13:29:38 <nickm> #startmeeting 13:29:38 <MeetBot> Meeting started Wed Nov 19 13:29:38 2014 UTC. The chair is nickm. Information about MeetBot at http://wiki.debian.org/MeetBot. 13:29:38 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic. 13:29:43 <nickm> welcome! Who's here this morning? 13:29:49 <nickm> (For the tor dev meeting) 13:29:51 * dgoulet here! 13:30:41 <nickm> anyone else? Or is this one of those two-person parties? 13:30:49 <teor> 3 person 13:30:55 <nickm> hi teor ! 13:30:56 <teor> I am Eve 13:31:15 <teor> Hi Nick! 13:31:36 <nickm> In the cryptographic sense, or that's your name? :) 13:31:50 <teor> Sorry, it was a cryptographic joke 13:31:54 <nickm> np 13:32:07 <nickm> So, dgoulet, want to get us started? What've you been up to? 13:32:12 <dgoulet> sure 13:33:03 <dgoulet> so apart from being in Boston with nickm spelunking Tor code base and ecosystem, measuring hs with chutney, reviewing hs stats proposal (soon public to tor-dev) 13:33:28 <dgoulet> so a need review for #13667 would be good so we can take a decision 13:33:42 <dgoulet> (need review == more eyes/ACK on it) 13:34:10 <nickm> hm. So the current favorite proposal on that is...? 13:34:44 <dgoulet> nickm: comes down to two choices 1) END_REASON_DONE and drop the circuit or 2) Insert random delays and finally drop at some point 13:35:03 <nickm> Ultimately, there is no solution to #13667. If a client can try to connect to a port, and if that client can differentiate success from failure, and the scanner knows everything that the client does, then ultimately the scanner can scan ports. 13:35:23 <dgoulet> yes exactly so our best course of action is to make it harder as we can I guess 13:36:10 <nickm> so, if we do END_REASON_DONE and drop, they have to build more circuits and do more introduction handshakes. 13:36:16 <dgoulet> "2)" has the possible drawback of the HS having a lot of opened circ. 13:37:12 <nickm> If we do "insert random delays and finally drop at some point", they have to open just as many circuits, maybe, and their programming job gets a little harder, but they can do multiple queries in parallel, so ultimately we're not slowing them down much 13:37:24 <Yawning> rehi 13:37:33 <nickm> rehi Yawning ! 13:37:56 <Yawning> was getting food >.> 13:38:24 <dgoulet> nickm: yeah the parallel scanning makes that solution a bit useless 13:38:27 <nickm> I think that "drop and kill the circuit" is probably a reasonable thing to do, in terms of trade-off between how much it helps and how hard it is. 13:38:28 <Yawning> ;_; 13:38:34 <Yawning> yeah 13:38:38 <dgoulet> yeah 13:38:58 <Yawning> if people are more paranoid, they could use authenticated HSes or something 13:39:04 <nickm> Yeah. For a real answer, I'd think that better access control is the answer. 13:40:01 <nickm> dgoulet: anything else? Can I ask you to update the ticket? 13:40:42 <dgoulet> nickm: yup I'll update the ticket with that discussion, last thing I have on mylist is #13739, I feel comfortable with red/black tree here and also think it will be a good improvement 13:41:14 <nickm> ok. Want me to pull in the tree.h stuff from freebsd for you? I've done that before, and know some of the failure modes. 13:41:45 <dgoulet> nickm: hrm maybe I should work on that in a seperate branch before you pull tree.h upstream? 13:42:24 <nickm> I dunno; it's pretty easy, and it doesn't hurt us if we remove it later. 13:42:29 <athena> hi meeting! 