move todo items around; make 0.1.1.x more ambitious; we'd best get cracking

svn:r4394

doc/TODO

@@ -28,6 +28,31 @@ For 0.1.0.x:
   X change torrc to point to abuse-faq (once abuse-faq is posted)
 
 for 0.1.1.x:
+  - switch accountingmax to count total in+out, not either in or
+    out. it's easy to move in this direction (not risky), but hard to
+    back, out if we decide we prefer it the way it already is. hm.
+  - Start using create-fast cells as clients
+  - Handle rendezvousing with unverified nodes.
+    - Specify: Stick rendezvous point's key in INTRODUCE cell.
+      Bob should _always_ use key from INTRODUCE cell.
+    - Implement.
+  - make sure err-level log events get flushed to the controller
+    immediately, since tor will exit right after.
+  - it looks like tor_assert writes to stderr. what happens if
+    stderr was closed and is now something else? uh.
+  - new controller protocol
+  - Let more config options (e.g. ORPort) change dynamically.
+  - controller should have an event to learn about new addressmappings,
+    e.g. when we learn a hostname to IP mapping ?
+  - christian grothoff's attack of infinite-length circuit.
+    the solution is to have a separate 'extend-data' cell type
+    which is used for the first N data cells, and only
+    extend-data cells can be extend requests.
+  - Destroy and truncated cells should have reasons.
+  - Add private:* alias in exit policies to make it easier to ban all the
+    fiddly little 192.168.foo addresses.
+  - recommended-versions for client / server ?
+  - whine if your socks port is an open proxy.
   - cpu fixes:
     M rewrite how libevent does select() on win32 so it's not so very slow.
     - create-light
@@ -70,17 +95,18 @@ for 0.1.1.x:
   - helper nodes (at least preliminary)
   - enclaves (at least preliminary)
   - packaging and ui stuff:
+    - multiple sample torrc files (tyranix?)
     - uninstallers
+      . for os x
     - something, anything, for sys tray on Windows.
-  - let ORPort config option change.
+    - figure out how to make nt service stuff the default?
-  - new controller protocol
+      . Document it.
 
 
 
 For sometime soon:
    - Server instructions for OSX and Windows operators.
    - Audit all changes to bandwidth buckets for integer over/underflow.
-   - whine if your socks port is an open proxy.
 
  Refactoring and infrastructure:
 
@@ -92,17 +118,6 @@ N . Switch to libevent
          never right in the first place.)  Also, we should audit all users
          of get_pending_bytes().
 
- Security:
-   . Make sure logged info is "safe"ish.
-
- Functionality
-  - Tests for new controller features
-N . NT Service code
-    o Clean up NT service code even more.
-    o Enable it by default.
-    o Make sure it works.
-    . Document it.
-
  Documentation
 r - Correct and clarify the wiki entry on port forwarding.
   o Document where OSX logs and torrc go.
@@ -123,10 +138,7 @@ N . Make logs go into platform default locations.
      MaxUserPort entry, and look at the TcpTimedWaitDelay entry. We may also
      want to provide a way to set them as needed. See bug 98.)
 
- Arguable
   - Bug: Why do idle cpuworkers sometimes get thought of as busy?
-  - IP-based blacklisting of which servers get recommended by dirservers.
-
 
 N - tor-resolve script should use socks5 to get better error messages.
   o Script to try pulling bytes through slow-seeming servers so they can
@@ -151,11 +163,6 @@ N - Code cleanup
     - Write limiting; configurable token buckets.
     - Make it harder to circumvent bandwidth caps: look at number of bytes
       sent across sockets, not number sent inside TLS stream.
-  o Hidden service improvements
-    o Investigate hidden service performance/reliability
-  - Add private:* alias in exit policies to make it easier to ban all the
-    fiddly little 192.168.foo addresses.
-  - controller should have an event to learn about new addressmappings?
 
