bug fixes

October 2009 Progress Report

phobos — Thu, 12 Nov 2009 07:14:19 -0800

New releases, new hires, new funding
Christian Fromme joins Tor to work on development and maintenance of the growing number of tools we’ve created over the past year. Christian is a great python hacker with a strong security mindset. He’s going to enhance and maintain the tools such as tor weather, get-tor, bridge database, tor control, tor flow, check.torproject.org, etc. Christian has been a volunteer developer for the past year helping to enhance get-tor, tor weather, and generally helping out with our python coding needs.

On October 10, we released Tor version 0.2.2.4-alpha. The release notes can be read at https://blog.torproject.org/blog/tor-0224-alpha-released or below:
Major bugfixes:

Fix several more asserts in the circuit build times code, for example one that causes Tor to fail to start once we have accumulated 5000 build times in the state file. Bugfixes on 0.2.2.2-alpha; fixes bug 1108.

New directory authorities:

Move moria1 and Tonga to alternate IP addresses.

Minor features:

Log SSL state transitions at debug level during handshake, and include SSL states in error messages. This may help debug future SSL handshake issues.
Add a new ”Handshake” log domain for activities that happen during the TLS handshake.
Revert to the ”June 3 2009” ip-to-country file. The September one seems to have removed most US IP addresses.
Directory authorities now reject Tor relays with versions less than 0.1.2.14. This step cuts out four relays from the current network, none of which are very big.

Minor bugfixes:

Fix a couple of smaller issues with gathering statistics. Bugfixes on 0.2.2.1-alpha.
Fix two memory leaks in the error case of circuit build times parse state. Bugfix on 0.2.2.2-alpha.
Don’t count one-hop circuits when we’re estimating how long it takes circuits to build on average. Otherwise we’ll set our circuit build timeout lower than we should. Bugfix on 0.2.2.2-alpha.
Directory authorities no longer change their opinion of, or vote on, whether a router is Running, unless they have themselves been online long enough to have some idea. Bugfix on 0.2.0.6-alpha. Fixes bug 1023.

Code simplifications and refactoring:

Revise our unit tests to use the ”tinytest” framework, so we can run tests in their own processes, have smarter setup/teardown code, and so on. The unit test code has moved to its own subdirectory, and has been split into multiple modules.

On October 11, we released Tor 0.2.2.5-alpha. The release notes can be read at https://blog.torproject.org/blog/tor-0225-alpha-released or below:
Major bugfixes:

Make the tarball compile again. Oops. Bugfix on 0.2.2.4-alpha.

New directory authorities:

Move dizum to an alternate IP address.
Code simplifications and refactorings
Numerous changes, bugfixes, and workarounds from Nathan Freitas to help Tor build correctly for Android phones.

On October 14th we released Vidalia 0.2.5. The release notes can be read at https://blog.torproject.org/blog/vidalia-025-released or below:

Add support in the Network settings page for configuring the Socks4Proxy and Socks5Proxy* options that were added in Tor 0.2.2.1-alpha. Patch from Christopher Davis.
Add a ”Automatically distribute my bridge address” checkbox (enabled by default) to the bridge relay settings options. (Ticket #524)
Add ports 7000 and 7001 to the list of ports excluded by the IRC category in the exit policy configuration tab. (Ticket #517)
Add a context menu for highlighted event items in the ”Basic” message log view that allows the user to copy the selected item text to the clipboard.
Maybe fix a time conversion bug that could result in Vidalia displaying the wrong uptime for a relay in the network map. Stop trying to enforce proper quoting and escaping of arguments to be given to the proxy executable (e.g., Polipo). Now the user is on their own for properly formatting the command line used to start the proxy executable. (Ticket #523)

Design, develop, and implement enhancements that make Tor a better tool for users in censored countries.

Jacob and Nathan Frietas finished development of Orbot, a tor client and relay with a graphical control interface for the Android mobile operating system. More details can be found at http://openideals.com/2009/10/22/orbot-proxy/.

Karsten rewrote the directory archive script that evaluates whether an IP address was a relay at a given point in the past in Python.

Started comparing free and commercial GeoIP databases for their accuracy. It would be great if someone else (a student?) would pick up this work and move it forward.

Grow the Tor network and user base. Outreach.

