The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2021-06-30T08:45:10Zhttps://gitlab.torproject.org/tpo/network-health/sbws/-/issues/40092Investigate why maatuska is stalled2021-06-30T08:45:10ZjugaInvestigate why maatuska is stalledThe scanner last log is on the 10th. at 12:30, there's no memory swapped, it's still running but not doing anything.
This could be again #40087, maybe triggered by some other process launched at that time or a different issue.The scanner last log is on the 10th. at 12:30, there's no memory swapped, it's still running but not doing anything.
This could be again #40087, maybe triggered by some other process launched at that time or a different issue.sbws: 1.2.x-finaljugajugahttps://gitlab.torproject.org/tpo/tpa/team/-/issues/40300Please refresh the torbrowser OpenPGP key2021-12-14T02:10:21ZMatthew FinkelPlease refresh the torbrowser OpenPGP keySame as #40115 with the push to alberti
ThanksSame as #40115 with the push to alberti
ThanksJérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/tpa/team/-/issues/40312Please add richard as a member of the tb-tester ldap group2021-06-21T20:11:00ZMatthew FinkelPlease add richard as a member of the tb-tester ldap groupThis should give @richard access to `tb-tester-01`This should give @richard access to `tb-tester-01`Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/tpa/team/-/issues/40284retire build-arm-102021-06-29T18:29:05Zanarcatretire build-arm-10Linaro is shutting down their "Developer cloud", which means we'll lose access to build-arm-10. Retire the box before that:
> Hi Linaro Developer Cloud Users,
>
> Thanks for your interest and work on Linaro Developer Cloud during the l...Linaro is shutting down their "Developer cloud", which means we'll lose access to build-arm-10. Retire the box before that:
> Hi Linaro Developer Cloud Users,
>
> Thanks for your interest and work on Linaro Developer Cloud during the last
> several years. Really appreciated your open source
> development/test/validation work which has been contributed a lot to Arm64
> ecosystem.
>
> I'm writing to tell you that *we plan to close Linaro Developer
> Cloud(uk.linaro.cloud) external access *due to the internal change*. We are
> really sorry to make this hard decision, and can not continue offering
> resources after Jun 30th.*
>
> After Jun 30th, all the VM network access will be lost, and the data will
> not be kept. Please backup your data locally ASAP.
>
> If you have special requests to keep your resources, or if you have some CI
> jobs running in Linaro Developer Cloud, please let me know, we will try to
> help with migration to other platforms.
>
> Again, thanks a lot for your help during the last several years.
Note that this might impact tpo/core/tor#40347
automated retirement procedure:
1. [x] announcement: N/A, was already unavailable upstream
2. [x] nagios
3. [x] N/A: VM already stopped
4. [x] fabric retirement
5. [x] LDAP
6. [x] grep + DNS
7. [x] pwmanager
8. [x] DNSWL: N/A
9. [x] wiki/spreadsheet
10. [x] upstream
11. [x] reverse DNS: N/Aanarcatanarcat2021-06-30https://gitlab.torproject.org/tpo/tpa/team/-/issues/40297test lektor as a static blog site with content from the existing blog2021-07-22T19:30:22ZJérôme Charaouilavamind@torproject.orgtest lektor as a static blog site with content from the existing blogThe current roadmap has a goal to replace the loathed Drupal blog site with a static site. There's already #40183 convering the comments portion of the site. This issue will track importing the main content consisting of blog posts and c...The current roadmap has a goal to replace the loathed Drupal blog site with a static site. There's already #40183 convering the comments portion of the site. This issue will track importing the main content consisting of blog posts and calendar events into lektor.Launch support's Forum and Blog migrationJérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/web/blog/-/issues/40004Migrate the blog out of Drupal and into a static site generator with a commen...2022-01-26T16:56:00ZGabagaba@torproject.orgMigrate the blog out of Drupal and into a static site generator with a comment service### Content
* [x] Import blog posts from Drupal
* [x] Import events from Drupal
