The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2024-03-12T19:23:34Zhttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41555failed disk on fsn-node-022024-03-12T19:23:34ZJérôme Charaouilavamind@torproject.orgfailed disk on fsn-node-02One of the 10GB HDDs on fsn-node-02 has failed over the weekend. The raid-1 volume below `vg_ganeti_hdd` is thus degraded but otherwise healthy.One of the 10GB HDDs on fsn-node-02 has failed over the weekend. The raid-1 volume below `vg_ganeti_hdd` is thus degraded but otherwise healthy.Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/59Have Lox protocol functions return more descriptive errors2024-03-12T20:16:29ZCecylia BocovichHave Lox protocol functions return more descriptive errorsAt the moment, when a client is preparing a request to the Lox authority for one of the protocol functions, the only return type is a `ProofError::VerificationError`, which could indicate any number of potential reasons for failure, incl...At the moment, when a client is preparing a request to the Lox authority for one of the protocol functions, the only return type is a `ProofError::VerificationError`, which could indicate any number of potential reasons for failure, including:
- temporary and relatively common failure of not meeting the time threshold for unlocking the use of the protocol (e.g., `level_up`).
- a failure indicating misuse of the library (e.g., if the Lox and reachability credentials do not match)
- data corruption issues such as missing or invalid fields of the Lox credential
We're making assumptions in Tor Browser that the verification error is caused by the first case. While it still makes sense to return a `ProofError` for some of the functions in `lox-library::proto`, the `request` functions in particular should return a different more variable error type.Lox Ready for Open Testing CallCecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41103Tor Browser 13.0.11 doesn't start on macOS in some cases2024-03-12T19:07:13ZPier Angelo VendrameTor Browser 13.0.11 doesn't start on macOS in some casesReported by some users and by @nina in #41020.
It seems Tor Browser installs as expected, but then it can't be launched.
She tested on a 14.3.1 (Sonoma) M1 Mac.
I tested on 10.15 x86, and it worked.Reported by some users and by @nina in #41020.
It seems Tor Browser installs as expected, but then it can't be launched.
She tested on a 14.3.1 (Sonoma) M1 Mac.
I tested on 10.15 x86, and it worked.https://gitlab.torproject.org/tpo/onion-services/onionspray-log-parser/-/issues/9Rename to onionspray-log-parser2024-03-14T13:46:07ZSilvio RhattoRename to onionspray-log-parser# Tasks
* [x] Rename project to `onionspray-log-parser`.
* [x] Rename the Python package.
* [x] Update documentation.
# Time estimation
* Complexity: negligible (0.1 day)
* Uncertainty: low (x1.1)
* [Reference](https://jacobian.org/20...# Tasks
* [x] Rename project to `onionspray-log-parser`.
* [x] Rename the Python package.
* [x] Update documentation.
# Time estimation
* Complexity: negligible (0.1 day)
* Uncertainty: low (x1.1)
* [Reference](https://jacobian.org/2021/may/25/my-estimation-technique/) (adapted)Silvio RhattoSilvio Rhatto2024-03-14https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42445Decide what to do with torrc2024-03-11T16:40:06ZPier Angelo VendrameDecide what to do with torrcI've been told that during the tor-launcher days, `torrc` was the actual backend for settings.
We've used the preferences for a long time now, and we don't really need to keep `torrc` updated.
Should we just stop using it? Are users sec...I've been told that during the tor-launcher days, `torrc` was the actual backend for settings.
We've used the preferences for a long time now, and we don't really need to keep `torrc` updated.
Should we just stop using it? Are users secretly customizing their settings in this way?
If we do it, we can also dump the `flushSettings` command.
We have an issue also for `torrc-defaults` (#42357).
/cc @richardhttps://gitlab.torproject.org/tpo/web/blog/-/issues/40070write a blog post about the static mirror system2024-03-14T15:12:02Zanarcatwrite a blog post about the static mirror systemI found [this post](https://alexcabal.com/posts/standard-ebooks-and-classic-web-tech) to be pretty interesting. I wish I could write about some fancy new high-tech system we've built in TPA that's the cutting edge of technology, but the ...I found [this post](https://alexcabal.com/posts/standard-ebooks-and-classic-web-tech) to be pretty interesting. I wish I could write about some fancy new high-tech system we've built in TPA that's the cutting edge of technology, but the reality is that we're a hodgepodge collection of legacy systems we're keeping alive by a wise combination of "if it ain't broken don't fix it" and "okay, this is too horrible, let's fix that tiny piece", migrating one system at a time toward modernity.
