Bug Smash Fund, Year 2: Progress So Far!
by alsmith | February 12, 2021
Last August, we asked you to help us fundraise during our second annual Bug Smash Fund campaign. This fund is designed to grow a healthy reserve earmarked for maintenance work, finding bugs, and smashing them—all tasks necessary to keep Tor Browser, the Tor network, and the many tools that rely on Tor strong, safe, and running smoothly. In 2020, despite the challenges of COVID-19 and event cancellations, you helped us to raise $106,709!
We want to share an update on some of the work that the second year of the Bug Smash Fund has made possible.
Since 2019, we’ve marked 134 tickets with BugSmashFund. As of today, 97 of those tickets have been closed, and 37 of them are still in progress. This year, we've used the Bug Smash Fund to work on continuous integration tooling, Tor Browser improvements, defense against DDoS on onion services v3, GetTor, Arti, and security fixes. We have also used the Bug Smash Fund to create a new status.torproject.org page, which will act as a landing place for network and service status updates.
Thanks for supporting this work!
Below is a list of many of the tickets we’ve closed so far.
Continuous integration tooling
When we made the transition from Trac to GitLab for issue tracking, we moved our CI tooling into GitLab CI and Appveyor. Because this work is critical--but not covered by a grant--the Bug Smash Fund helped us to fix the CI pipeline in GitLab and improve the infrastructure we use to develop Tor. See all CI tickets.
- Fix issue when using FALLTHROUGH with ALL_BUGS_ARE_FATAL #40241
- Travis chutney tests are borked by two bad commits #40204
- Nightly Windows build failures on both 32-bit and 64-bit #40199
- Parallelize several tests to make hardened-build CI faster. #40098
- Remove AppVeyor VS2015 build #40091
- Assertion buf->tail failed in buf_assert_ok at src/lib/buf/buffers.c:919 #40076
- Use stale bot to close old pull requests #33629
- factor out supporting shell scripts from CI configs #32943
- Remove 0.2.9 from the jenkins builders #32776
- Remove Jenkins tor master jobs which don't have OpenSSL 1.1.1 #32773
- update .gitlab-ci.yml to remove broken cruft and add a complete test suite #32193
- Wrap our Travis commands with travis_retry, to mitigate network timeouts #31921
- Add a beta RUST_VERSION build to Travis CI #31862
- Should we CI-build with --disable-module-dirauth and -O0? #31560
- Run clang's scan-build in Tor's CI #30225
- update travis CI to ubuntu xenial image when available #27859
- Debian Hardened CI failures due to lack of ptrace #40275
- Run sandbox tests on Xenial and Bionic #32817
- Make the seccomp sandbox work with Ubuntu Xenial and Bionic #32722
- Define ExecuteBash in the Appveyor error block #31884
The Bug Smash Fund helps us to resolve issues in Tor Browser that are not part of a grant or sponsored project, including fixing AV1 playback. It has also helped us make updates to Tor Browser's custom UI.
- Include bridge configuration into about:preferences - tpo/applications/tor-browser #31286
- Disable tracking protection UI in FF67-esr - tpo/applications/tor-browser #26345
- AV1 playback doesn't work on Windows #40321
- Firefox icon is shown for Tor Browser on Windows 10 start menu #22654
- Prep 10.5a10 (Windows) #40227
Over the last month, overload bugs on the directory authorities have caused v3 onion services to become unreliable. The Bug Smash Fund was critical here--it allowed us to pivot from other work to address these issues.
Tor Network Status
We were in need of a clear, easy-to-read place to share updates on the status of the Tor network when there have been disruptions. The Bug Smash Fund allowed us to set up status.torproject.org. Let us know what you think! We also fixed Schleuder, a tool we use to communicate with encrypted email to/from firstname.lastname@example.org (#40002).
Thank you to everybody who made a contribution to the Bug Smash Fund. This work is critical in helping us to provide safer tools for millions of people around the world exercising their human rights to privacy and freedom online.
If you’d like to make a contribution to the Bug Smash Fund, you can do so by making a gift at donate.torproject.org: just add “Bug Smash Fund” into the comment field, and we’ll make sure it’s directed to the right place.