13:31:52 #startmeeting 13:31:52 Meeting started Wed Jun 3 13:31:52 2015 UTC. The chair is nickm. Information about MeetBot at http://wiki.debian.org/MeetBot. 13:31:52 Useful Commands: #action #agreed #help #info #idea #link #topic. 13:32:19 hi all! It's another core tor dev meeting. I've seen teor and armadev and athena and asn and dgoulet! 13:32:26 Anybody else around? 13:32:31 (for the meeting?) 13:32:33 hi 13:32:37 hi Yawning ! 13:32:44 Let's start with quick status reports. 13:33:01 hm 13:33:08 hi meeting! 13:33:15 hi athena ! 13:34:39 I guess I'll go first 13:35:04 last week I managed to merge the ed25519 patch, part 1. That was awesome, but then ate the next couple of days by patching things and feeding it through coverity 13:35:17 also we're back to working with openssl 1.1, I think 13:35:40 next up for me is writing more proposals, working on guard algorithms, and trying to get #15055 finished.... 13:35:54 ..and begging for review on #13642 ... 13:36:08 ...but I'm going to be distracted Thu->Sat with a meeting in Boston. 13:36:13 And that's it for me. 13:36:14 who's next? 13:36:23 status report: mostly figuring out #4581 right now; i can see where to put the test and how to implement it, but two uncertainties: how to tell really-anonymized circuits producing begindir cells from the one-hop tunneled ones, and whether to rate-limit the really-anonymized ones all together in one bucket or per circuit 13:37:26 you can get an approximate guess as to what's really-anonymized by seeing if you recognize the circuit as coming from somebody in your consensus. It can give you the wrong answer, but it's right-ish. 13:38:13 as for whether to treat them differently: It's a "remain functional in the face of DoS" problem. So I'd say, take a guess which solution might have that property. :) 13:38:54 (guess I can go?) 13:39:03 go for it! 13:39:16 I helped nickm slay the remaining OpenSSL 1.1 demons 13:39:29 hopefully we won't need to touch that code much in the near term future 13:39:40 (I think we're in a lot better shape in master) 13:39:52 I got a huge code drop from Blanu that I need to review (Ptland, Dust yay) 13:39:55 nickm: okay, thanks 13:40:05 so that might keep me from tor-ish stuff but, it's a new pt 13:40:10 nice! 13:40:11 cool! 13:40:12 which is always exciting 13:40:15 what's special about it? 13:40:35 a more systematic approach was used to determine "stuff that gets past dpi boxes" 13:40:44 in theory it supports a bunch of nifty features as well 13:40:54 but I need to improve my framework code for that 13:41:08 (a more cynical take on what's special is, it's part of sponsor T) 13:41:44 past that, still having random EMEATSPACE intrusions into my quality hacking time, and I'm trying to figure out just how fast I should be running to sumewhere in europe 13:41:55 that's it for me :P 13:42:03 i can go next 13:42:06 not much to report 13:42:15 a few sponsorr stufff. a few SoP stuff. 13:42:26 i was also quite close to getting guardfraction deployed 13:42:37 but a wild bug appeared ! 13:42:52 it is now filed as #16255 and i think i identified it 13:42:57 unfortunately, it has to do with bandwidth weights 13:43:04 and testing these things on chutney is a PITA 13:43:05 ow :( 13:43:20 are there specific chutney improvements that would help? 13:43:35 for some rason, latest chutney with latest tor, gives me a network with all relays having Bandwidth=0 13:43:40 i think that's because htere is no measured bw 13:43:45 and hence the self-reported one is used 13:43:50 and because those testing relays don't see much use 13:43:53 they just report 0 13:44:13 i have a hack 13:44:24 ok. is it just "Run a constant load through it"? 13:44:38 which goes to rep_hist_bandwidth_assess() 13:44:57 and if read and write bandwidth is 0, it reports a random number. 