commit 4de1020c71e1af0a53c2469ad7e45c26a54aafd2
Author: Pili Guerra <[email protected]>
Date: Wed Jan 22 13:04:16 2020 +0100
Add Project Ideas for GSoC to Community Portal
---
.../gsoc/cloudflare-captcha-monitoring/contents.lr | 47 +++++++++++
content/gsoc/contents.lr | 17 ++++
content/gsoc/onion-toolbox/contents.lr | 58 ++++++++++++++
content/gsoc/privacy-friendly-web/contents.lr | 44 +++++++++++
content/gsoc/tor-relay-ipv6-support/contents.lr | 56 ++++++++++++++
content/gsoc/tor-weather/contents.lr | 90 ++++++++++++++++++++++
models/project.ini | 43 +++++++++++
models/projects.ini | 33 ++++++++
templates/gsoc.html | 41 ++++++++++
templates/macros/projects.html | 16 ++++
templates/project.html | 49 ++++++++++++
11 files changed, 494 insertions(+)
diff --git a/content/gsoc/cloudflare-captcha-monitoring/contents.lr
b/content/gsoc/cloudflare-captcha-monitoring/contents.lr
new file mode 100644
index 0000000..e6ba0d5
--- /dev/null
+++ b/content/gsoc/cloudflare-captcha-monitoring/contents.lr
@@ -0,0 +1,47 @@
+_model: project
+---
+_template: project.html
+---
+active: True
+---
+section: GSoC
+---
+section_id: gsoc
+---
+color: primary
+---
+key: 1
+---
+languages: javascript
+---
+mentors: arma, gk
+---
+difficulty: medium
+---
+title: Cloudflare Captcha Monitoring
+---
+summary:
+
+We should track the rate that cloudflare gives captchas to Tor users over time.
+
+---
+description:
+
+My suggested way of doing that tracking is to sign up a very simple static
webpage to be fronted by cloudflare, and then fetch it via Tor over time, and
record and graph the rates of getting a captcha vs getting the real page.
+
+The reason for the "simple static page" is to make it really easy to
distinguish whether we're getting hit with a captcha. The "distinguishing one
dynamic web page from another" challenge makes exitmap tricky in the general
case, but we can remove that variable here.
+
+One catch is that Cloudflare currently gives alt-svc headers in response to
fetches from Tor addresses. So that means we need a web client that can follow
alt-srv headers -- maybe we need a full Selenium like client?
+
+Once we get the infrastructure set up, we would be smart to run a second one
which is just wget or curl or lynx or something, i.e. which doesn't behave like
Tor Browser, in order to be able to track the difference between how Cloudflare
responds to Tor Browser vs other browsers.
+
+I imagine that Cloudflare should be internally tracking how they're handling
Tor requests, but having a public tracker (a) gives the data to everybody, and
(b) helps Cloudflare have a second opinion in case their internal data diverges
from the public version.
+
+The Berkeley ICSI group did research that included this sort of check:
+âhttps://www.freehaven.net/anonbib/#differential-ndss2016
+âhttps://www.freehaven.net/anonbib/#exit-blocking2017
+but what I have in mind here is essentially a simpler subset of this research,
skipping the complicated part of "how do you tell what kind of response you
got" and with an emphasis on automation and consistency.
+
+There are two interesting metrics to track over time: one is the fraction of
exit relays that are getting hit with captchas, and the other is the chance
that a Tor client, choosing an exit relay in the normal weighted faction, will
get hit by a captcha.
+
+Then there are other interesting patterns to look for, e.g. "are certain IP
addresses punished consistently and others never punished, or is whether you
get a captcha much more probabilistic and transient?" And does that pattern
change over time?
\ No newline at end of file
diff --git a/content/gsoc/contents.lr b/content/gsoc/contents.lr
new file mode 100644
index 0000000..2e4ffb5
--- /dev/null
+++ b/content/gsoc/contents.lr
@@ -0,0 +1,17 @@
+_template: layout.html
+---
+section: GSoC
+---
+section_id: gsoc
+---
+html: gsoc.html
+---
+color: primary
+---
+key: 0
+---
+title: Project Ideas
+---
+body:
+
+You may find some of these projects to be good ideas for Google Summer of
Code. We have labelled each idea with which of our core developers would be
good mentors. If one or more of these ideas looks promising to you, please
contact us to discuss your plans rather than sending blind applications.
