#tor-dev log

19:00:51 <mikeperry> #startmeeting
19:00:51 <MeetBot> Meeting started Mon Nov  3 19:00:51 2014 UTC.  The chair is mikeperry. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:00:51 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
19:01:52 <mikeperry> last week we put together 4.0.1, and merged everything tagged tbb-4.5-alpha for 4.5-alpha-1. my 4.5-alpha-1 build just finished (hash above)
19:02:48 <mikeperry> this week I'm going to be pretty busy with mostly non-dev stuff.. I have to write our october and year-end status reports, and go visit mozilla to give a talk about reproducible builds
19:02:53 <mikeperry> among a few other things
19:03:32 <mikeperry> I'd like to get 4.5-alpha-1 out the door, but others may have to take lead on most bits of that
19:03:42 * isis is also here.
19:05:46 <mikeperry> oh, and we should set up a code review process and share the merge bit more widely on torbutton, and tor-browser.git
19:06:14 <mikeperry> I think that's it for stuff I want to do.
19:06:30 <mikeperry> I owe some w3c people some mails and spec review.. that will probably also distract me this week
19:07:18 <mikeperry> oh, yeah, and I updated the design doc. see my post to tbb-dev. many updates to https://www.torproject.org/projects/torbrowser/design/#fingerprinting-linkability and added https://www.torproject.org/projects/torbrowser/design/#BuildSecurity
19:08:44 <intrigeri> mikeperry: Thanks for the design doc update. You'll want to search "Tor 0.2.3.x" in it at some point, I believe :)
19:09:24 <mikeperry> heh, thanks
19:10:36 <mikeperry> intrigeri: do you guys use xulrunner for tails still? how does that work out for you with using our torbrowser builds? any issues?
19:12:01 * isis feels like we're going to have to have another meeting in an hour, due to timezone differences
19:12:11 <Yawning> sjmurdoc1: there are?  which?
19:12:26 <intrigeri> mikeperry: I think we had to escape from it due to the migration to FF31, let me check.
19:12:40 * GeKo does not feel that way as he is already quite tired.
19:13:42 <intrigeri> mikeperry: Yep, we've dropped it (Tails#7236)
19:14:30 <GeKo> here is what I did last week:
19:15:08 <GeKo> I tried to get #9387 in an alpha state and worked on the windows crash  bugs #13443 and #13558
19:15:32 <GeKo> while the former is fixed, I think the latter crash bug still needs more investigation
19:16:02 <GeKo> additionally, I was helping with release things (4.0.1/4.5-alpha)
19:16:30 <GeKo> this week I plan to start upstreaming fixes for the Firefox build system
19:16:40 <GeKo> looking at Lunar's LXC patches
19:16:51 <Yawning> sjmurdoc1: and no, it didn't happen yet
19:17:07 <GeKo> + working abit more on #9387 is on the list as well
19:17:48 <msvb-out> 5butter-
19:17:51 <GeKo> then I plan to give the updated design document a close read and try helping to track down #13558
19:18:11 <GeKo> and I want to get out 4.5-alpha (too) :)
19:18:17 <GeKo> that's it for now
19:18:56 <mikeperry> did 4.5-alpha-1 build for you?
19:19:51 <GeKo> yes, there are some OSX locales that still get bundled should be ready in some minutes
19:22:45 <mikeperry> ok. I am sending the design doc to some w3c people soon. they were specifically interested in the updated fingerprinting section
19:23:40 <mikeperry> so that section is probably most important to check first for anything in there that's wrong, omitted, or unclear
19:24:02 <GeKo> nice, I plan to do that tomorrow morning my time
19:24:06 <mikeperry> ok
19:24:18 <Yawning> how long is the 4.5-alpha cycle gonna be?
19:24:26 <Yawning> and will y'all be mad if we want to add another go binary?
19:24:35 <mikeperry> yet another one?
