#tor-meeting log

16:59:49 <nickm> #startmeeting spoooooooooky network team meeting, 30 October 2017
16:59:49 <MeetBot> Meeting started Mon Oct 30 16:59:49 2017 UTC.  The chair is nickm. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:59:49 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
17:00:01 <nickm> https://pad.riseup.net/p/u49bchrShds1 is our pad; hi everyone
17:00:07 <isabela> thanks
17:00:15 <ahf> hello hello
17:00:57 <dgoulet> yellow!
17:01:55 <haxxpop> hi !
17:01:59 <nickm> so, big transitions this week as we mive on to November.
17:02:39 <nickm> *move
17:03:00 <nickm> It's time to look at our roadmap, see what we'll have done in Nov, see whether anything will go unfinished from Oct, etc
17:04:27 <nickm> That's over at https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdrriaYfUBQ/edit?usp=sharing
17:04:52 <nickm> anything in October not already finished, or going to get finished for tomorrow?
17:05:09 <nickm> If so please make a note and delay to november
17:05:48 <ahf> ack
17:06:11 <nickm> dgoulet, catalyst, ahf, asn (plus teor and mikeperry) (plus me) -- that's you :)
17:06:27 <nickm> ahf: how are we doing on line 7 with the measurements.  I see that it's done; how far is it from being "in usage"?
17:06:43 <nickm> like, do you have time to write down the instructions today, or make a branch to merge, or whatever? or will that be november?
17:07:11 <catalyst> nickm: mine involve an unanswered question on the pad ;)
17:07:49 <ahf> nickm: are you thinking of the instructions to run things on android? asfaik there is no branches to merge in any of this for tor.git (some to orbot.git)
17:08:01 <ahf> i think the CPU + memory part will be done tomorrow or wednesday, the battery part at the end of the week
17:08:03 <nickm> catalyst: How hard is it to test with eg git bisect?
17:08:23 <nickm> ok, "done" in the sense of having instructions that other people can follow?
17:08:37 <ahf> yes, this week for all of them
17:08:43 <nickm> ok.
17:08:44 <ahf> including sample data from a nexus 5x
17:08:52 <ahf> that is my "test" device
17:08:55 <nickm> #action ahf will get the sample data and the instructions for measurement this week
17:09:05 <nickm> if you have to pick one, I'd say the instructions are more important
17:09:22 <catalyst> nickm: i still have no automated test for this, and if i did, it would be fairly expensive. i could try a manual bisect if people think that's important
17:09:30 <ahf> ok! i will flag the item to "early november" in the roadmap sheet?
17:09:43 <nickm> ahf: yes please
17:09:51 <ahf> nickm: do you think the data i showed you today could be of any use when we are past the short amount of sample period that was shown?
17:09:57 <ahf> because i'm going to proceed with that for now
17:09:59 <nickm> catalyst: I think that we can probably guess that it's just the new guard stuff, if that went into 0.3.0
17:10:05 <nickm> ahf: yes
17:10:07 <ahf> for CPU profiling that is
17:10:07 <catalyst> nickm: i think it's possible that the 0.3.0 guard work influenced it, yes
17:10:14 <ahf> great, thanks
17:10:50 <nickm> asn: Shall we also postpone lines 4 and 5 to november?  FWICT they are ongoing work...
17:10:55 <catalyst> nickm: are we ok with accepting that hypothesis and not backporting to 0.2.9?
17:11:19 <ahf> nickm: can i test instructions on you? do you have a device that you are willing to build custom orbot apk's on and run stuff on?
17:11:25 <nickm> so, if we tried it on 0.2.9 and it didn't work, I think it's okay not to backport.
17:11:35 <nickm> ahf: depends how big the instructions are!  let's see how it goes
17:11:42 <ahf> cool :-)
17:12:01 <nickm> dgoulet: same question wrt line 11, #23681
17:12:24 <dgoulet> nickm: it is on my todo list for this week in my status, it is a very tricky one so it might overlap in November but this week is my goal
17:12:26 <nickm> catalyst: that is, if we tried the bypass on 029 and it didn't work, I think we can accept the hypothesis
17:12:43 <nickm> dgoulet: let's call it early-nov?  October ends tomorrow.
17:12:51 <dgoulet> nickm: sure I can move it
17:12:53 <catalyst> nickm: sounds good
17:12:57 <nickm> thanks!
17:13:03 <isabela> isis: hi o/ just a reminder to prioritize moat work for november
17:13:57 <nickm> yeah.  The next thing I'm hoping everybody will do is look at their work for november in that roadmap, and mark the stuff that they are planning to do first.
17:14:19 <nickm> and we can go ahead with those two-week sprints we were talking about?
17:14:23 <nickm> How would folks like that?
