18:01:27 <mikeperry> #startmeeting tbb-dev 18:01:27 <MeetBot> Meeting started Mon May 11 18:01:27 2015 UTC. The chair is mikeperry. Information about MeetBot at http://wiki.debian.org/MeetBot. 18:01:27 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic. 18:02:30 <mikeperry> yikes, I have quite a bit of lag 18:02:54 <mikeperry> ok, let's get started 18:03:55 <mikeperry> Last week, I updated the design doc for 4.5 and sent the updated fingerprinting section (https://www.torproject.org/projects/torbrowser/design/#fingerprinting-linkability) to Nick Doty of the W3C and to Mozilla's security group. 18:04:08 <mikeperry> I also wrote a fix for #15927, and some fixups for #13670 and #1517. I also reviewed patches for 4.5.1 and 5.0a1, and started both those builds. 4.5.1 is on tor-qa. 18:04:18 * isabela has a quick request can be done after udpates 18:04:25 <mikeperry> This week, I plan to help get the releases out (probably by writing the blog posts?), file some roadmapping tickets, and start work on FF38-ESR. I may need to follow up on some random design doc/W3C emails also. 18:05:19 <mikeperry> ok, I think that's it for me for now 18:07:37 <mcs> Does anyone know when Mozilla will create an esr38 branch on their github mirror? 18:07:48 <mcs> (or is it there and I missed it?) 18:08:37 <mikeperry> they have tags in their hg repo, but it looks like they are not on github yet. I can ask 18:09:05 <mcs> right, we saw the tags in hg. 18:10:07 <mcs> For ESR31, Kathy reminds me that we had to ask. See https://bugzilla.mozilla.org/show_bug.cgi?id=1045488 18:11:36 * isabela has to step out for a sec.. just wanted to remind folks to update the roadmap wiki page: https://trac.torproject.org/projects/tor/wiki/org/roadmaps/TorBrowser 18:11:54 <isabela> I added a legend at the top of the page. the other teams are using the same legend to update their roadmaps as well 18:12:10 <isabela> I will be back soon let me know if you have any questions, and tx! 18:16:12 <mikeperry> I am asking in #vcs on irc.mozilla.org about the esr38 branch.. who wants to go next? 18:16:55 * mcs can go next 18:17:04 <mcs> Last week, Kathy and I made a good amount of progress in rebasing our updater patches for ESR38 but we still have a lot to do. 18:17:11 <mcs> The biggest impact is on Mac OS (because Mozilla reorganized the app bundle to support v2 of Apple's application signature scheme). 18:17:17 <mcs> We spent some time isolating the cause of #14985. 18:17:24 <mcs> We also did code reviews for #15837, #15933, and #1570. 18:17:50 <mcs> (1570 must be wrong) 18:18:01 <mcs> #1517 18:18:11 <mcs> This week, we plan to review #13670, continue with the ESR38 updater rebase work, and help with whatever else comes up. 18:18:17 <mcs> We also plan to look at #15954 soon but maybe not this week. 18:18:23 <mcs> On a related note, do we want to start using a trac keyword like tbb-5.0-alpha or should we just use ff38-esr? 18:18:28 <mcs> That's all for us. 18:20:10 * arthuredelstein can report next 18:20:11 <mikeperry> hrm. yeah, I think we should start using the tbb-5.0-alpha for new features unrelated to ff38-esr changes 18:20:24 <mcs> mikeperry: OK; will do. 18:21:00 <arthuredelstein> Last week I worked on #13875, #15897, #14429, and #15899. 18:21:17 <arthuredelstein> I've also been rebasing patches for #15196 and wrote fixes for them so they pass all of Mozilla's unit tests. Fixing tests has turned out to be pretty slow going, so I think I should focus on rebasing only from now on and then go back and write test fixes later as time allows. 18:21:46 <nickm> tbb-team: please let me know when I can give a quick item for you. :) 18:21:47 <arthuredelstein> So this week I'll be doing more rebasing (#15196) and look at further fixes for #14429 and #15897. 