13:00:24 <evilaliv3> #startmeeting 13:00:24 <MeetBot> Meeting started Thu May 14 13:00:24 2015 UTC. The chair is evilaliv3. Information about MeetBot at http://wiki.debian.org/MeetBot. 13:00:24 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic. 13:00:29 <evilaliv3> halo! 13:00:41 <evilaliv3> i've opened the pad for the daily scrum meeting: http://piratepad.net/4tf6dnUdqw 13:06:15 <evilaliv3> okay so evl, 13:06:28 <elv> hellais: :D 13:06:32 <evilaliv3> i've a new task assignment that would be really imporant to address 13:06:35 <evilaliv3> https://github.com/globaleaks/GlobaLeaks/issues/969 13:06:43 <evilaliv3> https://github.com/globaleaks/GlobaLeaks/issues/137 13:06:57 <evilaliv3> it's already described as naif like to repeat 13:07:02 <elv> ghgh 13:07:08 <evilaliv3> but let'ts add some precise note 13:07:12 <hellais> elv: sup?: 13:07:19 <elv> evilaliv3: what about the other tickets we took node on our gdoc? 13:07:20 <evilaliv3> what i would like to ask you is: 13:07:24 <elv> hellais: ;) 13:07:33 <elv> note not node 13:07:41 <elv> naif: u there? 13:07:45 * hellais confused 13:07:46 <evilaliv3> verify what browser primitives are needed by scrypt and openpgp.js 13:08:05 <evilaliv3> (the minimium is dictated by openpgp) 13:08:32 <evilaliv3> take as reference: http://caniuse.com/#search=crypto 13:08:38 <elv> ok, question: 13:08:57 <elv> this is for the receiver/admin side 13:09:12 <evilaliv3> write a simple detector (you can use a simple html file separated from globaleaks, as we did when i gived to you the task assignment before engaging you on ghlobaleaks) 13:09:15 <elv> but for the whistleblower side, does it make sense to focus on torbrowser? 13:09:28 <evilaliv3> this is a routine that will be runned when the application start 13:09:41 <evilaliv3> and will verify the capabilities of the user browser 13:09:49 <elv> evilaliv3: ok a set of checks about browser capabilites 13:10:07 <elv> i have something on the old end2end branch i think 13:10:15 <elv> taken from the previous scrypt implementation 13:10:43 <evilaliv3> if the browser is not able to run globaleaks it would provide a user an funny page like: http://abetterbrowser.org/ 13:10:57 <naif> a useful page 13:11:14 <evilaliv3> great, but i repeat proceed simply writing a good piece of code of ~20 lines that do the detection 13:11:17 <evilaliv3> :) 13:11:20 <naif> with nice icons, responsive and links to fix the problem (ie: download a modern browser) 13:11:44 <evilaliv3> you can use: 13:11:45 <naif> bw almost everything is already defined on the ticket 13:12:17 <evilaliv3> you can use only the following libraries: 13:12:20 <evilaliv3> https://github.com/ded/bowser 13:12:50 <evilaliv3> and that's it! 13:12:59 <evilaliv3> if it wont be enough you can add: 13:13:02 <evilaliv3> http://modernizr.com/ 13:13:56 <elv> okay 13:14:20 <evilaliv3> withouth any angular, any jquery, nothing 13:14:25 <elv> yep no problem 13:14:32 <elv> consider it done for end2end rel 13:14:45 <evilaliv3> rel? 13:14:46 <elv> another question that i would like to raise 13:14:49 <elv> release 13:14:59 <evilaliv3> ok 13:15:03 <evilaliv3> before continuing 13:15:08 <evilaliv3> let me clarify a bit 13:15:17 <evilaliv3> why i'm asking you to use only this libraries? 13:15:34 <evilaliv3> cause we want this routine to be runned before angularjs is loaded 13:15:46 <evilaliv3> and this routine should be safe 100% 13:16:03 <evilaliv3> the messages provided should be shown without relying on any librariy 13:16:24 <evilaliv3> this way any browser failure can be detected befor it happen :) 13:16:31 <evilaliv3> and avoided :) 13:16:47 <evilaliv3> ok, what was your question ? 13:17:10 <elv> i would like to take a look to the tickets we considered for inclusion in the release 13:17:11 <naif> the ticket contain much more 13:17:12 <naif> https://github.com/globaleaks/GlobaLeaks/issues/137#issuecomment-100814120 13:17:43 <naif> with openpgp.js inclusion we also need to log client-access-failure somehow 13:17:54 <naif> because we will break many clients and we need to know how many 13:19:28 <evilaliv3> elv: consider that all the tickets related to pgp, scrypt and this detection should be closed be befor releasing end2end 13:19:52 <elv> ok, there are more things: 13:20:05 <evilaliv3> https://github.com/globaleaks/GlobaLeaks/milestones/2015%20May 13:20:07 <elv> Discuss new release naming/tagging - 3.0.0? 