tor-project

tor-project@lists.torproject.org

17 participants
2326 discussions

IPv6 project meeting, Thursday Feb 6th @ 0000 UTC
by Gaba 05 Feb '20

05 Feb '20

Hi! We are meeting on Thursday at 0000 UTC in #tor-meeting in irc.oftc.net to coordinate on the project "Improving the Tor network’s IPv6 support" numbered "S55" [0] The pad for meeting's agenda and notes will be: https://pad.riseup.net/p/tor-s55-ipv6-project-keep The proposals that Teor has been working on to reach the objectives of this project: * Prop 311: IPv6 ORPort Reachability https://github.com/torproject/torspec/pull/103/files * Prop 312: Relay Auto IPv6 Addreess https://github.com/torproject/torspec/pull/105/files cheers, gaba [0] https://trac.torproject.org/projects/tor/wiki/org/sponsors/Sponsor55 -- Project Manager: Network, Anti-Censorship and Metrics teams gaba at torproject.org she/her are my pronouns GPG Fingerprint EE3F DF5C AD91 643C 21BE 8370 180D B06C 59CA BD19

2 1

Tor Browser release meeting today: Wednesday 5th February @ 19UTC
by Pili Guerra 05 Feb '20

05 Feb '20

Hi everyone, Please join us for the Tor Browser release meeting today at 19UTC on #tor-meeting. Thanks! Pili — Project Manager: Tor Browser, UX and Community teams pili at torproject dot org gpg 3E7F A89E 2459 B6CC A62F 56B8 C6CB 772E F096 9C45

