15:01:24 <morganava> #startmeeting Tor Browser Weekly Meeting 2024-08-26
15:01:24 <MeetBot> Meeting started Mon Aug 26 15:01:24 2024 UTC.  The chair is morganava. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:01:24 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
15:01:56 <morganava> the pad -> https://pad.riseup.net/p/tor-tbb-keep
15:02:43 <morganava> 14.0a2 shipped last week, and if possible i'd like to get 14.0a3 built for release tomorrow/wednesday
15:03:06 <morganava> I deccided to hold off on a full deployment on the google play store given the search-bar fix which didn't get in
15:03:12 <morganava> so that's sitting at 25% atm
15:03:54 <dan_b> looking at my emails quickly looks like I have some MR reviews todo first thing to hopefully get in for a3 🙂
15:04:05 <Jeremy_Rand_Lab19[m]> hello!
15:04:16 <PieroV> morganava: I know how to fix the version bug
15:04:24 <PieroV> But I don't know if Claire has already started working on that
15:04:43 <PieroV> So, if she hasn't I can create a quick patch to get that done in 14.0a3
15:04:53 <morganava> last week I went through all of the 14.0 Stable && !14.5 Stable issues and triaged
15:05:08 <PieroV> morganava: also, we're getting tags later today or tomorrow early morning
15:05:28 <morganava> the query if you're looking for issues ;) -> https://gitlab.torproject.org/groups/tpo/applications/-/boards?not[label_name][]=14.5%20stable&label_name[]=14.0%20stable
15:05:29 <PieroV> Shall we have 14.0a3 built on 128.2.0 before it's released by Moz, or are we staying on 128.1.0?
15:05:52 <dan_b> pierov: if it was started, it's not done, i dont have a review in my queue for it
15:06:07 <dan_b> if it's fast maybe bash that out?
15:06:07 <morganava> I'm fine with keeping 14.0a3 on the prev minor ESR in favor of shipping it and not getting in the way/or behind the 13.5 update
15:06:32 <morganava> there will be a 14.0a4 next week on the usual update esr update schedule
15:06:38 <PieroV> Consider I do rebases continuously, but I don't build them
15:06:42 <PieroV> ack
15:08:35 <morganava> anyway, Iv'e triaged the 14.0 + not 14.5 issues and the board should be in a 'good' state
15:08:45 <dan_b> so I seem low on review tickets, which, is good? If I get caught up this week what would be my next priority? should I look at some of the android patchset rebase health stuff or?
15:08:54 <morganava> things in Backlog or lower priority should be de-prioritised in favor of ~Next's
15:09:16 <morganava> the majority of of which are Mozilla Reviews (and the majority of those are telemetry fortunately)
15:10:07 <morganava> dan_b: there are a *ton* of reviews -> https://gitlab.torproject.org/groups/tpo/applications/-/issues/?sort=updated_desc&state=opened&label_name%5B%5D=14.0%20stable&search=Review%20Mozilla&first_page_size=100
15:10:35 <morganava> 184 atm, so if you (and anyone else) would go thouogh those between dev/patches that'd be great
15:10:40 <dan_b> oh cool!
15:10:43 <dan_b> thanks
15:11:01 <morganava> there's also a handful of issues I need to create from the code-audits (like 5) I'll get to today
15:11:36 <PieroV> morganava: have you gone through TZP's audits?
15:11:46 <morganava> i have not
15:12:09 <morganava> are those the ones linked from the various Firefox audit issues in tor-browser-spec?
15:12:10 <PieroV> There might be some additional Bug reviews we've lost but that have been referenced there
15:12:13 <PieroV> Yes
15:12:21 <morganava> ok, I'll put those in my queue
15:12:38 <clairehurst> PieroV: I have not started on the version bug
15:13:52 <morganava> oh! I also created an MR in tor-browser-bundle-testsuite to add users to the nightly build emails
15:14:17 <morganava> if you would like emails pease opt-in in that MR (you should all be cc'd)
15:14:41 <morganava> ( https://gitlab.torproject.org/tpo/applications/tor-browser-bundle-testsuite/-/merge_requests/38)
15:14:57 <thorin> what do you mean TZP audits
15:15:18 <PieroV> thorin: the list of bugs you have for each Firefox version
15:15:25 <PieroV> In TZP issues
15:15:35 <thorin> oh, you mean my one issue where I dump shit all year
15:15:47 <morganava> :3
15:15:52 <morganava> i blame mozilla personally
15:16:30 <thorin> they're not TZP issues - they're issue I come across as I audit arkenfox changes
15:17:22 <thorin> ^ https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42054
15:17:30 <morganava> yep
15:18:10 <thorin> you know ... audit monthly so we don't play catchup once a year
15:18:15 <thorin> :P
15:18:25 <PieroV> That's the idea...
15:18:32 <thorin> i blame mozilla personally
15:18:37 <morganava> lol
15:18:39 <PieroV> Poor 'zilla
15:18:49 <morganava> mozilla gets a bad rap
15:18:57 <morganava> anywya
15:19:21 <morganava> thorin: yeah hopefully we'll be able to play catch-up in the fall 2 or 3 rapid-releases at at ime until we catch up from this summer
15:19:28 <morganava> and then it's just smooth sailing into the future
15:19:44 <morganava> a little annoying work each month instead a whole summer of it
15:19:47 <morganava> is the dream anyway
15:19:47 <thorin> and then in 2027 we can have a fingerprinting week
15:20:03 <morganava> a girl can dream^
15:20:13 <morganava> ok
15:20:24 <morganava> i've yapped enough, are there other discussion points, announcements?
