On Wed, Sep 16, 2009 at 09:44, Jacob Appelbaum
<jacob@xxxxxxxxxxxxx> wrote:
Lexi Pimenidis wrote:
> On Wed, Sep 16, 2009 at 07:18:09AM CEST, Jacob Appelbaum wrote:
>
> Hej everybody,
Hey hey Lexi (and others),
> Uh, first time I learn from this project.
Good times.
>
>> Do we want to look at the project as a good starting point? Should we
>> consider it time, as a community, to pick up where Lexi left off?
>
> (for the record: it was a whole bunch of people...)
>
I oversimplified the list a bit. :-)
>> Should we get the C client ported over to Android and packaged up?
>
> I haven't been developing apps for Android, hence I don't know to which extend
> porting the C client will work. However, one of the many (long-term, and not
> yet fulfilled) intentions of developing OnionCoffee was to avoid that a bug in
> the very single application running th Tor network could be used to exploit
> all clients. (However, I agree that the Tor-client is one of the best audited
> pieces of software I've seen)
That's a very good point and a good reason to have another Tor
implementation.
Although it would be easier to maintain just a single codebase for Tor, it would be difficult to mix the different interests of common mobile users with those of desktop users. Mainly in the field of resource usage, a lot of work would need to be done - and I would want to have the mobile client be able to lower security/anonymity to boost performance and allow longer battery life time (for example the use case of working around a content filter, without the need for extended anonymity). Going for Java also allows easy porting to other mobile platforms such as Symbian, Maemo, LiMo and possibly even Windows Mobile.
>
> Hence my opinion is: sure, go ahead. OC was never ment to replace the original
> client in any way. On the other hand we invested a significant amount of time
> into it, so maybe it is worth the effort (for some open source developers)
> to remove the bugs and keep it more or less up to date.
>
Is there a bug tracker or a source code manager that's currently in use?
Would you be interested in moving this into Tor's subversion and using
our Fly Spray? Roger will happily set you up with that if you're interested.
> Well done :)
I think that everything is merged into git-master and it's all ready to
go; we'd just need a build setup similar to what Adam used...
>
>> I think having Tor on Android is very important and it's a good first
>> step to having anonymity enabled mobile devices.
>
> I agree. If anywhere, mobile devices are in need of more privacy.
...
>
>> ----------------------- 2nd email -------------------
> [.. a lot of accurate and correct stuff cut..]
>
>> From just a cursory look, I do not believe it is safe to use OnionCoffee
>> derived software when security or anonymity are desired properties.
>
> You're completely right. OnionCoffee is more like a research platform than
> suitable for wide deployment (in its current state).
Ok, I'm glad to hear that as a confirmation!
>
>> It doesn't seem like it would be impossible to fix these things and it seems
>> likely that if we shake the tree, we'll find more stuff to fix...
>
> I guess so. However, I personally do not have the time for contributing
> significant amounts of time into OC - still, I'd be more than happy to
> support those who do.
Great!
> Maybe we could look for contributers on the main tor mailinglist - my guess
> is that there are a bunch of people out there who know to code Java and
> would gladly be able to send in fixes. At least I myself, maybe Andriy too,
> could read the diffs and check in thos, which seem to advance the current
> state.
I'm wondering how much my ideas for the mobile client can be used for the OnionCoffee project, I was thinking of forking part of the codebase and basically redesigning certain parts. This may very well include removing certain features like the DirectoryServer class. What are your thoughts on this - would it be a good idea to have me work in the OC branch or just fork and provide patches that can be applied to the OC codebase?
Kind regards,
Merlijn