1 0

OONI Monthly Report: January 2020
by Maria Xynou 05 Feb '20

05 Feb '20

Hello, Happy new year, and happy new decade! ## OONI is an independent entity As of 1st January 2020, OONI is an independent entity! Back in 2011, OONI was born out of the Tor Project, which has since served as our fiscal sponsor. Thanks to Tor Project support, OONI was able to grow and become what it is today. We are immensely grateful to the Tor Project for all their support over the last 8 years, and we look forward to continuing to collaborate on the fight against internet censorship! As part of our growth, OONI is transitioning to greater autonomy and independence. As of 1st January 2020, OONI is fiscally sponsored by the Hermes Center for Transparency and Digital Human Rights (https://www.hermescenter.org/), a non-profit, digital rights organization based in Italy, which was co-founded by Arturo Filastò (OONI’s co-founder) back in 2011. OONI’s Maria Xynou and Simone Basso are also members of the Hermes Center. We may eventually create a dedicated-to-OONI NGO, but for now, the current arrangement is sufficient. ## New project management methods As of December 2019, we have changed how we do project management in our team. We now work in 2-week sprint cycles, based on which we plan and track the progress of our activities. So far, this works really well! We are using Zenhub boards to plan and estimate our activities, all of which are public, but require registration with the app. Here is our Sprint Planning board: https://app.zenhub.com/workspaces/sprint-planning-5dfa4b7355438f7e86c80e5a/… Even if the internal planning is behind a registration wall, all of our activities and priorities are still tracked using native GitHub tooling, making it possible for anyone to see what our priorities are via the public GitHub interface. We have also consolidated our GitHub issue repositories to only 9 in total: * https://github.com/ooni/ooni.org * https://github.com/ooni/backend * https://github.com/ooni/probe * https://github.com/ooni/probe-engine * https://github.com/ooni/explorer * https://github.com/ooni/run * https://github.com/ooni/design-system * https://github.com/ooni/orchestra This ticket shares more details: https://github.com/ooni/ooni.org/issues/317 To see what we are working on over the next 2 weeks for a given project, just select the next milestone of that repository on GitHub. Each issue should also have a priority label assigned to it and an effort estimate label. Each OONI team sprint has a marine-inspired name, and we encourage community members to propose names for our sprints here: https://github.com/ooni/ooni.org/issues/337 ## OONI Probe support for running circumvention tool tests During January 2020, we almost completed the implementation of all client-side logic that is required for testing Psiphon and Tor inside of OONI Probe. To add support for running Tor, we: * Wrote a first iteration of the Tor test: https://github.com/ooni/probe-engine/issues/226 * Added support for the Tor bridge reachability test in probe-engine: https://github.com/ooni/probe-engine/issues/2 * Added support for running obfs4proxy in probe-engine: https://github.com/ooni/probe-engine/issues/90 * Designed how the Tor test results should be presented in the OONI Probe desktop app: https://github.com/ooni/probe/issues/967 * Made a release of probe-cli with support for the Tor test experiment: https://github.com/ooni/probe/issues/974 * Exposed top level keys to expose top level statistics in the UI: https://github.com/ooni/probe-engine/issues/292 * Almost completed the UI work required to show the Tor test results in the OONI Probe app: https://github.com/ooni/probe/issues/975 To add support for running Psiphon, we: * Finalized support for running Psiphon in probe-engine: https://github.com/ooni/probe-engine/issues/89 * Finished integrating the Psiphon test results with the correct Psiphon icon in the OONI Probe Desktop App * Designed the UI for the circumvention tests in general: https://github.com/ooni/probe/issues/804 ## OONI Probe orchestration logic for circumvention tool testing In order to support measuring Psiphon and Tor, OONI Probe clients need to know which configurations they should use to carry out the testing. We therefore added support for giving out such testing targets (Psiphon configuration, Tor default bridges, Tor directory authorities) via authenticated backend calls. Specifically, we: * Added support for giving out Psiphon configurations: https://github.com/ooni/orchestra/issues/78 * Added support for giving out addresses for Tor tests: https://github.com/ooni/orchestra/issues/82 ## Making OONI Probe reporting logic more resilient to censorship We made a bit of progress in understanding how we can make OONI Probe testing more resilient to blocking and we added extra robustness to the app to overcome potential blocking attempts. Specifically, we: * Improved how we display measurements which have failed due to a bouncer failure: https://github.com/ooni/probe/issues/855 * Discussed solutions for what we should do when the IP lookup of a measurement fails: https://github.com/ooni/probe/issues/879 * Investigated how to allow alternative methods of sending measurement results to us via email (https://github.com/ooni/probe/issues/992) or IM apps (https://github.com/ooni/probe/issues/976) ## Analysis of circumvention tool test data and presentation in OONI Explorer We made a lot of progress with respect to presenting the new Psiphon and Tor test results inside of OONI Explorer and exposing them via the OONI API. We also worked on the scoring and analysis of the results in the data processing pipeline. Specifically, we: * Added support in the batch pipeline for scoring Tor test results: https://github.com/ooni/backend/issues/293 * Wrote data processing logic for processing Psiphon test results: https://github.com/ooni/backend/issues/209 * Re-wrote the OONI API list_measurements API call, adding support for listing and searching for Psiphon and the new Tor test results and boosting its performance: https://github.com/ooni/backend/issues/160 * Almost finished adding support for presenting Psiphon test results in OONI Explorer: https://github.com/ooni/explorer/issues/332 * Made considerable progress on presenting Tor test results in OONI Explorer: https://github.com/ooni/explorer/issues/332 To better tune the analysis engine, we need to ship the tests and increase the measurement coverage. ## OONI data processing pipeline In November 2019, we started publishing OONI measurements from around the world in near real-time (i.e. within minutes). This, however, had an impact on the performance of the OONI API (which OONI Explorer relies on). To boost the performance of the OONI API (and, by extension, the