#tor-meeting log

16:59:38 <phw> #startmeeting anti-censorship weekly checkin 2019-10-17
16:59:38 <MeetBot> Meeting started Thu Oct 17 16:59:38 2019 UTC.  The chair is phw. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:59:38 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
16:59:47 <phw> hi everyone!
16:59:52 <phw> here's our meeting pad: https://pad.riseup.net/p/tor-censorship-2019-keep
17:00:01 <phw> it's quite the agenda today
17:00:30 <phw> let me start with our first discussion point
17:00:49 <dcf1> I will move two items to the bottom that can be skipped if there's not time today.
17:01:01 <phw> some context: we started supporting an ngo with private obfs4 bridges that it can distribute among its users
17:01:14 <phw> i tried to formalise the process a bit in this wiki page: https://trac.torproject.org/projects/tor/wiki/org/teams/AntiCensorshipTeam/NGOBridgeSupport
17:01:29 <cohosh> nice!
17:01:45 <phw> please add comments/suggestions/etc to the wiki page
17:02:00 <phw> so far, our private bridges exist in a csv file on my laptop. that's not great
17:02:21 <phw> ideally, they are in a shared, private location, and we keep track of who got what bridge
17:02:53 <cohosh> maybe i am misunderstanding this, but are these different from the unallocated bridges in bridgedb?
17:02:57 <phw> i could add the file to a private repository on dip.tpo unless anyone has a better idea
17:03:12 <phw> cohosh: yes, the bridges i'm talking about don't report themselves to bridgedb
17:03:19 <cohosh> ok cool
17:03:33 <cohosh> is the idea to use these two groups of bridges differently?
17:03:57 <phw> the unallocated bridgedb bridges are run by people we don't know and could go offline any time
17:04:20 <phw> the private bridges are run by womble, and are reliable and fast, and a much better fit for an ngo
17:04:32 <cohosh> ok thanks
17:04:47 <cohosh> i think gitlab sounds good
17:04:51 <phw> so far we've been using the unallocated bridges the way we're now using the private bridges
17:05:05 <phw> okay, i'll make the csv more usable and throw them in a repository
17:05:08 <cohosh> this also makes access to them more redundant
17:05:27 <cohosh> so that if something goes wrong with your laptop we can still give them out
17:05:39 <phw> yes
17:06:10 <phw> ok, shared access was the most important thing wrt this discussion item. as for the process: we can improve it as we go
17:06:39 <cohosh> sounds good
17:06:47 <phw> shall we talk about our ipv6 snowflake broker next?
17:07:34 * phw puts the mic on the ground and waits for somebody to pick it up
17:07:37 <dcf1> I've set up a new broker and documented the installation instructions.
17:07:54 <dcf1> https://trac.torproject.org/projects/tor/ticket/29258#comment:11
17:08:20 <dcf1> Figners crossed, I think all that's needed to start using it is to update some DNS records.
17:08:35 <cohosh> thanks for doing that dcf1!
17:08:36 <dcf1> But perhpas we should do a smaller-scale test first.
17:09:08 <dcf1> I mentioned on the ticket a proposal for dealing with concurrent logs; i.e., let them happen concurrently and merge them after we decomission the older broker.
17:09:41 <dcf1> One option is we give the new broker a hostname different than the snowflake-broker ones already in use; that way we can test it ourselves.
17:09:59 <cohosh> we have 3 different broker domains already
17:10:02 <dcf1> Another option is to only set up AAAA records now, so that IPv4 traffic goes to the old broker and IPv6 traffic goes to the new.
17:10:05 <cohosh> bamsoftware, freehaven, and tp.net
17:10:25 <dcf1> Yeah and freehaven in a CNAME to bamsoftware, so really we only need to update bamsoftware and torproject.
17:10:31 <dcf1> *is a CNAME
17:10:39 <cohosh> we could switch tp.net first and test with that
17:10:49 <dcf1> I forgot what names are used where.
17:10:54 <cohosh> since freehaven/bamsoftware is the deployed one
17:11:04 <cohosh> we haven't deployed tp.net in the client or proxies yet
17:11:24 <dcf1> Yeah I guess you're right.
17:11:24 <cohosh> due to concerns that some places (like the UK) are good places for proxies but may block tor project domains
17:11:54 <dcf1> And I guess that snowflake-broker.azureedge.net still points to the bamsoftware one, though I would have to check to be sure.
17:12:19 <dcf1> Okay, that's a good idea cohosh. We need to ask someone to update the torproject.net names to the IP addresses mentioned in the ticket.