The static mirror system is an excellent example of this. When I arrived, it was mostly built from shell servers and... Jenkins, which was hard to use and generally disliked. We migrated to GitLab and built a shim to avoid having to replace the entire system. That handful of servers is pumping out gigabits per second, it's easy to deploy and scale out (although *that* could be made easier).
This is mostly summarizing and glorifying the docs I've already written in the [service docs](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/static-component/).
This would be, therefore, an interesting blog post on its own, but I think it could also serve as great advertisement for the job posting (tpo/tpa/team#41542).anarcatanarcathttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41553write a blog post about the static mirror system2024-03-11T17:06:03Zanarcatwrite a blog post about the static mirror systemI found [this post](https://alexcabal.com/posts/standard-ebooks-and-classic-web-tech) to be pretty interesting. I wish I could write about some fancy new high-tech system we've built in TPA that's the cutting edge of technology, but the ...I found [this post](https://alexcabal.com/posts/standard-ebooks-and-classic-web-tech) to be pretty interesting. I wish I could write about some fancy new high-tech system we've built in TPA that's the cutting edge of technology, but the reality is that we're a hodgepodge collection of legacy systems we're keeping alive by a wise combination of "if it ain't broken don't fix it" and "okay, this is too horrible, let's fix that tiny piece", migrating one system at a time toward modernity.
The static mirror system is an excellent example of this. When I arrived, it was mostly built from shell servers and... Jenkins, which was hard to use and generally disliked. We migrated to GitLab and built a shim to avoid having to replace the entire system. That handful of servers is pumping out gigabits per second, it's easy to deploy and scale out (although *that* could be made easier).
This is mostly summarizing and glorifying the docs I've already written in the [service docs](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/static-component/).
This would be, therefore, an interesting blog post on its own, but I think it could also serve as great advertisement for the job posting (tpo/tpa/team#41542).anarcatanarcathttps://gitlab.torproject.org/tpo/core/tor/-/issues/40922High INTRO1 failure rate with TestingTorNetwork2024-03-14T17:41:55ZJim NewsomeHigh INTRO1 failure rate with TestingTorNetworkIn shadow simulations with TestingTorNetwork set, hidden service clients get a lot of errors like:
```
Jan 01 00:06:02.017 [info] handle_introduce_ack_bad(): Received INTRODUCE_ACK nack by $8A269A69067A353059B3C24C0316A3DCA8B3CE19~ [VJt...In shadow simulations with TestingTorNetwork set, hidden service clients get a lot of errors like:
```
Jan 01 00:06:02.017 [info] handle_introduce_ack_bad(): Received INTRODUCE_ACK nack by $8A269A69067A353059B3C24C0316A3DCA8B3CE19~ [VJtO38jK4XYxnRFX7LOhHTf+kJaGynhhbeeJ21rk30A] at 202.61.225.95. Reason: 1
```
In the intro point logs, we can see the corresponding log entries such as:
```
5294:Jan 01 00:05:21.858 [info] handle_introduce1(): No intro circuit found for INTRODUCE1 cell with auth key df0+MAxHZZTPzG4LFC+Pdu1r3mPSRMl6d5GGttl1wmQ from circuit 1033772687. Responding with NACK.
```
It looks like one of the effects of TestingTorNetwork is to set the min and max intro point lifetime to 10s and 30s. Removing those overrides seems to make the problem go away. https://gitlab.torproject.org/tpo/core/tor/-/blob/main/src/feature/hs/hs_service.c?ref_type=heads#L431
So, one solution is to remove those overrides permanently (or increase them, or make them separate Testing* config params).
It might be worth checking though whether the client behavior ought to be improved; @arma thinks these aggressive parameters combined with a relatively small network might be causing a particularly bad situation for the client's failure cache. Might be worth understanding what's going on there and improving it, even if the issue is less likely in production and with less aggressive intro point rollover.Jim NewsomeJim Newsomehttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40345migrate docker image to this repo2024-03-23T19:38:24Zmeskiomeskio@torproject.orgmigrate docker image to this repoWe used to develop the docker image in a separated repo: https://gitlab.torproject.org/tpo/anti-censorship/docker-snowflake-proxy/
But now we have a CI building the docker image in this repo: !246
Let's deprecate the original docker re...We used to develop the docker image in a separated repo: https://gitlab.torproject.org/tpo/anti-censorship/docker-snowflake-proxy/
But now we have a CI building the docker image in this repo: !246
Let's deprecate the original docker repo and move everything here. Things that might be missing:
* [ ] move docker-compose.yml to this repo or somewhere
* [ ] update the community documentation to use our repo
* [ ] integrate publishing the docker image in the release process
* [ ] are we cross building in the CI?
