[tor-reports] Mike's December 2012

Mike Perry mikeperry at torproject.org
Thu Jan 10 23:28:48 UTC 2013 

Top five things in December:

1. Reviewed ntor to verify that what we implemented is actually what Ian
et al wrote down. Since the ntor deployment seemingly went through at
least 4 transformations (paper->proposal->mailinglist->python->C), this
review seemed like the best impact-for-effort I could provide with
limited time. Aside from some initially omitted ECDH key validation
steps that almost triggered a flame war over their usefulness (due to
the hash authentication step), we now seem to match the paper and
mailinglist discussion.

2. I rebased our Firefox patches for Firefox 17ESR and fixed a crash
bug caused by Torbutton's nsIContentPolicy. The resulting binary seems
to build and run fine at first glance. I will be merging these into
something Erinn can build as TBB-2.4.x-alpha soon.

3. Project Coordinator resume review and associated interview scheduling.

4. More Path Bias defense work. For details, see
https://lists.torproject.org/pipermail/tor-dev/2012-December/004279.html

5. Worked on getting our HTTPS-Everywhere Firefox API patch for
nsIHttpChannel.redirectTo() merged (see #5477). On top of the usual
irritation with the excruciatingly slow Mozilla patch review+merge
process (we're at 7 months now since our first patch), Peter and I had to
deal with other Mozilla employees calling for the blacklisting of
HTTPS-Everywhere pending our API landing and/or some other magical fix.

What I found especially annoying was that those same people who were
calling for the blacklisting seemed to *also* have review and commit
privs on nsHttpChannel, but were providing only blocking and/or
counter-productive comments on the API patch... Thankfully, there are at
least a couple helpful Mozilla people who do seem to be serious about
getting this thing *finally* merged.



Top five goals for January:

1. Far and away, the most important thing for January is getting Firefox
17ESR-based TBB-alpha releases out the door. If we fail at this, our TBB
users will begin to accumulate known unfixed Firefox vulnerabilities
sometime starting in mid-February when 10ESR is EOL.

2. Related to this, there's a pile of Firefox code and feature auditing
I need to do. 

3. Update the TBB design doc for all of the changes in the past year,
plus the Firefox 17ESR audit results.

4. Finish the Project Coordinator interview process. This is proving to
be significantly harder than our pure technical positions, but finding
the right person who can both handle our distributed semianarcho-catherd
as well as the associated bureaucracy is pretty crucial. A poor choice
here could ruin our deliverable scheduling ability and/or drive
developers away.

5. Finally get to the bottom of the Path Bias rabbit hole by fixing any
code review issues and implementing #7802. I think I'm close to the end
of this thing! However, if there's any suspiciously labeled food or
drink at the bottom of the rabbit hole, I'm coming right back without
having any. I swear.



-- 
Mike Perry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-reports/attachments/20130110/651e1ea1/attachment.pgp>

More information about the tor-reports mailing list