17:12:30 <cohosh> i will make a ticket for that
17:13:14 <dcf1> Then we ourselves can test using the client with `-url https://snowflake-broker.torproject.net/' and proxy-go with `-broker https://snowflake-broker.torproject.net/`
17:13:22 <cohosh> or just cc anarcat on that ticket
17:13:58 <dcf1> I can handle making this ticket.
17:14:10 <dcf1> Thanks, unless there are any objections, I think this discussion point is covered.
17:14:24 <phw> thanks for this, dcf1
17:14:32 <cohosh> ok thanks
17:14:53 <phw> next up are some preliminary design considerations for a bridge test service: https://trac.torproject.org/projects/tor/ticket/29258#comment:11
17:15:07 <phw> to remind everyone: we currently have no service that tests a PT bridge
17:15:16 <dcf1> #31874 you mean
17:15:23 <phw> the one thing that gets closest is a simple port scan tool: https://bridges.torproject.org/scan/
17:15:30 <phw> oops, yes
17:16:05 <phw> there are two parties that would benefit from such a service: bridge operators could test their bridges and bridgedb could test what bridges are reachable
17:16:36 <phw> basically, you paste your bridge line in there (which works for vanilla, obfs2, obfs3, ...) and the service tells you if it could bootstrap a tor connection over the given bridge
17:16:59 <phw> i'm curious what y'all think about the points in https://trac.torproject.org/projects/tor/ticket/31874#comment:2
17:17:52 <dcf1> One consideration is misuse: an obfs4 testing service is like a public fuzz-testing service, send garbage to any IP:port on demand.
17:18:35 <dcf1> I suppose it could check that the bridge line matches a bridge already in BridgeDB? I.e., something that's intending to be a bridge?
17:18:43 <phw> dcf1: yes. for bridges.tp.o/scan/ we have a simple rate limiter.
17:19:13 <cohosh> do we need to make it publicly accessible? if bridgedb is automatically doing these tests, maybe that's more convenient that allowing operators to do their own anyway
17:19:24 <cohosh> *than allowing
17:20:03 <phw> we certainly don't need to but "does my bridge work?" is a very common question among new operators and we should have a useful response to it
17:20:34 <phw> i suppose "wait a few hours and check your relay status page" may also be a useful answer
17:20:44 <cohosh> is the intention to log and try to contact operators whose bridges bridgedb detects as being offline?
17:21:07 <phw> cohosh: yes, and also to not hand out bridges that don't work.
17:21:12 <cohosh> cool
17:22:22 <phw> thanks dcf1 and cohosh, these are useful questions and ideas. i'll update the ticket and give it some more thought
17:23:02 <phw> we can move on to the gettor workflow unless anyone has anything else to say
17:24:43 <phw> cohosh, hiro: ^
17:25:11 <cohosh> okay, so hiro has been doing some really awesome work on gettor, but we're not getting a lot of reviews done in time and so code is being merged without review
17:25:24 <cohosh> i'm wondering if we need to be better at communicating
17:25:34 <gaba> we should require reviews before merging
17:25:58 <hiro> yes we can do that
17:26:06 <cohosh> ok, so is the best way to do that moving forward to hand out reviews here?
17:26:14 <hiro> email I think is ok
17:26:34 <phw> gaba: agreed. when i don't review something in time, it's because i either did not realise that i'm supposed to review, or i forgot.
17:26:38 <gaba> we can check reviews in the meeting but if there is a review in the middle of the week people can communicate directly
17:26:39 <cohosh> is there a way to set it up with gitlab as well for us to get notifications for pull requests?
17:26:55 <gaba> yes
17:27:05 <cohosh> i find trac useful for that but gettor is all on dip it seems
17:27:07 <hiro> there is a bug I am trying to solve for which I haven't managed to do PR to the main repo atm
17:27:09 <gaba> we can get a column for a needs review label
17:27:13 <hiro> from my own repo
17:27:26 <cohosh> yeah i found the gettor board a bit confusing
17:28:16 <gaba> yes, the gettor board in gitlab needs more work. I can try to change it so it is useful for all of us
17:28:27 <gaba> we are in a weird space as we still did not migrate to gitlab
17:28:28 <cohosh> that would be really useful, thanks!
17:28:34 <gaba> so trac is the source of truth right now
17:28:39 <cohosh> yup
17:29:00 <cohosh> does all merged code in gettor correspond to trac tickets?
