The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2020-06-27T14:42:41Zhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/9169Start for Tor Browser.exe starts then quits2020-06-27T14:42:41ZTracStart for Tor Browser.exe starts then quitsI installed tor browser and it loads OK. Log shows a clean build, but then it does not open firefox. it simply quits.
Log:
Jun 28 13:21:39.528 [Notice] Tor v0.2.3.25 (git-17c24b3118224d65) running on Windows 7.
Jun 28 13:21:39.528 [N...I installed tor browser and it loads OK. Log shows a clean build, but then it does not open firefox. it simply quits.
Log:
Jun 28 13:21:39.528 [Notice] Tor v0.2.3.25 (git-17c24b3118224d65) running on Windows 7.
Jun 28 13:21:39.528 [Notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Jun 28 13:21:39.528 [Notice] Read configuration file "C:\Users\Robert\Downloads\Tor Browser\Data\Tor\torrc".
Jun 28 13:21:39.528 [Notice] Initialized libevent version 2.0.21-stable using method win32. Good.
Jun 28 13:21:39.528 [Notice] Opening Socks listener on 127.0.0.1:9150
Jun 28 13:21:39.528 [Notice] Opening Control listener on 127.0.0.1:9151
Jun 28 13:21:39.635 [Notice] Parsing GEOIP file .\Data\Tor\geoip.
Jun 28 13:21:39.857 [Notice] No AES engine found; using AES_* functions.
Jun 28 13:21:39.857 [Notice] This OpenSSL has a good implementation of counter mode; using it.
Jun 28 13:21:41.358 [Notice] OpenSSL OpenSSL 1.0.0k 5 Feb 2013 looks like version 0.9.8m or later; I will try SSL_OP to enable renegotiation
Jun 28 13:21:41.358 [Notice] Reloaded microdescriptor cache. Found 3850 descriptors.
Jun 28 13:21:41.359 [Notice] We now have enough directory information to build circuits.
Jun 28 13:21:41.359 [Notice] Bootstrapped 80%: Connecting to the Tor network.
Jun 28 13:21:41.359 [Notice] New control connection opened.
Jun 28 13:21:42.236 [Notice] Heartbeat: Tor's uptime is 0:00 hours, with 4 circuits open. I've sent 0 kB and received 0 kB.
Jun 28 13:21:42.236 [Notice] Bootstrapped 85%: Finishing handshake with first hop.
Jun 28 13:21:43.212 [Notice] Bootstrapped 90%: Establishing a Tor circuit.
Jun 28 13:21:44.743 [Notice] Tor has successfully opened a circuit. Looks like client functionality is working.
Jun 28 13:21:44.744 [Notice] Bootstrapped 100%: Done.
**Trac**:
**Username**: keyboardman1Erinn ClarkErinn Clarkhttps://gitlab.torproject.org/tpo/network-health/metrics/onionoo/-/issues/19265Start hourly updater using a start/stop script rather than crontab2020-06-27T14:24:13ZKarsten LoesingStart hourly updater using a start/stop script rather than crontabThere are multiple reasons for doing this. The most recent example: we reduce the risk of leaving the crontab line unchanged when we deploy a new version (see re-opened legacy/trac#19154).There are multiple reasons for doing this. The most recent example: we reduce the risk of leaving the crontab line unchanged when we deploy a new version (see re-opened legacy/trac#19154).Onionoo 3.1-1.0.0https://gitlab.torproject.org/tpo/community/l10n/-/issues/40033Start L10n Monthly Hangouts2021-06-03T11:44:27ZemmapeelStart L10n Monthly HangoutsAfter a suggestion from Erinm, we are going to start hosting 'L10n Fridays' in our oftc irc channel #tor-l10n.
The idea is to help translators get closer to the rest of the Tor Project, and between themselves, help with their doubts, id...After a suggestion from Erinm, we are going to start hosting 'L10n Fridays' in our oftc irc channel #tor-l10n.
The idea is to help translators get closer to the rest of the Tor Project, and between themselves, help with their doubts, identify documentation needs, etc.
We have somwhat randomly decided to host them the 3rd Friday of each month.
The time will be from 8am UTC, and we do them in the irc channel so they can join without having to create an account, and also if discussions evolve in other manners we can invite them to the other tor channels (#tor-south, #tor-ux, #tor-relays, etc).
The main documentation for the Hangout Fridays is at this wiki, https://gitlab.torproject.org/tpo/community/l10n/-/wikis/Monthly-Tor-Localization-Hangouts
We should spread the news in:
- [x] transifex
- [x] mattermost
- [x] twitter
- [x] mastodon
- [ ] blog
- [ ] tor-l10n, tor-south, tor-project mailing lists
@gus promised to help me with the social media, i am preparing a call.
