tor-project

tor-project@lists.torproject.org

16 participants
2324 discussions

Notes from June 8 2017 Vegas team meeting
by Karsten Loesing 12 Jun '17

12 Jun '17

Notes for June 8 2017 meeting: Roger: 0) I encourage everybody to think back to their items last week, and see if they are entirely resolved now or if they need another round of attention. This step is harder than it could be, since the non-public items get erased. 1) I asked Mike to lead the annual report process for Sponsor2 (NSF-RIT). It would be great to get an acknowledgement from Mike. :) 2) NSF-UIC annual report is also due in the coming months. 3) Hiro and I barged into a UX team meeting and gave them a bunch of blog tickets to work on. Our new blog works but is way less usable than the old one. More work remains. 4) The SponsorR summer camp dates have been announced, and I am double booked for most of it. I'm trying to fill out their paperwork and do the other logistics stuff they asked for before I break the bad news to them. 5) Can we send out these vegas mtg notes the day after the meeting, rather than waiting til Monday? Does anybody actually edit their notes after today? Outcome: starting next meeting, we're going to try sending them out on Friday. 6) Let's plan next week to pick up the Montreal invite plan and focus on whatever is critical path from here to sending out save-the-dates. Alison: 1) Colin is taking over GSoC starting Friday. 2) I finished the IMLS grant and am submitting it before I leave for vacation today. 3) Getting last minute edits to membership policy; will send proposal to list after the network team hackfest ends. 5) Continuing work with Global South community members 6) Planning for Tor Meeting -- drafting invites, working on Isa's process suggestions 7) I've asked Colin to put up the support portal q&a on the wiki (per our conversation in this meeting last week). 8) Next week I'll be working more on Global South meeting ideas and organizing more of the support portal answers. I'll also be thinking about promotion for the temporary support wiki. Blog post, tweets? Isabela: 1) Have started with Erin the writing of blog post for Tor Browser dev hiring. Next up will be 2 browser devs and 1 android dev for DRL Mobile project. Will follow up on that with Georg. Then is all SIDA hiring, which I will also follow up with Linda and Alison (and probably hiro to help w/ the web devs job posts). 2) I met with Erin to brainstorm a draft of a public onboarding document for new people. She has a 'non-public' onboarding check list that she uses, we also reviewed her list and made public whatever could be made public. Things that are not public: health care form, w4 form etc. I am adding the content we brainstormed in a wiki page (not done yet), she will review it and then we will share it with the rest of Tor for crowdsourcing intel. Here is the page: https://trac.torproject.org/projects/tor/wiki/org/onboarding (will be linked from front page on trac) 3) Tor Launcher Automation Feature - we had a meeting last Friday. I have to update the brief still, that said, we are closer and closer from defining the feature and we also have a plan on what to implement in relationship to it for sponsor4 deliverables. 4) Bunch of things: montreal schedule proposal meeting, writing core tor sponsor4 may report, getting office space at TW for folks in nyc, organizing wilmington visit next wed etc. 5) will **finish** and share with Shari the user growth strategy update for board meeting will also email this to internal Nick: 1) new releases with security fixes this week (8 release series, ouch) 2) delaware next week. 3) new meeting format persists; Someone else needs to lead next week's. After that, I suggest we discuss whether we like it? [shari will run next week's meeting.] 4) ** Pace of 0.3.x testing remains concerning. [think about discussing at montreal] 5) ** carry forward for next week: sponsor4 status (pending on results from ahf) Brad: 1) All Harvest invites have been sent out and 14 of 20 employees have registered nick asks: who should remind them? brad: email reminders will be sent via Harvest if they haven't registered by end of week. 2) For those who already submitted May time sheets, Sue and/or I will be manually posting that time in Harvest --> feel free to ignore any email notification you may receive 3) Next Board meeting is on Monday, so we are trying to close books by end of today nick asks: what do the rest of us need to do for this? brad: need info outlined in 4) below in order to make sure all revenue is correctly recorded. Some contractor invoices are still missing but we can just book estimates for now. 4) Still need info on milestone status for Sponsors R and Y 5) Time allocation budgets for employees will require significant updates as soon as DRL and/or SIDA grants are awarded. Proposed process for amending time allocation budgets: Roger, Isabela, and Brad create first draft budgets and present to Vegas team for comments; once finalized, updated budgets distributed to employees. Shari: 1) preparing for board meeting 2) traveling to San Francisco next week for EFF board meeting 3) end of next week is DRL meeting in Montreal; David Goulet is going Georg: 1) We finally got Tor Browser 7.0 out. 7.0.1 will follow next week to pick up the Firefox 52.2.0 ESR security update; Cloudflare is still in the process to make sure Tor Browser based on ESR 52 works as the one based on ESR 45 did. This is not done yet. We might want to be aware of that in case users come complaining/folks are asking. 2) Looked over the planned browser dev job posting Mike: 1) Re-read a few Guard related papers for the meeting next week. 2) Fixing issues with Sponsor2 Adaptive Padding work so that Marc Juarez can start to use it. 3) Roger: For the Sponsor2 report, should we wait until PETS? (We can also talk about it next week in person.) Karsten: 1) Put out two metrics-lib releases this week for our last remaining MOSS deliverable. 2) We'll want to write a blog post about the metrics-lib 2.0.0 release in June. We can start drafting something next week. Who can help with that? Tommy? Stephanie? [Answer: Asking Stephanie to help with this next week, copying Tommy.]

