tor-project

tor-project@lists.torproject.org

17 participants
2325 discussions

Tor Browser team meeting notes, 8 Jan 2018
by Georg Koppen 08 Jan '18

08 Jan '18

Hi! The first Tor Browser meeting in 2018 finished about one hour ago. The meeting notes are at: http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-01-08-18.59.log… And the notes from the pad are: Monday, January 08, 2018 Discussion: - Tor button proposal mcs and brade: Since December 18th: - Worked on Moat integration for Tor Launcher (#23136) and pushed code to torproject.org repo. - Helped a little with bug triage. - Took time off for Christmas and to spend time with family. - Did end of 2017 stuff for our company. Planned for this week: - Work on Moat integration loose ends (#23136), - Note that review and deployment is waiting for BridgeDB server deployment (#24432). - Review Igor's Torbutton proposal. - Look at stall due to LZMA consensus diffs (#24826) and other new tickets. igt0: Did: - Reviewed sysrqb Orfox tor-browser branch - Sent tor button proposal Planned for this week: - Update proposal after comments - Take a look in the tor browser setting extension, we can make it part of the tor button for mobile. - Look at the Fortify C extension and verify why is it disable on firefox for android(https://bugzilla.mozilla.org/show_bug.cgi?id=1415595) sysrqb: Past: -Pushed first tor-browser branch including Orfox patches for review (#19675) -https://github.com/sysrqb/tor-browser/commits/tor-browser-52.5.2esr-7.5-2_attempt0_1 -Began writing proposal for tor-launcher re-write/migration for webextensions -This should be completed and emailed tonight -Began reading about Firefox sandboxing and IPC -Looked (a little) at Sandboxed Tor Browser This week: -Finish tor-launcher proposal and email it -Finish investigating Firefox sandboxing on Android (why it is disabled?) -Read Igor's proposal -Review comments on Orfox patches and begin making branch merge-ready - Look at new Orfox tickets (#24753, etc) and tbb-mobile keyword -Oh, and look at/think about https://bugzilla.mozilla.org/show_bug.cgi?id=1415595 (enabling FORTIFY_SOURCE on Android) pospeselr: Did: - so much email - took off the week between xmas and new-year - researched root cause of #15599 ( Range requests used by pdfjs are not isolated to URL bar domain ) XMLHttpRequest object derives the firstPartyDomain (and other various attributes) from a generic nsIGlobalObject object passed in, normally this is an nsIWindow associated somehow with the JS context, but for the rangeRequest in the Web Worker the method used for creating the request just passes in a generic global object associated with the system principal (which is why we get put on the default circuit) - investigated a couple of possible avenues to resolving via changing: pdf.js, Web Worker code, pdf.js : XMLHttpRequest doesn't seem to support overwriting the firstPartyDomain via JS so dosn't seem to be much we can do here Web Worker : actually has a copy of the firstPartyDomain and friends associated with it, but we seem to lose the association by the time the JS is running This week: - investigate how we can get the window or worker actually associated with the running JS; comments in the code suggest there is a way to do so, they just opted to use a generic global because it was easier boklm: since december 18: - published the 7.5a10 release - worked on #24514, #23892, #23911, #24197 - took some time off this week: - work on getting windows builds away from precise (#18691) - look at the Win64 nsis build issue (#23561) - start looking at the work for having tor-browser-nightly updates (#18867) arthuredelstein Since december 18: Took time off Finished and posted a new revised patch for https://trac.torproject.org/projects/tor/ticket/22343 Investigated https://trac.torproject.org/projects/tor/ticket/21805 Opened and posted a patch for https://trac.torproject.org/projects/tor/ticket/24702 Started work on rebasing to mozilla-central for nightly rebase This week: Continue rebase work Review some Mozilla bugs for the uplift team https://trac.torproject.org/14952 GeKo - since december 18 * took time off (from dec 21 to jan 5 inclusive) * worked on the new clang toolchain https://trac.torproject.org/projects/tor/ticket/21777 * got STACK running with Tor Browser/Firefox * fought my backlog today - this week * reviews * 7.5 release planning * work on the design doc update (this has to be done before 7.5 is getting released) * start proposal for A2.1 of the OTF contract (security features/button and how to show them on the toolbar) * generic tor browser team admin things isabela - finishing sponsor4 reports - organizing UX and TB sync for wed (more coming via email0 - building sponsor9 work plan (lots of user testing! related to the work we will talk about on wed) tjr Have been working on Spectre/Meltdown work Going to send an intent to implement on the canvas permission prompt to Mozilla to gather feedback: https://github.com/w3c/permissions/issues/165 Would like to work on more MinGW build stuff; but Spectre stuff will take priority Georg

