circle_engineering/meetings_notes/engineering_meeting_24-11-04.md

<h1>Engineering Circle Meeting 2024-11-04 </h1>

<h2>Table of Contents</h2>

- [Attendees](#attendees)
- [Main Content](#main-content)
- [Mycelium GUI](#mycelium-gui)
- [3.15 GEP and Grid Release](#315-gep-and-grid-release)
- [Network Security Issue](#network-security-issue)
- [Farmers Contact](#farmers-contact)
- [NetworkD](#networkd)
- [Utilization Rewards Distribution](#utilization-rewards-distribution)
- [3.16](#316)
- [TODO - Next Meeting](#todo---next-meeting)

---

## Attendees

- Sabrina
- Lee
- Thabet
- Kristof
- Jan
- Mik

## Main Content
							
- no gateway for zos 4
  - link: https://git.ourworld.tf/tfgrid/circle_engineering/issues/82
  - issue should mention that
  - update requirements
  - check if all requirements are done
  - not clear what is done, and not done
  - post mortem
    - too long to keep issue for 4 months
- TODO
  - add ETA, owners, assignees to issue
    - see template: https://git.ourworld.tf/tfgrid/circle_engineering/issues/125
- situation of grid
  - don't have enough webgateway
    - that's why hetnzer is good here, we can do it there
- grid release
  - 3.15 november 12 on mainnet
  - 3.16 make smaller release
    - qsfs? to confirm next meeting
- mycelium
  - stories
    - fill in requirements
    - do more tracking
- 3.16 specs
  - redefine
    - 3.16 proper code management for zos
- kyc
  - 5 issues linked to it
    - not clear what is done and what is not
    - 5 issues linked, 3 are closed
- qsfs
  - scott didn't come back on this yet
  - tried to deploy zdb
- 50% go to farmers
  - gep passed, implemented
- GEP
  - new one for 3.15 release on mainnet
  - release for 12 november
  - todo
    - make 3.15 gep proposal
    - vote ends on 11
    - 3.15 open on 12
- 3.16 issue
  - if dont take an issue for this release, we explain why and put it in next release and track
- make sure if we close an issue
  - that everything is done
  - if it isn't done, we create a new issue
- if Kristof isn't there in a meeting and something affects him, we need to report clearly in writing, e.g. in chat
- some issue have tracking in 
- gitea
  - management
- github
  - code
- cyber protection
  - decomposed on zos 4
  - kyc
    - allowed traffic
- cyber protection
  - agreed not zos 4 anymore
  - not deployed on all node
- now people need to go to kyc to check deployments
- kyc
  - for people to stop avoid attacks on our network
- stakeholders
  - agree on everything we specs
- todo
  - team should run by itself
  - take more seriously
  - if make a story
    - needs to happen faster
    - more proper escalation
      - even if people not on meeting
- update cyber protection
  - kyc is enough to protect the farmers' node
  - prevent attack on local network
  - notes
    - avoid malicious workloads by enabling KYC
    - avoid traffic out on local farmers
- if we decide to not do something, we need to track it properly
  - e.g. go into google docs
    - e.g. gdocs too strong in some element, update
- update if we change requirements
- avoid traffic out locally
- dont want vulnerability to be on us
- we didn't track well the updates of issues
- allowed traffic
- why we didn't do the whitelist?
  - no reason
- we were in urgency and didn't act, communicate not implemented
- next time
  - need to be quicker to implement stuff
- kyc
  - go out through nut
    - e.g. not monitoring traffic,
    - e.g. just see somewhere on a node with 25 people
      - can't see who is doing the problem
- network
  - if shutdown smtp
    - block everything
  - best effort open source network
    - fine to not bring ourselves in danger
- mailgateway of another vendor
- can provide certified way out
  - e.g. force them to buy public IP address
  - then we know who they are, if they are putting reputation down
- urgent
  - whitelist

## Mycelium GUI

- gui
  - earwan found bug for android v 34, being fixed
    - fixed not release, still in review
- allow nodes
  - 

## 3.15 GEP and Grid Release

- todo 
  - gep
    - with all features
- todo quick gep
  - make a gep, close the 11th of november
  - implement it
- todo communicate to community, explain why we're doing this

## Network Security Issue

- need to tell them it won't stay that restricted
  - e.g. with public IP address
- if use ipv6 can you know exactly who it is?
  - can identify workload
- network
  - no out in general
  - ipv4
  - ipv6 doesn't need to be restricted, as it is unique
    - ipv6 always for workload with ipv6
    - vm running on public network
- public IPv6
  - moment a farmer provides a public ipv6 subnet, VMs get it when you select ipv6 option in dashboard
- only allow
  - mycelium ygdrasil, ssh
- if block http, no internet!
  - if download dns, dont know where farmers is going
- users allow a farmer
  - can I do port 25 of 5-7-6
    - to do ssh out of smtp
  - need interface for users/farmers interface
- if we can identify users
  - public ipv4, public ipv6
    - we know the workload
    - in blockchain, do we know the history?
      - if users shut down workload, can we go back
        - yes
          - public Ip are released in blockchain
- complete specs
  - 3.16
    - run IDS to check traffic (?)
    - for every node, wouldn't be that expensive
  - possibilities
    - run proxy for farmer
      - transparent proxying
  - for now, we lock that for a month
  - dont need to keep all duplicates
    - if https, can't know
    - know what came from where to who, (only metadata)
      - allow us to map a user to behaviour
- ids
  - expensive in terms of package, if you do a lot into the data, with just metadat, it is less
- block all outer traffic
- do we block traffic not ending out
  - it is being worked on
- cyber
  - see tf protection against cyber threats
- 3.15 
  - say we do it in gep
  - implement it in 2 parts
- to ask approval of community with DAO in 3.15
  - tell what the new features are
  - part of the features
    - one part is this, the other part is there
  - gep part
    - gep for 3.15
      - mention the feature
        - if get yes, approval
          - implement the security features

## Farmers Contact

- farmers
  - can't communicate to them
  - have no information on farmers
  - ok one way
    - farmers reach out to us
  - other way
    - tf reach out to farmers
- can't shut down the service
  - kyc for farmers?
    - need something from them
- KYC
  - everything the user uses
    - from app
      - telephone number
      - email
    - from kyc docs
      - address
- todo
- we dont want this
  - can enable kyc in app
  - for farmers
- farmers information
  - tf connect app
  - need to know
    - telephone number
    - email
  - track email address for tf connect
  - but not for dashboard
- tf dashboard (issue)
  - email required, with verification
  - todo
    - set requirementd for dashboard
- tf connect
  - already have it

## NetworkD

- networkD
  - networkD as default
    - would require to have
      - node receive public IP
- hetzner provide only public IP address
- networkD
  - 1 mac address per node
  - mycelium becomes default, can communicate to all nodes
    - to be simpler

## Utilization Rewards Distribution

- revenue split implemented
  - what is the distribution
    - 50% farmers
    - burning was part of algorithm to lower amount of tokens
      - never was changed nor asked to the community
    - validators
      - don't have yet
      - not good to implement

## 3.16

- 3.16 smaller
  - as fast as we can
  - make specs
  - make gep
- make sure we have farmers' contact
  - either go to tf connect app
  - or go to dashboard
- todo
  - lee and jan
    - resolve scalability issue

## TODO - Next Meeting

- next meeting
  - check status of 3.15
  - review 3.16
    - see: https://git.ourworld.tf/tfgrid/circle_engineering/issues/126