The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2023-12-13T16:00:24Zhttps://gitlab.torproject.org/tpo/network-health/tor-weather/-/issues/35Logout is not related to any kind of support2023-12-13T16:00:24ZGeorg KoppenLogout is not related to any kind of supportRight now if I look at the interface the "Logout" option looks like being in the Support group:
![weather_support](/uploads/f664069873d9a26baa0a2637a29f2fbd/weather_support.png)
I think there should be some space between it and the "Su...Right now if I look at the interface the "Logout" option looks like being in the Support group:
![weather_support](/uploads/f664069873d9a26baa0a2637a29f2fbd/weather_support.png)
I think there should be some space between it and the "Submit Feedback" option to avoid that impression.https://gitlab.torproject.org/tpo/core/tor/-/issues/40763Implement standard Prometheus metrics2023-04-12T14:46:21Zfriendly73Implement standard Prometheus metricsMost client libraries and applications export a few standard metrics that would be useful for tor to implement. Below are some examples from a Prometheus' own `/metrics` page.
Build Info - Don't need as many labels as GO provides here b...Most client libraries and applications export a few standard metrics that would be useful for tor to implement. Below are some examples from a Prometheus' own `/metrics` page.
Build Info - Don't need as many labels as GO provides here but the short version tag that appears on the relay consensus would be good.
```
# HELP prometheus_build_info A metric with a constant '1' value labeled by version, revision, branch, goversion from which prometheus was built, and the goos and goarch for the build.
# TYPE prometheus_build_info gauge
prometheus_build_info{branch="HEAD",goarch="amd64",goos="linux",goversion="go1.19.5",revision="225c61122d88b01d1f0eaaee0e05b6f3e0567ac0",version="2.42.0"} 1
```
Process start time and last config reload - Useful for dashboard annotations and alerts.
```
# HELP process_start_time_seconds Start time of the process since unix epoch in seconds.
# TYPE process_start_time_seconds gauge
process_start_time_seconds 1.67604147258e+09
# HELP prometheus_config_last_reload_success_timestamp_seconds Timestamp of the last successful configuration reload.
# TYPE prometheus_config_last_reload_success_timestamp_seconds gauge
prometheus_config_last_reload_success_timestamp_seconds 1.6761274276477513e+09
```
CPU / Memory of the current process - These might be a bit of a stretch as they could be hard to implement in a cross platform way and will require supporting float values for counters.
```
# HELP process_cpu_seconds_total Total user and system CPU time spent in seconds.
# TYPE process_cpu_seconds_total counter
process_cpu_seconds_total 6232.69
# HELP process_virtual_memory_bytes Virtual memory size in bytes.
# TYPE process_virtual_memory_bytes gauge
process_virtual_memory_bytes 1.924509696e+09
# HELP process_virtual_memory_max_bytes Maximum amount of virtual memory available in bytes.
# TYPE process_virtual_memory_max_bytes gauge
process_virtual_memory_max_bytes 1.8446744073709552e+19
```https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41656Site info panel for internal pages is misaligned vs the identity block2023-06-01T17:13:43ZdonutsSite info panel for internal pages is misaligned vs the identity blockSee this screenshot for reference:
![identity-block-internal-resource](/uploads/4833fe0b4d0eaf339fb485b3489bb25b/identity-block-internal-resource.png)
It should be aligned to the left of the identity block instead. Curiously, this seem...See this screenshot for reference:
![identity-block-internal-resource](/uploads/4833fe0b4d0eaf339fb485b3489bb25b/identity-block-internal-resource.png)
It should be aligned to the left of the identity block instead. Curiously, this seems to only be affecting internal pages – and external pages are fine.https://gitlab.torproject.org/tpo/network-health/bwauthealth/-/issues/10Remove Faravahar from code2024-01-17T09:41:29ZjugaRemove Faravahar from codeAs stated at https://gitlab.torproject.org/tpo/core/tor/-/issues/40688, we should also remove Faravahar here.
I think it's used in `bwauthealth/bwauthealthpr/settings/base.py` and `bwauthealth/bwauthealth/util.py`As stated at https://gitlab.torproject.org/tpo/core/tor/-/issues/40688, we should also remove Faravahar here.