Andrew attended the Salzburg Global Seminar SIM Initiative 2020 Vision: Setting a Long-Term Agenda for Global Media Development from October 3 - 8. http://www.salzburgglobal.org/2009/sim.cfm?nav=news&IDMedia=1. A quick writeup of the seminar was posted at https://blog.torproject.org/blog/seminar-salzburg-global.
Roger gave a talk at Drexel University, https://www.cs.drexel.edu/research/colloquia.
Andrew gave a talk about Freedom of Speech, Online Censorship, and Tor at the US Agency for International Development. It was attended by members of US AID, State Department, and National Security Staff from The White House.
Roger, Jacob, Karsten, and Mike attended the 2009 Google Summer of Code Mentors Summit at Google HQ.
Andrew gave a talk about Tor and its Privacy by Design at the 2009 Access and Privacy Workshop in Toronto, Canada. http://www.verney.ca/onap2009/agenda_dynamic.php.
Jacob gave a talk at the 25th NorduNet Conference, http://www.nordu.net/conference/ndn2009web/welcome.html.
Andrew, Wendy, and others were interviewed for a Tech Review article on Tor being blocked by the Chinese Government for the first time ever, http://www.technologyreview.com/printer_friendly_article.aspx?id=23736.
Karsten attended EMANICS Workshop on Network Security in Bremen, Germany, and gave a 90-minute talk on Tor and my metrics work.
Karsten and Sebastian attended PET-CON 2009.2 in Regensburg, Germany, and talked about measuring sensitive data in the Tor network.
Finished paper on ”A Case Study on Measuring Statistical Data in the Tor Anonymity Network” together with Steven and Roger and submitted it to WECSR 2010.

Preconfigured privacy (circumvention) bundles for USB or LiveCD.
Testing program updates to Tor Browser Bundle destined for the next release. The multi-protocol instant messaging client we use, Pidgin, includes voip and video chat functionality. Vidalia 0.2.5 inclusion to make the process of acquiring bridge addresses or becoming a bridge easier.

Bridge relay and bridge authority work.
The bridge distribution backend is now far more reliable than it was, and the algorithm has been retuned with design from Nick and Roger. Now the bridgedb code is much more willing to hand out a user’s first few bridges, but it is much harder to get it to hand out a whole bunch of bridges.

Scalability, load balancing, directory overhead, efficiency.
Nick rewrote the directory authority backend code to be able to provide multiple flavors of directory info: a new flavor that can be used for low-directory-bandwidth clients, and the existing flavor to support existing clients. This is the authority-side of proposals 158 and 162; once the authorities are migrated to this, we can start rolling out the client-side. Once it’s done, the directory overhead for clients should be dramatically reduced.

More reliable (e.g. split) download mechanism.
Christian rolled out changes to the email auto-responder, get-tor, to better handle emails coming to us in various languages. 50% more emails are being answered correctly since the change.
Thanks to some open internet activists in India, we have a fine new mirror of the Tor website in country at http://www.torproject.org.in/.
4 new website mirrors joined, 4 existing mirrors left.

Translation work

6 German updates to the website.
114 Italian updates to Torbutton.
17 Italian updates to the website.
Updated Arabic translation of Torbutton.
Complete Burmese translation of Torbutton.
Complete Burmese translation of Torcheck.
Complete Danish translation of Torcheck.
Brazilian translation of Torbutton.

Vidalia 0.2.6 Released

phobos — Thu, 12 Nov 2009 06:06:56 -0800

On November 2, we released Vidalia 0.2.6. Primarily a bugfix release for OS X issues. The changed items are:

Remove the erroneous comma in the default vidalia.conf in the
Mac OS X drag-and-drop bundle, since we now dump whatever the
user types into a QString rather than parsing it into a
QStringList.
Updated the Arabic, Russian and Slovenian translations.

Packages for OS X and Windows can be found at https://www.torproject.org/vidalia/.

Vidalia 0.2.5 Released

phobos — Sat, 17 Oct 2009 05:21:56 -0700

On October 14th we released Vidalia 0.2.5. Changes are:

Add support in the Network settings page for configuring the
Socks4Proxy and Socks5Proxy* options that were added in
Tor 0.2.2.1-alpha. Patch from Christopher Davis.
Add a "Automatically distribute my bridge address" checkbox (enabled
by default) to the bridge relay settings options. (Ticket #524)
Add ports 7000 and 7001 to the list of ports excluded by the IRC
category in the exit policy configuration tab. (Ticket #517)
Add a context menu for highlighted event items in the "Basic" message
log view that allows the user to copy the selected item text to the
clipboard.
Maybe fix a time conversion bug that could result in Vidalia
displaying the wrong uptime for a relay in the network map.
Stop trying to enforce proper quoting and escaping of arguments to be
given to the proxy executable (e.g., Polipo). Now the user is on their
own for properly formatting the command line used to start the proxy
executable. (Ticket #523)

Tor 0.2.2.5-alpha released

phobos — Mon, 12 Oct 2009 08:04:49 -0700

On October 11, we released Tor 0.2.2.5-alpha.

