diff options
Diffstat (limited to 'pages/about-us/news/2014')
| -rw-r--r-- | pages/about-us/news/2014/android-oh-seven.md | 19 | ||||
| -rw-r--r-- | pages/about-us/news/2014/bitmask-oh-seven-rc.md | 21 | ||||
| -rw-r--r-- | pages/about-us/news/2014/bitmask-public-beta.md | 35 | ||||
| -rw-r--r-- | pages/about-us/news/2014/bitmask-release.haml | 43 | ||||
| -rw-r--r-- | pages/about-us/news/2014/columbia-journalism-review.haml | 6 | ||||
| -rw-r--r-- | pages/about-us/news/2014/darkest-night.md | 45 | ||||
| -rw-r--r-- | pages/about-us/news/2014/en.haml | 2 | ||||
| -rw-r--r-- | pages/about-us/news/2014/gsoc.html.haml | 9 | ||||
| -rw-r--r-- | pages/about-us/news/2014/platform-hotfix-release.md | 13 | ||||
| -rw-r--r-- | pages/about-us/news/2014/platform-release.html.haml | 54 | ||||
| -rw-r--r-- | pages/about-us/news/2014/poodle-hot-fix.html.haml | 18 | ||||
| -rw-r--r-- | pages/about-us/news/2014/release-oh-five-one.md | 81 | ||||
| -rw-r--r-- | pages/about-us/news/2014/release-oh-five-two.md | 64 | ||||
| -rw-r--r-- | pages/about-us/news/2014/release-oh-six.md | 58 | ||||
| -rw-r--r-- | pages/about-us/news/2014/repository-key-refresh.html.haml | 59 |
15 files changed, 527 insertions, 0 deletions
diff --git a/pages/about-us/news/2014/android-oh-seven.md b/pages/about-us/news/2014/android-oh-seven.md new file mode 100644 index 0000000..0da7d51 --- /dev/null +++ b/pages/about-us/news/2014/android-oh-seven.md @@ -0,0 +1,19 @@ +@title = 'Bitmask Android 0.7.0' +@author = 'Parménides GV' +@posted_at = '2014-10-06' +@more = true +@preview = '<div style="float:left; margin-right: 8px; margin-left: 0;"><img src="/img/pages/android-mask.png"></div><p>We\'ve released a new version of our Android client, which improves the stability of our VPN tunnel and fixes a bunch of bugs.</p>' + +We've released a new version of our Android client, which improves the stability of our VPN tunnel and fixes a bunch of bugs. + +We solved a pesky problem related to memory usage. When total available memory gets very low, Bitmask would stop. To solve this problem Bitmask will now restart when neccessary. + +Deep research on how AOSP (Android Open Source Project) works when an app is killed informed this solution, and the restart should happen as quick as possible: we've measured 45 seconds in a real environment. Once implemented, this feature was suggested to the upstream project for the VPN, [ics-openvpn](https://code.google.com/ics-openvpn), and was accepted and incorporated right away (thanks Arne). + +We also started to do the work needed for Bitmask to be added to F-Droid, but we're going to use a much awaited feature from F-Droid which is [almost complete](https://f-droid.org/wiki/page/Verification_Server) so stay tuned, because you'll see both F-Droid improvements from their side and Bitmask Android on an F-Droid repository really soon! + +Finally, a couple of annoying bugs have been fixed: first of all, you can turn off VPN from our dashboard switch, and if that happens (or more generally, if you switch off VPN by any means), you won't see the "Blocked traffic" notification which appeared on 0.6.0. + +We're beginning to collaborate with third parties, and getting more [users and feedback on the Play Store](https://play.google.com/store/apps/details?id=se.leap.bitmaskclient). As with any Libre Software project, you're more than welcomed to tell us your suggestions (use [Twitter](https://twitter.com/leapcode), [GitHub](https://github.com/leapcode/bitmask_android), [file bugs](https://leap.se/code/), or even [collaborate with us in the development itself](https://github.com/leapcode/bitmask_android#contributing). + +Thanks for your attention, and if you're a user, thanks for your feedback and support! diff --git a/pages/about-us/news/2014/bitmask-oh-seven-rc.md b/pages/about-us/news/2014/bitmask-oh-seven-rc.md new file mode 100644 index 0000000..c8ba357 --- /dev/null +++ b/pages/about-us/news/2014/bitmask-oh-seven-rc.md @@ -0,0 +1,21 @@ +@title = 'Bitmask Desktop v0.7.0-rc1 is ready for testing' +@author = 'Ivan' +@posted_at = '2014-10-06' +@more = true +@preview = '<div style="float:left; margin-right: 8px; margin-left: 0;"><img src="/img/pages/clocks.jpg"></div><p>Starting today users can run a "stable" or "unstable" version of Bitmask. For each new version, we will first issue an "unstable" public release candidate. People who are in position to run bleeding edge code can run the "unstable" version and help us find any problems that we might have missed.</p>' + +Code name: "One time download, all time update" + +Starting today users can run a "stable" or "unstable" version of Bitmask. For each new version, we will first issue an "unstable" public release candidate. People who are in position to run bleeding edge code can run the "unstable" version and help us find any problems that we might have missed. We will fix these problems and then release a rock solid "stable" version of Bitmask. Download the release candiate, and report issues you find on our tracker https://leap.se/code or alert us on irc (freenode.net #leap). + +## Changes + +For the users of the Linux Bundles, this is the first Bitmask Desktop client release that brings the ability to self-update. This means that you will be able to easily up to date to the latest version. On startup, the app will look for updates, and let you known