- tor-project - lists.torproject.org

Two new open jobs at Tor Project!
by Erin Wyatt 31 Jan '19

31 Jan '19

Hey everyone! We have two new open positions. Please help us spread the word! + Browser Developer https://www.torproject.org/about/jobs-browserdeveloper.html.en + Backend Engineer for OONI https://www.torproject.org/about/jobs-backenddeveloper.html.en Both job descriptions are attached in PDF and plain text format, and both are pasted below. Please share, forward, tweet, etc! Thank you! Have a great weekend. Cheers, Erin Wyatt Director of People and Office Operations ewyatt(a)torproject.org PGP: 35E7 2A9F 6655 45F9 2CB6 6624 BA0C 9400 F80F 91CE ———————————>8———————————>8———————————>8 Internet Freedom Nonprofit Seeks Backend Engineer for OONI The Tor Project, Inc. is looking for a dedicated backend engineer to work on OONI (https://ooni.torproject.org/) OONI is the Open Observatory of Network Interference: a free and open source software, global observation network for detecting censorship, surveillance, and traffic manipulation on the internet. You will be working to improve OONI’s data processing pipeline and other backend components responsible for recording measurements collected from our growing global user network. You will also be tasked with improving our network measurement methodologies and data analysis heuristics to increase the accuracy of our experiments. This is a full-time 12-month contract position, starting ASAP (no later than mid-May 2019); contract may be extended. The OONI team is based in Europe. However, this position may be performed remotely. Here are some of our code repositories: https://github.com/ooni/api https://github.com/ooni/pipeline https://github.com/ooni/orchestra https://github.com/ooni/collector https://github.com/ooni/sysadmin Required skills and qualifications: - Extensive experience in python or golang. - Comfortable working remotely. - Self-directed, self-disciplined, but good at working and communicating with a team. - Have experience and be comfortable with others reviewing your code and design; have experience and be comfortable reviewing others’ code. - Experience documenting and designing protocols. - Be comfortable with transparency! Preferred qualifications: - Experience designing, implementing, and maintaining scalable complex network applications. - Working experience with data processing pipelines. - Possess the confidence to refactor code and write unit-tests. - Familiarity with the challenges of developing and scaling data processing pipelines. - Familiarity with the network measurement field. - Experience with open-source software development, including working with distributed teams across different time-zones containing employees and volunteers of differing skill levels. - Basic familiarity with distributed version control systems. - Contributed significant chunks of code to multiple open-source projects in the past. - Be passionate about internet freedom and interested in contributing to it in a concrete way! Other notes: Academic degrees are great but not required if you have the right experience. You should be very good at working remotely at communicating with the team on a daily basis via Slack, IRC, instant messaging, email, and issue trackers. Salary negotiable. How to apply: Please email a *PDF* of your resume/CV, and a cover letter explaining how your qualifications and experience meet the requirements of this job description. Please include the reasons why you want to work on OONI. Please also include link to one or several code samples (of which you are authorized to share), and also your GitHub or GitLab profile, and three professional references. Email should be sent to jobs at openobservatory dot org with "OONI Backend Engineer" in the subject line. About the project: The Open Observatory of Network Interference (OONI) is a free software project under the Tor Project. OONI collects and processes network measurements with the aim of detecting network interferences, such as censorship, surveillance, and traffic manipulation. Since late 2012, OONI has collected millions of measurements across more than 90 countries around the world. The Tor Project, Inc., is a 501(c)(3) non-profit organization that provides the technical infrastructure for privacy protection over the Internet. With paid staff and contractors of around 30 technologists and operational support people, plus many volunteers all over the world who contribute to our work, the Tor Project is funded in part by government grants and contracts, as well as by individual, foundation, and corporate donations. We only write free and open source software, and we don't believe in software patents. The Tor Project, Inc., is an equal opportunity, affirmative action employer. ———————————>8———————————>8———————————>8 The Tor Project is looking for a Browser Developer (C++ and Javascript) As a browser developer, your job would be to work closely with other members of the Tor Browser development team on C++ patches to our Firefox-based browser, writing new APIs, altering functionality for privacy and security, and making improvements to our collection of Firefox add-ons (JavaScript code). Being a Tor Browser developer includes triaging, diagnosing, and fixing bugs; looking for and resolving web privacy issues; responding on short notice to urgent security issues; and working collaboratively with coworkers and volunteers to implement new features and web behavior changes. We also need help making our code more maintainable, testable, and mergeable by upstream. The person in this position will also review other people's code, designs, and academic research papers to make suggestions for improvement. This is a full-time position. Required Qualifications: - Experience in C++ (and ideally, JavaScript). Five years of C++ experience is probably necessary for the level of expertise we want, though some of these years can be replaced with other Object Oriented Programming and/or C experience. If you meet this level of experience with C++/OOP, JavaScript can be learned on the job. - Possess a solid understanding of issues surrounding secure C++ programming and reference counted memory (at least to the level of avoiding issues). - Be comfortable diving into new, unfamiliar codebases, looking for ways to alter and augment their functionality in specific, goal-oriented ways. - Be familiar with web technologies and how the web works, especially the same-origin model and web tracking. - Willingness and ability to justify and document technical decisions for a public, world-wide technical audience. - Be comfortable working remotely with a geographically distributed team. - Experience interacting with users and other developers online, including experience being confronted with differing ideas and opinions (not always in a nice manner), while maintaining a high level of professionalism. - Comfort with transparency: as a non-profit organization who develops open source software, almost everything we do is public, including your name (or at least your business name) and possibly salary information. Preferred qualifications: - Familiarity and/or experience with writing add-ons and/or patches for Mozilla Firefox or other web browsers. - Familiarity with compiling software for the Android platform. - Familiarity with browser fingerprinting defenses - Familiarity with Firefox's internal architecture, including its use of multiple processes and sandboxing. - Be intensely creative yet also ruthlessly pragmatic in your thinking. - Possess knowledge/familiarity of probability, statistics, and information theory. - Know enough about networking to be able to visualize what HTTP 1.1 looks like on the wire while encapsulated within Tor's network protocol. - Experience working with distributed (remote) teams across different time-zones with people of differing skill levels over multiple mediums, including email, instant messaging, and IRC. - Open-source experience: contributed significant chunks of code to multiple open-source projects in the past. - Familiarity with distributed version control systems, including Git. - Familiarity with rust - Genuinely be excited about Tor and its values! - Willingness and ability to travel internationally to twice-yearly team meetings (strongly preferred). For a more detailed understanding of the full breadth and depth of the work you'd be doing, have a look at The Design and Implementation of the Tor Browser, especially The Design Requirements section at https://www.torproject.org/projects/torbrowser/design/#DesignRequirements. Academic degrees are great, but not required if you have the right experience! The team coordinates via IRC, email, and bug trackers. This position may be performed remotely, but we would be happy to provide a desk at our office in Seattle, Washington. Salary negotiable. We have a competitive benefits package, including a generous PTO policy; 14 paid holidays per year (US; including the week between Christmas and New Year's, when the office is closed); health, vision, dental, disability, and life insurance; flexible work schedule; and occasional travel opportunities. To apply: Please email a *PDF* of your resume/CV, and a cover letter explaining how your qualifications and experience meet the requirements of this job description. Please include the reasons why you want to work at Tor Project, and include links to code samples, if possible. Email should be sent to job-browser at torproject.org with "Browser Developer" in the subject line. Link to at least one of your code samples (ideally, more than one and all of which we will presume you are authorized to disclose). No phone calls, please! About the Organization: The Tor Project, Inc., is a 501(c)(3) non-profit organization that provides the technical infrastructure for privacy protection over the Internet. With paid staff and contractors of around 30 technologists and operational support people, plus many volunteers all over the world who contribute to our work, the Tor Project is funded in part by government grants and contracts, as well as by individual, foundation, and corporate donations. We only write free and open source software, and we don't believe in software patents. The Tor Project, Inc., is an equal opportunity, affirmative action employer.

