- tor-project - lists.torproject.org

Notes from August 31 2017 Vegas team meeting
by Karsten Loesing 01 Sep '17

01 Sep '17

Notes for August 31 2017 meeting: Roger: 0) I'm back from the crazy travel. For a bit. Do you have anything to add to my TODO list? 1) NSF report marathon update: Three reports are in and approved! One is due in two days but technically it's not ours to write. The fifth is due in a month and is on track. 2) SponsorR is ending real soon now. We should wrap up and invoice them. 3) My future hobby: getting the network team to adopt bwauth 4) Capture The Onion contest, and Tor Village at Defcon next year 5) I've been playing 34c3 ticket fairy. Do you need one? Does anybody on your team? 6) Next week I go to NYC to work on website stuff, and Seattle 7) In mid Sept, I might be on a Tor Hidden Services panel in Baltimore 8) In Oct, I'm on a "National Priorities in Computing Research" panel in DC 9) I started trying to find a time to visit SIDA. Maybe I'll try to bring Alison. Georg: 1) We finished the hiring process for the Tor Browser team (there will be a new team member starting mid-September) and are starting to go over applications for the mobile browser position. 2) Work on a new stable release and Sponsor 4 is ongoing. 3) I wrestled with getting a bug bounty paid out. Do we want to have bug bounty related Tor swag? (Hint: I think "yes") If so, how do we get that project going? Isabela: 1) last week - sponsor4 - got deliverable completion reports for TB out for invoices - ux - worked with linda on planning for the upcoming weeks of work, helped with onion browser survey. worked with tommy on designer grant proposal - met with drl for project kick off - homework for me from this meeting is to review M&E of sponsor 8 and communicate with the team what the expections are for this first quarter of project 2) this week - sponsor4 writing network team deliverable completion report for us to invoice - ux - shipped designer grant proposal got to a good version with onion browser survey preparing ticket to move it to hiro to build it. found a place (with arma help) for us to meet in NYC next week and work on the website redesign - also do prep work for this meeting. - writing blog post about orfox work and our focus on mobile 3) brazil update - the brazukas want to write a report on the state of relays in brazuka land Steph: 1) Helped launch OONI Cuba report, edited post, shared, contacted media. 2) Working on Onion Browser survey with UX team 3) Got proposals from 2 possible speaker trainers for Oct 14 half day Montreal training, decision likely next week when Shari is back 4) Working w Isa on Orfox blog post to be published next week. Planning other content w Tommy. 5) Fundraising campaign on hold after 2 meetings. Arturo: 1) We published a report on internet censorship in Cuba: https://ooni.torproject.org/post/cuba-internet-censorship-2017/. It was covered by Amnesty (https://medium.com/amnesty-insights/cubas-internet-paradox-776213c8ddb0) Motherboard (https://motherboard.vice.com/en_us/article/vbbjxm/here-are-the-41-websites-…, was happy to see they used one of our charts in their article featuring the OONI logo) and more to come. 2) Started to convert the style guide Elio made (https://github.com/OpenObservatory/design/issues/3) into a "Living Style Guide" (https://github.com/OpenObservatory/design/pull/4) http://openobservatory.github.io/design/ 3) Seems like we have mostly sorted out the design issues related to securing our probe orchestration system. See: https://github.com/TheTorProject/proteus/issues/24, https://github.com/TheTorProject/proteus/issues/26, https://github.com/TheTorProject/proteus/issues/27. Alison: 1) LFP won about $250,000 from the Institute of Museum and Library Services!!!!!! 2) The membership guidelines are finally out for a vote! Go vote! 3) LFP is getting a website and logo redesign. 4) Tor meeting agenda: I didn't get a ton of responses. Should we put out another call for agenda items? [Isabela: I think we will get more responses once we share a draft, seeing others ideas help ppl think of what is missing or what to suggest] 5) I may meet up with Roger today to talk about getting more global coverage for the speakers bureau. Karsten: 1) Released Onionoo protocol version 4.1 which adds a "version" parameter and removes bridge clients objects' beta fields "countries", "transports", and "versions". 2) Planning to have a team meeting in the last week of September in Berlin and bring results/questions to Montreal two weeks later.

