[tor-reports] Pearl Crescent Report – November 2014

Mark Smith mcs at pearlcrescent.com
Wed Dec 3 16:30:03 UTC 2014

Tor-related work that the Pearl Crescent team did in November
(Kathy Brade and Mark Smith):

* Firefox updater for Tor Browser:
In the area of improving the security of the update process, we 
incorporated Mozilla patches and did some of our own development to add 
support for signed MAR files.  Because there are still some issues that 
need to be addressed (e.g., strength of the signatures), this remains an 
open work item.
   "Sign our MAR files"

We also worked on various deployment bugs that involved the updater, 
   "Tor Browser Bundle 4.0: updater fails on Windows"

   "Transition away from 32bit OS X Tor Browser builds"

   "Generation of incremental mar files is not reproducible"

* Tor Browser and Torbutton:
We reviewed and contributed to an end of contract report that Mike drafted.

We performed some code reviews, e.g.,

We helped with browser testing, bug triage, code reviews, and 
development of fixes.  Related tickets:
   "Tor Launcher/Torbutton should provide a Security Slider"

   "Inspector raises the canvas prompt when hovering over images"

   "The Options window for the LeechBlock extension gets
    closed immediately by Tor Browser"

   "The circuit display dropdown should be optional."

   "Meek bridges don't work in TB 4.5alpha1"

   "Active tab looks ugly (inherits system color scheme only partially)"

* We participated in the weekly Tor Browser dev meetings on IRC and
   in various design discussions on IRC and on the mailing lists.

* Planned for December 2014:
     - Finish the MAR file signing work, fix #13776 (incremental
       MARs not reproducible), fix other updater issues
       that occur in the field, and add improve the update user

     - Assist with other Tor Browser and Torbutton issues.  There are
       plenty of TB 4.x bugs that need initial triage or follow up work.

     - Investigate travel for the UX Meeting and the 2015 Winter Dev

Mark Smith
Pearl Crescent, LLC

More information about the tor-reports mailing list