13:30:31 #startmeeting 13:30:31 Meeting started Wed Nov 12 13:30:31 2014 UTC. The chair is nickm. Information about MeetBot at http://wiki.debian.org/MeetBot. 13:30:31 Useful Commands: #action #agreed #help #info #idea #link #topic. 13:31:03 Greetings, Gentlebeings! I suspect you wonder why I have called you here together. 13:31:22 aloha 13:31:23 Free food and software? 13:31:26 Before we begin today's meeting of the Legion of Anonymity, let us introduce ourselves! 13:31:46 I see Yawning, asn, athena, and ln5. Is anyone else with us today? 13:31:55 greetings, humans 13:31:58 (This is a tor dev meeting. I am just feeling silly.) 13:32:02 I am asn. With my team of builders, we build castles! 13:32:17 Hello my name is Yawning and I'm an alco^u 13:32:21 wrong meeting 13:32:57 dgoulet might also be here? 13:33:46 * ln5 is sadly not really here 13:34:21 Let's begin. Who wants to talk about hacking stuff:? 13:35:11 I can talk a bit. 13:35:13 my productivity hasn't been all that good as of late ;_; 13:35:18 ah go for it yaw` 13:35:19 ah go for it Yawning 13:35:30 there's a huge list of tickets at https://trac.torproject.org/projects/tor/wiki/org/sponsors/SponsorS/PluggableTransports 13:35:34 that has a bunch of tor stuff 13:35:42 that willg et my attention 13:35:53 if there is stuff that needs priority (eg: 229), let me know 13:36:14 ok, other people cat go >.> 13:36:15 can 13:36:21 need to read more of this proposal 13:36:29 hello 13:36:41 the past days I've been busy with the recent HS attacks 13:36:54 i hepled write the blog post, and also have been doing work on guard discovery attacks, etc. 13:37:17 currently I'm fiixng up the guardfraction branches. they will be ready for review before the sun sets where I am. 13:37:32 i also did a small meeting tomorrow with dgoulet on the SponsorR project 13:37:45 I think we are supposed to meet more today, but I don't see dgoulet around yet which is alright. 13:37:52 We decided that for the next two months, as part of the SponsorR project 13:37:58 we are going to focus on the following things: 13:38:26 - Make a branch that adds statistics to Tor relays, that allows to better understand "Approximately how many HSes are there" / "Approximately how much HS traffic is there" 13:38:37 I'm saying *approximately* because my plan is to obfuscsate those stats 13:38:51 so that an attacker who wants to enumerate HSes cannot be precise on how many HSes he is missing. 13:39:03 i will prepare a proposal for this in the next weeks. 13:39:24 and if no one objects, the weeks after that I will hack on it, so that relays (HSDirs and RPs) add this info to their extra-info desc. 13:39:41 - Work on setting up HS privnets, that allow us to do benchmarks and measurements. 13:39:45 plausible. 13:39:58 I believe dgoulet and teor are making good progress on that front. 13:39:59 We hope that this will reveal various bugs and peculiarities in the way HS circuit establishment works. 13:40:03 yes 13:40:24 eg, dgoulet has some profiling numbers on #8902, and teor is doing good stuff to make chutney and test nets work better 13:40:30 yep 13:40:55 and then I also plan to walk through the SponsorR tor-dev thread and find more tasks to be done 13:41:08 so that when Roger goes to that meeting on January he has a list of plausible tasks that we can do. 13:41:19 I'm also preparing a text for HS kickstarter. 13:41:25 the one htat karen asked. 13:41:58 after the recent HS attacks, I'm in a more researchy mood. so even though two weeks ago I would have suggested a code-hacking kickstarter, I think now we will also have to do some research. 13:42:18 on how we can change the HS protocol to defend against the major current attacks: coercion attacks, guard disciovery attacks, congestion attacks, etc. 13:42:24 but I still haven't written it all. 13:42:30 might finish it tomorrow we will see. 13:42:39 and that's my status report. 13:42:45 Let's work on that together, and maybe broaden our discussion of what a KS should be for and what our longer-term strategy is too. 13:43:04 I also have a small question. if I have a chutney network, what should I add in the authority torrc so that it adds a consensus parameter? 13:43:12 nickm: absolutely. 13:43:12 asn: do youall need prop 229 done fast? 13:43:34 (if I left out pt stuff that people really wnat let me know) 13:43:39 Yawning: not super fast. but it seems useful. 13:43:52 Yawning: i would try to do it in the next 6 months? 13:43:53 asn: I think there isn't an "Add an arbitrary consensus parameter" option. Did we implement one? 13:43:57 * nickm looks at the code 13:43:59 asn: aight 13:44:17 nickm: how do dirauths do it currently? 13:44:18 while I'm doing that, who wants to go next? 13:44:20 so, next one can go 13:44:50 asn: Oh nevermind. It's ConsensusParams. 13:44:56 cheers 13:45:21 Yawning/ athena: who goes now? 13:45:27 hi 13:45:36 hiya 13:46:00 i ended digging through the doxbin data and following up some other leads on trying to figure out what the hell happened with the HS attacks 13:46:15 then the other thing - my productive is pretty flattened so far this week :/ 13:46:43 should get back to what i was doing before and write that libevent patch but at the moment i mostly want to resign from the human race... 13:47:15 I don't want to live on this planet anymore 13:47:17 I find that writing patches I know how to write can be pretty therapeutic fwiw 13:47:28 Yawning: I hear we can put landers on comets these days. 13:49:58 athena: okay; I' mreally hoping to get the next libevent alpha out next week, since it's been stewing too long. The patch itself on the libevent side shouldn't be too much,right? Just rename a few functions and move them from one header to another? 