The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2021-01-30T22:56:52Zhttps://gitlab.torproject.org/tpo/tpa/gitlab/-/issues/29document how to use GitLab through email2021-01-30T22:56:52ZGabagaba@torproject.orgdocument how to use GitLab through email(Note: this is just for issues right now as I've not been dealing with merge requests lately. But a bunch of the notes below should apply to them, too)
@gk started writing this and I'm moving it into an issue.
**Creating a new issue**
...(Note: this is just for issues right now as I've not been dealing with merge requests lately. But a bunch of the notes below should apply to them, too)
@gk started writing this and I'm moving it into an issue.
**Creating a new issue**
Clicking on the per project issues gives a link at the bottom of the page, say "Email a new issue to this project".
That link should go into the From of your email. The subject is the title of the issue and the body the description. You can start right away using shortcuts in the body, like /assign @foo, /estimate 1d etc. (see: https://docs.gitlab.com/ee/user/project/issues/managing_issues.html#new-issue-via-email for more details)
**Adding a comment to an existing issue**
Replying to an existing comment
You need to have notifications enabled for this part and then just reply to the particular comment as you would reply to an email in a thread (see: https://docs.gitlab.com/ee/administration/reply_by_email.html for more details)
Creating a new comment
This is not easily doable right now (see: https://gitlab.com/gitlab-org/gitlab/-/issues/18816). However, it works if you have notifications enabled and then reply to any notification email for the issue of interest by replacing everything that would get quoted with the comment you want to add. This works as well with shortcuts like /estimate 1d or /spend -1h (note: for those you won't get notification emails back, though, while for others like /assign @foo you would).
**Using quick actions to update an issue**
There are a bunch of quick actions available which are handy to update an issue (see: https://gitlab.torproject.org/help/user/project/quick_actions.md). As mentioned above they can be sent by email as well, both within a comment (be it as a reply to a previous one or in a new one) or just instead of it. So, if you for example want to update the amount of time spent on ticket $foo by one hours, find any notification email for that issue and reply to it by replacing any quoted text with "/spend 1h".anarcatanarcathttps://gitlab.torproject.org/tpo/tpa/gitlab/-/issues/28How we are going to use Gitlab for organizing projects and Tor's work2020-11-13T17:50:19ZGabagaba@torproject.orgHow we are going to use Gitlab for organizing projects and Tor's work- [ ] ***CONVERT THIS THREAD INTO DOCUMENTATION* (Tails example https://tails.boum.org/contribute/working_together/GitLab/)**
Attention @tpo/core @tpo/ux @tpo/metrics @tpo/anti-censorship @tpo/community @tpo/applications @tpo/tpa
We ...- [ ] ***CONVERT THIS THREAD INTO DOCUMENTATION* (Tails example https://tails.boum.org/contribute/working_together/GitLab/)**
Attention @tpo/core @tpo/ux @tpo/metrics @tpo/anti-censorship @tpo/community @tpo/applications @tpo/tpa
We have [user stories](#26) for how we need to use Gitlab. I'm writing down here a proposal on how to use Gitlab, open up for discussion.
**SPONSOR/PROJECT PLANNING AND WORK**
- To track a sponsor's project, including how much time there is for the project and what is still not assigned (pm user stories #26):
Create a milestone per objective of the project OR for the whole project, depending on size. The milestone should be in the group that includes all groups working on this project. Examples:
* For OnionPerf https://gitlab.torproject.org/groups/tpo/metrics/-/milestones/1
* For objectives in the Sponsor 30: https://gitlab.torproject.org/groups/tpo/-/milestones/4
Each milestone will have:
* dates when the project/objective starts or end
* information about the project or objective
* all the tickets that need to be completed with this milestone
To mark that a ticket could be in a specific sponsor/project:
* Mark that ticket with the label for the sponsor. For example label 'Sponsor 55'. The tickets with this label may not go into the sponsor but are a possible fit for it.
