13:30:56 <nickm> #startmeeting
13:30:56 <MeetBot> Meeting started Wed Feb 25 13:30:56 2015 UTC.  The chair is nickm. Information about MeetBot at http://wiki.debian.org/MeetBot.
13:30:56 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
13:31:00 <nickm> tor dev meeting begins!
13:31:00 <athena> hi meeting
13:31:06 <nickm> legion of anonymity, assemble!
13:31:23 <nickm> (who's here?)
13:31:25 <nickm> hi athena
13:31:45 <athena> isn't this more a legion of pseudonymity with the nickserv and all?
13:31:58 <nickm> legion of anonymity != anonymous legion
13:32:21 <athena> okay, okay :)
13:32:55 <nickm> compare: legion of doom != doomed legion; legion of decency != decent legion; etc
13:33:08 <nickm> athena: maybe it's just you and me this morning
13:33:57 <nickm> so, 0.2.6 is getting closer and close to done.  As we reach it, it'll be time to do plan 0.2.7
13:34:00 <athena> huh, i guess it is
13:34:01 <athena> yeah
13:34:17 <athena> seems to me we have a meeting coming up for planning and all :)
13:34:32 <athena> (but got anything quick i can do in the next couple days before travel?)
13:35:01 <nickm> hmmm, a fine question.
13:35:14 <nickm> If you can finish writing up a dirauth decentralization thing, that'll rock.
13:35:30 <nickm> reviewing my #12498 branch will take more than one person, I think: it is pretty big
13:35:55 <nickm> SponsorS and SponsorU need some attention from us
13:36:43 <nickm> If there's any part of prop220 that 12498 doesn't do yet (like encrypted master keys, or the link handshake, or circuit extension stuff), you might like that. Crypto can be fun
13:36:52 <nickm> Also looking for more opportunities for DoS resistance could rock.
13:37:14 <nickm> athena: you could also confirm #13856 ?
13:37:33 <nickm> like, look at the buffers there and see if anything needs to hook into the OOM system
13:37:52 <athena> okay, i'll dig into whatever subset of that seems viable before saturday
13:39:08 * nickm is looking for more maybe-fun stuff...
13:39:28 <nickm> anything that looks fun to review for 0.2.7 should get reviewed.
13:40:01 <nickm> module-level documentation anywhere we can write it would also help a lot
13:40:22 <nickm> I think that should take us through the weekend?
13:40:43 <nickm> Hm.  Do we also have anything for 0.2.7 where we reviewed it and then said "this looks good but not till 0.2.7"?  I guess we could merge that now
13:41:40 <nickm> hm.  I see that dgoulet and Yawning had questions for me above.
13:41:56 <athena> no, don't think i do - the one long thing i reviewed i ended up saying 0.2.7 on, but also needs-revision
13:42:06 <nickm> Yawning: nobody has started work on "new relay crypto".  It's been soft-blocking on a good-enough wide-block construction. But maybe we should give up on waiting for that.
13:44:12 <nickm> athena: yes, my 12498 branch is rebased on master.
13:44:20 <nickm> err,
13:44:26 <nickm> dgoulet: yes, my 12498 branch is rebased on master
13:45:23 <nickm> athena, dgoulet, Yawning, asn: Sent you our list of agreed SponsorU deliverables, in case you'd lost track.
13:45:47 <nickm> also see https://trac.torproject.org/projects/tor/wiki/org/sponsors/SponsorS/IntegrationTesting .  The first milestone there is 1 April; let's knock it out of the park (as it were)
13:47:03 <nickm> anything else this morning?  My main priority right now is keeping happy and well-rested for the meeting.
13:48:20 <dgoulet> morning
13:48:26 <nickm> hi dgoulet !
13:48:55 <nickm> dgoulet: Think we're ready to call #12464 done and put 0.2.6 to bed?
13:49:04 <nickm> atagar: btw, I have some questions on #15000.
13:49:07 <dgoulet> nickm: agreed
13:49:56 <dgoulet> nickm: I unforunately don't have a profile for you on a busy HS but I think that's ok
13:50:16 <nickm> dgoulet: as long as there's no regression, we can say "cool" here
13:50:28 <nickm> (didn't you have numbers from an artificial HS service test at some point?)
13:51:11 <dgoulet> nickm: yes true! I could actually do an experiment today
13:51:21 <dgoulet> nickm: (you know, just to be safe ;)
13:51:24 <nickm> if it won't take too much attention, sure. :)
13:51:40 <dgoulet> nickm: an hour top for me so no biggy
13:52:23 <nickm> cool
13:52:36 <nickm> dgoulet: otherwise, got enough stuff for between now and the meeting?
13:53:20 <nickm> there's everything I listed above, plus also skimming through 0.2.7 and 0.2.??? and unspecified tickets to see if there are any you really think we should/shouldn't do on a next-few-months timeframe
13:53:38 <dgoulet> nickm: yes so I'm in this limbo state between R and U, I'm mostly working on #14847 for now but not really fall under U that much though
13:54:29 <dgoulet> nickm: so maybe you have ideas about U I can context switch considering that I might need to switch back to R in ~20 days
13:55:26 <dgoulet> HS dev. doc maybe or ?
