The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2023-11-14T16:59:05Zhttps://gitlab.torproject.org/tpo/core/tor/-/issues/40735[WARN] Tried connecting to router ... identity keys were not as expected2023-11-14T16:59:05Zcypherpunks[WARN] Tried connecting to router ... identity keys were not as expectedBackground: Tor Browser 12.0, Tor 4.7.12, Windows 7, vanilla bridges.
Repeatedly getting the following log line.
```
[WARN] Tried connecting to router at *address* ID=<none> RSA_ID=*FP1*, but RSA + ed25519 identity keys were not as exp...Background: Tor Browser 12.0, Tor 4.7.12, Windows 7, vanilla bridges.
Repeatedly getting the following log line.
```
[WARN] Tried connecting to router at *address* ID=<none> RSA_ID=*FP1*, but RSA + ed25519 identity keys were not as expected: wanted *FP1* + no ed25519 key but got *FP2* + *edFP*.
```
Ideas of what happened:
* MITM
* Bridge operator reinstalled it in-between me getting the bridge and now.
What is wrong:
* Bridge should be marked as unreachable: either it is not used already and connections are doomed to spend resources for nothing, or it should not be used as something is clearly wrong with it
* There should be a way to distinguish first idea from second - my best guess is building a tunneled directory connection to bridge authority and asking "Is there a bridge *FP2* and does it listen on *address*?"https://gitlab.torproject.org/tpo/tpa/team/-/issues/41012Issue with varnish on onionoo-frontends2022-12-20T19:09:13ZHiroIssue with varnish on onionoo-frontendsI have been receiving every few hours alerts from nagios about onionoo backend not updating the index. But I have checked and the service has been running every hour and updating the statuses (summary from the logs pasted below). I wonde...I have been receiving every few hours alerts from nagios about onionoo backend not updating the index. But I have checked and the service has been running every hour and updating the statuses (summary from the logs pasted below). I wonder if we are having some issues with Varnish caching the results?
The nagios check is triggered if at least one index has not been updated for a few hours. @gk has hourly snapshots from onionoo so we can check what has been served in the last few days.
I have checked our configs in puppet and I can't spot anything that would cause an issue. I have also been looking at requests on the frontends and it seems varnish is querying the backend correctly.
```
2022-12-17 00:07:15,827 INFO o.t.m.o.u.StatusUpdateRunner:51 UptimeStatusUpdater
1 hours of relay uptimes processed
1 hours of bridge uptimes processed
8,702 uptime status files updated
--
2022-12-17 01:06:52,137 INFO o.t.m.o.u.StatusUpdateRunner:51 UptimeStatusUpdater
1 hours of relay uptimes processed
1 hours of bridge uptimes processed
8,692 uptime status files updated
--
2022-12-17 02:07:26,965 INFO o.t.m.o.u.StatusUpdateRunner:51 UptimeStatusUpdater
1 hours of relay uptimes processed
1 hours of bridge uptimes processed
8,739 uptime status files updated
--
2022-12-17 03:06:36,807 INFO o.t.m.o.u.StatusUpdateRunner:51 UptimeStatusUpdater
1 hours of relay uptimes processed
0 hours of bridge uptimes processed
6,109 uptime status files updated
--
2022-12-17 04:08:06,285 INFO o.t.m.o.u.StatusUpdateRunner:51 UptimeStatusUpdater
2 hours of relay uptimes processed
2 hours of bridge uptimes processed
8,765 uptime status files updated
--
2022-12-17 05:07:02,203 INFO o.t.m.o.u.StatusUpdateRunner:51 UptimeStatusUpdater
1 hours of relay uptimes processed
1 hours of bridge uptimes processed
8,698 uptime status files updated
--
2022-12-17 06:06:34,321 INFO o.t.m.o.u.StatusUpdateRunner:51 UptimeStatusUpdater
