Author: atagar Date: 2011-03-25 15:53:52 +0000 (Fri, 25 Mar 2011) New Revision: 24437
Added: website/trunk/about/gsocProposal/ website/trunk/about/gsocProposal/gsoc10-proposal-soat.txt Modified: website/trunk/about/en/gsoc.wml Log: Adding example proposals for GSoC.
Modified: website/trunk/about/en/gsoc.wml =================================================================== --- website/trunk/about/en/gsoc.wml 2011-03-25 15:06:02 UTC (rev 24436) +++ website/trunk/about/en/gsoc.wml 2011-03-25 15:53:52 UTC (rev 24437) @@ -197,6 +197,22 @@ students. So if you haven't filled up your summer plans yet, please consider spending some time working with us to make Tor better! </p> + + <h2><a class="anchor" href="#Template">Application Examples</a></h2> + + <p> + Below are examples of some GSoC applications from previous years we liked. + The best applications tend to go through several iterations so you're + highly encouraged to send drafts early. + </p> + + <ul> + <li><h4><a href="http://tor.spanning-tree.org/proposal.html">DNSEL Rewrite</a> by Harry Bock</h4></li> + <li><h4><a href="http://kjb.homeunix.com/wp-content/uploads/2010/05/KevinBerry-GSoC2010-TorProposal.html">Extending Tor Network Metrics</a> by Kevin Berry</h4></li> + <li><h4><a href="../about/gsocProposal/gsoc10-proposal-soat.txt">SOAT Expansion</a> by John Schanck</h4></li> + <li><h4><a href="http://www.atagar.com/misc/gsocBlog09/">Website Pootle Translation</a> by Damian Johnson</h4></li> + </ul> + </div> <!-- END MAINCOL --> <div id = "sidecol">
Added: website/trunk/about/gsocProposal/gsoc10-proposal-soat.txt =================================================================== --- website/trunk/about/gsocProposal/gsoc10-proposal-soat.txt (rev 0) +++ website/trunk/about/gsocProposal/gsoc10-proposal-soat.txt 2011-03-25 15:53:52 UTC (rev 24437) @@ -0,0 +1,164 @@ +1. What project would you like to work on? Use our ideas lists as a starting +point or make up your own idea. Your proposal should include high-level +descriptions of what you're going to do, with more details about the parts you +expect to be tricky. Your proposal should also try to break down the project +into tasks of a fairly fine granularity, and convince us you have a plan for +finishing it. + +The Snakes on a Tor exit scanner has the potential to dramatically improve the +safety of Tor users by ferreting out misconfigured and malicious exit nodes. +At present it suffers from certain stability issues which prevent it from being +run for long periods of time, and from an overabundance of false positives in +the results it generates. While I would ideally like to work on designing new +routines for detecting subtle content modifications and for better handling +dynamic content -- the issues of stability and false positives need to be +addressed first. I've begun looking at the SoaT source code and running some +preliminary experiments, identifying several small stability issues. In the +coming weeks I'll begin to collect a body of false positives which I'll study +and design new filters around. The most difficult part of this project may be +determining what actual positive results look like, and developing a threat +model that predicts the kinds of modifications which malicious exit nodes are +likely to make. I'm sure this question has been addressed by members of the Tor +community, so much of my early work this summer will involve talking to +community members to better understand the kinds of malicious exit nodes which +have been seen in the past, and determining how well the current SoaT +implementation performs against these known attacks. + +Timeline: + April 26 - May 24: + + * Start to get an idea of what the threat model looks like, continue + performing stability tests and gathering a diverse collection of results + to study. + + May 24 - June 17: + + * Throw everything I can at SoaT - make it crash and fix the bugs. + * Keep collecting data! + + June 17 - July 17: + + * In depth analysis of false positives. Use both false positives and real + modifications (or modifications generated by myself which emulate the + types of things predicted by the threat model) to develop a data set that + SoaT's filters can be evaluated against offline. + + * Use the data set to improve existing filters and create new ones. + + July 17 - August 2: + Here the timeline splits depending on progress thus far. + Case 1 - There are still too many false positives: + + * Keep developing new filters and tuning old ones. + + Case 2 - False positives have been reduced to an acceptable level: + + * Get SoaT running full time on a dedicated machine. Improve reporting so + that SoaT can communicate its suspicions to the Tor team. + * Start drafting plans for improving the system. + + August 2 - 16: + + * Perform an extensive test of the system and write up a report of where it + * does well and what can be improved. + + +2. Point us to a code sample: something good and clean