Archive - Aug 2008

Tor 0.2.0.30 is released. A better formatted version of this report can be found at gmane.org

Tor 0.2.0.30 switches to a more efficient directory distribution design,
adds features to make connections to the Tor network harder to block,
allows Tor to act as a DNS proxy, adds separate rate limiting for relayed
traffic to make it easier for clients to become relays, fixes a variety
of potential anonymity problems, and includes the usual huge pile of
other features and bug fixes.

https://www.torproject.org/download.html

Changes in version 0.2.0.30 - 2008-07-15
o New v3 directory design:
- Tor now uses a new way to learn about and distribute information
about the network: the directory authorities vote on a common
network status document rather than each publishing their own
opinion. Now clients and caches download only one networkstatus read more »

A quick trip report from the National Network to End Domestic Violence training conference. I gave a series of presentations to the people who help victims of abuse. The day started off with an introduction to the technology issues surrounding victims of abuse and stalking. An overview of the challenges they face, the methods that are used against them, and the "dark side" of technologies such as RFID, Bluetooth, and GPS.

My presentation was an overview of Tor, online anonymity, and places to find more information. The afternoon sessions covered the legal environment and risks for victims. The speakers covered online harassment, the plights of women on welfare and their oppression via technology ("the new punitiveness" as it was termed), and a quick hypothetical situation about jilted lovers and their legal recourse; from both sides.

Overall, it was a great set of new organizations and people to meet for the Tor Project.

Update: NNEDV has posted some of their extensive documents online for review.

Releases:

Torbutton 1.2.0rc5 (released July 6) provides improved addon compatibility, better preservation of Firefox preferences that we touch, fixing issues with Tor toggle breaking for some option combos, and an improved 'Restore Defaults' button. This version also features Firefox 3 cookie jar support, and support for storing cookie jars in memory.
http://archives.seul.org/or/talk/Jul-2008/msg00026.html

Vidalia 0.1.6 (released July 8) fixes a bug introduced in 0.1.3 that could cause excessive CPU usage or crashing on some platforms; continues to prepare Vidalia's strings for easier translation; adds a Romanian GUI and installer translation; and updated the Farsi, Finnish, French, German, and Swedish translations.
http://trac.vidalia-project.net/browser/vidalia/tags/vidalia-0.1.6/CHANG...

Tor 0.2.0.29-rc (released July 8) fixes two big bugs with using bridges, fixes more hidden-service performance bugs, and fixes a bunch of smaller bugs.
http://archives.seul.org/or/talk/Jul-2008/msg00038.html

Torbutton 1.2.0rc6 (released July 12) features fixes for a nasty history loss bug, an exception during Tor toggle, javascript being disabled in some tabs, better pref handling, and more.
http://archives.seul.org/or/talk/Jul-2008/msg00049.html

Tor 0.2.0.30 (released July 15) is the first stable release of the 0.2.0.x branch. The previous stable branch (0.1.2.x) went stable in April of 2007. We are still waiting for Torbutton and Vidalia to stabilize before announcing the Windows and OS X packages on the or-announce announcements
list. We expect to do that in August.

Tor Browser Bundle 1.1.1 (released July 20) updates Vidalia to release 0.1.6, updates Pidgin Portable to 2.4.3, updates Pidgin OTR plugin to 3.2, updates Tor to 0.2.1.2-alpha, updates Torbutton to 1.2.0rc6, and sets TZ=UTC environment variable in RelativeLink (needed by Torbutton).
https://svn.torproject.org/svn/torbrowser/trunk/README read more »

We are currently sponsoring a design contest to create a new logo for Vidalia. The winner of the contest will receive a $250 USD cash prize. The firm deadline for contest submissions is August 22, 2008.

The logo will be used in the Vidalia software and related installers, on the website, and on t-shirts. Designers are free to choose any fonts, color combinations, and symbol options you like (no onions, though, please). The logo must include a symbolic component that is recognizable by itself without the name "Vidalia" next to it. See the contest page for more details. If you have further questions, please email contest@vidalia-project.net or stop by #vidalia on irc.oftc.net.

Here's the overall timeline for the contest:

• August 15 – August 22: Entries may be submitted at the Worth1000 contest page.
• August 23 – August 24: Everyone is welcome to review the submissions received and vote on their favorite design. Even if you didn't submit anything, you can still vote!

• August 25 – August 31: The final winner will be announced by August 31 at the latest.

Late entries will not be eligible for the cash prize, so be sure to get your
submission in by August 22!

I've noticed a few comments about a Chinese anti-virus program, RISING, reporting that Vidalia.exe and Privoxy.exe are infected with Trojan.PSW.Win32.Undef.adp. In both cases, I suspect that RISING is reporting false positives. These executables as packaged and available on the Tor download page are not infected.

I've looked at the MD5 and SHA-1 sums of these programs as included in the Vidalia bundle and they match what the source packages produce as executables. The privoxy.exe included in the bundles is the exact same one as found at the Sourceforge Privoxy Download Page.

The Vidalia.exe is the same as the one included in the Vidalia Download Page.

Feel free to confirm this is true for you. Better yet, let us know if these individual packages (Vidalia.exe from Vidalia and Privoxy.exe from Sourceforge) also show up as infected.

Perhaps you've noticed that the packages for CentOS 4 and OSX Tiger/10.4 haven't been updated lately. Welcome to dead hard drives.

For a long while, I used VMware Server for guest OSes to build the various rpm and windows packages. This mostly worked well. And then both drives in the physical server I used to host the vmware instance failed. A two-drive RAID 1 array doesn't like it when both drives fail. I replaced the drives, re-installed Debian, and attempted to install vmware server again. The vmware kernel module refused to load. I tried the old tricks to get it to work, nothing. I finally looked at some script/patch that I found via Google, and got the module to load. Then my license key didn't work anymore.

In frustration, I gave up and installed VirtualBox. CentOS 4 defaults to using an SMP kernel on install, which Virtualbox (aka qemu) doesn't like at all. CentOS 4 installs just fine, it just won't boot after install. I haven't had time to further fix the problem. For the time being, there's no CentOS 4 (Redhat 4 rpms) for Tor.

As for OSX, well, there was no raid array of any kind, just a single drive in a mac mini. It died in a fit of 0xE0030005 (Undefined) errors and now won't boot at all. A new drive is on the way. I expect to have OSX Tiger/10.4 packages in a week or so. The good news is that the Panther Mac continues to work just fine.

Perhaps it's time to start using Amazon's EC2 or something similar instead of messing with all this hardware and virtualization software. Or maybe I should work on hacking OSX 10.4 and 10.5 into virtualbox.

** Update 2008-08-06: new drive was DOA. And it appears the logic board on the mac mini is fried. Ugh.