It can be downloaded from https://www.torproject.org/download/.

It contains:

Major bugfixes:

Make the tarball compile again. Oops. Bugfix on 0.2.2.4-alpha.

New directory authorities:

Move dizum to an alternate IP address.

Code simplifications and refactorings

Numerous changes, bugfixes, and workarounds from Nathan Freitas
to help Tor build correctly for Android phones.

Tor 0.2.2.4-alpha released

phobos — Mon, 12 Oct 2009 07:56:02 -0700

On October 10, we released Tor version 0.2.2.4-alpha.

This release can be found at https://www.torproject.org/download/

It contains the following:
Major bugfixes:

Fix several more asserts in the circuit_build_times code, for
example one that causes Tor to fail to start once we have
accumulated 5000 build times in the state file. Bugfixes on
0.2.2.2-alpha; fixes bug 1108.

New directory authorities:

Move moria1 and Tonga to alternate IP addresses.

Minor features:

Log SSL state transitions at debug level during handshake, and
include SSL states in error messages. This may help debug future
SSL handshake issues.
Add a new "Handshake" log domain for activities that happen
during the TLS handshake.
Revert to the "June 3 2009" ip-to-country file. The September one
seems to have removed most US IP addresses.
Directory authorities now reject Tor relays with versions less than
0.1.2.14. This step cuts out four relays from the current network,
none of which are very big.

Minor bugfixes:

Fix a couple of smaller issues with gathering statistics. Bugfixes
on 0.2.2.1-alpha.
Fix two memory leaks in the error case of
circuit_build_times_parse_state. Bugfix on 0.2.2.2-alpha.
Don't count one-hop circuits when we're estimating how long it
takes circuits to build on average. Otherwise we'll set our circuit
build timeout lower than we should. Bugfix on 0.2.2.2-alpha.
Directory authorities no longer change their opinion of, or vote on,
whether a router is Running, unless they have themselves been
online long enough to have some idea. Bugfix on 0.2.0.6-alpha.
Fixes bug 1023.

Code simplifications and refactoring:

Revise our unit tests to use the "tinytest" framework, so we
can run tests in their own processes, have smarter setup/teardown
code, and so on. The unit test code has moved to its own
subdirectory, and has been split into multiple modules.

September 2009 Progress Report

phobos — Sat, 10 Oct 2009 05:16:46 -0700

Here's what the Tor Project accomplished in September 2009.

New Hires

Carolyn Anhalt is our new Translation and Community Manager. Carolyn has years of experience managing and growing content translation, as well as wrangling online communities and developing volunteer moderators and support roles from the community. She’s fluent or conversant in a number of languages, such as: Russian, French, English, German, Italian, and Welsh. Carolyn’s initial goals are to grow the translator community to keep everything Tor translated, work out better translation tools for translators, and to generally assist translators.
Karen Reilly joins us as our Development Director. Karen has years of experience in growing both community-based and foundation-based funding, as well as helping to fulfill the mission of organizations through outreach and community-building. Karen’s initial goals are to further develop community funding, work with our current donors, help create an annual report, and expand Tor’s outreach efforts.

New Funding

Tor and Drexel University receive a grant from the National Science Foundation to research “Privacy-preserving measurements of the Tor network to improve performance and anonymity”.
Tor and ITT receive a grant from the Naval Research Laboratory to research “Tor Networks Trust-Based Routing Research & Design Support”.

New Releases

On September 23rd, we released Tor version 0.2.2.3-alpha. https://blog.torproject.org/blog/tor-0223alpha-released
On September 21, we released Tor version 0.2.2.2-alpha. https://blog.torproject.org/blog/tor-0222alpha-released
On September 7, we released Vidalia 0.2.4. https://blog.torproject.org/blog/vidalia-024-released
On September 11, we released Tor Browser Bundle version 1.2.9. https://blog.torproject.org/blog/tor-browser-bundle-129-released

Design, develop, and implement enhancements that make
Tor a better tool for users in censored countries.

Jacob Appelbaum and Nathan Frietas developed a fully functional Tor for the Android mobile operating system. It is currently being tested before being released to the Android Marketplace. This Android application uses mainline Tor as written in C, rather than porting/creating a Tor client in Java. Others have started discussions and coding around using Java to create a Tor-compatible client. A new mailing list was created to encourage this community to grow, http://archives.seul.org/tor/java/.
Damian Johnson further developed arm, https://svn.torproject.org/svn/arm/trunk/. Arm is a command line application for monitoring Tor relays, providing real time status information such as the current configuration, bandwidth usage, message log, connections, etc. This uses a curses interface much like ’top’ does for system usage. The application is intended for command-line aficionados, ssh connections, and anyone stuck with a tty terminal for checking their relay’s status.
Added two new Tor website and software distribution mirrors. Update list of current mirrors to reflect their current status of how current the mirrors are compared to the main torproject.org website.