1 0

Network team meeting notes, 8 Jan 2018
by Nick Mathewson 08 Jan '18

08 Jan '18

Happy new year! Our meeting logs are visible here: http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-01-08-17.59.html And below are the contents of our pad: ====== Network team meeting pad, 8 January 2018 "My first name is a random set of numbers and letters And other alphanumerics that changes hourly forever My last name, a thousand vowels fading down a sinkhole To a susurrus" -- Aesop Rock, "Shrunk" Welcome to our meeting! Every Monday at 1700 UTC 1800 UTC on #tor-meeting on OFTC. (This channel is logged while meetings are in progress.) Want to participate? Awesome! Here's what to do: 1. If you have updates, enter them below, under your name. 2. If you see anything you want to talk about in your updates, put them in boldface! 3. Show up to the IRC meeting and say hi! Note the meeting location: #tor-meeting on OFTC! (See https://lists.torproject.org/pipermail/tor-project/2017-September/001459.ht… for background.) Meeting notes from last week meeting: * https://lists.torproject.org/pipermail/tor-project/2017-December/001602.html Old Announcements: - On the roadmap spreadsheet: Please take january tasks. (If somebody else has already taken something you want, please talk to them and/or add yourself too.) https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… - Soon it will be It is now time to triage 0.3.3.x tickets. Please make yourself the owner of tickets in that milestone that you will do. - The meeting time is now 1800 UTC. - Let's have some proposal discussions. Isis kicked off the process here: https://lists.torproject.org/pipermail/tor-dev/2017-December/012666.html - We are planning a single-day pre-planned highly-focused hackfest before the Rome Tor meeting - teor: Jon says we will have a venue for the pre-Rome hackfest - komlo: Should there be a Rust update/planning session? What should we prepare/do beforehand to help this be planned/highly-focused? - Please check in with the roadmap; december is almost over as a working month! What isn't getting done? How are we doing? Announcements: - Tor 0.3.2.8-rc came out two weeks ago - review-group-28 is open, there are 11 tickets left in needs_review: https://trac.torproject.org/projects/tor/query?status=needs_review&keywords… - 0.3.2.9 should come out tomorrow Discussion: - strategy/plan for addressing current network issues. dgoulet, nickm, teor, isis try to figure it out. [dgoulet] +1, I would like to know what is the current status as the information is a bit scattered around in too many emails :S. * Let's come up with gsoc ideas . In Rust? [] * Is our team days for Rome "final" (as in, can one book flight tickets now - they are cheap from .dk right now) ? [I think so, but please confirm with Jon? -nickm] teor: - Last few weeks: - PrivCount fixes - Code reviews - Tried to help relay ops with network load issues - Made the fallback list easier to parse, and added a spec - Did a fallback directory rebuild with pastly, we're going to merge the new list soon - Revised some of the IPv6 patches - This week: - Implement (more) PrivCount onion service stats - Get the test network running new IPv6 consensus code - Specify a common format for the authority list and fallback list pastly: fallback directory stuff (code review and script running) with teor asn: Last weeks: - Continued reviewing #13837 and #23101. Some bugs were found that need to be addressed before merging this patchset, but looking pretty promising so far. Currently testing the old branch, and waiting for a new branch from mike to test further. - Also reviewed #24634. - Helped triage remaining 0.3.2 bugs. - Found two more prop224 bugs on my clients and services. Notified dgoulet (they are on the pad) about them but still not in trac. They seem rare enough that they shouldn't delay 032 release. - Removed the guardfraction feature from the codebase (#24456). - Attended CCC and participated in the Tor Q&A. Had various discussions about Tor, onion services and their use cases, bandwidth authorities, mixnets, etc. - Did some more thinking on what to do about the future of bandwidth authorities. Did a post with future avenues: https://lists.torproject.org/pipermail/tor-dev/2017-December/012703.html and also discussed with a few people how to pick it up in the