17:01:52 #startmeeting anti-censorship weekly checkin 2019-08-08 17:01:52 Meeting started Thu Aug 8 17:01:52 2019 UTC. The chair is phw. Information about MeetBot at http://wiki.debian.org/MeetBot. 17:01:52 Useful Commands: #action #agreed #help #info #idea #link #topic. 17:01:54 just throw an ice cube in there 17:02:03 here's our pad: https://pad.riseup.net/p/tor-censorship-2019-keep 17:02:58 our first announcement: the folks from iclab (phillipa gill's research group at umass amherst) started monitoring the reachability of our default bridges 17:03:19 they have access to plenty of vpn vantage points all over the world -- including china. they'll get back to us once they have results 17:04:03 awesome 17:04:20 this should help us with #28531 17:04:34 cohosh, do you want to cover the second announcement? 17:04:52 oh yep, i was at clsi last week 17:05:07 and psiphon announced that they want to publish public data on their anti-censorship tool usage 17:05:27 which is unexpected and exciting since they are super closed about their implementation and user bases 17:05:51 i added an excalamation point because i felt that all announcements should have one 17:05:52 * phw is really looking forward to seeing this data 17:06:00 haha 17:06:01 i agree, at least one 17:06:06 yeah, i'm not sure how quickly it will happen 17:06:32 but it would be cool to see because psiphon is very popular in places that don't have a lot of tor usage 17:07:22 gaba: do you want to cover our first few discussion points? i believe you wrote them, no? 17:07:55 our color coding has changed recently. somebody removed the color history and changed the title to "anti-censorship meeting" in russian 17:08:14 o.O 17:08:22 that was my reaction too 17:08:31 wat 17:08:35 ok. Sorry I was on the phone 17:08:36 i might have removed the colour history, i thought that was a local change >.< but i did not do the title thing 17:08:57 sorry for that 17:09:10 yes, I wrote some of the topics 17:09:14 oh, no worries. it's nice to have a fresh start! 17:09:48 sponsor 30. I would like us to agree on tickets related with each of the deliverabels that need to be completed and be sure we are not missing anything 17:10:34 antonela is also part of this sponsor and will collaborate with some of the deliverables 17:10:35 https://pad.riseup.net/p/tor-censorship-2019-keep/timeslider#31952 sure enough 17:11:07 #31268 is the master ticket for the work on s30 17:11:11 for anti-censorship 17:11:51 gaba: i'll try to create missing tickets 17:12:41 ok. anything we need to coordinate with antonela now? 17:12:58 i don't think now, but we should talk about times 17:13:14 your spreadsheet is good gaba, we can coordinate based on that 17:13:25 ok. I would like to have monthly meetings on this sponsor for collaboration and check on progress. 17:13:44 I will send a mail in a couple of weeks about it. 17:14:08 oki, im happy to join your process phw and moving forward together on what is needed 17:14:33 thanks antonela! 17:15:06 Next item is roadmap. We are experimenting with gitlab for it and this will lead what we need to do to migrate from trac to gitlab. 17:15:15 I uploaded August roadmap into that board. 17:15:43 Right now only as a project 'roadmap' but the idea would be to have issues in its own repository in gitlab. 17:16:15 woah nice 17:16:29 gaba: is this ready for us to change as we work on things? 17:16:37 can we expect gitlab urls to be stable now? we recently moved anti-censorship into the torproject folder, which changed the urls as far as i know. 17:16:45 yes. sorry about that. 17:17:08 cohosh: this is mostly the 'testing' phase. We need to adjust to what works for us. 17:17:51 as we were using storm before (that was not integrated into trac) it would be similar with the plus of testing how the roadmap/issues may work here. 17:18:30 cool 17:19:01 that's cool gaba 17:19:17 I would like us (people that want to move forward - or not - the decision on trac to gitlab) to meet in a few weeks and see what next steps are. 17:19:17 yes, thanks for moving forward with this 17:21:14 are people ok with how the roadmap looks like there? 17:21:20 and the state it is in 17:21:27 the idea is to update it in every meeting 17:21:46 i can move some things into the "Doing" column but otherwise yes 17:21:56 I added one new column 'Next' that will have what work is going to be done in the next week 17:21:59 ok 17:22:01 the "Backlog" is for August and past roadmapped work? 17:22:17 the columns should be sort out by priority 17:22:24 I only added August so far. 17:22:29 and july, yes 17:22:31 Ah gotcha okay cool 17:22:54 The due date indicates the end of the month we said we are going to work on the issue. 17:23:13 To estimate issues you comment on it with the command /estimate Xd 17:23:29 The issue wih this version of gitlab is that weeks are automcatically 5days 17:24:11 to say how much time you spent on an issue you comment with /spend Xd 17:24:37 * anarcat coffee 17:24:44 Many of the labels are at the level of The Tor Project group. 