13:45:04 instead 13:45:07 that makes it work kind of 13:45:30 asn: I have a chutney patch in the works that will allow verify to run continuous loads 13:45:35 which allows dirauths to calculate total bandwidht weights and Wgg, etc. weights 13:45:42 the other problem with #16255 13:46:03 is that clients actually validate the total bandwidth weights reported by the dirauths 13:46:20 and this is problem if the clients don't yet use guardfractions, but the dirauths do 13:46:28 because in that case, the clients complain that the bw weights don';t make sense 13:46:41 i'm not sure what to do in this case. 13:46:50 i need to read a bit more on how these Wgg weight calculations work, and think more about deployment 13:47:03 make current clients no longer complain, then wait a very long time? (is there a better plan?) 13:47:05 this was an unexpected deployment hurdle, and I suck. 13:47:18 armadev: not sure yet about better plan. 13:47:19 hey, everybody breaks stuff sometimes 13:47:40 and that's that from guardfraction land. the python script actually works quite well 13:47:43 on second thought, maybe the very long time doesn't have to be that long. "my client is giving me warnings" "then upgrade". 13:47:53 assuming it's just warnings, yeah. 13:48:01 will try to think of something in the nxt days 13:48:12 today i'm mainly looking at guard stuff 13:48:15 (I ave something for the discussion phase) 13:48:21 i also posted a faux algorithm in the pad just to get this going 13:48:28 i'm done. next please :) 13:48:35 * dgoulet can go next 13:49:01 Nick's ed25519 patch review last week. Lots of work on #4862 which incidently fixed other tickets. Reported an HS issue detailed in #16260 for which I would love your feedback on what to do :). 13:49:06 Opened #16274 yesterday because of //paste.debian.net/hidden/cf670e06/ on my relay but turns out it's not the full issue so this morning I've been chasing the issue... 13:49:14 Next on my radar is to review #13642 and jump a bit on non little-t tor SponsorR stuff and SoP meeting today with DonnchaC and asn. 13:49:16 * dgoulet done 13:49:27 * teor can go 13:49:59 go ahead 13:50:14 I reviewed code using clang sanitizers and submitted #16115 13:50:26 A series of minor fixes since 0.2.7.1-alpha 13:50:51 (whoops; I forgot to mark that fixed when I merged it) 13:51:18 Since Apple has let OS X OpenSSL rot at 0.9.8, I added build instructions to the wiki at https://trac.torproject.org/projects/tor/wiki/doc/MacBuild 13:51:28 for OpenSSL 1.? on OS X 13:51:53 And updated the corresponding launchd instructions to deprecate Vidalia in favour of nyx 13:52:03 https://trac.torproject.org/projects/tor/wiki/doc/MacRunOnBoot 13:52:42 Next on my list is to submit a branch for #15817, then tests for #14882 13:53:08 And the chutney stuff in #14175 13:53:11 * teor is done 13:53:24 * armadev can go next 13:53:34 I've alas not had much time to wear my tor dev hat, due to other hats like exec dir 13:53:41 I've paid attention to the recent hsdir attacks, and encouraged dgoulet to work with others to build health monitoring and attack detection infrastructure 13:53:45 Also, it's becoming clear that the !reject approach to cutting out bad relays d 13:53:45 oesn't scale, and we need something more agile (something that involves fewer d 13:53:46 ir auths) 13:53:53 there, done. 13:54:04 (is that all the peeps?) 13:54:17 because arma's stuff leads into what I want to bring up 13:54:26 Let's move on to discussion, and if there's another person, they can do their status in parallel? 13:54:34 ok 13:54:35 +1 13:54:58 my discussion is, I want to fasttrack #8243 and #15963 for a 0.2.6.x release Soon 13:55:19 because, yeah, assholes, sybil attacks, HSDir, etc 13:55:20 can you summarize what we're planning to do for #8243? 