sunrise choir - 16/10/2018

attendees

• piet
• aljoscha
• mikey

agenda

• checkin
• schedule the meeting for a regular time
  • Tuesday 8pm NZDT
  • Tuesday 9am Berlin time
  • Piet will make gcal invite for Mikey and Piet normal persons
• schedule the retro
  • Tuesday 30th of October
  • Piet will make gcal invite for Mikey and Piet normal persons
• piet would love to hear about alj's fuzz setup
• review
  • everything is horrible (with serde (and ssb))
  • mik still hasn't started discussion about licenses
• what is the process for js bindings?
• what should alj do next?

review

Aljoscha

• full spec of legacy message format and metadata
  • includes edge cases of non-canonical formatting
  • oppressive amount of edge cases
• not everything is perfect and generalized
  • logical is right to generate test cases for fuzzer
  • once we generate a server executable, can figure out what needs to be improved
• read in data, validate it, output in compact format or signing format
  • hash computation: ssb didn't specify encoding, node defaulted to latin-1 encoding, in practice means encoding as utf-16 and taking only least significant bytes
• metadata
  • alj underestimated the protocol
  • defined multiformats
  • most annoying is how metadata itself is structured, serde is not good at parsing it
    • content can either be arbitary json object or string
    • serde cannot elegantly handle this case
    • solution is to ignore metadata as being json at all
• should we use custom-serde or serde
  • normal serde gives us potential for static traits for ssb message types
  • custom serde more accurately reflects the data model of ssb
• rust traits are less flexible than desired
  • ideal is serde parser can directly build up a native js object
    • https://docs.rs/json/0.11.13/json/enum.JsonValue.html
    • https://docs.rs/napi-sys/0.1.1/napi_sys/enum.napi_valuetype.html
• testing & fuzzers
  • integration to rust toolchain, cargo fuzz
    • https://fuzz.rs/book/cargo-fuzz/setup.html
  • fuzzer analyzes paths to your code, tries to find the full state space of your implementation, tries all the fuzzy bits
  • test all the possible (corner) cases!
  • next step is to try all the possible cases in js
    • separate what is valid or invalid
  • creating great testing data sets

piet

• first day, did setup, thinking about where to go
• jumped into making private-box-rs have usable js bindings
• as of yesterday, got js binding working
  • project is not as tidy as wanted
    • faffed around with getting everything working
  • will have a think about using napi-sys crate
• spent today looking at how everyone else manages prebuild binaries for things that need binaries
  • how does cross module work?
    • can we use his docker image? yikes rabbit hole
  • discovered appveyor
  • use travis ci for building binaries
  • trust module: rust library for building rust bindings for many os's
    • japaric is fucking prolific and makes amazingly useful stuff
• looking at how to do async decryption
  • oh no, c++ void pointers and madness
  • will sleep and see how ugly the story is
• how to tidily manage when things go wrong
• overall happy with n-api, it's the thing we should be trying to use
  • only stable in node 10, but legit, is successor to nan
• tidy tidy tidy
• goal is to do a good job on this module
  • so will serve as a good easy-to-use template for other modules
• alj: is there a check whether a given string is a valid box?
  • wondering whether need to implement this higher up the stack
  • maybe good candidate for fuzzing

what should alj do next?

• fun!

what is the process for rust-js bindings

• rust-sys ?
  • probably the best way to go
  • pie will what he can do
• pie will write up a document on how to make rust-js bindings