#tor-dev log

18:00:48 <GeKo> #startmeeting tor browser
18:00:48 <MeetBot> Meeting started Mon Jun  5 18:00:48 2017 UTC.  The chair is GeKo. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:00:48 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
18:00:54 <GeKo> hi all!
18:00:58 <mcs> hi
18:01:08 <isabela> o/
18:01:08 <GeKo> as usual let's get started with the status updates
18:01:09 <boklm> hi
18:01:23 <GeKo> who wants to go first today?
18:01:55 * mcs will go first
18:02:03 <mcs> Last week, Kathy and I worked some more on #22471.
18:02:14 <mcs> We then switched to working on #22459 and produced a patch.
18:02:20 <mcs> We reviewed several patches.
18:02:24 <mcs> Also, we spent some time preparing and participating in the Tor Launcher automation meeting.
18:02:31 <mcs> This week, we will focus on updater testing for Tor Browser 7.0.
18:02:35 <mcs> We will also work on #22496, and if we have time we will return to #22471.
18:02:43 <mcs> That's all for us.
18:03:27 <GeKo> thanks. who is next?
18:04:16 <GeKo> nobody wants then i'll go
18:04:21 <Yawning> I sent more e-mail.
18:04:24 <Yawning> the end
18:04:34 <GeKo> thanks
18:04:46 <Yawning> sorry
18:04:56 <GeKo> np
18:05:16 <GeKo> last week i assembled all the necessary for the 7.0 release (i hope)
18:05:32 <GeKo> and started builds
18:05:48 <GeKo> we encountered some small missing pieces in build1 which are fixed in build2
18:06:04 <GeKo> build2 is uploaded into my build dir and signed
18:06:25 <GeKo> i did the begin-of-the-month-admin-work
18:06:43 <GeKo> and i started to look at changes coming in firefox 52.2.0esr
18:07:07 <GeKo> i'll start a build later today to check that we won't be surprised by build issues
18:07:30 <GeKo> this week i'll probably busy with releases/release preparations
18:07:37 <GeKo> that's it for me
18:08:24 * arthuredelstein can go
18:08:38 <arthuredelstein> Hi everyone -- over the past week,
18:08:44 <arthuredelstein> I wrote patches for #22452 and #22343
18:08:52 <arthuredelstein> tracked down and backported a fix for #22462,
18:09:00 <arthuredelstein> did some investigation of #21617,
18:09:14 <arthuredelstein> reviewed some Tor Browser tickets as well as https://bugzilla.mozilla.org/show_bug.cgi?id=1039069
18:09:28 <arthuredelstein> and I also started more work on #21762 issues.
18:09:37 <arthuredelstein> This week I will try to finish that ticket and look at #16341 and #21999.
18:09:53 <GeKo> what's left in #21762?
18:11:17 <GeKo> arthuredelstein: ^
18:11:21 <arthuredelstein> There are three things mentioned in the original description. At least two of them require no action. The third I am still investigating.
18:11:49 <GeKo> okay, cool.
18:11:54 <arthuredelstein> That one being blob favicons. I think it's actually safe, but I'm not 100% sure.
18:11:55 <GeKo> who is next?
18:12:02 * boklm can go next
18:12:04 <arthuredelstein> I also hope to work more on #21617 and #21448
18:12:12 <arthuredelstein> that's it for me :)
18:12:22 <boklm> I made a patch for #21704, which needs testing on a non-SSE2 Windows machine if we can find someone who has one.
18:12:28 <boklm> I helped build the new release, fixed #22328, #22003, #22479, and fixed some tests on #21982.
18:12:42 <boklm> I synchronized the tor-browser-build.git repo with the latest changes from tor-browser-bundle.git, closed #17380 and opened #22499.
18:12:58 <boklm> This week I'm planning to work on the panopticlick setup, and help with publishing the new release if we release it this week.
18:13:04 <boklm> That's it for me.
18:13:36 <GeKo> so, the errors that are still shown in the tests are in fact test errors?
