tor-project

tor-project@lists.torproject.org

17 participants
2325 discussions

Fwd: [TSoP2018] Ahmia status update #1
by Stelios Barberakis 29 May '18

29 May '18

Hello all, This is an update report for ahmia project, as part of the Tor Summer of Privacy 2018. The first two weeks I have been working on updating and slightly improving the codebase of *ahmia-site, ahmia-index, ahmia-crawler* subprojects. More specifically: * Updating python packages and adding python3 support (default version from now on), to have a clean building process. * Prettifying the code towards pep8 compliance * Fixing some minor issues, like unresolved references, substitude deprecated methods, etc * Separating code from configuration by introducing environment variables approach through python-decouple. The already pushed commits can be found at the corresponding github repositories [1] <https://github.com/ahmia/ahmia-site/commits/tsop18>, [2 <https://github.com/ahmia/ahmia-crawler/commits/tsop18>], [3 <https://github.com/ahmia/ahmia-index/commits/tsop18>]. Best Regards, Stelios -- PGP key: http://keyserver.ubuntu.com/pks/lookup?op=get&search=0xBF6EA91B7CBE3998

1 0

[TSoP] stem.client - status report #1
by Dave Rolek 29 May '18

29 May '18

Hi everyone! This is my first status report for the stem.client TSoP project [1]. # Updates A lot of these first two weeks has been improving development processes, workflows, and coordination. A new Trac keyword "dev" now exists for stem tickets related to developers/development. [2][3] I'll be adding more and addressing some of these soon. I continued some work on the stem.control caching behavior, to wrap up #25821 [4] and tie out a remnant event into a new ticket, #26129 [5]. I've been planning out some of the architecture/design of stem.client [6], as well as reviewing existing code [7]. For the former, I'm especially considering how to make stem.client most useful within the Tor and Python ecosystems. I've looked at the "sans-io" style in hyper-h2 that meejah mentioned [8][9][10][11], along with similar resources [12][13][14]. I've also been looking at a few of the modules in the Python stdlib and projects in the ecosystem, to try to understand their potential integration points. # What's next For both architecture and code review, I have a bit more work to do. I'll confer further with Damian for these. Architecture discussion will be started on a private pad and then opened up to the larger community. Afterwards, I'll be moving onto these cells: * CREATE * CREATED * CREATE2 * CREATED2 * PADDING_NEGOTIATE And then I'll be working on CERTS, AUTH_CHALLENGE, NETINFO cells and the "v3 handshake". # Other Tor things I'd like to point out some other Tor things I'm doing, too, that aren't under the scope of stem :). I've had some mild involvement in the University of Michigan getting their exit node [15] up and running again. And Cryptoparty Ann Arbor will be having an event on Sat., June 9th, at the public library. [16] # Closing As with before, I've been active and reachable over IRC, where my nick is dmr. I'm still attending the network-team meetings, and since I've been asking some clarifications on the tor-spec [17], I'll probably be more chatty in those soon, too! Please don't hesitate to reach out to me via IRC or email. Thanks, Dave [1] https://lists.torproject.org/pipermail/tor-dev/2018-April/013090.html [2] https://trac.torproject.org/projects/tor/query?keywords=~dev&component=Core… [3] https://trac.torproject.org/projects/tor/wiki/doc/stem/bugs?action=diff&con… [4] https://trac.torproject.org/projects/tor/ticket/25821 [5] https://trac.torproject.org/projects/tor/ticket/26129 [6] https://trac.torproject.org/projects/tor/ticket/26226 [7] https://trac.torproject.org/projects/tor/ticket/26227 [8] https://lists.torproject.org/pipermail/tor-dev/2018-February/012906.html [9] https://lists.torproject.org/pipermail/tor-dev/2018-February/012908.html [10] https://lists.torproject.org/pipermail/tor-dev/2018-April/013100.html [11] https://python-hyper.org/h2/en/stable/ [12] https://sans-io.readthedocs.io/how-to-sans-io.html [13] https://www.youtube.com/watch?v=7cC3_jGwl_U [14] https://github.com/python-hyper/h11 [15] https://metrics.torproject.org/rs.html#details/5AFAC3D00E97D6733112CC9CA2A7… [16] https://aadl.org/node/372209 [17] https://trac.torproject.org/projects/tor/ticket/26228

