#tor-dev log

16:59:36 <nickm> #startmeeting jun 26 network team meeting
16:59:36 <MeetBot> Meeting started Mon Jun 26 16:59:36 2017 UTC.  The chair is nickm. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:59:36 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
16:59:45 <nickm> our pad is at http://5jp7xtmox6jyoqd5.onion/p/M0GDbCeZm8be
16:59:52 <nickm> hi pastly! hi everyone!
17:00:02 <blister_blue> ja i already use this for the new and built events
17:00:07 <asn> hello meeting
17:00:11 <ahf> hello
17:00:13 <blister_blue> because i know the circuit object from building it
17:00:16 * catalyst is a bit delayed writing summary due to a preceding meeting
17:00:20 <nickm> hi Sebastian asn dgoulet komlo isis ahf mikeperry haxxpop catalyst etc!
17:00:34 <meejah> blister_blue: hmm, meeting; shall we go to private-messages?
17:00:44 <nickm> no worries.  Step one, let's all get our notes down, and read each other's notes.
17:00:46 * pastly will write his update in real time in the pad as usual
17:00:47 <blister_blue> meejah: !
17:00:52 <dgoulet> hello meeting
17:02:18 <nickm> isabela: you here for this one?
17:02:33 <nickm> isis: you around today?
17:03:14 <isabela> oi
17:03:17 <isabela> yes
17:03:21 <nickm> cool
17:03:52 <isis> o/
17:04:13 <isis> morning :)
17:05:33 <nickm> one  topic while we wait on updates -- how is this meeting format working for people?
17:06:06 <asn> i like it the pad approach more than the real-time typing approach i think
17:06:20 <asn> s/like it/like//
17:06:24 <ahf> i think it is evolving nicely (highlighting things in people's posts, that we now write *before* meeting)
17:06:36 <ahf> think that is good
17:06:58 <nickm> having teor send out the pad the day before is pretty awesome
17:07:00 <ahf> and it's very nice teor sends it out sunday
17:07:05 <ahf> yes, +1
17:07:14 <nickm> any ideas for changes/improvements?
17:07:45 <pastly> Without being around for those pad-less meetings, I think this is great.
17:08:22 <pastly> ooo especially if we have stuff at the top like we do in this one
17:08:50 <nickm> like a link to the past meeting pad's contents, and general announcements at the top?
17:08:55 <haxxpop> hi !!
17:09:18 <pastly> nickm: yes. all of it. link to last week, announcements, discussion topics.
17:09:39 <nickm> hi haxxpop
17:09:49 <isis> how are we doing hilighting?
17:09:54 <nickm> isis: on the pad?
17:10:07 <nickm> I suggest we use boldface for "let's talk about this"
17:10:07 <isis> oh i see, in bold
17:10:20 <isis> brilliant
17:10:21 <nickm> please feel free to boldface your stuff or other people's stuff.
17:10:32 <nickm> let's start with the general announcements and start moving downward.
17:10:45 <isabela> isis: how is the internship gig post going?
17:11:06 <nickm> the first thing: three needs_review tickets are left in review-group-18.  Please, let's get them reviewed.
17:11:07 <dgoulet> I like this format as well so far
17:11:31 <nickm> Second thing: there are 34 tickets in 0.3.1.x, including 9 "new" tickets with no owner.  Some of those look like bad bugs or regressions.  We need somebody to take more of them on.
17:12:01 <nickm> Since those are task-allocation announcements, any suggestions for what to do on them?  Shall we talk when the meeting is done, or shall we start with a grab phase and then I start assigning, or something else?
17:12:43 <nickm> (how do sensible teams assign work?)
17:13:30 * asn will finalize #21969
17:13:41 <nickm> ty
17:13:44 <asn> wrt to current needs_review bugs
17:13:58 <asn> the base64 one has catalyst as assigned reviewer
17:13:59 <isis> isabela: oh dang that is another thing i need to do
17:14:00 <catalyst> i like prioritized columns (you don't have to go full Scrum if you don't want), but having drag-and-drop or physical sticky notes helps a lot
17:14:01 <asn> the other two look quite similar
17:14:14 <asn> both about relevant paths in sighup
17:14:18 <asn> *related
17:14:22 <asn> *relative
17:14:43 <asn> im super full this week so im hesitant to take them, but i will if nobody goes for them
17:14:48 <nickm> catalyst / isabela: do you know any good online tooling to set up what catalyst is suggesting, either with a spreadsheet or whatever?
