Blogs

On Friday (Aug 27), I attended the "Workshop on Cyber Security Data for Experimentation" organized by the National Science Foundation (NSF). The premise of the workshop was that many academics need real-world data sets to solve problems, whereas industry is the place with the real-world data sets and they don't have any real reason to share. By getting the academics and the industry people talking, with government funders nearby, they hoped to better understand the problems and maybe move things forward.

I was there (and on the first panel) because of Tor's work on gathering Tor network snapshots, performance data, and user statistics. Tor's approach represents one way out of the trap where researchers never quite get the data they want, or if they do it isn't open enough (which hinders whether anybody else can reproduce their results). read more »

On Sunday (8/22) through Wednesday (8/25), I visited the Tor research group at UCSD as part of my ongoing plans to help academic research groups better understand Tor and its research problems. Damon McCoy has a fellowship (postdoc) there for last year and this coming year, and he's brought Kevin Bauer in from UColorado from now until December. They have two systems profs with congestion control background (Stefan Savage and Geoff Voelker) interested in helping them work on Tor and performance.

Kevin is planning to spend the next year on Tor performance work, as the last chapter of his thesis. He's also applied to Ian Goldberg's postdoc position at Waterloo. He seems like a smart and dedicated guy; I'd be excited if Ian picks him.

I spent most of my time walking Damon and Kevin through Tor's current congestion control levels -- explaining what Tor does, as well as what I think is actually resulting from each of these components. Kevin has lots of notes, and if all goes well that will seed the core of a "Why else is Tor slow" whitepaper over the coming months, as a sequel to the original. read more »

Tor 0.2.2.15-alpha fixes a big bug in hidden service availability, fixes a variety of other bugs that were preventing performance experiments from moving forward, fixes several bothersome memory leaks, and generally closes a lot of smaller bugs that have been filling up trac lately.

https://www.torproject.org/download

Changes in version 0.2.2.15-alpha - 2010-08-18
o Major bugfixes:
- Stop assigning the HSDir flag to relays that disable their
DirPort (and thus will refuse to answer directory requests). This
fix should dramatically improve the reachability of hidden services:
hidden services and hidden service clients pick six HSDir relays
to store and retrieve the hidden service descriptor, and currently
about half of the HSDir relays will refuse to work. Bugfix on
0.2.0.10-alpha; fixes part of bug 1693. read more »

On August 21st we released Tor Browser Bundle1.0.10 for GNU/Linux. It includes a number of updates, the largest one being a switch to Firefox 3.6.8. The rest are:

• Update Tor to 0.2.2.15-alpha
• Update Firefox to 3.6.8 (Mozilla is not doing security and stability updates for 3.5.x after August 2010)
• Update NoScript to 2.0.2.3
• Update BetterPrivacy to 1.48.3
• Update HTTPS Everywhere to 0.2.2

We have finally crossed the point of no return: 16 August 2010, 1900 UTC. Google Summer of Code 2010 is over; it's been a lot of fun and a lot of hard work participating in GSoC this year, and I hope that I have accomplished my goal. I took up the task of redesigning TorDNSEL, a DNSBL-style interface for querying information about Tor exit nodes, to be more thorough, more usable, and more maintainable. Out of this effort came TorBEL, a set of specifications and Python tools that try to address this problem.

The TorBEL codebase as released today contains several important
pieces: read more »

• A more thorough specification for active testing of the Tor network to determine fine-grained reachability through exit relays

New releases read more »

• On July 4th, we released Tor Browser Bundle 1.3.7 for Microsoft Windows. This is a security update for Firefox and Pidgin. The changes are: update to Firefox 3.5.10 and Pidgin Instant Messenger 2.7.1r2 to fix some security issues.
• On July 6th, we released Tor Browser Bundle 1.0.8 for GNU/Linux distributions. This fixes a number of security issues with included software. The updates include:
  • Update libpng to 1.4.3 (see CVE-2010-1205)
  • Update Firefox to 3.5.10
  • Update HTTPS Everywhere to 0.2.1

On July 22, we released the latest version of the Tor Browser Bundle for Windows. It contains updates to Firefox and Pidgin to address security issues.

The bundles can be found at https://www.torproject.org/torbrowser/

The full changelog is:

version 1.3.8: Released 2010-07-22
update Firefox to 3.5.11

version 1.3.9: Released 2010-07-22
update Pidgin to 2.7.2

Tor 0.2.2.14-alpha greatly improves client-side handling of circuit build
timeouts, which are used to estimate speed and improve performance. We
also move to a much better GeoIP database, port Tor to Windows CE,
introduce new compile flags that improve code security, add an eighth
v3 directory authority, and address a lot of more minor issues.

https://www.torproject.org/download

Packages will be appearing over the next few days or weeks. (We've decided
to start announcing alpha versions when they're released, rather than
waiting for all the packages first.)

Changes in version 0.2.2.14-alpha - 2010-07-12
o Major bugfixes:
- Tor directory authorities no longer crash when started with a
cached-microdesc-consensus file in their data directory. Bugfix
on 0.2.2.6-alpha; fixes bug 1532.
- Treat an unset $HOME like an empty $HOME rather than triggering an
assert. Bugfix on 0.0.8pre1; fixes bug 1522. read more »