Anti-censorship issueshttps://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues2024-03-26T14:17:29Zhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyrebird/-/issues/40014Intergrating WebTunnel into Lyrebird to reduce Distributed Binary Size2024-03-26T14:17:29ZshelikhooIntergrating WebTunnel into Lyrebird to reduce Distributed Binary SizeWe are considering integrating WebTunnel into WebTunnel in order to reduce the binary size of distributed binary.
This is a request from application team: the apk size is increasing and approaching the limit of Play Store. It might be b...We are considering integrating WebTunnel into WebTunnel in order to reduce the binary size of distributed binary.
This is a request from application team: the apk size is increasing and approaching the limit of Play Store. It might be beneficial for us to move webtunnel's entry point to Lyrebird to avoid shipping one more copy of the Go Runtime library.shelikhooshelikhoohttps://gitlab.torproject.org/tpo/anti-censorship/bridgestrap/-/issues/41issue when downloading from https://bridges.torproject.org/bridgestrap-collector2024-03-19T13:15:07ZHiroissue when downloading from https://bridges.torproject.org/bridgestrap-collectorI have noticed an issue when collector-02 is downloading from: https://bridges.torproject.org/bridgestrap-collector
This is the error I see in java.
```
2024-03-01 09:45:13,880 WARN o.t.m.c.b.BridgestrapStatsDownloader:70 Failed downl...I have noticed an issue when collector-02 is downloading from: https://bridges.torproject.org/bridgestrap-collector
This is the error I see in java.
```
2024-03-01 09:45:13,880 WARN o.t.m.c.b.BridgestrapStatsDownloader:70 Failed downloading https://bridges.torproject.org/bridgestrap-collector.
java.io.IOException: Premature EOF
at java.base/sun.net.www.http.ChunkedInputStream.readAheadBlocking(ChunkedInputStream.java:567)
at java.base/sun.net.www.http.ChunkedInputStream.readAhead(ChunkedInputStream.java:611)
at java.base/sun.net.www.http.ChunkedInputStream.read(ChunkedInputStream.java:705)
at java.base/java.io.FilterInputStream.read(FilterInputStream.java:132)
at java.base/sun.net.www.protocol.http.HttpURLConnection$HttpInputStream.read(HttpURLConnection.java:3698)
at java.base/java.io.BufferedInputStream.fill(BufferedInputStream.java:244)
at java.base/java.io.BufferedInputStream.read1(BufferedInputStream.java:284)
at java.base/java.io.BufferedInputStream.read(BufferedInputStream.java:343)
at org.torproject.metrics.collector.downloader.Downloader.downloadFromHttpServer(Downloader.java:55)
at org.torproject.metrics.collector.downloader.Downloader.downloadFromHttpServer(Downloader.java:26)
at org.torproject.metrics.collector.bridgestrap.BridgestrapStatsDownloader.startProcessing(BridgestrapStatsDownloader.java:68)
at org.torproject.metrics.collector.cron.CollecTorMain.run(CollecTorMain.java:55)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
at java.base/java.util.concurrent.FutureTask.runAndReset(FutureTask.java:305)
at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:305)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:840)
```
I made some little measurements from bash and got this:
```
time_namelookup: 0.050899s
time_connect: 0.097606s
time_appconnect: 0.159109s
time_pretransfer: 0.159138s
time_redirect: 0.000000s
time_starttransfer: 0.209088s
----------
time_total: 5.969495s
```
Seems nothing is really amiss. Any idea what is happening? Is this a web server issue or should I talk to anti-censorship instead?meskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/194Unable to load Moat captchas in Tor Browser2024-03-04T13:34:53Zebanamebanam@torproject.orgUnable to load Moat captchas in Tor BrowserThe request is timing out after a few moments with the message "Solve the CAPTCHA to request a bridge" but no accompanying image.
![moat-captcha-2](/uploads/1f9dc45b8eecac9d2f32561187c286dd/moat-captcha-2.png){width=50%}The request is timing out after a few moments with the message "Solve the CAPTCHA to request a bridge" but no accompanying image.
