revamp the list of volunteer tasks to be closer to 2006.
Roger Dingledine

Roger Dingledine commited on 2006-05-10 05:43:26
Zeige 1 geänderte Dateien mit 74 Einfügungen und 106 Löschungen.

... ...
@@ -18,7 +18,7 @@ services. Get them to tell their friends.</li>
18 18
 <li>We are looking for funding and sponsors. If you like Tor's goals, please
19 19
   <a href="<page donate>">take a moment to donate to support further
20 20
   Tor development</a>. Also, if you know any
21
-  companies, NGOs, or other organizations that want communications
21
+  companies, NGOs, agencies, or other organizations that want communications
22 22
   security, let them know about us.</li>
23 23
 </ol>
24 24
 
... ...
@@ -29,42 +29,32 @@ services. Get them to tell their friends.</li>
29 29
 because we try to use hundreds of sockets, and the
30 30
 Windows kernel doesn't seem capable of handling this. <a
31 31
 href="http://wiki.noreply.org/noreply/TheOnionRouter/WindowsBufferProblems">Please
32
-help us solve this!</a> It is the number one problem with growing
33
-the Tor network currently.</li>
32
+help us solve this!</a> Probably the best solution is to teach libevent
33
+how to use overlapped IO rather than select() on Windows, and then adapt
34
+Tor to the new libevent interface.</li>
34 35
 </ol>
35 36
 
36
-<!--
37
-<a id="Installers"></a>
38
-<h2><a class="anchor" href="#Installers">Installers</a></h2>
39
-<ol>
40
-<li>Matt Edman has written an <a
41
-href="http://freehaven.net/~edmanm/torcp/download.html">NSIS-based
42
-Windows installer bundle that
43
-includes Privoxy and TorCP</a>. Can you help make it more stable and
44
-featureful?
45
-</li>
46
-<li>Develop a way to handle OS X uninstallation
47
-that is more automated than telling people to
48
-<a href="<page docs/tor-doc-osx>#uninstall">manually remove
49
-each file</a>. It needs to have a way to click it into action.</li>
50
-<li>Our <a href="<cvssandbox>tor/tor.spec.in">RPM spec file</a>
51
-needs a maintainer, so we can get back to the business of writing Tor. If
52
-you have RPM fu, please help out.</li>
53
-</ol>
54
--->
55
-
56 37
 <a id="Usability"></a>
57
-<h2><a class="anchor" href="#Usability">Usability and Interface</a></h2>
38
+<h2><a class="anchor" href="#Usability">Supporting Applications</a></h2>
58 39
 <ol>
59
-<li>We need a way to intercept DNS requests so they don't "leak" while
60
-we're trying to be anonymous. (This happens because the application does
61
-the DNS resolve before going to the SOCKS proxy.) One option is to use
62
-Tor's built-in support for doing DNS resolves; but you need to ask via
63
-our new socks extension for that, and no applications do this yet. A
64
-nicer option is to use Tor's controller interface: you intercept the
65
-DNS resolve, tell Tor about the resolve, and Tor replies with a dummy IP
66
-address. When the application makes a connection through Tor to that dummy
67
-IP address, Tor automatically maps it back to the original query.</li>
40
+<li>We need good ways to intercept DNS requests so they don't "leak" their
41
+request to a local observer while we're trying to be anonymous. (This
42
+happens because the application does the DNS resolve before going to
43
+the SOCKS proxy.)</li>
44
+<ul>
45
+<li>We need to <a
46
+href="http://wiki.noreply.org/noreply/TheOnionRouter/TSocksPatches">apply
47
+all our tsocks patches</a> and maintain a new fork. We'll host it if
48
+you want.</li>
49
+<li>We should patch Dug Song's "dsocks" program to use Tor's
50
+<i>mapaddress</i> commands from the controller interface, so we
51
+don't waste a whole round-trip inside Tor doing the resolve before
52
+connecting.</li>
53
+<li>We need to make our <i>torify</i> script detect which of tsocks or
54
+dsocks is installed, and call them appropriately. This probably means
55
+unifying their interfaces, and might involve sharing code between them
56
+or discarding one entirely.</li>
57
+</ul>
68 58
 <li>People running servers tell us they want to have one BandwidthRate
69 59
 during some part of the day, and a different BandwidthRate at other parts
70 60
 of the day. Rather than coding this inside Tor, we should have a little
... ...
@@ -72,52 +62,36 @@ script that speaks via the <a href="<page gui/index>">Tor Controller Interface</
72 62
 and does a setconf to change the bandwidth rate. Perhaps it would run out
73 63
 of cron, or perhaps it would sleep until appropriate times and then do
74 64
 its tweak (that's probably more portable). Can somebody write one for us
75
-and we'll put it into <a href="<cvssandbox>tor/contrib/">tor/contrib/</a>?</li>
76
-<li>We have a variety of ways to <a
65
+and we'll put it into <a href="<cvssandbox>tor/contrib/">tor/contrib/</a>?
66
+This is a good entry for the <a href="<page gui/index>">Tor GUI
67
+competition</a>.</li>
68
+<li>Tor can <a
77 69
 href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#ChooseEntryExit">exit
78
-the Tor network from a particular country</a>, but they all
79
-require specifying the nickname of a particular Tor server. It
80
-would be nice to be able to specify just a country, and
81
-have something automatically pick. This requires having some
82
-component that knows what country each Tor node is in. The <a
83
-href="http://serifos.eecs.harvard.edu/cgi-bin/exit.pl">script on
84
-serifos</a> manually parses whois entries for this. Maybe geolocation
85
-data will also work?</li>
70
+the Tor network from a particular exit node</a>, but we should be able
71
+to specify just a country and have something automatically pick. The
72
+best bet is to fetch Blossom's directory also, and run a local Blossom
73
+client that fetches this directory securely (via Tor and checking its
74
+signature), intercepts <tt>.country.blossom</tt> hostnames, and does
75
+the right thing.</li>
86 76
 <li>Speaking of geolocation data, somebody should draw a map of the Earth
87 77
 with a pin-point for each Tor server. Bonus points if it updates as the
88
-network grows and changes.</li>
89
-<li>Tor provides anonymous connections, but we don't support
90
-keeping multiple pseudonyms in practice (say, in case you
91
-frequently go to two websites and if anybody knew about both of
92
-them they would conclude it's you). We should find a good approach
93
-and interface for handling pseudonymous profiles in Tor. See <a
94
-href="http://archives.seul.org/or/talk/Dec-2004/msg00086.html">this
95
-post</a> and <a
96
-href="http://archives.seul.org/or/talk/Jan-2005/msg00007.html">followup</a>
97
-for details.</li>
78
+network grows and changes. Unfortunately, the easy ways to do this involve
79
+sending all the data to Google and having them draw the map for you. How
80
+much does this impact privacy, and do we have any other good options?</li>
98 81
 </ol>
99 82
 
