16:59:49 <nickm> #startmeeting spoooooooooky network team meeting, 30 October 2017 16:59:49 <MeetBot> Meeting started Mon Oct 30 16:59:49 2017 UTC. The chair is nickm. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:59:49 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic. 17:00:01 <nickm> https://pad.riseup.net/p/u49bchrShds1 is our pad; hi everyone 17:00:07 <isabela> thanks 17:00:15 <ahf> hello hello 17:00:57 <dgoulet> yellow! 17:01:55 <haxxpop> hi ! 17:01:59 <nickm> so, big transitions this week as we mive on to November. 17:02:39 <nickm> *move 17:03:00 <nickm> It's time to look at our roadmap, see what we'll have done in Nov, see whether anything will go unfinished from Oct, etc 17:04:27 <nickm> That's over at https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdrriaYfUBQ/edit?usp=sharing 17:04:52 <nickm> anything in October not already finished, or going to get finished for tomorrow? 17:05:09 <nickm> If so please make a note and delay to november 17:05:48 <ahf> ack 17:06:11 <nickm> dgoulet, catalyst, ahf, asn (plus teor and mikeperry) (plus me) -- that's you :) 17:06:27 <nickm> ahf: how are we doing on line 7 with the measurements. I see that it's done; how far is it from being "in usage"? 17:06:43 <nickm> like, do you have time to write down the instructions today, or make a branch to merge, or whatever? or will that be november? 17:07:11 <catalyst> nickm: mine involve an unanswered question on the pad ;) 17:07:49 <ahf> nickm: are you thinking of the instructions to run things on android? asfaik there is no branches to merge in any of this for tor.git (some to orbot.git) 17:08:01 <ahf> i think the CPU + memory part will be done tomorrow or wednesday, the battery part at the end of the week 17:08:03 <nickm> catalyst: How hard is it to test with eg git bisect? 17:08:23 <nickm> ok, "done" in the sense of having instructions that other people can follow? 17:08:37 <ahf> yes, this week for all of them 17:08:43 <nickm> ok. 17:08:44 <ahf> including sample data from a nexus 5x 17:08:52 <ahf> that is my "test" device 17:08:55 <nickm> #action ahf will get the sample data and the instructions for measurement this week 17:09:05 <nickm> if you have to pick one, I'd say the instructions are more important 17:09:22 <catalyst> nickm: i still have no automated test for this, and if i did, it would be fairly expensive. i could try a manual bisect if people think that's important 17:09:30 <ahf> ok! i will flag the item to "early november" in the roadmap sheet? 17:09:43 <nickm> ahf: yes please 17:09:51 <ahf> nickm: do you think the data i showed you today could be of any use when we are past the short amount of sample period that was shown? 17:09:57 <ahf> because i'm going to proceed with that for now 17:09:59 <nickm> catalyst: I think that we can probably guess that it's just the new guard stuff, if that went into 0.3.0 17:10:05 <nickm> ahf: yes 17:10:07 <ahf> for CPU profiling that is 17:10:07 <catalyst> nickm: i think it's possible that the 0.3.0 guard work influenced it, yes 17:10:14 <ahf> great, thanks 17:10:50 <nickm> asn: Shall we also postpone lines 4 and 5 to november? FWICT they are ongoing work... 17:10:55 <catalyst> nickm: are we ok with accepting that hypothesis and not backporting to 0.2.9? 17:11:19 <ahf> nickm: can i test instructions on you? do you have a device that you are willing to build custom orbot apk's on and run stuff on? 17:11:25 <nickm> so, if we tried it on 0.2.9 and it didn't work, I think it's okay not to backport. 17:11:35 <nickm> ahf: depends how big the instructions are! let's see how it goes 17:11:42 <ahf> cool :-) 17:12:01 <nickm> dgoulet: same question wrt line 11, #23681 17:12:24 <dgoulet> nickm: it is on my todo list for this week in my status, it is a very tricky one so it might overlap in November but this week is my goal 17:12:26 <nickm> catalyst: that is, if we tried the bypass on 029 and it didn't work, I think we can accept the hypothesis 17:12:43 <nickm> dgoulet: let's call it early-nov? October ends tomorrow. 17:12:51 <dgoulet> nickm: sure I can move it 17:12:53 <catalyst> nickm: sounds good 17:12:57 <nickm> thanks! 17:13:03 <isabela> isis: hi o/ just a reminder to prioritize moat work for november 17:13:57 <nickm> yeah. The next thing I'm hoping everybody will do is look at their work for november in that roadmap, and mark the stuff that they are planning to do first. 