performance of OONI Explorer), we made a lot of progress on the OONI data processing pipeline, all of which can be viewed through the following tickets: https://github.com/ooni/backend/issues/161 https://github.com/ooni/backend/issues/163 https://github.com/ooni/backend/issues/160 Throughout January 2020, we added many blockpage fingerprints to the fast-path pipeline, making it possible to automatically confirm many more cases of internet censorship. See: https://github.com/ooni/pipeline/pull/289 We also experimented with adding support for calculating some statistics of measurements and anomalies. See: https://github.com/ooni/backend/issues/292 Moreover, we added support in the fast-path pipeline for anomaly, failure, and confirmed columns. We also worked on adding support for reconnections during failing SSH conditions, as we had noticed issues with this. We added support for ingesting the Citizen Lab category codes for URLs, in order to eventually support filtering URLs by category on OONI Explorer. This work is available here: https://github.com/ooni/backend/issues/231 We also discussed how we are going to move the development of the OONI data processing pipeline forward and came up with a plan for that, as documented in the following tickets: https://github.com/ooni/backend/issues/195 https://github.com/ooni/backend/issues/286 ## OONI Probe mobile app During January 2020, we added support for setting no limit to the maximum runtime. It is now possible for OONI Probe mobile app users to set the Websites test max_runtime to zero in order to test entire test lists. See: https://github.com/ooni/probe/issues/893 We also made several important bug fixes related to how certain error conditions are being handled. See: https://github.com/ooni/probe/issues/865 & https://github.com/ooni/probe/issues/926 ## OONI Probe measurement engine We introduced timing and TLS in the testing (and other low-level data collection), to ensure that OONI Probe tests are as useful as possible. Essentially, OONI Probe tests that can make use of this low-level information do so. This is an important enhancement (and an essential building block) to the Tor test and other tests. ## Data analysis We analyzed OONI measurements for the following: * Azerbaijan Internet Watch (partner): https://github.com/ooni/ooni.org/issues/332 * OTF Information Controls Fellow (hosted under OONI): https://github.com/ooni/ooni.org/issues/331 * Research on the blocking of LGBTQI sites worldwide: https://github.com/ooni/backend/issues/224 ## OONI backend We only had one major new incident to deal with in January 2020, which is documented here: https://github.com/ooni/sysadmin/issues/422 We had a relapse of an old incident (https://github.com/ooni/sysadmin/issues/128) and we worked on coming up with a fix to this here: https://github.com/ooni/backend/issues/300 ## Published OONI FAQ We published a Frequently Asked Questions (FAQ) section on our website: https://ooni.org/support/faq/ Through the OONI FAQ, we aim to address the most frequently asked questions that we have received from community members over the last years. The questions fall under the following areas: * About OONI * OONI Probe * Testing websites * OONI data * OONI Explorer We aim to continue to update the OONI FAQ on an ongoing basis, and we encourage further community feedback. ## Published OONI Glossary We published an OONI Glossary on our website: https://ooni.org/support/glossary This glossary is meant to cover terms that are commonly used in the OONI-verse, within OONI apps, documentation, and research reports. As a result, this glossary is quite OONI-specific. That said, it also includes a variety of terms that are commonly used by many other projects and may therefore be useful to others in the broader internet freedom community. Similarly to the OONI FAQ, we aim to continue to improve upon and update the OONI Glossary on an ongoing basis. We encourage further community feedback, and suggestions can be shared directly on GitHub: https://github.com/ooni/ooni.org ## Collaboration with Netalitica We reviewed the test list updates by Netalitica researchers and opened pull requests for the following test lists: * Turkmenistan: https://github.com/citizenlab/test-lists/pull/552 * Uzbekistan: https://github.com/citizenlab/test-lists/pull/553 * Jordan: https://github.com/citizenlab/test-lists/pull/554 * China: https://github.com/citizenlab/test-lists/pull/555 We also reviewed Netalitica updates to the Russian (https://github.com/citizenlab/test-lists/pull/557), Turkish and Iranian (https://github.com/citizenlab/test-lists/pull/564) test lists. ## Organization of IFF Internet Measurement Village This year OONI is co-organizing an Internet Measurement Village during the last 2 days of the Internet Freedom Festival (IFF) in Valencia, Spain. We reached out to several other measurement projects, inviting them to co-host the Internet Measurement Village with us. Throughout January 2020, we coordinated with the IFF organizers and with the other Internet Measurement Village members on logistics, and we organized and hosted two brainstorming calls. We also collected session ideas from community members, based on which we are creating the agenda for the Internet Measurement Village. ## Organization of OONI Partner Gathering In July 2017, we organized and hosted the first OONI Partner Gathering: a two-day event that brought all of our partners from around the world together to share skills and knowledge around censorship measurement. We plan to host the next OONI Partner Gathering in 2020! To this end, we wrote and submitted funding proposals, organized relevant logistics, and worked on updating relevant budgets. ## Community activities ### OONI presentation at the Nexa Center On 22nd January 2020, Arturo presented OONI and discussed censorship findings from 2019 at the Nexa Center for Internet and Society in Turin, Italy. Information about his presentation is available here: https://nexa.polito.it/lunch-75 ### Community meeting We facilitated the monthly OONI Community Meeting on 28th January 2020 on our Slack channel (https://slack.ooni.org/), during which we discussed: 1. Updates from the OONI team 2. Setting up a proxy for OONI Probe Android and iOS 3. Maxmind licensing problems ## Userbase In January 2020, OONI Probe was run 8,142,429 times from 5,307 different vantage points in 206 countries around the world. This information can also be found through our measurement stats on OONI Explorer (see chart on monthly coverage worldwide): http://explorer.ooni.org/ ~ The OONI team. -- Maria Xynou Research & Partnerships Director Open Observatory of Network Interference (OONI) https://ooni.org/ PGP Key Fingerprint: 2DC8 AFB6 CA11 B552 1081 FBDE 2131 B3BE 70CA 417E