1 0

GSoC 2017 - anon-connection-wizard: Report #1
by iry 10 Jun '17

10 Jun '17

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello everyone! The following is my bi-week status report for the anon-connection-wizard project. I apologize for the delay on sending this email (I will send it earlier next time). # Keep up with the development progress of Tor-launcher Since anon-connection-wizard is the python-clone of Tor-launcher, it is a good idea to keep up with the development progress of Tor-launcher. ## irc discussions - - A small discussion related to the anon-connection-wizard happened at #tor-dev on May 30: [0] - - Link to tor launcher automation irc meeting on 06/02/2017: [1] - - June 5th irc meeting log related to anon-connection-wizard: [2] - - BTW, my irc name is: iry ## proposal tickets - - #21951: Tor Launcher improvements and automation [3] - - #22399: Tor launcher third-party censorship circumvention tools support [4] - - #22402: Usablity and accessiblity improvement on the Tor assistant page [5] # Maintain the whonix-setup-wizard - - Once anon-connection-wizard is ready for daily users, whonix-setup-wizard will be replaced. However, before that, it still need some maintenance: [6] # anon-connection-wizard development ## Make a TODO list - - At the beginning of my work, I made a TODO list to track the feature need implementing and bugs need fixing: [7] ## Document how to setup the running environment - - anon-connection-wizard is currently broken in Whonix Stable repository. Therefore, it is helpful for others who want to help test anon-connection-wizard to have a brief instruction on setting up the environment: [8] ## Basic Functions implementation and improvement - - Some of my work have not been pushed to Github yet: [9] ## Discussion on torrc output line related to obfs4 - - Should obfs4 have the “managed” line? : [10] # Next step ## Make setting up the environment easier Making setting up the environment easier will attract more people have a look at the anon-connection-wizard so that the project will receive more feedback. - - Make as many dependencies available as possible: [11] ## Implement other features - - I will keep working on the features and bugs listed in the TODO list Thank you for every tor person's help! iry [0]: http://forums.kkkkkkkkkk63ava6.onion/t/graphical-gui-whonix-setup-wizard - -anon-connection-wizard-technical-discussion/650/250 [1]: http://meetbot.debian.net/tor-project/2017/tor-project.2017-06-02-18.04. log.html [2]: http://forums.kkkkkkkkkk63ava6.onion/t/graphical-gui-whonix-setup-wizard - -anon-connection-wizard-technical-discussion/650/255 [3]: https://trac.torproject.org/projects/tor/ticket/21951 [4]: https://trac.torproject.org/projects/tor/ticket/22399 [5]: https://trac.torproject.org/projects/tor/ticket/22402 [6]: http://phabricator.kkkkkkkkkk63ava6.onion/T684 [7]: http://forums.kkkkkkkkkk63ava6.onion/t/graphical-gui-whonix-setup-wizard - -anon-connection-wizard-technical-discussion/650/229 [8]: http://forums.kkkkkkkkkk63ava6.onion/t/graphical-gui-whonix-setup-wizard - -anon-connection-wizard-technical-discussion/650/232 [9]: https://github.com/irykoon/anon-connection-wizard/commits/master [10]: http://forums.kkkkkkkkkk63ava6.onion/t/should-obfs4-have-the-managed-lin e/3991 [11]: http://forums.kkkkkkkkkk63ava6.onion/t/graphical-gui-whonix-setup-wizard - -anon-connection-wizard-technical-discussion/650/257 -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJZO5wcAAoJEKFLTbxtzdU8JFQQAJKLqXAZuPd6VHZh6ZewVMPU PTR5cS1VFi/kY2AaRg5ImPHpSbf4oQViiRq4c2O0BdbozRO3P9gDjDwqyYn1ZfsG 7xJGyzvL7jXZednlwAp3v4D+b3T80hNixVgXAVP+pcYwkMeCZjM1wGLz7WyMFJPZ OfViynDD1bKU6MP5BizFAFpla5VbGCZ8C6QF+E/HyE8+J+5s+Z8boEOrWHNPiP9y 5BoIX541ldRH1U+xe3jf/3137Q1l4/lylm9UikXOB5qCaLgzh51vF7v7qrJDsGiE FmbPnmv0lGRdtmsUBDTjilHMgxhw0K8t80XPq7ATiXnZODL73vuKMuEUKozYNfI+ /qJby1A47J6P3c/vK7Kno5Y6CHNWt6svtM1GKFv8bKB/f2czMgySztkuuU9mOdli jOhS7tSbFz0R81rCNuxbkcjSWZYOjBAxgcIVxu0OC76ELAF5XKldS+BtD/f6rqSS UWe+Ciwaa6yYarqWO9b8fTusiGkHyXHWEjJNJJhJI/gf+F/mDmIWIE+QUxxakObp rts0z2r8Q5lKAiuu5AJtgfBoF17t1VSESYvC+O5Z+H2pDC40bf59yZvnYvy0NnY3 dX3USjyUNEMQK4uSGTAzWuygCRLu1IeZTmd4OkKpO+UWZ+ITEkZL1L+AWY/p/vYx ZDbCIzf4RGc+jhttv0tp =j281 -----END PGP SIGNATURE-----

