- tor-project - lists.torproject.org

GSoC 2017 - unMessage: Report #2
by Felipe Dau 28 Jun '17

28 Jun '17

Hi everyone! This is my report #2 for the unMessage GSoC project. # Updates Since the last report, I mostly worked on the file transfer task (#12) as well as on the logger task (#30). As I intended to implement the file transfer using asynchronous calls, I was able to use the previous work I had done for the asynchronous task (#21) as well as make a few improvements to it. # Deliverables These are the tasks we selected for the first evaluation period: - Improve setup script #35 [0] - Use attrs #34 [1] - Support file transfer #12 [2] - Add a logger #30 [3] These tasks have been finished and their code has been merged to the develop branch [4]. More technical details can be found in the tickets. # What's next The next steps for this second set of tasks are: - Continue making the methods listed in #21 [5] asynchronous - Start writing unit tests for #33 [6] The code for these new tasks can be found in my unMessage fork [7]. Sorry for the delay :/ Thanks, -Felipe [0]: https://github.com/AnemoneLabs/unmessage/issues/35 [1]: https://github.com/AnemoneLabs/unmessage/issues/34 [2]: https://github.com/AnemoneLabs/unmessage/issues/12 [3]: https://github.com/AnemoneLabs/unmessage/issues/30 [4]: https://github.com/AnemoneLabs/unmessage [5]: https://github.com/AnemoneLabs/unmessage/issues/21 [6]: https://github.com/AnemoneLabs/unmessage/issues/33 [7]: https://github.com/felipedau/unmessage

