[tor-reports] Things Nick did in February
nickm at torproject.org
Fri Feb 28 19:10:03 UTC 2014
In February, I:
* Finished (I hope) our OOM defenses with an implementation of ticket
#10169. Pending review.
* Revised proposals 220 and 224, and wrote proposal 228, for improved
security in our key management and hidden services.
* Wrote proposal 227 in order to help the TBB team with some of
their update and secure-install efforts.
* Scrambled to get more patches merged into Tor for putting out new
0.2.5 and 0.2.4 releases. Fun ones include:
* 9777: Always use at least one ntor hop in each multihop circuit.
This will help security against any adversary who manages to
break 1024-bit crypto.
* 5018: Launch pluggable transport proxies only on demand.
* "make check" now runs extra tests if you have Python installed
* 10777: Avoid circuit-relaunching on certain kinds of stream
failure at the exit node.
* 10722: ExcludeNodes tripping up hidden service directory
* 10543: New "can we build enough paths" logic in 0.2.4 was
getting confused by extensive ExcludeNodes lists.
* 4900: Use siphash to avoid hashtable-based DoS attacks.
(These are not all of my patches, these are not all the patches I
merged, and many of them were written by others.)
* Attending the dev meeting, and worked with lots of other to try to
make lots of Tor's efforts go more smoothly. I tried to get
everybody I could writing some C. Notable discussions include but
aren't limited to:
* How to make guard nodes more secure.
* How to handle the Tor development process more proactively.
* Came up with a new way of managing tickets and milestones in Tor
which (I hope) will make more frequent releases easier. Sent email
to tor-dev about it.
* Began writing a long-term roadmap for what tor (the program) needs
for its future development. (Much more work needed.)
* Had our first actual "tor dev IRC meeting" in a long time. With
luck, they'll be weekly.
* Worked on a list of good ideas for GSoC projects in Tor. Sent it to
Damian, who fixed my formatting and put it on the website.
In March I must:
* Triage everything in 0.2.5.
* Cut my backlog of needs_review tickets a lot.
* Merge #10169, and get more releases out.
* Finish a solid draft for a Tor roadmap
* Write a draft for a guard-improvement proposal.
* Review PETS papers.
More information about the tor-reports