13:20:08 <elv> - https://github.com/globaleaks/GlobaLeaks/issues/776 13:20:11 <evilaliv3> you can take this as reference 13:20:22 <evilaliv3> elv: do not mind to the naming 13:20:40 <elv> Dependencies freeze on tag/release 13:20:43 <evilaliv3> using a 3.0.0 would be ok, but all will depends on the stability 13:20:49 <elv> pgp key clientside 13:20:52 <evilaliv3> before having a 3.0.0 we would need a pentest 13:21:02 <elv> openpgpjs as library (this is done) 13:21:03 <evilaliv3> so probably we will call it 2.70 13:21:06 <evilaliv3> we will iterate 13:21:09 <elv> donation badge <------ 13:21:17 <elv> improve password strength checker in UI 13:21:18 <evilaliv3> and then we will push out a 3.0.0 at the end of the OTF grant 13:21:29 <evilaliv3> that is in 9 month from now 13:21:41 <evilaliv3> this would be a great target 13:21:44 <elv> k 13:22:06 <naif> donation badge does not sounds like a priority IMHO, if we need to do out-of-roadmap-stuff, there are the Adopters stuff waiting 13:22:30 <hellais> naif: I think electron (electron.atom.io) is superior to nodewebkit in various regards. 13:22:33 <evilaliv3> the dependency freeze depends on the features we still need to finish 13:22:50 <hellais> naif: we are using it to build the GUI for ooni: github.com/hellais/network-meter 13:22:51 <evilaliv3> e.g. if you would need modernizr now (i would suggest for it, hellais?) 13:23:23 <evilaliv3> or e.g. angular-timer, angular-relative-dates and some sall others) 13:23:28 <hellais> evilaliv3: I don't understand the question 13:24:01 <naif> hellais: yes but 4 out of 5 core developers of node.js moved to io.js that's backing nw.js. Until they fix the issue, i consider node.js risky for the future 13:24:06 <evilaliv3> i was breafly asking you: what is your suggestion to implement a safe browser detection in relation to crypto/html5 fancy feautres and bla bla? 13:24:15 <elv> evilaliv3: we could freeze every 2.x version 13:24:23 <naif> evilaliv3: if (windows.crypto); then 13:24:24 <elv> we freeze for 2.70.x 13:24:27 <elv> then for 2.71.x 13:24:39 <elv> so we start to experiment with it 13:24:48 <evilaliv3> sure naif, but we wannt to write all tetection routines customs? 13:24:58 <elv> anyway for the checker ok, i'll take this log as a reference 13:25:02 <evilaliv3> i was evaluating using standard one like bowser/modernizr 13:25:20 <naif> evilaliv3: if the numbers of functions are 2 or 3, then yes, it make sense to make a single one liner 13:25:47 <evilaliv3> elv quite all is freezed, noting is changing so far, what is causing problems to you on this side? 13:26:37 <elv> I'm referencing the ticket about freezing dependencies 13:26:43 <evilaliv3> naif, detecting ie8, ie9, other browsers in a safe way etc is not something doable with a simple one liner 13:26:54 <evilaliv3> in a cross compatible way and without failures i mean 13:27:14 <elv> anyway the point is not one-line but working-detection :p 13:27:33 <hellais> naif: why do you think node.js is risky for the future? What issue? 13:27:40 <naif> evilaliv3: if we need 2/3 functions and we can test if those are available or not, it's simpler. Then we know that only IE11 have it, so it would works 13:28:01 <evilaliv3> ah sure naif 13:28:08 <evilaliv3> but we need also to check for other things 13:28:09 <evilaliv3> like: 13:28:21 <hellais> evilaliv3: yeah I agree with naif I think you should just do duck typing style detection 13:28:24 <naif> evilaliv3: let's make a list on the ticket, then evaluate what must be probed 13:28:26 <evilaliv3> cookies enabled or not, probable in the future local storage or not 13:28:29 <naif> hellais: http://anandmanisankar.com/posts/nodejs-iojs-why-the-fork/ 13:29:00 <evilaliv3> anyhow i've never said "USE BOWSER, USE MODERNIZR" 13:29:11 <evilaliv3> i've written: try to avoid any use of libraries 13:29:14 <elv> evilaliv3: u got the point? 13:29:21 <elv> the freeze of libraries 13:29:22 <evilaliv3> if needed eventually bowser, modernizrd 13:29:38 <evilaliv3> now is elv that need to do a research on that and do the proper analysis 13:30:07 <elv> i have to go for an hour and half, and then i'll read the logs 13:30:24 <elv> if u have suggestions about it i'll take care of testing them 13:30:43 <evilaliv3> k 13:30:58 <evilaliv3> i will take a little look and i will write mine suggestion on the ticket 13:31:11 <evilaliv3> remember to fill: http://piratepad.net/4tf6dnUdqw 13:31:18 <hellais> naif: looks like a tempest in a teapot 13:31:29 <evilaliv3> it's important to auto asses a schedule on our duties 13:31:30 <hellais> I wouldn't jump on the flashy new project bandwagon just yet 13:31:43 <evilaliv3> and to self avaulate ourself in our productivity 13:31:55 <evilaliv3> i neither 13:32:02 <evilaliv3> i'm with the hell man 13:32:14 <evilaliv3> hell yeah! 13:55:53 <naif> end of meeting? 14:04:00 <evilaliv3> #endmeeting