The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2023-06-26T18:59:13Zhttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41240btcpayserver-02 not in nagios?2023-06-26T18:59:13ZJérôme Charaouilavamind@torproject.orgbtcpayserver-02 not in nagios?`btcpayserver-02` is not monitored in Nagios. Is that intentional, or an oversight?
I could not find any explanation about this in the previous tickets related to that server's setup.`btcpayserver-02` is not monitored in Nagios. Is that intentional, or an oversight?
I could not find any explanation about this in the previous tickets related to that server's setup.anarcatanarcathttps://gitlab.torproject.org/tpo/network-health/metrics/tagtor/-/issues/16Add dropdown menu including common tags for relays2023-09-27T17:46:57ZGeorg KoppenAdd dropdown menu including common tags for relaysWhen tagging relays we might want to have a pre-populated dropdown box with the most common tags we provide. Probably related: https://gitlab.torproject.org/tpo/network-health/team/-/issues/277.When tagging relays we might want to have a pre-populated dropdown box with the most common tags we provide. Probably related: https://gitlab.torproject.org/tpo/network-health/team/-/issues/277.HiroHirohttps://gitlab.torproject.org/tpo/network-health/metrics/tagtor/-/issues/15Include option to edit/remove tags2023-07-04T08:44:19ZGeorg KoppenInclude option to edit/remove tagsIn case someone made a typo or we just applied the wrong tag it would be good to have the option to change/remove it. Right now we only can add tags.In case someone made a typo or we just applied the wrong tag it would be good to have the option to change/remove it. Right now we only can add tags.https://gitlab.torproject.org/tpo/network-health/metrics/tagtor/-/issues/14A list of routers should not contain redundant entries2023-06-28T06:28:21ZGeorg KoppenA list of routers should not contain redundant entriesIf one looks at https://tagtor.torproject.org/routers?keyword=relay&filter=authority there is the surprise that 10 entries are shown even though we only have 8 directory authorities and one bridge authority. It seems what we get is maybe...If one looks at https://tagtor.torproject.org/routers?keyword=relay&filter=authority there is the surprise that 10 entries are shown even though we only have 8 directory authorities and one bridge authority. It seems what we get is maybe a list of entries dependent on server descriptors being published (instead of just fingerprint)?. Screenshot:
![duplicated_basted](/uploads/17b6f1b4f28575b4c4946313f60425fa/duplicated_basted.png)https://gitlab.torproject.org/tpo/network-health/metrics/tagtor/-/issues/13Filters and keyword are lost when moving on to the next page in a relay list2023-07-04T08:48:52ZGeorg KoppenFilters and keyword are lost when moving on to the next page in a relay listLet's say I am querying exit relays from tagtor by applying a filter: https://tagtor.torproject.org/routers?keyword=relay&filter=exit. Now, when I want to checkout the second page of the exit list by clicking on the ">>" button my keywor...Let's say I am querying exit relays from tagtor by applying a filter: https://tagtor.torproject.org/routers?keyword=relay&filter=exit. Now, when I want to checkout the second page of the exit list by clicking on the ">>" button my keyword and filter is lost and I am landing on https://tagtor.torproject.org/routers?page=2, which shows me bridges.https://gitlab.torproject.org/tpo/team/-/issues/182Roadmaps for Q32023-07-06T19:35:20ZGabagaba@torproject.orgRoadmaps for Q3- [x] Community
- [x] UX
- [x] Applications
- [x] Network
- [x] Network Health
- [x] Anti-censorship
- [x] TPA- [x] Community
- [x] UX
- [x] Applications
- [x] Network
- [x] Network Health
- [x] Anti-censorship
- [x] TPAGabagaba@torproject.orgGabagaba@torproject.org2023-07-06https://gitlab.torproject.org/tpo/network-health/metrics/onionoo/-/issues/40035Onionoo is taking long to write its statuses2023-07-18T13:26:50ZHiroOnionoo is taking long to write its statusesThere is a warning on both onionoo backends regarding timestamps from when statuses were published last. It seems the service is working but something is not being updated. :shrug:There is a warning on both onionoo backends regarding timestamps from when statuses were published last. It seems the service is working but something is not being updated. :shrug:HiroHirohttps://gitlab.torproject.org/tpo/network-health/metrics/descriptorParser/-/issues/43All routers are offline2023-06-30T15:06:18ZHiroAll routers are offlineSomething in the parser isn't quiet working as all the routers do come up as always offline.Something in the parser isn't quiet working as all the routers do come up as always offline.HiroHirohttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41239Reverse DNS for IPv6 not working for gnt-dal cluster2023-08-14T17:07:23ZJérôme Charaouilavamind@torproject.orgReverse DNS for IPv6 not working for gnt-dal clusterWhile adding a new host to DNSwl, I noticed that our IPv6 reverse DNS records were not resolving for machines in the gnt-dal cluster.
