tor-project July 2018

tor-project@lists.torproject.org

31 participants
37 discussions

Network team meeting notes, 30 July 2018
by Nick Mathewson 31 Jul '18

31 Jul '18

Hi! We had a short meeting today. You can see the logs at http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-07-30-16.58.html and the notes below: = Network team meeting pad! = Welcome to our meeting! Mondays at 1700 UTC on #tor-meeting on OFTC. (This channel is logged while meetings are in progress.) Want to participate? Awesome! Here's what to do: 1. If you have updates, enter them below, under your name. 2. If you see anything you want to talk about in your updates, put them in boldface! 3. Show up to the IRC meeting and say hi! Note the meeting location: #tor-meeting on OFTC! (See https://lists.torproject.org/pipermail/tor-project/2017-September/001459.ht… for background.) After each week's meetings, the contents of this pad will be sent to tor-project @ lists.torproject.org. After that is done, the pad can be used for the next week. == Previous notes == 11 June: https://lists.torproject.org/pipermail/tor-project/2018-June/001828.html 18 June: https://lists.torproject.org/pipermail/tor-project/2018-June/001835.html 25 June: https://lists.torproject.org/pipermail/tor-project/2018-July/001863.html 2 July: https://lists.torproject.org/pipermail/tor-project/2018-July/001866.html 9 July: https://lists.torproject.org/pipermail/tor-project/2018-July/001884.html 16 July: https://lists.torproject.org/pipermail/tor-project/2018-July/001888.html 23 July: https://lists.torproject.org/pipermail/tor-project/2018-July/001926.html == Stuff to do every week = * Let's check and update the roadmap. What's done, and what's coming up? url to roadmap: https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Check reviewer assignments at https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Also, let's check for things we need update on our spreadsheet! Are there important documents we should link to? Things we should archive? * Check rotations at https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/TeamRot… * Community guides, it's time to hand off to the next guide! * Let's look at proposed tickets! [but see discussion] https://trac.torproject.org/projects/tor/query?status=accepted&status=assig… == Reminders == * Remember to "/me status: foo" at least once daily. * Remember that our current code reviews should be done by end-of-week. * Make sure you are in touch with everybody with whom you are doing work for the next releases ------------------------------- ---- 30 July 2018 ------------------------------- == Announcements == == Discussion == == Updates == asn: [Will be commuting during meeting time. Might be online depending on net connectivity.] Last week: - Was at PETS. Gave a rump session talk about the latest blog posts. - Talked with a few people about WTF-PAD and started a thread about the info I gathered: https://lists.torproject.org/pipermail/tor-dev/2018-July/013360.html - Opened a few HSv3 tickets from stuff found during HOPE: #26980, #26931 We really need to find some quiet time to work through all these tickets. - Had someone point me to the "httpsproxy" PT and wondered why Tor is not providing any feedback: https://trac.torproject.org/projects/tor/ticket/26923 I'm not entirely sure what it does, but dcf seems to think it's a good idea. - Found a bug with vanguards + v3 and wrote a patch: https://trac.torproject.org/projects/tor/ticket/26932 - Talked with Aaron about their upcoming paper on statistics of the Tor network. Lots of wacky stats in there, we should find time to investigate to improve network health. - Collected feedback from various HOPE/PETS people about security concerns people have with onion services. Discussed with Mike the potential of doing a "still open issues with onion services" blog post. - Helped with onion service proposal. This week: - Send the latest revision of client auth spec to tor-dev. Haxxpop is there anything else you feel is missing? - Try to find time to debug #26980 (#25552 bug). - Perhaps look a bit more on WTF-PAD and histograms. - Will be mostly offline from Wednesday to the end of the week. Nick: Last week: - At PETS. Livetweeted the talks, evangelized Tor stuff, tried not to get too far behind. This week: - Catching up on backlog from PETS. - Trying to get RSA+NSS to work (#26818) - Working on issues under #25510 (mobile API) - Community rotation - Prepare re-triage for September milestone - As needed, help with proposals due on July 31. - Help with coverity, which is about to react to our changing its definition of our BUG macro. This will likely cause a bunch of warnings to fix themselves, but might cause a bunch more to show up. - Finalize PETS meta-reviews - Make a list of PETS talks and presentations that we should take more action on. - Confer with Teor about what I should do with privcount stuff next - AFK ON THURSDAY. - AFK next week on Thursday & Friday. ahf: last week: Misc: - On vacation some of the time - Read email / IRC backlog from vacation and HOPE period. Sponsor 8: - Looked into the state of where we are with building Tor as a shared library together with Arturu. This week: Sponsor 8: - Look into Nick's NSS work. - Work on changing PT code to handle protocol messages via the event loop. - Disable our stats collection service since we decided not to use it anymore. Misc: - Look at Tor related PETS stuff. - Finish review backlog. - End of month tasks. catalyst: last week (2018-W30): - made some progress on review of NSS tickets - patch for #26785 (conditionally disable an unrecognized gcc warning) - talked about some torspec stuff with teor - followed up some more about prop#295 (cell crypto) on email thread this week (2018-W31): - ticket review - maybe more talk about prop#295 - benefits bureaucracy haxxpop: last week: - Review asn's client auth torspec branch. I think everything is good now. We can merge it if everyone already agreed. this week: - I will revise my client auth code to meet the new torspec (if the asn's torspec branch is already merged)