13:55:51 8243 makes HSDirs require Stable 13:56:15 hot. 13:56:20 +1 on this one 13:56:29 I think our bw scanner stuff has an extra layer of ducttape/string/chewing gum 13:56:35 so requiring Fast might be reasonable as well 13:56:44 I'm fine with both of those . What's the status now; who's reviewed so far, etc? 13:56:56 2nd one needs a patch I think 13:57:01 i could get behind the Fast requirement. especially if you tell me how many relays this extra constraint rules out. 13:57:03 requiring Fast (#15963) won't work until more dir auths have bwauths attached to them (#12877) 13:57:22 i have reviewed dgoulet's current #8241 branch. it needs some minor mods. 13:57:24 ok, so Fast we can backbruner for now 13:57:25 that is, currently a majority of dir auths vote Fast for a relay based on its advertised capacity. 13:57:37 because it currently keeps both the Stable requirement and the old ad-hoc uptime requirement. my suggestion is to only keep the Stable requrieemnt. 13:57:47 hm 13:57:55 whynotboth.jpg? 13:58:07 asn: how about something similar to guard, where we demand "it appeared at least a certain amount of time ago"? 13:58:09 I think we all glanced through dgoulet's branch for Stable at one point or another 13:58:12 or is that redundant with Stable in practice 13:58:17 since I see comments from nick, asn, and myself 13:58:51 my rationale for a 0.2.6.x release here is, we should do one for OpenSSL, sandboxing, etc anyway 13:58:56 armadev: not entirely redundant. we should see the minimum amount of time required to get the Stable flag currently. 13:58:57 and it's the version that most dirauths run 13:59:14 armadev: to see what kind of restriction we impose just by requiring Stable flag. and see if we are happy with that. 13:59:17 so just pushing anti-sybil defenses to master doesn't buy us more secuirty in the short term 13:59:25 if we're merging the openssl 1.1 ssl fixes to stable now, I'd like more testing. 14:00:00 I think that telling people "If you want to run with OpenSSL 1.1, run Tor 0.2.7" is reasonable for a little while longer. 14:00:02 nickm: maybe that can bake for another cycle (doa 0.2.7.x alpha first, then if it doesn't blow up, merge?) 14:00:03 Unless I'm missing something 14:00:06 yeah 14:00:09 ok 14:00:19 sandboxing alone is probably compelling enough here anyway 14:00:24 in terms of release methodology, since this change is designed only for dir auths, we should test it on some deployed dir auths before putting out a stable release that does it. whether that means an alpha release, or just some testing, i'm ok either way. 14:00:38 ok 14:00:41 ok 14:00:52 so what do I merge here? 14:00:55 sorry if I stepped on anyones toes, or if I'm being overly persistent about this 14:01:10 I think patch needs a few tewaks, then we'll poke you 14:01:12 yawning: no, i think cutting down the number of churny hsdirs is good. 14:01:25 ^! 14:01:25 no worries. our dev methodoology requires that people be loud sometimes :) 14:01:47 but I really want this to happen, (and we can say, "look, we're making it harder to be HSDirs while we figure out 224" to the sky-is-falling cround) 14:02:03 sure would be nice to have some plans for #8244 too 14:02:15 armadev: we do; see proposal 224 14:02:16 even though I don't think that presentation really exposed anything new 14:02:28 they had some nice tools for mounting an attack that's been known for a while 14:02:37 and just becoming an HSDir doesn't win much 14:02:44 yawning: right. from looking at the slides for the talk, it looked like a good talk, which taught people about the two open tickets. done. 14:02:49 (depending on what you think about popularity metrics) 14:02:56 armadev: yah 14:03:02 someone should comment 14:03:08 ok so who is taking on to do the modifications needed on #8243? 14:03:14 grats :P 14:03:29 unless you're busy 14:03:40 I can do it but we just need to agree on the latest comment :) 14:03:45 i think the main question that needs to be answered now is 14:03:53 - What's the minimum uptime required to get the Stable flag? 14:03:57 and see if we are satisfied by the answer. 14:04:09 so I'll lock you and ans in a conference room for a bit? 14:04:10 If we are not, we might as well keep the old "simple uptime" requirement as well. 14:04:11 :P 14:04:14 *asn 14:04:16 I can look this up tomorrow. 14:04:25 I guess I can take over this ticket? 