future, but we should certainly prioritize inside the network team for this to work. - Helped with a Tor meetup in Athens: https://trac.torproject.org/projects/tor/wiki/org/meetings/AthensTorMeetupJ… Some people volunteered to implement the name system proposal for Tor. I'm not hyper confident about this, but I'll do a meeting with them and see where it goes. This week: - Handle any remaining post-holiday post-CCC backlog. - Continue testing #13837 and #23101. - Attend RWC in Zurich. Hoping that this will refresh my brain with some more research stuff and talk to more people about Tor. Nick: Last week: * Worked on bugs * Triaged all vacation email; caught up some. * Wrote PETS reviews * Tried to merge things and stay up-to-date * Fixed windows and rust+arm failures on jenkins * Tried to triage away some 032 issues * COPE WITH SNOWSTORM This week: * Release 0.3.2.9-something: * With Geoip update * With fallback-dirs update. * Should it be called "stable"? * Update stable releases too, perhaps? * inbox zero * Review some tickets in review-group-28 * Followup on proposal 285 (utf-8) * Followup on proposal 286 (hibernation API) * Pick final set of 033 tickets to hack on. * COPE WITH MELTING SNOW Mike: Last week/break: - Got back from break, dealt with email and paperwork - Tried to keep up with DoS discussions and CBT-related tickets This week: - Work on #13837 and #23101 - CBT-related DoS tickets. Am I needed on any? (I've CCed you on some) dgoulet: Last week: - AFK. This week: - Coming back to life. Dealing with backlog this morning. - Organize the remaining work I need to do before the feature freeze which includes either going through the 580+ tor-bugs@ email I got or just mark them as read and look at Trac instead so I don't go too mad. - I want to follow up on the network load situation to see where we are at with the team. - Review, Patch, Review, Test, Repeat... ahf: Last week('ish'): Sponsor 8: - Met with Benjamin from The Guardian Project at 34c3 to talk about his issues with Tor memory limits on Apple iOS. - Been investigating memory patterns in Tor using DTrace and instruments (macOS tool). - Wrote an experimental patch to add DTrace probes in Tor (https://gitlab.com/ahf/tor/tree/feature/dtrace) - Did the Q4 reporting for S8 (before the holidays). Misc: - Went to 34c3 and went to all the Tor things I could find scheduled :-) This week: Sponsor 4: - Look into GeKo's #24826 (LZMA speed problems with Tor Browser). - Zstd parameter tuning (#24368) Sponsor 8: - Talk with David about his tracing (src/trace) code in Tor and what the long term roadmap is. - Finish DTrace patch and ensure it works nicely on macOS and FreeBSD. - Look into using SystemTap for Linux (DTrace'ish system with same API, but works on Linux). Misc: - Help out with release issues(?) komlo: - It would be helpful for someone to review #23881 (wrap tor's logging system for use from Rust) - I have some questions about what level of refactoring we want/need on the C side - This week: At RWC! catalyst: Last week (2018-W01): - reviewed some code (including #24733 unaligned access) - investigation for #24661 (accept reasonably live consensus for guard selection) - dealing with contractors - fighting virus This week (2018-W02): - work on #24661 - summarize possible guard selection timestamp issues - look over Pari's user queries/errors list for sponsor8 purposes - possible follow up about free() macro single-evaluation stuff - follow up about CoC stuff as it arises - more dealing with contractors (the joys of discovering previous owner's deferred maintenance items!) - still fighting virus isabela: January is the last month for sponsor4 so I am working on closing that up. Still dont know the status on Moat (isis: any update?) sponsor8 Q4 report is due in January so I will be working on that and pinging - nick, alex and catalyst for help whenever needed [this is due Jan 31 - I have other priorities, so I might actually be done by end of the month on this one - does this timeframe helps? Timeframe on that? -nickm] I also plan on working on organizing the network team - so we can get started on 2018; might recruit some people for help on that too [please grab me to help as needed. let me know in advance -nickm - will do!] Submitted proposal for OTF that includes .onion services work (during holidays)

