#tor-meeting log

19:00:36 <GeKo> #startmeeting tor browser
19:00:36 <MeetBot> Meeting started Tue Nov 21 19:00:36 2017 UTC.  The chair is GeKo. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:00:36 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
19:00:47 <GeKo> hi all!
19:00:51 <boklm> hi!
19:00:59 <pospeselr> good morning/afternoon/evening!
19:01:07 <GeKo> o/
19:01:10 <mcs> hi
19:01:18 <GeKo> so let's get started with some status updates
19:01:25 <GeKo> i can go first today
19:01:25 <arthuredelstein> hi everyone!
19:01:49 <GeKo> last week i was mainly in valencia at the OTF summit
19:01:59 <GeKo> then i worked at the roadmap
19:02:29 <GeKo> and i mainly tried to get STACK running #12420
19:02:55 <GeKo> i need to update that ticket but i think i am done with the sponsor4 work for that one
19:03:25 <GeKo> this week i plan to work on a blog post for fastly, think about #20322
19:03:34 <GeKo> do the roadmap finalizing
19:03:42 <GeKo> and try to help with remaining sponsor4 items
19:03:58 <armadev> geko: i sent you what i hope is a useful outline, and partial text, for the blog post
19:04:21 <GeKo> yep, it is thanks
19:04:42 <GeKo> i'll spent my time tomorrow getting something up
19:05:02 <GeKo> that's it for me
19:05:10 <GeKo> who is next?
19:05:14 * boklm can go next
19:05:32 <boklm> This past week I helped publish the new releases. While doing the alpha signing I worked on #24332.
19:05:41 <boklm> Then I started working on #21998 and got distracted by #24361. I also looked at #24341 and started working on some ansible script for #23738.
19:05:53 <boklm> This week I'm planning to finish #23738, work on #21998 and look at the Android OS applications.
19:05:58 <boklm> That's it for me.
19:06:17 <pospeselr> cool, I can go
19:06:55 <pospeselr> fixed the OSX build issue for #23016, reported and partially investigated #24341
19:07:07 <pospeselr> reviewed/investigated #18101
19:07:26 <pospeselr> as it turns out, we don't need to do any uplift for #23016 to firefox main
19:07:39 <pospeselr> as the offending system (nsLocaleService) no longer exists
19:08:00 <pospeselr> so it doesn't have a chance to stomp over locale settings
19:08:13 <GeKo> since when? because i am pretty sure i saw this issue in a vanilla firefox 56
19:08:34 <pospeselr> umm, as of middle of this year I think?
19:08:51 <GeKo> hm, hm, okay
19:09:09 <pospeselr> I can dig it up later for you if you like
19:09:27 <GeKo> that would be neat. could you add it to the ticket?
19:09:33 <pospeselr> yeah for sure
19:09:38 <GeKo> thanks
19:09:53 <pospeselr> and today i'm porting back the firefox sandbox patches
19:10:37 <pospeselr> and that's it for me
19:10:47 <tjr> What's the sandbox portback?
19:10:53 <pospeselr> #23970
19:10:55 <pospeselr> i believe
19:11:07 <tjr> ah, thanks
19:12:17 * arthuredelstein can go
19:12:19 <GeKo> who is next?
19:12:23 <GeKo> ah, go then :)
19:12:38 <arthuredelstein> Last week I worked on #18101. pospeselr gave me some very helpful feedback and I decided to try an approach he suggested, which is to "detour" (hook) the function responsible for the DNS leak.
19:12:52 <arthuredelstein> Using WinDbg I have found the call path responsible and am working on trying to get Mozilla's detour code to work.
19:13:06 <arthuredelstein> I also sent a proposal to tbb-dev about nightly rebasing of Tor Browser as we discussed in Montreal. Interested to hear your views.
19:13:12 <arthuredelstein> And I took a couple of days off because I had the flu.
19:13:35 <arthuredelstein> This week I will try to finish up a new patch for #18101. And I will be afk from Wed-Fri because of the US Thanksgiving holiday.
19:13:59 <pospeselr> oh yeah, same for me (Thu-Fri)
19:14:08 <boklm> I didn't see the mail to tbb-dev. When was it sent?
19:14:12 <arthuredelstein> That's it for me.
19:14:19 <arthuredelstein> I just sent it shortly before the meeting.
19:14:28 <GeKo> a couple of minutes ago
19:14:45 <boklm> ah ok, thanks.
19:15:03 <arthuredelstein> That's it for me.
