#tor-meeting log

15:00:54 <richard> #startmeeting Tor Browser Weekly Meeting 2022-01-24
15:00:54 <MeetBot> Meeting started Mon Jan 24 15:00:54 2022 UTC.  The chair is richard. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:54 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
15:01:00 <sysrqb> \o/
15:01:00 <richard> bam nailed it
15:01:08 <sysrqb> first time
15:02:20 <donuts> o/
15:02:34 <donuts> I have to look up those commands every time, even a year in
15:02:47 <richard> I stored it in the pad vOv
15:02:52 <boklm> hi
15:03:48 <donuts> ahh clever
15:05:27 <donuts> pad: https://pad.riseup.net/p/tor-tbb-keep
15:05:36 <richard> ah yes^
15:05:50 <richard> what's the status of the 11.5a2 alpha?
15:06:31 <sysrqb> boklm included an update in their status
15:06:34 <boklm> I had some issue while doing the signing, which should be solved now, so will be ready soon
15:07:03 <donuts> great! :)
15:07:08 <richard> ah great!
15:08:30 <GeKo> sysrqb: what is blocking the mobile alpha release?
15:09:12 <sysrqb> GeKo: creating the blog post, I've gotten distracted, but should be published today
15:09:24 <sysrqb> i already uploaded on google play
15:09:41 <GeKo> okay, i was wondering as i can do signing and releasing, too, and thought helping you
15:09:48 <GeKo> but did not know what the problem was
15:10:03 <sysrqb> actually, on that topic, i lost the link you send me last year for testing your signed apk
15:10:14 <sysrqb> and i wanted to ping you about that again
15:10:23 <sysrqb> can you give me the link again, somewhere?
15:10:30 <richard> sysrqb: speaking of signing, do you think you can walk me through the signing process this week?
15:10:57 <sysrqb> richard: definitely. let's pick a day after
15:11:04 <richard> ok
15:11:44 <richard> i took a look at our release schedule this morning, and have discovered it's a bit optimistic, so I'll see about getting that updated this week
15:12:04 <sysrqb> optimistic in terms of Android releases?
15:12:18 <sysrqb> (desktop is relatively fixed in stone)
15:12:34 <richard> mostly optimistic in the number desktop of alphas we'd have by now :p
15:12:43 <sysrqb> ah
15:12:53 <sysrqb> yes
15:13:16 <sysrqb> updating the schedule so it reflects where we are now is a good idea
15:13:17 <GeKo> sysrqb: https://people.torproject.org/~gk/misc/26536_fix/tor-browser-10.5.10-android-armv7-multi_26536.apk.asc
15:13:19 <GeKo> sysrqb: https://people.torproject.org/~gk/misc/26536_fix/tor-browser-10.5.10-android-armv7-multi_26536.apk
15:13:29 <sysrqb> GeKo: thanks
15:13:32 <GeKo> (now it's baked into the meeting log :))
15:13:39 <richard> :)
15:13:47 * donuts is catching up, was busy writing in the pad
15:13:52 <GeKo> but you have to remember which meeting it was ;)
15:14:16 <richard> aguestuser: I suspect the answers to your questions in the discussion is some combination of boklm and sysrqb
15:14:16 <sysrqb> indeed
15:14:54 <sysrqb> yeah
15:14:59 <PieroV> I am also working on that
15:15:09 <sysrqb> i see three dividsions divisions of labor here
15:15:14 <sysrqb> PieroV: I agree
15:15:27 <PieroV> Last time I stopped at fenix, but geckoview and android components should be buildable now
15:15:46 <PieroV> The MR for geckoview is still valid, but I haven't created one for android-components, yet
15:16:02 <PieroV> I was hoping to test everything before creating the MR
15:16:39 <sysrqb> boklm usually works on the toolchain (tor-browser-build updates), PieroV works on geckoview rebase, and aguestuser will work on fenix
15:16:47 <PieroV> But I can open the MR for android-components, and somehow integrate my changes in tor-browser-build, so also aguestuser can build my changes
15:16:49 <richard> mmhm
15:17:15 <sysrqb> and then whoever finishs their work first can work on rebasing android-components (but I suspect that will usually be aguestuser )
15:17:31 <boklm> I have started a branch for tor-browser-build changes: https://gitlab.torproject.org/boklm/tor-browser-build/-/tree/mozilla96
15:18:09 <PieroV> boklm: should I open an MR to your repo, for the updated gradle-dependencies.txt?
15:18:19 <aguestuser> PieroV curious: (1) do you have a link to a working branch i could look at? (2) how do you plan to "test everything?" (in general trying to learn how we test)
15:18:46 <aguestuser> ((1) is for learning but also to test a dev flow i'm working on...))
