The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2021-11-03T16:22:08Zhttps://gitlab.torproject.org/tpo/core/tor-ci-reproducible/-/issues/4Make build.sh download the CI generated tarball digest2021-11-03T16:22:08ZDavid Gouletdgoulet@torproject.orgMake build.sh download the CI generated tarball digestThe idea here is to use that checksum and compare it with what we just generated on our side. If it matches, sign and upload signature.
The CI release pipeline still will verify the signatures after that.
The point of all this is to "k...The idea here is to use that checksum and compare it with what we just generated on our side. If it matches, sign and upload signature.
The CI release pipeline still will verify the signatures after that.
The point of all this is to "know" what we are signing and not just randomly upload a signature of some file.David Gouletdgoulet@torproject.orgDavid Gouletdgoulet@torproject.orghttps://gitlab.torproject.org/tpo/tpa/team/-/issues/40501TPO websites displaying PO source fragments2023-07-03T21:04:35ZJérôme Charaouilavamind@torproject.orgTPO websites displaying PO source fragmentsAffected:
- https://www.torproject.org
- https://community.torproject.org
Possibility any other Lektor websites that have translations and have been rebuilt since this morning.Affected:
- https://www.torproject.org
- https://community.torproject.org
Possibility any other Lektor websites that have translations and have been rebuilt since this morning.HiroHirohttps://gitlab.torproject.org/tpo/network-health/analysis/-/issues/3CDFs graphs for Exits and Guard+Exits, for simulated and live Tor network2024-01-16T14:37:18ZHiroCDFs graphs for Exits and Guard+Exits, for simulated and live Tor networkWe will need the following graphs:
```
- CDFs for Exits and Guard+Exits
- 'exit-kibibytes-read'+'exit-kibibytes-written'/'epoll_cnt'
- 'exit-kibibytes-read'+'exit-kibibytes-written'/'epoll_wait'
```
We can get this info...We will need the following graphs:
```
- CDFs for Exits and Guard+Exits
- 'exit-kibibytes-read'+'exit-kibibytes-written'/'epoll_cnt'
- 'exit-kibibytes-read'+'exit-kibibytes-written'/'epoll_wait'
```
We can get this info from descriptor and shadow logs.
Furthermore we will also need the following graphs:
```
- Graphs:
- Utilization CDFs: graph for all relays, and one graph each for "Guard",
"Exit", "Middle", "Guard+Exit"
- take the bandwidth history from extra-info, and divide it by the advertized
bandwidth from the descriptor.
- In Shadow, we may have to use the Link capacity instead of adv bw,
if clients don't burst enough in 1 sim period to get adv bw high
enough
```
We also want a new baseline date range, for a flooding period.
For more details and prioritization, see https://gitlab.torproject.org/tpo/network-health/metrics/analysis/-/issues/40008#note_2764299
cc\ @mikeperry cc\ @jnewsomeMetrics OKRs Q3-Q4 2022HiroHirohttps://gitlab.torproject.org/tpo/web/tpo/-/issues/253Please remove the Applications Developer job description from the website2021-11-05T21:31:56ZErin WyattPlease remove the Applications Developer job description from the websitePlease remove the Applications Developer job posting from the website. We are no longer accepting applications for this job.
However, please first have a look at the job posting, which got scrambled at some point? https://www.torproject...Please remove the Applications Developer job posting from the website. We are no longer accepting applications for this job.
However, please first have a look at the job posting, which got scrambled at some point? https://www.torproject.org/about/jobs/software-engineer-applications-team/
Thank you!HackerNCoderhackerncoder@encryptionin.spaceHackerNCoderhackerncoder@encryptionin.spacehttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40380Add dgoulet as a tor package signer2021-11-03T03:22:53ZMatthew FinkelAdd dgoulet as a tor package signerhttps://lists.torproject.org/pipermail/tor-packagers/2021-August/000127.html
```
$ gpg2 -k dgoulet@torproject.org
pub rsa2048/0x42E86A2A11F48D36 2011-05-11 [SC] [expires: 2022-04-08]
Key fingerprint = B744 17ED DF22 AC9F 9E90 F...https://lists.torproject.org/pipermail/tor-packagers/2021-August/000127.html
```
$ gpg2 -k dgoulet@torproject.org
pub rsa2048/0x42E86A2A11F48D36 2011-05-11 [SC] [expires: 2022-04-08]
Key fingerprint = B744 17ED DF22 AC9F 9E90 F491 42E8 6A2A 11F4 8D36
uid [ unknown] David Goulet <dgoulet@ev0ke.net>
uid [ unknown] David Goulet <dgoulet@torproject.org>
uid [ unknown] David Goulet <dgoulet@riseup.net>
sub rsa4096/0x2AC6036C93CC198D 2013-09-10 [E] [expires: 2022-04-08]
```https://gitlab.torproject.org/tpo/core/arti/-/issues/221Reproducible build for osx is stuck on SDK 10.112021-11-04T15:27:45ZNick MathewsonReproducible build for osx is stuck on SDK 10.11Our current reproducible build script downloads OSX SDK 10.11 from s3.dockerproject.org. The [`coarsetime`](https://crates.io/crates/coarsetime) crate uses the `clock_gettime_nsec_np()` API, which (like the other clock_gettime APIs) was ...Our current reproducible build script downloads OSX SDK 10.11 from s3.dockerproject.org. The [`coarsetime`](https://crates.io/crates/coarsetime) crate uses the `clock_gettime_nsec_np()` API, which (like the other clock_gettime APIs) was added in OSX SDK 10.12. This causes the `build-repro` task to fail: https://gitlab.torproject.org/tpo/core/arti/-/jobs/48984 .
