|
|
@@ -24,119 +24,6 @@ K - Karsten claims
|
|
|
|
|
|
External constraints:
|
|
|
|
|
|
- - End of April
|
|
|
-R - get the geoip files onto some bridge relays, and gather stats
|
|
|
-? - Figure out who at Mozilla can give us permission to keep the
|
|
|
- name Firefox on our Tor Browser Bundle. Get said permission.
|
|
|
-I - Translation portal
|
|
|
- - Create a doc/translations.txt file in tor svn that somebody else
|
|
|
- could use to manage the translations in case Jake gets hit by
|
|
|
- a bus (or in case somebody else wants to help do it):
|
|
|
- - What are the steps for taking strings from Vidalia and putting them
|
|
|
- into launchpad?
|
|
|
- - What are the steps for exporting strings from launchpad and putting
|
|
|
- them into Vidalia?
|
|
|
-
|
|
|
- - End of May
|
|
|
-S - More TorBrowser work
|
|
|
- - Integrate pidgin and OTR
|
|
|
- - move portablefirefox nsi goo into vidalia as appropriate
|
|
|
- - Figure out (or give up on) how to run Tor Browser and ordinary
|
|
|
- Firefox side-by-side.
|
|
|
-N - Write a script to correctly total bandwidth-history observations
|
|
|
- o Make sure RPMs can build correctly with geoip file
|
|
|
-N+P - Make sure other packages build correctly with geoip file
|
|
|
-N - Write a paragraph or two for Paul's research project describing what
|
|
|
- we plan to help him research. Roger will then secretly retitle
|
|
|
- these as a "statement of work", and then we'll have Tor's
|
|
|
- subcontracting dept contact NRL's subcontract dept.
|
|
|
-
|
|
|
- - mid June
|
|
|
-R - SRI stuff
|
|
|
-
|
|
|
- - mid June
|
|
|
-S - Integrate upnp into Vidalia and have it work
|
|
|
- - point to (or make, ugh) docs for how to enable upnp on standard
|
|
|
- routers
|
|
|
- - pointer in docs to portforward.com. Maybe Vidalia should grow
|
|
|
- a help page for its upnp button, and that's where these pointers
|
|
|
- should live?
|
|
|
- - better error handling for the current miniupnp integration
|
|
|
- - If UPnP'ing fails, un-check the Vidalia box? Or something
|
|
|
- else smart.
|
|
|
- - Have a box or something in the vidalia window that shows progress,
|
|
|
- output messages, etc. Otherwise if it just sits there for 5
|
|
|
- minutes, who knows what's going on?
|
|
|
- - More TorBrowser work
|
|
|
-S - We should point from TBB page to the split downloads page.
|
|
|
-S - Firefox extension framework for Torbrowser build-time
|
|
|
-S - Progress bar during startup, including some "timeout" events to
|
|
|
- indicate when Tor's unlikely to succeed at startup.
|
|
|
-R - Make Tor put out appropriate events
|
|
|
-E - Let Vidalia notice them and change its appearance
|
|
|
-S - Enumerate and analyze traces left when running from USB
|
|
|
-R - Finish tor-doc-bridge.wml
|
|
|
- - More bridgedb work:
|
|
|
-R - Get the dkimproxy patch in
|
|
|
-? - Brainstorm about safe but effective ways for vidalia to
|
|
|
- auto-update its user's bridges via Tor in the background.
|
|
|
-NR - Include "stable" bridge and "port 443" bridge and "adequately
|
|
|
- new version" bridge free in every specially marked
|
|
|
- box!^W^W^Woutput batch.
|
|
|
- o Port-443 bridge implementation
|
|
|
-N - Detect proxies and treat them as the same address
|
|
|
- o Continue resolving the ram issue for relays:
|
|
|
- o better buffer approaches in Tor
|
|
|
- o better buffer approaches in openssl
|
|
|
- o shipping Tor with its own integrated allocator.
|
|
|
- o Write a paragraph for each of the above three items to describe
|
|
|
- what we've done in the Jan-Jun timeframe, and next steps if any
|
|
|
- for each item.
|
|
|
-N - Take our draft research proposal for how to safely collect and
|
|
|
- aggregate some GeoIP data from non-bridge entry nodes, finish
|
|
|
- the proposal, and implement and test. Have a plausible plan for
|
|
|
- deploying.
|
|
|
- - Finish proposal
|
|
|
- o Figure out what to do
|
|
|
- - Fix proposal
|
|
|
- - Include details on dealing with dir guards
|
|
|
- - Describe deployment
|
|
|
- o Implement
|
|
|
- . Test
|
|
|
- - More back-end work:
|
|
|
-N - Additional TLS-camouflage work (spoofing FF cipher suite, etc.)