1 0

Damian's Status Report - January 2019
by Damian Johnson 31 Jan '19

31 Jan '19

Hi lovely onion enthusiasts! Here's my status report for the Nyx and Stem fronts this last month... https://blog.atagar.com/january2019/

1 0

Tor Browser team meeting notes, 28 Jan 2019
by Georg Koppen 29 Jan '19

29 Jan '19

Hi, Yesterday we had our first weekly meeting adhering to the new meeting time and location. For those following along at home: from now on we ,meet 1830UTC on Mondays in #tor-meeting2, as the meeting time usually overlaps with the network team meeting in #tor-meeting. That said our IRC log got covered by MeetBot as usual and is available at: http://meetbot.debian.net/tor-meeting2/2019/tor-meeting2.2019-01-28-18.29.l… Meeting notes from the pad are below: Monday January 28, 2019 Discussion - planning for next mobile release (GeKo: We try to have TBA-a3 out by end of Feb, otherwise it's getting too close for the proposed 8.5 stable release date) mcs and brade: Last week: - Code reviews. - Revisited #28885 (notify users that update is downloading). - Worked on proposal for #28044 (Integrate Tor Launcher into tor-browser). - Experimented some more. - Draft proposal is nearly ready to share with the team. This week: - Publish draft proposal for #28044 (Integrate Tor Launcher into tor-browser). - Work on #29180 (MAR download stalls when about dialog is opened). - Revisit #28885 (notify users that update is downloading). GeKo: Last week: - release preparations - code reviews (#28885, #27828, #29097, #29143, #12885, #29178, #26858, #27531, #28705) - dealing with last minute release blockers (#29185, #29182, #29179) - wrote patch for #29187 - continued working on mingw-w64/clang toolchain and Firefox build (#28716 and #28238) - started to get back to emails (sorry, tjr, did not get to yours but they are on top of the stack now) - helped with various proposals and sponsor reports (nlnet, otf, sponsor8) - sysrqb: sisbell: see comment:14 https://bugzilla.mozilla.org/show_bug.cgi?id=1516642 (I am still thinking about what to reply, but we might want to do that outside of that particular bug anyway) - sysrqb: (okay, it's only bold here) ack. i wish following m-c was easier.VV - I got inspired over the weekend (and by the discussion on tbb-dev) and started to look at our updater security. I am in the process of going over the code and writing a state-of-the-tor browser-update document. It's a spare time project, so no big promises so far. Folks interested might enjoy the recent-ish audit of the firefox updater: https://bugzilla.mozilla.org/attachment.cgi?id=8985197 mcs: where is the tbb-dev discussion? I missed it somehow. (GeKo: I meant https://lists.torproject.org/pipermail/tbb-dev/2018-December/000934.html ff.) This week: - release preparations - further work on mingw-w64/clang toolchchain - getting back Torbutton integration into tor-browser (#10760) - trying to figure out #29185 - more emails - more reviews pospeselr: Last week: - code reviews ( #29082, #21805 ) - #25658 work (security settings) This week: - get a #25658 patch up for review boklm: Last week: - reviewed: #28618 #27597 #27503 - reopened and fixed #29097 (https-everywhere make.sh explicitly depends on missing python 3.6) - updated patch for #29143 (fix build of obfs4 in nightly builds) - made patches for: - #29158 (Add fix for DSA 4371-1 (apt vulnerability)) - #29181 (Make it possible to force rebuild of debootstrap-image) - #29178 (Don't build master of goxcrypto, goxnet, uniuri and go-webrtc) - helped build the new releases This week: - help with publishing the new releases - Try to find some fix for #29158 for wheezy-i686 (GeKo: I think the right thing to do here is not wasting too much time on finding a workaround for that but fix #26323) - continue work on testsuite - make patch for #29183 (We are using linux i686 langpacks in the linux x86_64 builds) - work on #25623 (Disable network during build) - work on #26323 (Build 32bit Linux bundles on 64bit systems) - some reviews: #28716, #28803 sysrqb: Last week: - 28705 and 28814 (Downloading crash, and allow installing another apk within TB) - Investigated mobile build failure after backporting patch - More of new bootstrapping UI (#28329) - but still not complete This week: - TBA release - Hopefully complete 28329 branch - Maybe fastlane igt0: Last week: - Updated #25764 tablet layout - Rebased #25764 on top of master - Reviewed more tor button tickets This week: - Send #25764 to review - More TBA alpha tickets pili: - Roadmapping - OTF Proposal (warnings/notifications & new identity) - NLNet ESR proposal - GSoC investigation sisbell: Last week: - Did testing of integrated TOPL.OrbotService code, various bug fixes and improvements. Everything now working correctly. - Opened 10+ issues on TOPL project (GitHub). These are for the changes we need for integration. This Week: - Finish TOPL commits to project (by tomorrow latest) and do pull request - Create new GitHub project with modified OrbotService - Fork Orbit project, integrating TOPL and the OrbotService - If time, start on tor-browser-build Georg