13:50:32 nickm: yeah, i think so 13:51:30 great 13:52:29 uh, should i treat the libevent git repo from sourceforge or github as canonical, to make sure i'm writing it against the most recent libevent? 13:52:37 github 13:52:46 but if there are conflicts, I'll resolve them 13:53:00 okay 13:53:18 Yawning: anything else you're up to, or should I go? 13:53:25 uh go for it 13:53:55 ok. let's see... 13:54:52 I lost a couple of days to stress and insanity. But now I'm back on track. Things I could do include more #12498; more ticket review; better triage and planning for 0.2.6; and putting out libevent releases. 13:55:09 I'd like to imagine I can get all of those done in the next week, but I don't think that's realistic. 13:55:33 Probably when we do the triage party (this time tomorrow, right?) we'll know what we need triage-and-planning-wise 13:55:38 I'm here! so sorry, late morning :S 13:55:41 aight 13:55:45 hi dgoulet! not to worry 13:55:56 I think I'm going to switch between the other things as I get stuck. 13:56:18 #12498 got a little delayed because I realized I needed to rewrite the algorithm for how we decide which identities are in a consensus 13:56:30 (and that's not 100% trivial) 13:56:45 and that's it for me. any questions for me, or should we hear from dgoulet ? 13:57:44 * dgoulet reading backlog 13:57:46 oh, is my assesment of #13733 correct? 13:57:51 (won't fix/notabug) 13:59:03 I think you're right. There could be a better failure mode for SIGHUP, but DisableDuggerAttachment has to be undisableable. 13:59:55 k' I'll update it 14:00:16 If the documentation doesn't say "You can't turn this off", it should. 14:00:44 "Disabling this option while Tor is 14:00:45 running is prohibited." 14:01:05 ok 14:02:19 * dgoulet can go next 14:02:59 go for it 14:04:14 yeah so with asn yesterday we build up this plan for HS measurement, my goal now is to build a privnet using chutney, three steps that we came up with (mostly asn :P): 14:04:18 a) make it easier to setup a privnet to do HS experiments 14:04:18 b) make it easier to collect measurements from a privnet 14:04:19 c) make a list for measurements we are interested in 14:04:35 so pretty sure this collides with SponsorS testing part 14:04:37 nickm: imma quote you 14:04:44 Yawning: great, feelfree 14:05:27 but that's fine I think, we set up a month in timeframe to come up with all this including nice measurements with graphs to have a clearer picture of the whole HS system 14:06:04 so that's on my future work list, bug wise #13698 has a pending patch to be reviewed 14:06:39 I've also run an experiment to collect perf data on a loaded HS, you can see https://trac.torproject.org/projects/tor/ticket/8902#comment:10 14:06:53 with this beautiful pic that tells us basic info 14:06:54 https://people.torproject.org/~dgoulet/tor-hs-perf-100-circ.png 14:07:38 dgoulet: I'm confused that crypto doesn't even show up there 14:07:47 nickm: first line 14:07:52 ah 14:07:55 interesting 14:07:59 I just didn't break it 14:08:02 collapse* 14:08:17 maybe this is something else to make workers do 14:08:30 (the introduction point crypto) 14:08:37 This is at the HS or at the client? 14:08:41 At the HS, right? 14:08:42 ooof that's a lot of curve25519 14:08:44 HS side 14:09:12 I can collapse the first one if you want more details, I'll upload that pic after my turn if you want 14:09:37 we don't use floodyberry's code right? 14:09:58 right 14:10:22 I had a branch for that, but said branch needs rethinking 14:10:37 probably the smartest move here would be to move the crypto for this stuff into workers 14:10:42 yeah 14:10:56 which means we need to reveiw the worker code options we have right? 14:11:12 hrm so yeah I need to chase a new bug I found on the client side while using hunderds of conn to an HS and I think that's about it for me (not going to repeat SponsorR stuff that asn described) 14:11:22 right 14:11:33 (I should also get a vtune license) 14:11:39 nickm: should we have a ticket for that "intro point crypto to worker" ? 14:11:41 Yawning: yeah. mine, and towlenee's changes to it 14:11:54 dgoulet: I think so, as well as "circuit building crypto to worker" 14:12:08 and a ticket for "all of these functions that circuit_launch_by_extend_info calls need to be faster" 14:12:25 I prolly have the ticket/branches for that somewhere on my whiteboard of doom 14:12:40 nickm: yeah I want to explore them more but in terms of priority, it might be second on my list though 14:12:59 nickm: ah! and finally I want to review today #13339 14:13:02 * dgoulet ends 14:13:19 dgoulet: sure, but for now, just open the tickets? 14:13:28 Yawning: let me know if you need me to hunt them 14:13:29 nickm: I'm currently doing that :) 14:13:37 Okay, anything else for this week's meeting? 14:14:05 IIUC, we've got a triage party this time tomorrow, and a let's-talk-management-and-reporting thing at some unknown time 14:14:08 is that approx right? 14:14:27 should we gather around an altar and bring out a goat to pray for a less eventful next week without stuff blowing up? 14:14:41 Yawning: don,t curse it! :P 14:14:43 Does that help? 14:14:47 nickm: "is that approx right?" ?? 14:14:52 not sure to understand that ^ 14:15:01 =="Is that approximately right?" 14:15:03 some people I know seem to think such things help 14:15:41 nickm: yes should we talk about "management-and-reporting" after the meeting today or tomorrow ? 14:16:00 let's try after the meeting today? Maybe after a 15 minute break? 14:16:07 works for me 14:16:09 ok. 14:16:10 #endmeeting