- tor-project - lists.torproject.org

Tor Browser team meeting notes, 30 April 2018
by Georg Koppen 07 May '18

07 May '18

Hi all! Here are the notes from our weekly Tor Browser meeting which we had earlier today. The chat log can be found at http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-04-30-18.00.log… and our pad items were: Monday April 30, 2018 Discussion question(s): -igt0 asks: I know we have talked about accessibility before, about mobile, how much we care right now? I am asking because of ticket #25902. Android accessibility services allow password managers to listen for user events. e.g. typing a password in a login form. -Upcoming releases -What is our way forward with our extensions for ESR60? [sysrqb and arthuredelstein will look next week into what is needed to get our extensions integrated into a working ESR60 build] mcs and brade: Last week: - Helped with triage of incoming tickets. - Continued rebasing Tor Browser updater patches for ESR60 (part of #25543). - Tested on macOS. - Participated in the UX/Tor Browser "sync" meeting. This week: - Finish rebasing Tor Browser updater patches for ESR 60. - Test on Linux. - Test on Windows. - Monitor #25807 (Can not request bridges from torproject.org (App Engine is broken for moat)). igt0: Last week: - #25810: Backported few fixes affecting Orfox to tor-browser-52.7.3esr-8.0-1. - #25974: Make sure Android Oreo(API level 26) autofill feature is disabled (looks like it doesn't work on FF, i am trying to make autofill to work on simulator to be 100% sure) This week: - Review and smoke test rebased Orfox patches branch. - Build and test on android the rebased tor browser patches for ESR60 to make sure we are not going to have problems in the alpha release. tjr - Found and bypassed a crash bug for MinGW. Looking at two, maybe three crashes currently. - 1) A crash in https://searchfox.org/mozilla-central/source/nsprpub/pr/src/threads/prtpd.c… that happens on TC - 2) This assert: https://searchfox.org/mozilla-central/source/layout/svg/nsSVGIntegrationUti… - Have been learning more about debugging symbol-less (in WinDBG). Feel pretty comfortable identifying where I am in assembly (assuming Debug asserts are present...) [GeKo: Do you feel you could write up what you learned and, say, add this to the Hacking doc we have? I guess this would help us a lot, too.] - Wrote it up at https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Hacking/Debugg… GeKo Last Week: - wrote a patch for the rustc cross-compilation for Windows - fixed the rustc cross-compilation for macOS (still need to clean-up the patch for review) - helped with Sponsor4 reports (yes! those were still a thing!1!) - wrote/backported small patches for tor-launcher (getting Moat to work again) and for tor-browser (fixes an off-by-one error) - started to review the patch rebase for ESR 60 - gave the circuit display patch (#24309) another round of testing - patch reviews/merges (#25898, #25458, #25810, #25973) This week: - finish up the rustc compilation patch for macOS - rebase review - update macOS toolchain - plan to take days off (5/1 and 5/3+5/4) boklm: Last week: - patches for #25817 (add ansible roles for nightly builds) and #25318 (adding email notification for nightly builds) are now ready for review - installed some VMs for running the Tor Browser testsuite, and started working on some ansible roles for the setup - worked on a patch for #25876 (Source release tarballs for Tor Browser) to automate creation of source tarballs - worked on #25862 (Clean up wrapper script/CFLAGS and friends mix on Windows) which is now ready for review - investigated the reproducibility issue with #16472 (binutils update) - started reviewing #25894 (Get a rust cross-compiler for Windows) and #25832 (Enable pthread support for mingw-w64) This week: - help with building the new releases - continue investigating issue with binutils update (#16472) - continue work on testsuite VMs setup sysrqb: Last week: - Worked on TBA patch rebase (#25741) - Worked on updating Orfox's https-everywhere addon (#25603) This week: - Found -8.0-1 branch is busted when building Orfox, fixing now (#25980) - Merge #25603 after we fix bustage - Continue testing #25741, put in needs-review - Start working on another TBA ticket pospeselr: Last week: - Worked on #23247 (Communicating security expectations for .onion), most of the way there but need to plumb down some logic exposing mixed-mode info for .onion to work correctly This Week: - Finishing up #23247 - Entertaining Shane this afternoon - Flying to the east coast to visit family Friday afternoon arthuredelstein: Last week: - https://trac.torproject.org/25938 (backport 1334776) - Updated https://trac.torproject.org/25543 (Rebase Tor Browser patches for ESR60) - Revised patch for https://trac.torproject.org/24309 (Activity 4.1: Improve how circuits are displayed to the user) - Revised patch for https://trac.torproject.org/22343 (Save as... in the context menu results in using the catch-all circuit); will post after more testing - Did more cspace calculations for https://trac.torproject.org/25575 (Server space request for hosting Tor Browser downloads) updated by arthuredelstein This week: - Try to get a preliminary desktop build working for TBB/ESR60 - Continue revising https://trac.torproject.org/25543 branch - Permissions patch revision: https://bugzilla.mozilla.org/show_bug.cgi?id=1330467 Georg