1 0

Notes from May 24 2018 Vegas team meeting
by Karsten Loesing 25 May '18

25 May '18

Notes for May 24 2018 meeting: Mike: 1) Finishing vanguards specification; finalizing vanguards rpo 2) On vacation Jun 7-15; Key Mozilla will not be at all-hands on the 16th, likely going to skip it. 3) Prepping for Seattle meeting. Georg: 1) We helped Antonela with Tor Browser bundles for user testing 2) We are about to switch to ESR60-based Tor Browser nightly builds 3) Timesheet approval Nick: 1) Stable release out (0.3.3.6). We'll know if it's good once users get it. 2) Going to take off from most everything else in order to prep for Seattle meeting. 3) Possibly not at this meeting next week, depending on Seattle schedule. 4) Monday's a holiday and I'm traveling Tuesday: you won't see me (much) then. Karsten: 1) iwakeh leaves the metrics team by end of May (and not by end of June as originally planned), and irl joins in July, which leaves just me as paid metrics team person in June. It's unclear whether we'll able to do reviews in June. Maybe it will be a month of documentation and housekeeping without actual code changes. 2) We're putting out new releases of everything on Friday and next week to switch from Gson to Jackson. The main reason is to practice the release/deployment process with irl. Steph: 1) Success in getting a website opened to Tor users, though behind a captcha 2) Interviewing Mozilla fellows this week 3) Ran a booth at RightsCon last week with invaluable help from Kat, Sina, and Sukhbir! Thanks Jon for getting our gear sent out! 4) Working through our presence at Def Con, seems we cannot have a booth in the village as we had hoped, but Roger could still do an AMA 5) Worked with Colin and Tommy on a post announcing Colin’s new position as relay advocate 6) Worked with Antonela on a post about user testing at cryptorave 7) Lining up future posts on the blog content calendar with Tommy 8) Replying to questions from a journalist Arturo: 1) It's been a week very packed with conferences and social gatherings. I am currently in San Francisco. 2) Published interview with Julie Owono: https://ooni.torproject.org/post/ooni-community-interviews-julie-owono/ 3) Working on research reports 4) Updated test lists (KZ, PK, global) 5) OONI data was cited in various research reports & we got press coverage from a Malaysian news website 6) Making a considerable amount of progress on the OONI Probe windows app 7) Wrote in this ticket some considerations about how to test circumvention tools in OONI Probe: https://github.com/ooni/spec/issues/109. isabela: 1) got extensions for sponsor17 and 13 (this one will come for us to sign more towards the end of the contract) 2) writing a evaluation report for sponsor4 (they requested it) this is based on what we wrote at 'monitoring and evaluation' part of the proposal 3) organizing nce request for sponsor8 and a short evaluation/expectations report for sponsor9 (phase 1 ends in June so we will have to write a lot of reports, phase 2 plans and budget for them) 4) organizing a soft launch for support.tpo so we can have translations done and all the remaining blockers resolved (this is hanging way too long is priority to solve this so we can at least meet a few of the website redesign deliverables) 5) will meet CEO of cliqz on June 5th in NYC 6) going to Seattle next week for network team hackfest and to sync with Shari 7) working on PMs job posts 8) plan on start organizing content creation process for new tpo site Shari: 1) trying to organize everything for Isabela handoff 2) too much travel (I'm at the airport now) 3) good connections at RightsCon 4) anti-censorship project

1 0

Notes from Tor Browser team meeting, 21 May 2018
by Georg Koppen 22 May '18

22 May '18