1 0

network team meeting notes, 26 June
by Nick Mathewson 26 Jun '17

26 Jun '17

Hi, all! You can find the transcript from our weekly meeting at http://meetbot.debian.net/tor-dev/2017/tor-dev.2017-06-26-16.59.html Here are our notes: ----------------------- Network team pad, for 26 June Meeting (or 27 June, for those in UTC+5 or later) Notes from last week's meeting: * https://lists.torproject.org/pipermail/tor-project/2017-June/001208.html (Did we do what we had planned?) Announcements and reminders: * review-group-18 is still not cleared. We have 3 tickets left in needs_review there which need to get reviews before nickm makes a review-group-19. * review-group-19 will come once the last 3 tickets in review-group-18 are done. * There are still 34 tickets in 0.3.1.x, including 9 in status "new" with no owner. We need to get 0.3.1.x done! * Employees: remember harvest. [also, if you have pending expense reports, try to submit them before end of june - you can do that via harvest as well if you like] * Isabela will ping people to start collecting information for nsf reports Things we should talk about: * We need a PT person (or at least point of contact) * How important is noise for padding statistics? Mike is thinking "Not very" compared to the type of attack described vs related guard discovery attacks I want to fix first. Tasks for after the meeting: * July team rotation schedule is available at: https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/TeamRot… teor: Last week: * Fixed a nasty security bug in PrivCount, released 1.0.2, and upgraded all the things * Deployed PrivCount HSDir upload stats on a relay for testing * Looked at all the privcount-tagged trac tickets and updated the PrivCount TODO lists * Tried to help out with the PaddingStatistics implementation #17857 etc. * Stop relays from knowing HS client and service addresses #22688, #22689 * Added a hs-network-min network to chutney: #22667 * Logged a few bugs in Tor and Tor Browser This week: * Document the PrivCount HSDir upload stats test outcomes * Prioritise the remaining 6 hidden service events (HSDir client, HSDir cache evict, Intro service, Intro client, Rend service, Rend client) Mike: Last Week: * Worked on #17857 and #22212. * Discussed padding statistics - I am not seeing this as urgent. * Reviewed #13605 (reduced exit policy option) This Week: * Mozilla all hands, all week... asn: Last week: - Caught up with backlog that accumulated during meeting - Work on prop247 stuff. Started the simulator work: It can currently do a basic prop247 simulation and print out some useful output. - Worked with David on some prop224 stuff - Reviewed some prop224 code and other tickets This week: - Review prop224 groundwork #21979 - Continue prop247 simulation. This week I'll spend debugging, make the compromise adversary models and create some nice graphs. - Update prop224 spec wrt SRV / desc overlap behavior based on discussions with david and the current implementation. - Rewrite the overlap logic of prop224 to use the slot system instead of absolute human times. - Revisit #22006 based on nick/isis review. - Hopefully Write wilmington blog post if I get the time. haxxpop: Last week: - Finished reviewing asn's client-side descriptor fetch code. He replied and I also did reply back :) - Read some lattice-based crypto (as a hobby) This week: - Review dgoulet's load and configure service code #21979 (with asn) - Maybe*, take over Fuzz v3 hidden services #21509 (if it's not done yet) dgoulet: Last week: * DRL meeting on Mon, Tue and Wed. (Nick asks: any takeaway lessons?) * Code review on a couple of hidden service tickets. * We do have #21859 (prop224 e2e code) in needs_review now on Gitlab which is the first ticket in review for prop224 inclusion in 032. * Discussed some action items with asn on prop224 about some intro points engineering issues and overlap period logic that is out of sync in the proposal. This week: * Full throttle prop224 work with splitting the service branch in smaller ones for review and upstream merge. * Continuing and hopefully finishing the client implementation. * July is really our target for a minimally working prop224 for both our sponsors and our Defcon talk (early August). Thus, expect lots of work on that on my part. nickm: Last week: * Thanks to ahf, helped diagnose big regression from prop140 (consensus diff) work: we weren't checking if-modified-since correctly any more! Ahf has a fix; testing again now. * Worked on compression issues that toralf found. * Reviewed lots of code. Merged a bunch. Continued bug triage. * Chased through some contacts to find clarity about copyright status for patches on old ticket from Access Labs. All's well. This week: * Pending isabela, send out notes on Who Works On What Between Now And September. * Circulate "supported platforms list" current draft from https://pad.riseup.net/p/QWpY4UYfAsaK , turn it into a wiki page, pending comment. Any comments? * Review more code * Fix pending 0.3.1.x bugs * Release another 0.3.1.x alpha * Write some stuff for 0.3.2.x * Work on or defer remaining 0.3.1.x tickets * More ticket triage on "unspecified" * Prepare for 0.3.2.x triage. ahf: Last week: Sponsor 4: - Been working on Sponsor 4 measurements with Nick: Looks good for clients so far, but we have regressed badly for relays. We think we know what the primary cause is (see #22702). - Been working on a fix for bug #22702 (Never send a consensus which the downloader already has). - Wrote a script to collect directory measurement from Tor logs. Can be found in ahf/tor-sponsor4-compression on GL.com - Working with Nick on the initial results: data in https://people.torproject.org/~ahf/sponsor4/ - Code review: #22719, #22502 (and thus #22626 + #22628), #22629 Misc: - Code review: #3056 This week (ordered): - Land fix(es) for #22702 after we have confirmed they work. - Land fix for the issue where a relay gets killed by the sandbox because we allocate a little bit over 16 MB memory. - Actually get around and finish the merge of prop #278 that I've kept postponing. - Help out with 0.3.1 issues - If time allows for it: write down a short text that tells the progress we have made with the sponsor 4 work (?) catalyst: Last week: * Reviewed a lot of review-group-18 and 0.3.1 tickets * Progress on reviewing #7869 * Registered for oniongit This week: * Check #7869 test coverage * Investigate #20532 * Investigate more test-stem issues * Bug triage * Ping komlo about followup from Wilmington testing session * Follow up and review support person hiring stuff * Experiment more with oniongit isabela: last week: - passed on next tasks to invoice for sponsorR to Brad - finally sent sponsor4 may report - working with tommy on modularization SOI - synced with Brad to get the info to build the spreadsheet for network team people's time allocation this week: - still waiting on one spreadsheet from brad to get back with nick on people's time allocation - hope to get that done this week - looking forward to finish a couple of pending tasks: update the brief for tor launcher automation and get an update on user growth strategy out to tor-internal - off on july 4th (national holiday) and july 5th-7th to get some personal stuff done - catch up with hiro on what we discussed in wilmington related to gitlab and trac pastly: Last weekish: - I hope you like documentation. I wrote a bunch - I hope you like tests. Did those too Time weekish: - nickm asks: "how is the permission-to-release coming?" - pastly says: no news. Was told it would take ~4 weeks about ~2.5 weeks ago - but plans on sharing with dgoulet and anyone that asks nicely ASAP - Finish fleshing out KIST tests. Main one remaining is for the scheduling loop - Once done fleshing out, will push to oniongit and ping dgoulet to make time for meeeeee isis: Last week: * code review on #22006 and #13703 * small patch for #4019 * did employment/insurance/tax paperwork * answering questions and comments for the internship post This week: * Expenses for amsterdam (!), seattle, and wilminton * Lay out tickets for tasks in the next couple months and figure out sponsors and timelines * Some meetings for Mozilla All-Hands that I should attend * BBC Radio interview * Start setting up backend stuff for moat since I believe the TB Team needs it soon(anything else that is higher priority?) [isa: I think for now this is it. like we chated TB team in august: https://storm.torproject.org/shared/pdwxRlkwBXvDC2SFqB8oFWpiu7RQx1wu0FTcIFw…] * Review the internship applications and narrow down the choices and pick one and get them started * Email to Rust team about where we're at * Email to oxidators about steps moving forward and tasks we need to assign ourselves

