2014 Winter Dev Meeting

A meeting of the core tor developers and invited guests to discuss plans, milestones, deadlines for 2014 and other important matters.


Reykjavik, Iceland

Iceland is a volcanic island nation of 325,000 people located at the intersection of the North American and Eurasion tectonic plates. The capital area Reykjavik contains around 200,000 people. Originally a colony of Norway then Denmark it gained independence in 1918 and a republic in 1944. Fishing remains one of the largest industries in Iceland followed by tourism and aluminium smelting. Icelandic is the official language of Iceland but English is spoken widely and the nation was heavily influenced by the presence of an American military NATO base that left in 2006. The monetary unit of Iceland is the Icelandic krone (often abbreviated kr.) the current exchange rate hovers around 120kr = 1USD and 160kr = 1 EUR. The best place to change money is the bank branch in the airport when you land. Iceland currently has capital controls which limit the flow of exchange and availability of other currency when leaving or entering Iceland. Lastly know that alcohol is heavily taxed in Iceland and only sold in bars or state owned liquor stores (Vinbuði) if you drink definitely take advantage of the duty free in Keflavik airport.

Sessions & Notes

  • Tor as a project / company:
    • Tor as a company: current and futures: Talk about the plans for tor's stability through 2014 and beyond as we know it today
    • Ethics and Policies: We are mandated by two contracts to talk about ethics and implement some new policies, of which everyone needs to attend and ACK
    • Inter-team coordination and communication: how to be more transparent, and how to build trust. Also, how can we better handle the fact that we are 40 people working on 30 projects?
    • Role inventory and definitions: let's try to document what everybody is doing, what roles do they take, what responsibilities fall on a given role. See Matt Zimmerman's article on roles and responsibilities.
    • Volunteers and Tor How can we be nicer to potential volunteers who come up to us?
    • Managing people When do we hire real managers for people? Are we already at that point?
    • Reporting: who are the consumers of the reports we produce, and what are their needs/user-stories? Howe should we change our outgoing reporting so that we better satisfy these needs.
    • A (Berlin) Tor Project Office for Tor hackers in Europe: The Tor Project has many hackers in Berlin and others parts of Europe. We should open an office in Europe. There are funding proposals that would like a Tor Project Europe before they'll be able to fund or partner with us directly, some folks wish to do so rather than with a partner org. In practice, we have a few people already getting together for hack sessions in Berlin but the space is not sustainably part of the Tor community, we could discuss ideas for growth in Europe.
    • User stories : How to phrase requirements in the form of user stories?
  • little-t tor and Tor network specifications:
    • Little-t tor release process: How can we make better software faster and get it into our users hands faster.
    • Little-t tor roadmap and process: What will the future of little-t tor be? What's working in little-t tor development? What isn't?
    • Next Gen Hidden Services: What should we do? When should we do it? Who should we do it?
    • Guard nodes: What is to be done?
  • Tor Browser Bundle:
    • The Browser Plan: Discuss the latest happenings with Mozilla, how Mike's 3 year-and-counting quest to remake the browser space is shaping up since deprecating Torbutton, what is working better than he expected, what is working worse, what additional opportunities have presented themselves, and what obstacles remain in our way. As a bonus, there are also possible post-browser platform trajectories that we can discuss, if we actually really do get the browser space under control. Dissent is welcome.
    • TBB release process: Let's improve: roadmap, qa, translations, documentation, interaction with the support team, list of known issues
    • Sort out TBB communication channels: Clean up Trac components? Dedicated mailing list?
    • BridgeDB and TBB integration: Discuss UI and UX flows for obtaining and updating different pluggable transport types, and how TBB will decide which bridge PT types to use if many types are present (#10538).
  • Pluggable transports and bridges:
    • Which bridge protocols should we support?: How to kill obfs2 for once and for good (#10314)? Should we stop spreading non obfuscated bridges entirely?
    • PTTBBs: The 2014 edition of this discussion. How close are we to gitian builds? Who should be building? Who should be signing/uploading/announcing the releases?
    • Pluggable Transport metrics: Why does metrics.tpo show so little PT action? How can we fix this?
    • Bridge bundles: How about a new bundle with Tor, obfsproxy and a new Tor controller based on Stem to make it super easy to run bridges? With an added “feel good factor” UI stating things like “you have helped around 10 people from .ir last week”. Refine the idea as a possible GSoC?
    • BridgeDB emails and Google: Do we really want to limit the bridge email auto responder to work with a partner of the NSA that can happily list bridges we send out?
  • Roadmaps for sponsors:
    • Relaunch DRL project (including writing reports to funders): get contracts, timeframes, and roles nailed down.
    • Roadmap for the Tor Instant Messaging Bundle: see Arlo's plan?. How do we put it in action? (Karsten can help hosting this.)
    • Roadmap for point-click-publish hidden services: focus of this discussion should be on planning to get a prototype out of the door really soon, not so much on discussing requirements that might turn out to be unrealistic much later. (Karsten could host this.)
  • Support and documentation:
  • Platforms:
    • Mobile Computing and Tor: We should produce tor binaries and libraries for mobile platforms (android, ios, windows mobile) on which the rest of the world can build, extend, and enhance.
    • Tor Router: What might we do with this idea and project? What about the Novena board? Is this a project that may make sense in the future as a product? Demos of hardware and software configurations will be shown.
    • Support for external software using Tor: Tor is not only used in software developed by the Tor Project. How does the Tor help desk handle them? How can the help desk makes it easier for external projet?
  • Adoption of the new Torsocks: Identify blockers for switching to use code from dgoulet ( Possible quick code review session also.
  • GetTor: current status and what/how can we do better?
  • Dashboard for Relay Operators: Brainstorming for a new interface for relay operators.
  • Google Summer of Code Projects/Mentors: Damian poked people for ideas and involvement throughout the week.
  • Suggestions for the next dev. meeting

