#tor-meeting log

16:00:02 <shelikhoo> #startmeeting tor anti-censorship meeting
16:00:02 <MeetBot> Meeting started Thu May 26 16:00:02 2022 UTC.  The chair is shelikhoo. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:00:02 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
16:00:31 <shelikhoo> here is our meeting pad: https://pad.riseup.net/p/tor-anti-censorship-keep
16:00:31 <shelikhoo> feel free to add what you've been working on and put items on the agenda
16:00:42 <meskio> hello o/
16:01:17 <cohosh> hi
16:01:21 <itchyonion> hello
16:01:22 <shelikhoo> hi~
16:03:48 <meskio> we have a new irc channel for the anti censorship team: #tor-anticensorship
16:04:01 <meskio> we wanted to have a bit less noisy channel than #tor-dev to talk
16:06:53 <meskio> I added the first topic for discussion: 2FA in gitlab?
16:07:06 <shelikhoo> okay, I think there was some 'new' topics on the pad that was later removed
16:07:21 <meskio> ohh, is probably my fault, sorry
16:07:27 <shelikhoo> this this something expected?
16:07:29 <meskio> I thought it was everything from last week
16:07:54 <shelikhoo> please have a check.... I was not that sure, but it is worth mentioning
16:08:29 <meskio> ok, I saw the same stuff that was last week and removed it, but maybe there was something new there
16:08:34 * meskio goes to check the history
16:09:31 <shelikhoo> there was a topic about go 1.18 and snowflake
16:09:31 <meskio> I think is lost, sorry for that
16:09:36 <shelikhoo> that is new
16:09:46 <meskio> I just added it back
16:09:49 <shelikhoo> yes....
16:10:24 <meskio> I'll be more careful next time, sorry
16:11:09 <meskio> should I go with the 2FA point?
16:11:24 <shelikhoo> yes, let's begin the discussion section
16:11:35 <shelikhoo> first is the 2FA on gitlab
16:11:42 <meskio> other teams do require people to have 2FA in their gitlab accounts to have access to commit to the repos
16:11:54 <meskio> I think will be nice to have the same policy in the anti-censorship
16:12:02 <meskio> what do you think?
16:12:25 <meskio> (most of us already have 2FA enabled, we'll need to poke a couple of people)
16:14:29 <shelikhoo> I am in support of enabling 2FA in general, but maybe we can contact non-2FA account owners to request enabling 2FA first
16:14:38 <shelikhoo> before enforcing this policy
16:14:43 <meskio> yes, sure
16:15:08 <meskio> I can do that, if we decide to enforce 2FA I will contact personally the people that doesn't have that and ask them
16:16:23 <shelikhoo> TOTP should work for most people(so longer as there is no constant logout), and FIDO2 works quite charmingly.
16:16:48 <meskio> yes, I use my yubikey for FIDO2, and I'm happy with it
16:17:07 <shelikhoo> although 2FA have limited security improvement if password is already generated randomly
16:18:16 <meskio> even if is random 2FA helps to make hard to reuse a password found once, but I agree 2FA is not so important if we have good password
16:18:30 <meskio> but is easier to enforce 2FA and good passwords...
16:20:01 <meskio> I will assume the silence is an agreement, anyway I'll check with the people without 2FA is this is a problem for them
16:20:48 <shelikhoo> there was some talk about 2FA help with phishing and MITM... but the MITM part is never materialized...
16:21:06 <shelikhoo> (specificity FIDO)
16:21:37 <shelikhoo> okay we can move to the next topic:     go 1.18 & snowflake
16:22:27 <shelikhoo> if my instinct was correct, this topic is added by cohosh, is that correct?
16:22:38 <cohosh> nope >.<
16:22:52 <cohosh> i vaguely remember someone mentioning it
16:23:04 <meskio> do we get again misterious discussions points from people that is not around?
16:23:39 <cohosh> heh maybe, one sec i'm gonna try and remember where i saw this
16:24:33 <meskio> I see the CI uses 1.7 and go.mod says 1.13
16:24:54 <meskio> I think is handy to keep go.mod <= debian stable go version
16:25:18 <shelikhoo> I was developing with go1.18.1 and no issue were discovered
16:25:51 <meskio> the docker snowflake-proxy does use 1.18
16:26:21 <meskio> BTW, I just uploaded new versions of the docker snowflake-proxy
16:26:39 <cohosh> meskio: awesome, thanks for doing that
16:27:02 <meskio> (the debian package is taking me a bit of work...)
16:28:36 <cohosh> shoot i can't remember, it might have been some random gitlab issue or an irc comment or an email
16:30:43 <cohosh> hopefully whoever it was reaches out again
16:30:57 <meskio> I hope so
16:31:01 <shelikhoo> https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40474'
16:31:09 <shelikhoo> is this the link?
16:31:38 <cohosh> aha!
16:31:51 <cohosh> https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40464
16:32:42 <cohosh> i am not sure why cypherpunks made the link to snowflake here
16:33:29 <cohosh> or maybe the applications team is trying to bump the go version and wondering if it will work with snowflake?
16:33:55 <cohosh> in any case, we could update the CI to target 1.18 as well
16:34:05 <meskio> yep
16:34:10 <shelikhoo> it seems this can be fixed with upgrade a package
16:34:20 <shelikhoo> yes, let's update the CI
16:34:40 <meskio> I will assume the new version of snowflake doesn't introduce any dependency that requires go 1.18, the CI is working, so this should not be a blocker
16:35:01 <meskio> I mean, tests pass on go 1.17 apparently
16:36:00 <cohosh> i made snowflake#40144
16:37:04 <shelikhoo> anything more on this topic?
16:37:12 <meskio> not from my side
16:37:44 <cohosh> not from me
16:38:36 <shelikhoo> there is one more action topic: send wireguard public key to get tty access to snowflake-02
16:38:55 <shelikhoo> actually shell access
16:39:24 <meskio> I'm happy dcf wrote some tutorials, I haven't done much with wireguard up to now, but I guess is time to learn :)
16:42:40 <shelikhoo> I have some experience with wireguard... I can do this first just to try this wireguard setup
16:43:06 <meskio> :)
16:43:06 <shelikhoo> but I don't have that much faith in wireguard....
16:43:35 <shelikhoo> I don't expect myself to actually need that shell access...
16:43:48 <shelikhoo> but it is good to try this wireguard.....
16:44:09 <meskio> I think is good that some people besides dcf has access to be able to fix things if they break
16:44:47 <shelikhoo> okay, last time there was a break, shell access didn't help
16:44:55 <meskio> yep :(
16:45:25 <shelikhoo> but no worry, once we got distributed server support running
16:45:52 <shelikhoo> the bus factor for snowflake server will increase
16:46:06 <shelikhoo> although the broker will remain a weak point
16:46:42 <meskio> +1
16:47:34 <shelikhoo> that's everything on the pad, did I miss anything?
16:48:35 <meskio> maybe we are done :)
16:49:13 <shelikhoo> yes... thanks for everyone
16:49:14 <shelikhoo> #endmeeting