The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2022-10-24T20:53:07Zhttps://gitlab.torproject.org/tpo/core/tor/-/issues/33129Tor node that is not part of the consensus should not be used as rendezvous p...2022-10-24T20:53:07ZcypherpunksTor node that is not part of the consensus should not be used as rendezvous point with the onion serviceAccording to this article attacker is able to to chose a server that is running Tor but is not part of the Tor network as an rendezvous point with the onion service so that he can discover in to which family onion service`s guard node be...According to this article attacker is able to to chose a server that is running Tor but is not part of the Tor network as an rendezvous point with the onion service so that he can discover in to which family onion service`s guard node belongs and than use that information to ddos Tor nodes in that family so that onion service drops that guard node and instead chose his Tor node as a guard node.
https://www.hackerfactor.com/blog/index.php?/archives/868-Deanonymizing-Tor-Circuits.htmlhttps://gitlab.torproject.org/tpo/core/tor/-/issues/40326Request for comment - Debian logrotate - Adding the scrub option by default2022-10-24T20:55:12ZcypherpunksRequest for comment - Debian logrotate - Adding the scrub option by defaultWe could add the "shred" and "shredcycles" options to "/etc/logrotate.d/tor" by default. The number of cycles could be just 1, instead of the default 3, to reduce wear. We should at least to it for relays and the "debug" and "info" log l...We could add the "shred" and "shredcycles" options to "/etc/logrotate.d/tor" by default. The number of cycles could be just 1, instead of the default 3, to reduce wear. We should at least to it for relays and the "debug" and "info" log level.
Here is [some](https://www.bleepingcomputer.com/news/government/german-police-accused-of-carrying-out-some-pretty-stupid-raids/) [horror](https://www.techdirt.com/articles/20160406/08211234116/law-enforcement-raids-another-tor-exit-node-because-it-still-believes-ip-address-is-person.shtml) [stories](https://www.theregister.com/2014/12/22/stay_away_popular_tor_exit_relays_look_raided/) that support my concern.https://gitlab.torproject.org/tpo/core/chutney/-/issues/40018chutney can generate invalid arti config with empty ed_identity2022-10-24T21:02:18ZIan Jacksoniwj@torproject.orgchutney can generate invalid arti config with empty ed_identityWhen I run arti's chutney tests on my laptop, chutney generates an `arti.toml` containing something like this:
```
fallback_caches = [
{rsa_identity = "30BB3F0559E82F9F22670F74B2B579618BCB052F", ed_identity = "", orports = ["127.0.0....When I run arti's chutney tests on my laptop, chutney generates an `arti.toml` containing something like this:
```
fallback_caches = [
{rsa_identity = "30BB3F0559E82F9F22670F74B2B579618BCB052F", ed_identity = "", orports = ["127.0.0.1:5000"]},
{rsa_identity = "3EDBDF94A19EACB6CBF33CED2A8A2F2D9F2C71B9", ed_identity = "", orports = ["127.0.0.1:5001"]},
{rsa_identity = "F159C273C9984FC9BC78E3D5B92EA6B43C6F80B2", ed_identity = "", orports = ["127.0.0.1:5002"]},
]
```
arti refusese to load this because the empty string is not a valid ed identity.
I remember that I managed to get this working the last time this happened to me but I can't remember what I did. There don't seem to be any relevant error messages.
The script in question is here:
https://gitlab.torproject.org/tpo/core/arti/-/blob/main/tests/chutney/setuphttps://gitlab.torproject.org/tpo/tpa/team/-/issues/40529ci-runner-x86-05 ran out of disk space2022-10-24T22:08:53Zanarcatci-runner-x86-05 ran out of disk space50G wasn't enough. the spec in #40500 mentioned "50GB >" so maybe we need to match what's on chi-node-14, which is, i believe, 250GB.
@jnewsome, how big should that /srv/shadow be anyways?50G wasn't enough. the spec in #40500 mentioned "50GB >" so maybe we need to match what's on chi-node-14, which is, i believe, 250GB.
