[tor-reports] Isis' August 2014

isis isis at torproject.org
Sat Sep 6 06:54:02 UTC 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# -*- coding: utf-8 ; mode: org -*-

*** status report 2014/08
**** Isis' August 2014: Review

In August, I still didn't have a new contract, so I did whatever volunteer
work that I felt like doing, whenever I felt like doing it. That said, I
managed to do quite a bit, including:

 * Patching Firefox for the first time! [0]

 * Rewriting all the crypto code within Leekspin. [1] Now, descriptors created
   by Leekspin, including their signatures and public keys, are
   indistinguishable from those created by Tor, and can be verified as if they
   were real descriptors by Stem.

 * Adding support for creating relay descriptors in Leekspin [2] (it
   previously only generated bridge descriptors). Also, adding support for
   generating bridge-extrainfo descriptors with `transport obfs4` lines. [3]

 * Reviewing a bunch of other volunteers' patches for BridgeDB, including
   better integration tests for the HTTPS and Email distributor. [4]

 * Rewriting a bunch of BridgeDB's parsers and data structures for #9380,
   which is blocking progress on something like 10 other tickets. [5]

 * Fixed the Tor Project's Trac CAPTCHA plugin, [6] which normally wouldn't be
   a task with enough effort to merit mentioning in a status report, except
   that it caused Roger to title me "The Crappy (Python) Code Whisperer". :)

I spent the rest of my time riding bicycles, learning more about Firefox
internals and tweeting poetry about it, [7] and writing crazy crypto code for
a new secret pet project that I'm working on.

                                               \o/
                     __o          __o           I
                    `\<,         `\<,          `\\)
       _____________O/ O_________O/_O__________O/_O_______________

[0]: https://bugs.torproject.org/12864
     https://twitter.com/isislovecruft/status/500431851778211841
[1]: https://gitweb.torproject.org/user/isis/leekspin.git/commitdiff/1d3e483b52655d9f3612226047d8cc1487114d8d
     https://bugs.torproject.org/13045
     https://bugs.torproject.org/13042
[2]: https://gitweb.torproject.org/user/isis/leekspin.git/commitdiff/305c71c55f4fcaf19672ab352050b35b464ab682
[3]: https://gitweb.torproject.org/user/isis/leekspin.git/commitdiff/888f437bbae08f8e7876c2e8eb5cd50a82540f93
     https://bugs.torproject.org/12932
[4]: https://bugs.torproject.org/9874
[5]: https://bugs.torproject.org/9380#comment:33
[6]: https://bugs.torproject.org/12721
[7]: https://twitter.com/isislovecruft/status/495060394327937024
     "Black magic, cruft, and hacks:
      All the things Firefox don't lack.
      Lizard tails, C++, and JS!
      I wish browsers weren't an awful mess."


**** In September 2014, I plan to work on:

Whatever I feel like doing! No gods, no masters, no bedtimes!

As soon as Tor gives me a contract, I'll start working on the deliverables to
set up a Persona server and add additional authentication mechanisms. [0]

[0]: https://bugs.torproject.org/12193


**** Tickets worked on in August 2014:

***** Component: BridgeDB (46 matches)
#1610 Turn mail requests into ’subscriptions’
#1839 Rotate available bridges over time
#4026 let us choose the bridge pool assignment for a set of bridges by fingerprint
#4405 bridgedb's list of tor exit relays is down since bulk exit list is down
#4771 bridgedb should make clearer in its logs which addresses it knows are from bulk-exitlist
#5463 BridgeDB must GPG-sign outgoing mails
#8194 Implement special handling of bridges on dynamic ip addresses
#9377 Add more unittests for and logging to descriptor parsers
#9380 BridgeDB should use Stem for parsing descriptors
#9874 Research/design a way to automate testing of BridgeDB's HTTPS and email distributors
#10725 Write a Completely Spec-Compliant Bridge Descriptor Parser
#10831 Captchas are not accessible for blind users
#10916 Increase monitoring of bridges.tp.o
#11139 BridgeDB's email whitelist should include @riseup.net
#11216 BridgeDB is parsing PTs from `cached-extrainfo*` files cumulatively
#11330 Create a Hash Ring For Each Allowed Domain in the Email Distributor
#11345 BridgeDB should have QR codes for bridge lines
#12029 Redesign BridgeDB's class inheritance to make designing new distributors easier
#12031 Create a Key-Value database system for simple/flat datatypes in BridgeDB
#12086 BridgeDB accepts incoming emails sent to 'givemebridges at serious.ly'
#12089 BridgedDB can be forced to email arbitrary email addresses
#12147 BridgeDB distributors do not handle time intervals correctly
#12505 Refactor Bridges.py and Dist.py in BridgeDB
#12506 Separate BridgeDB databases from distributors
#12545 Move collector of bridge reachability measurements to bridge db
#12547 Get analysed data from bridge reachability tests to tor-devs
#12664 Newlines aren't preserved when bridges are copied to clipboard
#12724 Bridges.tpo <select> UI broken in FF30+
#12750 Make bridgedb fast
#12759 don't regexp transport names
#12760 Bridgedb CAPTCHA is hard to resolved
#12773 Be more flexible when deciding if we should render RTL
#12780 make bridgedb fasterrrr
#12781 Buckets don't work if Stability code is disabled
#12802 BridgeDB needs Nagios checks for the Email Distributor
#12803 BridgeDB needs Nagios checks for the HTTPS Distributor
#12804 Setup separate BridgeDB staging/test server
#12805 Package BridgeDB on PyPI
#12806 Create Debian package for BridgeDB
#12807 Implement an anonymous credential system for BridgeDB's Social Distributor
#12843 Bridgedb shouldn't handout bridges from .ir and .sy
#12872 Know within which country a bridge is located
#12932 Transport Key-Value pairs should be space separated
#12953 Leekspin munges `flag-thresholds` and `published` lines for bridge networkstatus file
#12957 Translation instruction about accesskey should be improved.
#13045 Leekspin descriptor signatures cannot be verified by Stem