18:13:53 <GeKo> are you working on fixing them as well this week?
18:14:04 <boklm> yes, I will fix them this week
18:14:14 <GeKo> cool, thanks
18:14:33 <GeKo> who else is here for a status update?
18:15:09 <tjr> I can go (sorry)
18:15:16 <GeKo> hi!
18:15:19 <tjr> I've been workign on the MinGW build and have made some progress
18:16:20 <tjr> Most notably I've got a almost-working build in TaskCluster: https://bugzilla.mozilla.org/show_bug.cgi?id=1330608
18:16:41 <tjr> It needs a couple peices of love, firstly the toolchain build grabs random tarballs and binaries and trusts them implicitly.
18:16:59 <tjr> The hard part there will be getting the zlib part of nsis to build without downloading a compiled zlib-for-windows
18:17:17 <tjr> The other piece is finishing the  patches for -central
18:17:35 <tjr> The most concernign of which is this new one: https://bugzilla.mozilla.org/show_bug.cgi?id=1365859 which uses a VS binary
18:17:58 <tjr> And then the other concerning one(s) would be the one that prevents the successful compilation of the browser from running
18:18:08 <GeKo> ugh
18:18:18 <tjr> Whichever that is! (Might be Skia, since I randomly just commented out assembly...)
18:19:39 <tjr> Aside from that I reviewed some windows hardening patches for little-t tor, which you saw GeKo
18:19:48 <GeKo> yep, thanks
18:20:40 <tjr> Mozilla turns that flag on, but I just realized it won't be turned on for TB
18:21:07 <tjr> I should figure out how to confirm that flag's effects, confirm it in little-t tor, and then we can enable it in TB
18:21:14 <tjr> That's all I have
18:21:21 <GeKo> that would be neat
18:22:11 <GeKo> tjr: did you get some responses to my "how can we get notified of tagged firefox releases"-mail?
18:23:04 <GeKo> another thing you  might be able to help with: if you have access to a really old windows machine to test the SSE2 requirement that would rock
18:23:10 <tjr> So I haven't prodded poeple on it because I think I have figured out the answer (in general) and need to solve it specifically for me as well
18:23:20 <GeKo> maybe mozilla has one still around? (see #21704)
18:23:29 <tjr> I believe that https://wiki.mozilla.org/Auto-tools/Projects/Pulse/Exchanges will do it
18:23:38 <GeKo> in comment:14 is a test bundle fwiw
18:23:39 <tjr> (will alert us on releases I mean)
18:24:11 <GeKo> aha
18:24:48 <GeKo> if you come up with a solution that works for you (and could work for us) i'd love to hear it :)
18:24:57 <tjr> I have to solve this problem for myself now for https://bugzilla.mozilla.org/show_bug.cgi?id=1361058 which is unrelated to Tor
18:25:12 <tjr> The goal for that is this month, so if that fits your timeframe I'll just plan on that
18:25:40 <GeKo> sure
18:25:46 <GeKo> that's fine
18:25:52 <tjr> I asked in #releng about a non-SSE2 machine. I do not have one.
18:26:07 <GeKo> ok.
18:26:19 <tjr> In theory I know one could emulate it by hooking the SPUID instruction in a Bochs emulator but.... that is not a straightforward solution hah
18:26:39 <GeKo> woah, i think we should try to keep it simple here :)
18:26:55 <GeKo> alright, anybody else for the status update?
18:27:25 <GeKo> okay, let's move on to the discussion part
18:27:31 <GeKo> i have three items i guess
18:27:39 <GeKo> 1) the 7.0 release
18:28:18 <GeKo> so far i have not heard about a show stopper. so, i am inclined to get the bundles out on wednesday before/around noon UTC
18:28:28 <GeKo> does that sound reasonable?
18:28:37 <GeKo> boklm: would that work for you?
18:28:48 <boklm> yes
18:29:00 <GeKo> ok. could you prepare the changelog tomorrow?
18:29:15 <boklm> the html changelog for the blog?