17:29:22 <hiro> well in the beginning it started with a massive refactoring from ilv
17:29:32 <hiro> that I had to merge back into our repository
17:29:41 <hiro> and in that there was some dangling code on the server itslef
17:29:55 <hiro> that I didn't know about until I tried to test
17:30:24 <gaba> it should correspond to trac tickets
17:30:31 <gaba> until we migrate we need to have trac updated
17:30:32 <cohosh> okay
17:30:43 <hiro> track tickets addressed features and some issues
17:31:15 <phw> hmm, if we update both trac and dip, i'm afraid we'll soon run into syncing issues
17:32:13 <phw> gaba: no?
17:32:16 <hiro> I have been closing dip tickets corresponding to trac tickets
17:32:54 <gaba> yes
17:33:09 * gaba will work on syncing both
17:33:18 <gaba> hopefully we will have the migration done in december
17:33:40 * antonela hopes
17:33:51 <phw> ok, so 1) there needs to be a trac ticket for each gettor merge, 2) gitlab and trac will remain in sync, and 3) review requests go out over email?
17:34:08 <gaba> ok
17:34:17 <hiro> sounds good
17:34:18 <cohosh> thank you gaba for all this work
17:35:09 <phw> anything else wrt gettor workflow?
17:35:44 <hiro> I think I am good
17:35:49 <phw> also, please ping me if i'm ever late on an email. reviews are high up on my list of priorities but sometimes i do forget
17:35:49 <cohosh> same, thanks!
17:35:56 <phw> s/email/review/
17:35:59 <hiro> sure!
17:36:13 <phw> ok, let's talk about s28/s30 next
17:36:36 <phw> regarding s28, aka RACE: we sent our part of the quarterly report to micah
17:36:39 <phw> and by "we" i mean gaba :)
17:37:04 <phw> and we have a prototype of our new obfs4 flow obfuscator: https://trac.torproject.org/projects/tor/ticket/30716#comment:16
17:37:23 <phw> (which i've been meaning to send to the traffic-obf@ list)
17:37:55 <phw> our partners are struggling with getting access to a dataset for evaluation
17:38:02 <phw> hopefully, we will sort that out in the coming weeks
17:38:25 <phw> and cohosh has been making steady snowflake progress as well
17:38:26 <gaba> nice
17:39:05 <phw> regarding s30: also steady progress
17:39:23 <phw> with some tickets we are lagging behind, with others we're ahead
17:40:12 <phw> anything specific you'd like to know gaba?
17:40:25 <gaba> just a check-in. thanks!
17:40:36 <phw> alright, next up is snowflake's poll interval
17:41:02 <dcf1> A few weeks ago I tailed the log of the broker, and requests were coming in furiously.
17:41:23 <dcf1> Lately those particular log lines have been removed, so it's not as apparent, but according to https://snowflake-broker.bamsoftware.com/debug there's 500 proxies,
17:41:39 <dcf1> and with a poll interval of 20 s, that's 25 incoming proxy requests per second.
17:41:42 <arma2> i liked the idea of having the broker tell each snowflake when to come back
17:41:59 <dcf1> Something on the order of 1 or 2 per second is probably adequate.
17:42:07 <cohosh> arma2: serna has started on that ticket
17:42:14 <cohosh> i agree
17:42:23 <dcf1> arma2: yeah that's #25598, serna ran into some trouble with that.
17:42:42 <cohosh> we have metrics of how many idle proxies we have: https://metrics.torproject.org/collector/archive/snowflakes/
17:42:57 <cohosh> and it is orders of magnitude more than the the number of client matches
17:43:31 <dcf1> Anyway, I think an interval of around 300 seconds would be workable.
17:43:37 <cohosh> sounds good
17:43:58 <dcf1> (I'm still confused as to why when a client connects and gets an ultra-fresh proxy, the proxy sometimes doesn't respond.)
17:44:25 <dcf1> Another thing we did in flash proxy was make the proxy not connect to the broker immediately, but wait about a minute before contacting the first time.
17:44:49 <dcf1> The idea there was to eliminate the cases where someone goes to the page or activates the extension momentarily just to see what it looks like.
17:44:56 <dcf1> I'm not sure if it really helped.
17:44:59 <cohosh> yeah, i'm doing some dog food and looking into that but it's *really* difficult to track down
17:45:18 <cohosh> it also seems to be 1/3 of all snowfalke proxies the last time i checked that do this
17:45:46 <dcf1> Hmm, yeah it's weird. It almost seems like it must be some systemic thing, like "all proxies on browser X" or something.
17:45:47 <cohosh> which suggests to me that it's probably not one-off user actions like that
17:45:53 <cohosh> yup
17:46:17 <dcf1> ok, I'll make a ticket to increase the poll interval.
