Blogs

Tor has funding for a project coordinator

A project coordinator is the person who brings order to chaos. You will coordinate and help track deliverables, progress, and metrics of current projects. You will also help plan future projects through proposals.

Your impact will involve:

  • Deriving deliverables, deadlines, and milestones for each active contract.
  • Developing timelines and schedules for completion of milestones and deliverables for each active, and occasionally proposed, contract.
  • Collecting ideas and potential deliverables for the future.
  • Raising concerns, timeline slips, and probability of missed deadlines to management.
  • Helping with managing people's schedules, work load, and keeping various people or teams in communication with one another.
  • Tracking deliverable completion.
  • Developing and maintaining metrics about project completion rate and other measures as based on evidence-based project management or something similar.
  • Helping contractors develop their contract deliverables for six month periods based on expected workload.
  • Maintaining project status pages on trac (or whatever system we have) with deliverables, tickets, and monthly summaries of progress.
  • Helping to write the monthly progress reports required for contracts.

See the job posting for information on how to apply and what you need to send in with your application.

Obfsproxy Bridges in the Amazon Cloud

The Tor Cloud images for all the seven regions have been updated to fix a bug found in the unattended-upgrades configuration. The normal bridge images have also been updated to include obfsproxy, which attempts to help users circumvent censorship by transforming the Tor traffic between the client and the bridge.

If you are already running a Tor Cloud bridge, you will need to either manually update your image, or set up a new Tor Cloud bridge and terminate the old one. If you decide not to take action, your image will fail to upgrade Tor correctly and will not be running as a bridge.

If you just want to fix the bug in the unattended-upgrades configuration, do the following; log on with SSH and edit /etc/apt/apt.conf.d/50unattended-upgrades to say precise instead of lucid.

New Tor Cloud images

The Tor Cloud images for all the seven regions have been updated to include the latest cloud image for stable Ubuntu release 12.04.1 LTS (Precise Pangolin). These new images are available on the Tor Cloud website.

The new images include Tor's new GPG key, uses apt-get instead of aptitude, and also includes the deb.torproject.org-keyring package (#6776).

If you are already running a Tor Cloud bridge, you will need to either manually update your image, or set up a new Tor Cloud bridge and terminate the old one. If you decide not to take action, your image will fail to upgrade Tor correctly and will not be running as a bridge. To manually update your image; log on with SSH, and follow the instructions to add the new GPG key, upgrade Tor, and install the deb.torproject.org-keyring package.

Tails 0.13 is out!

Tails 0.13 brings its lot of small but useful improvements and fixes a few security issues.

Download it now.

Changes

Notable user-visible changes include:

  • Use white-list/principle of least privilege approach for local services.
    Only users that need a certain local (i.e. hosted on loopback) service
    (according to our use cases) are granted access to it by our firewall;
    all other users are denied access.
  • Allow to modify language and layout in the "Advanced options" screen
    of the greeter.
  • Enable four workspaces in the Windows XP camouflage. This allows
    users to quickly switch to a more innocent looking workspace in case
    they are working on sensitive data and attract unwanted attention.
    The workspace switcher applet isn't there, though, since there's no
    such thing in Windows XP, so switching is only possible via keyboard
    shortcuts.
  • Claws Mail now saves local/POP emails in its dot-directory by default
    instead of the non-persistent ~/Mail directory. Users who are already
    using persistence for Claws will have to perform this change manually.
  • Add support for wireless regulation.
  • Hide the TailsData partition in desktop applications.
  • Tor
    • Upgrade to 0.2.2.39.
  • Iceweasel
    • Upgrade iceweasel to 10.0.7esr-2 (Extended Support Release).
  • Hardware support
    • Upgrade Linux to 3.2.23-1.
  • Software
    • Upgrade I2P to version 0.9.1.
    • Install GNOME System Monitor.
    • Upgrade WhisperBack to 1.6, with many UI improvements and new translations.
  • Ship a first version of the incremental update system. Updates are not
    currently triggered automatically, but this will allow tests to be done
    on larger scales.

Plus the usual bunch of minor bug reports and improvements.

See the online Changelog for technical details.

Don't hesitate to get in touch with us.

Some thoughts on the CRIME attack

By this point, some people have started to ask me about the Rizzo and Duong's new CRIME attack on TLS.

The short version is the same as with BEAST last year: Tor is not affected. TorBrowser is not affected. Other applications may be affected; please consult your app vendor.

Here's the longer version, in case you're more curious. This is going to assume a little technical background, but not too much. read more »

New bundles (security release)

New Bundles (security release)

All of the available bundles of Tor have been updated for the latest stable Tor 0.2.2.39 release and the 0.2.3.22-rc release. These releases fix a remote crash bug found in Tor and all users and relays are STRONGLY encouraged to update immediately.

https://www.torproject.org/download

Further notes about Tor Browser Bundle updates:

The random port selection has been temporarily disabled in the Linux and Mac OS X alpha bundles. Most of you probably didn't notice any random port selection happpening at all, but if you encounter a problem running a system Tor and your Tor Browser Bundle at the same time, you can switch to the stable bundles for now. The next update should have a fix that allows us to re-enable automatic port selection.

Tor Browser Bundle (2.2.39-1)

  • Update Tor to 0.2.2.39
  • Update NoScript to 2.5.4

Tor Browser Bundle (2.3.22-alpha-1)

  • Update Tor to 0.2.3.22-rc
  • Temporarily use fixed Control and SOCKS ports as a workaround for #6803

www, archive, ns, and rsync +1

Thanks to Debian for providing a fine server capable of providing redundancy for a number of services. This new server is in live rotation for https://archive.torproject.org, https://www.torproject.org, acts as one of our primary DNS servers, and provides rsync for the archive data store. It mirrors 165GB of data hourly. The server is located in Darmstadt, Germany and provides a copy of the services on the European continent.

The addition of a second server allows us to implement some changes to the way we allow others to mirror our data sets. The primary server behind archive.torproject.org is also known as rsync.torproject.org. It now solely serves up rsync.torproject.org. If you have scripts that periodically mirror archive.torproject.org, you probably want to update them for rsync.torproject.org.

Thanks to the Debian Sysadmin Team for the server and hosting!

New Tor Browser Bundles

The stable Tor Browser Bundles have all been updated to the latest Firefox 10.0.07esr release.

https://www.torproject.org/download

Tor Browser Bundle (2.2.38-2)

  • Update Firefox to 10.0.7esr
  • Update Libevent to 2.0.20-stable
  • Update NoScript to 2.5.2
  • Update HTTPS Everywhere to 2.2.1
Syndicate content Syndicate content