Bug Smash Fund, Year 2: Progress So Far!
by alsmith | February 12, 2021
Last August, we asked you to help us fundraise during our second annual Bug Smash Fund campaign. This fund is designed to grow a healthy reserve earmarked for maintenance work, finding bugs, and smashing them—all tasks necessary to keep Tor Browser, the Tor network, and the many tools that rely on Tor strong, safe, and running smoothly. In 2020, despite the challenges of COVID-19 and event cancellations, you helped us to raise $106,709!
We want to share an update on some of the work that the second year of the Bug Smash Fund has made possible.
Since 2019, we’ve marked 134 tickets with BugSmashFund. As of today, 97 of those tickets have been closed, and 37 of them are still in progress. This year, we've used the Bug Smash Fund to work on continuous integration tooling, Tor Browser improvements, defense against DDoS on onion services v3, GetTor, Arti, and security fixes. We have also used the Bug Smash Fund to create a new status.torproject.org page, which will act as a landing place for network and service status updates.
Thanks for supporting this work!
Below is a list of many of the tickets we’ve closed so far.
Continuous integration tooling
When we made the transition from Trac to GitLab for issue tracking, we moved our CI tooling into GitLab CI and Appveyor. Because this work is critical--but not covered by a grant--the Bug Smash Fund helped us to fix the CI pipeline in GitLab and improve the infrastructure we use to develop Tor. See all CI tickets.
- Fix issue when using FALLTHROUGH with ALL_BUGS_ARE_FATAL #40241
- Travis chutney tests are borked by two bad commits #40204
- Nightly Windows build failures on both 32-bit and 64-bit #40199
- Parallelize several tests to make hardened-build CI faster. #40098
- Remove AppVeyor VS2015 build #40091
- Assertion buf->tail failed in buf_assert_ok at src/lib/buf/buffers.c:919 #40076
- Use stale bot to close old pull requests #33629
- factor out supporting shell scripts from CI configs #32943
- Remove 0.2.9 from the jenkins builders #32776
- Remove Jenkins tor master jobs which don't have OpenSSL 1.1.1 #32773
- update .gitlab-ci.yml to remove broken cruft and add a complete test suite #32193
- Wrap our Travis commands with travis_retry, to mitigate network timeouts #31921
- Add a beta RUST_VERSION build to Travis CI #31862
- Should we CI-build with --disable-module-dirauth and -O0? #31560
- Run clang's scan-build in Tor's CI #30225
- update travis CI to ubuntu xenial image when available #27859
- Debian Hardened CI failures due to lack of ptrace #40275
- Run sandbox tests on Xenial and Bionic #32817
- Make the seccomp sandbox work with Ubuntu Xenial and Bionic #32722
- Define ExecuteBash in the Appveyor error block #31884
Tor Browser
The Bug Smash Fund helps us to resolve issues in Tor Browser that are not part of a grant or sponsored project, including fixing AV1 playback. It has also helped us make updates to Tor Browser's custom UI.
- Include bridge configuration into about:preferences - tpo/applications/tor-browser #31286
- Disable tracking protection UI in FF67-esr - tpo/applications/tor-browser #26345
- AV1 playback doesn't work on Windows #40321
- Firefox icon is shown for Tor Browser on Windows 10 start menu #22654
- Prep 10.5a10 (Windows) #40227
GetTor
GetTor is a tool that allows users to download Tor Browser in places where https://torproject.org is censored. GetTor responds to emails from users with the files they need to install Tor Browser. The Bug Smash Fund helped us to make sure GetTor logs are scrubbed of personal info (#34058).
Network Health
Over the last month, overload bugs on the directory authorities have caused v3 onion services to become unreliable. The Bug Smash Fund was critical here--it allowed us to pivot from other work to address these issues.
Tor Network Status
We were in need of a clear, easy-to-read place to share updates on the status of the Tor network when there have been disruptions. The Bug Smash Fund allowed us to set up status.torproject.org. Let us know what you think! We also fixed Schleuder, a tool we use to communicate with encrypted email to/from network-team-security@torproject.org (#40002).
Thank you to everybody who made a contribution to the Bug Smash Fund. This work is critical in helping us to provide safer tools for millions of people around the world exercising their human rights to privacy and freedom online.
If you’d like to make a contribution to the Bug Smash Fund, you can do so by making a gift at donate.torproject.org: just add “Bug Smash Fund” into the comment field, and we’ll make sure it’s directed to the right place.
Comments
Please note that the comment area below has been archived.
status.torproject.org is…
status.torproject.org is cool, much easier to understand than consensus-health.torproject.org
Many thanks to everyone at…
Many thanks to everyone at Tor Project who help do the essential work of catching and fixing bugs, network issues, etc!
All the most powerful entities in the world hate everything which truly empowers ordinary citizens to exert some control over their own data destiny. Consequently, right from the beginning, Tor Project has been continually buffetted by an unending sequences of technical, legal and political threats. And the Great Lockdown which began early in 2020 seems to have been unusually challenging for TP and all small nonprofits. But I am cautiously optimistic that 2021 will see things improve for our side.
I hope all readers of the blog will join me in contributing whenever and to what extent we are able. Let's make Tor a user-supported NGO beholden to no government or megacorporate agenda!
P.S. A new site from ACLU-WA is at coveillance.org. Check out the Acyclica devices and the NSA secret room featured in the walking tour! Uhm.... Shouldn;t TP belong to their tech coalition?
Thanks for the note about…
Thanks for the note about https://coveillance.org/, I'll check it out.
Isn't Tor directly funded by…
Isn't Tor directly funded by the NSA? Wikipedia says so. Its weird how the NSA can't break Tor and yet they are willing to fund its development.
Tor is not funded by the NSA…
Tor is not funded by the NSA. That's FUD.
Our financials are open. You can look at an easy to read list of our funders here: https://www.torproject.org/about/sponsors/
Or dig deeper in our tax documents here: https://www.torproject.org/about/financials
And read posts that explain these documents here: https://blog.torproject.org/category/tags/form-990
Where does it say that on…
Where does it say that on Wikipedia? I can't find it.
Exactly. [citation needed]
Exactly.
[citation needed]
or someone reverts your revision. Always check the History tab and Talk tab when in doubt.The way forward: https:/…
The way forward: https://bestpractices.coreinfrastructure.org/en/criteria
Why are gitlab and…
Why are gitlab and anonticket logins subdomains of the domain, `onionize.space`, rather than torproject.org? Who owns and operates `onionize.space`? Why is it a potential MITM? Is there more Tor Project infrastructure on non-TorProject domains than those two login subdomains?
It's my domain that I use…
It's my domain that I use for highly experimental things I do related to Tor. This site will eventually be moved over to Tor Project infrastructure, but since we are working in a time constrained environment, where the internship ends soon, we wanted to get something setup as quickly as possible so that we could gather feedback from the user community.
The goal for this is to have it moved to torproject.org infrastructure and have an onion service. This is likely to happen in the near'ish future.
I like the new status page,…
I like the new status page, but I do wish the description for "directory authorities" was a tad more informative than "whatever it is that those things do". Made me laugh though!
Anyway, amazing progress. Thank you, Tor Project!
Some info that could be…
Some info that could be added there as links to improve it:
https://support.torproject.org/glossary/directory-authority/
https://gitlab.torproject.org/legacy/trac/-/wikis/doc/directory_authori…
https://consensus-health.torproject.org/
And this is interesting for its in-depth explanations:
https://matt.traudt.xyz/posts/Debunking:_OSINT_Analysis_of_the_TOR_Foun…