The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2021-06-14T16:49:22Zhttps://gitlab.torproject.org/tpo/core/arti/-/issues/124Replace use of SelectAll<Once<F>> with FuturesUnordered<F>2021-06-14T16:49:22ZNick MathewsonReplace use of SelectAll<Once<F>> with FuturesUnordered<F>There are a few places where we need to get a stream notifications when a future finishes, so we use `SelectAll<Once<F>>`. But instead we could just use `FuturesUnordered<F>`: That's what it's there for.There are a few places where we need to get a stream notifications when a future finishes, so we use `SelectAll<Once<F>>`. But instead we could just use `FuturesUnordered<F>`: That's what it's there for.Arti 0.0.1 release: basic anonymityNick MathewsonNick Mathewsonhttps://gitlab.torproject.org/tpo/core/arti/-/issues/120Refactor circuit manager to better support correct algorithms2021-06-14T16:21:45ZNick MathewsonRefactor circuit manager to better support correct algorithmsArti 0.0.1 release: basic anonymityNick MathewsonNick Mathewsonhttps://gitlab.torproject.org/tpo/core/arti/-/issues/118Remove dependencies from the 'arti' crate2021-10-09T21:37:55ZNick MathewsonRemove dependencies from the 'arti' crateRight now the `arti` CLI and proxy crate uses the following dependencies:
* `tor-client` (This is okay, it's our public API.)
* `tor-socksproto` (This is okay since the `arti` crate)
* `tor-config` (This is our configuration parse...Right now the `arti` CLI and proxy crate uses the following dependencies:
* `tor-client` (This is okay, it's our public API.)
* `tor-socksproto` (This is okay since the `arti` crate)
* `tor-config` (This is our configuration parser.)
* [x] `tor-proto` (For connection parameter types)
* [x] `tor-dirmgr` (For configuration types.)
* [ ] `tor-rtcompat` (For building a runtime.)
* [x] `tor-circmgr` (For configuration types.)
We should refactor our APIs so that the `arti` crate can be built to not require `tor-proto`, `tor-dirmgr`, or `tor-rtcompat`. This will mean giving `tor-client` better wrappers for these crates.Arti 0.0.1 release: basic anonymityhttps://gitlab.torproject.org/tpo/core/arti/-/issues/113Incorrect Accept-Encoding header when xz or zstd is disabled.2021-04-21T14:05:22ZNick MathewsonIncorrect Accept-Encoding header when xz or zstd is disabled.I added support for making zstd and xz optional in tor-dirclient, but there isn't a corresponding change in the `accept-encoding` header we generate.
This will require a corresponding change to the tests.I added support for making zstd and xz optional in tor-dirclient, but there isn't a corresponding change in the `accept-encoding` header we generate.
This will require a corresponding change to the tests.Arti 0.0.1 release: basic anonymityNick MathewsonNick Mathewsonhttps://gitlab.torproject.org/tpo/core/arti/-/issues/111`tor_rtcompat::test::simple_tls` does not pass on OSX2021-11-18T07:49:33ZNick Mathewson`tor_rtcompat::test::simple_tls` does not pass on OSXWhen I try to run this test on OSX, I get:
```
thread 'test::tokio_runtime_tests::simple_tls' panicked at 'called `Result::unwrap()` on an `Err` value: Error { code: -25264, message: "MAC verification failed during PKCS12 import (wrong p...When I try to run this test on OSX, I get:
```
thread 'test::tokio_runtime_tests::simple_tls' panicked at 'called `Result::unwrap()` on an `Err` value: Error { code: -25264, message: "MAC verification failed during PKCS12 import (wrong password?)" }', tor-rtcompat/src/test.rs:182:66
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
```
Did I generate the `"test.pfx"` file incorrectly?
I'm disabling this test on OSX for now.Arti 0.0.1 release: basic anonymityNick MathewsonNick Mathewsonhttps://gitlab.torproject.org/tpo/core/arti/-/issues/81Abstract "stream-target" API2021-10-18T18:36:51ZNick MathewsonAbstract "stream-target" APIA Tor stream can be targeted to any of several different kinds of thing, including a hostname, an .onion address, an IPv4 address, or etc.