* [x] Import comment archive
* [x] Configure RSS/Atom feeds (posts + events)
* [x] Implement categories to replace tags (depends on https://gitlab.torp...### Content
* [x] Import blog posts from Drupal
* [x] Import events from Drupal
* [x] Import comment archive
* [x] Configure RSS/Atom feeds (posts + events)
* [x] Implement categories to replace tags (depends on https://gitlab.torproject.org/tpo/web/blog/-/issues/40008)
* [x] Test Discourse comments embedding (depends on https://gitlab.torproject.org/tpo/tpa/team/-/issues/40183)
* [x] Test draft post feature
### Layout
* [x] Import relevant CSS styles from old blog
* [x] Setup 2-column responsive layout
* [x] Mirror header and footer contents from other Tor websites
### Deployment
* [x] Ensure functioning newsletter image URL redirections ([example](https://newsletter.torproject.org/archive/2021-11-01-privacy-is-a-human-right/))
* [x] Plan/implement publishing moratorium and comments section closure on Drupal
* [x] Full, final content import from Drupal
* [x] Setup static web mirrors for new site
* [x] Transition `blog.torproject.org` address
* [x] Fossilize old Drupal site (tpo/web/blog#40011)
* [ ] ~~Wind down Pantheon subscription~~ (tpo/tpa/team#40526)
* [ ] ~~Retire (or reconfigure) cache*.torproject.org machines~~ (tpo/tpa/team#40527)
### Workflow
* [x] Implement Review Apps for easy MR previews
* [x] Document final publishing workflow of the new blog
Documentation of the project requirements lives at https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/blogLaunch support's Forum and Blog migrationJérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.org2021-11-17https://gitlab.torproject.org/tpo/tpa/team/-/issues/40327Parameter tuning for gitlab runner ci-runner-x86-03-shadow2021-11-19T20:36:31ZJim NewsomeParameter tuning for gitlab runner ci-runner-x86-03-shadow## Already done
For posterity, I already requested the following overrides to the [runners.docker](https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnersdocker-section) config:
* `cap_add SYS_PTRACE` - sha...## Already done
For posterity, I already requested the following overrides to the [runners.docker](https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnersdocker-section) config:
* `cap_add SYS_PTRACE` - shadow uses ptrace to manage processes running in its simulation
* `shm_size 16g` - shadow uses /dev/shm for IPC, including remapping process most data regions from managed processes into shared memory for fast access from the shadow.
## Outstanding requests that we definitely need:
* I think we'll need a larger shm_size for larger simulations. I'd suggest 50-100% of the machine's physical memory. Note that this setting only specifies a cap, not a reservation. i.e. smaller sims that don't need that much memory won't use it.
* Larger storage. I'm not sure where this setting lives, but my last attempt to run a simulation ran out of storage pretty quickly. I'm not sure exactly what we need here; maybe try 10-20 GB?
## Semi-optional outstanding request
* `security_opt seccomp=unconfined`.
This isn't strictly necessary, but improves Shadow performance by [~20%](/uploads/3c225ae9cf0b73dc0d091afd54c81bbe/image.png).
It'd probably be sufficient if we could instead configure Docker to opt out of the speculative-store-bypass mitigation when installing the seccomp filter, but afaik Docker doesn't expose that functionality (See [shadow #1489](https://github.com/shadow/shadow/issues/1489).
In principle disabling seccomp here might allow to escape the container, effectively getting root on the host machine. However:
* We already restrict access to this runner, roughly to ~jnewsome (though may expand to other trusted folks who need to run shadow sims).
* From some light googling it doesn't seem this would enable any current, known container escapes. This mechanism is for defense in depth. E.g. [this attack](https://blog.trailofbits.com/2019/07/19/understanding-docker-container-escapes/) requires capability `SYS_ADMIN`.Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/tpa/team/-/issues/40321changing the job-browser@ alias2021-06-29T21:05:17ZGabagaba@torproject.orgchanging the job-browser@ aliasCan you
- [ ] add duncan's email to the job-browser@ alias?