19:24:42 <GeKo> tor-fw-helper?
19:24:55 <Yawning> yah
19:25:22 <GeKo> if you promise this is the last one, then it's okay ;)
19:25:31 <tjr> GeKo: do you need a Windows XP machine?  I don't know how easy it would be for me to transfer it to you, but I ought to be able to set something up so you can RDP into mine.
19:25:34 <mikeperry> man, this static go runtime is.. not so fun. did the busybox-style hacks seem at all possible?
19:25:55 <Yawning> I could but it'd be really nasty
19:26:21 <GeKo> tjr: thanks for this offer this might be pretty helpul. I think about it and get back to you if that is okay.
19:26:43 <Yawning> maybe obfs4proxy could subsume meek-client or something
19:27:02 <GeKo> maybe I can avoid it to get dragged to much into hunting this bug down...
19:27:08 <Yawning> that'd cut out a copy of the runtime
19:27:09 <GeKo> *too
19:27:59 <mikeperry> GeKo: it looks like the cyperpunks user is saying that the generated code did not change much (or at least is still a null ptr deref) with jacek's fix there, yes?
19:28:04 <mikeperry> in #13558
19:28:08 <GeKo> yes
19:28:31 <GeKo> so I was thinking kind of bisecting this as we have working builds in the past
19:28:44 <GeKo> for that some XP machine would make it a lot easier
19:28:47 <Yawning> dunno, I think alpha-in gthe helper for flashproxy would be good (and as far as I can tell so does dcf)
19:28:50 <mikeperry> I think it might be due to the mingw update though
19:28:57 <GeKo> yes
19:29:08 <mikeperry> we have two things that changed: ff and mingw
19:29:21 <Yawning> (sorry I'll shut up now)
19:29:30 <mikeperry> I suppose we could test if the old firefox built with new mingw still has the problem
19:29:34 <GeKo> my first plan tomorrow is compiling the working FF with our new compiler and testing that one
19:29:40 <GeKo> hah, yes
19:30:57 <mikeperry> Yawning: yes, we can do that, I think.. but man these bundles are getting fat.. we're up to 45M on Linux and OSX now
19:31:10 <Yawning> ;_;
19:31:24 <Yawning> how easy would it be to include the helper in the relay bundle or whatever
19:32:07 <Yawning> I still need to rename go-fw-helper to "tor-fw-helper: more tor, more fw, more helper"
19:32:37 <mikeperry> as for how long we'll be in alpha, I'm not sure. I think the main thing we want to do is make sure all of the stuff already merged works, and try for MAR signing (#13379). I think that's all I really want in a 4.5-stable (so we can get a more secure updater to our users with both pinning and mar signing)
19:33:00 <Yawning> gotcha
19:33:20 <Yawning> I have 2 things I want to see field tested in the alpha timeframe in addition to obfs4
19:33:21 <mikeperry> and I think we don't want much else, so we can get that out quickly
19:33:32 <GeKo> soudns good
19:33:42 <Yawning> the helper, a minor goptlib patch
19:33:42 <GeKo> *sounds even
19:33:43 <mikeperry> at least on our side. I am OK with more PT fixes
19:33:48 <Yawning> ok
19:33:56 <Yawning> I think both are low risk
19:34:18 <Yawning> well, the helper still has the "shitty router support nightmare in the making" problem
19:34:33 <Yawning> but hard to test for that, and I tried to work around most of the brain damage I know about
19:35:17 <Yawning> (hey, you should use the sketch go code I just wrote to sign updates)
19:35:37 <Yawning> (:D :D :D)
19:37:56 <mikeperry> oh, I also need to do the monthly tag update.. so I guess watch for updates to https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~TorBrowserTeam201411 this week
19:38:29 <mikeperry> anyone else? did we lost most people in the timezone switch confusion?
19:38:37 <Yawning> 4.5-alpha1 today?
19:38:46 <Phoul1> I have one thing from the help desk / outreach side.