We should have a trait that these implement, and we should also make sure that it's not easy to u...A Tor stream can be targeted to any of several different kinds of thing, including a hostname, an .onion address, an IPv4 address, or etc.
We should have a trait that these implement, and we should also make sure that it's not easy to use this trait insecurely (eg by resolving first).Arti 0.0.1 release: basic anonymityNick MathewsonNick Mathewsonhttps://gitlab.torproject.org/tpo/core/arti/-/issues/75Refactor async-backend compatibility layer2021-04-19T14:25:17ZNick MathewsonRefactor async-backend compatibility layerOur current async backend layer is a bit kludgey. We should build it around something more trait based, possibly using [`async_executor`](https://docs.rs/async-executor/1.4.0/async_executor/). Ideally, nothing in other crates would hav...Our current async backend layer is a bit kludgey. We should build it around something more trait based, possibly using [`async_executor`](https://docs.rs/async-executor/1.4.0/async_executor/). Ideally, nothing in other crates would have to call tokio or async-std except via a trait.
(We can't just use `async_executor` as is: we'll also need a generic listener type, a generic TLS connection factory type, a sleep typpe, and possibly more.]Arti 0.0.1 release: basic anonymityNick MathewsonNick Mathewsonhttps://gitlab.torproject.org/tpo/core/arti/-/issues/59Implement a mechanism for persistent state2021-08-09T14:12:29ZNick MathewsonImplement a mechanism for persistent stateWe're going to need a way to make arti state persist across invocations. This can be somewhat simplified by using serde, but we need something to make sure that the state actually gets loaded and saved appropriately. We need to future-p...We're going to need a way to make arti state persist across invocations. This can be somewhat simplified by using serde, but we need something to make sure that the state actually gets loaded and saved appropriately. We need to future-proof the state against changes in its format, and we should support multiple backends if at all possible.Arti 0.0.1 release: basic anonymityNick MathewsonNick Mathewsonhttps://gitlab.torproject.org/tpo/core/arti/-/issues/58Implement guard nodes2021-10-13T15:53:49ZNick MathewsonImplement guard nodesWe should implement Tor's guard node algorithm for Arti.
(The time estimate here does not include work for developing a state mechanism.)
Backend steps:
* [x] Create a "guard manager" type with the necessary API.
* [x] Implement a ...We should implement Tor's guard node algorithm for Arti.
(The time estimate here does not include work for developing a state mechanism.)
Backend steps:
* [x] Create a "guard manager" type with the necessary API.
* [x] Implement a multi-sample API in tor-netdir.
* [x] Implement consensus parameters needed for guards
* [x] Extend NetDir with efficient ID-based accessors.
* [x] Minimal working-ish good-enough-for-vanguards guard implementation:
* Sample a little set.
* Pick first hop from that set.
* Persistence on that set.
* Expire and re-sample into that set as needed.
* [x] Implement filtered, confirmed, and primary set backends.
* [x] Mpsc channel inside circmgr that gets informed when a circuit is done or when a circuit fails.
* [x] Make sure not to use a consensus until we have descriptors for our primary guards. (Deferred)
* [x] Documentation in `tor-guardmgr`
* [x] Test coverage in `tor-guardmgr`
* [x] Fix or defer all issues marked `XXXX`
* [x] Re-read `guard-spec.txt` and audit for compliance
* [x] Re-read `entryguards.c` and audit for consistencyh
* [x] Persistent state
* [x] Add logging throughout.
Steps for integration:
* [x] Create a guard manager when starting up.
* [x] Inform the guard manager whenever the directory changes.
* [x] When creating a path, ask the guard manager for the first hop.
* [x] When the circuit completes or fails, report the guard as working or not working.
