19:01:19 <mikeperry> #startmeeting tbb-dev 19:01:19 <MeetBot> Meeting started Mon Nov 23 19:01:19 2015 UTC. The chair is mikeperry. Information about MeetBot at http://wiki.debian.org/MeetBot. 19:01:19 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic. 19:02:49 <mikeperry> ok, last week I continued working on tor-core stuff (the netflow padding patch), and picked up the donations page. not much tbb work got done 19:03:58 <mikeperry> this week, I really will get us a dev/test signing cert for OSX. otherwise, I will likely continue donations page stuff, and maybe do some load balancing work for tor. its a short week anyway in the US 19:04:03 <mikeperry> that's it for me 19:06:20 <nickm> mikeperry: are you blocking on me for anything osx-related? 19:06:35 <nickm> I lost track there. I thought I gave you the stuff you needed, but I didn't check back. 19:06:37 <mikeperry> no, I don't think so 19:06:51 <mikeperry> pretty sure I am all good. I just need to fight with certtool 19:06:54 <nickm> ok. you've got my phone number. if you need me any day this week but thanksgiving, just call 19:07:11 <mikeperry> I got close to doing it a week ago, but then got distracted by something 19:07:56 * GeKo stumbles in 19:08:49 * huseby i'm here too :) 19:09:08 <Yawning> <- is here 19:09:17 <Yawning> though my issue made forward progress in the scroll back 19:11:54 <mikeperry> ok, who is ready? seems like a slow day :) 19:12:02 <GeKo> mikeperry: if you get bored and need something on yout bullshit-item-list: #17039 19:12:16 <GeKo> you are the only one who can do this 19:12:35 <GeKo> and it is pretty valuable having the LXC machine properly working 19:13:10 <mikeperry> oh, right. ok. I will poke at that now during the meeting 19:13:13 <GeKo> i can workaround the problem but it costs me time and others wanting to run test builds probably won't have that 19:13:19 <GeKo> thanks 19:13:49 <mikeperry> I think I can just use apt to do that. I hope. 19:14:23 <GeKo> yeah, and while you are at it there are stray gititan processes that need to get killed 19:17:04 <GeKo> alright, here is what i did: 19:17:30 <GeKo> i mainly worked on #15578 and #17568 19:18:11 <GeKo> i did a bunch of reviews: 19:19:01 <GeKo> #17009, #17344 and i started with #9659 and #16940 19:19:32 <GeKo> this week i'll finish the latter and add the missing bits for #15578 19:20:15 <GeKo> then i'll pick remaining bits from my november keybword 19:20:41 <GeKo> and will probably poke at #17567 given that mozilla does not seem to think this has high prio 19:20:47 <GeKo> that's it for me. 19:22:33 * arthuredelstein can go 19:22:43 <arthuredelstein> Last week I worked on #17568, #15646, and #17565. 19:22:58 <arthuredelstein> I also worked on bugzil.la/1174386 and bugzil.la/1121643 19:23:12 <arthuredelstein> I spent some time investigating with huseby how to upstream Tor Browser's isolation patches. 19:23:24 <arthuredelstein> We're trying to understand the deep mysteries of Firefox's new Origin Attributes. 19:23:31 <arthuredelstein> And a few minutes ago Yawning and I worked out what's going on with #17550. 19:23:52 <arthuredelstein> This week I plan to work more on all of these selfsame bugs. 19:24:16 <arthuredelstein> That's it. 19:25:20 * mcs will go next 19:25:25 <mcs> This past week, Kathy and I created patches for #16940 and #17344. 19:25:36 <mcs> We did some followup research for #17442 and commented in the ticket. 19:25:42 <mcs> We also added a comment to https://bugzilla.mozilla.org/show_bug.cgi?id=1216882. 19:25:47 <mcs> We completed code reviews for #17369 and #13819. 19:25:53 <mcs> And we triaged a few bugs. 19:25:58 <mcs> Next on our list: 19:26:05 <mcs> - Follow up on any review comments we get for #16940. 19:26:08 <mcs> - Work with arthuredelstein to find a good solution for #17661. 19:26:14 <mcs> - Reviews other people's Tor Browser 5.5 patches. 19:26:18 <mcs> - Enjoy a couple of days off later this week for the U.S. Thanksgiving holiday. 