1 0

Notes from January 24 2019 Vegas team meeting
by Karsten Loesing 26 Jan '19

26 Jan '19

Notes for January 24 2019 meeting: Nick: 1) Prepping for hackweek 2) Need to meet with metrics team at hackweek; Gaba is making sure it happens. 3) 0.4.0.1-alpha is out. TBB folks, please let us know if you see any tbb-needs stuff. (GeKo: right now only #28614 and related tickets come to mind) 4) With the Brussels hackweek coming up, this is a good time to remind people about expenses. Let's talk about Sue's Harvest proposal? Gaba: 1) Coordinating for hackweek (metrics and network teams and 1 person from anti-censorship team) 2) Finished sponsor 8 Q4 report Arturo: 1) Launched the revamped OONI Probe mobile app! https://ooni.torproject.org/post/revamped-ooni-probe-mobile-app/ 2) Published an OONI Year in review blog post: https://ooni.torproject.org/post/ooni-in-2018/ 3) Published a research report on censorship in Zimbabwe: https://ooni.torproject.org/post/zimbabwe-protests-social-media-blocking-20… 4) Working on the OONI Explorer country pages 5) Going to publish a job posting for the OONI Backend engineer position Georg: 1) Preparing new Tor Browser releases (8.0.5 and 8.5a7); work on our next big Tor Browser for Android milestone Steph: 1) Edited copy for a beautiful new brochure 2) Strategizing with Isa 3) Upcoming posts: TPL, year in review/looking fwd 4) We will share a booth with fossasia at FOSDEM, Gaba taking from here 5) Press inquiries. 6) Creating new Tor stories survey Alison: 1) Finishing up new outreach brochures with comms and UX 2) Doing LFI recruitment and curriculum development 3) Much of the community team is prepping for sponsor9 travel Sarah: 1) Sending thank you emails with 2018 giving totals to monthly givers 2) Working with Al and grants team on NLnet proposals 3) Helping respond to OTF questions 4) Meeting with Isa and Jon about optimizing donation flow 5) Planning changes to the donation page for major donor program, monthly giving program, and cryptocurrency donations Antonela: 1) Wrapping outreach material, content was reviewed by comms and is ready for emmapeel to start the localization workflow. I'm still working with covers and back posters. 2) Reviewing tpo.org, tpo.org/about, tpo.org/download on staging with Hiro. 3) Working on OONI Country pages with Elio. We are running user testing with Explorer users this week, coordinated by Maria. 4) Working on Q12019 user research documents with Caroline Sinders 5) Alon will work on illustrations for tpo.org. He will join us at our regular open meetings. 6) I was a reviewer for the Spanish localization for the Pluggable Transports guide. 7) Reviewing OTF UX proposal 8) Fosdem Talk and Roger slides are in progress. Sue: 1) Working with auditors to finalize Financial Audit 2) Working with Sida Auditors for definitions required for Attestation Audit 3) Working with DRL Auditors on 2016 findings 4) Working on various payroll/pension items for International Payroll compliance Pili: 1) Team Roadmap reviews 2) S8 Report wrap up 3) Gettor handover meeting 4) More GSoC "investigation" isabela: 1) getting ready for Board meeting tomorrow (Friday Jan 25th) 2) reviewing reports (sponsor 8 and rose foundation) 3) reviewing proposals (NLnet, DRL, OTF) 4) synced with Steph on the 'there is no dark web strategy' 5) getting ready for all things w/ sida for next week Roger: 1) I'm getting back up to speed after health issues. I'm mostly answering and writing emails as usual. If you need something from me, let me know (with a fresh reminder I mean). Erin: 1) general hr stuff 2) anti-censorship team announcement will go out today Karsten: 1) Prepared metrics-web patch that will switch from Ant to Java-only for running the daily updater. This is the first step in reusing code between modules and simplify operation. 2) Worked more on last remaining Sponsor 13 report. 3) Preparing for Brussels next week. Mike: 1) Working on vanguards 2) Prepping for network team meeting