Possible solutions:
* Can we get SDK 10.12 from anywhere legitimate? If so, we could feed that into our script and we'd be done with this.
* Could we add a feature to `coarsetime` so it supports older OSX versions, probably via some `mach_*` call? The upstream `coarsetime` developer was very responsive to my last set of patches, but they were less kludgey than this would be.
* Should we back out of `coarsetime` (conditionally or unconditionally) for the purpose of these cross-compiled builds? (I believe that @eta favors an approach where we just have a background thread that updates a shared AtomicU64; we could also call some `mach_*` function directly.)
For reference:
* [Implementation of clock_gettime.c on Darwin](https://opensource.apple.com/source/Libc/Libc-1158.1.2/gen/clock_gettime.c.auto.html)
* [Manual page for `clock_gettime*()`](https://www.manpagez.com/man/3/clock_gettime/)
cc @trinity-1686a for possible ideas, since they figured out how to make this cross-compilation work in the first place.Arti 0.1.0 release: Okay for experimental embeddingNick MathewsonNick Mathewsonhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40681Lock Choose your preferred language for displaying pages for fingerprint2021-12-07T11:32:32ZcypherpunksLock Choose your preferred language for displaying pages for fingerprint1. about:preferences
2. Choose your preferred language for displaying pages
3. Force-check Request English versions of web pages for enhanced privacy and make it unselectable
FingerprintIssue1. about:preferences
2. Choose your preferred language for displaying pages
3. Force-check Request English versions of web pages for enhanced privacy and make it unselectable
FingerprintIssuehttps://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/65Design a State Persistence Framework2024-02-27T19:01:28ZshelikhooDesign a State Persistence FrameworkCurrently, there are two modes of data persistence implemented in rdsys. Gob based persistence, and JSON based persistence. In either case, a full dump of a certain type will be generated and a file on the system will be truncated and wr...Currently, there are two modes of data persistence implemented in rdsys. Gob based persistence, and JSON based persistence. In either case, a full dump of a certain type will be generated and a file on the system will be truncated and written in place whenever a resource is modified.
The current design of this system has the following issues:
* If there are concurrent connections, a file may be corrupted by being written by competing writes.
* If the process is killed after a truncated and before the write is complete, the save may be corrupted.
* If there is a significant amount of resources, the dumping process can be slow and result in a bottleneck. Additionally, a significant amount of write instructions may reduce SSD lifespan.
* There is no way to detect if a corrupted file is loaded. A human-readable format like JSON can load the corrupted file when there is an insertion, replacement, or deletion in the data field. A non-human-readable format may also load a file if there is a replacement in the data field.
Possible Ways of Improvements
* File system based
* Creating a Multiversion concurrency control: Writing to a different file each time by generating the filename based on the timestamp
* ```[+]``` Reduce overwrite in place
* ```[+]``` Do not require changes to the current file-based approach for state persistence
* ```[-]``` Additional complexity: requires clean up
* Adding Checksum to file/filename
* ```[+]``` Detects corrupted files
* ```[-]``` Additional complexity
* ```[-]``` Additional computation cost
* Database based(Tree-based Key-Value database)
* ```[+]``` Outsources database design complexity
* ```[+]``` Allows live migration/scaling of application
* ```[-]``` Require changes to the design of application: resources should ideally be stored and retrieved from the database individually, instead of a dump of all states as a binary.
