[tor-talk] Roger's status report, May 2012
Roger Dingledine
arma at mit.edu
Sat Jun 23 22:20:31 UTC 2012
Hi folks!
As the Tor Project has grown in scope, we've been struggling to keep up
with simultaneously a) doing all the development that needs to be done
(including meeting deliverables for our funders), and b) keeping the
community up-to-date on our in-progress work.
Lately I've been writing monthly status summaries, much like what we have
our GSoC students do. In an effort to be more transparent, I'm going to
start sending them to tor-talk rather than just to the other developers.
Note that I will need to omit or anonymize things sometimes -- some
research groups I meet with don't want to announce their paper draft
until it gets accepted at a conference, some funders don't want the
publicity that would come from admitting their interest in Internet
freedom, etc. I'll try to err on the side of sunlight though.
For those here who are totally taken by surprise by this email (and
the fact that Tor does things :), I encourage you to to lurk on the irc
channels if you want to follow along more closely.
https://www.torproject.org/about/contact#irc
And finally, please do ask questions! Here's your chance to understand my
role in Tor and how it fits with what other people are doing. But since
the root of the problem here has been that we do too many things and
don't have time to do more, please focus on your most burning question(s).
--Roger
------------------------------------------------------------------------
Here's what I said at the beginning of May that I hoped to do:
> - Allocate FOCI papers to reviewers.
Done. We got 20 submissions, and reviewing is ongoing. We'll pick
some in early June.
https://blog.torproject.org/blog/call-papers-free-and-open-communications-internet-foci-workshop
https://www.usenix.org/conference/foci12/
> - Actually release 0.2.2.36, this time for sure, no take-backs.
Done.
https://lists.torproject.org/pipermail/tor-announce/2012-June/000084.html
> - Help Radu put in the NIST proposal.
Done.
We submitted a grant proposal to work with a team of research institutions
on questions around privacy, identity, and mobile. I'll write more
details here if the grant agency turns out to like the proposal.
> - Help Nick and Mike interview and make decisions about core developers.
Done (well, mostly they did it).
https://blog.torproject.org/blog/dedicated-core-tor-developer
https://www.torproject.org/about/jobs-coredev.html.en
Our new core developer is getting up to speed now. I'm really excited
that this will mean Nick can make more progress on core development! I'll
let them make a further announcement when they're ready.
> - I'm going to try to be absent from the world May 11-15.
Done (vacation).
> - May 14 is the PETS stipend deadline. After that I'll help Andrei
> allocate the stipends.
The PETS people wanted us to push the deadline back to June 1. I
dealt with all the mails and allocated stipends in early June.
http://petsymposium.org/2012/stipends
http://petsymposium.org/2012/
> - Get the PETS papers up on the PETS website.
They're up at http://freehaven.net/anonbib/papers/pets2012/
and I will add links to http://petsymposium.org/2012/program.php
but I'm doing a cursory check with Matt first to see if he knows
whether any authors want to keep their papers unpublished for now.
> - Launch a working-group of pluggable transport developers and
> researchers, and make sure they all know about each other.
Not done. I'll aim to get a pluggable transport development page up
on the website in June.
> - Try to help vmon and Zack Weinberg feel more accepted in the
> community, since I'm the backup mentor for vmon's gsoc project.
Ongoing. We succeeded at getting the Stegotorus code approved for
publication by Zack's funders, so vmon's gsoc project can proceed as
planned. You can read vmon's periodic status reports on the tor-dev
mailing list.
Next step is to help get the Stegotorus git repository cleaned up, make
the code itself more functional, and encourage them to make a tech report
version of the paper available.
https://gitweb.torproject.org/stegotorus.git
> - Flesh out more SponsorZ tasks so we're more aware of our future.
Not finished. But you can follow along on our current "I wish we had a
funder for this task so we could spend time on it" task list:
https://trac.torproject.org/projects/tor/wiki/org/sponsors/SponsorZ
> - Help SponsorF come up with metrics by which the SponsorF Red Team
> will judge the project's success.
Not done. I expect more progress in June though -- stay tuned.
> - Rewrite the "how governments and military use Tor" section on the
> webpage, since they actually don't run hidden services to our knowledge,
> but we do have good new stories like IWF's use of Tor.
Not done. More generally, I wish I had some extra weeks to sit down and
update the FAQ and other web pages, since it's been years since I wrote
many of them.