17:14:19 <nickm> and we can go ahead with those two-week sprints we were talking about? 17:14:23 <nickm> How would folks like that? 17:14:47 <nickm> isis: (eg, do you think you can land moat... in a week? two? four?) 17:15:13 <dgoulet> nickm: by two weeks sprints you mean re-assess every 2 weeks the roadmap ? 17:15:37 <nickm> I mean, let's pick what we think we can do in 2 weeks, and come back to the roadmap in 2 weeks to see how it went? 17:15:48 <ahf> sounds good 17:16:22 <dgoulet> ok 17:16:36 <nickm> cool. TorCoreTeam201711.1 for that? 17:17:06 <catalyst> also if something's too big to do in 2 weeks, maybe try to split it into smaller chunks that still result in some user-visible incremental improvement 17:17:13 <nickm> yes indeed. 17:17:40 <ahf> TorCoreTeam201711.1 is the keyword to use? 17:17:47 <nickm> sure, unless somebody has an improvement 17:17:59 <ahf> cool 17:19:32 <Tabish_> hi 17:19:38 <nickm> hi! welcome to our meeting. 17:19:54 <nickm> notes are at https://pad.riseup.net/p/u49bchrShds1 17:20:12 <nickm> so, thanks for the roadmap work. let's go over status updates 17:20:17 <haxxpop> You come. Hi ! 17:20:19 <nickm> anybody have an answer to teor's question? 17:20:27 <Tabish_> this is my first time in something like this 17:20:38 <isis> isabela: it is coming along… but frustratingly not passing integration tests yet 17:20:44 <dgoulet> nickm: which one? 17:20:51 <dgoulet> nickm: I see possibley two 17:21:00 <nickm> the one in boldface in his update 17:21:38 <isabela> isis: thanks for the update! 17:22:00 <isis> i have some questions that totally can be answered later or whenever about hackerone triaging 17:22:31 <nickm> If anybody knows the answer to the hackerone stuff (asn?) please have a look at isis's questions? 17:24:17 <dgoulet> nickm: didn't we obsolete an option about "Exit single hop" or sth around those lines recently? 17:24:17 <catalyst> isis: i think some of us have been talking about some HackerOne stuff on #tor-internal because of confidentiality, but maybe we should talk about the more general stuff here 17:24:36 <dgoulet> nickm: AllowSingleHopExits 17:24:48 <dgoulet> nickm: maybe that is what is triggering the warning some how? 17:25:06 <nickm> ooh, maybe. 17:25:09 <dgoulet> nickm: ah one step ahead of me eheh 17:25:13 <dgoulet> (in the pad) 17:25:53 <nickm> isis: so, wrt hackerone... 17:26:12 <nickm> isis: I know that in the past, we have paid out for bugs that were vulnerability-like, but not vulnerabilities. 17:26:41 <nickm> For example, if there was a buffer overflow that wasn't exploitable given how our code used the code, we would count that. 17:26:55 <nickm> but I don't think we count stuff that is in no way vulnerability-like 17:27:13 <catalyst> isis: asn has said he wants us to consult him before finalizing any bounty payout 17:27:24 <nickm> and we only call it a tiny payout in those cases 17:27:27 <GeKo> isis: you don't need triage tor browser bugs 17:27:34 <GeKo> i'll take care of that 17:28:27 <nickm> #action asn teor: could you especially take a look at Mike's https://trac.torproject.org/projects/tor/wiki/org/sponsors/SponsorV page about guard discover resistence? I think he wants feedback, and you're listed as working with him on making sure we have the right list of guard discovery proposals 17:28:38 <isis> yep! i wasn't planning on paying anyone, just triaging 17:28:41 <catalyst> we do want to try to be fair to reporters on HackerOne because certain resolutions will result in reputation loss for them 17:28:48 <nickm> #armadev you would also be good to look at those 17:28:59 <isis> GeKo: ah okay, great, so we all use the same account, and i'll just leave TB bugs be 17:29:00 <nickm> #action armadev you would also be good to look at https://trac.torproject.org/projects/tor/wiki/org/sponsors/SponsorV 17:29:22 <catalyst> i've seen us close reports out as "informative" when they don't justify us taking immediate action but it's helpful information 17:29:45 <catalyst> "informative" is reputation-neutral; "N/A" and "spam" are reputation-negative 17:30:03 <GeKo> isis: opening bugs in trac for non-security issues seems fine to me 17:30:18 <isis> catalyst: thanks! that's good to know 17:30:24 <GeKo> iirc that's what asn has been doing for tor bugs and that's what i do for tor browser ones 17:30:48 <catalyst> isis: it's in the HackerOne online help but not really concisely stated in one easy-to-find place in my experience 17:31:54 <nickm> any leftover questions from people's updates before we move on to the announcements and discussion topics? 