1 0

December 2018 User Feedback Summary
by Maggie 25 Jan '19

25 Jan '19

Hey, friends! Welcome to the December 2018 user feedback report. For more information on what users and community members were talking about this month, check out the December 2018/January 2019 User Feedback pad [1]. TL;DR: There were a bunch of releases this month, and lots of user bug reports in the blog post comments. Reddit was about the same as always (with a focus on VPN and fingerprinting questions), and RT brought in a lot of questions about bridges and TBA. - Confusion about using a VPN with Tor continues to be common on Reddit and RT. I'm hoping that these questions will be addressed by the Tor v. VPN guide I'm writing up for the support portal, which will incorporate some of the information that pastly previously posted [2]. - People (especially Reddit users) have lots of questions about whether certain actions will allow them to be fingerprinted. I think we could address some of this with an expanded FAQ entry, and potentially by linking to EFF's Panopticlick [3] so that users can experiment with their settings themselves. - Tor is still broken for screen readers. This is a high priority fix, not only because this issue may prevent users with impaired vision from using Tor, but also because the issue interferes with our commitment to making Tor easy to use for everyone. Now, on to the feedback! Scroll further down to see a summary of Reddit posts, some points from Google Play Store reviews, a list of the most common Stack Exchange tags from the month, and a collection of some notable issues and bugs mentioned by users in December. --- Most common questions on Reddit: - How can I hide the fact that I'm using Tor; or, should I use a VPN together with Tor? - (these questions appear all the time, and will be addressed in a Tor v. VPN doc I'm working on for the support portal.) - Will doing _____ allow me to be fingerprinted? --- TBA Reviews & Feedback on Google Play Store: The average review score is currently 4.2. Reviews are a mix of people who are very excited to be able to use Tor on their mobile, people who are getting 'proxy server' errors, and people who are upset that it's slower than their usual browser. I will continue to investigate the reported 'proxy server' errors through related RT tickets. Users are also experiencing crashes on certain Android devices when attempting to download a file using TBA. --- Most common stack exchange tags: tor-browser-bundle: 12 this month configuration: 8 this month help: 5 this month orbot: 5 this month --- Notable bugs, fixes, & issues: #27503 [4] - Disabling accessibility on Windows breaks screen readers - OPEN (NEEDS INFORMATION) #28720 [5] - NoScript blocks certain videos starting with 10.1.9.2rc2 on security level "safer" - CLOSED - FIXED #28874 [6] - https://browserleaks.com/webgl crashes tab on 64bit Tor Browser for Windows - CLOSED - FIXED #28836 [7] - Links on about:tor are not clickable anymore on Windows starting with 8.5a5 - OPEN - NEEDS REVIEW #28705 [8] - Tor Browser on Android is crashing on newer Android devices (>= Android N) by file download - OPEN - NEEDS REVISION #29043 [9] - NoScript freezes the browser when scripts are enabled (TB 8.5a6) - OPEN #29032 [10] - Tor Browser 8.0.4 stops displaying text correctly in Virtualbox on Windows - OPEN --- That's it for the month of December! In the interest of keeping things short(ish), I've left out some other feedback. If you want to know more, please do check out the December 2018/January 2019 User Feedback pad [1] or reach out to me via email (waywardwyrd at riseup dot net) or IRC (wayward). Thanks for reading! I'll see you all back here next month! - wayward (Maggie) pronouns: she/they | twitter: @meochaidha <https://www.twitter.com/meochaidha> pgp: 0626 9C68 D0CC 1A5B E41B 72F2 615E B878 975C 4CDC ------ Annotations: 1. https://storm.torproject.org/shared/u4ch1acnksyrZD2Zu8_ODT2l_Va8iMPgqWQU41g… 2. https://matt.traudt.xyz/posts/vpn-tor-not-mRikAa4h.html 3. https://panopticlick.eff.org/ 4. https://trac.torproject.org/projects/tor/ticket/27503 5. https://trac.torproject.org/projects/tor/ticket/28720 6. https://trac.torproject.org/projects/tor/ticket/28874 7. https://trac.torproject.org/projects/tor/ticket/28836 8. https://trac.torproject.org/projects/tor/ticket/28705 9. https://trac.torproject.org/projects/tor/ticket/29043 10. https://trac.torproject.org/projects/tor/ticket/29032