Hi all! Yesterday we had the newest edition of our weekly Tor Browser meeting. The chat log can be found at: http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-05-21-17.58.log… The notes from the pad are: Monday May 21, 2018 Discussion: -Preparations for Mozilla's All Hands meeting? - What tjr has in mind: - Tor Product Discussion - mostly introduce the Uplift project and SPB ideas to a Mozilla Product person - Fingerprinting / Tor Uplift - plan what Ethan and co should work on first - Network Programming (probably?) - UI/UX meeting - Sandboxing - Mobile Direction - what is happening with Fennec - Mobile Programming: snorp, nalexander - WebRTC: Nils, Arthur, Richard -Next meeting (28th is Memorial Day in the US)? Maybe on 29th same place, same time? [GeKo: Yes; will send a mail to tbb-dev] mcs and brade: Last week: - Revised the patches that we worked on for #25543 (Rebase Tor Browser patches for ESR60) to account for GeKo's feedback. - Reviewed Matt's revised patch for #25750 (update Tor Launcher for ESR 60). - Fixed #20890 (Increase connection timeout to avoid "Could not connect to Tor control port" errors). - Contributed to the ongoing discussion in #25694 (Activity 3.1: Improve the user experience of updating Tor Browser). This week: - We will be away from keyboard a lot but will do our best to monitor IRC and email. - Follow up on any remaining ESR60 patch issues (#25543). GeKo: Last week: -reviewed ESR60 tor-browser branch -reviewed #25750 (update Tor Launcher for ESR 60) -wrote a first patch for updating the macOS toolchain (finally, we seem to be able to use an own cctools, see #9711) -started the esr52-esr60 network audit -closed some old and unused milestone on Trac; minor bug triage -wrote a patch to deal with Torbutton and Tor Launcher being legacy extensions now (#26127) -tested whether the circuit display patch (#24309) works "out-of-the-box" with ESR 60 (it does not! (surprise, I know) -prepared our authenticode signing to use SHA-256 as signing hash algorithm (#18287) This week: -finish macOS toolchain for ESR 60 -further progress in esr52-esr60 network audit -(MAR-)key creation -a bunch of reviews -getting ESR60-based nightly builds going [GeKo: the plan is to give antonela as fast as possible ESR52-based bundles with patches for #24309 and #23247 for user testing and getting the switch to ESR60-based Linux nightlies done this week] sysrqb: Last week: - Worked on Tor Launcher patches (25750) - More TBA testing and rebasing onto 60 and 61 - Orfox troubleshooting This week: - Finish TorLancher patches - Help igt0 debug Orfox crash - More TBA testing igt0: Last Week: - Tor Button for ESR60 (#26100) - Tried to bisect a crash in Orfox This Week: - Finish the Tor Button for ESR60 - Reduce the website that makes Orfox crash removing the noise and creating a simple test case. - Finish my presentation slides to the JSConf boklm: Last week: - made patches for: - #26059 (Use mar files from the signed directory when generating incremental mars) - #26054 (Make sure to create incrementals from previously signed MAR files) - updated patch for #16472 (updating binutils to 2.26.1) and opened #26148 (updating to binutils > 2.26.1) - started reviewing #25832 (Enable pthread support for mingw-w64) but need to use ESR60 to test it - worked on some ansible roles for testsuite VMs setup (#26149) This week: - fill upstream binutils ticket for #26148 - look at #12968 (Specify HEASLR (High Entropy Address Space Layout Randomization) in MinGW-w64) - review and test #25832 (Enable pthread support for mingw-w64), #25894 and #25975 (get a rust compiler for Windows and macOS) or other tickets needed for the switch to ESR60 in nightly builds - work on some ansible roles for testsuite VMs setup (#26149) pospeselr: Last week: - working implementation for #23247 (Communicating security expectations for .onion) -no longer sick This week: - rebase patch for ESR60 tjr - MinGW: No significant outward progress from last week. Working on cleaning up patches for landing and debugging last few issues. - Had discussions with people about All Hands Meetings sukhe: Last Week: - Worked on https://trac.torproject.org/projects/tor/ticket/26073 with Arthur (patch tor-browser-build.git for Firefox 60 ESR) - RightsCon (Wed-Fri) This Week: - Wrap up #26073 - Meeting with Hooman for #25483 (Snowflake Windows) Georg