|
|
|
- o spoof the cipher suites
|
|
|
- o spoof the extensions list
|
|
|
- - red-team testing (a.k.a, look at a packet dump and compare),
|
|
|
- . investigate the feasibility of handing connections off to a
|
|
|
- local apache if they don't look like Tor or if they don't
|
|
|
- portknock or whatever.
|
|
|
- - Get closer to downloading far fewer descriptors
|
|
|
-W - Instrument the code to track how many descriptors we download vs how
|
|
|
- many times we extend a circuit. Guess a few other things to
|
|
|
- instrument, like cache activity, and do those too.
|
|
|
-W - Start a proposal for how to fetch far fewer descriptors;
|
|
|
- identify and start assessing anonymity attacks, like from looking
|
|
|
- at the size of the descriptor you fetch. See xxx-grand-plan.txt
|
|
|
- for some early thoughts.
|
|
|
-I - Translation portal
|
|
|
- - Vidalia installer translations
|
|
|
- - Find/make a script to convert NSI strings into PO files
|
|
|
- and back.
|
|
|
- - Start doing that in the same process as the other Vidalia
|
|
|
- string translations.
|
|
|
- - Add these steps to the doc/translations.txt or whatever it's
|
|
|
- called at this point.
|
|
|
- - Torbutton webpage
|
|
|
- o Torbrowser webpage
|
|
|
- - Tor website
|
|
|
- - check.torproject.org
|
|
|
- - should we i18nize polipo's error messages too?
|
|
|
-KS - Investigate where the slowdown occurs for making hidden service
|
|
|
- circuits, and/or for publishing hidden service descriptors. Identify
|
|
|
- areas that can be improved, and make some guesses about which we
|
|
|
- should focus on.
|
|
|
-
|
|
|
- mid July
|
|
|
W - Take the results from instrumenting directory downloads on Tor
|
|
|
clients, and analyze/simulate some alternate approaches. Finish
|
|
|
@@ -185,14 +72,12 @@ W - Finish testing, debugging, unit testing, etc the directory overhead
|
|
|
Other things Roger would be excited to see:
|
|
|
|
|
|
Nick
|
|
|
- o Send or-dev email about proposal statuses.
|
|
|
- o Send or-dev email about window for new proposals, once arma and
|
|
|
- nick agree.
|
|
|
- Finish buffer stuff in libevent; start using it in Tor.
|
|
|
- Tors start believing the contents of NETINFO cells.
|
|
|
. Work with Steven and Roger to decide which parts of Paul's project
|
|
|
he wants to work on.
|
|
|
- o let approved-routers lines omit spaces in fingerprint.
|
|
|
+ - respond to Steven's red-team TLS testing (a.k.a, look at a packet
|
|
|
+ dump and compare)
|
|
|
|
|
|
Matt
|
|
|
- Fit Vidalia in 640x480 again.
|
|
|
@@ -203,11 +88,6 @@ Matt
|
|
|
launches for you.
|
|
|
- Vidalia should avoid stomping on your custom exit policy lines
|
|
|
just because you click on 'save' for a totally different config thing.
|
|
|
- o "can anyone help me, all of a sudden on tor on the mac, when i
|
|
|
- start it up, It asks for my control password, which ive never set"
|
|
|
- We should either give Vidalia another option in that dialog box -- to
|
|
|
- restart Tor -- or we should make it so when Vidalia spawns Tor and
|
|
|
- then Vidalia dies, Tor dies too.
|
|
|
- How much space do we save in TBB by stripping symbols from Vidalia
|
|
|
first? Good idea or crazy idea?
|
|
|
|
|
|
@@ -215,28 +95,26 @@ ioerror
|
|
|
- gmail auto responder so you send us an email and we send you a Tor
|
|
|
binary. Probably needs a proposal first.
|
|
|
- weather.torproject.org should go live.
|
|
|
- o Get Scott Squires to give you admin access to the Torbutton account
|
|
|
- on Babelzilla; or give up eventually and fork it.
|
|
|
o Learn from Steven how to build/maintain the Tor Browser Bundle.
|
|
|
- - Learn from Mike how to run SoaT, and try to make that an automated
|
|
|
- service somewhere.
|
|
|
- Keep advocating new Tor servers and working with orgs like Mozilla
|
|
|
to let them like Tor.