2 1

Initial roadmap for the anti-censorship team
by Roger Dingledine 25 Jan '19

25 Jan '19

Here is an early brainstorming list of the scope for our future anti-censorship team. Let us know if we left out a critical category. And of course once we have actual team members I expect they will take this initial roadmap and do something even smarter than this list. :) (1) BridgeDB: - Automated monitoring - Understand current usage patterns, consider improving the design Don't get obfs4 bridges blocked by other transports (#28655) (2) Pluggable Transports: - Improve the PT interface with Tor, to pass logs etc (#25502) [with network team] - Tor Browser can use other circumvention tools as proxies (#28556) [with browser team] - Specific PTs: Maintain obfs4proxy (like fixing the iat bug that let Kazakhstan block it) Snowflake Httpsproxy Marionette Domain front through community sites - Talk to research groups to keep in touch about their PT research work (3) Improve Tor user experience for users in censored / crappy networks: - Gettor: automated monitoring and automated updates. Improve UX. - Understanding and reducing client time to bootstrap [with network team] and other parameters that are tuned poorly for slow networks (4) Understand Tor censorship: - Tor Browser network testing mode (#23839, #28531) [with browser team] - Reachability scanning for the default (shipped in Tor Browser) bridges [with ooni] - Understand bridge load and bridge blocking (e.g. fix user counting bugs that are making our Turkey count wrong) [with network / metrics teams] (5) Help users use bridges: - Help NGOs get their users on bridges (#28015, #28526) - Tor Browser *automates* picking the right PTs [with browser team] (6) Community outreach and integration: [with community team] - [Initial list of outreach partner NGOs elided for now, since some of them have opsec needs to keep their people safe]

9 10

Potential trademark violation - TOR Browser PRO
by Matt Traudt 23 Jan '19

23 Jan '19

Something called TOR Browser PRO by "Tor Powered Onion Browser" on the ... iOS App Store? https://old.reddit.com/r/deepweb/comments/ac11y6/how_trustworthy_is_this_wa…

8 11

Tor Browser team meeting notes, 22 Jan 2019
by Georg Koppen 23 Jan '19

23 Jan '19

Hi! Here are the notes from our weekly meeting which we had yesterday. The IRC log can be found at: http://meetbot.debian.net/tor-meeting/2019/tor-meeting.2019-01-22-18.59.log… The notes from our pad are: Discussion - The canPlayMedia email on tbb-dev (GeKo: I'll check this out this week) - Tor Browser Release Meeting this week (GeKo: 1900UTC 1/23 in #tor-meeting) - upcoming meetings: we'll switch to Mondays 1830UTC in #tor-meeting2 (GeKo will send an announcement mail to tbb-dev) GeKo: Last week: - backported fix for bug 1469916 (#29082) - looked a bit more into #28238 - wrote patches for donation banner replacement (#29035) - wrote a patch for #27503 (enabling accessibility support on Windows) - wrote a patch to unbreak our nightly builds (#29105) - updated my patch for enabling MOZILLA_OFFICIAL on Windows, too (#28618) - reviewed and tested various patches (#25702, #29097, #28836, #26148, #26858) - release planning - need help with reviews of my tickets for the releases (#29082 (pospeslr), #27503, (boklm), #28618 (boklm), #29035 (mcs/brade + igt0?), #29104 (mcs/brade), #21805 (pospeselr), #27597 (boklm), #28814 (sysrqb)) - status updates - sysrqb: could you update the patch for #28705? I'd like to get that one into the alpha. [sysrqb:ack] - investigated #28575 (localization of NoScript and HTTPS-Everywhere) This week: - release preparations - patch reviews - look closer at https://bugzilla.mozilla.org/show_bug.cgi?id=1376621#c12 and at tjr's follow-up work - work on building firefox with mingw-w64/clang (#28238) - work on Torbutton integration into tor-browser (#10760) - review of #24131 (redoing tpo.org/download) - get back to replying to various email threads mcs and brade: Last week: - Code reviews. - Finished #28836 (Links on about:tor are not clickable anymore). - Produced a patch for #28885 (notify users that update is downloading). This week: - Code reviews: - #29035 (Post-YE campaign clean up) - #29104 (Rebase Tor Browser patches against 60.5.0esr) - Work on proposal for #28044 (Integrate Tor Launcher into tor-browser). tjr MinGW Build Stuff - Got a ton of stuff uplifted to esr60! - Things outstanding: High Priority - x86 Sandbox doesn't work: landed in central; awaiting uplift to 60: https://bugzilla.mozilla.org/show_bug.cgi?id=1520310 - ASLR: need to uplift to 60: https://bugzilla.mozilla.org/show_bug.cgi?id=1520308 ^^^ - Both of these are expected not be in 60.5 and will wait for 60.6 Low Priority (for me anyway) - I have an RDD crash but no one else seems to (central): https://bugzilla.mozilla.org/show_bug.cgi?id=1519608 - Accessibility compiles but doesn't work (affects central and esr60 AFAIK): https://bugzilla.mozilla.org/show_bug.cgi?id=1520177 - Remove binutils: https://bugzilla.mozilla.org/show_bug.cgi?id=1520311 INVALID - We'll need binutils for the next one (GeKo: that's kind of surprising from reading 1471698, but I am fine with that :) ) - binutils fixup: https://bugzilla.mozilla.org/show_bug.cgi?id=1471698 - the esr60 build requires a local mingw patch or firefox patches: https://bugzilla.mozilla.org/show_bug.cgi?id=1508316 Rust Build Stuff - https://bugzilla.mozilla.org/show_bug.cgi?id=1376621 - Got something working (Linux only), refactored, now investigating other OSes - I need a list of functions to look for. Does anyone have that? (Mike Perry maybe?) (GeKo: What we have is in thetor-browser-spec repo in the audits folder: https://gitweb.torproject.org/tor-browser-spec.git/tree/audits) I will definitely miss next week and start being less responsive sysrqb: Last week: - New TBA bootstrap UI/UX (#28329) This week: - Finish 28329 - Finish 28705 (Downloads crash app) - Finish 26844 (Fastlane) - Review 28814 sisbell: Last week: - #29080/27609 Finished changes to TOPL. Now using TOPL for tor installation and bootstrap. TOPL broadcasts messages back to Orbot services (log messages to user will not change). Finished changes and integration with Orbot with the exception of HiddenService and Cookie DBs. This Week: - #29080 - Open TOPL issues and submit requests to merge back changes (patch is fallback). Test integrated code with Orbot and add HiddenService and Cookie DBs (generates HiddenServicePort and HiddenServAuth in config file). pospeselr: I've an appointment at noon, so I'll be ducking out of this meeting early Last week: - finished up #25702 (rebranding) (woo!) - fix for #29097 (https-everywhere needs python 3.6) - worked a bit on #25658 (security settings redesign) This Week: - review #29082, #21805 - #25658 igt0: Last week: - Half of the week recovering from sickness :/ - Reviews and test torbutton patches - More adjustments for the #25764 (fixing tablet layout) This week: - Review more stuff - Try to finish #25764, it already took too much time. boklm: Last week: - reviewed #29105, #29081, #28874 - tested and fixed patch for #27531 (Tor Browser 8 crashes trying to print on Linux) - tested patch for #28546 (Rebrand Tor Browser's Window's Installer) and opened GitHub pull request - started patch for #29143 (Building obfs4 in tor-browser-build nightlies is broken due to uTLS support) - worked on fixes for testsuite tests performance-observer, resource-timing, user-timing, user-timing-worker This week: - some reviews: #27503, #28618, #28716, #28803, #27597 - help with releases build - continue work on testsuite antonela: Last week: - #28329 TBA + Orbot - reviewed #29035 This week: - #28329 TBA + Orbot - TBA QA Pili: Last week: - Sponsor 8 Q4 report This week: - Roadmap review - started playing with a Kanban board: https://storm.torproject.org/shared/4gXsycP8GV7aih2qwi0xY8iRnqEyZi2YfIyLQQF… - Sponsor 8 Q4 report wrap up - Finding GSoc volunteers Georg