\ No newline at end of file
diff --git a/content/gsoc/onion-toolbox/contents.lr
b/content/gsoc/onion-toolbox/contents.lr
new file mode 100644
index 0000000..a551ba8
--- /dev/null
+++ b/content/gsoc/onion-toolbox/contents.lr
@@ -0,0 +1,58 @@
+_model: project
+---
+_template: project.html
+---
+active: True
+---
+section: GSoC
+---
+section_id: gsoc
+---
+color: primary
+---
+key: 1
+---
+languages: javascript
+---
+mentors: hiro, asn
+---
+difficulty: medium
+---
+title: Onion Tool Box
+---
+summary:
+
+Myonion is a developer tool box, providing a command line interface and a GUI
to configure and deploy existing services via .onion. A minimal prototype for
myonion already [exists](https://github.com/hiromipaw/myonion).
+
+Someone that may want to run an onion service can use the myonion wrapper app
to start a .onion from their computer and sharea static website or a web
application.
+
+Myonion can also be used to deploy the resulting configured app to a defined
set of cloud providers.
+
+---
+description:
+
+##Â Problem definition
+
+It is not necessarily difficult to use onion services, but it might be tricky
to configure a web service to be offered via .onion so that it doesnât leak
sensitive information.
+
+There are detailed
[guides](https://riseup.net/en/security/network-security/tor/onionservices-best-practices)
available for users that would like to offer a web application via .onion and
some tools have been developed to help service operators: discover known
misconfiguration or [vulnerabilities](https://onionscan.org/) or deploy an
[onion site](https://github.com/alecmuffett/eotk).
+
+##Â Scope
+
+Myonion provides a way to build and deploy onion ready applications, allowing
developers to build and test web applications and easily share them with
others, bundling the code and configuration in a lightweight, portable Docker
container application that runs thesame everywhere.
+
+The experience for developers will be similar to using other industry
solutions, like the [Docker desktop
app](https://www.docker.com/products/docker-desktop).
+
+Developers using myonion are provided with pre-defined and customizable
application templates, with corresponding configuration and a test set,
eliminating error-prone manual setup and known onion service configuration
mistakes.
+
+The resulting application is therefore deployable via a set of endpoint
management tools to known providers. Providing a way to deploy onion services
at scale.
+
+## Impact
+
+The idea behind myonion is to make onion services accessible to developers
that might be interested to innovate in the privacy space, building
applications that are designed for privacy and security.
+
+Involving a wider developer community can help creating a better image of Tor
and onion services, replacing the âdark netâ narrative with the secure and
private web one.
+
+Onion services can also be relevant to all those people interested in the
âzero-trustâ strategy. The concept behind zero-trust is to adopt strategies
and tools to help prevent data breaches by eliminating the concept of trust
from an organizationâs network architecture, with the principle of never
trust, always verify.
+
+Ultimately myonion is about creating a better experience for onion services
developers and operators and therefore fostering a more legitimate onion
service ecosystem.
diff --git a/content/gsoc/privacy-friendly-web/contents.lr
b/content/gsoc/privacy-friendly-web/contents.lr
new file mode 100644
index 0000000..da9cc13
--- /dev/null
+++ b/content/gsoc/privacy-friendly-web/contents.lr
@@ -0,0 +1,44 @@
+_model: project
+---
+_template: project.html
+---
+active: True
+---
+section: GSoC
+---
+section_id: gsoc
+---
+color: primary
+---
+key: 1
+---
+languages: javascript
+---
+mentors: hiro
+---
+difficulty: medium
+---
+title: Privacy Friendly Web
+---
+summary:
+
+The scope of this project is creating a open-source community-driven browsable
list of patterns and release a css/js framework that web developers can extend
and use in their work.
+---
+description:
+
+Security concerned web users take conscious steps to limit the amount of data
they share with the websites visited and third party services.
+
+There are a number of security enhancing tools available. Some come in the
form of browser extensions and javascript blockers, others are full fledged web
browsers designed with providing extra security to their users.
+
+One of this is the Tor Browser. The Tor Browser was designed to provide
privacy while surfing the web and defend users against both network and local
forensic adversaries. There are two main categories of requirements that have
been considered: Security Requirements, and Privacy Requirements.
