phobos's blog

New releases

On June 20th we released Tor 0.2.1.16-rc.
On June 21st, we released Tor Browser Bundle 1.2.1.
On June 23rd, we released Tor Browser Bundle 1.2.2.
On June 24th, we released Tor 0.2.0.35-stable. We expect that this release is the last of the 0.2.0.x -stable series, soon to be replaced with the 0.2.1.x series.
On June 30th, we released Vidalia 0.1.14.

Censorship circumvention

Packaged rpms for Red Flag Linux version 6. Red Flag Linux is reported to be the new operating system for all Internet cafe's in China. So far, no one has seen this conversion actually happen, but now we're ready if it does.

Our email autoresponder, gettor , received a number of patches to deal with dkim issues, including finding a dkim bug that prevented yahoo email users from fetching Tor. This bug has been fixed. Additionally, we've whitelisted some domains where we read more »

I'm researching where to host one or two Directory Authorities outside
the US and EU.

It's been suggested to me that Argentina, South Africa, Panama,
Singapore, Malaysia, and Japan are fine locales for a well-connected,
dedicated server. I'm looking for a relatively low end dedicated server
that can transit 2-4 TB a month at relatively cheap prices (say
US$200/mo or less).

If you have experience and contacts at various providers, I'm all ears.

Thanks!

Tor 0.2.0.35 fixes a big bug that was causing Tor relays with dynamic
IP addresses to disappear from the network. It also fixes a rare crash
bug on fast exit relays.

https://www.torproject.org/easy-download

Changes in version 0.2.0.35 - 2009-06-24
Security fix:

• Avoid crashing in the presence of certain malformed descriptors.
  Found by lark, and by automated fuzzing.
• Fix an edge case where a malicious exit relay could convince a
  controller that the client's DNS question resolves to an internal IP
  address. Bug found and fixed by "optimist"; bugfix on 0.1.2.8-beta.

Major bugfixes:

• Finally fix the bug where dynamic-IP relays disappear when their
  IP address changes: directory mirrors were mistakenly telling
  them their old address if they asked via begin_dir, so they
  never got an accurate answer about their new address, so they read more »

Tor 0.2.1.16-rc speeds up performance for fast exit relays, and fixes
a bunch of minor bugs.

https://www.torproject.org/download

Changes in version 0.2.1.16-rc - 2009-06-20
Security fixes:

• Fix an edge case where a malicious exit relay could convince a
  controller that the client's DNS question resolves to an internal IP
  address. Bug found and fixed by "optimist"; bugfix on 0.1.2.8-beta.

Major performance improvements (on 0.2.0.x):

• Disable and refactor some debugging checks that forced a linear scan
  over the whole server-side DNS cache. These accounted for over 50%
  of CPU time on a relatively busy exit node's gprof profile. Found
  by Jacob.
• Disable some debugging checks that appeared in exit node profile
  data.

Minor features: read more »

• Update to the "June 3 2009" ip-to-country file.

Tor Browser Bundle 1.2.2 is now available. The only change is an update to Pidgin to version 2.5.7. The Pidgin changelog has more information.

Tor Browser Bundle 1.2.1 is released. The major changes are:

• changes to Firefox to stop scanning for plugins such as Java, Windows Media, etc. These were disabled by torbutton, but still showed up in Firefox. More work will continue on this task
• Include OpenSSL dll (ssleay32.dll) so we're not relying upon the system ssl dll. This should fix Vidalia errors relating to ssl differences.

The official changelog is:

• Better updates to Firefox to stop scanning for plugins on start
• Update Pidgin to 2.5.6r2
• Update Firefox to 3.0.11
• Include OpenSSL 0.9.8k DLL and stop using the system ssl dll
• Update Tor to 0.2.1.16-rc

I've been fielding some calls from the press about Tor and Iran. Someone quoted me as saying "double the clients from Iran over the past few days". We wondered, what are the real numbers? What does our network see from Iran? Is port 443 or https:// really blocked? Here's what we've discovered in the past day of working with the new metrics we've developed to be safe to collect without compromising anyone's anonymity. read more »

In continuing to improve TBB for a vast array of users, here's the release candidate for Tor Browser Bundle 1.2.1.

I appreciate your feedback, comments, and bugs filed so far about TBB 1.2.1-dev.

You can find here the updated TBB 1.2.1-1-dev, sig, and sha1 files.

The changes since the last test are:

• Update Pidgin to 2.5.6r2
• Update Firefox to 3.0.11
• Include OpenSSL 0.9.8k DLL and stop using the system ssl dll