The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2024-03-12T11:29:00Zhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40330Collect metrics for binned counts of client polls per country for each rendez...2024-03-12T11:29:00ZCecylia BocovichCollect metrics for binned counts of client polls per country for each rendezvous methodWe now collect metrics on [poll counts for each rendezvous method](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/243). To learn about potential censorship events it would be useful to a...We now collect metrics on [poll counts for each rendezvous method](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/243). To learn about potential censorship events it would be useful to also collect binned polling counts per country by adding a line:
```
client-[method]-ips [CC=NUM,CC=NUM,...,CC=NUM] NL
```
for each rendezvous method.
I think it's safer to still collect poll counts rather than unique IPs for clients to avoid the necessity of storing (even hashed) seen addresses in memory. The main trick is in how we learn the client's IP address to perform a country code lookup in the geoip database. For the domain fronting rendezvous method, we could use the `X-Forwarded-For` header, but SQS does not offer details on the IP that sent the message. One way to do this is to pull the client IP out of the SDP offer. We already have some code for processing ice candidates and [removing local addresses](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/blob/35984c0876273adb810ab3cc558464ba786aafcd/common/util/util.go#L70-L99). Something similar could be done to extract the client IP.mpumpuhttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41528Make Lox open invite endpoint only available to telegram bot2024-02-21T13:48:53ZonyinyangMake Lox open invite endpoint only available to telegram botWe have deployed Lox's distributor on `rdsys-frontend-01.torproject.org` and Lox client requests can be made to various Lox server endpoints at `rdsys-frontend-01.torproject.org/lox`. All except one of these requests requires a user to p...We have deployed Lox's distributor on `rdsys-frontend-01.torproject.org` and Lox client requests can be made to various Lox server endpoints at `rdsys-frontend-01.torproject.org/lox`. All except one of these requests requires a user to present a valid Lox credential(s) in order to get the desired response. We would like to limit access to the one endpoint that doesn't require any credentials, `rdsys-frontend-01.torproject.org/lox/invite` to our telegram bot that is running on `polyanthum.torproject.org`. In the future, we will likely use a token to limit access instead, but during the testing/alpha phase, limiting access to polyanthum is probably sufficient.Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/core/arti/-/issues/1280Long-running arti service reachability issues2024-02-29T18:14:52Zgabi-250Long-running arti service reachability issues@stefani and @jnewsome report that arti onion services become unreachable after some time. On the client side, the logs suggest the descriptor is not available at the expected HsDirs:
```
Jan 04 14:26:57.777 [info] handle_response_fetch_...@stefani and @jnewsome report that arti onion services become unreachable after some time. On the client side, the logs suggest the descriptor is not available at the expected HsDirs:
```
Jan 04 14:26:57.777 [info] handle_response_fetch_hsdesc_v3(): Received v3 hsdesc (body size 0, status 404 ("Not found"))
```
The obvious suspect is the publisher, but the problem could also be in the IPT manager (e.g. maybe the service is failing to establish its desired number of intro points), or in the way we're computing the HsDir rings (maybe we are publishing the descriptor, but to the wrong HsDirs).gabi-250gabi-250https://gitlab.torproject.org/tpo/tpa/team/-/issues/41527install python3-sqlparse in polyanthum2024-03-11T12:25:55Zmeskiomeskio@torproject.orginstall python3-sqlparse in polyanthumAfter the upgrade to bookworm two weeks ago onbasca stopped working in polyanthum. It looks like is missing a dependency: python3-sqlparse
Can you install it?
I wonder how was removed by the upgrade.After the upgrade to bookworm two weeks ago onbasca stopped working in polyanthum. It looks like is missing a dependency: python3-sqlparse
Can you install it?
I wonder how was removed by the upgrade.Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41526Deploy onionperf files parser on metricsdb-012024-03-07T14:23:37ZHiroDeploy onionperf files parser on metricsdb-01We need to deploy https://gitlab.torproject.org/tpo/network-health/metrics/tor_fusion/ on metricsdb-01.
Basically this thing will run, download onionperf files from collector and parse them. This will just happen once a day around 1am UT...We need to deploy https://gitlab.torproject.org/tpo/network-health/metrics/tor_fusion/ on metricsdb-01.