1 1

Network team meeting notes, 7 May 2018
by Nick Mathewson 07 May '18

07 May '18

Hi, everybody! We had yet another network team meeting. You can find the transcript at http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-05-07-16.58.html The contents of our pad are below: ============ = Network team meeting pad, 7 May 2018 = Welcome to our meeting! Mondays at 1700 UTC on #tor-meeting on OFTC. (This channel is logged while meetings are in progress.) Want to participate? Awesome! Here's what to do: 1. If you have updates, enter them below, under your name. 2. If you see anything you want to talk about in your updates, put them in boldface! 3. Show up to the IRC meeting and say hi! Note the meeting location: #tor-meeting on OFTC! (See https://lists.torproject.org/pipermail/tor-project/2017-September/001459.ht… for background.) == Previous notes == 5 March: https://lists.torproject.org/pipermail/tor-project/2018-March/001685.htmlyy 26 March: https://lists.torproject.org/pipermail/tor-project/2018-March/001695.html 3 April: https://lists.torproject.org/pipermail/tor-project/2018-April/001705.html 9 April: https://lists.torproject.org/pipermail/tor-project/2018-April/001723.html 16 April: https://lists.torproject.org/pipermail/tor-project/2018-April/001739.html 23 April: https://lists.torproject.org/pipermail/tor-project/2018-April/001747.html 30 April: https://lists.torproject.org/pipermail/tor-project/2018-April/001750.html == Stuff to do every week = * Let's check and update the roadmap. What's done, and what's coming up? url to roadmap: https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Check reviewer assignments at https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Check rotations at https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/TeamRot… == Announcements == * Remember to "/me status: foo" at least once daily. * Remember that our current code reviews should be done by end-of-week. * Make sure you are in touch with everybody with whom you are doing 0.3.4.x work. * Important dates: * May 15, 2018 -- 0.3.4.x feature freeze! 1 WEEK LEFT. OUR BIG PRIORITY SHOULD BE TO GET ALL FEATURES IN FOR 034 BEFORE ANYTHING ELSE. Lets not wait for the review assignement sheet for any of those or roadmap items. And remember, "It's fine to defer!" * Remember: don't spend more than a day working on anything that isn't on the 033 or 034 milestones. == Discussion == * #25960, last comment by teor, "decide whether to put the small or the large version of this ticket on the roadmap" regarding the "Bandwidth List" format (https://trac.torproject.org/projects/tor/ticket/25960#comment:9) == Updates == teor: Last week: * bandwidth spec and code reviews * rewrote the experimental privcount plot command * final data collections This week: * leave for a week and a half mike: Last week: * Discussions and meetings about domain fronting issues. * Reviewed #25903, #25914, and #25995 * Ticket triage * Prop #291 discussion * Log message for #25705 ( * Fixed up #25870 (vanguard restrictions) * Tested and tweaked vanguard script This week: * Help get last of 034 vanguard helper patches merged * Continue testing vanguard script; write unit tests and packaging * Continue 2 guard discussion/analysisq asn: Last week: - Reviewed #25552: prop224: Onion service rev counters are useless and actually harmful for scalability - Reviewed #23107: prop224: Optimize hs_circ_service_get_intro_circ() digest calculation - Reviewed #25870: Fix vanguard restrictions - Reviewed #25997, #25996. - Did some debugging in #25761: hs: Reload signal (HUP) doesn't remove a disabled service - Did an initial review of haxxpop's client auth branch: #20700. - Discussed hsv3 client authorization: https://lists.torproject.org/pipermail/tor-dev/2018-May/013155.html - Discussed 2-guard proposal again: https://lists.torproject.org/pipermail/tor-dev/2018-May/013162.html - Triaged some of my tickets out of 034. This week: - More work on #25761. - More work on #25552 - More work on client auth and #20700. - More work on vanguards and 2-guard proposal. haxxpop Last week: - Discussed hsv3 client authorization: https://lists.torproject.org/pipermail/tor-dev/2018-May/013155.html This week: - Re-publish the descriptor if the client auth config changes via SIGHUP - Revise hsv3 torspec to specify how the users configure hsv3 client authorization - Try to finalize if we want to use prefix in client auth private/public keys or not Nick: Last week: - More 1/sec refactoring on #25375. Now, there is nothing that needs to happen 1/sec when the network is disabled! - Reviewed lots and lots of branches. - Deprecated 0.2.5 - Gave a Tor lecture for an MIT class. - Debugged Tor working with libressl. - Tried to help with fallout from some travis-breaking merges. These should happen less and less as we get more travis tests into master. - Did community advocate role. Didn't actually achieve much. Maybe I wasn't seeing the right opportunities :/ - More #25908 (test coverage determinism) work to improve coveralls utility. This week: - Finish the 0.3.4 portion of #25375: actually disable the 1/sec callback when the net is off. - Check whether we're ready to merge TROVE-2018-005. - Review and merge even more pending branches. - Close smaller 0.3.4 issues, preferring those on the roadmap. - Backport 0.3.3 items. - Prepare for 0.3.4 alpha and 0.3.3 stable to come out next week (!?) - Bug triage rotation. - Begin triage on 0.3.4 tickets. - Revise bwauth format spec, if teor and juga and pastly want me to. (I'm also happy for you to make any subset of the changes I suggested; I trust your judgment.) juga: Last week: - more "bwauth format spec" revisions - worked on #25947, #25960, #26004, #26007 This week: - more "bwauth format spec" - refactor for #25960 - other things depending on the spec Can not be at the meeting, but it would be great if people can discuss what i added in "Disscusion". I'll read backlog around 19:00 UTC and answer questions in #tor-dev. Always happy if nickm review spec dgoulet (Will miss the meeting): Last week: - Worked (mostly review) with nickm on #25500 child tickets. - Closed down roadmap item #25494. Dirauth modularization was merged upstream with #25610 \o/. Not perfect but a good step forward. - Patch work for #25552 HSv3 problem which took lots of discussion with teor/asn. It is in merge_ready for 034. - Reviewed ffmancera circuit cannibalization patch #25118. This week: - Work on roadmap item #25500 child tickets so we can get them upstream before freeze with nickm. - Review++ on 034 features as needed. I have on my radar #25647 (wide CREATE cell encoding from isis). - Will do a review pass on haxxpop's HSv3 client auth branch. - Address, as a priority, anything that comes up with #25552 (roadmap item) so we can get it upstream before next week. - If no 034 features need my attention, I'll start on 034 bug squashing. We already have plenty that needs fixing just for HSv3. catalyst: last week (2018-W17): - reviewed #15015 (--verify-config port binding). closed as worksforme after multiple failures to replicate - started to review #25549 (appveyor CI) - finished tests and patches for #25756 (make early-consensus detection more reasonable). unsurprisingly, the tests took most of the time and the actual behavior change was almost trivial to implement. - looked at some coverage flapping issues - helped a little with the rust distcheck CI - looked at #25061 some more - IRC moderation stuff this week (2018-W18): - CI rotation - #25061 - reviews ahf Last week: Sponsor 8: - Wrote an additional patch for #25991. - Reviewed: #25990, #25991. - Went over our HS perf. data and tried to clean it up. Misc: - Reviewed: #17949, #17873. - Booked flights for SF for Mozilla All Hands. - Coverity duty: not much to report here. This week: Sponsor 8: - Work on idle interface: #25499 + its children for 0.3.4. Misc: - Review #24732, more review of #17873 - Community hero role! isis: last week: - revised #24660 - finished wide create(d) cell parsing/handling #25647 - fixed a couple things i did in #24660 that broke some things #26024 #26025 - fixed bridgedb because there was a stem issue where it didn't handle errors when trying to parse ed25519 certs with the year 491869 #26023 - reviewed #25903 and #25936 - re-booked my Seattle flight (the frickin airline couldn't charge my card for some reason and then didn't see fit to tell me) this week: - fixing up a leak in a test for #25647 - wide extend cell handling #25651 - maybe wrapping the create(d)2v cells in extend2 cells if i get to it #25650 - working out paystub/employment verification stuff for an apartment i'm trying to get - revising the TROVE-2018-005 patches pastly: last week: - More testing and fixing of switch-to-http branch of sbws. Not much to report - Some person came and told us on a GH issue that there's no way sbws should ignore self-reported bandwiths but couldn't dumb it down enough for us to digest. https://github.com/pastly/simple-bw-scanner/issues/150 this week: Seattle travel paperwork note: I'll have very limited availability Thurs May 10 to Mon May 14; also on Sat May 19.

