16:59:10 #startmeeting weekly network team meeting 16:59:10 Meeting started Mon May 16 16:59:10 2016 UTC. The chair is nickm. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:59:10 Useful Commands: #action #agreed #help #info #idea #link #topic. 16:59:13 hello happy tor friends! 16:59:27 I spent most of the last week in montreal, talking about hidden service stuff and hacking. 17:00:00 hi 17:00:07 I've instituted a passive-aggressive code review enforcement plan in which I marked all previously needs_review items as review-group-1, and then declared that I would not feel obliged to review or merge anything till all of review-group-1 was reviewed. 17:00:08 oi 17:00:24 I've also reviewed and merged a lot of stuff. This feels way better than begging for review. 17:00:40 Merging some of that stuff has snowed me under with trying to make jenkins pass again. 17:00:58 Then I'm planning to finish my leftover items from last month (!) and then implement the ed25519 link handshake at last. 17:00:59 hey hey :) 17:01:25 heya isis 17:01:46 Oh, and today I talked with our friend Ben who works on uProxy about getting the PT stuff we talked about at valencia done. The next step is to figure out which tasks have somebody who cares enough to make them happen. 17:02:01 I hope to use this step to declare most of the ideas Not Our Problem in a way that leaves Ben and Brandon and everybody happy. 17:02:20 I worry that I've already described 12 days of work. But who knows, could turn out fine. 17:02:23 Excelsior! 17:02:27 Any questions for me? 17:02:47 yeah, how much of the pt stuff will be my problem 17:03:23 me wonders too, how much is our problem? 17:03:26 zero I hope. 17:03:47 mmk 17:04:05 Definitely, nothing that won't benefit us. 17:04:21 I worked on basket2. It is probably at minimum viable product state, and I'm using it right now. 17:04:34 It still needs debugging, documentation (entirely non-exisitent) and review 17:04:49 and is missing some stuff I wanted to support (stubbed out) 17:04:51 (why 12 days?) 17:05:09 and could use better link obfuscation than "basically what obfs4 does but better" 17:05:16 nickm: this is great i will add this not to my log of work we are doing on pt to report later if you have anything (link etc) or at least comments on those tasks that you have generated to help triage 17:05:23 nickm: stuff like this i can use in the report 17:05:50 ok. you can use "nick met with ben" 17:06:02 (there is also "basically what basket does" as an option, but it's baltatnly obvious since it's targetted at a different adversary model, and guzzles bandwidth) 17:06:05 Yawning: what is basket2? 17:06:10 obfs5 17:06:20 ahh 17:06:28 if people think th ename is confusing I'll change it, but 17:06:33 are these docs in that git link u gave me? 17:06:36 yes 17:06:39 cool 17:06:41 why do the versions keep starting at 2 17:06:44 it works, I'm using it 17:06:50 ncl: it doesn't? 17:07:03 oh 17:07:10 https://github.com/yawning/basket 17:07:12 (it was a joke isis made at that one talk) 17:07:13 there was a basket 17:07:17 nickm: was some of the stuff that broke jenkins stuff that i okayed during review? 17:07:40 Yes, but I missed it too: 17:07:53 my plans are to write documentation, finish up the stuff that's stubbed out that I want but most people won't use 17:07:54 windows doesn't have truncate(3), so when we merged my tests that used them, we broke windows compilation 17:07:57 no biggie 17:08:02 oops :( 17:08:05 sorry about that 17:08:09 fixed in 9abd7b8f90c6803e28529aa41c6da9601d1c9d01 17:08:12 unless there are more pressing things that require my attention 17:08:15 no worries 17:08:17 o/ 17:08:30 past that probably revisit my MT link handshake crypto branch or something 17:08:42 (hello from a small cafe with no wifi. me, special and dgoulet are connected through a small mobile phone.) 