circle_engineering/meetings/2024/engineering_meeting_24-11-04.md

294 lines
7.6 KiB
Markdown
Raw Normal View History

2024-11-04 19:31:17 +00:00
<h1>Engineering Circle Meeting 2024-11-04 </h1>
<h2>Table of Contents</h2>
- [Attendees](#attendees)
- [Main Content](#main-content)
- [Mycelium GUI](#mycelium-gui)
- [3.15 GEP and Grid Release](#315-gep-and-grid-release)
- [Network Security Issue](#network-security-issue)
- [Farmers Contact](#farmers-contact)
- [NetworkD](#networkd)
- [Utilization Rewards Distribution](#utilization-rewards-distribution)
- [3.16](#316)
- [TODO - Next Meeting](#todo---next-meeting)
---
## Attendees
- Sabrina
- Lee
- Thabet
- Kristof
- Jan
- Mik
## Main Content
- no gateway for zos 4
- link: https://git.ourworld.tf/tfgrid/circle_engineering/issues/82
- issue should mention that
- update requirements
- check if all requirements are done
- not clear what is done, and not done
- post mortem
- too long to keep issue for 4 months
- TODO
- add ETA, owners, assignees to issue
- see template: https://git.ourworld.tf/tfgrid/circle_engineering/issues/125
- situation of grid
- don't have enough webgateway
- that's why hetnzer is good here, we can do it there
- grid release
- 3.15 november 12 on mainnet
- 3.16 make smaller release
- qsfs? to confirm next meeting
- mycelium
- stories
- fill in requirements
- do more tracking
- 3.16 specs
- redefine
- 3.16 proper code management for zos
- kyc
- 5 issues linked to it
- not clear what is done and what is not
- 5 issues linked, 3 are closed
- qsfs
- scott didn't come back on this yet
- tried to deploy zdb
- 50% go to farmers
- gep passed, implemented
- GEP
- new one for 3.15 release on mainnet
- release for 12 november
- todo
- make 3.15 gep proposal
- vote ends on 11
- 3.15 open on 12
- 3.16 issue
- if dont take an issue for this release, we explain why and put it in next release and track
- make sure if we close an issue
- that everything is done
- if it isn't done, we create a new issue
- if Kristof isn't there in a meeting and something affects him, we need to report clearly in writing, e.g. in chat
- some issue have tracking in
- gitea
- management
- github
- code
- cyber protection
- decomposed on zos 4
- kyc
- allowed traffic
- cyber protection
- agreed not zos 4 anymore
- not deployed on all node
- now people need to go to kyc to check deployments
- kyc
- for people to stop avoid attacks on our network
- stakeholders
- agree on everything we specs
- todo
- team should run by itself
- take more seriously
- if make a story
- needs to happen faster
- more proper escalation
- even if people not on meeting
- update cyber protection
- kyc is enough to protect the farmers' node
- prevent attack on local network
- notes
- avoid malicious workloads by enabling KYC
- avoid traffic out on local farmers
- if we decide to not do something, we need to track it properly
- e.g. go into google docs
- e.g. gdocs too strong in some element, update
- update if we change requirements
- avoid traffic out locally
- dont want vulnerability to be on us
- we didn't track well the updates of issues
- allowed traffic
- why we didn't do the whitelist?
- no reason
- we were in urgency and didn't act, communicate not implemented
- next time
- need to be quicker to implement stuff
- kyc
- go out through nut
- e.g. not monitoring traffic,
- e.g. just see somewhere on a node with 25 people
- can't see who is doing the problem
- network
- if shutdown smtp
- block everything
- best effort open source network
- fine to not bring ourselves in danger
- mailgateway of another vendor
- can provide certified way out
- e.g. force them to buy public IP address
- then we know who they are, if they are putting reputation down
- urgent
- whitelist
## Mycelium GUI
- gui
- earwan found bug for android v 34, being fixed
- fixed not release, still in review
- allow nodes
-
## 3.15 GEP and Grid Release
- todo
- gep
- with all features
- todo quick gep
- make a gep, close the 11th of november
- implement it
- todo communicate to community, explain why we're doing this
## Network Security Issue
- need to tell them it won't stay that restricted
- e.g. with public IP address
- if use ipv6 can you know exactly who it is?
- can identify workload
- network
- no out in general
- ipv4
- ipv6 doesn't need to be restricted, as it is unique
- ipv6 always for workload with ipv6
- vm running on public network
- public IPv6
- moment a farmer provides a public ipv6 subnet, VMs get it when you select ipv6 option in dashboard
- only allow
- mycelium ygdrasil, ssh
- if block http, no internet!
- if download dns, dont know where farmers is going
- users allow a farmer
- can I do port 25 of 5-7-6
- to do ssh out of smtp
- need interface for users/farmers interface
- if we can identify users
- public ipv4, public ipv6
- we know the workload
- in blockchain, do we know the history?
- if users shut down workload, can we go back
- yes
- public Ip are released in blockchain
- complete specs
- 3.16
- run IDS to check traffic (?)
- for every node, wouldn't be that expensive
- possibilities
- run proxy for farmer
- transparent proxying
- for now, we lock that for a month
- dont need to keep all duplicates
- if https, can't know
- know what came from where to who, (only metadata)
- allow us to map a user to behaviour
- ids
- expensive in terms of package, if you do a lot into the data, with just metadat, it is less
- block all outer traffic
- do we block traffic not ending out
- it is being worked on
- cyber
- see tf protection against cyber threats
- 3.15
- say we do it in gep
- implement it in 2 parts
- to ask approval of community with DAO in 3.15
- tell what the new features are
- part of the features
- one part is this, the other part is there
- gep part
- gep for 3.15
- mention the feature
- if get yes, approval
- implement the security features
## Farmers Contact
- farmers
- can't communicate to them
- have no information on farmers
- ok one way
- farmers reach out to us
- other way
- tf reach out to farmers
- can't shut down the service
- kyc for farmers?
- need something from them
- KYC
- everything the user uses
- from app
- telephone number
- email
- from kyc docs
- address
- todo
- we dont want this
- can enable kyc in app
- for farmers
- farmers information
- tf connect app
- need to know
- telephone number
- email
- track email address for tf connect
- but not for dashboard
- tf dashboard (issue)
- email required, with verification
- todo
- set requirementd for dashboard
- tf connect
- already have it
## NetworkD
- networkD
- networkD as default
- would require to have
- node receive public IP
- hetzner provide only public IP address
- networkD
- 1 mac address per node
- mycelium becomes default, can communicate to all nodes
- to be simpler
## Utilization Rewards Distribution
- revenue split implemented
- what is the distribution
- 50% farmers
- burning was part of algorithm to lower amount of tokens
- never was changed nor asked to the community
- validators
- don't have yet
- not good to implement
## 3.16
- 3.16 smaller
- as fast as we can
- make specs
- make gep
- make sure we have farmers' contact
- either go to tf connect app
- or go to dashboard
- todo
- lee and jan
- resolve scalability issue
## TODO - Next Meeting
- next meeting
- check status of 3.15
- review 3.16
- see: https://git.ourworld.tf/tfgrid/circle_engineering/issues/126