1 0

Notes from May 3 2018 Vegas team meeting
by Karsten Loesing 04 May '18

04 May '18

Notes for May 3 2018 meeting: Alison: 1) HOPE -- one of our talks got accepted, waiting to hear about other talks and the table 2) Sponsor9 -- coordinating travel and workshop plans with partners 3) LFI -- more curriculum development, setting up communication platforms, finalizing stuff before we begin in June! 4) next week we'll begin interviews for the user research coordinator 5) Mexico City save-the-dates are going out, getting more invitation suggestions from tor-internal@ now 6) the meeting planners group will meet on May 9 at 1700 UTC (in #tor-meeting unless it's occupied) to make a timeline and delegate tasks for the Mexico City meeting 7) Outreachy and Summer of Privacy interns have been chosen! 8) lots of outreach stuff happening on the community team: meetups in Pune, India, Ann Arbor, NYC meetup planning, plus Cryptorave is this weekend! Georg: 1) Release preparations to pick up Mozilla's Firefox ESR 52.8.0; countdown for transitioning to ESR 60 for Tor Browser desktop is starting Mike: 1) What do we know about what triggered the cascade of CDNs to disable domain fronting? Did they all collective panic? Or did customers complain? Did a censor threaten to block all of them? Or is there some other issue? 2) 0.3.3+0.3.4 development work Nick: 1) 0.3.3 should be stable soon. 2) 0.3.4 will be feature-frozen soon. 3) 0.2.5 is now unsupported 4) 0.3.4 or 0.3.5 is likely to be chosen as a long-term support release, depending on timing. 5) Taught a 90-minute class of MIT students about Tor this week. Realizing I have at least 3 hours of material. Maybe ought to make a video series. Steph: 1) responding to inquiries 2) Def Con 3) talking to a volunteer about writing a post on running exits Karsten: 1) Made even more progress on Sponsor 13 deliverables. Arturo: 1) Finished a, mostly working, OONI Probe orchestration backend MVP done: https://github.com/ooni/orchestra/pull/44#issuecomment-386005973 2) Finished most of the screen mockups for the revamped OONI Explorer 3) Going to hire illustrators for illustrations for the revamped OONI Probe app Shari: 1) submitted OTF grant proposal isabela: 1) onion services otf proposal done 2) late with sponsor8 report - trying to get it done by eod monday 3) talking with brave about their feature using Tor 4) will participate in at least 4 activities about tor at cryptorave may 4 and 5 and on may 8th i will be offline doing a tor training in sao paulo (expect offline time) 5) preparing monthly reports for sponsor 13 and 17 6) working on the domain fronting issue 7) need to move on with the job post for localization project manager part time position 8) internews approached me talking about a pluggable transport idea they want to submit a grant proposal for and would like a support letter from tor

1 0

Summary of meek's costs, March 2018
by Sina Rabbani 02 May '18

02 May '18

Dear Tor Project, Here's the summary of meek's CDN fees for March 2018. Inspired by David Fifield's summary emails :) I went back and updated the trac page with costs all the way back to April 2017, the time Team Cymru started to cover the fees. https://trac.torproject.org/projects/tor/wiki/doc/meek#Costs Google Amazon Azure total 2017 Jan — $1,550.19 $1,196.28 $2,746.47 2017 Feb — $1,454.68 $960.01 $2,414.69 2017 Mar — $2,298.75 $353.81 $2,652.56 2017 Apr — $584.73 $ 725.80 $1,310.53 2017 May — $2,150.47 $1,097.29 $3,247.76 2017 Jun — $2,677.31 $4,358.50 $7,035.81 2017 Jul — $2,873.28 $5,330.18 $8,203.46 2017 Aug — $646.28 $4,020.68 $4,666.96 2017 Sep — $1,914.41 $4,670.51 $6,584.92 2017 Oct — $2,962.71 $3,912.41 $6,875.12 2017 Nov — $4,674.80 $2,513.43 $7,188.23 2017 Dec — $6,358.11 $1,451.36 $7,809.47 2017 total — $30,145.72 $30,590.26 $60,735.98 Google Amazon Azure 2018 Jan — $8,429.07 $1,880.31 $10,309.38 2018 Feb — $8,522.01 $2,630.71 $11,152.72 2018 Mar — $10,863.95 ? $10,863.95 2018 total — $27,815.03 $4,511.02+ $32,326.05 grand total $13,138.96 $81,274.22 $43,754.18 $138,167.36 I'll do my best to keep the trac page updated. All the best, Sina -- Sina Rabbani | Systems Engineer | Team Cymru, Inc. srabbani(a)cymru.com | 0x53B422A8 | http://www.team-cymru.com/

7 7

Damian's Status Report - April 2018
by Damian Johnson 01 May '18

01 May '18

Hi all! Was out of commission during my last status report so this one's a little meatier... https://blog.atagar.com/april2018/ Cheers! -Damian

