18:00:28 #startmeeting tbb-dev 18:00:28 Meeting started Mon Jun 29 18:00:28 2015 UTC. The chair is GeKo. Information about MeetBot at http://wiki.debian.org/MeetBot. 18:00:28 Useful Commands: #action #agreed #help #info #idea #link #topic. 18:00:51 * amoghbl1 amoghbl1 here to give updates about Orfox 18:01:08 this week I mainly spent doing patch reviews 18:01:19 and fought with the toolchain upgrade 18:01:46 it seems I did not catch all issues with the new binutils and we need to leave that version bump out 18:02:21 I started looking at tor-messenger as well although the release related things ate quite some time of it :/ 18:02:52 this week I plan to get the 4.5.3 and 5.0a3 releases out assuming mikeperry is distracted 18:03:43 then I plan to work on the tor-messenger audit and finallyI am trying to clean-up all the loose ends on my ToDo list before my vacation 18:03:56 that's it for me. 18:05:13 * amoghbl1 I could go next 18:05:57 Earlier this week, I stripped out all the unwanted permissions 18:06:25 Contacts, camera, location, NFC, Accounts, Sync 18:06:44 get accounts permission remains which needs to be worked on 18:06:56 Next, added in browse in mobile mode 18:07:23 the default user agent is the same as tor browser but this one fails to render mobile sites 18:08:02 So added in another user agent for mobile and the new one has been included in check.tpo so both the mobile mode gives us a successful page as well 18:08:41 Added in the HTTPSEverywhere plugin into the apk 18:09:12 Need to figure out how to add in NoScriptsAnywhere as well 18:09:33 Removed out as much sync features as possible 18:09:42 The code is in there, but there's no UI to reach it 18:10:46 I'd like some help with deciding what the mobile user agent should be, I think the current one being used is very unique and might make fingerprinting easy 18:10:55 That's it from me 18:12:16 what is the current UA? 18:13:02 GeKo: https://dev.guardianproject.info/issues/5404 18:14:48 karsten: stupid idea 18:14:53 orfox users a detectable as orfox users anyway so the UA is not as important as long as all orfox users use the same 18:15:01 karsten: but is it possible to do the torperf experiment 18:15:04 karsten: without tor at all 18:15:13 karsten: to compare the time it takes to download those times with tor, and without tor? 18:15:24 karsten: or you think that comparing those two values is pointless anyway? 18:15:36 amoghbl1: what we did was taking the most prevalent windows Firefox UA for all Tor Browser users 18:15:49 karsten: bleh, you are using hidden servies so that doesn't make snse. 18:15:49 Is it a bad idea to use the same UA string as Firefox does on Android? 18:15:58 How is it possible to identify orfox users GeKo ? 18:16:24 mcs: That's the default one right now, but the problem is that mobile sites don't render nicely 18:17:11 So pages seem zoomed out and don't look very nice. So the mobile user agent is an option, that you could select if you want 18:17:18 So you are trying to fix a problem that Firefox for Android has? I am confused. 18:17:57 Oh no, it's not a firefox for android problem. Because we send a desktop UA, the servers respond with desktop friendly pages 18:18:14 amoghbl1: well, there are enough clues that your settings and extensions giving away 18:18:24 Right; I am suggesting to always send the mobile UA. Which is what GeKo is saying too, I think. 18:18:27 exit 18:18:36 oops :) 18:18:47 amoghbl1: Orfox will have a unique fingerprint, which distinguishes it from other browsers -- that's unavoidable. The hope is to give all Orfox users the same fingerprint, so they can't be distinguished from one another. 18:19:39 hmm, so we might as well stick to the mobile UA instead of using the desktop one? 18:19:46 yes 18:20:36 ok, I'll discuss this with n8fr8 and see what to do next! Thanks everyone 18:22:00 * mcs can give a status update now 18:22:11 Last week, Kathy and I helped resolve the remaining items for #16222 (screen sharing, WebIDE, etc.) and we fixed #16439. 