19:38:46 * MarkSmith Is here and can give an update
19:38:47 <Yawning> I want to do a blog post about obfs4 sometime
19:38:47 <GeKo> no
19:38:55 <Phoul1> MarkSmith: feel free to go first.
19:38:59 <Yawning> "soon"?
19:39:03 <GeKo> yes
19:39:19 <Yawning> Blizzard Entertainment/Valve Software "Soon(TM)"?
19:40:05 <mikeperry> I have a build. if it matches gk's (which is now building) I will put it on tor-qa in a couple hours (as long as it takes to rsync)
19:40:19 * boklm is here too and will give an update after MarkSmith and Phoul1
19:40:20 <Yawning> \o/
19:40:30 <MarkSmith> Last week Kathy and I spent quite a bit of time reproducing, understanding, and coming up with an approach to fix #13594.
19:40:48 <MarkSmith> The actual fix was delayed by a dumb problem:  it turned out we were freeing a string that the environment held a pointer to (our revised PATH).
19:40:58 <MarkSmith> We plan to finish testing our fix today.
19:41:06 <GeKo> cool
19:41:19 <MarkSmith> We also tested the updater (going from 4.0 to 4.0.1 with both full and incremental MAR).
19:41:28 <MarkSmith> We did not find any new problems.
19:41:35 <MarkSmith> Finally, we spent some time looking at the Mozilla patches for #13379.
19:42:05 <MarkSmith> (currently, Mozilla only signs the Windows MAR files but they are adding support the other platforms)
19:42:17 <MarkSmith> e have not yet tried to backport the Mozilla patches to ESR31 but it should be possible.
19:42:41 <MarkSmith> "We have not" (I meant to say)
19:42:49 <MarkSmith> Once we are done with #13594, we will begin that task.
19:42:57 <MarkSmith> That's all for now.
19:43:24 <mikeperry> are there many? as for using the OS libraries, I think that is OK. I too would prefer uniformity (and ideally NSS), but if Mozilla decided to go another way there, we probably should just go with what they did
19:44:06 <MarkSmith> many patches?
19:44:17 <MarkSmith> or many ?
19:44:39 <mikeperry> yeah, many patches. it looked like there was a whole dependency tree of bugs they had
19:44:46 <MarkSmith> I think the biggest patches are for using OS libraries to verify the sigs.
19:45:26 <MarkSmith> I don't think there is anything too complicated, but I am also not sure they have finished everything (it looks close though).
19:45:33 <GeKo> how hard is it to use NSS instaed?
19:46:18 <MarkSmith> I think it might be easy to just use NSS always.  Will check unless Mike would rather stick with Mozilla's approach.
19:46:37 <MarkSmith> I know we want to ship this ASAP.
19:46:40 <GeKo> I'd prefer using the stuff we ship
19:47:09 <GeKo> but sure if that would be a huge pain then let's start with the OS libs
19:47:17 <mikeperry> my thinking is whatever seems easiest and requires the least code changes
19:47:23 <MarkSmith> We will also need a signing key and associated cert.  And a way to keep the key secure but still sign the MAR files.
19:47:57 <GeKo> yes
19:48:11 <MarkSmith> And the cert associated with the signing key gets embedded in the updater executable (array of bytes in a generated header)
19:48:25 <MarkSmith> (Mozilla used to embed the signing cert as a Windows resource)
19:48:38 <MarkSmith> (so that's another patch)
19:49:13 <MarkSmith> Some of the patches are already on mozilla-cental and some are not.  But all are farily new/recent (October 2014).
19:49:19 <MarkSmith> "fairly new"
19:49:30 <MarkSmith> So I expect some bumps.  But we will see.
19:51:11 <mikeperry> ok
19:52:19 <mikeperry> boklm: do you want to go next?