1 0

Notes from network team meeting, 21 May 2018
by Nick Mathewson 22 May '18

22 May '18

Hi! Meeting logs are available at: http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-05-21-16.59.html Notes are below: ========================= = Network team meeting pad, 21 May 2018 = "I am satisfied the usage of passing acts of Parliament for the taking upon one a surname is but modern; and that any one may take upon him what surname, and as many surnames as he pleases, without an act of Parliament." - Sir Joseph Jekyll, Barlow v Bateman, 1730 Welcome to our meeting! Mondays at 1700 UTC on #tor-meeting on OFTC. (This channel is logged while meetings are in progress.) Want to participate? Awesome! Here's what to do: 1. If you have updates, enter them below, under your name. 2. If you see anything you want to talk about in your updates, put them in boldface! 3. Show up to the IRC meeting and say hi! Note the meeting location: #tor-meeting on OFTC! (See https://lists.torproject.org/pipermail/tor-project/2017-September/001459.ht… for background.) == Previous notes == 23 April: https://lists.torproject.org/pipermail/tor-project/2018-April/001747.html 30 April: https://lists.torproject.org/pipermail/tor-project/2018-April/001750.html 7 May: https://lists.torproject.org/pipermail/tor-project/2018-May/001760.html 14 May: https://lists.torproject.org/pipermail/tor-project/2018-May/001769.html == Stuff to do every week = * Let's check and update the roadmap. What's done, and what's coming up? url to roadmap: https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Check reviewer assignments at https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Check rotations at https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/TeamRot… == Announcements == * No online team meeting next week! (US Holiday) * Remember to "/me status: foo" at least once daily. * Remember that our current code reviews should be done by end-of-week. * Important dates: * May 30, 2018 -- hackfest! * Remember: don't spend more than a day working on anything that isn't on the 033 or 034 milestones. * See hackfest pad at https://pad.riseup.net/p/0RxS2ZcRe9Eb for .... - scheduling meetings with nickm and isa! - prep-work that isa and nick (and maybe you) should do before the meeting - the list of people, which is the only even quasi-sensitive thing == Discussion == == Updates == Nick: Last week: - Release 0.3.4.1-alpha - Got appveyor branch working -- what are my next steps? #25549 [catalyst: see my updates for something we want to consider] - Triaged some 0.3.4.x tickets away - Worked out list of things to prepare before the meeting - Worked on a few OSS-Fuzz issues that turned out to be a minor openssl problem. Our side of it turned into #26116 - Started work on ChangeLog/Releasenotes for 0.3.3.6. This week: - Release 0.3.3.6 as stable. Any blockers? - Maybe the crash in #25957, but it looks hard to diagnose - Prepare for Seattle discussions. - Hunt bugs in 0.3.4.x. - Gonna take Friday off, I hope! Monday too! (US holiday) catalyst: last week (2018-W20): - coverity rotation -- uneventful - researched some EINTR and SA_RESTART stuff related to #26040 - more work on #25061 (adding test coverage for stuff that wasn't tested before) - filed #26142 (use C99 inttypes.h macros for U64 etc.) - briefly looked at #25549 again. looks like good progress so far. #26076 might be an intermittent failure? it would help to squash stuff into more readily reviewable chunks. #25942 seems ready but is effectively part of #25549 - maybe we should decide whether to merge #25549 anyway and deal with #25942 if it happens often enough to be ananoying? (it's okay with me -nick) - helped Nick proofread the 0.3.4 ChangeLog - did a few small string handling exercises in Rust. read a little about how Rust does async things - maybe talk about some architecture stuff at this week's patch party (Nick, teor, komlo, isis?) this week (2018-W21): - community advocate - more #25061 - code review - prep for Seattle hackfest - some possibly time-consuming urgent home maintenance teor: last week: - collect data, analyse data, write paper - keep up with bandwidth authority work this week: - analyse data, write paper - prepare for Seattle - travel to Seattle Mike: last week: - Refactored vanguards scripts to make them easier to test, package, etc. Registered repo with travis+coveralls - Wrote tons of tests for vanguards repo. 91% coverage!1 - Wrote config file and options parsing for vanguards repo. - Fell into python-import-loop hades, slayed a hydra-like beast, called the outer gods out on some bullshit, and returned to earth. - Whie testing, discovered that BUILDTIMEOUT_SET was reporting incorrect stats. Wrote patch (#26121) - Tried to help improve CIRC_BW field spec. Maybe succeeded? (#26110) - Reviewed Nick's fix for handling malformed connected cells in #26072 (thanks Nick) - Realized that #26072 meant that CIRC_BW bandwidth field accounting needed a slight change (#26117 - Read and commented on asn's work on vanguard params in #25545 - looks good! Thanks asn! this week - Document vanguards config options and other things in the README - Get vanguards repo pip/deb package-ready isabela: - working on preparation for Seattle: - anti-censorship update - prep work for retrospective - prep work for roadmap - organized slots for 1:1:1 in seattle asn: Last week: - Fixed a few bugs on the vanguard simulator that were impacting the results (#25545), and also merged a few patches from Mike. Produced graphs and did an analysis to guide the final vanguard topology. You can read the analysis here: https://github.com/asn-d6/vanguard_simulator/wiki/Optimizing-vanguard-topol… - Reviewed and revised #25947 and #25960. Waiting for ACK from juga before merge_ready. - Peaked a bit into #26022 and validated Karsten's bug. - Drafted response to big provider who wants to start using v3 onions. - Got up to date about SSL DV certs for v3 onions. A document is being drafted and I got in touch with the authors. - Gave some feedback on #23247. - Assigned weekly reviews - Community hero work: + Spoke with researchers who want to do a "darkweb study" and informed them of previous such work. + Helped potenial volunteer in IRC understand torguts and review rotations. + Communicated with haxxpop about client auth work. Answered some emails but didn't manage to do good progress. Hoping to continue this week. This week: - More work on remaining vanguard stuff. - Get up to date with client auth work by haxxpop. - Start organizing 0.3.5 work. - Talk with big provider about v3 integration. haxxpop: Last week: - Wrote the test for republishing a descriptor when SIGHUP - Refactor the code according to asn's comments This week: - Probably work with asn to find a UX design for client auth ahf Last week: Sponsor 8: - Made a simple snooze hook for #25497 for Orbot to disable network. Testing on own device now to see if it makes a difference or causes problems. Misc: - Review of #17873 and got Nick to do some additional reviewing. Some discussion on IRC about this fix too. - Went over all the tickets in Core Tor with missing milestone and tried to triage them. - Think I have everything ready for the Seattle meeting \o/ This week: Sponsor 8: - Standardize our S8 reporting metrics for event loop returns, CPU usage, and memory usage for reporting for Isa, ideally so that there is just some reports ready for Isa to pull when she needs them. Misc: - Might be away Friday. - Give (hopefully) final OK to #17873 isis: last week: - dealt with some small rust changes we needed as prerequisites to doing any of our crypto stuff in rust #26106 #26107 #26108 #26109 - re-reviewed the appveyor progress #25942 #25549 - worked on the ffi for optionally using ed25519-dalek #23886 - did more of the wide extend stuff based on nickm's review/suggestions #25651 - took most of thursday and all of friday off to move this week: - hopefully finishing up the wide extend cells #25651 - getting to the sending wide creates/extends #25649 - i moved to a new house! it does not have internet yet, because lasers. if you urgently need my attention, please feel absolutely free to signal me, it will definitely be the fastest/most reliable way to reach me.

