#tor-dev log

17:00:27 <nickm> #startmeeting weekly network team meeting, 31 July
17:00:27 <MeetBot> Meeting started Mon Jul 31 17:00:27 2017 UTC.  The chair is nickm. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:00:27 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
17:00:33 <nickm> hi everyone
17:00:36 <ahf> hello
17:00:38 <nickm> https://pad.riseup.net/p/K3Up3AUaqkz0
17:00:52 <nickm> welcome back, catalyst !
17:00:55 <nickm> isis: You around?
17:01:08 <dgoulet> hello
17:01:25 <nickm> Are we missing anybody else?
17:01:40 <pastly> I'm here but not really anything to say
17:01:50 <nickm> (hi pastly)
17:01:54 <nickm> hi dgoulet , isabela , ahf
17:02:11 <isabela> o/
17:03:04 <nickm> let's start reading one another's updates on the pad!
17:03:59 <nickm> ahf: I have a request for an additional task for you this week....
17:04:13 <nickm> Please document the android stuff you have been learning as you go along!
17:04:20 <nickm> so that other people can try it too
17:04:21 <isis> nickm: hey
17:04:27 <nickm> hihi, meeting time!
17:04:31 <isis> absorbing coffee
17:04:32 <nickm> pad at https://pad.riseup.net/p/K3Up3AUaqkz0
17:04:37 <nickm> yay coffee
17:05:47 <nickm> we're all going to be spending a bunch of vacation time this month, so let's think about anything we need from one another _before_ vacations begin?
17:06:01 <nickm> That is, if we'll need anything next week or the week after, when people start to be away a lot
17:07:01 <nickm> catalyst: do you have internet at home now? :)
17:07:32 <catalyst> nickm: yes! 1Gbps supposedly
17:07:36 <nickm> woo!
17:07:40 <isis> i will write the list about it, but there's a period from like 17 august to 22 august that i will be away in order to speak at rustconf
17:07:50 <ahf> catalyst: nice
17:07:56 <nickm> isis: cool!
17:08:05 <nickm> isis: will your talk be recorded or streamed or anything?
17:08:21 <isis> catalyst: woah nice, glad your new place is coming along
17:08:55 <isis> nickm: it will be recorded and iirc released on youtube under CC-BY-SA
17:09:27 <nickm> nifty
17:09:35 <nickm> please circulate a link once there is one
17:09:40 <nickm> looking forward to it
17:10:05 <ahf> i'm going to take some days off at the end of august for bornhack construction/destruction
17:10:08 <ahf> deconstruction*
17:10:13 <catalyst> isis: thanks! i still have lots of fiddly bureaucracy bits to chase down because of the move
17:10:56 <isis> nickm: ok will do! :)
17:11:50 <nickm> let's start discussing the things at the start of the pad
17:12:11 <nickm> review-group-21 is all either in needs_revision or merge_ready. So I believe we're done there
17:12:34 <nickm> There are only 3 needs_review tickets in 0.3.2 right now, so I'm not starting review-group-22 today, but if you want to review something please feel free.
17:12:46 <nickm> I did indeed fix a lot of coverity issues on master last week.
17:13:03 <nickm> They had been hidden because coverity was using a broken model for the BUG() macro
17:13:19 <nickm> see #23054
17:13:25 <nickm> oh, not that one
17:13:50 <nickm> see #23030
17:13:58 <dgoulet> that made make check fail ^ btw (#23054)
17:14:17 <nickm> oh dear
17:14:30 <dgoulet> oh wait no!
17:14:37 <dgoulet> the tor_parse_long patch made the test fail
17:14:51 <nickm> whoops, sorry.
17:14:52 <nickm> will fix
17:15:07 <dgoulet> neat
17:16:06 <nickm> let's remember to take on roles for august
17:16:13 <isis> catalyst: you noticed some errors from #22636?