I think it's used in `bwauthealth/bwauthealthpr/settings/base.py` and `bwauthealth/bwauthealth/util.py`https://gitlab.torproject.org/tpo/web/community/-/issues/303Add NAT/firewall setup instructions for Snowflake2023-05-11T18:26:19ZWofWcawofwca@protonmail.comAdd NAT/firewall setup instructions for Snowflakehttps://gitlab.torproject.org/tpo/web/community/-/tree/main/content/relay/setup/snowflake
Need to add instructions for how to set up the machine for it to have an "unrestricted NAT".
Typical firewall settings appear to result in a ["re...https://gitlab.torproject.org/tpo/web/community/-/tree/main/content/relay/setup/snowflake
Need to add instructions for how to set up the machine for it to have an "unrestricted NAT".
Typical firewall settings appear to result in a ["restricted NAT"](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/blob/7db2568448fed6d883b33db11e3a497c69f1748f/broker/broker.go#L125), even if the machine has a dedicated IP (no NAT) (see [this forum post](https://forum.torproject.net/t/firewall-needs-settings-for-running-standalone-snowflake-proxy/4314/2?u=wofwca), for example), while an unrestricted one is more desirable. (Although I might be wrong, since [the metrics](https://snowflake-broker.torproject.net/metrics) say that there are ~2000 unrestricted proxies?) We [already have instructions](https://gitlab.torproject.org/tpo/web/community/-/blob/abea7a2c54a959136dc573489bfd3b24dd399703/content/relay/setup/post-install/contents.lr#L9) for regular Tor relays, but WebRTC (ICE) is a different kind of beast.
Need to consider both the NATed (say, behind a router), and the dedicated IP cases.
In case there's no NAT, simply allowing all incoming connections to the entire [allowed port range](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/blob/7db2568448fed6d883b33db11e3a497c69f1748f/proxy/main.go#L35) should solve the problem, allowing the use of [`host` ICE candidates](https://webrtcforthecurious.com/docs/03-connecting/#host), but it compromises security, because another app may get assigned an ephemeral port from that range. So I thought maybe there is a way to disable [filtering](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/NAT-matching#nat-filtering-behaviour) for the Snowflake process specifically. Or maybe use a non-ephemeral port range so that other apps can't randomly get a port from that range (but this may affect censorship-resistance). Or maybe there is a way to have one dedicated port for Snowflake (is [`SetICEUDPMux`](https://pkg.go.dev/github.com/pion/webrtc/v3#SettingEngine.SetICEUDPMux) it?) which can be opened up, with fallback to ephemeral ports in case the client's censor blocks that one.
There may be better mechanisms that I'm just not aware of since I'm not that good at networking (in both meanings of the word XD).
Related:
* https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40092
* https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake-webext/-/issues/57
* https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40235https://gitlab.torproject.org/tpo/core/torspec/-/issues/177Create Style Guides2023-01-05T18:14:59ZMatthew FinkelCreate Style GuidesFollowing legacy/trac#26184, we should document our coding style preferences. We should consider documenting all Tor Browser-related projects.Following legacy/trac#26184, we should document our coding style preferences. We should consider documenting all Tor Browser-related projects.https://gitlab.torproject.org/tpo/onion-services/onion-support/-/issues/174Onion Service Dereferrer2022-12-08T13:19:28ZSilvio RhattoOnion Service DereferrerBuild a small self-contained Onion Service application that does HTTP Referrer removals (link redirection).
See background discussion and details at https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/25484#note_2861382....Build a small self-contained Onion Service application that does HTTP Referrer removals (link redirection).
See background discussion and details at https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/25484#note_2861382.
See documentation on best-practices for Onion Services at https://gitlab.torproject.org/tpo/onion-services/onion-support/-/issues/30.https://gitlab.torproject.org/tpo/tpa/anon_ticket/-/issues/56Add tpo/anti-censorship/gettor-project/OnionSproutsBot to the list of projects2022-12-05T17:10:50Zn0tooseAdd tpo/anti-censorship/gettor-project/OnionSproutsBot to the list of projectsLink: https://gitlab.torproject.org/tpo/anti-censorship/gettor-project/OnionSproutsBotLink: https://gitlab.torproject.org/tpo/anti-censorship/gettor-project/OnionSproutsBothttps://gitlab.torproject.org/tpo/web/support/-/issues/316Page about bookmarks is confusing2023-11-06T20:15:12ZemmapeelPage about bookmarks is confusingThe page about exporting your bookmarks is pretty confusing: https://support.torproject.org/tbb/export-and-import-bookmarks/
One thing it does is to mix instructions for different operating systems without warning.