Unknown status:

  • Contract and deadline handling: Would it be possible to have more transparency in who's supposed to do what and for when? What are the best practices when deadlines involve the work of volunteers or the larger community?
  • Roadmap for documentation and localization: how can we simplify and clarify our existing documentation?
  • Relaunch RFA-OONI project (including writing reports to funders): get contracts, timeframes, and roles nailed down.
  • OONI vision and plan for the future
  • Getting on the same page about outreach: One voice, one brand, one message.

What did not happen:

  • How to handle private messages from the outside? How to be sure that emails go to the right person? How to track what has been answered and what have not? What's the most appropriate way to direct the load?
  • Dev. meetings: What format do we want? How to organize them better?
  • How broad should The Tor Project Inc's scope be? E.g., should OONI be a TPI project? "Yes" since it's important to the world, but "no" since we're already overextended, but "yes" since maybe it leads to more funding, but "no" since maybe that funding isn't for core Tor.
  • Bug bounties: More orgs are introducing bug bounties lately with success (e.g. github). I think mikeperry looked into bug bounties funding in the past. What do we need to make it happen?
  • 2 minute lightning talk: Everyone should stand up and do a 2-minute lightning round on who you are, what you do at tor, and where you can use help.
  • org-mode tricks
  • vim tricks

Week at a glance

  • Sun., Feb. 16th: Arrival
  • Mon., Feb. 17th 9:30: Core Tor meeting
  • Tue., Feb. 18th 9:30: Core Tor meeting
  • Tue., Feb. 18th 20:00: Crypto Party at the multikulti
  • Wed., Feb. 19th: Free or working Day — your choice
  • Wed., Feb. 19th 18:30: Talk at Reykjavik University, Tor Lessons Learned over the Past 12 Months, led by Roger and Jacob
  • Thu., Feb. 20th 9:30: Invitation Hack Day: members of our community are invited to this day of hacking, working, conversations, presentations
  • Thu., Feb. 20th 9:30: Journalist Training, Digital Safety Tools, lead by Karen Reilly (½ day workshop)
  • Fri., Feb. 21th 9:30: Public Hack Day
  • Sat., Feb. 22th: Departure

Other Notes

  • Email invitations sent to over 120 individuals inviting them to various parts of the Winter dev meeting;
  • 32 members of the core Tor team joined us for the Monday / Tuesdsay Core Tor discussion;
  • Over 60 people attended the event talk at Reykjavik University;
  • 15 journalists attended the digital safety training event on Thursday and stayed with us throughout the afternoon;
  • Over 70 people attended the private hack day event on Thursday;
  • Approximately 55 people participated in the public hack day event on Friday;
  • $400 (USD) in Tor donations was collect as a result of Tor T-shirt sale - remaining shirts were given to Lunar and Moritz for distribution to volunteers and for events in Europe. A small quantity of shirts was brought back to the Cambridge office.

Special Thank You…

Thanks to Jason from Icetor for his help preparing the meeting.

Thanks to Reykjavik University for hosting and helping us to promote our evening event.

Last modified 3 years ago Last modified on Jan 29, 2016, 6:13:04 PM