1 0

GSoC 2017 - unMessage: Report #1
by Felipe Dau 09 Jun '17

09 Jun '17

Hi everyone! This is my report #1 for the unMessage GSoC project. # Pre-coding period Since the project was accepted, my mentors and I started to plan what exactly had to be done for each task and I started to learn the things I would have to know in order to work on each of the tasks we selected. While I was learning I picked a part of each task and implemented them, so that my mentors could see if I was in the right direction. I am going to use bullet lists to briefly describe what I did for each task. More details can be found in their tickets. ## Improve setup script #35 [0] - Improved package metadata and requirements definitions ## Use attrs #34 [1] - Changed a class to use attrs in its attributes and validation ## Add a logger #30 [2] - Created a logger using twisted.logger - Sends logs to a file when using any of the UIs - Displays logs using the stdlib's logger when using the GUI ## Add a test suite #33 [3] - Created the tests module - Added some hypothesis tests for the packet factories - Enabled Travis CI [4] and Codecov [5] integration ## Support file transfer #12 [6] - Created serializable classes for file elements using attrs - Added tests for the serialization - Described how the file elements would be used [7] ## Make functions/methods asynchronous #21 [8] - Made functions/methods involved in sending an element asynchronous # Coding period Since the coding period started, I began to work on the tasks to be delivered for the first evaluation (#35, #34, #12, #30). ## Improve setup script #35 [0] - Added installation instructions to use pip in a virtual environment - Pinned requirements to their latest versions - Finished the task - Created an extra task to automate version and hash pinnings #49 [9] ## Use attrs #34 [1] - Changed most of the existing classes to use attrs ## Add a logger #30 [2] - Implemented a custom stdlib logger to use the file logger's format ## Support file transfer #12 [6] - Started working on the file transfer using the new function/methods that send elements (which are now asynchronous) Most of the code I worked on has been merged to the develop branch [10] and what has not been merged can be found in my fork's [11] branches. I also created a project on GitHub to keep track of the tasks [12]. # What's next The next steps for this first set of tasks is: - Finish changing some of the classes that do not use attrs yet - Continue working on the file transfer to send/receive requests, transfer files and handle some common errors involved in this process - Spread log statements in the code Thanks, -Felipe [0]: https://github.com/AnemoneLabs/unmessage/issues/35 [1]: https://github.com/AnemoneLabs/unmessage/issues/34 [2]: https://github.com/AnemoneLabs/unmessage/issues/30 [3]: https://github.com/AnemoneLabs/unmessage/issues/33 [4]: https://travis-ci.org/AnemoneLabs/unmessage [5]: https://codecov.io/gh/AnemoneLabs/unmessage [6]: https://github.com/AnemoneLabs/unmessage/issues/12 [7]: https://github.com/AnemoneLabs/unmessage/issues/12#issuecomment-304128995 [8]: https://github.com/AnemoneLabs/unmessage/issues/21 [9]: https://github.com/AnemoneLabs/unmessage/issues/49 [10]: https://github.com/AnemoneLabs/unmessage [11]: https://github.com/felipedau/unmessage [12]: https://github.com/AnemoneLabs/unmessage/projects/1