1 0

Core Tor team sponsor4 May report
by isabela 23 Jun '17

23 Jun '17

Core Tor team May 2017 report In May we released Core Tor 0.3.0.6 stable, our first stable release on the 0.3.0 series. [1] We also spend sometime organizing a team face to face meeting for June (Network Team Hackfest). This is part of an effort to give teams more opportunities to work face to face beyond our bi-annual meetings. We will be sharing more updates from this gathering on our blog. As part of proposal 140 we merged a GSoC project (#13339) [2] that created consensus diffs, done two years ago, and which will be of greater utility now with proposals 140 and 274-278. For that we had to do some update in the code and add more tests, here is the full list of tasks to add this project to our code base: * #21643 Extract, test, revise, and clean the diff code [3] * #21644 Fuzz the diff and patch code [4] * #21647 directory caches cache multiple past diffs or consensuses [5] * #21648 Caches generate diffs as appropriate [6] * #21649 Caches serve diffs on request [7] * #21650 Clients request diffs and handle diffs in replies [8] * #21673 Handle signatures correctly [9] * #22143 Implement May 3 updates to diff format in prop140 [10] * #22148 conformance to proposal, unhandled corner cases [11] * #22149 Update dir-spec with prop140 protocols [12] We are finished writing and testing proposal 278, and its relevant portions are now merged into dir-spec.txt (#22275) [13]. Tickets related to this effort: * #21664 - Prop278: Make the current 'torgzip' module a submodule of a new 'compression' module [14] * #21662 - Prop278: Add support for LZMA2 and/or Zstandard [15] * #21663 - Prop278: Refactor the torgzip module to support additional compression schemes [16] * #22066 - Prop278: Add memory measurement code in LZMA and Zstandard compression backends [17] * #22085 - Prop278: Refactor and simplify compression tests [18] * #21665 - Prop278: Establish an upper-bound for LZMA2 memory usage [19] * #21667 - Prop278: Handle new headers in directory.c [20] * child-tickets: * #21668 - Prop278: Update cached_dir_t and related types to no longer assume single compresison method [21] * #22065 - Prop278: Parse the Accept-Encoding header and pass it to "get" handlers [22] In June, we will be testing the merged code further, evaluating its performance, and fixing any bugs we find. [1] https://blog.torproject.org/blog/tor-0306-released-new-series-stable [2] https://trac.torproject.org/projects/tor/ticket/13339 [3] https://trac.torproject.org/projects/tor/ticket/21643 [4] https://trac.torproject.org/projects/tor/ticket/21644 [5] https://trac.torproject.org/projects/tor/ticket/21647 [6] https://trac.torproject.org/projects/tor/ticket/21648 [7] https://trac.torproject.org/projects/tor/ticket/21649 [8] https://trac.torproject.org/projects/tor/ticket/21650 [9] https://trac.torproject.org/projects/tor/ticket/21673 [10] https://trac.torproject.org/projects/tor/ticket/22143 [11] https://trac.torproject.org/projects/tor/ticket/22148 [12] https://trac.torproject.org/projects/tor/ticket/22149 [13] https://trac.torproject.org/projects/tor/ticket/22275 [14] https://trac.torproject.org/projects/tor/ticket/21664 [15] https://trac.torproject.org/projects/tor/ticket/21662 [16] https://trac.torproject.org/projects/tor/ticket/21663 [17] https://trac.torproject.org/projects/tor/ticket/22066 [18] https://trac.torproject.org/projects/tor/ticket/22085 [19] https://trac.torproject.org/projects/tor/ticket/21665 [20] https://trac.torproject.org/projects/tor/ticket/21667 [21] https://trac.torproject.org/projects/tor/ticket/21668 [22] https://trac.torproject.org/projects/tor/ticket/22065

