16:59:36 #startmeeting jun 26 network team meeting 16:59:36 Meeting started Mon Jun 26 16:59:36 2017 UTC. The chair is nickm. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:59:36 Useful Commands: #action #agreed #help #info #idea #link #topic. 16:59:45 our pad is at http://5jp7xtmox6jyoqd5.onion/p/M0GDbCeZm8be 16:59:52 hi pastly! hi everyone! 17:00:02 ja i already use this for the new and built events 17:00:07 hello meeting 17:00:11 hello 17:00:13 because i know the circuit object from building it 17:00:16 * catalyst is a bit delayed writing summary due to a preceding meeting 17:00:20 hi Sebastian asn dgoulet komlo isis ahf mikeperry haxxpop catalyst etc! 17:00:34 blister_blue: hmm, meeting; shall we go to private-messages? 17:00:44 no worries. Step one, let's all get our notes down, and read each other's notes. 17:00:46 * pastly will write his update in real time in the pad as usual 17:00:47 meejah: ! 17:00:52 hello meeting 17:02:18 isabela: you here for this one? 17:02:33 isis: you around today? 17:03:14 oi 17:03:17 yes 17:03:21 cool 17:03:52 o/ 17:04:13 morning :) 17:05:33 one topic while we wait on updates -- how is this meeting format working for people? 17:06:06 i like it the pad approach more than the real-time typing approach i think 17:06:20 s/like it/like// 17:06:24 i think it is evolving nicely (highlighting things in people's posts, that we now write *before* meeting) 17:06:36 think that is good 17:06:58 having teor send out the pad the day before is pretty awesome 17:07:00 and it's very nice teor sends it out sunday 17:07:05 yes, +1 17:07:14 any ideas for changes/improvements? 17:07:45 Without being around for those pad-less meetings, I think this is great. 17:08:22 ooo especially if we have stuff at the top like we do in this one 17:08:50 like a link to the past meeting pad's contents, and general announcements at the top? 17:08:55 hi !! 17:09:18 nickm: yes. all of it. link to last week, announcements, discussion topics. 17:09:39 hi haxxpop 17:09:49 how are we doing hilighting? 17:09:54 isis: on the pad? 17:10:07 I suggest we use boldface for "let's talk about this" 17:10:07 oh i see, in bold 17:10:20 brilliant 17:10:21 please feel free to boldface your stuff or other people's stuff. 17:10:32 let's start with the general announcements and start moving downward. 17:10:45 isis: how is the internship gig post going? 17:11:06 the first thing: three needs_review tickets are left in review-group-18. Please, let's get them reviewed. 17:11:07 I like this format as well so far 17:11:31 Second thing: there are 34 tickets in 0.3.1.x, including 9 "new" tickets with no owner. Some of those look like bad bugs or regressions. We need somebody to take more of them on. 17:12:01 Since those are task-allocation announcements, any suggestions for what to do on them? Shall we talk when the meeting is done, or shall we start with a grab phase and then I start assigning, or something else? 17:12:43 (how do sensible teams assign work?) 17:13:30 * asn will finalize #21969 17:13:41 ty 17:13:44 wrt to current needs_review bugs 17:13:58 the base64 one has catalyst as assigned reviewer 17:13:59 isabela: oh dang that is another thing i need to do 17:14:00 i like prioritized columns (you don't have to go full Scrum if you don't want), but having drag-and-drop or physical sticky notes helps a lot 17:14:01 the other two look quite similar 17:14:14 both about relevant paths in sighup 17:14:18 *related 17:14:22 *relative 17:14:43 im super full this week so im hesitant to take them, but i will if nobody goes for them 17:14:48 catalyst / isabela: do you know any good online tooling to set up what catalyst is suggesting, either with a spreadsheet or whatever? 17:14:54 isabela: i was planning to spend part of today going over the applications 17:15:06 asn: which base64 one? 17:15:14 isn't only sticky notes a bit like what trello provides? 17:15:15 catalyst: ehm the one about equal signs 17:15:19 s/only/online/ 17:15:21 isis: cool, good to know ppl are applying to it 17:15:35 catalyst: #7869 17:15:39 asn: yeah that's #7869 i think, and not 0.3.1.x? 17:15:50 ahf: yeah i like Trello 17:15:52 catalyst: ye. was talking about the review-group tickets 17:15:54 isabela: there are like ~20 applicants! :) 17:15:59 !! 17:16:02 wow, nice 17:16:06 wow 17:16:28 nickm: catalyst isabela I've seen projects use Trello https://trello.com/ 17:17:00 though i think if we want to use Trello, our volume is high enough that we could benefit from some automation 17:17:01 3rd and final announcement: this is the first month when employees are encouraged to use harvest, so let's all try it out. It would be sad if we got to the end of july before we realized we didn't know how to use it. 17:17:24 when's the official cutover to Harvest? 