1 hours of relay uptimes processed
1 hours of bridge uptimes processed
8,697 uptime status files updated
--
2022-12-17 07:06:29,204 INFO o.t.m.o.u.StatusUpdateRunner:51 UptimeStatusUpdater
1 hours of relay uptimes processed
1 hours of bridge uptimes processed
8,715 uptime status files updated
--
2022-12-17 08:07:45,006 INFO o.t.m.o.u.StatusUpdateRunner:51 UptimeStatusUpdater
1 hours of relay uptimes processed
1 hours of bridge uptimes processed
8,706 uptime status files updated
--
2022-12-17 09:06:27,389 INFO o.t.m.o.u.StatusUpdateRunner:51 UptimeStatusUpdater
1 hours of relay uptimes processed
0 hours of bridge uptimes processed
6,083 uptime status files updated
--
2022-12-17 10:06:39,656 INFO o.t.m.o.u.StatusUpdateRunner:51 UptimeStatusUpdater
1 hours of relay uptimes processed
2 hours of bridge uptimes processed
8,697 uptime status files updated
--
2022-12-17 11:07:11,588 INFO o.t.m.o.u.StatusUpdateRunner:51 UptimeStatusUpdater
1 hours of relay uptimes processed
1 hours of bridge uptimes processed
8,702 uptime status files updated
--
2022-12-17 12:07:09,905 INFO o.t.m.o.u.StatusUpdateRunner:51 UptimeStatusUpdater
1 hours of relay uptimes processed
1 hours of bridge uptimes processed
8,705 uptime status files updated
--
2022-12-17 13:06:34,323 INFO o.t.m.o.u.StatusUpdateRunner:51 UptimeStatusUpdater
1 hours of relay uptimes processed
1 hours of bridge uptimes processed
8,671 uptime status files updated
--
2022-12-17 14:06:47,110 INFO o.t.m.o.u.StatusUpdateRunner:51 UptimeStatusUpdater
1 hours of relay uptimes processed
1 hours of bridge uptimes processed
8,688 uptime status files updated
--
2022-12-17 15:07:03,315 INFO o.t.m.o.u.StatusUpdateRunner:51 UptimeStatusUpdater
1 hours of relay uptimes processed
0 hours of bridge uptimes processed
6,086 uptime status files updated
--
2022-12-17 16:06:42,723 INFO o.t.m.o.u.StatusUpdateRunner:51 UptimeStatusUpdater
1 hours of relay uptimes processed
2 hours of bridge uptimes processed
8,696 uptime status files updated
```anarcatanarcathttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41530Tor Browser 12.0 update duplicated top "~/.torbrowser" folder; caused icon issue2023-01-31T20:36:12ZjbluesTor Browser 12.0 update duplicated top "~/.torbrowser" folder; caused icon issueUsing Linux Mint 20.1 Cinnamon
Not sure if this was a bug or if anyone besides me saw the problem.
I've used same top level .torbrowser folder (in Home) for all TBB updates for couple years.
Never a problem updating in the existing .torb...Using Linux Mint 20.1 Cinnamon
Not sure if this was a bug or if anyone besides me saw the problem.
I've used same top level .torbrowser folder (in Home) for all TBB updates for couple years.
Never a problem updating in the existing .torbrowser folder & no problem with its panel icon.
After updating to 12.0, the panel icon for TBB was some Firefox - not the purple bullseye.
Always have used updates setting: "Check for updates but let you choose to install them."
TBB automatically notified of an update (12.0). I clicked the update button. It downloaded OK & prompted to restart("click here"). Started back up - showing a Firefox icon, not a purple bullseye.
Looked at **start-tor-browser.desktop** - for Icon it had:
`Icon=web-browser`
I didn't realize why that (apparently) changed. Quick / temp fix, just entered the correct path to TBB default icons. Worked until update 12.0.1 - again TBB showed a Firefox icon on the panel.
Realized the 12.0 update had added a duplicate ".torbrowser" folder. I did zero activity in any of TBB's folders before or after the 12.0 update caused the icon switch. Very unlikely I caused this problem.
