17:01:52 <phw> #startmeeting anti-censorship weekly checkin 2019-08-08
17:01:52 <MeetBot> Meeting started Thu Aug  8 17:01:52 2019 UTC.  The chair is phw. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:01:52 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
17:01:54 <dcf1> just throw an ice cube in there
17:02:03 <phw> here's our pad: https://pad.riseup.net/p/tor-censorship-2019-keep
17:02:58 <phw> our first announcement: the folks from iclab (phillipa gill's research group at umass amherst) started monitoring the reachability of our default bridges
17:03:19 <phw> they have access to plenty of vpn vantage points all over the world -- including china.  they'll get back to us once they have results
17:04:03 <cohosh> awesome
17:04:20 <phw> this should help us with #28531
17:04:34 <phw> cohosh, do you want to cover the second announcement?
17:04:52 <cohosh> oh yep, i was at clsi last week
17:05:07 <cohosh> and psiphon announced that they want to publish public data on their anti-censorship tool usage
17:05:27 <cohosh> which is unexpected and exciting since they are super closed about their implementation and user bases
17:05:51 <cohosh> i added an excalamation point because i felt that all announcements should have one
17:05:52 * phw is really looking forward to seeing this data
17:06:00 <antonela> haha
17:06:01 <phw> i agree, at least one
17:06:06 <cohosh> yeah, i'm not sure how quickly it will happen
17:06:32 <cohosh> but it would be cool to see because psiphon is very popular in places that don't have a lot of tor usage
17:07:22 <phw> gaba: do you want to cover our first few discussion points?  i believe you wrote them, no?
17:07:55 <phw> our color coding has changed recently.  somebody removed the color history and changed the title to "anti-censorship meeting" in russian
17:08:14 <cohosh> o.O
17:08:22 <phw> that was my reaction too
17:08:31 <antonela> wat
17:08:35 <gaba> ok. Sorry I was on the phone
17:08:36 <cohosh> i might have removed the colour history, i thought that was a local change >.< but i did not do the title thing
17:08:57 <cohosh> sorry for that
17:09:10 <gaba> yes, I wrote some of the topics
17:09:14 <phw> oh, no worries.  it's nice to have a fresh start!
17:09:48 <gaba> sponsor 30. I would like us to agree on tickets related with each of the deliverabels that need to be completed and be sure we are not missing anything
17:10:34 <gaba> antonela is also part of this sponsor and will collaborate with some of the deliverables
17:10:35 <dcf1> https://pad.riseup.net/p/tor-censorship-2019-keep/timeslider#31952 sure enough
17:11:07 <gaba> #31268 is the master ticket for the work on s30
17:11:11 <gaba> for anti-censorship
17:11:51 <phw> gaba: i'll try to create missing tickets
17:12:41 <gaba> ok. anything we need to coordinate with antonela now?
17:12:58 <antonela> i don't think now, but we should talk about times
17:13:14 <antonela> your spreadsheet is good gaba, we can coordinate based on that
17:13:25 <gaba> ok. I would like to have monthly meetings on this sponsor for collaboration and check on progress.
17:13:44 <gaba> I will send a mail in a couple of weeks about it.
17:14:08 <antonela> oki, im happy to join your process phw and moving forward together on what is needed
17:14:33 <phw> thanks antonela!
17:15:06 <gaba> Next item is roadmap. We are experimenting with gitlab for it and this will lead what we need to do to migrate from trac to gitlab.
17:15:15 <gaba> I uploaded August roadmap into that board.
17:15:43 <gaba> Right now only as a project 'roadmap' but the idea would be to have issues in its own repository in gitlab.
17:16:15 <cohosh> woah nice
17:16:29 <cohosh> gaba: is this ready for us to change as we work on things?
17:16:37 <phw> can we expect gitlab urls to be stable now?  we recently moved anti-censorship into the torproject folder, which changed the urls as far as i know.
17:16:45 <gaba> yes. sorry about that.
17:17:08 <gaba> cohosh: this is mostly the 'testing' phase. We need to adjust to what works for us.
17:17:51 <gaba> as we were using storm before (that was not integrated into trac) it would be similar with the plus of testing how the roadmap/issues may work here.
