16:00:02 #startmeeting tor anti-censorship meeting 16:00:02 Meeting started Thu May 26 16:00:02 2022 UTC. The chair is shelikhoo. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:00:02 Useful Commands: #action #agreed #help #info #idea #link #topic. 16:00:31 here is our meeting pad: https://pad.riseup.net/p/tor-anti-censorship-keep 16:00:31 feel free to add what you've been working on and put items on the agenda 16:00:42 hello o/ 16:01:17 hi 16:01:21 hello 16:01:22 hi~ 16:03:48 we have a new irc channel for the anti censorship team: #tor-anticensorship 16:04:01 we wanted to have a bit less noisy channel than #tor-dev to talk 16:06:53 I added the first topic for discussion: 2FA in gitlab? 16:07:06 okay, I think there was some 'new' topics on the pad that was later removed 16:07:21 ohh, is probably my fault, sorry 16:07:27 this this something expected? 16:07:29 I thought it was everything from last week 16:07:54 please have a check.... I was not that sure, but it is worth mentioning 16:08:29 ok, I saw the same stuff that was last week and removed it, but maybe there was something new there 16:08:34 * meskio goes to check the history 16:09:31 there was a topic about go 1.18 and snowflake 16:09:31 I think is lost, sorry for that 16:09:36 that is new 16:09:46 I just added it back 16:09:49 yes.... 16:10:24 I'll be more careful next time, sorry 16:11:09 should I go with the 2FA point? 16:11:24 yes, let's begin the discussion section 16:11:35 first is the 2FA on gitlab 16:11:42 other teams do require people to have 2FA in their gitlab accounts to have access to commit to the repos 16:11:54 I think will be nice to have the same policy in the anti-censorship 16:12:02 what do you think? 16:12:25 (most of us already have 2FA enabled, we'll need to poke a couple of people) 16:14:29 I am in support of enabling 2FA in general, but maybe we can contact non-2FA account owners to request enabling 2FA first 16:14:38 before enforcing this policy 16:14:43 yes, sure 16:15:08 I can do that, if we decide to enforce 2FA I will contact personally the people that doesn't have that and ask them 16:16:23 TOTP should work for most people(so longer as there is no constant logout), and FIDO2 works quite charmingly. 16:16:48 yes, I use my yubikey for FIDO2, and I'm happy with it 16:17:07 although 2FA have limited security improvement if password is already generated randomly 16:18:16 even if is random 2FA helps to make hard to reuse a password found once, but I agree 2FA is not so important if we have good password 16:18:30 but is easier to enforce 2FA and good passwords... 16:20:01 I will assume the silence is an agreement, anyway I'll check with the people without 2FA is this is a problem for them 16:20:48 there was some talk about 2FA help with phishing and MITM... but the MITM part is never materialized... 16:21:06 (specificity FIDO) 16:21:37 okay we can move to the next topic: go 1.18 & snowflake 16:22:27 if my instinct was correct, this topic is added by cohosh, is that correct? 16:22:38 nope >.< 16:22:52 i vaguely remember someone mentioning it 16:23:04 do we get again misterious discussions points from people that is not around? 16:23:39 heh maybe, one sec i'm gonna try and remember where i saw this 16:24:33 I see the CI uses 1.7 and go.mod says 1.13 16:24:54 I think is handy to keep go.mod <= debian stable go version 16:25:18 I was developing with go1.18.1 and no issue were discovered 16:25:51 the docker snowflake-proxy does use 1.18 16:26:21 BTW, I just uploaded new versions of the docker snowflake-proxy 16:26:39 meskio: awesome, thanks for doing that 16:27:02 (the debian package is taking me a bit of work...) 16:28:36 shoot i can't remember, it might have been some random gitlab issue or an irc comment or an email 16:30:43 hopefully whoever it was reaches out again 16:30:57 I hope so 16:31:01 https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40474' 16:31:09 is this the link? 16:31:38 aha! 16:31:51 https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40464 16:32:42 i am not sure why cypherpunks made the link to snowflake here 16:33:29 or maybe the applications team is trying to bump the go version and wondering if it will work with snowflake? 16:33:55 in any case, we could update the CI to target 1.18 as well 16:34:05 yep 16:34:10 it seems this can be fixed with upgrade a package 16:34:20 yes, let's update the CI 16:34:40 I will assume the new version of snowflake doesn't introduce any dependency that requires go 1.18, the CI is working, so this should not be a blocker 16:35:01 I mean, tests pass on go 1.17 apparently 16:36:00 i made snowflake#40144 16:37:04 anything more on this topic? 16:37:12 not from my side 16:37:44 not from me 16:38:36 there is one more action topic: send wireguard public key to get tty access to snowflake-02 16:38:55 actually shell access 16:39:24 I'm happy dcf wrote some tutorials, I haven't done much with wireguard up to now, but I guess is time to learn :) 16:42:40 I have some experience with wireguard... I can do this first just to try this wireguard setup 16:43:06 :) 16:43:06 but I don't have that much faith in wireguard.... 16:43:35 I don't expect myself to actually need that shell access... 16:43:48 but it is good to try this wireguard..... 16:44:09 I think is good that some people besides dcf has access to be able to fix things if they break 16:44:47 okay, last time there was a break, shell access didn't help 16:44:55 yep :( 16:45:25 but no worry, once we got distributed server support running 16:45:52 the bus factor for snowflake server will increase 16:46:06 although the broker will remain a weak point 16:46:42 +1 16:47:34 that's everything on the pad, did I miss anything? 16:48:35 maybe we are done :) 16:49:13 yes... thanks for everyone 16:49:14 #endmeeting