Audit all XXXX and TODO code to find things that must be fixed in milestone 3 and milestone A.

(milestone IDs from TODO file)

My definition for milestone 3 is more or less "the code is working and clean and not too scary; we've cleared out technical debt that will bite us if we leave it for a long time."

My definition for milestone A1 is more or less "there is a minimal socks client that might not be too secure, but it probably won't DOS the network if you try to use it. Time to dogfood!"

My definition for milestone A2 is more or less "there is a public API that we won't be embarrassed to suggest that hackers try out."

The code is currently littered with XXXX and TODO comments -- 228 of them in total. I should figure out which of them, if any, will prevent us from reaching those milestones, and open tickets as appropriate.