to demonstrate that you +know what you're doing, ideally from an existing project. + +I'm one of the two lead developers for the Anomos project, the code for which +can be browsed here [https://git.anomos.info/?p=anomos.git;a=summary]. + +Anomos is in Python, and I handle almost all of the network code (which makes +extensive use of SSL), so this project is particularly representative of where +my skill set intersects with that needed to work on SoaT. + + +3. Why do you want to work with The Tor Project / EFF in particular? + +I think Tor is one of the most important free software projects in development +today - I'm very interested in the political issues surrounding access to +information, and have been an EFF member for several years now. Tor has also +been the primary inspiration for my work on Anomos. What particularly attracts +me about Tor is the sustained emphasis its developers have placed on making it +a platform for research. This emphasis has attracted a large community of +skilled anonymity researchers with whom I would be honored to work with and +learn from as I continue my study of anonymity and begin to conduct my own +research. + + +4. Tell us about your experiences in free software development environments. We +especially want to hear examples of how you have collaborated with others +rather than just working on a project by yourself. + +I develop all of my own software under free licenses and make an effort to work +in groups as often as possible. Anomos, the largest project I've worked on, +would not have been possible in a non-free environment. It has received +tremendous support from the community in terms of development, debugging, +translation, documentation, and testing - the project simply would not have +been possible without support from the free software community. I run free +software on all of my computers, and make an active effort to report or patch +bugs whenever possible. + + +5. Will you be working full-time on the project for the summer, or will you +have other commitments too (a second job, classes, etc)? If you won't be +available full-time, please explain, and list timing if you know them for other +major deadlines (e.g. exams). Having other activities isn't a deal-breaker, but +we don't want to be surprised. + +I will be available full-time to work on Tor. I plan on attending a couple +conferences and spending a lot of time outdoors, but that won't take me away +from my work for more than a few days. + + +6. Will your project need more work and/or maintenance after the summer ends? +What are the chances you will stick around and help out with that and other +related projects? + +My project will almost certainly be completed during the summer. That said, +I'm very likely to remain active with the Tor project after the summer. I'm +currently planning on conducting anonymity research as a large part of my +undergraduate thesis work and would love for that work to involve Tor. + + +7. What is your ideal approach to keeping everybody informed of your progress, +problems, and questions over the course of the project? Said another way, how +much of a "manager" will you need your mentor to be? + +Especially when it comes to a project I'm really interested in - I'm extremely +self motivated and require very little management. I generally check in with a +project manager once per week unless a problem or question arises. I make +extensive use of version control software, commit frequently, and keep my work +in a publicly accessible repositories, so my mentor will be able to monitor my +progress at their leisure. I'm also happy to blog or otherwise communicate my +progress on a regular basis to the project community. + + +8. What school are you attending? What year are you, and what's your +major/degree/focus? If you're part of a research group, which one? + +I'm in my third year at Hampshire College studying computer science with a +focus on distributed and peer-to-peer systems. I occasionally work at the +University of Massachusetts, Amherst conducting BitTorrent research under Arun +Venkataramani. + + +9. How can we contact you to ask you further questions? Google doesn't share +your contact details with us automatically, so you should include that in your +application. In addition, what's your IRC nickname? Interacting with us on IRC +will help us get to know you, and help you get to know our community. + + You can email me: john@anomos.info + GPG Key ID: 0xA1D39D09 + GPG Fingerprint: 7131 3E78 7500 3BB2 FCDD FA97 91ED 834D A1D3 9D09 + Instant message me via XMPP: john@anomos.info + Or talk to me on IRC: susurrusus on OFTC (I idle in #tor) + + +10. Is there anything else we should know that will make us like your project +more? + +The project I've proposed here is just a starting point - I think I have a lot +to bring to the Tor project and that this summer will just be the start of a +lasting academic relationship with the community.