16:00:06 #startmeeting network-health 08/23/2021 16:00:06 Meeting started Mon Aug 23 16:00:06 2021 UTC. The chair is GeKo. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:00:06 Useful Commands: #action #agreed #help #info #idea #link #topic. 16:00:12 hi 16:00:18 hello everyone to another weekly network-health meeting 16:00:21 hihi :) 16:00:34 we need to improvise a bit as riseup has issues 16:00:35 i have failed to put my notes in to the pad 16:00:38 o/ 16:00:42 and our pad is down 16:01:15 so, i think we just start by stuff folks want to bring up 16:01:31 irl[m]: you mentioned the remaining things you should prioritize, right? 16:01:42 my updates would be: i've worked on bridgestrap/onionoo (got a working patch but can't test it live yet until bridgestrap produces some metrics, which should happen today) and done reviews 16:01:57 does https://gitlab.torproject.org/groups/tpo/-/issues?scope=all&utf8=%E2%9C%93&state=opened&assignee_username=irl&label_name[]=Doing cover all you have on your radar? 16:02:03 irl[m]: thanks, sounds good 16:02:07 hiro has been doing releases and deployments without my assistance and nothing exploded 16:02:14 \o/ 16:02:21 either my documentation was sufficient or it was an intuitive process anyway 16:02:33 both, no? :) 16:02:47 docs were good thanks irl[m] 16:03:20 i think the survival guide for the website is possible, but i did not get through all the health checks and probably won't before the end of my contract 16:03:50 there has been a lot of time lost on bridgestrap, just bad timing really, and i've had to work around things to be able to develop the patch 16:04:15 we are done with that and things are fine? 16:05:07 Ok i lost internet at home 16:05:23 there will be stats produced later today if all goes well, and then the patch will hopefully work first time and we can then release and deploy it and it's done, leaving me 1.5 days for the website docs 16:05:57 I meant to say I plan to get ahead with all my website tickets this week so maybe I might be able to help you with docs @irl[m] 16:06:06 irl[m]: okay 16:06:29 ok seems I am back 16:06:31 in general i am fine with everything that hiro thinks would be most helpful for her 16:06:33 yeah if you have specific questions and i can write the things you need rather than trying to write everything, that would be most helpful for you 16:07:12 so, i leave it to hiro for how you could spend your remaining time 16:07:12 irl[m]: generally speaking there are "hidden" parts in metrics-lib and maybe also the metrics-website that I haven't had time yet to dig into 16:07:34 https://gitlab.torproject.org/tpo/network-health/team/-/wikis/metrics/Website i did put some very broad overview in there already 16:08:03 these are for example the differential privacy part for onion statistics 16:08:17 and some of the R processing side on the website 16:08:29 ah ok so we document these in either technical reports or on the website itself 16:08:29 I am not sure you know those parts well to dump some docs about them 16:08:42 the R code is self-contained entirely in one file really, so i can explain how that works 16:08:48 ok so I will dig into those 16:09:10 https://www.tidyverse.org/ is the collection of R packages we like 16:09:42 and i believe you'll have access to the o'reilly book referenced on that website 16:10:05 yep I have 16:10:38 I have unlimited oreilly yet 16:10:40 I mean sitll 16:10:52 great 16:11:00 irl[m]: do you think we are good from you pov? 16:11:13 (with figuring out your last week) 16:11:23 (and what to focus on) 16:11:48 as gaba has been moving tickets around i have been leaving comments on them 16:12:07 i think things have been going well, i'm not handing over a disaster, and hiro has figured out things quickly 16:12:27 so yeah, i think things are good 16:12:36 great 16:12:52 and, yes, those comments on the tickets are much appreciated 16:12:58 yes thanks 16:13:05 given how little historical context i/we have 16:13:13 okay 16:13:23 ggus: you had some items to dicuss, iirc? 16:13:28 GeKo: yes 16:13:33 let's go :) 16:13:36 docshackathon and ticket triage 16:13:54 next week we will have the 3rd edition of the docs hackathon 16:14:01 or just the Tor DocsHackathon 16:14:29 and i want to check if there are net-health tickets that volunteers could work 16:15:02 yeah. i mistakenly assumed it was something like the hackathon we did as devs last week, sorry for that :) 16:15:33 but i got excited enough that i went over the tickets and added the Documentation label on any of them where we need som kind of documentation 16:15:37 https://gitlab.torproject.org/groups/tpo/network-health/-/issues?scope=all&state=opened&label_name[]=Documentation 16:16:00 *some* of those tickets could be done by volunteers, too 16:16:14 even though most of them are for devs to figure out 16:16:51 ggus: i could go over them and add the docshackathon label if you make it global? 16:17:04 i don't know what's the process of creating new labels. cc gaba 16:17:25 and then we'd get some nethealth doc tickets, too, for the hackathon 16:17:33 but, adding docshackathon label works for me 16:18:02 okay. i'll let gaba create the label 16:18:03 i think at the moment docshackathon label only exist on tpo/web repositories 16:18:09 yeah 16:18:25 and then i'll go over the list tag tickets accordingly and ping you that i am ready 16:18:36 cool! sounds good! 16:18:43 oh, and i am happy to help during the hackathon if needed 16:18:55 is #torwww the channel to use? 16:19:02 even for nethealth stuff? 16:19:18 yes, we're using #tor-www for web stuff and for the hackathon 16:19:39 okay. i'll be there then for that time 16:19:41 thanks 16:20:32 ggus: what was the triage part you mentioned or was that hackathon related? 