17:17:44 #22653 is a guard selection algorithm regression right? 17:18:08 that ticket doesn't actually make sense to me; it _might_ be? 17:18:14 "pts are even more broken than usual, the obfs4proxy stuff is a red herring, because I haven't touched the code at all" 17:18:20 well, with tbb 7.0.whatever 17:18:25 it failed to boostrap 17:18:32 Yawning: possibly a regression? it's hard to tell 17:18:32 on an upgrade with pts enabled 17:18:40 nickm: also it would be great to receive all pending expense reports so far by end of june - cuz tor's fiscal year actually ends in june, and if you send it out accounting can close it as part of the fiscal year that is ending 17:18:41 and when I blew away the tor state dir 17:18:44 catalyst: in theory, it's optional for june and july. if something doesn't work, then it's optional for longer 17:18:45 it started working 17:18:52 yes, what isabela said 17:18:55 so I assume it's something fucked with the guard shit 17:19:07 Yawning: ack 17:19:10 and if we go back and use harvest from earlier weeks in june we don't need to send any spreadsheet for june to sue? 17:19:21 Yawning: i was not aware of that ticket, will check it out tomorrow along with the useful info you just said 17:19:40 ahf: yes, if you use harvest no need for spreadsheets 17:19:50 what I just said was what happened to me 17:19:54 in a vm 17:19:56 Yawning: i think we know something's odd with guards in 0.3.0; we might have fixed some but not all of it? i find that code difficult to read 17:20:00 when I was testing the sandbox in fedora 17:20:12 but I didn't root cause it or look at the logs hard 17:20:17 because, I wanted to actually test the sandbox 17:20:23 and not fuckaround chasing tor regressions 17:20:27 isabela: thanks 17:20:48 ymmv 17:21:01 99% sure it has nothing to do with obfs4 though 17:21:11 because that shit isn't getting any updates at all 17:21:27 Yawning: i'm inclined to agree with you. i 17:21:50 i've noticed the obfs4 correlation but i think that's due to repeated relays 17:22:12 ok, so shall we start going through topics? 17:22:17 pastly: re:trello - i just added a task to cath up with hiro on our discussion in wilmington about this stuff 17:22:35 I think people bring it up for obfs4 because it's the default 17:22:47 nickm: yes plz 17:22:50 so people are using it (regardles of how I feel that no one should) 17:23:20 Yawning: i saw it with obfs4 and not so much with other PTs in TB 7.0 17:23:32 I don't see questions from/for teor, mikeperry , asn, haxxpop. 17:23:43 dgoulet: did we learn anything important at the drl meeting? 17:24:00 nickm: not concerning the network team _except_ what I sent to the netteam list about a PT poc 17:24:13 that thread has stalled after teor's reply 17:24:23 nickm: I added my question/discussion topic at the top of the pad 17:24:43 heh 17:24:45 dgoulet: i agree with teor's reply and issue enumeration, but was not sure what to do about it. 17:24:56 dgoulet, have you done the hs v3 fuzzing ? 17:24:59 dgoulet: okay. we'll need to figure out who bells the cat there. 17:25:00 ETOOMANYFIRES 17:25:02 so the drl wants to dump more money into a fundementally intractable problem >.> 17:25:06 haxxpop: let's talk about it after the meeting 17:25:07 dgoulet: i had forgotten that thread; i'll take another look at it 17:25:12 I am wondering how urgent #22422 is compared to other guard discovery attacks. it seems pretty contrived of an attack. when I talked to karsten months ago, he wasn't convinced we need noise (but have not heard from him since) 17:25:27 catalyst: ok 17:25:41 mikeperry: are you and teor able to get any progress towards agreeing there? 17:25:42 my instinct is to tag it as 'potential-guard-discovery' so we can prioritize it vs other guard discovery attacks we enumerated 17:25:46 it seems very low on the list, to me 17:25:53 we do have many fires but the PT one is low amount of work, just a contact point in our team for it would be a good start 17:25:58 mikeperry: have you tried to get karsten to opine? 17:26:13 dgoulet: +1 17:26:50 I would want at least two people who care to be joint point-of-contact handlers; just one tends to get overwhelmed. 17:27:07 (btw I added another reminder at the pad, sorry for doing it out of order in the meeting) 17:27:24 nickm: I could email him I suppose 17:27:25 I could nominate folks, but does anybody want to do it? Maybe people who expressed interest in working on anticensorship stuff in wilmington? 