17:09:01 willscott has looked over some of the basket2 code/design 17:09:11 and had questions but I think my design choices are correct 17:09:14 ncl: there was also an obfs[1] iirc, but we never used it because it was just the PoC PT, iirc 17:09:34 any questions, comments or "no you should be doing something else"? 17:10:01 Yawning: please help with code reviews too! 17:10:18 good thinking 17:10:25 (nb: adding more link obfuscation is forward compatible since it's negotiated entirely dynamically) 17:11:07 last week, i reviewed #16794 #18956 #17158 17:11:14 yay review 17:11:21 and i patched #11966 17:11:37 as promised, /me won't look at #11966 till review-group-1 is empty :) 17:11:52 i have an opinion on #11966, and will say it once i'm done with my review-group-1 ticket 17:12:06 * asn can go next 17:12:15 (guess not) 17:12:26 i had two interviews with the press, with CNN and the Intercept, which required a bunch of going back and forth between lawyers and journalists and talking with ailanthus and such 17:12:47 and i did a bit more debugging work on #7144, but didn't get very far 17:13:21 armadev: yay, thanks! 17:13:42 Hello. During the past week, I attended the hidden service hackfest in 17:13:45 Montreal. Did lots of stuff on prop224 and prop250. Blog post coming soon. 17:13:47 Today and tomorrow I plan to focus on code reviews, catching up with email, 17:13:50 writing the montreal hackfest blog post, and talking with kate about it. 17:13:51 EOF. Next? 17:14:36 oh, i also responded to a bunch of stuff and had more discussions concerning proposed PQ handshakes, and replied to more things on the thread 17:14:41 that's it for me 17:15:01 one question since my PQ-friends are all here: 17:15:23 asn: i'm excited to hear what came of the onion service hackfest 17:15:49 my guess is that we will see a whole pile of incremental improvements over the next several years, and if we spec sometyhing today we will have a better option in a year. Am I much wrong? 17:16:01 no, that is correct 17:16:09 * isabela mostly worked on organizing grant proposals strategy and getting some pending tasks done with accounting.. this week i hope to get the points migrated to numbers and publishe reports on how things are going related to release etc 17:16:26 i will also send an invite to a meeting to only talk about this stuff 17:16:30 isis: good to hear :) i should have a blog post ready for you in the next 2 days. 17:16:41 and i wrote a blog post on whastapp+brazuka land 17:16:42 done 17:17:32 nickm: léo, peter, and i also have a better handshake that at some point léo needs to explain to me the math because it's really weird sounding to me, and then i need to try to figure out a security reduction, then write a paper, then implement and benchmark it. 17:17:49 nickm: it's probably maybe roughly twice as fast, and twice as small as newhope 17:17:58 * isis waves hands in the air vaguely 17:18:43 nickm: what are your thoughts on waiting for something better versus doing the doable thing now? 17:19:13 Oh, minor thing: wrt the SIDH page on wikipedia: somebody who does math stuff should confirm whether or not "communting" (note spelling) is a word, and correct it if it isn't. 17:19:56 i'm assuming they meant "commuting" 17:20:09 isis: We have an in-progress proposal for improving and strengthening our crypto. So doing that work as paid work woudl be better than doing it free, if we expect to have a decision soon. 17:20:25 isis: speaking from a technical pov otoh, I think doing our best soon, and better later, would be cool 17:20:57 I assume "commuting" too, but I don't know enough algebra terms to be 100% sure there is no such thing as a "communting isogeny". 