1 0

Community Team May 2017 report
by Alison 08 Jun '17

08 Jun '17

Hello all, Here are the highlights of the Community Team's work in May 2017: May 2017 Community Team report Meeting notes May 2017 ================================================================== https://trac.torproject.org/projects/tor/wiki/org/teams/CommunityTeam#Curre… Support portal ================================================================== We continue to work on creating and editing content for the support portal. Since the website funding is still up in the air, we've decided to put the questions and answers up on a temporary support wiki that users can access in the interim. Localization ================================================================== Phoul made plans for a Localization Lab sometime in June. anadahz translated ansible scripts for automatic Tor relay deployment into Portuguese. Operator support ================================================================== kat5 made a wiki to easily update what tshirts are available for operators: [1] https://trac.torproject.org/projects/tor/wiki/org/teams/CommunityTeam/Tshir… Global South ================================================================== we wrote a grant to Lush for Global South outreach funding. We also continued building relationships with community members in Egypt, Pakistan, India, and Kenya. We hope that some of these folks will join us for the Tor Meeting in Montreal this October. anadahz set up two new relays in Brazil: [2] https://atlas.torproject.org/#details/0EBC53D0558E14BEC545DD114D48184793774… [3] https://atlas.torproject.org/#details/45B3C4D398E964DB48736F9EBB6F909B5C573… Some team members organized a Tor meetup at Cryptorave in Brazil, and some of the people who attended that have already joined the tor-south channels. We'd love to build a stronger relationship between Tor and Cryptorave over the next year. Library Freedom Project ================================================================== We held lots of librarian trainings in May, which will probably be our last big training month for a while. We'll instead be focusing on things like updating the website and resources and adding more instructional content. We did a huge amount of work on a big IMLS (Institute of Museum and Library Services) grant which would cover two years of LFP funding. Community governance ================================================================== We sent the membership policy draft to a few Tor folks for review. After the network team hackfest it'll go to tor-project@ for the proposal period. Mirrors ================================================================== Samdney is working on updating the mirror site (#22150). ================================================================== Next up: community team roadmap, more Global South Tor Meeting planning, more questions, answers, and edits to the support portal, ratifying the membership policy. ================================================================== Thanks for reading! Alison -- Alison Macrina Community Team Lead The Tor Project

1 0

SponsorR Status Report May 2017
by George Kadianakis 08 Jun '17

08 Jun '17

Hello, here is the May 2017 report for SponsorR: - Reviewed and merged various prop224 code to 0.3.1: https://trac.torproject.org/projects/tor/ticket/21871 https://trac.torproject.org/projects/tor/ticket/21978 we also merged some spec improvements: https://trac.torproject.org/projects/tor/ticket/22052 - Finalized some more prop224 branches and put them in needs_review: https://trac.torproject.org/projects/tor/ticket/22006 https://trac.torproject.org/projects/tor/ticket/21859 - Published code that implements prop224 client-side descriptor fetching: https://trac.torproject.org/projects/tor/ticket/21403 This is the first step of the client-side implementation and we are currently using it to test the service-side code. Our next move is to implement the client-side introduction logic. - Handled some annoying bugs caused by our already merged-upstream prop224 code: https://trac.torproject.org/projects/tor/ticket/22246 - Accepted a GSoC student who will be working on improving Ahmia this summer: https://lists.torproject.org/pipermail/tor-project/2017-May/001143.html