Basically this thing will run, download onionperf files from collector and parse them. This will just happen once a day around 1am UTC as at midnight is when collector fetches the archives from the various onionperf clients.
It's a little rust app and was thinking to create a group and user like for the metrics-api. But maybe it's a bit overkill and I should just put it in the parser space?HiroHirohttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42415Improve focus styling for forced focus in bridge settings2024-02-14T10:21:05ZhenryImprove focus styling for forced focus in bridge settingsAs part of https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42036, I set up a few places where we wanted to move focus to the start of an area by calling `.focus` on an element with `tabindex = -1`. This issue is just ...As part of https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42036, I set up a few places where we wanted to move focus to the start of an area by calling `.focus` on an element with `tabindex = -1`. This issue is just to tidy up some of the focus styling of these elements for these rare moments where they have `:focus-visible`.henryhenryhttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41525gitlab not reachable over ipv6 from (at least) UK ISP Andrews and Arnold2024-03-06T15:07:47ZIan Jacksoniwj@torproject.orggitlab not reachable over ipv6 from (at least) UK ISP Andrews and Arnold```
zealot:~> ping gitlab.torproject.org
PING gitlab.torproject.org(gitlab-02.torproject.org (2a01:4f8:fff0:4f:266:37ff:feb8:3489)) 56 data bytes
```
That's from 2001:8b0:bb7b:4008:c50a:b4d5:6fc1:31f2.
Confirmed by other folks on `#a&a...```
zealot:~> ping gitlab.torproject.org
PING gitlab.torproject.org(gitlab-02.torproject.org (2a01:4f8:fff0:4f:266:37ff:feb8:3489)) 56 data bytes
```
That's from 2001:8b0:bb7b:4008:c50a:b4d5:6fc1:31f2.
Confirmed by other folks on `#a&a` at `irc.aachat.net`. Reports there suggest there might be a problem with Hetzner?
It's reachable from my personal colo, which is with Jump in London.
I don't know if this is a problem at the TPO end, or at the AAISP end. (It's quite inconvenient since it makes git push not work.)Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42414Show ellipsis when the tor bridge address overflows2024-02-14T10:20:22ZhenryShow ellipsis when the tor bridge address overflowsCurrently the ellipsis doesn't show, as intended in the mockup: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42036/designs/lox-added.pngCurrently the ellipsis doesn't show, as intended in the mockup: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42036/designs/lox-added.pnghenryhenryhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41083Make deb package for Mullvad Browser2024-03-28T10:14:54ZboklmMake deb package for Mullvad BrowserWe should generate a deb package for Mullvad Browser.We should generate a deb package for Mullvad Browser.boklmboklmhttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41523document donate-review deployment process and project in general2024-02-14T21:09:13Zanarcatdocument donate-review deployment process and project in generalin tpo/tpa/team#41519, we have identified that donate-review lacks documentation. #41518 is a task for @lavamind to review that project, but this is for @kez to document it as much as they can.in tpo/tpa/team#41519, we have identified that donate-review lacks documentation. #41518 is a task for @lavamind to review that project, but this is for @kez to document it as much as they can.Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41522TPA-RFC-62: migrate tor-passwords to password-store2024-02-21T19:49:00ZanarcatTPA-RFC-62: migrate tor-passwords to password-storeIn #29677, we have reviewed a bunch of password managers. Bitwarden seems to be emerging as a possible candidate for an organisation-wide password management service, but in the short term however, we do not want to make any major change...In #29677, we have reviewed a bunch of password managers. Bitwarden seems to be emerging as a possible candidate for an organisation-wide password management service, but in the short term however, we do not want to make any major changes to our workflow. There's also an argument to be made that TPA should *not* be using a global password manager and is best protecting those secrets with a a different mechanism.
