16:59:49 #startmeeting spoooooooooky network team meeting, 30 October 2017 16:59:49 Meeting started Mon Oct 30 16:59:49 2017 UTC. The chair is nickm. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:59:49 Useful Commands: #action #agreed #help #info #idea #link #topic. 17:00:01 https://pad.riseup.net/p/u49bchrShds1 is our pad; hi everyone 17:00:07 thanks 17:00:15 hello hello 17:00:57 yellow! 17:01:55 hi ! 17:01:59 so, big transitions this week as we mive on to November. 17:02:39 *move 17:03:00 It's time to look at our roadmap, see what we'll have done in Nov, see whether anything will go unfinished from Oct, etc 17:04:27 That's over at https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdrriaYfUBQ/edit?usp=sharing 17:04:52 anything in October not already finished, or going to get finished for tomorrow? 17:05:09 If so please make a note and delay to november 17:05:48 ack 17:06:11 dgoulet, catalyst, ahf, asn (plus teor and mikeperry) (plus me) -- that's you :) 17:06:27 ahf: how are we doing on line 7 with the measurements. I see that it's done; how far is it from being "in usage"? 17:06:43 like, do you have time to write down the instructions today, or make a branch to merge, or whatever? or will that be november? 17:07:11 nickm: mine involve an unanswered question on the pad ;) 17:07:49 nickm: are you thinking of the instructions to run things on android? asfaik there is no branches to merge in any of this for tor.git (some to orbot.git) 17:08:01 i think the CPU + memory part will be done tomorrow or wednesday, the battery part at the end of the week 17:08:03 catalyst: How hard is it to test with eg git bisect? 17:08:23 ok, "done" in the sense of having instructions that other people can follow? 17:08:37 yes, this week for all of them 17:08:43 ok. 17:08:44 including sample data from a nexus 5x 17:08:52 that is my "test" device 17:08:55 #action ahf will get the sample data and the instructions for measurement this week 17:09:05 if you have to pick one, I'd say the instructions are more important 17:09:22 nickm: i still have no automated test for this, and if i did, it would be fairly expensive. i could try a manual bisect if people think that's important 17:09:30 ok! i will flag the item to "early november" in the roadmap sheet? 17:09:43 ahf: yes please 17:09:51 nickm: do you think the data i showed you today could be of any use when we are past the short amount of sample period that was shown? 17:09:57 because i'm going to proceed with that for now 17:09:59 catalyst: I think that we can probably guess that it's just the new guard stuff, if that went into 0.3.0 17:10:05 ahf: yes 17:10:07 for CPU profiling that is 17:10:07 nickm: i think it's possible that the 0.3.0 guard work influenced it, yes 17:10:14 great, thanks 17:10:50 asn: Shall we also postpone lines 4 and 5 to november? FWICT they are ongoing work... 17:10:55 nickm: are we ok with accepting that hypothesis and not backporting to 0.2.9? 17:11:19 nickm: can i test instructions on you? do you have a device that you are willing to build custom orbot apk's on and run stuff on? 17:11:25 so, if we tried it on 0.2.9 and it didn't work, I think it's okay not to backport. 17:11:35 ahf: depends how big the instructions are! let's see how it goes 17:11:42 cool :-) 17:12:01 dgoulet: same question wrt line 11, #23681 17:12:24 nickm: it is on my todo list for this week in my status, it is a very tricky one so it might overlap in November but this week is my goal 17:12:26 catalyst: that is, if we tried the bypass on 029 and it didn't work, I think we can accept the hypothesis 17:12:43 dgoulet: let's call it early-nov? October ends tomorrow. 17:12:51 nickm: sure I can move it 17:12:53 nickm: sounds good 17:12:57 thanks! 17:13:03 isis: hi o/ just a reminder to prioritize moat work for november 17:13:57 yeah. The next thing I'm hoping everybody will do is look at their work for november in that roadmap, and mark the stuff that they are planning to do first. 