17:32:09 <nickm> isis: one leftover question for you above. When in November do you think you'll be done with moat? 17:32:56 <nickm> at least, done enough that mcs et al can use it? 17:33:36 <isis> i was aiming for the end of last week but the tests still aren't passing 17:33:55 <isis> so probably at the end of this week 17:33:59 <nickm> ok. 17:34:20 <nickm> feel free to grab me if you need a rubber duck (for rubber duck debugging) 17:34:36 <nickm> on to announcements: 17:34:53 <nickm> first, I beg: There are still 10-12 needs_review tickets in review-group-24. 17:35:05 <nickm> most are from me, and I can't review those ones (or at least I shouldn't). 17:35:21 <nickm> please, everybody, look at 1 or 2? 17:35:32 <ahf> yep 17:35:43 <nickm> (and thanks to everybody who has already reviewed some) 17:36:06 <nickm> ok. Looks like we've talked about 2/3 of the discussion topics listed on the pad 17:36:06 <dgoulet> yes, on my stack this week, you'll get some review! :) 17:36:09 <nickm> thanks! 17:36:33 <nickm> remaining one is teor's "do we want to plan a hackfest in 2018" one 17:36:56 <dgoulet> oh dear I failed to respond :( 17:37:05 <nickm> let's everybody remember to respond to Tim's email 17:38:03 * ahf nods 17:38:41 * isabela might be able to travel abroad again soon 17:38:47 <isabela> :) keep y'all updated 17:38:48 <nickm> (wooooo) 17:38:51 <dgoulet> NICE 17:39:22 <isabela> i have an announcement too 17:39:26 <nickm> So, following up on the roadmap. I don't see any moved lines; I'll move the ones we talked about moving.... 17:39:33 <ahf> how have the hackfests typically been with tor? is it usually topics that are funded? topics that we haven't had time to look into over the year, or? 17:39:40 <nickm> .... but I need other people to remember to mark their first-half-nov tasks. 17:39:48 <nickm> isabela: go for it! 17:39:49 <isabela> i am working with all teams to make sure roadmaps are shared and everyone is aware of what is going on with others teams 17:39:58 <isabela> today i will email the list about it :) 17:40:32 <isabela> is this plan: 17:40:32 <isabela> ^^ this is a discussion with devs, and other stakeholders 17:40:39 <isabela> ops 17:40:39 <nickm> ahf: I think it's more or less up to us; but it's certainly **easiest** if there is enough of a funded topic discussion that we can bill for reimbursement. I can ask brad for specifics? 17:40:40 <isabela> hehe 17:40:42 <isabela> wrong pasting 17:40:53 <isabela> https://storm.torproject.org/shared/qyLSUCJ0AkJpHsMVHp995Pf_QWt1nTvamnGwLmrxChD 17:41:10 <isabela> more on my email o/ 17:41:19 <ahf> nickm: ack! 17:41:33 <nickm> isabela: no roadmaps yet from OONI, metrics, or community? 17:41:37 <isabela> yes 17:41:40 <isabela> i need to update that 17:41:44 <ahf> i'd love a mobile focused hackfest at some point - maybe together with the guardian project, the ooni people, and onionbrowser. 17:41:45 <isabela> will do it and then email ppl 17:42:02 <nickm> #action nick asks brad about requirements for hack session travel being nicely reimburseable 17:42:22 <isabela> ahf: !!! 17:42:25 <isabela> ahf: great idea 17:43:11 <ahf> i'll take it to tim's thread on the ML 17:43:11 <ahf> :-) 17:43:20 <nickm> thanks 17:43:46 <nickm> so, I think that's all for the session. It looks like everybody has been pretty busy, and is likely to continue busy! 17:43:49 <isis> can we have a modularisation hackfest where we all just refactor stuff together? 17:44:05 <nickm> "why not both" ? ;) 17:44:10 <catalyst> isis: i would like that 17:44:27 <isis> oh yeah, i didn't mean that in opposition to mobile stuff at all 17:44:35 <ahf> yes, +1 - bonus if it can also have a twist of rust 17:44:45 <nickm> also if people want to work in 2s or 4s, we can probably work out some way to have just few people get together pretty easily 17:44:49 <nickm> or 3s 17:44:58 * nickm has a couch 17:46:28 <ahf> cool 17:46:43 <isabela> good one for sleeping ! :) i can testify to that hehe 17:46:50 <ahf> :-D 17:46:55 <nickm> #action nickm asks brad/shari/etc about having some standard "colocating devs" budget 17:47:04 <nickm> ok, any more for this week's meeting? 17:47:34 * dgoulet is good 17:47:41 * ahf too 17:48:02 <nickm> ok! See you on #tor-dev, everyone! 17:48:05 <nickm> #endmeeting