It would be better t...The page about exporting your bookmarks is pretty confusing: https://support.torproject.org/tbb/export-and-import-bookmarks/
One thing it does is to mix instructions for different operating systems without warning.
It would be better to have different sections for Mac, Linux, Android, Windows
thanks translator @eulalio for the comment at https://hosted.weblate.org/translate/tor/support-portal/es/?checksum=3dc5a0cd207d143bhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41380Update bridges in our Makefile2023-01-05T18:05:33ZPier Angelo VendrameUpdate bridges in our MakefileBridges have been updated after tor-browser-build#40649 and a few other issues.
We should reflect the changes to tor-browser.git, too, if we want to test meek in our dev builds.
We could even remove the bridge file, and move them to `0...Bridges have been updated after tor-browser-build#40649 and a few other issues.
We should reflect the changes to tor-browser.git, too, if we want to test meek in our dev builds.
We could even remove the bridge file, and move them to `000-tor-browser.js`, if we have a macro that is defined only for dev builds (but not for nightlies; actually I'm a little bit confused about it).https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/130Upgrade telebot library to version 32022-11-03T16:39:33Zmeskiomeskio@torproject.orgUpgrade telebot library to version 3We use [telebot](https://github.com/tucnak/telebot) in our [bridges bot](https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/blob/main/doc/telegram.md). But we are using the version 2 of the library, let's update it to version 3.We use [telebot](https://github.com/tucnak/telebot) in our [bridges bot](https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/blob/main/doc/telegram.md). But we are using the version 2 of the library, let's update it to version 3.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40642statically-link dependencies into tor daemon2023-07-18T21:40:35Zrichardstatically-link dependencies into tor daemonWe ship our own versions of libevent, openssl, etc with tor in Tor Browser. This can cause issues when systems do not use these packaged libraries ( like in https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41336 ).
We...We ship our own versions of libevent, openssl, etc with tor in Tor Browser. This can cause issues when systems do not use these packaged libraries ( like in https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41336 ).
We should statically link our dependencies into the tor daemon. This will ensure we are actually, using the implementation we think we are, and it should reduce the final package/install size as LTO will ensure we are only building and linking in the symbols actually used.
Ricochet-Refresh builds openssl, zlib and libevent this way for tor on Windows (x86,x64), Linux (x86,x64), and macOS (x64):
- openssl: https://github.com/blueprint-freespeech/ricochet-build/tree/main/projects/openssl
- libvent: https://github.com/blueprint-freespeech/ricochet-build/tree/main/projects/libevent
- zlib: https://github.com/blueprint-freespeech/ricochet-build/tree/main/projects/zlib
- tor: https://github.com/blueprint-freespeech/ricochet-build/tree/main/projects/tor
Android is not currently built/supported so anything in there referncing it is left-overs from the original tor-browser-build fork.Marco SimonelliMarco Simonellihttps://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/128Add microsoft onedrive provider to gettor2022-10-05T13:37:27Zmeskiomeskio@torproject.orgAdd microsoft onedrive provider to gettorThe [gettor updater](https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/blob/main/doc/gettor.md) could upload Tor Browser also to a [microsoft OneDrive](https://www.microsoft.com/en-us/microsoft-365/onedrive), like already do to o...The [gettor updater](https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/blob/main/doc/gettor.md) could upload Tor Browser also to a [microsoft OneDrive](https://www.microsoft.com/en-us/microsoft-365/onedrive), like already do to other providers: https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/tree/main/pkg/presentation/updaters/gettor
OneDrive free plan is only 5GBs, which is too small for our current needs, but this requirement might be reduced in the near future. Or we might consider paying for the service as OneDrive is probably reachable in most places.https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/125Add a prometheus exporter to gettor updater2022-10-05T12:53:23Zmeskiomeskio@torproject.orgAdd a prometheus exporter to gettor updaterLet's produce some metrics on the gettor updater for the latest TB version we have updated per platform and provider.
Some inspiration can be taken from how is the prometheus exporter in gettor: https://gitlab.torproject.org/tpo/anti-ce...Let's produce some metrics on the gettor updater for the latest TB version we have updated per platform and provider.