17:14:19 and we can go ahead with those two-week sprints we were talking about? 17:14:23 How would folks like that? 17:14:47 isis: (eg, do you think you can land moat... in a week? two? four?) 17:15:13 nickm: by two weeks sprints you mean re-assess every 2 weeks the roadmap ? 17:15:37 I mean, let's pick what we think we can do in 2 weeks, and come back to the roadmap in 2 weeks to see how it went? 17:15:48 sounds good 17:16:22 ok 17:16:36 cool. TorCoreTeam201711.1 for that? 17:17:06 also if something's too big to do in 2 weeks, maybe try to split it into smaller chunks that still result in some user-visible incremental improvement 17:17:13 yes indeed. 17:17:40 TorCoreTeam201711.1 is the keyword to use? 17:17:47 sure, unless somebody has an improvement 17:17:59 cool 17:19:32 hi 17:19:38 hi! welcome to our meeting. 17:19:54 notes are at https://pad.riseup.net/p/u49bchrShds1 17:20:12 so, thanks for the roadmap work. let's go over status updates 17:20:17 You come. Hi ! 17:20:19 anybody have an answer to teor's question? 17:20:27 this is my first time in something like this 17:20:38 isabela: it is coming along… but frustratingly not passing integration tests yet 17:20:44 nickm: which one? 17:20:51 nickm: I see possibley two 17:21:00 the one in boldface in his update 17:21:38 isis: thanks for the update! 17:22:00 i have some questions that totally can be answered later or whenever about hackerone triaging 17:22:31 If anybody knows the answer to the hackerone stuff (asn?) please have a look at isis's questions? 17:24:17 nickm: didn't we obsolete an option about "Exit single hop" or sth around those lines recently? 17:24:17 isis: i think some of us have been talking about some HackerOne stuff on #tor-internal because of confidentiality, but maybe we should talk about the more general stuff here 17:24:36 nickm: AllowSingleHopExits 17:24:48 nickm: maybe that is what is triggering the warning some how? 17:25:06 ooh, maybe. 17:25:09 nickm: ah one step ahead of me eheh 17:25:13 (in the pad) 17:25:53 isis: so, wrt hackerone... 17:26:12 isis: I know that in the past, we have paid out for bugs that were vulnerability-like, but not vulnerabilities. 17:26:41 For example, if there was a buffer overflow that wasn't exploitable given how our code used the code, we would count that. 17:26:55 but I don't think we count stuff that is in no way vulnerability-like 17:27:13 isis: asn has said he wants us to consult him before finalizing any bounty payout 17:27:24 and we only call it a tiny payout in those cases 17:27:27 isis: you don't need triage tor browser bugs 17:27:34 i'll take care of that 17:28:27 #action asn teor: could you especially take a look at Mike's https://trac.torproject.org/projects/tor/wiki/org/sponsors/SponsorV page about guard discover resistence? I think he wants feedback, and you're listed as working with him on making sure we have the right list of guard discovery proposals 17:28:38 yep! i wasn't planning on paying anyone, just triaging 17:28:41 we do want to try to be fair to reporters on HackerOne because certain resolutions will result in reputation loss for them 17:28:48 #armadev you would also be good to look at those 17:28:59 GeKo: ah okay, great, so we all use the same account, and i'll just leave TB bugs be 17:29:00 #action armadev you would also be good to look at https://trac.torproject.org/projects/tor/wiki/org/sponsors/SponsorV 17:29:22 i've seen us close reports out as "informative" when they don't justify us taking immediate action but it's helpful information 17:29:45 "informative" is reputation-neutral; "N/A" and "spam" are reputation-negative 17:30:03 isis: opening bugs in trac for non-security issues seems fine to me 17:30:18 catalyst: thanks! that's good to know 17:30:24 iirc that's what asn has been doing for tor bugs and that's what i do for tor browser ones 17:30:48 isis: it's in the HackerOne online help but not really concisely stated in one easy-to-find place in my experience 17:31:54 any leftover questions from people's updates before we move on to the announcements and discussion topics? 