1 0

Tails report for May 2017
by u 07 Jun '17

07 Jun '17

Find our May 2017 report online here: https://tails.boum.org/news/report_2017_05/ Releases ======== * We've finished testing and releasing Tails 3.0~rc1. * Tails 3.0 is scheduled for June 13th [https://tails.boum.org/contribute/calendar]. Code ==== ## Tails 3.0 We have been focused on the last finishing touches before we deem Tails 3.0 ready for release. Things are looking good so far! ## Reproducible builds Here are some details about our work in April and May on making Tails reproducible. This effort is covered by the Mozilla Open Source Support award (MOSS) that we've received. ### Current status In March we reported [https://tails.boum.org/news/report_2017_03]] that we had finally seen an ISO image build reproducibly on several machines. Since then we kept working on this front. Our automatic upgrades are now reproducible, however, one remaining issue currently blocks us from claiming that our ISO images are too. We are confident that this issue will be solved within a few weeks. ### Reproducible website build In March we've made great progress to get our website build reproducibly. Later on, we realized that ikiwiki resized some images of our website which sometimes contained timestamped metadata, thus making the ISO image build unreproducibly. We have worked around this on our side ([[!tails_ticket 12526]]), and will fix the root cause of the problem in ikiwiki upstream ([[!tails_ticket 12525]]). ### The blocker: fontconfig The cloud which hides the blue skies and the sun in the reproducible builds solar system today, and which is our sole remaining problem to make our ISO image build reproducibly is this: we ship a cache for fonts in Tails. However, this cache is currently not generated in a reproducible manner. In March we tried moving its generation out of the ISO, however, it makes Tails start slower and resulted in too many unreliable test failures. Thus, we decided to move it back into the ISO image and to try and fix the root cause of the problem instead. We filed [[!debbug 863427]], but we already know that our patch is not yet enough to fix the problem, although it greatly reduces the number of differences from 75 to 5 ([[!tails_ticket 12567]]); so we'll keep working on it. ### ISO image and IUKs Our automatic upgrades are now reproducible ([[!tails_ticket 12630]]). When we generate the ISO image using isohybrid, we pass it an ID. We tried setting this ID to `$SOURCE_DATE_EPOCH` which resulted in a reproducible, but non-hybrid, ISO. Thus, we decided to pass a fixed ID instead: [[!tails_ticket 12453]]. ### The bright future Remaining technical issues are tracked on [[!tails_ticket 12608]]. We are working on documenting how to modify our release process to ensure the ISO images we publish are reproducible ([[!tails_ticket 12628]], [[!tails_ticket 12629]]). For those of our users who want to verify their own ISO builds against ours, we'll soon document how to do that ([[!tails_ticket 12630]]). ### Infrastructure See the Infrastructure section below for our work on the infrastructural aspects of this project. Documentation and website ========================= - We have published the Tails Social contract [https://tails.boum.org/contribute/working_together/social_contract]. - We finished updating all our documentation to Tails 3.0, based on Debian Stretch. - We updated our documentation to a new layout of the *Universal USB Installer* for Windows and scaled its screenshots to fix an issue reported by [[!tails_ticket 11527]]. - We updated our documentation of the build system [https://tails.boum.org/contribute/build], as a result of the work on reproducible builds. User experience =============== - We started experimenting with *Piwik* to do web analytics. - We continued redesigning the main window of *Tails Installer* [https://mailman.boum.org/pipermail/tails-ux/2017-May/003374.html]. <a id="infrastructure"></a> Infrastructure ============== - We upgraded some more of our systems to Debian Stretch. - We have started to research Piwik as a candidate for a web analytics platform for our website ([[!tails_ticket 12563]]). - We have continued the efforts to optimize our systems' resources, by playing with different settings of the NUMA balancing ([[!tails_ticket 11179]]). - We have adapted our CI infrastructure to be able to bring back the email notification mechanism for build and test failures, at least for branches which have tickets in a "Ready