Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
Internet Engineering Task Force / Interim Meetings / 11 Oct 2022
Internet Engineering Task Force / Interim Meetings / 11 Oct 2022
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: IETF-TOOLS-20221011-1800

Description

TOOLS meeting session at IETF
2022/10/11 1800

https://datatracker.ietf.org/meeting//proceedings/

A

Foreign.

A

Hello, everybody so Robert the trick with studying all the cookies didn't work for me to Echo, apparently because I'm IP chair now.

B

Okay,.

A

Just to let you know whatever.

C

So we got it, people joining at a pretty rapid rate, we'll give it a moment or two more. A lot of people finish joining.

C

Do you please share a video if you're able like to have this, as mentioned before, be as much of an in the room meeting is we can make it.

C

We're getting a really nice turnout today.

C

hmm

C

All right, the join rate is slowing down, so we'll go ahead and start in the first thing I'd like to bring up is um how we're going to approach doing the meeting based on what we tried last time and the feedback that we got from Eric I am planning to go through the topics that are listed under hot topics for discussion and detail, the rest of it. We will just point out section by section as we're going along and give people a few moments to scan in real time.

C

In case there was information added since the last time. They read the notes, but not necessarily read through each of them um take basically taking most of that text as read.

C

So if you know that there is something that's currently not in the Hot Topic section that um you know for sure you want to talk about when we get to um that part of the call be sure to to say, hey I want to talk about this thing down here and I'll remind everybody that this is an editable web page and um I'm happy to have anybody at it at any time.

C

As long as it's a positive contribution towards the meeting, if you know something is a Hot Topic that you won't discussed on the call before the call shows up feel free to just edit it into the agenda on the page.

C

All right first thing that I want to jump into is the uh what we're going to do for November. Currently, the tools call is scheduled um in conflict with some meeting sessions, I think um or maybe it moves into dinner of the ietf week. I suspect that that's not what we want to do. I know we're going to probably have several side meetings related to tools during the week. Do we want to have a tools team call the week after or do we skip November and just wait for December's call.

C

Anybody feel strongly one way or the other I am leaning towards just skipping.

A

Could we try to cover one that we're place on the Saturday of the Cold Spring, just to talk about the tools and allow for remote access.

C

Well, the whole code Sprint is basically that and the intent is to allow remote access for the whole thing if the Secretariat can pull it off with the new pod equipment.

C

uh I.

A

Was most thinking about reserving half an hour on the Saturday around the lunchtime just to talk about generic topic and not I mean very small one like we do, let's go spring.

C

I.

A

Don't object to that the remote people it might be easier for them to with weird time zones. It might be easier for them to pick to attend that piece, but um yeah I don't have a problem with we're now doing code sprinting with the hackathon again.

C

In a separate room at the moment, um just because of the noise.

A

Provide.

C

Remote attendance.

A

So I I would be happy to pick up and change rooms for half an hour. uh That would be fine um if, if that's an important thing to do, I don't know I'm I agree with you. Robert uh that probably uh deferring by a week doesn't help people that want to want to break and probably just go for December meeting yeah.

C

Okay and we'll take a look at um putting an explicit half hour for a group discussion and making sure that we um advertise for remote attendees that we'll be talking about stuff during the code, Sprint and I'll work out. What time during the code, Sprint makes the most sense I think allowed the most remote participants to attend.

C

All right, let's go ahead and move forward.

C

um People have seen the note that went to tools discussed about our infrastructure strategy, going forward how we're Talent, where we're going to run our services and the models that we're going to evolve to we requested that feedback arrive before this call. We didn't get a great deal of feedback. A few people commented and I believe that their comments are already incorporated into the document.

C

Has everyone on the call had a chance to look through that proposal and I mean there are several people here that haven't commented explicitly? Should we just take silences if everything is good.

C

Does anybody here need more time to look at it.

C

I don't hear anybody running to the mic and I'm, assuming that people have given some thought to what the document doesn't say that it should. Perhaps you know we're waiting to dive into the details of of how we would implement.