1 0

User queries and issues for Nov-Dec'17
by Parinishtha Yadav 08 Jan '18

08 Jan '18

Hello people of Tor Wish you all a very happy new year! As an Outreachy intern with Tor, I spent the last month gathering data and user queries from different platforms on the internet (IRC, mail handles, Tor blog comments, stackexchange, tor subreddit, RT, etc.). The aim was to have all these queries in one place, in a sorted and organised manner. Some of the queries identified will be added to the support portal by the community team. I have created a spreadsheet on storm, with the following read only link - https://storm.torproject.org/shared/RV8v026JvwzZ_82ZMRO_4GHAxUtqUhW8Abu6xaQ… <https://storm.torproject.org/shared/RV8v026JvwzZ_82ZMRO_4GHAxUtqUhW8Abu6xaQ…> (the first sheet has bugs/errors and the second one contains doubts/queries). You can find the legend for colors used on the top right of the sheet. In case anyone feels this will be relevant to their work in any way, or is looking to pick some bugs to fix or areas to work on, you are welcome to refer to this spreadsheet. This is my first time sending this spreadsheet out, and I plan to keep doing so around the same date every month. So in case there are any suggestions that come to mind, don't hesitate to shoot me a mail and I will do my best to take them into account and make this as helpful as possible. Best, Pari

5 4

Notes from January 4 2018 Vegas team meeting
by Karsten Loesing 08 Jan '18

08 Jan '18

Notes for January 4 2018 meeting: Karsten: 1) Added three new graphs on IPv6 servers statistics to Tor Metrics: https://metrics.torproject.org/relays-ipv6.html, https://metrics.torproject.org/bridges-ipv6.html, https://metrics.torproject.org/advbw-ipv6.html Nick: 0) Trying to get back in the swing of things after break. Pretty busy: PETS reviews due tomorrow, and I am behind. 1) Trying to make sure we're ready for an 032 release or release candidate on Monday. 2) Doing a code walkthrough for ekr and Patrick from mozilla on 1/29-1/30 somewhere around Boston. Alison: 1) wow, people sure do love to email me over the holiday break! 2) Library Freedom Institute curriculum planning 3) beginning planning for Tor Meeting in Rome 4) collecting anecdata on Wikipedia blocking non-exit relay addresses (so far it looks like a lot) 5) CoC proposal will go out for discussion on Monday 6) finishing relay operators' wiki (#24497) 7) Pari sent her first email about user issues. Please take a look and give her feedback. She has worked hard on this and we want to make sure it's a very useful document! isabela: 1) during holidays I helped with the OTF email project submission 2) working on tons of reports for sponsor4 (past-due!!! so i must get this done this week) 3) working on a 'work plan' for phase1 of sponsor9 (due next week) 4) working with Antonela on getting stuff prepared for user testing in India 5) UX team should be back in business with normal meetings etc next week :) email sent with '2018 preview' to the list -> https://lists.torproject.org/pipermail/ux/2018-January/000384.html Steph: 1) Kept our online presence going over the break. 2) Published two blogs working with Tommy 3) Working on onion services campaign. First piece will encourage more news orgs to create onion sites using EOTK 4) Preparing social media posts while I’m out Jan 8-16 5) Cleaning up after EOY fundraising campaign, made new cover graphics for social media, will keep them fresh over time 6) Edited copy for the support portal Arturo: 1) Published a year in review blog post from OONI: https://ooni.torproject.org/post/ooni-in-2017/ 2) Presented OONI at 34C3: https://media.ccc.de/v/34c3-8923-ooni_let_s_fight_internet_censorship_toget… 3) Had a OONI stall at CCC and it went pretty well Shari: 1) reviewing 2016 audit and recommendations 2) starting search for new CF&GO 3) helping Tommy get started with organizing grant information in GrantHub software 4) end-of-year fundraising campaign wrap up; sending letter to Mozilla to receive match 5) me out next week 6) starting meetings with Gunner & Alison & Jon to plan Rome 2018

1 0

Damian's Status Report - December 2017
by Damian Johnson 06 Jan '18

06 Jan '18

Happy new years! Here's the Tor stuff I've been up to this last month... http://blog.atagar.com/december2017/ Clearly I don't get the point of holidays. ;P

1 0

Re: [tor-project] tor-project Digest, Vol 28, Issue 6
by Heleen.leRoux 06 Jan '18