For QA" state in Redmine ([[!tails_ticket 11355]]). This will be unleashed in June so that we'll be able to gather statistics about false positives in our CI notifications to developers. - Most of our efforts have been focused on upgrading our infrastructure to support reproducible builds, see below. ## Reproducible builds After a long discussion, we [[!tails_ticket 12409 desc="decided"]] not to publish any Vagrant basebox at all: the key argument in favour of this major design change was to remove one huge binary blob from the list of trusted inputs needed for building a Tails ISO image. This will substantially increase the value of Tails ISO images building reproducibly. This decision has a few nice side effects, including: * the properties of the basebox required to build a given state of our code base are entirely encoded in the corresponding Git commit; * changes in the ISO build box definition don't require building and uploading a new basebox. Then we made enough progress to migrate our Continuous Integration platform to the build system used by developers. This is now running in production, not exactly smoothly yet (as explained below), but well enough to keep supporting our development and quality assurance processes. For details, see [[!tails_ticket 11972]], [[!tails_ticket 11979]], [[!tails_ticket 11980]], [[!tails_ticket 11981]], [[!tails_ticket 12017]], and [[!tails_ticket 11006]]. Then we had to deal with a number of issues that we were not in a position to identify before submitting this brand new system to a real-world workload. Some are fixed already ([[!tails_ticket 12530]], [[!tails_ticket 12578]], [[!tails_ticket 12565]], [[!tails_ticket 12541]], [[!tails_ticket 12529]], [[!tails_ticket 12575]], [[!tails_ticket 12606]]). Work is still in progress on some other problems: they are our Continuous Integration engineers' top priority, and should be fully resolved in the next couple of months. Finally, we have [[!tails_ticket 12579 desc="set up"]] automated tests for the reproducibility of our ISO image. Obviously, the results of these tests [are publicly available](https://nightly.tails.boum.org/reproducibly_build_Tails_ISO_test…. Funding ======= - We are still in the process of discussing our proposal with OTF, and reworking it accordingly. - We've submitted a proposal to Lush Digital Fund [https://uk.lush.com/article/introducing-digital-fund]. - We started migrating our European fiscal sponsor from Zwiebelfreunde to CCT, the Center for the Cultivation of Technology [https://techcultivation.org/]. Outreach ======== Past events ----------- * gagz and geb did a presentation and a workshop of Tails at the CPML [http://medias-libres.org] yearly meeting. On-going discussions ==================== - We started to discuss the coordination of Tails 3.0 and Debian Stretch releases [https://mailman.boum.org/pipermail/tails-dev/2017-May/011451.html]. - The news on the update of our build system received a lot of answers [https://mailman.boum.org/pipermail/tails-dev/2017-May/011416.html]. Press and testimonials ====================== * 2016-08-05: A step-by-step guide on how to download, install, and start using Tails, the world's most secure platform [http://www.techrepublic.com/article/getting-started-with-tails-the-encrypte…] by Dan Patterson in TechRepublic. Translation =========== All the website --------------- - de: 59% (2977) strings translated, 5% strings fuzzy, 52% words translated - fa: 43% (2200) strings translated, 9% strings fuzzy, 47% words translated - fr: 87% (4357) strings translated, 1% strings fuzzy, 85% words translated - it: 31% (1585) strings translated, 4% strings fuzzy, 28% words translated - pt: 28% (1443) strings translated, 8% strings fuzzy, 25% words translated Total original words: 52.798 Core pages of the website ------------------------- - de: 82% (1537) strings translated, 10% strings fuzzy, 82% words translated - fa: 37% (695) strings translated, 10% strings fuzzy, 39% words translated - fr: 98% (1843) strings translated, 1% strings fuzzy, 98% words translated - it: 78% (1473) strings translated, 11% strings fuzzy, 78% words translated - pt: 48% (910) strings translated, 13% strings fuzzy, 49% words translated Total original words: 17.079 Metrics ======= * Tails has been started more than 694.165 times this month. This makes 22.392 boots a day on average. * 13.181 downloads of the OpenPGP signature of Tails ISO from our website. * 110 bug reports were received through WhisperBack.