when a new release is ready and give you a one-click access to the update. If you are using your package manager, you will still have to use the traditional methods to get updates (in ubuntu/Debian, that's `apt-get update && apt-get upgrade`). + +Based on your feedback we have merged all preferences into one elegant and simplified window, and as usual have fixed a hand full of smaller bugs. + +Behind the scenes were are quietly readying Bitmask for dead simple encrypted email. Its getting dangerously close to a public release candidate. + +* [Download Release Candidate](https://dl.bitmask.net/client/linux/release-candidate/) v0.7.0-rc1 and help us test the code +* [Download the Stable version](https://dl.bitmask.net/) +* [Changelog](https://raw.githubusercontent.com/leapcode/bitmask_client/master/CHANGELOG.rst) diff --git a/pages/about-us/news/2014/bitmask-public-beta.md b/pages/about-us/news/2014/bitmask-public-beta.md new file mode 100644 index 0000000..5ad97a4 --- /dev/null +++ b/pages/about-us/news/2014/bitmask-public-beta.md @@ -0,0 +1,35 @@ +@title = 'Bitmask Public Beta' +@author = 'Elijah' +@more = true +@posted_at = '2014-08-22' +@preview = '<div style="float:left; margin-right: 8px; margin-left: 0;"><img src="/img/pages/bitmask.png"></div><p>The LEAP Encryption Access Project (LEAP) is launching the first public beta of the Bitmask application for Linux and Android. Bitmask is an open source application to provide easy and secure encrypted communication. You can choose among several different service providers or start your own. Bitmask supports VPN with Encrypted Email coming soon.</p>' + + +Bitmask Public Beta +------------------------------------------- + +The LEAP Encryption Access Project (LEAP) is launching the first public beta of the Bitmask application for Linux and Android. + +*Bitmask* is an open source application to provide easy and secure encrypted communication. You can choose among several different service providers or start your own. Bitmask supports VPN with Encrypted Email coming soon. + +The *Bitmask* application is designed to have a *friendly* interface with *automatic* configuration. You simply start the application, register with the compatible service provider of your choice, and away you go. + +With Bitmask VPN, all your traffic is securely routed through your provider before it is decrypted and sent on to the open internet. + +* *Thwart Network Surveillance*: Bitmask VPN is very effective at bypassing most censorship and network surveillance by your ISP or country. + +* *Anonymize your address*: Your IP address will also be hidden, keeping your physical location safe from nefarious websites or network eavesdroppers. + +* *Extra Security*: We take extra security measures to prevent problems common to other personal VPNs, such as DNS leakage and IPv6 leakage (not all enhancements available on Android). + +To install Bitmask, visit https://bitmask.net + +Currently, the only language that is supported in the application and help documentation is English. We are adding more languages soon. + +Users: Let us know what you think by sending a message to discuss@leap.se or on irc.freenode.net #leap. If you have any problems, bug reports can be filed here and are super appreciated! https://leap.se/code + +Providers: If you are interested in providing Bitmask-compatible services, we are always available to help with your setup and launch. https://leap.se/en/docs/platform + +In the coming weeks we will be fixing all the bugs you report. We are actively working on Mac (soon) and Windows (later) support, and adding auto-failover to next available gateway, autostart, and obfsproxy technology. The rest of our attention is focused on secure end to end client encrypted email. We are tantalizingly close to having a public Beta of our email service. + +Stay tuned. Sign up to our mailing list (discuss-subscribe@leap.se), or follow us on twitter (@leapcode). diff --git a/pages/about-us/news/2014/bitmask-release.haml b/pages/about-us/news/2014/bitmask-release.haml new file mode 100644 index 0000000..b889c0e --- /dev/null +++ b/pages/about-us/news/2014/bitmask-release.haml @@ -0,0 +1,43 @@ +- @title = 'Bitmask "long time no see" release' +- @author = 'Kali' +- @posted_at = '2014-04-25' +- @more = true +- @preview = capture_haml do + %div{:style => 'float:left; margin: 8px 8px 8px 0'} + %img{:src => "/img/pages/bitmask-icon.png"} + It's is with pleasure that we <a href="https://raw.githubusercontent.com/leapcode/bitmask_client/develop/relnotes.txt">announce</a> the arrival of the 0.5.0 version of Bitmask, code named "long time no see"! With over 187 files changed, 19627 insertions(+) and 5005 deletions(-), this release of the bitmask client is one of the largest to date! To get the latest version, you can visit the <a href="https://dl.bitmask.net">Bitmask downloads page</a>. + +%p It's is with pleasure that we <a href="https://raw.githubusercontent.com/leapcode/bitmask_client/develop/relnotes.txt">announce</a> the arrival of the 0.5.0 version of Bitmask, code named "long time no see"! + +%p With over 187 files changed, 19627 insertions(+) and 5005 deletions(-), this release of the bitmask client is one of the largest to date! To get the latest version, you can visit the <a href="https://dl.bitmask.net/linux/download">Bitmask downloads page</a>. + +%p Here