17:14:47 <nickm> isis: (eg, do you think you can land moat... in a week? two? four?)
17:15:13 <dgoulet> nickm: by two weeks sprints you mean re-assess every 2 weeks the roadmap ?
17:15:37 <nickm> I mean, let's pick what we think we can do in 2 weeks, and come back to the roadmap in 2 weeks to see how it went?
17:15:48 <ahf> sounds good
17:16:22 <dgoulet> ok
17:16:36 <nickm> cool. TorCoreTeam201711.1 for that?
17:17:06 <catalyst> also if something's too big to do in 2 weeks, maybe try to split it into smaller chunks that still result in some user-visible incremental improvement
17:17:13 <nickm> yes indeed.
17:17:40 <ahf> TorCoreTeam201711.1 is the keyword to use?
17:17:47 <nickm> sure, unless somebody has an improvement
17:17:59 <ahf> cool
17:19:32 <Tabish_> hi
17:19:38 <nickm> hi! welcome to our meeting.
17:19:54 <nickm> notes are at https://pad.riseup.net/p/u49bchrShds1
17:20:12 <nickm> so, thanks for the roadmap work. let's go over status updates
17:20:17 <haxxpop> You come. Hi !
17:20:19 <nickm> anybody have an answer to teor's question?
17:20:27 <Tabish_> this is my first time in something like this
17:20:38 <isis> isabela: it is coming along… but frustratingly not passing integration tests yet
17:20:44 <dgoulet> nickm: which one?
17:20:51 <dgoulet> nickm: I see possibley two
17:21:00 <nickm> the one in boldface in his update
17:21:38 <isabela> isis: thanks for the update!
17:22:00 <isis> i have some questions that totally can be answered later or whenever about hackerone triaging
17:22:31 <nickm> If anybody knows the answer to the hackerone stuff (asn?) please have a look at isis's questions?
17:24:17 <dgoulet> nickm: didn't we obsolete an option about "Exit single hop" or sth around those lines recently?
17:24:17 <catalyst> isis: i think some of us have been talking about some HackerOne stuff on #tor-internal because of confidentiality, but maybe we should talk about the more general stuff here
17:24:36 <dgoulet> nickm: AllowSingleHopExits
17:24:48 <dgoulet> nickm: maybe that is what is triggering the warning some how?
17:25:06 <nickm> ooh, maybe.
17:25:09 <dgoulet> nickm: ah one step ahead of me eheh
17:25:13 <dgoulet> (in the pad)
17:25:53 <nickm> isis: so, wrt hackerone...
17:26:12 <nickm> isis: I know that in the past, we have paid out for bugs that were vulnerability-like, but not vulnerabilities.
17:26:41 <nickm> For example, if there was a buffer overflow that wasn't exploitable given how our code used the code, we would count that.
17:26:55 <nickm> but I don't think we count stuff that is in no way vulnerability-like
17:27:13 <catalyst> isis: asn has said he wants us to consult him before finalizing any bounty payout
17:27:24 <nickm> and we only call it a tiny payout in those cases
17:27:27 <GeKo> isis: you don't need triage tor browser bugs
17:27:34 <GeKo> i'll take care of that
17:28:27 <nickm> #action asn teor: could you especially take a look at Mike's https://trac.torproject.org/projects/tor/wiki/org/sponsors/SponsorV page about guard discover resistence? I think he wants feedback, and you're listed as working with him on making sure we have the right list of guard discovery proposals
17:28:38 <isis> yep! i wasn't planning on paying anyone, just triaging
17:28:41 <catalyst> we do want to try to be fair to reporters on HackerOne because certain resolutions will result in reputation loss for them
17:28:48 <nickm> #armadev you would also be good to look at those
17:28:59 <isis> GeKo: ah okay, great, so we all use the same account, and i'll just leave TB bugs be
17:29:00 <nickm> #action armadev you would also be good to look at https://trac.torproject.org/projects/tor/wiki/org/sponsors/SponsorV
17:29:22 <catalyst> i've seen us close reports out as "informative" when they don't justify us taking immediate action but it's helpful information
17:29:45 <catalyst> "informative" is reputation-neutral; "N/A" and "spam" are reputation-negative
17:30:03 <GeKo> isis: opening bugs in trac for non-security issues seems fine to me
17:30:18 <isis> catalyst: thanks! that's good to know
17:30:24 <GeKo> iirc that's what asn has been doing for tor bugs and that's what i do for tor browser ones
17:30:48 <catalyst> isis: it's in the HackerOne online help but not really concisely stated in one easy-to-find place in my experience
17:31:54 <nickm> any leftover questions from people's updates before we move on to the announcements and discussion topics?
