19:01:28 #startmeeting 19:01:28 Meeting started Mon Feb 2 19:01:28 2015 UTC. The chair is mikeperry. Information about MeetBot at http://wiki.debian.org/MeetBot. 19:01:28 Useful Commands: #action #agreed #help #info #idea #link #topic. 19:03:41 ok, let's get started 19:03:54 Last week I triaged the tbb-fingerprinting tickets and attempted to group them into categories. See https://trac.torproject.org/projects/tor/query?keywords=~tbb-fingerprinting-time https://trac.torproject.org/projects/tor/query?keywords=~tbb-fingerprinting-resolution and https://trac.torproject.org/projects/tor/query?keywords=~tbb-fingerprinting-fonts for some of the higher priority categories. 19:04:06 I also did the same for usability tickets after attending the UX sprint in berkeley. It became clear to me that we still have many so-called "stop points" that cause users to be unable or unwilling to install/configure TBB. I tagged and subcategorized these stop points. See https://trac.torproject.org/projects/tor/query?keywords=~tbb-usability-stoppoint 19:04:15 It's my opinion that stop points are our highest priority usability tickets, 19:04:15 followed by those tagged with 19:04:15 https://trac.torproject.org/projects/tor/query?keywords=~tbb-helpdesk-frequent. 19:04:15 Where those two intersect, we definitely have a serious issue. 19:04:24 I also sent a couple mails to dev-privacy to determine if Mozilla's plans wrt containers and isolation may be useful for our patches, or if we should continue to pref them as we are doing. 19:04:38 This week, my plan is to file some more usability tickets from the UX sprint, and work with dcf1, saint, mrphs and others to produce a blog post describing the outcome and our usability development plans and priorities. I also need to meed with the wikimedia foundation about allowing Tor account creation, and write our status report. 19:04:50 We also have quite a few tickets that need review. See https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~TorBrowserTeam201502R. We should make sure these all get some attention soon. Please tag tickets you are willing to review with your own review tag, so we can catch any that fall through the cracks. 19:05:00 Similarly, please check out https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~TorBrowserTeam201501 and see if there are any tickets there that still should be moved over into this month. 19:05:52 I think that's it for me. if there are any immediate questions about those URLs/tags, we can handle them now. otherwise we should probably wait until the end to go down the usability rabbithole discussion 19:06:19 (like if one of those links is dead, for example. I think they should all work?) 19:07:18 * MarkSmith Is looking forward to hearing more about the UX sprint (either in the blog post or via more tickets). 19:08:17 mikeperry: I appreciate your efforts to categorize bugs and clean out junk. There are a lot of tickets open and we will need to prioritize (as always). 19:10:07 nickm: it doesn't seem to work; must been doing something wrong; lemme push a commit. 19:10:55 yeah, there is a lot of noise and cruft accumulating in our tracker. my plan for later is to turn the tags into a roadmap, involving our current proposal items as well, and the ESR timeline. perhaps something for the dev meeting, but maybe I can do some preliminary work before 19:12:00 nickm: https://github.com/rl1987/tor/commit/3b600d665e99280e28d8f80d056e106d546b9011 19:12:39 mikeperry: what are your plans with the disconnect plugin #14490 19:12:41 ? 19:12:52 you were working on it, ritgh? 19:12:55 *right 19:14:37 meanwhile, I can say what I did last week: 19:14:38 I tried to get the localization working, but what little I could find did not work. I should document that on the bug. in general though, since our other search providers are not localized, I don't think that is a blocker, and will also have interactions with our spoof_english pref if we were to deploy it 19:14:56 ok 19:15:10 if you are satisfied with the disconnect search itself, we should move forward. did they answer all of your questions? 19:15:11 I looked at #10395 and the tor side changes look good now. I moved the Disconnect plugin and the Windows signing a bit forward. 