tor-project April 2018

tor-project@lists.torproject.org

23 participants
27 discussions

Localized mailing lists
by ilv＠torproject.org 16 Apr '18

16 Apr '18

Hey, I want to propose the idea of having localized mailing lists. It is obvious that there is a language barrier for users, volunteers and new contributors that don't handle english very well or at all. Yes, you could say that having yet another mailing list won't help, but I would argue that for non-english speakers might be a space for discussion and communication that you might not find in lists such as tor-talk, tor-dev or tor-project. Mailing lists in plural sounds scary so I propose to start with the following: Name: tor-lang-es(a)lists.torproject.org (according to #15140 [0] the main issue in the past was the name). Purpose: General discussion in Spanish, including announcements, user questions and technical discussion. For what I have seen and heard of events in Latin America I think there is enough "critical mass" to consider this. And if we do, there is a good chance this community gets more cohesion and grow. Someone might "hey, but if we have a mailing list for language X, we should have one for language Y". To avoid this (supposing that we want) we could set some requirements like for example there should be at least one core member willing to run the list. Looking forward to discuss the idea. [0] https://trac.torproject.org/projects/tor/ticket/15140 Saludos. --i

11 18

Network team meeting notes, 16 April 2018
by Nick Mathewson 16 Apr '18

16 Apr '18

Hi! Our meeting logs for the week are at http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-04-16-16.59.html . Our notes from the meeting follow below: =================================== = Network team meeting pad, 16 April 2018 = - "That's my name, don't wear it out!" - -- Pee-Wee Herman Welcome to our meeting! Mondays at 1700 UTC on #tor-meeting on OFTC. (This channel is logged while meetings are in progress.) Want to participate? Awesome! Here's what to do: 1. If you have updates, enter them below, under your name. 2. If you see anything you want to talk about in your updates, put them in *boldface*! 3. Show up to the IRC meeting and say hi! Note the meeting location: #tor-meeting on OFTC! (See https://lists.torproject.org/pipermail/tor-project/2017-September/001459.ht… for background.) == Previous notes == 5 March: https://lists.torproject.org/pipermail/tor-project/2018-March/001685.html <https://lists.torproject.org/pipermail/tor-project/2018-March/001685.htmlyy> yy <https://lists.torproject.org/pipermail/tor-project/2018-March/001685.htmlyy> 26 March: https://lists.torproject.org/pipermail/tor-project/2018-March/001695.html 3 April: https://lists.torproject.org/pipermail/tor-project/2018-April/001705.html 9 April: https://lists.torproject.org/pipermail/tor-project/2018-April/001723.html == Stuff to do every week =* Let's check and update the roadmap. What's done, and what's coming up? url to roadmap: https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Check reviewer assignments at https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Check rotations at https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/TeamRot… == Announcements == * Remember to "/me status: foo" at least once daily. * Remember that our current code reviews should be done by end-of-week. * Make sure you are in touch with everybody with whom you are doing 0.3.4.x work. * Important dates: * Apr 15, 2018 -- 0.3.3.x stable was supposed to be ready! * May 15, 2018 -- 0.3.4.x feature freeze! * Remember: don't spend more than a day working on anything that isn't on the 033 or 034 milestones. == Discussion == [asn: Seems like we are having a hard time deciding on the intricate tradeoffs of prop#291. Doing it over [tor-dev] makes it even harder due to the bandwidth and the latency. Two suggestions: a) Let's have a meeting next week about it. How about Wednesday 17:00 UTC?] b) Let's leave it for the Seattle hackfest.] (Decision: We're going with Wednesday, 1700 UTC.) [mike: Jenkins hook changes+role documentation] == Updates == Nick: * Last week: * Fixed 25691 and possibly 25692 (assertion failure bugs in 033) * Worked on compilation failures affecting Jenkins, especially on 32-bit * Various patches to libevent subsystems merged; new backend for token buckets merged. (Thanks for the reviews and discussion, David!) * Inbox zero! * Merged various fixes in 033 and 034. * 0.3.3.5-rc released. * Planned #25500 with dgoulet * This week: * CI rotation! * Hoping to finish #25373 coding (no more every-100-ms timers for token buckets) * Keeping an eye out for any bugs reported in 0.3.3.5-rc. Mike: * Last week: * Did a bunch of paperwork; had to help some friends move a bunch of stuff. Took longer than I expected * Discussed prop#291 on list * Reviewed + edited #25248 * Did jenkins triage, somewhat poorly. Have some thoughts: * *Can we add a commit hook to mail the committer(s) since last build (and maybe a weekly/group triage alias?) when a build failes?