Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-16T01:12:51Zhttps://gitlab.torproject.org/legacy/trac/-/issues/34044Authenticode signing certificate renewal still needs Windows system in the loop2020-06-16T01:12:51ZGeorg KoppenAuthenticode signing certificate renewal still needs Windows system in the loopWe built our Windows .exe signing in a way that it can be done on Linux computers. However, getting a new signing cert currently requires still a custom Windows binary run. We should move that part to a Linux system, too.We built our Windows .exe signing in a way that it can be done on Linux computers. However, getting a new signing cert currently requires still a custom Windows binary run. We should move that part to a Linux system, too.https://gitlab.torproject.org/legacy/trac/-/issues/34043Update snowflake to persist sessions across proxies2020-06-16T01:12:51ZDavid Fifielddcf@torproject.orgUpdate snowflake to persist sessions across proxiesThis updates snowflake for #33745 and #33897, which add Turbo Tunnel features to snowflake.
There are two new dependencies, kcp-go and smux, which together make up the inner reliability layer. There's a patch to kcp-go to eliminate depe...This updates snowflake for #33745 and #33897, which add Turbo Tunnel features to snowflake.
There are two new dependencies, kcp-go and smux, which together make up the inner reliability layer. There's a patch to kcp-go to eliminate dependencies of features we don't use.
This is a Tor Browser ticket but I'm putting it in Circumvention/Snowflake to start to see if there's anything else we want to merge at the same time. Maybe #34042?David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/34042Reduce DataChannelTimeout2020-06-16T01:12:51ZDavid Fifielddcf@torproject.orgReduce DataChannelTimeoutSince #33897 we have separate timeout controls for first establishing the data channel (`DataChannelTimeout`) and deciding a once-working data channel has died (`SnowflakeTimeout`). They are both currently set to 30 s. We can lower `Data...Since #33897 we have separate timeout controls for first establishing the data channel (`DataChannelTimeout`) and deciding a once-working data channel has died (`SnowflakeTimeout`). They are both currently set to 30 s. We can lower `DataChannelTimeout` to discard non-working proxies more quickly.https://gitlab.torproject.org/legacy/trac/-/issues/34041Discord sent me an email listing my real ip as login location2020-06-13T18:36:28ZTracDiscord sent me an email listing my real ip as login locationI logged in to discord using tor and then got an email from discord saying someone had logged in to discord and giving my REAL IP address.
**Trac**:
**Username**: Camillia124I logged in to discord using tor and then got an email from discord saying someone had logged in to discord and giving my REAL IP address.
**Trac**:
**Username**: Camillia124https://gitlab.torproject.org/legacy/trac/-/issues/34040Video but no sound in TOR, Knoppix OS2020-06-13T15:53:17ZTracVideo but no sound in TOR, Knoppix OSI'm running an unaltered Knoppix OS from a USB, on a Dell Latitude E6500 laptop: 2 core, Intel 45 chipset, 64bit capable but only running 32 bit; 512 & 8 GB memory capable but 2 GB memory installed.
"About" in the browser says this is...I'm running an unaltered Knoppix OS from a USB, on a Dell Latitude E6500 laptop: 2 core, Intel 45 chipset, 64bit capable but only running 32 bit; 512 & 8 GB memory capable but 2 GB memory installed.
"About" in the browser says this is Tor 9.0.9, up to date,Firefox 68.7.0esr) (32-bit) up to date.
While in Windows 7 Ultimate (32 bit), sound & video work fine locally & on web in both Firefox and TOR. In Knoppix, both work locally & in Firefox. But in Knoppix in TOR, I can play video but THERE's NO SOUND.
I'm illiterate in unix/debian commands. This is all new to me. Can someone guide me in plainspeak through trying some fixes in Knoppix?
I'm coming up empty on the internet. I would very much appreciate any help. Thank you.
**Trac**:
**Username**: AntiDiluvhttps://gitlab.torproject.org/legacy/trac/-/issues/34039Video but no sound in TOR, Knoppix OS2020-06-16T01:12:50ZTracVideo but no sound in TOR, Knoppix OSI'm running an unaltered Knoppix OS from a USB, on a Dell Latitude E6500 laptop: 2 core, Intel 45 chipset, 64bit capable but only running 32 bit; 512 & 8 GB memory capable but 2 GB memory installed.
"About" in the browser says this is...I'm running an unaltered Knoppix OS from a USB, on a Dell Latitude E6500 laptop: 2 core, Intel 45 chipset, 64bit capable but only running 32 bit; 512 & 8 GB memory capable but 2 GB memory installed.
"About" in the browser says this is Tor 9.0.9, up to date,
Firefox 68.7.0esr) (32-bit) up to date.