* ```[-]``` Some indexing may need to be completed manually
* ```[-]``` Additionally external dependency: deployment will become more complexhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40682Set network.proxy.allow_bypass to false2022-05-13T10:08:10ZTom Rittertom@ritter.vgSet network.proxy.allow_bypass to falseThis is another 'bypass the proxy' flag added recently. I don't believe it's in ESR 91 but it wouldn't hurt to set it there to be safe...This is another 'bypass the proxy' flag added recently. I don't believe it's in ESR 91 but it wouldn't hurt to set it there to be safe...boklmboklmhttps://gitlab.torproject.org/tpo/tpa/ci-templates/-/issues/1clarify purpose of SITE_URL in deploy-static job template2021-11-04T01:33:28Zanarcatclarify purpose of SITE_URL in deploy-static job template@lavamind figured out that we don't actually need to specify a SITE_URL at all: he put the wrong one in and things still worked.
hilarious!
we should probably tweak the template and docs to clarify that.@lavamind figured out that we don't actually need to specify a SITE_URL at all: he put the wrong one in and things still worked.
hilarious!
we should probably tweak the template and docs to clarify that.Retire Jenkinsanarcatanarcathttps://gitlab.torproject.org/tpo/tpa/ci-templates/-/issues/2deploy lektor with hashed pinning2022-06-01T20:08:32Zanarcatdeploy lektor with hashed pinningwe're currently trusting pip with arbitrary code in the lektor build. @kushal made a nice procedure to avoid this.
https://gist.github.com/kushaldas/d8f566067e12d30185abe0f8442d72ef
i also learned that you can pass a `--hash` parameter...we're currently trusting pip with arbitrary code in the lektor build. @kushal made a nice procedure to avoid this.
https://gist.github.com/kushaldas/d8f566067e12d30185abe0f8442d72ef
i also learned that you can pass a `--hash` parameter to the requirements spec to force that.Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/tpa/ci-templates/-/issues/3Reevaluate base image for lektor.yml2021-11-16T02:58:41ZJérôme Charaouilavamind@torproject.orgReevaluate base image for lektor.ymlSo right now we're using `ubuntu:latest` to build Lektor, and it just works.
But `ubuntu:latest` is a moving target so we might want to adjust this so we don't get the rug pulled from under our jobs again down the line.
For example, we...So right now we're using `ubuntu:latest` to build Lektor, and it just works.
But `ubuntu:latest` is a moving target so we might want to adjust this so we don't get the rug pulled from under our jobs again down the line.
For example, we could maybe try something like `python-3.7-bullseye`?Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/web/team/-/issues/15establish staging workflow for static sites in GitLab CI2022-01-18T16:04:15Zanarcatestablish staging workflow for static sites in GitLab CIin the rush migration surrounding tpo/tpa/team#40501, we moved the main prod websites, but not the staging sites. figure out how those work in GitLab CI and migrate them.in the rush migration surrounding tpo/tpa/team#40501, we moved the main prod websites, but not the staging sites. figure out how those work in GitLab CI and migrate them.Retire JenkinsJérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/tpa/team/-/issues/40502establish staging workflow for static sites in GitLab CI2021-11-03T19:52:30Zanarcatestablish staging workflow for static sites in GitLab CIin the rush migration surrounding #40501, we moved the main prod websites, but not the staging sites. figure out how those work in GitLab CI and migrate them.in the rush migration surrounding #40501, we moved the main prod websites, but not the staging sites. figure out how those work in GitLab CI and migrate them.Retire Jenkinshttps://gitlab.torproject.org/tpo/core/arti/-/issues/222Use test_with_all_runtimes() in place of tokio::test2021-11-18T00:44:21ZNick MathewsonUse test_with_all_runtimes() in place of tokio::testIn tor-proto we've started to use tokio::test in a few places. We should probably migrate them to test_with_all_runtimes() if it's not too hard, so that we can test those functions with all enabled runtimes. This will require tor-proto...In tor-proto we've started to use tokio::test in a few places. We should probably migrate them to test_with_all_runtimes() if it's not too hard, so that we can test those functions with all enabled runtimes. This will require tor-proto to take a dev-dependency on tor-rtcompat, which isn't too bad.Arti 0.1.0 release: Okay for experimental embeddingNick MathewsonNick Mathewsonhttps://gitlab.torproject.org/tpo/web/donate-static/-/issues/53Archive git.torproject.org/project/web/donate-static and migrate to gitlab2021-11-15T18:01:39ZKezArchive git.torproject.org/project/web/donate-static and migrate to gitlabThe donate-static repository has been entirely moved to gitlab and gitlab CI.git gitweb repo has been deprecated; it shouldn't be used anymore, and will no longer accept new pushes.
Related: https://gitlab.torproject.org/tpo/tpa/team/-/...The donate-static repository has been entirely moved to gitlab and gitlab CI.git gitweb repo has been deprecated; it shouldn't be used anymore, and will no longer accept new pushes.