* [x] Do not use the circuit until the `GuardUsability` future reports `true`.Arti 0.0.1 release: basic anonymityNick MathewsonNick Mathewsonhttps://gitlab.torproject.org/tpo/core/arti/-/issues/57Implement full circuit-build-timeout logic2021-11-02T16:18:10ZNick MathewsonImplement full circuit-build-timeout logicTor has a complicated set of logic that measures how long circuits take to build, and then adjusts Tor's time-out requirements accordingly. This is important for performance (and possibily security) properties.
* [x] Basic pareto esti...Tor has a complicated set of logic that measures how long circuits take to build, and then adjusts Tor's time-out requirements accordingly. This is important for performance (and possibily security) properties.
* [x] Basic pareto estimator backend
* [x] Set parameters from consensus
* [x] Record measurements from circuits as they are built.
* [x] Record timeouts from circuits as they time out.
* [x] Compute circuit timeouts correctly, given different circuit lengths.
* [x] Actually use timeout estimates to decide when to timeout/abandon a circuit.
* [x] Use correct "doubling" algorithm from path-spec 2.4.5.
* [x] Break histogram-bin ties correctly.
* [x] Make sure all consensus paremeters are implemented.
* [x] Ability to switch (or reconfigure) estimators while running
* [x] Actually use pareto estimator
* [x] Testing.
These are a bit tricky and will want to be separate tickets:
* #142: Add a function to tell us when we last saw incoming network activity.
* #143: Persistence for build-time data
* #144: Get notification about changes in network parameters.
* #145: Launch testing circuits as needed.Arti 0.0.1 release: basic anonymityNick MathewsonNick Mathewsonhttps://gitlab.torproject.org/tpo/core/arti/-/issues/50Circmgr needs a significant backend revision2021-06-10T12:02:13ZNick MathewsonCircmgr needs a significant backend revisionThe existing circmgr implementation doesn't always do the right thing. It keeps circuits and pending circuits in the same data structure. When a pending circuit is done, everything that was waiting for it is notified... but other strea...The existing circmgr implementation doesn't always do the right thing. It keeps circuits and pending circuits in the same data structure. When a pending circuit is done, everything that was waiting for it is notified... but other streams that were waiting for a different port which the same circuit happens to handle are not notified.
We should have a new implementation that keeps a list of waiting requests, and launches circuits as appropriate to meet those streams' needs. When a circuit is done, it should notify every request that would be satisfied by it.
This doesn't have to be done for milestone A1, thankfully.Arti 0.0.1 release: basic anonymityNick MathewsonNick Mathewsonhttps://gitlab.torproject.org/tpo/web/blog/-/issues/40011Fossilize old Drupal blog2021-12-13T19:21:54ZJérôme Charaouilavamind@torproject.orgFossilize old Drupal blogIt would be a good idea to fossilize and archive the old Drupal blog, it might come in handy eventually.
@anarcat had some ideas about how we can proceed.It would be a good idea to fossilize and archive the old Drupal blog, it might come in handy eventually.
