Actions

Dev/GSoC

From Whonix

< Dev

Proposals 2019[edit]

Student Application Guidelines[edit]

Introduction

Every software project should solve a problem. Before offering the solution (your Google Summer of Code project), you should first define the problem. What’s the current state of things? What’s the issue you wish to solve and why? Then you should conclude with a sentence or two about your solution. Include links to discussions, features, or bugs that describe the problem further if necessary.

Project goals

Be short and to the point, and perhaps format it as a list. Propose a clear list of deliverables, explaining exactly what you promise to do and what you do not plan to do. “Future developments” can be mentioned, but your promise for the Google Summer of Code term is what counts.

Implementation

Be detailed. Describe what you plan to do as a solution for the problem you defined above. Include technical details, showing that you understand the technology. Illustrate key technical elements of your proposed solution in reasonable detail.

Timeline

Show that you understand the problem, have a solution, have also broken it down into manageable parts, and that you have a realistic plan on how to accomplish your goal. Here you set expectations, so don’t make promises you can’t keep. A modest, realistic and detailed timeline is better than promising the impossible.

If you have other commitments during GSoC, such as a job, vacation, exams, internship, seminars, or papers to write, disclose them here. If you have conflicts, explain how you will work around them. If you are found to have conflicts which you did not disclose, you may be failed.

Open and clear communication is of utmost importance. Include your plans for communication in your proposal; daily if possible. You will need to initiate bi-weekly formal communications such as a post in Whonix ™ forum. Lack of communication will result in you being failed.

About me

Provide your contact information and write a few sentences about you and why you think you are the best for this job. Prior contributions to Whonix ™ are helpful; list your commits. Name people (other developers, students, professors) who can act as a reference for you. Mention your field of study if necessary. Now is the time to join the Whonix ™ forum and the relevant mailing lists. We want you to be a part of our community, not just contribute your code.

Tell us if you are submitting proposals to other organizations, and whether or not you would choose Whonix ™ if given the choice.

Other things to think about:

Are you comfortable working independently under a supervisor or mentor who is several thousand miles away, and perhaps 12 time zones away? How will you work with your mentor to track your work? Have you worked in this style before?

If your native language is not English, are you comfortable working closely with a supervisor whose native language is English? What is your native language, as that may help us find a mentor who has the same native language?

After you have written your proposal, you should get it reviewed. We will try to comment on every proposal but it is wise to ask a colleague or a developer to critique your proposal as well. Clarity and completeness are important.


Suggested Proposals[edit]

Project: Whonix ™ IPv6 and nftables support

Brief explanation: T509: https://phabricator.whonix.org/T509 [archive]

Recent upstream features such as Tor's IPv6 support and the Linux kernel's transition to nftables from iptables requires that Whonix ™ adapts downstream to take advantage of these developments.

Expected results:

Work at upstream Tor: An older version of https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy [archive] page was the origin of Whonix ™. Update that page for nftables / IPv6 support without mentioning Whonix ™. Then discuss that on the tor-talk mailing list for wider input. - https://trac.torproject.org/projects/tor/ticket/21397 [archive] implement corridor feature request add IPv6 support / port to nftables - https://github.com/rustybird/corridor/issues/39 [archive] port whonix-firewall to nftables

  • Support connections to IPv6 Tor relays
  • Support connections to IPv6 destinations
  • Migrate all iptables rules to nftables and run leak tests to ensure no degradation of security occurred.

Knowledge prerequisite:

nftables iptables IPv6

Mentor: Patrick Schleizer


Project: Censorship Circumvention Gateway

Brief explanation:

Censorship Circumvention Gateway is similar to the idea of a Whonix-Gateway ™. But it is optimized for circumvention and speed only, without trying to establish anonymity at all.

One motivation for this project is to have a reasonably good speed for censorship circumvention. Previous reporting indicates that, although many pluggable transport tools have been integrated into Whonix ™, the speed can be so slow that it makes it almost unusable (Meek_lite in China).

Another motivation for this project is to work around the chicken-and-egg problem of distributing and obtaining censorship circumvention tools. Fortunately, many channels have been established to mitigate the distribution issues. Thus, we’d like to provide a secure and censorship resistant mechanism to download and update censorship circumvention tools behind national firewalls.

A roadmap on integrating Lantern, a censorship circumvention tool into a gateway VM is described here: https://www.whonix.org/wiki/Lantern [archive]

For more information, there is a related technical report: https://groups.google.com/forum/#!msg/qubes-devel/FbSUL8Pw8mk/v6bN_gErBQAJ [archive]

Expected results:

A secure and censorship resistant way to distribute pre-configured censorship circumvention tools and hide all unnecessary complexity from users for ease of use.

Knowledge prerequisite:

GNU Make

Mentor: Patrick Schleizer


Project: Using Tor Browser Bundle's Tor as the “system Tor”

Brief explanation: T887: https://phabricator.whonix.org/T887 [archive]

It would save the Whonix ™ community a great deal of development time and offer many new features if we could use the Tor Browser Bundle's (TBB) Tor tooling rather than the standalone Tor daemon distributed from the Debian repos. This will allow Whonix ™ to immediately take advantage of the latest censorship circumvention (pluggable transports). Moreover, the current Tor package requires manual testing by Whonix ™ Devs and is then uploaded to the Whonix ™ repo. This procedure is time consuming and forces users to put more trust in the development infrastructure which we would rather minimize.

Expected results:

tor-control-panel / anon-connection-wizard integration into a Tor configuration GUI that uses the latest pluggable transports from TBB. debugging and working around Apparmor and systemd seccomp sandboxing interaction issues when pluggable transports are used.

Knowledge prerequisite: bash systemd

Mentor: Patrick Schleizer


Project: Project News System

Brief explanation: https://www.whonix.org/wiki/Dev/project-news [archive]

Expected results:

Knowledge prerequisite:

Mentor: Patrick Schleizer


Project: package manager update on/off switch

Brief explanation: https://www.whonix.org/pipermail/whonix-devel/2019-January/001293.html [archive]

See also: https://www.whonix.org/wiki/Dev/apt-revoker [archive]

Expected results: TBD

Knowledge prerequisite:

Mentor: Patrick Schleizer


Project: Permanent Takedown Attack Defender

Brief explanation: https://www.whonix.org/wiki/Dev/Permanent_Takedown_Attack_Defender [archive]

Expected results: TBD

Knowledge prerequisite:

Mentor: Patrick Schleizer


Project: automated unit tests

Brief explanation: https://forums.whonix.org/t/looking-for-contributor-automated-test-suite/5942 [archive]

Note: This task is among the most important things for long time maintainability.

Expected results:TBD

Knowledge prerequisite:

Mentor: Patrick Schleizer