1 0

check.torproject.org IP address change and server move
by Antoine Beaupré 04 Feb '20

04 Feb '20

Hi, Today, at around 19:49:00UTC, the IP address of check.torproject.org (AKA chiwui.torproject.org, TorDNSel and so on) has been changed. The service was using two IP addresses, which were changed as follows: 138.201.14.212 became 116.202.120.176 138.201.14.213 became 116.202.120.177 This IP change should be transparent to our users, unless you have hardcoded one of those IP addresses somewhere, which you should generally avoid for exactly that kind of situation. This work is part of a larger effort to replace old hardware in the torproject.org infrastructure. In particular, this is part of decomissioning an old KVM host (textile.torproject.org AKA kvm1). The old server is still present in case the new one is showing signs of problems, but preliminary tests show that everything is working correctly. Details of the transfer are available in ticket #31686 in Trac: https://trac.torproject.org/projects/tor/ticket/31686 The old server will be decomissionned in one week from now, on february 11th, unless significant problems are reported with the new server. No further disruptions are expected for this transition in the short term. Total outage was about an hour, intermittently. Thanks for your attention, A. -- Antoine Beaupré torproject.org system administration

1 0

Fwd: [tor-internal] IFF2020 Ticket vouchers
by Gaba 04 Feb '20

04 Feb '20

Hi! Does anybody here want a ticket for IFF in 2020? cheers, gaba [0] https://internetfreedomfestival.org/ -------- Mensaje reenviado -------- Asunto: [tor-internal] IFF2020 Ticket vouchers Fecha: Mon, 27 Jan 2020 19:18:15 +0100 (CET) De: Pili Guerra <pili(a)torproject.org> Hi everyone, We have some ticket vouchers available for the Internet Freedom Festival 2020 for Tor people and friends. Please let me know if you or your organisation would like to attend and how many tickets you would like and we’ll see what we can do… :) Thanks! Pili — Project Manager: Tor Browser, UX and Community teams pili at torproject dot org gpg 3E7F A89E 2459 B6CC A62F 56B8 C6CB 772E F096 9C45

1 0

Tor Talk - NetDev 0x14, March 17th-20th 2020
by David Goulet 04 Feb '20

04 Feb '20

Greetings! Some good news. Rob Jansen and I have submitted a talk to NetDev 0x14 (https://netdevconf.info/0x14/) which has been accepted! https://netdevconf.info/0x14/session.html?talk-reducing-kernel-queuing-dela… https://twitter.com/netdev01/status/1224690477926055936 The conference white paper is still not publicly available but will be by the time the conference starts on March 17th 2020. Come see us in Vancouver! It is _just_ before the IETF meeting starting on the 21st ;). Cheers! David -- Bbbgg4u8CrNOEpbT98JqIsuQesh4Pr607DGrz6pE1F8=