1 0

Network team meeting notes, 22 Jan
by Nick Mathewson 23 Jan '19

23 Jan '19

Hello! You can find the logs of yesterday's team meeting at http://meetbot.debian.net/tor-meeting/2019/tor-meeting.2019-01-22-17.58.html Here are the notes from that meeting: = Network team meeting pad! = This week's team meeting is at Tuesday 22 January at 1800 UTC on #tor-meeting on OFTC, because Monday is a US public holiday. Welcome to our meeting! First meeting each month: Tuesday at 2300 UTC Other meetings each month: Mondays at 1800 UTC On #tor-meeting on OFTC. January schedule: * Meeting on 21 Jan 22 Jan, 1800 UTC * No meeting 28 Jan; (some of) the team will be at a face-to-face meeting. February schedule: * Tuesday 5 February at 2300 UTC: teor is on leave, can we swap the 2300 UTC Tuesday meeting to Tuesday 12 February? * Monday 11 February at 1800 UTC, unless we swap (This channel is logged while meetings are in progress.) (See https://lists.torproject.org/pipermail/tor-project/2017-September/001459.ht… for background.) Want to participate? Awesome! Here's what to do: 1. If you have updates, enter them below, under your name. 2. If you see anything you want to talk about in your updates, put them in boldface! 3. Show up to the IRC meeting and say hi! After each week's meetings, the contents of this pad will be sent to tor-project @ lists.torproject.org. After that is done, the pad can be used for the next week. == Previous notes == (Search the list archive for older notes.) 10 Dec: https://lists.torproject.org/pipermail/tor-project/2018-December/002120.html 17 Dec: https://lists.torproject.org/pipermail/tor-project/2018-December/002127.html 8 Jan: https://lists.torproject.org/pipermail/tor-project/2019-January/002155.html 14 Jan: https://lists.torproject.org/pipermail/tor-project/2019-January/002170.html == Stuff to do every week = * Let's check and update the roadmap. What's done, and what's coming up? url to roadmap: https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Check reviewer assignments at: https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… Here are the outstanding reviews, oldest first: https://trac.torproject.org/projects/tor/query?status=needs_review&componen… Including sbws: https://trac.torproject.org/projects/tor/query?status=needs_review&componen… * Also, let's check for things we need update on our spreadsheet! Are there important documents we should link to? Things we should archive? * Check rotations at https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/TeamRot… Core Tor/sbws is now part of the bug triage, CI, and reviewer assignment roles == Reminders == * Remember to "/me status: foo" at least once daily. * Remember that our current code reviews should be done by end-of-week. * Make sure you are in touch with everybody with whom you are doing work for the next releases * Remember to fill up actual point when you finish a task (as well as update the estimate when starting the issue). * Add planned PTO to the calendar https://storm.torproject.org/shared/ISA5L5nH0Xu88iqSCx9ZjCXYSMKOBTdbUeWarbd… * Check other's people call for help in their entries. ------------------------------- ---- 22 January 2019 ------------------------------- == Announcements == * Drafting Hackweek agenda. We will meet the week before the hackweek. * draft agenda https://pad.riseup.net/p/tor-netteam-agenda-hackweek-2019.1-keep <-- please check it out and send me any comments/questions about it. * date to discuss it: January 22nd 9pm UTC == Discussion == * teor is on leave on 5 February at our normal meeting time, can we swap the 2300 UTC Tuesday meeting to Tuesday 12 February? (Sounds okay; let's finalize this in Brussels.) * How can we review all the reviews in our backlog? (see query links in "Stuff to do every week") Ideas: move reviews around among people more proactively? prioritize which reviews are most urgent? share reviews of big tickets among 2 people? Let's talk more in brussels * Who can calculate the release capacity and estimated points every week? (Gaba will do the calculations, if teor sets up a spreadsheet. We can turn them into a script later if we want.) * 040 bugfixes until the stable release date * 041 all tickets until the code freeze date teor ran out of time to do the spreadsheet this week, let's work on it at the hackfest. * Nick needs others to help with Q&A on the release blogposts. Or we could stop opening comments. == Proposed tickets == * Teor is bringing a proposal for proposed ticket (let's try it for a few weeks, then discuss during hackweek) https://pad.riseup.net/p/network-team-triage-2018 Reminder: please add points estimates to proposed tickets! Please tag proposed tickets with 040-proposed or 041-proposed, and add a points estimate (in days). If the ticket