17:14:54 <isis> isabela: i was planning to spend part of today going over the applications
17:15:06 <catalyst> asn: which base64 one?
17:15:14 <ahf> isn't only sticky notes a bit like what trello provides?
17:15:15 <asn> catalyst: ehm the one about equal signs
17:15:19 <ahf> s/only/online/
17:15:21 <isabela> isis: cool, good to know ppl are applying to it
17:15:35 <asn> catalyst: #7869
17:15:39 <catalyst> asn: yeah that's #7869 i think, and not 0.3.1.x?
17:15:50 <catalyst> ahf: yeah i like Trello
17:15:52 <asn> catalyst: ye. was talking about the review-group tickets
17:15:54 <isis> isabela: there are like ~20 applicants! :)
17:15:59 <isabela> !!
17:16:02 <ahf> wow, nice
17:16:06 <catalyst> wow
17:16:28 <pastly> nickm: catalyst isabela I've seen projects use Trello https://trello.com/
17:17:00 <catalyst> though i think if we want to use Trello, our volume is high enough that we could benefit from some automation
17:17:01 <nickm> 3rd and final announcement: this is the first month when employees are encouraged to use harvest, so let's all try it out. It would be sad if we got to the end of july before we realized we didn't know how to use it.
17:17:24 <catalyst> when's the official cutover to Harvest?
17:17:44 <Yawning> #22653 is a guard selection algorithm regression right?
17:18:08 <nickm> that ticket doesn't actually make sense to me; it _might_ be?
17:18:14 <Yawning> "pts are even more broken than usual, the obfs4proxy stuff is a red herring, because I haven't touched the code at all"
17:18:20 <Yawning> well, with tbb 7.0.whatever
17:18:25 <Yawning> it failed to boostrap
17:18:32 <catalyst> Yawning: possibly a regression? it's hard to tell
17:18:32 <Yawning> on an upgrade with pts enabled
17:18:40 <isabela> nickm: also it would be great to receive all pending expense reports so far by end of june - cuz tor's fiscal year actually ends in june, and if you send it out accounting can close it as part of the fiscal year that is ending
17:18:41 <Yawning> and when I blew away the tor state dir
17:18:44 <nickm> catalyst: in theory, it's optional for june and july. if something doesn't work, then it's optional for longer
17:18:45 <Yawning> it started working
17:18:52 <nickm> yes, what isabela said
17:18:55 <Yawning> so I assume it's something fucked with the guard shit
17:19:07 <asn> Yawning: ack
17:19:10 <ahf> and if we go back and use harvest from earlier weeks in june we don't need to send any spreadsheet for june to sue?
17:19:21 <asn> Yawning: i was not aware of that ticket, will check it out tomorrow along with the useful info you just said
17:19:40 <isabela> ahf: yes, if you use harvest no need for spreadsheets
17:19:50 <Yawning> what I just said was what happened to me
17:19:54 <Yawning> in a vm
17:19:56 <catalyst> Yawning: i think we know something's odd with guards in 0.3.0; we might have fixed some but not all of it? i find that code difficult to read
17:20:00 <Yawning> when I was testing the sandbox in fedora
17:20:12 <Yawning> but I didn't root cause it or look at the logs hard
17:20:17 <Yawning> because, I wanted to actually test the sandbox
17:20:23 <Yawning> and not fuckaround chasing tor regressions
17:20:27 <ahf> isabela: thanks
17:20:48 <Yawning> ymmv
17:21:01 <Yawning> 99% sure it has nothing to do with obfs4 though
17:21:11 <Yawning> because that shit isn't getting any updates at all
17:21:27 <catalyst> Yawning: i'm inclined to agree with you. i
17:21:50 <catalyst> i've noticed the obfs4 correlation but i think that's due to repeated relays
17:22:12 <nickm> ok, so shall we start going through topics?