1 0

New desktop browser developer, and other open positions!
by Erin Wyatt 29 Aug '17

29 Aug '17

Hello everyone! Good news — the Browser Team has just finished recruiting for the desktop browser position, so we have a new employee starting the third week of September! I’ll send an email introduction soon. Yay! :) In related news, we have three other positions open at the moment, and we need your help publicizing them! Specifically, we’re looking for two browser developers for mobile (Android), and one Android developer. Please see our jobs pages for more information: https://www.torproject.org/about/jobs.html.en <https://www.torproject.org/about/jobs.html.en> Please tweet/post/forward the job postings to any person, organization, mailing list, or social media platform that you think might be helpful. Thank you! Cheers, Erin Wyatt HR Manager ewyatt(a)torproject.org GPG Fingerprint: 35E7 2A9F 6655 45F9 2CB6 6624 BA0C 9400 F80F 91CE

1 0

Network team meeting notes: 28 Aug 2017
by Nick Mathewson 28 Aug '17

28 Aug '17

Hi, folks! Another week, another meeting. You can see the IRC logs from http://meetbot.debian.net/tor-dev/2017/tor-dev.2017-08-28-17.01.html . Here are the notes from our pad: ===== Network team meeting, 28 August 2017 (1700 UTC) Announcements and requests: - PA request from HS team: We need some help with review-group-22 since all our prop224 tickets are blocked by this review group. We've already reviewed most of the tickets; there are 2 left which would be great if were handled by other team members since we have tons of other prop224 stuff to tend to. Thanks! :) - 031 stable release? Triage, Bug fixing, ... so we can meet the release deadline? People out: - ahf (returning wednesday). teor: - Last week: * Caught up on emails * Caught up on other admin * Re-planed PrivCount Experimental for the next few months * Tried to work out how to generate random floating point numbers that are good enough for Laplace noise (current hidden service stats) and Gaussian noise (PrivCount in Tor). Turns out floating point is really lumpy. https://trac.torproject.org/projects/tor/ticket/23061 * Told people that I want to limit the amount of work I do on fallback directories: https://lists.torproject.org/pipermail/tor-project/2017-August/001405.html - This week: * Work out how many onion addresses an HSDir should expect to see https://github.com/privcount/privcount/issues/397 * Try to stop adding features to PrivCount 1.1.0 so we can actually do the release komlo (offline) - Last week: - Fixed up Rust protover from isis's review - This week: - Pair with isis to finish up Rust protover, submit it for wider review hopefully by next week - Send out Rust kata for the Rust hack day in Montreal, if people want to work on it beforehand nickm (out from Wednesday through next Monday) - Last week * Lots of review and merge, especially hidden service client-side stuff * Working on the aftermath there * Lots of tiny tickets in 0.3.2.x. * Starting to triage some 0.3.2.x stuff; discussed stragegy with isa - This week * Only around 2 days. Planning to review patches and triage 0.3.2.x. * Didn't get 0.3.1.x-rc out last week. Maybe can make progress this week? Still bugs to fix. #22752 seems blocker-ish. * Going to hack some low-hanging sponsor8 efficiency stuff, time permitting. * going to try to empty my inbox - Queries dgoulet: - Last week: * prop224 client upstream merge (YAY!!!) which lead to bug hunting lots of issues. Some relevant tickets I worked on are #23300 and #23308. * Reviewed tickets in review-group-22 