- [ ] remove antonela please?
- [ ] add an allias job-applications-developer@ with the same people on it? I will add other ticket about removing job-browser@ when we are read...Can you
- [ ] add duncan's email to the job-browser@ alias?
- [ ] remove antonela please?
- [ ] add an allias job-applications-developer@ with the same people on it? I will add other ticket about removing job-browser@ when we are ready .
thanks!Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/tpa/team/-/issues/40317Please refresh sysrqb's PGP key2021-10-07T16:51:27ZMatthew FinkelPlease refresh sysrqb's PGP keySame as #40120
[CE1782624600EE98764C6D9CCB8FC772D1AA1D30.asc](/uploads/67a9485f190b58c9bd854ba5fb88f60b/CE1782624600EE98764C6D9CCB8FC772D1AA1D30.asc)Same as #40120
[CE1782624600EE98764C6D9CCB8FC772D1AA1D30.asc](/uploads/67a9485f190b58c9bd854ba5fb88f60b/CE1782624600EE98764C6D9CCB8FC772D1AA1D30.asc)Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/tpa/team/-/issues/40320Please update pgp key for jnewsome2021-07-07T16:50:23ZJim NewsomePlease update pgp key for jnewsome```
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Creating a ticket as per https://gitlab.torproject.org/tpo/tpa/team/-/wikis/doc/accounts#changingupdating-your-openpgp-key
> * The ticket should include your username,
jnewsome
> yo...```
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Creating a ticket as per https://gitlab.torproject.org/tpo/tpa/team/-/wikis/doc/accounts#changingupdating-your-openpgp-key
> * The ticket should include your username,
jnewsome
> your old OpenPGP fingerprint
19F788AFB4F0C1436AB42F3F0727FEF30D933D0F
> and your new OpenPGP fingerprint (if you're changing keys).
9E96ACD1D9EC20E88A991D95C0DEC089E303C5E0
> * The ticket should be OpenPGP signed with your OpenPGP key that is currently stored in LDAP.
Done
-----BEGIN PGP SIGNATURE-----
iQGzBAEBCgAdFiEEGfeIr7TwwUNqtC8/Byf+8w2TPQ8FAmDZFQ4ACgkQByf+8w2T
PQ/ATwv/atOhlIKzcu3gsb7kBQlRSVe55VkTpZcUk6MuTUIelYcUrU6TuUWuyldP
Qm0f5jwZMzQX7wJTp+jj5xcZuD5hUCWbWr6M1EuFp0OIs01c61HZbWweQLEVjYdK
/KUbt4JRZbTccnM9CQsOIg57Z1pJquEf/GJ3XjhZk5IQNutR64jyGWaxkvg4hXLu
ibrDQEa1+hmV748udsFDANhV0gBQUd5jnzSn7tPv/cIY/Q43rtKDFWpy9I1OiH5x
+Wp+0FcmrycZ5pUPyXzINEYNYP6nADBxLiAInFQF5hmTWaBTlPjQhe4Z5F/+QXA4
MsHCt8HQVAixoq73pw37XEVVPYkrwovdfey22mlHpNZ1PYsRlqyYAt4MivBj1ElQ
bBg7CJ5e9tIgTw8KEZHjHi3g0hjLpl4m4dYFVoa6AW4T9mB4Xq8hulTsjDB+tlOG
YZ54aupI+k3pF44jMAdTizl4dKkNDNywhzAsZPQ9U4DgT17JRiPk5+mn2E8qGR5J
WzM3GAVU
=coFp
-----END PGP SIGNATURE-----
```Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/tpa/team/-/issues/40302renew roger's openpgp key2021-06-29T20:49:48Zanarcatrenew roger's openpgp key@arma's key expired and it's making the password manager unhappy. renew key and republish everywhere (keyring, password manager, etc).@arma's key expired and it's making the password manager unhappy. renew key and republish everywhere (keyring, password manager, etc).Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/tpa/team/-/issues/40313Please add irl to the tordnsel LDAP group2021-06-22T20:33:17ZirlPlease add irl to the tordnsel LDAP groupThe exit scanner has been down for a few days, but I'm not able to log in to the host to reboot it.