Some inspiration can be taken from how is the prometheus exporter in gettor: https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/blob/main/pkg/usecases/distributors/gettor/gettor.gohttps://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/124Add a prometheus exporter to moat distributor2024-03-21T12:29:24Zmeskiomeskio@torproject.orgAdd a prometheus exporter to moat distributorLet's collect prometheus metrics on the Circumvention Settings [moat distributor](https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/blob/main/doc/moat.md). We might want to collect metrics for:
* Requests to settings with country...Let's collect prometheus metrics on the Circumvention Settings [moat distributor](https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/blob/main/doc/moat.md). We might want to collect metrics for:
* Requests to settings with country and *valid shim token* as labels
* Requests to other API endpoints with the endpoint as label (settings, defaults, map, builtin)
Some inspiration can be taken from how is the prometheus exporter in gettor: https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/blob/main/pkg/usecases/distributors/gettor/gettor.gomeskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40204pion errors don't go into the log2022-12-03T13:45:30ZRoger Dingledinepion errors don't go into the logMy snowflake proxy tells me, I guess on either stdout or stderr,
```
sctp ERROR: 2022/10/03 13:47:32 [0xc002986380] stream 1 not found)
sctp ERROR: 2022/10/03 13:47:32 [0xc002986380] stream 1 not found)
sctp ERROR: 2022/10/03 13:47:32 [0...My snowflake proxy tells me, I guess on either stdout or stderr,
```
sctp ERROR: 2022/10/03 13:47:32 [0xc002986380] stream 1 not found)
sctp ERROR: 2022/10/03 13:47:32 [0xc002986380] stream 1 not found)
sctp ERROR: 2022/10/03 13:47:32 [0xc002986380] stream 1 not found)
sctp ERROR: 2022/10/03 13:47:32 [0xc002986380] stream 1 not found)
sctp ERROR: 2022/10/03 13:47:32 [0xc002986380] stream 1 not found)
sctp ERROR: 2022/10/03 13:47:32 [0xc002986380] stream 1 not found)
sctp ERROR: 2022/10/03 13:47:32 [0xc002986380] stream 1 not found)
sctp ERROR: 2022/10/03 13:47:32 [0xc002986380] stream 1 not found)
```
but I am using -log, and these lines don't show up in the log. It is unexpected that "error" category messages would be the ones that are transient and not captured for posterity.
(Also, the timestamps in the log seem to be utc, and the timestamps on my stdout/stderr appear to be local timezone. Not sure if that merits a separate ticket -- let me know if yes and I can open it.)Linus Nordberglinus@torproject.orgLinus Nordberglinus@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40197nil pointer dereference in PeerConnection.PendingLocalDescription2022-10-03T11:53:14Zcypherpunksnil pointer dereference in PeerConnection.PendingLocalDescription```
info] {EDGE} connection_edge_process_inbuf(): data from edge while in 'waiting for circuit' state. Leaving it on buffer.
info] {EDGE} connection_edge_process_inbuf(): data from edge while in 'waiting for circuit' state. Leaving it on...```
info] {EDGE} connection_edge_process_inbuf(): data from edge while in 'waiting for circuit' state. Leaving it on buffer.
info] {EDGE} connection_edge_process_inbuf(): data from edge while in 'waiting for circuit' state. Leaving it on buffer.