* * Several of our builds are failing because of missing/broken platform stuff, I think. I guess I should be filing Service:Jenkins for these? * We should probably tag all jenkins tickets with jenkins, so for long-time failing builds we don't dup/waste effort.. * We should document all of this like reviewing stuff. * This week: * Down to meet re prop #291+vanguards (prop#291 decisions impact how we do children of #25546) * Work on vanguard script catalyst: * Last week (2018-W15): - bug triage rotation - #25756 clock skew complaints because dizum (dirauth) is 65 seconds in the future; *do we want to relax the "consensus is coming from the future" tolerance to account for the earliest that a clock-skewed dirauth could be skewed yet still be distributing a valid consensus? e.g., by taking the voting schedule into account so "enough" dirauths would have to have clocks actually in the future for a client to produce a consensus-informed clock skew warning?** [outcome: roger suggests "yes, 5 minutes is good." Nick seconds.]**[catalyst will make a ticket]* - worked on #25061, mostly tracing and annotating call trees - tried out the new calltool to help with #25061; it doesn't play nicely with separate build dirs yet - adventures in taxes and medical billing * This week (2018-W16): - dealing with winter storm aftermath (nothing too serious, only annoying) - #25061 - 033 work and reviews as needed - follow up on #25511 (minor revisions to test probably needed) isis: last week: - refactored the randomness functions from crypto.c into a new crypto_rand.c module #24658 - wrapped our (P)RNG in Rust #24660 - began writing the encoding/decoding code for wide create cells #25647 - began writing FFI code for ed25519-dalek and x25519-dalek #23886 this week: - finishing encoding/decoding wide create cells #25647 - ??? more wide create cell stuff? maybe #25648 and/or #25649 and/or #25653 - whatever else needs to do for #25517 (i think this is my only 033 task remaining) dgoulet: * Last week: - Tickets work (including 033), see timeline for more info. - Worked with nickm on the token bucket new API. - Worked on the reducing client CPU usage with #25762. - We merged #25226 this morning so great success! - Some Bad Relays attention as well including the tor-team@ email about some relay guidelines. * This week: - I'm done with 033 tickets so I'll go mostly in Roadmap items land. Mostly #25762 (client CPU) and #25610 (modularization). - I would like to work on #25761 HS regression before 033 stable! - I'm the Bug Triager this week! ahf I'm gonna be missing during the meeting, but will read backlog once I'm home again. See #tor-internal. Last week: Sponsor 8: - Experimenting with GNU cflow on caller/callee relationship in dirserv/dirauth code. Misc: - Began review of #20522 and #23846 - Code landed for #24782 and #24854 - Did an interview about Tor with the big Danish IT news site version2.dk. Coordinated it all with Steph. - Talked a bit with Antonela about having TeX "templates" of the different designs the UX team comes up with. This week: Sponsor 8: - Move to 0.3.4 features. Misc: - Finish #25245 - Review #25140 - Figure out what to do with travel for Mozilla all hands. haxxpop: Last week: - The descriptor is already encrypted using clients' pubkey - I started working on the client side of the onion service client authorization - Succesfully load HidServAuth config line to the daemon at the client side This week: - Try to decrypt the descriptor at the client side Isabela: - Need help from folks who were working on sponsor8 stuff on collecting tickets links for report: https://storm.torproject.org/shared/DVFRP--hqWM3l9a6fQIa71NWWhyyKce2vD1vCwd… *<- ahf, catalyst, nickm* - Helping with movig things forward related to the censorship team project - Working with tommy on .onion grant proposal (deadline May 1st) - FYI .onion ux ticket #23247 is being implemented by TB team :) - *ahf - reminder about new .onion address for the test of this month (april)* pastly: /me is all about that sbws last week: - Compared sbws v3bw files to those from the real bwauths. Discovered that my helper relay's bandwidth is a limiting factor in measurements - Write integration tests - Make one minor modification needed for IPv6 compatibility - Merge code style guide - Merge tests for code style and static ananlysis - Change logging library from home-grown PastlyLogger to standard python logging library (which is way better) this week: - Exercise sbws after logging changes to weed out bugs - Write/merge additional docs - Setup diratuh in test net, ask for other dirauths to trust it - Other misc. stuff in 1.0 milestone future: - ~2 weeks get sbws paper work back saying it can be open source asn: Last week: - Spent lots of time thinking and discussing the 2-guard proposal (#25754): - Investigated engineering part of switching to two guards: https://lists.torproject.org/pipermail/tor-dev/2018-April/013057.html - Raised some concerns about the threat model of prop#291: https://lists.torproject.org/pipermail/tor-dev/2018-April/013058.html - Found a guard bug that might hit us if we reduce the number of our primary guards (like prop#291 suggests): #25783 - Reviewed #25705, #25024, #23247. - Prepared patch for #24544 and got it merged. - Did snowflake meeting on Thursday. This week: - Continue work on 034 deliverables (2-guards, vanguards, etc.). - More reviews.