19:15:13 <GeKo> thanks, i hope you feel better again :)
19:15:15 * mcs will go next
19:15:24 <arthuredelstein> thanks! mostly :)
19:15:29 <mcs> Last week, Kathy and I helped with bug triage and spent more time on moat integration (#23136).
19:15:36 <mcs> We did some work on integration with the moat server but got stuck and emailed Isis.
19:15:42 <mcs> We then started work on the UI part that will fit within the Tor Launcher setup wizard.
19:15:47 <mcs> This week we will work more on moat integration, although it will be a short week due to the U.S. Thanksgiving holiday.
19:15:55 <mcs> That’s all for us.
19:17:34 <GeKo> thanks. anyone else here for an update?
19:19:08 <GeKo> okay, discussion time i guess
19:19:38 <GeKo> most importantly: the remaining items for sponsor4
19:19:58 <GeKo> we have roughly two regular weeks left
19:20:25 <GeKo> it's realistic to assume we won't have moat running within that timeframe
19:21:14 <GeKo> the other more problematic item was the fuzzing part with ASan builds
19:21:29 <GeKo> what do we think about that one?
19:21:38 <GeKo> boklm: arthuredelstein ^
19:22:51 <arthuredelstein> I haven't thought much about fuzzing. I have been working on the mpx thing
19:23:16 <boklm> I think having ASan builds should be possible. But I'm not sure how much fuzzing can be done in that time.
19:24:18 <GeKo> okay. i'll put the fuzzing part on my plate then and try to come up with something
19:24:42 <GeKo> then we have the roadmap
19:24:43 <arthuredelstein> What do you think would fulfill the fuzzing requirement?
19:24:56 <arthuredelstein> Does it need to be with the Asan build or can it be separate?
19:25:21 <GeKo> i think one could argue to separate both things
19:25:41 <GeKo> the contract says doing fuzzing with asan builds
19:25:52 <arthuredelstein> One simple thing could be to take an existing build and just an exiting fuzzer on it.
19:25:57 <arthuredelstein> existing
19:26:08 <GeKo> that's my current plan
19:26:24 <GeKo> or i do a local asan build or something
19:26:30 <GeKo> and use that one
19:27:15 <GeKo> at the end we probably want that integrated into our QA efforts
19:27:39 <arthuredelstein> sounds good
19:27:44 <boklm> yes
19:27:50 <tjr> I had an item to ask about
19:27:54 <GeKo> but that's not something we need to deliver right now
19:28:01 <arthuredelstein> I'm also open to working on fuzzing if you think it's higher priority than mpx
19:28:35 <GeKo> we need both :) so, do the mpx thing and i try to come up with something for the fuzzing part
19:28:44 <GeKo> tjr: go
19:28:48 <arthuredelstein> ok!
19:29:06 <tjr> I think I got roped into something odd in https://trac.torproject.org/projects/tor/ticket/23442#comment:8 after talking with cypherpunks on irc - does anyone have context on this?
19:30:20 <pospeselr> I ran into a similar issue earlier this week in an older tor-browser branch on windows
19:30:30 <GeKo> dunno what the cypherpunk wants
19:31:07 <GeKo> i think we are fine with the fix we have
19:31:19 <pospeselr> re-applied my changes to newer branch (tor-browser-52.5.0esr-7.5-1) and it went away
19:31:24 <pospeselr> assuming thats' the memmove issue
19:31:43 <GeKo> yes, the fix landed recently on that branch
19:32:18 <pospeselr> oh something 'cool' I discovered this morning
19:32:50 <pospeselr> since the nsis installer is 32-bit, you can install 64-bit tor-browser on 32-bit windows
19:33:12 <pospeselr> and doesn't give any indication of anything going wrong, until you try to manually launch the browser from explorer
19:33:46 <boklm> ah yes
19:34:04 <pospeselr> like a dummy i've a 32-bit windows vm :argh:
19:34:07 <pospeselr> anyway
19:34:12 <boklm> maybe we can detect that to give an error in the installer
19:34:36 <pospeselr> yeah
19:35:01 <pospeselr> i can look into investigating that this week, i played with nsis several years ago for some side project
19:35:21 <GeKo> i think that's an alpha issue we should fix before we switch to stable
19:35:37 <GeKo> and the fix should be to get nsis built properly
19:35:50 <boklm> tjr: what is the "cert verifier failing" issue?
19:36:04 <tjr> boklm: I have no diea
19:36:19 <GeKo> so, we should not try to add another workaround on top of our workaround
19:37:53 <GeKo> so, the roadmap. i wrote an email yesterday to tbb-dev and i think i have put in most of the wishes that got mentioned
19:38:08 <GeKo> does the result look reasonable to everyone?