is a summary of the main changes, with links to the complete changelogs for those who want the details: + +%h3 Bitmask + +%p <a href="https://raw.githubusercontent.com/leapcode/bitmask_client/master/CHANGELOG.rst">changelog</a> + +%p On this release we are fixing a ton and a half of bugs in the user interface on different desktops, hopefully getting closer and closer to a really smooth experience. There is also a shiny new button for easy log pasting. A couple of bugs that were also interfering with the correct functioning of Encrypted Internet Proxy have also been smashed for your benefit. And the first steps have been integrated for paving the way to the big client code refactor coming in the next few releases. + +%h3 Soledad + +%p <a href="https://raw.githubusercontent.com/leapcode/soledad/master/CHANGELOG">changelog</a> + +%p Improvements to soledad in this iteration include several optimizations to make data synchronization faster and more efficient, and fixing a couple of bugs that were making concurrent syncs fail. We also got rid of a bug that was making the server consume way too much memory. + +%h3 leap.mail + +%p <a href="https://raw.githubusercontent.com/leapcode/leap_mail/master/CHANGELOG">changelog</a> + +%p Although mail is not ready for prime time yet, this release addresses several fixes to make the service correctly parse different types of mails, including all of your unicodes. Mail code went through a extensive refactor to allow for smaller syncs. We also added partial support for SEARCH commands to allow thunderbird to save your drafts. + +%h3 leap.mx + +%p <a href="https://raw.githubusercontent.com/leapcode/leap_mx/master/CHANGELOG">changelog</a> +This version brings in some fixes for dealing with multipart documents. + +%h3 leap.keymanager + +%p <a href="https://raw.githubusercontent.com/leapcode/keymanager/master/CHANGELOG">changelog</a> + +%p Keymanager was updated to work with the latest webapp release, and now is able to memoize calls. diff --git a/pages/about-us/news/2014/columbia-journalism-review.haml b/pages/about-us/news/2014/columbia-journalism-review.haml new file mode 100644 index 0000000..9923ef7 --- /dev/null +++ b/pages/about-us/news/2014/columbia-journalism-review.haml @@ -0,0 +1,6 @@ +- @title = "LEAP article in Columbia Journalism Review" +- @author = "Elijah" +- @posted_at = "2014-01-10" +- @more = false +- @preview = capture_haml do + The Columbia Journalism review has a nice <a href="http://www.cjr.org/behind_the_news/leap_email.php">introduction to LEAP encrypted email</a> and the importance of secure communication for journalists. diff --git a/pages/about-us/news/2014/darkest-night.md b/pages/about-us/news/2014/darkest-night.md new file mode 100644 index 0000000..71a81cc --- /dev/null +++ b/pages/about-us/news/2014/darkest-night.md @@ -0,0 +1,45 @@ +@title = 'New releases for a new year' +@author = 'Staff' +@posted_at = '2014-12-23' +@more = true +@preview = '<div style="float:left; margin-right: 8px; margin-left: 0;"><img src="/img/pages/winter-solstice-at-stonehenge.jpg"></div><p>LEAP is happy to celebrate the days getting longer with shiny new releases of the LEAP platform and Bitmask client for Linux and Android. We resolved over 160 issues for the platform release alone!<p>' + +LEAP is happy to celebrate the days getting longer with shiny new releases of the LEAP platform and Bitmask client for Linux and Android. + +Platform 0.6.0 +-------------- + +With over 160 issues resolved, the latest platform is a fine tuned, easy to deploy, self monitoring machine. We are real happy with its current state and are looking forward to pushing more frequent releases in the coming months. + +Whats New: single node deployment; platform customization; couch flexibility; stunnel rework; new debian repository structure; dependency pinning; leap_cli modularization; improved cert generation; monitoring improvements such as per-environment tooling and notifications; tor hidden service support; switch away from NIST curve and ensure TLSv1 is used; tests made significantly more robust; add support for webapp deployment to a subdomain; many, many bugfixes and stability improvements + +* Download 0.6.0 signed tag: https://leap.se/git/leap_platform.git +* Changelog: https://leap.se/git/leap_platform.git/shortlog/refs/tags/0.6.0 +* Known issues: https://leap.se/en/docs/platform/troubleshooting/known-issues + + +Bitmask 0.7.0 +------------- + +The LEAP team is pleased to announce the immediate availability of Bitmask 0.7.0 codename "One window to rule them all". We are introducing automatic secure updates for the Bitmask application, making use of a spell called [The Update Framework](http://theupdateframework.com/), aka TUF if you're on friendly terms. Based on your feedback, we are also introducing a sleek new settings panel. As usual, we have also crushed a few bugs along the way. + +For the users of the Linux Bundles, this is the first Bitmask Desktop client release that brings the ability to self-update. This means that you will be able to easily up to date to the latest version. On startup, the app will look for updates, and let you known when a new release is ready and give you a one-click access to the update. If you are using your package manager, you will still have to use the traditional methods to get updates (in ubuntu/Debian, that’s