We could use this image for the calls, or maybe @antonela can spin some nice graphz:
![localization](/uploads/4dd212531757ea8f87fb6a59185490f3/localization.png)emmapeelemmapeelhttps://gitlab.torproject.org/tpo/network-health/metrics/monitoring-and-alerting/-/issues/29Start monitoring stream CDF ratio graphs2024-02-06T11:10:30ZGeorg KoppenStart monitoring stream CDF ratio graphsIt would be good if we'd calculate stream ratios on a regular basis in our infrastructure. We might want to have a different tool if we wanted to capture particular time frames but given that Grafana is very powerful (we can query our ne...It would be good if we'd calculate stream ratios on a regular basis in our infrastructure. We might want to have a different tool if we wanted to capture particular time frames but given that Grafana is very powerful (we can query our new DB directly and get results) it might be enough to use our regular monitoring infrastructure.
We could think about potential thresholds for alerts as well.jugajugahttps://gitlab.torproject.org/tpo/team/-/issues/29Start organizing hackweek2021-02-11T19:10:50ZGabagaba@torproject.orgStart organizing hackweekGabagaba@torproject.orgGabagaba@torproject.orghttps://gitlab.torproject.org/tpo/team/-/issues/146Start organizing the RJ session in CR - send mail to mailing list about it2023-04-20T18:17:00ZGabagaba@torproject.orgStart organizing the RJ session in CR - send mail to mailing list about it2023-04-20https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/22092Start porting Tor Browser on Servo2020-06-27T14:37:41ZcypherpunksStart porting Tor Browser on ServoServo is now on early development stages. But we know that security should be implemented from the beginning in secure systems. So it's time to influence Servo development to make it good base for next gen Tor Browser.Servo is now on early development stages. But we know that security should be implemented from the beginning in secure systems. So it's time to influence Servo development to make it good base for next gen Tor Browser.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/20813Start producing snowflakes2023-08-01T19:29:39ZArlo BreaultStart producing snowflakesOnce `snowflake-client` gets in the alpha Tor Browser builds (tpo/applications/tor-browser#20735), we're going to have some unhappy users if we don't have a sufficient number of proxies available.
We should start ramping up production a...Once `snowflake-client` gets in the alpha Tor Browser builds (tpo/applications/tor-browser#20735), we're going to have some unhappy users if we don't have a sufficient number of proxies available.
We should start ramping up production asap.
Some ideas in,<br>
https://github.com/glamrock/cupcake<br>
https://github.com/keroserene/snowflake/issues/30
We probably also want to close out the opt-in issue,<br>
https://github.com/keroserene/snowflake/issues/21Sponsor 28: Reliable Anonymous Communication Evading Censors and Repressors (RACECAR)https://gitlab.torproject.org/tpo/core/tor/-/issues/40580start requiring TLS 1.3 support2022-10-24T20:47:54Zdynstart requiring TLS 1.3 support### Background
Any relay without TLS 1.3 is probably using an EOL version of OpenSSL.
1.1.0 support ended upstream in September 2019, one year after 1.1.1 was released. Debian stretch, the last Debian release to package [openssl 1.1.0]...### Background
Any relay without TLS 1.3 is probably using an EOL version of OpenSSL.
1.1.0 support ended upstream in September 2019, one year after 1.1.1 was released. Debian stretch, the last Debian release to package [openssl 1.1.0](https://packages.debian.org/source/stretch/openssl), will hit EOL [on 30 June 2022](https://wiki.debian.org/LTS). (The most recent security patch was on [26 Sep 2021](https://tracker.debian.org/news/1261757/accepted-openssl-110l-1deb9u4-source-amd64-all-into-oldoldstable/) for [DLA-2766-1](https://www.debian.org/lts/security/2021/dla-2766).)
CentOS 7 still ships [a very old version of OpenSSL](https://centos.pkgs.org/7/centos-updates-x86_64/openssl-libs-1.0.2k-24.el7_9.x86_64.rpm.html), and is not EOL until 2024, but it also ships [much more recent versions of NSS](https://centos.pkgs.org/7/centos-updates-x86_64/nss-3.67.0-4.el7_9.x86_64.rpm.html), which unlike OpenSSL 1.0.2, do have TLS 1.3 support.