19:15:38 Then I burnt some hours to test #3246 a little bit, I adapted #12430 to our current Tor Browser. 19:15:48 I cleaned up #11293 and am bisecting now on a spare machine as Mozilla is not biting after my initial bug report. I resumed working on #9387. 19:15:58 I reviewed Arthur's #14429 and thought quite a bit about the general way moving things forward here. 19:16:40 mikeperry: yes, I think I am happy for now with the answers 19:17:19 this week I plan to continue with the security slider and the windows signing 19:17:51 we'll see what else is coming up 19:18:25 oh, before I forget it: I won't be at the meeting next monday and am probably afk the whole next week barring some unforseen things 19:18:40 and I won't read my IRC backlog :) 19:19:13 that's it for me for now 19:21:52 * MarkSmith Can give an update. 19:21:59 This past week, Kathy and I did some code reviews for #10395 (thanks to nickm, this feature has been merged into tor master). 19:22:00 err I meant #11236 above 19:22:09 We also provided some feedback on the associated Proposal 227. 19:22:14 GeKo has filed #14676 to track implementation within Tor Browser. 19:22:21 We also worked on #13900 and we should have a patch ready for review tomorrow. 19:22:27 Finally, we spent some time on bug triage. 19:22:35 This week we plan to finish #13900 and start to work on #13406. 19:22:45 And work on whatever else comes up. 19:22:50 That's all for us. 19:24:33 * boklm can go next 19:25:28 I have improved the QA and Testing section of the TorBrowser/Hacking page: https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Hacking#QAandTesting 19:25:37 I also added a section about requesting tests on custom builds for #12222: https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Hacking#Requestingtestingofacustombuildusingthetbb-qa.ymlfile 19:26:21 this week I'm planning to continue working on #12222 19:27:12 On #14221, if we want to avoid including the build number in the build directory, I can make a patch to do that 19:27:43 that's all for me 19:28:16 what is the build number for? 19:28:31 do we need that for running tests? 19:29:53 it's useful to know which version we are testing when there are multiple builds available 19:30:25 however most of the time, there is only one build uploaded 19:30:55 so maybe that's not so useful 19:31:14 so, I think, if we have a tag at least then we could avoid that complication 19:31:59 like if we tag a release and start building from it 19:33:10 boklm: there is this test automation workshop at ctf. is this something useful for us? 19:33:43 GeKo: ah yes, probably useful. I will look at it and email that person. 19:33:44 should we attend there and if so how? 19:33:53 thanks 19:35:42 What is ctf? 19:35:57 I am on the fence about including a build number in the dist directory. it may make some things more clear, and it feels like it should reduce confusion if there are tons of build tags, but OTOH, rsync does run much faster if you are rsyncing a new build over an old dir 19:36:19 msvb-lab: circumvention tech festival https://openitp.org/news-events/save-the-date-march-1-6-2015.html 19:36:22 but perhaps that optimization can be done manually for those who want to make use of it 19:37:14 which optimization do you mean? 19:37:50 when you upload a TBB build, it is much faster to rsync the new build over an old one. either a previous build tag, or maybe even a previous TBB release 19:38:00 because our deltas our small and deterministic 19:38:05 yes 19:39:09 which seems a very good thing to me given the time constraints of releases. 19:39:39 and there should not be tons of tags actually. I think usually we have one or two 19:40:06 but it is something we can do manually, and maybe keeping the build number in the dir is a good idea. I can annotate the release process notes to describe the rsync optimization in a comment 19:40:12 nickm: "do you still think dgoulet should tweak the behavior of #14184?" => If I understand correctly the nitpick I made is unrelated to his change (that's existing behavior) so feel free to disregard my comment. Thanks for checking. :) 19:41:28 hm... which dir are we talking about? the one on people.tpo? 19:41:56 on dist we want to have the final release without some "build" part I guess 19:42:39 right 19:44:43 I actually don't see the value of the "build" part if we don't need it for testing something 19:44:52 ok, we should get back on track. I will update #14221 19:45:19 do we do clang/llvm builds of tor? 19:45:32 arthuredelstein: do you want to give your update? 