2 1

Tor Browser team meeting notes, 30 July 2018
by Georg Koppen 30 Jul '18

30 Jul '18

Hey! Our weekly Tor Browser meeting finished a couple of hours ago. Here come the meeting notes. The IRC log can be found at: http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-07-30-17.59.log… The entries from our pad are: Monday July 30, 2018 Discussion: -storm vs. some etherpad [GeKo: We try to figure out first if we can solve storm issues server-side/by cutting the meeting notes from the previous meetings] -github coordinator for the team? (see: https://lists.torproject.org/pipermail/tbb-dev/2018-July/000897.html) [GeKo: We might want to have more disucssion on tbb-dev first before moving forward] -next meeting [GeKo: 8/13 will be the next one] GeKo -Last Week -reviews (most importantly related to #26401 and Tor Browser for Mobile, e.g. #26528) -went deeper down the rabbit hole of indeterminism caused by rust >= 1.26 (#26475); still need to go deeper :( -made progress on network code review (#22176) -finally sent feedback to fingerprint randomization paper which is the basis for the GSoC project Arthur and I are mentoring (https://lists.torproject.org/pipermail/tor-dev/2018-June/013220.html) -This Week -more work on #26475 -more network code review (#22176) -work on #26409 (language prompt is shown twice) -reviews -releases? [GeKo: We move both meeting to the week from 8/13 to finish remaining pieces] -begin of the month admin stuff -PSA: I have to be AFK from 8/2-8/12, alas (this is one of the things I could not postpone as the planning for it where already done before Mozilla moved the ESR release, I am sorry for that) boklm: Last week: - attended PETS - made patch for #26861 (Bump available ulimit in runc container in tor-browser-build) - worked on #26981 (Update marionette_driver used in tbb-testsuite for esr60) - started reviewing the patches from sisbell integrating android build into tor-browser-build - filled an upstream binutils ticket for #26148 This week: - fix the testsuite for Tor Browser 8.0 - some reviews, if needed mcs and brade: Last week: - Attended the sandboxing futures meeting (Mark). - Worked on #25695: Activity 5.1: Redesign Tor Browser homepage ("about:tor”). - Created three child tickets to track implementation. - Posted a patch for the first child ticket: #26960 (implement new about:tor start page). - Spent a little time on #26514 (intermittent updater failures on Win64 (Error 19)). - Tried to build ESR52 updater using ESR60 mingw-w64 toolset but the build failed. - Georg gave us a possible fix for the build, so now we can try again. This week or soon: - Rebuild and test the result for #26514 (intermittent updater failures on Win64 (Error 19)). - Fix #26985 (Tor Launcher help button icons missing). - Make the simple text change suggested in #25509 (misleading proxy prompt in Tor Launcher). - Start on #26961 (implement new user onboarding). - Review our notes from #22074 (undocumented bugs since FF52esr) and file additional tickets if necessary. - Revisit #26381 (about:tor page does not load on first start in localized Windows bundle). - After the Tor Browser nightly builds include the network team's fix for #26876, do some testing for #26251 (Adapt macOS snowflake compilation to new toolchain). igt0: Last week: - Half of the week sick - Started to take a look in the about:tor for mobile(https://trac.torproject.org/projects/tor/ticket/25696#comment:13) - Experimented with different UI layouts for #26884. This week: - Send a patch to #26884 - Start the about:tor for mobile sisbell: Last week: - Added arm target for rust - Created first version of Android build that works with RBM (needs review) This week: - Move code to git repo at torproject #26974 - Work on adding mobile branding to Android #26975 - Testing of APK - Working on bugs and improvements needed for Android build (based on feedback/review) tjr - Started landing mingwclang build in -central - Working on Fuzzyfox - Worked on 26476 with sukhe some more pospeselr: Last week: - moved house (Monday/Tuesday), no more crazy building manager! - got my torproject gits working, reposted patches for #26540 (pdfjs disablerange fix) as gitweb diffs - investigating #26874 (UNC path issues) - made travel arrangements for rustconf in Portland (gk: is this something TPI would reimburse) [GeKo: I think we can make an argument for that, I suggest asking travel@tpo] This week: - fix for #26874 - other hi-pri tbb-fingerprinting - revisit #26540 patch, move smuggled first party domain onto the nsIHttpChannel interface sysrqb: Last week: First TBA patch landed Looked at Fennec networking code some more (#22170 and Bug 507641) Looked at igt0's work on Fennec update mechanisms Began looking at Orfox patches of AccountManager that were dropped during earlier ESR rebases (#26858) Had first meeting about sandboxing tor browser This week: Finish #22170 with auditing TBA networking code for proxy-safety Create a branch for patching AccountManager (#26858) if needed Rebase branch for minimizing TBA permissions (#24796) Review other child tickets of Proxy-Safety and created patches and/or close (#21863) sukhe: Last Week: #9145 (gcc/hardware acceleration): merged #26949: STIX repository: merged #26476: tjr and I continue to debug this. we now have a "Tor" build on TaskCluster and the next step is to compare the logs to see what differs. #25485: I need help with this one, someone who is familiar with C++: what's the simplest program that will use the latest ABI? simply linking to our libstdc++ is not enough [GeKo: boklm stepped up to have a look as well] #12968: boklm: seems like https://ffmpeg.org/pipermail/ffmpeg-cvslog/2015-September/094027.html also set SHFLAGS. this is the only thing that differs from our commit. how do we set those? otherwise I tried building with the gcc patch and we get the same error. [GeKo: boklm stepped up to have a look as well] This Week: #26476, #25485, #12968 -- hopefully arthuredelstein: Last week: AFK for vacation Wrote some comments on sandboxing Previous week: HTTP2 patch, #14592 (almost ready) Met with the Tor uplift team Worked on #26520 (NoScript is broken with Tor Launcher disabled) Wrote a patch for #26490 "When first launching 8.0a9 the screen.height starts at 612px" (still testing) Worked on #21787 "Make sure exposing the calendar information does not leak the locale". Started to look at #24056 "UI locale is detectable by button width" and #26604 "investigate whether date and time <input> types leak the user's locale" Better monitoring for TBB locales: https://torpat.ch/locales This week: Finish #14592 (HTTP2) AFK on Wednesday Test #17252 "Confirm TLS session resumption/ID are isolated to the URL bar domain, and re-enable them" Look at https://trac.torproject.org/projects/tor/ticket/26506 "NoScript not working on TBB/ESR60 on Windows" Finish other fingerprinting-related bugs I started. Following week: AFK Wed, Th, Fri. Georg

