The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2024-02-15T16:17:15Zhttps://gitlab.torproject.org/tpo/community/l10n/-/issues/40130Fix OnionShare weblate-git setup2024-02-15T16:17:15ZemmapeelFix OnionShare weblate-git setupWeblate has improved their merge requests since we setup the onionshare repository, and we can use github merge requests now.
We can fix the setup because it runs into conflicts pretty often.
https://hosted.weblate.org/settings/onionsh...Weblate has improved their merge requests since we setup the onionshare repository, and we can use github merge requests now.
We can fix the setup because it runs into conflicts pretty often.
https://hosted.weblate.org/settings/onionshare/translations/emmapeelemmapeelhttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41498Create an RT account for Tyler2024-01-24T20:25:22ZKezCreate an RT account for TylerTyler (tyler@torproject.org) needs an RT account as part of #41496Tyler (tyler@torproject.org) needs an RT account as part of #41496https://gitlab.torproject.org/tpo/web/donate-neo/-/issues/16Static assets not loading on donate-review review apps2024-01-24T19:30:49ZKezStatic assets not loading on donate-review review appsReview apps for this repo aren't loading static assets.
The review app deployment for !21 is unable to load the following assets for (according to firefox dev tools) "corrupted content":
```
https://design-implementation.donate-review....Review apps for this repo aren't loading static assets.
The review app deployment for !21 is unable to load the following assets for (according to firefox dev tools) "corrupted content":
```
https://design-implementation.donate-review.torproject.net/static/css/bootstrap.css
https://design-implementation.donate-review.torproject.net/static/icons/Phosphor.css
https://design-implementation.donate-review.torproject.net/static/css/main.css
https://design-implementation.donate-review.torproject.net/static/images/fpo/forever-hoodie.png
https://design-implementation.donate-review.torproject.net/static/js/jquery-3.7.1.min.js
https://design-implementation.donate-review.torproject.net/static/js/jquery.matchHeight-min.js
https://design-implementation.donate-review.torproject.net/static/js/lokijs.min.js
https://design-implementation.donate-review.torproject.net/static/js/script.min.js
```
HTTP 502:
```
https://design-implementation.donate-review.torproject.net/captcha/image/e1c7f7b94dfec3f46b53b78620e7fe5f12865918/
https://design-implementation.donate-review.torproject.net/static/images/fpo/stickerpack-1.png
https://design-implementation.donate-review.torproject.net/static/images/fpo/yec-tee-web.png
https://design-implementation.donate-review.torproject.net/static/images/fpo/yec-combo-tee-web.png
https://design-implementation.donate-review.torproject.net/static/images/fpo/forever-hoodie.png
```
I think the corrupted content is due to missing Content-Type headers, but I'm not sure what's causing the 502 problems. I'll look through logs and see if I can figure it out.https://gitlab.torproject.org/tpo/tpa/team/-/issues/41494Make Stephen a maintainer of donate-neo2024-03-05T19:45:08ZKezMake Stephen a maintainer of donate-neoCurrently, @stephen requires a donate-neo maintainer or a gitlab admin to run donate-review CI jobs. This is really inefficient and creates needless extra work for everyone. I'd like to make stephen a maintainer of the donate-neo repo so...Currently, @stephen requires a donate-neo maintainer or a gitlab admin to run donate-review CI jobs. This is really inefficient and creates needless extra work for everyone. I'd like to make stephen a maintainer of the donate-neo repo so he can trigger the review app deployment job without needing to ask someone else to do it.
Making him a maintainer will give him access to the `CI_PROJECT_ACCESS_TOKEN` CI secret, as well as indirect unprivileged code-execution on donate-review-01 as the gitlab-runner user (the CI script isn't sandboxed). I don't think either of these are actually issues, but I want to run it by someone else first in case there's something I haven't considered.