@jnewsome, how big should that /srv/shadow be anyways?anarcatanarcathttps://gitlab.torproject.org/tpo/tpa/team/-/issues/40865ci-runner-x86-05 is out of disk space (again)2022-10-24T22:25:32ZKezci-runner-x86-05 is out of disk space (again)```
tor-nagios: [ci-runner-x86-05] disk usage - all is CRITICAL: DISK CRITICAL - free space: / 6186 MB (65% inode=89%): /dev 151035 MB (100% inode=99%): /dev/shm 151052 MB (99% inode=99%): /run 30209 MB (99% inode=99%): /run/lock 5 MB (1...```
tor-nagios: [ci-runner-x86-05] disk usage - all is CRITICAL: DISK CRITICAL - free space: / 6186 MB (65% inode=89%): /dev 151035 MB (100% inode=99%): /dev/shm 151052 MB (99% inode=99%): /run 30209 MB (99% inode=99%): /run/lock 5 MB (100% inode=99%): /tmp 151052 MB (99% inode=99%): /srv 7982 MB (5% inode=90%): /var/lib/docker 7982 MB (5% inode=90%): /run/credentials 30209 MB (99% inode=99%): /var/tmp 6186 MB (65% inode=89%):
<nsa> tor-nagios: [ci-runner-x86-05] disk usage on /srv is CRITICAL: DISK CRITICAL - free space: /srv 2408 MB (1% inode=89%):
```
/srv is going to run out of disk space. In 90 minutes it dropped from 9GB free on /srv to 2.4GB. Last time we had this issue (#40529) we just grew the disks. I checked for any prune-able docker images, and there aren't any. It looks like right now the biggest culprit is arti
```
INFO: calling `du -sb /var/lib/docker/volumes/*`
root@ci-runner-x86-05:~# tpa-du-gl-volumes | head -10
project-681 nickm/arti 44.62 GiB
project-1285 Diziet/arti 24.16 GiB
project-647 tpo/core/arti 22.04 GiB
project-1650 famasoon/arti 9.68 GiB
project-950 tpo/core/doc 1.99 GiB
project-322 juga/sbws 1.30 GiB
```https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41130Review Mozilla 1741428: Bump the MinGW version2022-10-24T22:44:58ZrichardReview Mozilla 1741428: Bump the MinGW version## https://bugzilla.mozilla.org/show_bug.cgi?id=1741428
So it seems there is a bug in latest widl where enums aren't forward declared correctly in C++:
- https://bugs.winehq.org/show_bug.cgi?id=53431
We will need to either patch the m...## https://bugzilla.mozilla.org/show_bug.cgi?id=1741428
So it seems there is a bug in latest widl where enums aren't forward declared correctly in C++:
- https://bugs.winehq.org/show_bug.cgi?id=53431
We will need to either patch the mingw headres (firefox approach) or we can go fix widl (iirc this should be an easy-ish fix)
cc @tom, @boklm, @pierovSponsor 131 - Phase 3 - Major ESR 102 Migrationrichardrichardhttps://gitlab.torproject.org/tpo/core/tor/-/issues/28181spec: Add to pt-spec.txt control messages going back to main process (tor)2022-10-25T06:13:00ZDavid Gouletdgoulet@torproject.orgspec: Add to pt-spec.txt control messages going back to main process (tor)As part of legacy/trac#28180, we want to have a PT to report back events, mainly connection to the bridge events for now, to the parent process which is tor in our case.
This ticket is for adding those to pt-spec.txt.
We'll concentrate...As part of legacy/trac#28180, we want to have a PT to report back events, mainly connection to the bridge events for now, to the parent process which is tor in our case.
This ticket is for adding those to pt-spec.txt.
We'll concentrate on connection messages reporting the status of a connection to a Bridge at first to narrow down a bit this work.Tor: 0.4.0.x-finalDavid Gouletdgoulet@torproject.orgDavid Gouletdgoulet@torproject.orghttps://gitlab.torproject.org/tpo/core/tor/-/issues/28755Implement a K/V parser library2022-10-25T06:13:01ZDavid Gouletdgoulet@torproject.orgImplement a K/V parser libraryThe key/value format K=V is used extensively in the Tor code and seems many places uses their own way to parse that.
This ticket is for implementing a library to parse such K/V construction. There is a world where we might require V to ...The key/value format K=V is used extensively in the Tor code and seems many places uses their own way to parse that.
This ticket is for implementing a library to parse such K/V construction. There is a world where we might require V to be quoted or not so I'll let this challenge to the implementer(s).
