#tor-dev log

18:00:06 <mikeperry> #startmeeting
18:00:06 <MeetBot> Meeting started Mon Aug 18 18:00:06 2014 UTC.  The chair is mikeperry. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:00:06 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
18:00:22 <sysrqb> nickm: (that's the mail asn referred to, not sure if that's the one you were thinking about)
18:00:22 <mikeperry> ok, let's get started
18:01:20 <mikeperry> so last week, I started working on #12621, as well as cleaning up the getfirstpartyURI error logging
18:01:44 <mikeperry> I did another round of edits on the iSEC blog post. waiting to hear from tjr
18:02:30 <mikeperry> and then I did a bunch of non-TBB stuff (mostly Android, some gsoc, some literature review)
18:03:03 <mikeperry> this week I plan to finish the developer doc and undocumented ticket review for #12621 and post it there
18:03:31 <mikeperry> and then start chruning through MikePerry201408R
18:04:17 <mikeperry> I might also clean up #7265
18:04:45 <mikeperry> the patch is good, but I think it should log always, and log the script URL involved
18:05:19 <mikeperry> that's it for me
18:05:53 <mikeperry> (I probably will be distracted by more Android things also, fwiw)
18:06:28 <MarkSmith> always logging seems like a good idea (for consistency and debug-ability)
18:08:33 <mikeperry> yeah, I actually tested the patch and it seems like most of the popular canvas using sites (github, riseup's pad, etc) are actually doing it from first-party scrpts. I found some code to log the script URL, so I'll throw that in there too
18:09:47 <mikeperry> with this + isis's changes the canvas message should hopefully be a lot easier for normal people to understand, as well as for technical people to dig and find out what is actually happening
18:10:32 <mikeperry> oh, though that reminds me
18:10:47 <MarkSmith> Hopefully some of the recent press attention has raised awareness… I think a lot of sites are accessing canvas when they don't really need to (just a guess though)
18:11:15 <mikeperry> MarkSmith: are you aware how the Browser Console handles XUL filtering? should we be worried about XSS attempts when logging URLS and such?
18:11:48 <MarkSmith> Good question.  One of us should look at that issue.
18:11:49 <mikeperry> I assume they must do something, but I got a little worried when the control port logging had to use that old deprecated message
18:12:01 <mikeperry> err deprecated logging function
18:12:43 <MarkSmith> If you like, brade and I can dig into that area and report back.
18:12:44 <mikeperry> your work in #9516, using logStringMessage()
18:12:46 <MarkSmith> Or you can.
18:13:13 <MarkSmith> I think the #9516 issue is caused by Mozilla JSONifying everything.
18:13:36 <MarkSmith> But we did not trace through all of their code in the debugger.
18:15:29 <mikeperry> well I am most worried about this deprecation message: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIConsoleService
18:16:14 <mikeperry> both patches use logStringMessage from that service. I am worried that a) we may have issues in FF31, and B) they may do more filtering on the Web Console logging methods
18:16:34 <MarkSmith> At some point they did the work to route messages submitted via the old API to the new browser console
18:17:12 <MarkSmith> More filtering (or not) is an unknown to me though
18:18:54 <mikeperry> I can try logging some XUL tags and see what happens, and look into the beowser console window XUL
18:19:02 <MarkSmith> OK; sounds good.
18:19:22 <MarkSmith> It should be easy enough to try the old and new APIs.
18:22:18 <mikeperry> ok. who wants to go next?
18:22:35 * MarkSmith can go
18:22:47 <MarkSmith> This past week, Kathy Brade and I rebased our browser and builder patches for #4234.
18:22:57 <MarkSmith> We are now waiting for mikeperry and/or GeKo to review and (if all looks OK) land the changes.
18:23:08 <MarkSmith> We also sent boklm some info about changes that needed to be made to the script he created
18:23:15 <MarkSmith> for #12622; he has already made the necessary changes (thanks!)
18:23:28 <MarkSmith> For Tor Launcher, we landed a fixup for #11199 to improve the "Tor expectedly exited" prompts based on feedback from Lunar (thanks!)