It now showed **~/.torbrowser/_.torbrowser_/tor-browser_en-US/Browser**...
TBB still started & ran OK, but icon kept changing. After eliminating the 2nd ".torbrowser" folder, the panel icon is fine & the desktop file self corrected the Icon= path.https://gitlab.torproject.org/tpo/tpa/team/-/issues/41001Out of memory on colchicifolium2022-12-20T19:08:55ZHiroOut of memory on colchicifoliumI am getting "out of memory" errors on colchicifolium. It seems like collector is using all the memory (https://grafana1.torproject.org/d/Z7T7Cfemz/node-exporter-full?orgId=1&var-job=node&var-node=colchicifolium.torproject.org&var-port=9...I am getting "out of memory" errors on colchicifolium. It seems like collector is using all the memory (https://grafana1.torproject.org/d/Z7T7Cfemz/node-exporter-full?orgId=1&var-job=node&var-node=colchicifolium.torproject.org&var-port=9100).
Would it be possible to add more ram to this VM?Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/tpa/team/-/issues/40994Request for limited root access on gitlab-dev as per TPA-RFC072023-01-02T02:36:40Zmicahmicah@torproject.orgRequest for limited root access on gitlab-dev as per TPA-RFC07```
As detailed in [TPA-RFC-7](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/tpa-rfc-7-root), I am hereby requesting time-limited root access to the gitlab-dev server in order to test the patch work necessary for tpo/tpa/gitl...```
As detailed in [TPA-RFC-7](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/tpa-rfc-7-root), I am hereby requesting time-limited root access to the gitlab-dev server in order to test the patch work necessary for tpo/tpa/gitlab#23.
I currently have (sudo) git access to perform actions there, however I will need to do a few things as root in order to accomplish this quest:
. disable puppet on the system so it wont enforce a state that I would modify as detailed below (requires root)
. configure gitlab email sending to test the patch (requires editing /etc/gitlab/gitlab.rb as root)
. disable email sending on the server to keep the server from sending confusing and incorrect notifications to users (requires root)
. be able to process the unsent mail in order to determine if the patch has properly worked (requires root)
. remove any queued mails that would be sent out by gitlab that should not be sent (requires root)
All of the above I could coordinate with TPA folks and ask them to do them when I get to those stages, but due to the limited time windows I have to do the work, having this access (temporarily) would facilitate a much speedier result.
-----BEGIN PGP MESSAGE-----
owFtVE2o3FQUTmtFDNS6kAdikfN4CDMyydh5v3bVeT+Fh1KK6Kr+cJOcTG4nuSe9
9+aFgAVX/nTVhS5cuBMEV/pAwYV00YWgiG7cVFy4EEXQre2qnpvMvE6tAwMhnHO+
n/OdXD/5kOcvBQP85dCe/+3Yd39GXnz9swtjAwlaIXNMQCq49PLFcfDS+Z1g87Ve
Zm1pzg6HE2lzEYWWdKnpMsY2JD0Z2pL4L4YWRTEMhrWcSjMsKZdx494HOo2DzUAT
2f4A9kEUkKHGqAGNVyo0VqoJWFlgkMtCWkZ3pSDiGI0BS2AzhA45SPAADOoD1I4i
6YQfXAVPactKYeMMatJTUOj6hW4gJS6acezmrIxWQ/D9fYgrrVHZvIFMHCD0TJVQ
34EtwJeoeULBb6wkZRyOxgFkVKPjsQ+1zHOGY+JcnRAISLHmMtZlQJhOziJdnk1F