06 Jan '18

Re: Contents of tor-project digest All 3 for Nov - December 2017. Thank you for your service to the people. I have been using Tor for a few years but what you guys & girls are doing nowadays to keep us safe is the greatest!! 😃😂😁 Sent from ProtonMail mobile -------- Original Message -------- On 6 Jan 2018, 14:00, wrote: > Send tor-project mailing list submissions to > tor-project(a)lists.torproject.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project > or, via email, send a message with subject or body 'help' to > tor-project-request(a)lists.torproject.org > > You can reach the person managing the list at > tor-project-owner(a)lists.torproject.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of tor-project digest..." > > Today's Topics: > > 1. Re: User queries and issues for Nov-Dec'17 (Alison Macrina) > 2. Re: User queries and issues for Nov-Dec'17 (Richard Pospesel) > 3. Re: User queries and issues for Nov-Dec'17 (parinishtha yadav) > > ---------------------------------------------------------------------- > > Message: 1 > Date: Fri, 5 Jan 2018 10:12:14 -0600 > From: Alison Macrina > To: tor-project(a)lists.torproject.org > Subject: Re: [tor-project] User queries and issues for Nov-Dec'17 > Message-ID: <28670d29-d54d-c5df-4af0-eb9cbaa52e9a(a)torproject.org> > Content-Type: text/plain; charset="utf-8" > > On 01/03/2018 02:09 PM, Parinishtha Yadav wrote: >> >> Hello people of Tor >> >> Wish you all a very happy new year! As an Outreachy intern with Tor, I >> spent the last month gathering data and user queries from different >> platforms on the internet (IRC, mail handles, Tor blog comments, >> stackexchange, tor subreddit, RT, etc.). The aim was to have all these >> queries in one place, in a sorted and organised manner. Some of the >> queries identified will be added to the support portal by the >> community team. >> >> I have created a spreadsheet on storm, with the following read only >> link >> - https://storm.torproject.org/shared/RV8v026JvwzZ_82ZMRO_4GHAxUtqUhW8Abu6xaQ… >> (the >> first sheet has bugs/errors and the second one contains >> doubts/queries). You can find the legend for colors used on the top >> right of the sheet. In case anyone feels this will be relevant to >> their work in any way, or is looking to pick some bugs to fix or areas >> to work on, you are welcome to refer to this spreadsheet. >> >> This is my first time sending this spreadsheet out, and I plan to keep >> doing so around the same date every month. So in case there are any >> suggestions that come to mind, don't hesitate to shoot me a mail and I >> will do my best to take them into account and make this as helpful as >> possible. >> >> Best, >> Pari >> > > Amazing work Pari, thanks for this! > > I encourage everyone to review this document...it's been really useful > for me to see user issues and concerns mapped out in this way. I am > certain that others will find it useful as well. > >