C

um Some of the principles that the document calls out um until later so clearly there's still a lot of detail level information that we need to pull together, but as a framework for how we're going to move forward. I am guessing that people are happy with what they're seeing Jay do you need anything from anybody.

B

um No I'm um quite good with all the things that people have done so far. I just um need to incorporate fully the comments if people are otherwise Happy I'm ready to basically call this done and um start to work on um with you on uh one or more rfps for um delivery around this yeah.

C

All right so I have maybe a little bit delinquent on timing I'm, currently aiming for the beginning of December for our next tools.

C

Team workshop, based on the survey that we sent around the one that we should focus on first, is how we publish documents on the internet, particularly rfcs and internet drafts, but including all things like meeting materials and photos and all of these other things right so um I, unless somebody who's got a reason not to I'm going to Target the first two weeks of December for this I'm talking with Alexis already on building out a set up questions that we can use to drive the conversation during the workshop point of the workshop will be to um grow, mind chair and just get input into what we should do, the we're expecting that the topics will Encompass everything from the idea of a a single place that has all of these documents with very short ul's to get to them.

C

Tv.

C

Do these things just give you document content, or do they give you a metadata page or do they give you both um I know that some of these conversations are also on cue for um possible rswg work, um so the Commerce any conversation we have here that gets into the policies that the rswg would be um responsible for would just turn into input into the rswg conversation.

C

I will get a more detailed description of what we're planning for the workshop to the list, either later this week or the first part of next week. Anybody have any questions about that or um a desire to change the plan.

C

Not hearing anything I just wanted to report on a couple of things that happened um early part of last week we had someone report that we had an open redirect point. It turns out that that open, redirect Point had been available for probably a decade.

C

um As far as we could tell from the logs that we have that, don't go at back a decade. They only go back a few weeks. um It hasn't been. It was not exploited during that time. So we closed the redirect with a patch. The next redirect will completely remove it. The basic details of where it crept in was at the um Port, the original Port of the Pearl iesg tracker into Django.

C

um We built a um piece of middleware that would strip the a trailing period off of a URL, and we believed that this went in like I said over a decade ago, in order to um make some of the Legacy Pearl URLs from that Old instance continue to work properly, but the way it was implemented, it bypassed the rest of the Django stack at the protection against becoming an open um redirect service, and our fix was to just remove that piece of metalware from the stack.

C

We also had an issue.

A

Sorry, it's way longer than you said: yeah yeah, because that was like year, two of my chairmanship.

C

Yeah yeah.

A

But whatever I'm glad you fixed it.

C

We also had an issue with our role-based um Access Control mechanism thing we decorate functions with to say you have to be a member of the Secretariat or a working group chair or a whatever to do food to this group.

C

um It had an edge case that um it dealt improperly with not having any Target roles in the list of things that it might try to match against it failed open. It shouldn't have that's been fixed. Somebody found it. They created an account to deface the one group that presented a situation where there weren't any roles to match against, and that was the group that we hang individual submission drafts off of um the.

C

Hole's been fixed, the code's been fixed. There is still a question about how much cleanup we do of the history of that group. Now there are some um group events that I suggest that we delete because they contain just the text of the defacement. It's not particularly offensive text, but the uh who knows what it's a key for.

C

Lars, when I brought this up mentioned that he would have been happier if we had nudged the isg when we saw this happening so um I don't know if we've got anyone.

C

You know just skimming for I guess it's something that um both are our tools. Team in the Secretariat can take note of when we're adjusting to something like this in the future. We can just drop far as a note or a chair of the time, a note that it's going on.

A

That'll be nice, and this time it really didn't matter so much because there wasn't an outage or anything right. But if something gets discovered that would actually, you know, affect data trigger availability or functionality, um be very nice if the isgu that so that you could deal with the results of the Fallout.

C

Okay, so my next I am here: um Mary Barnes reported that she had some link found some links and some old email um from the Nom come that she chaired most recently that did not work anymore.