19:45:39 he is not here today 19:45:42 see mail 19:45:53 because I could provide a buildbot like I do for coreboot 19:45:53 ah, see it now 19:45:54 ok 19:46:26 anything else in the way of updates? 19:46:33 fastmonoid: https://jenkins.torproject.org/ has some clang builds 19:47:11 Any guidance on where to shove TorBrowserTeam201501 tags for isolation/cookie tickets? 19:47:27 Should I retag with TorBrowserTeam201506? 19:47:51 boklm: thanks 19:48:26 boklm: is another build node needed, coreboot also uses jenkins too 19:49:22 machine is a haswell with 32GB of RAM, utilisation is low atm since its only building for coreboot 19:49:39 trac is not responding to me atm. what is the current status of the patch after testing? 19:50:28 gk tested it, iirc? 19:50:41 mikeperry: If you're responding to TorBrowserTeam201501 -> TorBrowserTeam201506, the status is 'in.' 19:50:46 It works, but just for session cookies. 19:50:47 I think we need some more testing and we need to look at the code 19:51:42 and then start thinking about the UI 19:52:17 So status 'needs_info' I'll leave unmodified, and set the release tag to TorBrowserTeam201506. 19:52:22 (I got burnt by not realizing that enabling third party cookies set privacy.thirdparty.isloate to "0" automatically) 19:52:37 *isolate 19:53:50 boklm: also how fast are those nodes? what kind of hw do you have there? 19:53:51 so if a user enables disk writes/disables private browsing mode the isolation will fail for non-session cookies? 19:54:38 ...going by memory. 19:54:49 During runtime the persistent cookies will behave as session. 19:55:13 ...but after restarting TBB those cookies will not have a second key. 19:55:28 ...and will thus be rejected (not sent.) 19:56:59 mikeperry: The question becomes, do we want to attack the cookie problem after several months or prioritize it. 20:00:57 While I'm blabbing, this week I'll continue development of a chrome mochitest to integrate #9701 in ESR38. 20:01:00 That's all for me. 20:01:19 this is probably the trickiest part in the identifier isolation area, so having something we can iterate from seems needed sooner than later 20:01:48 I think prioitization depends on how much benefit we expect from the patch for fixing things that depend on third party cookies, and also what Mozilla plans to do about third party cookies 20:01:58 also true 20:03:03 I suspect several tickets in https://trac.torproject.org/projects/tor/query?keywords=~tbb-usability-website&status=!closed may be helped by the patch 20:03:40 might be nice to test that somehow to get some real-world data 20:03:54 msvb-lab: do you have some stats here? 20:04:16 like things that really breask currently due to not having 3rd party cookies allowed? 20:04:23 *break 20:04:28 GeKo: Only minimal with huffingtonpost (the 43 Cced people on bugzilla read that huffingtonpost it seems.) 20:04:43 ...and Discus has changed APIs. 20:04:51 ...which has thrown a curve in this. 20:05:09 Lifyre is broken due to popups and 3rd party cookies. 20:05:23 ...so is facebook (both commenting system and 'like' thumbs.) 20:05:52 I think this week I'll triage what Mike mentioned and document in some way (maybe a child of #3246.) 20:05:56 yeah, that are the tricky "corner" cases 20:06:07 Or do we prefer a Google spreadsheet or what? 20:06:18 no. 20:06:30 For example LycosMail and BouyesTelecom logins. 20:06:41 ...okay, I'll find a child ticket to use or make a new one. 20:11:02 I think we should tag the patch itself with TorBrowserTeam201502R so we can remember to test it and document issues 20:11:32 Tag the patch itself? It's not its own ticket. 20:12:16 I'll tag all TorBrowserTeam201506 except the child ticket containing the patch, which I'll retag TorBrowserTeam201502R okay? 20:12:48 yeah, that sounds good 20:13:19 ok, I wanted to discuss a few other things before we break 20:13:59 first, Georg, do you have an OpenSearch xml for disconnect that uses POST? if so, can you attach it to #14490? 