![moat-captcha-2](/uploads/1f9dc45b8eecac9d2f32561187c286dd/moat-captcha-2.png){width=50%}https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40342Shadow integration tests occasionally panic2024-03-07T22:51:40ZCecylia BocovichShadow integration tests occasionally panicA recent job failed: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/jobs/491691
This is likely runner-dependent, since no changes were made to the Shadow tests since it last passed:
```
$ shadow --log...A recent job failed: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/jobs/491691
This is likely runner-dependent, since no changes were made to the Shadow tests since it last passed:
```
$ shadow --log-level=debug --model-unblocked-syscall-latency=true snowflake-minimal.yaml > shadow.log
** Starting Shadow v3.0.0-557-g193924aa 2023-08-25--13:24:51 with GLib v2.66.8
thread 'shadow-worker' panicked at 'called `Result::unwrap()` on an `Err` value: ENOSYS', main/utility/childpid_watcher.rs:269:37
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
thread 'shadow-worker' panicked at 'called `Result::unwrap()` on an `Err` value: PoisonError { .. }', main/utility/childpid_watcher.rs:268:43
thread 'shadow-worker' panicked at 'called `Result::unwrap()` on an `Err` value: PoisonError { .. }thread '', shadow-workermain/utility/childpid_watcher.rs' panicked at ':assertion failed: self.shim_shmem_lock.borrow().is_none()268', :main/host/host.rs43:
971:9
fatal runtime error: thread local panicked on drop
thread 'shadow-worker' panicked at 'called `Result::unwrap()` on an `Err` value: PoisonError { .. }', main/utility/childpid_watcher.rs:268:43
thread 'shadow-worker' panicked at 'assertion failed: self.shim_shmem_lock.borrow().is_none()', main/host/host.rs:971:9/bin/bash: line 210: 30403 Aborted (core dumped) shadow --log-level=debug --model-unblocked-syscall-latency=true snowflake-minimal.yaml > shadow.log
```https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40341Encode AWS credentials for SQS rendezvous2024-03-12T11:26:12ZCecylia BocovichEncode AWS credentials for SQS rendezvousAmazon's automatic scraping of Github has found our public credentials shared on https://github.com/net4people/bbs/issues/335 which leads to their support team requiring us to rotate them. We may be able to avoid this by encoding our cre...Amazon's automatic scraping of Github has found our public credentials shared on https://github.com/net4people/bbs/issues/335 which leads to their support team requiring us to rotate them. We may be able to avoid this by encoding our credentials (for example with base64) and having users pass in the encoded strings.
cc @mpuhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40339Avoid SQS queue reuse errors2024-03-05T17:40:02ZCecylia BocovichAvoid SQS queue reuse errorsAs described in https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40323#note_3002284, the reuse of the `sqsClientID` can cause errors on subsequent rendezvous attempts.As described in https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40323#note_3002284, the reuse of the `sqsClientID` can cause errors on subsequent rendezvous attempts.mpumpuhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyrebird/-/issues/40013version is reported as lyrebird-0.0.142024-03-04T19:48:23Ztoralfversion is reported as lyrebird-0.0.14shouldn't it be 0.1.0 ?shouldn't it be 0.1.0 ?meskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40335No release for version 2.9.02024-02-27T16:41:36ZPonchoNo release for version 2.9.0Hi there
Some time ago, you've tagged version 2.9.0
It's available under https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/tags
But there is no corresponding release under https://gitlab.torproject.org/...Hi there
Some time ago, you've tagged version 2.9.0
It's available under https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/tags
But there is no corresponding release under https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/releases and the release job was skipped https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/jobs/471273
Not sure whether this is all on purpose or if something went wrong. Therefore, opening this issue.Cecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/anti-censorship/gettor-project/OnionSproutsBot/-/issues/59@gettor_bot on Telegram does not work2024-03-26T10:20:35Znina@gettor_bot on Telegram does not workit shows "loading" but nothing happensit shows "loading" but nothing happensmeskiomeskio@torproject.orgmeskiomeskio@torproject.org2024-02-22https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40334Post upgrade2024-02-17T22:19:10ZLinus Nordberglinus@torproject.orgPost upgrade- [x] apt autoremove; apt remove '~c'
- [x] apt-mark auto rsyslog && apt autoremove # https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html- [x] apt autoremove; apt remove '~c'
- [x] apt-mark auto rsyslog && apt autoremove # https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.htmlhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40333Perform upgrade2024-02-17T21:55:05ZLinus Nordberglinus@torproject.orgPerform upgrade- [x] APT sources prepared
- [x] apt update && apt -o APT::Get::Trivial-Only=true full-upgrade
- [x] apt upgrade --without-new-pkgs
- [x] apt full-upgrade
- [x] reboot- [x] APT sources prepared
- [x] apt update && apt -o APT::Get::Trivial-Only=true full-upgrade
- [x] apt upgrade --without-new-pkgs
- [x] apt full-upgrade
- [x] reboothttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40332Prepare upgrade2024-02-17T10:41:33ZLinus Nordberglinus@torproject.orgPrepare upgrade- [x] systemd-resolved installed? no
- [x] apt purge ifupdown
- [x] upgrade 11.8 -> 11.9
- [x] apt autopurge; apt purge \\~c
- [x] find /etc -name '*.dpkg-*' -o -name '*.ucf-*' -o -name '*.merge-error'
- [x] dpkg --audit
- [x] apt-mark s...- [x] systemd-resolved installed? no
- [x] apt purge ifupdown
- [x] upgrade 11.8 -> 11.9
- [x] apt autopurge; apt purge \\~c
- [x] find /etc -name '*.dpkg-*' -o -name '*.ucf-*' -o -name '*.merge-error'
- [x] dpkg --audit
- [x] apt-mark showhold
- [x] dpkg --get-selections '*' > /root/dpkg-get-selections && (umask 0077; tar cf /root/2024-02-17-backup.tar -C / root etc var/lib/dpkg var/lib/apt/extended_states)https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40331Verify console access2024-02-17T09:27:48ZLinus Nordberglinus@torproject.orgVerify console accesshttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40330Collect metrics for binned counts of client polls per country for each rendez...2024-03-12T11:29:00ZCecylia BocovichCollect metrics for binned counts of client polls per country for each rendezvous methodWe now collect metrics on [poll counts for each rendezvous method](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/243). To learn about potential censorship events it would be useful to a...We now collect metrics on [poll counts for each rendezvous method](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/243). To learn about potential censorship events it would be useful to also collect binned polling counts per country by adding a line:
```
client-[method]-ips [CC=NUM,CC=NUM,...,CC=NUM] NL
```
for each rendezvous method.
