tor-webwml.git

@@ -197,6 +197,22 @@

     students. So if you haven't filled up your summer plans yet, please

     consider spending some time working with us to make Tor better!

     </p>

+    

+    <h2><a class="anchor" href="#Template">Application Examples</a></h2>

+    

+    <p>

+    Below are examples of some GSoC applications from previous years we liked.

+    The best applications tend to go through several iterations so you're

+    highly encouraged to send drafts early.

+    </p>

+    

+    <ul>

+      <li><h4><a href="http://tor.spanning-tree.org/proposal.html">DNSEL Rewrite</a> by Harry Bock</h4></li>

+      <li><h4><a href="http://kjb.homeunix.com/wp-content/uploads/2010/05/KevinBerry-GSoC2010-TorProposal.html">Extending Tor Network Metrics</a> by Kevin Berry</h4></li>

+      <li><h4><a href="../about/gsocProposal/gsoc10-proposal-soat.txt">SOAT Expansion</a> by John Schanck</h4></li>

+      <li><h4><a href="http://www.atagar.com/misc/gsocBlog09/">Website Pootle Translation</a> by Damian Johnson</h4></li>

+    </ul>

+    

   </div>

   <!-- END MAINCOL -->

   <div id = "sidecol">

@@ -0,0 +1,164 @@

+1. What project would you like to work on? Use our ideas lists as a starting

+point or make up your own idea. Your proposal should include high-level

+descriptions of what you're going to do, with more details about the parts you

+expect to be tricky. Your proposal should also try to break down the project

+into tasks of a fairly fine granularity, and convince us you have a plan for

+finishing it.

+

+The Snakes on a Tor exit scanner has the potential to dramatically improve the

+safety of Tor users by ferreting out misconfigured and malicious exit nodes.

+At present it suffers from certain stability issues which prevent it from being

+run for long periods of time, and from an overabundance of false positives in

+the results it generates. While I would ideally like to work on designing new

+routines for detecting subtle content modifications and for better handling

+dynamic content -- the issues of stability and false positives need to be

+addressed first. I've begun looking at the SoaT source code and running some

+preliminary experiments, identifying several small stability issues. In the

+coming weeks I'll begin to collect a body of false positives which I'll study

+and design new filters around. The most difficult part of this project may be

+determining what actual positive results look like, and developing a threat

+model that predicts the kinds of modifications which malicious exit nodes are

+likely to make. I'm sure this question has been addressed by members of the Tor

+community, so much of my early work this summer will involve talking to

+community members to better understand the kinds of malicious exit nodes which

+have been seen in the past, and determining how well the current SoaT

+implementation performs against these known attacks.

+

+Timeline:

+   April 26 - May 24:

+

+    *  Start to get an idea of what the threat model looks like, continue

+       performing stability tests and gathering a diverse collection of results

+       to study.

+

+   May 24 - June 17:

+

+    * Throw everything I can at SoaT - make it crash and fix the bugs.

+    * Keep collecting data!

+

+   June 17 - July 17:

+

+    * In depth analysis of false positives. Use both false positives and real

+      modifications (or modifications generated by myself which emulate the

+      types of things predicted by the threat model) to develop a data set that

+      SoaT's filters can be evaluated against offline.

+

+    * Use the data set to improve existing filters and create new ones.

+

+  July 17 - August 2:

+     Here the timeline splits depending on progress thus far.

+     Case 1 - There are still too many false positives:

+

+    * Keep developing new filters and tuning old ones.

+

+      Case 2 - False positives have been reduced to an acceptable level:

+

+    * Get SoaT running full time on a dedicated machine. Improve reporting so

+      that SoaT can communicate its suspicions to the Tor team.

+    * Start drafting plans for improving the system.

+

+   August 2 - 16:

+

+    * Perform an extensive test of the system and write up a report of where it

+    * does well and what can be improved.

+

+

+2. Point us to a code sample: something good and clean to demonstrate that you

+know what you're doing, ideally from an existing project.