18:22:21 We completed some code reviews for TB 5.0a3 and helped with bug triage. 18:22:27 We responded to review comments for #16300 and #16397. 18:22:36 We helped dcf find the root cause of #13247 and reviewed his fix. 18:22:46 We started to look at whether we can easily make about:tor unprivileged (not a regression, but something Arthur pointed out). 18:22:56 This week we will do some testing of the TB 5.0a3 updater and start to look at other ff38-esr issues for TB 5.0. 18:23:00 That's all for now. 18:23:57 * arthuredelstein can go 18:24:06 This past week I fixed up our issues with OCSP isolation (#13670) and favicon isolation (#16448). 18:24:26 I tracked down an issue with #15646. 18:24:31 And I wrote a patch for #16146. 18:24:52 I also ran some extra tests on media queries in picture elements. 18:24:59 And I wrote regression tests for mediasource: URIs (#15703). 18:25:08 Unfortunately there is something mysterious preventing isolation, even though, when I read the relevant C++ files, it looked as though they should. So I'm working on tracking down what the reason is. 18:25:27 This week, as well as trying to finish the mediasource URIs, I thought I would look into the font limiting issues again (#16312) and work on continuing to try to upstream patches to Mozilla. 18:25:56 Also I may get summoned for jury duty, so I'm not sure what my week will be like. :P 18:26:09 That's it for me. 18:26:16 yes, I think the font limit patch is quite high prio now 18:26:27 That's my feeling too 18:26:32 arthuredelstein: #16315 is done right? 18:27:18 Yes, it's done. Mainly last week I just did some experiments to confirm that it correctly detects if anti-fingerprinting is turned off 18:27:41 ok. 18:28:26 arthuredelstein: please get in touch with dcf for the font ticket 18:28:39 Yes, will do. 18:31:17 * boklm can go next 18:31:31 Last week I have mainly been working on Tor Messenger (which has a beta release planned for tomorrow). 18:31:34 This week I'm planning to: 18:31:52 - fix the https-everywhere test: the mediawiki.org URL we are using for the test is now redirected to https even without https-everywhere, so we need to use an other non-https URL 18:32:09 - fix the acid3 test which is unreachable through Tor: hosting a mirror seems difficult, so I'll try to setup a reverse proxy to access it 18:32:16 - continue looking at the Mozilla Try test results 18:32:17 ah, I was about to ask that, good 18:32:28 that's all for me 18:34:12 ok. anyone else who has a status update? 18:34:43 no update, no progress. :) swamped. 18:37:47 mcs: while looking at the tickets I was wondering whether #14205 would be smart to do. 18:38:09 while it has "e10s" in the title this thing bothers me for esr38 as well 18:38:34 and if we really find something I don't like the idea to deal with it the week before we want to release the new stable 18:39:35 I am sort of here 18:40:08 Kathy and I can look at #14205. It is a very open ended issue though. 18:40:11 last week, I reviewed a bunch of tickets for 5.0a3, finished up some loose ends, and worked on #16005 18:40:51 this week I'll be at PETS, so I'll mostly be distracted. I will be writing the status report and tagging tickets for July 18:41:10 mcs: yes, I am aware of that but some level of confidence might be good. 18:41:22 and sure the e10s things are for ff45-esr 18:41:40 re #14205, there's a few other calls like IsCallerChrome that are similar and use the thread JS context 18:41:49 Well, we will poke at it and see what we learn. And report back in the ticket of course. 18:41:57 thanks 18:42:53 all in all I think we are in good shape for 5.0a3 and getting all the necessary bits for the stable release in august should be doable 18:42:56 oh, I also worked on #16336, and a few other timing tickets 18:43:45 ok, anything else we should discuss this week? 18:45:45 thanks everybody! 18:45:54 * GeKo grabs his small egavel 18:45:55 *baf* 18:45:59 #endmeeting