This ticket comes from the work done in legacy/trac#28179 that implements messages from the PT to the Tor process.Tor: 0.4.0.x-finalNick MathewsonNick Mathewsonhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21879OSX: default bookmarks not used2022-10-25T09:59:50ZMark SmithOSX: default bookmarks not usedOur Tor Project bookmarks are not used by default in the ESR52-bssed TB nightly builds (I saw this problem on OSX with the builds mentioned here: comment:1:ticket:21875).
Although our bookmarks.html file is included in browser/omni.ja, ...Our Tor Project bookmarks are not used by default in the ESR52-bssed TB nightly builds (I saw this problem on OSX with the builds mentioned here: comment:1:ticket:21875).
Although our bookmarks.html file is included in browser/omni.ja, it seems to be ignored. Maybe ESR52 uses a new mechanism for configuring the default bookmarks.https://gitlab.torproject.org/tpo/applications/tor-browser-bundle-testsuite/-/issues/40046Build infrastructure updates to build nightly base-browser2022-10-25T10:18:19ZrichardBuild infrastructure updates to build nightly base-browserWhatever infrastructure work that needs to happen to build nightly 'base-browser' packagesWhatever infrastructure work that needs to happen to build nightly 'base-browser' packagesSponsor 131 - Phase 1 - MVP Base Browserboklmboklmhttps://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/45tests for gettor2022-10-25T11:27:01Zmeskiomeskio@torproject.orgtests for gettorAt least the usecases of the gettor distributor and updater should have some tests.At least the usecases of the gettor distributor and updater should have some tests.https://gitlab.torproject.org/tpo/network-health/exitmap/-/issues/32add IPv6 support to resolve function2022-10-25T13:04:46ZGeorg Koppenadd IPv6 support to resolve functionThere is a PR for that over at:
https://github.com/NullHypothesis/exitmap/pull/62There is a PR for that over at:
https://github.com/NullHypothesis/exitmap/pull/62Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/tpa/prometheus-alerts/-/issues/6Add ahf's relay "ukko" to scrape its MetricsPort2022-10-25T13:44:45ZDavid Gouletdgoulet@torproject.orgAdd ahf's relay "ukko" to scrape its MetricsPort`ukko` is a very important relay the network team uses to conduct development and network measurements. We would like to add it to the Grafana and thus have our Prometheus to scrape it.
Its metrics port is on `95.216.33.30` port `9091`....`ukko` is a very important relay the network team uses to conduct development and network measurements. We would like to add it to the Grafana and thus have our Prometheus to scrape it.
Its metrics port is on `95.216.33.30` port `9091`. Once set up, can you tell me the Prometheus IP so I can set the `MetricsPortPolicy` properly to only accept connections from that address. Thanks!David Gouletdgoulet@torproject.orgDavid Gouletdgoulet@torproject.orghttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41358Onion-Location icon does not appear on Android2022-10-25T15:06:33ZSilvio RhattoOnion-Location icon does not appear on Android<!--
* Use this issue template for reporting a new UX bug.
-->
### Summary
* The Onion-Location icon does not appear on Android when accessing a site providing this header.
* See also [this forum entry](https://forum.torproject.net/t/o...<!--
* Use this issue template for reporting a new UX bug.
-->
### Summary
* The Onion-Location icon does not appear on Android when accessing a site providing this header.
* See also [this forum entry](https://forum.torproject.net/t/onion-available-onion-location-button-auto-redirect-on-android/2661).
### Steps to reproduce:
1. Open The Tor Browser for Android.
2. Connect.
3. Access https://torproject.org.
### What is the current bug behavior?
1. The Onion-Location icon does not appear.
### What is the expected behavior?
1. The Onion-Location icon to appear inside the URL bar.
## Relevant logs and/or screenshots
![tor-browser-for-android-no-onion-location-icon](/uploads/cc4f24083666e6a54948a455edb27f4e/tor-browser-for-android-no-onion-location-icon.jpeg)
## Version information
* Tested on Tor Browser for Android 99.0.0b3-Release (11.5.3).https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40193Snowflake Broker Deployment 22-10-032022-10-25T16:32:20ZshelikhooSnowflake Broker Deployment 22-10-03We are going to deploy a new version of snowflake broker configuration to snowflake broker.
The broker binary isn't updated, and remain [v2.3.1](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/tags/v2.3...We are going to deploy a new version of snowflake broker configuration to snowflake broker.
The broker binary isn't updated, and remain [v2.3.1](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/tags/v2.3.1).