18:29:19 <GeKo> i'll be mostly offline due to a public holiday but i'll look over it
18:29:20 <GeKo> yes
18:29:23 <boklm> ok
18:29:59 <GeKo> hearing no objections, so let's go with that plan
18:30:06 <GeKo> 2) future work
18:30:48 <GeKo> i think we might be busy this month with getting the switch to esr52 properly done and with fixing the remaining issues/new ones
18:31:15 <GeKo> but longer term there are some things from our roadmap to keep in mind
18:31:41 <GeKo> arthuredelstein: you can start focusing on upstreaming our new patches and writing new ones for tracking/fingerprinting defenses
18:31:57 <GeKo> (after the 7.0 dust settles down)
18:32:11 <GeKo> mcs: i think for you are the tor launcher changes coming
18:32:25 <mcs> GeKo: yes
18:32:27 <GeKo> basically the stuff we talked about on friday
18:33:06 <GeKo> boklm: you'll have the pantopiclick as the item with the highest prio and then we need to finish the rbm switch and start working on 64bit windows builds
18:33:22 <boklm> ok
18:33:26 <GeKo> there a other parts like testing hardening options etc. as well
18:33:44 <GeKo> i think i can help with some of those, so that not all of it is on your plate alone
18:34:03 <tjr> Ooooh boy. We're going for 64bit on Windows? I guess I knew it was coming eventually....
18:34:24 <GeKo> does this big picture look reasonable? or am i missing something?
18:34:30 <GeKo> yes, we do!
18:34:39 <arthuredelstein> GeKo: Yes, I can work on those things. But these days I also feel a big sense of urgency on defenses against exploits.
18:35:31 <GeKo> yes, me too.
18:35:45 <GeKo> for that i'll try to get #16010 somehow fixed
18:36:07 <GeKo> that seems to be the most pressing item i think
18:37:13 <GeKo> arthuredelstein: there are things on our deliverable list that might intereest you then
18:37:27 <arthuredelstein> Yes, that will be great to have. My thoughts have been about such things as ubsan, cfi, build flags, partitioning allocator and the chromium sandbox.
18:37:34 <arthuredelstein> Not sure which of these fit with our deliverables
18:37:46 <GeKo> let me look
18:38:27 <GeKo> we have https://trac.torproject.org/projects/tor/wiki/org/roadmaps/TorBrowser
18:39:02 <GeKo> arthuredelstein: if you want to work on objective 3.2 go for it
18:39:50 <GeKo> Test impact and viability of hardening options: A) using Intel's MPX (memory
18:39:50 <GeKo> protection extension) for hardened builds, B) deploying STACK, which checks for
18:39:51 <GeKo> optimization-unstable code, C) SafeSEH (secure exception handling)
18:40:10 <GeKo> and activity 3 is
18:40:11 <GeKo> Test Undefined Behavior Sanitizer (UBSan) support for either hardened
18:40:12 <GeKo> standard builds or special QA builds, in order to identify critical compiling problems early
18:40:58 <arthuredelstein> Cool, thanks. Where's the part about MPX?
18:41:05 <GeKo> arthuredelstein: but please don't drop the other stuff i talked about :)
18:41:07 <arthuredelstein> Is that in the final deliverables doc?
18:41:13 <arthuredelstein> No, for sure I want to do those other things too!
18:41:17 <GeKo> #16352
18:41:24 <GeKo> arthuredelstein: yes
18:41:52 <GeKo> if you look at the text in the final otf proposal it is mentioned there
18:42:08 <arthuredelstein> Thanks, will do.
18:42:20 <GeKo> okay my item 3 is sandboxing
18:42:38 <isabela> !
18:42:41 <GeKo> we had some good discussion about it on tbb-dev thanks to yawning and others
18:42:55 <GeKo> now the question is how do we keep the  momentum and move things forward
18:43:04 <Yawning> "start paying for it"
18:43:16 <Yawning> >.>
18:43:26 <GeKo> yes, that's a good plan.