17:27:25 i can be secondary point-of-contact, but im not gonna do a good job as the primary one. 17:27:35 mikeperry: that would help! 17:27:55 i think i can inform people of historical decisions and help with the spec stuff 17:27:59 what is the scope of the "PT contact"? 17:28:10 yeah i was going to ask for that 17:28:26 catalyst: "depends on who you need to work with" 17:28:34 maybe we can define that first, how we will tell the world who this person is and what this person will be doing 17:28:43 in some cases yo end up writing lots of reports and hating you rlife 17:28:53 isabela: +1 and maybe that email thread is a good place to have that discussion 17:28:54 catalyst: ^ 17:29:00 dgoulet: yes 17:29:17 Yawning: :) that was due to deliverables related to a proposal not necessary what this person will do now 17:29:33 asn,nickm,all: speaking of guard discovery though, can we agree on a tag to go through and file/tag all of the attacks we brainstormed or reviewed in wilmington? 17:29:34 i can also try to be a point of contact, but i also may not be the best primary one 17:29:37 i guess it involves stuff like: answer to the pt-spec v2.0 emails. be the contact person for PT funders. and maybe even inform community about PT stuff, write blog posts, etc. 17:29:47 i can write what we did on that front and see what can be done moving fwd with it 17:29:47 dgoulet: does that mean the DRL thread? 17:29:50 mikeperry: yes, that's a good idea. guard-discovery is what i'd choose, but that's fine 17:30:05 catalyst: yes 17:30:08 mikeperry: i answered this stuff a few days ago on #tor-dev 17:30:11 err, whatever you want to pick is fine 17:30:17 mikeperry: we already have guard-discovery as a tag on #9001, so let's ues that 17:30:31 isabela: uh huh 17:30:42 mikeperry: feel free to tag the padding stats ticket as that tag, if you feel it's an attack (i havent looked at ticket yet) 17:30:42 questions from me: I'm about to send out my notes from wilmington on supported platforms. If anybody has additional comments for what to change there first, please make sure I know. 17:30:47 i guess we agreed in wilminton that i was going to stop helping with guard algo stuff and focus more on anticensorship? 17:30:52 asn: ok great. sorry, I missed that scrollback.. the irc shell server rebooted.. 17:30:57 is the PT funder Sponsor M? 17:31:28 second question: i'm going to put out an 0.3.1.x alpha release again later this week; would anybody be interested in co-piloting with me? I'd like at least one or two more of us to be able to do release-manager stuff 17:31:36 isis: yes is related 17:31:55 mikeperry: wrt filing trac tickets for remaining issues: let's do it for the ones where we have a plan forward. 17:31:56 third thing: isabela: can I send out the sponsor assignments from the wilmington spreadsheet? It's hard to help people plan without advancing that. 17:31:59 (On the pt note, does anyone use onionbrowser and know if it displays the obfs4 copyright in a visible location) 17:32:29 nickm: what you mean by send out? coordinate with the team? 17:32:33 i'm willing to help with PT coordination stuff but i'd want better definition and context before agreeing to be a primary contact 17:32:48 isabela: coordinate with the team, put on the wiki, make sure it works out w finance, etc 17:33:47 nickm: can we sync off meeting? I am getting the stuff with brad, met with him last week but still missing one spreadsheet 17:34:01 ok, aure 17:34:15 #action nickm and isabela coordinate about team <-> contract mappings 17:34:16 nickm: i think the general allocation we did on the nsf spreadsheeet counts for folks to know their area of work 17:34:46 anyone who whould like to help work on the next release can let me know. 17:34:47 nickm: just the percentage of things that i need brad stuff so we can plan that 17:34:48 nickm: i'm up for helping with release management 17:35:03 ahf: woo; once we have a couple more 0.3.1.x bugs fixed, let's start on it 17:35:03 nickm: does that makes sense? 17:35:10 nickm: yes 17:35:15 isabela: sure, I think? 17:35:45 next question I see is from isis ... 17:36:08 i'm happy to give advice about release engineering based on my prior experience elsewhere :) 17:36:31 backend moat things -- I agree that's something that TB needs soon. It's a good idea to stay in contact with other network-team stuff like review while you're doing it, but I don't think there's a must-do-first coding task here 17:36:39 did that answer your question? 