1 0

Notes from April 12 2018 Vegas team meeting
by Karsten Loesing 15 Apr '18

15 Apr '18

Notes for April 12 2018 meeting: Arturo: 1) Update test lists for Kazakistan (https://github.com/citizenlab/test-lists/pull/330), Venezuela (https://github.com/citizenlab/test-lists/pull/329), Zimbabwe (https://github.com/citizenlab/test-lists/pull/327), Ethiopia (https://github.com/citizenlab/test-lists/pull/326) 2) Published blog post on OONI's recent participation at conferences in Africa, India, and Europe: https://ooni.torproject.org/post/ooni-in-africa-india-europe-conferences/ 3) Made some progress on getting yubikey based signing of probe orchestration requests: https://github.com/TheTorProject/proteus/pull/42 4) We are in the process of consolidating all OONI related repositories into github.com/ooni/. This should leave github.com/TheTorProject more free from OONI related projects. We are going to keep in TheTorProject all the OONI repos that are to be archived (i.e. that are deprecated) 5) Coordinating with Jon the shipment of OONI T-Shirts to Seattle 6) How should people donate to OONI specifically via donate.torproject.org and receive OONI swag? 7) Did a talk at Tor Vergata University about Facebook and Cambridge Analitica: http://lug.uniroma2.it/2018/04/06/facebook-si-facebook-no-martedi-10-aprile/ Georg: 1) Misc. Nick: 1) New release candidate coming out some time this weekend-ish? 2) Talking with crypto folks about improved crypto for tor relays, following up from Rome. Mike: 1) On the thread with Google about ReCaptcha: To be honest, I think that reaching out to them like this is a waste of time. I should have objected to the idea earlier. Public pressure about exactly how bad this situation is will be the only thing that will move the needle in terms of them devoting resources to the problem. For pete's sake.. This is a company that is basically the primary/only gateway to much of the Internet, and it has decided that certain IP addresses *do not deserve access to that Internet*. Full stop. This is not a problem that gets solved by having our devs talk to their devs to "nerd harder". This should be a PR bloodbath.. We should have made it one months ago. Alison: 1) continuing lots of work on the LFI curriculum 2) made some draft slides for the community portal 3) connected with community partners for Sponsor9, still doing planning 4) reviewing applications for the community liaison position 5) coordinating meeting-planners for Mexico City 6) hoping to get the initial invite list finalized this coming week 7) Nick, LibrePlanet folks are trying to get in touch with you to sign the videorecording release/licensing [I haven't heard anything from them. What are they trying? -nick] Steph: 1) DDG Privacy Challenge ended Tues, we’ll receive final tallies by April 17, like 10-15k. We exceeded what we needed for the last challenge 2x 2) prepping for RightsCon and NYC meet up 3) the regular: editing posts, doing social 4) coordinating onion post, should have draft by end of april Shari: 1) great trip to San Francisco last week. Met up with Mike, Sue Gardner, Cindy, Trevor, lots of folks. 2) checking references of ED candidates 3) second interviews with ED candidates 4) meeting with board to discuss ED candidates 5) reviewing resumes for Community Liaison and User Advocate positions 6) trying to finalize Colin's goals isabela: 1) bit overwhelmed this week 2) reviewing resumes for Community Liaison and reviewing resumes + organizing UX Research Coordinator process 3) did some UX tasks that was pending my work (tpo sitemap, .onion stuff) - but i am still behind on finishing organizing our roadmap (and services one too!) 4) sent feb and march reports out to sponsors 5) writing more reports to close up sponsor4 6) trying to catch up with tommy on .onion grant proposal and on censorship team stuff (but I think this one will be for next week not sure) 7) preparing to reach out to folks to start collecting information for sponsor8 8) will be in Brazil starting April 20th (might miss that Friday meetings) - will be there for a month and will be traveling around in the country too. Will inform people of those days so folks know when I am online etc. Roger: 1) shari: no rush, but i'm still hoping to see the 2016-2017 income categories broken up into line items (for example, to check if we categorized the mdf-nvf money right) 2) i have one more month of magic eye contact lens bandage, and on may 10 we start the "potential misery" phase of the experiment. fyi. 3) sue and i sent the next round of accounting bureaucracy to the penn person. this time for sure! 4) what's the story with defcon booth plan? i might have arranged for us to use the privacy village after-hours. 5) my september toronto public library talk has blossomed into three talks, including one to their staff.

