Hi,
here's some bits from Tor dev meeting. Generally it was quite relaxed
for me: there were many discussions I wanted to have with many people,
but didn't feel any of the insisting peer-pressure that killed the fun
of the last Tor dev meeting I had attended :)
* Lead, with Linda, a discussion about Tor Browser's Security Slider
usability and security:
https://trac.torproject.org/projects/tor/wiki/org/meetings/2017Amsterdam/Notes/SecuritySliderUsability
Some more discussion is now happening on
https://bugs.torproject.org/21034. Too bad some of the key people
could not attend the corresponding session, looks like this would
have been a game-changer.
* anonym lead a session about our test suite. I expect he'll tell you
more in his own report.
* Had a nice conversation about "secure" operating systems with Joanna
from Qubes OS, Ola Bini, Patrick from Whonix, and 3 other Tails
people. As a result #12403 was filed and integration work done
there, and some (vague) longer-term plans drawn. The idea of having
a meeting + hacking time gathering desktop "secure" OS:es was
revived (tentatively: autumn 2017, southern Europe). sajolida will
follow-up on this.
* Discussed writing, packaging and integrating applications built on
top of Tor (Torbirdy, OnionShare, OnionCircuits, etc.) and control
port filtering with anonym, Sukhbir and Patrick. We reached some
conclusions but realized only later that we had missed important
aspects, so the discussion goes on privately until we have something
worth submitting for requests.
* Discussed with some members of one of the ThoughtWorks' "strike
teams" how they could help them, and looked a bit closer at robust
time sync'ing + persistent Tor state. Stay tuned.
* Got a crash course at communication strategy from Josh, the new
communications director at Tor. Wow, so many new things to learn.
Thankfully the methodology seems quite similar to UX so it's not
*that* new. sajolida took notes, perhaps he'll follow-up and file
some tickets. On my side I've filed #12406 and subtasks to ensure
we're ready for any successful communication campaign (even though
it appears that we should target more specifically people who should
use Tails, but still don't, instead of the general public, at least
this year).
* Discussed with one of our fiscal sponsors the current state of
affairs, backlog and various requirements that needed clarifying;
drawn plans to migrate to another fiscal sponsor.
* Discussed our reproducible builds effort and status with Ximin and
other people. The main output was #12409.
* Attended a session about onboarding new (paid) contributors.
The main output for me was adding stuff on #11768.
* Identified more clearly the need some people have to run Tails from
internal hard drives. Summed it up on
https://labs.riseup.net/code/issues/8422#note-9, reopened
that ticket.
* Got some ARM Chromebooks as a gift from a friendly project.
Next steps will be tracked on #10972.
* Discussed my upcoming keynote at CryptoRave with various people.
tl;dr: it won't be about "the state of secure OS:es", contrary to
what folks on Twitter seem to believe currently.
* Probably lots of other things I'm forgetting right now :)
Cheers,
--
intrigeri