1 0

Network team meeting notes, 30 April 2018
by Nick Mathewson 30 Apr '18

30 Apr '18

Hi, all! Logs from this week's meeting are available at http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-04-30-16.59.html Below is a copy of our notes! = Network team meeting pad, 30 April 2018 = Welcome to our meeting! Mondays at 1700 UTC on #tor-meeting on OFTC. (This channel is logged while meetings are in progress.) Want to participate? Awesome! Here's what to do: 1. If you have updates, enter them below, under your name. 2. If you see anything you want to talk about in your updates, put them in *boldface*! 3. Show up to the IRC meeting and say hi! Note the meeting location: #tor-meeting on OFTC! (See https://lists.torproject.org/pipermail/tor-project/2017-September/001459.ht… for background.) == Previous notes == 5 March: https://lists.torproject.org/pipermail/tor-project/2018-March/001685.htmlyy 26 March: https://lists.torproject.org/pipermail/tor-project/2018-March/001695.html 3 April: https://lists.torproject.org/pipermail/tor-project/2018-April/001705.html 9 April: https://lists.torproject.org/pipermail/tor-project/2018-April/001723.html 16 April: https://lists.torproject.org/pipermail/tor-project/2018-April/001739.html 23 April: https://lists.torproject.org/pipermail/tor-project/2018-April/001747.html == Stuff to do every week = * Let's check and update the roadmap. What's done, and what's coming up? url to roadmap: https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Check reviewer assignments at https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Check rotations at https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/TeamRot… == Announcements == * Remember to "/me status: foo" at least once daily. * Remember that our current code reviews should be done by end-of-week. * Make sure you are in touch with everybody with whom you are doing 0.3.4.x work. * Important dates: * May 1, 2018 -- 0.2.5 is no longer supported: https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/CoreTor… * May 15, 2018 -- 0.3.4.x feature freeze! 3 WEEKS LEFT. - *OUR BIG PRIORITY **SHOULD BE **TO GET ALL FEATURES IN FOR 034 BEFORE ANYTHING ELSE.* - * Lets not wait for the review assignement sheet for any of those or roadmap items.* * Remember: don't spend more than a day working on anything that isn't on the 033 or 034 milestones. * juga is working on bandwidth measurement for Tor's Summer of Privacy. Congratulations! == Discussion == * Should 0.3.4 be a long-term support release? How do we pick our next LTS? -NM - Can we just tell Debian to use it as a LTS? What about other platforms? - teor * Are we ready to release 0.3.3? -NM - [dgoulet] We should get the TROVE finalized. Apart from that, I think it is. - [ahf] I still have #25245 open, I do have a patch to do some diagnostics, but it's very annoying to reproduce locally. It's marked priority = very high, but I don't know if we think it's a blocker? == Updates == asn: [Migh be off for May 1st excursion at the time of the meeting.] Last week: - Reviewed and helped with #25870. This is complex stuff! To better understand the ticket, I wrote some initial unittests for path selection for normal exit circuits and vanguards. They are still quite simple but they can be the basis of something good. - Pushed bugfixes and features to the vanguard simulator (#23978) based on Mike's testing. - Reviewed #23693. - Provided feedback to the 2-guard proposal thread. - Gave a bit of testing to haxxpop's v3 client auth branch. Seems to work! I also motivated some more people to try it out and find bugs. Next step is to find time for code review. We are hoping for 035 inclusion. - Discussed v3 intro auth with haxxpop. - Wrote patch for #25843 and got it merged. - Replied to "[tor-dev] onion v2 deprecation plan?" thread. - Suggested some tasks to our ahmia SoP student. This week: - Continue discussion on the 2-guard proposal thread. We are doing good progress. - Discuss with Mike what's needed next for the vanguard simulator. - Triage tickets out of 034 with my name that I don't have time for. Most of them were the result of 033 -> 034 triaging. - Hopefully find some time for #25552. Mike: - Reviewed #24734, wrote a couple fixups forit. - Worked on #25870 (vanguard path restrictions) with asn. - Proposal 291 mailinglist posts (enumerated 8 properties defenses have and developed one that got all of them) - Refined #25903 (CIRC_BW events that help check for dropped-cell side channels); updated vanguard repo to use them; tested them. - Reviewed #25843 (NumEntryGuards param). asn - are you sure that it is influencing our dirguards? it looks like no. catalyst: last week (2018-W17): - investigated some unexplained test coverage fluctuations revealed by coveralls.io - opened #25908 to stabilize test coverage. thanks nickm for doing some inital data gathering! - more call stack analysis for #25061 - deferred #25061 to 034 - reviewed #19429 (compatibility with openssl-1.1 no-deprecated) - patch for #25936 (display test-suite.log from the correct location when doing a distcheck build in travis) - worked on #25756 (relax timestamp tolerance for early consensus) this week (2018-W18): - finish #25756 - write some summary of investigations to date on #25061 - reviews - other 033, 034 bug fixes as needed teor: * Last week: * collecting privacy-preserving statistics is still time-consuming * Bandwidth file spec revisions, we should have tested it with tor first :-) * Continued to help with bandwidth measurement (sbws) * A few code and spec reviews * CC'd specific people about old trac milestones * This week: * Analyse the last collection results * Configure and schedule the next collection(s) * Start writing up & reviewing others' write-ups * Try to keep up with the bandwidth stuff dgoulet: Last week: * Fixed tickets (see Timeline). * Reviwed and worked on #25500 child tickets with nickm. * Finalized dirauth modularization with #25610, working with ahf on that. It is in needs_review and a biggy! * The annoying warning on 034 has been fixed! #25577 This week: * Continue on #25500 child tickets with nickm. * Prioritize #25610 if a review comes in. * Depending on the two things above goes, I can get on the roadmap item #25552 (HSDir rev counter issue) or the wide CREATE cell work (#24986). * Name of the game for me until the freeze in 15 days is to prioritize big patches and features for 034 on our roadmap. ahf: Last week: Sponsor 8: - Went over data submission for our Onion Service speed test and ensured everything was running OK. - Worked with David on going over the dir auth module code. - Submitted patch for #25953. Misc: - Reviewed: #25812 & #17949. - CI duty. This week: Sponsor 8: - Help out if there is some changes we need to do to the split dirauth patches - Move to look at the network idleness code if possible. Misc: - Coverity duty. - Talk with Mozilla about all hands logistics. nickm: Last week: * Wrote several patches to move things out of the second_elapsed_callback() and run_scheduled_events() functions, including #25931 (consdiffmgr_rescan), #25932 (various cleanup-and-close functions), #25949 (delayed signewnym), #25937 (dirvote actions), #25933 (attach pending). Also did #25927 in prep for reforming how we handle approx_time(). Tracking all of these at https://pad.riseup.net/p/tor-client-cpu and under #25375 * Merged a bunch of merge_ready items * Reviewed a bunch of quick and not-so-quick patches * PETS discussions * Coverity duty : nothing seems to have happened. This week: * Deprecate 0.2.5.x * Community advocate * More hacking on moving things out of second_elapsed_callback() and friends (#25375) * Review #25610 (modularizing dirvote code) * Review #25869 (bandwidth doc format spec) * Ask packagers about LTS preferences isis: last week: - finished setting up appveyor (per developer windows CI) for tor #25549 - debugged a few windows test failures #25942 #25943 #25944 - powershell is terrible - reviewed #24630 - did ticket triage several times - commented on some github.com/rust-lang tickets regarding bool FFI compatibility - made some progress on wide create cells #25647 #25650 25653 next week: - more wide create cell stuff - revising a couple tickets #24660 #25549