1 0

Network Team Meeting Notes, 23 July 2018
by teor 30 Jul '18

30 Jul '18

Hi, Here are the network team meeting notes for 23 July 2018. Sorry for the delay, a few of us were away last week. = Network team meeting pad! = Welcome to our meeting! Mondays at 1700 UTC on #tor-meeting on OFTC. (This channel is logged while meetings are in progress.) Want to participate? Awesome! Here's what to do: 1. If you have updates, enter them below, under your name. 2. If you see anything you want to talk about in your updates, put them in boldface! 3. Show up to the IRC meeting and say hi! Note the meeting location: #tor-meeting on OFTC! (See https://lists.torproject.org/pipermail/tor-project/2017-September/001459.ht… for background.) After each week's meetings, the contents of this pad will be sent to tor-project @ lists.torproject.org. After that is done, the pad can be used for the next week. == Previous notes == 11 June: https://lists.torproject.org/pipermail/tor-project/2018-June/001828.html 18 June: https://lists.torproject.org/pipermail/tor-project/2018-June/001835.html 25 June: https://lists.torproject.org/pipermail/tor-project/2018-July/001863.html 2 July: https://lists.torproject.org/pipermail/tor-project/2018-July/001866.html 9 July: https://lists.torproject.org/pipermail/tor-project/2018-July/001884.html 16 July: https://lists.torproject.org/pipermail/tor-project/2018-July/001888.html == Stuff to do every week = * Let's check and update the roadmap. What's done, and what's coming up? url to roadmap: https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Check reviewer assignments at https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Also, let's check for things we need update on our spreadsheet! Are there important documents we should link to? Things we should archive? * Check rotations at https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/TeamRot… * Community guides, it's time to hand off to the next guide! * Let's look at proposed tickets! [but see discussion] https://trac.torproject.org/projects/tor/query?status=accepted&status=assig… == Reminders == * Remember to "/me status: foo" at least once daily. * Remember that our current code reviews should be done by end-of-week. * Make sure you are in touch with everybody with whom you are doing work for the next releases ------------------------------- ---- 23 July 2018 ------------------------------- == Announcements == * This week is PETS; a bunch of us are away. * Sponsors 3 and Q are full up. Please don't bill more hours to them. * Privcount work is now sponsor V IIUC. == Discussion == komlo: Would someone who is attending PETS be able to do a session/shoutout for our research posts? https://blog.torproject.org/tors-open-research-topics-2018-edition and https://blog.torproject.org/how-do-effective-and-impactful-tor-research and == Updates == Nick: * Last week: * Worked on NSS: Made progress on RSA. Didn't finish. * Helped discuss 295 a little * Revised various tickets * Review, merge, etc * Prepared for PETS * CI rotation: Fixed a couple of bugs, and investigated open coverity issues. Found a solution template for the division-by-zero thing; wrote a proposed patch to change the behavior of BUG() under coverity. * This week: * At PETS. Mike: * Last week: * Wrapped up vanguards addon, wrote blog post, monitored it * Wrote research post * Helped Chelsea with a second research post based on her talk at Waterloo * Did some code review * This week: * Try to implement requested features of vanguards addon (bridge compatibility, excludenodes compatibility, deb pkgs) * Can anyone help me with deb packages + getting vanguards into our deb repo? * Update the two guards proposal. ahf (on vacation during the meeting): * Last week: - Vacation + at hope. * This week: - return from HOPE and get back to s8 tasks. teor (offline): last week: - prop#295 - improved relay crypto - reviewed proposal - https://lists.torproject.org/pipermail/tor-dev/2018-July/013331.html - tor-spec fixes related to the proposal (#26869) - tor-spec and cell padding (#26228, #26871) - Bwauth work - Bwauth code and spec reviews and fixes (#26740, #3723, #26851) - Try to validate sbws bandwidth measurements https://github.com/pastly/simple-bw-scanner/issues/182 - Let's make a debian package for sbws, even if it's not ideal (#26848) - CI - Tried to work out why Travis builds are leaving a coredump behind (#26787/#26788) - SKIP some failing tests on Windows (#26830, #26853) - Support tor on OS X 10.9, because that's what Tor Browser supports (#26876) - Other Ticket Reviews (#17873) this week: - I'm on coverity/CI duty this week - coverity appears up to date (thanks ahf, nickm) - I'll be watching CI to see if #26830, #26853, and #26787/#26788 work - Book Mexico travel - Work out timesheets - Fix and test an onion service ed25519 id mismatch bug (#26627) - Finish PrivCount in Tor blinding and secret sharing branch (#25669) - work out what to do about Rust i128 miscompilation if I get time: - Implement PrivCount in Tor noise (#26637) - Work out if I need to test C code from Rust (#26398) - Work on a per-relay / per-consensus / per-counter noise spec for PrivCount in Tor (part of #25153) - Reduce my other review and revision backlogs asn: Last week: - Was at HOPE. Talked to many people. Did all the things. - Helped Isa with the onion proposal. - Finalized #25552 branch. It's now merged. - Reviewed #26437, #26780, #26712. - Finalized and published vanguard blog post with Mike. - Found a few HSv3 bugs with David. This week: - Attend PETS. Give rump session talk about the latest research blog posts. - Move forward with things decided and discussed during HOPE. - Do some triaging of the HSv3 bugs found with David during HOPE. - Help Isa more with funding proposals? catalyst: last week (2018-W29): - bug triage rotation - reviewed #26787 (Travis CI unexpected corefile during distcheck) - reviewed #26485 (warn relay ops about weird version strings) - reviewed relay crypto prop#295 again - reviewed some of teor's spec changes relating to prop#295 - wrote more spec changes in response to finding existing spec ambiguities while reviewing prop#295 this week (2018-W30): - code reviews - more progress on prop#295 and large patches doc dmr last week - helped out a bit with various tor-spec tickets: #26870, #26228, #26871 [kinda], #26859, #26860 - filed an IP-address-not-scrubbed ticket: #26882 - debugged a bit for #26709 this week - actually post log for #26709 - follow up a bit more on spec tickets - probably a few more bookkeeping things