1 0

Poll for the next Global South meeting
by cy63113 04 Feb '20

04 Feb '20

[EN] Hi Tor friends, last week we had very few people attending our monthly Global South meeting. So I decided to open a poll to decide which day is best for our next meeting. Please respond by February 15th. https://framadate.org/tor-global-south Cheers, [ES] Hola amigos de Tor, En la semana pasada tuvimos muy pocos participantes en nuestro encuentro mensual del Global South. Asi que decidi abrir una votación para que podamos encontrar un mejor dia para el proximo encuentro. Les pido el favor de contestar hasta el dia 15 de febrero https://framadate.org/tor-global-south <https://framadate.org/tor-global-south> Abrazos, [PT-BR] Olá amigs do Tor, Na semana passada, tivemos muito poucas pessoas participando da reunião mensal do Global South. Por isso, decidi abrir uma votação para saber qual dia vocês acham melhor para a nossa próxima reunião. Por favor, responda até 15 de fevereiro. https://framadate.org/tor-global-south <https://framadate.org/tor-global-south> Abraços, -- Cybelle DC8F 1F4C 9167 049F 7AA1 0BD6 2FB3 B0C9 F369 34C5 https://keybase.io/cy63113 @cyb3113

1 0

Network health meeting notes, 3 Feb 2020
by Georg Koppen 04 Feb '20

04 Feb '20

Hello! Yesterday, we held our first weekly meeting related to network health. For those of you who missed it (or just wanted to recap the meeting), the IRC log can be found on: http://meetbot.debian.net/tor-meeting/2020/tor-meeting.2020-02-03-18.59.log… Here comes what we were up to in the previous week(s) and what we plan to work on in the coming week: GeKo: Last week: * mostly away at the Mozilla All hands meeting * worked a bit on the DNS exit failure ticket (#32864) * getting up to speed on DocTor to help with #33067 * team planning This week: * work more on #32864 to refine test based on feeback (https://lists.torproject.org/pipermail/network-health/2020-January/000456.h…) * fix #33067 * get up to speed on sbws to be able to help with code reviews dgoulet: Last week(s): * Moved a bunch of code to dip.tpo related to health team. This week: * The usual bad-relays reject. Gus: Last week: * Talked with RotationMatrix about GoodBad ISPs new page in community portal. We were thinking to export data from metrics and work in a snapshot to suggest good ISPs. (We -- network health -- should probably discuss that in another meeting) This week: * Coming back from FOSDEM * We had a Tor meetup this saturday in FOSDEM, we didn't have too many people running relays, but the room was full. * Organizing a meetup with relay operators in Berlin, Germany on Thursday (announcing soon) * Working on Tor Legal FAQ with Cleopatra: https://trac.torproject.org/projects/tor/ticket/32934 Gaba (Feb 3): Last week: * fosdem * meeting about sbws's roadmap This week: * help with sbws's proposal for funding During the week we plan to finish our roadmapping efforts (the pad for that moved[1]) so we can discuss the result at the next weekly meeting and make changes where we think that's necessary. Georg [1] https://pad.riseup.net/redirect#https%3A//pad.riseup.net/p/network-health-t…