1 0

GSoC 2017 Ahmia Status Report #2
by Pushkar Pathak 23 Jun '17

23 Jun '17

Hello everyone, This is my bi-week status report for Ahmia - Hidden Service Search. ## Add page Add page is working as planned. [1] ## Elastic upgrade to 5.4 I am working on to upgrade support from Elastic 2.4 to 5.4. The ahmia-index [2] is working fine with Elastic 5.4. The search results need to to be checked for Elastic support. Although I had planned to replace polipo with torsocks in the previous week, upgrading Elastic was top priority and therefore we shifted to it. Once the upgrade is done, data visualization of statistics need to be completed. Thanks, Pushkar Pathak [1]: https://github.com/ahmia/ahmia-site/pull/8 [2]: https://github.com/ahmia/ahmia-index

1 0

Notes from June 22 2017 Vegas team meeting
by Karsten Loesing 23 Jun '17

23 Jun '17

Notes for June 22 2017 meeting: Alison: 1) Tor Meeting invite draft -- ready to send to tor-internal? 2) working on the Community Team roadmap 3) Colin is almost finished setting up the support wiki 4) keeping an eye on the membership policy conversation 5) tying up a lot of loose ends created from vacation and grantwriting earlier this month! Roger: 1) Wilmington went well! Ask us questions if you have any. 2) New film from the Citizen Lab people? We should help draw attention to it! 3) This week I helped finalize the FOCI program. I'm shepherding a paper. 4) I relaunched the membership guidelines discussion internally. Ongoing. 5) I'm excited to see the Montreal invite thread move forward. 6) My Defcon talk is now scheduled: https://www.defcon.org/html/defcon-25/dc-25-speakers.html#Dingledine 7) Tomorrow Colin and Tom Ritter and I are doing an AMA for Transifex translators. 8) I'm trying to catch up on my logistics stuff before I disappear again on July 8. 9) Upcoming todo items include SponsorR attention and NSF attention. Nick: 1) Wilmington was a thing. 2) Moving forward with 0.3.1, 0.3.2 work. 3) Collaborating with Isa on mapping net team members to projects & vice versa. Step afterwards is to make sure that programming plan and financial plan match 4) Nothing seems to be on fire right now! Shari: 1) talked more with strategic planner 2) talking with Giant Rabbit's Richard Esguerra (formerly of EFF) about leading our end-of-year campaign 3) several applications to MDF for various things. 4) job description out for browser developer 5) working with comms team on messaging and getting up to speed. Arturo: 1) Published report on recent censorship findings in Egypt: https://ooni.torproject.org/post/egypt-censors/ (these findings also show the blocking of the Tor network, torproject.org, bridges.torproject.org, and ooni.torproject.org) 2) Updated the Egyptian and Palestinian test lists: (https://github.com/citizenlab/test-lists/pull/181, https://github.com/citizenlab/test-lists/pull/180) 3) Lots of logistics in preparation for the upcoming OONI Partner Gathering (we also ordered some OONI T-Shirts!) 4) Maria is in touch with the Campaign Director of Avaaz who is interested in making Tor more available/accessible to people in Egypt and elsewhere around the world. We have been providing them advice on how to do so, but if you'd like to get in touch with them as well, let us know and Maria will introduce you. 5) Made considerable amount of progress on implementing the next generation OONI measurements API backed by the new pipeline: https://github.com/TheTorProject/ooni-measurements/pull/22 6) Have been testing with Lorenzo push notification on iOS for the upcoming mobile app release Karsten: 1) Released metrics-lib 1.8.2 and 1.9.0, scheduled metrics-lib 2.0.0 for second half of next week. 2) Wrote blog post draft for metrics-lib 2.0.0 release with help by Stephanie and Tommy. Mike: 1) I seem to have a ton of people's timesheets showing up in my harvest account for approval (they were not in the approval list for me that Brad sent, either). Is this supposed to be happening? [brad: I'm working to resolve some of the setup issues now] 2) Fixing netflow bugs/tickets. 3) Next week is the Mozilla all hands meeting. Anything I should bring up there? (Erinn mentioned the new TBB positions. Anything else?) isabela: 1) New job posts for DRL mobile grant - we should start drafting them, Geko you will be out for vacation, how should we proceed? | after vacation o/ 2) Organizing NSF work with Roger and network team / get a subset of Brad's ppl time allocation per sponsor spreadsheet to Nick 3) sponsor4 may report / invoices updates to brad 4) super late with this because of other things that took priority -> trying to finish 2017/18 update / finish tor launcher feature brief update based on june 2nd meeting / but!!!! that doesn't mean things aren't moving, Linda is doing wireframes, Isis is working on moat api. 5) Hiro has a new layout from ux team for the blog, which fixes bad user experience tickets. I spoke with network team in Wilmington about gitlab and got some feedback for hiro on how to move fwd with it. 6) Linda reviewed tor launcher wireframes - should be shared with the team soon, very exciting! Next week Linda will be at MOSS all hands, so hopefully she will get more feedback there. Reviewing mocks for website, so we can pick up on that when Linda is back. 7) randomly helping the new peeps on different small tasks, reviewing SOI for DRL and trying to get the onboarding wiki page done Georg: 1) Moving on with Sponsor4 work 2) Do we know by now who is doing the non-Tor Browser parts for the moat bridge discovery thing? [isa: isis is working on it, I met with her in Seattle on early June and she knows the TBB team needs it by end of july or august if you will] Steph: 1) Digging through rt, cleaning up, taking, and responding to tickets 2) Working with Karsten on Metrics-lib 2 blog post 3) Aligning branding/messaging on social media profiles 4) Compiling singular press list from multiple sources. Training on civicrm next week. Will see if that's the best place for our press list and look into using it for sending newsletters 5) Taking things in, getting situated, strategizing comms plan. Feeling out messaging with input from comms periphery 6) Looking over site mockups, will be writing copy Brad: 1) Harvest adoption going well so far from accounting standpoint. Sue was able to complete the time allocations for May by 6/8, the earliest turnaround since I was hired last Nov. 2) Hoping to have the time approvals for June be handled by the "approvers" per the list that I sent out last month. --> I'll provide instructions on approval process to the relevant individuals by end of week. 3) Any questions/concerns/comments regarding Harvest so far?