This is a service affecting issue.The exit scanner has been down for a few days, but I'm not able to log in to the host to reboot it.
This is a service affecting issue.Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/tpa/team/-/issues/40314Misconfigured DNS allows same-site-scripting2021-06-21T17:31:14ZGeorg KoppenMisconfigured DNS allows same-site-scriptingWe got a bug report at HackerOne which I am not sure what to do about. Here it is to get input from our sysadmins (which need to fix it anyway, in case it's deemed valid):
```
Same site scripting
I have found an error of some misconfigr...We got a bug report at HackerOne which I am not sure what to do about. Here it is to get input from our sysadmins (which need to fix it anyway, in case it's deemed valid):
```
Same site scripting
I have found an error of some misconfigrured DNS in a subdomain of yours which causes same site scripting.
Steps To Reproduce:
Step 1 : Go to terminal or cmd
Step 2 : Now type host localhost.torproject.org
Step 3 : Has Now you can see the response from localhost 127.0.0.1
Step 4 : This lead to Same site scripting
Referance :
http://www.securityfocus.com/archive/1/486606/30/0/threaded
Solution:
Kindly remove DNS record from nameserver or use that subdomain.
Impact
Same site scripting may lead to internal DOS
```weasel (Peter Palfrader)weasel (Peter Palfrader)https://gitlab.torproject.org/tpo/core/tor/-/issues/404120.4.6.5 fails to build on EL72021-06-14T20:40:41Zmaha0.4.6.5 fails to build on EL7While 0.4.6.4-rc was still buildable on EL7, 0.4.6.5 fails:
```
[...]
CC src/feature/dircache/core_libtor_app_testing_a-dircache.o
CC src/feature/dircache/core_libtor_app_testing_a-dirserv.o
CC src/feature/dircli...While 0.4.6.4-rc was still buildable on EL7, 0.4.6.5 fails:
```
[...]
CC src/feature/dircache/core_libtor_app_testing_a-dircache.o
CC src/feature/dircache/core_libtor_app_testing_a-dirserv.o
CC src/feature/dirclient/core_libtor_app_testing_a-dirclient.o
src/feature/dirclient/dirclient.c: In function 'dir_client_decompress_response_body':
src/feature/dirclient/dirclient.c:1877:5: error: initializer element is not constant
static ratelim_t warning_limit = RATELIM_INIT(LOG_INTERVAL);
^
src/feature/dirclient/dirclient.c:1877:5: error: (near initialization for 'warning_limit.rate')
make[1]: *** [src/feature/dirclient/core_libtor_app_testing_a-dirclient.o] Error 1
make[1]: *** Waiting for unfinished jobs....