1 0

Notes from May 17 2018 Vegas team meeting
by Karsten Loesing 18 May '18

18 May '18

Notes for May 17 2018 meeting: Karsten: 1) Worked on various smaller improvements to our statistics-generating code as a (positive) side effect of specifying processes for Sponsor 13 deliverable 2. Mike: 1) Trying to finish up as much of the vanguards code as possible before Seattle. Alison: 1) Uganda prep! All trainings are coordinated. We have a super packed schedule, meeting with lots of people, doing usability tests, threat modeling, and Tor trainings. Bringing tons of tshirts and stickers. Super excited!! 2) LFI starts in about three weeks and we're all ready to go. You can check out the first few weeks of our course materials here: https://github.com/alisonLFP/libraryfreedominstitute 3) Did user experience coordinator interviews this week 4) Colin is officially the new relay advocate! He's beginning by reaching out to the torservers partners and big relay operators, and also created a new IRC channel for relays. 5) Gus also started this week as community liaison! 6) HOPE got back to us about our table! So now we have one Tor table and one Tor talk. 7) Mexico City meeting planning is going fine, but it would be great to have a couple more people helping. 8) reviewing apps for Mozilla Open Web Fellow/user advocate 9) Still looking for someone to take over admin of RT 10) Gonna test the new Tor training slides in Uganda, make some edits based on feedback, and then share them on the community team wiki Nick: 1) Released an alpha; planning to release a stable. 2) Not much is up right now; gearing up for Seattle network-team meeting 3) Planning to take a couple of days off next week to prep for Seattle. Georg: 1) Full steam ahead with preparing ESR 60 switch; first Linux nightly based on ESR 60 is planned for next week isabela: 1) Worked on organizing the workshops in Colombia in June (me, Antonela and Gus will be there) - we will do workshops with a very diverse set of communities in 3 different cities. 2) Sending reports to sponsors 3) Catching up with all website redesign work - support site is pending translations and torproject site needs some organizing for content creation 4) Interviewing User Research Coordinators; got job post for Localization Project Manager done (with Erin and Shari) should be up soon; working on Anti-Censorship Team Lead/PM job post 5) Following up with Brave on their implementation of support to Tor. Plan to reach out soon to Cliqz. Documentation for 3rd party integration that I was working on was put aside because I was doing training in SP but I plan on picking this up again next week. 6) Preparing for Seattle visit at the end of the month (network team meeting and me and shari syncs)

1 0

Notes from user feedback at training in São Paulo [mobile and desktop]
by isabela 16 May '18

16 May '18

hello Tor, I thought of sharing this with y'all since it touches different things. In São Paulo we did a Tor training, Gus explained how information about you and your computer can be collected online and used to identify you and learn your online behavior. Then he explained how Tor can help you to protect your online identity and we spend some time with people installing Tor on desktop (linux and mac mostly) and on mobile (Android and iOS). After everyone had installed I did a quick exercise with everyone where I asked them to write their impressions, could be complains of things that didn't work as expected or just feedback related to how they would like to the tools to behave or missing features. This is a compilation of that feedback :) you will notice that we are already working on fixing some of this stuff which is great, it shows we are on the right path. But some things were new and could even be a bug (which in this case I hope you help me confirm that and I will create a ticket). - surprised with the speed of the network, had used it before and gave up on it because of how slow it was, but now it seems faster - could not install it due to old OS version - plug-ins that are already installed as part of Tor Browser made the person confused (should Tor Browser come with plug-ins when it recommends to not install plug-ins) - Orfox + Orbot: settings for both are quite confusing and complicated to understand - on iOS app store - apps that are not recommended by Tor has Tor's logo while OnionBrowser doesn't - it wasn't easy to know that some sites (with javascript or http only) was not working because of security reasons (this lead the person to give up on Tor Browser - before this training - thinking it was bug not a feature) - Didn't understood what is the need of Orbot, besides using it to connect Orfox to Tor - It's not clear when you download Orfox that you need Orbot too - could not find the apk for Orbot and Orfox on the torproject.org website - Debian stable (backports) did not find the Tor Browser pt-br version for installing the package - information is all in English - need to be translated to Portuguese BR - could not find the circuit it was using on Android (neither on Orfox or Orbot) - could not find how to change the languages settings of Orbot - it's hard to verify that you are downloading the right build from torproject.org website (signature verification process) - OnionBrowser is crashing every time you go away from browser or lock your phone; the browser crashes and you need to restart it all over again and reestablish the Tor network connection - could not understand why the sites were not behaving as expected (didn't make the connection of it with TB security features that was blocking things to protect them) - on Debian the security slider configurations were not sticking - user would pick a configuration i.e. safest close the browser, re-open it and the browser was back on 'standard' - what does Tor recommends? Is not clear if we recommend standard or safest (higher security) when using Tor Browser. User would like to follow our recommendation since they aren't sure what to use - language settings on Orbot was not sticking (user had to pick it again after closing the app) cheers, isabela