***** Component: Firefox Patch Issues (1 match)
#12684 Make "Not Now" the default button for TorBrowser's canvas permission dialogue

***** Component: Orbot (1 match)
#5096 Support transferring bridge addresses in QR codes

***** Component: Ponies (1 match)
#12193 Set up a Mozilla Persona testing server

***** Component: TorBrowserButton (1 match)
#10178 about:tor fails with TBB using system-wide tor

***** Component: Tor Launcher (1 match)
#12895 add @riseup.net to Bridge Relay Help

***** Component: Tor Browser (3 matches)
#10355 Pipeline defense interferes with twitter and flickr photostreams
#12468 TBB unconditionally logs all Firefox output to disk
#12941 Firefox is already running.

***** Component: Tor (9 matches)
#9498 Allow bridge descriptors to contain no address if they are not being published
#9729 Make bridges publish additional ORPort addresses in their descriptor
#11101 Bridges should report implementation versions of their pluggable transports
#12254 Tonga should sign its bridge networkstatus doc? Or maybe change format to v3-style vote?
#12442 Bridges should put their "transport" lines in their main descriptor, not extra-info desc
#12948 TBB Linux 4.0-Alpha-1 HashedControlPassword not working
#12951 BridgeAuth should add a `published` line to bridge networkstatus documents
#13042 torspec isn't very clear about the encodings used for `onion-key` and `signing-key`
#13043 torspec lies about accepting both IPv4 and IPv6 for ORAddress lines

***** Component: Trac (1 match)
#12721 Trac account creation captcha broken


**** Relevant Papers/Research:

Elahi, Tariq, George Danezis, and Ian Goldberg.
 "PrivEx: Private Collection of Traffic Statistics
 for Anonymous Communication Networks."


- -- 
 ♥Ⓐ isis agora lovecruft
_________________________________________________________
GPG: 4096R/A3ADB67A2CDB8B35
Current Keys: https://blog.patternsinthevoid.net/isis.txt
-----BEGIN PGP SIGNATURE-----

iQMhBAEBCgELBQJUCq+KBYMB4TOAVhSAAAAAACUAKGlzaXMrc2lnbnN1YmtleUBw
YXR0ZXJuc2ludGhldm9pZC5uZXRGQzYzQUE1Q0QxOTM4NjlDMzIzNzE0NUE1QzE3
Nzc2RTI3RjdFODRESxSAAAAAABoAKGlzaXNAcGF0dGVybnNpbnRoZXZvaWQubmV0
MEE2QTU4QTE0QjU5NDZBQkRFMThFMjA3QTNBREI2N0EyQ0RCOEIzNS4aaHR0cHM6
Ly9ibG9nLnBhdHRlcm5zaW50aGV2b2lkLm5ldC9wb2xpY3kudHh0LJhodHRwczov
L2Jsb2cucGF0dGVybnNpbnRoZXZvaWQubmV0L2lzaXMudHh0AAoJEFwXd24n9+hN
IjMP/iZE1U5OJYTokFRO43djE4MZl80HCIQ3HKa2WaK+JgJM3NceyuJuSHdJfW8K
whb6wEPHwVRe4KwhB8JgV/R5uI5b4nWD51uvy2Kphjgomohs6jyXGFK7Aggj2U+1
R/4Eob7ZhgTyeEDLjm+EDbKvXLH4nkwjDZlHD8ZUGEYxExWqFFDVKrIMyF/Gi4ET
ULJi0QA/VFA4tz5mNTLA9BxYlloquqDCKkyAB03fH7cQifL4vd10XRhOvZ8poGiD
ID8OCjWTMMcuSalwkisKw3+fDUncvNgFoPbKNFOL1wNiXhfQMUt2AdBQe2YrSn4D
cW9HvqY/TINNx3oHVPhi62sNmRNo1akX/0VcGmBrU5xlBo0RLvEygeJByQRDIoig
3VN2cqRvKCo+S3SdYEpKhV+bTUSBQBDxKbiseW5pB4cVADl0hPgBp3gOkJLpAVa4
a2pcaZ96OXYei+Gi+zoX+zK7FpaWEB/HUmb8J1mnvsedJWt+DOqja9Lpr7SNfO7C
FnI7arym9axui5ADgdjAZ3mLPHR4hjGDACZVezPmp6e6QlDfphcR6oblujThIqW0
sVYfgbpfq0Kr2wy19Mqw2318RV8XGv62YlED6N3Rfgm7clpmYdIEnddqZSESenkr
vaCKQV+ti+09UZkUNinHQ5YPAFkXvvidsxBjokcWOjdyV5Gr
=gSr/
-----END PGP SIGNATURE-----

More information about the tor-reports mailing list