17:16:48 <catalyst> not as merged, i think, but an earlier version had some test_rust problems and the detailed log wasn't showing up in Travis
17:18:17 <isis> oh hrmm
17:18:33 <isis> hopefully not the merged thing
17:18:37 <dgoulet> oh oh oh!! Tomorrow is EOL for lots of tor version :D
17:18:51 <catalyst> unfortunately i think making it work "right" means untangling a bunch of hairy automake boilerplate
17:19:08 <nickm> dgoulet: yes, at long last!
17:19:21 <nickm> I think it's also a good day to put out another 0.3.1.x, if we can
17:20:10 <dgoulet> nickm: going in rc?
17:20:22 <nickm> isis: wrt bridgedb brokenness wrt debian9 upgrade: for the next time this happens, should we have a testing environment to upgrade first?
17:21:21 <asn> hey mikeperry. i havent had much time for prop247 lately, but plz let me know if you need any help or to brain dump to someone.
17:21:36 <asn> mikeperry: after the prop224 review/merge frenzy subsides i will come back to prop247 land
17:22:11 <mikeperry> asn: no worries. thank you for the review and suggestion on #13837
17:22:21 <mikeperry> I am working on the stem bits now
17:22:24 <nickm> dgoulet: that's something we should talk about; it relates to my question of "what is 0.3.1 blocking on?"
17:22:36 <mikeperry> after that, I will try to run client and server instances with onionperf
17:22:40 <dgoulet> nickm: right, I'm looking over the 39 tickets in 031
17:22:45 <isis> nickm: we did theoretically have a testing environment, but the last few weeks of debian 9 stabilisation seems to have sped up putting newer dependency versions from testing into stable, and those versions (even though they are minor version updates!) completely broke their API by deleting/moving/changing bits of twisted code
17:22:57 <nickm> argh, twisted
17:23:18 <nickm> we should politely complain to the twisted people, if they are really breaking APIs in minor updates...
17:23:31 <nickm> or to the debian packagerts, depending on who seems most at fault
17:23:32 <mikeperry> asn: but I am pretty good on my own for all of that. worst case I will need some help from atagar and karsten. we can sync up after that
17:24:02 <asn> mikeperry: great
17:24:06 <isis> yeah it made me a bit sad
17:24:09 <nickm> (suggested tone: "Hey, that thing you did was really inconvenient! If you are able to be more careful about that next time, we'd appreciate it!")
17:24:16 <nickm> ("Thanks for writing/packaging!")
17:24:58 <isis> that's probably a good idea, like the server is running 16.1.1 right now, but if you upgrade to 16.6.0 it's completely broken
17:24:59 <nickm> isabela: on your question of oniongit -- I dunno.  Personally, I think that it's doing very well for code review, but I am kind of afraid of leaving trac's ticket system.
17:25:10 <nickm> I don't know whether the TB security level issue is a showstopper
17:25:12 <isis> i didn't want to complain too loudly
17:25:28 <mikeperry> oh I might have some questions for the folks who worked on prop271
17:25:36 <mikeperry> but later, probably
17:25:43 <isis> prop#271
17:25:52 <nickm> mikeperry: design or implementation?
17:26:17 <asn> mikeperry: sounds good to me
17:26:23 <isabela> nickm: i am looking for folks opinion on it -> 13:25 <+nickm> I don't know whether the TB security level issue is a showstopper
17:26:31 <dgoulet> nickm, isabela: yeah I just replied on that thread...
17:26:42 <isabela> dgoulet: saw it too, tx
17:26:45 <mikeperry> implementation, esp wrt how we think we want to use it for prop247. I will most likely just implement what I remember from our wilmington discussions, and then write that up and ask people what they think
17:26:46 <dgoulet> tough one to answer :Ls
17:26:47 <nickm> It is not a showstopper for me.
17:27:07 <nickm> mikeperry: okay. I'm probably the best person to ask there; please get to me before the middle of next week, so you catch me before I go on vacation?