13:42:42 <dgoulet> nickm: oh well if so, that is no problem for me 13:42:46 <nickm> dgoulet: One reason I would like it in is that the names ned to be mangled, or they'll conflict with system headers 13:42:49 <nickm> ok 13:42:49 <nickm> athena: hi! 13:42:53 <dgoulet> athena: o/ 13:42:55 * dgoulet done 13:42:57 <nickm> Yawning / athena : Who would like to go next? 13:43:01 <nickm> (thanks, dgoulet) 13:43:09 <athena> nickm: i just sent you that libevent patch 13:43:18 <Yawning> was doing that nsf thing, then back into sketch go pt land 13:43:22 <nickm> great; I'll see about applying it RSN. 13:43:33 <nickm> "sketch" go pt land? 13:43:35 <Yawning> I have a huge list of little-t tor stuff I want to do that I should get to shortly 13:43:45 <Yawning> well, that whole ntru thing 13:43:50 <Yawning> has a use case 13:43:56 <athena> the to branch using it is almost ready to go modulo me figuring what to do about needing to call tor_gettimeofday_cached() from util.c, but that being in compat_libevent.c and tor-resolve not linking it 13:44:24 <athena> good thing we did this, turns out the old attempt at monotonic time by a ratchet mechanism is totally broken 13:44:38 <nickm> athena: Does tor-resolve need tor_gettimeofday_cached? 13:44:53 <nickm> If not, define a libor_time that has the time manipulation functions 13:45:39 <athena> notice the missing static: https://gitweb.torproject.org/tor.git/blob/HEAD:/src/common/compat_libevent.c#l714 13:45:52 <athena> ok 13:46:06 <nickm> owwwww 13:46:14 <nickm> could you open a ticket for that, marked 025-backport ? 13:46:18 <athena> okay 13:46:43 <athena> in the new branch that function is going to go away in favor of the new monotonic time mechanism that preferentially calls libevent 13:46:47 <athena> but yeah we should backport 13:48:00 <nickm> great 13:48:09 <nickm> anything else? Plans after monotonic time is in? 13:48:35 <athena> probably that sticky-IP thing 13:48:43 <athena> #13705 13:49:02 <nickm> hm... I dunno if that's actually a good idea. Did we decide it achieved anything? 13:49:57 <teor> Weren't there also concerns with burning the keys (& therefore history) if the IP did actually change? 13:50:41 <nickm> well, that's the cost of saying that your IP won't change and then being wrong 13:51:25 <teor> Yes, I guess so 13:53:10 <nickm> athena: so, I guess I wouldn't mind doing that, though I'm not 100% sure it's the best use of your time. 13:53:14 <teor> Do we know if this is a current attack? 13:53:26 <nickm> teor: Well, servers get seized occasionally. 13:53:51 <nickm> So I guess it might be worthwhile to try, if we can do it on the quick side. 13:53:58 <teor> (And recently. It would certainly supplement the manual bad relays process.) 13:54:21 <nickm> athena: Actually, here's a thought. My #12498 work includes a key-pinning mechanism to keep Ed25519 keys tied to RSA keys by the authorities. 13:54:32 <nickm> There could be an IP pinning mechanism integrated with that too. 13:55:00 <Yawning> hmm 13:55:12 <nickm> athena: so maybe do the relay-side of #13705 now, and the authority-side once #12498 is in? 13:56:04 <athena> nickm: hmm, okay 13:57:08 <nickm> athena: also, could I ask you to take a pass through the needs_revision and needs_review tickets for patches you wrote, in case there's code for you to fix or questions to answer? 13:57:18 <nickm> I think there's some pending thing somewhere; maybe two 13:57:49 <nickm> Yawning: do you want feedback/ideas about any of the tor stuff you're going to be working on, or should I just chill out and wait to see what happens? :) 13:58:13 <Yawning> prolly chill for now I'll come screaming if I find something scary 13:58:31 <nickm> okayz 13:58:36 <athena> nickm: okay, sure 13:58:52 <nickm> teor: So, thanks for filling me in on #13787 / #13718 . 13:59:35 <nickm> Am I right that #13161 and #13163 are fixed in master, and they're only open because they're awaiting backport evaluation for 0.2.5? 13:59:37 <teor> No worries. Working on #13718 now. 13:59:55 <teor> I had them open for unit tests. 14:00:02 <teor> Did we want to backport them as well? 14:00:04 <nickm> ah, ok. 14:00:06 <nickm> Not sure. 14:00:17 <teor> Well, there's two reasons 14:00:20 <nickm> I think it's conceivable that backports are a good idea. and conceivable that they aren't. :) 14:01:09 <nickm> wrt #13718: The fix you propose makes sense to me, assuming it does fix it 14:01:38 <teor> If we backport #13718, we may not need to backport parts of #13161 14:02:05 <teor> Particularly the TestingDirAuthVoteExit option 14:02:39 <nickm> Hm. I want to avoid unnecessary backports, but it's pretty useful to have Tor stable running in Chutney, so that we can test mixed networks 14:04:20 <teor> I think that #13718 may resolve (some of) the issues we were using TestingDirAuthVoteExit to solve in #13161 14:04:22 <nickm> but let's make sure that this fixes master first. 