17:21:17 hm 17:21:56 commuting is correct 17:21:58 that's not very encouraging that the wikipedia page for SIDH says "non-communting isogenies" lol 17:22:42 if we wait for a perfect handshake to appear 17:22:47 we will end up with no handshake 17:22:47 (or leave the wikipedia page broken and dead, since they don't let us edit it) 17:22:48 * nickm pronounces "communting" to rhyme with bunting and hunting 17:23:02 if we wait for a perfect annonymity net to appear, we wouldn't have tor either 17:23:08 Yawning: true on both counts 17:23:19 OTOH, if we tried to build Tor in 1985, we'd be SOL 17:23:27 this post is a pretty good introduction to SIDH, imo: https://www.lvh.io/posts/supersingular-isogeny-diffie-hellman-101.html 17:23:35 #item https://www.lvh.io/posts/supersingular-isogeny-diffie-hellman-101.html 17:23:40 cool 17:23:40 hunting commutation :P 17:23:45 anybody else to check in? 17:24:06 dgoulet says that 250 is going well 17:24:09 Yawning: I think that now-ish is the right time to be thinking about PQ stuff 17:24:24 "it's too slow to be usable, the MIT license is in a docx file, and needs at least 5 more years of cryptanalysis, therefor it sucks" is a shorter introduction to SIDH 17:24:33 I spent all of last week on hidden services things, editing 224, hsdir code, code review, etc. This week I want to get the 224 hsdir code more finalized. 17:25:08 I am here. I will get to my review ticket this week. last week was mostly sandboxing study 17:25:24 speaking of which, how hard would a named-pipe implementation of #12585 be? is that a nightmare? 17:25:32 nope 17:25:36 Yawning: also that :) but yeah, i meant more like "if one was curious, here's a description" rather than "THIS IS TOTALLY A THING EVERYONE NEEDS TO UNDERSTAND ASAP" 17:25:52 nickm: for windows, I mean 17:26:42 oh. 17:26:47 er 17:26:56 aren't named pipes like, pipes? 17:26:58 do we have any point system for "this is how many review points people should rack up in one month"? 17:27:01 somewhere between "godawful" and "godfuckingawful" 17:27:06 (don't you need a different pipe per connection?) 17:27:11 isis: yes 17:27:20 isis: oh not for review 17:27:25 isis: good thing tho 17:27:31 (multiple writer, single reader seems nightmarish) 17:27:34 mikeperry: the issue is that in windows, there are "sockets" and "not sockets", and mixing them gives you fubar behavior. 17:27:53 unless you use IOCP everywhere 17:27:54 per MS: "The pipe server must create multiple pipe instances to efficiently handle multiple clients simultaneously." 17:27:55 which we don't. 17:29:20 since there's the experimental syscall translation layer, maybe windows will have af_unix 17:29:28 do we know what continent teor is on now? (do we expect him here?) 17:29:39 he is still canada. but unavailable right now :( 17:29:50 he's in north america. but we expect him only when we arrange for him to be around :) 17:29:55 mikeperry: COMSocket imo 17:29:59 https://msdn.microsoft.com/en-us/library/windows/desktop/aa365588%28v=vs.85%29.aspx is an example pipe server 17:30:14 Yawning: interesting, what is that? 17:30:17 he might appear in 15 minutes or so, or he might miss the meeting completely. 17:30:21 as in use COM 17:30:26 instead of named pipes 17:30:30 ok 17:30:57 I guess we can use any form of crazy windows IPC that doesn't require SECURITY_CAPABILITY_INTERNET_CLIENT 17:31:06 https://msdn.microsoft.com/en-us/library/windows/desktop/ms680573%28v=vs.85%29.aspx 17:31:47 I'll say more about pipes on #tor-project; we're getting bogged down. 17:31:56 ok 17:31:57 sorry 17:32:53 no worries 17:33:03 any more checkins, or should we move on to discussion and weekly tasks? 17:33:06 i'll leave my check-in here as "arma did some coding stuff last week". 17:33:33 ("arma has some more coding stuff we plans to do this week, which is follow-ups to last week") 17:33:39 s/we/he/ 17:34:07 armadev: hey did you push all the stuff you hacked on to the internet? 17:34:12 armadev: like the hs descriptor refactoring? 17:34:28 i think i pushed it all to the internet. what is the hs descriptor refactoring? 17:34:55 i thought you spent some time refactoring the HS descriptor structs or something. 17:34:59 but maybe im confused. 