apt-get update && apt-get upgrade). + +Enjoy it while it is hot! + +* Download: https://dl.bitmask.net/linux +* Download 0.7.0 signed tag: https://leap.se/git/bitmask_client.git +* Changelog: https://raw.githubusercontent.com/leapcode/bitmask_client/master/CHANGELOG.rst +* Known issues: https://leap.se/en/docs/client/known-issues +* Compatibility notes: Bitmask 0.7.0 is not compatible with platform versions older than 0.6.0 + +Bitmask Android 0.8.2 +----------------------------- + +Lollipop is here, and Bitmask Android has been visually and internally updated to give the best experience to date for both early Android 5.0 adopters and usual Android 4 users. + +Two new providers have been added to our preseeded list, and a lot of bugs have been fixed. This release will hopefully be the best one yet, both in terms of usability and stability. + +Stay tuned, because 0.9.0 will arrive soon with interesting new VPN features! + +Changelog: https://github.com/leapcode/bitmask_android/blob/master/CHANGELOG diff --git a/pages/about-us/news/2014/en.haml b/pages/about-us/news/2014/en.haml new file mode 100644 index 0000000..472f438 --- /dev/null +++ b/pages/about-us/news/2014/en.haml @@ -0,0 +1,2 @@ +- @path_prefix = '2014' += child_summaries :order_by => :posted_at
\ No newline at end of file diff --git a/pages/about-us/news/2014/gsoc.html.haml b/pages/about-us/news/2014/gsoc.html.haml new file mode 100644 index 0000000..351cbf9 --- /dev/null +++ b/pages/about-us/news/2014/gsoc.html.haml @@ -0,0 +1,9 @@ +- @title = 'Google Summer of Code 2014' +- @author = 'Mcnair' +- @posted_at = '2014-04-24' +- @more = false +- @preview = capture_haml do + %div{:style => 'float:right; margin: 8px; margin-right: 0;'} + %img{:src => "/img/pages/gsoc.png"} + %p LEAP has selected three Google Summer of Code projects that we are really excited about. One focuses on improving Soledad transport, another on better Windows integration, and a third on adding obfsproxy to the encrypted internet proxy. Congratulations to the students who submitted these projects, they stood out above the rest of the proposals. + %p In the coming months, stay tuned for updates on the progress made to these Google Summer of Code projects. diff --git a/pages/about-us/news/2014/platform-hotfix-release.md b/pages/about-us/news/2014/platform-hotfix-release.md new file mode 100644 index 0000000..70ac4fd --- /dev/null +++ b/pages/about-us/news/2014/platform-hotfix-release.md @@ -0,0 +1,13 @@ +@title = 'Platform HotFix Release 0.5.4.1' +@author = 'Micah' +@posted_at = '2014-08-28' +@more = true +@preview = '<div style="float:left; margin: 8px; margin-left: 0;"><img src="/img/pages/chillies.jpg"></div><p>This Platform release is a hotfix release, resolving a couple issues that came up in the previous release. It fixes tapicero dependency ordering so it will start more reliably (#6004); resolves the /etc/hosts ordering to properly construct the FQDN (#5835); and finally a fix for the logging problem (#6020)</p>' + +This Platform release is a hotfix release, resolving a couple issues that came up in the previous release. It fixes tapicero dependency ordering so it will start more reliably (#6004); resolves the /etc/hosts ordering to properly construct the FQDN (#5835); and finally a fix for the logging problem (#6020) + +There's ongoing work to make leap_platform run all services on one single node. However, this is not possible in this release. + +* Download: signed 0.5.4.1 tag: https://leap.se/git/leap_platform.git +* Changelog: https://leap.se/git/leap_platform.git/shortlog/refs/tags/0.5.4.1 +* Known issues: https://leap.se/git/leap_platform.git/blob/HEAD:/README.md diff --git a/pages/about-us/news/2014/platform-release.html.haml b/pages/about-us/news/2014/platform-release.html.haml new file mode 100644 index 0000000..83b6e9e --- /dev/null +++ b/pages/about-us/news/2014/platform-release.html.haml @@ -0,0 +1,54 @@ +- @title = 'LEAP Platform release 0.5.0' +- @author = 'Micah' +- @posted_at = '2014-04-21' +- @more = true +- @preview = capture_haml do + We are happy to announce that the 0.5.0 version of the Leap Platform has been released! There have been a staggering number of improvements since the last release that touch a lot of areas. I'll give you a higher level summary of the changes here. + +%p We are happy to announce that the 0.5.0 version of the Leap Platform has been released! There have been a staggering number of improvements since the last release that touch a lot of areas. I'll give you a higher level summary of the changes here. + +%p There is a signed 0.5.0 tag in the platform git repository, which you can find here: https://leap.se/git/leap_platform + +%p Without further ado, here is what is included: + +%h2 Monitoring + +%p With this release a new monitoring service was added, including the ability to monitor multiple environments with one monitor node. Many logging improvements go along with this feature, like improvements in rotation, making more daemons write to standardized syslog locations. + +%h2 TLS fun + +%p Many improvements related to TLS were rolled out. For mail we now require TLS between satellite servers and the relayhost, and leap mx, we've also improved overall opportunistic TLS configurations. + +%p For the web configurations, the https TLS configurations were modified to take advantage of TLS1.2 