14:04:34 <teor> Yes, then we can decide which goes where 14:04:37 <nickm> then we can figure out what to backport 14:04:38 <nickm> yeah 14:07:32 <nickm> so, hm. next is me. 14:07:56 <nickm> First thing is that I'm noticing that I have a bunch of patches piling up in needs_review and needs_revision again. I need folks to check them out when they have a chance. 14:08:23 <nickm> I've used the nickm-patch keyword to indicate "nickm wrote or substantially rewrote this patch" so I can identify stuff for me to review or revise. 14:09:04 <nickm> Second thing is, more and more progress on 0.2.6. So that's good. I'm doing #12498. (Still. It's big!) And applying new testing ideas as I do it. 14:09:21 <nickm> I'm hoping I can write up a quick integration testing plan draft before the next meeting. 14:09:43 <nickm> Hm, what else? We triaged some tickets out of 0.2.6, but I suspect we'll need to triage or prioritize more if we're going to freeze in January. 14:10:18 <nickm> And just as a reminder, the freeze needs to be for features *and* nontrivial non-regression bugfixes. 14:10:41 <nickm> And if there's anything big that needs to happen, we should try to get it done in December. 14:11:12 <nickm> So maybe we need some way to indicate our top priority tickets to get to in Nov/Dec/Jan. 14:12:17 <nickm> Hm. What if I did a dump of the tickets currently in 0.2.6, and asked everybody who cares to rate them 1..100 in difficulty and 1..100 in importance in a text file. Would people like to do that? 14:12:30 <Yawning> sure 14:12:33 <nickm> or am I overthinking? 14:12:46 <Yawning> dunno if that's neccecary though 14:12:50 <nickm> (google spreadsheet? Is there a non-google shared spreadsheet tool?) 14:12:53 <nickm> Well, hm. 14:13:13 <nickm> How else could we try to make sure we're not spending time on less-important stuff? 14:13:21 <Yawning> hmm 14:14:31 <teor> The points system in trac? (How does that work, anyway?) 14:15:04 <nickm> no idea 14:15:09 <nickm> and I don't think it supports multiparty results. 14:15:33 <teor> Ah, no votes. Oh well. 14:16:47 <dgoulet> can we triage bug and just build a list of "This has to be fixed before release" and "This can wait after"... and go from there? 14:17:48 <nickm> Well, the hard part about that is that we've done it in the past.... but we can't have both a "must-fix" list *and* a freeze deadline. 14:18:21 <teor> Unless one of them is simply a suggestion 14:18:31 <nickm> true 14:18:44 <teor> In which case, we should be honest and call it that 14:19:01 <dgoulet> "must-fix whishlist" *and* a freeze deadline :) 14:20:38 <nickm> https://docs.google.com/spreadsheets/d/1_fsXOPmbqBuoJD1ufVQO0Ehy21uJyE5TWqdQWkfRxVo/edit?usp=sharing 14:20:56 <teor> In the tradition of RFCs, a SHOULD fix wishlist? :-) 14:21:23 <nickm> I'm going to be doing this in terms of "priority" and "hardness" on a 1..100 scale; everybody else should add columns that work however they want. Let's plan to get this sorted out by Friday morning? 14:21:30 <nickm> https://docs.google.com/spreadsheets/d/1_fsXOPmbqBuoJD1ufVQO0Ehy21uJyE5TWqdQWkfRxVo/edit?usp=sharing 14:21:36 <Yawning> MUST (BUT WE KNOW YOU WON'T) 14:21:37 <nickm> that second link is supposedly the editable one 14:21:52 <nickm> Sorry about the google 14:22:01 <nickm> don't put any sekrit stuff here. 14:22:15 <teor> I'll abstain, as I don't have the time 14:22:18 <nickm> and if you'd rather have an ods, ask somebody to export the sheet and copy something in 14:22:22 <nickm> teor: ok 14:26:21 <nickm> anything else for this week's meeting? 14:28:18 <dgoulet> (on nickm's order :) 14:28:20 <dgoulet> #endmeeting 14:28:29 <Yawning> *baf* 14:28:31 <dgoulet> oh ahha 14:28:35 <nickm> In that case, I declare us done. 14:28:38 <nickm> #endmeeting