mUuTuSoDrQtnfT+ERBoR5ayjKku0QKpVZRpjsQBDwMRqUhZQMaUYGcpYYZGrhHVM
qMoTKCiRaeOQj/YZYU419JzhUmNHqc94MalUTio9Nxiw4Aa2WCXtVh6w9t4ITGS7
uSHaeGbrPB86msvuL2i6f/RcWrdMBpoilouvUk3FUbXjWRn3JJRLZ0y8t9iCIitT
GYvZZggq7jb/IzRirxwJt09N3WoZq1KMYKFltrghNg51IRWCTBfUZyyL2zkRnBiX
Mrb2QSyNBXGYhGrcZiuucfNNt6RuRZGTycBUWeBDmJnfFpisrWBlR1X/hfDHHDjq
iInIYXGS266YWIJULhK1tBnwDXP886lpfRNm6nqKWU7bxzpD9RH3Tzhu7a2RQReq
CZoBREwvqXB+hPP7dMfK81VCteHW9nSORra+DNzLNkEu37Nb6nGIS9JCy7zpz4xI
RSxz2WZYQFGxx6bkS5K8BtZb5Tb03/3phLfke1eXlk9cu3zt5vLfr3554fiTX8y/
Xw8f54/XxTeeeMvjX+j1pDEV6iAt9Tn2sEtGyCtT5aQMU5naLCNtOIwqVGi3xhvj
rfHO6ujM3t76zvbG2t5zozPPb6+Pdkc7G+u7u9ujzbW1jb11z3/08TnicnHM+7H5
5IUPN39/+4OlWy8mf/y89a344dMbTz9y2//rmYOVlf2vvLtv/tM71z/1/uvfvHfp
xlN3qmc/vrl66pXDdz4//PXW6enX3z/2Lw==
=eyB2
-----END PGP MESSAGE-----
```https://gitlab.torproject.org/tpo/web/tpo/-/issues/352Add release page for Tor Browser 12.0 under /releases2022-12-07T15:31:21ZdonutsAdd release page for Tor Browser 12.0 under /releasesdonutsdonutshttps://gitlab.torproject.org/tpo/network-health/team/-/issues/276Write a small UI in Python for displaying and sorting relay annotations2023-06-14T16:53:07ZGeorg KoppenWrite a small UI in Python for displaying and sorting relay annotationsWe could think about re-using parts of the [`python-website`](https://gitlab.torproject.org/tpo/network-health/metrics/python-website) project maybe.We could think about re-using parts of the [`python-website`](https://gitlab.torproject.org/tpo/network-health/metrics/python-website) project maybe.https://gitlab.torproject.org/tpo/ux/design/-/issues/46Design a temporary application icon for the VPN pre-alpha2023-06-28T14:25:58ZdonutsDesign a temporary application icon for the VPN pre-alphaI think something based on the onion rings (i.e. keeping it generic would be good enough for now. Maybe with a sparkle?
- Resources: [Guidelines](https://developer.android.com/develop/ui/views/launch/icon_design_adaptive) | [Templates](...I think something based on the onion rings (i.e. keeping it generic would be good enough for now. Maybe with a sparkle?
- Resources: [Guidelines](https://developer.android.com/develop/ui/views/launch/icon_design_adaptive) | [Templates](https://www.figma.com/file/sjNWeIOpb0BckjmxApXd5m/VPN-pre-alpha?node-id=939%3A2070&t=xXPiif40TbrHiSJg-1) (in Figma)Sponsor 101 - Tor VPN Client for Androidnicobnicobhttps://gitlab.torproject.org/tpo/tpa/team/-/issues/40978Set up a domain front on fastly for conjure2023-01-04T20:59:21ZCecylia BocovichSet up a domain front on fastly for conjureWe're deploying a new Conjure PT that has a registration step similar to snowflake. I've reached out to the maintainers of the registration server to ask if we can have our users use their domain front, but they are sometimes slow to res...We're deploying a new Conjure PT that has a registration step similar to snowflake. I've reached out to the maintainers of the registration server to ask if we can have our users use their domain front, but they are sometimes slow to respond. In the meantime can we set up our own (if we have the budget for it)?