14:04:28 lemmie know if help is required 14:04:29 asn: why not keep both anyway? in case the answer changes later? 14:04:39 "Stable" -- A router is 'Stable' if it is active, and either its Weighted 14:04:40 MTBF is at least the median for known active routers or its Weighted MTBF 14:04:40 corresponds to at least 7 days. 14:05:06 aha 14:05:09 let me check the first condition 14:05:10 http://knowyourmeme.com/memes/why-not-both-why-dont-we-have-both 14:05:17 eehmm why not both 14:05:38 i think i decided to not have both so that we ditch all the various ways of judging uptime, and only keep the smart ones. 14:05:39 you can have Stable but not up for the last 96 hours so I agree that both sounds reasonable 14:05:44 but maybe the silly ones are not that silly. 14:06:18 flag-thresholds stable-uptime=907597 stable-mtbf=2137224 14:06:51 907597 seconds is 252 hours 14:07:10 but yeah, I think keeping both might be a good idea at this point. 14:07:25 dum dum dum 14:07:36 wait, if a bunch of HSDirs are voting fast based on advertised instead of actual 14:07:42 requiring Fast doesn't hurt us right? 14:07:46 err 14:07:50 if DirAuths are... 14:07:51 yawning: correct. 14:08:03 and the moment we enable teh scanner code, we'll just kick out a bunch of bad? 14:08:08 https://metrics.torproject.org/relayflags.html?graph=relayflags&start=2015-03-05&end=2015-06-03&flag=Running&flag=Exit&flag=Fast&flag=Guard&flag=Stable&flag=HSDir 14:08:13 enable enough scanners you mean. yes. 14:08:33 worht doing then probably? 14:08:34 dirserv_thinks_router_is_unreliable() is relatd func 14:08:48 the code changes here should be trivial 14:09:16 in the case where we keep both checks, the patch is ready 14:09:32 asn: except for the MinUptimeHidServDirectoryV2 question 14:09:34 yawning: see also #11327 14:09:39 oh wait we keep both, nvm 14:09:42 dgoulet: well that's the check we keep 14:10:31 hmm 14:10:32 (I guess prop243 should be modified also) 14:10:43 yes 14:10:46 dgoulet: think you can add teh Fast check? 14:10:52 (if we're agreeing it's good?) 14:11:13 it's probably just a one line addition to the patch in the same area 14:11:16 well why not, I can pile on patches on my stack :D 14:11:29 i can take over #8241 14:11:30 i can take over #8243 14:11:30 yawning: yep. just make sure you look at Fast after you've computed it, not before 14:11:31 sorry 14:11:46 asn: ok so 8243 is not yours :) 14:11:51 now* 14:11:54 ok 14:12:07 I'll link the fast thing to there 14:12:14 ok 14:12:21 also mention that we decided to kee pboth checks 14:12:28 dgoulet: do you have any tips for tsting that branch? 14:13:43 asn: hrm... with chutney I *think* all nodes get all flags... hrmmm 14:14:00 I remember testing this, just don,t remember how.... 14:14:57 *bolts the Fast ticket on as a child* 14:15:04 there 14:15:10 ok 14:15:23 done with #8243 discussion? will try to look into it soon. 14:15:36 think so, >3 14:15:40 err <3 14:15:49 Jun 03 09:55:02.394 [warn] Unable to store signatures posted by 88.80.185.36: Mismatched digest. 14:16:31 nickm: what's next? 14:16:47 fun. it looks like a stranger is giving me an attempted signature on the consensus. which i'm refusing only because it isn't a signature on what i think the consensus is. otherwise i'd, i guess, add that signature to my consensus. even though i don't know who it is. 14:16:50 asn: yawning needs food badly 14:17:29 (am I showing my age ther?) 14:18:56 armadev: hmm 14:19:14 do we have a guard discussion next? 14:19:23 armadev: we no check that consensus signature comes from the list of dirauths, eh? 14:19:49 would the clients then check it, and be like "shit this sig here i don't recognize. better trash the whole consensus"? 14:20:14 asn: we should figure out more about guards. 14:20:18 ok 14:20:18 I think 14:20:21 (sorry, was afk) 14:20:22 let's do some guards 14:20:28 (can I has food?) 14:20:31 i posted some super strawman algos in pad 14:20:32 of course 14:20:33 Yawning: yes 14:20:35 shall we endmeeting though? 14:20:41 #endmeeting