including the big KIST one from pastly in #12541. * I've addressed some tickets in 031 milestone as well. More work there remaining for the stable release. - This week: * Wrapping up many bugs for prop224 so we can get it in a good state before the 032 feature freeze. This means continue integration testing and hopefully tackling #23310 sooner rather than later. * Follow up with pastly on KIST scheduler and try to make it in time for the feature freeze deadline. * I'll prioritize 031 tickets review/revision this week so we can meat our release deadline. pastly: last week: NRL stuff this week: NRL stuff, meet with dgoulet about KIST haxxpop: few weeks ago: run the hs desc fuzzing and found a bug #23233 [Good stuff! --dgoulet] << d(^ ^) this week: I will continue the fuzzing on the inner layer of descriptor asn Last week: - We got the client-side of prop224 merged (#17242). We are basically 3/4 of the way done for prop224. The rest 1/4 of work is testing, bugfixes, unittests, and quality of implementation improvements! There are lots of them. See our pad for more details: https://pad.riseup.net/p/LPVY6AL_prop224_upstreaming - Spent lots of time testing our prop224 branches for bugs related to hsdir indices and overlap period. Found a few and fixed them: #23157, #23110, #23309, #23335 - Wrote patches for more prop224 issues: #23056, #23343 - Reviewed #19418, #22779, #22802, #17242 as part of review-group-22. This week: - This week we hope to get all the current prop224 blocker bugs merged upstream, so that we have a common branch to work from. See our pad above for more details. - We need to keep testing prop224 and writing unittests. We keep finding new bugs :-) - Maybe write a few more stuff in #23126 about how to do hsv3 statistics. isabela Last week: - caught up on emails after looong vacation - chated with networkers about 0.3.2 triage and all the long backlog we have, how to organize it over the different upcoming releases (033 and 034) - tried to coordinate dependencies TB team has on network team for Tor Launcher UI udpate (progress bar and moat api) This week: - write sponsor4 deliverable completion report - following up on dependencies (question for catalyst and isis and nick?) - just checking in if things are moving on and if there is any udpates/blocker we should be scary about (TB dependencies) - plan to check in with sponsorR deliverables completion - and to check in with sponsor8 work (how is it going etc, I need to pair this up with what we wrote at M&E which is a looong story but no worries #wegotthis) - if all goes well I also plan on getting us started with roadmap planning (for montreal) catalyst: last week (2017-W34): - looked at floating point nastiness (#23061) -- I should probably drop it but I want to make sure we explicitly say things like "we don't care about holes in the range where we lose precision" - poked some more at bootstrap progress reporting - somewhat distracted by general awfulness in the world (and family in Houston) this week (2017-W35): - travel arrangements for Montreal - figure out how to incrementally retrofit a higher-level state machine that tracks bootstrap progress based on lower level events (so lower level code won't have to break abstractions to report boostrap progress) - review #23149 - ask pointed questions about how much precision we need in #23061 isis: last 2 weeks: - vacation - brief amounts of work to fix some issues with the bridge authority and talk to the intern this week: - moat backend #22817 - montréal arrangements -- Nick