C

um Digging around and investigating I found that the information that she was missing was served off. Henrik's tool, servers by handcrafted Pages, there's an example of one of those pages from the the internet archive Linked In the text from the notes here, so you can see what they look like the archive did not get all of them, so we can't go to that to discrete to get that information back.

C

Henrik has confirmed that he does not have that information anymore. It was cleaned away after we moved um the capability for the nom-coms to keep their public facing information in the data tracker, so that should a non-com ever need to have all of its information removed. There was only one place to remove it, so that information was just lost at that time. It's gone um and I don't think that there is any any way to recover it. So there's.

C

um

C

We could spend some effort going through what we could find in the internet archive for the the few pages that it did capture and backfill those into some of these older non-coms. But I don't know if the the return for the effort that goes in is high enough to actually go through go through the process.

B

So well, but um I thought at one point: um we had Glenn archive as much as he could see on those servers. um So Glenn were you able to get that partic? Those particular pages.

C

It's unlikely we can get Glenn to go. Look but I think that um the time that Henrik removed the information from tools.iatf.org was many years ago.

C

All right, you know we'll continue to poke around and see what we can find, but I think that um it's it's just a a lost opportunity. I I may have missed it. I may have missed a question Jay. Were you asking me about this old data.

B

uh Yes, but Robert's explained now that it was deleted some years ago before you started taking backups at tools.ihf.org for us.

A

Okay, so it was only, it was never on the iatf servers. It was only 100 servers.

C

Correct.

A

Okay, sorry.

C

But I'll follow up with with Glenn and get him to to to verify so.

C

All right, the next thing I've got, is um a short conversation around authenticating with IMAP. um We in the process of attempting to add a feature that would allow us to map user identities at the IMAP server. So if somebody changed their data tracker account login to a different login stream, the configuration that they had that the IMAP server could follow along.

C

um We restarted the um the service and discovered that it didn't start and it didn't start because I had removed the Python 2.7 copy of the data tracker that we had running around that I had thought was only there to support. Mailman integration um turns out that auth P off PD was using it as well.

C

It is reinstated for the moment I'm in an email conversation with Alexi to where we're going to move off PD to the modern version of the data tracker on python 3.9 and then build a different API, so that the auth PD code isn't using the data tracker models directly, but is rather using an API so that we can separate the life cycles of those pieces of code from each other.

C

All right.

C

The rest of what I've got on the agenda I am planning to mostly do a take as read just at a very high level, we're working on adding using cloudflare streaming service. In addition, what we have for YouTube um to reach a greater part of the world, that's a work in progress.

C

The FTP Service has finally been configured to not serve anything, but the tombstone file and usage has dropped to zero. People have seen the announcement to the lists about when we're going to turn off the uh well. We've already turned off the um email list, bridging in the zoo, open, remove the copies of the archives that are in Zulu. That's completely done the uh we're still working on the final things that we want to do to ID diff.

C

Before we have the data tracker use IDF instead of rfcdef I'm, expecting that to be in the next release of the data tracker and one of the upcoming releases of authortools once that's in place, we'll take the Pui HD scripts that are on www.ietf.org offline.

C

So, for those that may not remember, pyht is a language that Henrik wrote in Python 2.7 to serve web pages and to encapsulate scripts behind them um and they're unsupportable. At this point,.

C

We had two patch Coast post, confirmed. I should have moved this up into the actual talk about it. Part of the section we had to patch post confirm because Google became more aggressive about enforcing um their interpretation of what was in RSC 5388 um headers that use the multiple versions of having the header field name. Two food, two bar two baths um Google now just rejects the spam.

C

They will only accept two food, comma bar, comma, baz and post confirm was doing it a different way, easy to fix, but in the process of patching it, we it reminded me that the install that we have in production right now was installed by hand not through any packaging system. Even though there is something sitting out on Pi Pi, what's sitting out on pie pie is not what we're running in production. What we have at GitHub is what is on production.

