circle_engineering/meetings/2024/engineering_meeting_24-11-04.md
2024-12-31 12:15:25 -05:00

7.6 KiB

Engineering Circle Meeting 2024-11-04

Table of Contents


Attendees

  • Sabrina
  • Lee
  • Thabet
  • Kristof
  • Jan
  • Mik

Main Content

  • no gateway for zos 4
    • link: #82
    • issue should mention that
    • update requirements
    • check if all requirements are done
    • not clear what is done, and not done
    • post mortem
      • too long to keep issue for 4 months
  • TODO
    • add ETA, owners, assignees to issue
      • see template: #125
  • situation of grid
    • don't have enough webgateway
      • that's why hetnzer is good here, we can do it there
  • grid release
    • 3.15 november 12 on mainnet
    • 3.16 make smaller release
      • qsfs? to confirm next meeting
  • mycelium
    • stories
      • fill in requirements
      • do more tracking
  • 3.16 specs
    • redefine
      • 3.16 proper code management for zos
  • kyc
    • 5 issues linked to it
      • not clear what is done and what is not
      • 5 issues linked, 3 are closed
  • qsfs
    • scott didn't come back on this yet
    • tried to deploy zdb
  • 50% go to farmers
    • gep passed, implemented
  • GEP
    • new one for 3.15 release on mainnet
    • release for 12 november
    • todo
      • make 3.15 gep proposal
      • vote ends on 11
      • 3.15 open on 12
  • 3.16 issue
    • if dont take an issue for this release, we explain why and put it in next release and track
  • make sure if we close an issue
    • that everything is done
    • if it isn't done, we create a new issue
  • if Kristof isn't there in a meeting and something affects him, we need to report clearly in writing, e.g. in chat
  • some issue have tracking in
  • gitea
    • management
  • github
    • code
  • cyber protection
    • decomposed on zos 4
    • kyc
      • allowed traffic
  • cyber protection
    • agreed not zos 4 anymore
    • not deployed on all node
  • now people need to go to kyc to check deployments
  • kyc
    • for people to stop avoid attacks on our network
  • stakeholders
    • agree on everything we specs
  • todo
    • team should run by itself
    • take more seriously
    • if make a story
      • needs to happen faster
      • more proper escalation
        • even if people not on meeting
  • update cyber protection
    • kyc is enough to protect the farmers' node
    • prevent attack on local network
    • notes
      • avoid malicious workloads by enabling KYC
      • avoid traffic out on local farmers
  • if we decide to not do something, we need to track it properly
    • e.g. go into google docs
      • e.g. gdocs too strong in some element, update
  • update if we change requirements
  • avoid traffic out locally
  • dont want vulnerability to be on us
  • we didn't track well the updates of issues
  • allowed traffic
  • why we didn't do the whitelist?
    • no reason
  • we were in urgency and didn't act, communicate not implemented
  • next time
    • need to be quicker to implement stuff
  • kyc
    • go out through nut
      • e.g. not monitoring traffic,
      • e.g. just see somewhere on a node with 25 people
        • can't see who is doing the problem
  • network
    • if shutdown smtp
      • block everything
    • best effort open source network
      • fine to not bring ourselves in danger
  • mailgateway of another vendor
  • can provide certified way out
    • e.g. force them to buy public IP address
    • then we know who they are, if they are putting reputation down
  • urgent
    • whitelist

Mycelium GUI

  • gui
    • earwan found bug for android v 34, being fixed
      • fixed not release, still in review
  • allow nodes

3.15 GEP and Grid Release

  • todo
    • gep
      • with all features
  • todo quick gep
    • make a gep, close the 11th of november
    • implement it
  • todo communicate to community, explain why we're doing this

Network Security Issue

  • need to tell them it won't stay that restricted
    • e.g. with public IP address
  • if use ipv6 can you know exactly who it is?
    • can identify workload
  • network
    • no out in general
    • ipv4
    • ipv6 doesn't need to be restricted, as it is unique
      • ipv6 always for workload with ipv6
      • vm running on public network
  • public IPv6
    • moment a farmer provides a public ipv6 subnet, VMs get it when you select ipv6 option in dashboard
  • only allow
    • mycelium ygdrasil, ssh
  • if block http, no internet!
    • if download dns, dont know where farmers is going
  • users allow a farmer
    • can I do port 25 of 5-7-6
      • to do ssh out of smtp
    • need interface for users/farmers interface
  • if we can identify users
    • public ipv4, public ipv6
      • we know the workload
      • in blockchain, do we know the history?
        • if users shut down workload, can we go back
          • yes
            • public Ip are released in blockchain
  • complete specs
    • 3.16
      • run IDS to check traffic (?)
      • for every node, wouldn't be that expensive
    • possibilities
      • run proxy for farmer
        • transparent proxying
    • for now, we lock that for a month
    • dont need to keep all duplicates
      • if https, can't know
      • know what came from where to who, (only metadata)
        • allow us to map a user to behaviour
  • ids
    • expensive in terms of package, if you do a lot into the data, with just metadat, it is less
  • block all outer traffic
  • do we block traffic not ending out
    • it is being worked on
  • cyber
    • see tf protection against cyber threats
  • 3.15
    • say we do it in gep
    • implement it in 2 parts
  • to ask approval of community with DAO in 3.15
    • tell what the new features are
    • part of the features
      • one part is this, the other part is there
    • gep part
      • gep for 3.15
        • mention the feature
          • if get yes, approval
            • implement the security features

Farmers Contact

  • farmers
    • can't communicate to them
    • have no information on farmers
    • ok one way
      • farmers reach out to us
    • other way
      • tf reach out to farmers
  • can't shut down the service
    • kyc for farmers?
      • need something from them
  • KYC
    • everything the user uses
      • from app
        • telephone number
        • email
      • from kyc docs
        • address
  • todo
  • we dont want this
    • can enable kyc in app
    • for farmers
  • farmers information
    • tf connect app
    • need to know
      • telephone number
      • email
    • track email address for tf connect
    • but not for dashboard
  • tf dashboard (issue)
    • email required, with verification
    • todo
      • set requirementd for dashboard
  • tf connect
    • already have it

NetworkD

  • networkD
    • networkD as default
      • would require to have
        • node receive public IP
  • hetzner provide only public IP address
  • networkD
    • 1 mac address per node
    • mycelium becomes default, can communicate to all nodes
      • to be simpler

Utilization Rewards Distribution

  • revenue split implemented
    • what is the distribution
      • 50% farmers
      • burning was part of algorithm to lower amount of tokens
        • never was changed nor asked to the community
      • validators
        • don't have yet
        • not good to implement

3.16

  • 3.16 smaller
    • as fast as we can
    • make specs
    • make gep
  • make sure we have farmers' contact
    • either go to tf connect app
    • or go to dashboard
  • todo
    • lee and jan
      • resolve scalability issue

TODO - Next Meeting

  • next meeting
    • check status of 3.15
    • review 3.16