diff --git a/meetings_notes/engineering_meeting_24-11-04.md b/meetings_notes/engineering_meeting_24-11-04.md new file mode 100644 index 0000000..d5cb168 --- /dev/null +++ b/meetings_notes/engineering_meeting_24-11-04.md @@ -0,0 +1,293 @@ +

Engineering Circle Meeting 2024-11-04

+ +

Table of Contents

+ +- [Attendees](#attendees) +- [Main Content](#main-content) +- [Mycelium GUI](#mycelium-gui) +- [3.15 GEP and Grid Release](#315-gep-and-grid-release) +- [Network Security Issue](#network-security-issue) +- [Farmers Contact](#farmers-contact) +- [NetworkD](#networkd) +- [Utilization Rewards Distribution](#utilization-rewards-distribution) +- [3.16](#316) +- [TODO - Next Meeting](#todo---next-meeting) + +--- + +## Attendees + +- Sabrina +- Lee +- Thabet +- Kristof +- Jan +- Mik + +## Main Content + +- no gateway for zos 4 + - link: https://git.ourworld.tf/tfgrid/circle_engineering/issues/82 + - issue should mention that + - update requirements + - check if all requirements are done + - not clear what is done, and not done + - post mortem + - too long to keep issue for 4 months +- TODO + - add ETA, owners, assignees to issue + - see template: https://git.ourworld.tf/tfgrid/circle_engineering/issues/125 +- situation of grid + - don't have enough webgateway + - that's why hetnzer is good here, we can do it there +- grid release + - 3.15 november 12 on mainnet + - 3.16 make smaller release + - qsfs? to confirm next meeting +- mycelium + - stories + - fill in requirements + - do more tracking +- 3.16 specs + - redefine + - 3.16 proper code management for zos +- kyc + - 5 issues linked to it + - not clear what is done and what is not + - 5 issues linked, 3 are closed +- qsfs + - scott didn't come back on this yet + - tried to deploy zdb +- 50% go to farmers + - gep passed, implemented +- GEP + - new one for 3.15 release on mainnet + - release for 12 november + - todo + - make 3.15 gep proposal + - vote ends on 11 + - 3.15 open on 12 +- 3.16 issue + - if dont take an issue for this release, we explain why and put it in next release and track +- make sure if we close an issue + - that everything is done + - if it isn't done, we create a new issue +- if Kristof isn't there in a meeting and something affects him, we need to report clearly in writing, e.g. in chat +- some issue have tracking in +- gitea + - management +- github + - code +- cyber protection + - decomposed on zos 4 + - kyc + - allowed traffic +- cyber protection + - agreed not zos 4 anymore + - not deployed on all node +- now people need to go to kyc to check deployments +- kyc + - for people to stop avoid attacks on our network +- stakeholders + - agree on everything we specs +- todo + - team should run by itself + - take more seriously + - if make a story + - needs to happen faster + - more proper escalation + - even if people not on meeting +- update cyber protection + - kyc is enough to protect the farmers' node + - prevent attack on local network + - notes + - avoid malicious workloads by enabling KYC + - avoid traffic out on local farmers +- if we decide to not do something, we need to track it properly + - e.g. go into google docs + - e.g. gdocs too strong in some element, update +- update if we change requirements +- avoid traffic out locally +- dont want vulnerability to be on us +- we didn't track well the updates of issues +- allowed traffic +- why we didn't do the whitelist? + - no reason +- we were in urgency and didn't act, communicate not implemented +- next time + - need to be quicker to implement stuff +- kyc + - go out through nut + - e.g. not monitoring traffic, + - e.g. just see somewhere on a node with 25 people + - can't see who is doing the problem +- network + - if shutdown smtp + - block everything + - best effort open source network + - fine to not bring ourselves in danger +- mailgateway of another vendor +- can provide certified way out + - e.g. force them to buy public IP address + - then we know who they are, if they are putting reputation down +- urgent + - whitelist + +## Mycelium GUI + +- gui + - earwan found bug for android v 34, being fixed + - fixed not release, still in review +- allow nodes + - + +## 3.15 GEP and Grid Release + +- todo + - gep + - with all features +- todo quick gep + - make a gep, close the 11th of november + - implement it +- todo communicate to community, explain why we're doing this + +## Network Security Issue + +- need to tell them it won't stay that restricted + - e.g. with public IP address +- if use ipv6 can you know exactly who it is? + - can identify workload +- network + - no out in general + - ipv4 + - ipv6 doesn't need to be restricted, as it is unique + - ipv6 always for workload with ipv6 + - vm running on public network +- public IPv6 + - moment a farmer provides a public ipv6 subnet, VMs get it when you select ipv6 option in dashboard +- only allow + - mycelium ygdrasil, ssh +- if block http, no internet! + - if download dns, dont know where farmers is going +- users allow a farmer + - can I do port 25 of 5-7-6 + - to do ssh out of smtp + - need interface for users/farmers interface +- if we can identify users + - public ipv4, public ipv6 + - we know the workload + - in blockchain, do we know the history? + - if users shut down workload, can we go back + - yes + - public Ip are released in blockchain +- complete specs + - 3.16 + - run IDS to check traffic (?) + - for every node, wouldn't be that expensive + - possibilities + - run proxy for farmer + - transparent proxying + - for now, we lock that for a month + - dont need to keep all duplicates + - if https, can't know + - know what came from where to who, (only metadata) + - allow us to map a user to behaviour +- ids + - expensive in terms of package, if you do a lot into the data, with just metadat, it is less +- block all outer traffic +- do we block traffic not ending out + - it is being worked on +- cyber + - see tf protection against cyber threats +- 3.15 + - say we do it in gep + - implement it in 2 parts +- to ask approval of community with DAO in 3.15 + - tell what the new features are + - part of the features + - one part is this, the other part is there + - gep part + - gep for 3.15 + - mention the feature + - if get yes, approval + - implement the security features + +## Farmers Contact + +- farmers + - can't communicate to them + - have no information on farmers + - ok one way + - farmers reach out to us + - other way + - tf reach out to farmers +- can't shut down the service + - kyc for farmers? + - need something from them +- KYC + - everything the user uses + - from app + - telephone number + - email + - from kyc docs + - address +- todo +- we dont want this + - can enable kyc in app + - for farmers +- farmers information + - tf connect app + - need to know + - telephone number + - email + - track email address for tf connect + - but not for dashboard +- tf dashboard (issue) + - email required, with verification + - todo + - set requirementd for dashboard +- tf connect + - already have it + +## NetworkD + +- networkD + - networkD as default + - would require to have + - node receive public IP +- hetzner provide only public IP address +- networkD + - 1 mac address per node + - mycelium becomes default, can communicate to all nodes + - to be simpler + +## Utilization Rewards Distribution + +- revenue split implemented + - what is the distribution + - 50% farmers + - burning was part of algorithm to lower amount of tokens + - never was changed nor asked to the community + - validators + - don't have yet + - not good to implement + +## 3.16 + +- 3.16 smaller + - as fast as we can + - make specs + - make gep +- make sure we have farmers' contact + - either go to tf connect app + - or go to dashboard +- todo + - lee and jan + - resolve scalability issue + +## TODO - Next Meeting + +- next meeting + - check status of 3.15 + - review 3.16 + - see: https://git.ourworld.tf/tfgrid/circle_engineering/issues/126