16:20:47 it was hackathon related 16:20:54 yes, we can create a new label 16:21:12 to use the docshackathon label 16:21:23 you had it in community, right? 16:21:26 * gaba looking 16:21:29 in general i could see fixing up the applications-team wiki as something volunteers could do 16:21:36 at least for some parts 16:21:39 gaba: i guess only in web group 16:21:50 in 16:21:50 The Tor Project / Community 16:21:51 GeKo: yes, i was thinking about that too. 16:21:56 you want it in tpo? 16:22:00 yes 16:22:03 ok 16:22:23 so, yes, the hackathon should not be a website only thing but could be useful for a bunch of groups 16:22:35 but, either way it's a very nice idea :) 16:22:51 ggus: while you are here: how are our EOL relays plans? 16:22:59 should we try to get things going? 16:23:06 or after the hackathon? 16:23:22 we can start discussing today 16:23:46 woah, ookay :) 16:24:17 i think step one could be figuring out what relays are eol 16:24:25 then we try to contact folks like we did last time 16:24:36 to get them to upgrade/update 16:24:52 then we need to figure out what to do about those that don't 16:25:00 or whom we can't reach 16:25:26 i guess for that group we need to figure out whether the versions they are on have known sec-vulns 16:25:29 and is it only relays or are we going to reach out to bridges operators too? 16:25:31 and if so we kick them out 16:25:42 ideally bridge ones, too, i think 16:25:48 the problem with bridge operators is that contact info is discarded 16:25:59 we can get at it, but it's never been public 16:26:08 aha, hrm 16:26:09 this could be the first time those contactinfos have been used 16:26:21 we've had many debates about this 16:26:55 TIL. 16:27:01 me too :) 16:27:11 well, we can keep thinking a bit about that point 16:27:17 collector sanitises the bridge descriptors, and one of those things is just deleting the contactinfo line 16:27:25 we discussed hashing it, or just keeping it there 16:27:33 talking to the anti-censorship folks and arma once he is back 16:27:38 in the end we couldn't come up with a good enough justification for changing what we were doing 16:27:55 compared to potential risk of "hey this thing that was secret is now public, surprise!" 16:27:55 irl[m]: is there some ticket that summarizes that discussion? 16:28:04 right 16:28:07 it'd be in trac, i'll make a note to find it 16:28:13 thanks 16:28:36 ggus: anyway, that's been roughly my plan so far 16:28:53 i can try writing it down properly and we can use that then to shape the final policy 16:29:12 i am open to doing something else, though 16:29:37 we likely need some new tooling, too 16:30:01 e.g. for figuring out all the tor versions with sec vulns which are currently out there 16:30:30 but no need to block on that imo 16:30:31 yeah, at least a spreadsheet with some columns like contactinfo | contacted (yes/no) | upgraded (yes/no) 16:30:53 because only email is hard to track. 16:31:05 right 16:31:14 that's actually a good point 16:31:29 (which i would have missed as i am not a spreadsheet guy ;)) 16:31:29 GeKo: do you have an estimation of how many relays are EOL? ~500? 16:31:29 it'd be good to get stats afterwards too 16:31:39 to see if this is a worthwhile thing to do, or to judge strategies 16:31:39 irl[m]: right 16:31:47 good point 16:32:12 ggus: at least 16:32:22 i remember writing a *ton* of mails last time 16:32:32 i hit riseup's sending limits :) 16:32:43 and that was only for those relays we had contact info 16:32:48 eheh! 16:32:49 and how many bridges are EOL... 16:32:58 tor weather maybe used to do this for you? 16:33:00 who knows... 16:33:01 it won't be fun though to have to check all the contacts that replied in the spreadsheet 16:33:21 irl[m]: yep, once it is back one of these days 16:33:28 you mean EOL for tor version? 16:33:39 I can filter that out in grafana 16:34:47 yeah, i think i have scripts for that, too. 16:35:15 * hiro write a notes to share access to the grafana dashboard once riseup smtp is back 16:35:27 right, thanks 16:35:41 ggus: do you feel we are good for the eol item? 16:35:58 let's think about a timeline for this 16:36:20 for eol pinging in general or for this instance? 16:36:34 for eol pinging 16:36:48 heh, yes 16:37:28 what i meant was 16:37:56 for this particular time or more genereally a timeline in our policy 16:37:57 ? 16:38:17 (like once tor x.x.x is reaching eol we starting pinging X weeks afterwards or so) 16:38:46 *generally 16:39:09 i was thinking about this particular time hahah 16:39:32 k. but that reminds me to add something to the policy about the general case 16:39:37 for the policy, i think we should have a timeline, but i don't know what's the time interval we should use 16:39:44 yeah 16:39:56 we could probably look at general update patterns 16:40:21 and then pick a time after the usual folks updated their relays 16:41:21 okay, but this time 16:42:09 this year we have the special event of a debian release (debian 11). i don't know if people will delay their SO upgrades and how that impacts on tor. 16:42:37 right 16:43:15 we could get started, though, and learn things while we are going 16:43:36 seems like looking at the web logs for deb.torproject.org would give insights 16:43:36 what about trying in the week after the hackathon? 16:43:55 GeKo: to start contacting relay operators? 16:43:59 yes 16:44:15 wfm! 16:45:04 okay, let's aim for that and sync on 09/06 whether this is still a good idea? 16:45:16 and meanwhile i try to make progress on the eol policy 16:45:25 kk 16:45:28 including what we brought up today 16:45:43 thanks 16:46:02 that's all what i was aware of, i think 16:46:13 anything else we should discuss today? 16:46:51 i'm good 16:47:49 alright, it seems we made it :) thanks everyone for being here and have a nice week 16:47:53 #endmeeting