## Deployment Script
```
sv stop snowflake-broker
cp /etc/service/snowflake-broker/run ./snowflake-broker-run-22-10-03-backup-$(date +%N)
install --owner root ./snowflake-broker-run-22-10-03-candidcate /etc/service/snowflake-broker/run
sv start snowflake-broker
```
## Rollback Script(will be located at /home/shelikhoo/deployment-22-10-03)
```
sv stop snowflake-broker
install --owner root ./snowflake-broker-run-22-10-03-backup-???? /etc/service/snowflake-broker/run
sv start snowflake-broker
```
## New Run File
(the difference is at --allowed-relay-pattern)
(-ip-count-mask's value is not real value used on the production system)
```
#!/bin/sh -e
setcap 'cap_net_bind_service=+ep' /usr/local/bin/broker
export GOMAXPROCS=1
exec chpst -u snowflake-broker -o 32768 /usr/local/bin/broker --metrics-log /home/snowflake-broker/metrics.log --acme-hostnames snowflake-broker.bamsoftware.com,snowflake-broker.freehaven.net,snowflake-broker.torproject.net --acme-email dcf@torproject.org --acme-cert-cache /home/snowflake-broker/acme-cert-cache --bridge-list-path /home/snowflake-broker/bridge_lists.json --default-relay-pattern ^snowflake.torproject.net$ --allowed-relay-pattern snowflake.torproject.net$ -ip-count-log /home/snowflake-broker/metrics-ip-salted.jsonl -ip-count-interval 1h -ip-count-mask ****** 2>&1
```
## Old Run File
```
#!/bin/sh -e
setcap 'cap_net_bind_service=+ep' /usr/local/bin/broker
export GOMAXPROCS=1
exec chpst -u snowflake-broker -o 32768 /usr/local/bin/broker --metrics-log /home/snowflake-broker/metrics.log --acme-hostnames snowflake-broker.bamsoftware.com,snowflake-broker.freehaven.net,snowflake-broker.torproject.net --acme-email dcf@torproject.org --acme-cert-cache /home/snowflake-broker/acme-cert-cache --bridge-list-path /home/snowflake-broker/bridge_lists.json --default-relay-pattern ^snowflake.torproject.net$ --allowed-relay-pattern ^snowflake.torproject.net$ -ip-count-log /home/snowflake-broker/metrics-ip-salted.jsonl -ip-count-interval 1h -ip-count-mask ****** 2>&1
```
## Side effect to be watched
The network capacity of the snowflake may be decreased. However, if we can take this hit, we should be able to roll out distributed snowflake support.Sponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & Tibetshelikhooshelikhoohttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40205Remove GOMAXPROCS=1 in the next deployment2022-10-25T16:34:16ZshelikhooRemove GOMAXPROCS=1 in the next deploymentWe should consider removing this unnecessary setting in the next deployment.
```
[6:12:21 pm] <dcf1> shelikhoo: it is also likely that GOMAXPROCS=1 can be removed from the run script. That was an experiment 2 years ago that turned out no...We should consider removing this unnecessary setting in the next deployment.
```
[6:12:21 pm] <dcf1> shelikhoo: it is also likely that GOMAXPROCS=1 can be removed from the run script. That was an experiment 2 years ago that turned out not to have an effect: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/32576#note_2594746
```shelikhooshelikhoohttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40660Update changelog-format-blog-post script to point gitlab rather than gitolite2022-10-25T17:27:11ZrichardUpdate changelog-format-blog-post script to point gitlab rather than gitoliteWe're going to stop updating gitolite post 12.0 let's ensure the blog post is pointing to the changelog in gitlabWe're going to stop updating gitolite post 12.0 let's ensure the blog post is pointing to the changelog in gitlabrichardrichardhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41140Review Mozilla 1751366: Disable tab unloading in private windows (Firefox up...2022-10-25T18:21:20ZrichardReview Mozilla 1751366: Disable tab unloading in private windows (Firefox update coupled with tabs unloading can cause loss of tabs in private browsing)## https://bugzilla.mozilla.org/show_bug.cgi?id=1751366
This sent up warning flags since Tor Browser is always in private browsing mode, but there may be nothing for us to worry about here given that we use a different update process.## https://bugzilla.mozilla.org/show_bug.cgi?id=1751366
This sent up warning flags since Tor Browser is always in private browsing mode, but there may be nothing for us to worry about here given that we use a different update process.Sponsor 131 - Phase 3 - Major ESR 102 Migrationma1ma1https://gitlab.torproject.org/tpo/tpa/team/-/issues/30880document backup/restore procedures2022-10-25T18:36:48Zanarcatdocument backup/restore proceduresBackup system design and restore procedures are currently not well documented in our wiki. Try a few restores and document the heck out of this. The [ops report card](http://opsreportcard.com/section/11) recommends services be documented...Backup system design and restore procedures are currently not well documented in our wiki. Try a few restores and document the heck out of this. The [ops report card](http://opsreportcard.com/section/11) recommends services be documented with a template like this:
1. Overview: Overview of the service: what is it, why do we have it, who are the primary contacts, how to report bugs, links to design docs and other relevant information.