The front should point to https://registration.refraction.network
cc @gaba @armaanarcatanarcathttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40700provide the list of architectures as a json2023-08-28T16:17:12Zmeskiomeskio@torproject.orgprovide the list of architectures as a jsonNow that the downloads.json is splited by architecture (#40254) it will be really useful for the consumers (like gettor) of those files to be able to retrieve the full list of architectures.Now that the downloads.json is splited by architecture (#40254) it will be really useful for the consumers (like gettor) of those files to be able to retrieve the full list of architectures.meskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41468backport 1600437 : Disable CBC-mode ECDSA ciphers and stop advertising ECDSA+...2023-11-20T16:45:31ZThorinbackport 1600437 : Disable CBC-mode ECDSA ciphers and stop advertising ECDSA+SHA1following on from #40183
- FF109+ [1600437](https://bugzilla.mozilla.org/show_bug.cgi?id=1600437)
- [patch](https://hg.mozilla.org/mozilla-central/rev/d0ac295c1b62)
IDK if this makes any difference really, but it's more than just pref f...following on from #40183
- FF109+ [1600437](https://bugzilla.mozilla.org/show_bug.cgi?id=1600437)
- [patch](https://hg.mozilla.org/mozilla-central/rev/d0ac295c1b62)
IDK if this makes any difference really, but it's more than just pref flips. And we could drop the two prefs added in https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests/433
these two
```js
pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false, locked);
pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false, locked);
```Pier Angelo VendramePier Angelo Vendramehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41452WebExtension "Content Script"2023-01-05T15:17:01ZP9LmZu22jmVbWebExtension "Content Script"Recently TorBrowser disallows running "content scripts" from the WebExtension API. I understand that content scripts can read user data and therefore are generally excluded in TorBrowser. But is there any way to disable this protection? ...Recently TorBrowser disallows running "content scripts" from the WebExtension API. I understand that content scripts can read user data and therefore are generally excluded in TorBrowser. But is there any way to disable this protection? In about:config I didn't find a solution unfortunately.
Version 11.5.7https://gitlab.torproject.org/tpo/tpa/team/-/issues/40958disk failure in chi-san-012022-11-21T15:15:48Zanarcatdisk failure in chi-san-01```
Date: Thu, 20 Oct 2022 01:07:33 +0000
From: nagios@hetzner-hel1-01.torproject.org
To: anarcat+rapports@orangeseeds.org
Subject: ** PROBLEM Service Alert: chi-san-01/SAN health status is CRITICAL **
***** Icinga *****
Notification T...```
Date: Thu, 20 Oct 2022 01:07:33 +0000
From: nagios@hetzner-hel1-01.torproject.org
To: anarcat+rapports@orangeseeds.org
Subject: ** PROBLEM Service Alert: chi-san-01/SAN health status is CRITICAL **
***** Icinga *****
Notification Type: PROBLEM
Service: SAN health status
Host: chi-san-01
Address: chi-san-01
State: CRITICAL
Date/Time: Thu Oct 20 01:07:33 UTC 2022
Additional Info:
ERROR - Storage array health status = fixing. (SMcli return code 0) (The following failures have been found:Degraded Virtual Disk...)
```anarcatanarcathttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41423about:tor semantic and accessibility problems2023-10-03T13:29:51Zhenryabout:tor semantic and accessibility problemsSome issues with the about:tor page:
1. I'm not sure "About Tor" is the best document title. Wouldn't it be "About Tor Browser", or "Tor Browser Ready" or "Tor Browser Home"?
2. The "New to Tor Browser" button (`#onboarding-overlay-butt...Some issues with the about:tor page:
1. I'm not sure "About Tor" is the best document title. Wouldn't it be "About Tor Browser", or "Tor Browser Ready" or "Tor Browser Home"?
2. The "New to Tor Browser" button (`#onboarding-overlay-button`) has an almost invisible "focus-visible" styling. And the color contrast is poor.
3. The search input (`#search-text`) has no "focus-visible" styling.
4. The search button (`#search-button`) has "focus-visible" outline that isn't consistent with the rest of the page: it has thin dotted outline, whilst the links have a thick blue outline.
5. The search label (`#searchlabel`) has no text content (it is just a background image) so does not work as a label for the search input.