13:55:32 <nickm> I sent you the list of U deliverables. If you've been focusing on HS stuff, you could write module-level documenation for how hidden services work internally, or you could think about ways to make the HS system more DoS resistant.  Or you could work with Yawning and athena to split up the #12498 review?
13:55:48 <nickm> I think I should split my #12498 work, fwiw.
13:56:12 <nickm> That is, I should merge what's there (after review), and then create separate tickets for all the remaining stuff (like the link handshake, the circuit extension handshake. etc etc)
13:56:17 <dgoulet> nickm: oh sorry my email are not opened yes ok, I'll have a look at that
13:57:52 <DrWhax> Hi, is CVE-2015-0829 fixed in the latest TBB release?
13:58:02 <dgoulet> review of #12498 sounds like an important one, I could certainly help on this one in the short term
13:58:08 <DrWhax> So far, I haven't been really successful at finding out about this.
13:58:25 <nickm> DrWhax: mikeperry or MarkSmith or GeKo might be able to answer that?
13:58:39 <nickm> dgoulet: it's huge though.  I think it's something that needs to be coordinated
13:58:49 <dgoulet> nickm: oh yes it is
13:59:04 <dgoulet> sounds like next week in VLC is a good time to coordinate for that :)
13:59:20 <nickm> on the bright side, it might be less huge than it appears.
13:59:49 <nickm> If I do a diff --stat just on src/or and src/common, it says:
13:59:52 <nickm> 37 files changed, 2865 insertions(+), 317 deletions(-)
14:00:10 <nickm> it's when I include src/trunnel and src/test that I get
14:00:11 <nickm> 57 files changed, 10067 insertions(+), 451 deletions(-)
14:00:11 <dgoulet> right lots of trunnel and test
14:00:24 <nickm> and scripts/, I guess
14:00:51 <nickm> now, of course we should be looking at the tests and trunnel satuff, since tests matter and trunnel is a new and unproven thingie
14:01:03 <nickm> but at least they should be kinda independent from the rest.
14:02:05 <GeKo> DrWhax: no. looking at the ESR release notes it is probably no ESR 31 issue
14:03:15 <DrWhax> GeKo: cheers
14:05:25 <nickm> athena, dgoulet: Do you think I could ask you and Yawning to coordinate together to get that branch review started?  It is not a one-person job IMO.
14:05:36 <nickm> I'm happy to walk through as much or of little of it as folks would liek.
14:05:38 <nickm> *like
14:06:12 <dgoulet> sure no problem on my part
14:06:24 <dgoulet> side8
14:07:43 <nickm> Anything else for today?
14:08:01 <dgoulet> nickm: is there topics we want to talk next week about little-t tor?
14:08:33 <nickm> We could start making one!
14:08:35 <dgoulet> only two for now
14:08:39 <dgoulet> https://trac.torproject.org/projects/tor/wiki/org/meetings/2015WinterDevMeeting#SessionsNotes
14:08:56 <nickm> My list includes: what do we need to do in 2015 to get paid, and who will do it when, and where are the areas of uncertainty.
14:09:01 <nickm> onboarding the new PM
14:09:10 <nickm> ug, managementspeak
14:09:25 <nickm> s/onboarding/getting acquainted with/
14:09:31 <nickm> or "familiarizing"
14:09:34 <athena> nickm: yeah, sure
14:09:52 <nickm> athena: cool! I don't know if we've had a joint review before, so I'm curious to see how it goes.
14:10:34 <nickm> athena, dgoulet, Yawning: anybody who finds a bug where Trunnel generates unsafe or incorrect code will win a "cool person" prize, and maybe a beer.
14:10:52 <dgoulet> a beer! count me in!
14:10:53 <nickm> I'd also like us to maybe think about our timeframe and priorities for 0.2.7
14:11:29 <nickm> And I'd like to thiknk about our priorities for 2016 and beyond, so that when Karen goes to write more grants or we go to start a crowdfunding thing, we have some idea of what we actually need to build.
14:11:33 <nickm> Oh!
14:12:11 <nickm> I'd like to know more aobut state-of-the-art in traffic-analysis resistance and crypto; anybody who understands Dissent or SPHINCS or Ring-LWE or some other cool system might want to explain it to the rest of us.
14:12:35 <nickm> I might like to do a walkthrough of some of the tor code, and videotape it.  That could help with developer docs.
14:12:43 <nickm> not sure if we have the tech for that though
14:12:48 <nickm> and "videotape" shows my age.
14:13:00 <nickm> anything else for Valencia?  Anybody volunteer to copy all the stuff I said above to the wiki?
14:14:12 <dgoulet> nickm: yeah I'm adding those to the wiki
14:14:21 <nickm> thank you!
14:14:41 <nickm> Any cool systems that I should try to understand well enough to explain?
14:15:27 <dgoulet> I guess your question about "state-of-the-art in traffic-analysis resistance and crypto" is related to the brainstorm you had with yawning on replacing TLS ?
14:15:50 <dgoulet> (for which I lost the google doc)
14:16:26 <nickm> maaaybe
14:16:32 <nickm> I don't know what it is I don't know.
14:17:41 <nickm> anyway,s I think we're through the meeting part.
14:17:43 <nickm> #endmeeting