17:46:30 <arma2> do the snowflakes offer specifics about themselves? like, can we distinguish cupcakes from snowflakes, at the broker
17:46:31 <cohosh> you know, i haven't updated the chrome version in a while. i'll do that this afternoon
17:46:42 <cohosh> i'm still unsure what the status of cupcake is
17:47:06 <cohosh> arma2: we can distinguish snowflake webextensions from standalones, that's about it right now
17:47:10 <dcf1> Oh I thought the Chrome store was just reall slow at reviewing, I noticed they never listed 0.0.11 before 0.0.12 was available.
17:47:29 <cohosh> i'm working on #29207 at the moment and can add something there
17:47:42 <cohosh> dcf1: no >.< i thought cupcake was our chrome app now
17:47:51 <cohosh> but i think it's best to just keep going with snowflake on chrome in parallel
17:48:09 <dcf1> Oh aha I see, once again I misunderstand the situation :)
17:48:18 <cohosh> i mean, they are slow at reviewing but not that slow
17:48:30 <phw> have we heard anything from griffin since the dev meeting?
17:49:00 <dcf1> No, I updated some tickets he's cced on, but I should sent email, because his email used for trac may not have been working.
17:49:56 <phw> doing both in parallel sounds good, at least until we hear from griffin
17:49:58 <arma2> cohosh: it does seem like "really difficult to track down" and "the snowflake could specify some details about itself when it contacts the broker" could go well together
17:50:11 <cohosh> yeah
17:51:05 <cohosh> alright i'll add that to the changes in #29207
17:51:34 <phw> are we done with the poll interval? if so, dedicated build server are next
17:51:57 <cohosh> yes please on the build server
17:52:12 <dcf1> So for the pion-webrtc tests I rented a VPS because building tor-browser is too much on a personal computer
17:52:14 <cohosh> i have a digital ocean instance that i use but my use is intermittent and not really worth what i pay for it
17:52:29 <dcf1> It's like 100+ GB and 48 hrs+ if starting from scratch.
17:52:42 <dcf1> And yeah, cohosh has been doing the same thing out of necessity.
17:52:59 <dcf1> Devs shouldn't be paying for this IMO.
17:53:13 <phw> yes, agreed
17:53:15 <dcf1> In the past, there was some EC2 server or something that was shared with the TB devs, and that was really nice.
17:53:38 <dcf1> But that got shut down and I'm not aware of any replacement.
17:54:00 <phw> let's file an admin ticket for getting such a vm?
17:54:01 <dcf1> One option would be to try eclips.is, but they have a credits system and we would probably need most of the 200 credits you get by default.
17:54:20 <dcf1> For comparison, the new snowflake broker with 10 GB disk and 2 CPUs is 25 credits.
17:54:29 <cohosh> storage space is a big issue here
17:54:54 <cohosh> 10GB might not be enough
17:55:09 <dcf1> I'm suggesting 200 GB for the build server
17:55:24 <dcf1> I'm saying that what we need is much bigger than the new broker, and the new broker cost 25 credits.
17:55:26 <cohosh> oh yeah that's way better
17:55:41 <dcf1> So eclips.is may not be enough, though I could try it.
17:56:03 <arma2> i think there are idle tor browser build machines currently
17:56:11 <arma2> but i might be wrong. it's worth asking them.
17:56:58 <GeKo> we  have one and i am using it usually to do release and test builds
17:57:15 <GeKo> but we could think about sharing that one more it that's helpful
17:57:28 <GeKo> *if
17:58:10 <dcf1> I think it's helpful, because for me for exmaple, just doing a test for #32076 before putting the ticket in needs_review is pretty cumbersome.
17:58:35 <dcf1> I happened to have a tor-browser-build VPS already set up, but I shut it down right after that ticket because it was costing money.
17:59:12 <arma2> i think sharing the build machines with the browser team makes a lot of sense
17:59:23 <arma2> since that's what you are both building
17:59:32 <cohosh> same here, i don't do incremental builds that often but it's nice to test patches before putting them in needs review
17:59:53 <cohosh> so it wouldn't be a lot of extra load on that machine
18:01:08 <phw> ok, we're out of time but have one item left on our agenda. shall we continue in #tor-dev?
18:01:43 <ggus> ok
18:01:52 <phw> looks like the only "needs review" for this week is #31890. i'll send my weekly reminder to sina
18:02:08 <arma2> phw: feel free to cc me on it if that's useful :)
18:02:23 <phw> #endmeeting