* [ ] how are we going to push to dockerhub the image?
* [ ] archive docker-snowflake-proxy reposhelikhooshelikhoohttps://gitlab.torproject.org/tpo/network-health/metrics/tor_fusion/-/issues/4tor_fusion doesn't parse tgen streams2024-03-11T15:55:43ZHirotor_fusion doesn't parse tgen streamsIt seems the tgen streams parser is busted.It seems the tgen streams parser is busted.HiroHirohttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42443Shrink the window to match letterboxing size when the emtpy area is doble-cli...2024-03-13T19:49:49Zma1Shrink the window to match letterboxing size when the emtpy area is doble-clickedNow that users can reuse last window size (#41918) and the option is exposed in the UI (#41916), ending with a "permanently letterboxed" window becomes easier, as noted by @thorin.
Hence I propose an easy and intuitive way for resizing ...Now that users can reuse last window size (#41918) and the option is exposed in the UI (#41916), ending with a "permanently letterboxed" window becomes easier, as noted by @thorin.
Hence I propose an easy and intuitive way for resizing the window down to letterboxing size (hence removing the margin), by just clicking the empty letterboxing around the content.
This feature can be signaled by showing a `zoom-out` cursor when hovering that area (screenshot below).
![image](/uploads/042bbb6c0fcb2d07de158af9b6b59693/image.png)ma1ma1https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42442Remove unused setting strings2024-03-13T16:45:02ZhenryRemove unused setting stringsNow that we have the CI from https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42305 in place, we can just remove the old settings strings unused since https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues...Now that we have the CI from https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42305 in place, we can just remove the old settings strings unused since https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42036 from our daily branch, and they should be kept around as long as they are needed in the stable build.henryhenryhttps://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/195moat is not distributing bridges2024-03-12T11:32:55Zmeskiomeskio@torproject.orgmoat is not distributing bridgesToday moat is not distributing bridges:
```
❯ curl https://bridges.torproject.org/moat/circumvention/defaults |jq
{
"settings": [
{
"bridges": {
"type": "obfs4",
"source": "builtin",
"bridge_strings": ...Today moat is not distributing bridges:
```
❯ curl https://bridges.torproject.org/moat/circumvention/defaults |jq
{
"settings": [
{
"bridges": {
"type": "obfs4",
"source": "builtin",
"bridge_strings": [
...
]
}
},
{
"bridges": {
"type": "obfs4",
"source": "bridgedb"
}
},
{
"bridges": {
"type": "snowflake",
"source": "builtin",
"bridge_strings": [
"snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https://1098762253.rsc.cdn77.org/ fronts=www.cdn77.com,www.phpmyadmin.net ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn",
"snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA url=https://1098762253.rsc.cdn77.org/ fronts=www.cdn77.com,www.phpmyadmin.net ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.net:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn"
]
}
}
]
}
```meskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/docker-obfs4-bridge/-/issues/18armv7 has a deprecated version of tor2024-03-21T07:13:30Zmeskiomeskio@torproject.orgarmv7 has a deprecated version of torWe download tor from deb.tpo, which has the following archs: amd64, i386, arm64. But we build the docker image for all those architectures plus armv7 (armhf in debian names).
When we build the armv7 image as there is not tor package in ...We download tor from deb.tpo, which has the following archs: amd64, i386, arm64. But we build the docker image for all those architectures plus armv7 (armhf in debian names).
When we build the armv7 image as there is not tor package in deb.tpo the one from debian bookworm is being choosen, which is deprecated.meskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42441Evaluate RR version-by-RR version rebases instead of ESR-to-ESR2024-03-27T11:06:13ZPier Angelo VendrameEvaluate RR version-by-RR version rebases instead of ESR-to-ESRTraditionally, we're switching from a Firefox ESR version to the next one.
I've done this work twice now, and I can see some of the problems it involves.
First, at a certain point we have to focus this change and we're in a sort of lim...Traditionally, we're switching from a Firefox ESR version to the next one.
I've done this work twice now, and I can see some of the problems it involves.
First, at a certain point we have to focus this change and we're in a sort of limbo with patches developed for the previous ESR while we're already rebasing, and the rebaser has to catch a lot.
Second, the rebase is a lot of work, but reviewing it is also a big one.
Third, we have a lots of conflicts.