info] {NET} parse_socks_client(): SOCKS 5 client: continuing without authentication
info] {NET} connection_read_proxy_handshake(): Proxy Client: OR connection (handshaking (proxy)) with 192.0.2.3:80 ID=1zOHpg+FxqQfi/6jDLtCpHHqBTH8gjYmCKXkus1D5Ko RSA_ID=2B280B23E1107BB62ABFC40DDCC8824814F80A72 successful
info] {BTRACK} bto_update_best(): ORCONN BEST_ANY state 2->3 gid=4
notice] {CONTROL} Bootstrapped 10% (conn_done): Connected to a relay
info] {BTRACK} bto_update_best(): ORCONN BEST_AP state 2->3 gid=4
info] {PT} managed_proxy_stderr_callback(): Managed proxy at 'PluggableTransports\snowflake-client.exe' reported via standard error: panic: runtime error: invalid memory address or nil pointer dereference
info] {PT} managed_proxy_stderr_callback(): Managed proxy at 'PluggableTransports\snowflake-client.exe' reported via standard error: [signal 0xc0000005 code=0x0 addr=0x0 pc=0x5ed17d]
info] {PT} managed_proxy_stderr_callback(): Managed proxy at 'PluggableTransports\snowflake-client.exe' reported via standard error:
info] {PT} managed_proxy_stderr_callback(): Managed proxy at 'PluggableTransports\snowflake-client.exe' reported via standard error: goroutine 53 [running]:
info] {PT} managed_proxy_stderr_callback(): Managed proxy at 'PluggableTransports\snowflake-client.exe' reported via standard error: github.com/pion/webrtc.(*PeerConnection).PendingLocalDescription(0x0)
info] {PT} managed_proxy_stderr_callback(): Managed proxy at 'PluggableTransports\snowflake-client.exe' reported via standard error: /var/tmp/dist/gopath/src/github.com/pion/webrtc/peerconnection.go:2026 +0x1d
info] {PT} managed_proxy_stderr_callback(): Managed proxy at 'PluggableTransports\snowflake-client.exe' reported via standard error: github.com/pion/webrtc.(*PeerConnection).LocalDescription(0xc00034c000)
info] {PT} managed_proxy_stderr_callback(): Managed proxy at 'PluggableTransports\snowflake-client.exe' reported via standard error: /var/tmp/dist/gopath/src/github.com/pion/webrtc/peerconnection.go:1007 +0x1e
info] {PT} managed_proxy_stderr_callback(): Managed proxy at 'PluggableTransports\snowflake-client.exe' reported via standard error: git.torproject.org/pluggable-transports/snowflake.git/v2/client/lib.(*WebRTCPeer).connect(0xc00034c000, 0x0, 0xc000345d48)
info] {PT} managed_proxy_stderr_callback(): Managed proxy at 'PluggableTransports\snowflake-client.exe' reported via standard error: /var/tmp/dist/gopath/src/git.torproject.org/pluggable-transports/snowflake.git/v2/client/lib/webrtc.go:150 +0xd8
info] {PT} managed_proxy_stderr_callback(): Managed proxy at 'PluggableTransports\snowflake-client.exe' reported via standard error: git.torproject.org/pluggable-transports/snowflake.git/v2/client/lib.NewWebRTCPeerWithEvents(0x35ee40, 0xc0000d6000, {0x223f8f30008, 0xc00022e220})
info] {PT} managed_proxy_stderr_callback(): Managed proxy at 'PluggableTransports\snowflake-client.exe' reported via standard error: /var/tmp/dist/gopath/src/git.torproject.org/pluggable-transports/snowflake.git/v2/client/lib/webrtc.go:73 +0x38b
info] {PT} managed_proxy_stderr_callback(): Managed proxy at 'PluggableTransports\snowflake-client.exe' reported via standard error: git.torproject.org/pluggable-transports/snowflake.git/v2/client/lib.WebRTCDialer.Catch(...)
info] {PT} managed_proxy_stderr_callback(): Managed proxy at 'PluggableTransports\snowflake-client.exe' reported via standard error: /var/tmp/dist/gopath/src/git.torproject.org/pluggable-transports/snowflake.git/v2/client/lib/rendezvous.go:172
info] {PT} managed_proxy_stderr_callback(): Managed proxy at 'PluggableTransports\snowflake-client.exe' reported via standard error: git.torproject.org/pluggable-transports/snowflake.git/v2/client/lib.(*Peers).Collect(0xc000234080)
info] {PT} managed_proxy_stderr_callback(): Managed proxy at 'PluggableTransports\snowflake-client.exe' reported via standard error: /var/tmp/dist/gopath/src/git.torproject.org/pluggable-transports/snowflake.git/v2/client/lib/peers.go:69 +0x223
info] {PT} managed_proxy_stderr_callback(): Managed proxy at 'PluggableTransports\snowflake-client.exe' reported via standard error: git.torproject.org/pluggable-transports/snowflake.git/v2/client/lib.connectLoop({0x846bd0, 0xc000234080})
info] {PT} managed_proxy_stderr_callback(): Managed proxy at 'PluggableTransports\snowflake-client.exe' reported via standard error: /var/tmp/dist/gopath/src/git.torproject.org/pluggable-transports/snowflake.git/v2/client/lib/snowflake.go:345 +0x56
info] {PT} managed_proxy_stderr_callback(): Managed proxy at 'PluggableTransports\snowflake-client.exe' reported via standard error: created by git.torproject.org/pluggable-transports/snowflake.git/v2/client/lib.(*Transport).Dial
info] {PT} managed_proxy_stderr_callback(): Managed proxy at 'PluggableTransports\snowflake-client.exe' reported via standard error: /var/tmp/dist/gopath/src/git.torproject.org/pluggable-transports/snowflake.git/v2/client/lib/snowflake.go:170 +0x206
info] {NET} TLS error: <syscall error while handshaking> (errno=10054: Connection reset by peer [WSAECONNRESET ]; state=SSLv3/TLS write client hello)
info] {OR} connection_tls_continue_handshake(): tls error [connection reset]. breaking connection.