17:27:20 <isabela> dgoulet: yeah, that is why i would like to check with people who are trying gitlab
17:27:27 <nickm> asn also knows the code pretty well
17:28:17 <asn> yep
17:28:38 <isis> mikeperry: i can probably answer questions about the logic fairly fast, but not so much the implementation (at least not without digging into the code since i didn       write it)
17:30:05 <isis> wow, 0.2.4, 0.2.6, and 0.2.7 are all KIA today
17:30:32 <isis> that simplifies things quite a bit
17:30:41 <nickm> If somebody reports a security flaw in them today, I am so not fixing it. :)
17:31:18 <dgoulet> technically, Aug 1st is tomorrow but it's probably already Aug 1st somewhere :P :P
17:31:49 <nickm> ahf: May I assign #22926 for you to fix in 0.3.1 ?
17:32:08 <dgoulet> mikeperry: you are aware of this #22934 ?
17:32:11 <nickm> ahf: if not, please reassign it to me
17:32:11 <ahf> yes! ideally for this week, nickm
17:32:27 <nickm> great
17:32:36 <ahf> trying to structure my 20-25/80 split into "weeks"
17:32:46 <nickm> if soemone wants #22934 fixed in 0.3.1, they should assign it to them :)
17:33:49 <dgoulet> nickm: I've worked on that #21509 so there has been some fuzzing but nothing upstream yet... and haxxpop is looking at it, defer?
17:34:00 <mikeperry> dgoulet: bleh, no. thanks
17:34:03 <nickm> mikeperry: I also left a question for you about whether #22136 is must-fix-in-0.3.1
17:34:35 <nickm> dgoulet: I would really like it to not be deferred. If there is a crash bug to be found in the hsdir code, I want us to find it before 0.3.1.x is stable!
17:36:16 <dgoulet> nickm: same but does this matter that it has to be upstream before 032? What I mean is I did fuzz for hours that thing already but apart from telling you that, I don't see how I can resolve that ticket except with a fuzz_hsdescv3 binary pull request?
17:36:58 <nickm> ah; no, it needs to be tested, but the tests don't need to be upstreamed yet.
17:37:10 <nickm> what do you mean "with a fuzz_hsdescv3 binary pull request" ?
17:37:29 <nickm> dgoulet: maybe update the ticket with the status, and defer to 0.3.2 ?
17:37:35 <dgoulet> nickm: well a fuzz_hsdescv3.c and some corpora patch?
17:37:43 <nickm> sounds good
17:38:11 <nickm> if we take those in master, then oss-fuzz will start fuzzing the code too.
17:38:30 <dgoulet> oh true google thing! ok maybe worth it then to have it in 031
17:38:53 <nickm> it's okay to do it in master
17:38:58 <nickm> just so long as it goes in _somewhere_
17:39:11 <nickm> oss-fuzz is only looking at our master right now
17:39:17 <dgoulet> ok!
17:39:27 <haxxpop> dgoulet, nickm I'm looking at the teor's code. Currently we have only the fuzzer for the descriptor (from dgoulet) but not other parts
17:39:37 <nickm> I don't see anything stopping us from putting out 0.3.1.next-alpha, maybe with a stable to follow in a week or 2
17:39:44 <dgoulet> haxxpop: we should start with that imo
17:39:50 <nickm> every piece helps
17:40:03 <isis> will oss-fuzz run "cargo fuzz" for us?
17:40:15 <nickm> isis: only if we tell it to
17:40:19 <ahf> it only works with afl and libfuzzer i think?
17:40:19 <nickm> and teach it how
17:40:21 <nickm> yes
17:40:27 <isis> cool
17:40:31 <nickm> is cargo fuzz libfuzzer-based?
17:40:43 <isis> i think so?
17:40:48 <nickm> interesting.