@gaba or @anarcat Do you have any thoughts or concerns about giving stephen maintainer privileges in that repo?anarcatanarcathttps://gitlab.torproject.org/tpo/web/tpo/-/issues/403Adding Wasabi to Sponsors Page2024-01-30T17:40:29ZBekeela DavilaAdding Wasabi to Sponsors PagePlease update the sponsors page https://www.torproject.org/about/sponsors/ to have a new entry for wasabi. I've attached the file with the sponsor info.[wasabi_sponsors_page.txt](/uploads/899ff86967d24353bff68f67d548e037/wasabi_sponsors_...Please update the sponsors page https://www.torproject.org/about/sponsors/ to have a new entry for wasabi. I've attached the file with the sponsor info.[wasabi_sponsors_page.txt](/uploads/899ff86967d24353bff68f67d548e037/wasabi_sponsors_page.txt)
The logo is here: https://gitlab.torproject.org/bekeela/tpo/-/blob/master/assets/static/images/sponsors/wasabi_logo.png
Thank you!https://gitlab.torproject.org/tpo/tpa/team/-/issues/41491donate-neo's CI-published staging environment is breaking2024-01-23T20:17:02Zstephendonate-neo's CI-published staging environment is breakingAs part of [/tpo/web/donate-static/-/issues/111](https://gitlab.torproject.org/tpo/web/donate-static/-/issues/111), I've submitted [this MR](https://gitlab.torproject.org/tpo/web/donate-neo/-/merge_requests/21). Thanks to [some handy CI ...As part of [/tpo/web/donate-static/-/issues/111](https://gitlab.torproject.org/tpo/web/donate-static/-/issues/111), I've submitted [this MR](https://gitlab.torproject.org/tpo/web/donate-neo/-/merge_requests/21). Thanks to [some handy CI scripting](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/donate-review), contents of that MR have been staged at https://design-implementation.donate-review.torproject.net/. There's some need for this method of generating a staging site right now, as work on this project needs to be reviewed and the design implementation QAed. However, it looks like something's going wrong with the staging process and a great number of Django errors are being displayed instead.https://gitlab.torproject.org/tpo/tpa/team/-/issues/41488Please add micah to grants@2024-01-23T14:26:24Zmicahmicah@torproject.orgPlease add micah to grants@Please add micah@torproject.org to the grants alias, thank you!Please add micah@torproject.org to the grants alias, thank you!Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/community/relays/-/issues/85Update Swiss Privacy Foundation in Relay Associations2024-01-23T17:37:15ZGusUpdate Swiss Privacy Foundation in Relay AssociationsDigitale Gesellschaft asked to update Swiss Privacy Foundation information on relay associations page:
https://community.torproject.org/relay/community-resources/relay-associations/
```
Die Swiss Privacy Foundation fusioniert mit der D...Digitale Gesellschaft asked to update Swiss Privacy Foundation information on relay associations page:
https://community.torproject.org/relay/community-resources/relay-associations/
```
Die Swiss Privacy Foundation fusioniert mit der Digitalen Gesellschaft
Vor sechs Jahren wurde die Swiss Privacy Foundation gegründet, um Tor-Server auch in und aus der Schweiz anbieten zu können. Über dreissig mal haben seither auch die Workshops aus der Reihe Digitales Aikido stattgefunden. Wir haben entsprechende Anleitungen zur digitalen Selbstverteidigung online gestellt und ein Tool zur Logfileanonymisierung veröffentlicht.
Aus einer Initiative der Swiss Privacy Foundation und in Zusammenarbeit mit verschiedenen weiteren Organisationen ist bereits 2011 die Digitale Gesellschaft entstanden. Die Austausch-Plattform hat sich seither kontinuierlich weiterentwickelt. Bereits im letzten Jahr haben die Vereinsversammlung der Swiss Privacy Foundation und der sich in Gründung befindende Verein Digitale Gesellschaft beschlossen, ihre Aktivitäten zukünftig zusammenzulegen. Ende 2015 wurde der Verein gegründet, welcher nun im März 2016 als gemeinnützig anerkannt worden ist.
Die neue NGO versteht sich als eine Bürgerrechts- und Konsumentenschutzorganisation. Das Ziel ist der Erhalt und die Förderung einer freien, offenen und nachhaltigen digitalen Gesellschaftauf dem Hintergrund der Persönlichkeits- und Menschenrechte. Die Tätigkeit umfasst auch weiterhin das Anbieten von Diensten, Software-Projekten und Workshops zur digitalen Selbstverteidigung. Wie die Swiss Privacy Foundation wird sie sich also auch (weiterhin) den praktischen Aspekten des Datenschutzes widmen.
Nach und nach werden die Aktivitäten der Swiss Privacy Foundation nun überführt. Bei den Tor-Servern ist dies weitgehend intern bereits geschehen. Das Ziel, 5-10 Prozent des globalen Exit-Node-Traffic zu stemmen, bleibt bestehen.