I think it's safer to still collect poll counts rather than unique IPs for clients to avoid the necessity of storing (even hashed) seen addresses in memory. The main trick is in how we learn the client's IP address to perform a country code lookup in the geoip database. For the domain fronting rendezvous method, we could use the `X-Forwarded-For` header, but SQS does not offer details on the IP that sent the message. One way to do this is to pull the client IP out of the SDP offer. We already have some code for processing ice candidates and [removing local addresses](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/blob/35984c0876273adb810ab3cc558464ba786aafcd/common/util/util.go#L70-L99). Something similar could be done to extract the client IP.mpumpuhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40326snowflake-01: Fetch Debia packages over HTTPS instead of over onions2024-01-30T16:50:16ZLinus Nordberglinus@torproject.orgsnowflake-01: Fetch Debia packages over HTTPS instead of over onionsDebian's onions for packages, especially 2s4yqjx5... for ftp.do, has become unreliable to the point where unattended-upgrades seems to be failing night after night.
Going back to HTTPS is kinda sad but not too bad IMO.Debian's onions for packages, especially 2s4yqjx5... for ftp.do, has become unreliable to the point where unattended-upgrades seems to be failing night after night.
Going back to HTTPS is kinda sad but not too bad IMO.Linus Nordberglinus@torproject.orgLinus Nordberglinus@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40325snowflake-01: Increase netdata metrics retention period2024-01-31T12:31:40ZLinus Nordberglinus@torproject.orgsnowflake-01: Increase netdata metrics retention periodNetdata stores about 12h of metrics. Being able to look back further in time would be valuable for understanding the system usage better.
Current configuration is 256MB (see http://192.168.47.1/netdata.conf for running config). The data...Netdata stores about 12h of metrics. Being able to look back further in time would be valuable for understanding the system usage better.
Current configuration is 256MB (see http://192.168.47.1/netdata.conf for running config). The data is stored in /var/cache/netdata which resides in / with 3.4G available.Linus Nordberglinus@torproject.orgLinus Nordberglinus@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/bridge-port-scan/-/issues/7Build process needs updating2024-02-07T13:11:37ZKezBuild process needs updatingThe web team's lektor site build process has changed a bit since this repo was last updated, and the repo no longer builds with the instructions provided (the build instructions seem a bit incomplete even without these build changes). So...The web team's lektor site build process has changed a bit since this repo was last updated, and the repo no longer builds with the instructions provided (the build instructions seem a bit incomplete even without these build changes). So the build process needs to be updated, and more thoroughly documented.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40324Snowflake git clone requires username?2024-01-26T16:58:45ZcypherpunksSnowflake git clone requires username?Hello,
I want to install Snowflake in my Debian PC, for that I tried to follow this instructions (Compiling and running from source):
https://community.torproject.org/relay/setup/snowflake/standalone/
To install golang was much more com...Hello,
I want to install Snowflake in my Debian PC, for that I tried to follow this instructions (Compiling and running from source):
https://community.torproject.org/relay/setup/snowflake/standalone/
To install golang was much more complicated that it says there as if you use apt you get an older and not supported version. Then I am asked for a username and password when I reach the git clone command. This is a surprise for me as I really didn't expect it and I cannot understand why you require this. Anyway I went to gitlab.com and I signed up for an account but it looks like that user is not good to download this package!. So I also clicked on https://gitlab.onionize.space/ and filled that form and I am waiting to get approved. Do you know how long does it normally takes? Why people cannot download it without all that registration process?
I am not an expert with Linux, sorry if I am asking something silly.
Thanks, Regards
Mhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40323Deploy new SQS rendezvous method2024-03-02T02:39:52ZCecylia BocovichDeploy new SQS rendezvous methodNow that !214 is merged, we can deploy this feature at the broker so that users with updated clients can start using it.
