17:01:43 #startmeeting anti-censorship weekly checkin 2019/04/25 17:01:43 Meeting started Thu Apr 25 17:01:43 2019 UTC. The chair is phw. Information about MeetBot at http://wiki.debian.org/MeetBot. 17:01:43 Useful Commands: #action #agreed #help #info #idea #link #topic. 17:02:07 as usual, our meeting pad is here: https://pad.riseup.net/p/tor-censorship-2019-keep 17:02:44 our first and only announcement is that fte will be retired 17:03:23 as i understand, it no longer has maintainers. we wanted marionette to supersede it but it doesn't exactly have a maintainer either :) 17:03:40 that will allow removing a lot of code from Tor Browser: obfsproxy, python. 17:03:58 I think fte was the last dependent holding those in. 17:04:20 oh, interesting 17:04:21 oh nice 17:04:44 yes 17:04:46 other than tor browser, i can think of bridgedb needing a minor update. 17:04:47 hi 17:04:50 and it's been a pita 17:05:58 i think we can move on to the discussion unless anyone has an fte eulogy 17:06:36 ok, we got some code to review. gaba, did you add these links to the pad? 17:07:01 i did 17:07:08 the queries are by component 17:07:10 for review 17:07:14 gettor and obfuscation 17:07:26 I looked at the obfuscation component one and most of them are mine lol 17:07:41 :) 17:07:44 #15125 and #25613 I have put in my "help with" this week. 17:08:08 #30138 and #30142 I think are ready to go but not urgent. 17:08:20 i can take one or both of the meek-client reviews 17:08:35 (not sure who else is in the review pool) 17:08:42 #29347 I can move into merge_ready I think. That one has to be somewhat coordinated with Tor Browser release (the upcoming ESR 68 and/or switch to meek_lite). 17:09:08 The two meek-client reviews are actually the same branch, the two tickets are similar. 17:09:13 fwiw i still like the meek_lite idea for a number of reasons 17:09:28 but won't have time to get back to it before we don't have 8.5 out 17:09:39 so hopefully in about two weeks 17:10:28 yeah no rush there 17:10:43 dcf1: with cohosh offering to review #15125 and #25613, is there anything else you need help with? 17:11:11 If anyone knows JS or WebExtension, they may want to look at #29347, but I don't think it's required. 17:12:32 i'll add this to my list of todos 17:12:50 thanks phw and cohosh. 17:13:05 I might peek at it 17:13:16 was thinking of working on the snowflake webextension 17:13:17 thx arlo 17:13:27 arlolra: that would be awesome 17:13:36 cheers arlolra 17:13:51 ok, sign me up 17:14:54 i think the only ticket left in the obfuscation category is #28655. i have a fix for it, but it breaks unit tests and it doesn't seem like a trivial fix. i'll need to do a bit more digging and then ask sysrqb or dgoulet for a review. 17:15:42 looks like we have three gettor tickets that need review 17:15:47 * phw wonders if hiro is here 17:15:50 yep 17:15:53 o/ 17:16:40 * ailanthus lurks supportively 17:16:45 so the test ticket is not completed 17:16:50 i wonder what's necessary to move forward with #28339? 17:17:37 log rotation and understanding what kind of statistics we need/want from gettor 17:17:38 #1593 is not for review hiro ? 17:18:04 if it is just aggregated statistics about what is downloaded or is it something more? 17:18:05 wow, #1593. that's some serious trac archaeology 17:18:14 9 years ago :) 17:18:27 yes! 17:18:47 at the moment my idea was that if the code from the refactoring is ok, I could deploy it 17:19:04 and continue with the testing and the logs ticket 17:19:04 mmm, i do not understand if this two tickets need to be review or are not done yet 17:19:19 not done 17:19:28 or more likely both are partially done 17:19:33 ok, i will move them back to new then 17:20:04 thanks gaba 17:20:17 what's the status of #28152? 