[or-cvs] rewrite the contribute.html page

Roger Dingledine arma at seul.org
Sun May 15 11:38:00 UTC 2005 

Update of /home2/or/cvsroot/website
In directory moria.mit.edu:/home2/arma/work/onion/cvs/website

Modified Files:
	contribute.html research.html 
Log Message:
rewrite the contribute.html page


Index: contribute.html
===================================================================
RCS file: /home2/or/cvsroot/website/contribute.html,v
retrieving revision 1.41
retrieving revision 1.42
diff -u -d -r1.41 -r1.42
--- contribute.html	15 May 2005 01:05:01 -0000	1.41
+++ contribute.html	15 May 2005 11:37:57 -0000	1.42
@@ -48,17 +48,31 @@
 <h2>Tor: Contribute</h2>
 <hr />
 
-<p>Users:</p>
+<p>Ongoing needs:</p>
 <ul>
 <li>Try Tor out, and let the Tor developers know about bugs you find or
 features you don't find.</li>
 <li>Please consider <a
 href="cvs/tor/doc/tor-doc.html#server">running a
-server</a> to help with development and scalability.</li>
+server</a> to help the Tor network grow.</li>
+<li>We especially need people with Windows programming skills
+to run an exit server on Windows, to help us debug.</li>
 <li>Run a <a href="cvs/tor/doc/tor-doc.html#hidden-service">Tor hidden
 service</a> and put interesting content on it.</li>
 <li>Tell your friends! Get them to run servers. Get them to run hidden
 services. Get them to tell <i>their</i> friends.</li>
+<li>What else needs to be documented? What is mis-documented?</li>
+<li>Go take a look at the <a href="http://www.eff.org/">Electronic
+Frontier Foundation</a>. More EFF donations means more freedom in the world,
+including more Tor development.</li>
+</ul>
+
+<p>We also have many project-lets: short-term or self-contained tasks
+that would be really helpful for somebody to tackle so we can keep
+focusing on Tor.</p>
+
+<p>Writing project-lets:</p>
+<ul>
 <li>Does somebody want to help maintain this website, or help with
 documentation, or help with managing our TODO and handling bug reports?</li>
 <li>Please help translate the web page and documentation
@@ -70,60 +84,18 @@
 href="http://wiki.noreply.org/wiki/TheOnionRouter/TorFAQ">the FAQ Wiki</a>,
 and if you know the answer to a question in the "unanswered FAQs" list,
 please answer it.</li>
-<li>What else needs to be documented? What is mis-documented?</li>
-</ul>
-
-<!--
-<p>Graphics folks:</p>
-<ul>
-<li>We need a Tor logo.</li>
-<li>We need a snazzy diagram or two, akin to the one BitTorrent has in
-its <a href="http://bittorrent.com/introduction.html">introduction</a>,
-to show people how Tor works.</li>
-</ul>
--->
-
-<p>People with sysadmin skills:</p>
-<ul>
-<li>Can somebody take a look at Martin's <a
-href="http://wiki.noreply.org/wiki/TheOnionRouter/SquidProxy">Squid
-and Tor</a> page, and update it to reflect Tor's new <a href="">RedirectExit</a>
-config option?</li>
-<li>Right now the hidden service descriptors are being stored on the
-dirservers, but any reliable distributed storage system would do (for
-example, a DHT that allows authenticated updates). Can somebody figure
-out our best options and decide if they're good enough?</li>
-<li>How hard is it to patch bind or a DNS proxy to redirect requests
-to Tor via our tor-resolve socks extension? What about to convert UDP
-DNS requests to TCP requests and send them through Tor?</li>
-</ul>
-
-<p>Designers:</p>
-<ul>
-<li>Tor provides anonymous connections, but if you want to keep multiple
-pseudonyms in practice (say, in case you frequently go to two websites
-and if anybody knew about both of them they would conclude it's you),
-we don't support that well yet. We should find a good approach and
-interface for handling pseudonymous profiles in Tor. See <a
-href="http://archives.seul.org/or/talk/Dec-2004/msg00086.html">this
-post</a> and <a
-href="http://archives.seul.org/or/talk/Jan-2005/msg00007.html">followup</a>
-for details.</li>
 </ul>
 
-<p>Developers:</p>
+<p>Programmer and developer project-lets:</p>
 <ul>
 <li>We need somebody to code up a GUI or other
 controller program, to do configuration, etc. See our <a
 href="cvs/tor/doc/control-spec.txt">control specification</a> for details,
 and the <a href="cvs/tor/contrib/TorControl.py">rudimentary demonstration
 Python control script</a>. No, we don't know what the interface should look
-like.  You can use any license you want, but we'd recommend modified BSD or
+like.  You can use any license you want, but we'd recommend 3-clause BSD or
 maybe GPL; and we can only help out if your license conforms to the
-<a href="http://www.debian.org/social_contract.html#guidelines">DFSG</a>.
-</li>
-<li>We especially need people with Windows programming skills
-     to run an exit server on Windows, to help us debug.</li>
+<a href="http://www.debian.org/social_contract.html#guidelines">DFSG</a>.</li>
 <li>We're always looking for better Windows installers.  Specifically,
    it would be great if somebody were to extend our NSIS-based windows
    installer to include FreeCap and Privoxy.</li>
@@ -132,15 +104,63 @@
 <li>A good (portable, fast, clean, BSD-free) asynchronous DNS library
 would be really handy, so we don't have to keep forking DNS worker
 threads to do gethostbyname.</li>
+<li>Can somebody take a look at Martin's <a
+href="http://wiki.noreply.org/wiki/TheOnionRouter/SquidProxy">Squid
+and Tor</a> page, and update it to reflect Tor's new <a href="">RedirectExit</a>
+config option?</li>
 <li>See the <a href="cvs/tor/doc/TODO">TODO</a> and
 <a href="cvs/tor/doc/HACKING">HACKING</a> files in the Tor distribution
 for more ideas.</li>
 </ul>
 