While in Windows 7 Ultimate (32 bit), sound & video work fine locally & on web in both Firefox and TOR. In Knoppix, both work locally & in Firefox. But in Knoppix in TOR, I can play video but THERE's NO SOUND.
I'm illiterate in unix/debian commands. This is all new to me. Can someone guide me in plainspeak through trying some fixes in Knoppix?
I'm coming up empty on the internet. I would very much appreciate any help. Thank you.
**Trac**:
**Username**: AntiDiluvhttps://gitlab.torproject.org/legacy/trac/-/issues/34038Video but no sound in TOR, Knoppix OS2020-06-16T01:12:49ZTracVideo but no sound in TOR, Knoppix OSI'm running an unaltered Knoppix OS from a USB, on a Dell Latitude E6500 laptop: 2 core, Intel 45 chipset, 64bit capable but only running 32 bit; 512 & 8 GB memory capable but 2 GB memory installed.
"About" in the browser says this is...I'm running an unaltered Knoppix OS from a USB, on a Dell Latitude E6500 laptop: 2 core, Intel 45 chipset, 64bit capable but only running 32 bit; 512 & 8 GB memory capable but 2 GB memory installed.
"About" in the browser says this is Tor 9.0.9, up to date,Firefox 68.7.0esr) (32-bit) up to date.
While in Windows 7 Ultimate (32 bit), sound & video work fine locally & on web in both Firefox and TOR. In Knoppix, both work locally & in Firefox. But in Knoppix in TOR, I can play video but THERE's NO SOUND.
I'm illiterate in unix/debian commands. This is all new to me. Can someone guide me in plainspeak through trying some fixes in Knoppix?
I'm coming up empty on the internet. I would very much appreciate any help. Thank you - AntiDiluv
**Trac**:
**Username**: AntiDiluvhttps://gitlab.torproject.org/legacy/trac/-/issues/34037Make chutney check tor's logs for reachability self-test success2020-06-13T15:52:08ZteorMake chutney check tor's logs for reachability self-test successThis ticket is an alternative to #33582 or #33222.
Instead of fixing bridge descriptor uploads, we can check bridge logs to make sure that reachability self-tests have succeeded.
For consistency, we should also do the same checks for r...This ticket is an alternative to #33582 or #33222.
Instead of fixing bridge descriptor uploads, we can check bridge logs to make sure that reachability self-tests have succeeded.
For consistency, we should also do the same checks for relays.
We can only do these tests on authorities, relays, and bridges that are configured with `AssumeReachable 0`. Chutney's current defaults are:
* directory authorities: 1
* bridge authorities: 1
* relays: 0
* bridges: 0
* clients: clients never perform reachability self-tests
Some custom chutney networks may set `AssumeReachable 1` for relays and bridges. So we should make it easy for them to disable these checks.https://gitlab.torproject.org/legacy/trac/-/issues/34036audit access permissions in rt.torproject.org2020-06-13T17:01:54Zanarcataudit access permissions in rt.torproject.orgthere are a lot of users in rt, some of which probably do not belong there:
https://rt.torproject.org/Admin/Users/
we need to perform an audit of who has access to RT, to which queue and clean all that up.
ideally, users shouldn't be ...there are a lot of users in rt, some of which probably do not belong there:
https://rt.torproject.org/Admin/Users/
we need to perform an audit of who has access to RT, to which queue and clean all that up.
ideally, users shouldn't be granted individual access to stuff and only be part of groups which, in turn, have the required accesses.
users should also be added/removed properly as part of the onboarding/offboarding procedures, but that's a question for #32519. for now, this ticket is just about playing catchup.https://gitlab.torproject.org/legacy/trac/-/issues/34035Dry out GetTor's sendmail function2020-06-21T18:06:10ZCecylia BocovichDry out GetTor's sendmail functionThis patch refactors the sendmail function in GetTor to avoid code duplication.
https://gitlab.torproject.org/torproject/anti-censorship/gettor-project/gettor/-/merge_requests/6This patch refactors the sendmail function in GetTor to avoid code duplication.