To divide objectives/tickets into smaller tasks (dev stories for sponsor planning):
* Create an issue for that objective with the label 'project'
* In that issue write down a list of "children" that are the tasks that need to be completed. Each child is a new issue. Example: https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/31274
**RELEASE PLANNING**
To decide which open bugs must be finished before we can put out the next release.
* Create a milestone for each release. The milestone will be at the level of the team's group or project. For example:
* Tor 0.4.4 https://gitlab.torproject.org/groups/tpo/-/milestones/tor-044x-final?title=Tor%3A+0.4.4.x-final
* Tor unspecified https://gitlab.torproject.org/groups/tpo/-/milestones/tor-unspecified?title=Tor%3A+unspecified
**TEAM WORK**
To organize work per team or per project (TBB, tor, onionperf, etc):
* Create a kanban board where we can set stacks with:
* backlog: indicates all the work that we have planned to do
* next: indicates all the work that we are doing in the next sprint. (decide with your lovely PM and your team how long your sprint should be)
* doing: indicates all the tickets that people are working on right now
* needs review: some teams needs this label to indicate the tickets/issues that needs somebody to review them.
* Each "stack" in the board will be a label. The labels that we are all using for this are: backlog, next, doing, needs review.
* The issues at the top of the stack are the ones with the most priority in that stack.
For example:
1. OnionPerf https://gitlab.torproject.org/tpo/metrics/onionperf/-/boards
1. SysadminXs https://gitlab.torproject.org/groups/tpo/tpa/-/boards
1. Network https://gitlab.torproject.org/groups/tpo/core/-/boards
**To decide on what to work next**
* There is this neat place where you can see all the issues assigned to you, issues that you were mentioned in, merge requests. https://gitlab.torproject.org/dashboard/todos
**To assign reviews**
* Issues in Gitlab do not have a review but merge requests do have them. To work around this (as we still need to mark down issues for review) we will have labels at the project or group level (not TPO level) to mark who is reviewing which issue. The labels will be "review-by-X" with X the name of the person.
**COMMUNICATION BETWEEN TEAMS**
In an issue you can mention a group (for example @core) and that issue gets into the dashboard of all the people in that group. Use this power with responsability.
**REPORTING BUGS**
We still do not have signups in Gitlab so for now people have to send a mail to gitlab-admin@torproject.org to be able to get an account in Gitlab. Once they have an account they can easily report a bug in https://gitlab.torproject.org/groups/tpo/-/boards or https://gitlab.torproject.org/groups/tpo/-/issues
I'm not totally sure if that board in TPO is the best one so we need to think a little more about how to show all the work happening as well as all the work to be done in the whole organization. https://gitlab.torproject.org/groups/tpo/-/boards
I would like to add issue templates to all projects so people can easily follow the template to post the information that we need from the issue. Example: https://gitlab.torproject.org/ahf/lobby/-/issues/new?issue%5Bassignee_id%5D=&issue%5Bmilestone_id%5D=
**Templates** to report a bug should contain:
* summary
* steps to reproduce
* expected results
* actual results
* version that the bug was found in
For people to search between all the issues in TPO (if they for example want to check all the issues they authored) they can do it in https://gitlab.torproject.org/groups/tpo/-/issues
**VOLUNTEERING WORK**
To help volunteers I think we could have labels that help people find something they can collaborate to:
* Documentation
* 1st contribution
**We are discussing email interaction with Gitlab on #29**
**We are discussing labels in #4**
Please, make commments, things that may not work, something that I maybe forgot.Gabagaba@torproject.orgGabagaba@torproject.orghttps://gitlab.torproject.org/tpo/web/support/-/issues/115Update "How to report bug or feedback" and remove Trac2020-08-27T16:32:19ZGusUpdate "How to report bug or feedback" and remove TracSince we're moving from Trac, we will need to update our documentation to explain how to report bug or give feedback.
http://4bflp2c4tnynnbes.onion/misc/bug-or-feedback/Since we're moving from Trac, we will need to update our documentation to explain how to report bug or give feedback.
http://4bflp2c4tnynnbes.onion/misc/bug-or-feedback/https://gitlab.torproject.org/tpo/tpa/gitlab/-/issues/21publish the migration source code2021-10-21T15:14:10Zanarcatpublish the migration source codeit would be great to have the migration source code public, if that is safe at all.