18:22:11 <arthuredelstein> That's it for me 18:22:38 <GeKo> here is what I did: 18:23:42 <GeKo> I spent some time looking into the clickjacking bug, reviewed #14429 and #13875 and #15899 + #15897 18:24:04 <GeKo> I worked on the releases 18:24:17 <GeKo> 4.5.1 is now signed in my build dir 18:24:44 <GeKo> then I started with #15772 related things 18:25:05 <GeKo> this will keep me at least this week busy I guess. That's it for me 18:25:25 <GeKo> Oh, we have a new tor alpha, I guess, nickm, right? 18:25:40 <Yawning> uh, soon 18:25:59 <Yawning> there is a tarball that may become it, unless anything crops up 18:26:20 <nickm> soon i hope 18:26:35 <nickm> waiting for at least one more of the people who runs a versioning directory authority to approve the version 18:27:03 <nickm> (weasel, armadev: I sent you email about a version number I think) 18:27:18 <nickm> (segbastian already did it , i think) 18:27:24 <nickm> *sebastian 18:28:51 <GeKo> mikeperry: one thing that worries me in #15990 is that we need to compile without the content process sandbox 18:29:18 <GeKo> that is no immediate issue but there is no easy fix in case e10s lands some time in the future 18:29:49 <GeKo> I talked to jacek and the problem boils down to writing code for GCC to get that going at all 18:31:15 <GeKo> I guess we might want to consider at some point in time whether we have the money that somebody is doing that for us 18:31:58 <mikeperry> the sandbox is inactive without e10s anyway, right? 18:32:13 <mikeperry> I will put it on the roadmap for 45esr 18:33:16 <GeKo> yes, as I said this is more an esr45 issue but it probably requires a fair amount of work 18:33:44 <GeKo> so we should start thinking early about ways to have that working by then 18:34:31 <mikeperry> right, ok 18:35:17 <mikeperry> if OTF's Tor Challenge thing goes up, this would be a good one for that.. or else we can just find one of the mingw people who wants a contract or something, I guess 18:36:42 * boklm can go next 18:36:54 <boklm> This past week I have made a script to run unit tests modified/added by Tor Browser commits for #15994 18:37:08 <boklm> I started adding a test to check DEP/ASLR on Windows (#15138) 18:37:13 <boklm> I also started investigating #15996 after being annoyed by it 18:37:23 <boklm> This coming week I'm planning to work on #15994, test for #15138, and fixing warnings we have on mozilla try 18:37:32 <boklm> I will be mostly offline from thursday to monday night (maybe missing the next meeting) 18:37:43 <boklm> The week after that I am going to meet intrigeri for a day to discuss about how we can share/integrate our testsuite with Tails' 18:37:59 <boklm> that's all for me 18:42:13 <mikeperry> I have a somewhat ignorant question: does anything prevent unit tests from touching the network? 18:42:51 <mikeperry> or is there some risk that a crazy unit test in #15994 may leak onto the non-tor net of a gitian builder? 18:43:43 <boklm> hmm, I don't know if there is something that prevents that. I can check. 18:45:31 <mikeperry> ok 18:45:42 <mikeperry> any other updates? 18:46:00 <mikeperry> nickm: was your item about the alpha release, or something else? 18:47:54 <mikeperry> isabela: I hope to update the roadmap doc this week, though we'll see how much I am distracted by releases and other things 18:48:28 <nickm> mikeperry: something else 18:48:30 <nickm> it's about the hosts list 18:48:33 <mikeperry> hwine@mozilla is creating our esr38 tag for us btw 18:48:36 <nickm> https://trac.torproject.org/projects/tor/wiki/org/operations/Infrastructure/Hosts 18:49:08 <mikeperry> I think boklm is using some of those machines 18:49:10 <nickm> basically, we're happy to keep paying for all the hosts we're using, but it sure would be nice to know who is using the ones we're paying for, so we can be sure they're needed 18:49:25 <mikeperry> yawning, dcf, and gacar occasionally use tbb-build, IIRC 18:49:55 <mikeperry> though I thought most of those were on amazon, not 1984. hrm 18:49:59 <isabela> mikeperry: thanks! 18:50:01 <mikeperry> maybe I just misremember 18:50:11 <GeKo> I use it, too, and it helps me a lot 18:50:32 <mikeperry> I am not sure what "mike tbb testing machine" is 18:50:33 <Yawning> hrm? 18:50:44 <Yawning> is that the big box I build tbb on sometimes? 