19:52:24 <boklm> ok
19:53:32 <boklm> Last week, I've run a rebuild of tor-browser-31.2.0esr-4.x-1-build2 patches to run the unit tests on them: http://93.95.228.164/reports/index-browserunit-tor-browser-31.2.0esr-4.x-1-build2.html
19:53:43 <boklm> (it's still running, not all patches have been rebuilt yet, after being interupted by some "no space left" issues)
19:54:11 <boklm> I updated the patch for #13015 (but still need to get a successful build to confirm that it works)
19:54:18 <mikeperry> ok awesome. you've been talking to arthuredelstein about that, I hope?
19:54:38 <boklm> mikeperry: not yet, I will send him the link
19:55:04 <arthuredelstein> got it, thanks :)
19:55:42 <arthuredelstein> Right now it says "Not Found" - is that because it's still running?
19:55:59 <arthuredelstein> Never mind, I see it now
19:56:03 <boklm> it should not say "Not found"
19:56:09 <mikeperry> ok, yeah, he is going to try to fix broken patches. another thing I suggested last week was a script that automatically tries to rebase our patches periodically onto mozilla-central, and drops ones that conflict into a dir somewhere. if we can keep a branch current with at least most of our patches, we can probably get mozilla to start honoring our changes and not breaking things
19:56:55 <boklm> yes, I can be looking at this this week. I sent an email about it today: https://lists.torproject.org/pipermail/tbb-dev/2014-November/000165.html
19:57:17 <GeKo> I think the major pain point here is getting them rebased to mozilla-central AND making sure they are still working as expected
19:57:52 <arthuredelstein> It will definitely be useful to run all unit tests. One way to do that would be to submit to Mozilla try servers
19:58:08 <mikeperry> yeah. I am remembering that one DNS blocking patch that totally got destroyed by a misplaced patch block
19:58:23 <mikeperry> that was scary
19:58:27 <GeKo> yes, another one is for instance #13035
19:58:42 <GeKo> where we probably need a new patch to begin with
19:58:48 * boklm does not have yet a Mozilla try servers. Is there some way I can ask one to mozilla ?
19:59:20 <GeKo> that seems quite some effort that we need to put into this idea
19:59:54 <arthuredelstein> boklm: Instructions here: https://www.mozilla.org/en-US/about/governance/policies/commit/
20:00:03 <GeKo> boklm: you usually need to ask Mozilla folks to give you access and they usually want to see some code contributions
20:00:17 <boklm> ok
20:00:26 <arthuredelstein> Getting Level1 try server access is pretty easy, I think
20:00:29 <GeKo> you need to have IIRC a module owner backing you
20:00:45 <arthuredelstein> since they gave it to me before my first contribution
20:00:52 <GeKo> huh?
20:02:30 <arthuredelstein> IIRC, I had submitted a patch and then, since they wanted try server results, gave me access.
20:02:51 <GeKo> aha, that's smart!
20:03:38 <boklm> This week I'm also planning to implement the changes in update_responses script to allow not updating an OS to the latest version: https://lists.torproject.org/pipermail/tbb-dev/2014-November/000156.html
20:04:27 <boklm> (I may also get distracted by some personnal stuff this week as I'm visiting some appartments where I could be moving to)
20:04:40 <boklm> that's it for me
20:05:35 <GeKo> boklm: re your no-disc-space issues: you might have been running into #13608
20:05:46 <GeKo> dunno what your setup looks like
20:06:31 <boklm> GeKo: yes, it looks like it was this
20:06:59 <GeKo> the weird thing is I have this only on some machines and no clue hot to fix it on the other ones :(
20:07:05 <GeKo> *how
20:08:04 <boklm> the setup I'm using is an Ubuntu Precise VM
20:11:00 <mikeperry> I wonder if it was just using previously created images for building the containers?