Wir freuen uns sehr auf die neue Zusammenarbeit. Wer den Verein Digitale Gesellschaft unterstützen möchte, stehen weitere Informationen und ein Kontaktformular zur Verfügung.
https://www.privacyfoundation.ch/de/aktuelles/die-swiss-privacy-foundation-fusioniert-mit-der-digitalen-gesellschaft.html
```GusGushttps://gitlab.torproject.org/tpo/network-health/metrics/relay-search/-/issues/40024Many older relays seem suddenly less than 2 weeks old...2024-02-26T16:39:35ZerMany older relays seem suddenly less than 2 weeks old...Just discovered, that my at least 8+ years old (since 2015-04-15 23:00:00) relay is labeled as "This relay appears to be less than 2 weeks old" in https://metrics.torproject.org/rs.html
Clicked thru few of these relays, same story with ...Just discovered, that my at least 8+ years old (since 2015-04-15 23:00:00) relay is labeled as "This relay appears to be less than 2 weeks old" in https://metrics.torproject.org/rs.html
Clicked thru few of these relays, same story with all of them. Some show last-restart date that is older than first-seen date...HiroHirohttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41486Tor theme for LimeSurvey2024-02-01T22:42:52ZsajolidaTor theme for LimeSurveyAs part of tpo/ux/research#130, I created a Tor theme for LimeSurvey that has a Tor color scheme and prints better on paper.
You can see the theme in action on https://survey.potager.org/index.php/457772.
I stored it in a Git repositor...As part of tpo/ux/research#130, I created a Tor theme for LimeSurvey that has a Tor color scheme and prints better on paper.
You can see the theme in action on https://survey.potager.org/index.php/457772.
I stored it in a Git repository for now: https://gitlab.com/sajolida/fruity-twentythree-tor.
I'm wondering what's the best way of deploying it, also keeping future maintenance in mind.
LimeSurvey has a fancy theme editor that allows editing the CSS from a web interface:
![image](/uploads/d60aee1163b46772c6477e8d78e5104d/image.png)
This should be enough for future tweaks.
But I think that the first deployment needs a full clone of the Git repo (or copy of its files) because I'm also uploading fonts, adding more CSS files (`theme_tor.css`), and editing the config.yml, which is not available from the theme editor.
Also, right now my LimeSurvey account doesn't seem to have access to the theme editor. I don't really mind because I already have a prototyping setup to continue working on the theme, but then sysadmins would have to synchronize your LimeSurvey with my Git repo from time to time. This would also prevent breaking live surveys when doing experiments on the theme.
On the long term, maybe Tor could host this Git repo and automatically sync LimeSurvey in production whenever it's main branch is updated.
Cc: @donutsJérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41481Add bella to grants alias2024-01-19T16:20:49ZGabagaba@torproject.orgAdd bella to grants aliasPlease add bella@torproject.org to the grants alias.
ThanksPlease add bella@torproject.org to the grants alias.
Thankshttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41479Renew self-signed LDAP TLS certificate for db.torproject.org2024-01-19T16:07:14ZKezRenew self-signed LDAP TLS certificate for db.torproject.orgWe renewed the LDAP TLS cert a year ago in #40599. It's that time of year again, and the LDAP TLS cert needs to be renewed.We renewed the LDAP TLS cert a year ago in #40599. It's that time of year again, and the LDAP TLS cert needs to be renewed.https://gitlab.torproject.org/tpo/network-health/metrics/networkstatusapi/-/issues/19Field `bridges_truncated` could not appear in some responses2024-02-05T21:44:13ZMattia RighettiField `bridges_truncated` could not appear in some responsesi.e for the `/weights` endpoint we don't have any value for bridges so onionoo does not return any value for `bridges_skipped` and `bridges_truncated`.i.e for the `/weights` endpoint we don't have any value for bridges so onionoo does not return any value for `bridges_skipped` and `bridges_truncated`.Mattia RighettiMattia Righettihttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41477btcpayserver-02 is using 90% of its swap2024-01-17T21:00:59ZKezbtcpayserver-02 is using 90% of its swapNagios is reporting an alert on btcpayserver-02: `SWAP CRITICAL - 9% free (180MB out of 2047MB)`. I've checked the server, it's only using 3G of its 7.76G of available memory. The most memory intensive process is bitcoind at 14%. I'll st...Nagios is reporting an alert on btcpayserver-02: `SWAP CRITICAL - 9% free (180MB out of 2047MB)`. I've checked the server, it's only using 3G of its 7.76G of available memory. The most memory intensive process is bitcoind at 14%. I'll start looking to see what's eating the swap space.https://gitlab.torproject.org/tpo/tpa/team/-/issues/41476tor-puppet.git commits not emailed anymore2024-01-17T21:16:48ZJérôme Charaouilavamind@torproject.orgtor-puppet.git commits not emailed anymoreSince we upgraded `pauli` to `bullseye` in tpo/tpa/team#40696, the git hook sending commits to `torproject-admin-vcs@torproject.org` is not working anymore. When pushing to the repository this error message shows up:
remote: /usr/bi...Since we upgraded `pauli` to `bullseye` in tpo/tpa/team#40696, the git hook sending commits to `torproject-admin-vcs@torproject.org` is not working anymore. When pushing to the repository this error message shows up:
remote: /usr/bin/env: ‘python’: No such file or directory
I've tracked the issue to the git-multimail version installed at `/srv/puppet.torproject.org/git/git-multimail`. It uses the `/usr/bin/env python` shebang, while Debian has deprecated `python` as an interpreter.