features, enhancements to help protect against BREACH and CRIME attacks, and cipher preferences adjusted to prefer PFS, and best-practices strongest cipher selections. + +%p Thanks to heartbleed, we got to test rolling certs and keys in the platform. We are pleased that it went so easily. We simply had to remove the existing ones, ask leap cli to generate new ones, plop in the commercial cert/keys and deploy. Everything was then put where it should be and restarted. With the exception of soledad-server, which was fixed. + +%h2 Whitebox tests + +%p Whitebox tests were added, now you can run 'leap test' in your provider and various critical tests will be run to determine the overall health of your provider. In particular these tests are performed right now: connectivity, checking that correct daemons are running, checking cluster health, and membership, checking for required ACL users and required databases. + +%h2 Bigcouch + +%p There were many Bigcouch scaling improvements dealing with exhausting inodes and body to large issues, and cluster settling before deployment of design documents, databases and users, as well as automatic shard compaction. We also ship some couch scripts that help us with debugging and backups. + +%p We added deployment of new design documents for soledad, and for the new shared database and more robust handling of design document deployment We also migrated u2db metadata to a better structure that allowed for atomic operations and elimination of potential cases of inconsistency + +%h2 Webapp + +%p Functionality was added to allow for a customized webapp git repository, and we now anonymize webapp ips (ipv4 only) by default (in addition to ips in system logs, which cover most cases) + +%h2 Leap CLI + +%p The leap CLI was also improved to fix various corner case bugs, some notable improvements: invalid hostname detection; making sure the ssh key is available in the agent; adding a --no-color flag so log files are not colorized; add a --no-deploy feature; added a 'plain' node, which has no services deployed to it. + +%h2 Tapicero + +%p New tapicero was also deployed with enhancements and fixes to deal better when failing to create databases, and avoiding bigcouch conflicts, adding a flag to re-run for all known users, and a flag to overwrite the _security document. + +%h2 Miscellaneous + +%p Mail for admins is now properly routed to the address configured in provider.json. We also updated the default nameservers to account for changes in upstream availability. Make sure nodes have proper time synchronization setup and configured, even when nodes are snapshot nodes that have been off for a long time. Improvements in code restructuring to help eliminate some redundancy in setting things up, tearing them down and then setting them up again in between initial run stages + +%p We make sure that sensitive components are downloaded over encrypted protocols, such as ruby gems and vagrant baseboxes, we also made sure that bigcouch admin processes were only listening on localhost. + +%p Finally, the latest versions of leap-mx, soledad, keymanager, the webapp and the associated libraries will also be updated when deploying this release.
\ No newline at end of file diff --git a/pages/about-us/news/2014/poodle-hot-fix.html.haml b/pages/about-us/news/2014/poodle-hot-fix.html.haml new file mode 100644 index 0000000..66d9bb4 --- /dev/null +++ b/pages/about-us/news/2014/poodle-hot-fix.html.haml @@ -0,0 +1,18 @@ +- @title = "Poodle hot-fix" +- @author = "Micah" +- @posted_at = "2014-10-15" +- @more = true +- @preview = capture_haml do + As you may have heard, there is a new dog in town, and it is a Poodle. Poodle (Padding Oracle On Downgraded Legacy Encryption) is the name for a severe flaw in the SSLv3 protocol, which can be exploited to force connections to reveal plain-text. The Poodle announcement brought with it the death of the SSLv3 protocol, and none too soon. + +%p As you may have heard, there is a new dog in town, and it is a Poodle. Poodle (Padding Oracle On Downgraded Legacy Encryption) is the name for a severe flaw in the SSLv3 protocol, which can be exploited to force connections to reveal plain-text. The Poodle announcement brought with it the death of the SSLv3 protocol, and none too soon. + +%p In order to respond to this issue, we've made an important security fix release for the Platform. This release simply disables the SSLv3 protocol (as well as deactivates the weak RC4 cipher). + +%p To apply this update, simply update the Leap Platform master branch (or checkout the signed 0.5.5 tag), and deploy to the webapp node. + +%ul + %li + %a(href="https://leap.se/git/leap_platform.git") Leap Platform git repository + %li + %a(href="https://leap.se/git/leap_platform.git/tag/3c7f2f98cdaabb00e13325476197fbbc74dff597") The signed 0.5.5 tag diff --git a/pages/about-us/news/2014/release-oh-five-one.md b/pages/about-us/news/2014/release-oh-five-one.md new file mode 100644 index 0000000..645518a --- /dev/null +++ b/pages/about-us/news/2014/release-oh-five-one.md @@ -0,0 +1,81 @@ +@title = 'Release 0.5.1' +@author = 'Micah' +@posted_at = '2014-05-22' +@more = true +@preview = '<div style="float:left; margin: 8px; margin-left: 0;"><img src="/img/pages/sand-bucket.jpg"></div><p>We are happy to announce the 0.5.1 LEAP release, code named "los trecesemanas" or "lil less leaky". This rapid round of development focused primarily on getting our Encrypted Internet Proxy (VPN) system secured against data leakage, as well as the continued refactor of the soon to be released encrypted email service.