17:21:25 that's completed and I am waiting to know if I can move it from testing to prod 17:21:44 when you write to gettor+test@tp.o that's what is answering 17:21:51 oh, great. do you still need a review, hiro? 17:22:00 and when you write to gettor@tp.o it's the old one 17:22:11 well no one looked at the code 17:22:29 I merged what Ilv did into our current repository 17:22:38 so the idea would be to have a code review before you move it from staging into production 17:22:51 yeah 17:22:55 unless we want to do it yolo 17:23:08 we are doing code reviews for all the code 17:23:21 i'll have a look at it. is there a branch somewhere with all the changes? 17:23:26 yes 17:24:11 https://gitweb.torproject.org/user/hiro/gettor.git/tree/?h=refactoring 17:24:31 also the list of people currently able to push to gettor main repo should be reviewed 17:24:57 atm is only arma ilv kaner nima sukhbir 17:24:59 thanks hiro! 17:25:16 hiro: can we have all that info in the ticket? 17:25:34 ook 17:25:38 kaner hasn't been around in years as far as i know. not sure how active the others are. 17:25:39 (sorry if it is already tehre, the ticket is loading) 17:26:45 ok, let's discuss it in the ticket, ok? and phw: you do the review? thanks! 17:27:12 yes, i made decent progress with #9316 17:27:25 here's a summary of how i intended to collect the data: https://lists.torproject.org/pipermail/tor-dev/2019-April/013786.html 17:27:55 dcf1 already had a look at it and had some great ideas. i'd like to hear from others if the approach is safe and sound. i also intend to approach tor's research safety board. 17:28:08 A note on that, phw, I don't think that necessarily every bucket has to be divided by every factor. 17:28:29 I.e., I would be interested in knowing the distribution of lengths of X-Forwarded-For, even separate from other factors. 17:29:08 I think, only if we see something interesting or anomalous, will we want to start combining with other factors; until then, we can err on the side of privacy preserving. 17:29:37 I should reply to the mailing list and say this. 17:29:53 dcf1: yes, i had a hard time consolidating these two ideas. i suppose we could just collect them separately, and think about it more if we see something interesting, as you suggest 17:30:32 ok, that's it from my side 17:30:49 does anyone else need help with reviews? 17:31:24 ok, the next item in our discussion section is about tapdance 17:31:28 * phw passes the mic to cohosh 17:31:52 yep, i was at a decoy routing meeting at one of the psiphon offices yesterday 17:32:15 and talked to sergey, eric, and nikita about their tapdance deployment and the possibility to making a tapdance PT for Tor 17:32:44 these are the same people who made httpsproxy, no? 17:32:47 they were excited about the idea and there are some promising reasons to try it out 17:32:58 phw: that was sergey yes 17:33:15 and i think we should still look at httpsproxy as well 17:33:20 if we want something to replace FTE 17:33:29 do we have a link to the code on tapdance? it is kind of hard to search for :) 17:33:36 tapdance would offer us something different w.r.t the bridge enumeration problem 17:33:45 gaba: ah yeah, i can link it i just need a second 17:33:51 yes np 17:33:56 https://github.com/refraction-networking/tapdance 17:34:07 https://github.com/sergeyfrolov/gotapdance/ 17:34:14 spri: ty! (also hi) 17:34:16 tapdance server and tapdance client 17:34:20 ty 17:34:39 [i dont’ usually monitor this channel, got name-pinged] 17:34:44 the benefits are that it as actively maintained and used 17:34:59 thanks spri, great to have you around 17:35:29 it's also written in go, and so hopefully wouldn't be too difficult to get working with goptlib 17:35:44 yes, i'm excited about this. do we have a ticket already? 17:36:05 nope, i can make one 17:36:12 thanks cohosh 17:36:52 and then maybe we can have an email discussion with all the tapdance people and make sure this is something they want to move forward on 17:37:32 sounds good to me 17:37:58 \o/ 17:39:01 i think that's it for me for now 17:39:02 ok, we're doing pretty good on time. is there anything else, anybody wants to discuss? 17:39:18 (in personal news, i'll be on vacation next week, so cohosh will run the meeting) 17:40:24 enjoy your vacation! 17:40:45 thanks :) 17:41:05 looks like we're done for today, thanks everyone! 17:41:08 #endmeeting