https://gitlab.torproject.org/torproject/anti-censorship/gettor-project/gettor/-/merge_requests/6Cecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/legacy/trac/-/issues/34034Create anti-censorship-alerts list for service outage alerts2020-06-13T17:01:53ZPhilipp Winterphw@torproject.orgCreate anti-censorship-alerts list for service outage alertsCan you please create a new list, anti-censorship-alerts dot lists dot tpo, for the anti-censorship team? We will use this list for service alerts, i.e., Nagios, Prometheus, and other monitoring tools will send service outage alerts to t...Can you please create a new list, anti-censorship-alerts dot lists dot tpo, for the anti-censorship team? We will use this list for service alerts, i.e., Nagios, Prometheus, and other monitoring tools will send service outage alerts to the list.Jens KubiezielJens Kubiezielhttps://gitlab.torproject.org/legacy/trac/-/issues/34033KBytes/s units labeled wrong as kpbs2020-06-13T10:45:52ZcypherpunksKBytes/s units labeled wrong as kpbsIn notification, it shows Bandwidth as kpbs in app itself it says
Kbit/s but in reality it is traffic of unit KByte/s
i confirmed with ntop that gives orbot bandwidth * 8
(factor 8) difference
_may this is another reason why some peop...In notification, it shows Bandwidth as kpbs in app itself it says
Kbit/s but in reality it is traffic of unit KByte/s
i confirmed with ntop that gives orbot bandwidth * 8
(factor 8) difference
_may this is another reason why some people say tor is slow._Nathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/34032Use Securedrop's Official https-everywhere ruleset2020-06-16T01:12:49ZMatthew FinkelUse Securedrop's Official https-everywhere rulesetLet's create a fixup for #28005.
Official ruleset is now: https://securedrop.org/https-everywhere/
New signing key: https://github.com/freedomofpress/securedrop-https-everywhere-ruleset/blob/master/release-pubkey.jwk
(also in footer of...Let's create a fixup for #28005.
Official ruleset is now: https://securedrop.org/https-everywhere/
New signing key: https://github.com/freedomofpress/securedrop-https-everywhere-ruleset/blob/master/release-pubkey.jwk
(also in footer of securedrop.org)
The repository for storing the official HTTPS Everywhere ruleset channel is here:
https://github.com/freedomofpress/securedrop-https-everywhere-rulesethttps://gitlab.torproject.org/legacy/trac/-/issues/34031Figure out warning about unknown error type when exporting .tpf file2020-06-13T18:04:32ZKarsten LoesingFigure out warning about unknown error type when exporting .tpf fileI found this warning on an OnionPerf test instance:
```
2020-04-27 13:00:01 1587992401.168824 [onionperf] [INFO] saving analysis results to /home/cloud/onionperf-data/htdocs/op-nl2-51200-2020-04-27.tpf
2020-04-27 13:00:01 1587992401.169...I found this warning on an OnionPerf test instance:
```
2020-04-27 13:00:01 1587992401.168824 [onionperf] [INFO] saving analysis results to /home/cloud/onionperf-data/htdocs/op-nl2-51200-2020-04-27.tpf
2020-04-27 13:00:01 1587992401.169561 [onionperf] [WARNING] KeyError while exporting torperf file, missing key _PROXY_END_MISC_, skipping transfer 'transfer50k:2'
2020-04-27 13:00:01 1587992401.170384 [onionperf] [INFO] done!
```
I don't have time to look into this yet, but I'll attach log files to find out later.Ana CusturaAna Custurahttps://gitlab.torproject.org/legacy/trac/-/issues/34030Indexer ignores a file after moving it away and back shortly after2020-06-13T17:52:31ZKarsten LoesingIndexer ignores a file after moving it away and back shortly afterToday I tried to trigger the new Nagios CollecTor check by moving away a recent Snowflake file and moving it back a few minutes later.
The first part of moving the file away worked fine to the effect that it was not included in the `ind...Today I tried to trigger the new Nagios CollecTor check by moving away a recent Snowflake file and moving it back a few minutes later.
The first part of moving the file away worked fine to the effect that it was not included in the `index.json` file anymore.
However, the second part of moving the file back did not cause the indexer to include the file in the `index.json` file again.
What I had to do was touch the file and setting a slightly different last-modified timestamp. More precisely, changing the second was not sufficient, but changing the minute was.
I haven't looked at the code yet, but I could imagine that it's related to some optimization we did about not indexing files that we had already indexed before. Maybe it's also related to the way how we keep files available for a certain time after they dropped out of the `index.json` file. Or maybe it's caused by both.
This is not a critical bug, but it's also likely not a complex fix. It would be good to fix this, because it would probably confuse another CollecTor operator who didn't happen to write the indexer code.https://gitlab.torproject.org/legacy/trac/-/issues/34029Add more command-line arguments to the Nagios CollecTor check script2020-06-13T17:52:30ZKarsten LoesingAdd more command-line arguments to the Nagios CollecTor check scriptMoved here from #33972:
_I'll also look into the parameters and using argparse next week. Unfortunately, the check wouldn't work for corsicum right now anyway, because that CollecTor instance does not archive all descriptor types. It wo...Moved here from #33972:
_I'll also look into the parameters and using argparse next week. Unfortunately, the check wouldn't work for corsicum right now anyway, because that CollecTor instance does not archive all descriptor types. It would just keep shouting about timestamps being missing. Maybe we'll need to add another option to only complain about outdated timestamp, not about missing timestamps. Added to my list._
These are two changes:
- add two separate host and IP parameters as suggested on the other ticket and
- add another parameter for ignoring missing timestamps.