1 0

Damian's Status Report - July 2018
by Damian Johnson 27 Jul '18

27 Jul '18

Hi all, here's my status update for these last couple months. https://blog.atagar.com/july2018/

1 0

[TSoP 2018] Bandwidth scanner update - report #5
by juga 27 Jul '18

27 Jul '18

Hi, since the report #4, these has been the tasks i have worked on: - dir-spec: DirAuths should expose bwauth bandwidth files (#26694) - sbws: Warn when there is not enough disk space (#26937) - Create Debian package for sbws (#26848) - Create Debian ITP bug - Binaries should have manual pages (man) (#26926) - sbws should allow a configuration file argument (#26862) - ask to upload sbws releases in dist.torproject.org (#26849) - Ask to upload sbws Debian package in deb.torproject.org (#26906) - Ask about using "tor-" namespace - Stop requiring to change the sbws version in more than one place (#26736) - cleanup old v3bw files (#26701) - Don't require sbws tests to set log level, refactor tests configuration (#26644) - Add possibility to log to system log (#26683) - Make sbws generate bandwidth files atomically, and document (#26740) - Check that the scaling is working: check how sbws results compare to itself when scaling and not scaling [0] - Initial Makefile to include sbws in OpenBSD ports The next weeks i plan to work on: - Check that the scaling is working [0] - Run sbws and Torflow from same box and do more graphs about results - maybe refactor code to have the possibility to generate bw results without rtt - maybe refactor code to easier generating (csv) files to compare in graphs - maybe refactor graphs code to easier generating them with several files - Debian package: - include autopkgtest - get it reviewed - get it uploaded to deb.torproject.org or/and Debian archive - Fix any critical sbws that we might find Maybe out of SoP time in case no remaining time during it: - continue with Relays should regularly do a larger bandwidth self-test (#22453) - implement DirAuths should expose bwauth bandwidth files (#21377) Best, juga [0] https://github.com/pastly/simple-bw-scanner/issues/182