Architecture and technical design docs for Tor enhancements
related to blocking-resistance.

A paper entitled, “On the risks of serving whenever you surf: Vulnerabilities in Tor’s blocking resistance design”, discussing risks in running a bridge is to be relased at Workshop on Privacy in the Electronic Society (WPES 2009), http://freehaven.net/anonbib/#wpes09-bridge-attack.
Started development of “marco” to quickly scan for Tor relay and brige reachability from a client machine. This utility was used successfully by volunteers inside Iran and China to determine how much of the Tor network is blocked and how such blocking is occurring.

Outreach and Advocacy

Roger, Paul Syverson, and Andrew gave a Tor lecture to the US Federal Bureau of Investigation Operational Technology Division as part of their quarterly series of talks on new technology. Had a follow-on conversation with a Supervisory Special Agent about how to use Tor tools safely in the field.
Roger and Andrew had a meeting with the US Department of Justice Child Exploitation and Obscenity Section to present what Tor is and how it works. We also discussed issues and challenges in their usage of, and prosecuting criminals using, Tor.
Roger and Andrew met with a Senior Policy Advisor from Senator Harry Reid’s office to discuss online privacy and anonymity.
Roger is working with a freshman class at KAIST in South Korea to develop Tor bridge relay distribution strategies. More information can be found at https://blog.torproject.org/blog/bridge-distribution-strategies.

Preconfigured privacy (circumvention) bundles for USB or LiveCD.

On September 11, we released Tor Browser Bundle version 1.2.9. https://blog.torproject.org/blog/tor-browser-bundle-129-released

Bridge relay and bridge authority work.

Deployed a temporary workaround for a vidalia/tor bug where bridges don’t work if you provide a fingerprint and the bridge authority is unreachable. Discovered this bug on September 25 when China blocked the bridge authority.
Started fixing bridge statistics that have been broken in all 0.2.2.x versions. Plan to test the fixes in the next few days and include the changes in 0.2.2.5-alpha.

Scalability, load balancing, directory overhead, efficiency.

A research paper on scaling our directory design, “Scalable onion routing with Torsk” is to be presented at CCS 2009, http://freehaven.net/anonbib#ccs09-torsk.
Deployed Mike Perry’s Bandwidth Authority code to the Directory Authorities. The bandwidth authorities are now voting on measured bandwidth from relays and giving out this information in extra-info fields to Tor clients. Tor 0.2.1 and 0.2.2 clients make routing decisions based on these extra-info data. This should spread traffic across relays and improve overall performance of the Tor network.
Included the results of Mike’s bandwidth scanner in the votes of gabelmoo. Helped evaluating the (impressive) performance improvements as seen by torperf, https://git.torproject.org/checkout/metrics/master/report/performance/to.... Initial results imply a 30-50% increase in performance.
Evaluated how the reduction of circuit windows from 1000 to 101 cells affects performance. The last report includes 40 KiB, 50 KiB, and 1 MiB downloads, https://git.torproject.org/checkout/metrics/master/report/circwindow/cir....
Evaluated how Mike’s buildtimes patch influences Tor performance, https://git.torproject.org/checkout/metrics/master/report/buildtimes/bui....
Wrote a script that parses descriptor archives to tell whether an IP address was a Tor relay at a given time, https://svn.torproject.org/svn/projects/archives/trunk/exonerator/HOWTO.
Restarted the autonaming script on September 20, so that gabelmoo will be naming relays again soon.
Fixed the remaining bugs in the proposal 166 implementation. Relays can now include their statistics in extra-info descriptors. Further testing this on select relays for a few more days. Soon will ask people on or-dev to turn on statistics as soon as tests are successful and 0.2.2.4-alpha is out.

Translation work, ultimately a browser-based approach.

Released Runa’s code to allow website translation from our Translation Portal, https://translation.torproject.org. Runa wrote up her ideas and Google Summer of Code experiences at http://blog.torproject.org/blog/website-translation-support-translationt....
Continued work on website to translation portal code.
17 Polish website updates.
27 Italian website updates.
Romanian and Chinese updates to the check.torproject.org website.
1 update to German torbutton translation.
23 updates to Romanian torbutton translation.
115 updates to Polish torbutton translation.
115 updates to Mandarin Chinese torbutton translation.