+

+I'm one of the two lead developers for the Anomos project, the code for which

+can be browsed here [https://git.anomos.info/?p=anomos.git;a=summary].

+

+Anomos is in Python, and I handle almost all of the network code (which makes

+extensive use of SSL), so this project is particularly representative of where

+my skill set intersects with that needed to work on SoaT.

+

+

+3. Why do you want to work with The Tor Project / EFF in particular?

+

+I think Tor is one of the most important free software projects in development

+today - I'm very interested in the political issues surrounding access to

+information, and have been an EFF member for several years now. Tor has also

+been the primary inspiration for my work on Anomos. What particularly attracts

+me about Tor is the sustained emphasis its developers have placed on making it

+a platform for research. This emphasis has attracted a large community of

+skilled anonymity researchers with whom I would be honored to work with and

+learn from as I continue my study of anonymity and begin to conduct my own

+research.

+

+

+4. Tell us about your experiences in free software development environments. We

+especially want to hear examples of how you have collaborated with others

+rather than just working on a project by yourself.

+

+I develop all of my own software under free licenses and make an effort to work

+in groups as often as possible. Anomos, the largest project I've worked on,

+would not have been possible in a non-free environment. It has received

+tremendous support from the community in terms of development, debugging,

+translation, documentation, and testing - the project simply would not have

+been possible without support from the free software community.  I run free

+software on all of my computers, and make an active effort to report or patch

+bugs whenever possible.

+

+

+5. Will you be working full-time on the project for the summer, or will you

+have other commitments too (a second job, classes, etc)? If you won't be

+available full-time, please explain, and list timing if you know them for other

+major deadlines (e.g. exams). Having other activities isn't a deal-breaker, but

+we don't want to be surprised.

+

+I will be available full-time to work on Tor. I plan on attending a couple

+conferences and spending a lot of time outdoors, but that won't take me away

+from my work for more than a few days.

+

+

+6. Will your project need more work and/or maintenance after the summer ends?

+What are the chances you will stick around and help out with that and other

+related projects?

+

+My project will almost certainly be completed during the summer.  That said,

+I'm very likely to remain active with the Tor project after the summer. I'm

+currently planning on conducting anonymity research as a large part of my

+undergraduate thesis work and would love for that work to involve Tor.

+

+

+7. What is your ideal approach to keeping everybody informed of your progress,

+problems, and questions over the course of the project? Said another way, how

+much of a "manager" will you need your mentor to be?

+

+Especially when it comes to a project I'm really interested in - I'm extremely

+self motivated and require very little management. I generally check in with a

+project manager once per week unless a problem or question arises. I make

+extensive use of version control software, commit frequently, and keep my work

+in a publicly accessible repositories, so my mentor will be able to monitor my

+progress at their leisure. I'm also happy to blog or otherwise communicate my

+progress on a regular basis to the project community.

+

+

+8. What school are you attending? What year are you, and what's your

+major/degree/focus? If you're part of a research group, which one?

+

+I'm in my third year at Hampshire College studying computer science with a

+focus on distributed and peer-to-peer systems. I occasionally work at the

+University of Massachusetts, Amherst conducting BitTorrent research under Arun

+Venkataramani.

+

+

+9. How can we contact you to ask you further questions? Google doesn't share

+your contact details with us automatically, so you should include that in your

+application. In addition, what's your IRC nickname? Interacting with us on IRC

+will help us get to know you, and help you get to know our community.

+

+   You can email me: john@anomos.info

+        GPG Key ID: 0xA1D39D09

+        GPG Fingerprint: 7131 3E78 7500 3BB2 FCDD  FA97 91ED 834D A1D3 9D09

+   Instant message me via XMPP: john@anomos.info

+   Or talk to me on IRC: susurrusus on OFTC (I idle in #tor)

+

+

+10. Is there anything else we should know that will make us like your project

+more?

+

+The project I've proposed here is just a starting point - I think I have a lot

+to bring to the Tor project and that this summer will just be the start of a

+lasting academic relationship with the community.