```
$ dig -x 2620:7:6002:0:3eec:efff:fed5:6b2a
; <<>> DiG 9.16.37-Debian <<>> -x 2620:7:6002:0:3eec:e...While adding a new host to DNSwl, I noticed that our IPv6 reverse DNS records were not resolving for machines in the gnt-dal cluster.
```
$ dig -x 2620:7:6002:0:3eec:efff:fed5:6b2a
; <<>> DiG 9.16.37-Debian <<>> -x 2620:7:6002:0:3eec:efff:fed5:6b2a
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 60083
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;a.2.b.6.5.d.e.f.f.f.f.e.c.e.e.3.0.0.0.0.2.0.0.6.7.0.0.0.0.2.6.2.ip6.arpa. IN PTR
;; AUTHORITY SECTION:
0.0.0.0.2.0.0.6.7.0.0.0.0.2.6.2.ip6.arpa. 1 IN SOA ns1.torproject.org. anarcat.torproject.org. 2023021017 900 600 86400 3600
;; Query time: 132 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Jun 21 10:41:33 EDT 2023
;; MSG SIZE rcvd: 163
;; Query time: 132 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Jun 21 10:41:33 EDT 2023
;; MSG SIZE rcvd: 163
```anarcatanarcathttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41238Retire forum-test-012023-06-28T15:59:55ZJérôme Charaouilavamind@torproject.orgRetire forum-test-01This machine was used for prototyping Discourse hosting that was deployed as part of https://gitlab.torproject.org/tpo/tpa/team/-/issues/41063
1. ~~[ ] announcement~~ (N/A)
2. [x] nagios
3. [x] retire the host in fabric
4. [x] remov...This machine was used for prototyping Discourse hosting that was deployed as part of https://gitlab.torproject.org/tpo/tpa/team/-/issues/41063
1. ~~[ ] announcement~~ (N/A)
2. [x] nagios
3. [x] retire the host in fabric
4. [x] remove from LDAP with `ldapvi`
5. [x] power-grep
6. [x] remove from tor-passwords
7. ~~[ ] remove from DNSwl~~ (N/A)
8. [x] remove from docs
9. ~~[ ] remove from racks~~ (N/A)
10. [x] remove from reverse DNSJérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/core/arti/-/issues/913Questions for an expert on hidden services2023-12-11T21:03:52ZIan Jacksoniwj@torproject.orgQuestions for an expert on hidden services(**Note** It's probably best to start a separate reply thread for each question (or set of related questions), or we'll become totally lost.)
We (Arti folks) have a number of questions that we would like an expert on onion services to h...(**Note** It's probably best to start a separate reply thread for each question (or set of related questions), or we'll become totally lost.)
We (Arti folks) have a number of questions that we would like an expert on onion services to have an opinion about. They're all about what the client behaviour should be:
1. How long should an HS client circuit, that is not currently being used, be retained?
2. After having received INTRODUCE_ACK, is it OK to tear down the introduction circuit immediately, or should we wait for rendezvous completion?
3. HS descriptor downloading: currently, for each HS, Arti tries one hsdir at a time. How important is it to parallelise these attempts?
4. Introduction/rendezvous: currently, Arti tries one introduction point at a time. Again, how important is it to parallelise these attemnpts?