1 0

OONI Monthly Report: April 2018
by Maria Xynou 30 Apr '18

30 Apr '18

Hello Tor, The OONI team published a report on network disruptions in Sierra Leone and established a new partnership with a local human rights organization in South Sudan. We also updated more test lists based on research, and we continued to make progress on probe orchestration, the development of the Windows app, and on the revamping of our mobile apps. We experimented with creating and publishing our first short documentary, and we continued to collaborate with community members on tracking censorship events worldwide. # Established new partnership We are excited to have formally established a new partnership with South Sudan's The Advocates for Human Rights and Democracy (TAHURID). As part of our new partnership, we aim to collaborate on the study of internet censorship in South Sudan through the collection and analysis of OONI Probe network measurements. Social media announcement: https://twitter.com/OpenObservatory/status/988695263274586112 # Updated test lists We carried out research (https://ooni.torproject.org/get-involved/contribute-test-lists/#test-list-r…) <https://ooni.torproject.org/get-involved/contribute-test-lists/#test-list-r…> to identify more URLs to test for censorship in Zimbabwe and Venezuela. Based on this research, we updated the following test lists: * Zimbabwe: https://github.com/citizenlab/test-lists/pull/327 * Venezuela: https://github.com/citizenlab/test-lists/pull/329 Overall, based on research, we have updated the following 5 test lists over the last months: * Zimbabwe: https://github.com/citizenlab/test-lists/pull/327 * Venezuela: https://github.com/citizenlab/test-lists/pull/329 * Sierra Leone: https://github.com/citizenlab/test-lists/pull/320 * Egypt: https://github.com/citizenlab/test-lists/pull/336 * Mali: https://github.com/citizenlab/test-lists/pull/304 During April 2018, we also updated the following test lists based on URLs provided by community members: * Kazakhstan: https://github.com/citizenlab/test-lists/pull/330 * Ethiopia: https://github.com/citizenlab/test-lists/pull/326 * Venezuela: https://github.com/citizenlab/test-lists/pull/333 * Uganda: https://github.com/citizenlab/test-lists/pull/334 # Report on network disruptions in Sierra Leone We collaborated with Sierra Leone's Campaign for Human Rights and Development International (CHRDI) to monitor censorship events during the country's election period. OONI data collected and analyzed from Sierra Leone did not show any significant signs of internet censorship. Even though WhatsApp and Facebook Messenger were accessible, their testing presented high execution time, indicating some form of performance degradation on the network. Amid Sierra Leone's runoff elections, two network disruptions occurred. We examined these disruptions via Google traffic and BGP data, and published a report: https://ooni.torproject.org/post/sierra-leone-network-disruptions-2018-elec… # Progress on Probe Orchestration We made a lot of progress on implementing probe orchestration for automatically running network measurements on mobile OONI Probe. See: https://github.com/ooni/orchestra Some highlights include: * Integrating the experiment signing with the Yubikey 4 hardware security module * Significant refactoring of the codebase to make it easier to separate the alert push notification logic from that of experiment notification * Renaming of Proteus to OONI Orchestra * Upgrading the web frontend to the latest dependency versions The unmerged branch containing the above changes is the following: https://github.com/ooni/orchestra/pull/44 # Progress on the Windows app development In collaboration with Simone Basso, we iterated on integrating Measurement Kit into the Windows OONI Probe desktop app (https://github.com/measurement-kit/go-measurement-kit/tree/feature/windows+… <https://github.com/measurement-kit/go-measurement-kit/tree/feature/windows+…>) <https://github.com/measurement-kit/go-measurement-kit/tree/feature/windows+…>. # Revamping the OONI Probe mobile apps As part of our work on revmaping the OONI Probe mobile apps, we continued to make progress on the design and UI, and we released a new testflight for iOS which includes new copy and all of the strings. We also created a design brief for new illustrations to be included in the revamped mobile apps, and we started working with illustrators. # Short documentary on internet censorship in Cuba We published a short documentary that we created during our trip to Cuba last year, titled: "ParkNet: Exploring Internet Censorship in Cuba". This 5-minute film features some of our key findings on our study of internet censorship in Cuba and is available here: https://ooni.torproject.org/post/parknet-short-documentary-cuba/ More in-depth findings are available via our research report (https://ooni.torproject.org/post/cuba-internet-censorship-2017/) <https://ooni.torproject.org/post/cuba-internet-censorship-2017/%29>. This short documentary is our first experiment in presenting censorship findings with video. We have set up an OONI YouTube channel where we plan to publish more videos in the next months: https://www.youtube.com/channel/UCQhDgj9wBf4_w5bWFvLlq-w # Community use of OONI data ## Blocking of IM apps in Chad OONI data was referenced in Internet Sans Frontieres' press statement regarding the blocking of WhatsApp, Facebook Messenger, Viber and BCC in Chad: https://internetwithoutborders.org/chad-is-blocking-social-media-and-messag… ## Blocking of news outlet in Venezuela OONI data confirmed the blocking of news outlet El Pitazo in Venezuela. We provided an analysis and interpretation of measurements that supported IPYS Venezuela's report on the blocking: https://ipysvenezuela.org/alerta/dos-medidas-de-censura-han-afectado-a-el-p… ## Citizen Lab Netsweeper report OONI data was used to identify blocked websites and middleboxes in the Citizen Lab's research report, "Planet Netsweeper": https://citizenlab.ca/2018/04/planet-netsweeper/ # Community activities ## OONI presentation at the International Journalism Festival (IJF) On 13th April 2018, OONI was presented at the International Journalism Festival (IJF) in Italy on a panel that discussed the many faces of censorship. More information about this panel is available here: https://www.journalismfestival.com/programme/2018/states-companies-algorith… The OONI presentation can be viewed here: https://www.youtube.com/watch?v=PTecjRM8tAs&feature=youtu.be&t=11m56s ## Blog post on recent participation at conferences We published a blog post on our recent participation at conferences in Africa, India, and Europe. Our blog post is available here: https://ooni.torproject.org/post/ooni-in-africa-india-europe-conferences/ ## Community meeting We hosted our monthly community meeting on 24th April 2018. As part of the meeting, we discussed the following: 1. Recap of what OONI has been up to over the last month 2. Outreach: How to communicate OONI Probe more effectively and engage wider audiences 3. Community engagement challenges: Monitoring censorship events in Chad and elsewhere in Africa # Userbase In April 2018, OONI Probe was run 265,001 times from 4,911 different vantage points in 210 countries around the world. This information can also be found through our stats here: https://api.ooni.io/stats ~ The OONI team. -- Maria Xynou Research and Partnerships Coordinator Open Observatory of Network Interference (OONI) https://ooni.torproject.org/ PGP Key Fingerprint: 2DC8 AFB6 CA11 B552 1081 FBDE 2131 B3BE 70CA 417E