1 0

Notes from August 24 2017 Vegas team meeting
by Karsten Loesing 28 Aug '17

28 Aug '17

Notes for August 24 2017 meeting: Isabela: 1) was on vacation - so catching up on all things 2) writing reports for sponsor4 deliverables that are done 3) picking up on Tor Launcher work 4) Met with Tommy to work on a proposal for OTF to pay a part-time UI designer to work with UX team for 6 months 5) wrote a self-feedback performance report to my peers/manager 6) pinged some teams/people to get meetings organized for Montreal Alison: 1) Working on getting agenda ideas for Montreal 2) Made some more updates to the support wiki with Phoul 3) One more day for contributor guidelines proposal drafting, then vote 4) Worked out letter of inquiry template for outreach funding with Tommy 5) Did first fundraising sprint, second one is today Georg: 1) I wanted to raise awareness of https://zerodium.com/program.html which is getting circulated 2) I've been catching up on things after being mostly away from keyboard last week Nick: 1) Back from vacation. Too many things to pay attention to! 2) Expect to merge working next-gen hidden services in the next 7 days. 3) Trying to coordinate timeline for launcher bootstrap-progress backend stuff with catalyst, mcs, isabela, etc. Not sure I have great visibility into the status there. 4) Our triage-and-planning process is still wonky on my team, but I think we're learning Shari: 1) lots of time working with Giant Rabbit to start end-of-year campaign 2) board meeting next week to talk about adding new members 3) talking with DRL to kick off Tor mobile grant 4) gonna send a note around about upcoming vacation (I'm out starting Tuesday of next week) 5) welcoming Tommy to his new home in Seattle; talking with him about grant strategy 6) trying to get Sukhbir as MDF tech fellow; reviewed other applicants while we wait Steph: 1) Fixing some issues with the odp and odt templates. 2) Working on our end of year fundraising campaign, sprints yesterday and today 3) Fielding inquiries, managing social media, blog calendar. New post from OONI going up Monday, will be getting the draft today 4) Talking to 2 possible speaker trainers for a half day training in Montreal. Should be able to make a decision on Tues at next comms meeting 5) Working with UX team on Onion Browser user testing survey Brad: 1) Ongoing work related to the financial statement and compliance audit for calendar year 2016 2) Also beginning work on preparation of Form 990 (annual tax return) Arturo: 1) We have been discussing quite a bit the issue of securing probe orchestration (when we will deploy the run any ooniprobe test version of it). Here: https://github.com/TheTorProject/proteus/issues/24, feedback from crypto/security people is appreciated. 2) Had calls with some researchers how we can better work together and they can help us solve some of the research problems we have. 3) We sent the first OONI push notification telling people to run ooniprobe in Angola to monitor the elections!

1 0

Idea for the Tor open hackdays
by Arturo Filastò 25 Aug '17

25 Aug '17

Hi Tor people, I would like to propose an idea for the Tor open hackdays at the Montreal dev meeting. I think we can improve how people coming to the Open hackdays are guided towards finding some interesting Tor related project to hack on. If I were a new comer, showing up to the open hackday I would probably have a hard time figuring out: a. What are all the various projects that Tor is working on and which ones would be most suited for my interests and skills b. Who are the people that I should be speaking to in order to get guidance on what and how to hack on a thing Given this, what I would like to propose is that we have a very minimal agenda for the first part of day 1 of the Open hack days, where 1 representative from each Tor team (or project) or anybody else interested in pitching their idea, gives a 10 minute max presentation telling people: - What is the project they are working on - What are some of the open problems/things they would like people to hack on - What sort of skills are needed in order to hack on them - Who they should speak to - If there is some sort of semi-planned designated time and location mention that too I would make the whole thing also open for people from the community to pitch their own ideas and recruit people to join them. What do you think? ~ Arturo

6 5

support the torproject with bridges
by Felix 23 Aug '17

23 Aug '17

Hi isis > I don't want to speak for the Tor Browser Team, but I think we'd be > happy to take you up on it. I can add your obfs4 bridges to Tor > Browser's default bridges, or—if you would be excited to write the > patch—I can show you where/what to edit. Please let me know which > you'd prefer. It's may-be better done by the experts - means not me :) > Please don't paste it here on the list, but we'll need the IP(s), > obfs4 ports, fingerprints, and bridgelines for your bridges. > The fingerprint should be in $DATA_DIRECTORY/fingerprint and > the bridgeline should be in $DATA_DIRECTORY/pt_state > /obfs4_bridgeline.txt. All is here. Where shall I ship this stuff ? > Thanks again! It's my pleasure. -- Cheers, Felix