19:26:23 <mcs> That's all for us. 19:27:16 * boklm will go next 19:27:29 <boklm> This past week I worked on #16009 to make it work on Windows 19:27:30 <boklm> I reviewed and tried the patch for #13819 19:27:39 <boklm> I have been looking at mozilla updater tests and opened #17662 19:27:52 <boklm> I am wondering if we could add a pref in our updater to allow downgrade updates (off by default) to make easier updater testing. 19:27:59 <boklm> This week I will try to make the test suite run on OSX. 19:28:08 <boklm> That's it. 19:30:32 <mcs> regarding #17662, you should be able to apply an update for the same version (e.g., overwrite everything with a full update). But I need to read that ticket more carefully o find out why you are asking. 19:30:41 <mcs> "to find out" 19:36:14 <boklm> mcs: ok. The idea would be to have a test channel containing an update we can use to test the updater. To do that we need an update that is signed, with a version number accepted by the updater. 19:37:01 * huseby can go 19:37:16 <huseby> wait, boklm done? 19:37:26 * boklm is done 19:37:59 <mcs> boklm: I will read and comment in the ticket or we can talk about this more after the "report out" portion of the meeting 19:38:07 <boklm> mcs: ok 19:43:57 <mikeperry> huseby: do you happen to know who we should ask about getting a Firefox tile for Tor? we're launching a donations campaign soon, so we'd probably want to link to the donate page or something similar 19:44:27 <mikeperry> in the past Firefox tiles have been thrown out there as something Mozilla could do for us, but I am not sure where to bring that up 19:44:42 <huseby> mikeperry: i do know 19:44:50 <huseby> let me get an email thread going 19:44:55 <huseby> I'll cc you on it 19:45:10 <huseby> it was in my proposals 19:45:18 <huseby> that I ran up the chain at mozilla 19:46:16 * huseby can go now 19:46:21 <huseby> so last week I was mostly on vacation 19:46:27 <mikeperry> ok great! I can explain the campaign and show some example stuff we might link to in reply 19:49:09 <huseby> but earlier last week arthuredelstein and I were trying to figure out the correct approach to uplift isolation patches now that origin attributes is a thing 19:49:18 <huseby> we made some progress 19:49:23 <huseby> picked up again this morning 19:49:30 <huseby> the main goal is to get the TPU patch out for review ASAP 19:55:47 <mikeperry> ok. anything else? 19:56:12 <GeKo> what is the plan for a defense against font fingerprinting for the stable users? 19:56:20 <GeKo> what is its timeline? 19:56:22 <mikeperry> I am upgrading this ubuntu machine. I think its almost done 19:57:27 <arthuredelstein> GeKo: I'm continuing to try to improve the font fingerprinting patches in the alpha. 19:57:58 <arthuredelstein> It would be good to discuss what we think needs to be done for it to be polished enough for stable 19:58:13 <GeKo> yes, i agree 19:58:56 <arthuredelstein> We're still getting occasional reports of issues for some platforms and locales, such as those from Yawning and mcs. 19:59:43 <arthuredelstein> So that's one thing. 20:01:30 <GeKo> would it make sense to think about some kind of hotfix for the stable users before we have the real stuff ready? 20:03:19 <arthuredelstein> Maybe -- one possibility is to limit the number of font queries allowed per first party domain. 20:03:46 <arthuredelstein> That is more similar to our old patch. Except the old patch limited by origin, which does not protect against multiple iframes querying fonts. 20:04:12 <arthuredelstein> I think that query limiting might be a good patch to have on top of the whitelisting, as a sort of defense in depth. 20:05:24 <mcs> How many issues are there other than #17550 and #17661? Maybe the full patch is close to acceptable? 20:06:44 <GeKo> mcs: i think we need to grab some ux people that need to do some serious testing on high-profile websites 20:06:57 <GeKo> at least 20:07:06 <huseby> sorry, I was done 20:07:09 <huseby> got distracted 20:07:14 <GeKo> no worries 20:07:25 <arthuredelstein> GeKo: I think that's a good idea. 20:07:50 <mikeperry> and probably also re-run dcf's fingerprinting experiment to see what the real benefit is from the font packs vs just a simple whitelist and a query limit 20:08:06 <GeKo> yes, good point 20:10:27 <arthuredelstein> mikeperry: Do you mean whitelist vs query limit? 20:10:44 <arthuredelstein> Or bundling vs whitelist? 