15:19:30 <PieroV> (1): I only have a MR for geckoview, but you would need to change some files in tor-browser-build to test it
15:20:11 <aguestuser> PieroV working on a "fast iterations" workflow that bypasses tbb (to see changes in the fenix layer more quickly. this might be an interesting test case. might not!)
15:20:12 <boklm> PieroV: I think you can push a branch on your repo, and I can cherry-pick your commit
15:20:37 <sysrqb> (s/tbb/tor-browser-build/)
15:20:47 <aguestuser> ^-- yes!
15:21:01 <GeKo> sysrqb: it's worth thinking about a slight deviation in that division plan given that boklm is only part time working and has other stuff on his plate
15:21:07 <GeKo> maybe that is cool
15:21:07 <PieroV> aguestuser: (2): I'm not sure, just seeing that TBA opens, can browser a bit and in the tor network would be enough to start for me :)
15:21:30 <sysrqb> aguestuser: i only clarified because Tor Browser was previously called Tor Browser Bundle (or TBB)
15:21:30 <aguestuser> PieroV cool! :)
15:21:33 <GeKo> but maybe it's worth figuring something out so that no one is blocked on toolchain updates they wait on
15:21:37 <PieroV> For the real tests you should ask the others :)
15:21:46 <richard> PieroV: if possible I'd like you to finish any remaining patch shuffling required for tor-browser#40562, perhaps optimistic but I'd like to see the next the next alpha (eg 11.5a3 or whatever) based off the re-orderded patch-set
15:21:48 <PieroV> boklm: okay, will do
15:21:51 <aguestuser> sysrqb good clarification!
15:22:16 <PieroV> richard: I tried building at every commit, and it worked for me
15:22:32 <aguestuser> sysrqb richard (sorry for crossing streams w/ patch disco): do we have a target date for landing all 3 android rebases?
15:22:35 <sysrqb> GeKo: yes, that may be true, richard can re-distribute tasks as needed
15:22:39 <richard> interesting
15:22:48 <PieroV> richard: so I am waiting for you to tell me any other problems you find...
15:22:58 <sysrqb> aguestuser: asap? :)
15:23:06 <GeKo> richard: so, now you are aware of that :)
15:23:21 <GeKo> i recall when acat, sysrqb, and i jumped on that faster mobile train
15:23:24 <PieroV> the only thing that is missing for tor-browser#40562 is moving the prefs before the tor group
15:23:26 <richard> ok i'll ping you after the meeting once I verify
15:23:36 <GeKo> i worked full time on toolchain updates and that work okay-ish
15:23:56 <GeKo> but just with part time working only on toolchain updates that might have been way harder
15:24:15 <GeKo> *worked
15:24:34 <GeKo> and boklm is working on other stuff, too...
15:25:40 <boklm> PieroV: you can also include commits to use for testing non-merged branches, similar to this: https://gitlab.torproject.org/boklm/tor-browser-build/-/commit/ae691a2f9311f77c30d780aefb07c3184212a555
15:25:50 <boklm> (and we drop those commits before merging)
15:26:32 <PieroV> ack
15:26:50 <richard> aguestuser, PieroV: not sure it y'all are aware of it yet, but for git_url you can also point to a local .git directory (eg /home/aguestuser/tor-browser/.git )
15:27:06 <PieroV> yep, that's the first thing you told me :)
15:27:49 <richard> okey then
15:28:21 <boklm> I can help PieroV or aguestuser do the toolchain updates (for moz96, or for the next one)
15:29:16 <PieroV> When you say updating the toolchain, what are you referring to, in particular? Android SDK, compiler version, etc...?
15:29:30 <boklm> yes
15:29:59 <boklm> the updates listed in `make list_toolchain_updates-*`
15:30:00 <richard> do we have that documented anywhere (eg things that we want to update for android builds?)
15:30:19 <richard> i have my list for things we generally care about for desktop (openssl, go, etc)
15:31:29 <sysrqb> i think PieroV should look at the geckoview branch and update it with the fixes and patchset reorganization from the desktop branch, as well
15:31:31 <boklm> the process is to run `make list_toolchain_updates-$component` for each component, to get the list of updates we need
15:31:49 <sysrqb> (but that shouldn't prevent working on the toolchain updates)
15:32:16 <richard> boklm: oh neat
15:32:21 <PieroV> sysrqb: okay
15:32:46 <boklm> (after updating the commit in steps/list_toolchain_updates in projects/$component/config)
15:33:15 <sysrqb> PieroV: but richard can help prioritize work
15:33:33 <sysrqb> i don't know if they feel one of these is more important than the other
15:34:06 <richard> indeed i have no intuition on these matters
15:34:34 <PieroV> right now I'm working on tor-browser#40774, which is sponsor 33 work
15:34:46 <sysrqb> 33? :)
15:34:53 <sysrqb> is that 96?
