphs and metrics and stuff.https://gitlab.torproject.org/tpo/tpa/team/-/issues/40421enhance incident response procedures2024-02-13T16:04:39Zanarcatenhance incident response procedurestoday we had an ... interesting situation with the puppet infrastructure. while we have actually recovered pretty well, all things considered, it would be important to enhance our response to such situation so that they are less stressfu...today we had an ... interesting situation with the puppet infrastructure. while we have actually recovered pretty well, all things considered, it would be important to enhance our response to such situation so that they are less stressful and why not, even more "fun", if i can be so daring.
some background reading:
* [Got game? Secrets of great incident management](https://bitfieldconsulting.com/blog/got-game-secrets-of-great-incident-management)
* [pager duty incident response documentation](https://response.pagerduty.com/)
some ideas:
* have an issue template for incidents (so, in git, which requires a git repository here, but maybe it's finally time to merge the wiki repo here anyways), available offline
* run simulations/games
* have post-mortem templates, here's the [pager duty template](https://response.pagerduty.com/after/post_mortem_template/)
* gitlab has some [incident management primitives](https://docs.gitlab.com/ee/operations/incident_management/) including aforementioned "[incidents](https://docs.gitlab.com/ee/operations/incident_management/incidents.html)" (which are really just issues)...
* ... but also [integrations](https://docs.gitlab.com/ee/operations/incident_management/integrations.html) which is especially interesting considering they have *native* Prometheus integration, which might require switching from nagios to prometheus (#29864)
anyways, the core idea here is:
1. have incident roles (note-taker, driver, comms, etc)
2. incident and post-mortem templates
3. run gameshttps://gitlab.torproject.org/tpo/tpa/team/-/issues/33733How do home directories work?2021-09-15T18:41:58ZirlHow do home directories work?There seems to be little consistency here, which isn't what I expect from an orchestrated process, so I'm maybe missing something.
Each service has a directory in /srv/{service}.torproject.org/ and then sometimes there is a home directo...There seems to be little consistency here, which isn't what I expect from an orchestrated process, so I'm maybe missing something.
Each service has a directory in /srv/{service}.torproject.org/ and then sometimes there is a home directory, which is sometimes linked in some way to /home/{service}. When there are multiple users for a service, they can share the same /srv directory but then have inconsistent naming of home directories.
Is there some documentation I can read to make sense of this?
Context: I'm putting together our Ansible roles (legacy/trac#33715) that should replicate what TPA will give us when we move things to a TPA host after we're convinced it's ready for deployment and we know what the specs will be, but I'm having trouble generalising even from just the Onionoo and Exit Scanner setups.
I'd like to be able to set some variables, like what usernames exist, what groups exist, and what paths will exist and should be used for stuff, and then let this role set that up. The service specific (e.g. Onionoo or Exit Scanner) roles will then run equally on our AWS dev instances and the production TPA instance.anarcatanarcathttps://gitlab.torproject.org/tpo/web/manual/-/issues/158Update instructions about using built-in bridges in Tor Browser2024-03-26T12:58:53Zebanamebanam@torproject.orgUpdate instructions about using built-in bridges in Tor Browserhttps://tb-manual.torproject.org/circumvention/
The UX has changed a bit. Let's review and update this section about using built-in bridges with Tor Browser.
> USING PLUGGABLE TRANSPORTS
>
> To use a pluggable transport, click "Configu...https://tb-manual.torproject.org/circumvention/
The UX has changed a bit. Let's review and update this section about using built-in bridges with Tor Browser.
> USING PLUGGABLE TRANSPORTS
>
> To use a pluggable transport, click "Configure Connection" when starting Tor Browser for the first time. Under the "Bridges" section, locate the option "Choose from one of Tor Browser's built-in bridges" and click on "Select a Built-In Bridge" option. From the menu, select whichever pluggable transport you'd like to use.
>
> Once you've selected the pluggable transport, scroll up and click "Connect" to save your settings.
>
> Or, if you have Tor Browser running, click on "Settings" in the hamburger menu (≡) and then on "Connection" in the sidebar. Under the "Bridges" section, locate the option "Choose from one of Tor Browser's built-in bridges" and click on "Select a Built-In Bridge" option. Choose whichever pluggable transport you'd like to use from the menu. Your settings will automatically be saved once you close the tab.
