19:00:27 <mikeperry> #startmeeting
19:00:27 <MeetBot> Meeting started Mon Jan  5 19:00:27 2015 UTC.  The chair is mikeperry. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:00:27 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
19:00:31 <mikeperry> ok, let's get started
19:01:03 <arthuredelstein> hi all
19:01:20 <boklm> hi
19:01:26 <msvb-out> Hi folks.
19:01:33 <MarkSmith> Happy New Year to everyone.
19:01:59 <mikeperry> I imagine the last two weeks saw most people taking time off for the holidays.
19:02:25 <mikeperry> at least, that was the case for me.
19:02:40 <mikeperry> Seth and I did give our talk on reptroducible builds at CCC: http://media.ccc.de/browse/congress/2014/31c3_-_6240_-_en_-_saal_g_-_201412271400_-_reproducible_builds_-_mike_perry_-_seth_schoen_-_hans_steiner.html
19:03:14 <mikeperry> I just learned that the CCC had to censor our rootkit demo though, because we played the rickroll song as part of the rootkit
19:03:22 <Stary2001> LOL
19:03:31 <mikeperry> apparently we fell victim to https://en.wikipedia.org/wiki/Blocking_of_YouTube_videos_in_Germany :(
19:03:47 <boklm> oh
19:04:00 <arthuredelstein> very nice talk
19:04:22 <mikeperry> unfortunately, this also means that some of the rootkit explaination was also censored
19:04:33 <mikeperry> we're trying to find some way to fix this
19:04:38 <MarkSmith> Can they add text captions to replace the missing audio?
19:05:35 <mikeperry> possibly. we may also be able to mute/subtract/phase cancel the rickroll audio itself, and preserve the rest of it..
19:05:41 * GeKo should have played something on his guitar for that part of the talk
19:06:11 <mikeperry> it should also be legal tfor us to host the uncensored version of the video in the US, due to fair use case law
19:07:03 <armadev> yes, i encourage us to host your video on the tor video collection
19:07:06 <armadev> the uncensored one
19:08:02 <mikeperry> ok. hopefully they still have the original. I was told they would get back to me ASAP
19:08:10 <msvb-out> Just as important please don't forget (you too arma) to place the slides in the tor slide depot.
19:08:22 <armadev> i don't think i can do this
19:08:57 <armadev> http://freehaven.net/~arma/slides-31c3.{odp,pdf} are mine
19:09:06 <msvb-out> Cool, thanks.
19:09:17 <armadev> please put them somewhere if you can
19:10:47 <msvb-out> Who has access to: https://svn.torproject.org/svn/projects/presentations/
19:11:07 <mikeperry> our slides should be on the CCC events page
19:11:15 <armadev> are they?
19:12:45 <mikeperry> a version of them are, yes. I need to upload  actual version we used in the talk, but the differences were only cosmetic
19:14:38 <mikeperry> I think the only other TBB-specific things I did was to write the status report and move our tickets into the january tag
19:15:01 <msvb-out> There is an 'R' at the end of your tags now, what's that?
19:15:10 <mikeperry> I am eyeing #13900 as something we probably also want to bind to privacy.thirdparty.isolate and try to upstream for FF38
19:15:40 <GeKo> msvb-out: ready for review
19:15:42 <mikeperry> that is the review tag, so its easy to see the tickets up for review with just a keyword query
19:16:53 <mikeperry> I think we have a firefox release coming next Tuesday, yes?
19:17:20 <GeKo> I guess so.
19:18:05 <GeKo> re #13900: fine with me. while we are at it we should do the same for the cache isolation part that moved from JS to C++
19:18:18 <GeKo> I think there is no ticket for that specifically yet
19:19:45 <mikeperry> well, we moved the cache stuff to C++ in #13742. I guess we still will hit the cache2 issues in #13035 though :/
19:21:37 <GeKo> with ticket I meant one that tracks the mozilla merge. hrm... might be too much work then before the deadline
19:23:51 <mikeperry> yeah...
19:25:59 <mikeperry> as far as a ticket for the merge, I was assuming #12619, but you're right, we should probably have a focused ticket for the thirdparty stuff
19:26:19 <mikeperry> but even that seems at risk due to cache2 :(
19:27:16 <arthuredelstein> Are there known issues with cache2? I didn't see any cache isolation problems in my unit tests.
19:29:39 <mikeperry> I have not looked at your unit test patch from last week yet. did you test images specifically?
19:29:53 <mikeperry> (looking at it now, but on a janky internet connection)
19:29:58 <GeKo> #13472 might be all but who knows. needs someone to test cache2 thoroughly I think
19:30:15 <GeKo> err
19:30:18 <GeKo> 13742
19:30:56 <arthuredelstein> Yes, images under different domains and also inside iframes
19:31:24 <arthuredelstein> by "under different domains" I mean "embedded by pages in different domains"
19:32:24 <arthuredelstein> tested things include IFRAME, FRAME, LINK, SCRIPT, IMG, OBJECT, EMBED, AUDIO, VIDEO, TRACK and XMLHttpRequest
19:33:16 <msvb-out> arthuredelstein: Cool, awesome that XHR is there too.
19:36:53 <mikeperry> ok. so if that still works for FF-aurora, maybe we aren't in such bad shape. it looks comprehensive at a glance, at least for cache stuff
19:40:33 <mikeperry> arthuredelstein: did you verify that this test fails *without* our patches?
19:41:51 <arthuredelstein> No -- I should do that. I would be extremeley surprised if it didn't fail.
19:43:32 <mikeperry> would also be useful to test builds with the cache vs image cache patches applied independently, to make sure the right bits fail :)
19:44:51 <arthuredelstein> Yes, good point. I'll report my results on the ticket.
19:45:02 <mikeperry> ok, great. thanks
19:45:44 <msvb-out> Probably not relevant, but getFirstPartyURI is doing funky things on favicons (it's failing.)
19:46:00 <mikeperry> I am thinking all of https://trac.torproject.org/projects/tor/query?keywords=~TorBrowserTeam201501R should go into 4.5-alpha-3 for next Tuesday
19:46:04 <msvb-out> I documented that on a different ticket relating to DOM isolation, but it might be cache or image isolation instead.
19:46:15 <arthuredelstein> msvb-out: Yes, I'm in the middle of trying to fix that.
19:46:43 <arthuredelstein> msvb-out: #13670
19:46:47 <mikeperry> msvb-out,arthuredelstein: #13670, yes?
19:46:49 <mikeperry> ok
19:47:20 <mikeperry> is there anything else we want to aim for for 4.5-alpha-3? MAR signing?
19:47:21 <msvb-out> The thing is that the broser log pukes the same error on about:blank, so I didn't think it was a image related thing.
19:47:31 <msvb-out> ...and rather thought about DOM.
19:47:44 <GeKo> MAR signing is already merged and we should start doing that , yes
19:50:09 <MarkSmith> It will take a couple of releases to transition to signed MAR files (one release to deploy an updater that requires signed MARs and another release to prove that it works).