+
+Security Requirements are the minimum properties in order for a browser to be
able to support Tor and similar privacy proxies safely. Privacy requirements
are primarily concerned with reducing linkability: the ability for a user's
activity on one site to be linked with their activity on another site without
their knowledge or explicit consent.
+
+Websites can work seamsly with the Tor Browser and other privacy enhancing
browsers and tools if they adopt a series of respectful and ethical patterns.
+
+The Tor Browser is in fact, based on Mozilla's Extended Support Release (ESR)
Firefox branch. We have a series of patches against this browser to enhance
privacy and security. Browser behavior is additionally augmented through the
Torbutton extension, and we also change a number of Firefox preferences from
their defaults.
+
+The Tor Project has developed over the years a set of web development
guidelines that allow websites to work with security enhanced browsers without
causing any or minimal functionality destruption to their users. These
guidelines have been shaped in an internal styleguide that has been adopted
across all torproject.org websites.
+
+We are now formalizing these web development patterns and some security
concerns that need to be considered when developing websites for users surfing
the web with security enhanced browsers and tools.
+
diff --git a/content/gsoc/tor-relay-ipv6-support/contents.lr
b/content/gsoc/tor-relay-ipv6-support/contents.lr
new file mode 100644
index 0000000..3624ca1
--- /dev/null
+++ b/content/gsoc/tor-relay-ipv6-support/contents.lr
@@ -0,0 +1,56 @@
+_model: project
+---
+_template: project.html
+---
+active: True
+---
+section: GSoC
+---
+section_id: gsoc
+---
+color: primary
+---
+key: 1
+---
+languages: C
+---
+mentors: teor, ahf, dgoulet, catalyst
+---
+difficulty: Medium
+---
+title: Improve Tor Relay IPv6 Support
+---
+summary:
+
+Tor helps people stay safe on the internet, by keeping their internet use
secure and anonymous. More Tor clients are running on IPv6-only or dual-stack
networks. But only 20% of Torâs available relay bandwidth supports IPv6. We
want to automate relay IPv6 address discovery and reachability checks, so that
it is easier for relay operators to run IPv6 relays.
+
+---
+description:
+
+Students may choose to focus on designing and implementing core features, tor
relay testing, reporting statistics, or diagnosing and fixing bugs.
+
+
+## Prerequisites
+
+* Network configuration skills
+* Basic understanding of Internet Protocol (IP) versions
+
+Recommended:
+
+* Experience testing network software
+* Experience running Internet-connected servers
+
+## Links/Resources
+
+https://trac.torproject.org/projects/tor/wiki/TorRelayGuide#IPv6
+
+https://trac.torproject.org/projects/tor/wiki/org/roadmaps/Tor/IPv6Features#ReachabilityChecks
+
+## Programming skills needed:
+
+* C coding
+* Building Unix-based software
+
+Recommended:
+
+* Experience with network programming
diff --git a/content/gsoc/tor-weather/contents.lr
b/content/gsoc/tor-weather/contents.lr
new file mode 100644
index 0000000..3bc6714
--- /dev/null
+++ b/content/gsoc/tor-weather/contents.lr
@@ -0,0 +1,90 @@
+_model: project
+---
+_template: project.html
+---
+active: True
+---
+section: GSoC
+---
+section_id: gsoc
+---
+color: primary
+---
+key: 2
+---
+languages: TBD
+---
+mentors: karsten
+---
+difficulty: medium
+---
+title: Tor Weather
+---
+summary:
+
+Tor Weather is the most efficient way to achieve and maintain a healthy Tor
network on the long run.
+
+---
+description:
+
+Tor Weather was [discontinued on
2016-04-04](https://lists.torproject.org/pipermail/tor-relays/2016-April/009009.html),
however "Tor Weather is still a good idea, it just needs somebody to implement
it."
+
+How Tor Weather looked like:
+âhttps://web.archive.org/web/20141004055709/https://weather.torproject.org/subscribe/
+
+##Â Motivation
+
+If a relay disappears today, it is unlikely that anyone will notice or even
send an email to the operator unless it is a big one.
+
+Relay operators and the entire tor network would benefit from a Tor Weather
service because it notifies relay operators when the state of their relays
changed (and more). This will increase the likelihood that relay operators
notice problems and actually mitigate the problem otherwise there is no "user
feedback" since tor can cope with disappearing relays quite well.