> - I'm going to Oakland
Done.
http://www.ieee-security.org/TC/SP2012/
I talked to a bunch of people, such as
- Micah Sherr, professor at Georgetown, who wants to help us with
ExperimenTor and simulation bugs. I will send him a pile of trac ticket
links around our recent performance simulation problems.
https://trac.torproject.org/projects/tor/wiki/org/roadmaps/Tor/Performance
http://crysp.uwaterloo.ca/software/exptor/
- Rob Cunningham who is Kevin Bauer's new boss. I spent a while trying
to convince Rob that he should have Kevin work on Tor simulation and
performance questions as part of his new job at Lincoln Labs.
http://www.mit.edu/~ke23793/
- Camilo Viecco, who now works for Mozilla on adding privacy features to
Firefox. He has been frustrated so far at getting his commits in: he has
buy-in from the security team, but other teams block his commits with
statements like "it's an arms race we can't win, so don't even bother
trying to make things better". I encouraged him to get his mid-level
manager to play the politics game better on his behalf.
- Tariq Elahi, Ryan Henry, and Tao Wang are grad students from Ian's
group doing interesting things:
http://crysp.uwaterloo.ca/
In particular Tariq is working on a paper showing that we shouldn't
replace guards in our list as soon as they go away, since it significantly
increases the exposure to other guards. I helped Tariq quite a bit with
his paper.
http://cacr.uwaterloo.ca/techreports/2012/cacr2012-11.pdf
But Ryan is working on privacy-preserving ways to gather Tor statistics
data, and I don't have time to help him figure out what most needs
collecting. Please jump in if you're interested.
http://www.cs.uwaterloo.ca/~rhenry/pdf/torstat-poster-Oakland.pdf
- I talked to several anonymous communications professors about having
them use their sabbatical to become the Tor research coordinator. What
we need to replace me as research coordinator is not a grad student --
we need someone who already knows how to set a research agenda and get
other people to do it, i.e. a professor. Several are going on sabbatical
soon, and we could supplement their salary for cheap.
- I spoke at length with the authors of the "Peekaboo" and "LasTor"
papers, and somewhat less with the LAP authors. I'll publish some paper
analyses and summaries on the blog as I get time.
http://freehaven.net/anonbib/#oakland2012-peekaboo
http://freehaven.net/anonbib/#oakland2012-lastor
http://freehaven.net/anonbib/#oakland2012-lap
> - I'll aim to drop by SponsorF and/or Stanford at the end of the month
> to give them some facetime.
I met with Zack Weinberg and Jeroen Massar. I've been working with Zack
to kick SponsorF into making the Stegotorus code available. I think it
will benefit a lot from the light of day -- we've already discovered a
lot of usability issues. I fear that key parts of the underlying design
(like, say, the Stego part) are going to need to be discarded though.
Jeroen is working on their "get lots of bridge addresses and handle
routing traffic through them at the iptables layer" design. They're also
working on a program to take in a blob (e.g. from bridgedb), do some
network interactions, and produce a bridge address -- see also item 7 on
https://trac.torproject.org/projects/tor/wiki/org/sponsors/SponsorF/Year2
I expect that I'm going to have to wrestle them to the ground to make
it open before we can find out if it will be of any use to us or the
world. The wrestling will continue at the upcoming SponsorF meeting
in June. Also stay tuned for their FOCI paper describing the overall
architecture.
I also met with David Fifield, the Flashproxy developer (grad student
at Stanford, and an nmap developer). I now believe that Flashproxy is
ready for further deployment and use by real users. The main drawback
is that the censored users currently need to have a public IP address
(i.e. not be behind a NAT) to use it. I expect as websockets tries
harder to replace Skype, it will be easier for us to do nat piercing
inside the browser and resolve this limitation.
https://gitweb.torproject.org/flashproxy.git/blob/HEAD:/README
http://crypto.stanford.edu/flashproxy/
http://crypto.stanford.edu/flashproxy/flashproxy.pdf
At the upcoming developer meeting in Florence, we should have a discussion
about all these great people doing great work for Tor that aren't hearing
our status report discussions currently. Maybe I should contribute to the
solution by putting my monthly status reports on the blog or on tor-talk.
------------------------------------------------------------------------
Here are some other things I did in May:
- Met with two of Rachel Greenstadt's grad students at Drexel University
who want to do their class project on Tor after seeing our Berlin 28C3
talk. They had wanted to try to measure linkability between exiting
streams on a given circuit. I encouraged them instead to work on
https://trac.torproject.org/projects/tor/ticket/5752
and in particular
https://trac.torproject.org/projects/tor/ticket/5830
- Talked to Nick Feamster at Georgia Tech (soon to be University of
Maryland) about OONI vs his Bismark project. He doesn't think his Bismark
devices are big enough to handle Python, so he's been writing his tests
in lua. I suggested that OONI and Bismark should at least share a common
output format. I think Arturo is right to keep asking him "Are you sure
your devices can't run python? Really sure?"