17:37:01 catalyst: cool! I'll invite you to "watch over our shoulder" as we do it 17:37:05 and/or help as you prefer 17:37:12 nickm: we should follow what was organized in wilmington / where we listed sponsor's tasks and folks who wanted to work on them raised their hands and we added their name on the storm spreadsheet - what is pending is to know how folks should break their time between those tasks, if 10% on M or 30%.. 17:37:50 ok. given that, I thinnk we should get the info onto the wiki, and add percentages afterwards. Agree? 17:37:54 yes, i think that answers 17:38:10 nickm: yes 17:38:23 nickm: happy to help; i think it's better to let less-experienced people have a chance to learn by doing of course 17:38:32 more discussion topics this week? 17:38:35 nickm: we can continue off meeting 17:38:38 stuff we went over too fast? 17:38:47 stuff we never really answered? 17:38:48 review-group tickets still not assigned 17:39:05 also who was interested in doing vuln management (volunteers in Wilmington maybe)? 17:39:17 what is vuln management? 17:39:24 vulnerability managment 17:39:36 what is vulnerability management? 17:39:53 "flipping the fuck out when someone figures out how to pnw shit" 17:40:04 "and cordinating disclosure etc" 17:40:05 how to deal with things when you find or have a report of a vulnerability in your software 17:40:26 how do i pnw shit 17:40:38 i think nick has done a few documents of that nature 17:40:48 "i pacific northwested the hell out of that vuln" lol 17:40:56 first you find someone that isn't disabled that can actually type to make fun of 17:41:03 ... 17:41:05 isis, nice point 17:41:05 profit 17:41:39 awww, sorry i thought there was some cascadia reference there 17:42:10 but we were talking about vulnerability handling at Wilimington and some people volunteered to do more coordination with downstreams etc., i think? 17:42:32 nickm: so yeah, two review-group tickets not assigned reviewer yet. i already have lots of prop224 review for this week. i would prefer not to take them if possible. 17:42:48 nickm: can we pass them to someone else? else i see them sticking around for ever -- they are that kind of patches. 17:43:19 catalyst: I recall an informal discussion with armadev on that but was there any action items following that? 17:43:26 I'll take them on, I guess? but this will slow down all reviews for everybody else. 17:44:09 any opinions on the relative priority of #22101 and #22102 vs #7869? i might be willing to take a look 17:44:32 i recall that those two are related but involve potentially hard design choices 17:44:34 to continue on what asn just mentionned about prop224, July is the end of R and our soft deadline for prop224 so him and I will be very busy with it :S 17:44:40 i can take another ticket for review 17:44:58 trac is misbehaving for me again :/ 17:45:01 (datapoint on our stack) 17:45:29 catalyst: imo the underlying issue is more important than either one. 17:45:55 so should we open a parent ticket for the underlying issue? 17:45:56 and a decision there would make both tickets easier to decide about. 17:46:19 oh #22101 is already a parent ticket 17:46:29 wrt #7869, I can do the next review, since i'm paranoid about dirauth breakage 17:47:07 nickm: at the very least it seems like test coverage for the padded/not-padded differential is missing 17:47:10 part of me is okay with deferring these tickets, but part is not: it's not good to let volunteer patches sit around and gather dust 17:47:21 #7869 is kinda disgusting: too much alterations for almost no benefit 17:47:22 nickm: i tend to agree with that 17:47:49 I think relative path stuff should probably take a back seat. I also think the ultimate solution is to have the user specify everything relative to the DataDirectory. For the backend ... well I remember nickm (I think) saying things that sounded good to me in the tickets 17:48:27 nickm: def agreed about the volunteer part tho +1 17:48:30 i think i recall TB on MacOS needing specific relative paths to work for the PT proxies 17:48:56 ok. let's give it a shot on these today, and i'll open the next review group 17:49:07 any more open things we missed? 17:49:08 asn: yeah there's a reason i removed the "easy" tag from that ticket 17:50:05 nickm: are you going to be off on summer vacation at some point (and if so, when?) 17:50:09 maybe also goes for other people 17:50:16 i don't know yet :) 17:50:18 ok! 17:50:22 maybe let's talk about that on-list? 17:50:27 if no more issues... 17:50:27 fwiw, I'll inform the net-team list when I,ll know 17:50:32 yes 17:50:35 ditto 17:51:15 #endmeeting