1 0

Notes from April 26 2018 Vegas team meeting
by Karsten Loesing 27 Apr '18

27 Apr '18

Notes for April 26 2018 meeting: Arturo: 1) We established a partnership with The Advocates for Human Rights and Democracy (TAHURID) in South Sudan: https://twitter.com/OpenObservatory/status/988695263274586112 2) We published a short documentary on internet censorship in Cuba: https://ooni.torproject.org/post/parknet-short-documentary-cuba/ 3) We hosted the OONI April Community Meeting: http://meetbot.debian.net/ooni/2018/ooni.2018-04-24-13.59.html 4) Progress on OONI Orchestra development isabela: 1) done with sponsor4 final reports - sent to Sue to create our final invoice 2) working on sponsor8 Q1 report (due may day) 3) afk tomorrow (friday 27 for doc) and off on may day 4) Community Liaison candidates interview 5) preparing for cryptorave talk (and 2 other activities we are doing there) 6) working on .onion otf proposal due may first 7) sent network speed tests for the week 8) met with brave about their feature that makes it possible for an user to open a private tab and have a connection to tor on that tab 9) dealt w/ noise from ED announcement :D Shari: 1) talked to lots of folks about ED transition 2) did four interviews for new Community Liaison position. 3) reviewing onion services grant proposal for OTF 4) started to work on job description for fundraising director but got distracted; I'm determined to finish it by next week! 5) crafted emails for Sue to send asking for reimbursement for Rome meeting 6) finally made travel arrangements for a couple of trips in May and June (RightsCon, NYC, and quick trip to SF for EFF board meeting) 7) still haven't done expense reports for last two trips. :( Gonna try to get those done by next week, too. 8) meeting planning stuff; we're close to deciding on a hotel Alison: 1) did interviews for the community liaison position 2) Library Freedom Institute curriculum and other planning -- we start in a little more than one month! If anyone is interested in reviewing my curriculum I'd love to share it with you 3) Mexico City invite list update 4) organizing the Mexico City meeting timeline 5) working on community portal slides with great feedback from Tor people 6) still no word from HOPE, but I think other people have heard from them? Steph: 1) newsletter out today 2) published ED news, sent to press 3) answering front desk / press 4) published a post on new interns Tommy and Colin put together 5) Def Con: anyone interested to present? deadline may 1. talk about mitigating the ddos? if not, I think we will just have a booth/table in the privacy village to talk to folks, answer questions, get donations for swag. Roger and I will be there. Anyone else? 6) trademark issue Mike: 1) Conversation with brave Georg: 1) helped with Sponsor4 reporting, it seems we have survived that sponsor as well, yay! 2) participated in conversation with Brave folks Karsten: 1) Made some good progress on Sponsor 13 deliverables. Nick: 1) Racing to 0.3.4-freeze on may 15. 2) 0.3.3 is in RC. Make sure we know about must-fix bugs.