1 0

April 2018 report for the metrics team
by Karsten Loesing 15 May '18

15 May '18

Hello Tor, hello world! Below you'll find the highlights of Tor metrics team work done in April 2018. On behalf of the Tor metrics team, Karsten Extended the draft document with graph specifications from 0.5 to 4 out of 6 categories on Tor Metrics. Released Onionoo protocol version 5.2 [1] which adds the "version_status" field to details documents and version 6.0 [2] which includes all exit addresses in "exit_addresses", regardless of whether they are used as onion-routing addresses or not. [1] https://lists.torproject.org/pipermail/tor-dev/2018-April/013054.html [2] https://lists.torproject.org/pipermail/tor-dev/2018-April/013079.html Released metrics-lib 2.3.0 [3] which adds support for reading web server logs contained in tar-archives and a backwards compatible related API change. [3] https://lists.torproject.org/pipermail/tor-dev/2018-April/013079.html Got most Tor Project websites to update Relay Search URLs [4, 5]. [4] https://bugs.torproject.org/25286 [5] https://bugs.torproject.org/25288 Held an in-person planning meeting Aberdeen to update the roadmap [6] and to prepare adding irl as (backup) operator for Tor Metrics services [7]. [6] https://lists.torproject.org/pipermail/metrics-team/2018-April/000775.html [7] https://bugs.torproject.org/25726

1 0

Tor Browser team meeting notes, 14 May 2018
by Georg Koppen 14 May '18

14 May '18

Hi! Our weekly Tor Browser meeting finished earlier today. The chat log can be found at http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-05-14-17.59.log… our pad items are/were: Info: firefox 60.2 release date was changed from 2018-08-21 to 2018-09-05. [GeKo: yes, saw it, thanks] GeKo: Last Week: -signed Tor Browser bundles -begin of the of the month admin stuff -rebase review (#25543) (posted first part, let me know whether there are things unclear) -public holiday + taking a day off -thought about the state of the mingw builds (esr52 x86 and x86_64 compared to what we might get for both when switching to esr60) -made progress on https://bugzilla.mozilla.org/show_bug.cgi?id=1390583 but am still not there :( -set up an environment to catch potential proxy bypasses of Tor Browser for Mobile [tjr: Tell me about it?][GeKo: Just an old laptop as a WAP with wireshark running] This Week: -finish rebase review (#25543) -start the network audit (#22176) -help getting linux nightlies out based on ESR60 -update macOS toolchain for ESR60 -What is the plan for our mozilla-central rebasing that Tor Browser for Android needs (Arthur says: I have a script that does some of this already. I can try to get something deployed for the team to look at this week. I assume we also want auto-rebasing on mozilla-beta as well.) [Arthur will work on that this week] -tjr: Do you know what Mozilla's plans are regarding WebRTC over TCP? Do you know whom we could approach for finding out more? (For background see: https://trac.torproject.org/projects/tor/ticket/16221; https://bugzilla.mozilla.org/show_bug.cgi?id=1179345 seems to be pretty inactive and I wonder where we are on https://bugzilla.mozilla.org/show_bug.cgi?id=891551 etc.) [tjr]: I don't know anything. I can try to figure out though. Will ask Jim for intros tomorrow. I suspect it will take the form of "Here Georg, let me introduce you to <foo>" [GeKo: sounds good to me and thanks] arthuredelstein: Last week: - Patched tor-browser-build.git to get a prototype building with with ESR60 (https://trac.torproject.org/projects/tor/ticket/26073) (I can work on fixing torbutton and tor-launcher, but I need to - Worked on fixing https://bugzilla.mozilla.org/show_bug.cgi?id=1330467 (When "privacy.firstparty.isolate" is true, double-key permissions to origin + firstPartyDomain) Still fixing broken unit tests! [GeKo: We try to get help from Mozilla on the ticket] This week: - Revise patches following Georg's review of 25543 (ESR60 rebase) - Continue to revise https://trac.torproject.org/projects/tor/ticket/26073, especially getting torbutton and tor-launcher issues resolved - Set up an auto-rebase to mozilla-central. mcs and brade: Last week: - Did some updater testing for Tor Browser 7.5.4. - Reviewed our notes and filed tickets for ESR60 updater loose ends: - #26048 (potentially confusing "restart to update" message in ESR60). - #26049 (consider reducing the delay before the update prompt is displayed). - #26050 (achieve update "watershed" for ESR60-based Tor Browser). - Reviewed Matt's patch for #25750 (update Tor Launcher for ESR 60). - Responded to Antonela's proposal in #25694 (Activity 3.1: Improve the user experience of updating Tor Browser). - Participated in the UX/Tor Browser meeting. This week: - Review Matt's revised patch for #25750 (update Tor Launcher for ESR 60). - Revise the ESR60 patches that we worked on (see https://trac.torproject.org/projects/tor/ticket/25543#comment:23). - Reminder: Kathy and I will have limited availability from May 16 - May 30. igt0: Last Week: Worked updating tor button for ESR60 (I will create a bug ASAP) - Implemented a preferences loader and update code to use the root default branch - Switched the code from Task.spawn to async/await (FF did it https://bugzilla.mozilla.org/show_bug.cgi?id=1353542) This Week: Keep working in the update tor button for ESR60 sysrqb: Last week: Continued working on TorLauncher patches for ESR 60 Prepared Orfox release Watched some Google I/O talks related to Android Continued testing TBA branch This week: Pushing proposed TBA patches to Try so we know which tests each patch breaks (if any) Updating TorLauncher for Android proposal (I didn't do this last week) Read through Tor Browser UI/UX tickets pospeselr: Last week: Continued work on lock icon work (#23247) Synced with new outreachy intern cy63113, should be getting similar monthly updates to go through once more Met up with profs from graduate school, made sure to plug tor's summer of privacy for next year :p Recovering from getting sick again This week: Still sick, but will try to finish up lock icon work boklm: Last week: - published the new releases - finished bisecting the binutils issue (#16472) and found the commit causing the issue - made patch for #26057 (Make it easy to see in the logs which commit was used in nightly build) - afk on thursday and friday This week: - continue investigating the binutils issue - review #25832 (Enable pthread support for mingw-w64), #25894 and #25975 (get a rust compiler for Windows and macOS) - work on testsuite VMs setup tjr: MinGW: ESR60 Build Runs! x86: --disable-accessibility --enable-sandbox --enable-jemalloc Debug and -O1 -O2 has a compiler bug No graphics pref hacks needed _create_locale issue still present x64: --disable-accessibility --disable-sandbox --enable-jemalloc (may be buggy, investigating) Debug and -O2 No graphics pref hacks needed _create_locale issue still present Possible there are latent crashes, investigating Plan: Figure out d3dcompiler.dll issue Land x64 build patches and job in esr60-branch Investigate the jemalloc thing this week Investigate the TaskCluster crashes in the coming weeks Try to get JC hired for mingw-clang TC integration debug x64 sandbox sukhe: I am putting http://bugs.torproject.org/25483 on hold till we can get some good leads on how to fix this. Suggestions welcome of course in the meantime but I don't think I should spend more time on this since we don't have any ideas currently :) How can I be useful in some other place in the meantime? [GeKo: sukhe is working on getting tor-browser-build ESR 60 nightly compatible, a.k.a. #26073] Discussion: - Who is going to all hands? Georg