1 0

community team March 2018
by Alison Macrina 13 Apr '18

13 Apr '18

Hi all, Here are the highlights from the community team's work in March! Meeting notes ================================================================== https://trac.torproject.org/projects/tor/wiki/org/teams/CommunityTeam#Curre… https://trac.torproject.org/projects/tor/wiki/org/meetings/2018Rome/Notes/C… Tor Meeting ================================================================= We had a great, productive time in Rome, and made progress on projects related to meeting planning, Global South work, relay operator support, and more. Volunteer recognition ================================================================== Kat and Jon launched a new effort to better recognize volunteers who've gone above and beyond (#24148). Outreachy ================================================================== Colin has been reviewing Outreachy applications for this round. community.torproject.org ================================================================== We started work on creating training content for community.torproject.org meeting-planners ================================================================== There's a new mailing list for working on the bi-annual meeting: meeting-planners(a)lists.torproject.org. Join us if you want to work on making the meetings awesome! Library Freedom Institute ================================================================== LFI curriculum development is underway! Community governance ================================================================== The Code of Conduct vote went out to Core Contributors in March. Tor talks ================================================================== A bunch of Tor people gave a talk at LibrePlanet in Cambridge, MA. The first privacy meetup in Pune, India happened. These meetups will be in a series! Cryptorave plans are finalized, and Isabela will be keynote! ================================================================== -- Alison Macrina Community Team Lead The Tor Project

1 0

State of The Onion 2018 #Libreplanet2018
by Andri Effendi 12 Apr '18

12 Apr '18

Hi Privacy lovers, Can someone please post the Tor Talk Video from LibrePlanet 2018? I haven’t seen a State of the Onion since Roger, Jake and others presented at CCC 2015. I really want to watch it. Please post a link. Kind Regards, -- Andri Effendi <fusionman133(a)gmx.de> Organiser of the Free Software Movement in Sydney GPG fingerprint: 8438 138D ECDA 05E0 591F F2B4 4721 0F03 AC24 DF73 Confidentiality cannot be guaranteed on emails sent or received unencrypted. Learn to encrypt your email: https://emailselfdefense.fsf.org/en/windows.html

2 2

Tails report for March 2018
by intrigeri 11 Apr '18

11 Apr '18

Hi, the Tails report for March is out! https://tails.boum.org/news/report_2018_03/ To help spread the word, you might want to retweet https://twitter.com/Tails_live/status/984109609336979456 Cheers, -- intrigeri

1 0

March Communications Report
by Stephanie A. Whited 10 Apr '18

10 Apr '18

Hello! The DuckDuckDuckGo Privacy Challenge began last month and is closing today at 1:59:59PM ET. We've received over $10,000 in donation matches and challenge prizes (not reflected on the DDG leaderboard), plus we're set to get an additional $15,000 for our rank. https://crowdrise.com/tor-project Tommy's been working hard on grants! We received a generous $40,000 grant from the Rose Foundation. Steph did her first official Tor talk at LibrePlanet with Isa, Nick, and Nathan. Alison staked out our booth. Tommy and Steph are both working on some tasty onion services related projects. Team written and/or edited blog posts: https://blog.torproject.org/protect-open-web-ford-mozilla-fellow https://blog.torproject.org/tor-project-joined-duckduckgo-privacy-challenge… https://blog.torproject.org/we-launched-live-brand-styleguide https://blog.torproject.org/join-tors-summer-privacy https://blog.torproject.org/pune-india-dgplug-meetup-learn-about-privacy-to… Twitter avg at least 3 tweets/weekday new followers: 4,894 top tweets: https://twitter.com/torproject/status/976472112817950721 (impressions: 557,239) https://twitter.com/torproject/status/979348238343049218 (impressions: 335,940) https://twitter.com/torproject/status/976812605049397249 (impressions: 170,113) FB 1 post/week day new followers: 206 LinkedIn 1 post/week new followers: 59 Newsletter Sent 3/30: https://newsletter.torproject.org/archive/2018-03-30-user-advocate-mozilla-… Press http://www.tomshardware.com/news/turkey-blocks-protonmail-encrypted-email,3… o/ -comms -- Stephanie A. Whited Communications Director The Tor Project IRC: stephw PGP Key ID: 39A876AD <https://pgp.mit.edu/pks/lookup?op=get&search=0x6D6B72C339A876AD>