The one bug that could make TLS 1.3 unuseable, #28973 (openssl issue 7712), has been fixed since 1.1.1b (`Revert "Reduce stack usage in tls13_hkdf_expand"`):
https://github.com/openssl/openssl/commits/OpenSSL_1_1_1b/ssl/tls13_enc.c
### What to change
Now that it's 2022, it should be safe not only to do #28977 but to also:
* `if (!isServer) SSL_set_min_proto_version(result->ssl, TLS1_3_VERSION);`
* delist relays from the consensus if they can't negotiate TLS 1.3,
* but continue to allow TLS 1.2 connections from older clients for now.
### Impact
This change will make TLS 1.2 support optional for clients, so a client like arti can statically link `rustls` with the `tls12` feature disabled at compile-time, reducing its code footprint.
RPM packages targeting CentOS 7 may have to be configured with `--enable-nss` to support TLS 1.3 and operate as a relay.https://gitlab.torproject.org/tpo/network-health/sbws/-/issues/28045Start supporting python 3.7, python 3.8, and pypy3.52021-02-18T15:39:51ZjugaStart supporting python 3.7, python 3.8, and pypy3.5sbws: 1.2.x-finaljugajugahttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21106start TBB with the security setting open2022-06-18T04:53:39ZTracstart TBB with the security setting openTBB start just with a messenger about the security level, but is easy to ignore this message. one good alternative is show security setting menu automatically when TBB start at first time.
**Trac**:
**Username**: i139TBB start just with a messenger about the security level, but is easy to ignore this message. one good alternative is show security setting menu automatically when TBB start at first time.
**Trac**:
**Username**: i139https://gitlab.torproject.org/tpo/network-health/metrics/library/-/issues/18861start thinking about using java82020-06-27T14:23:43Ziwakehstart thinking about using java8a. Oracle issued the following more than a year ago
>Auto-update Notice and End of Public Updates for Oracle JDK 7
>
>As outlined in the Oracle JDK Support Roadmap, after April 2015, Oracle will not >post further updates of Java SE 7 to ...a. Oracle issued the following more than a year ago
>Auto-update Notice and End of Public Updates for Oracle JDK 7
>
>As outlined in the Oracle JDK Support Roadmap, after April 2015, Oracle will not >post further updates of Java SE 7 to its public download sites. Customers who need >continued access to critical bug fixes and security fixes as well as general >maintenance for Java SE 7 or older versions can get long term support through Oracle >Java SE Support. The process of migrating users from Java 7 to Java 8 through the >auto update feature is expected to take place after the January 2015 CPU release.(quoted from http://www.oracle.com/technetwork/java/javase/eol-135779.html)
a. OpenJDK8 has been available in stable debian for quite a while.
a. Java8 has matured by now, i.e. there were numerous updates since the first release (cf. [here](http://www.oracle.com/technetwork/java/javase/8u-relnotes-2225394.html)).
a. [Java8 features](http://www.oracle.com/technetwork/java/javase/8-whats-new-2157071.html) like lambdas, streams, easy parallelization, performance improvements for the `java.lang.String(byte[], *)` constructor and the `java.lang.String.getBytes()` method, parallel array sorting, standard encoding and decoding base64 might be quite useful for metrics-lib in particular.
I think that switching to java8 in Onionoo, metrics-db, and metrics-lib should not pose any problems.
I don't know about other projects that might use metrics-lib?
Using the new features could be done step by step, in special java8 branches.
The metrics-lib [benchmark code](https://stem.torproject.org/_static/example/benchmark_metrics_lib.java) could be integrated in the test codebase for metrics-lib and used for measuring performance.
Nothing very urgent, but it seems a good thing to start thinking about it now.
(And ... Java9 is waiting around the corner ;-)Karsten LoesingKarsten Loesinghttps://gitlab.torproject.org/tpo/applications/tor-browser-bundle-testsuite/-/issues/40016Start Tor with DisableNetwork=12021-01-21T07:54:04ZAlex CatarineuStart Tor with DisableNetwork=1This should be closer to how it's done by tor-launcher and should help us catch issues like tor-browser#40282.This should be closer to how it's done by tor-launcher and should help us catch issues like tor-browser#40282.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40563Start using a maintained version of osslsigncode for our authenticode signing2023-01-05T12:46:01ZGeorg KoppenStart using a maintained version of osslsigncode for our authenticode signing`osslsigncode` on SoureForge seems to be dead for a while now. It's worth switching to a maintained version, e.g. [mtrojnar's](https://github.com/mtrojnar/osslsigncode) one.`osslsigncode` on SoureForge seems to be dead for a while now. It's worth switching to a maintained version, e.g. [mtrojnar's](https://github.com/mtrojnar/osslsigncode) one.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/33172Start using a maintained version of osslsigncode for our authenticode signing2022-07-09T04:24:04ZGeorg KoppenStart using a maintained version of osslsigncode for our authenticode signing`osslsigncode` on SoureForge seems to be dead for a while now. It's worth switching to a maintained version, e.g. [mtrojnar's](https://github.com/mtrojnar/osslsigncode) one.`osslsigncode` on SoureForge seems to be dead for a while now. It's worth switching to a maintained version, e.g. [mtrojnar's](https://github.com/mtrojnar/osslsigncode) one.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/31860Start using LTO for firefox project2023-01-05T14:16:07ZGeorg KoppenStart using LTO for firefox projectThere are a number of platforms where Mozilla is using LTO in their builds. We should switch to that if possible by setting the respective `MOZ_LTO` env variable.