1 0

Network team meeting notes: 14 May 2018
by Nick Mathewson 14 May '18

14 May '18

Hi! Meeting log here: http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-05-14-16.59.html Meeting notes below: ------------------------- = Network team meeting pad, 14 May 2018 = "If you would keep your secret from an enemy, tell it not to a friend." -- Benjamin Franklin "Comment prétendons-nous qu'un autre puisse garder notre secret, si nous ne pouvons le garder nous-mêmes" -- François de La Rochefoucauld Welcome to our meeting! Mondays at 1700 UTC on #tor-meeting on OFTC. (This channel is logged while meetings are in progress.) Want to participate? Awesome! Here's what to do: 1. If you have updates, enter them below, under your name. 2. If you see anything you want to talk about in your updates, put them in boldface! 3. Show up to the IRC meeting and say hi! Note the meeting location: #tor-meeting on OFTC! (See https://lists.torproject.org/pipermail/tor-project/2017-September/001459.ht… for background.) == Previous notes == 23 April: https://lists.torproject.org/pipermail/tor-project/2018-April/001747.html 30 April: https://lists.torproject.org/pipermail/tor-project/2018-April/001750.html 7 May: https://lists.torproject.org/pipermail/tor-project/2018-May/001760.html == Stuff to do every week = * Let's check and update the roadmap. What's done, and what's coming up? url to roadmap: https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Check reviewer assignments at https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Check rotations at https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/TeamRot… == Announcements == * Remember to "/me status: foo" at least once daily. * Remember that our current code reviews should be done by end-of-week. * Make sure you are in touch with everybody with whom you are doing 0.3.4.x work. * Important dates: * May 15, 2018 -- 0.3.4.x feature freeze! * May 30, 2018 -- hackfest! * Remember: don't spend more than a day working on anything that isn't on the 033 or 034 milestones. * See hackfest pad for .... - scheduling meetings with nickm and isa! - prep-work that isa and nick (and maybe you) should do before the meeting - the list of people, which is the only even quasi-sensitive thing == Discussion == == Updates == catalyst: last week (2018-W19): - CI rotation -- mostly uneventful. most of the Jenkins failures seemed to be transient network failures and self-resolved. - code reviews: #23383, #26008, #25993, #26040, #25549 - patch for #25756 (minor macOS regression from crypto_rand.c refactor) - some progress on #25061: wrote up some interim notes - some community process improvement stuff at #22079 this week (2018-W20): - #25061 - follow up on #26040 as needed - other 033 or 034 work as needed - code reviews - coverity rotation komlo: (offline) - Started digesting the multi threaded crypto design doc and writing a mvp implementation plan based on this and digging into code. Will send this out for review ideally next week. Samdney - Try to sync with komlo with my already done work/results for multi threaded crypto - Start with #26037 (DirAuths should check vote signatures before parsing) nickm: Last week: - Finished the 034 round of CPU-when-idle reduction: when DisableNetwork is set, and no once-per-second control events are enabled, disable the once-per-second callback. Now Controllers can use DisableNetwork to make Tor use less CPU. More work may follow depending on 0.3.5 roadmap decisions. - Lots and lots and lots of review, revision, and merging. - Began work on triaging-out 034 tickets. - Came up with an alternative solution to the #25552 situation (revision-counters) that doesn't require a replay cache. Implemented the necessary backend stuff. This week: - Try to finish up mrging features for 0.3.4. Freeze is Tuesday! - Try to release 0.3.4.1-alpha? - Triage all remaining 034 tickets - Focus on 034 bugfixes - Work (as feasible) on - OSS-Fuzz issues - Another round of test-determinism testing asn: Last week: - Spent time on #25552 (hsv3 rev counter logic) this week. Initially I reviewed David's replay cache branch. Then Nick came up with a superior idea of using OPE to encrypt timestamps. Nick implemented the crypto logic, I implemented the HS-side code. I'm currently stuck in fixing some complicated hs_service unittests that fail in spectacular ways because some parts of them are using timestamps from 1985, whereas others are using time(NULL). Fixing those tests require some complex refactoring of the test logic