@anarcat had some ideas about how we can proceed.Launch support's Forum and Blog migrationJérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/community/support/-/issues/40046Provide more visibility to the Forum on our traditional support channels2021-12-16T10:39:20Zchampionquizzerchampionquizzer@torproject.orgProvide more visibility to the Forum on our traditional support channelsI am filing this ticket to account for the various tasks related to making the [Forum](https://forum.torproject.net/) more visible on our traditional user support channels
- [x] Create article on RT (thanks, @gus!) (I am also exploring ...I am filing this ticket to account for the various tasks related to making the [Forum](https://forum.torproject.net/) more visible on our traditional user support channels
- [x] Create article on RT (thanks, @gus!) (I am also exploring the idea of making this a auto-reply on frontdesk)
- [x] Add a link to the forum to [tormodbot's](https://gitlab.torproject.org/pastly/weechat-tormodbot) welcome message on IRC `#tor` (and to the channel description as well)
- [x] Add a link to the forum in the description of the `#tor:matrix.org` channel.Launch support's Forum and Blog migrationchampionquizzerchampionquizzer@torproject.orgchampionquizzerchampionquizzer@torproject.orghttps://gitlab.torproject.org/tpo/community/support/-/issues/40026New user forum categories and topics structure2021-10-29T17:25:20ZGusNew user forum categories and topics structureAs we're moving ahead with Discourse (see https://gitlab.torproject.org/tpo/web/support/-/issues/201), it's a good idea to draft the categories, forum topics structure, etc.As we're moving ahead with Discourse (see https://gitlab.torproject.org/tpo/web/support/-/issues/201), it's a good idea to draft the categories, forum topics structure, etc.Launch support's Forum and Blog migrationGusGushttps://gitlab.torproject.org/tpo/web/blog/-/issues/40004Migrate the blog out of Drupal and into a static site generator with a commen...2022-01-26T16:56:00ZGabagaba@torproject.orgMigrate the blog out of Drupal and into a static site generator with a comment service### Content
* [x] Import blog posts from Drupal
* [x] Import events from Drupal
* [x] Import comment archive
* [x] Configure RSS/Atom feeds (posts + events)
* [x] Implement categories to replace tags (depends on https://gitlab.torp...### Content
* [x] Import blog posts from Drupal
* [x] Import events from Drupal
* [x] Import comment archive
* [x] Configure RSS/Atom feeds (posts + events)
* [x] Implement categories to replace tags (depends on https://gitlab.torproject.org/tpo/web/blog/-/issues/40008)
* [x] Test Discourse comments embedding (depends on https://gitlab.torproject.org/tpo/tpa/team/-/issues/40183)
* [x] Test draft post feature
### Layout
* [x] Import relevant CSS styles from old blog
* [x] Setup 2-column responsive layout
* [x] Mirror header and footer contents from other Tor websites
### Deployment
* [x] Ensure functioning newsletter image URL redirections ([example](https://newsletter.torproject.org/archive/2021-11-01-privacy-is-a-human-right/))
* [x] Plan/implement publishing moratorium and comments section closure on Drupal
* [x] Full, final content import from Drupal
* [x] Setup static web mirrors for new site
* [x] Transition `blog.torproject.org` address
* [x] Fossilize old Drupal site (tpo/web/blog#40011)
* [ ] ~~Wind down Pantheon subscription~~ (tpo/tpa/team#40526)
* [ ] ~~Retire (or reconfigure) cache*.torproject.org machines~~ (tpo/tpa/team#40527)
### Workflow
* [x] Implement Review Apps for easy MR previews
* [x] Document final publishing workflow of the new blog
Documentation of the project requirements lives at https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/blogLaunch support's Forum and Blog migrationJérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.org2021-11-17https://gitlab.torproject.org/tpo/web/blog/-/issues/22397Add a (single) onion service for the new tor blog2021-11-16T14:10:59ZteorAdd a (single) onion service for the new tor blogWhen we asked for this for the old blog, it wasn't technically feasible (or it was a legacy system, so we decided not to do it).
I hope that onion service compatibility (mainly URL rewrites) was one of the requirements for the new blog.When we asked for this for the old blog, it wasn't technically feasible (or it was a legacy system, so we decided not to do it).