19:38:19 <GeKo> or should we change/amend things?
19:38:39 <GeKo> there is one thing missing yet, though, the ux improvements for .onions
19:38:45 <mcs> I have not looked at the updated roadmap yet.
19:38:50 <GeKo> we'll have a meeting here tomorrow the same time
19:39:11 <GeKo> mcs: okay. then please do it within the next days
19:39:39 <GeKo> and we can have a final discussion next week, taking the .onion UX improvements into account
19:40:05 <GeKo> most items have been discussed in montreal
19:40:08 <mcs> okay
19:40:37 <GeKo> i added a big one which i think richard can work on in jan/feb that is about mitigating proxy bypasses better
19:40:52 <GeKo> there are some things we might be able to do
19:41:21 <GeKo> which we want anyway and it seems like it's time :) (given the experiences we had in the last months)
19:41:45 <pospeselr> cooool
19:41:53 <arthuredelstein> I'm curious about "'A2.1 Implement new security controls". What does that involve?
19:42:51 <GeKo> that't the idea about trying to streamline the buttons we have on the toolbar and what i would label "per-site security settings" (although we probably won't get that one)
19:42:58 <GeKo> and how to expose that to users
19:43:17 <GeKo> *that's
19:43:33 <GeKo> i should probably reword that one a bit
19:43:56 <GeKo> it's an item the UX people are working on in a new grant
19:44:36 <arthuredelstein> Ah, ok. I'd be potentially interested in working on that as well or at least to be involved in the design.
19:45:10 <GeKo> yep
19:47:01 <arthuredelstein> Something else not mentioned in the roadmap is working on performance
19:47:45 <arthuredelstein> It's hard to know if there are still low-hanging fruit in that department.
19:48:08 <arthuredelstein> But it's one of our big pain points for users I think.
19:48:16 <tjr> Making disabling the JIT only affect web content is probably one
19:48:25 <GeKo> arthuredelstein: i have the involvement regarding design in the previous months covered in "tb-team" in the respective items
19:48:35 <tjr> That browser; HTTP2 could be one in network performance
19:49:18 <arthuredelstein> GeKo: cool :)
19:49:40 <arthuredelstein> tjr: These are good points. I wonder if we already have tickets for these two.
19:50:01 <GeKo> we have i think
19:50:30 <GeKo> so, the HTTP2 could be easily worked on when looking at linkability/fingerprintablity bugs
19:50:40 <arthuredelstein> right
19:50:57 <GeKo> because we have it disabled right now only due to that
19:51:26 <arthuredelstein> another thing is tls session tickets/ids
19:51:32 <arthuredelstein> that goes under linkability as well
19:51:35 <GeKo> i general i am fine looking at remaining low hanging fruits performance wise after the dust settles
19:51:36 <GeKo> yes
19:52:00 <GeKo> i am not sure whether we need a special item on our side on the roadmap, though
19:52:44 <GeKo> tjr: i don't think we disable JIT for chrome right now but web extensions are affected, yes
19:53:33 <GeKo> so, everyone, think about it until next week and then we can move things around if we still feel that's needed
19:53:47 <GeKo> the final item i have is meeting procedures
19:54:23 <GeKo> in a couple of days we'll have at least two more attendees, working on the mobile stuff
19:54:48 <GeKo> it might be too time-consuming to do the report as we have it right now
19:55:09 <GeKo> i think i want to switch to what the network-team and the vegas-team is doing
19:55:52 <GeKo> there will be pad where everyone writes what they did last week and what is planned for the next week
19:56:05 <GeKo> only items marked in bold are discussed
19:56:30 <GeKo> at the beginning everyone is reading all the notes and is marking items in bold they think they should be discussed
19:56:55 <GeKo> and then the meetings starts with those items getting addressed top to down
19:57:16 <GeKo> that should speed things up while not losing much substance (if any at all)
19:57:43 <GeKo> if that does not make much sense then please speak up
19:57:51 <GeKo> either now or later on tbb-dev
19:57:57 <mcs> It makes sense to me.
19:57:58 <arthuredelstein> sounds good to me
19:58:01 <GeKo> i'll send an email to the list announcing the changes
19:58:02 <pospeselr> sounds good
19:58:03 <boklm> sounds good to me
19:58:14 <GeKo> great!
19:58:27 <GeKo> that's all i had on my list for the discussion part
19:58:35 <GeKo> do we have anything else for today?
20:00:24 <GeKo> okay, thanks for joining and a nice thanksgiving for the folks in the US *baf*
20:00:33 <GeKo> #endmeeting