1 0

Notes from July 26 2018 Vegas team meeting
by Karsten Loesing 27 Jul '18

27 Jul '18

Notes for July 26 2018 meeting: Georg: 1) Shari: Gentle ping for the bug bounty contract expiration date :) [Sorry for the delay! August 31, 2018 is the expiration date.-Shari][GeKo: Thanks!] 2) Do we have a vacation calendar somewhere, at least for vegas-team folks? Should we? (It would be useful for me at least :) ) AM: +1 on usefulness; [we don't have one yet as far as I know-Shari] 3) Tor Browser alpha preparations (both desktop and mobile) Alison: 1) HOPE happened and it was a great success! Lots of people stopped by our table, the talk went really well, we got great questions and no trolling, and we demonstrated great community engagement by joining with other orgs and individuals to stand up to the trolls. :) Lots of great ideas for future conferences. The panel discussion model seems to work really well, especially if we have multiple teams/projects represented. Honestly we could have made it into just an AMA, kinda how EFF does. [I think having the quick presentation was helpful so everyone was on the same page. a couple ppl even used the word "onionize" in their questions after hearing it. maybe it is also why the questions were so good, direct. -Steph] 2) Colin reports that the PETS relay operator meetup went really well! More than 50 people attended and then lots of them hung out after. He's already gotten a lot of folks telling him they want to run new relays, plus there are more people getting in touch about that after HOPE. Community engagement really works, yay. [This is amazing news!-Shari] 3) Very busy with Library Freedom Institute this week and next as we prepare for our in-person meetup on August 3-5. 4) Gus and I are working on documentation for Tor Browser 8.0 (support portal articles and TB Manual updates to start, then training slides). After we finish this we'll work on TB Android docs. 5) We have another Mexico City planners meeting on Monday. I will send out the agenda solicitation email after that. I also hope that we can get the open days blog post out sometime very soon. We're also connecting with community members in Mexico City. Mike: 1) Following up on blog posts, doing vanguards improvements based on feedback. Steph: 1) HOPE (presentation and booth) went well, and it was inspiring to see the community rally together. We got $1900 in donations and over 100 newsletter signups. Tommy got them into civi, and Sarah and I got a thank you note out to all who signed up. We are talking more about how to maximize our booth presence in the future. 2) Doing TBA copy 3) Leading a media training workshop for LFI next weekend 4) Still to do: blog catchup, TPO copy Sarah: 1) Working with Jon and Tommy to understand and optimize procedures around gift entry, acknowledgment, monthly giving follow-up 2) Putting together revisions for the Donate pages on the website for Giant Rabbit 3) beginning to network to fill the open Grant Writer position 4) Starting to plan for a monthly giving solicitation campaign 5) Reviewing current major donors and starting to build a strategy to reach out and build relationships Karsten: 1) Published a new Reproducible Metrics page ( https://metrics.torproject.org/reproducible-metrics.html ) which is still a work in progress, but which is a big step towards completing our Sponsor 13 deliverable 2. Remaining steps are to get it reviewed some more and then link it from all over Tor Metrics. 2) Made progress with adding our first graph based on OONI data. Coming soon. 3) Started making some improvements to the Onionoo API to allow more powerful queries. 4) Removed one of the remaining road blocks preventing us from integrating ExoneraTor more smoothly into Tor Metrics. Shari: 1) Working on funding proposal to OSC, new group which seems to get its funding from USAID, SIDA, and Bill and Melinda Gates Foundation. 2) Selected recipients of next Shuttleworth Fellowships. Fun to be part of that process! 3) Spoke with staffer for US Select Committee on Intelligence about our funding. 4) Finished up job description for new sysadmin position and pushed to get it posted. 5) Handled/handling a few personnel things. Arturo: 1) We kicked off our UX research for the new OONI Probe mobile apps. We created a survey which we circulated on social media, mailing lists, and via push notifications. See: https://ooni.torproject.org/post/ooniprobe-ux-survey-and-interviews/. We have also started interviewing community members, and conducted 4 interviews this week. 2) Progress on OONI Probe desktop apps 3) Made some progress on reviewing tor_api.h. See: https://trac.torproject.org/projects/tor/ticket/25510#comment:7 & https://trac.torproject.org/projects/tor/ticket/26948 & https://trac.torproject.org/projects/tor/ticket/26947 & https://trac.torproject.org/projects/tor/ticket/23846. 4) Briar's Torsten mapped the blocking of Tor worldwide based on OONI data: https://grobox.de/tor 5) Maria presented OONI in Kiev and facilitated a UX workshop (2 weekends ago) 6) The OONI team be taking the second of the two tor meeting open days off, to recuperate before our internal meeting happening the days after. If there are open day things we should be part of, let's be sure to put them on the first of the two days.