1 0

GSoC 2017 - Crash Reporter for Tor Browser: Report #2
by Nur-Magomed 23 Jun '17

23 Jun '17

Hi everyone! This is my bi-week status report for GSoC project "Crash Reporter for Tor Browser". Project repository is available on GitHub [1]. # Crash Reporter Client: - added feature: never keep crash reports on disk; - working on blacklist feature (for fields that shouldn't be in reports). # Server side (Mozilla Socorro adaptation): - now working on local run. # What's next Crash Reporter Client isn't ready, but I've started work on server side, while I'm waiting for decisions about what data fields in reports are private[2] and may be about UI design changes. Thanks, Nur-Magomed [1] https://github.com/nmago/tor-browser [2] https://trac.torproject.org/projects/tor/wiki/doc/crashreporter#Analysisoft…

1 0

GSoC 2017 - anon-connection-wizard: Report #2
by iry 22 Jun '17

22 Jun '17

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello everyone! The following is my bi-week status report for the anon-connection-wizard project. # anon-connection-wizard development ## features implemented - - implemented edit mark approach - - added a help button on proxy page - - implemented torrc_page ## feature improved - - proxy password masked - - minor GUI changes - - update assistance message - - update URL for obtaining bridges ## links - - pull request[0] - - detailed discussion[1] # Other related work ## torrc.d preparation torrc.d[2] has been implemented in tor-alpha. Here is some preparation work [3]. ## Discussion on torrc output line related to obfs4 - - detailed discussion[4] # Next step ## request a parsing include in Debain configuration file ## Implement other features - - anon-connection-wizard will use torrc.d style soon - - figure out if torrc_page is sill necessary - - continue polishing anon-connection-wizard and implementing new feature s Thank you! Best, iry [0]: https://github.com/Whonix/anon-connection-wizard/pull/5 [1]: http://forums.kkkkkkkkkk63ava6.onion/t/graphical-gui-whonix-setup-wizard - -anon-connection-wizard-technical-discussion/650/258 [2]: http://forums.kkkkkkkkkk63ava6.onion/t/graphical-gui-whonix-setup-wizard - -anon-connection-wizard-technical-discussion/650/255 [3]: http://forums.kkkkkkkkkk63ava6.onion/t/torrc-d-is-comming/4041 [4]: http://forums.kkkkkkkkkk63ava6.onion/t/should-obfs4-have-the-managed-lin e/3991 -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJZTEbcAAoJEKFLTbxtzdU8y6gP/RLClcej3cyVRXKulGcvU2KD DYOwq9dHSf1G4PVW2de67/ALYI00GhZAzWnN5XM0ogMPsGoQCF7tJlRaahr0+nFA SfkLEZYMOy78ChQoouT5pfOMGDYcbAJ0P3KLesH66L7pls8HekMXYoi5eQOIERur WRubV8VVrcQ9Xo5zdVNdsWaeupUL+64dlxcb0b9fcfE5Wqr/0XsMPVXn5aZK2nzx 9VwO593dVPKTa9qC5nqQU+FNfYO1AQvppK6korsXv4nd9IYOWq2isLPIVecL1JOF ShD2X8b3/ctT3dFdw32rdq4EHZo3Eyg1ZgDN0YtVscPOngNxmokcz+1AyZrP6x3K 6Jsk+zHs31zeAuIc/JUeFiBAWNjpqu8ML2K8T1Ijkgijl2GwgsMAvY33LD6Z1zFP XOP9Y7qfltv19xEX364qCzPdNGdM76t3z+9jexhrRudBEG8fkJqK3RSEhekkt9PQ Pcsrs/ptq324j01yubiT3WKPnTndT2NsGGsQS3w3+uPfAY+xHmzirGULbTHd2DmX aCUayR4r+u8gr2lG+3TaCKnhi0lgf2t8rh7MAgtQ3WafHBPYk3pWuZObZEvmYn/w vnqOSIGynYKdSCsejQ8/vU8aKH1oMfnLUKzlpCyKpKjLlspkKFtMzRJ6sSuGIxqY UlyJ4Kq4rmaUTs91EImR =s9r8 -----END PGP SIGNATURE-----

1 0

FYI: Service Announcement - cymrubridge02 - obfs4
by Sina Rabbani 21 Jun '17

21 Jun '17

Dear Tor Project, Our operations team is currently investigating a network event. cymrubridge02 maybe experiencing an outage, and I expect the service to resume shortly. > https://atlas.torproject.org/#details/8F4541EEE3F2306B7B9FEF1795EC302F6B84D… I will send another update if this issue is not resolved within the next 2 hours. All the best, Sina -- Sina Rabbani | Systems Engineer | Team Cymru, Inc. srabbani(a)cymru.com | 0x53B422A8 | http://www.team-cymru.org/