18:23:41 <MarkSmith> This week we will help land the #4234 changes and look at some other TorBrowserTeam201408 bugs (probably #10804, #11405, and #12444)
18:23:57 <MarkSmith> That's all for us.
18:26:21 * nickm pipes up to ask for feedback on 8405. arthuredelstein has a patch, and my main question is whether the approach it takes would do what TorBrowser wants.
18:26:37 <nickm> It would be great to make progress here, and all we need is a tor-controller-protocol API review
18:27:38 * nickm has been begging for feedback since this time last month.
18:29:25 <mikeperry> nickm: yes, sorry, that one is bottlenecked on me, and I have been bottlenecked on writing proposals and blog posts. I think I finally have time to look at that this week
18:29:55 <nickm> ok.  are there any tbb-wants tickets that I should be looking at?
18:30:01 <mikeperry> arthuredelstein: it looks like there are 3 patches to review there, where one of them has been revised 3 times?
18:30:24 <nickm> mikeperry: I'm not asking for patch review; I can do that.  I only need review on the new interface.
18:31:04 <arthuredelstein> mikeperry: Actually, I think my latest patch is not even there. Please ignore all of those and I'll post the new one.
18:33:01 <arthuredelstein> The new interface I propose is described at https://trac.torproject.org/projects/tor/ticket/8405#comment:17
18:34:23 <mikeperry> do you still intend to make use of additional info on STREAM events? or will CIRC events be enough?
18:35:24 <arthuredelstein> I think CIRC events would be enough. Provided we can assume that isolation isn't modified after circuit launch.
18:35:40 <arthuredelstein> Which I think works for Tor Browser circuits.
18:36:49 <arthuredelstein> Most of the time, circuits are built pretty fast, so this is really a cosmetic improvement. The circuit diagrams can already be shown with the existing control port interface.
18:37:03 <mikeperry> I need to also make sure your code handles CIRC failure cases and STREAM reattachment OK
18:37:24 <mikeperry> that's why I think this might require more thorough review than just looking at the control protocol changes
18:37:33 <mikeperry> I need to see how we're using them
18:37:57 <arthuredelstein> Yes, I think STREAM reattachment might be a concern. Is this documented somewhere?
18:37:59 <mikeperry> which means reviewing most of the parent/related patches too
18:38:10 <arthuredelstein> I agree
18:39:50 * arthuredelstein can go next
18:39:55 <mikeperry> my memory is fuzzy on where it is documented, but in general streams can be DETACHED from one circuit and placed on another one all the way up to SUCCEEDED
18:40:34 <arthuredelstein> As long as the CIRCUITID is available, I think it should work
18:40:38 <arthuredelstein> But I haven't tested that.
18:40:41 <mikeperry> and circ construction can fail at any point, and CIRCs can even mysteriously die up to that SUCCEEDED call without affecting much as far as the app is concerned
18:40:57 <mikeperry> and Firefox may also retry in some cases even if the circ+stream fail after SUCCEDED
18:42:31 <arthuredelstein> Basically, my patch just monitors CIRC and STREAM events. STREAM gives a Circuit ID, and then Circuit gives node IPs. So I reconstruct a circuit, assuming that the first STREAM on a circuit indicates its "first party" domain
18:43:33 <mikeperry> hrm. that assumption may not hold if parts of the page are either cached, or sitting around in a tab long enough for the original circ to get closed..
18:43:53 <arthuredelstein> If the original circuit gets closed, then we have a new circuit and a new first stream
18:44:19 <arthuredelstein> But indeed if that assumption turns out to be wrong, then the #8405 patch will be cleaner (as well as a cosmetic improvement) because it directly ties the first party domain to the circuit, instread of indirectly through the first stream
18:44:52 <mikeperry> but that stream may be for some third party content that is sitting around doing AJAX or something
18:45:18 <arthuredelstein> That's OK, isn't it? We want it attached to the first party domain.
18:45:50 <tjr> (I just peeked in, haven't read all the backscroll, but can chime in on ctmalloc and coordinate with you, mikeperry, on getting this post out when you're able.)