5. Rendezvous circuit construction: currently Arti tries to maintain a pool of circuits ready for use as rendezvous, but if many HS connections are made at once, that pool will become depleted. Then, Arti would *serialise* building a new rendezvous circuit, with the building of the introduction circuit. How much does this matter?
6. Arti currently serialises (i) the RENDEZVOUS exchange with (ii) building the introduction circuit and sending INTRODUCE1, even though in principle they could be paralellised. Does this matter?
7. Descriptor lifetime. Revision numbers vs expiry times. Currently, once Arti has successfully obtained an HS descriptor, it retains it until it has expired according to its declared lifetime. After its declared lifetime, Arti will unconditionally discard it (and attempt to obtain a new descriptor). Arti ignores the revision counter. Is this right? Should rendezvous failures prompt descriptor re-download? When?
8. We have a number of timeouts and retry counters which we're not sure we have the right values for:
```
// For descriptor downloading
// TODO HS are these right? make configurable? get from netdir?
// TODO HS should we even have MAX_TOTAL_ATTEMPTS or should we just try each one once?
/// Maxmimum number of hsdir connection and retrieval attempts we'll make
const MAX_TOTAL_ATTEMPTS: usize = 6;
/// Limit on the duration of each retrieval attempt
const EACH_TIMEOUT: Duration = Duration::from_secs(10);
// For introduction and rendezvous
// TODO HS are these right? make configurable? get from netdir?
// TODO HS should we even have this or should we just try each one once?
/// Maxmimum number of rendezvous/introduction attempts we'll make
const MAX_TOTAL_ATTEMPTS: usize = 6;
/// Limit on the duration of each attempt to establishg a rendezvous point
const REND_TIMEOUT: Duration = Duration::from_secs(10);
/// Limit on the duration of each attempt to negotiate with an introduction point
const INTRO_TIMEOUT: Duration = Duration::from_secs(10);
/// Limit on the duration of each attempt for activities involving both RPT and IPT
const RPT_IPT_TIMEOUT: Duration = Duration::from_secs(10);
```
CC @dgouletArti: Onion service supportNick MathewsonNick Mathewsonhttps://gitlab.torproject.org/tpo/web/support/-/issues/329Review support entries for Tor Browser 12.5 release2023-06-23T14:57:09ZGusReview support entries for Tor Browser 12.5 releasechampionquizzerchampionquizzer@torproject.orgchampionquizzerchampionquizzer@torproject.orghttps://gitlab.torproject.org/tpo/community/support/-/issues/40115Review user support templates for Tor Browser 12.5 release2023-06-28T14:05:23ZGusReview user support templates for Tor Browser 12.5 releasechampionquizzerchampionquizzer@torproject.orgchampionquizzerchampionquizzer@torproject.orghttps://gitlab.torproject.org/tpo/network-health/metrics/descriptorParser/-/issues/42More clean-up in descriptor parser code2023-06-26T14:11:22ZGeorg KoppenMore clean-up in descriptor parser codeWhile going over !22 I realized we might want to fix up more in ExtraDescriptorParser.java while we are at it. This will happen in this ticket to not pollute !22 with unrelated stuff we should not forget, though.While going over !22 I realized we might want to fix up more in ExtraDescriptorParser.java while we are at it. This will happen in this ticket to not pollute !22 with unrelated stuff we should not forget, though.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/core/arti/-/issues/903keymgr: Implement key bundles2023-10-03T18:47:38Zgabi-250keymgr: Implement key bundles[key-management.md](https://gitlab.torproject.org/tpo/core/arti/-/blob/d75b4af0f1ea6d1f43bcb626cc2f4b4e231a8413/doc/dev/notes/key-management.md) talks about "key bundles" and why we need them.
While the arti keystore already has a `has_...[key-management.md](https://gitlab.torproject.org/tpo/core/arti/-/blob/d75b4af0f1ea6d1f43bcb626cc2f4b4e231a8413/doc/dev/notes/key-management.md) talks about "key bundles" and why we need them.
While the arti keystore already has a `has_key_bundle` function, it's actually just an implementation stub.