http://projectbismark.net/
http://ooni.nu/index.html
- Continued to put time into moderating and responding to blog
comments. They've turned into a great source of real bugs, especially
among Windows users. Let me reiterate my hopes for a forum where we can
turn these people into more of a community. If only secure maintainable
forum software existed in the world. [Update: one of our new funders
has included funding to get some forums up and running and maintained --
I'm not sure on the timeframe for it yet though.]
https://blog.torproject.org/
- Turned down an IEEE TDSC academic journal review request, and an IEEE
ToN journal review request, because of IEEE's anti-science publishing
policy.
http://www.researchwithoutwalls.org/
- Our CSET submission comparing Shadow to ExperimenTor got
accepted! Details (including a camera-ready version) coming soon.
https://www.usenix.org/conference/cset12
------------------------------------------------------------------------
Here are some items I expect to do in June:
- Participate in the Q2 Tor directors board meeting, including approving
the updated 2012 budget.
- Understand the open positions in our current budget, what funders
each one maps to, and what the priorities are in terms of spending the
money. Then we can start putting some calls-for-resumes-and-code-samples
up on the website, as well as prioritizing which calls we want to do
when. Unless I ignore all of this until July.
- Get 0.2.3.16-alpha out. Get 0.2.2.37 out. Get 0.2.3.17-alpha out.
- Orchestrate the FOCI discussion and select the program.
- Tell Micah Sherr and Chris Wacek (Georgetown) about the open
simulation questions; and get Rob Jansen (UMN/NRL), Mashael AlSabah
(Waterloo), etc a good summary of the current situation.
- Read and consider http://microsoftjobsblog.com/zen-of-pm so I can
help Adam Shostack help us get a good project manager.
- I have a three hour slot at the SponsorF meeting this month. I'm going
to try to bring everybody there up to speed on everything. While also
letting other people talk for most of the time. Preparing for this talk
will be a big part of my June.
- Meet with Kevin Dyer's lab at Portland State before the SponsorF
meeting. Rob Jansen and Aaron Johnson (NRL) will be joining me.
- Help prepare for the SponsorF site visit that will occur a few days
before PETS. We'll need to provide slides/etc, and likely even call in
and do the phone presentation thing.
- Go to Stamford CT to do a Tor talk for one of Ian's past students.
http://privacyandsecurity.pbiresearch.com/agenda.html
- Write an abstract for the ecrypt talk I'm doing at the workshop
before PETS:
https://www.cosic.esat.kuleuven.be/ecrypt/provpriv2012/invited.html
- Fly to Florence, for the Tor developers meeting and hackfest in July.
https://trac.torproject.org/projects/tor/wiki/org/meetings/2012SummerDevMeeting
https://trac.torproject.org/projects/tor/wiki/org/meetings/2012FlorenceHackfest
------------------------------------------------------------------------
Things I'm still dropping the ball on:
- I wonder if I should follow up with Carol @ google about our obfsproxy
post in February and the interest they expressed in doing a repost on
the gsoc blog.
https://blog.torproject.org/blog/obfsproxy-next-step-censorship-arms-race
http://google-opensource.blogspot.com/
- Transparently document the secteam process, especially since we have
concluded to use it far less often and only for critical security things.
- Answer the thread between Karsten and Jake where we had an excited
volunteer with a clearly useful contribution that we totally dropped on
the floor. Try to generalize the experience to improve our response to new
contributors. We used to be great at it, and lately we're all overloaded.
- Add a "scientific papers" exception to our trademark-faq: I want to give
blanket permission to scientific papers to use the word Tor in their paper
name, so long as they don't go and write software under that name too.
https://www.torproject.org/docs/trademark-faq
- Make a plan for fixing all the "CBT sometimes breaks Tor" issues.
https://trac.torproject.org/projects/tor/ticket/3443
- Try to teach the Virtus Linux guy about how to make a safe Tor distro.
http://sourceforge.net/projects/virtuslinux/
- Start summarizing Tor research papers on the blog more regularly. There
have been a huge number of really important research papers lately,
and most Tor people don't know about them. Should I summarize them on
the blog (for a broader audience), or on tor-dev (for the rest of the
Tor developers), or what?
- Add Zack Weinberg, David Fifield, etc to tor-assistants, so they can
be more integrated into the community. And then to tor-internal. And
then dissolve tor-internal and make us all be transparent again.
- Figure out where we are on the "change our cipher suite" tickets,
and try to help them move forward.
https://trac.torproject.org/projects/tor/ticket/4744
- I need new business cards.
- Get https://trac.torproject.org/projects/tor/wiki/org/sponsors/SponsorA
through D back up on the wiki somewhere (Andrew took them down since
they were concluded, and since they just listed contract deliverables
rather than the progress reports and trac ticket links that we've been
doing for later funders; but we should keep them there for posterity).
More information about the tor-talk
mailing list