5 8

Cloud Compute Resources for Tor Browser
by Tom Ritter 23 Aug '17

23 Aug '17

As we wrap up the GSOC, I wanted to do a retrospective on the Tor Browser development process for new people. Basically, building Tor Browser is difficult from a setup perspective (we're always working on making it easier, but it's still not trivial) and it's difficult from a resource perspective - it can take a long time to build Tor Browser. You can easy have a day where if you get two compiles in - that's a good day. Couple that with the trial and error process that new people usually have with a software project - and you have a pretty high barrier to entry. The experience with nmago this past summer illustrated how important this is. I estimate he would have been able to accomplish 33% to 50% more than he was able to accomplish if he had both a faster machine and a pre-set-up build environment. What I'd like to do to improve this situation is to provide a development instance on EC2. We can publish an image that anyone can run on their own and do development in. They would have to pay their own money to run the machine, while the host org (Tor or me) would pay a small cost each month to provide the image (I think <$3/month). Furthermore, I'd like Tor Project to _fund_ this development image for future GSOC people and potentially others on a case by case basis. GSOC is finishing, so this isn't an actual request to pay any money now. But I think we should in the future. Right now, the cost to reserve a single machine for an entire year is 2248.28. If we only did on-demand it would be 825.72 for 3 months. There is no reason we couldn't have multiple people using a single machine; aside from if two people compile at the same time they'll be fighting for resources. Depending on how often it is used this may not matter or it may matter a lot. Obviously we don't trust cloud images, but this is for developing patches which will receive code review. There is no real trust here, unless the user does something silly like put their ssh keys on it, which they should not. -tom

7 8

Brave hiring for Tor Integration
by teor 23 Aug '17

23 Aug '17

Hi, Brave Browser is currently hiring a Tor Integration Engineer: https://brave.com/jobs/?gh_jid=781438 (Needs JavaScript. Mentioned by Zack on tor-relays.) People on this list might be interested in applying. We should also work with them to make sure we understand: * their expected load on the network, and how to manage it, and * their branding, and how to manage comparisons with Tor Browser. (I'm sure there are more things we need to think about.) I would imagine it would be similar to other browser integrations that have been considered. Maybe we could develop a FAQ or standard set of questions for these. T -- Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------

1 0

How to help people on weekends?
by Roger Dingledine 23 Aug '17

23 Aug '17

Hi folks, I've noticed an interesting trend lately. I don't have great answers but I want to raise the topic for us to think about. We used to just all work all the time, and we were burning ourselves out, so many of us have switched to focusing on more traditional "daytime on weekdays" hours. That approach has the big advantage of increased density among core developers: people are more likely to be around then. But while this approach works well for people whose day job is Tor, the casualty is people whose day job *isn't* Tor. These people show up exactly on the weekends and evenings that now have fewer Tor people around to provide quick responses, community momentum, interaction with core developers, and all of the great things that a free software community needs for health and growth. I don't have any quick fixes, but I wanted to raise this issue as a key topic for us to consider as we try to find the right balance between "people can have lives" and "we are responsive to new contributors". We are not being the best that we can be when we have 60-hour gaps on irc, mailing list threads, blog comment follow-ups, etc and those gaps line up exactly with when excited helpful volunteers show up. :) --Roger

6 6

GSoC 2017 Ahmia Status Update #6
by Pushkar Pathak 22 Aug '17

22 Aug '17

Hello everyone, This is the bi-weekly status report for Ahmia - Hidden Service Search. ## Updated documentation and removed expired pages and links The documentation of Ahmia is now fully complete and available at ahmia.fi/documentation/. [1] ## Updates to 'about' page and other minor fixes in ahmia-site [2][3] ## Django 1.11 upgrade for Ahmia Currently Ahmia supports Django1.10. >> Future tasks - I am working on to add support for advanced search features but since final evaluation deadline is on 29 Aug, I have put this on hold to review the changes I already made and prepare a report I will get back to implement Thanks, Pushkar [1]: https://github.com/ahmia/ahmia-site/commit/d3af0b72d9b175c7d3d269119f4dceeb… [2]: https://github.com/ahmia/ahmia-site/commit/6ee614ad617b0f6202e20f139e6dded4… [3]:https://github.com/ahmia/ahmia-site

1 0