17:35:28 ah. you mean rend-service-descriptor-t. i made one ticket, which i think teor or somebody looked at, and i have another ticket not yet made. 17:35:39 (and no code for it) 17:35:43 ack 17:35:55 #19022 17:36:24 so, weekly topics. Here are the 029-proposed tickets. 17:36:27 (so we're onto discussion now?) 17:36:30 Every one we accept delays the release. 17:36:42 Yawning: yup! got a topic? 17:36:53 https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~029-proposed 17:36:54 nothing that needs everyone 17:37:00 nickm: ? 17:37:09 delays? 17:37:16 if someone has a better idea for "how to do padding/delay" than "what obfs4 offers and Tamaraw" let me know 17:37:31 ahh 17:37:48 (yeah I didn't end up using wtfpad because I didn't feel like writing implementations of the histogram stuff, blahblahblah w/e) 17:37:49 sorry.. missed what your line before 17:38:09 Yawning: My idea is "avoid doing too much work; we don't know that much about padding and delay" 17:38:26 btw 17:38:38 nickm: yeah I can def punt on this 17:38:43 release keeps increasing tickeets not decreasing tickets 17:38:58 i am not sure if we should accept more unless is super uper urgent 17:39:29 Yawning: the snarky version is "I am unsure we know a padding/delay method that pads anything other than our workloads or delays anything other than our release dates". :/ 17:40:05 isabela: so, I said nickm-says-yes to some items there 17:40:14 isabela: i think nickm has sort of been following the "add it to 0.2.9 if it's got code and looks mostly ready" 17:40:18 in particular, everything where somebody already wrong the code... 17:40:29 nickm: question: alex from MIT worked on ESTABLISH_INTRO. Are there other MIT sutdents working on other prpo224 cells? 17:40:30 nickm: the code will be releasable with documentation and review then 17:40:35 everything where there was a bug affecting our security or correctness... 17:40:38 asn: yhes 17:40:40 *yes 17:40:46 and it will be a clear upgrade over obfs4 17:41:05 nickm: should we be going through each 029-proposed ticket here? that was the plan right? except there are a lot of them? 17:41:07 the thing is that 17:41:08 nickm: interesting. you know if there are tickets from the other students? or are we still waiting to hear from them? 17:41:43 if we keep working on tickets out of the release and proposing them to be accepted when they are ready 17:41:55 when we will work on those in the realese we prioritized during triage? 17:41:58 asn: I should know more in a few days 17:42:00 or is not the case? 17:42:03 nickm: ack thx 17:42:25 sorry I'm late 17:42:26 isabela: maybe we should assign points before we make any 029/not-029 decisions? 17:42:35 teor: welcome! We're glad you're here! 17:43:03 isabela: I think most of the ones I like are an hour or two at most. 17:43:06 (oh yeah I forgot to mention I got my paperwork from accounting that I need to review/return) 17:43:09 but I haven't checked. 17:43:26 nickm: ok 17:43:40 nickm: sounds good 17:43:47 should we be using "1 point == 1 day" now, or "small/medium/large?" 17:44:13 oh 17:44:14 also, I am willing to just say "we delay every time we can" this release, on the theory that we have never known what it is like to defer too _many_ tickets :) 17:44:24 on my update i said that i would like to convert to numbers this week 17:45:27 teor: o/ 17:45:28 nickm: can you explain better the 'we never know' part? 17:45:37 isabela: 17:45:37 okay 17:45:57 Before, we have usally accepted way too many post-triage tickets. 17:46:05 Sometimes, we accepted a few too many post-triage tickets. 17:46:25 We have no experience of what it is like to accept _too few_ post-triage tickets. 17:46:51 Maybe we are afraid of taking too few tickets in a release, because we have never tried it. 17:47:02 to know this stuff is why we are building a capacity formula 17:47:07 isabela: so, okay if I use numbers today? :) 17:47:20 yes, of course 17:47:40 is our goal to resolve all the 029-proposed tickets each week? 17:47:47 (by resolve i mean choose in or out) 17:47:58 armadev: it would be lovely but we don't have to 17:48:01 ok 17:48:26 however, I have to be a grumpy jerk about this stuff this year, since otherwise it isn't a real experiment 17:49:15 have we got any other discussion topics? 