#tor-dev log

16:00:15 <Yawning> #startmeeting
16:00:15 <MeetBot> Meeting started Wed Sep 10 16:00:15 2014 UTC.  The chair is Yawning. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:00:15 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
16:00:41 <Yawning> Ok, so asn can't be here this week due to rl stuff, so y'all are stuck with me.
16:00:50 <blanu> I have a question for armadev. Also can someone explain to me the meeting format?
16:01:12 <Yawning> Everyone talks about what they did since last meeting, what they plan to do, then general discussion
16:01:48 <Yawning> So, relaying a message from asn: "y main contributions to the PT world, is obfs4 reviewing, and review of #6456. "
16:01:54 <Yawning> who wants to go first?
16:02:05 <Yawning> infinity0?
16:02:31 <Yawning> or I can I guess.
16:02:39 <infinity0> sure, the only thing i did this week was to read into wfpadtools and the broader problem of traffic analysis
16:02:44 <Yawning> oh ok
16:03:01 <infinity0> i would like to set up a obfsproxy+wfpadtools|websocket bridge at some point
16:03:01 <armadev> blanu: you can also find me in #tor-project if the question fits there
16:03:33 <Yawning> wfpadtools has a "intersting" kludge that's needed on the client side
16:03:56 <infinity0> todo-list: review student's fog code. also look into some webrtc stuff that will of uproxy pushed recently, that might make it easier to do a webrtc flashproxy
16:04:04 <Yawning> you have to insert a little layer between firefox and the socks port.
16:04:24 <armadev> infinity0: speaking of wfpadtools. i remember marc asking on tor-dev long ago about the mysterious behavior where he gets multiple connections from the tor client, when he wanted only one. and dcf had a similar thread about that. i think marc doesn't know about dcf's thread. did anybody follow up on this?
16:04:34 <Yawning> yes
16:04:42 <Yawning> it was a bug in his test suite
16:04:53 <armadev> oh, awesome. so it is solved?
16:05:10 <Yawning> that behavior still does happen when bootstrapping sometimes, but it's not common to the point whereit messes with research
16:05:14 <Yawning> so "solved enough"
16:05:17 <armadev> ok.
16:05:41 <Yawning> there's a bug on it that I don't remember the number for, and it's not clear that the behavior is actually broken
16:05:50 <Yawning> ok, I'll go next
16:06:08 <Yawning> I worked on obfs4 some more (tagged, debian packages pending thanks to lunar^)
16:06:24 <Yawning> I cleaned up the minor issues in my #8402 patch after it being on backburner for a while
16:06:30 <infinity0> like, ITP filed? got a link?
16:06:41 <Yawning> it's linked off the bug fo rit
16:06:53 <infinity0> ah cool
16:06:53 <Yawning> ITP filed, for siphash, ed25519, and obfs4proxy
16:07:17 <Yawning> which is indeed very cool
16:07:23 <infinity0> nice
16:07:31 <blanu> What is an ITP?
16:07:52 <Yawning> my todo list is mostly project management type stuff, need to figure out what little-t tor work needs to be done, what pt work needs to be odne, and write lots of e-mails
16:07:52 <infinity0> intent-to-package bug report for debian
16:08:19 <Yawning> I have some rough ideas on all of this, but I need to sit down and glare at trac/think for a bit
16:08:37 <Yawning> parallel to all that, I will do whatever pt work is required for all things including obfs4 etc
16:08:45 <intrigeri> blanu: https://www.debian.org/devel/wnpp/being_packaged :)
16:08:59 <Yawning> that's it for me
16:09:18 <Yawning> dcf isn't here so I can't ask him about cyberroam + meek
16:09:32 <Yawning> though I know the code changes required there so I might just file a ticket
16:09:32 <infinity0> what's cyberroam?
16:09:41 <Yawning> some commercial dpi system
16:09:55 <Yawning> requires setting a proxy and mitms tls (you install their cert)
16:09:57 <Yawning> so it breaks meek
16:10:18 <Yawning> (oh I also cleaned up my goptlib socks5 code, it is in needs_review)
16:10:30 <Yawning> blanu: if you have stuff to talk about, your turn ^_^
16:10:36 <infinity0> i was thinking we should do something that goes through these mitms, like ssl-over-ssl
16:10:54 <infinity0> maybe that's not such a coherent idea though
16:11:03 <Yawning> I think meek will just work, if we can make it trust the evil cert
16:11:12 <armadev> i assume they dpi the decrypted flow and make sure it conforms to....something.
16:11:17 <Yawning> can think about adding more obfuscation if that breaks
16:11:34 <infinity0> fte-over-mitmd-ssl if need be, i suppose
16:11:44 <armadev> yeah
16:11:47 <Yawning> but at a minium we need to do that ideally with some sort of test env *waves hands*
16:12:06 <blanu> Okay great. Well I am working on a joint project between Guardian Project, Tor, and myself to get Tor+obfsproxy running on Android. My part is to write a PT for Dust which runs on Android.