needs to be added to the roadmap, put it on the list below, so we can talk about it at the meeting. === 035-proposed === #29042 Error loading private key after 0.3.5.7 upgrade needs_review #28248 Add comments around rust compilation flags accepted <=== accepted if Nick can do it quickly. #29134 Document the max number of v3 client auths I can make new === 040-proposed === Capacity Estimate TODO: turn capacity estimates into a script or spreadsheet ?? points of proposed tickets ?? points of accepted tickets ?? days left until the 0.4.0 release, approximately ?? * 0.36 = ?? coding days per person (see below for calculations) List of tickets that aren't on the roadmap #29040 -- Tor crashes if ClientOnionAuthDir contains more than one public key for a hidden service (new) <-- defer deciding until asn & dgoulet input #28363 -- Make a torrc option which prevents Tor from falling asleep Is this a duplicate of one of our Sponsor 8 dormant mode tickets? Open 040-proposed tickets: https://trac.torproject.org/projects/tor/report/77 Open 040-proposed tickets with no points estimate: https://trac.torproject.org/projects/tor/report/78 === 041-proposed === Capacity Estimate TODO: turn capacity estimates into a script or spreadsheet ?? points of proposed tickets ?? points of accepted tickets 113 days left until the 0.4.1 feature freeze, approximately 40 coding days per person, minus ?? days for 040 bugfixes 5/7 work days in week * 220/260 non-leave week days in year * 3/5 coding days in week = 0.36 coding days per calendar day (coding days exclude reviews, admin, travel, meetings) List of tickets that aren't on the roadmap #25417 -- HSFETCH support for v3 Hidden Services (needs_review) Points needs asn or dgoulet's input, how much effort will it take us to merge this code? Should we try for 0.4.1? There's something subtly wrong with a bunch of our HSv3 IPv6 code: <-- defer deciding until asn & dgoulet input #26992 -- Add intro point IPv6 address to service descriptors (needs_revision) #23588 -- Write fascist_firewall_choose_address_ls() and use it in hs_get_extend_info_from_lspecs() (needs_revision) #23576 -- Make service_intro_point_new() take a node instead of an extend_info (needs_revision) I have tried to debug the issue for a few hours, but I didn't make much progress. I expect it will take a few days to debug: let's defer these tickets, and pick them up if we have time later in the release There 79 tickets below, what do we do? Open 041-proposed tickets: https://trac.torproject.org/projects/tor/report/75 Open 041-proposed tickets with no points estimate: https://trac.torproject.org/projects/tor/report/76 {79 tickets here; tabling them till Brussels.} == Recommended links == == Updates == NOTE NEW FORMAT! Name: Week of XYZ (planned): - What you planned for last week. Week of XYZ (actual): - What you did last week. Week of ABC (planned): - What you're planning to do this week. Help with: - Something you may need help with. PLEASE DO NOT BULK-DELETE THE OLD ENTRIES! Leave the "Planned" parts! Leave the parts for last week and this week! gaba: Week of 01/13 (actual): - remove s8 from tickets - anti-censorship plans - weekly meeting kickoff - S8 report - s31 follow up - help with various grant reports - bridgedb: talked with sysrqb and updated tickets Week of 01/21 (planned): - hackweek planning - anti-censorship meeting - finish s8 report for pili to send - check on s31 follow up teor: (offline) Week of 14 Jan (planned): High-Priority: - PrivCount proof of concept (#29004 and related tickets) - unit tests for extra-info documents Medium-Priority: - (no sbws reviews, I need to focus on PrivCount before the hackfest) - Sponsor 8 tasks - are these important enough to do anyway? - Ask metrics to monitor bootstrap speed - Tweak bootstrap settings to work when lots of fallbacks are down (and also on networks that drop packets) Week of 14 Jan (actual): High-Priority: - PrivCount proof of concept (#29004 and related tickets), focused on bandwidth stats this week - Travel preparation / hackfest preparation Medium-Priority: - a small IPv6 review, some sbws reviews - some proposed tickets admin, and other admin Help with: Nick: Week of 14 Jan (planned): - Finish pubsub revision - Merge final stuff for 0.4.0.1-alpha; freeze on Tuesday! - Release 0.4.0.1-alpha, maybe. - Triage 0.3.5 and 0.4.0 tickets :( - Advance modularization discussions - Help on snowflake stuff? Week of 14 Jan (actual): - Last-minute bugfixes and freeze on 0.4.0.1-alpha - Alpha release - Start a fresh round of 0.4.0 triage - Revise various tickets - Work on publish/subscribe refactoring - Fast-fixes for several smallish tickets. Week of 21 Jan (planned): - US Holiday on Monday. - Prepare for hackweek - Work on a scalability idea I've been tossing