[tor-reports] Things Nick did in February

Nick Mathewson nickm at torproject.org
Fri Feb 28 19:10:03 UTC 2014 

In February, I:

  * Finished (I hope) our OOM defenses with an implementation of ticket
    #10169.  Pending review.

  * Revised proposals 220 and 224, and wrote proposal 228, for improved
    security in our key management and hidden services.

  * Wrote proposal 227 in order to help the TBB team with some of
    their update and secure-install efforts.

  * Scrambled to get more patches merged into Tor for putting out new
    0.2.5 and 0.2.4 releases. Fun ones include:

      * 9777: Always use at least one ntor hop in each multihop circuit.
        This will help security against any adversary who manages to
        break 1024-bit crypto.

      * 5018: Launch pluggable transport proxies only on demand.

      * "make check" now runs extra tests if you have Python installed

      * 10777: Avoid circuit-relaunching on certain kinds of stream
        failure at the exit node.

      * 10722: ExcludeNodes tripping up hidden service directory
        selection.

      * 10543: New "can we build enough paths" logic in 0.2.4 was
        getting confused by extensive ExcludeNodes lists.

      * 4900: Use siphash to avoid hashtable-based DoS attacks.

    (These are not all of my patches, these are not all the patches I
    merged, and many of them were written by others.)

  * Attending the dev meeting, and worked with lots of other to try to
    make lots of Tor's efforts go more smoothly.  I tried to get
    everybody I could writing some C.  Notable discussions include but
    aren't limited to:

       * How to make guard nodes more secure.

       * How to handle the Tor development process more proactively.

  * Came up with a new way of managing tickets and milestones in Tor
    which (I hope) will make more frequent releases easier.  Sent email
    to tor-dev about it.

  * Began writing a long-term roadmap for what tor (the program) needs
    for its future development.  (Much more work needed.)

  * Had our first actual "tor dev IRC meeting" in a long time.  With
    luck, they'll be weekly.

  * Worked on a list of good ideas for GSoC projects in Tor.  Sent it to
    Damian, who fixed my formatting and put it on the website.


In March I must:

  * Triage everything in 0.2.5.

  * Cut my backlog of needs_review tickets a lot.

  * Merge #10169, and get more releases out.

  * Finish a solid draft for a Tor roadmap

  * Write a draft for a guard-improvement proposal.

  * Review PETS papers.

More information about the tor-reports mailing list