</p>' + +We are happy to announce the 0.5.1 LEAP release, code named "los trecesemanas" or "lil less leaky". This rapid round of development focused primarily on getting our Encrypted Internet Proxy (VPN) system secured against data leakage, as well as the continued refactor of the soon to be released encrypted email service. + +Various development details for the client, platform and the webapp are below. + +Platform +======== + +The platform had a number of minor improvements, mostly the work is EIP related: deployment improvements make openvpn service fragments be fully created before the service is deployed. We now block EIP originated DNS traffic at the OpenVPN gateway. We now install openvpn 2.3 from wheezy backports, and set the ipv6 configuration options to force client ipv6 traffic through the gateway, and then reject any outgoing ipv6 packets. Additionally, script-security is set to '1' and tcp-nodelay is configured. + +There were also few other minor improvements in other areas: the initial firewall will allow port 22 by default, and it triggers better. There were nagios check improvements to eliminate duplicates. Service levels were added to the webapp config; known issues are now documented in the git repository; a simple shorewall whitebox test was added; rsyslog and unbound are now pulled from wheezy-backports. Stunnel refreshing will happen more reliably. Tor nicknames will get set automatically, with a default, and the tor family variable will be filled out correctly. The resolv.conf is fixed on virtualbox. Now we can put the webapp on a subdomain and we have support for environmentally scoped services and tags, when using latest leap_cli. + +Download: + +* There is a signed 0.5.1 tag: https://leap.se/git/leap_platform + +Changelog: + +* https://leap.se/git/leap_platform.git/shortlog/refs/tags/0.5.1 + +Known issues: + +* https://leap.se/git/leap_platform.git/blob/071547967cc00acf18bf68b78e350131017852b9:/README.md + +Webapp +================== + +Webapp development was focused on getting it ready for the beta launch. We enhanced the API with an endpoint to query for the services available when logged in and to notify users via the client. The directory and engine structure has been cleaned up. Documentation now lives on leap.se/docs. Lot's of bugs have been found and fixed during QA and we ensure the availability with nagios tests. + +Changelog: + +* https://github.com/leapcode/leap_web/releases/tag/0.5.1 + +Android +================== + +Android version is running slighly ahead fo the rest! We released 0.5.1 three weeks ago and have made public our 0.5.2 release candidate. 0.5.1 and 0.5.2rc improvements include: + +1. Autostart - If you have EIP on and shutdown your phone, Bitmask will autostart EIP once the phone is running again. +2. Gradle support - This only matters to developers, and they'll know what this means, so no more words +3. Signup support - You can register a new account with a LEAP provider from the android client. + +Autostart still has some glitches due to some problems with ics-openvpn. Next weeks we'll address these issues by cleaning and updating our ics-openvpn codebase. So hold your breath for the next 3 weeks, you'll hopefully see a very good 0.5.2 (or even 0.6!) release. + +Download: + +* https://play.google.com/store/apps/details?id=se.leap.bitmaskclient +* https://downloads.leap.se/client/android/Bitmask-Android-0.5.2-RC1.apk + +Changelog: + +* https://raw.githubusercontent.com/leapcode/bitmask_android/master/CHANGELOG + +Client +================== + +The client focus was towards fixing a security problem that exists in every VPN client to this date, which is: if VPN fails in any way, your traffic gets leaked out of the secure network. + +We leverage the Linux firewall to block all traffic outside of the computer except for the VPN gateways. So even if OpenVPN crashes or the client wrongly says you're going through EIP, you won't be leaking traffic when you are not expecting it. + +The same approach will be expanded to other platforms in the near future. + +Known Issues: Firewall is torn down during restarts #5687. This should be fixed in the early 0.5.2 rc. + +Download: + +* https://dl.bitmask.net + +Changelog: leap.bitmask + +* https://raw.githubusercontent.com/leapcode/bitmask_client/develop/CHANGELOG.rst + +Changelog: leap.soledad + +* https://raw.githubusercontent.com/leapcode/soledad/develop/CHANGELOG + diff --git a/pages/about-us/news/2014/release-oh-five-two.md b/pages/about-us/news/2014/release-oh-five-two.md new file mode 100644 index 0000000..3a12926 --- /dev/null +++ b/pages/about-us/news/2014/release-oh-five-two.md @@ -0,0 +1,64 @@ +@title = 'Release 0.5.2' +@author = 'Micah' +@posted_at = '2014-06-22' +@more = true +@preview = '<div style="float:left; margin-right: 8px; margin-left: 0;"><img src="/img/pages/toolbox.jpg"></div><p>Along with ongoing bug fixes and stability enhancements, the 0.5.2 release of the bitmask client focused on improving VPN security features added in the prior release. In Android development, we are laying the groundwork for better coordination with ics-openvpn which will improve stability and user experience. We plan to launch our beta VPN service in the coming weeks. All of our code that is released is now signed by the LEAP code signing key (key ID 0x1E34A1828E207901, Fingerprint 1E45 3B2C E87B EE2F 7DFE 9966 1E34 A182 8E20 7901).