1 0

Network team meeting notes, 23 April 2018
by Nick Mathewson 24 Apr '18

24 Apr '18

Hello! Our weekly meeting logs are here: http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-04-23-16.58.html Below are our notes from the meeting. = Network team meeting pad, 23 April 2018 = Welcome to our meeting! Mondays at 1700 UTC on #tor-meeting on OFTC. (This channel is logged while meetings are in progress.) Want to participate? Awesome! Here's what to do: 1. If you have updates, enter them below, under your name. 2. If you see anything you want to talk about in your updates, put them in *boldface*! 3. Show up to the IRC meeting and say hi! Note the meeting location: #tor-meeting on OFTC! (See https://lists.torproject.org/pipermail/tor-project/2017-September/001459.ht… for background.) == Previous notes == 5 March: https://lists.torproject.org/pipermail/tor-project/2018-March/001685.htmlyy 26 March: https://lists.torproject.org/pipermail/tor-project/2018-March/001695.html 3 April: https://lists.torproject.org/pipermail/tor-project/2018-April/001705.html 9 April: https://lists.torproject.org/pipermail/tor-project/2018-April/001723.html 16 April: https://lists.torproject.org/pipermail/tor-project/2018-April/001739.html == Stuff to do every week = * Let's check and update the roadmap. What's done, and what's coming up? url to roadmap: https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Check reviewer assignments at https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Check rotations at https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/TeamRot… == Announcements == * Remember to "/me status: foo" at least once daily. * Remember that our current code reviews should be done by end-of-week. * Make sure you are in touch with everybody with whom you are doing 0.3.4.x work. * Important dates: * May 15, 2018 -- 0.3.4.x feature freeze! 3 WEEKS LEFT. * Remember: don't spend more than a day working on anything that isn't on the 033 or 034 milestones. == Discussion == * How much should we do with travis and how much do we leave to jenkins? (See #25814) * What is blocking 0.3.3-stable? * Should we consider any 034-proposed items? Here's a useful query that finds 0.3.4 tickets that are recently modified, and don't have code: https://trac.torproject.org/projects/tor/query?status=accepted&status=assig… - Mike wants #25883 (some control port events) - gk wants #25895 (rust cross-compiling for Windows) These ones seem ok: - dgoulet added #19665 (client port counts) as an essential part of periodic events (Sponsor 8) - nickm added #25828 as a bugfix found in #25373 token buckets (Sponsor 8) == Updates == Nick: * Last week: * CI rotation: - added coveralls support to travis (25818) - fixed numerous 32-bit issues found by jenkins - fixed a couple of windows issues found by jenkins - fixed a distcheck issue found by jenkins - wrote a patch to have travis handle distcheck - addressed failing rust builds on jenkins (25813) * Wrote tricky patch to replace token-bucket refill events (every 100ms) with as-needed refills. 25373 * Wrote patch to fix nonfatal assertion failures in 033 (25691/25692) * Reviewed pending patches (25762, 24660, 24659) * Attended prop291 meeting (two-guard discussion). * Fixed clang scan-build issues * Wrote fixes for various small tickets on 034 milestone. * This week: * Work with dgoulet to make second_elapsed_callback less overengineered * Review, merge, revise. * More small 034 tickets, time permitting * Coverity rotation Mike: * Last week: * Wrote a patch for #25733 * Cleaned up #25400 * Looked into jenkins a bit to try to help figure out how to email build-breakers automatically (#25819) * Ran prop 291 meeting + notes + tickets + mailinglist posts * Ran vanguard simulator a bunch; found some bugs; wrote some patches. * Wrote patch for #25870 (fix vanguard restrictions -- I think this is our best bet for restrictions in 0.3.3/0.3.4) * Implemented a ton of vanguard script pieces (bandwidth checks, relay use frequency checks) * Stumbled on #25883 (no control port stream events for onion services on service side). * This week: * Really want to fix #25883 for 0.3.4. May need some help/tips. * Get vanguards repo closer to release quality teor: * Last week: * Wow, collecting privacy-preserving statistics is time-consuming * Bandwidth file spec review (we are down to formatting and nitpicks now) * Continued to help with bandwidth measurement (sbws) * Added new authorities to the testnet * Tor SoP reviews * Security patch discussion * Code reviews on nonfatal asserts (25691/25692), consensus method pruning (24378, prop#290) * Closed some really old trac milestones, sent an email to tor-dev about the rest * This week: * Analyse the last collection results * Configure and schedule the next collection * Start writing up & reviewing dgoulet: * Last week: - Ticket work (See timeline). - #25226 got merged so #25824 followed. - Worked on #25762 and worked with nickm on some other roadmap items about reducing client CPU usage. - I did a full days of work on Torsocks. I'm waiting on feedback on one ticket before releasing. I will probably just release if I don't hear back this week from the author of the patch. - Some work happened in the bad-relays world as well. * This week: - I'll try to finalize with nickm some roadmap items we've been working together (#25500 master ticket). - Short list of bugs for 034: #25761, #25577 - If possible, continue modularization work with #25610 - No rotation role for me this week. catalyst: * last week (2018-W16): - reviewed updates to #25511 (getinfo current-time/*) - control-spec.txt changes to support #25511 (getinfo current-time/*) - also some spec spelling fixes (#25871) caught during review - reviewed #25727 (bool in rust ffi) [*isis, were you able to poke rust people about stuff?*] - did some thinking about #25756 (loosening "consensus from the future" tolerance) with input from nickm - sponsor8 reporting stuff - expense accounting stuff * this week (2018-W15): - code review - continue working on #25061 (spurious connection warnings logged by relay) - look more at #25756 - other 033 or 034 work as needed ahf: Last week: Sponsor 8: - Moved our test s8 onion to a new host. Did some minor tweaks to our site. - Looked at Isa's S8 reporting. - Cross compiled Tor/Orbot for Android-ARM64. Now running Orbot locally with that for test (#25496). Misc: - Progress on #25245: easy to trigger if you inject a lot of traffic to an exit in a Chutney network, but difficult to trigger otherwise. Worked on making it easier to debug. - Go over the interview content with the version2 journalist about Tor. - Participated in a radio show with a host I know from BornHack about Tor. - Think(hopefully?) managed to solve logistics around being able to go to Mozilla All Hands after Seattle. Now waiting for OK from Mozilla. - Reviewed #25140 This week: Sponsor 8: - 0.3.4 work: either network idleness controller interface or conditionally compiled modules. - Talk with Hans about what we need to do to get #25496 (0.3.4 ARM64 work) into an Orbot release. Misc: - Land patches for #25245 (0.3.3). - CI duty. Question: our Jenkins have looked very sad, should I prioritize some time on this during the week? asn: Last week: - Participated in meeting on 2-guards (prop#291). - After the meeting, I submitted a patch for #25843 as was arranged and started testing the 2-guard proposal. I also posted a pseudo-proposal on a possible future for path restrictions in: https://lists.torproject.org/pipermail/tor-dev/2018-April/013085.html - Worked on improving the vanguard simulator, fixing bugs found by mike, and implementing more features (#23978). - Reviewed #24688 and #23693. - Started a thread on replay protection and ed25519 malleability as part of #25552. Ian suggested some possible avenues which I think are worth following. Isis also suggested some alternative avenues based on xeddsa and vxeddsa. I plan to read more into these generalized DSA protocols this week and decide if we can fit them for 034, they seem quite interesting. Perhaps a plausible approach would be to do Ian's simple approach for now, and switch to vxeddsa in the future. Not sure. I plan to read more about this this week, I find it very interesting. - Will be secondary mentor for the ahmia project in SoP this year. This week: - Continue work on 2-guard proposal and vanguards. - Read more about vxeddsa for #25552. - Test haxxpop's hsv3 client auth - Suggest some tasks for the Ahmia SoP student. - More reviews. haxxpop: last week: - Finish the client auth in the v3 onion service (excluding the intro auth) and it's ready for testing now! ( https://github.com/torproject/tor/pull/36 ) You can test it by adding `HiddenServiceAuthorizeClient basic <client_name>` on the service torrc and `HidServAuth <onion address> <base64-encoded x25519 private key>` on the client torrc You can get the private key from `client_authorized_privkeys/<client_name>.privkey` on the service file directory *Could anyone test it soon and, if possible, add it to the next release?* [asn: Yes I will definitely test and start the review procedure! Did you also do intro auth or just desc auth?] [haxxpop: just desc auth, because I still don't know which file to put clients' ed25519 public keys] [asn: ok we can figure this out. i guess you'd like us to give it initial review/testing before doing intro auth, right? makes sense.] [haxxpop: yes. In fact, I think desc auth and intro auth are independent features. We can launch the desc auth without intro auth, if we want. ] - next week: - - Probably take a break ;) pastly: last week: - started testnet authority and convinced people to trust it - feed sbws testnet results to the authority - changed sbws v3bw file units from bytes to KB so they'd be comparable to torflow - faq additions, glossary - sbws scanner (client) performs periodic reachability tests for sbws servers - sought input from dirauths about running sbws servers vs changing sbws to use http servers - signed up to mentor juga for bw scanning work - publish sbws docs at http://d7pxflytfsmz6uh3x7i2jxzzwea6nbpmtsz5tmfkcin5edapaig5vpyd.onion/ this week: - (today, definitely) *make sbws open source** [asn: boom!!!]* - see https://github.com/pastly/simple-bw-scanner - publish sbws docs at readthedocs - unit tests - probably change from requiring sbws servers to using http(s) isis: last week: - reviewed a patch to do `make distcheck` on travis #25814 - reviewed a patch to use coveralls from travis #25818 - did the hook/account setup for getting coveralls to start publishing to https://coveralls.io/github/torproject/tor - revised patches to expose our RNG in rust #24660 - responded to code review on #24659 - lunch meeting with trevor perrin about malleability in HS crypto and hash domain separation in post quantum key exchanges - reviewed #25515 again - long emails to lists about TROVE-2018-005 and HS crypto malleability #25552 - more work on wide create cells #25647 this week: - finish #25647