15:34:57 <richard> I'm inclined to say aguestuser should take the toolchain stuffs while PieroV works on the s96 stuff
15:35:00 <richard> yeah 40774
15:35:07 <PieroV> Is it the issue with top priority for me? Or should I prioritize TBA?
15:35:08 <sysrqb> sounds good to me
15:35:24 <PieroV> s/33/30
15:35:35 <sysrqb> ah! yes :)
15:35:42 <richard> 30/96 whichever vOv
15:35:49 <aguestuser> richard happy to. i could use guidance on what is entailed in "toolchain stuffs"
15:36:15 <richard> yeah let 40774 be your top priority for this week outside any feedback on the patch re-ordering MR
15:36:24 <aguestuser> (honestly could use guidance on most parts through this first flow, but really no idea what is entailed in updating toolchain other than setting new dependencies as discussed above)
15:36:40 <sysrqb> aguestuser: yeah
15:36:50 <aguestuser> sysrqb maybe i could hold questions and we can chat after meeting to make a gameplan?
15:37:02 <sysrqb> maybe the best next steps are for aguestuser and me look through the current status of all of the patches
15:37:22 <sysrqb> PieroV: if you can open a MR with your tor-browser-build patches, that will help
15:37:38 <sysrqb> and we can see how far we get in the Fenix96 build
15:37:38 <PieroV> aguestuser: for example, clang 13.0.0 has some problems with compiler_rt, so it fails to compile even the testing programs
15:37:54 <PieroV> sysrqb: I started from boklm's mozilla_96
15:38:07 <sysrqb> ah, okay, great
15:38:12 <PieroV> So he suggested that I push on my fork instead
15:38:20 <sysrqb> sounds good to me
15:38:41 <PieroV> However that is not enough to get geckoview picked up
15:38:53 <boklm> tor-browser-build#40418 is the ticket
15:39:06 <PieroV> I haven't understood why, but my geckoview is created as geckoview-beta-omni
15:39:39 <PieroV> so android-components pickup Mozilla's geckoview
15:40:09 <sysrqb> interesting, okay
15:41:02 <richard> ok donuts, so whats' the deal with tor-browser#19850 ?
15:41:21 <sysrqb> ( aguestuser let's sync after the meeting)
15:41:39 <donuts> richard: well since HTTPS-E is in maintenance mode pending final deprecation, I thought we should get this back on the roadmap soon
15:41:49 <aguestuser> sysrqb +1
15:42:00 <donuts> I was going to do a recap in the ticket first to make sure I understand all the moving parts, and then we can take it from there?
15:42:37 <GeKo> yes, please
15:42:40 <donuts> replacing human readable onion names for securedrop will be tricky, but maybe there's a workaround
15:42:58 <GeKo> that's a thing i like to see with my network-health hat getting moved forward :)
15:43:09 <GeKo> (as well)
15:43:17 <donuts> aha :)
15:43:22 <sysrqb> :)
15:43:24 <richard> so IIRC the plan from last year was to integrate https-everywhere rust implementation into firefox directly
15:43:30 <richard> and yank out the deprecated extension
15:43:35 <donuts> oh I see
15:43:52 <donuts> where's that happening?
15:44:04 <richard> sysrqb: do you know if anything has changed in this space to make us change plans?
15:44:07 * Jeremy_Rand_Talos_ notes that Namecoin could hypothetically be a thing for replacing HTTPSE :)
15:44:58 <donuts> this is just to replace the old proof of concept rather than do human readable onions for real
15:45:26 <boklm> does eff plan to maintain the https-everywhere rust implementation?
15:45:32 <sysrqb> richard: no, i believe the most recent plan we have is: 1) try integrating the https-e core lib and continue using the FPF securedrop ruleset, drop https-e as a webex and enable HTTPS-Only Mode
15:45:47 <GeKo> richard: i think the plan was always to get https-only mode going
15:46:03 <sysrqb> 2) re-evaulate if one of these fails
15:46:13 <Jeremy_Rand_Talos_> donuts, right, I know.  And Namecoin makes some different tradeoffs than HTTPSE.  So it won't meet everyone's needs.
15:46:16 <richard> right that makes sense
15:46:19 <GeKo> https-e is just a hack along that way
15:46:59 <richard> so as to where/when that woudl be happening I would think that'd be a logical next thign to tackle after s96 work is complete
15:47:04 <donuts> Jeremy_Rand_Talos_: yep :)
15:47:42 <donuts> richard: is there a date for actual HTTPS-E deprecation? the links I can find just say late 2022
15:47:50 <donuts> and TB12 may be cutting it a bit close
15:47:55 <richard> sysrqb^ ?
