phobos's blog

On September 23rd, we released Tor version 0.2.2.3-alpha.

Major bugfixes:

• Fix an overzealous assert in our new circuit build timeout code.
  Bugfix on 0.2.2.2-alpha; fixes bug 1103.

Minor bugfixes:

• If the networkstatus consensus tells us that we should use a
  negative circuit package window, ignore it. Otherwise we'll
  believe it and then trigger an assert. Bugfix on 0.2.2.2-alpha.

On September 21st, we released Tor version 0.2.2.2-alpha.

Major features: read more »

• Tor now tracks how long it takes to build client-side circuits
  over time, and adapts its timeout to local network performance.
  Since a circuit that takes a long time to build will also provide
  bad performance, we get significant latency improvements by
  discarding the slowest 20% of circuits. Specifically, Tor creates
  circuits more aggressively than usual until it has enough data
  points for a good timeout estimate. Implements proposal 151.
  We are especially looking for reports (good and bad) from users with
  both EDGE and broadband connections that can move from broadband
  to EDGE and find out if the build-time data in the .tor/state gets
  reset without loss of Tor usability. You should also see a notice
  log message telling you that Tor has reset its timeout.

I was invited to attend a seminar on "Seeding Tomorrow's Media: Strategies for More Effective Engagement and Investment". This invite came with an all expense paid trip to the Salzburg Global Trust in Salzburg, Austria. The group was an interesting mix of "new media" bloggers and activists and "old media" foundations and journalists. We decided "new media vs old media" is a false dichotomy; perhaps community vs. institutionalized media is a more apt description. read more »

On September 25, 2009, the Great Firewall of China blocked the public list of relays and directory authorities by simple IP address blocks. Currently, about 80% of the public relays are blocked by IP address and TCP port combination. Tor users are still connecting to the network through bridges. At the simplest level, bridges are non-public relays that don't exit traffic, but instead send it on to the rest of the Tor network.

If you want to help people in China get access to the uncensored Internet, run a bridge.

Feel free to mirror this post, or the Tor website. We have a list of mirrors at https://www.torproject.org/mirrors.html.en or search for tor mirrors via Google, Yahoo, Baidu, etc.

Links to other helpful sites (not run by us): read more »

• http://www.reddit.com/r/technology/comments/9ofr7/we_need_more_tor_bridg...

New releases

On August 4, we released Tor Browser Bundle 1.2.7. It is updated primarily due to Firefox 3.0.13 with its ssl fixes.

The full changelist is:
1.2.7: Released 2009-08-04

• update Firefox to 3.0.13
• add Polish translation
• update libevent to 1.4.12

On August 19, we released Tor Browser Bundle 1.2.8. The big changes are the inclusion of statically linked openssl dlls to resolve a few geoip lookup and functionality issues with Vidalia, and the upgrade to the new Vidalia 0.2.2.

The full list of updates and fixes: read more »

• update Torbutton to 1.2.2
• update Vidalia to 0.2.2
• compile OpenSSL 0.9.8k with Visual C to make dlls
• update Pidgin to 2.6.1

There have been some recent stories in the news about various "anonymous" bloggers and commenters being unmasked by court order. A business promises not to give up your identity unless forced to do so via court order. This is anonymity by policy. If a business doesn't have your identity, then there is nothing to divulge. This is anonymity by design. read more »

Tor Browser Bundle 1.2.9 is released today. It updates Firefox and Pidgin Instant Messaging client to address the security issues in the older versions, and includes the latest and greatest Vidalia.

TBB can be downloaded from https://www.torproject.org/torbrowser.

The details of the changes are:

• update Vidalia to 0.2.4
• update Qt to 4.5.2
• update Pidgin to 2.6.2
• update Firefox to 3.0.14

Vidalia 0.2.4 is released. The OS X -alpha bundles are updated to fix a bug in the default "bootstrap" vidalia.conf file that pointed to a non-existent Polipo configuration file, causing Polipo to fail on startup.

The Changelog for this release is: read more »

• Split the message log into "Basic" and "Advanced" views. The
  "Advanced" view contains standard log messages from Tor, while the new
  experimental "Basic" view displays status events received from Tor.
  (Ticket #265)
• Apply an application-global stylesheet on OS X that forces all tree
  widgets in Vidalia to use the 12pt font recommended by Apple's human
  interface guidelines.
• Add an OSX_FORCE_32BIT CMake option that can be used to force a 32-bit
  build on Mac OS X versions that default to 64-bit builds (e.g., Snow
  Leopard), if only 32-bit versions of the Qt libraries are available.
• Fix a bug introduced in 0.2.3 that prevented Vidalia from correctly