In 13 Firefox versions, it's very likely that a commit is going to cause conflicts.
Because the long time it takes to do this work, last year I decided to start when 115 started nightly.
It gave us 2 additional months, which was great, considering it raised our budget from 3 months to 5 months.
I thought if I could do better, and I came up with the idea of traversing RR version by RR version, and I've started to do so.
My impression is that differences are much smaller, therefore easier to explain.
Also, it's a work we can spread during the year, and we can be ready to move to the build/Android parts sooner (even though also for Android we could do something similar), or in any case give some of the 5 months time to all members of the team.
I can see some disadvantages (and limits) also with this approach:
- it's possible that with 13 rebases instead of just a few ones we lose more parts of the patches
- possibly more (easy) conflicts to solve, so they might require more time at the end, than solving only one big conflict (but I'm not sure, I don't have metrics)
- I've gone with a quick approach: I haven't solved non-trivial problems that involve fixing a patch, and I haven't tried to build/run
- more load on the team (more reviews to do, if we end up not taking the quick way we might have to work on build problems every month)
- as an alternative, the reviews could be done with a lower frequency, or even when we arrive to our final target (it will be a huge review on one shot, but at least it will be possible to find when something has changed more easily, by going through my notes)
- I started from 115.x and go back to 115.0 to then go through the mozilla/release branch. I had a few conflicts because of the various backports. Starting this work as soon as possible would help with this.Pier Angelo VendramePier Angelo Vendramehttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41552Grant cohosh developer access to the blog project2024-03-07T02:44:43ZanarcatGrant cohosh developer access to the blog projectFollowing the [instructions on the blog wiki page](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/blog#1-navigate-to-the-gitlab-blog-project-at-httpsgitlabtorprojectorgtpowebblog) led me here :) Do you need me to sign this re...Following the [instructions on the blog wiki page](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/blog#1-navigate-to-the-gitlab-blog-project-at-httpsgitlabtorprojectorgtpowebblog) led me here :) Do you need me to sign this request?anarcatanarcathttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41551Grant cohosh developer access to the blog project2024-03-07T02:44:24ZCecylia BocovichGrant cohosh developer access to the blog projectFollowing the [instructions on the blog wiki page](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/blog#1-navigate-to-the-gitlab-blog-project-at-httpsgitlabtorprojectorgtpowebblog) led me here :) Do you need me to sign this re...Following the [instructions on the blog wiki page](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/blog#1-navigate-to-the-gitlab-blog-project-at-httpsgitlabtorprojectorgtpowebblog) led me here :) Do you need me to sign this request?anarcatanarcathttps://gitlab.torproject.org/tpo/web/manual/-/issues/157Add entry about letterboxing (about:manual#letterboxing)2024-03-12T20:36:03Zma1Add entry about letterboxing (about:manual#letterboxing)We're implementing a `Learn more` link in the new user-facing letteboxing preferences (tpo/applications/tor-browser#41916) and we need some content to be referenced by about:manual#letterboxing :)
@donuts' [comment](https://gitlab.torp...We're implementing a `Learn more` link in the new user-facing letteboxing preferences (tpo/applications/tor-browser#41916) and we need some content to be referenced by about:manual#letterboxing :)
@donuts' [comment](https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/32324#note_2876483):
> It's on support-dot, but possibly not the manual?
> https://support.torproject.org/tbb/maximized-torbrowser-window/ebanamebanam@torproject.orgebanamebanam@torproject.orghttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42440Letterboxing manual entry (about:manual#letterboxing)2024-03-18T16:26:27Zma1Letterboxing manual entry (about:manual#letterboxing)We're implementing a `Learn more` link in the new user-facing letteboxing preferences (#41916) and we need some content to be referenced by about:manual#letterboxing :)
@donuts' [comment](https://gitlab.torproject.org/tpo/applications/...We're implementing a `Learn more` link in the new user-facing letteboxing preferences (#41916) and we need some content to be referenced by about:manual#letterboxing :)
@donuts' [comment](https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/32324#note_2876483):
> It's on support-dot, but possibly not the manual?
> https://support.torproject.org/tbb/maximized-torbrowser-window/donutsdonutshttps://gitlab.torproject.org/tpo/web/manual/-/issues/156New translations available for the manual: tk, ja2024-03-07T16:56:04ZemmapeelNew translations available for the manual: tk, jaThe manual can be released to Turkmen and Japanese, they are 100% translated.The manual can be released to Turkmen and Japanese, they are 100% translated.emmapeelemmapeel