15:20:33 <thorin> just one from me
15:20:52 <thorin> can we uplift letterboxing/betterboxing changes
15:21:32 <ma1> thorin, they're still very in flux. I don't feel they're in a upliftable state yet
15:21:49 <PieroV> ma1: I think we should start at least with the rounding patches
15:21:57 <PieroV> Perfect is the enemy of good, right?
15:22:03 <thorin> we get a lot of feedback/bugz from RFP users upstream
15:22:18 <thorin> but i think we're too late now for ESR128
15:22:40 <thorin> we should add our patches upstream as a first step
15:22:47 <thorin> ^ where possible
15:23:43 <ma1> PieroV, that's true. Let's see if the more controversial stuff (like gradients and other things which might change the DOM even more) can be easily separated.
15:23:44 <thorin> that's it from me
15:24:18 <PieroV> Yeah, I don't think we'll ever be able to upstream everything in one go
15:24:41 <thorin> i know the rounding still has issues - it opens my laptop with a high dpi 10px too wide and a few pixzels too tall
15:24:52 <thorin> but it's not hi priority given LBing
15:27:00 <ma1> thorin, so what you suggest is giving priority to "functional" letterboxing over cosmetic betterboxing and rounding (which is "mitigated" by LB)?
15:27:08 <henry-x> Can someone from android land confirm that the patch for tor-browser#42622 did not break the android connect assist?
15:27:43 <henry-x> it is due a backport for next stable release
15:28:28 <thorin> ma1: IDK what i'm advocating :)
15:29:15 <dan_b> henry-x: android has been working in the last 3 weeks, since this was merged
15:30:46 <henry-x> dan_b ok, is that with bootstrapping initially failing as well? Because the change could potentially change your error handling. From what I remember
15:31:02 <dan_b> ah I haven't tested
15:31:20 <dan_b> clairehurst? you tested that flow in the last few weeks?
15:31:23 <morganava> woudl use using the connect assist debug pref exercise this functionality henry-x?
15:32:23 <henry-x> I think that would be one way to get an error
15:33:02 <morganava> kk, i can check before backporting
15:33:09 <PieroV> Maybe also plane mode can help
15:33:26 <henry-x> There is also firefox-android!118 that was opened in relation to this
15:33:42 <clairehurst> Other than the default "no error" flow no but I can test it. I tested it before it was merged though and it seemed to not mess with stuff
15:34:08 <morganava> PieroV: oh smort
15:35:35 <clairehurst> Yeah I didn't label that draft MR very well but iirc its more for consistancy than actually fixing anything (prevent the same thing being called multiple times, which could cause future issues)
15:40:13 <morganava> alright, any other topics?
15:40:13 <henry-x> yeah, if you could test it that would be great
15:40:25 <morganava> alright i'll hand that over to clairehurst then
15:41:42 <clairehurst> Sounds good
15:42:32 <ma1> Semi-topic: updating cloudflare early to avoid "false bugs" like the CORP one?
15:43:08 <ma1> (and maybe telling them how to tell subresource loads apart from document, instead of replacing scripts and stylesheets with captchas)?
15:43:40 <morganava> i've a contact email/alias for cloudflare if we need to get them to change something
15:44:00 <morganava> what's going on with cloudeflare?
15:44:12 <ma1> tor-browser#43079
15:44:18 <PieroV> morganava: still a lot of captchas
15:44:32 <PieroV> And still a lot of broken sites because of invisible captchas in CDNs
15:44:56 <PieroV> Last Saturday I had the problem with Mullvad Browser and my connection
15:45:13 <morganava> hmm tor-specific stuff it seems, if it's not happening in Mullvad?
15:45:29 <PieroV> No no, it happens also on Mullvad Browser from time to time
15:45:45 <ma1> probably they trigger on any "odd" fingerprint
15:45:45 <morganava> hm ok
15:45:54 <morganava> i'll send them an email and cc.. ma1?
15:46:02 <morganava> point them to the issue
15:46:09 <ma1> morganava, sounds good.
15:46:32 <ma1> I'll add another more detailed comment about Sec-Fetch-* headers to the issue.
15:49:12 <morganava> thanks thanks
15:50:33 <morganava> alright
15:50:39 <morganava> it's nearly the hour
15:50:42 <morganava> last call for topics before we end this
15:51:54 <ma1> announcement: tomorrow I will be traveling, then likely offline / weird timezone in Singapore, but *at least* doing Sec backports and managing NoScript 11.4.35 release. Back on Tue 09-03 morning.
15:52:11 <dan_b> oooh have fun!
15:53:25 <ma1> secular humanists activism stuff, I'll likely show them the god vs javascript t-shirt design PieroV gave me this morning: https://share.riseup.net/#weWz9cc24i7ssLk8B8GQeQ
15:53:56 <PieroV> (it was forwarded to me, I don't know the original source)
15:54:33 <ma1> (like most religious stuff)
15:55:11 <dan_b> looool oh dear
15:55:38 <morganava> oh god
15:55:43 <morganava> this is why i hate js
15:56:05 <morganava> wtf why does "\t" == 0
15:56:10 <morganava> MOZILLLAAAA
15:56:16 <morganava> alright
15:56:22 <morganava> sounds good, safe travels ma1 o/
15:56:27 <ma1> tyvm
15:56:30 <morganava> have a good week everyone \o/
15:56:34 <morganava> #endmeeting