and I still haven't pinned this down. Our current plan with David here is to postpone this for 035 where we will have enough time to do this properly, since it's already super late in the 034 cycle and we would have to introduce this feature disabled by default. Doing this early on the 035 cycle means that we can immediately kill the current rev counter code and also get enough time to test the feature properly. - Reviewed #26006, #26005, #26007, #25870. - Wrote patch for #25761 and got it merged. - Coverity duty: Wrote patch for #26078 and got it merged. - Discussed prop#291 some more with Mike. Reviewed Mike's new vanguard spec: #25544. - Did initial review of haxxpop's v3 client auth code. - Discussed v3 client auth with haxxpop on [tor-dev]. Seems like we are currently mainly stuck on UX issues. Ideally I should spend a day thinking about this to understand what's going on and speak to a few people who use client auth, to design the right torrc/filesystem interface for v3 client auth. - Implemented some additional features to the vanguard simulator to reflect mike's latest prop#291 updates. - Discussed #26022 with Karsten. - Triaged some non-roadmap 034 tickets under my name that I dont have time for. This week: - More work on vanguards and 2-guard proposal to close any open roadmap items. - Work on client auth and #20700. Mike: - Updated the vanguard proposal; edited in response to asn's reviews. Probably wants a new prop # - Wrote tests for #25903, found an unreated issue while testing (#26072) - Reviewed #25994 - Did other misc research on WTF-PAD, QUIC. pastly (offline): last week: - suggested a new stem feature (timeout on building circuits) - reviewed the new feature when it was made (thanks!) - merged switch-to-http code in sbws next week: - take care of last few sbws http tickets - help juga with whatever she needs dgoulet: Last week: - Wrap up #25500 roadmap item with nickm. Basically, reviewing/testing child tickets. Bug found and fixed quickly: #26082. - Mostly did review of 034 tickets. Not much coding. - Talked with asn about #25552 (hs-v3 rev counter). This week: - My roadmap items are all closed for 034. I still have to go over #24986 (nickm did a first pass already). - Reminder: I'm AFK from Wed. to Mon. of next week so I'll wrap up everything for 034 freeze and triage my 034 post-freeze tickets. - I'm on CI rotation but I'll be absent for 3 days so maybe someone wants to switch? haxxpop: Last week: - Wrote code to republish the descriptor when the client auth detail changes on the service side (https://github.com/torproject/tor/pull/36/commits/e881af68e4c18be1873c70a7c…) Next week: - Write test for last week work - Refactor code according to asn's comments - Revise the hsv3 torspec (if possible) ahf Last week: Sponsor 8: - Got back to looking at disabling network when snoozing on Android with Orbot. (Bug #25497, related to #25499). - Managed to reproduce #18614 locally, early investigation work on the cause. - Continued to look into rl1987's changes in #17873. Think I'm convinced now. - Did a CPU profile run on Android for 0.3.4 to see if anything new had started showing up since the 0.3.3 results. Doesn't look like it. Misc: - Reviewed: #24732. - Community role. This week: Sponsor 8: - Finish fix for #18614. - Finish code for #25497 - Work on 0.3.4 bugs. Misc: - Bug triage role. isis: last week: - reviewed the next chunk of the crypto.c refactor again #24658 - reviewed the progress on the appveyor configs #25549 - reviewed mike's metrics patch for overhead and delivered circuit bandwidth events #25903 - reviewed rl1987's patch to make discovery of loopback addresses more efficient #17949 - reviewed catalyst's patches to make clients receiving a consensus from a dirauth whose clock is way off chill out a bit more #25756 - revised the sha2 rust work and got it merged #24659 - read up on the hsv3 revision counters and the OPE proposal - made some progress on wide extend cell fragmentation #25651 this week: - afk part of thursday and all of friday in order to move to my new apartment - more wide extend cell handling #25651 - revise wide create cell stuff (#25649) according to review? - checking in on TROVE-2018-005 patches again to see how they are going - building a little chutney network with the TROVE-2018-005 patches? maybe with bad relays? do we have a framework for doing this or do i just hack it up? [I'm not aware of a practical "be a bad relay" framework.-nm]

1 0

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

tor-project