|
|
|
- Start converting critical wiki pages into real Tor wml pages. E.g.,
|
|
|
https://wiki.torproject.org/noreply/TheOnionRouter/VerifyingSignatures
|
|
|
- Find out what happened to the buildbot and get it back up:
|
|
|
http://tor-buildbot.freehaven.net:8010/
|
|
|
- - Look at the "flossmanuals" translation UI, and see if that's something
|
|
|
- we want to emulate.
|
|
|
- - We should hack the translation-status perl so it puts high priority
|
|
|
- pages first, regardless of what directory they're in.
|
|
|
- - Some of our translated wml files are very old -- so old that they
|
|
|
- are harmful to leave in place. We need some sort of way to notice
|
|
|
- this and disable them.
|
|
|
- Learn about locking memory pages that have sensitive content. Get
|
|
|
that started in Tor.
|
|
|
+ - Translation portal
|
|
|
+ - Vidalia html help files
|
|
|
+ - should we i18nize polipo's error messages too?
|
|
|
+ - Some of our translated wml files are very old -- so old that they
|
|
|
+ are harmful to leave in place. We need some sort of way to notice
|
|
|
+ this and disable them.
|
|
|
|
|
|
Steven
|
|
|
+ - Figure out (or give up on) how to run Tor Browser and ordinary
|
|
|
+ Firefox side-by-side.
|
|
|
+ - Enumerate and analyze traces left when running from USB
|
|
|
- Write a list of research items Tor would like to see done, for the
|
|
|
volunteer page. Pick a few you'd like to work on yourself.
|
|
|
- Move proposal 131 or equivalent forward.
|
|
|
@@ -255,7 +133,6 @@ Andrew
|
|
|
include Torbutton, they still say it's tor.eff.org, etc.
|
|
|
- Should we still be telling you how to use Safari on OS X for Tor,
|
|
|
given all the holes that Torbutton-dev solves on Firefox?
|
|
|
- o Get Google excited about our T&Cs.
|
|
|
|
|
|
Karsten
|
|
|
o Make a hidden services explanation page with the hidden service
|
|
|
@@ -280,30 +157,22 @@ Weasel
|
|
|
documents. Retain that state over restarts.
|
|
|
|
|
|
Roger
|
|
|
+ - Finish tor-doc-bridge.wml
|
|
|
. Fix FAQ entry on setting up private Tor network
|
|
|
- Review Karsten's hidden service diagrams
|
|
|
- - Prepare the 0.2.0.x Release Notes.
|
|
|
- Roger should visit Internews DC sometime.
|
|
|
- - Chris has some detailed TBB download/install/test instructions. Get
|
|
|
- Chris to send us a copy/pointer.
|
|
|
+ - Did we actually apply Steven's dkimproxy patch?
|
|
|
+ - Brainstorm about safe but effective ways for vidalia to
|
|
|
+ auto-update its user's bridges via Tor in the background.
|
|
|
|
|
|
Mike:
|
|
|
- Roger wants to get an email every time there's a blog change,
|
|
|
e.g. a comment. That way spam doesn't go undetected for weeks.
|
|
|
- - Maybe just disable linking from blog comments entirely?
|
|
|
+ - Or, maybe just disable linking from blog comments entirely?
|
|
|
|
|
|
=======================================================================
|
|
|
|
|
|
Bugs/issues for Tor 0.2.0.x:
|
|
|
- o Rip out the MIN_IPS_* stuff for geoip reporting.
|
|
|
- o bridge authorities should not serve extrainfo docs.
|
|
|
- o We still never call geoip_remove_old_clients(). Should we call it,
|
|
|
- with a cutoff of a day ago, each time we're about to build a
|
|
|
- descriptor/extrainfo pair?
|
|
|
- o Actually, let's do it every 48 hours, so we don't wind up saying
|
|
|
- too much.
|
|
|
- o teach geoip_parse_entry() to skip over lines that start with #, so we
|
|
|
- can put a little note at the top of the geoip file to say what it is.
|
|
|
. we should have an off-by-default way for relays to dump geoip data to
|
|
|
a file in their data directory, for measurement purposes.
|
|
|
o Basic implementation
|
|
|
@@ -335,25 +204,10 @@ R d add an event to report geoip summaries to vidalia for bridge relays,
|
|
|
so vidalia can say "recent activity (1-8 users) from sa".
|
|
|
R - investigate: it looks like if the bridge authority is unreachable,
|
|
|
we're not falling back on querying bridges directly?
|
|
|
- o a getinfo so vidalia can query our current bootstrap state, in
|
|
|
- case it attaches partway through and wants to catch up.