18:43:29 <isabela> hehehe
18:43:29 <tjr> Alex_Gaynor: ^
18:43:55 <GeKo> i think my point was and is that we need some kind of document
18:44:01 <Alex_Gaynor> tjr: where should I start reading?
18:44:11 <isabela> to organize the budget and be able to do so, it would be helpful for me at least to have the work that needs to be done organized in a pad or some place and then also be able to figure out how many ppl/for how long we estimate
18:44:17 <GeKo> outlining the stuff we want to do
18:44:20 <GeKo> yes
18:44:25 <GeKo> Alex_Gaynor: hi and welcome!
18:44:30 <Alex_Gaynor> 👋
18:44:31 <tjr> Just now.  For Windows, I think Alex and I's conclusion was that we could support either architecture (meta process or not) but that either would be hard
18:44:46 <Yawning> "Rewrite tor-launcher to be an external process that can handle downloading, installing, and updating firefox, without trusting it"
18:44:53 <Yawning> "with a better ui, and support for containerization"
18:45:52 <GeKo> i think that could be the abstract, yes :)
18:45:55 <Yawning> On Linux, there's nothing in theory that prevents firefox for forking/execing itself in a sandbox
18:46:00 <Yawning> beyond "I don't trust it to do so"
18:47:06 <GeKo> Yawning: i guess you thought about that the most. do you feel you could come up with a document of your idea
18:47:08 <isabela> is whatever happens on linux will be the same for macos?
18:47:08 <Yawning> but my tinfoil hat doesn't seem to keep the chemtrails out of my drinking water or whatever
18:47:23 <Yawning> GeKo: I'm busy because I need to pay rent
18:47:30 <GeKo> and all the folks knowing things about windows, osx or android could add to that
18:47:31 <Yawning> so, "no"?
18:47:43 <GeKo> ok.
18:47:45 <Yawning> I said what I think should happen in the thread :/
18:48:16 <isabela> i can start a pad and try to copy and paste things from the tbb-dev discussion there - maybe try to organize it by platform
18:48:18 <tjr> The pre-fork environment shouldn't process untrusted input though....
18:48:48 <GeKo> isabela: that would be neat. we could then nag people about adding "their" content
18:49:00 <isabela> or fixing my wrong copy and paste
18:49:00 <isabela> hehehe
18:49:03 <isabela> *fix
18:49:26 <Yawning> Really, the only odd thing out is android I think
18:49:39 <Yawning> and iShit phones
18:49:45 <Yawning> if we support those or are planning to
18:50:34 <GeKo> maybe.
18:50:36 <isabela> hmm i think iphone will take longer to be consider
18:51:24 <GeKo> i think it is fine planning without it for the time being
18:51:33 <isabela> would make sense to have it planed for android after drl project is done?
18:52:02 <Yawning> no
18:52:14 <Yawning> architecturally it doesn't make sense to plan for android at all in this
18:52:21 <Yawning> because it's Just That Different
18:52:41 <Yawning> imo
18:52:46 <Yawning> people are free to disagree
18:53:03 <Yawning> (this is also in the thread)
18:53:19 <GeKo> isabela: if we want to plan for it then it won't happen before the drl work anyway
18:53:28 <arthuredelstein> I think all platforms are worth doing so maybe it's good to plan for them all in any case.