1 0

Tor Browser team meeting notes, 23 April 2018
by Georg Koppen 23 Apr '18

23 Apr '18

Hi! Our weekly meeting just finished and here come, as usual, the notes. The chat log can be found on http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-04-23-17.59.log… and our pad items are/were: Monday, April 23, 2018 Discussion question(s): Arthur asks: We seem to have mar files stored in two places: dist.torproject.org/torbrowser/ and cdn.torproject.org/aus1/torbrowser/ weasel asked if we need to increase space in both places. (https://trac.torproject.org/projects/tor/ticket/25575#comment:3) I'm wondering if these two sets of mar files are redundant, or if they are different things and we indeed need to roughly double the space of both things in order to increase the number of locales by ~2x. [arthur plans to add new calculations to #25575] boklm asks: disk space on build-sunet-a is full again. I am wondering if we could increase the disk size on this VM. [boklm just asked on #tor-project] mcs and brade: Last week: - Continued rebasing Tor Browser updater patches for ESR60 (part of #25543). - Helped with triage of incoming tickets. - Attended the Snowflake meeting. - Participated in the UX/Tor Browser "sync" meeting. This week: - Continue rebasing Tor Browser updater patches for ESR 60. - Monitor #25807 (Can not request bridges from torproject.org (App Engine is broken for moat)). sysrqb: Last week: Continued troubleshooting https-everywhere add-on update (#25603) - It seems https-everywhere webextension does not work in Fennec 52.7.3 - Still testing modified version of https-e v5.2.21 Troubleshooting crash during start-up of Fennec 61.0a1 with rebased Orfox patches (#25741) - Crash caused by MOZ_CRASH() call due to failure during EGL (graphics library) setup - Reproducible without Orfox patches, fetching current mozilla-central and will rebuild using that - hmm, now that I think about it, i forgot to clobber first, maybe caused by remaining compilation This week: More of troubleshooting the above tickets Reviewing upstream Mozilla bugs affecting Mozilla 52ESR code GeKo: Last week -worked mostly on getting rustc ready for our Tor Browser builds * slight progress on getting rust compiled for osx but I did not finish that yet (#25779) * wrote a patch for the 64bit Windows cross-compilation; it's working and i get esr60 compiled with it; tor needs to get fixed though (#25895) * we might have trouble getting the 32bit Windows cross-compilation going due to exception handling issue, see: https://github.com/rust-lang/rust/issues/12859 -write patches to get esr60 compiled for Windows (#25554, #25832) -opened tickets to clean up our CFLAGS/LDFLAGS usage for Windows which is pretty confusing (#25859, #25860, #25862) -bisected on the weekend our compilation issue when STL wrappers are enabled for 64bit Windows (#23231); it seems https://bugzilla.mozilla.org/show_bug.cgi?id=1443823 is fixing that one, too -reviewed #25458 (UI customization half-broken in Tor Browser 8.0a3) and #24309 -reviewed a bunch of Fennec bugs we might want to consider to backport for the next Orfox release -signed the alpha release -a bit bug triage This week -fix osx rust cross-compilation -further investigate 32bit Windows rust cross-compilation -review remaining Fennec bugs we could consider for backport -review the rebased Tor Browser patches (#25543) -bug triage (torbutton and tor bundles/installation components) -maybe if time permits finally fixing https://bugzilla.mozilla.org/show_bug.cgi?id=1390583 (Stylo: Build Broken with MinGW) igt0: Last Week: Continued testing fingerprinting and linkability defenses - Android Accessible Services can allow external apps to detect users typing their passwords, so it is recommend to us to disable #25902 (Disable Firefox Mobile accessibility services) - Tested if the desktop linkability patches work on Mobile This week: Make sure I didn't miss any other android fingerprint attack vector Rebase and test my tor button branch against the rebased Tor Mobile branch. arthuredelstein: Last week: - Posted my rebase results (#25543) - Rebased #25543 again to latest mozilla-beta - Worked on fixing circuit display problem on windows. The issue is causes by a strange browser bug related to XUL. I am working on tracking down that bug, and also developing a workaround in case that fix doesn't work. - Built and signed the alpha (with boklm's help) - Looked at #22343 again (Save as... in the context menu results in using the catch-all circuith) This week: - Finally fix circuit display on Windows - Post a patch for #22343 - Try to get tor-browser-build working with the #25543 branch pospeselr: Last Week: - fought off a cold - various patch revisions for #20283 uplift (Tor Browser should run without a `/proc` filesystem) - went through outstanding issues for #25147 (Backport of fix shipped in Firefox 58.0.1?) - patch for #25458 (UI customization half-broken in Tor Browser 8.0a3) gk: looked into it this morning and verified the newTab.js change is actually not needed for UI customization screen to work will update the patch once my trac login issues are handled [GeKo: kk] This Week: - #23247 !!! (Communicating security expectations for .onion) tjr - Found a fixed a MinGW bug that was causing crashes - (But it was with those graphics prefs enabled - my patch disabling them was incorrect. I resolved that and am investigating a 'new' crash) boklm: Last week: - helped build and publish the new alpha - finished setup of new nightly build VM which is now running at http://f4amtbsowhix7rrf.onion/ - worked on the following tickets: - #25817: Add ansible scripts for setup of nigthly build server - #25318: Add Tor Browser nightly builds email notification - #25862: Clean up wrapper script/CFLAGS and friends mix on Windows - #25834: Use compiler dependent spec files for mingw-w64 This week: - investigate reproducibility issue with binutils update (#12968) [#16742] - work on fixing testsuite issues - setup a new VM for running testsuite on nightly builds - work on cleaning up our CFLAGS/LDFLAGS usage for Windows Georg

1 0