17:22:17 <isabela> pastly: re:trello - i just added a task to cath up with hiro on our discussion in wilmington about this stuff
17:22:35 <Yawning> I think people bring it up for obfs4 because it's the default
17:22:47 <asn> nickm: yes plz
17:22:50 <Yawning> so people are using it (regardles of how I feel that no one should)
17:23:20 <catalyst> Yawning: i saw it with obfs4 and not so much with other PTs in TB 7.0
17:23:32 <nickm> I don't see questions from/for teor, mikeperry , asn, haxxpop.
17:23:43 <nickm> dgoulet: did we learn anything important at the drl meeting?
17:24:00 <dgoulet> nickm: not concerning the network team _except_ what I sent to the netteam list about a PT poc
17:24:13 <dgoulet> that thread has stalled after teor's reply
17:24:23 <mikeperry> nickm: I added my question/discussion topic at the top of the pad
17:24:43 <Yawning> heh
17:24:45 <asn> dgoulet: i agree with teor's reply and issue enumeration, but was not sure what to do about it.
17:24:56 <haxxpop> dgoulet, have you done the hs v3 fuzzing ?
17:24:59 <nickm> dgoulet: okay. we'll need to figure out who bells the cat there.
17:25:00 <asn> ETOOMANYFIRES
17:25:02 <Yawning> so the drl wants to dump more money into a fundementally intractable problem >.>
17:25:06 <dgoulet> haxxpop: let's talk about it after the meeting
17:25:07 <catalyst> dgoulet: i had forgotten that thread; i'll take another look at it
17:25:12 <mikeperry> I am wondering how urgent #22422 is compared to other guard discovery attacks. it seems pretty contrived of an attack. when I talked to karsten months ago, he wasn't convinced we need noise (but have not heard from him since)
17:25:27 <dgoulet> catalyst: ok
17:25:41 <nickm> mikeperry: are you and teor able to get any progress towards agreeing there?
17:25:42 <mikeperry> my instinct is to tag it as 'potential-guard-discovery' so we can prioritize it vs other guard discovery attacks we enumerated
17:25:46 <mikeperry> it seems very low on the list, to me
17:25:53 <dgoulet> we do have many fires but the PT one is low amount of work, just a contact point in our team for it would be a good start
17:25:58 <nickm> mikeperry: have you tried to get karsten to opine?
17:26:13 <isabela> dgoulet: +1
17:26:50 <nickm> I would want at least two people who care to be joint point-of-contact handlers; just one  tends to get overwhelmed.
17:27:07 <isabela> (btw I added another reminder at the pad, sorry for doing it out of order in the meeting)
17:27:24 <mikeperry> nickm: I could email him I suppose
17:27:25 <nickm> I could nominate folks, but does anybody want to do it?  Maybe people who expressed interest in working on anticensorship stuff in wilmington?
17:27:25 <asn> i can be secondary point-of-contact, but im not gonna do a good job as the primary one.
17:27:35 <nickm> mikeperry: that would help!
17:27:55 <asn> i think i can inform people of historical decisions and help with the spec stuff
17:27:59 <catalyst> what is the scope of the "PT contact"?
17:28:10 <isabela> yeah i was going to ask for that
17:28:26 <Yawning> catalyst: "depends on who you need to work with"
17:28:34 <isabela> maybe we can define that first, how we will tell the world who this person is and what this person will be doing
17:28:43 <Yawning> in some cases yo end up writing lots of reports and hating you rlife
17:28:53 <dgoulet> isabela: +1 and maybe that email thread is a good place to have that discussion
17:28:54 <dgoulet> catalyst: ^
17:29:00 <isabela> dgoulet: yes
17:29:17 <isabela> Yawning: :) that was due to deliverables related to a proposal not necessary what this person will do now
17:29:33 <mikeperry> asn,nickm,all: speaking of guard discovery though, can we agree on a tag to go through and file/tag all of the attacks we brainstormed or reviewed in wilmington?
17:29:34 <isis> i can also try to be a point of contact, but i also may not be the best primary one
17:29:37 <asn> i guess it involves stuff like: answer to the pt-spec v2.0 emails. be the contact person for PT funders. and maybe even inform community about PT stuff, write blog posts, etc.
17:29:47 <isabela> i can write what we did on that front and see what can be done moving fwd with it
17:29:47 <catalyst> dgoulet: does that mean the DRL thread?