1 0

Job Opening - Senior Systems Administrator
by Erin Wyatt 25 Jul '18

25 Jul '18

Hello Everyone, We are happy to announce a new opening with The Tor Project - the paid, employee position of Senior Systems Administrator! We've been growing, and we've added more systems to do our day-to-day work, so it makes sense to have a full-time person to set things up and keep them running. Job description pasted below, attached as PDF, and will soon be on our website at https://www.torproject.org/about/jobs.html.en In more than any other area, the Tor Project has depended on the work of volunteers to keep our systems running and maintained to the highest security standards. We cannot thank our dedicated team of volunteers enough for their years of service and for making it look so easy — it's incredible how effective they've been at this thankless job. Thank you all! Please help us get the word out about this position. As stated in the job description, this person "must be or become strongly trusted by our community." If you are or know someone who would be good for this job, please apply or share the job description! Thank you all! Sincerely, Erin Wyatt HR Manager ewyatt(a)torproject.org GPG Fingerprint: 35E7 2A9F 6655 45F9 2CB6 6624 BA0C 9400 F80F 91CE -----------------------8<-----------------------8<-----------------------8<----------------------- Internet Freedom Nonprofit Seeks Senior Systems Administrator July 25, 2018 The Tor Project, Inc., a 501(c)(3) nonprofit organization advancing human rights and freedoms by creating and deploying free and open source anonymity and privacy technologies, is seeking a Senior Systems Administrator to maintain, upgrade and manage our organization’s software, hardware, and networks. The goal of the Tor Project’s sysadmin will be to ensure that our technology infrastructure runs securely, smoothly, and efficiently and that Tor Project employees, contractors, and volunteers have the knowledge and resources to do their work. The ideal candidate is resourceful, creative, and able to diagnose and resolve problems quickly. Our sysadmin must have the patience to communicate with a variety of interdisciplinary teams and users, including some who are not technical and others who are extremely technical. The sysadmin will set and guide the strategy for all of our internal technology infrastructure with the participation and assistance of our open source community. This job requires a jack-of-all-trades, and every day is likely to present new and different challenges. The ideal candidate will have at least five years of experience running open source systems. This is a senior level position that reports directly to the Executive Director and is part of the organization’s leadership team. This person will manage one direct report, our Junior Services Administrator. This will be the organization’s first paid sysadmin, and a willingness to work with our highly effective, long-term volunteer sysadmins is essential. Responsibilities: • Install and configure software and hardware • Manage network servers and technology tools • Set up accounts and workstations • Monitor performance and maintain systems according to requirements Must have experience monitoring infrastructure for downtime and compromise • Troubleshoot issues and outages • Ensure security through access controls, backups and firewalls Must understand the security implications of configuration choices • Upgrade systems with new releases and models Must have experience keeping many systems well-patched • Administrate infrastructure, including firewalls, databases, malware protection software and other processes • Assist our staff in selection of new technologies • Develop expertise to train our staff on new technologies • Provide technical support for both hardware and software issues our staff encounter • Build an internal wiki with technical documentation, manuals and IT policies • Supervise the Junior Services Administrator Requirements: • Proven experience as a System Administrator, Network Administrator or similar role • Experience with databases, networks (LAN, WAN) and patch management • Experience with automation tools that scale (e.g., puppet) • Knowledge of system security (e.g., intrusion detection systems) and data backup/recovery • Ability to create scripts in Python, Perl or other language • Familiarity with various operating systems and platforms • Experience helping users think through how best to achieve their tasks (ie, the right combination of sustainable, safe, easy to deploy and use, does what they want) • Great intuition about what service and config choices will keep things from going out of control • Must be or become strongly trusted by our community • Resourcefulness and problem-solving aptitude • Excellent communication skills The Tor Project's workforce is smart and committed. Experience working with open source communities is required. Dedication to Internet freedom is an added plus. The Tor Project currently has a paid staff of around 40 developers and operational support staff, plus many thousands of volunteers who contribute to our work. The ideal candidate will be energetic, unflappable and flexible, and will thrive in a highly-technical collaborative environment. This is a full-time, hands-on position, which can be done remotely or in our office in Seattle, WA. Flexible salary, depending on experience. The Tor Project has a competitive benefits package, including a generous PTO policy; 14 paid holidays per year (including the week between Christmas and New Year's, when the office is closed); health, vision, dental, disability, and life insurance paid in full for employee; flexible work schedule; and occasional travel opportunities. To apply, send your resume to hr at torproject dot org with the subject "Systems Administrator." Include a cover letter that tells us why you think you're the right person for this job. No phone calls please! The Tor Project, Inc., is an equal opportunity, affirmative action employer.

1 0

Use of "tor" as part of the name for sbws Debian package
by juga 25 Jul '18

25 Jul '18

Hi, we're going to package sbws [0] for Debian. We would like to provide the package in deb.torproject.org and probably also in the official Debian archive. teor, irl [1] and others [2] proposed to used the "tor-" namespace for the sbws package. Ulrike pointed out [2] that software using "tor-" in their name needs to be acknowledged by the Tor Project [3]. So, would it be fine to call the sbws Debian package something like "tor-sbws"?. Thanks, juga. [0] https://gitweb.torproject.org/sbws.git/ [1] https://trac.torproject.org/projects/tor/ticket/26848#comment:19 [2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903977 [3] https://www.torproject.org/docs/trademark-faq.html