17:18:30 <cohosh> cool
17:19:01 <antonela> that's cool gaba
17:19:17 <gaba> I would like us (people that want to move forward - or not - the decision on trac to gitlab) to meet in a few weeks and see what next steps are.
17:19:17 <phw> yes, thanks for moving forward with this
17:21:14 <gaba> are people ok with how the roadmap looks like there?
17:21:20 <gaba> and the state it is in
17:21:27 <gaba> the idea is to update it in every meeting
17:21:46 <cohosh> i can move some things into the "Doing" column but otherwise yes
17:21:56 <gaba> I added one new column 'Next' that will have what work is going to be done in the next week
17:21:59 <gaba> ok
17:22:01 <cohosh> the "Backlog" is for August and past roadmapped work?
17:22:17 <gaba> the columns should be sort out by priority
17:22:24 <gaba> I only added August so far.
17:22:29 <gaba> and july, yes
17:22:31 <cohosh> Ah gotcha okay cool
17:22:54 <gaba> The due date indicates the end of the month we said we are going to work on the issue.
17:23:13 <gaba> To estimate issues you comment on it with the command /estimate Xd
17:23:29 <gaba> The issue wih this version of gitlab is that weeks are automcatically 5days
17:24:11 <gaba> to say how much time you spent on an issue you comment with /spend Xd
17:24:37 * anarcat coffee
17:24:44 <gaba> Many of the labels are at the level of The Tor Project group.
17:24:47 <phw> should we only update the gitlab roadmap now?  or are we maintaining gitlab and storm in parallel?
17:24:57 <gaba> So we can have a board for the whole organization where people can still report issues.
17:25:06 <gaba> we are saying bye bye to the storm one
17:25:15 * phw says bye bye
17:25:16 <antonela> rainbow
17:25:24 <gaba> :)
17:26:10 <gaba> next topic?
17:26:31 <phw> yes
17:26:40 <phw> the snowflake webextension
17:26:47 <gaba> snowflake web extension. What is the situation right now with it? Should we add anything else to the roadmap?
17:27:25 <cohosh> I think #31278 and #31285 are important to look at soon
17:27:44 <cohosh> and probably aren't on the roadmap
17:28:01 <gaba> can you estimate those tickets cohosh?
17:28:36 <arlolra> 31278 looks similar to what you just merged
17:28:50 <cohosh> ah yeah that might be a duplicate
17:28:57 <arlolra> and 31310
17:29:57 <cohosh> #31310 i made after finishing the one i just merged to remind us to improve the code a bit
17:31:07 <gaba> ok
17:31:08 <cohosh> gaba: we can take a look after the meeting and estimate times
17:31:20 <cohosh> i'll need to re-read the descriptions again
17:31:27 <gaba> sounds good cohosh
17:31:51 <gaba> next topic. v
17:31:52 <gaba> What do we do with #31153 "Create a "tor-bridge" Debian meta package" ?
17:32:15 <phw> yes, this ticket is on ice.  it may be done some time in the future but it's difficult to do it in a way that's debian policy compliant
17:32:20 <phw> so we'll just ignore it for now.
17:32:34 <gaba> ok
17:32:39 <gaba> I will move it to a -can
17:32:40 <gaba> sponsor
17:32:42 <phw> ...and do our "set up new obfs4 bridges" campaign without it
17:32:46 <phw> yes, thanks gaba
17:33:38 <gaba> next topic :) Sponsor 28. Should we meet again on it at the end of the month?
17:34:09 <phw> i'm not convinced we need to.  our anti-censorship meetings typically last less than an hour, and we could just discuss sponsor 28 things as part of our regular anti-censorship meetings.  what do you think?
17:34:26 <gaba> Yes. We do not have any other team involved in it.
17:34:38 <gaba> And both meetings are public anyway.
17:35:09 <gaba> Let's add a section to the weekly anti-censorship meeting to give updates on s28 if needed.
17:35:12 <phw> if/when things get more involved, we can reconsider but for now let's discuss sponsor 28 in our regular meetings
17:35:34 <gaba> ok
17:35:56 <phw> i was thinking about adding a (sponsor28) to the things i worked on over the last week
17:36:51 <phw> next item: do we need anything else from the metrics team for #30777?