1 1

Network team meeting notes, 19 June.
by Nick Mathewson 19 Jun '17

19 Jun '17

Hi! Our meeting log is here: http://meetbot.debian.net/tor-dev/2017/tor-dev.2017-06-19-17.00.html and our pad is copied below: ====== Network team pad, for 19 June Meeting (or 20 June, for those in UTC+5 or later) Things we should talk about: * What's blocking 0.3.1 bug fixes? * How are v3 hidden services going? * Should we try to get everyone to a) get a user on hiro's oniongit and b) get everyone to at least use for code review instead of gitlab.com? (ahf) * review-group-18 now exists! Please assign yourself as reviewer for some tickets. Tasks for after the meeting: * nickm: Find somebody to attend to each non-assigned 0.3.1.x ticket * Everybody: review everything in review-group-18 * somebody: update wiki (https://trac.torproject.org/projects/tor/wiki/org/process/TorOnTrac) with updates from http://5jp7xtmox6jyoqd5.onion/p/trac-hygiene teor: Last week: * Deployed PrivCount 1.0.1 on a few relays to check our previous results * Worked on PrivCount HSDir Upload (v2 & v3) Statistics (thanks for the privcount tags on trac, nickm!) * Added chutney hidden service network with different numbers of intro points #22599 * Found out that chutney doesn't support Hidden Service client auth #22646 * Tracked down some of the zstd issues #22502 and children This week: * Finish Implementing & Testing PrivCount HSDir Upload Statistics * Start planning Montreal travel * Start Implementing PrivCount HSDir Download Statistics dgoulet: Last week: * Wilmington Meeting This week: * I'll be at the DRL meeting in Montreal for the next 3 days (19th-21st) so expect communication delays on IRC/Email. * My focus will be prop224 as the 0.3.2 merge window has opened. A series of branch will get into needs review this week for both nickm and asn. Mike: Last week: * Wilmington This week: * Catch up on email, paperwork * Put finishing touches on Prop254 implementation * Maybe start work on torrc options needed for Prop247 prototype ahf: Last week: * Wilmington Meeting. This week: * Analyze log files to extract information on whether our sponsor4 efforts have reduced directory bandwidth usage. * Look into LZMA mprotect() issue. * Look into Teor's Zstandard bugs. * Finish the changes from prop #278 to dir-spec.txt asn: [Just made it back home but jetlagged. Unclear what my state will be during the meeting hours] Last week: - Attended network team hackfest. Thanks to everyone! This week: - Catch up with the backlog that accumulated during meeting - Start reviewing remaining prop224 service-side code - Work on prop247 simulator - Revise prop247 based on meeting discussions - Meeting blog post (might delay to next week) haxxpop: - Took a look at post quantum crypto :D (especially lattice-based) - Review a bit of asn's prop224 client side code (now it's dgoulet's, I think) This week - something of prop224 catalyst: Last week: * Wilmington meeting * Opened some tickets to follow up from testing session in Wilmington: #22635 #22636 * Looked at #22619: we don't seem to be testing SessionGroup at all? This week: * Review komlo's pending changes to CodingStandards.md * Follow up on more testing-related things * Look at the interaction of #12931 with other PT key=value escaping issues * Give more feedback on #7869 now that 0.3.2 merge window is open * #22619 is tricky; the config validation fix should probably go into 0.3.1 but making sure we have test coverage for the actual functionality of SessionGroup= is not a small task * Try out calltool * Try out oniongit * Jot down notes about Wilmington logistics pastly: last week: - Wilmington. Create name --> face dictionary - Learned about what Tor wants before merging KIST - +1 LDAP account - +2 gitweb.tp.o repos - help setup privcount deployement this week: - Do merge-kist-into-tor things, like ... - oh --enable-gcc-warnings is a thing and says I suck - comments comments comments - tor proposal maybe - unit tests tests tests later: - KIST code develivered to Tor in 3w or less (hopefully!) - dgoulet will help review/merge KIST, correct? Where would dgoulet like to do that? gitlab? oniongit? nickm: Last week: * Wilmington! * more ticket triage! * work on big list of ALL the attacks that need research * Try to match developers to sponsored work. This week: * Just opened 0.3.2.x. * Just opened review-group-18. * Work on fixing 0.3.1.x bugs * Work on 0.3.2.x code reviews and merges * Remind people that 0.3.1.x bugs need attention. * More bug triage in Unspecified and 0.3.2.x. * Put the wilmington stuff I did online. * Maybe, sponsor4 followup planning * TBD isabela: Last week: * half wilmington! This week: * work on invoices, reports (organizing NSF ones and sponsor4 may one (late this month). Also will update the launcher brief, havent got a chance to do that yet and I am super late with it :( * Working on new proposals - modularization one (on that I think the driving car for the pitch should be it will help app devs have Tor build with their apps) Sebastian: virtually attended Rust session. Please ask Rust questions if there are any. Otherwise busy atm Yawning: Unsubbed from the network-team list. Because I'm not actually doing anything or contracting with tor at the moment.

