Stem Release 1.4

Greetings wonderful carbon-based residents of the Internet. I'm pleased to announce the 1.4.0 release of Stem!

What is Stem, you ask? For those who aren't familiar with it Stem is a Python library for interacting with Tor. With it you can script against your relay, descriptor data, or even write applications similar to Nyx and Vidalia.

So what's new in this release?

Ephemeral Hidden Services and Descriptors

Tor's release is bringing with it new hidden service capabilities, most notably ADD_ONION and HSFETCH. Ephemeral hidden services let you easily operate a hidden service that never touches disk.

This latest Tor release also brought with it the ability to retrieve a hidden service's descriptor information. Stem knows how to parse, validate, and decrypt these documents.

Faster Descriptor Parsing

When reading descriptors without validation (which is the new default), documents are now lazily parsed. This provides a very substantial speedup depending on the document's type...

  • Server descriptors: 27% faster
  • Extrainfo descriptors: 71% faster
  • Microdescriptors: 43% faster
  • Consensus: 37% faster

Prefer to keep validation? No problem! Just include 'validate = True' and
you'll be good to go.

As always this is just the tip of the iceberg. For a full rundown on the myriad of improvements and fixes in this release see...

hans andersen

May 13, 2015


Does arm also need an update? (Maybe to replace Vidalia in a future Tails?)

If so a bit more documentation of arm would be appreciated.

Yup! Arm rewrite is in the works and has been for quite some time. It's a big project but it's pretty far along and I hope to have a shiny, new release ready later this year.

Each month I give an update on its progress. You can follow along at...

(btw, arm was renamed recently to nyx - sorry about any confusion that causes!)

hans andersen

May 14, 2015


That is good news! Thank you both.

The current arm documention is IMHO insufficient to help most people use arm effectively. Most of us are primarily interested in a replacement for Vidalia. Text based is fine by me.

While using Tails 4.3 (which still has Vidalia which is showing its age, is apparently not maintained upstream, and has apparently not scaled well), I think I see separate Tor circuits doing OCSP lookups and connecting to the website itself. If so, does that address the longstanding concern that NSA might be tracking Tor users by tracking OCSP lookups when they navigate to an https site?

Yup! Agreed, we need a new graphical controller.

My plan around arm (aka nyx) was to make modern controller library (Stem), then write a new version of arm that uses it to ensure it's up to snuff for a new graphical controller.

I'm pleased to say this year we *are* taking on that project. Not a GUI like Vidalia, but rather a web dashboard. This winter I'm mentoring Cristobal who's writing a web dashboard for relay operators. Think arm, but ajax when you go to localhost...

hans andersen

May 17, 2015


Re updating arm controller (as a replacement for Vidalia in Tails):

It is useful for some Tor users to run a utility with functionality similar to Vidalia, although a text based one like arm would be fine for me. Tails still uses Vidalia which I understand has not been maintained. A longstanding issue is that when Vidalia starts the CPU works very hard (100% of capacity). If Vidalia is somehow maliciously caused to restart frequently this could become a kind of DOS. Indeed, I have been experiencing great difficulty in using Tails 1.4 booted from a DVD burned from a verified iso image. Boots normally and using netstat I can see initial connections to DirAuths, but after a few minutes:

1. gnome connection manager applet pops up "disconnected"

2. (seconds later) "connected"

3. (ten seconds later) "Tor is ready"

This happens repeatedly, even if not doing anything, but every few minutes if using Tor Browser or OFTC chat.

Using bridges seems to help, but ISP claims any problems must be upstream from their network. It is possible the problem is somehow connected to my hardware (computer, router) but I can find no real evidence of that.