This is the parent ticket.
We might want to test this thoroughly as ther...There are a number of platforms where Mozilla is using LTO in their builds. We should switch to that if possible by setting the respective `MOZ_LTO` env variable.
This is the parent ticket.
We might want to test this thoroughly as there are probably reproducibility issues involved (glandium mentioned the other day that Mozilla's macOS builds are not reproducible anymore which is not the case for us; the best explanation he could come up with was that LTO is causing that).https://gitlab.torproject.org/tpo/anti-censorship/gettor-project/OnionSproutsBot/-/issues/41start using plugins2023-04-22T12:49:06Zn0toosestart using pluginsWe want to avoid situations like: https://gitlab.torproject.org/tpo/anti-censorship/gettor-project/onionsproutsbot/-/blob/3edfb1c091c3b918629f0d06e767fc0137ddbf9e/OnionSproutsBot/bot.py#L372-L383
The patch was still merged, as it went k...We want to avoid situations like: https://gitlab.torproject.org/tpo/anti-censorship/gettor-project/onionsproutsbot/-/blob/3edfb1c091c3b918629f0d06e767fc0137ddbf9e/OnionSproutsBot/bot.py#L372-L383
The patch was still merged, as it went kind-of-out-of-scope and I wanted to provide translators with the few, slightly altered strings as soon as possible.
Pyrogram has a [built-in mechanism to specifically prevent this](https://docs.pyrogram.org/topics/smart-plugins), which I avoided using as I believed that "plugins", in this case, insinuated that they could be dynamically removed or added, which was very suboptimal, considering that the functions we wanted to "abstract" into separate files were linked to specific buttons under `bot.py` and we could not check whether a plugin was imported or not. Apparently, according to @StarByte, this doesn't matter as "plugins" can't be loaded or unloaded during runtime, and my confusion stemmed from my experience with other libraries that interface with instant messaging apps.
For this task to be complete, it'd be optimal to:
- separate some helper functions currently under `dialogue.py`
- shove all callback-needing functions in `dialogue.py` in a new file and remove the aforementioned "ugly hack" from bot.py
- move most of the functions in `bot.py` to a plugin file
~~(Note: https://gitlab.torproject.org/tpo/anti-censorship/gettor-project/onionsproutsbot/-/issues/42 has to be dealt with first)~~n0toosen0toosehttps://gitlab.torproject.org/tpo/core/arti/-/issues/54Start using sementic versioning2021-09-08T15:18:27ZNick MathewsonStart using sementic versioningWe should start using semver on arti, once we have a package we're willing to declare has a supported API.We should start using semver on arti, once we have a package we're willing to declare has a supported API.Arti 0.0.1 release: basic anonymityhttps://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/91Start versioning rdsys2022-02-25T16:10:05ZGabagaba@torproject.orgStart versioning rdsysRdsys will be deployed in production very soon. It would be good to version it so we keep track of what is being deployed each time.Rdsys will be deployed in production very soon. It would be good to version it so we keep track of what is being deployed each time.Deploy RDSYS alongside BridgeDBmeskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/15740start-tor-browser -h does not work2020-06-27T14:40:54Zweasel (Peter Palfrader)start-tor-browser -h does not work[tor-browser-linux64-4.5a5_en-US]
weasel@defiant:~/tmp/tbb/tor-browser_en-US/Browser$ ./start-tor-browser -h
weasel@defiant:~/tmp/tbb/tor-browser_en-US/Browser$[tor-browser-linux64-4.5a5_en-US]
weasel@defiant:~/tmp/tbb/tor-browser_en-US/Browser$ ./start-tor-browser -h
weasel@defiant:~/tmp/tbb/tor-browser_en-US/Browser$