1 0

Network team meeting notes, 9 April 2018
by Nick Mathewson 09 Apr '18

09 Apr '18

Hi! You can find our weekly meeting log over here: http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-04-09-16.59.html The contents of the pad are below: = Network team meeting pad, 9 April 2018 = "And before that I was Nautilus II. Oh, and I was called Jamie for a while... and I often like to go by Sir Duckworth. Changing names is fun!" -- Ben Clayton, _Narwhal Peanut Butter and Jelly_ Welcome to our meeting! Mondays at 1700 UTC on #tor-meeting on OFTC. (This channel is logged while meetings are in progress.) Want to participate? Awesome! Here's what to do: 1. If you have updates, enter them below, under your name. 2. If you see anything you want to talk about in your updates, put them in boldface! 3. Show up to the IRC meeting and say hi! Note the meeting location: #tor-meeting on OFTC! (See https://lists.torproject.org/pipermail/tor-project/2017-September/001459.ht… for background.) == Previous notes == 5 March: https://lists.torproject.org/pipermail/tor-project/2018-March/001685.html 26 March: https://lists.torproject.org/pipermail/tor-project/2018-March/001695.html 3 April: https://lists.torproject.org/pipermail/tor-project/2018-April/001705.html == Stuff to do every week == * Let's check and update the roadmap. What's done, and what's coming up? url to roadmap: https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Check reviewer assignments at https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Check rotations at https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/TeamRot… == Announcements == * 0.3.4 triage has happened; most things with the 034-removed tag are now gone from 0.3.4; mostly into Unspecified. * Did I remove anything you loved? Search for "034-removed" to find out! * In particular, please have a quick look at the "034-removed" tickets in status needs_revision. * Remember to "/me status: foo" at least once daily. * Remember that our current code reviews should be done by end-of-week. * Make sure you are in touch with everybody with whom you are doing 0.3.4.x work. * Important dates: * Apr 15, 2018 -- 0.3.3.x stable is supposed to be ready! * May 15, 2018 -- 0.3.4.x feature freeze! * Remember: don't spend more than a day working on anything that isn't on the 033 or 034 milestones. * When doing the Bug Triage, we must not let ticket without a Milestone. Currently 26 without one...: https://trac.torproject.org/projects/tor/query?status=accepted&status=assig… [asn: eek. I take blame for those last ones there! I was a bit confused on whether I should put them on 034 or Unspecified and then inertia took over..] [nickm: This has gotten harder, though, since we stopped using "034" as a catch-all for whatever is maybe-should. Should we talk about where these tickets _should_ go?] [dgoulet: I'll update the TicketTriage page about the 034-proposed keyword in case of doubt for Unspecified] DONE == Discussion topics == * How did all the rotations go last week? - isabela: i want to proposal a rotation retrospective via email so we can document better our feedback so far and adjust the process as needed * We need to finish all the 033 tickets. How are we going to do this? * Can we amend our meeting process to say "write updates on a the pad 'before' the meeting?" == Updates == Nick: Last week: * PETS reviews * SoP apps review * Reviewed and merged a lot * Mainloop refactoring tickets for sponsor8. * 0.3.4 triage * 1:1:1 meetings * ED hiring work This week: * Final 0.3.3 ticket cleanup * 0.3.3.x-rc? * Second-round ED interviewing? * 034-CPU work on bucket refill events (dgoulet, let's check in with your current thoughts about events?) [dgoulet]: Yes! Worked quite a bit on #25375, we can assess what's up. * Several smaller 034 tickets, time permitting * Scowl at jenkins, time permitting asn: [It's national holidays over here due to orthodox easter. I will probs be somewhere with my family having dinner during the meeting. Sorry about that!] Last week: - Spent more time discussing the 033 guard/dos bug: #25347. In the end I decided that we should NACK the original patch here, because of the potential security implications. My plan is to defer this ticket to 034 for now, except if someone else has a short-term plan for 033. - Reviewed #25581, #25516, #25296. - Reviewed #25705. Ticket needs some more attention now. Mike should we aim for 034 with this one? [Yes, 034 seems fine - Mike] - Assigned reviews with David. - Met with Arlo/dcf/Roger/Tommy to discuss the future of Snowflake. - Did bug triage duty This week: - Hopefully get time to work on the variou 034 deliverables (2-guards, vanguards, etc.) - Another Snowflake meeting on Thursday. - Review #25705. - Figure out what to do for #25347 in 034 timeframe. - Review SoP applications. dgoulet: - Last week: * Ticket triage, review and patchs (in 033 and 034). See timeline. * Worked on modularization: #25610. See ticket for the dev branch. * Addressed arma's review of #25226. * Initial work on #25375 (remove items from our per-sec. callback) * Was on Coverity duty. One warning but we can ignore it. Unfortunately, scan.coverity.com seems down right now so I can't log in. - This week; * Both my 033 tickets are in needs_review so we'll monitor them closely to get any fixes in quickly. * Continue work on roadmap