We need to:
* come up with a more precise definition for "key bundles"
* implement key bundles in `ArtiNativeKeyStore`Arti: Onion service supportgabi-250gabi-250https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41854Download Spam Protection cannot be overridden to allow legitimate downloads2023-10-05T12:50:33ZdonutsDownload Spam Protection cannot be overridden to allow legitimate downloadsA user has reported the following issue with file downloads on 12.0.7 [on the forum](https://forum.torproject.net/t/download-bug-in-tor-browser-12-0-7/8043):
> I’m on Linux, with Tor Browser 12.0.7
>
> I’m trying to download (PDF) file...A user has reported the following issue with file downloads on 12.0.7 [on the forum](https://forum.torproject.net/t/download-bug-in-tor-browser-12-0-7/8043):
> I’m on Linux, with Tor Browser 12.0.7
>
> I’m trying to download (PDF) files from a site i’ve downloaded from many times before.
>
> - Get a yellow triangle on downloads icon.
> - open it and it says “Downloads blocked from ”
> - click Show more information
> - says “ attempted to automatically download multiple files. The site could be broken or trying to store spam files on your device.”
>
> Options to “Allow Download” or “Remove Files” don’t seem to do anything or change the behavior.
>
> Each time I click a link to download a file from this site I get another message like this. (it worked the first time)
At least [two other users on reddit](https://old.reddit.com/r/TOR/comments/146ge44/download_bug_in_tor_browser_1207/) have reported the same bug. However it's seemingly not an issue in 12.5a7 [according to the original reporter](https://forum.torproject.net/t/download-bug-in-tor-browser-12-0-7/8043).ma1ma1https://gitlab.torproject.org/tpo/tpa/team/-/issues/41236gitolite: Redirect tor.git to Gitlab2023-06-26T16:15:35ZDavid Gouletdgoulet@torproject.orggitolite: Redirect tor.git to GitlabHello,
Network team is ready to have `tor.git` on Gitolite to be redirected to Gitlab and thus become canonical repository:
https://gitweb.torproject.org/tor.git -> https://gitlab.torproject.org/tpo/core/tor
Thanks!Hello,
Network team is ready to have `tor.git` on Gitolite to be redirected to Gitlab and thus become canonical repository:
https://gitweb.torproject.org/tor.git -> https://gitlab.torproject.org/tpo/core/tor
Thanks!legacy Git infrastructure retirement (TPA-RFC-36)Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41235Redirect and destroy stem.git gitolite to Gitlab2023-06-26T16:15:01ZjugaRedirect and destroy stem.git gitolite to GitlabWe've just migrated stem to gitlab (https://gitlab.torproject.org/tpo/network-health/team/-/issues/307), so you can now destroy the one at https://gitweb.torproject.org/stem.git and redirect it to https://gitlab.torproject.org/tpo/networ...We've just migrated stem to gitlab (https://gitlab.torproject.org/tpo/network-health/team/-/issues/307), so you can now destroy the one at https://gitweb.torproject.org/stem.git and redirect it to https://gitlab.torproject.org/tpo/network-health/stem.git
Thanks!legacy Git infrastructure retirement (TPA-RFC-36)https://gitlab.torproject.org/tpo/tpa/team/-/issues/41234Need more memory on metricsdb-012023-06-27T04:13:59ZHiroNeed more memory on metricsdb-01I have noticed we might need more memory on metricsdb-01. I have seen VM being restarted with oom errors. I have topped the highest amount of memory that the java parser can use to 8GB, but I think we would be better of with 10 more GB o...I have noticed we might need more memory on metricsdb-01. I have seen VM being restarted with oom errors. I have topped the highest amount of memory that the java parser can use to 8GB, but I think we would be better of with 10 more GB of ram available.Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/network-health/team/-/issues/307Move stem from git.tpo to gitlab.tpo2024-02-07T17:52:58ZjugaMove stem from git.tpo to gitlab.tpoSince TPA'll remove git.tpo and tpo/core/tor depends on it.Since TPA'll remove git.tpo and tpo/core/tor depends on it.jugajuga