20:14:48 mikeperry: yes, you got the same mail I think, though :) 20:16:15 yeah, but I wasn't sure if you were tweaking other things in the xml 20:17:15 attached. 20:17:25 we can work from that one if we need to . 20:17:26 next, does anyone have any questions about the usability sprint, or the tags? 20:17:47 more about the priorization 20:18:02 (of the resulting tickets) 20:18:03 basically, 5 users tried to use TBB and did a "cognitive walkthrough" describing their thoughts. videos+transcripts should be available soon, I think 20:18:07 I think they all were mac users 20:19:41 well, the prioritization of stop points is based on the idea that it is most important to ensure that we have as few barriers to new people becoming TBB users as possible, and that growing our userbase is the most important overall goal of usability 20:19:54 karsten: dgoulet: plz check tor-internal for a draft of the hs statistics blog post. 20:20:42 and eliminating/reducing the cases where people become too frusttrated to get Tor Browser running at all is the best way to increase our userbase 20:20:53 Did one or more of the 5 users encounter each of the tickets in https://trac.torproject.org/projects/tor/query?keywords=~tbb-usability-stoppoint&order=id ? Or only the newly filed tickets? 20:22:23 in some form or other, I think all of those currently tagged tickets were hit by someone 20:22:32 except the updater ones 20:23:00 for ex: even though we did not have any users configure bridges, at least one was confused enough by the initial wizard and tried to do so 20:23:22 and had several questions/concerns relating to thoese existing tickets 20:23:47 there are also several issues with our website and old documentation that confused people 20:23:50 make sense. Unfortunately, we have a lot of stop points :( 20:23:51 I need to file those 20:23:58 then having a roadmap taking these findings into account + the current deliverables seems a good thing to me 20:24:06 yeah 20:24:33 mikeperry: If you and Arthur make the videos and transcripts available, can you please cross index the tbb-usability-stoppoint ticket numbers? 20:25:07 so, the tester base was quite small and did not indclude windows users, right? 20:25:34 correct. I added the equivalent windows and linux tickets in based on the assumption that the results would be similar 20:25:35 It looks like only 6 or the 19 tbb-usability-stoppoint bugs also have tbb-helpdesk-frequent, so as mikeperry mentioned earlier those might be most important (and yes, I know there are more tickets to be filed from the UX sprint) 20:27:25 mikeperry: that's good. nice job btw :) 20:28:07 (I feared the bias here due to so little testers...) 20:29:39 yeah, that's why I think it is important to look at the intersection of those two tags, but I also suspect that many of these issues from the sprint are quite common. 20:30:35 agreed 20:30:44 there also is a bias in that people at this sprint were probably even more successful in using TBB because of the "talk yourself through it" nature of the test, as well as having someone sitting next to them with the expectation that they should try to figure it out rather than just give up 20:31:08 yeah 20:31:36 hence I tagged things as stoppoints where the user simply paused or had to dig around the web in confusion for a while 20:33:05 anyway, I will be filing more bugs today, and hopefully we'll have the full results within the week or so 20:33:45 Were the test subjects given a set of predefined tasks to accomplish? 20:33:59 Sounds good (filing more bugs) 20:34:00 yes 20:34:41 It sounds like the data should be useful to us. Maybe we can also reuse the test protocols after we fix things, etc. 20:35:45 search for, download, and install TBB; use TBB to search for onions; use TBB to search for and play a youtube video ("ode to joy"); describe to their best ability what the buttons on the toolbar mean; use "New Identity" 20:35:51 Sebastian: weasel: would either of you be able to install two new Debian dependencies on ponticum for me? (please!) #14684 20:35:55 maybe one other that I'm missing. that was from memory 20:36:09 thanks 20:37:05 isis: . 20:39:54 I think that might be it for the meeting then, unless anyone has anything else? 20:41:47 alright. time to baf this thing 20:41:55 *baf* 20:41:58 #endmeeting