1 0

Anti-censorship team monthly report: January 2020
by Philipp Winter 03 Feb '20

03 Feb '20

Hi all, Here's what the anti-censorship team has been up to in January 2020: Snowflake ========= * Debugged and wrote a Tor Browser patch to fix throughput issues with Snowflake on Windows. <https://bugs.torproject.org/32870> <https://bugs.torproject.org/31971> * Started implementing a feature for proxies to conduct throughput tests before polling. <https://bugs.torproject.org/32711> * Continued Snowflake network health measurements and analysis. <https://bugs.torproject.org/32545> * David built a prototype that integrates Turbo Tunnel in Snowflake. Take a look at his detailed technical summary: <https://lists.torproject.org/pipermail/anti-censorship-team/2020-February/0…> GetTor ====== * Fixed a bug in GetTor's email responder. <https://bugs.torproject.org/32906> * Got GetTor's Gitlab distributor back up and running. <https://bugs.torproject.org/32711> * Moved GetTor's Github repository and got it up and running. <https://bugs.torproject.org/32977> * Modified GetTor to hand out localized binaries. <https://bugs.torproject.org/33002> * Fixed up GetTor's tests to run locally. <https://bugs.torproject.org/33004> * Filed a ticket on GetTor's problematic use of rate limiting. <https://bugs.torproject.org/33123> BridgeDB ======== * Damian generously spent a lot of time and effort getting BridgeDB very close to supporting Python 3. A handful of issues remain, but the bulk of the code base now support Python 3. <https://bugs.torproject.org/30946> * Started working on a patch that allows BridgeDB to test its bridges using bridgestrap. The idea is that broken bridges are logged (allowing us to inform the operator) and aren't handed out to users. <https://bugs.torproject.org/31874> * Filed a ticket to display BridgeDB's distribution bucket for a bridge on Relay Search. <https://bugs.torproject.org/33008> * Improved BridgeDB's CAPTCHAs. We modified gimp-captcha (the script that BridgeDB uses to generate CAPTCHAs) to make the CAPTCHAs easier to solve. Our BridgeDB usage metrics reveal that the success rate of our users increased from ~58% to ~87% after we deployed the new CAPTCHAs. Take a look at the following comment for a more in-depth analysis: <https://bugs.torproject.org/24607#comment:13> It's still not perfect but it's a step forward. <https://bugs.torproject.org/24607> Bridges ======= * Coordinated the set up of a new default bridge in Denmark. The bridge speaks both IPv4 and IPv6. Thanks to Toke Høiland-Jørgensen for running this new default bridge! <https://bugs.torproject.org/32891> * We did a retrospective analysis of our bridge campaign from September 2019. In particular, we tested how many bridges were still online (61%) and we sent an email to all operators. We thanked the ones who are still running a bridge and we asked the ones whose bridge vanished what went wrong. <https://bugs.torproject.org/33007> Outreach ======== * Philipp gave a talk at FH Hagenberg on the Tor network and censorship resistance: <https://www.fh-ooe.at/campus-hagenberg/die-fakultaet/aktuelles/news/news/in…> Approximately 80-100 people attended -- mostly students but also a handful of faculty members and visitors. Almost all have heard of Tor before and most have used it in the past. There were plenty of questions at the end, and the event stopped before Philipp was able to answer them all. All Tor stickers were gone almost instantly! Miscellaneous ============= * Added go.mod and go.sum to bridgestrap. <https://dip.torproject.org/phw/bridgestrap/commit/0e33599d6e6d1c0a809d5c59c…> * Coordinated with OONI on their new Tor test and its user interface. <https://github.com/ooni/backend/issues/305> <https://github.com/ooni/probe/issues/967> * Made two minor fixes to obfs4portscan (the service behind <https://bridges.torproject.org/scan/>): 1. Made it clear that the service supports IPv6 and expects IPv6 addresses in square bracket notation. 2. Made the service use GET instead of POST requests, to make it easier to hand people clickable links for their bridge. * We roadmapped the following three months, ranging from February to April 2020. Check out our team's wiki page for the goals of this roadmapping period: <https://trac.torproject.org/projects/tor/wiki/org/teams/AntiCensorshipTeam#…> * Lots of work on an NSF "Transition to Practice" grant we have been working on.