16:12:06 <Yawning> blanu: also these tend to be informal
16:12:36 <Yawning> blanu: fun times
16:12:50 <Yawning> our android situation is better than it was a year ago in that area I hope >.>
16:12:55 <armadev> yawning: see slides 31-32 of http://freehaven.net/~arma/slides-jun14.pdf (re test env)
16:12:56 <blanu> Currently I am working on the Dust v2 protocol spec and the Dust API spec. There will be a C API.
16:13:59 <Yawning> excellent, will you be posting to tor-dev when there's stuff for us to look at>
16:14:20 <blanu> We haven't decided yet if we will use obfsclient or obfs4proxy. That's an ongoing discussion. Also some adaptation might be required to get Dust to work because it's different from some other PTs.
16:14:28 <blanu> Sure thing, I will post the spec.
16:14:32 <Yawning> *nods*
16:14:44 <Yawning> I will help make changes to either of those as required
16:15:09 <blanu> My question for armadev, although maybe someone else knows the answer, is who all from Tor is working on this joint project to get Tor+obfsproxy working on Android.
16:15:17 <Yawning> just poke me either on irc or e-mail
16:15:35 <Yawning> obfsproxy as in the python thing? or pts in general?
16:15:35 <armadev> the current answer is either nobody or yawning
16:15:43 <Yawning> ^
16:15:43 <armadev> for specifically tor+obfsproxy+android
16:15:56 <blanu> By obfsproxy I mean PTs.
16:16:01 <armadev> since it's not clear to me that any of the stuff we're doing actually has the word android in it
16:16:01 <infinity0> lol
16:16:31 <Yawning> then what arma said, with "yawning last worked on it"
16:16:32 <blanu> armadev: Well that's an interesting answer. If the answer is no one, that will make my job quite difficult. If the answer is Yawning, that will make my job quite easy.
16:16:40 <armadev> the other answer is that we get to decide the answer to that, if we have a preference for what we want it to be
16:17:19 <Yawning> well, I'm doing project planning stuff for the next while, so now would be a good time to figure all of this out
16:17:48 <armadev> blanu: i haven't gotten up to speed on this latest thing, but i believe the current situation is that as usual they haven't shown us the actual proposal, and the parts that we've seen for our piece of it don't say the word android
16:17:57 <Yawning> with "now" not being like " immediate now" but "next on my todo list"
16:18:42 <armadev> but yes, having good pluggable transports that the guardian folks can tie in seems worthwhile. among the many worthwhile things.
16:19:36 <blanu> What I need from the Tor folks is essentially something obfsproxy-like where the client runs on Android, the server has a similar API, and the API on both sides supports the needs of the Dust API. Yawning seemed down with all this. So everything seems cool from my point of view unless Tor decides this is not a priority.
16:20:49 <blanu> armadev: I know what you mean about not being shown an actual proposal. This is why I am trying to find all concerned parties and start communication directly.
16:21:17 <armadev> makes sense. i don't know answers yet, alas. it depends in large part on what (else) they want from us. if anything.
16:21:47 <armadev> i'm going to try to pick this up soon. but i need to get sponsorR and sponsorS going first.
16:22:33 <armadev> the sponsorS stuff either overlaps or competes or something. but it ties in.
16:22:39 <blanu> Alright well I'll check back in at the next meeting then.
16:22:48 <armadev> https://trac.torproject.org/projects/tor/wiki/org/sponsors/SponsorS/PluggableTransports/Proposal
16:23:02 <blanu> Yawning: If I do start a discussion with the Guardian folks about this do you want to be included in that conversation?
16:23:08 <Yawning> yes please
16:23:25 <Yawning> it concerns me even in my "just a dude that writes code for fun" capacity for historical reasons
16:24:06 <Yawning> so I would appreciate it
16:24:25 <blanu> Okay great. One more thing, I am trying to hire someone specifically to take on the task of getting everything to build on Android. So that is less ominous than it may sound.
16:24:30 <blanu> That's it for me!
16:24:36 <Yawning> ^_^
16:24:51 <Yawning> the orbot build env wasn't that scary fwiw
16:25:03 <armadev> wonder if boklm and his build automation stuff would be useful there
16:25:04 <Yawning> I did the obfsclient integration in an afternoon
16:25:08 <blanu> Ah yes, but your code is in Go and my code is in Haskell.
16:25:15 <Yawning> ahhhh
16:25:35 <blanu> armadev: Do you have a link?
16:25:59 <Yawning> I assume we don't have lurkers who have pt stuff to talk about/want to give a report?
16:26:46 <Yawning> Aight, official part is over.
16:26:52 <Yawning> #endmeeting *baf*