6 8

[TSoP] stem.client - status report #5
by Dave Rolek 25 Jul '18

25 Jul '18

Hi everyone! This is my fifth status report for the stem.client TSoP project [1]. You may see my previous reports on the tor-project ml. [2][3][4][5] This report is a few days late. # Updates It's been roughly a week and a half since my last update. I've focused on some loose ends over this time. I've found it's bad if I let things sit in a partial state too long, so I wanted to push a few things forward. ## stem.client Nothing directly on the stem.client codebase. Oi. ## tor-spec Having been pretty deep in the spec, I've been noting a number of things to address. When tor-spec was being discussed on #tor-dev, I contributed some to the conversation and resultant tickets. The discussion spawned the following tickets, which I filed: * #26859 - improve contextual description of EXTEND->CREATE / CREATED->EXTENDED handling and payloads [6] * #26860 - decryption order appears to be wrongly specified [7] I also took #26228, which I previously filed, and split it into smaller parts, to move forward: * #26228 - Clarify/determine specification for padding bytes, (formerly also PADDING cell) [8] * #26870 - clarify inconsistency for [V]PADDING/DROP cell content vs. padding bytes [9] In a bit of relation, another part discussed in #26228 - randomized padding - made it into a ticket thanks to teor and prop#289 review: * #26871 - prop289: randomize the unused part of relay payloads [10] I submitted a PR for #26860 and another for #26228. #26859 and #26860 were addressed together; now merged. [11] #26228, #26870, and #26871 are also being addressed together, the others mostly by teor; current status is a PR. [12] ## stem, general I filed/implemented a few tox-related tickets to make development/testing easier: * #26811 - tox fails with pip 10 [13] * #26916 - Make tox config more useful/friendly for running multiple interpreters/versions [14] * #26822 - Investigate relying on tox's default install capabilities | instead of an explicit command [15] +- better tox stuff of #26811, filed only ## tor, general I ran into a few tor bugs during the past few weeks: * #26709 - Onion V3 addresses not always working [16] +- I reproduced this (or something similar) and have a log that I will post this week * #26882 - ~one case of IP address not scrubbed in logs~ [17] +- filed (noticed in scrubbing a log manually) I ran into an exit that seems to be undergoing general censorship in the area (tpo unreachable). Will be emailing bad-relays(a)torproject.org with the details. (Thanks teor!) # other bookkeeping A few other general cleanup things: * closed out #26197 - GitHub mirroring for stem [18] * closed out stem's GitHub PRs #1-#4 [19] * various other Trac triage/bookkeeping, e.g. ... - making the current status of #24321 clear in the ticket [20] - closing out #26852 [21] * (probably other stuff) # What's next There's a bit more cleanup I want to do, but I recognized this update has been proportionally much more of that than I had intended. So next I plan to focus as much as possible on stem.client. ## stem.client 1. refactor: Relay cell encryption/decryption/processing 2. centralize ORPort reads/sends (demux/mux) at connection level 3. implement required RelayCell subclasses (e.g. parsing of decrypted body) ## tor-spec File tickets to track spec improvements resulting from TSoP experience. (These are bookkeeping / awareness tickets for my WIP changes.) ## tor, general Post log for #26709. [15] Email about potentially censored exit. ## other File a GitHub mirroring ticket for nyx. A bit of TSoP administrativia. # Other Tor things Multiple in-person chats. Seems to be a decently consistent interest in Tor. :) # Closing I'm proactively reading a *bit* of IRC scrollback again now, but please still mention my nick (dmr) if you want to get my attention! As with before, please don't hesitate to reach out to me via IRC or email! Thanks, Dave [1] https://lists.torproject.org/pipermail/tor-dev/2018-April/013090.html [2] https://lists.torproject.org/pipermail/tor-project/2018-May/001811.html [3] https://lists.torproject.org/pipermail/tor-project/2018-June/001830.html [4] https://lists.torproject.org/pipermail/tor-project/2018-June/001858.html [5] https://lists.torproject.org/pipermail/tor-project/2018-July/001886.html [6] https://trac.torproject.org/projects/tor/ticket/26859 [7] https://trac.torproject.org/projects/tor/ticket/26860 [8] https://trac.torproject.org/projects/tor/ticket/26228 [9] https://trac.torproject.org/projects/tor/ticket/26870 [10] https://trac.torproject.org/projects/tor/ticket/26871 [11] https://gitweb.torproject.org/torspec.git/log/tor-spec.txt?id=b592584b6ae33… [12] https://github.com/torproject/torspec/pull/28 [13] https://trac.torproject.org/projects/tor/ticket/26811 [14] https://trac.torproject.org/projects/tor/ticket/26916 [15] https://trac.torproject.org/projects/tor/ticket/26822 [16] https://trac.torproject.org/projects/tor/ticket/26709 [17] https://trac.torproject.org/projects/tor/ticket/26882 [18] https://trac.torproject.org/projects/tor/ticket/26197 [19] https://github.com/torproject/stem/pulls?q=is%3Aclosed [20] https://trac.torproject.org/projects/tor/ticket/24321 [21] https://trac.torproject.org/projects/tor/ticket/26852