1 0

minutes from the sysadmin meeting
by Antoine Beaupré 03 Feb '20

03 Feb '20

Hi everyone! Here are the usual minutes from the last sysadmin meeting. # Roll call: who's there and emergencies anarcat, gaba, hiro, linus and weasel present # What has everyone been up to ## anarcat * worked on evaluating automated install solutions since we'd possibly have to setup multiple machines if the donation comes through * setup new ganeti node in the cluster, fsn-node-03, [#32937][] * dealt with disk problems with said ganeti node [#33098][] * switched our install process to setup-storage(8) to standardize disk formatting in our install automation work [#31239][] * decom'd a ARM build box that was having trouble at scaleway [#33001][], future of other scaleway boxes uncertain, delegated to weasel * looked at the test Discourse instance hiro setup * new RT queue ("training") for the community folks [#32981][] * upgraded meronense to buster [#32998][] surprisingly tricky * started evaluating the remaining work for the buster upgrade and contacting teams * established first draft of a [sysadmin roadmap][] with hiro and gaba * worked on a draft "support policy" with hiro [#31243][] * deployed (locally) a [Trac batch client][] to create tickets for said roadmap * sent and received feedback requests * other daily upkeed included scaleway/ARM boxes problems, disk usage warnings, security upgrades, code reviews, RT queue config and debug [#32981][], package install [#33068][], proper headings in wiki [#32985][], ticket review, access control (irl in [#32999][], old role in [#32787][], key problems), logging issues on archive-01 [#32827][], cleanup old rc.local cruft [#33015][], puppet code review [#33027][] [#33027]: https://bugs.torproject.org/33027 [#33015]: https://bugs.torproject.org/33015 [#32827]: https://bugs.torproject.org/32827 [#32787]: https://bugs.torproject.org/32787 [#32999]: https://bugs.torproject.org/32999 [#32985]: https://bugs.torproject.org/32985 [#33068]: https://bugs.torproject.org/33068 [#32998]: https://bugs.torproject.org/32998 [#32981]: https://bugs.torproject.org/32981 [#33001]: https://bugs.torproject.org/33001 [#33098]: https://bugs.torproject.org/33098 [#32937]: https://bugs.torproject.org/32937 [Trac batch client]: https://help.torproject.org/tsa/howto/trac/ [sysadmin roadmap]: https://help.torproject.org/tsa/roadmap/2020/ ## hiro * Run system updates (probably twice) * Documenting install process workflow visually on [#32902][] * Handled request from GR [#32862][]) * Worked on prometheus blackbox exporter [#33027][] * Looked at the test Discourse instance * Talked to discourse people about using discourse for our blog comments * Preparing to migrate the blog to static [#33115][] * worked on a draft "support policy" with anarcat [#31243][] * working on a draft policy regarding services [#33108][] [#33108]: https://bugs.torproject.org/33108 [#33115]: https://bugs.torproject.org/33115 [#32862]: https://bugs.torproject.org/32862 [#32902]: https://bugs.torproject.org/32902 ## weasel * build-arm-10 is now building arm64 binaries. We build arm32 binaries on the scaleway host in paris still. # What we're up to next Note that we're adopting a roadmap in this meeting which should be merged with this step, once we have agreed on the process. So this step might change in the next meetings, but let's keep it this way for now. ## anarcat I pivoting towards stabilisation work and postponed all R&D and other tweaks. New: * new gnt-fsn node (fsn-node-04) -118EUR=+40EUR [#33081][] * unifolium decom (after storm), 5 VMs to migrate, [#33085][] +72EUR=+158EUR * buster upgrade 70% done: 53 buster (+5), 23 stretch (-5) * automate upgrades: enable unattended-upgrades fleet-wide [#31957][] [#33085]: https://bugs.torproject.org/33085 [#33081]: https://bugs.torproject.org/33081 Continued: * install automation tests and refactoring [#31239][] * SLA discussion (see below, [#31243][]) [#31243]: https://bugs.torproject.org/31243 [#32462]: https://bugs.torproject.org/32462 [#32351]: https://bugs.torproject.org/32351 [#31239]: https://bugs.torproject.org/31239 [#29387]: https://bugs.torproject.org/29387 Postponed: * kvm4 decom [#32802][] * varnish -> nginx conversion [#32462][] * review cipher suites [#32351][] * publish our puppet source code [#29387][] * followup on SVN shutdown, only corp missing [#17202][] * audit of the other installers for ping/ACL issue [#31781][] * email services R&D [#30608][] * send root@ emails to RT [#31242][] * continue prometheus module merges [#32802]: https://bugs.torproject.org/33082 [#17202]: https://bugs.torproject.org/17202 [#31781]: https://bugs.torproject.org/31781 [#30608]: https://bugs.torproject.org/30608 [#31242]: https://bugs.torproject.org/31242 ## Hiro * storm shutdown [#32390][] * enable needrestart fleet-wide [#31957][] * review website build errors [#32996][] * migrate gitlab-01 to a new VM (gitlab-02) and use the omnibus package instead of ansible [#32949][] * migrate CRM machines to gnt and test with Giant Rabbit [#32198][] * prometheus blackbox exporter [#33027][] [#32390]: https://bugs.torproject.org/32390 [#32198]: https://bugs.torproject.org/32198 [#32949]: https://bugs.torproject.org/32949 [#32996]: https://bugs.torproject.org/32996 [#31957]: https://bugs.torproject.org/31957 # Roadmap review Review the roadmap and estimates. We agreed to use trac for roadmapping for february and march but keep the wiki for soft estimates and longer-term goals for now, until we know what happens with gitlab and so on. Useful references: * temporal pad where we are sorting out roadmap: https://pad.riseup.net/p/CYOUx21kpxLL_5Eui61J-tpa-roadmap-2020 * tickets marked for february and march: https://trac.torproject.org/projects/tor/wiki/org/teams/SysadminTeam # TPA-RFC-1: RFC process One of the interesting takeaways I got from reading the [guide to distributed teams][] was the idea of using [technical RFCs as a management tool][]. [guide to distributed teams]: https://increment.com/teams/a-guide-to-distributed-teams/ [technical RFCs as a management tool]: https://buriti.ca/6-lessons-i-learned-while-implementing-technical-rfcs-as-… They propose using a formal proposal process for complex questions that: * might impact more than one system * define a contract between clients or other team members * add or replace tools or languages to the stack * build or rewrite something from scratch They propose the process as a proposal with minimum of two days and a maximum of a week discussion delay. In the team this could take many forms, but what I would suggest would be a text proposal that would be a (currently Trac) ticket with a special tag, which would also be explicitely forwarded to the "mailing list" (currently tpa alias) with the `RFC` subject to outline it. Examples of ideas relevant for process: * replacing Munin with grafana and prometheus [#29681][] * setting defaut locale to C.UTF-8 [#33042][] * using Ganeti as a clustering solution * using setup-storage as a disk formatting system * setting up a loghost * switching from syslog-ng to rsyslog [#33042]: https://bugs.torproject.org/33042 [#29681]: https://bugs.torproject.org/29681 Counter examples: * setting up a new Ganeti node (part of the roadmap) * performing security updates (routine) * picking a different machine for the new ganeti node (process wasn't documented explicitely, we accept honest mistake) The idea behind this process would be to include people for major changes so that we don't get into a "hey wait we did what?" situation later. It would also allow some decisions to be moved outside of meetings and quicker decisions. But we also understand that people can make mistakes and might improvise sometimes, especially if something is not well documented or established as a process in the documentation. We already have the possibility of doing such changes right now, but it's unclear how that process works or if it works at all. This is therefore a formalization of this process. If we agree on this idea, anarcat will draft a first meta-RFC documenting this formally in trac and we'd adopt it using itself, bootstrapping the process. We agree on the idea, although there are concerns about having too much text to read through from some people. The first RFC documenting the process will be submitted for discussion this week. # TPA-RFC-2: support policies A *second* RFC would be a formalization of our support policy, as per: https://trac.torproject.org/projects/tor/ticket/31243#comment:4 Postponed to the RFC process. # Other discussions No other discussions, although we worked more on the roadmap after the meeting, reassigning tasks, evaluating the monthly capacity, and estimating tasks. # Next meeting March 2nd, same time, 1500UTC (which is 1600CET and 1000EST). # Metrics of the month * hosts in Puppet: 77, LDAP: 80, Prometheus exporters: 124 * number of apache servers monitored: 32, hits per second: 158 * number of nginx servers: 2, hits per second: 2, hit ratio: 0.88 * number of self-hosted nameservers: 5, mail servers: 10 * pending upgrades: 110, reboots: 0 * average load: 0.34, memory available: 328.66 GiB/1021.56 GiB, running processes: 404 * bytes sent: 160.29 MB/s, received: 101.79 MB/s * completion time of stretch major upgrades: 2020-06-06 -- Antoine Beaupré torproject.org system administration

1 0

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

tor-project