15:48:16 <sysrqb> i believe it is "ASAP but without hurting us"
15:48:17 <donuts> (assuming after S96 is complete = TB12 probably)
15:48:32 <sysrqb> i don't know if Tor Browser is the only blocker for EFF drpoping https-e support
15:48:45 <sysrqb> but we are likely one of the only reasons
15:49:00 <sysrqb> but we are in contact with them (and FPF)
15:49:25 <sysrqb> and I mentioned to richard that PieroV  may be a good person to pick up this project in the near future
15:49:32 <richard> mmhm
15:49:35 <donuts> got it, ty for the info
15:49:44 <sysrqb> and coordinate with both orgs
15:50:09 <PieroV> sysrqb: which project, exactly?
15:50:33 <PieroV> (and I know EFF, but what is FPF?)
15:50:41 <richard> freedom of the press foundation iirc?
15:50:48 <sysrqb> PieroV: replacing the https-everywhere webextension with Firefox's HTTPS-Only Mode
15:50:49 <donuts> yep :)
15:50:51 <donuts> PieroV: tor-browser#19850 I assume
15:50:58 <richard> donuts: yep
15:51:12 <PieroV> oh, okay, thanks :)
15:51:30 <sysrqb> PieroV: and continue consuming the Securedrop ruleset and redirects using the https-everywhere core library (rust)
15:51:45 <sysrqb> so there are a few different parts in this project
15:52:26 <donuts> iirc the security slider flips some HTTPS-E prefs, right? Do we need to rip that out and do something different there too?
15:52:31 <aguestuser> PieroV for context: FPF maintains Securedrop, which leverages a set of custom rulesets to allow them to give newsrooms memorable urls for onion services for leakers to use instead of long hard-to-remember hhashes
15:52:42 <aguestuser> (sorry if you already knew that!)
15:53:11 <donuts> for ref: https://securedrop.org/news/introducing-onion-names-securedrop/
15:53:12 <PieroV> Yeah, I encountered this, and also opened a ticket about it, because it has a small problem with opening links in new tabs/windows :)
15:53:21 <aguestuser> :)
15:53:21 <richard> donuts: i don't remember if security slider/level touches https prefs
15:53:22 <sysrqb> donuts: i don't believe the security slider changes any https-e configuration
15:53:29 <donuts> oh okay great, ty both
15:53:34 <PieroV> So I also know securedrop, but I didn't remember that it is maintained by FPF
15:53:47 <richard> ok, we're nearing the hour
15:53:56 <richard> do we have anything else pressing? we all good for now?
15:54:05 <PieroV> A small question
15:54:08 <Jeremy_Rand_Talos_> richard, see my bold item
15:54:14 <donuts> thanks for the https info, got a better understanding of the plan there now!
15:54:24 <donuts> I'll have a think about the UX aspects too
15:54:39 <richard> Jeremy_Rand_Talos_ looks like that'd be me, could you forward it to me?
15:54:54 <PieroV> About #40777: https://gitlab.torproject.org/tpo/applications/tor-launcher/-/merge_requests/16/diffs this is to be also fixed, then right?
15:55:16 <Jeremy_Rand_Talos_> richard, via private email?
15:55:28 <richard> yeah that works
15:55:38 <Jeremy_Rand_Talos_> yes, I will forward it your way, thanks.
15:56:05 <sysrqb> tor-browser#40777
15:56:48 <sysrqb> PieroV: is that a question for richard and/or donuts ?
15:56:55 <PieroV> Yep
15:56:57 <richard> yeah
15:57:03 <PieroV> For donuts in particular
15:57:17 <donuts> does it need review?
15:57:25 <PieroV> In tor-browser!247 I basically applied the same fix of tor-launcher!16, but I can amend it and add Network
15:57:28 <donuts> but yep that needs fixed please
15:57:28 <GeKo> someone should check out https://gitlab.torproject.org/tpo/applications/fenix/-/issues/40204
15:57:43 * donuts is checking...
15:57:50 <GeKo> it came up during my network audit and i am not well-versed enough in mobile land for that one
15:57:56 <sysrqb> aguestuser: ^
15:58:24 <richard> assigned to a guest :)
15:58:26 <sysrqb> may be a good experience
15:58:51 <aguestuser> ay
15:59:13 <donuts> Pierov: uhhhh I'm going to have a think about this
15:59:24 <PieroV> Ok, no problem :)
15:59:26 <donuts> thanks!
15:59:28 <richard> alright
15:59:29 <richard> then with that
15:59:44 <richard> any last words?
15:59:58 <richard> because if not
16:00:00 <richard> goodbye
16:00:01 <richard> #endmeeting