/cc @nina @emmapeelebanamebanam@torproject.orgebanamebanam@torproject.orghttps://gitlab.torproject.org/tpo/web/support/-/issues/358Add Letterboxing to the glossary2024-03-25T15:27:33ZemmapeelAdd Letterboxing to the glossaryWe need to add Letterboxing to the glossary, as it is a new term that we use on the documentation.We need to add Letterboxing to the glossary, as it is a new term that we use on the documentation.ebanamebanam@torproject.orgebanamebanam@torproject.orghttps://gitlab.torproject.org/tpo/web/manual/-/issues/157Add entry about letterboxing (about:manual#letterboxing)2024-03-12T20:36:03Zma1Add entry about letterboxing (about:manual#letterboxing)We're implementing a `Learn more` link in the new user-facing letteboxing preferences (tpo/applications/tor-browser#41916) and we need some content to be referenced by about:manual#letterboxing :)
@donuts' [comment](https://gitlab.torp...We're implementing a `Learn more` link in the new user-facing letteboxing preferences (tpo/applications/tor-browser#41916) and we need some content to be referenced by about:manual#letterboxing :)
@donuts' [comment](https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/32324#note_2876483):
> It's on support-dot, but possibly not the manual?
> https://support.torproject.org/tbb/maximized-torbrowser-window/ebanamebanam@torproject.orgebanamebanam@torproject.orghttps://gitlab.torproject.org/tpo/onion-services/ecosystem/-/issues/6README update with maintenance instructions2024-02-29T12:45:41ZSilvio RhattoREADME update with maintenance instructions# Tasks
* [ ] Add into the [README](README.md):
* [ ] Onion Services doc conventions, including:
* Use the navigation format from the [mkdocs-awesome-pages-plugin][].
* Have `README.md` or `index.md` listed as the "Intro" page...# Tasks
* [ ] Add into the [README](README.md):
* [ ] Onion Services doc conventions, including:
* Use the navigation format from the [mkdocs-awesome-pages-plugin][].
* Have `README.md` or `index.md` listed as the "Intro" page.
* Have a link to the repository in the README/index page.
* [ ] How to contribute with new docs:
* Open an issue request or pull request for an evaluation/integration.
* [ ] How to integrate your existing docs:
* Need to be Onion Service related.
* Setup Onion MkDocs.
* Adopt the Onion Services doc conventions.
* Adhere to the Community Team docs guidelines.
* Open an issue request or pull request for an evaluation/integration.
[mkdocs-awesome-pages-plugin]: https://github.com/lukasgeiter/mkdocs-awesome-pages-plugin
# Time estimation
* Complexity: very small (0.5 day)
* Uncertainty: low (x1.1)
* [Reference](https://jacobian.org/2021/may/25/my-estimation-technique/) (adapted)https://gitlab.torproject.org/tpo/onion-services/ecosystem/-/issues/5Slides generation2024-02-27T18:58:24ZSilvio RhattoSlides generation# Description
Some projects have [Onion TeX Slim][]-generated slides that could be built as part of this repository CI/CD.
[Onion TeX Slim]: https://gitlab.torproject.org/tpo/community/onion-tex-slim
# Tasks
* [ ] Create a convention...# Description
Some projects have [Onion TeX Slim][]-generated slides that could be built as part of this repository CI/CD.
[Onion TeX Slim]: https://gitlab.torproject.org/tpo/community/onion-tex-slim
# Tasks
* [ ] Create a convention for [Onion TeX Slim][] slides among Onion Service documentation (folder location etc).
* [ ] Implement a CI/CD action to generate all slides, including then in the generated documentation.