it would serve a few purposes:
1. it would allow us to diagnose problems better if they come up
2. it would give good examples on how to talk to the ...it would be great to have the migration source code public, if that is safe at all.
it would serve a few purposes:
1. it would allow us to diagnose problems better if they come up
2. it would give good examples on how to talk to the API
3. it would show others how we did it
Of course the code would need to be sanitized for secrets, but it doesn't have to be clean.Alexander Færøyahf@torproject.orgAlexander Færøyahf@torproject.orghttps://gitlab.torproject.org/tpo/tpa/gitlab/-/issues/15User permissions in TPO2023-12-05T18:45:51ZGabagaba@torproject.orgUser permissions in TPO- [ ] Move this into guides/documentation
- [ ] Include clear criteria on when to create an account in gitlab and how to assign permissions.
- [x] Can somebody else review who has permission to what group under tpo? Right now we have
tp...- [ ] Move this into guides/documentation
- [ ] Include clear criteria on when to create an account in gitlab and how to assign permissions.
- [x] Can somebody else review who has permission to what group under tpo? Right now we have
tpo:
* gaba - owner
* isabela - reporter
* roger - reporter
core:
* dgoulet - owner
* asn - owner
* nickm - owner
* ahf - owner
* gaba - owner
tpa:
* ahf-admin - owner
* hiro - owner
* weasel - owner
* gaba - owner
applications:
* acat - owner
* ahf-admin - owner
* antonela - owner
* sysrqb - owner
* gk - owner
* brade - developer
* mcs - developer
* bolkm - developer
* gaba - owner
ux:
* antonela - owner
* diogosergio - maintainer
* pili - maintainer
* emmapeel - maintainer
* torproject-pusher - maintainer
* nah - develper
* dunqan - developer
* gaba - owner
community:
* gus - owner
* pili - owner
* kat - guest
* alison - mantainer
* kushal - developer
* emmapeel - developer
* gaba - owner
metrics:
* ahf-admin - owner
* karsten - owner
* acute - developer
* djackson - developer
* phw - developer
* gaba - owner
anti-censorship:
* cohosh - owner
* phw - owner
* hiro- developer
* arma - developer
* gaba - owner
* antonela - developer
network health:
* dgoulet - owner
* gk - owner
* phw - owner
* arma - owner
* gaba - owner
web:
* gus - owner
* hiro - mantainer
* pili - maintainer
* emmapeel - maintainer
* torproject-ppusher - maintainer
* antonela - developer
* stephw - developer
* protechthor-guest - developer
* clash - reporter
* arma - reporter
* aya - developer
* bunnyapocalypse-guest - guest
* nemaniarjun-guest - guest
* claromes-guest - guest
* jacobo-guest - guest
* kjedidiahpark-guest - guest
* raviteja-guest
* rotationmatrix-guest - guest
* jaruga - guest
* gaba - owner
scalability:
* mikeperry - maintainer
* arma - maintainer
* gaba - owner
external users:
* all contributors that are not in a specific group/team. Limit projects creation to 5.
What should we change? I think we should at least remove admin users from ownership. They already have access to everything.
Permissions and roles in Gitlab: https://gitlab.torproject.org/help/user/permissionshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40005Review advice on VPN use during onboarding2022-03-21T20:08:35ZAntonelaantonela@torproject.orgReview advice on VPN use during onboardingMany first-time users are attempting to configure VPNs on Tor Browser, some of whom mistakenly believe VPN usage is critical to protecting their privacy.
This ticket is to review the existing onboarding flow as an education opportunity ...Many first-time users are attempting to configure VPNs on Tor Browser, some of whom mistakenly believe VPN usage is critical to protecting their privacy.
This ticket is to review the existing onboarding flow as an education opportunity and amend as required to provide up to date advice on VPN use.