In any case, during a recent offboarding process (tpo/tpa/team#41519), it became very clear that our *current* password manager (pwstore) has major flaws:
1. key management: in this case, @hiro's key was expired and had to be manually removed from the user's list. this would be similar in pass, except that the keyid file is easier to manage, as its signature is managed automatically by `pass init`, provided that the `PASSWORD_STORE_SIGNING_KEY` variable is set
2. password rotation: because multiple passwords are stored in the same file, it's hard or impossible to actually see the last rotation on a single password
3. conflicts: because multiple passwords are stored in the same file, we frequently get conflicts when making changes, which is particularly painful if we need to distribute the "rotation" work
4. abandonware: a [pull request to fix Debian bookworm / Ruby 3.1 support](https://github.com/weaselp/pwstore/pull/8) has been ignored for more than a year at this point
5. counter-intuitive interface: there's no command to extract a password, you're presumably supposed to use `gpg -d` to read the password files, yet you can't use other tools to directly manipulate the password files because the target encryption keys are specified in a meta file (that latter issue is shared with pass, to be fair)
6. not packaged: pwstore is not in Debian, flatpak, or anything else
The main downside to pass is the .gpg-id system is less secure than pwstore: its signature is not enforced unless the environment variable is set, which is a bit brittle. It's also relying on the global GPG key store although in theory it should be possible to rely on another keyring by passing different options to GnuPG.
Finally, by splitting secrets into different files, we disclose **which** accounts we have access to, but I consider this a reasonable tradeoff for the benefits it brings.
Update: the above was put in an actual proposal, see https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/tpa-rfc-62-tpa-password-manageranarcatanarcathttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41521install redis on donate-review-012024-02-13T17:35:37ZKezinstall redis on donate-review-01@stephen needs a redis server available for testing donate-neo review apps. the easiest way to set that up would be to add the redis package to the machine in puppet. redis shouldn't need any additional configuration, i believe it should...@stephen needs a redis server available for testing donate-neo review apps. the easiest way to set that up would be to add the redis package to the machine in puppet. redis shouldn't need any additional configuration, i believe it should "just work" out of the box. the most configuring it could need is allowing all connections from localhost.Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/network-health/doctor/-/issues/40035"NOTICE: gabelmoo had 17 MiddleOnly flags in its vote but the consensus had 9...2024-03-21T14:27:02ZRoger Dingledine"NOTICE: gabelmoo had 17 MiddleOnly flags in its vote but the consensus had 9" isn't noteworthyI grabbed the consensus and gabelmoo's vote during the time period that we got the doctor warning, and sure enough:
```
$ grep MiddleOnly cached-consensus |grep ^s|wc -l
9
$ grep MiddleOnly gabelmoo-vote |grep ^s|wc -l
17
```
And in mo...I grabbed the consensus and gabelmoo's vote during the time period that we got the doctor warning, and sure enough:
```
$ grep MiddleOnly cached-consensus |grep ^s|wc -l
9
$ grep MiddleOnly gabelmoo-vote |grep ^s|wc -l
17
```
And in more detail,
```
$ grep MiddleOnly gabelmoo-vote |grep ^s
s BadExit MiddleOnly Running Stable Valid
s BadExit Fast MiddleOnly Stable Valid
s BadExit Fast MiddleOnly Running Stable Valid
s BadExit Fast MiddleOnly Running Stable Valid
s BadExit Fast MiddleOnly Stable Valid
s BadExit Fast MiddleOnly Running Valid
s BadExit Fast MiddleOnly Running Stable Valid
s BadExit Fast MiddleOnly Running Valid
s BadExit Fast MiddleOnly Stable Valid
s BadExit Fast MiddleOnly Stable Valid
s BadExit Fast MiddleOnly Stable Valid
s BadExit Fast MiddleOnly Stable Valid
s BadExit Fast MiddleOnly Stable Valid
s BadExit Fast MiddleOnly Running Stable Valid
s BadExit Fast MiddleOnly Running Stable Valid
s BadExit Fast MiddleOnly Stable Valid
s BadExit Fast MiddleOnly Running Stable Valid
```
So even gabelmoo only thought 9 of the 17 should be Running, so it's not surprising that only 9 of them made it into the consensus.
But even if gabelmoo had different opinions about which ones are Running, the fact that gabelmoo voted MiddleOnly about a relay which didn't make it into the consensus is not noteworthy. There are a variety of cases where it could happen during normal operation.
I think a more precise check would be: for each relay listed in the consensus as MiddleOnly, did gabelmoo list it as MiddleOnly too?