17:29:50 <nickm> mikeperry: yes, that's a good idea. guard-discovery is what i'd choose, but that's fine
17:30:05 <dgoulet> catalyst: yes
17:30:08 <asn> mikeperry: i answered this stuff a few days ago on #tor-dev
17:30:11 <nickm> err, whatever you want to pick is fine
17:30:17 <asn> mikeperry: we already have guard-discovery as a tag on #9001, so let's ues that
17:30:31 <Yawning> isabela: uh huh
17:30:42 <asn> mikeperry: feel free to tag the padding stats ticket as that tag, if you feel it's an attack (i havent looked at ticket yet)
17:30:42 <nickm> questions from me: I'm about to send out my notes from wilmington on supported platforms.  If anybody has additional comments for what to change there first, please make sure I know.
17:30:47 <isis> i guess we agreed in wilminton that i was going to stop helping with guard algo stuff and focus more on anticensorship?
17:30:52 <mikeperry> asn: ok great. sorry, I missed that scrollback.. the irc shell server rebooted..
17:30:57 <isis> is the PT funder Sponsor M?
17:31:28 <nickm> second question: i'm going to put out an 0.3.1.x alpha release again later this week; would anybody be interested in co-piloting with me? I'd like at least one or two more of us to be able to do release-manager stuff
17:31:36 <isabela> isis: yes is related
17:31:55 <asn> mikeperry: wrt filing trac tickets for remaining issues: let's do it for the ones where we have a plan forward.
17:31:56 <nickm> third thing: isabela: can I send out the sponsor assignments from the wilmington spreadsheet? It's hard to help people plan without advancing that.
17:31:59 <Yawning> (On the pt note, does anyone use onionbrowser and know if it displays the obfs4 copyright in a visible location)
17:32:29 <isabela> nickm: what you mean by send out? coordinate with the team?
17:32:33 <catalyst> i'm willing to help with PT coordination stuff but i'd want better definition and context before agreeing to be a primary contact
17:32:48 <nickm> isabela: coordinate with the team, put on the wiki, make sure it works out w finance, etc
17:33:47 <isabela> nickm: can we sync off meeting? I am getting the stuff with brad, met with him last week but still missing one spreadsheet
17:34:01 <nickm> ok, aure
17:34:15 <nickm> #action nickm and isabela coordinate about team <-> contract mappings
17:34:16 <isabela> nickm: i think the general allocation we did on the nsf spreadsheeet counts for folks to know their area of work
17:34:46 <nickm> anyone who whould like to help work on the next release can let me know.
17:34:47 <isabela> nickm: just the percentage of things that i need brad stuff so we can plan that
17:34:48 <ahf> nickm: i'm up for helping with release management
17:35:03 <nickm> ahf: woo; once we have a couple more 0.3.1.x bugs fixed, let's start on it
17:35:03 <isabela> nickm: does that makes sense?
17:35:10 <ahf> nickm: yes
17:35:15 <nickm> isabela: sure, I think?
17:35:45 <nickm> next question I see is from isis ...
17:36:08 <catalyst> i'm happy to give advice about release engineering based on my prior experience elsewhere :)
17:36:31 <nickm> backend moat things -- I agree that's something that TB needs soon.  It's a good idea to stay in contact with other network-team stuff like review while you're doing it, but I don't think there's a must-do-first coding task here
17:36:39 <nickm> did that answer your question?
17:37:01 <nickm> catalyst: cool!  I'll invite you to "watch over our shoulder" as we do it
17:37:05 <nickm> and/or help as you prefer
17:37:12 <isabela> nickm: we should follow what was organized in wilmington / where we listed sponsor's tasks and folks who wanted to work on them raised their hands and we added their name on the storm spreadsheet - what is pending is to know how folks should break their time between those tasks, if 10% on M or 30%..
17:37:50 <nickm> ok.  given that, I thinnk we should get the info onto the wiki, and add percentages afterwards.  Agree?
17:37:54 <isis> yes, i think that answers
17:38:10 <isabela> nickm: yes
17:38:23 <catalyst> nickm: happy to help; i think it's better to let less-experienced people have a chance to learn by doing of course
17:38:32 <nickm> more discussion topics this week?
17:38:35 <isabela> nickm: we can continue off meeting
17:38:38 <nickm> stuff we went over too fast?