17:32:09 <nickm> isis: one leftover question for you above.  When in November do you think you'll be done with moat?
17:32:56 <nickm> at least, done enough that mcs et al can use it?
17:33:36 <isis> i was aiming for the end of last week but the tests still aren't passing
17:33:55 <isis> so probably at the end of this week
17:33:59 <nickm> ok.
17:34:20 <nickm> feel free to grab me if you need a rubber duck (for rubber duck debugging)
17:34:36 <nickm> on to announcements:
17:34:53 <nickm> first, I beg:  There are still 10-12 needs_review tickets in review-group-24.
17:35:05 <nickm> most are from me, and I can't review those ones (or at least I shouldn't).
17:35:21 <nickm> please, everybody, look at 1 or 2?
17:35:32 <ahf> yep
17:35:43 <nickm> (and thanks to everybody who has already reviewed some)
17:36:06 <nickm> ok.  Looks like we've talked about 2/3 of the discussion topics listed on the pad
17:36:06 <dgoulet> yes, on my stack this week, you'll get some review! :)
17:36:09 <nickm> thanks!
17:36:33 <nickm> remaining one is teor's "do we want to plan a hackfest in 2018" one
17:36:56 <dgoulet> oh dear I failed to respond :(
17:37:05 <nickm> let's everybody remember to respond to Tim's email
17:38:03 * ahf nods
17:38:41 * isabela might be able to travel abroad again soon
17:38:47 <isabela> :) keep y'all updated
17:38:48 <nickm> (wooooo)
17:38:51 <dgoulet> NICE
17:39:22 <isabela> i have an announcement too
17:39:26 <nickm> So, following up on the roadmap.  I don't see any moved lines; I'll move the ones we talked about moving....
17:39:33 <ahf> how have the hackfests typically been with tor? is it usually topics that are funded? topics that we haven't had time to look into over the year, or?
17:39:40 <nickm> .... but I need other people to remember to mark their first-half-nov tasks.
17:39:48 <nickm> isabela: go for it!
17:39:49 <isabela> i am working with all teams to make sure roadmaps are shared and everyone is aware of what is going on with others teams
17:39:58 <isabela> today i will email the list about it :)
17:40:32 <isabela> is this plan:
17:40:32 <isabela> ^^ this is a discussion with devs, and other stakeholders
17:40:39 <isabela> ops
17:40:39 <nickm> ahf: I think it's more or less up to us;  but it's certainly **easiest** if there is enough of a funded topic discussion that we can bill for reimbursement.  I can ask brad for specifics?
17:40:40 <isabela> hehe
17:40:42 <isabela> wrong pasting
17:40:53 <isabela> https://storm.torproject.org/shared/qyLSUCJ0AkJpHsMVHp995Pf_QWt1nTvamnGwLmrxChD
17:41:10 <isabela> more on my email o/
17:41:19 <ahf> nickm: ack!
17:41:33 <nickm> isabela: no roadmaps yet from OONI, metrics, or community?
17:41:37 <isabela> yes
17:41:40 <isabela> i need to update that
17:41:44 <ahf> i'd love a mobile focused hackfest at some point - maybe together with the guardian project, the ooni people, and onionbrowser.
17:41:45 <isabela> will do it and then email ppl
17:42:02 <nickm> #action nick asks brad about requirements for hack session travel being nicely reimburseable
17:42:22 <isabela> ahf: !!!
17:42:25 <isabela> ahf: great idea
17:43:11 <ahf> i'll take it to tim's thread on the ML
17:43:11 <ahf> :-)
17:43:20 <nickm> thanks
17:43:46 <nickm> so, I think that's all for the session.  It looks like everybody has been pretty busy, and is likely to continue busy!
17:43:49 <isis> can we have a modularisation hackfest where we all just refactor stuff together?
17:44:05 <nickm> "why not both" ?  ;)
17:44:10 <catalyst> isis: i would like that
17:44:27 <isis> oh yeah, i didn't mean that in opposition to mobile stuff at all
17:44:35 <ahf> yes, +1 - bonus if it can also have a twist of rust
17:44:45 <nickm> also if people want to work in 2s or 4s, we can probably work out some way to have just few people get together pretty easily
17:44:49 <nickm> or 3s
17:44:58 * nickm has a couch
17:46:28 <ahf> cool
17:46:43 <isabela> good one for sleeping ! :) i can testify to that hehe
17:46:50 <ahf> :-D
17:46:55 <nickm> #action nickm asks brad/shari/etc about having some standard "colocating devs" budget
17:47:04 <nickm> ok, any more for this week's meeting?
17:47:34 * dgoulet is good
17:47:41 * ahf too
17:48:02 <nickm> ok! See you on #tor-dev, everyone!
17:48:05 <nickm> #endmeeting