18:51:05 <mikeperry> yeah, the LXC one 18:51:16 <Yawning> yeah I use that 18:53:22 <nickm> great 18:53:25 <nickm> just say so on the wiki page 18:53:40 <mikeperry> ok 18:54:09 <nickm> not doing any kind of crazy austerity push here; just hoping there's $200-300 per month we can save and spend on developer lunches or something 18:55:34 <nickm> or alternatively, if we find every host is used, great. now we know what's for what 18:56:24 <mikeperry> boklm: most of the tbb stuff is technically yours. please update that page with what you still use (since I don't actually know) 18:56:40 * boklm updated the page 18:56:48 <mikeperry> great 18:57:03 <atagar> good morning world 18:58:43 <mikeperry> GeKo: my 5.0a1 build finished 18:58:44 <mikeperry> 409d2d04dde25e1d8e96a79024775bbaa978277c461c2fc877ec83c0905b9849 5.0a1-build1/sha256sums.incrementals.txt 18:58:48 <mikeperry> 3513774adf3799b502df0c9f8930f84f2d1715e0cae694e43b86f10b00c4cb74 5.0a1-build1/sha256sums.txt 18:59:24 <Yawning> o.O 18:59:29 <Yawning> 5.0 already? 18:59:38 <GeKo> a1 19:00:12 <mikeperry> I will rsync that and put it on tor-qa today, and write the blog posts for 4.5.1 and 5.0a1 19:00:25 <GeKo> ok. 19:00:30 <mikeperry> and put your signed 4.5.1 into place 19:00:44 <GeKo> I can release 4.5.1 tomorrow then 19:02:01 <mikeperry> for #15864, I am going to try to put an .htaccess to redirect the sha256sums-presigned-build.txt and .asc to sha256sums.txt for tor-browser-launcher 19:02:39 <tjr> Oh dangit I totally missed the meeting didn't I. 19:02:48 <tjr> I just sent an email about jemalloc3 19:03:43 <GeKo> tjr: we are not done yet :) 19:04:13 <tjr> woops, sorry, skimming scrollback 19:05:09 <GeKo> mikeperry: hrm... sounds quite fragile to me. do you know what eactly they are doing/needing? 19:05:22 <GeKo> *exactly 19:08:10 <mikeperry> no, I still need to find an email address for the right holgar and mail him 19:08:34 <mikeperry> but I also assume it will take a little while for any changes they make to propogate to all debian users 19:08:43 <sambuddhabasu1> atagar: good morning 19:08:44 <GeKo> yeah, that's true 19:12:28 <mikeperry> tjr: I am in favor of jemalloc3, esp if the perf impact from issue #213 isn't severe. it is something I want before pwn2own next year, for sure 19:13:19 <Yawning> (what's the difference?) 19:13:47 <tjr> mikeperry: Cool! Any conversations you can have with mozilla indicating that we might seriously consider it might help flush out any concerns they'd have regarding stability 19:14:14 <tjr> Yawning: For performance: https://lists.torproject.org/pipermail/tbb-dev/2015-May/000269.html For Features: 3 should have heap partitioning support 19:14:17 <mikeperry> Yawning: primarily protection against UAF exploits by isolation of allocation types in their own regions/arenas, along with some other hardening 19:14:43 <tjr> I will work on figuring out the status of the heap partitioning. 19:14:44 <Yawning> oh I see 19:15:13 <tjr> And if I get ambitious, might also try and build a replace- library that further segments heaps based on a random per-startup value 19:15:42 <GeKo> go for it :) 19:16:03 <mikeperry> tjr: do you know if jemalloc3 picked up any of the other hardening of PartitionAlloc? IIRC, there were also guard pages and some protection against double-free/dangling pointer exploitation in PartitionAlloc? 19:16:36 <tjr> mikeperry: I do not know. 19:19:55 <mikeperry> tjr: ok. another useful thing might be the labels in about:memory. even if they aren't used for heap partitioning yet it seems like some of them could be 19:20:12 <tjr> Yes! I haven't forgotten about those :) 19:21:42 <mikeperry> ok, awesome. thanks for looking into this! 19:23:46 <mikeperry> anything else for today? 19:23:49 <tjr> slowly :) always able to be pinged (email is most reliable) if you need a status update ot brain dump and I haven't said anything recently. 19:26:09 <mikeperry> ok, thanks tjr. thanks everyone! 19:26:18 <mikeperry> #endmeeting *baf*