13:31:14 <nickm> #startmeeting 13:31:14 <MeetBot> Meeting started Wed Jan 21 13:31:14 2015 UTC. The chair is nickm. Information about MeetBot at http://wiki.debian.org/MeetBot. 13:31:14 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic. 13:31:16 <nickm> ohai! 13:31:18 <nickm> who's here? 13:31:37 <nickm> (could be a short meeting if it's just me this morning...) 13:32:46 <nickm> I'll give it another 10-15 minutes... 13:39:33 * teor is here, technical issues 13:39:40 <nickm> hi, teor! 13:39:47 <nickm> It looks like it might be just you and me this morning :) 13:40:54 <nickm> how's it going? 13:41:07 <nickm> personally, I'm hoping I can get a bit more hacking done this week, and take the weekend off. 13:41:13 <nickm> I'll see if circumstances cooperate. 13:43:57 <teor> I have got absolutely no hacking done this week 13:44:08 <teor> The anticipated disruption happened then more happened then... 13:44:19 <teor> So maybe this weekend there will be hacking 13:45:22 <nickm> remember, hacking is fun. :) 13:45:36 * dgoulet here! 13:45:37 <teor> Yes, which is why I regret not having time to do it 13:45:59 <nickm> For me, I've got meetings and communication this morning, after which I'm going to try to force myself to calm down and hack. Then, in the office all day tomorrow. Then, a short day friday 13:46:09 <nickm> hello dgoulet! 13:47:51 <teor> hi dgoulet 13:48:04 <nickm> I'm going to prioritize testing, mgetting things merged, and getting guard-related issues resolved. 13:48:07 <dgoulet> teor, nickm: hello! and also Yawning ! :) 13:48:07 <nickm> hi Yawning ! 13:48:08 <nickm> hi toralf ! 13:48:09 <teor> Well, the crew is here... 13:48:38 <Yawning> I'm still half asleep 13:49:06 <dgoulet> right, I have to day #9682 and #13339 to review (which are rather big), will also sit on some phone calls for the pm thing 13:49:40 <toralf> nickm: hi 13:49:53 <dgoulet> nickm: please direct me anything that you think should be reviewed asap 13:50:02 <asn> hello i'm also around 13:50:03 <dgoulet> (or need patches) 13:50:07 <dgoulet> asn: o/ 13:50:44 <asn> mainly going to be working on SponsorR PM stuff this week. 13:51:01 <asn> and also uni stuff. 13:51:13 <nickm> asn: ok. Do we have a plan right now for guardiness branches and "freak out if guards go away" ? 13:51:21 <asn> hm 13:51:29 <asn> guardiness branch needs some more fixes. 13:51:31 <nickm> My sense is that I should be trying to get your branches merged for the former, and trying to do an implementation for the latter 13:51:46 <asn> i need some more feedback from teor, and I will fix them soon. 13:51:55 <asn> it will happen soon. 13:52:02 <asn> now, on the "freak out" ticket. 13:52:07 <asn> i posted my thoughts in the last two comments. 13:53:01 <asn> an implementation doesn't seem very hard technically. but we will need to be careful about edge cases (directory guards, etc.) and also it will need to get lots of testing from people with different tor use cases. 13:53:02 <nickm> If I'm understanding right, your sense is that it's going to be harder than I think to get this right? 13:53:07 <nickm> hm. 13:53:15 <asn> nickm: let me suggest 13:53:18 <asn> you set up your tor 13:53:23 <asn> to log your guard usage 13:53:27 <asn> and check the logs for a few days 13:53:36 <asn> i can give you a branch if you want 13:53:40 <asn> that will do this for you 13:54:03 <asn> i think this will give you a good idea of the situation. that is, how directory guards influence the guard list, etc. 13:54:47 <nickm> hm. 13:55:03 <nickm> sure, upload the branch someplace. 13:55:08 <asn> ok 13:55:13 <asn> i will try to do this tomorrow. 13:55:26 <nickm> I wonder if you have some idea of what exactly the algorithm _would_ look like, if we were going to build in an advisory version now. 13:55:47 <nickm> I have a feeling that everybody but me has a solid notion of what the proposal actually _is_ :) 13:55:58 <nickm> If that's not the case, then I'd love to know, so I can try to make one up. :p 13:55:59 <asn> heh 13:56:22 <asn> let's see.. 13:56:35 <asn> the simple version would be to find the right place in the code where direct connections to guards are happening 13:56:43 <asn> and every time we connect to a new guard, we increment a counter. 13:56:54 <asn> if the counter is over THRESHOLD, we warn. 13:57:04 <asn> now, the problem is finding The Right Place. 13:57:17 <asn> I candidate is entry_guard_register_connect_status() . 13:58:30 <asn> however, there are a few caveats that I mentioned in the ticket. 13:58:54 <asn> namely, that directory guards are causing lots of connections to guards that are not on the top of the list. 13:59:05 <nickm> hm. Why is that? 13:59:08 <nickm> Do we know? 13:59:11 <asn> yes 13:59:19 <asn> it's because we have NumDirectroyGuards = 3 13:59:34 <nickm> ah. 13:59:41 <nickm> well then. 13:59:42 <asn> so our guard algorithm will walk our guard list till it finds 3 guards that can be used as directory guards 14:00:04 <asn> and not all guards can be used as directory guards. 