items, most likely #25375 and #25610. * Need to start an HS discussion with a SoP candidate. * I'm the community hero this week. haxxpop: - Last week: * Tried to finish the service-side client authorization (but not finished yet) * I have defined some additional structs that is needed to finish the service-side but haven't implemented code to encrypt the descriptor using clients' pubkey - This week: * Finish the service-side by implementing code to encrypt the descriptor * Start the client-side when I finish the previous one Mike: - Last week: * Finalized Proposal 291. Roger: Please see Section 3.1; isis please see 2.4. * Worked on #25400, #25705. * Read some queue management RFCs and QUIC research papers. - This week: * Disucss #23978 with asn * Start thinking about #24487/maybe write a short proposal * I would like to make a decision on Prop 291, #24487, and related path issues soon. pastly: last week: - Write tests that cover 3.99 out of ~12 parts of sbws - Add command to compress old sbws data and delete really old sbws data - Add a backtrace when there's an exception in a worker thread to aide debugging - Merge bugfix from juga; merge features from juga - Use better source of randomness (thanks teor) - Claim that sbws uses Semantic Versioning, and document what the "public API" is for sbws this week: - MOAR TESTS - Definitely more unit tests to turn 3.99 into 12.00 - Hopefully merge and make even better some tests to enforce code style and static analysis outside of my personal editor. - MOAR DOCUMENTATION - Contributing.rst/style guide - Docstrings as I get to them in tests - Run an sbws client and/or an sbws server on a new machine if I can get python3 installed in my $HOME 3-4 weeks from now: - Get paperwork back saying sbws can be open sourced juga: - can't attend today, but back online at 19UTC - Last week: * report and fix (https://github.com/pastly/simple-bw-scanner/) #62, fix #56, #39, #52, #33 * talk more with pastly and teor about how to compare results in testnet * worked on 2nd part #25515 (not commited yet) * try to organize weekly meeting with pastly (https://ethercalc.org/xs6s6k1wfb13 ) teor, pastly,should we try Thursdays at 22UTC?, anyone else can join or say which are prefered times [pastly: Thursdays at 22:00 UTC works for me. teor will most likely be sleeping during this network team meeting. So we should email him or network-team@ about the existence of this meeting] - Next week: * write v3bw format (https://gitweb.torproject.org/torflow.git/tree/NetworkScanners/BwAuthority/…) with version in https://gitweb.torproject.org/torspec.git/tree/dir-list-spec.txt? * comment/fix #64 * more doc and bug fixes in sbws isabela: Last week: * syncs with team members that requested it * followed the censorship team meeting on snowflake work * finishing the clean doc for .onion state requested by Geko This week: * proritizing reports to sponsors * tb ux work * sitemap for torproject.org new site * draft .onion work for proposal tommy will be working on (deadlii catalyst: Last week (2018-W14): * community guide rotation: - #23846 (libtool build) - #25549 (appveyor) - following up on cell crypto session from Rome - #25511 (getinfo for utc/local time) * review rotation: - #25511 - #25679 (TOR_RUST_DEPENDENCIES) - #25341 (re-review after Rust 1.25 release) * made some progress on #25061 * recruiting people for Community Council * laptop stand seems to be helping with ergonomics, yay! This week (2018-W15): * bug triage rotation * review rotation - #24659 review is delayed because it will require me to take some time to learn new things about Rust, which i'm happy to do, but will need a large stretch of uninterrupted time that i should spend on #25061 (which is 033, while #24659 is 034). i'm happy to hand it off to someone with better Rust knowledge if it needs to get reviewed sooner * work on "approach two" of #25061 ("approach one" should probably be a technical-debt reduction ticket for 034?) * more cell crypto follow up if needed * Community Council election discussions if needed ahf Last week: Sponsor 8: - Snapshot taken of HS speed test data. - Worked with David to keep up with his DirAuth modularization work. - Wrap my head around our directory server code and how it is being used. Misc: - Reviewed #24854 - Revised patches for #24782 and #24854 - Worked on reviewing #24454: - Got a Tor ARM64 development environment up and running at home. - Able to test the proposed patches, we decided to postpone this to 0.3.4. This week: Sponsor 8: - Continue work on dir auth modularization with focus on making the dirserver code handle requests in different modules (dirauth specifically). Misc: - Review #20522 isis: last week: - made arrangements for seattle - did the next bit of refactoring to split crypto_rand* stuff out of crypto.[ch] #24658 - added note about bool type compatibility to the docs/guidelines #25727 - finished up the patches for #25517 - also the spec patch for #25517 - added some input on some rust related tickets #25714 #23846 - reviewed #25515 - started reviewing #25409 (sorry! not done yet, i totally spaced) - did a brief experiment with iwyu to clean up our header files and reduce modular dependencies on or.h https://include-what-you-use.org/ is this an avenue safe and worth pursuing? this week: - - fixing up #24986 - wrapping the rand stuff, finally #24660