</p>' + +Overview +--------------- + +Along with ongoing bug fixes and stability enhancements, the 0.5.2 release of the bitmask client focused on improving VPN security features added in the prior release. In Android development, we are laying the groundwork for better coordination with ics-openvpn which will improve stability and user experience. We plan to launch our beta VPN service in the coming weeks. Stay tuned! + +In addition to the 0.5.2 releases detailed below, we have now all of our code that is released is signed by the LEAP code signing key (key ID 0x1E34A1828E207901, Fingerprint 1E45 3B2C E87B EE2F 7DFE 9966 1E34 A182 8E20 7901). + +Client +--------------- + +An overall improvement in user experience for the fail close security feature was the main focus. We improved the firewall handling on Linux for failing close when the VPN doesn't work as expected. + +Changelogs: + +* leap.bitmask 0.5.2 - https://github.com/leapcode/bitmask_client/blob/develop/CHANGELOG.rst +* leap.common 0.3.8 - https://github.com/leapcode/leap_pycommon/blob/develop/CHANGELOG + +Platform +--------------- + +This release of the platform has a few minor bug fixes, and a few new features. + +It is now possible to run the webapp and mx on the same host; it is now possible to change the sshd port for nodes; static sites now support rack applications and custom apache configurations and /provider.json can now be served from the static site; the templatewlv function was added enabling passing local variables to templates. + +Various minor code cleanups happened, removing redundant or unused classes and variables, consolidating duplicated pieces and fixing the non-functioning inclusion of the sshd class. Some improved documentation and a fix for unbound configs in the unbound.conf.d directory. + +* Download: +There is a signed 0.5.2 tag: https://leap.se/git/leap_platform.git +* Changelog: +https://leap.se/git/leap_platform.git/shortlog/refs/tags/0.5.2 +* Known issues: +https://leap.se/git/leap_platform.git/blob/071547967cc00acf18bf68b78e350131017852b9:/README.md + +Webapp +--------------- + +We continue polishing the webapp for beta launch and integration with existing services. We prevent users from seeing the tickets of other users and hash our tokens to prevent timing attacks. We ease the integration for providers with existing user bases and use smtp certs to be able to kick out spammers. The UI has been polished with customized error pages and improved i18n. + +0.5.2 is tagged for the webapp with a commit message detailing the changes: https://github.com/leapcode/leap_web/releases/tag/0.5.2 + + +Android +--------------- + +With this version we begin a strong effort to maintain a sane upstream relationship with our base project, ics-openvpn. This is an important step for the stablility and and ease of use for our EIP client, and we're excited about what it means for our development process. We are polishing our patches and will be proposing these to ics-openvpn after our next releaes. + +Also, we have added signup support, enabling you to do so from the login button and from a menu button. + +Changelog: https://github.com/leapcode/bitmask_android/blob/0.5.2/CHANGELOG + + + +Soledad +-------------- + +Focus for this release was on soledad sync stability and speed. This version of Soledad features a sync process which performs one HTTP request for each document sent to or received by the server. The sync process can be interrupted and also reports its status. Two minor bugs have been squashed: avoiding a bigcouch multipart-put bug and authenticating in constant-time to avoid time attacks against the auth scheme. + +leap.soledad 0.5.2 - https://github.com/leapcode/soledad/blob/develop/CHANGELOG diff --git a/pages/about-us/news/2014/release-oh-six.md b/pages/about-us/news/2014/release-oh-six.md new file mode 100644 index 0000000..2df1624 --- /dev/null +++ b/pages/about-us/news/2014/release-oh-six.md @@ -0,0 +1,58 @@ +@title = 'Release 0.6' +@author = 'Micah' +@posted_at = '2014-08-21' +@more = true +@preview = '<div style="float:left; margin-right: 8px; margin-left: 0;"><img src="/img/pages/mostimproved.jpg"></div><p>This release gets the award for most improved, with a focused on major overhauls of the Android and Linux Bitmask clients. These apps now have better security, usability, and stability. We have temporarily broken our practice of releasing all projects with the same version at the same time.