make[1]: Leaving directory `/builddir/build/BUILD/tor-0.4.6.5'
make: *** [all] Error 2
```
This was introduced in fc3d4e4c2fb527954780ba958659e70f35fffe6c
See here for the full log: https://download.copr.fedorainfracloud.org/results/maha/tor-latest/epel-7-x86_64/02252932-tor/build.log.gz
This using glibc-2.17-324.el7_9.x86_64, gcc-4.8.5-44.el7.x86_64https://gitlab.torproject.org/tpo/tpa/dangerzone-webdav-processor/-/issues/13securely join paths2021-06-15T19:48:54Zanarcatsecurely join pathsi used string concatenation to join path instead of the more correct (and safer) `join`. we should fix that (or maybe use pathlib's Path instead.i used string concatenation to join path instead of the more correct (and safer) `join`. we should fix that (or maybe use pathlib's Path instead.https://gitlab.torproject.org/tpo/tpa/dangerzone-webdav-processor/-/issues/15docker fails with "the input device is not a TTY"2021-06-14T19:56:08Zanarcatdocker fails with "the input device is not a TTY"somehow when deployed under systemd, the script totally fails with `the input device is not a TTY`, full log:
```
Jun 14 19:39:38 dangerzone-01 dangerzone-webdav-processor[11497]: moving 19/ to CVS//dangerzone/processing/19/ before dang...somehow when deployed under systemd, the script totally fails with `the input device is not a TTY`, full log:
```
Jun 14 19:39:38 dangerzone-01 dangerzone-webdav-processor[11497]: moving 19/ to CVS//dangerzone/processing/19/ before dangerzone/processing
Jun 14 19:39:40 dangerzone-01 dangerzone-webdav-processor[11497]: downloading CVS//dangerzone/processing/19/ to /tmp/tmpkpyhdm1c/danger/19/
Jun 14 19:39:46 dangerzone-01 dangerzone-webdav-processor[11497]: processing 3 files in dir /tmp/tmpkpyhdm1c/danger/19 to safe_dir: /tmp/tmp7wzf5x_e/safe//19
Jun 14 19:39:46 dangerzone-01 dangerzone-webdav-processor[11497]: sanitizing file /tmp/tmpkpyhdm1c/danger/19/matt_lavallee_samples.txt into /tmp/tmp7wzf5x_e/safe//19
Jun 14 19:39:46 dangerzone-01 dangerzone-webdav-processor[11497]: the input device is not a TTY
Jun 14 19:39:46 dangerzone-01 dangerzone-webdav-processor[11497]: failed to run docker command: ['docker', 'run', '-it', '--cidfile=/tmp/tmpavcaj0tj/cidfile', '--volume', '/tmp/tmpkpyhdm1c/danger/19/matt_lavallee_samples.txt:/tmp/input_file', '--network', 'none', '--security-opt=no-new-privileges:true', 'flmcode/dangerzone', 'document-to-pixels-unpriv']
Jun 14 19:39:46 dangerzone-01 dangerzone-webdav-processor[11497]: Traceback (most recent call last):
Jun 14 19:39:46 dangerzone-01 dangerzone-webdav-processor[11497]: File "/usr/bin/dangerzone-webdav-processor", line 469, in <module>
Jun 14 19:39:46 dangerzone-01 dangerzone-webdav-processor[11497]: main()
Jun 14 19:39:46 dangerzone-01 dangerzone-webdav-processor[11497]: File "/usr/bin/dangerzone-webdav-processor", line 336, in main
Jun 14 19:39:46 dangerzone-01 dangerzone-webdav-processor[11497]: client.process_path(folder, path)
Jun 14 19:39:46 dangerzone-01 dangerzone-webdav-processor[11497]: File "/usr/bin/dangerzone-webdav-processor", line 395, in process_path
Jun 14 19:39:46 dangerzone-01 dangerzone-webdav-processor[11497]: self.sanitizer.sanitize_dir(local_path)
Jun 14 19:39:46 dangerzone-01 dangerzone-webdav-processor[11497]: File "/usr/bin/dangerzone-webdav-processor", line 136, in sanitize_dir
Jun 14 19:39:46 dangerzone-01 dangerzone-webdav-processor[11497]: self.sanitize_file(os.path.join(root, file), safe_dir=safe_dir)
Jun 14 19:39:46 dangerzone-01 dangerzone-webdav-processor[11497]: File "/usr/bin/dangerzone-webdav-processor", line 145, in sanitize_file
Jun 14 19:39:46 dangerzone-01 dangerzone-webdav-processor[11497]: args=["document-to-pixels-unpriv"],
Jun 14 19:39:46 dangerzone-01 dangerzone-webdav-processor[11497]: File "/usr/bin/dangerzone-webdav-processor", line 258, in run
Jun 14 19:39:46 dangerzone-01 dangerzone-webdav-processor[11497]: with open(f"{tmpdir}/cidfile") as fp:
Jun 14 19:39:46 dangerzone-01 dangerzone-webdav-processor[11497]: FileNotFoundError: [Errno 2] No such file or directory: '/tmp/tmpavcaj0tj/cidfile'
Jun 14 19:39:46 dangerzone-01 systemd[1]: dangerzone-webdav-processor.service: Main process exited, code=exited, status=1/FAILURE
Jun 14 19:39:46 dangerzone-01 systemd[1]: dangerzone-webdav-processor.service: Failed with result 'exit-code'.