1 0

Tor Browser team meeting notes, 9 April 2018
by Georg Koppen 09 Apr '18

09 Apr '18

Hi! Our weekly meeting just finished. The chat log can be found on http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-04-09-17.59.log… and our pad items are: Discussion: Are we good with the roadmap? (it got colors!) https://docs.google.com/spreadsheets/d/1joFGDiHaqlorGeXhytKakiSnWY9TqTDv5Xq… mcs and brade: Last week: - Made a triage pass over all of the open Tor Launcher tickets. [GeKo: would you say you are done with this round of bug triage? mcs: Yes.] - Reviewed the team roadmap. It looks good to us. - Reviewed the patch for #25126 (about:tor should work on small screens). - Helped with #25548 (Update macOS SDK for Tor Browser builds to 10.11). - Sent email to tbb-dev about some important ESR 60 updater changes. - Participated in the Android developer interviews. - Participated in the UX/Tor Browser "sync" meeting. - Attended the Snowflake meeting (Mark). This week: - Work on rebasing Tor Browser updater patches for ESR 60. - Continue to participate in the Android developer hiring process. - Revisit #25509 (Tor browser tells me "A local proxy is needed when connecting through a company, school, or university network") Can we get some input from the UX team? GeKo: Last week: - Worked on finishing the roadmap - Backport of security bugfix (bug 1448771) - review of #25304 - monthly admin stuff - first two android interviews - bug triage This week: - Reviews (#20302, #25420, #25746) - more bug triage - noscript update - more IRC interviewing - Finish #25481 - Picking up https://bugzilla.mozilla.org/show_bug.cgi?id=1390583 again (Stylo cross-compile for Windows bug) - We plan to release an alpha, who wants to try building? boklm: Last week: - Finished #25304: update gcc to 6.4.0 for the Linux build - #25420 has patches for review (Update gcc to 6.4.0 (Windows)) - #25746 has a patch for review (git_submodule option doesn't work when a submodule is not in the root directory) - started bisecting binutils reproducibility issue - started looking at testsuite issues This week: - continue work on toolchain updates - fix testsuite issues - reinstall nightly builds VM with more disk space tjr - I have been landing build fixes to MinGW x64 in TaskCluster, but have not gotten the browser to run. I have been focused on getting a version running that has symbols; which involved creating a separate debug-link file for gdb. However, the file I create has some sort of error in it, so I am building debug versions of gdb to try and understand why the generated file is unparseable. pospeselr Last weeK: - have a fix for js::GetNativeStackBaseImpl() (#20283), will have a patch up shortly on trac - verified nothing explodes when applied to mozila-central, ran all tree-herdertests, verified /proc read goes away This week: - ensure no other file system syscalls are hitting /proc in a way that would break things - revisit #25147 - something else? (GeKo #25458?) - review GK's patches (#21537, #25721) sysrqb: Last week: Began rebasing/cherry-picking Orfox patches onto mozilla-central The Guardian Project released an Orfox update Worked on updating https-everywhere add-on This week Continue moving Orfox patches onto mozilla-central Merge updated https-everywhere add-on (#25603) Antonela put me in contact with someone looking at/researching(?) Tor Browser and HTTP/2 sysrqb: arthur, I'll loop you in when i get a response, i don't have any more details yet [arthur: thanks!] arthuredelstein: Last week: Continue rebasing to mozilla-beta (future ESR60) (#25543). Almost there! Asked mcs and brade to help with the updater patches (thanks!). Revised https://trac.torproject.org/projects/tor/ticket/24309 (circuit display). The last thing I have to do is get the second instance of "Guard" to be purple. This turns out to be an NP complete problem! This week: Finish and polish the rebasing Start working on integrating rebased branch with the TBB build Finish up the circuit display sukhe: This week: Working on #25483 https://trac.torproject.org/projects/tor/ticket/25483 (Windows reproducible build of snowflake) isabela: - trying to finish clean doc with all .onion states - final reports to sponsor4 - remember sync this wed! - follow up on security controls and maybe a pick on about:tor igt0: Last Week: - Worked on #25743, I am able to reproduce however I am not able to fix since i think it is not a Tor problem igt0: Geko, maybe should we contact cloudfare? [GeKo: I'll look into that, yes] [sysrqb: seems like a Google Recaptcha bug/problem. i wonder if we can reproduce this on any other site directly serving recapcha. ] igt0: sysrqb: I tried on https://www.google.com/recaptcha/api2/demo when the JS is enabled it says that the browser is not supported - Fixed issues appointed in the #25126 This Week: - #25703 Georg