 
   No
@@ -163,8 +170,8 @@ Todo: when you connect and get a guy you didn't expect, tell him hey i wasn't
 expecting you i'm going to go now bye, instead of just hanging up. This lets
 him know that he's doing something funny.
   - choose entry node to be one you're already connected to?
-  - Convert man pages to pod, or whatever's right.
+  X Convert man pages to pod, or whatever's right.
-  - support hostnames as well as IPs for authdirservers.
+  X support hostnames as well as IPs for authdirservers.
   - GPSLocation optional config string.
   - Windows
     - Make millisecond accuracy work on win32
@@ -172,47 +179,19 @@ him know that he's doing something funny.
      - teach connection_ap_handshake_socks_reply() about ipv6 and friends
        so connection_ap_handshake_socks_resolved() doesn't also need
        to know about them.
-  - Let more config options (e.g. ORPort) change dynamically.
   - hidserv offerers shouldn't need to define a SocksPort
     * figure out what breaks for this, and do it.
-  - Destroy and truncated cells should have reasons.
+
    - Packaging
-     - Figure out how to make the rpm not strip the binaries it makes.
+     X Figure out how to make the rpm not strip the binaries it makes.
    - Integrate an http proxy into Tor (maybe as a third class of worker
      process), so we can stop shipping with the beast that is Privoxy.
    - Implement If-Modified-Since for directories.
-   - Big, incompatible re-architecting and decentralization of directory
-     system.
-     - Only the top of a directory needs to be signed.
    - Windows
      - Get a controller to launch tor and keep it on the system tray.
 
-
-For 0.1.1.x:
-
-Decentralizing:
-  - self-measurement
-  - remote measurement
-     - you've been running for an hour
-     - it's sufficiently satisfied with its bandwidth
-  - remove approval crap, add blacklisting by IP
-  - gather more permanent dirservers and put their keys into the code
-  - ship with a master key, and implement a way to query dirservers for
-    a blob which is a timestamped signed newest pile of dirservers. put
-    that on disk and use it on startup rather than the built-in default.
-  - threshold belief from clients about up-ness
-  - a way for clients to get fresh enough server descriptors
-  - a way for clients to partition the set of servers in a safe way:
-    so they don't have to learn all of them but so they're not easily
-    partitionable.
-
 Tier two:
 
-N  - Handle rendezvousing with unverified nodes.
-     - Specify: Stick rendezvous point's key in INTRODUCE cell.
-       Bob should _always_ use key from INTRODUCE cell.
-     - Implement.
-
 N  - IPv6 support (For exit addresses)
      - Spec issue: if a resolve returns an IP4 and an IP6 address,
        which to use?
@@ -223,12 +202,6 @@ N  - IPv6 support (For exit addresses)
      - Change relay cell types to accept new addresses.
      - Add flag to serverdescs to tell whether IPv6 is supported.
 
-   - Security fixes
-     - christian grothoff's attack of infinite-length circuit.
-       the solution is to have a separate 'extend-data' cell type
-       which is used for the first N data cells, and only
-       extend-data cells can be extend requests.
-
    - Code cleanup
      o fix router_get_by_* functions so they can get ourselves too ...
      - and audit everything to make sure rend and intro points are
@@ -256,7 +229,6 @@ N  - IPv6 support (For exit addresses)
      - he has successfully extended to you
      - you have sufficient mean-time-between-failures
      * keep doing nothing for now.
-   - Include HTTP status messages in logging (see parse_http_response).
 
    Blue sky or deferred indefinitely:
    - Support egd or other non-OS-integrated strong entropy sources
@@ -390,22 +362,17 @@ Efficiency/speed/robustness:
 
     - why gnutls is bad/not good for tor
 P   - flesh out the rest of the section 6 of the faq
-    - compare 0.1.0.5-rc vs 0.1.0.8-rc memory usage to test out old buffer (1015) vs new buffer (0108) algorithms
 P   - gather pointers to livecd distros that include tor
-    - we should remove our libevent tree from cvs. it's obsolete now.
     - desired contribute.html patch: patches for dir-servers to verify server reachability.
 P   - i want to put the logo on the website, in source form, so people can put it on stickers directly, etc.
-    - i want more pictures from ren. he wants to describe the tor handshake, i want to talk about hidden services.
+    - i want more pictures from ren. he wants to describe the tor
-    o switch accountingmax to count total in+out, not either in or out. it's easy to move in this direction (not risky), but hard to back, out if we decide we prefer it the way it already is. hm.
+      handshake, i want to talk about hidden services.
     - clean up the places where our docs are redundant (or worse, obsolete in one file and correct elsewhere). agl has a start on a global list-of-tor-docs.
 P   - update window's docs to clarify which versions of windows, and why a DOS window, how it's used, for the less technical users
-    - multiple sample torrc files
-P   . os x uninstall click-click script
 
     - write a spec appendix for 'being nice with tor'
     - Hunt for open socks ports on tor servers, send mail
     - tor-in-the-media page
-    - recommended-versions for client / server
     - schanzle@cas.homelinux.org: rpm spec fixes for tor-0.1.0.7.rc
     - start handling server descriptors without a socksport?