|
|
|
- o directory authorities shouldn't complain about bootstrapping problems
|
|
|
- just because they do a lot of reachability testing and some of
|
|
|
- it fails.
|
|
|
- o if your bridge is unreachable, it won't generate enough connection
|
|
|
- failures to generate a bootstrap problem event.
|
|
|
R - if "no running bridges known", an application request should make
|
|
|
us retry all our bridges.
|
|
|
- o get matt to fix vidalia so it moves to a "starting tor" bootstrap
|
|
|
- state if it hasn't gotten any status events. Maybe it can even be
|
|
|
- more certain by checking the version (<0211) and/or looking at the
|
|
|
- results of the getinfo.
|
|
|
R - get matt to make vidalia do a getinfo status/bootstrap-phase to
|
|
|
get caught up after it connects.
|
|
|
- o get matt to change vidalia's bootstrap status alerts so it doesn't
|
|
|
- do anything if the event includes "recommendation=ignore".
|
|
|
- o in circuituse.c,
|
|
|
- /* XXX021 consider setting n_conn->socket_error to TIMEOUT */
|
|
|
R d Setting DirPort when acting as bridge will give false Warnings
|
|
|
|
|
|
For 0.2.1.x:
|
|
|
@@ -401,9 +255,6 @@ N . Draft proposal for GeoIP aggregation (see external constraints *)
|
|
|
- Put bandwidth weights in the networkstatus? So clients get weight
|
|
|
their choices even before they have the descriptors; and so
|
|
|
authorities can put in more accurate numbers in the future.
|
|
|
-R . Map out the process of bootstrapping, break it into status events,
|
|
|
- spec those events. Also, map out the ways where we can realize that
|
|
|
- bootstrapping is *failing*, and include those. *
|
|
|
d Fetch an updated geoip file from the directory authorities.
|
|
|
|
|
|
- Tiny designs to write:
|
|
|
@@ -422,10 +273,6 @@ R . Map out the process of bootstrapping, break it into status events,
|
|
|
third reachability test. the interval ended when the new descriptor
|
|
|
appeared, and a new interval began then too.
|
|
|
|
|
|
- - Items to backport to 0.2.0.x once solved in 0.2.1.x:
|
|
|
- o add a geoip file *
|
|
|
- o figure out license *
|
|
|
-
|
|
|
- Use less RAM *
|
|
|
- Optimize cell pool allocation.
|
|
|
d Support (or just always use) jemalloc (if it helps)
|
|
|
@@ -447,11 +294,7 @@ R . Map out the process of bootstrapping, break it into status events,
|
|
|
- For dns?
|
|
|
- For http?
|
|
|
- For buffers?
|
|
|
- o Emulate NSS better:
|
|
|
- o Normalized cipher lists
|
|
|
- o Normalized lists of extensions
|
|
|
- Tool improvements:
|
|
|
- o Get a "use less buffer ram" patch into openssl. *
|
|
|
- Get IOCP patch into libevent *
|
|
|
|
|
|
- Security improvements
|
|
|
@@ -474,9 +317,6 @@ R . Map out the process of bootstrapping, break it into status events,
|
|
|
- Can we deprecate controllers that don't use both features?
|
|
|
|
|
|
Nice to have for 0.2.1.x:
|
|
|
- o Better support for private networks: figure out what is hard, and
|
|
|
- make it easier.
|
|
|
-
|
|
|
- Proposals to write
|
|
|
- steven's plan for replacing check.torproject.org with a built-in
|
|
|
answer by tor itself.
|
|
|
@@ -591,8 +431,6 @@ If somebody wants to do this in some version, they should:
|
|
|
- Consider if we can solve: the Tor client doesn't know what flags
|
|
|
its bridge has (since it only gets the descriptor), so it can't
|
|
|
make decisions based on Fast or Stable.
|
|
|
- o Bridge authorities should do reachability testing but only on the
|
|
|
- purpose==bridge descriptors they have.
|
|
|
- Some mechanism for specifying that we want to stop using a cached
|
|
|
bridge.
|
|
|
|
|
|
@@ -830,7 +668,7 @@ P - create a 'blog badge' for tor fans to link to and feature on their
|
|
|
|
|
|
- Tor mirrors
|
|
|
- make a mailing list with the mirror operators
|
|
|
- - make an automated tool to check /project/trace/ at mirrors to
|
|
|
+ o make an automated tool to check /project/trace/ at mirrors to
|
|
|
learn which ones are lagging behind.
|
|
|
- auto (or manually) cull the mirrors that are broken; and
|
|
|
contact their operator?
|
Roger Dingledine