1 0

Tor Browser team meeting notes, 23 July 2018
by Georg Koppen 24 Jul '18

24 Jul '18

Hello! Below are the notes from our latest Tor Browser meeting. As usual the IRC log can be found at meetbot.debian.org: http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-07-23-17.59.log… The notes from our pad are: Tor Browser Meeting Notes Monday July 23, 2018 Discussion: -I [tjr] read through the Hacking document. Had a few observations: "For historical reasons, Tor Browser tickets are spread across several Trac components: "Tor bundles/installation", "TorBrowserButton", "Firefox Patch Issues", and "Tor Launcher". We are considering consolidating many of these components and switching to keywords instead, but that hasn't happened yet." I don't think this is still true? https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Hacking#Howweu… Maybe we could move Orfox/Orbot to another page? [GeKo: I'll open a ticket for restructuring the Hacking document] when a new nightly build is available on https://people.torproject.org/~linus/builds/. <- I don't think this is active anymore? [boklm: ah yes, this part of the page (about QA and Testing) needs some updates][GeKo: I'll open a ticket for this item] -How do we want to use Github (if at all)? [GeKo: I'll think a bit more about it and then wil write a mail later this week as reply to Isa getting the discussion started on the mailing list taking into account what we discussed during the meeting] -Moving away from storm to some etherpad for meeting notes? [GeKo: We'll decide that next week when Arthur is back] - Sandboxing meeting: what should we prepare? Any agenda? (Did I miss it?) mcs and brade: Last week: - Finished reviewing undocumented bugs since FF52esr for #22074. - Debugged and created a workaround for #26514 (intermittent updater failures on Win64 (Error 19)). - Tried to test Snowflake on macOS 10.9 for #26251 (Adapt macOS snowflake compilation). - Got sidelined due to #26876 (tor.real fails to start on macOS 10.9). - Helped with triage of incoming tickets. - Reviewed a couple of patches: - #26603 (remove obsolete HTTP pipelining prefs) - #26353 (First request goes over catch-all circuit) This week: - Prepare for and attend sandboxing futures meeting. - Start on #25695: Activity 5.1: Redesign Tor Browser homepage ("about:tor") - Review our notes from #22074 (undocumented bugs since FF52esr) and file additional tickets if necessary. - Get back to #26381 (about:tor page does not load on first start in localized Windows bundle) - After the Tor Browser nightly builds include the network team's fix for #26876, do some testing for #26251 (Adapt macOS snowflake compilation to new toolchain). pospeselr: Moving house tomorrow and Tuesday so won't be in the meeting Won't have internet installed until *sometime* on Wednesday Last week: - Portland - #26540 patch works now (pdfjs range-based request first party isolation) - failed to reproduce windows DNS leak we got email'd about - fixed up #26456 patch and ran automated try server tests to verify changes don't break anything (haven't had a chance to look at results yet) This Week: - moving - #21785 (storage api) - #tbbfingerprinting boklm: Note: currently traveling to PETS so I will be missing second half of the meeting (after 18:30 UTC) Last week: - vacation This week: - finish dealing with backlog - attending PETS - can help with building a new alpha if we want to do one this week [GeKo: Not this week, but hopefully next week] - fill binutils ticket tjr - More #26476 work. I have reduced even more differences between the two toolchains, still crashes. - Confirmed that the TC build runs though: https://treeherder.mozilla.org/#/jobs?repo=try&revision=9a1a8cc2c8224e38c0b… - Confusingly though, if I remove --disable-maintenance-service I get a NSS build error.... If nothing else gives me a result I guess I'll dig into that more - I'm getting pushback on landing required NSS patches into -esr60... so I am delaying pushing back on that until I have more ducks in a row regarding tests running [GeKo: What are we talking about here? And what would be the impact if we don't get those patches landed? I wonder if we could cope with that and maybe it would be more useful to focus on getting nightlies with mingw-w64 running again?] [tjr: The impact would be that we can't get the gcc or clang MinGW builds running in ESR branch. I have been focusing on that rather than mingw-clang on -central.] [GeKo: Well, RyanVM told me a while ago, that tests for mingw-w64 are running (to catch regressions due to security bugfixes etc. so, I was under the impression that there are things running on ESR60 for us, even it is not exactly what we ship, hence my question][tjr: esr60 is running the x86 build only. I forgot about that. These NSS patches are holding up the x64 build and tests (assuming I can the damn tests fixed for whatever else is breaking them).] [GeKo: Okay, the plan here is to let the 32bit esr60 on Mozilla's infrastructure and the manual 64bit testing before release be enough and focus on mozilla-central again instead] - But that is going slowly/hard to allocate time for - This is holding up landing the build jobs for x64 or mingw-clang - I don't think the mingw-clang build (with stylo) is as stable as Jacek thinks it is [GeKo: Why not? Any bug reports/pointers?][tjr: I don't know anything more than "I tried to run it and it didn't always start for me, or stay running. Haven't investigated, or compared with/without stylo or asked Jacek.] - A few other outstanding issues for MinGW: - jemalloc on mingw-gcc (This is a shame, because it means Tor Browser will be lacking exploit mitigations) - mingw-clang sandbox sysrqb: Last week: Received good feedback on TBA/Orfox rebased patches (26401) and worked on revisions Attended HOPE Spoke at HOPE Contributed to joint statement against white nationalists/fascists at HOPE and in our spaces Talked with some people about sandboxing Tor Browser This week: Finish 26401 Read Isa's sponsor 8 mail and respond Sandboxing meeting tomorrow at 15:00 UTC Review igt0's torbutton modification for mobile sisbell: Last Week: Android toolchain + licenses working in RBM Worked on getting arm target working on Rust (nearly complete) This week: Complete arm target on rust Working browser on Android Create branch for public review Cleanup build changes GeKo: Last week: -coped with my backlog -bunch of reviews (most importantly, and most time-consuming the one for #26401; then #26590, #26795, #26477, #26569, #26216, #9145, #25485) -worked further on #26475 (there might be light on the end of the tunnel due to alex's last comment given that I can already feel glandium's "this-drives-me-crazy" mentioned in https://github.com/rust-lang/rust/issues/52044. Thus the bug has to be the same. :) ) -helped with Sponsor8 reporting (sysrqb, igt0: please add items I forgot, see tbb-dev mail) [sysrqb: yes!] -worked a bit on #26628 (backporting an Origin Attributes bug that could lead to browser crashes) -looked a bit a proxy bypasses on mobile and resumed network code review (#22176) -looked over remaining UX issues for both mobile and desktop alphas This week: -finally tracking down #26475 and hopefully finding a fix for it -more reviews -more network code review (#22176) -I need someone looking at #26874 (pospeselr can you do that?) and I need someone working on the onboarding part (#25695) (mcs/brade could you do that); sysrqb, igt0: who has #25696 on his plate? [sysrqb: I can put it on my plate, unless igt0 wants it] [igt0: either way is fine] -PSA: I have to be AFK from 8/2-8/12, alas (this is one of the things I could not postpone as the planning for it where already done before Mozilla moved the ESR release, I am sorry for that) igt0: Last week: - Tried to make the preferences.xul work on mobile, started to migrate the code to xhtml (#26884) - Investigated how the onboarding works on android and reviewed #25696 (Design of alpha onboarding for Tor Browser for Android) - Investigated about MAR on android. (Firefox team never used it) This Week: - Finish #26884 - Review again #26401 sukhe: Last Week: - I continue with #26476 (crash on Windows) with tjr, #12968 (HEASLR). - I have given up on up #26251 (Snowflake) again. I am going to wait for the mingw-w64/clang builds perhaps. - Worked on #25485; waiting for more discussion to finalize This Week: - Continue the above tickets unless something comes up. Georg

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

tor-project July 2018