Consider this as a reference ticket to: https://gitlab.torproject.org/legacy/trac/-/issues/30514https://gitlab.torproject.org/tpo/applications/tor-browser-spec/-/issues/21566Document Tor Browser hardening in the Tor Browser design document2021-06-25T15:44:23ZGeorg KoppenDocument Tor Browser hardening in the Tor Browser design documentWe compile Tor Browser with different hardening flags for different platforms we should document that in our design document.We compile Tor Browser with different hardening flags for different platforms we should document that in our design document.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/11751Add documentation for using TBB with Windows Tor expert bundle2022-08-02T14:40:21ZcypherpunksAdd documentation for using TBB with Windows Tor expert bundleOn Windows, I installed the expert bundle to have a single tor process to be used by multiple applications, including multiple Tor Browsers.
I can configure Tor Browser by creating a user.js file with extensions.torlauncher.start_tor se...On Windows, I installed the expert bundle to have a single tor process to be used by multiple applications, including multiple Tor Browsers.
I can configure Tor Browser by creating a user.js file with extensions.torlauncher.start_tor set to 0. But this config also leads to this message:
"Something Went Wrong!
Tor is not working in this browser."
Other than that, I can use the browser normally.
Can you fix this?https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/33773Add Tor Browser-specific licenses in about:license2022-07-08T20:55:01ZMatthew FinkelAdd Tor Browser-specific licenses in about:licenseThis idea came out of legacy/trac#33771 and legacy/trac#33772. GeKo mentioned that we don't need to ship a specific license for NSS because it is covered by `about:license`, and we could use `about:license` for the additional licenses we...This idea came out of legacy/trac#33771 and legacy/trac#33772. GeKo mentioned that we don't need to ship a specific license for NSS because it is covered by `about:license`, and we could use `about:license` for the additional licenses we must ship, as well. Currently those Tor Browser-specific licenses are controlled by tor-browser-build and they are included as text files at build-time. Extending `about:license` is a good idea.
The main disadvantage I see is downstream projects who take a tor browser package and re-use all of the tor parts but they don't use the browser. We could achieve this by continuing with adding licenses in text files and then patching them into tor-browser's `toolkit/content/license.html` at build time. I'm not very excited about the additional complexity this would require, though.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/32922New cross-browser fingerprinting method2023-09-01T01:40:59ZTracNew cross-browser fingerprinting methodThis isnt really an enhancement, but is everyone here aware of this new cross-browser fingerprinting method? Have there been any tests of the current Tor Browser's resistance to this?
----------------------------
http://uniquemachine....This isnt really an enhancement, but is everyone here aware of this new cross-browser fingerprinting method? Have there been any tests of the current Tor Browser's resistance to this?
----------------------------
http://uniquemachine.org/
#
https://arstechnica.com/information-technology/2017/02/now-sites-can-fingerprint-you-online-even-when-you-use-multiple-browsers/
http://yinzhicao.org/TrackingFree/crossbrowsertracking_NDSS17.pdf
----------------------------
If already discussed elsewhere, redirect to relevant ticket.
I tested the uniquemachine.org webpage on the Tor Browser on a computer running Windows10 and it got stuck on 'fingerprinting GPU' and the display of graphics - probably due to webGL disabled but i cant be sure.
In terms of defenses to this:
- Disabling javascript is the obvious. webGL is already disabled by default in the Tor Browser, so all ok there ?
- disabling the microphone is another measure. i cant see that Windows10 has the option to disable speakers aside from turning the volume down to 0 for all apps, or for just for the Tor Browser.
- Is running the Tor Browser in a virtual machine kind of overkill to be completely sure of preventing this (and other) cross-browser fingerprinting?