around. - Talk with some mozilla people. - Anticipating ~9 hours of meetings this week. :( - Trying to identify must-fix stuff for 040 or earlier. Please help? Need help wih: - Triage 0.3.5 and 0.4.0 tickets :( - Advance modularization discussions dgoulet: (offline, in bed ill) Week of 01/14 (planned): - prop289: Fix remaining bugs (I know what they are). Jump on unit tests and then massive chutney testing. - Re-review spec for #28180 with ahf after dcf1 comments. Mike: Week of 1/14 (planned) - Finishing touches on #28142 - convert wtf-pad TODO file to tickets and make a plan for 0.4.1 - Help more with modularization plan? Week of 1/14 (actual) - Finishing touches on #28142 - Weighted and prioritized wtf-pad tickets for 0.4.1; Over 53 points so far :/ - Looked at vanguards work; maybe 5-10 points here Week of 1/21 (planned) - Do some vanguards work - Figure out how much help with wtf-pad is available, and decide on in/out for 0.4.1 tikets - Write some wtf-pad documentation? catalyst: week of 01/14 (2019-W03) (planned): - prep for Brussels meeting - more follow up fixes related to #27167 - follow up on modularization thread - ticket reviews week of 01/14 (2019-W03) (actual): - reviews - found and helped investigate (surprise!) test nondeterminism along with Riastradh, ahf, nickm - made some comments on the pad about modularity stuff week of 01/21 (2019-W04) (planned): - reviews - prep for Brussels meeting juga (offline): Week 14/01 (planned) - Continue on working out how sbws can report excluded relays in the bandwidth file (#28563) - Continue with refactoring (#28684) - Write last 3 months report Week 14/01 (actual) - Continue with refactoring (#28684) - Adapt bandwidth file classes to be compatible with stem #29057 - Write last 3 months report - Revise Authorities should put a hash of the bandwidth file in their votes (#26698) Week 21 Jan (plan) - Review minor bandwidth file spec updates (#29079) - Revise Authorities should put a hash of the bandwidth file in their votes (#26698) - Update documentation for the relay prioritization and revise (#28868) - Look at stem bandwidth file parser (#29056) - Continue with refactoring (#28684) asn: [Will be at an apointment during the net team meeting, but I will be present on the one about the hackfest afterwards.] Week of 01/14 (planned): - Monday: Tor lecture in local university. - Get #28142 merged. - Work on the onion service proposal. - Check out the brussels hackfest thread. - Do reviews. Week of 01/14 (actual): - Did a lecture about Tor in a local university (unipi.gr) as part of the security class. There were about 30 people present and I feel like they really enjoyed it. They had lots of questions and the thing was interactive until the end. Was fun! - #28142 is merged no joke!!! - Worked on the onion service funding proposal. - Organizing a Tor meetup in a new hacklab in Athens this Friday. Gonna be a good one. - Did reviews. Week of 01/21 (actual): - Prepare for the hackfest. - Start triaging 040 bugfixes. - Do reviews. - Do the Tor meetup on Friday. Help with: - We good. ahf: Week of 1/14 (planned): Sponsor 19: - Finish WebRTC + broker + client + proxy architecture document. - Reach conclusion with David and David about #28181 and #28182. Misc: - Help David with code review for authenticated sendme's. - Sysadmin interview progress. CI/Coverage: - Try to reproduce #29036 again Week of 1/14 (actually): Sponsor 19 (and a bit of 8): - Conclusion reached for #28181 and #28182 and patches to tor via PR#645. - We had our first anti-censorship check-in meeting. CI/Coverage: - Didn't manage to reproduce #29036. Misc: - I think we have found what our second round tasks for sysadmins interviews are. - Managed to get some stomach bug thursday evening, was pretty useless friday and some of monday. - Reviews. - Added points to missing tickets. - Try to help with some of the random test failures before the 0.4.0 alpha. Week of 1/22 (planned): Sponsor 19: - Follow up on some action items from the anti-censorship meeting. - Figure out what Snowflake things we want to do in Brussels? - Finish proxy part of Snowflake architecture document. Misc: - Solve the Windows CI issue that I didn't finish last week.

1 0

Tor Browser Release Meeting: Wednesday 23rd January @1900UTC
by Pili Guerra 22 Jan '19

22 Jan '19

Hi all, It's Tor Browser Release meeting week again: Wednesday 23rd January @1900UTC over at #tor-meeting Our next release is planned for next week (end of January) so this will be a good chance to get a sneak peek at what's going to be going into the upcoming release. We look forward to seeing you there :) Thanks! Pili — Project Manager: Tor Browser, UX and Community teams pili at torproject dot org gpg 3E7F A89E 2459 B6CC A62F 56B8 C6CB 772E F096 9C45

1 0