17:49:22 yeah, you totally should be stingy with what goes in 17:49:31 are there any tickets marked 029-nickm-unsure where anybody wants to argue "wait this is important"? 17:49:40 0.2.10, aka 0.3.0, aka 1.0, will be out soon enough 17:49:43 I marked some 17:50:01 teor marked #17945 for example 17:50:12 isabela: there is also a volunteer-acquisition issue. If people show up and start hacking code for us, and we don't merge it for 6 months, they are less likely to start being developers. 17:50:21 I took responsibility for #17945 because I will likely be paid to do it 17:51:05 sounds like #17945 should stay in limbo until somebody shows up with code that looks not too complicated 17:51:09 I think we should do #18963 because it makes fallback circumvention actually work well 17:52:07 And #19045 I'd like to do because otherwise there's one special consensus every day, where if we fail, hidden services will use a predictable value 17:52:15 #18963 is the "re-use the dir mirror that you just used" code? 17:52:16 so I have a discussion question 17:52:22 Yawning: go for it! 17:52:31 nickm: volunteers code should get special threatment on my point of view -- unless is something that would give you more work to review and get it merge that when you balance with the benefits it will bring it does not scores great points to really be worth doing 17:52:40 yeah 17:52:41 btw 17:52:45 (So that consensus becomes a target for bad actors and we have to avoid it in key migrations etc.) 17:52:53 fallback auths don't solve the "my isp is an asshole and blocks tor dir auths because they use cisco, call it spam" type issues right? 17:52:54 last meeting we mentioned to add the actual points 17:53:01 for people that are opertating relays 17:53:04 so we can measure our estimations 17:53:13 if we are too off etc 17:53:22 Yawning: not for relays, because they have to upload to authorities. Only for clients. 17:53:27 "if I want to run a tor relay, I must be able to reach a majority of the dir auths" 17:53:30 teor: #19045 is basically a change on a different thing, already scheduled for 0.2.9? so we should maybe think of it like a fix on that other already-scheduled thing? 17:53:34 is there anything we can do to fix this 17:53:49 armadev: yes, and yes, it's a change on the fallbacks thing 17:53:59 is there any reason why we *can't* allow descriptor uploads over tor for example 17:54:05 Yawning: ah 17:54:23 tor browser meeting in 5 minutes 17:54:26 Yawning: well, that would work, and the code is already there 17:54:27 (see tor-relays@) 17:54:30 if you're a relay and you can't reach the dir auths, you're probably not a good relay 17:54:31 Yawning: that's our dirauth-decentralization thing. athena and I sketched some of that out. we need to break it down into little proposals 17:54:45 (relays have to be able to reach all relays) 17:54:51 armadev: there was a post to tor-relays@ about 17:55:00 someone on a edu network being stuck behind some cisco thing 17:55:02 ! 17:55:06 that blacklists dirauths 17:55:13 armadev: yes, if you can't reach auths, then you might not be able to reach many other relays 17:55:22 (see I do read more than tor-dev@) 17:56:05 let me clarify: yes to armadev: irc://127.0.0.1:57722/#18963 is the "re-use the dir mirror that you just used" code? 17:56:13 bloddy adium leaks 17:56:18 gosh. 17:56:25 https://lists.torproject.org/pipermail/tor-relays/2016-May/009247.html 17:56:39 I think this situation is 17:56:46 "fascist http transproxy" 17:56:53 let's endmeeting here and move to #tor-project ? 17:56:53 tor browser meeting :) 17:56:58 and #19045 is a shared random change 17:56:58 yes 17:57:06 ok moving 17:57:09 #endmeeting