There are a few necessary steps:
- the broker deployment
- creation of public credentials
- set up alerts/precautio...Now that !214 is merged, we can deploy this feature at the broker so that users with updated clients can start using it.
There are a few necessary steps:
- the broker deployment
- creation of public credentials
- set up alerts/precautions against overchargesCecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/52Error in handling returned lox open invite credential2024-01-17T18:23:21ZCecylia BocovichError in handling returned lox open invite credentialThis error occurs even in the provided [index.js](https://gitlab.torproject.org/tpo/anti-censorship/lox/-/blob/1702027cb9d14f71df72e9d85cdfe77399b4fff8/crates/lox-wasm/index.js) testing file. When run against a local distributor and the ...This error occurs even in the provided [index.js](https://gitlab.torproject.org/tpo/anti-censorship/lox/-/blob/1702027cb9d14f71df72e9d85cdfe77399b4fff8/crates/lox-wasm/index.js) testing file. When run against a local distributor and the deployed one I get the following exception:
```
Got new Level 0 Lox Credential: {"P":[12,129,59,157,121,225,6,150,194,200,72,26,188,195,15,229,139,204,49,36,179,141,0,150,72,241,136,219,170,206,231,50],"EncQ":[[98,9,15,8,54,81,218,22,82,70,239,212,101,12,243,129,165,184,97,205,179,38,12,178,98,15,23,232,17,50,71,13],[80,202,142,91,230,150,9,187,208,240,238,169,26,222,64,120,238,164,35,142,217,192,10,235,0,126,191,163,255,65,178,80]],"id_server":[54,156,121,253,251,100,19,232,112,83,236,136,43,26,112,175,177,230,53,45,25,43,3,177,242,162,220,123,113,235,179,14],"TId":[72,44,140,114,216,192,186,180,125,101,94,61,134,10,93,29,95,251,160,50,201,174,38,169,160,206,88,236,107,182,234,124],"bucket":[163,125,100,109,48,31,232,75,243,29,174,45,46,128,1,87,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"level_since":[167,138,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"piBlindIssue":{"challenge":[171,251,205,97,209,196,140,133,221,211,120,119,192,152,55,185,168,79,86,137,171,158,64,156,27,47,206,177,62,25,151,5],"responses":[[235,38,47,107,237,22,154,128,245,29,86,173,17,122,45,28,153,170,186,224,24,101,123,62,137,221,81,130,222,113,172,3],[184,245,74,211,243,74,41,219,151,78,12,150,97,98,6,31,210,155,72,114,153,207,27,94,55,153,182,202,104,129,183,2],[19,6,1,194,22,128,239,61,135,67,246,55,72,95,36,218,170,243,157,127,240,29,4,192,196,133,213,109,94,54,225,6],[127,165,27,223,27,137,239,8,44,185,181,209,17,220,4,34,133,16,159,238,112,20,161,124,11,225,30,26,182,25,222,14],[254,18,160,132,137,176,117,103,138,146,49,254,200,1,50,139,27,226,23,204,95,3,52,189,228,8,116,85,71,241,221,15],[186,221,129,15,169,254,252,66,73,152,157,125,11,99,58,46,3,152,125,201,83,123,21,238,118,61,120,166,184,8,251,13],[17,183,56,176,75,141,205,193,209,98,112,70,226,161,117,170,67,43,183,76,167,22,198,216,226,1,242,143,81,5,174,3],[244,166,99,0,166,175,168,162,206,146,245,156,0,40,133,212,154,251,206,28,228,207,127,197,107,65,229,239,60,38,126,8]]},"bridge_line":{"addr":[54,56,46,49,56,51,46,50,48,53,46,49,56,0,0,0],"port":8444,"uid_fingerprint":13430605359072130000,"info":[116,121,112,101,61,111,98,102,115,52,32,102,105,110,103,101,114,112,114,105,110,116,61,34,52,53,50,48,48,67,48,68,49,53,67,48,51,66,54,57,54,52,53,57,57,66,66,51,50,51,54,50,54,69,57,53,56,48,50,51,55,55,68,57,34,32,112,97,114,97,109,115,61,83,111,109,101,40,123,34,105,97,116,45,109,111,100,101,34,58,32,34,48,34,44,32,34,99,101,114,116,34,58,32,34,122,86,117,113,114,97,88,97,51,76,109,122,102,79,113,100,110,65,111,106,53,88,83,49,120,48,111,82,101,78,51,112,78,56,97,75,70,86,116,87,121,100,104,70,107,83,76,120,97,75,78,70,111,69,119,77,78,48,49,88,47,83,89,81,43,117,57,106,99,103,34,125,41,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]}} index.js:38:13
Uncaught trailing characters at line 1 column 2586
```