6. All the `<img>` elements (`#onboarding-overlay-button-icon`, `#torcontent-logo`, `#bannerImg`, and `#imageStyle`) do not have an `alt=""` attribute.
7. A lot of the link text ends in the "»" symbol. I'm not sure why we do this, but it does not read well on a screen reader. So it should be removed or visual only.
8. I feel like the `.heading1` text is meant to act as the page's heading, so should be a `<h1>`.
9. The page uses lots of `<div>`s instead of elements with more structural semantics.Sponsor 131 - Phase 2 - Privacy Browserhenryhenryhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41416Update notification for alpha channel takes user to non-alpha upgrade page2023-01-31T20:30:44ZTornUpdate notification for alpha channel takes user to non-alpha upgrade pageIt seems like if a user is on the alpha channel, the upgrade page link, contained in the top right hand pop up window, that appears upon auto-update failure, should be for the alpha upgrade page.
(This has come up due to auto-update fai...It seems like if a user is on the alpha channel, the upgrade page link, contained in the top right hand pop up window, that appears upon auto-update failure, should be for the alpha upgrade page.
(This has come up due to auto-update failing on many occasions on different versions, requiring manual replace instead. Have wondered whether this could be due to location of app in slightly non-standard path, or some permissions setting in the Application Support folder, but otherwise don't know why it never works any more.)https://gitlab.torproject.org/tpo/tpa/team/-/issues/40951review and retire old lists2023-06-28T14:38:24Zanarcatreview and retire old listswhile removing the tor-teachers list (#40947) i wondered how many active lists we actually did have left. so i took a look...
we have 65 lists:
```
root@eugeni:/var/lib/mailman# sudo -u list ./bin/list_lists | head -1
65 matching maili...while removing the tor-teachers list (#40947) i wondered how many active lists we actually did have left. so i took a look...
we have 65 lists:
```
root@eugeni:/var/lib/mailman# sudo -u list ./bin/list_lists | head -1
65 matching mailing lists found:
```
out of those, only 54 have archives, so those are the only ones we can guess at how active they are:
```
root@eugeni:/var/lib/mailman# ls -lt $(for list in $(ls lists) ; do echo archives/private/$list.mbox/$list.mbox; done) 2>/dev/null | wc -l
54
```
out of that, only 35 lists have public archives:
```
root@eugeni:/var/lib/mailman# ls -lt $(for list in $(ls lists) ; do echo archives/public/$list/index.html; done) 2>/dev/null | wc -l
35
```
and those are the lists that haven't been posted to since january 2022:
```
root@eugeni:/var/lib/mailman# ls -lt $(for list in $(ls lists) ; do echo archives/public/$list/index.html; done) 2>/dev/null | sed '0,/2022 archives/d'
-rw-rw-r-- 1 www-data list 4518 Jan 19 2022 archives/public/tor-relays-fr/index.html
-rw-rw-r-- 1 root list 9238 Oct 17 2021 archives/public/tor-relays-universities/index.html
-rw-rw-r-- 1 root list 33055 Aug 14 2021 archives/public/tbb-bugs/index.html
-rw-rw-r-- 1 root list 26537 May 28 2021 archives/public/ooni-dev/index.html
-rw-rw-r-- 1 root list 4912 Feb 23 2021 archives/public/ooni-operators/index.html
-rw-rw-r-- 1 root list 3654 Jan 6 2021 archives/public/tor-access/index.html
-rw-rw-r-- 1 root list 1105 Nov 9 2020 archives/public/ooni-bugs/index.html
-rw-rw-r-- 1 root list 6175 Jun 2 2020 archives/public/tor-scaling/index.html
-rw-rw-r-- 1 root list 4095 Sep 24 2019 archives/public/tor-users/index.html
-rw-rw-r-- 1 root list 37721 Sep 17 2018 archives/public/tor-wiki-changes/index.html
-rw-rw-r-- 1 root list 2383 Sep 4 2018 archives/public/regional-nyc/index.html
-rw-rw-r-- 1 root list 17248 Aug 21 2015 archives/public/tor-censorship-events/index.html
```
... it's kind of an arbitrary metric... i wanted to look at "this year", but this was an easier sed pattern.
it's twelve lists. from there, it looksl ike the following lists are prime candidates for removal:
* [x] tbb-bugs: @richard, is that still in use?