None of these changes are critical, but making them sooner rather than later reduces the overhead for context switching.
The check script is [here](https://gitweb.torproject.org/admin/tor-nagios.git/tree/tor-nagios-checks/checks/tor-check-collector).https://gitlab.torproject.org/legacy/trac/-/issues/34028Monitor GetTor's email autoresponder2020-06-21T18:06:09ZPhilipp Winterphw@torproject.orgMonitor GetTor's email autoresponderThe GetTor process occasionally dies without anyone noticing. See #34027 for the latest incident. We should set up a script that periodically emails the autoresponder and raises an alert if it doesn't get a response.
We already created ...The GetTor process occasionally dies without anyone noticing. See #34027 for the latest incident. We should set up a script that periodically emails the autoresponder and raises an alert if it doesn't get a response.
We already created [such a script](https://github.com/NullHypothesis/bridgedb/blob/enhancement/12802/scripts/nagios-email-check) for BridgeDB as part of #12802. Here's how it works:
0. We created a new Gmail address that's used by this script to email the autoresponder.
1. Polyanthum (the host BridgeDB runs on) runs the script in a cron job every three hours.
2. The script sends an email to bridges@torproject.org and, after waiting for a minute, checks for a response.
3. Depending on if there's a response, the script writes a status code to disk, which is read by Nagios.
4. Nagios should then alert us if the script's output says that BridgeDB's autoresponder is offline.
It shouldn't be too hard to adapt BridgeDB's monitoring script for GetTor. In fact, to avoid code duplication, we should move this script into a separate repository and parameterise it, so it can work for both GetTor and BridgeDB.https://gitlab.torproject.org/legacy/trac/-/issues/34027GetTor not responding to emails2020-06-21T18:06:08ZCecylia BocovichGetTor not responding to emailsGetTor isn't responding to emails. I just checked the logs and found the following errors:
```
2020-04-27T18:00:33+0000 [gettor#debug] Could not send email.
2020-04-27T18:00:33+0000 [gettor#info] Error sending email: [Failure instance: ...GetTor isn't responding to emails. I just checked the logs and found the following errors:
```
2020-04-27T18:00:33+0000 [gettor#debug] Could not send email.
2020-04-27T18:00:33+0000 [gettor#info] Error sending email: [Failure instance: Traceback (failure with no frames): <class 'twisted.mail._except.SMTPDeliveryError'>: 501 No recipients accepted
czjeff5655@!63.com: 501 5.1.3 Bad recipient address syntax
>>> MAIL FROM:<gettor@torproject.org>
<<< 250 2.1.0 Ok
>>> RCPT TO:<redacted>
<<< 501 5.1.3 Bad recipient address syntax
].
2020-04-27T18:00:33+0000 [twisted.mail.smtp.ESMTPSenderFactory#info] Stopping factory <twisted.mail.smtp.ESMTPSenderFactory object at 0x7fa3ac156940>
```
Looks like this started at `2020-04-17T16:08:57+0000`. Perhaps there was a twisted update that broke it?Cecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/legacy/trac/-/issues/34026Cannot change Background Color in Preferences2020-06-22T12:02:33ZTracCannot change Background Color in PreferencesUsing Tor 9.0.9 , based on Firefox 68.7.0esr,
2019 iMac running Catalina 10.15.4
In preferences, I can change the font color, but not the background color.
I have no problem changing everything in Firefox.
**Trac**:
**Username**...Using Tor 9.0.9 , based on Firefox 68.7.0esr,
2019 iMac running Catalina 10.15.4
In preferences, I can change the font color, but not the background color.
I have no problem changing everything in Firefox.
**Trac**:
**Username**: Tinkerhttps://gitlab.torproject.org/legacy/trac/-/issues/34025Orbot connects directly to raw.githubusercontent.com on startup2020-06-13T10:45:41ZcypherpunksOrbot connects directly to raw.githubusercontent.com on startupWhile leak testing Orbot, I noticed that it creates a connection to raw.githubusercontent.org
https://github.com/guardianproject/orbot/blob/master/app/src/main/java/org/torproject/android/OrbotApp.java#L42
I dont know why this is even ...While leak testing Orbot, I noticed that it creates a connection to raw.githubusercontent.org
https://github.com/guardianproject/orbot/blob/master/app/src/main/java/org/torproject/android/OrbotApp.java#L42
I dont know why this is even necessary as the app store updaters already provide a notification, this doesn't seem to have ever actually notified me about an update, but it sure does let M$ know who all the orbot users might be.
Maybe if it's really necessary it could make the connection over... tor?Nathan FreitasNathan Freitas