18:46:13 <arthuredelstein> I guess you're saying, if the first CIRC dies, then a new circuit wakes up and does third-party AJAX.
18:46:46 <mikeperry> tjr: ok
18:47:05 <mikeperry> arthuredelstein: yes
18:47:42 <mikeperry> we probably want some way to tell Tor not to mark circuits dirty in the same way while this is in use
18:48:03 <arthuredelstein> That's a good point. So I think my #8405 proposal fixes the third-party AJAX problem.
18:48:09 <mikeperry> it shouldn't really close our circuits until NEWNYM under this mode.. or at least keep them around much longer
18:49:09 <arthuredelstein> Right.
18:51:04 <arthuredelstein> So, on another subject: last week I worked on #12620. I did a first pass through the TB patches and got all but one to compile on ESR31 (https://github.com/arthuredelstein/tor-browser/commits/esr31-port-tmp). This week I'll hope to start carefully testing the patches to confirm that they are working and try to write some unit tests.
18:51:06 <mikeperry> I suppose we can just set a higher MaxCircuitDirtiness in our torrc
18:51:27 <mikeperry> wow, awesome
18:52:33 <arthuredelstein> Just to be clear, that branch is definitely not ready for use yet.
18:53:19 <arthuredelstein> that's all for me
18:53:46 <mikeperry> ok. update that bug with any questions or patch issues
18:53:50 <MarkSmith> Impressive progress on ESR31 patches!
18:53:55 <mikeperry> #12620
18:54:21 <arthuredelstein> Will do. There's a laundry list
18:54:37 <arthuredelstein> thanks!
18:55:08 <mikeperry> we also need to make sure to get secondary closer reviewon the DOM storage and canvas patches especially. if memory serves, new APIs were scheduled to be added to those componenets by Mozilla
18:56:20 <arthuredelstein> we'll definitely need to inspect each patch carefully for regressions
19:00:00 <boklm> arthuredelstein: when you have a branch for which you are interested to see the results of unit tests on each commit, let me know and I can launch a rebuild
19:00:26 <arthuredelstein> thanks. will do
19:00:53 <mttp> I have a bad habit of asking users to open bug tickets so they can provide the most accurate responses to questions  like system information
19:01:07 <mttp> and they get intimdated and don't open them at all
19:02:29 <mttp> but it looks like one that I should have opened instead of asking a user to do it is "Can't use proxy with no PTs in Tor Browser 4.0-alpha"
19:03:41 <mttp> Interestingly, the log message indicated that the port number of his local proxy was incorrect, even though other applications could use it just fine.
19:04:00 <mttp> I have only seen this one user with this problem.
19:05:16 <boklm> which OS is he using ?
19:05:30 <mttp> Windows 7
19:05:42 <boklm> could it be a firewall issue ?
19:06:15 <mttp> I asked him to disable his firewall & antivirus, and he said that didn't help
19:09:45 <mttp> Anyways  I will open the bug when I find the ticket again.
19:10:11 <boklm> ok
19:10:17 * boklm can go next
19:10:26 <mttp> oh wait
19:10:35 <boklm> ah
19:10:59 <mttp> I also wanted to say that I have been bugging helix lately with many questions about Tor Expert Bundle.
19:11:15 <mttp> She told me it is actually built with gitian.
19:11:43 <mttp> I built one for the tor alpha release. There hasn't been a Windows Tor alpha in a while
19:12:25 <mttp> But I didn't know we were making the Windows Tor deterministic.
19:12:59 <mttp> It'd be cool if I could get access to a build machine so I can experiment with this further (I don't have one)
19:13:02 <mikeperry> ah, I am not sure where the descriptors live for the expert bundle. I haven't seen them
19:13:15 <mttp> tor/contrib/win32build
19:14:58 <mikeperry> in tor.git?
19:15:05 <mttp> I'd actually like to get more involved with this if possible.
19:15:09 <mttp> Yes.
19:15:46 <msvb-lab> Wierd, why is browser stuff in the proxy repo?