* [ ] ooni-dev: do the oon folks still use this?
* [ ] ooni-operators: same
* [ ] ooni-bugs: that one surely isn't relevant anymore
* [ ] tor-users: is that still a thing? no post since 2019!?
* [x] tor-wiki-changes: i bet this is empty since we moved to gitlab
* [ ] regional-nyc: hey what's up NYC?
* [ ] tor-censorship-events: ooni does this now?
i'm not sure what to do about those:
* [ ] tor-relays-fr
* [ ] tor-relays-universities
* [ ] tor-access
* [x] tor-scalinganarcatanarcathttps://gitlab.torproject.org/tpo/web/donate-static/-/issues/96Duplicated phrase on main page2022-12-12T22:11:48ZemmapeelDuplicated phrase on main pageOn the main page the phrase `We're experiencing issues with certain browsers donating by credit card. Please see the FAQ for help.` Appears twice.
Screenshot:
![duplicated-phrase](/uploads/0958688829e9f6db4120cde791acad8a/duplicated-ph...On the main page the phrase `We're experiencing issues with certain browsers donating by credit card. Please see the FAQ for help.` Appears twice.
Screenshot:
![duplicated-phrase](/uploads/0958688829e9f6db4120cde791acad8a/duplicated-phrase.png)https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41367TB-Alpha freezes after prolonged open - Gtk-WARNING **: Could not load a pixbuf2022-10-22T23:18:15ZshanzhanzTB-Alpha freezes after prolonged open - Gtk-WARNING **: Could not load a pixbuf<!--
* Use this issue template for reporting a new bug.
-->
### Summary
TB-Alpha version 12.0a3 freeze/extreme slowness after long opening (couple of hours)
Logs doesnt show exact issue but might be useful
### Steps to reproduce:
1. O...<!--
* Use this issue template for reporting a new bug.
-->
### Summary
TB-Alpha version 12.0a3 freeze/extreme slowness after long opening (couple of hours)
Logs doesnt show exact issue but might be useful
### Steps to reproduce:
1. Open TB-Alpha for couple of hours
2. Extreme slowness to the level it looks like freezed.
### What is the current bug behavior?
TB-Alpha freeze if kept open
### What is the expected behavior?
Shouldn't freeze
### Environment
Debian GNU/Linux 11
**Which installation method did you use?
Downloaded from TPO-Website
### Relevant logs and/or screenshots
```
Fontconfig warning: "/home/user/.tb/tor-browser/Browser/TorBrowser/Data/fontconfig/fonts.conf", line 118: unknown element "blank"
Crash Annotation GraphicsCriticalError: |[0][GFX1-]: No GPUs detected via PCI (t=0.488177) [GFX1-]: No GPUs detected via PCI
Crash Annotation GraphicsCriticalError: |[0][GFX1-]: No GPUs detected via PCI (t=0.488177) |[1][GFX1-]: glxtest: process failed (received signal 11) (t=0.488696) [GFX1-]: glxtest: process failed (received signal 11)
Missing chrome or resource URL: resource://gre/modules/L10nRegistry.jsm
Missing chrome or resource URL: resource://gre/modules/L10nRegistry.sys.mjs
(Tor Browser:23320): Gtk-WARNING **: 16:00:30.109: Could not load a pixbuf from /org/gtk/libgtk/theme/Adwaita/assets/check-symbolic.svg.
This may indicate that pixbuf loaders or the mime database could not be found.
