aboutsummaryrefslogtreecommitdiff
path: root/doc/TODO.external
blob: ec23f991262396ed4664be521400fd13e391bbf5 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
$Id$
Legend:
SPEC!!  - Not specified
SPEC    - Spec not finalized
N       - nick claims
R       - arma claims
P       - phobos claims
S       - Steven claims
E       - Matt claims
M       - Mike claims
J       - Jeff claims
I       - ioerror claims
W       - weasel claims
K       - Karsten claims
C       - coderman claims
        - Not done
        * Top priority
        . Partially done
        o Done
        d Deferrable
        D Deferred
        X Abandoned

=======================================================================

External constraints:

  - mid October
W   - Finish implementation of directory overhead changes: have a set
      of patches that you think work.

  - end of October
    - Auto update
C     * Get the MSI working and stable for Windows Tor installer.
N     o Come up with an interface to export the package/bundle gloss
        descriptions so Vidalia can display them.
        (Done; see thandy-client json2xml.  Matt was fine with this,
        last I heard.)
E     * Vidalia calls Thandy, learns when to upgrade, requests the upgrade.
?     - Teach our OSX installer to register its version on install

  - end of December
I   - Periodic summaries of localization progress: both pootle and wml.

  - mid January
KS  . Finish testing, debugging, unit testing, etc the hidden service
      changes. Have it in the development version and in use.
W   - Finish testing, debugging, unit testing, etc the directory overhead
      changes. Have it in the development version and in use.
R     - Roger writes a proposal unifying the or-dev discussions
?     - Somebody implements the proposal. Who?
E   - Implement KDE Marble into Vidalia.  In order to improve the user
      interface for easier understanding of circuits and where traffic
      travels, replacing the current Vidalia map with KDE's Marble
      is desired.  KDE's Marble widget gives a better quality map and
      enables improved interactivity.  This is the first step in allowing
      users to choose an exit country, or being able to interact with
      Tor circuits in new ways.

  - end of January
NSE - Write first draft of research study for Paul's research problem.
I   - Periodic summaries of localization progress: both pootle and wml.

  - mid February
S   * Examine current load balancing issues and evaluate trade-offs
      associated with other methods.
      - For each potential routing improvement strategy...
        - Explain method, calculate theoretical impact, estimate likely
          impact, prioritize
        - Establish implementation work plan
        - Document strategy for metrics and evaluation
      - Highlight which items on your list are doable in 2009.

N   - Write a summary of progress toward Overlapped I/O on Windows.

S   - Write a summary of progress toward understanding risks to relays
      (and thus bridges) from letting attackers route traffic through
      them. Eg, if relays have 100KB/s but set relaybandwidthrate to
      10KB/s, do your interference attacks still work?

R   * Revise and publish incentive draft paper
      - Write an explanation for its current flaws
      - Gather comments, search for new designs
      - Write up a summary of recommendations and next steps

W   - Download fewer descriptors
      - Summarize progress so far, on all the different approaches to
        reducing directory download overhead.
        - Measure/estimate impact of each improvement.
      - Build a plan and timeline for implementing the rest.

N   - TLS arms race: Produce a list of likely avenues for blocking,
      and for each avenue summarize a plan for how we should respond to
      get Tor unblocked again.

I   * Email auto-responder
      - Document the design and spec.
        - Describe auto-responder "commands"
        - Describe DKIM requirement (and alternatives)
        - Describe how we're going to localize the text
      - Describe the workflow for a user that wants to know she's got
        the right file. Digitally signed installer? Feed it to the
        updater that recognizes signatures? Other options?
      * How do we better support users with limited email
        bandwidth? Multi-part download? Teach them how to reconnect
        their gmail? Does downloading your gmail work when your network
        keeps dying?

K   - Metrics.
      * Gather and document monthly usage metrics, by country
        - Using Roger's old method of counting users
        - Using Nick's new method of counting users
        - Start playing around with figuring out which one is more
          accurate, or how to combine them to get better guesses,
          or something.
R       * Roger should walk Karsten through applying (and maybe
          updating) the patch for each method, and write a summary
          of what we have tried/guessed so far.
      * Automatically collect and document or publish other monthly
        statistics
        - Total data over time
        - Number, availability and performance of relays
        - Advertised capacity
      - With Mike's help, use Torflow to start doing monthly rudimentary
        performance evaluations:
        - Circuit throughput and latency
        - Measure via Broadband and dialup
      - Make a few graphs of the most interesting public data
      - Publish a report addressing key long-term metrics questions:
        - What metrics should we present?
        - What data are available for these metrics?
        - What data are missing, and can collect them safely? Can we
          publish them safely?
        - What systems are available to present this data?

E   - Vidalia improvements
      - Implement Vidalia presentation of plaintext port warnings
      - Figure out a plan for presenting other Tor status warning events.
      - Move Polipo into the main Vidalia -dev bundle.
      - Vidalia displays by-country user summary for bridge operators
        o Tor sends a status event or something so Vidalia knows what
          to display: "clients_seen"

M   - Network scanning and network health
      - Implement some initial automated scans.
      - Describe a roadmap for how to get from here to plausible,
        long-term security scanning tests for Tor network
      - Document a strategy for incorporating results into directory
        consensus documents. At what phases will we be ready to automate
        which parts? How will we recognize when we are ready?

M   - Torbutton development
      - Keep up with our bugfixes -- build a plan for (or resolve)
        every item in Flyspray, and other known issues like the Google
        captcha issue.
      - Build a strategy for how Torbutton and Vidalia can
        communicate. E.g., what do we do with the 'new identity' button
        in Vidalia?
      * Make Torbutton happy on FF3, especially so TBB can drop FF2.

C   - Transparent interception of connections on Windows
      - Produce prototype, with screenshots for how to install and test.
      - Document open issues, future work, things users need to be aware
        of, etc.

S   - Tor Browser bundle work
      - Use native Vidalia (non-PortableFirefox) launcher for browser
      - Close Browser on clean Vidalia exit
      - Establish feasibility of simultaneous Firefox usage (also
        considering implications for (OpenVPN-style or other) system-wide
        Tor interception)
      - Switch Tor Browser Bundle to Firefox 3, once Torbutton is ready.
      - Decide whether TBB should use Torbutton's "lock" feature.
        http://archives.seul.org/or/cvs/Jun-2008/msg00186.html
I     . Jake learns how to build the TBB and takes over doing new
        releases.

S   - Continue analyzing "traces" left on host machine by use of
      Tor Browser, especially once we have our new launcher and have moved
      to FF3. Write a summary of current progress, and what remains. Try
      to solve some of the low-hanging fruit.

I   - Periodic summaries of localization progress: both pootle and wml.
I   - Collecting user stories
I   - Revise the 'Tor mirror page' so it doesn't list obsolete-looking
      timestamps. Just have two tables, "new enough" and "not new enough".
I   * Get Tor Weather up, stable, and in use by some relay operators.
I   - Get a relay operator mailing list going, with a plan and supporting
      scripts and so on.