**Trac**:
**Username**: thelamperhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/32748Show the Tor Browser version number on f-droid (instead of firefox version)2022-07-08T19:14:00ZboklmShow the Tor Browser version number on f-droid (instead of firefox version)It seems that some users are confused by the version number that is shown on f-droid:
https://blog.torproject.org/comment/285989#comment-285989
It looks like the version number that is shown is the Firefox version on which it is based, ...It seems that some users are confused by the version number that is shown on f-droid:
https://blog.torproject.org/comment/285989#comment-285989
It looks like the version number that is shown is the Firefox version on which it is based, instead of the Tor Browser version.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/32544Create Style Guides2023-01-05T15:49:18ZMatthew FinkelCreate Style GuidesFollowing legacy/trac#26184, we should document our coding style preferences. We should consider documenting all Tor Browser-related projects.Following legacy/trac#26184, we should document our coding style preferences. We should consider documenting all Tor Browser-related projects.Sponsor 131 - Phase 5 - Ongoing Maintenancehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/27674Add README to Tor Browser2022-07-13T23:08:53ZtraumschuleAdd README to Tor BrowserI am struck that there is none.
```
tor-browser8.5a1$ find |grep -i readme
./Browser/TorBrowser/Docs/Obfsproxy/README
./Browser/TorBrowser/Docs/fteproxy/README.md
./Browser/TorBrowser/Docs/meek/README
./Browser/TorBrowser/Docs/libfte/RE...I am struck that there is none.
```
tor-browser8.5a1$ find |grep -i readme
./Browser/TorBrowser/Docs/Obfsproxy/README
./Browser/TorBrowser/Docs/fteproxy/README.md
./Browser/TorBrowser/Docs/meek/README
./Browser/TorBrowser/Docs/libfte/README.md
./Browser/TorBrowser/Docs/snowflake/README.md
```https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/26917Update QA and Testing content on our HACKING document2022-06-23T22:21:24ZGeorg KoppenUpdate QA and Testing content on our HACKING documentOur QA and Testing content on our HACKING page needs some update.Our QA and Testing content on our HACKING page needs some update.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/5767Document auditing setups for testers to use2023-01-05T16:56:22ZMike PerryDocument auditing setups for testers to useWe've got a TBB AppArmor profile at https://trac.torproject.org/projects/tor/wiki/doc/AppArmorForTBB. On legacy/trac#5741, some dude named unknown posted iptables rules that log violations. I hear there is also an OSX Seatbelt policy flo...We've got a TBB AppArmor profile at https://trac.torproject.org/projects/tor/wiki/doc/AppArmorForTBB. On legacy/trac#5741, some dude named unknown posted iptables rules that log violations. I hear there is also an OSX Seatbelt policy floating around somewhere that may also be useful.
We should create a meta document, or perhaps just describe on https://trac.torproject.org/projects/tor/wiki/doc/build/BuildSignoff how to use these things to test for disk leaks, proxy issues, oddities, and other violations.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/5294Make human summary of Tor Browser design doc2023-01-05T16:50:07ZMike PerryMake human summary of Tor Browser design docWe should create a brief human-readable summary of the privacy properties of TBB, based on the Design Requirements.
We should probably include this in the short user manual, or on the download page, or both.
See also https://lists.torp...We should create a brief human-readable summary of the privacy properties of TBB, based on the Design Requirements.
We should probably include this in the short user manual, or on the download page, or both.
See also https://lists.torproject.org/pipermail/tor-talk/2012-January/022899.html.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/trac/-/issues/17315explain replay prevention in obfs4 spec2021-11-15T19:01:13ZRoger Dingledineexplain replay prevention in obfs4 specphw informs me that obfs4 does indeed have replay prevention (where if you record the client traffic and send it again, you don't get to learn if it's an obfs4 bridge). But when I look at
https://gitweb.torproject.org/pluggable-transport...phw informs me that obfs4 does indeed have replay prevention (where if you record the client traffic and send it again, you don't get to learn if it's an obfs4 bridge). But when I look at
https://gitweb.torproject.org/pluggable-transports/obfs4.git/tree/doc/obfs4-spec.txt
then the word 'replay' doesn't show up.
How does the protection work? Should it be in the spec?https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/trac/-/issues/16756Formalize and document what it takes for a PT to get deployed.2021-11-15T18:57:13ZYawning AngelFormalize and document what it takes for a PT to get deployed.It would be good to formalize what it takes to get a PT to be considered for deployment beyond the rough guidelines we have as part of our Sponsor S/T draft. I have some ideas here about things that should be considered that aren't, tha...It would be good to formalize what it takes to get a PT to be considered for deployment beyond the rough guidelines we have as part of our Sponsor S/T draft. I have some ideas here about things that should be considered that aren't, that other people are likely to disagree about, so discussion is needed.