If that's too much coding, a simpler approximation (which avoids reporting the false positives but also omits some of the true positives) might be: don't log anything if the number in the vote is bigger than the number in the consensus.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/web/tpo/-/issues/414membership redirect is busted, the regexp is probably wrong2024-02-13T15:55:40ZRoger Dingledinemembership redirect is busted, the regexp is probably wrongAfter https://gitlab.torproject.org/tpo/web/tpo/-/issues/375 @lavamind added a redirect from https://www.torproject.org/about/membership/ to https://www.torproject.org/about/supporters/
But instead it redirects to https://www.torproject...After https://gitlab.torproject.org/tpo/web/tpo/-/issues/375 @lavamind added a redirect from https://www.torproject.org/about/membership/ to https://www.torproject.org/about/supporters/
But instead it redirects to https://www.torproject.org/about/supporters/1 i.e. with a 1 on the end. That sounds like a "typo in htaccess file" situation.Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/network-health/metrics/networkstatusapi/-/issues/52Rework proxying logic to VictoriaMetrics2024-02-19T16:16:51ZMattia RighettiRework proxying logic to VictoriaMetricsCurrent proxying logic is not actually proxying the request to VictoriaMetrics, but rather issuing another request from NSAPI to VictoriaMetrics and then streaming the response back. That is probably the reason why it's not responding wi...Current proxying logic is not actually proxying the request to VictoriaMetrics, but rather issuing another request from NSAPI to VictoriaMetrics and then streaming the response back. That is probably the reason why it's not responding with large timewindows (+20d of data).
What should actually happen is that NSAPI should make the appropriate changes to the request headers from the original user and pass it on to VictoriaMetrics, creating two streams of data like the following VM -> NSAPI -> User.
A good implementation example is the [`httputil.ReverseProxy`](https://go.dev/src/net/http/httputil/reverseproxy.go) in Go's stdMattia RighettiMattia Righettihttps://gitlab.torproject.org/tpo/web/tpo/-/issues/413Adding ONF to supporters page2024-02-28T17:14:26ZBekeela DavilaAdding ONF to supporters pagePlease update the supporters page https://www.torproject.org/about/supporters/ to have a new entry for Open Net Fund. I've attached the file with the sponsor info. [ONF_sponsors_page.txt](/uploads/2cbb857427c5f9391ff768de0c11bf1f/ONF_sp...Please update the supporters page https://www.torproject.org/about/supporters/ to have a new entry for Open Net Fund. I've attached the file with the sponsor info. [ONF_sponsors_page.txt](/uploads/2cbb857427c5f9391ff768de0c11bf1f/ONF_sponsors_page.txt)
The logo is here: https://gitlab.torproject.org/bekeela/tpo/-/blob/master/assets/static/images/sponsors/opennetfund_logo.pngJérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/community/l10n/-/issues/40131Add more screenshots for the Tor Browser translations2024-03-14T13:34:43ZemmapeelAdd more screenshots for the Tor Browser translationsThe browser strings need more context for a good translation, especially the ones with variables that make translators confused.
At the moment the Tor Browser strings without screenshots can be listed here: https://hosted.weblate.org/se...The browser strings need more context for a good translation, especially the ones with variables that make translators confused.
At the moment the Tor Browser strings without screenshots can be listed here: https://hosted.weblate.org/search/tor/tor-browser/?q=+language%3Aen+and+NOT+has%3Ascreenshot+and+not+component%3Ator-browser-user-manual&sort_by=-priority%2Cposition&checksum=emmapeelemmapeelhttps://gitlab.torproject.org/tpo/core/torspec/-/issues/255Update spec regarding microdesc computation2024-02-08T14:42:29ZGeorg KoppenUpdate spec regarding microdesc computation`pr` is gone (presumably it moved into the microdesc consensus) and `p` is at most once.`pr` is gone (presumably it moved into the microdesc consensus) and `p` is at most once.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/network-health/metrics/exonerator/-/issues/40002Exonerator queries are too expensive and killing the service2024-03-11T15:14:08ZHiroExonerator queries are too expensive and killing the serviceIt seems exonerator queries are too expensive for the DB and the service is easy to kill. We should optimize the queries and maybe limit some functionalities in the API.It seems exonerator queries are too expensive for the DB and the service is easy to kill. We should optimize the queries and maybe limit some functionalities in the API.HiroHirohttps://gitlab.torproject.org/tpo/community/training/-/issues/141[Privacy Resilience Grants] Record and upload trainings for incoming Tor trai...2024-03-06T13:44:06Zraya[Privacy Resilience Grants] Record and upload trainings for incoming Tor trainerscc: @guscc: @gusrayaraya