1 0

Job Opening - Chief Financial & Grants Officer
by Erin Wyatt 04 Jan '18

04 Jan '18

Hello Everyone, Brad Parker will be leaving his post as Chief Financial and Grants Officer, so we are announcing the vacancy today and asking for your help in spreading the word. The text of the job description is pasted below, a PDF is attached, and you’ll soon be able to find the listing on our jobs page: https://www.torproject.org/about/jobs.html.en Please send, forward, post, tweet, re-tweet, etc. — especially to people you think would be a good fit! Also, please note that this position is based in Seattle, Washington. Thank you all! Best, Erin Wyatt HR Manager ewyatt(a)torproject.org GPG Fingerprint: 35E7 2A9F 6655 45F9 2CB6 6624 BA0C 9400 F80F 91CE > New Year's Opportunity: Internet Freedom Nonprofit Seeks Experienced Chief Financial and Grants Officer Are you looking to use your advanced accounting and leadership skills to make the world a better place? Do you care about privacy and personal freedoms? If so, we have just the opportunity for you! The Tor Project, Inc., is a 501(Cc)(3) organization headquartered in Seattle that provides the technical infrastructure for privacy protection over the Internet, helping millions of activists, journalists and others around the world communicate securely. With paid staff and contractors of around 35 engineers and operational support people, plus many volunteers all over the world who contribute to our work, the Tor Project is funded in part by government grants and contracts, as well as by individual, foundation, and corporate donations. Our mission is “To advance human rights and freedoms by creating and deploying free and open anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.” We are currently seeking an Experienced Chief Financial and Grants Officer. This senior level position, based in our Seattle headquarters, will report directly to the Executive Director and will manage the offsite Accounting Manager. The Chief Financial and Grants Officer will serve as the Tor Project's senior grants officer. Grant-related tasks include, but are not limited to: · Oversee grants and contracts to ensure compliance with funder requirements and progress toward annual goals. · Maintain positive relationships and communications with applicable government agencies. · Monitor and track grants through our Granthub software. · Manage invoicing and billing of federal contracts to ensure full payment is received. · Communicate the status of grant activities and progress toward objectives to stakeholders. · Send monthly reports to front line managers indicating the current status of grants worked on by their teams. · Maintain files and documentation for our federal grants and contracts to ensure accuracy and compliance. In addition, the Chief Financial and Grants Officer will serve as the Tor Project's senior finance officer. Finance-related tasks for this position include, but are not limited to: · Maintain accounting controls by preparing and recommending policies and procedures; review and upgrade as needed to ensure accuracy in accounting activities and compliance with any regulatory changes. · Monitor and project cash flow. · Provide oversight to ensure accounts payable and receivables are coded and prepared correctly. · Work with outside auditors and CPA firm to furnish requisite data to ensure timely completion of annual audits and tax filings. · Work closely with the Executive Director to prepare budgets and financial reports. · Track expenditures and income of various programs to ensure financial sustainability. · Send monthly reminders to staff members about filling out their timesheets and expense reports through Harvest software. The person we seek should have the following qualities, skills, and abilities: · 5+ years of experience with federal grants and contract acquisition and management · 5+ years of experience overseeing a nonprofit organization's accounting function; other relevant experience may substitute for all or some of this required experience · 5+ years of experience working for or with auditors · Bachelor’s degree in business, finance, accounting, or a closely related field is ideal but not required; advanced graduate degree in one of the above fields is preferred; CPA license a plus · Working knowledge of not-for-profit accounting in accordance with U.S. Generally Accepted Accounting Principles, Subpart F, of the new Uniform Grant Guidance (formerly OMB Circular A-133) and appropriate Code of Federal Regulations · Advanced skill and experience using QuickBooks, Sage (Peachtree), or some other organizational accounting program · Must be comfortable working in a paperless office · Experience creating spreadsheets to be used for predictive modelling · Alignment with the Tor Project’s mission and a passion for privacy and encryption technology preferred · Experience with FOSS (free/open-source software) preferred · Proficient understanding of and ability to use technology; willingness and ability to learn and use new technologies · Conscientious, hard working, and highly organized with superior attention to detail · Willingness to seek additional assistance when new challenges present themselves The Tor Project's workforce is smart, passionate, and dedicated. Experience working with open source communities and/or a commitment to Internet civil liberties are added pluses for any candidate applying for this position. Flexible salary, depending on experience. The Tor Project has a competitive benefits package, including a generous PTO policy; 14 paid holidays per year (including the week between Christmas and New Year's, when the office is closed); health, vision, dental, disability, and life insurance paid in full for employee; flexible work schedule; and occasional travel opportunities. The Tor Project, Inc., is an equal opportunity, affirmative action employer. This is a full-time position based in our friendly office in Pioneer Square, Seattle, WA. To apply, send a cover letter and your resume to hr(a)torproject.org with “Chief Financial and Grants Officer” in the subject line. Inquiries about whether this job can be done remotely or part-time will not be answered. No phone calls please!