# Time estimation
* Complexity: small (1 day)
* Uncertainty: low (x1.1)
* [Reference](https://jacobian.org/2021/may/25/my-estimation-technique/) (adapted)https://gitlab.torproject.org/tpo/web/snowflake/-/issues/9unify volunteer instructions from support entry onto snowflake website2024-02-27T14:24:07ZRoger Dingledineunify volunteer instructions from support entry onto snowflake websiteWe have this support entry: <br>
https://support.torproject.org/censorship/how-to-help-running-snowflake/
which tells people to install the Firefox or Chrome extension, or load the embed in a page. It doesn't mention the Edge extension ...We have this support entry: <br>
https://support.torproject.org/censorship/how-to-help-running-snowflake/
which tells people to install the Firefox or Chrome extension, or load the embed in a page. It doesn't mention the Edge extension or the standalone proxy.
Rather than trying to keep both sets of instructions in sync, I think we should put the instructions on the snowflake.torproject.org page, and point to them from a much slimmer support entry.
To achieve this goal, there are currently two things that the support entry says that the snowflake.torproject.org website does not:
* You need to enable WebRTC in your browser, to usefully run the extension or to usefully load the embed. (If we could reliably have the extension or the embed page report that your WebRTC is missing and you need to fix that, then we could get away with not saying it on the webpage. So, feel free to do that instead if it is easier, but I am suspecting it is not easier. :)
* "Due to censorship of VPN servers in some countries, we kindly ask you to not run a snowflake proxy while connected to a VPN" as advised by @cohosh at https://forum.torproject.org/t/running-a-snowflake-proxy-behind-a-vpn-consequences-for-tor-users/2047/4 and then recorded by gus at https://gitlab.torproject.org/tpo/web/support/-/issues/296. Feel free also to change your mind about the "not on a VPN please" advice.
Once we have these two items either make their way onto the snowflake.torproject.org proxy instructions or have you tell us you don't intend to, then we should be all ready to remove the (redundant, already not as correct) text from the support entry.
Thanks!https://gitlab.torproject.org/tpo/onion-services/ecosystem/-/issues/2Add Onionbalance documentation2024-03-27T21:34:58ZSilvio RhattoAdd Onionbalance documentation# Tasks
* [ ] Add the Onionbalance documentation once it's [converted to Onion MkDocs][].
[converted to Onion MkDocs]: tpo/onion-services/onionbalance#28
# Time estimation
* Complexity: negligible (0.1 day)
* Uncertainty: low (x1.1)
...# Tasks
* [ ] Add the Onionbalance documentation once it's [converted to Onion MkDocs][].
[converted to Onion MkDocs]: tpo/onion-services/onionbalance#28
# Time estimation
* Complexity: negligible (0.1 day)
* Uncertainty: low (x1.1)
* [Reference](https://jacobian.org/2021/may/25/my-estimation-technique/) (adapted)Silvio RhattoSilvio Rhatto2024-07-01https://gitlab.torproject.org/tpo/onion-services/ecosystem/-/issues/1Hosting location for the Onion Services Ecosystem Documentation2024-03-27T22:03:23ZSilvio RhattoHosting location for the Onion Services Ecosystem Documentation# Motivation
As mentioned in the [previous issue][] about getting domains for some Onion Services projects, we're looking for
* Shorter URLs for some Onion Services related projects, pointing to their GitLab Pages.
* Aggregate Onion Se...# Motivation
As mentioned in the [previous issue][] about getting domains for some Onion Services projects, we're looking for
* Shorter URLs for some Onion Services related projects, pointing to their GitLab Pages.
* Aggregate Onion Services documentation in a single, searchable place.
That made us create the [Onion Services Ecosystem Documentation][], but it still has a not very friendly URL.
[previous issue]: tpo/onion-services/onion-support#202
[Onion Services Ecosystem Documentation]: https://tpo.pages.torproject.net/onion-services/ecosystem
# Tasks
* [x] Organization:
* [x] Ping some people to get feedback (ahf, gaba, micah?).
* [x] Determine a better canonical URL location for the [Onion Services Ecosystem Documentation][]:
* [x] Project/repository name: `tpo/onion-services/ecosystem`.
* [x] Canonical URL: `https://community.torproject.org/onion-services/ecosystem`.
* [x] Rename the project from `portal` to `ecosystem`.
* [ ] Implementation:
* [x] Proceed with the CI/deployment changes to make the [Onion Services Ecosystem Documentation][] accessible through the new URL:
* [~] Update CI config to use the [static shim][] deploying to the [static component]. No need, since we'll use the existing deployment from `tpo/web/community`.