+
+It also:
+- shows the relay operator that someone actually cares if their relays go down
or become outdated or have another problem
+- gives the operator relay best-practices information.
+
+## Expected Effects
+
+If enough operators subscribe to such a service:
+- relays might become more long lived / the churn rate might decrease
+- the fraction of relays running outdated tor versions might decrease
+- the fraction of exits with broken DNS might decrease
+
+It also has the benefit of being able to contact relay operators:
+- completely automatically
+- even if they choose to not set a public ContactInfo string in their torrc
files.
+
+##Â Ideas for Notification Types
+
+_(sorted by importance)_
+
+Support subscribing via single relay FP or MyFamily groups (should not need
any subscription change if a relay gets added to the family).
+
+- [ ] Email me when my node is down
+_How long before we send a notification?_
+- [ ] email me when my relay is affected by a security vulnerability
+- [ ] email me when my relay runs an end-of-life version of tor
+- [ ] email me when my relay runs an outdated tor version (note: this should
depend on the related onionoo bugs to avoid emailing alpha relay people)
+- [ ] email me when my exit relay fails to resolve hostnames (DNS failure)
+- [ ] email me when my relay looses the [ ] stable, [ ] guard, [ ] exit flag
+- [ ] email me when my MyFamily configuration is broken (meaning: non-mutual
config detected or relay with same contactInfo but no MyFamily)
+- [ ] email me when you detect issues with my relay
+- [ ] email me with suggestions for configuration improvements for my relay
(only once per improvement)
+- [ ] email me when my relay is on the top [ ] 20 [ ] 50 [ ] 100 relays list
+- [ ] email me with monthly/quarterly status information that includes
information like what my position in the overall relay list is (sorted by CW),
how much traffic my relay did during the last month and what fraction of the
months time your relay was included in consensus as running (this shows
information on how many % of the months' consensuses this relay has been
included and running)
+- [ ] aggregate emails for all my relays into a single digest email
+- [ ] email me about new relay requirements
+- [ ] email me about tor relay operator events
+
+
+*Task:* Write a specification describing the meaning of each checkbox
+
+##Â Security and Privacy Implications
+
+The service stores email addresses of potential tor relay operators, they
should be kept private and safeguarded, but a passive observer can collect them
by watching outbound email traffic if no TLS is used. Suggest to use a
dedicated email address for this service.
+
+##Â Additional Ideas
+
+- easy: integration into tor: show the URL pointing to the new Tor Weather
service like the current link to the lifecycle blogpost when tor starts and
detects to be a new relay
+- Provide an uptimerobot-style status page for relay operators using onionoo
data
+
+
diff --git a/models/project.ini b/models/project.ini
new file mode 100644
index 0000000..8b286a0
--- /dev/null
+++ b/models/project.ini
@@ -0,0 +1,43 @@
+[model]
+name = Project
+label = {{ this.title }}
+
+[fields.title]
+label = Title
+type = string
+
+[fields.link]
+label = Link
+type = url
+
+[fields.active]
+label = Active
+type = boolean
+
+[fields.summary]
+label = Summary
+type = markdown
+
+[fields.color]
+label = Color
+type = string
+
+[fields.description]
+label = Description
+type = markdown
+
+[fields.mentors]
+label = Mentors
+type = string
+
+[fields.languages]
+label = Languages
+type = string
+
+[fields.mentors]
+label = Mentors
+type = string
+
+[fields.difficulty]
+label = Difficulty Level
+type = string
\ No newline at end of file
diff --git a/models/projects.ini b/models/projects.ini
new file mode 100644
index 0000000..c09bf77
--- /dev/null
+++ b/models/projects.ini
@@ -0,0 +1,33 @@
+[model]
+name = Projects
+label = {{ this.title }}
+
+[fields.title]
+label = Title
+type = string