info] {CIRC} circuit_n_chan_done(): Channel failed; closing circ.
info] {GENERAL} circuit_mark_for_close_(): Circuit 0 (id: 1) marked for close at circuitbuild.c:687 (orig reason: 8, new reason: 0)
info] {HANDSHAKE} connection_or_note_state_when_broken(): Connection died in state 'handshaking (TLS) with SSL state SSLv3/TLS write client hello in HANDSHAKE'
info] {BTRACK} bto_status_rcvr(): ORCONN DELETE gid=4 status=2 reason=4
warn] {CONTROL} Problem bootstrapping. Stuck at 10% (conn_done): Connected to a relay. (CONNECTRESET; CONNECTRESET; count 1; recommendation warn; host 2B280B23E1107BB62ABFC40DDCC8824814F80A72 at 192.0.2.3:80)
warn] {HANDSHAKE} 1 connections have failed:
warn] {HANDSHAKE} 1 connections died in state handshaking (TLS) with SSL state SSLv3/TLS write client hello in HANDSHAKE
info] {OR} circuit_build_failed(): Our circuit 0 (id: 1) died before the first hop with no connection
info] {GUARD} entry_guards_note_guard_failure(): Recorded failure for primary guard $2B280B23E1107BB62ABFC40DDCC8824814F80A72 ($2B280B23E1107BB62ABFC40DDCC8824814F80A72)
info] {CIRC} circuit_free_(): Circuit 0 (id: 1) has been freed.
warn] {PT} Pluggable Transport process terminated with status code 2
```https://gitlab.torproject.org/tpo/core/arti/-/issues/580make arti client stop advertising TLS session tickets support in connection h...2023-04-06T12:42:35ZpseudonymisaTormake arti client stop advertising TLS session tickets support in connection handshakeClientHello includes `session_ticket Extension`.
But we disabled session tickets support server-side.
Ctor doesn't.
http://eweiibe6tdjsdprb4px6rqrzzcsi22m4koia44kc5pcjr7nec2rlxyad.onion/tpo/core/tor/-/blob/main/src/lib/tls/tortls_ope...ClientHello includes `session_ticket Extension`.
But we disabled session tickets support server-side.
Ctor doesn't.
http://eweiibe6tdjsdprb4px6rqrzzcsi22m4koia44kc5pcjr7nec2rlxyad.onion/tpo/core/tor/-/blob/main/src/lib/tls/tortls_openssl.c#L589-603https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41256pre-crunch and pre-strip PNG in tor-service-android to make it reproducible2022-11-30T14:46:13Zeighthavepre-crunch and pre-strip PNG in tor-service-android to make it reproduciblePNG crunching is not a deterministic process, especially the way aapt does it. This makes the builds not reproducible. The easy solution to this is to pre-crunch the PNGs and commit them to git. This also uses exiftool to strip any me...PNG crunching is not a deterministic process, especially the way aapt does it. This makes the builds not reproducible. The easy solution to this is to pre-crunch the PNGs and commit them to git. This also uses exiftool to strip any metadata from the PNG. This then disables running the crunch as part of the gradle build process.
https://medium.com/@duhroach/smaller-pngs-and-android-s-aapt-tool-4ce38a24019d
I have submitted this upstream to Orbot:
https://github.com/guardianproject/orbot/pull/252
And it is here in my tor-android-service-fork:
https://gitlab.com/eighthave/tor-android-service/commits/png-pre-compress
Once it is merged, someone will need to do:
```
$ sudo apt install exiftool zopfli
$ cd /path/to/tor-android-service
$ ./tools/png-pre-compress
```
Then commit all the changed PNGs.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41196Two new-tab options shown on urlbar long-press2022-11-30T14:29:29ZMatthew FinkelTwo new-tab options shown on urlbar long-pressReported https://blog.torproject.org/comment/292074#comment-292074
Let's remove the `New Tab` option.Reported https://blog.torproject.org/comment/292074#comment-292074
Let's remove the `New Tab` option.