1 0

Job Opening - Browser Developer!
by Erin Wyatt 16 Jun '17

16 Jun '17

Hey Everyone! We’re super excited to announce a new job opening for a Browser Developer! The job description is pasted below, is attached in PDF format, and can be found on our website at https://www.torproject.org/about/jobs-browserdeveloper.html.en. Please help us spread the word by posting, forwarding, tweeting, etc. Thank you! :) Cheers, Erin Wyatt HR Manager ewyatt(a)torproject.org GPG Fingerprint: 35E7 2A9F 6655 45F9 2CB6 6624 BA0C 9400 F80F 91CE June 15, 2017 The Tor Project is looking for Browser Developer (C++ and Javascript)! As a browser developer, your job would be to work closely with other members of the Tor Browser development team on C++ patches to our Firefox-based browser, writing new APIs, altering functionality for privacy and security, and making improvements to our collection of Firefox add-ons (JavaScript code). Being a Tor Browser developer includes triaging, diagnosing, and fixing bugs; looking for and resolving web privacy issues; responding on short notice to urgent security issues; and working collaboratively with coworkers and volunteers to implement new features and web behavior changes. We also need help making our code more maintainable, testable, and mergeable by upstream. The person in this position will also review other people's code, designs, and academic research papers to make suggestions for improvement. This is a full-time position. Required Qualifications: · Experience in C++ (and ideally, JavaScript). Five years of C++ experience is probably necessary for the level of expertise we want, though some of these years can be replaced with other Object Oriented Programming and/or C experience. If you meet this level of experience with C++/OOP, JavaScript can be learned on the job. · Possess a solid understanding of issues surrounding secure C++ programming and reference counted memory (at least to the level of avoiding issues). · Be comfortable diving into new, unfamiliar codebases, looking for ways to alter and augment their functionality in specific, goal-oriented ways. · Be familiar with web technologies and how the web works, especially the same-origin model and web tracking. · Willingness and ability to justify and document technical decisions for a public, world-wide technical audience. · Be comfortable working remotely with a geographically distributed team. · Experience interacting with users and other developers online, including experience being confronted with differing ideas and opinions (not always in a nice manner), while maintaining a high level of professionalism. · Comfort with transparency: as a non-profit organization who develops open source software, almost everything we do is public, including your name (or at least your business name) and possibly salary information. Preferred qualifications: · Familiarity and/or experience with writing add-ons and/or patches for Mozilla Firefox or other web browsers. · Familiarity with compiling software for the Android platform. · Familiarity with Firefox's internal architecture, including its use of multiple processes and sandboxing. · Be intensely creative yet also ruthlessly pragmatic in your thinking. · Possess knowledge/familiarity of probability, statistics, and information theory. · Know enough about networking to be able to visualize what HTTP 1.1 looks like on the wire while encapsulated within Tor's network protocol. · Experience working with distributed (remote) teams across different time-zones with people of differing skill levels over multiple mediums, including email, instant messaging, and IRC. · Open-source experience: contributed significant chunks of code to multiple open-source projects in the past. · Familiarity with distributed version control systems, including Git. · Genuinely be excited about Tor and its values! For a more detailed understanding of the full breadth and depth of the work you'd be doing, have a look at The Design and Implementation of the Tor Browser, especially The Design Requirements section at https://www.torproject.org/projects/torbrowser/design/#DesignRequirements. Other notes: Academic degrees are great, but not required if you have the right experience! The team coordinates via IRC, email, and bug trackers. This position may be performed remotely, but we would be happy to provide a desk at our office in Seattle, Washington. We also have informal shared workspace arrangements in NYC and San Francisco. The Tor Project, Inc., is a 501(c)(3) non-profit organization that provides the technical infrastructure for privacy protection over the Internet. With paid staff and contractors of around 30 technologists and operational support people, plus many volunteers all over the world who contribute to our work, the Tor Project is funded in part by government grants and contracts, as well as by individual, foundation, and corporate donations. We only write free and open source software, and we don't believe in software patents. The Tor Project has a competitive benefits package, including a generous PTO policy; 14 paid holidays per year (including the week between Christmas and New Year's, when the office is closed); health, vision, dental, disability, and life insurance paid in full for employee; flexible work schedule; and occasional travel opportunities. The Tor Project, Inc., is an equal opportunity, affirmative action employer. The Tor Project, Inc., is an equal opportunity, affirmative action employer. To apply: Please email a PDF of your resume/CV, and a cover letter explaining how your qualifications and experience meet the requirements of this job description, including why you want to work on Tor. Email should be sent to hr at torproject.org with "Browser Developer" in the subject line. Link to at least one of your code samples (ideally, more than one and all of which we will presume you are authorized to disclose). No phone calls, please!

1 0