1 0

Notes from December 21 2017 Vegas team meeting
by Karsten Loesing 22 Dec '17

22 Dec '17

Notes for December 21 2017 meeting: isabela: 1) we need Tor weatherperson - someone to keep an eye on the network and see what relay is misbehaving, or when metrics starts to go crazy and dig in to figure out ssup. Or in other words someone to do what dgoulet has been doing on the top of everything else he does 2) after traveling and non-stop meetings (very productive btw) together with my computer breaking - I got behind on some work but I hope to get those done specially the priorities: emailbundle+onionservices otf proposal, Sida work plan and sponsor4 invoice reports 3) will be in SF jan 2nd to 5th working from somewhere (not sure where yet) in case ppl want to meet. 4) Roadmaps! - how are teams with coordination with other teams for dependencies etc? Roger: 1) Israel talks went well. I visited Palestine too. Though now I'm sick. 2) I've rebooted the "circumvention pass-through funding" discussion. 3) Alison, Steph, should we do the transition of frontdesk to an alias? Anything still blocking that? (Answer: they figured out a way to make rt more fun to use, so need to switch it to an alias at this time.] Alison: 1) recruiting for Library Freedom Institute (libraryfreedomproject.org/lfi) !!!!! and working on curriculum design. blog post is going up about this on Friday. deadline for applicants is February 1. anyone who wants to see the curriculum so far is welcome to contact me. 2) Pari is ready to start sending user issues updates to tor-project(a)lists.torproject.org. 3) Phoul and I are adding more to the support portal content based on what Pari found. 4) working on relay ops wiki with Phoul, nusenu, irl and others (https://trac.torproject.org/projects/tor/wiki/OperatorsTips and #24497). I hope we can finish the remaining TODO items and then publish a short blog post announcing this very soon. Eventually this documentation will live on community.torproject.org 5) code of conduct draft will go out for proposal after the break 6) prepping for January Sponsor 9 tasks 7) speaking at University of Washington and Georgetown in January 8) Phoul is working on some issues with Transifex that's causing problems with getting our downloads page translated Steph: 1) Campaigned hard to raise 5k to see someone eating an onion in the Tor office. We got $20,000 (not counting Mozilla’s match). The Seattle office filmed, and I edited. We sent an email and tweeted almost hourly 2) Tommy, Shari, and I are finishing up final EOY fundraising items. 3) I’ll be creating a one pager on Tor which dispels “dark web” concerns for donors to use internally to be ready end of Jan/ early Feb. 4) Scheduling content to go out over the break. Will keep checking in with social media Mike: 1) Working with Isa, Suhke, and Tommy on stories and concept note 2) Trying to wrap up guard-related tickets for 0.3.3 Shari: 1) Met with auditors. Trying to get 990 out the door before the holiday. 2) Lots of end-of-year campaign stuff. 3) Contacting major donors next week to remind them to give before year is up. Karsten: 1) Changed ExoneraTor to only serve completed dates, which excludes the current day and the day before that. 2) Released Onionoo 5.0-1.9.0 which removes $ from fingerprints in family fields. 3) Changed metrics-web from being a Tomcat web application to shipping with an embedded Jetty. 4) Put out internal releases of metrics-web and ExoneraTor to facilitate development for new contributors. 5) Published blog post on Relay Search improvements: https://blog.torproject.org/we-made-big-improvements-searching-relays 6) Started looking into OONI's vanilla Tor data analysis, but need more time for a useful response. Nick: 1) Working on DoS issues, trying not to have extra work looming over us for next week. 2) I've nearly lost track of roadmap stuff; going to spend any remaining time this week on organizing things for early 2018. 3) Aiming for stable 0.3.2 on 8 Jan. Arturo: 1) Preparing the OONI CCC presentation: https://fahrplan.events.ccc.de/congress/2017/Fahrplan/events/8923.html 2) Most of our team is not going to be very available in this period for festivities + 34C3

1 0

Ongoing DDoS on the Network - Status
by David Goulet 20 Dec '17

20 Dec '17

Greetings, Earlier this month, many relay operators started noticing huge loads on their relays both in terms of traffic and memory consumption leading to relays malfunctionning or even dying in some cases. We've started looking at this in depth in the last few days. It turns out that many relays (not all) are under a distributed denial of service (DDoS) attack which makes them use a lot of memory ultimately making the operating system stop the process or becoming unreliable because of the resource pressure. This has lead to some relays to restart, being shutdown or becoming so unstable that they would fall in and out of the network. You can see here on the Metrics portal the consequences of this ongoing attack: https://metrics.torproject.org/relayflags.html?start=2017-09-20&end=2017-12… Among other things, it is badly affecting relays with the HSDir flag because once they restart, it takes 96 hours before they get the flag back. This affects the reachability of hidden services and thus the UX of .onions. We've been analyzing some relays being flooded to understand what is going on and how to fix it. The good news is that we are fairly confident that we know what is happening and we are currently testing some fixes to address the situation. In the meantime, if your relay is under heavy memory pressure that is tor is taking a huge amount of RAM making your machine fail to operate properly, you can set the MaxMemInQueues option in your torrc file to a reasonable upper limit which limits the amount of memory used by tor. At least 2GB if you can for a fast relay is usually a good value for tor to operate properly and not degrading performance too much. With this, if the memory usage reaches that limit, tor's OOM (Out Of Memory handler) will kick in and cleanup what it can. It is still possible that your relay goes above the limit, it is one of the thing we are currently investigating. However, it should not grow indefinitely. Thanks everyone and we'll hopefully resolve the situation soon! David -- aFJe0kbRB1zZXgwFQIvBG0Skn3xAsDGxVQsAiguKjY8=