-<p>Donors:</p>
+<p>Security project-lets: We need people to attack the implementation
+and clean it up, and also to attack the design and experiment with
+defenses.</p>
 <ul>
-<li>Go take a look at the <a href="http://www.eff.org/">Electronic
-Frontier Foundation</a>. More EFF donations means more Tor development.</li>
+<li>We need somebody to <a
+href="http://en.wikipedia.org/wiki/Fuzz_testing">fuzz</a> Tor. Are there
+good libraries out there for what we want? What are the first steps? Win
+fame by getting credit when we put out a new release because of you!
+<li>Server CPU load is high because clients keep asking to make new
+circuits, which uses public key crypto. Possible defenses include:
+using helper nodes (fixed entry nodes); rate limiting the number of
+create cells handled per second; having clients retry failed extensions
+a few times; implementing ssl sessions; and using hardware crypto when
+available.</li>
+<li>Website volume fingerprinting attacks (<a
+href="http://freehaven.net/anonbib/#back01">Back et al</a>, <a
+href="http://freehaven.net/anonbib/#hintz02">Hintz</a>).
+Defenses include a large cell size, <a
+href="http://freehaven.net/anonbib/#timing-fc2004">defensive dropping</a>,
+etc. How well does each approach work?</li>
+<li>The end-to-end traffic confirmation attack. We need to study
+long-range dummies more, along with traffic shaping. How much traffic
+of what sort of distribution is needed before the adversary is confident
+he has won?</li>
+<li>It's not that hard to DoS Tor servers or dirservers. Are puzzles
+the right answer? What other practical approaches are there?</li>
+<li>What sensitive info squeaks by privoxy? Are other html scrubbers
+better?</li>
+</ul>
+
+<p>Designer project-lets:</p>
+<ul>
+<li>Right now the hidden service descriptors are being stored on the
+dirservers, but any reliable distributed storage system would do (for
+example, a DHT that allows authenticated updates). Can somebody figure
+out our best options and decide if they're good enough?</li>
+<li>How hard is it to patch bind or a DNS proxy to redirect requests
+to Tor via our tor-resolve socks extension? What about to convert UDP
+DNS requests to TCP requests and send them through Tor?</li>
+<li>Tor provides anonymous connections, but if you want to keep multiple
+pseudonyms in practice (say, in case you frequently go to two websites
+and if anybody knew about both of them they would conclude it's you),
+we don't support that well yet. We should find a good approach and
+interface for handling pseudonymous profiles in Tor. See <a
+href="http://archives.seul.org/or/talk/Dec-2004/msg00086.html">this
+post</a> and <a
+href="http://archives.seul.org/or/talk/Jan-2005/msg00007.html">followup</a>
+for details.</li>
 </ul>
 
 <a href="mailto:tor-volunteer at freehaven.net">Email

Index: research.html
===================================================================
RCS file: /home2/or/cvsroot/website/research.html,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -d -r1.15 -r1.16
--- research.html	15 May 2005 01:05:01 -0000	1.15
+++ research.html	15 May 2005 11:37:57 -0000	1.16
@@ -51,24 +51,10 @@
 papers</a> (especially the ones in boxes) to get up to speed on anonymous
 communication systems.</p>
 
-<p>We need people to attack the system, quantify defenses, etc. For example:
+<p>We need people to attack the system, quantify defenses,
+etc. See the "security project-lets" section of the <a
+href="contribute.html">contribute</a> page.</p>
 </p>
-<ul>
-<li>Website volume fingerprinting attacks (<a
-href="http://freehaven.net/anonbib/#back01">Back et al</a>, <a
-href="http://freehaven.net/anonbib/#hintz02">Hintz</a>).
-Defenses include a large cell size, <a
-href="http://freehaven.net/anonbib/#timing-fc2004">defensive dropping</a>,
-etc. How well does each approach work?</li>
-<li>The end-to-end traffic confirmation attack. We need to study
-long-range dummies more, along with traffic shaping. How much traffic
-of what sort of distribution is needed before the adversary is confident
-he has won?</li>
-<li>It's not that hard to DoS Tor servers or dirservers. Are puzzles
-the right answer? What other practical approaches are there?</li>
-<li>What sensitive info squeaks by privoxy? Are other html scrubbers
-better?</li>
-</ul>
 
   </div><!-- #main -->
 </div>

More information about the tor-commits mailing list