18:53:34 <GeKo> yes
18:53:37 <Yawning> it's not that it's not worth doing
18:53:37 <isabela> ok
18:53:43 <isabela> i will start the pad with it all
18:53:53 <Yawning> there's Good Reasons why, it will be a nightmare to do on android and sort of pointless
18:53:56 <Yawning> :/
18:54:10 <arthuredelstein> Yawning: Even that's worth fleshing out in a document though :)
18:54:20 <Yawning> I wrote an email flishing it out
18:54:37 <Yawning> anyway, the document should separate concerns between the UI/UX
18:54:48 <Yawning> (which are mostly irrelevant beyond, it needs to happen, and it needs to not suck)
18:54:52 <GeKo> arthuredelstein: yes, i want to have  limits in that document too
18:55:06 <Yawning> and all the actually important things that this will do
18:55:17 <Yawning> like being able to spawn /configure tor
18:55:25 <Yawning> install shit, update stuff, use containers/sandboxing
18:55:28 <Yawning> etc etc etc
18:56:12 <Yawning> and I guess patching tor button to talk to a meta process (though that should be fairly easy)
18:56:41 <Yawning> (at least I thought of a way to do it, when doing the linux stuff, but ran out of time before I implemented it)
18:57:11 <Yawning> also I assume that we want to do this once and only once
18:57:20 <Yawning> and not like, once per platform
18:57:34 <Yawning> which probably rules out stuff like "write something in python"
18:57:43 <GeKo> if possible, yes, i think
18:58:07 <Yawning> because packaging that for windows would be a huge shitfest
18:58:14 <Yawning> if obfsproxy (python) is anything to go by
18:58:27 <Yawning> (or fte for that matter)
18:58:48 <GeKo> okay. do we have anything else to discuss in the remaining time?
18:58:55 <iry> yes
18:59:01 <GeKo> hi!
18:59:14 <GeKo> go for it
18:59:23 <iry> I am wondering if we could continue the last discussion about the new Tor launcher(sorry for the accidental disconnection last time).
18:59:27 <arthuredelstein> (I think it's worth considering what sandboxing features are possible to implement _before_ a tor-launcher replacement is written.)
18:59:39 <Yawning> (If I were to do this, C++/Qt or something, and I think about a year of my time)
18:59:44 <meejah> Yawning: a colleague of mine has managed to make a python thing packaged to work on All The OSes (but that doesn't mean it's "not a shitfest on windows" ;/ )
18:59:58 <iry> I notice that arthuredelstein said
18:59:58 <iry> "
18:59:58 <iry> 18:32:07 <arthuredelstein> A related issue is something I was discussing with Yawning a couple of days ago, as a result of his email thread on tbb-dev.
18:59:58 <iry> 18:32:31 <arthuredelstein> He's wondering how the tor-launcher automation fits in with sandboxing.
18:59:59 <iry> 18:32:53 <arthuredelstein> That is, his sandbox approach probably requires a separate-process tor-launcher.
19:00:01 <iry> 18:33:51 <arthuredelstein> So the question is whether the new UI should be developed in the same JS extension or as a new separate program using QT or similar.
19:00:04 <iry> 18:34:57 <arthuredelstein> Or possibly iry's python-based project would be a way to do it."
19:00:04 <meejah> it's Python, Twisted and Qt
19:00:09 <GeKo> iry: http://meetbot.debian.net/tor-project/2017/tor-project.2017-06-02-18.04.txt
19:00:22 <iry> But people are concered that "try to re-write in QT we will probably fail to deliver on time."
19:00:23 <iry> What I just would like to inform you that the all the basic functions of python-based Tor launcher have been implemented now actually(and you try it if you are interested in it). (There are still some issue like how to remember user's last settingf or GUI, but they probably can be fixed without too much effort).
19:00:24 <Yawning> meejah: thanks for volunteering
19:00:33 <GeKo> that's what we came up with last friday in our meeting on #tor-project
19:00:35 <iry> yes i went over the friday log
19:00:39 <Yawning> meejah: does it build terministically?
19:00:42 <meejah> volunteering to point you at his repo? ;)
19:00:46 <Yawning> no
19:00:55 <meejah> i do not believe it does deterministic builds
19:00:56 <meejah> :(
19:01:16 <GeKo> iry: let's close the meeting first so we don't block the channel
19:01:21 <Yawning> a huge part of what makes this rediculous is deterministic python for windows, with modules that call native code
19:01:22 <iry> So I am wondering if it still can be an option for us to implement the automation based on it. And since it's written in Python, the automation based on it may be even easier. What do you think?
19:01:28 <iry> okay!
19:01:35 <GeKo> thanks all for the meeting *baf*
19:01:38 <GeKo> #endmeeting