17:24:47 should we only update the gitlab roadmap now? or are we maintaining gitlab and storm in parallel? 17:24:57 So we can have a board for the whole organization where people can still report issues. 17:25:06 we are saying bye bye to the storm one 17:25:15 * phw says bye bye 17:25:16 rainbow 17:25:24 :) 17:26:10 next topic? 17:26:31 yes 17:26:40 the snowflake webextension 17:26:47 snowflake web extension. What is the situation right now with it? Should we add anything else to the roadmap? 17:27:25 I think #31278 and #31285 are important to look at soon 17:27:44 and probably aren't on the roadmap 17:28:01 can you estimate those tickets cohosh? 17:28:36 31278 looks similar to what you just merged 17:28:50 ah yeah that might be a duplicate 17:28:57 and 31310 17:29:57 #31310 i made after finishing the one i just merged to remind us to improve the code a bit 17:31:07 ok 17:31:08 gaba: we can take a look after the meeting and estimate times 17:31:20 i'll need to re-read the descriptions again 17:31:27 sounds good cohosh 17:31:51 next topic. v 17:31:52 What do we do with #31153 "Create a "tor-bridge" Debian meta package" ? 17:32:15 yes, this ticket is on ice. it may be done some time in the future but it's difficult to do it in a way that's debian policy compliant 17:32:20 so we'll just ignore it for now. 17:32:34 ok 17:32:39 I will move it to a -can 17:32:40 sponsor 17:32:42 ...and do our "set up new obfs4 bridges" campaign without it 17:32:46 yes, thanks gaba 17:33:38 next topic :) Sponsor 28. Should we meet again on it at the end of the month? 17:34:09 i'm not convinced we need to. our anti-censorship meetings typically last less than an hour, and we could just discuss sponsor 28 things as part of our regular anti-censorship meetings. what do you think? 17:34:26 Yes. We do not have any other team involved in it. 17:34:38 And both meetings are public anyway. 17:35:09 Let's add a section to the weekly anti-censorship meeting to give updates on s28 if needed. 17:35:12 if/when things get more involved, we can reconsider but for now let's discuss sponsor 28 in our regular meetings 17:35:34 ok 17:35:56 i was thinking about adding a (sponsor28) to the things i worked on over the last week 17:36:51 next item: do we need anything else from the metrics team for #30777? 17:36:54 * arma1 catches up on backlog and is around for a bit if needed for anything 17:37:25 i think the short answer is "no, at least not right now". we need to find a convenient way to count how many new bridges were set up because of our campaign. 17:37:34 ok 17:37:47 doing it passively is tricky, so it may make sense to encourage people to send us (or me) a brief email 17:38:25 anyway, we can discuss this next week when i've given it a bit more thought 17:39:01 cohosh: the last discussion item is yours, right? 17:39:34 right, we talked with the sysadmin team a bit about getting a tpo domain for the snowflake broker and bridge 17:39:55 specifically a torproject.net domain (.org might not be a good idea because of potential blocking) 17:40:14 there's another question of if/when we should move the actual hosts to TPA machines 17:40:27 this isn't as urgent because we have the access we need as a team to dcf's machines right now 17:40:45 fwiw, there's another argument against running snowflake infrastructure in tor: it violates our "we don't run the network" principle 17:40:50 anarcat mentioned on the ticket that we can probably get a torproject.net domain to point at dcf1's hosts 17:41:05 phw: yeah that's a good point and this is a gray area here 17:41:14 the snowflake broker is kind of like bridgedb which torproject does run 17:41:24 and the bridge isn't as much like a bridge as other PTs 17:41:29 They're not really *my* hosts except that I set them up at eclips.is. 17:41:44 since it's hard coded in and more difficult to change 17:41:57 (for context, the reason we choose torproject.net for non-tpa hosts is because of how browsers handle "same domain" cookies.) 17:42:08 recent ticket discussion starts at https://trac.torproject.org/projects/tor/ticket/31232#comment:3 17:42:10 dcf1: ah right, let's say "non TPA hosts" then 17:42:59 really the domain is the biggest issue right now 17:43:21 .net is specifically for non-TPA machines, it's the other reason why we wouldn't use .org. i documented this distinction here today https://help.torproject.org/tsa/doc/naming-scheme/ 17:43:24 i suppose with the hosts it's up to dcf1 since you're paying for them? 17:43:32 (at the moment) 17:43:43 I'm not paying anything, eclips.is is funded by OTF I believe. 17:43:48 ohh 17:44:03 i'd like to hear more about how snowflake works re the "we don't run the network" principle, maybe not here, but it's something that worries us (tpa, and probably others of course) 17:44:31 eclips.is has this free acounts for different orgs/people. 