A quick solution would be to install `python-is-python3` on `pauli` along with properly updating and managing git-multimail (via GitHub, because it's not packaged in Debian), but then again it doesn't seem that these email have really been missed, so maybe an alternative would be to just drop the whole thing?
/cc @anarcat @kezJérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/community/relays/-/issues/84Tor relay operator meetup (2024-01-27 at 1900 UTC)2024-02-06T19:19:09ZGusTor relay operator meetup (2024-01-27 at 1900 UTC)
* [x] Put together an agenda with the contribution of other teams and relay op community
* [x] BBB room - https://tor.meet.coop/gus-og0-x74-dzn
* [x] Publish the meetup invitation where our community hangout:
* [x] tor-relays mailing ...
* [x] Put together an agenda with the contribution of other teams and relay op community
* [x] BBB room - https://tor.meet.coop/gus-og0-x74-dzn
* [x] Publish the meetup invitation where our community hangout:
* [x] tor-relays mailing list: https://forum.torproject.org/t/tor-relays-next-tor-relay-operator-meetup-2024-01-27-19-00-utc/11159
* [x] Twitter
* [x] Mastodon
* [x] r/TOR
* [x] Facilitate the meetup (Saturday, January 27th @ 1900 UTC)
* [x] Send the meetup notes to the tor-relays mailing listGusGushttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41475Reset password on forum.torproject.org2024-01-18T15:07:53ZboyskaReset password on forum.torproject.orgHello!
I have an account named `boyska` on forum.torproject.org. Unfortunately, I lost my password + everything related to 2FA (private key + backup codes).
What this means is that I cannot reset my password over email, because that wil...Hello!
I have an account named `boyska` on forum.torproject.org. Unfortunately, I lost my password + everything related to 2FA (private key + backup codes).
What this means is that I cannot reset my password over email, because that will not only ask for a new password, but also 2FA authentication code (or backup codes).
Is there a way I will be able get back my access to that account?
I have already written a hundred times "I will do backups more often" on the blackboard, I swear!https://gitlab.torproject.org/tpo/tpa/prometheus-alerts/-/issues/14Send alert only once per hour for relays passing the nickname/contact info/fl...2024-01-17T15:44:04ZGeorg KoppenSend alert only once per hour for relays passing the nickname/contact info/flag thresholdsRight now those alerts do not have any `for` clause included which, if I understand the docs at https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/ correctly, triggers an alert in case the condition matches on any ...Right now those alerts do not have any `for` clause included which, if I understand the docs at https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/ correctly, triggers an alert in case the condition matches on any update. Having the alerts in question trigger a notification only once per hour seems to be the right thing to do given that we only get Onionoo updates once per hour anyway.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41474investigate restore issues following gitlab incident2024-03-19T17:58:59Zanarcatinvestigate restore issues following gitlab incidentIn #41470, we investigated the impact of an [authentication bypass in GitLab](https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/#account-takeover-via-password-reset-without-user-interactions) (...In #41470, we investigated the impact of an [authentication bypass in GitLab](https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/#account-takeover-via-password-reset-without-user-interactions) ([CVE-2023-7028](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7028)), during which we had to restore old log files to perform an audit.
Two things became painfully obvious:
1. some logs are missing from old backups
2. some logs create huge files with garbage on restore
Now, the first bit in there might be deliberate: maybe we're excluding old log files to avoid constantly re-indexing the same content.
But the *second* bit is deeply concerning. In https://gitlab.torproject.org/tpo/tpa/team/-/issues/41470#note_2983750, I found that the log file is actually there, but bacula appends a seemingly endless stream of files after it. Truly bizarre, and concerning.anarcatanarcathttps://gitlab.torproject.org/tpo/team/-/issues/246SIDA request on more info2024-01-16T22:25:04ZGabagaba@torproject.orgSIDA request on more infoGabagaba@torproject.orgGabagaba@torproject.org