The last 3 PTs that got deployed were FTE, ScrambleSuit and obfs4.
* What did we do?
* Out of what we did, what was right?
* Out of what we did, what was wrong?
* What did we consider that we should ignore in the future?
* What did we not consider that we should in the future?
* Who's going to do all the evaluation work?https://gitlab.torproject.org/tpo/network-health/metrics/website/-/issues/29636Document how we estimate users by transport by country2022-04-21T09:04:49ZRoger DingledineDocument how we estimate users by transport by countryOn
https://metrics.torproject.org/userstats-bridge-combined.html?country=ar
at the bottom it says
"Even though bridges don't report a combination of clients by country and transport, it's possible to derive and graph lower and upper boun...On
https://metrics.torproject.org/userstats-bridge-combined.html?country=ar
at the bottom it says
"Even though bridges don't report a combination of clients by country and transport, it's possible to derive and graph lower and upper bounds from existing usage statistics. For further details see these questions and answers about user statistics."
But the further details link doesn't tell me how this graph derives lower and upper bounds from existing usage statistics.
Maybe it is already written up somewhere, and we can link to it?https://gitlab.torproject.org/tpo/network-health/metrics/website/-/issues/29346Document why our CSV files are in tidy/long format and how to process them2022-08-12T11:38:09ZKarsten LoesingDocument why our CSV files are in tidy/long format and how to process themThis ticket is based on a discussion in Brussels.
The issue we talked about is that it can sometimes be difficult to import our per-graph CSV files into applications like LibreOffice Calc or services like CKAN and make charts out of the...This ticket is based on a discussion in Brussels.
The issue we talked about is that it can sometimes be difficult to import our per-graph CSV files into applications like LibreOffice Calc or services like CKAN and make charts out of them.
The reason is that we chose to use tidy/"long" data formats for our CSV files. For example, the following lines are contained in the relayflags.csv file:
```
date,flag,relays
2007-10-27,Exit,602
2007-10-27,Fast,1126
2007-10-27,Guard,244
2007-10-27,Running,1254
2007-10-27,Stable,586
2007-10-28,Exit,592
2007-10-28,Fast,1115
2007-10-28,Guard,293
2007-10-28,Running,1244
2007-10-28,Stable,578
[...]
```
However, charting applications expect the data in the messy/"wide" format:
```
date,Exit,Fast,Guard,Running,Stable
2007-10-27,602,1126,244,1254,586
2007-10-28,592,1115,293,1244,578
[...]
```
We briefly discussed in Brussels to change our formats accordingly, to please LibreOffice Calc et al. However, after giving this some more thoughts, I'm opposed to this idea.
There are reasons why we picked the tidy format in the first place: it's more flexible, because we don't have to worry about having to add or remove columns at any time. It's also somewhat easier to handle with statistics tools/languages like R and the very powerful tidyverse libraries. See also Hadley Wickham's Tidy Data paper which is a really good read on this topic: https://www.jstatsoft.org/article/view/v059i10
What can we do? I don't want to make the data harder to process for anyone, and sometimes LibreOffice Calc or CKAN can be great tools to get a first impression on a data set. We can also not expect everyone to use R or SPSS or MATLAB. But maybe we can solve this with better documentation rather than changing the way we're doing things.
The magic word here seems to be: **pivot table**. This random blog post that I just found seems to be a good start for people wanting to wrangle our tidy data into whatever they need for making charts: https://blog.datawrapper.de/pivottables/
And this random CKAN plugin that I did _not_ try out could be a way to teach CKAN how to use our tidy data formats for its preview visualizations: https://github.com/routetopa/ckanext-pivottable
So, how about we document the reasons for choosing tidy data formats on the Statistics page and linking to a few tutorials for processing our data with common charting tools? Ideally, we would add links rather than write a lot of text on our own, though.
Does this sound plausible?