1 0

March 2018 report for the Tor Browser team
by Georg Koppen 09 Apr '18

09 Apr '18

Hi! In March we were quite busy keeping up with Mozilla's almost weekly security updates. Two releases, Tor Browser 7.5.1[1] and 8.0a3[2], got out during the Tor dev meeting (which was a new experience) and contained an update to Firefox 52.7.0esr + newer Tor versions (0.3.2.10 and 0.3.3.3-alpha, respectively). Additionally, they mostly shipped bug fixes (e.g. a fix for broken Windows Vista 64bit builds) with one notable exception: Moat, our new feature to request bridges via meek from BridgeDB, made it into 8.0a3 for wider testing. Tor Browser 7.5.2[3] and 8.0a4[4] shipped Firefox 52.7.2esr including the fixes for the bugs found during Pwn2Own. Tor Browser 7.5.3[5] and 8.0a5[6] in turn picked up Firefox 52.7.3esr. Apart from releases we made progress in our preparations to switch to Firefox ESR 60: we worked on rebasing our patches, integrating rust into our build setup, and updating our toolchains, to name just a few areas. On the mobile side we finally merged the Orfox patches into our tor-browser repo[7] and started to help with getting updated Orfox versions faster out to our users. The latter resulted in new Orfox versions based on Firefox 52.7.2esr and Firefox 52.7.3esr following the above mentioned Tor Browser releases. The full list of tickets closed by the Tor Browser team in March is accessible using the `TorBrowserTeam201803` keyword in our bug tracker.[8] For April we are excited to see a lot of progress in our work with the UX team: we are close to have an updated circuit display ready[9] and plan to make improvements to our security controls[10] and our about:tor start page[11]. Two additional major areas of work for April will be Tor Browser for Android and preparations for Firefox 60. For the former, we outlined a mini-roadmap containing all the items we need to have solved before we want to ship a first alpha (which is planned for July)[12] and are now following up on those tasks. The latter is more of patch rebasing and toolchain updates already seen in March. We hope to start early this time with reviewing the new features that landed between Firefox 52 and 60 to have more time for writing patches. But we'll see. All tickets on our radar for this month can be seen with the `TorBrowserTeam201804` keyword in our bug tracker.[13] Georg [1] https://blog.torproject.org/tor-browser-751-released [2] https://blog.torproject.org/tor-browser-80a3-released [3] https://blog.torproject.org/tor-browser-752-released [4] https://blog.torproject.org/tor-browser-80a4-released [5] https://blog.torproject.org/tor-browser-753-released [6] https://blog.torproject.org/tor-browser-80a5-released [7] https://bugs.torproject.org/19675 [8] https://trac.torproject.org/projects/tor/query?status=closed&keywords=~TorB… [9] https://bugs.torproject.org/24309 [10] https://bugs.torproject.org/25658 [11] https://bugs.torproject.org/25695 [12] https://lists.torproject.org/pipermail/tbb-dev/2018-March/000814.html ff. [13] https://trac.torproject.org/projects/tor/query?status=accepted&status=assig…

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

tor-project April 2018