C

We need to go through building out the the infrastructure to make a release that we can install as a package, because I had to go in and install this patch into the system. Library System python libraries basically by hand um it's also Python 2.7 specific, because it's part of the mailman chain right now and when we go to mailman 3, it's going to have to be Rewritten um in Python 3, either ported or or Rewritten.

C

So, and there's still some question about how much of the the dmarc rewriting functional analogy we want to keep after we make the mailman 3 transition anyhow.

C

So big problems that are still in front of us.

C

Hopefully, people have had a chance to read the bit about non-com eligibility calculations. We've just done some improvements. There we're in the process of adding a little bit more guts and conversations happening on uh with uh um Jay and Lars about how to count people that are registered in two different ways.

C

We've moved wiki.ietf.org behind cloudflare um the getting the auto-generated cert in place at cloudflare took a lot longer than we expected when we did this last Friday, when we moved chairs and authors we're going to proceed differently so that the honor that automatically generated certificates in place before we try to move real traffic over to it.

C

In the first place, the iatf specific plugin that we have has been merged into a new repo that is building an image that all of our ietf specific instances of Wiki JS are deployed with, so that when a new feature comes into wiki.js, we just rebuild that image and all of the all the instances pick it up automatically.

C

There's a lot of text here about the data tracker I'm, not going to call out anything specific. If anybody has any questions about anything, they see there go ahead and yell now.

C

Going to say the same thing about bib XML, the author tools, the Whitetail website, nxmlrsc and mail archive and Ying catalog. So hopefully, everybody's read through this before and would have had any questions ready. But I'll give it a couple of minutes for people to skim through if they haven't seen it or in before. They got to the call.

A

Is XML you keep having this problem.

C

I'm, having a hard time hearing you Ross trout, try one more time all.

A

Right uh the problem with the foreign XML: when is that going to get deployed the fix.

C

The problem with the witch name.

A

Four name is what the field name, it's the first name, it it. The parsing. uh Okay,.

C

um

C

Off the top of my head, I can't say: I will follow up with you and find where that is in in the pipeline and know that we've got a series of um changes that ribose has made that are queued up for merging to be deployed. So it may be fixed in one of those.

A

Yeah I've been I've, been watching the issue and it it is waiting, merge or waiting release. I forget which, but it's it's breaking a whole bunch of X includes okay.

C

Now I do want to move in the long run and got I sent the the note n to the um our swag that we need to get out of the game of trying to tear names apart and just have blobs and be done. So.

C

I mentioned earlier that the um we're working on getting this ability to map IMAP users in place- it's not working yet, but we expect it we'll have it working before we get to ietf 115..

C

There is a conversation. That's been started. It was triggered by noticing that um our DNS SEC records for the ietf.org domain are using um the crypto algorithms that are no longer recommended. We started a conversation about how we would change that to move what is currently recommended.

C

It has expanded to include how we serve DNS SEC altogether and right now we have a um a proposal that we're working with to move all of our DNS services to cloudflare and perform the algorithm configuration changes once we're once we're at cloudflare I'm, expecting we'll start taking steps on that um again likely after ietf 115 be between 115 and 116..

C

All right.

C

Anybody have anything else that they want to talk about on. Today's call.

C

This is the um last time that we're getting together as a group before we get to ATF 115 I, look forward to seeing any of the rest of you that are going to be attending in person.

C

If you can think of anything that we need to be working on as the tools team between now and the meeting that we haven't mentioned that we're working on. Do please raise the issue, so we can get some resources aimed at it.

C

Awesome: well thanks everybody for their time. How did the call format work out today? Was it better to do the short read through and touch that we did.

A

No wonder I prefer this way right.

C

So.

A

So I I wasn't here last time, so I don't know what happened last time right, um but I'm not sure. If I got so much more information than just reading, the notes- um I don't know, maybe focus on the things that actually need discussion makes sense.

C

All right: well, thanks everybody again for your time and everything that you do to help make the ietf, successful and I hope to see many of you when we get to London and.

A

Thanks for the job done.

C

I'm going to talk to you soon.