1 0

Tor Browser team meeting notes, 18 Dec 2017
by Georg Koppen 18 Dec '17

18 Dec '17

Hi All! We had our last Tor Browser meeting in 2017. Here is the meeting transcript: http://meetbot.debian.net/tor-meeting/2017/tor-meeting.2017-12-18-19.00.log… And the notes from the pad are: Monday, December 18 Discussion: -next ESR will potentially be Firefox 60 sysrqb: Last week: - Reviewed and cherry-picked orfox commits onto 52.5.2esr-7.5-2 - manual testing on android emulators is successful, so far - Started looking at unit testing - I'll push a public branch today for review - Began looking at XUL->WebExtension migration for tor-launcher This week: - Push branch for review - Continue testing - Compare orfox and TB for Android fingerprinting with Panopticlick mcs and brade: Last week: - Completed code reviews for: - #23104 CSS line-height reveals the platform - #23016 "Print to File" does not create the expected file - #24398 Plugin-container exhausts memory - #21847 Update copy for security slider to be consistent with mobile - Provided patches for: - #24623 revise "country that censors Tor" text - #24624 tbb-logo.svg may cause network access - Worked on Moat integration for Tor Launcher (#23136). Planned for the remainder of 2017: - Take some time off to celebrate Christmas with our family. - Help with code reviews and bug triage. - More work on Moat integration and other aspects of the new Tor Launcher UI. - The code is nearly done. To do: - Test proxy support. - File tickets for any remaining loose ends. - Make the code available for preliminary review. - BUT: there is no public server with which to test :( igt0: Last Week: - Looked into Tor Button and make sure we can use WebExtension (https://paste.debian.net/plain/1001343) - Looked into tbb-tests to verify what tests are missing for the Tor Button * drag and drop filter test (src/components/dragDropFilter.js) * Content policy (src/components/content-policy.js [there is a fix for gecko, however it would be great to double check]) - Updated the #22084 (merged) This week: - Write tests for Tor Button - Start the tor button for mobile proposal GeKo: Last Week: -Release preparations -Reviews (thanks to mcs/brade for the help) -Wrote a fix for #21847 -Looked again into Cloudflare's Privacy Pass -Took up again work on updating design document This Week: -Signing 7.5a10 -Work on the design document -Work on #24421 -Traveling on Thursday, and planning to take Friday off boklm: Last Week: - Mozilla All Hands This week: - publishing 7.5a10 - will ping sysadmins about #24585 and check if anything more is needed - work on other tbb-rbm tickets arthuredelstein: Last Week: - Mozilla All Hands This week: - #23930 (mac font crash) - #18101 (windows and mac file dialog leaks) - #22343 Save as FPI - #14952 Enable H2. And I will be afk for the week of Dec 25 - Jan 1. - pospeselr: Last Week: - Mozilla All Hnads This Week: - #15599 (pdf.js range-based requests using default circuit) tjr: Last Week: - Mozilla All Hands - Learned a tiny bit more about Canvas Fingerprinting (namely that 40%+ of FF users on Windows already do software rendering) - Fusion stuff sent to the list - The sandboxing team would like to remove --disable-sandbox sometime in the future, so uplifting the sandbox patches is medium-term priority - There is early discussion about using a broker process (on Windows at least) which would enable flexibility to sandbox the parent process isabela: Last week: - Mozilla All Hands - lots of good conversations and exciting things going on This week: - mobile folks meeting - topic: gecko view and the android roadmap for 2018 (ux team and mobile team cooperation) - mcs + brade -> can we sync with isis on wednesday at 2000UTC on #24636 and #24637 (or any other blocker you might have for moat integration) - for anyone who cares we are having another sync on .onion states this wed at 1900 utc Georg

1 0

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

tor-project