14:00:33 <asn> and sometimes a guard will be down, and it will be skipped, and our algorithm will go even deeper in the guard list and return guards even more down in the list. 14:01:08 <asn> it might be fine to ignore directory guarsd for the purpose of that ticket.\ 14:01:33 <asn> because they are not very good at launching end-to-end correlation attacks, which this ticket is trying to prevent. 14:01:36 <asn> but I'm not sure about this yet. 14:03:15 <asn> as an example, over the past two days I have used 2 circuit guards. and 7 directory guards. 14:05:21 <asn> i haven't had much time to think how to make this work. 14:05:36 <nickm> ok. I'm going to try to stare at it and see if I make any progress. 14:05:39 <asn> i've only had time to think of ways that the simplest approach might fail. 14:05:50 <nickm> Is this on a reliable or an unreliable connection that you have been testing? 14:05:53 <asn> and i'm not going to have much time this week, but the next week might be better. 14:06:08 <asn> nickm: it's a reliable connection. in an unreliable one the situation would be worse. 14:06:56 <nickm> ok 14:07:05 <nickm> I'll try to experiment with different approaches and see if I find anything out 14:07:09 <asn> ok 14:07:55 <asn> entry_guard_register_connect_status() is a useful function to count circuit guards. 14:08:07 <asn> directory_initiate_command_routerstatus_rend() is a useful function to detect connection directory guards. 14:08:11 <asn> *to dir guards 14:08:24 <asn> gl hf 14:08:35 <nickm> I'll try :) 14:08:40 * asn goes back to uni work 14:09:03 <nickm> anybody else want to pay attention to this issue? It's a potential security improvement, and possibly quite valuable if we can get it int0 0.2.6 14:09:06 <nickm> into 14:09:37 <dgoulet> I would gladly help the way I can 14:09:43 <Yawning> I'll review the branch? 14:09:48 <nickm> ok. are you up to speed on the ticket? 14:09:52 <nickm> there is no branch there right now 14:10:01 <nickm> afaik 14:10:08 <Yawning> (when iut happens) 14:10:11 <nickm> though there are plenty of other fun fun branches to review 14:10:12 <nickm> ah 14:10:23 <Yawning> yeah I'll review more stuff 14:10:49 <Yawning> I kind of want to get this obfs4proxy scramblesuit stuff done too before poking at more tor, but it's almost there 14:11:16 <nickm> great 14:12:05 <dgoulet> nickm: one thing I would like to talk about is the network testing plan (oh well we can wait after this meeting) 14:12:31 <nickm> what about it? :) 14:13:37 <dgoulet> nickm: one of the next important goal for sponsorR for next quarter is to come up with a way of testing tor in a network with different HS scenarios so we can measure performance, improve and well investiguate future versions 14:13:45 <dgoulet> which overlaps quite well with sponsorS 14:14:42 <dgoulet> nickm: thus I would like to start that, we've made a very "brainstorm" plan in boston but maybe we are ready to move forward to something more concrete? 14:15:17 <nickm> Sounds plausible. What are you thinking for this testing? One of the challenges is that shadow is better for performance numbers but IMO harder to work with 14:16:03 <nickm> The testing I'm aiming at for S is less performance centric and more does-it-work centric 14:17:26 <dgoulet> yeah shadow is definitely a choice for what we need for sponsorR I would say, I haven't thought of that in depth though, I wanted to know if you had any more ideas written down on a napkin :) 14:17:45 <nickm> I'm writing down a lot of napkin ideas this week, I hopel. 14:17:47 <nickm> *hope 14:18:14 <nickm> Have you been getting any shadow experience? 14:18:34 <dgoulet> nickm: I have it setup now on my machine and Rob helped me a lot understand more shadow 14:18:41 <nickm> great 14:18:53 <dgoulet> we haven't made it work with tracing though (lttng) ... complicated issues but I have a plan to make it work 14:20:15 <dgoulet> but yeah depends on the use case for shadow I would say and maybe both chutney and shadow would be useful for different things 14:20:45 <teor> Chutney is useful for sanity checks 14:21:09 <teor> asn: yes, I have bumped #9321 up to the top of my list for this weekend. 14:21:19 <nickm> woo 14:21:26 <teor> asn: or was there another you wanted? 14:21:55 <dgoulet> nickm: also, apparently Ian has this big cluster in his lab with a full tor network made by sukhe sooooo could be useful ;) 14:22:29 <nickm> neat 14:25:33 <nickm> Anything else for this meeting? 14:27:59 <nickm> ok 14:28:04 <nickm> thanks, everybody! 14:28:06 <nickm> #endmeeting