* [x] Update CI config to use a setup [similiar to the Community Policies][] (tpo/onion-services/ecosystem!6).
* [x] Update [web/community CI config](https://gitlab.torproject.org/tpo/web/community/-/blob/main/.gitlab-ci.yml) to include the Ecosystem Docs (tpo/web/community!349).
* [~] [Ask TPA](https://gitlab.torproject.org/tpo/tpa/team/-/issues/new) to help with setting up this deployment. No need, since we'll use the existing deployment from `tpo/web/community`.
* [x] Update references in Onion Services projects, pointing to the new official/canonical documentation location (like on `README.md` files etc).
* [ ] Once the portal is deployed, updated the "Onionize any website" link in
the Community Portal, pointing to the official Onionspray documentation
URL within the Onion Services Ecosystem Portal (tpo/web/community#337).
* [ ] Link the [Onion Services Ecosystem Documentation] in the [Onion Services section of the Community Portal](https://community.torproject.org/onion-services/).
* [ ] Add banner in the community portal, at the [Onion Services page](https://community.torproject.org/onion-services/).
* [ ] Figure out [an update workflow](https://gitlab.torproject.org/tpo/onion-services/ecosystem/-/issues/1#note_3010677).
* [~] Bonus:
* [~] Consider to release the portal as part of the [Onion Services 20th Years Anniversary (2024 edition)](https://gitlab.torproject.org/tpo/onion-services/onionplan/-/issues/14#note_2933136).
* [~] Onion Services endpoint and Onion-Location set (if not already available). This will be available already when the docs are available through `community.torproject.org`.
[static shim]: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/static-shim
[static component]: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/static-component
[similiar to the Community Policies]: https://gitlab.torproject.org/tpo/community/policies/-/blob/main/.gitlab-ci.yml
# Time estimation
* Complexity: small (1 day)
* Uncertainty: low (x1.1)
* [Reference](https://jacobian.org/2021/may/25/my-estimation-technique/) (adapted)
/cc @gusSilvio RhattoSilvio Rhatto2024-06-17https://gitlab.torproject.org/tpo/onion-services/onionbalance/-/issues/30Create a development/release workflow2024-02-20T18:00:43ZSilvio RhattoCreate a development/release workflowCreate a development and release workflow, including sending a message to the `tor-announce` mailing list.
Existing workflows that can be used as a base:
* [Development - Onionprobe](https://tpo.pages.torproject.net/onion-services/onio...Create a development and release workflow, including sending a message to the `tor-announce` mailing list.
Existing workflows that can be used as a base:
* [Development - Onionprobe](https://tpo.pages.torproject.net/onion-services/onionprobe/development/)
* [Development workflow - Onionspray](https://tpo.pages.torproject.net/onion-services/onionspray/guides/development/)Onionbalance 0.2.3https://gitlab.torproject.org/tpo/onion-services/onionbalance/-/issues/29Document about multiple MasterOnionAddress entries2024-02-20T17:58:20ZSilvio RhattoDocument about multiple MasterOnionAddress entriesDocument that multiple `MasterOnionAddress` lines are supported in the
`ob_config` file, so each backend service can work for multiple frontend
addresses.Document that multiple `MasterOnionAddress` lines are supported in the
`ob_config` file, so each backend service can work for multiple frontend
addresses.Onionbalance 0.2.3https://gitlab.torproject.org/tpo/onion-services/onionbalance/-/issues/28Migrate Onionbalance documentation to Onion MkDocs2024-02-22T22:19:20ZSilvio RhattoMigrate Onionbalance documentation to Onion MkDocsMigrate Onionbalance documentation from [Sphinx](https://www.sphinx-doc.org) to [Onion MkDocs][].
[Onion Mkdocs]: https://gitlab.torproject.org/tpo/web/onion-mkdocs/Migrate Onionbalance documentation from [Sphinx](https://www.sphinx-doc.org) to [Onion MkDocs][].
[Onion Mkdocs]: https://gitlab.torproject.org/tpo/web/onion-mkdocs/Onionbalance 0.2.3