+
+[fields.section]
+label = Section
+type = string
+translate = True
+
+[fields.section_id]
+label = Section_id
+type = string
+translate = False
+
+[fields.body]
+label = Body
+type = markdown
+
+[fields.color]
+label = Color
+type = string
+
+[fields.html]
+label = Html
+type = string
+
+[children]
+model = project
+order_by = title
diff --git a/templates/gsoc.html b/templates/gsoc.html
new file mode 100644
index 0000000..1c1add9
--- /dev/null
+++ b/templates/gsoc.html
@@ -0,0 +1,41 @@
+ {% include 'breadcrumb.html' %}
+ <div class="row flex-xl-nowrap">
+ <main role="main" class="mx-auto col-12 {{ bag('alternatives',
this.alt, 'order') }}">
+ <div class="container py-3">
+ <div class="row">
+ <p>{{ this.body }}</p>
+ </div>
+ </div>
+ <div class="container py-3">
+ <h3 class="text-primary display-5">{{ _('Project Ideas') }}</h3>
+ </div>
+ <div class="container py-3">
+ <div class="accordion" id="accordionJobs">
+ {% from "macros/projects.html" import render_active %}
+ {% set items = this.children.filter(F.active == True).all() %}
+ {% for item in items %}
+ {{ render_active(item, this.alt) }}
+ {% endfor %}
+ </div>
+ </div>
+ <div class="container py-3">
+ <h3 class="text-primary display-5">{{ _('Previous Projects')
}}</h3>
+ </div>
+ <div class="container py-3">
+ <div class="row">
+ <div class="col-85">
+ <ul class="jobs-ul">
+ {% set items = this.children %}
+ {% for item in items.filter(F.active == False) %}
+ <li>{{ item.title }}</li>
+ {% endfor %}
+ </ul>
+ </div>
+ </div>
+ <div class="row">
+ <p>{{ _('None of these ideas seem appealing? You may also want
to propose your own project idea â which often results in the best
projects.') }} <a href="mailto:[email protected]";>{{ _('We invite you to
contact us to discuss your own project idea.') }}</a></p>
+ </div>
+ </div>
+ </main>
+ </div>
+
\ No newline at end of file
diff --git a/templates/macros/projects.html b/templates/macros/projects.html
new file mode 100644
index 0000000..99e102b
--- /dev/null
+++ b/templates/macros/projects.html
@@ -0,0 +1,16 @@
+{% macro render_active(item, alternative) %}
+<div class="card border-0">
+ <div class="card-header bg-white border-0" id="headingOne">
+ <h5 class="mb-0">
+ <a href="{{ item.path|url }}">{{ item.title }}</a>
+ </h5>
+ <span class="badge badge-primary">{{ item.languages }}</span>
+ </div>
+ <div>
+ <div class="card-body">
+ {{ item.summary }}
+ <a href="{{ item.path|url }}">{{ _('Read more.') }}</a>
+ </div>
+ </div>
+</div>
+{% endmacro %}
\ No newline at end of file
diff --git a/templates/project.html b/templates/project.html
new file mode 100644
index 0000000..1aaed71
--- /dev/null
+++ b/templates/project.html
@@ -0,0 +1,49 @@
+<!doctype html>
+{% include 'meta.html' %}
+<body class="no-gutters">
+ <header>
+ {% include 'navbar.html' %}
+ </header>
+ <div class="page">
+ {% include 'header.html' %}
+ {% include 'pagenav.html' %}
+ <div class="container-fluid">
+ <div class="row flex-xl-nowrap">
+ <main role="main" class="mx-auto col-12 {{ bag('alternatives',
this.alt, 'order') }}">
+ <div class="container py-3 mt-5">
+ <h4>Project Title: {{ this.title }}</h4>
+ <span class="badge badge-primary">{{ this.languages }}</span> <span
class="badge badge-secondary">{{ this.difficulty }}</span>
+ </div>
+ <div class="container py-3 mt-5">
+ <h4>Project Summary:</h4>
+ <p>
+ {{ this.summary }}
+ </p>
+ </div>
+ <div class="container py-3">
+ <h4>Project Description:</h4>
+ <p>
+ {{ this.description }}
+ </p>
+ </div>
+ <div class="container py-3">
+ <h4>Mentors:</h4>
+ <p>
+ {{ this.mentors }}
+ </p>
+ </div>
+ </main>
+ </div>
+ <div class="card mt-5">
+ <ul class="list-group list-group-flush">
+ <li class="list-group-item">
+ <a href="{{ this.parent|url }}">{{ _("Back to ") }}{{
this.parent.title }}</a>
+ </li>
+ </ul>
+ </div>
+ </div>
+</div>
+<footer>
+ {% include 'footer.html' %}
+</footer>
+</body>
_______________________________________________
tor-commits mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