17:36:54 * arma1 catches up on backlog and is around for a bit if needed for anything
17:37:25 <phw> i think the short answer is "no, at least not right now".  we need to find a convenient way to count how many new bridges were set up because of our campaign.
17:37:34 <gaba> ok
17:37:47 <phw> doing it passively is tricky, so it may make sense to encourage people to send us (or me) a brief email
17:38:25 <phw> anyway, we can discuss this next week when i've given it a bit more thought
17:39:01 <phw> cohosh: the last discussion item is yours, right?
17:39:34 <cohosh> right, we talked with the sysadmin team a bit about getting a tpo domain for the snowflake broker and bridge
17:39:55 <cohosh> specifically a torproject.net domain (.org might not be a good idea because of potential blocking)
17:40:14 <cohosh> there's another question of if/when we should move the actual hosts to TPA machines
17:40:27 <cohosh> this isn't as urgent because we have the access we need as a team to dcf's machines right now
17:40:45 <phw> fwiw, there's another argument against running snowflake infrastructure in tor: it violates our "we don't run the network" principle
17:40:50 <cohosh> anarcat mentioned on the ticket that we can probably get a torproject.net domain to point at dcf1's hosts
17:41:05 <cohosh> phw: yeah that's a good point and this is a gray area here
17:41:14 <cohosh> the snowflake broker is kind of like bridgedb which torproject does run
17:41:24 <cohosh> and the bridge isn't as much like a bridge as other PTs
17:41:29 <dcf1> They're not really *my* hosts except that I set them up at eclips.is.
17:41:44 <cohosh> since it's hard coded in and more difficult to change
17:41:57 <arma1> (for context, the reason we choose torproject.net for non-tpa hosts is because of how browsers handle "same domain" cookies.)
17:42:08 <dcf1> recent ticket discussion starts at https://trac.torproject.org/projects/tor/ticket/31232#comment:3
17:42:10 <cohosh> dcf1: ah right, let's say "non TPA hosts" then
17:42:59 <cohosh> really the domain is the biggest issue right now
17:43:21 <anarcat> .net is specifically for non-TPA machines, it's the other reason why we wouldn't use .org. i documented this distinction here today https://help.torproject.org/tsa/doc/naming-scheme/
17:43:24 <cohosh> i suppose with the hosts it's up to dcf1 since you're paying for them?
17:43:32 <cohosh> (at the moment)
17:43:43 <dcf1> I'm not paying anything, eclips.is is funded by OTF I believe.
17:43:48 <cohosh> ohh
17:44:03 <anarcat> i'd like to hear more about how snowflake works re the "we don't run the network" principle, maybe not here, but it's something that worries us (tpa, and probably others of course)
17:44:31 <gaba> eclips.is has this free acounts for different orgs/people.
17:44:34 <phw> anarcat: yes, this needs a bit more discussion.  should we use the ticket (31232) for it?
17:44:51 <anarcat> phw: sure, why not
17:45:14 <anarcat> because it's one of the questions we need to answer before we can answer the "should we move to tpa" question
17:45:22 <anarcat> the other being "what are those machines anyways and what do they eat" :)
17:45:38 <cohosh> cool :)
17:46:15 <anarcat> anyways, we're here to help, but we have questions and worries :)
17:46:18 <arma1> cohosh: it might also be smart to wait a bit before picking a new name, to see what google safe browsing does with the next domain
17:46:42 <cohosh> thanks anarcat!
17:46:49 <cohosh> arma1: hmm okay that's a good point
17:46:50 <anarcat> one of my concerns is that we've been going the "we're going to build you a secondary prometheus server for those external resources" for a while now, and are almost finished with it, and now we're talking about not making that stuff external after all :p
17:46:53 <arma1> i plan to talk to some google folks next week at usenix, and see if i can find a contact. (none of them answered my emails. but maybe gmail thinks i am not a real internet user because i don't use gmail.)
17:46:56 <anarcat> so i'm a bit confused about our roadmap :p
17:47:04 <cohosh> yeah sorry about that
17:47:13 <anarcat> heh
17:47:16 <anarcat> stuff happens :)
17:47:21 <cohosh> i think keeping it on the elips.is hosts makes sense for now
17:47:39 <anarcat> and you helped hiro get familiar with the prometheus setup.. she found and fixed a few bugs in the process, so it wasn't a waste of time :)
17:47:46 <anarcat> more like good exercise
17:47:47 <cohosh> since we are not in a bad position of if someone is unavailable snowflake goes down on that front
17:48:28 <dcf1> It's a little bad, because I think I'm the only one who could access an emergency web console if that were needed.