Tor 0.2.2.3-alpha released

phobos — Fri, 09 Oct 2009 20:52:34 -0700

On September 23rd, we released Tor version 0.2.2.3-alpha.

Major bugfixes:

Fix an overzealous assert in our new circuit build timeout code.
Bugfix on 0.2.2.2-alpha; fixes bug 1103.

Minor bugfixes:

If the networkstatus consensus tells us that we should use a
negative circuit package window, ignore it. Otherwise we'll
believe it and then trigger an assert. Bugfix on 0.2.2.2-alpha.

Tor 0.2.2.2-alpha released

phobos — Fri, 09 Oct 2009 20:49:19 -0700

On September 21st, we released Tor version 0.2.2.2-alpha.

Major features:

Tor now tracks how long it takes to build client-side circuits
over time, and adapts its timeout to local network performance.
Since a circuit that takes a long time to build will also provide
bad performance, we get significant latency improvements by
discarding the slowest 20% of circuits. Specifically, Tor creates
circuits more aggressively than usual until it has enough data
points for a good timeout estimate. Implements proposal 151.
We are especially looking for reports (good and bad) from users with
both EDGE and broadband connections that can move from broadband
to EDGE and find out if the build-time data in the .tor/state gets
reset without loss of Tor usability. You should also see a notice
log message telling you that Tor has reset its timeout.
Directory authorities can now vote on arbitary integer values as
part of the consensus process. This is designed to help set
network-wide parameters. Implements proposal 167.
Tor now reads the "circwindow" parameter out of the consensus,
and uses that value for its circuit package window rather than the
default of 1000 cells. Begins the implementation of proposal 168.

Major bugfixes:

Fix a remotely triggerable memory leak when a consensus document
contains more than one signature from the same voter. Bugfix on
0.2.0.3-alpha.

Minor bugfixes:

Fix an extremely rare infinite recursion bug that could occur if
we tried to log a message after shutting down the log subsystem.
Found by Matt Edman. Bugfix on 0.2.0.16-alpha.
Fix parsing for memory or time units given without a space between
the number and the unit. Bugfix on 0.2.2.1-alpha; fixes bug 1076.
A networkstatus vote must contain exactly one signature. Spec
conformance issue. Bugfix on 0.2.0.3-alpha.
Fix an obscure bug where hidden services on 64-bit big-endian
systems might mis-read the timestamp in v3 introduce cells, and
refuse to connect back to the client. Discovered by "rotor".
Bugfix on 0.2.1.6-alpha.
We were triggering a CLOCK_SKEW controller status event whenever
we connect via the v2 connection protocol to any relay that has
a wrong clock. Instead, we should only inform the controller when
it's a trusted authority that claims our clock is wrong. Bugfix
on 0.2.0.20-rc; starts to fix bug 1074. Reported by SwissTorExit.
We were telling the controller about CHECKING_REACHABILITY and
REACHABILITY_FAILED status events whenever we launch a testing
circuit or notice that one has failed. Instead, only tell the
controller when we want to inform the user of overall success or
overall failure. Bugfix on 0.1.2.6-alpha. Fixes bug 1075. Reported
by SwissTorExit.
Don't warn when we're using a circuit that ends with a node
excluded in ExcludeExitNodes, but the circuit is not used to access
the outside world. This should help fix bug 1090, but more problems
remain. Bugfix on 0.2.1.6-alpha.
Work around a small memory leak in some versions of OpenSSL that
stopped the memory used by the hostname TLS extension from being
freed.
Make our 'torify' script more portable; if we have only one of
'torsocks' or 'tsocks' installed, don't complain to the user;
and explain our warning about tsocks better.

Minor features:

Add a "getinfo status/accepted-server-descriptor" controller
command, which is the recommended way for controllers to learn
whether our server descriptor has been successfully received by at
least on directory authority. Un-recommend good-server-descriptor
getinfo and status events until we have a better design for them.
Update to the "September 4 2009" ip-to-country file.

August 2009 Progress Report

phobos — Mon, 21 Sep 2009 07:19:26 -0700

New releases

On August 4, we released Tor Browser Bundle 1.2.7. It is updated primarily due to Firefox 3.0.13 with its ssl fixes.

The full changelist is:
1.2.7: Released 2009-08-04

update Firefox to 3.0.13
add Polish translation
update libevent to 1.4.12

On August 19, we released Tor Browser Bundle 1.2.8. The big changes are the inclusion of statically linked openssl dlls to resolve a few geoip lookup and functionality issues with Vidalia, and the upgrade to the new Vidalia 0.2.2.