100 83
 <a id="Documentation"></a>
101 84
 <h2><a class="anchor" href="#Documentation">Documentation</a></h2>
102 85
 <ol>
103
-<li>Please volunteer to help maintain this website: code, content,
104
-css, layout. Step one is to hang out on the IRC channel until we
105
-get to know you.</li>
106
-<li>We have too much documentation --- it's spread out too much and
107
-duplicates itself in places. Please send us patches, pointers, and
108
-confusions about the documentation so we can clean it up.</li>
109
-<li>Help translate the web page and documentation into other
110
-languages. See the <a href="<page translation>">translation
111
-guidelines</a> if you want to help out. We also need people to help
112
-maintain the existing Italian, French, and Swedish translations -
113
-see the <a href="<page translation-status>">translation status
114
-overview</a>.</li>
115
-<li>Investigate privoxy vs. freecap vs. sockscap for win32 clients. Are
116
-there usability or stability issues that we can track down and
117
-resolve, or at least inform people about?</li>
118
-<li>Can somebody help Matt Edman with the documentation and how-tos
119
-for his <a href="http://freehaven.net/~edmanm/torcp/">Windows Tor
120
-Controller</a>?</li>
86
+<li>We hear that Tor users can fall victim to anonymity-breaking attacks
87
+from javascript, java, activex, flash, etc, if they don't disable
88
+them. Are there plugins out there (like NoScript for Firefox) that make
89
+it easier for users to manage this risk? What is the risk exactly?</li>
90
+<li>Is there a full suite of plugins that will replace all of Privoxy's
91
+functionality for Firefox 1.5+? We hear Tor is much faster when you take
92
+Privoxy out of the loop.</li>
93
+<li>Please help Matt Edman with the documentation and how-tos for his
94
+<a href="http://vidalia-project.net/">Tor Controller</a>.</li>
121 95
 <li>Evaluate and document
122 96
 <a href="http://wiki.noreply.org/wiki/TheOnionRouter/TorifyHOWTO">our
123 97
 list of programs</a> that can be configured to use Tor.</li>
... ...
@@ -127,29 +101,31 @@ and freecap (Windows) seem to be good candidates.</li>
127 101
 <li>We have a huge list of <a href="http://wiki.noreply.org/noreply/TheOnionRouter/SupportPrograms">potentially useful
128 102
 programs that interface to Tor</a>. Which ones are useful in which
129 103
 situations? Please help us test them out and document your results.</li>
104
+<li>Help translate the web page and documentation into other
105
+languages. See the <a href="<page translation>">translation
106
+guidelines</a> if you want to help out. We also need people to help
107
+maintain the existing Italian, French, and Swedish translations -
108
+see the <a href="<page translation-status>">translation status
109
+overview</a>.</li>
130 110
 </ol>
131 111
 