2. Build: How to build the software that makes the service. Where to download it from, where the source code repository is, steps for building and making a package or other distribution mechanisms. If it is software that you modify in any way (open source project you contribute to or a local project) include instructions for how a new developer gets started. Ideally the end result is a package that can be copied to other machines for installation.
3. Deploy: How to deploy the software. How to build a server from scratch: RAM/disk requirements, OS version and configuration, what packages to install, and so on. If this is automated with a configuration management tool like cfengine/puppet/chef (and it should be), then say so.
4. Common Tasks: Step-by-step instructions for common things like provisioning (add/change/delete), common problems and their solutions, and so on.
5. Pager Playbook: A list of every alert your monitoring system may generate for this service and a step-by-step "what do to when..." for each of them.
6. DR: Disaster Recovery Plans and procedure. If a service machine died how would you fail-over to the hot/cold spare?
7. SLA: Service Level Agreement. The (social or real) contract you make with your customers. Typically things like Uptime Goal (how many 9s), RPO (Recovery Point Objective) and RTO (Recovery Time Objective).
While we don't use that template anywhere yet (and it somehow conflicts with the [documentation best practices](https://www.divio.com/blog/documentation/), we can probably find a middle ground of some sort...anarcatanarcathttps://gitlab.torproject.org/tpo/tpa/team/-/issues/32519improve user onboard/offboarding procedures2022-10-25T18:36:48Zanarcatimprove user onboard/offboarding procedureswhile working on the nextcloud project, we realized it wasn't exactly trivial to setup the LDAP bridge because of our specific requirements (no direct connexion, offline support). so we just didn't implement it yet (legacy/trac#32332). i...while working on the nextcloud project, we realized it wasn't exactly trivial to setup the LDAP bridge because of our specific requirements (no direct connexion, offline support). so we just didn't implement it yet (legacy/trac#32332). i added a note about this in the [retire a user](https://help.torproject.org/tsa/howto/retire-a-user/) procedure, but then i realized there are probably many other such services that do *not* connect with LDAP.
On the top of my head, there's at least Trac and mailing lists, for example, which are managed completely separarely. Audit [the service list](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service) and see which services are manager manually and which aren't. Those services have been identified as particularly out of sync:
* blog.torproject.org, see also https://gitlab.torproject.org/tpo/web/blog-trac/-/issues/33109
* email, see also #32558
* IRC, the @tor-tpomember group
* Nagios contacts (almost cleaned up, but will still need checking for sysadmins arriving/departing)
* Nextcloud (#32332)
* rt.torproject.org, see #34036 for an example audit
* gitolite, see #40023
That list is not exhaustive.
Then make sure there's an automated way to add/remove users to services, either by hooking up the service with LDAP, or by creating a wrapper script that will manage those accesses.
So the following needs to be done here:
* [x] document, in <del>[new-person](https://help.torproject.org/tsa/howto/new-person/) and [retire-a-user](https://help.torproject.org/tsa/howto/retire-a-user)</del> the [service page](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service), the various services to add/remove people to
* [ ] automate the above with a script or LDAP
Note that the two pages have different scope: `new-person` is about TSA while `retire-a-user` is broader. This should also be converged, probably in the broader sense.
Also note that a particularly tricky situation is when we want to do a *partial* removal. For example, maybe the person needs to be removed from tor-internal, but keep access to some servers. Or removed from server, but keep an email alias.
The latter case is especially sensitive: some people feel keeping their email alias around forever is an inalienable right and that we should keep forwarding their email even after they are fully retired from Tor. This policy needs to be clarified, see #32558 for that particularly tricky problem.