The full list of updates and fixes:

update Torbutton to 1.2.2
update Vidalia to 0.2.2
compile OpenSSL 0.9.8k with Visual C to make dlls
update Pidgin to 2.6.1

On August 3rd, we release Vidalia 0.2.1. This is a major change in the way OS X and Windows bundles are installed, as well as many usability enhancements. This also sets the stage for a plugin-API being developed over the next few months.

The changes are:

Add a "Find Bridges Now" button that will attempt to automatically
download a set of bridge addresses and add them to the list of bridges
in the Network settings page.
Add support for building with Google's Breakpad crash reporting
library (currently disabled by default).
Show or hide the "Who has used my bridge recently?" link along with
the other bridge-related widgets when the user toggles the relay mode
in the Network settings page. (Ticket #480)
Tolerate bridge addresses that do not specify a port number, since Tor
now defaults to using port 443 in such cases.
Add support for viewing the map as a full screen widget when built
with KDE Marble support.
Compute the salted hash of the control password ourself when starting
Tor, rather than launching Tor once to hash the password, parsing the
output, and then again to actually start Tor.
Add a signal handler that allows Vidalia to clean up and exit normally
when it catches a SIGINT or SIGTERM signal. (Ticket #481)
If the user chooses to ignore further warnings for a particular port,
remove it from the WarnPlaintextPorts and RejectPlaintextPorts
settings immediately. Also remember their preferences and reapply them
later, even if Tor is unable to writes to its torrc.(Ticket #493)
Don't display additional plaintext port warning message boxes until
the first visible message box is dismissed. (Ticket #493)
Renamed the 'make win32-installer' CMake target to 'make dist-win32'
for consistency with our 'make dist-osx' target.
Fix a couple bugs in the WiX-based Windows installer related to building
a Marble-enabled Vidalia installer.
Write the list of source files containing translatable strings to a
.pro file and supply just the .pro file as an argument to lupdate, rather
than supplying all of the source file names themselves.

On August 14th, we release Vidalia 0.2.2. It addresses an issue with openssl which causes the geoip lookups to fail on various versions of Windows. It also switches from the Nullsoft Installer to the Microsoft System Installer for better compatibility with Microsoft Windows.
There are now separate Apple OS X builds, one for PowerPC architectures and one for i386 architectures. No more Universal binary bloat to download.
The changes are:

When the user clicks "Browse" in the Advanced settings page to locate
a new torrc, set the initial directory shown in the file dialog to the
current location of the user's torrc. (Ticket #505)
Use 'ditto' to strip the architectures we don't want from the Qt
frameworks installed into the app bundle with the dist-osx,
dist-osx-bundle and dist-osx-split-bundle build targets.
Fix a bug in the CMakeLists.txt files for ts2po and po2ts that caused
build errors on Panther for those two tools.
Include rebuilt OpenSSL libraries in the Windows packages that are
built with the static (/MT) version of the Microsoft Visual C++
Runtime. Otherwise, we would require users to install the MSVC
Redistributable, which doesn't work for portable installations such as
the Tor Browser Bundle.
Remove the NSIS file for the Vidalia installer since we now ship
MSI-based installers on Windows.

On August 27th, we released Vidalia 0.2.3. This fixes some more bugs with "Who has used by bridge" functionality and switches to Qt signals for event handling.
The changes are:

Create the data directory before trying to copy over the default
Vidalia configuration file from inside the application bundle on Mac
OS X. Affects only OS X drag-and-drop installer users without a
previous Vidalia installation.
Change all Tor event handling to use Qt's signals and slots mechanism
instead of custom QEvent subclasses.
Fix another bug that resulted in the "Who has used my bridge?" link
initially being visible when the user clicks "Setup Relaying" from
the control panel if they are running a non-bridge relay.
(Ticket #509, reported by "vrapp")
Always hide the "Who has used my bridge?" link when Tor isn't running,
since clicking it won't return useful information until Tor actually
is running.

On August 9th, we released Torbutton 1.2.2.
The changes and enhancements are:

bugfix: Workaround Firefox Bug 440892 to prevent external apps from
being launched (and thus bypassing proxy settings) without user
confirmation. Independently reported by Greg Fleischer and optimist.
bugfix: Create a separate "No Proxy For" option and remove the
string "localhost" from proxy exemptions. Prevents a theoretical
proxy bypass condition discovered by optimist. Fix based on patch from
optimist.
bugfix: bug 970: Purge undo tab list on Tor toggle.
bugfix: bug 1040: Scrub URLs from log level 4 and higher log messages.
Mac OS writes Firefox console messages to disk by default.
bugfix: bug 1033: Fix FoxyProxy conflict that caused some FoxyProxy
strings to fail to display.
misc: bug 1006: Pop up a more specific failure message for pref
changing errors during Tor toggle.
misc: Fix a couple of strict javascript warns on FF3.5
misc: Add chrome url protection call to conceal other addons during
non-Tor usage. Patch by Sebastian Lisken.
misc: Remove torbutton log system init message that may have scared some
paranoids.