Jun 14 19:39:46 dangerzone-01 systemd[1]: Failed to start Dangerzone WebDAV processor.
```anarcatanarcathttps://gitlab.torproject.org/tpo/web/tpo/-/issues/198Remove post Fundraising Coordinator job position from the website2021-07-07T16:50:23ZGabagaba@torproject.orgRemove post Fundraising Coordinator job position from the websitePlease remove the job posting from the website. We already have enough candidates to go through the first round of interviews.
Thanks!Please remove the job posting from the website. We already have enough candidates to go through the first round of interviews.
Thanks!GusGushttps://gitlab.torproject.org/tpo/network-health/team/-/issues/14Automate measuring connection timeouts per exit2022-10-10T14:05:48ZArthur EdelsteinAutomate measuring connection timeouts per exitI have been investigating connection timeouts manually, using Tor Browser in legacy/trac#21394.
My manual test is as follows: I set Tor Browser's pref "extension.torbutton.loglevel to 3. In the Browser console, I filter for the word "TI...I have been investigating connection timeouts manually, using Tor Browser in legacy/trac#21394.
My manual test is as follows: I set Tor Browser's pref "extension.torbutton.loglevel to 3. In the Browser console, I filter for the word "TIMEOUT". Then I attempt to connect to a website, and I count the number of TIMEOUTs displayed on the browser console, such as this:
```
[10-26 06:25:47] Torbutton INFO: controlPort >> 650 STREAM 532 DETACHED 833 2606:2800:220:1:248:1893:25c8:1946:80 REASON=TIMEOUT
```
I repeatedly hit "New Tor Circuit for this Site" in the torbutton menu and manually write down how many timeouts were observed for each circuit. Here's my data from when I attempted to connect to example.com 50 times:
```
http://example.com
00100000021000002001001001000000001000000000001000
```
This sort of stream timeout is because, according to arma:
```
it means you sent your begin cell, and then you didn't get an end cell or a connected cell after 10 seconds
```
The dominant source of timeouts appears to be DNS resolution failures at the exit nodes. I observed almost no timeouts connecting directly to IPv4 or IPv6 addresses instead of a domain name (see ticket:21394#comment:20).
Regardless of the cause, I think these timeouts are causing serious damage to Tor Browser usability and we should try hard to fix it.
teor suggested some fixes to tor. In the meantime it would be great if we had an automated test that can measure the frequency of connection timeouts on a daily basis. I imagine it could generate several circuits through each exit node (both to domains and to bare IP addresses) and produce summary statistics. That would also help us know if the fixes are working or if we have any regressions in the future.
Is this something the Metrics team would be interested in working on? I see the timeout statistics on https://metrics.torproject.org/torperf-failures.html but I don't think that is measuring exactly the same thing.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40309Prep Desktop 10.0.182021-06-15T13:04:26ZMatthew FinkelPrep Desktop 10.0.18https://gitlab.torproject.org/tpo/network-health/team/-/issues/68New round of contacting operators for DNS issues and badexiting problematic r...2021-11-09T08:42:22ZGeorg KoppenNew round of contacting operators for DNS issues and badexiting problematic relays (06/14/2021)Our new scan found the following problematic relays
```
66F741F53BE5124384BA77895156B6E9976D3FA4
7731E125924324B7405BA20E2759EE16780237E2
CB4AA079F9E9061D541E5AAEDB0E952A388EED45
```
I reach out to the operators.Our new scan found the following problematic relays
```
66F741F53BE5124384BA77895156B6E9976D3FA4
7731E125924324B7405BA20E2759EE16780237E2
CB4AA079F9E9061D541E5AAEDB0E952A388EED45
```
I reach out to the operators.Georg KoppenGeorg Koppen