17:44:34 anarcat: yes, this needs a bit more discussion. should we use the ticket (31232) for it? 17:44:51 phw: sure, why not 17:45:14 because it's one of the questions we need to answer before we can answer the "should we move to tpa" question 17:45:22 the other being "what are those machines anyways and what do they eat" :) 17:45:38 cool :) 17:46:15 anyways, we're here to help, but we have questions and worries :) 17:46:18 cohosh: it might also be smart to wait a bit before picking a new name, to see what google safe browsing does with the next domain 17:46:42 thanks anarcat! 17:46:49 arma1: hmm okay that's a good point 17:46:50 one of my concerns is that we've been going the "we're going to build you a secondary prometheus server for those external resources" for a while now, and are almost finished with it, and now we're talking about not making that stuff external after all :p 17:46:53 i plan to talk to some google folks next week at usenix, and see if i can find a contact. (none of them answered my emails. but maybe gmail thinks i am not a real internet user because i don't use gmail.) 17:46:56 so i'm a bit confused about our roadmap :p 17:47:04 yeah sorry about that 17:47:13 heh 17:47:16 stuff happens :) 17:47:21 i think keeping it on the elips.is hosts makes sense for now 17:47:39 and you helped hiro get familiar with the prometheus setup.. she found and fixed a few bugs in the process, so it wasn't a waste of time :) 17:47:46 more like good exercise 17:47:47 since we are not in a bad position of if someone is unavailable snowflake goes down on that front 17:48:28 It's a little bad, because I think I'm the only one who could access an emergency web console if that were needed. 17:48:38 I didn't yet find a way to share access with other eclipsis accounts. 17:48:46 oh i see 17:49:20 it's a problem we have in multiple teams, by the way... lots of things are built by individuals and we have many SPOFs 17:49:31 i haven't even started documenting those, but i keep stumbling upon stuff like that 17:49:32 dcf1: eclipsis is greenhost right? do you have greenhost contacts or would you like some? 17:49:47 i have good GH contacts, if shit hits the proverbial fan 17:50:00 I got an account initially through a greenhost contact. I could file a support request in any case. 17:51:14 'Mart van Santen' is the person everybody thinks of, but i think 'Maarten de Waard' is the one who went to the last otf summit 17:51:19 let me know if you turn out to need introductions 17:51:35 the marts 17:51:38 they are confusing :) 17:52:00 (mart also runs one of our default bridges) 17:52:01 ma*rt.* 17:52:18 (two, actually) 17:52:28 dcf1: you can add more than one ssh key to the VPS in eclips.is and share the account that way 17:53:12 gaba: no, I mean share access to the web configuration panel that allow creating, deleting, etc. of VPSes. 17:53:31 oh, I see 17:53:33 All the Snowflake team already has shell access to the VPSes under individual accounts. 17:53:34 yep 17:54:12 If the host won't boot, for example, it has to be fixed at a level above SSH. 17:54:33 dcf1: and that's a user specific to you that has access to other stuff? 17:54:42 could there be a shared users detached from you? 17:55:06 anarcat: I don't understand the question. 17:55:31 There's a david@bamsoftware.com user for the web interface that runs only pluggable transport stuff. 17:55:58 could there be a anticensorchip@tpo user instead 17:56:05 There are also unix user accounts on the hosts, but that's independent from the eclips.is management layer 17:56:13 in the management layer 17:56:19 but you probably thought of that, i'm just wasting your time :) 17:56:28 anarcat: there coule be another user, what I don't know is whether two separate users can share access to the same VPSes, 17:56:43 or whether we would have to set them all up again from scratch under a shared account. 17:56:51 i guess that's a question for greenhost 17:56:52 yeah 17:57:00 sounds like a fine thing to ask ma+rt.* 17:57:03 yeah 17:57:06 What I did not find was a way to share admin access to the VPSes in the management panel across two different accounts. 17:57:37 and if there is no way, then the email thread already exists when we follow up to say "you know that thing we said we might need help with eventually, well today is it" 17:58:32 we're almost out of time. anything else to discuss wrt snowflake migration? 17:58:45 i'm good 17:59:09 dcf1 has a "needs help with" item: #30126 17:59:21 and arlolra has a mysterious "-" again 18:00:07 #30126 seems like it needs some attention on the Golang/rbm front, not necessarily with meek specifically, and I don't know if I'll get to it next week. 18:00:19 so if someone wants to take a peek it could be helpful. 18:00:20 i can take a look 18:00:28 i've been dealing with rbm a bit lately 18:01:21 (and specifically rbm + Golang) 18:01:27 thanks cohosh 18:01:37 are we good for today? 18:01:42 \o/ 18:01:59 good, thanks folks! 18:02:00 thanks all, that was a productive meeting 18:02:04 #endmeeting