Architecture and technical design docs

Update our secure updater, Thandy, to have optional BitTorrent support to distribute load spikes following new releases better. Currently, it uses the mainline BitTorrent libraries that can be installed along with Thandy, but there is also some groundwork to support other BitTorrent libraries later on.

Advocacy and outreach.

Andrew, Jacob, Karsten, Mike, Nick, and Roger attended the Privacy Enhancing Technologies Symposium in Seattle, WA. Details can be found at http://petsymposium.org/2009/. Jacob, Karsten, Mike, and Roger each presented their work on Tor.

Jacob, Karsten, Mike, Roger, and Sebastian attended Hacking at Random 2009 in Vierhouten, Netherlands. Details of the conference can be found at https://wiki.har2009.org/page/Main_Page. Jacob and Roger presented about Tor.

Jacob attended FooCamp 2009. More details can be found at http://foocamp09.wiki.oreilly.com/wiki/index.php/Main_Page. Jacob presented about Tor.

Andrew contacted Tor relay operators that started running a relay between June 12, 2009 and July 13, 2009; ostensibly for the Iranian protest movement. Of the 37 new relays, 13 had gone offline. After contacting the relay operators, 7 of the 13 are back online.

Preconfigured privacy (circumvention) bundles for USB or LiveCD.

On August 4, we released Tor Browser Bundle 1.2.7. It is updated primarily due to Firefox 3.0.13 with its ssl fixes.

The full changelist is:
1.2.7: Released 2009-08-04

update Firefox to 3.0.13
add Polish translation
update libevent to 1.4.12

The full list of updates and fixes:

update Torbutton to 1.2.2
update Vidalia to 0.2.2
compile OpenSSL 0.9.8k with Visual C to make dlls
update Pidgin to 2.6.1

Jacob and Steve Tyree started work on a portable Tor Browser Bundle for Apple OS X. Jacob started work on a portable Tor Browser Bundle for generic Linux. Both bundles are currently in developer testing, gearing up for an alpha release in September 2009.

Updated TorVM with current packages for torbutton, tor, qemu. Added geoip and pycrypto to TorVM.

Scalability, load balancing, directory overhead, efficiency.

Continued metrics work with torperf and directory request statistics. Update bufferstats report, http://git.torproject.org/checkout/metrics/master/report/buffer/bufferst...
Updated circuit window report, http://git.torproject.org/checkout/metrics/master/report/circwindow/circ...

updated statistics on directory requests, http://git.torproject.org/checkout/metrics/master/report/dirarch/

And updated measurements on overall tor network performance, http://git.torproject.org/checkout/metrics/master/report/performance/tor...

Continued work on our bandwidth node scanner to provide better extra-info for clients to make better routing decisions.

Added a seventh directory authority run by Jacob Appelbaum.

More reliable (e.g. split) download mechanism.

Christian Fromme started work on our email auto-responder, get-tor, to better handle split downloads via email.

Jon, our mirror volunteer, continued to contact mirrors and update their status accordingly. The net change is zero, but we added a new mirror and removed a stale mirror.

Translation work

Runa, our Google Summer of Code student, finished the project to allow for website content to be translated via the Tor Translation Portal, https://translation.torproject.org/. The conversion tools are now live and Danish and Farsi are the first languages enabled in the Tor Translation Portal for testing.

In August, there were:

8 Russian updates for the website
29 Polish updates for the website
15 Chinese updates for the website
Danish updates for Torbutton
Nederlandish updates for Torbutton

Tor 0.2.2.1-alpha released

phobos — Wed, 02 Sep 2009 12:32:58 -0700

Tor 0.2.2.1-alpha disables ".exit" address notation by default, allows
Tor clients to bootstrap on networks where only port 80 is reachable,
makes it more straightforward to support hardware crypto accelerators,
and starts the groundwork for gathering stats safely at relays.

https://www.torproject.org/download

We've been improving our packages and bundles:
Packaging changes:

Upgrade Vidalia from 0.1.15 to 0.2.3 in the Windows and OS X
installer bundles. See
https://trac.vidalia-project.net/browser/vidalia/tags/vidalia-0.2.3/CHAN...
for details of what's new in Vidalia 0.2.3.
Windows Vidalia Bundle: update Privoxy from 3.0.6 to 3.0.14-beta.
OS X Vidalia Bundle: move to Polipo 1.0.4 with Tor specific
configuration file, rather than the old Privoxy.
OS X Vidalia Bundle: Vidalia, Tor, and Polipo are compiled as
x86-only for better compatibility with OS X 10.6, aka Snow Leopard.
OS X Tor Expert Bundle: Tor is compiled as x86-only for
better compatibility with OS X 10.6, aka Snow Leopard.
OS X Vidalia Bundle: The multi-package installer is now replaced
by a simple drag and drop to the /Applications folder. This change
occurred with the upgrade to Vidalia 0.2.3.

Changes in version 0.2.2.1-alpha - 2009-08-26
Security fixes:

Start the process of disabling ".exit" address notation, since it
can be used for a variety of esoteric application-level attacks
on users. To reenable it, set "AllowDotExit 1" in your torrc. Fix
on 0.0.9rc5.

New directory authorities:

Set up urras (run by Jacob Appelbaum) as the seventh v3 directory
authority.

Major features:

New AccelName and AccelDir options add support for dynamic OpenSSL
hardware crypto acceleration engines.
Tor now supports tunneling all of its outgoing connections over
a SOCKS proxy, using the SOCKS4Proxy and/or SOCKS5Proxy
configuration options. Code by Christopher Davis.

Major bugfixes:

Send circuit or stream sendme cells when our window has decreased
by 100 cells, not when it has decreased by 101 cells. Bug uncovered
by Karsten when testing the "reduce circuit window" performance
patch. Bugfix on the 54th commit on Tor -- from July 2002,
before the release of Tor 0.0.0. This is the new winner of the
oldest-bug prize.

New options for gathering stats safely:

Directories that set "DirReqStatistics 1" write statistics on
directory request to disk every 24 hours. As compared to the
--enable-geoip-stats flag in 0.2.1.x, there are a few improvements:
1) stats are written to disk exactly every 24 hours; 2) estimated
shares of v2 and v3 requests are determined as mean values, not at
the end of a measurement period; 3) unresolved requests are listed
with country code '??'; 4) directories also measure download times.
Exit nodes that set "ExitPortStatistics 1" write statistics on the
number of exit streams and transferred bytes per port to disk every
24 hours.
Relays that set "CellStatistics 1" write statistics on how long
cells spend in their circuit queues to disk every 24 hours.
Entry nodes that set "EntryStatistics 1" write statistics on the
rough number and origins of connecting clients to disk every 24
hours.
Relays that write any of the above statistics to disk and set
"ExtraInfoStatistics 1" include the past 24 hours of statistics in
their extra-info documents.

Minor features:

New --digests command-line switch to output the digests of the
source files Tor was built with.
The "torify" script now uses torsocks where available.
The memarea code now uses a sentinel value at the end of each area
to make sure nothing writes beyond the end of an area. This might
help debug some conceivable causes of bug 930.
Time and memory units in the configuration file can now be set to
fractional units. For example, "2.5 GB" is now a valid value for
AccountingMax.
Certain Tor clients (such as those behind check.torproject.org) may
want to fetch the consensus in an extra early manner. To enable this
a user may now set FetchDirInfoExtraEarly to 1. This also depends on
setting FetchDirInfoEarly to 1. Previous behavior will stay the same
as only certain clients who must have this information sooner should
set this option.
Instead of adding the svn revision to the Tor version string, report
the git commit (when we're building from a git checkout).

Minor bugfixes:

If any the v3 certs we download are unparseable, we should actually
notice the failure so we don't retry indefinitely. Bugfix on
0.2.0.x; reported by "rotator".
If the cached cert file is unparseable, warn but don't exit.
Fix possible segmentation fault on directory authorities. Bugfix on
0.2.1.14-rc.
When Tor fails to parse a descriptor of any kind, dump it to disk.
Might help diagnosing bug 1051.

Deprecated and removed features:

The controller no longer accepts the old obsolete "addr-mappings/"
or "unregistered-servers-" GETINFO values.
Hidden services no longer publish version 0 descriptors, and clients
do not request or use version 0 descriptors. However, the old hidden
service authorities still accept and serve version 0 descriptors
when contacted by older hidden services/clients.
The EXTENDED_EVENTS and VERBOSE_NAMES controller features are now
always on; using them is necessary for correct forward-compatible
controllers.
Remove support for .noconnect style addresses. Nobody was using
them, and they provided another avenue for detecting Tor users
via application-level web tricks.