17:32:09 isis: one leftover question for you above. When in November do you think you'll be done with moat? 17:32:56 at least, done enough that mcs et al can use it? 17:33:36 i was aiming for the end of last week but the tests still aren't passing 17:33:55 so probably at the end of this week 17:33:59 ok. 17:34:20 feel free to grab me if you need a rubber duck (for rubber duck debugging) 17:34:36 on to announcements: 17:34:53 first, I beg: There are still 10-12 needs_review tickets in review-group-24. 17:35:05 most are from me, and I can't review those ones (or at least I shouldn't). 17:35:21 please, everybody, look at 1 or 2? 17:35:32 yep 17:35:43 (and thanks to everybody who has already reviewed some) 17:36:06 ok. Looks like we've talked about 2/3 of the discussion topics listed on the pad 17:36:06 yes, on my stack this week, you'll get some review! :) 17:36:09 thanks! 17:36:33 remaining one is teor's "do we want to plan a hackfest in 2018" one 17:36:56 oh dear I failed to respond :( 17:37:05 let's everybody remember to respond to Tim's email 17:38:03 * ahf nods 17:38:41 * isabela might be able to travel abroad again soon 17:38:47 :) keep y'all updated 17:38:48 (wooooo) 17:38:51 NICE 17:39:22 i have an announcement too 17:39:26 So, following up on the roadmap. I don't see any moved lines; I'll move the ones we talked about moving.... 17:39:33 how have the hackfests typically been with tor? is it usually topics that are funded? topics that we haven't had time to look into over the year, or? 17:39:40 .... but I need other people to remember to mark their first-half-nov tasks. 17:39:48 isabela: go for it! 17:39:49 i am working with all teams to make sure roadmaps are shared and everyone is aware of what is going on with others teams 17:39:58 today i will email the list about it :) 17:40:32 is this plan: 17:40:32 ^^ this is a discussion with devs, and other stakeholders 17:40:39 ops 17:40:39 ahf: I think it's more or less up to us; but it's certainly **easiest** if there is enough of a funded topic discussion that we can bill for reimbursement. I can ask brad for specifics? 17:40:40 hehe 17:40:42 wrong pasting 17:40:53 https://storm.torproject.org/shared/qyLSUCJ0AkJpHsMVHp995Pf_QWt1nTvamnGwLmrxChD 17:41:10 more on my email o/ 17:41:19 nickm: ack! 17:41:33 isabela: no roadmaps yet from OONI, metrics, or community? 17:41:37 yes 17:41:40 i need to update that 17:41:44 i'd love a mobile focused hackfest at some point - maybe together with the guardian project, the ooni people, and onionbrowser. 17:41:45 will do it and then email ppl 17:42:02 #action nick asks brad about requirements for hack session travel being nicely reimburseable 17:42:22 ahf: !!! 17:42:25 ahf: great idea 17:43:11 i'll take it to tim's thread on the ML 17:43:11 :-) 17:43:20 thanks 17:43:46 so, I think that's all for the session. It looks like everybody has been pretty busy, and is likely to continue busy! 17:43:49 can we have a modularisation hackfest where we all just refactor stuff together? 17:44:05 "why not both" ? ;) 17:44:10 isis: i would like that 17:44:27 oh yeah, i didn't mean that in opposition to mobile stuff at all 17:44:35 yes, +1 - bonus if it can also have a twist of rust 17:44:45 also if people want to work in 2s or 4s, we can probably work out some way to have just few people get together pretty easily 17:44:49 or 3s 17:44:58 * nickm has a couch 17:46:28 cool 17:46:43 good one for sleeping ! :) i can testify to that hehe 17:46:50 :-D 17:46:55 #action nickm asks brad/shari/etc about having some standard "colocating devs" budget 17:47:04 ok, any more for this week's meeting? 17:47:34 * dgoulet is good 17:47:41 * ahf too 17:48:02 ok! See you on #tor-dev, everyone! 17:48:05 #endmeeting