The Wilmington Watch: A Tor Network Team Hackfest asn July 02, 2017 The Tor network team is a small team responsible for developing the core Tor daemon. We're located around the globe, so we periodically meet in person for team hackfests to keep our team fresh and and up to date with all things Tor, and to fast-track features and improvements. Previously, we've met for hackfests in Arlington and Montreal, and for our latest meeting, we met in Wilmington, Delaware, a town revered for its yearly Italian Festival. To better understand the geographical setting of this meeting, go to Trenton, New Jersey, USA, hop into a Delaware river riverboat, then follow the flow south; after about 60 miles you will eventually see a town named Wilmington on your right. This small town hosted us for a few days while we worked on making Tor stronger and safer. What went down We worked intensely for several days and nights, researching, planning, and cooking meals for each other. Here is a small fraction of the topics we worked on: We schemed on about the Tor modularization project which aims to clean up and organize our codebase into nice and tidy abstract modules. Cleaning and modularizing our code not only reduces technical debt, but also allows us to eventually rewrite those submodules into higher-level languages such as Rust, D or APL. That last part is not science-fiction; as of a month ago, Tor's build system is capable of building and linking code modules written in Rust. We are now actively working on implementing the protover subsystem into Rust as our first prototype module. As part of the security discussion, we talked about the new padding defenses that were recently added to Tor and provide cover to Tor circuits against traffic analysis. We made plans for future padding techniques and defenses. We also briefed up the whole team on how our new entry guard picking algorithm works to enhance the security of Tor clients and protects them against local network attacks. We planned various defenses against hidden service guard discovery attacks, as well as alternative onion routing path algorithms. Our next step for improving guard security is to simulate alternative path construction algorithms and evaluate their performance and security guarantees. We discussed KIST, an alternative network scheduler and congestion management logic for Tor which offers improved circuit performance and cleaner network tubes. KIST is currently under active development, so we roadmapped and planned for how to get it included upstream. We talked about our code testing techniques and how to improve them. We discussed the necessity of regression tests, the need to improve our integration tests, and also the future of our fuzzing framework. (Feel free to get in touch if you want to help improve our tests!) We all shared our experiences and thoughts on our beloved tool for ticket tracking and project management: Trac. We discussed ways we could improve our Trac workflows and also alternative tools we could potentially try (e.g. Gitlab). Transitioning to another tool is not so easy, though; since our Trac instance contains 10+ years of Tor history, we need to make sure we don't lose any information. We stayed for about 5 days in town doing all these things and more. Then on a Friday afternoon as the Wilmington Italian Festival was setting up for yet another day, we jumped on trains, planes, and buses and moved on to other places and stories. Life goes on, and the same goes for Tor development. We're committed to being open and transparent about our work, and we hope you enjoyed this post. Keep on hacking. Sponsor your own hackfest If you find these sort of hackfests exciting, and you would like to host or sponsor one, don't hesitate to get in touch us at press@torproject.org with "Hackfest" in the subject line. Continue reading...