20:11:38 <mikeperry> I think we could combine a per-OS whitelist with a query limit as well, without bundling, right? 20:11:42 <GeKo> okay, maybe getting the bugs above sorted out and mike's idea done until we ship 5.5a5 and then try to rope some ux people in to test the shit out of tha alpha migth be a plan 20:11:52 <GeKo> *the 20:12:19 <arthuredelstein> mikeperry: Yes, on Mac and Windows we basically have a whitelist and few fonts bundled. 20:12:42 <arthuredelstein> On Linux we're bundling all fonts because system fonts aren't very predictable. 20:13:15 <GeKo> arthuredelstein: oh, and i like your defense in depth idea (too) 20:13:55 <arthuredelstein> We had decided not to bundle fonts on Mac and Windows for UX reasons. So I'm not sure we want to go back to bundling on those platforms, even if it offers an improvement in anti-fingerprinting. 20:14:30 <mikeperry> ah, I missed that 20:15:05 <arthuredelstein> I mean, the decision is not set in stone. But you might remember we originally bundled all Noto fonts on all platforms, and nobody UXy liked that. 20:15:19 <GeKo> yeah, alas 20:16:09 <arthuredelstein> We could look for bundlable free fonts that make more people happier, but I think that is a very challenging project. 20:16:12 <mikeperry> right. I remember that. I didn't know that meant no bundled fonts at all for those OS's. but that does make sense. no need to bloat the download size 20:17:13 <arthuredelstein> It's a hard optimization problem given the tension between UX and fingerprintability. 20:17:39 <arthuredelstein> Also the need to test across platforms to decide what the effects of each font are. 20:18:02 <mcs> And letting users decide (e.g., via a pref) proably means not everyone will choose "less fingerprint-ability" who should (but s pref is a possibility) 20:18:14 <mcs> "a pref" 20:18:42 <arthuredelstein> mcs: What pref do you have in mind? 20:18:48 <GeKo> i think that is not going to work 20:19:03 <mcs> I do not have one in mind. We could create one to control this / provide options for people. 20:19:06 <GeKo> i mean we could do that but i see no sane way to explain that to users 20:19:18 <mcs> Right, hard to explain. 20:21:42 <arthuredelstein> So I guess the approach I was thinking of, is that we keep relaxing the constraints until UX is acceptable. 20:22:00 <arthuredelstein> And once we reach UX nirvana, we move it to stable. 20:22:19 <arthuredelstein> Then we can continue to tweak/harden the font whitelist and/or bundling as we learn more, in the alpha. 20:23:03 <GeKo> hrm. 20:23:14 <GeKo> yes, maybe we have to bite that bullet 20:23:36 <GeKo> no perfect solution might be better here than none 20:23:45 <arthuredelstein> That avoids having to wait for the font fingerprinting to be absolutely optimized, which is more akin to a research problem. 20:23:55 <GeKo> true 20:26:57 <arthuredelstein> I guess another question I have is whether query limiting (say bound to first party domain) is actually capable of offering any protection. 20:27:10 <arthuredelstein> That's also, unfortunately, a bit of a research problem I think. 20:29:33 <arthuredelstein> Like, if we allow only 5 font queries, that's still potentially 32 bits. 20:29:59 <GeKo> potentially, yes :) 20:30:11 <arthuredelstein> Argh, not bits, 32 distuingishable sets. 20:30:26 <arthuredelstein> So that patch may or may not be worth it. idk 20:30:44 <GeKo> i think going with the current plan sounds fine to me 20:31:05 <GeKo> we should reassess this after we got some serious UX feedback 20:31:14 <GeKo> in case majro surprises popped up 20:31:16 <GeKo> *major 20:31:55 <GeKo> (or dcf's tests remind us we are doing things wrong) 20:33:08 <arthuredelstein> Sounds good to me. 20:34:28 <mikeperry> yep 20:35:39 <mikeperry> alright, the build machine upgrade succeeded! 20:36:00 <GeKo> have you seen boklm's comment? 20:36:11 <GeKo> getting docker on it, too? 20:37:49 <mikeperry> ah, ok. doing that too 20:38:41 <mikeperry> ok, done, I think 20:40:51 <GeKo> do we have something else? i need to go afk soon. 20:41:12 <mikeperry> I think no 20:41:17 <mikeperry> thanks everyone! 20:41:24 <mikeperry> #endmeeting *baf*