Related: https://gitlab.torproject.org/tpo/tpa/team/-/issues/40466Retire Jenkinshttps://gitlab.torproject.org/tpo/web/team/-/issues/14protect branches on production websites2021-11-08T18:14:02Zanarcatprotect branches on production websitesi noticed i was able to push to the default branch on tb-manual on gitlab. now that we migrated to gitolite, we should protect those branches so that a proper review process is enforced before pushing.
/cc @emmapeel @kez @lavamindi noticed i was able to push to the default branch on tb-manual on gitlab. now that we migrated to gitolite, we should protect those branches so that a proper review process is enforced before pushing.
/cc @emmapeel @kez @lavamindRetire Jenkinshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40683Empty, white place after pulling Tor-Browser-Window to the taskbar2021-11-08T19:33:33ZNemokoEmpty, white place after pulling Tor-Browser-Window to the taskbar### Summary
**Summarize the bug encountered concisely.**
Dear community,
I noticed a bug in the new Tor-Browser 11.0a9 (based on Mozilla Firefox 91.2.0esr) (64-Bit).
If you pull down the Tor-Browser-Window to the taskbar, you will get...### Summary
**Summarize the bug encountered concisely.**
Dear community,
I noticed a bug in the new Tor-Browser 11.0a9 (based on Mozilla Firefox 91.2.0esr) (64-Bit).
If you pull down the Tor-Browser-Window to the taskbar, you will get an empty, white place.
Could you please have a look on the new Tor-Browser?
System information:
Windows 10 21H1 (1920 x 1080 resolution),
Tor-Browser 11.0a9 (based on Mozilla Firefox 91.2.0esr) (64-Bit),
Tor Browser Security Level: Standard
### Steps to reproduce:
**How one can reproduce the issue - this is very important.**
You can reproduce it as follows:
Start Tor-Browser – the window will have the default resolution
![Example_1_New_Browser_01](/uploads/acd79e457bb9f986b759ef7211e485f0/Example_1_New_Browser_01.jpg)
![Example_2_New_Browser_01](/uploads/28e22a45404b6dd23911efee41613306/Example_2_New_Browser_01.jpg)
Now pull the window to the taskbar – you see that you will get an empty, white place
![Example_1_New_Browser_02](/uploads/8b9e09359b616be865c7145326e0e92f/Example_1_New_Browser_02.jpg)
![Example_2_New_Browser_02](/uploads/618b12ae587e2608d768dbfc3e7a74be/Example_2_New_Browser_02.jpg)
You can see here the old behavior with Tor-Browser 10.5.10 (based on Mozilla Firefox 78.15.0esr) (64-Bit):
Start Tor-Browser – the window will have the default resolution
![Example_1_Old_Browser_01](/uploads/2ee5ebdc66c71e5e0187fc89a9ea6ce7/Example_1_Old_Browser_01.jpg)
Now pull the window to the taskbar – you see that there is no empty place and the website will be extended:
![Example_1_Old_Browser_02](/uploads/439d4aba7fc3ecbbc27f6a3624440f07/Example_1_Old_Browser_02.jpg)
![Example_2_Old_Browser](/uploads/0de057bf205c210a3c4f63ab89ffd42f/Example_2_Old_Browser.jpg)
### What is the current bug behavior?
**What actually happens.**
If you pull down the Tor-Browser-Window to the taskbar, you will get an empty, white place
### What is the expected behavior?
**What you want to see instead**
The Tor-Browser-Window have to be extended - like in the old version.https://gitlab.torproject.org/tpo/web/newsletter/-/issues/23Archive git.torproject.org/project/web/newsletter and migrate to gitlab2021-11-11T19:31:42ZKezArchive git.torproject.org/project/web/newsletter and migrate to gitlabThe gitolite repository for newsletter.tpo has been deprecated and archived, and the new canonical source for the site is this gitlab repo.
Context: https://gitlab.torproject.org/tpo/web/newsletter/-/issues/22The gitolite repository for newsletter.tpo has been deprecated and archived, and the new canonical source for the site is this gitlab repo.
Context: https://gitlab.torproject.org/tpo/web/newsletter/-/issues/22https://gitlab.torproject.org/tpo/tpa/team/-/issues/40503audit accesses to staticiforme2021-11-22T20:46:53Zanarcataudit accesses to staticiformenow that a bunch of sites have been moved off staticiforme into the static-shim, we may be able to revoke some accesses on that busy server.now that a bunch of sites have been moved off staticiforme into the static-shim, we may be able to revoke some accesses on that busy server.Retire Jenkinsanarcatanarcat