1 0

Tails report for May 2017
by sajolida 06 Jun '17

06 Jun '17

Find our May 2017 report online here: https://tails.boum.org/news/report_2017_05/

1 0

May 2017 report for the metrics team
by Karsten Loesing 06 Jun '17

06 Jun '17

Hello Tor, hello world! Below you'll find the highlights of Tor metrics team work done in May 2017. On behalf of the Tor metrics team, Karsten Added new visualizations of OnionPerf onion server measurements to the Metrics website [1]. [1] https://metrics.torproject.org/torperf.html?start=2017-03-03&end=2017-06-01… Experienced a sustained increase in requests to the Onionoo [2] servers from 800/sec ~4k/sec for almost 1 week, which could finally be handled by increasing the number of front-end servers from 2 to 5 and reducing the TLS RSA key size from 4k to 2k. [2] https://metrics.torproject.org/onionoo.html Released metrics-lib version 1.7.0 [3] which adds support for newly added fields in Torperf/OnionPerf files and extra-info descriptors, streamlines some method names, and fixes a few bugs. [3] https://lists.torproject.org/pipermail/tor-dev/2017-May/012261.html Performed an analysis of adding Laplace noise to directory-request statistics to evaluate whether the resulting statistics would still be sufficient for estimating user numbers, but concluded that this still needs more research. [4] https://trac.torproject.org/projects/tor/wiki/org/teams/MetricsTeam/Obfusca…

1 0

Network team meeting notes, 5 June 2017
by Nick Mathewson 05 Jun '17

05 Jun '17

Hello! Below are our notes from this week's meeting on #tor-dev The meeting log is availble here: http://meetbot.debian.net/tor-dev/2017/tor-dev.2017-06-05-17.00.html ============================ Network team pad, for 5 June Meeting (or 6 June, for those >= UTC +5) Things we should talk about: * Let's do something about that crashing bug [TROVE-2017-00{4,5} , I assume?] (remember: anything in this pad is public, even if you delete it, it's in the history) (Currently discussing on network-team-security.) * Can we please not use Google Docs? They don't work for teor in Tor Browser #22478 (Noted.) * should isa go to wimlington for 1 day? (could be usefult for organizing drl and tor launcher auto feature tasks) [dgoulet] Might be useful for me at least since I'm going to the DRL meeting after in Montreal. * Do we want to Add noise to PaddingStatistics? #22422 [teor, mikeperry, ... } ] * What is our path towards calling sponsor4-bw-usage work completed? [isabela, nickm, ahf] Tasks for after the meeting: * Team rotation calendar for June is open: https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/TeamRot… * PLEASE TRIAGE 0.3.1.x TICKETS. That is, make sure that what you own is what you will do. If there is something that must be done, and you won't do it, make sure there's a plan :) * "Does anybody see any "needs_revision" or "new" or "reopened" tickets on 0.3.1 that it would be a Bad Idea to defer? If so let's make sure they are assigned, and/or "high" priority." teor: Last week: * Released PrivCount 1.0.0: https://github.com/privcount/privcount/blob/master/ReleaseNotes.markdown * Found some trouble with the ed25519 link handshake in my test authority logs #22460 * Opened Reduce REACHABLE_TIMEOUT in test networks #22463 * I think dgoulet would like this so when a chutney relay is killed, it disappears * Opened Stop using GeoIP country after buf has gone out of scope #22490 (Please feel free to grab any of the bugs I have opened.) This week (or month): * Revise: Make clients wait before trying to bootstrap from a directory authority #17750 * Update the config on my test net authorities * Design Hidden Service Upload Statistics for PrivCount 1.1.0 These are the simplest and safest stats we could collect: * How many descriptors are uploaded per HSDir? * How many intro points per descriptor? (Histogram, HSv2 only) * How many bytes per descriptor? (Histogram) How many bytes per HSDir? * How many different descriptor versions are uploaded? (Histogram) haxxpop Last week: * Read some prop224 service code of dgoulet * Review a bit of asn's client side descriptor fetching This week: * Continue reviewing asn's code asn [Unlikely I'll be around for the meeting. It's some orthodox christian national holiday here today.] Last week: - Finalized #21403. It's now on David's hands. - Did more guard hackfest prep and sent out homework mail. - Pushed #22430 but it now needs revisions. - Pushed #22052 which got merged. - Reviewed #22460. This week: - More hackfest preparation. - More proposal247 cleanup. - Travel prep. - Travel! Mike: Last week: - At Seattle office! - Got Adaptive Padidng stuff running in chutney. Working with Marc Juarez on making real histograms. (mikeperry/adaptive_padding-draft-rebsed2). This week: - Continue to test AP code and add features to help research - Prep for guard meeting, maybe send out some more links Nick Last week * More "unspecified" triage. I'm up to #10000 * Diagnose and fix 22460, 22466 * Planning on sponsor8 work This week: * Reminded tor-relays about EOL for 0.2.4, 0.2.6, 0.2.7 on 1 Aug. * More "unspecified" triage. * Merge fixes for 22460, 22466, TROVE-2017-004, TROVED-2017-005; put out releases. * Prep for delaware meeting komlo Last week: - Finished implementing protover API in Rust (but it still needs refactoring) - Added more Rust coding standards to https://trac.torproject.org/projects/tor/wiki/RustInTor, feedback welcome (the wiki is a work in progress, more to come) This week: - Refactor/basic clean up of Rust protover, get ready for wider review - Hackfest prep catalyst: Last week: - [sponsorM] more delving into control.c and bootstrap reporting. lots of messy stuff happens by side effect. - #22413 check libzstd version at configure time - Community Team meeting - reviewed #22466 - [sponsorM] Tor Launcher meeting - bug triage - commented on #22469 (exitpolicy syntax inconsistencies) This week: - prep for Wilmington meeting - dig more into whether TLS timeouts or our retry schedule more strongly delays bootstrapping ahf: Last week (unordered) - Working on #22275 (prop #278 merge to dir-spec.txt). - Cleaning up the test cases in #22497 - Reviewed bug fixes for #6298 - Oniongit testing. - Got ESTA approved for traveling to the US. This week: - Close sponsor 4 tasks: #22275 + look and compare measurements. - Help out with 0.3.1 issues! - See if I've not already looked at some of the things in asn's hackfest homework email. - Travel to the US! isabela: - work on writing sponsor4 may report - figuring out how to 'declare done' sponsor4 core team activity: https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/Sponsor… - organizing notes from tor launcher automation feature meeting past friday (june 2nd) - should i go to wimlington and hang out for a day? like wednesday maybe. Could be helpful to organize tor launcher automation tasks as well as drl upcoming contract tasks dgoulet Last Week: - SponsorR ticket triage. - Finalized #20657. Heavy testing on the service branch. Also tested along with asn's client branch (#21403). - I've now taken over #21403 until further notice from asn. - Review of #22460 and #22466. - Bad relays world needed me again... - Test network updates and poking unresponsive operator. - Helped with the new TROVE this morning taking armadev work and putting it in commits. This week: - Preparing for Wilmington meeting. - prop224 client implementation (#21403).