132 112
 <a id="Coding"></a>
133 113
 <h2><a class="anchor" href="#Coding">Coding and Design</a></h2>
134 114
 <ol>
135
-<li>We recommend Privoxy as a good scrubbing web proxy, but it's
136
-<a href="http://wiki.noreply.org/noreply/TheOnionRouter/PrivoxyPatches">unmaintained and still has bugs</a>, especially on Windows. While we're at
137
-it, what sensitive information is not kept safe by Privoxy? Are there
138
-other scrubbing web proxies that are more secure?</li>
139
-<li>tsocks appears to be unmaintained: we have collected <a
140
-href="http://wiki.noreply.org/noreply/TheOnionRouter/TSocksPatches">several
141
-patches</a> that need to be applied. Can somebody help us push these
142
-upstream, and if that fails volunteer to start maintaining a new tsocks
143
-branch? We'll help.</li>
144
-<li>Right now the hidden service descriptors are being stored on just a few
145
-directory servers. This is bad for privacy and bad for robustness. To get
146
-more robustness, we're going to need to make hidden service descriptors
147
-even less private because we're going to have to mirror them onto many
148
-places. Ideally we'd like to separate the storage/lookup system from the
149
-Tor directory servers entirely. Any reliable distributed storage system
150
-will do, as long as it allows authenticated updates. As far as we know,
151
-no implemented DHT code supports authenticated updates. What's the right
152
-next step?</li>
115
+<li>Right now the hidden service descriptors are being stored on just a
116
+few directory servers. This is bad for privacy and bad for robustness. To
117
+get more robustness, we're going to need to make hidden service
118
+descriptors even less private because we're going to have to mirror them
119
+onto many places. Ideally we'd like to separate the storage/lookup system
120
+from the Tor directory servers entirely. The first problem is that we need
121
+to design a new hidden service descriptor format to a) be ascii rather
122
+than binary for convenience; b) keep the list of introduction points
123
+encrypted unless you know the <tt>.onion</tt> address, so the directory
124
+can't learn them; and c) allow the directories to verify the timestamp
125
+and signature on a hidden service descriptor so they can't be tricked
126
+into giving out fake ones. Second, any reliable distributed storage
127
+system will do, as long as it allows authenticated updates, but as far
128
+as we know no implemented DHT code supports authenticated updates.</li>
153 129
 <li>Tor exit servers need to do many DNS resolves in parallel. But
154 130
 gethostbyname() is poorly designed --- it blocks until it has finished
155 131
 resolving a query --- so it requires its own thread or process. So Tor
... ...
@@ -173,34 +149,26 @@ just for buffers. We need better heuristics for when to shrink/expand
173 149
 buffers. Maybe this should be modelled after the Linux kernel buffer
174 150
 design, where you have many smaller buffers that link to each other,
175 151
 rather than monolithic buffers?</li>
176
-<li>How do ulimits work on Win32, anyway? We're having problems,
177
-especially on older Windowses with people running out of file
178
-descriptors, connection buffer space, etc. (We should handle
179
-WSAENOBUFS as needed, look at the MaxConnections registry entry,
180
-look at the MaxUserPort entry, and look at the TcpTimedWaitDelay
181
-entry. We may also want to provide a way to set them as needed. See <a
182
-href="http://bugs.noreply.org/flyspray/index.php?do=details&amp;id=98">bug
183
-98</a>.)</li>
184
-<li>Patches to Tor's autoconf scripts. First, we'd like our configure.in
185
-to handle cross-compilation, e.g. so we can build Tor for obscure
186
-platforms like the Linksys WRTG54. Second, we'd like the with-ssl-dir
187
-option to disable the search for ssl's libraries.</li>
188 152
 <li>Implement reverse DNS requests inside Tor (already specified in
189 153
 Section 5.4 of <a href="<cvssandbox>tor/doc/tor-spec.txt">tor-spec.txt</a>).</li>
190 154
 <li>Perform a security analysis of Tor with <a
191 155
 href="http://en.wikipedia.org/wiki/Fuzz_testing">"fuzz"</a>. Determine
192 156
 if there are good fuzzing libraries out there for what we want. Win fame by
193 157
 getting credit when we put out a new release because of you!</li>
194
-<li>How hard is it to patch bind or a DNS proxy to redirect requests to
195
-Tor via our <a href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#CompatibleApplications">tor-resolve socks extension</a>? What about to convert UDP DNS
196
-requests to TCP requests and send them through Tor?</li>
158
+<li>How hard is it to patch bind or a
159
+DNS proxy to redirect requests to Tor via our <a
160
+href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#CompatibleApplications">tor-resolve
161
+socks extension</a>? dsocks already does this on BSD. What about to
162
+convert UDP DNS requests to TCP requests and send them through Tor?</li>
197 163
 <li>Tor uses TCP for transport and TLS for link
198 164
 encryption. This is nice and simple, but it means all cells
199 165
 on a link are delayed when a single packet gets dropped, and
200 166
 it means we can only reasonably support TCP streams. We have a <a
201 167
 href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#TransportIPnotTCP">list
202
-of reasons why we haven't shifted to UDP transport</a>, but it would be
203
-great to see that list get shorter.</li>
168
+of reasons why we haven't shifted to UDP transport</a>, but it would
169
+be great to see that list get shorter. We also have a proposed <a
170
+href="<cvssandbox>tor/doc/tor-spec-udp.txt">specification for Tor and
171
+UDP</a> &mash; please let us know what's wrong with it.</li>
204 172
 <li>We're not that far from having IPv6 support for destination addresses
205 173
 (at exit nodes). If you care strongly about IPv6, that's probably the
206 174
 first place to start.</li>
207 175