</p>' + +Overview +------------------------------------- + +This release gets the award for most improved, with a focused on major overhauls of the Android and Linux Bitmask clients. These apps now have better security, usability, and stability. We have temporarily broken our practice of releasing all projects with the same version at the same time. + +* Bitmask - Android 0.6.0 +* Bitmask - Desktop 0.6.1 +* LEAP Platform 0.5.3 +* Webapp 0.5.3 + +Bitmask Android 0.6.0 +----------------------------------- + +This is a major release for our Android client. It contains a couple of security improvements that inaugurate a series of small but important features that will try to satisfy security minded people. + +The most important security feature added in this release is the openvpn persistent tun integration with our client. Once your device establishes a vpn tunnel, and as long as you keep EIP switch ON, you'll not route any traffic outside the vpn tunnel while the vpn is being established. Other features include earlier autostart launch, prompt to log in if necessary, and man in the middle prevention. + +Regarding bug fixes, we've finally removed the second notification that was annoying some users. The reason of its removal will be soon documented. Apart from that, we've also addressed the Play Store crashes, and some small UI improvements. + +* Download: https://dl.bitmask.net/android +* Changelog: https://github.com/leapcode/bitmask_android/blob/develop/CHANGELOG + + +Bitmask Linux 0.6.1 +----------------------------------- + +This is the new stable version of the Desktop Client after the refactor in which we have separated frontend from backend. This separation paves the way for starting Bitmask during the boot process, and attach the current graphical client afterwards. And maybe even having cli or html5 clients in the near future, the possibilities that it opens are many! + +It also allows us to finally close an annoying bug that was causing high CPU usage when using the client. + +While we were at it, we gave a little face lift to the UI: the provider selection is in a more prominent place now, and some other little interface tweaks made their way into this last release. We hope you enjoy it as much as we do! + +* Download: https://dl.bitmask.net/linux +* Changelog: https://raw.githubusercontent.com/leapcode/bitmask_client/master/CHANGELOG.rst + +LEAP Platform 0.5.3 +----------------------------------- + +This release of the Platform is a minor release, stabilizing further the previous version by only fixing minor, non-disruptive issues. + +* Download: signed 0.5.3 tag: https://leap.se/git/leap_platform.git +* Changelog: https://leap.se/git/leap_platform.git/shortlog/refs/tags/0.5.3 +* Known issues: https://leap.se/git/leap_platform.git/blob/HEAD:/README.md + + +LEAP Webapp 0.5.3 +----------------------------------- + +This release of the webapp is also a minor bug fix release, with few changes designed to further stabilize this version. We now enable including custom gems to make customization even more powerful. We also fix corner cases during the account creation and document debugging in production. + +* Download: 0.5.3 tag: https://github.com/leapcode/leap_web/archive/0.5.3.tar.gz +* Changelog: 0.5.3 is tagged for the webapp with a commit message detailing the changes: https://github.com/leapcode/leap_web/releases/tag/0.5.3 diff --git a/pages/about-us/news/2014/repository-key-refresh.html.haml b/pages/about-us/news/2014/repository-key-refresh.html.haml new file mode 100644 index 0000000..14f0ec4 --- /dev/null +++ b/pages/about-us/news/2014/repository-key-refresh.html.haml @@ -0,0 +1,59 @@ +- @title = "Repository Key Refresh" +- @author = 'Elijah' +- @posted_at = "2014-01-14" +- @more = true +- @preview = "We screwed up and let our debian repository key expire. The responsible parties have been punished (no more free back rubs). You have three options to fix it..." + +%p We screwed up and let our debian repository key expire. The responsible parties have been punished (no more free back rubs). You have three options to fix: + +%h3 option 1 - blindly upgrade + +%p You can just ignore the warnings about the packages being unauthenticated. This will upgrade your leap-keyring package, which includes the updated key. This is potentially dangerious and should be avoided. + +%pre + apt-get update --allow-unauthenticated + apt-get upgrade --allow-unauthenticated + +%h3 option 2 - re-add key without checking fingerprint + +%p You can simply re-import the key to your apt keyring. This method is less dangerious, but requires you to trust the certificate authority system (which never a good idea). + +%pre + curl https://dl.bitmask.net/apt.key | apt-key add - + +%h3 option 3 - update the key from keyserver + +%p With this method, we update the key by pulling it from a keyserver and then importing to apt-key. This method is the most secure (so long as you follow all the steps and actually verify the fingerprint). + +%p Find the long key-id of the current LEAP archive signing key: + +%pre + apt-key adv --list-keys --keyid-format 0xLONG + +%p You should see this among the output: + +%pre + pub 4096R/0x1E34A1828E207901 2013-02-06 [expired: 2014-02-06] + uid LEAP archive signing key <sysdev@leap.se> + +%p Now, grab that specific key-id from a keyserver, and verify the fingerprint: + +%pre + gpg --recv-key 0x1E34A1828E207901 + gpg --fingerprint 0x1E34A1828E207901 + +%p You should see this as output: + +:plain + <pre> + pub 4096R/8E207901 2013-02-06 [expires: 2015-02-07] + Key fingerprint = 1E45 3B2C E87B EE2F 7DFE 9966 1E34 A182 8E20 7901 + uid LEAP archive signing key <sysdev@leap.se> + </pre> + +%p Make sure that the fingerprint in this output matches the long key-id you listed with <code>apt-key</code>. Without this step, it would be very easy for an attacker to feed you a bogus key. + +%p Finally, import the key into apt-key: + +%pre + gpg --armor --export 0x1E34A1828E207901 | sudo apt-key add - |