19:16:17 <msvb-lab> Or gitian even for that matter.
19:16:42 <mttp> msvb-lab: well it's not actually the browser. It's tor plus windows packaging.
19:17:05 <msvb-lab> mttp: Ok, I thought by 'bundle' it included the browser.
19:17:33 <boklm> it doesn't look like gitian stuff there
19:17:48 <mikeperry> yeah, I don't see it either
19:18:10 <mttp> the other bundle things do
19:18:12 <mttp> yeah the gitian requirement doesn't seem to be documented at all--that's based only on conversations I've had with Erinn
19:20:42 <mikeperry> ok, well I guess we will need to ask helix later
19:20:54 <mttp> One possibility could be to put non-deterministic Windows alpha tor on the website and then iterate on the deterministic part. It seems like Erinn still had some research questions unanswered about how to best incorporate gitian, so IDK
19:21:11 <mikeperry> we have an LXC build machine, but #12237 means that it may not produce matching builds
19:21:20 <mttp> As the browser meeting even the right place to ask these questions?
19:21:35 <mttp> s/As/Is/
19:22:19 <Yawning> mikeperry: is said lxc build bux sufficient for doing devel work?
19:23:16 <Yawning> I want to dust off my obfs4 patch to tbb in preperation for deployment and it'd be nice if I could save the vm setup time
19:25:44 <mikeperry> yes, I can give you guys accounts on that machine. though you probably shouldn't trust it :/
19:25:58 <mikeperry> lxc needs way more sudo access than kvm
19:26:50 <Yawning> yeah less a matter of trust and more "I want something I can use to update a set of msotly done descriptors"
19:27:32 <Yawning> mostly done with the obfs4 code changes I wanted to do so tbb integration and packaging it for bridge operators is next on my todo list
19:27:35 <mttp> The ideal solution is me saving up enough for a nice machine of my own. In the mean time though, access to resources is appreciated.
19:28:17 <Yawning> the 4.0 alpha branch has the go stuff from meek and uses tor 0.2.5.x right?
19:28:34 <tjr> I have successfully built TBB on AWS EC2.  Again, not a trustworthy machine, but works in a pinch if you're desperate
19:29:24 <Yawning> worst comes to worst I could install ubuntu on one of my extra laptops or setup the vm stuff again, but neither of those options are ideal :/
19:29:28 <mttp> also I promise not to do anything malicious or sinister
19:29:45 <pfm> i solemnly swear i am up to no good
19:30:34 <mikeperry> Yawning: yes, 4.0 uses 2.5.x and meek
19:30:45 <Yawning> excellent, should be mostly smooth then
19:32:31 <mikeperry> ok, I added making accounts in my TODO file. email me an ssh key you'd like to use
19:33:30 <msvb-lab> By the way, cookie tester has a prototype http://docookie-europalab.rhcloud.com/#setsimple_page
19:33:36 <msvb-lab> Might complement or be replaced by XPCShell style in the long run (for testing.)
19:34:01 <msvb-lab> For now it suits the purpose of figuring out when a cookie flow is correct.
19:34:07 <Yawning> mikeperry: thanks <3
19:35:48 <mikeperry> msvb-lab: is this for #3246?
19:35:55 <msvb-lab> That's right 3246.
19:37:15 <msvb-lab> Even Live HTTP headers wasn't easy to sort out, and we don't want HTTPS or keepalive rambles mucking up testing.
19:38:47 <msvb-lab> I'll be more vocal once it's in production and #3246 gets coded again to produce a new (not rebased) patch.
19:40:20 <mikeperry> ok, yeah, that was my next question.. how to test this, and against what
19:40:55 <msvb-lab> Against a canonical baseline, with use case scenarios according to Dan Witte's documented logic.
19:41:00 <msvb-lab> Kind of http://docookie-europalab.rhcloud.com
19:46:18 <mikeperry> ok, well let me know when we can test this and what we should look for
19:46:45 <mikeperry> boklm: you've been waiting for a while. ready?