17:41:20 <nickm> we should see if clusterfuzz has "how to fuzz rust" documentation written.  If not, we should ask them to please write some, and follow it
17:41:24 <nickm> they'd probably be glad to
17:41:44 <mikeperry> nickm: are you sure you meant #22136? I don't see any comments for you there
17:41:47 <mikeperry> I am replying anyway
17:41:50 <mikeperry> to teor
17:42:20 <nickm> mikeperry: sorry; I meant that the question was from teor
17:42:24 <nickm> so confused today :)
17:42:25 <isis> nickm: yes, it is using libfuzzer
17:42:29 <nickm> cool
17:43:10 <nickm> asn/dgoulet: have I reviewed enough #20657  last a couple of days, or should I do more today? :)
17:43:44 <isis> who is clusterfuzz?
17:43:49 <isis> or what
17:43:57 <nickm> it's the tool that oss-fuzz is built on
17:44:00 <nickm> google uses it internall
17:44:01 <nickm> y
17:44:04 <asn> nickm: did you review more today? or the stuff from last week?
17:44:04 <nickm> and runs oss-fuzz on it
17:44:10 <nickm> asn: reviewed a little more today
17:44:17 <asn> nickm: i think i have 1-2 days of fixes
17:44:49 <asn> (i didnt get any gitlab mails today i think)
17:44:54 <asn> nickm: so we good i think
17:44:58 <nickm> ok cool
17:45:04 <nickm> i'll do a bit more today, then other stuff
17:45:14 <nickm> Do we have more topics today, or shall we call the meeting finished?
17:46:11 * dgoulet is good
17:46:54 <asn> yep
17:46:55 <catalyst> did we talk about oniongit and javascript?
17:47:01 <asn> ehm
17:47:09 <asn> review-group-21 seems done nickm ?
17:47:20 <nickm> asn: yes, I believe so.
17:47:31 <nickm> asn: I'll open 22 once there are more tickets to put in it; right now there are only 3
17:47:59 <nickm> catalyst: a little; the main question (also in discussion on the ml) is whether the javascript issue is a blocker for further oniongit experimentation
17:50:02 <catalyst> i think enough of the core devs are willing to use javascript that it's not too much of an issue, right? main question for me is how badly it would block outside contributors
17:50:12 <asn> indeed
17:50:23 <Yawning> contributors vs people that just complain about things on trac
17:50:59 <isabela> yep
17:51:24 <nickm> catalyst: I think if somebody really doesn't want to turn on any js for oniongit, they can contact us by other means, we can do our reviews there, and then send them a copy?
17:51:27 <nickm> dunno
17:51:36 <catalyst> Yawning: some contributions are ... more valuable than others
17:51:47 <isis> Yawning: +1
17:52:11 <catalyst> nickm: that seems workable if we publicize the workarounds well
17:52:19 * isis goes to see what oniongit is like without javascript
17:52:19 <nickm> I find using oniongit for review to be a big productivity win, even if we can't require it for everyone.
17:52:36 <isabela> i just think this is a collective decision - even tho me and hiro are driving any change that is a result of this decision, is not our decision
17:52:40 <Yawning> gitlab without js is about as bad as github without js
17:52:57 <isabela> so i want to take into account all the voices/concerns
17:53:17 <Yawning> "whatever, I can still clone a branch"
17:54:27 <nickm> more for this meeting?
17:54:42 <isabela> would be great to have folks opinions on the email thread so its all in one place and easier to have the discussion?
17:54:58 <isabela> i brought it here because is now something I am wondering about and y'all are testing it :)
17:55:07 <isabela> nickm: sorry that was for me :)
17:55:08 <dgoulet> gitlab code review for sure can't go away... it's *so* useful and important
17:55:14 <nickm> i've added a note to the pad under "tasks for after this meeting"
17:55:14 <isis> it doesn't seem that bad? i can log in, browse people's stuff, view diffs, and i think i can even leave comments
17:55:47 <GeKo> really? that did not work for me at least
17:55:56 <isabela> dgoulet: that is really important for us to hear / same with what nickm said above
17:56:38 <isis> GeKo: i have TB in medium security mode and i just told NS to untrust oniongit.eu
17:56:57 <nickm> ok.  I will #endmeeting so the tb meeting can start, but let's move over to #tor-project for more of this?
17:57:00 <nickm> #endmeeting