20:11:08 <mikeperry> I hit that on tbb-4.5-alpha
20:11:18 <mikeperry> but with kvm
20:11:37 <boklm> I didn't remove them, so it's possible
20:11:52 <mikeperry> since I had qcow images from 4.0-alpha, which was before we upgraded the size
20:12:02 <mikeperry> (since I have separate build trees for stable and alpha series)
20:12:28 <GeKo> mikeperry: yeah, creating new ones when using KVM solves this issue
20:12:54 <GeKo> which is why I raised the VM sitze in gitian-builder in the first place
20:13:00 <GeKo> *size
20:13:35 <GeKo> but on our common LXC box the size of new containers is still the "old" one
20:14:19 <GeKo> so we currently can't build there 64bit Linux builds
20:14:43 <mikeperry> ah
20:15:02 <GeKo> on my laptop at home everything is fine with LXC though
20:17:04 <mikeperry> odd
20:17:18 <mikeperry> well, I think we should move on. arthuredelstein?
20:18:08 <arthuredelstein> Last week I helped with a couple of last minute fixes for some patches for 4.5-alpha. And I did some more work on trying to upstream
20:18:19 <arthuredelstein> two patches to Mozilla (https://bugzilla.mozilla.org/show_bug.cgi?id=122752 and https://bugzilla.mozilla.org/show_bug.cgi?id=418354).
20:18:20 <Phoul1> (I'm gonna need to leave in 20ish minutes, just a heads up)
20:18:43 <arthuredelstein> This week I hope to land at least one of those patches, and also work on fixing unit tests and upstreaming more patches.
20:19:06 <arthuredelstein> That's it for me.
20:21:11 <msvb-out> Why are Mozilla saying 'close to zero chance that this issue will be ever resolved' just after you submitted your patch? That's bizarre.
20:21:44 <msvb-out> Seems just the opposite, that your patch will successfuly close the bug finally.
20:22:29 <arthuredelstein> I think that's maybe not a Mozilla person
20:23:48 <mikeperry> Phoul1: ok, you should update us now in that case (I assume with support issues?)
20:24:11 <mikeperry> (also hurray that bug 418354 finally landed!)
20:24:21 <Phoul1> Not so much support issues this week, that largely depends on how many users find the latest update to resolve their issue. The main thing I had is outreach related.
20:24:34 <mikeperry> (oh wait, no, that is still the wrong redirect bug)
20:25:03 <Phoul1> For Sponsor O, we have said we will make videos detailing the TB install process. Problem is, at the moment, its unclear what the verification process will look like / who will be signing the bundles.
20:25:24 <Phoul1> Is there any ETA on any of that being sorted out, to the point we can start the videos?
20:25:34 <mikeperry> when do the videos have to be done by?
20:26:07 <mikeperry> we also have a digicert code signing key frob that I need to figure out how to use still.. they gave me some sketch binaries for linux from a dropbox share..
20:26:29 <Yawning> ...
20:26:36 <Phoul1> We haven't set a firm due date yet, as we were unsure about this. I believe they may be actually due at the end of December, but Karsten would know that best unfortunately. For the time being, there is no project ticket for it, since we didnt know what the solution here would be.
20:26:43 <mikeperry> and the use of that thing will change the user experience for windows and mac (for the better)
20:27:14 <GeKo> Phoul1: #13407 is the ticket you want to watch
20:27:37 <GeKo> so, ideally we fix this for the next stable release already
20:27:37 <Phoul1> GeKo: yup, have been watching it. :)
20:27:42 <GeKo> ah
20:27:44 <mikeperry> also #3861 and #6540
20:28:49 <mikeperry> it sounds like you should create a trac ticket for the video with all three of those listed in it, and cc karsten, gk and myself
20:29:21 <Phoul1> Alright, sounds good.
20:30:05 <Phoul1> Thats all from me, thank you :)
20:30:41 <mikeperry> ok great.
20:31:26 <mikeperry> is that all for today then?
20:32:43 <mikeperry> sounds like it
20:32:47 <mikeperry> #endmeeting