```
### Might be useful related bugs from FF
* https://bugzilla.mozilla.org/show_bug.cgi?id=1634590
* https://access.redhat.com/solutions/5210221 (I have [libgdk-pixbuf2.0-0](https://packages.debian.org/bullseye/libgdk-pixbuf2.0-0) installed but didnt solve the issue)https://gitlab.torproject.org/tpo/core/tor/-/issues/40686SocksPort WorldWritable sets file mode to 755 instead of 6662022-12-14T15:47:28ZJeremy Sakladjeremy@saklad5.comSocksPort WorldWritable sets file mode to 755 instead of 666### Summary
Unix domain sockets that are configured to be WorldWritable have incorrect permissions. Such sockets are unusable as a result, since write access is needed for clients to work.
### Steps to reproduce:
1. Use a configuratio...### Summary
Unix domain sockets that are configured to be WorldWritable have incorrect permissions. Such sockets are unusable as a result, since write access is needed for clients to work.
### Steps to reproduce:
1. Use a configuration file with the following options, where `/usr/local/var/run/tor` is a directory with appropriate permissions:
```
SocksPort unix:/usr/local/var/run/tor/socks-group GroupWritable RelaxDirCheck
SocksPort unix:/usr/local/var/run/tor/socks-world WorldWritable
```
2. Run the following command to view their permissions:
```sh
stat /usr/local/var/run/tor/socks-group /usr/local/var/run/tor/socks-world
```
Note that listening on two sockets is **not** necessary to reproduce this bug: it merely makes it easier to see the difference.
### What is the current bug behavior?
Sockets with WorldWritable have the wrong permissions, in contrast to the correctly-implemented GroupWritable:
```
srw-rw---- /usr/local/var/run/tor/socks-group
srwxr-xr-x /usr/local/var/run/tor/socks-world
```
### What is the expected behavior?
```
srw-rw---- /usr/local/var/run/tor/socks-group
srw-rw-rw- /usr/local/var/run/tor/socks-world
```
### Environment
- Which version of Tor are you using? Run `tor --version` to get the version if you are unsure.
0.4.7.10
- Which operating system are you using? For example: Debian GNU/Linux 10.1, Windows 10, Ubuntu Xenial, FreeBSD 12.2, etc.
macOS 12.6
- Which installation method did you use? Distribution package (apt, pkg, homebrew), from source tarball, from Git, etc.
Homebrew
### Relevant logs and/or screenshots
N/A: even `Log debug` doesn't say anything beyond noting that a socket is successfully opened.
### Possible fixes
Investigate whether [this conditional statement](https://gitlab.torproject.org/tpo/core/tor/-/blob/28413e75605cc2d05a2a3e4c766bfbe0a47d848d/src/core/mainloop/connection.c#L1358-1362) is somehow causing an issue.Tor: 0.4.8.x-freezehttps://gitlab.torproject.org/tpo/tpa/team/-/issues/40916gitlab sending its mails from surprising host "gitlab-02" sometimes2022-10-11T18:51:03ZRoger Dingledinegitlab sending its mails from surprising host "gitlab-02" sometimesHere is one of my remaining mysteries for the weekend: on Thursday night when I changed ldap to fwd my arma@tpo mail to mit.edu rather than seul.org, I started getting my gitlab mails From <git@gitlab-02.torproject.org>. Tonight when I c...Here is one of my remaining mysteries for the weekend: on Thursday night when I changed ldap to fwd my arma@tpo mail to mit.edu rather than seul.org, I started getting my gitlab mails From <git@gitlab-02.torproject.org>. Tonight when I changed it back to not go through mit, they resumed being From <git@gitlab.torproject.org>.
Is there some exception we have in place for some destinations? Do we send from either and our June instructions (https://lists.torproject.org/pipermail/tor-project/2022-June/003421.html) have become no longer accurate?
Not a big deal since I can batch-tag and batch-move them in mutt, but in case your response is "wait wtf", now you know. :)
Oh, I should also say that my spamassassin assigns the "HEADER_FROM_DIFFERENT_DOMAINS" tag to the gitlab-02 mails, which makes them more spammy in its eyes.
I can send full email headers for each type if you want them.anarcatanarcat