[tor-reports] Mike's April 2013

Mike Perry mikeperry at torproject.org
Wed May 1 23:11:47 UTC 2013 

Top five things I did in April:

1. Fixed a whole slough of crash reports related a single bug in the
image cache patch. 

2. Merged the Optimistic Data SOCKS patch, along with a few other
Torbutton patches.

3. Redid the TBB website traffic fingerprinting pipelining defense to
prevent the creation of new HTTP connections until we have sufficient
pending requests to bundle together in a pipeline (governed by a pref).
This improves both request combination and randomization. I remain
convinced that lightweight solutions like this are sufficient because
the attack papers took many, many shortcuts to get their results. If you
disagree (and have actually taken a 300-level machine learning course
that included PAC learning and other complexity theory topics), I'd love
to hear from you.

4. Mirrored TBB's direct source dependencies on
https://people.torproject.org/~mikeperry/mirrors/sources/, and merged
Jake's patch to update the TBB Makefiles to use them. We still need
people to run the mirror validation scripts to make sure
people.torproject.org doesn't get owned to compromise all TBB users:
https://gitweb.torproject.org/torbrowser.git/blob/HEAD:/watch-scripts/verify-mirror.sh

5. Got Firefox to build deterministically on Linux. Got within three
bytes of doing the same with a MinGW cross-compile for Windows. My
current bet is that these three bytes can be safely bitstomped to 0 with
a sed script without issue, so long as we run strip afterwords to
correct the PE header checksum.


Top thing for May:

1. I am going to do nothing else until I succeed in producing Gitian
descriptors and simple shell scripts capable of building reproducible
TBB-alpha bundles with Tor Launcher instead of Vidalia for Linux and
Windows.

We might need someone to look into how to do Gitian Mac builds, if we
want them for the first Tor Launcher release. Otherwise, we'll probably
have to rely on Homebrew or something.

Should be an exciting month! I look forward to watching the bandwidth
authorities fail to test my resolve... ;)


-- 
Mike Perry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-reports/attachments/20130501/3f7c4486/attachment.pgp>

More information about the tor-reports mailing list