1 0

May 2017 Report for the Tor Browser Team
by Georg Koppen 05 Jun '17

05 Jun '17

Hi! In May we made an alpha release, Tor Browser 7.0a4[1], mainly to test the progress we made in our transition to Tor Browser based on Firefox ESR 52. Highlights in this release were stability improvements, binding permissions to the first party domain in the URL bar, and neutering various new and old fingerprinting vectors. For users with a 64bit Linux system Selfrando support got added which was one of our main security enhancements that lived in the hardened series previously. We'll evaluate this defense in our alpha series over the coming releases and hope we can ship it soon in our stable series as well. Apart from doing release work we focused on getting Tor Browser 7.0 more stable, fixing our test suites[2], and on making our build system faster and more scalable. Switching our official nightly builds to using rbm, our new reproducible builds manager, got delayed, unfortunately, but we continued to fix bugs in it as we found them[3] and hope to get to the transition during June eventually. The full list of tickets closed by the Tor Browser team in May is accessible using the TorBrowserTeam201705 tag in our bug tracker.[4] For June we plan to release Tor Browser 7.0 and move onto the Firefox ESR 52 train, finally. We expect some fallout from that and will address the major issues as fast as we can while we are finishing the remaining items for the 7.0 transition[5]. We plan to continue our build system improvements and get back to integrating our Panopticlick instance into our Q&A environment as a top priority[6]. Furthermore, we'll start upstreaming our newly written patches to Mozilla and plan to create new ones for outstanding tracking and fingerprinting defenses. All tickets on our radar for this month can be seen with the TorBrowserTeam201706 tag in our bug tracker.[7] Georg [1] https://blog.torproject.org/blog/tor-browser-70a4-released [2] https://trac.torproject.org/projects/tor/ticket/21982 [3] E.g. https://trac.torproject.org/projects/tor/ticket/22444 [4] https://trac.torproject.org/projects/tor/query?status=closed&keywords=~TorB… [5] https://trac.torproject.org/projects/tor/query?status=accepted&status=assig… [6] https://trac.torproject.org/projects/tor/ticket/6119 [7] https://trac.torproject.org/projects/tor/query?keywords=~TorBrowserTeam2017…

1 0

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

tor-project