17:38:47 <nickm> stuff we never really answered?
17:38:48 <asn> review-group tickets still not assigned
17:39:05 <catalyst> also who was interested in doing vuln management (volunteers in Wilmington maybe)?
17:39:17 <asn> what is vuln management?
17:39:24 <catalyst> vulnerability managment
17:39:36 <asn> what is vulnerability management?
17:39:53 <Yawning> "flipping the fuck out when someone figures out how to pnw shit"
17:40:04 <Yawning> "and cordinating disclosure etc"
17:40:05 <catalyst> how to deal with things when you find or have a report of a vulnerability in your software
17:40:26 <isis> how do i pnw shit
17:40:38 <asn> i think nick has done a few documents of that nature
17:40:48 <isis> "i pacific northwested the hell out of that vuln" lol
17:40:56 <Yawning> first you find someone that isn't disabled that can actually type to make fun of
17:41:03 <Yawning> ...
17:41:05 <haxxpop> isis, nice point
17:41:05 <Yawning> profit
17:41:39 <isis> awww, sorry i thought there was some cascadia reference there
17:42:10 <catalyst> but we were talking about vulnerability handling at Wilimington and some people volunteered to do more coordination with downstreams etc., i think?
17:42:32 <asn> nickm: so yeah, two review-group tickets not assigned reviewer yet. i already have lots of prop224 review for this week. i would prefer not to take them if possible.
17:42:48 <asn> nickm: can we pass them to someone else? else i see them sticking around for ever -- they are that kind of patches.
17:43:19 <dgoulet> catalyst: I recall an informal discussion with armadev on that but was there any action items following that?
17:43:26 <nickm> I'll take them on, I guess?  but this will slow down all reviews for everybody else.
17:44:09 <catalyst> any opinions on the relative priority of #22101 and #22102 vs #7869? i might be willing to take a look
17:44:32 <catalyst> i recall that those two are related but involve potentially hard design choices
17:44:34 <dgoulet> to continue on what asn just mentionned about prop224, July is the end of R and our soft deadline for prop224 so him and I will be very busy with it :S
17:44:40 <isis> i can take another ticket for review
17:44:58 <isis> trac is misbehaving for me again :/
17:45:01 <dgoulet> (datapoint on our stack)
17:45:29 <nickm> catalyst: imo the underlying issue is more important than either one.
17:45:55 <catalyst> so should we open a parent ticket for the underlying issue?
17:45:56 <nickm> and a decision there would make both tickets easier to decide about.
17:46:19 <catalyst> oh #22101 is already a parent ticket
17:46:29 <nickm> wrt #7869, I can do the next review, since i'm paranoid about dirauth breakage
17:47:07 <catalyst> nickm: at the very least it seems like test coverage for the padded/not-padded differential is missing
17:47:10 <nickm> part of me is okay with deferring these tickets, but part is not: it's not good to let volunteer patches sit around and gather dust
17:47:21 <asn> #7869 is kinda disgusting: too much alterations for almost no benefit
17:47:22 <catalyst> nickm: i tend to agree with that
17:47:49 <pastly> I think relative path stuff should probably take a back seat. I also think the ultimate solution is to have the user specify everything relative to the DataDirectory. For the backend ... well I remember nickm (I think) saying things that sounded good to me in the tickets
17:48:27 <asn> nickm: def agreed about the volunteer part tho +1
17:48:30 <catalyst> i think i recall TB on MacOS needing specific relative paths to work for the PT proxies
17:48:56 <nickm> ok. let's give it a shot on these today, and i'll open the next review group
17:49:07 <nickm> any more open things we missed?
17:49:08 <catalyst> asn: yeah there's a reason i removed the "easy" tag from that ticket
17:50:05 <ahf> nickm: are you going to be off on summer vacation at some point (and if so, when?)
17:50:09 <ahf> maybe also goes for other people
17:50:16 <nickm> i don't know yet :)
17:50:18 <ahf> ok!
17:50:22 <nickm> maybe let's talk about that on-list?
17:50:27 <nickm> if no more issues...
17:50:27 <dgoulet> fwiw, I'll inform the net-team list when I,ll know
17:50:32 <ahf> yes
17:50:35 <ahf> ditto
17:51:15 <nickm> #endmeeting