17:48:38 <dcf1> I didn't yet find a way to share access with other eclipsis accounts.
17:48:46 <cohosh> oh i see
17:49:20 <anarcat> it's a problem we have in multiple teams, by the way... lots of things are built by individuals and we have many SPOFs
17:49:31 <anarcat> i haven't even started documenting those, but i keep stumbling upon stuff like that
17:49:32 <arma1> dcf1: eclipsis is greenhost right? do you have greenhost contacts or would you like some?
17:49:47 <anarcat> i have good GH contacts, if shit hits the proverbial fan
17:50:00 <dcf1> I got an account initially through a greenhost contact. I could file a support request in any case.
17:51:14 <arma1> 'Mart van Santen' is the person everybody thinks of, but i think 'Maarten de Waard' is the one who went to the last otf summit
17:51:19 <arma1> let me know if you turn out to need introductions
17:51:35 <anarcat> the marts
17:51:38 <anarcat> they are confusing :)
17:52:00 <phw> (mart also runs one of our default bridges)
17:52:01 <arma1> ma*rt.*
17:52:18 <phw> (two, actually)
17:52:28 <gaba> dcf1: you can add more than one ssh key to the VPS in eclips.is and share the account that way
17:53:12 <dcf1> gaba: no, I mean share access to the web configuration panel that allow creating, deleting, etc. of VPSes.
17:53:31 <gaba> oh, I see
17:53:33 <dcf1> All the Snowflake team already has shell access to the VPSes under individual accounts.
17:53:34 <gaba> yep
17:54:12 <dcf1> If the host won't boot, for example, it has to be fixed at a level above SSH.
17:54:33 <anarcat> dcf1: and that's a user specific to you that has access to other stuff?
17:54:42 <anarcat> could there be a shared users detached from you?
17:55:06 <dcf1> anarcat: I don't understand the question.
17:55:31 <dcf1> There's a david@bamsoftware.com user for the web interface that runs only pluggable transport stuff.
17:55:58 <anarcat> could there be a anticensorchip@tpo user instead
17:56:05 <dcf1> There are also unix user accounts on the hosts, but that's independent from the eclips.is management layer
17:56:13 <anarcat> in the management layer
17:56:19 <anarcat> but you probably thought of that, i'm just wasting your time :)
17:56:28 <dcf1> anarcat: there coule be another user, what I don't know is whether two separate users can share access to the same VPSes,
17:56:43 <dcf1> or whether we would have to set them all up again from scratch under a shared account.
17:56:51 <anarcat> i guess that's a question for greenhost
17:56:52 <anarcat> yeah
17:57:00 <arma1> sounds like a fine thing to ask ma+rt.*
17:57:03 <anarcat> yeah
17:57:06 <dcf1> What I did not find was a way to share admin access to the VPSes in the management panel across two different accounts.
17:57:37 <arma1> and if there is no way, then the email thread already exists when we follow up to say "you know that thing we said we might need help with eventually, well today is it"
17:58:32 <phw> we're almost out of time.  anything else to discuss wrt snowflake migration?
17:58:45 <anarcat> i'm good
17:59:09 <phw> dcf1 has a "needs help with" item: #30126
17:59:21 <phw> and arlolra has a mysterious "-" again
18:00:07 <dcf1> #30126 seems like it needs some attention on the Golang/rbm front, not necessarily with meek specifically, and I don't know if I'll get to it next week.
18:00:19 <dcf1> so if someone wants to take a peek it could be helpful.
18:00:20 <cohosh> i can take a look
18:00:28 <cohosh> i've been dealing with rbm a bit lately
18:01:21 <cohosh> (and specifically rbm + Golang)
18:01:27 <phw> thanks cohosh
18:01:37 <phw> are we good for today?
18:01:42 <gaba> \o/
18:01:59 <antonela> good, thanks folks!
18:02:00 <phw> thanks all, that was a productive meeting
18:02:04 <phw> #endmeeting