16:00:02 <shelikhoo> #startmeeting tor anti-censorship meeting 16:00:02 <MeetBot> Meeting started Thu May 26 16:00:02 2022 UTC. The chair is shelikhoo. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:00:02 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic. 16:00:31 <shelikhoo> here is our meeting pad: https://pad.riseup.net/p/tor-anti-censorship-keep 16:00:31 <shelikhoo> feel free to add what you've been working on and put items on the agenda 16:00:42 <meskio> hello o/ 16:01:17 <cohosh> hi 16:01:21 <itchyonion> hello 16:01:22 <shelikhoo> hi~ 16:03:48 <meskio> we have a new irc channel for the anti censorship team: #tor-anticensorship 16:04:01 <meskio> we wanted to have a bit less noisy channel than #tor-dev to talk 16:06:53 <meskio> I added the first topic for discussion: 2FA in gitlab? 16:07:06 <shelikhoo> okay, I think there was some 'new' topics on the pad that was later removed 16:07:21 <meskio> ohh, is probably my fault, sorry 16:07:27 <shelikhoo> this this something expected? 16:07:29 <meskio> I thought it was everything from last week 16:07:54 <shelikhoo> please have a check.... I was not that sure, but it is worth mentioning 16:08:29 <meskio> ok, I saw the same stuff that was last week and removed it, but maybe there was something new there 16:08:34 * meskio goes to check the history 16:09:31 <shelikhoo> there was a topic about go 1.18 and snowflake 16:09:31 <meskio> I think is lost, sorry for that 16:09:36 <shelikhoo> that is new 16:09:46 <meskio> I just added it back 16:09:49 <shelikhoo> yes.... 16:10:24 <meskio> I'll be more careful next time, sorry 16:11:09 <meskio> should I go with the 2FA point? 16:11:24 <shelikhoo> yes, let's begin the discussion section 16:11:35 <shelikhoo> first is the 2FA on gitlab 16:11:42 <meskio> other teams do require people to have 2FA in their gitlab accounts to have access to commit to the repos 16:11:54 <meskio> I think will be nice to have the same policy in the anti-censorship 16:12:02 <meskio> what do you think? 16:12:25 <meskio> (most of us already have 2FA enabled, we'll need to poke a couple of people) 16:14:29 <shelikhoo> I am in support of enabling 2FA in general, but maybe we can contact non-2FA account owners to request enabling 2FA first 16:14:38 <shelikhoo> before enforcing this policy 16:14:43 <meskio> yes, sure 16:15:08 <meskio> I can do that, if we decide to enforce 2FA I will contact personally the people that doesn't have that and ask them 16:16:23 <shelikhoo> TOTP should work for most people(so longer as there is no constant logout), and FIDO2 works quite charmingly. 16:16:48 <meskio> yes, I use my yubikey for FIDO2, and I'm happy with it 16:17:07 <shelikhoo> although 2FA have limited security improvement if password is already generated randomly 16:18:16 <meskio> even if is random 2FA helps to make hard to reuse a password found once, but I agree 2FA is not so important if we have good password 16:18:30 <meskio> but is easier to enforce 2FA and good passwords... 16:20:01 <meskio> I will assume the silence is an agreement, anyway I'll check with the people without 2FA is this is a problem for them 16:20:48 <shelikhoo> there was some talk about 2FA help with phishing and MITM... but the MITM part is never materialized... 16:21:06 <shelikhoo> (specificity FIDO) 16:21:37 <shelikhoo> okay we can move to the next topic: go 1.18 & snowflake 16:22:27 <shelikhoo> if my instinct was correct, this topic is added by cohosh, is that correct? 16:22:38 <cohosh> nope >.< 16:22:52 <cohosh> i vaguely remember someone mentioning it 16:23:04 <meskio> do we get again misterious discussions points from people that is not around? 16:23:39 <cohosh> heh maybe, one sec i'm gonna try and remember where i saw this 16:24:33 <meskio> I see the CI uses 1.7 and go.mod says 1.13 16:24:54 <meskio> I think is handy to keep go.mod <= debian stable go version 16:25:18 <shelikhoo> I was developing with go1.18.1 and no issue were discovered 16:25:51 <meskio> the docker snowflake-proxy does use 1.18 16:26:21 <meskio> BTW, I just uploaded new versions of the docker snowflake-proxy 16:26:39 <cohosh> meskio: awesome, thanks for doing that 16:27:02 <meskio> (the debian package is taking me a bit of work...) 16:28:36 <cohosh> shoot i can't remember, it might have been some random gitlab issue or an irc comment or an email 16:30:43 <cohosh> hopefully whoever it was reaches out again 16:30:57 <meskio> I hope so 16:31:01 <shelikhoo> https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40474' 16:31:09 <shelikhoo> is this the link? 16:31:38 <cohosh> aha! 16:31:51 <cohosh> https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40464 16:32:42 <cohosh> i am not sure why cypherpunks made the link to snowflake here 16:33:29 <cohosh> or maybe the applications team is trying to bump the go version and wondering if it will work with snowflake? 16:33:55 <cohosh> in any case, we could update the CI to target 1.18 as well 16:34:05 <meskio> yep 16:34:10 <shelikhoo> it seems this can be fixed with upgrade a package 16:34:20 <shelikhoo> yes, let's update the CI 16:34:40 <meskio> I will assume the new version of snowflake doesn't introduce any dependency that requires go 1.18, the CI is working, so this should not be a blocker 16:35:01 <meskio> I mean, tests pass on go 1.17 apparently 16:36:00 <cohosh> i made snowflake#40144 16:37:04 <shelikhoo> anything more on this topic? 16:37:12 <meskio> not from my side 16:37:44 <cohosh> not from me 16:38:36 <shelikhoo> there is one more action topic: send wireguard public key to get tty access to snowflake-02 16:38:55 <shelikhoo> actually shell access 16:39:24 <meskio> I'm happy dcf wrote some tutorials, I haven't done much with wireguard up to now, but I guess is time to learn :) 16:42:40 <shelikhoo> I have some experience with wireguard... I can do this first just to try this wireguard setup 16:43:06 <meskio> :) 16:43:06 <shelikhoo> but I don't have that much faith in wireguard.... 16:43:35 <shelikhoo> I don't expect myself to actually need that shell access... 16:43:48 <shelikhoo> but it is good to try this wireguard..... 16:44:09 <meskio> I think is good that some people besides dcf has access to be able to fix things if they break 16:44:47 <shelikhoo> okay, last time there was a break, shell access didn't help 16:44:55 <meskio> yep :( 16:45:25 <shelikhoo> but no worry, once we got distributed server support running 16:45:52 <shelikhoo> the bus factor for snowflake server will increase 16:46:06 <shelikhoo> although the broker will remain a weak point 16:46:42 <meskio> +1 16:47:34 <shelikhoo> that's everything on the pad, did I miss anything? 16:48:35 <meskio> maybe we are done :) 16:49:13 <shelikhoo> yes... thanks for everyone 16:49:14 <shelikhoo> #endmeeting