I hope that onion service compatibility (mainly URL rewrites) was one of the requirements for the new blog.Launch support's Forum and Blog migrationJérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/tpa/team/-/issues/40503audit accesses to staticiforme2021-11-22T20:46:53Zanarcataudit accesses to staticiformenow that a bunch of sites have been moved off staticiforme into the static-shim, we may be able to revoke some accesses on that busy server.now that a bunch of sites have been moved off staticiforme into the static-shim, we may be able to revoke some accesses on that busy server.Retire Jenkinsanarcatanarcathttps://gitlab.torproject.org/tpo/web/community/-/issues/238community.torproject.org: migrate from Jenkins to GitLab CI2021-11-04T00:24:04Zanarcatcommunity.torproject.org: migrate from Jenkins to GitLab CI* [x] include ci-templates `lektor.yml` job
* [x] site builds and works in gitlab pages
* [x] [add the deploy-static job and SSH key to GitLab CI](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/static-shim#deploying-a-static-...* [x] include ci-templates `lektor.yml` job
* [x] site builds and works in gitlab pages
* [x] [add the deploy-static job and SSH key to GitLab CI](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/static-shim#deploying-a-static-site-from-gitlab-ci)
* [x] [deploy the SSH key and static site in Puppet](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/static-shim#adding-a-new-static-site-shim-in-puppet)
* [x] run the deploy-static job, make sure the site still works and was deployed properly (`curl -sI https://example.torproject.org/ | grep -i Last-Modified`)
* [x] [archive the repo on gitolite](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/gitlab/#how-to-migrate-a-git-repository-from-legacy-to-gitlab)
* [x] remove the old site on staticiforme
* [x] [fully retire the Jenkins jobs](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/jenkins#removing-a-job)
* [x] notify users about the migrationRetire Jenkinsanarcatanarcathttps://gitlab.torproject.org/tpo/web/manual/-/issues/111tor-browser-manual.torproject.org: migrate from Jenkins to GitLab CI2021-11-04T00:24:15Zanarcattor-browser-manual.torproject.org: migrate from Jenkins to GitLab CI* [x] include ci-templates `lektor.yml` job
* [x] site builds and works in gitlab pages
* [x] [add the deploy-static job and SSH key to GitLab CI](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/static-shim#deploying-a-static-...* [x] include ci-templates `lektor.yml` job
* [x] site builds and works in gitlab pages
* [x] [add the deploy-static job and SSH key to GitLab CI](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/static-shim#deploying-a-static-site-from-gitlab-ci)
* [x] [deploy the SSH key and static site in Puppet](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/static-shim#adding-a-new-static-site-shim-in-puppet)
* [x] run the deploy-static job, make sure the site still works and was deployed properly (`curl -sI https://tb-manual.torproject.org/ | grep -i Last-Modified`)
* [x] [archive the repo on gitolite](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/gitlab/#how-to-migrate-a-git-repository-from-legacy-to-gitlab)
* [x] remove the old site on staticiforme
* [x] [fully retire the Jenkins jobs](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/jenkins#removing-a-job)
* [x] notify users about the migrationRetire Jenkinsanarcatanarcathttps://gitlab.torproject.org/tpo/web/tpo/-/issues/254www.torproject.org: migrate from Jenkins to GitLab CI2021-11-04T13:34:18Zanarcatwww.torproject.org: migrate from Jenkins to GitLab CI* [x] include ci-templates `lektor.yml` job
* [x] site builds and works in gitlab pages
* [x] [add the deploy-static job and SSH key to GitLab CI](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/static-shim#deploying-a-static-...* [x] include ci-templates `lektor.yml` job
* [x] site builds and works in gitlab pages
* [x] [add the deploy-static job and SSH key to GitLab CI](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/static-shim#deploying-a-static-site-from-gitlab-ci)
* [x] [deploy the SSH key and static site in Puppet](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/static-shim#adding-a-new-static-site-shim-in-puppet)
* [x] run the deploy-static job, make sure the site still works and
was deployed properly (`curl -sI https://example.torproject.org/ | grep -i Last-Modified`)
* [x] [archive the repo on gitolite](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/gitlab/#how-to-migrate-a-git-repository-from-legacy-to-gitlab)
* [x] remove the old site on staticiforme
* [x] [fully retire the Jenkins jobs](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/jenkins#removing-a-job)
* [x] [copy the .htaccess file](https://gitlab.torproject.org/tpo/tpa/ci-templates/-/issues/5) to where it needs to go in deployment
[gitlab project](https://gitlab.torproject.org/tpo/web/tpo), [gitolite project](https://gitweb.torproject.org/project/web/tpo.git/)Retire Jenkinsanarcatanarcat