19:46:49 <boklm> yes
19:47:02 <boklm> Last week I made a few changes to the update responses script for #12622
19:47:11 <boklm> I tried a build using the bug4234-02 branch within user/brade/tor-browser-bundle.git (from #4234), which produced some .mar files
19:47:52 <boklm> I made it possible in the testsuite to define some tests as known issues, so we can use it to ignore the meek binaries which are not PIE, with a bug number as reference to be displayed on the results page
19:48:16 <boklm> This week I plan to look at the mozilla mochitests included in firefox, to run them as part of our test suite
19:48:42 <boklm> that's it for me
19:50:54 <arthuredelstein> mochitests will be very useful. We'll be able to write our own JS fingerprinting regression tests.
19:51:28 <mikeperry> yeah
19:52:10 <arthuredelstein> I've written on in https://trac.torproject.org/projects/tor/attachment/ticket/2874/0001-fixup-Bug-2874.-Remove-the-Components-shim-introduce.patch
19:52:12 <arthuredelstein> *one
19:52:43 <boklm> nice :)
19:53:17 <mikeperry> ok, anyone else?
19:53:57 <msvb-lab> mikeperry: were your changes to getfirstpartyURI() revealing of anything?
19:54:06 <msvb-lab> Can't check myself, since Internet is fried in Munich today.
19:54:40 <mikeperry> favicons seem to always fail for that API
19:54:50 <mikeperry> as do some cases where sites are creating about:blank
19:55:05 <mikeperry> that latter bit is very concerning. we'll need to dig into that more
19:55:33 <mikeperry> https://gitweb.torproject.org/user/mikeperry/tor-browser.git/commitdiff/6d893177ee16b1305967319186e2d4506f9848d9
19:55:43 <mikeperry> I will be merging that into the next 4.0-alpha release
19:57:10 <mikeperry> I think that's it, then? man, we ran long today
19:57:24 <tjr> I can update on ctmalloc
19:57:32 <tjr> I'll be quick :)
19:57:34 <mikeperry> ah, ok, yes please do
19:57:47 <tjr> I got it working!
19:58:00 <mikeperry> you got my mail with the updated blog post, yes?
19:58:04 <mikeperry> awesome!
19:58:27 <tjr> The next thing I need to do is a) test it on all OS's b) do a performance comparison and c) improve it so it takes advantage of the partitions
19:58:47 <tjr> I didn't actually get the mail, but I checked your transient link and it looks good to me
19:59:07 <tjr> I will push the report to gihub, you can publish your blog post, and then we'll publish ours?
20:00:44 <mikeperry> shall I link to your post? can you email me a copy?
20:01:42 <tjr> I will email you my draft, but I can't publish my post until I have the link to your post. :-p
20:02:19 <arthuredelstein> deadlock ;)
20:02:46 <tjr> emailed.  I will push the report to our github so you can link to it when you tell me to
20:03:05 <mikeperry> heh, and I need a link to the final report to publish my blog post. lots of deadlock :)
20:03:33 <tjr> I can do that before (iSEC) does the blog post
20:03:59 <mikeperry> our blog post will be at https://blog.torproject.org/blog/isec-partners-conducts-tor-browser-hardening-study
20:04:48 <tjr> Okay, I think we're pretty set, should I push the report (but not blog post) then?
20:04:54 <mikeperry> we also found https://gcc.gnu.org/wiki/vtv while looking into hardening options btw
20:05:04 <mikeperry> possibly a better solution than the vtable final thing?
20:05:31 <tjr> Uh, we had recommended that... :-p
20:05:50 <tjr> VTV and VTable final are independent of each other, they're both good ideas
20:07:37 <naif> Is it possible to force Tor to publish a specific TorHS to *all* available HSDir of the network?
20:09:14 <mikeperry> oh, hrmm, I didn't see the VTV rec. anyways, it sounds like we're ready to go. I should be able to post this later today/tomorrow
20:10:26 <mikeperry> I think we're finally done for the meeting then?
20:12:03 <mikeperry> alright, *baf* time
20:12:10 <mikeperry> #endmeeting *baf*