#tor-dev log

19:01:19 <mikeperry> #startmeeting tbb-dev
19:01:19 <MeetBot> Meeting started Mon Nov 23 19:01:19 2015 UTC.  The chair is mikeperry. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:01:19 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
19:02:49 <mikeperry> ok, last week I continued working on tor-core stuff (the netflow padding patch), and picked up the donations page. not much tbb work got done
19:03:58 <mikeperry> this week, I really will get us a dev/test signing cert for OSX. otherwise, I will likely continue donations page stuff, and maybe do some load balancing work for tor. its a short week anyway in the US
19:04:03 <mikeperry> that's it for me
19:06:20 <nickm> mikeperry: are you blocking on me for anything osx-related?
19:06:35 <nickm> I lost track there. I thought I gave you the stuff you needed, but I didn't check back.
19:06:37 <mikeperry> no, I don't think so
19:06:51 <mikeperry> pretty sure I am all good. I just need to fight with certtool
19:06:54 <nickm> ok. you've got my phone number. if you need me any day this week but thanksgiving, just call
19:07:11 <mikeperry> I got close to doing it a week ago, but then got distracted by something
19:07:56 * GeKo stumbles in
19:08:49 * huseby i'm here too :)
19:09:08 <Yawning> <- is here
19:09:17 <Yawning> though my issue made forward progress in the scroll back
19:11:54 <mikeperry> ok, who is ready? seems like a slow day :)
19:12:02 <GeKo> mikeperry: if you get bored and need something on yout bullshit-item-list: #17039
19:12:16 <GeKo> you are the only one who can do this
19:12:35 <GeKo> and it is pretty valuable having the LXC machine properly working
19:13:10 <mikeperry> oh, right. ok. I will poke at that now during the meeting
19:13:13 <GeKo> i can workaround the problem but it costs me time and others wanting to run test builds probably won't have that
19:13:19 <GeKo> thanks
19:13:49 <mikeperry> I think I can just use apt to do that. I hope.
19:14:23 <GeKo> yeah, and while you are at it there are stray gititan processes that need to get killed
19:17:04 <GeKo> alright, here is what i did:
19:17:30 <GeKo> i mainly worked on #15578 and #17568
19:18:11 <GeKo> i did a bunch of reviews:
19:19:01 <GeKo> #17009, #17344 and i started with #9659 and #16940
19:19:32 <GeKo> this week i'll finish the latter and add the missing bits for #15578
19:20:15 <GeKo> then i'll pick remaining bits from my november keybword
19:20:41 <GeKo> and will probably  poke at #17567 given that mozilla does not seem to think this has high prio
19:20:47 <GeKo> that's it for me.
19:22:33 * arthuredelstein can go
19:22:43 <arthuredelstein> Last week I worked on #17568, #15646, and #17565.
19:22:58 <arthuredelstein> I also worked on bugzil.la/1174386 and bugzil.la/1121643
19:23:12 <arthuredelstein> I spent some time investigating with huseby how to upstream Tor Browser's isolation patches.
19:23:24 <arthuredelstein> We're trying to understand the deep mysteries of Firefox's new Origin Attributes.
19:23:31 <arthuredelstein> And a few minutes ago Yawning and I worked out what's going on with #17550.
19:23:52 <arthuredelstein> This week I plan to work more on all of these selfsame bugs.
19:24:16 <arthuredelstein> That's it.
19:25:20 * mcs will go next
19:25:25 <mcs> This past week, Kathy and I created patches for #16940 and #17344.
19:25:36 <mcs> We did some followup research for #17442 and commented in the ticket.
19:25:42 <mcs> We also added a comment to https://bugzilla.mozilla.org/show_bug.cgi?id=1216882.
19:25:47 <mcs> We completed code reviews for #17369 and #13819.
19:25:53 <mcs> And we triaged a few bugs.
19:25:58 <mcs> Next on our list:
19:26:05 <mcs> - Follow up on any review comments we get for #16940.
19:26:08 <mcs> - Work with arthuredelstein to find a good solution for #17661.
19:26:14 <mcs> - Reviews other people's Tor Browser 5.5 patches.
19:26:18 <mcs> - Enjoy a couple of days off later this week for the U.S. Thanksgiving holiday.
19:26:23 <mcs> That's all for us.
19:27:16 * boklm will go next
19:27:29 <boklm> This past week I worked on #16009 to make it work on Windows
19:27:30 <boklm> I reviewed and tried the patch for #13819
19:27:39 <boklm> I have been looking at mozilla updater tests and opened #17662
19:27:52 <boklm> I am wondering if we could add a pref in our updater to allow downgrade updates (off by default) to make easier updater testing.
19:27:59 <boklm> This week I will try to make the test suite run on OSX.
19:28:08 <boklm> That's it.
19:30:32 <mcs> regarding #17662, you should be able to apply an update for the same version (e.g., overwrite everything with a full update). But I need to read that ticket more carefully o find out why you are asking.
19:30:41 <mcs> "to find out"
19:36:14 <boklm> mcs: ok. The idea would be to have a test channel containing an update we can use to test the updater. To do that we need an update that is signed, with a version number accepted by the updater.
19:37:01 * huseby can go
19:37:16 <huseby> wait, boklm done?
19:37:26 * boklm is done
19:37:59 <mcs> boklm: I will read and comment in the ticket or we can talk about this more after the "report out" portion of the meeting
19:38:07 <boklm> mcs: ok
19:43:57 <mikeperry> huseby: do you happen to know who we should ask about getting a Firefox tile for Tor? we're launching a donations campaign soon, so we'd probably want to link to the donate page or something similar
19:44:27 <mikeperry> in the past Firefox tiles have been thrown out there as something Mozilla could do for us, but I am not sure where to bring that up
19:44:42 <huseby> mikeperry: i do know
19:44:50 <huseby> let me get an email thread going
19:44:55 <huseby> I'll cc you on it
19:45:10 <huseby> it was in my proposals
19:45:18 <huseby> that I ran up the chain at mozilla
19:46:16 * huseby can go now
19:46:21 <huseby> so last week I was mostly on vacation
19:46:27 <mikeperry> ok great! I can explain the campaign and show some example stuff we might link to in reply
19:49:09 <huseby> but earlier last week arthuredelstein and I were trying to figure out the correct approach to uplift isolation patches now that origin attributes is a thing
19:49:18 <huseby> we made some progress
19:49:23 <huseby> picked up again this morning
19:49:30 <huseby> the main goal is to get the TPU patch out for review ASAP
19:55:47 <mikeperry> ok. anything else?
19:56:12 <GeKo> what is the plan for a defense against font fingerprinting for the stable users?
19:56:20 <GeKo> what is its timeline?
19:56:22 <mikeperry> I am upgrading this ubuntu machine. I think its almost done
19:57:27 <arthuredelstein> GeKo: I'm continuing to try to improve the font fingerprinting patches in the alpha.
19:57:58 <arthuredelstein> It would be good to discuss what we think needs to be done for it to be polished enough for stable
19:58:13 <GeKo> yes, i agree
19:58:56 <arthuredelstein> We're still getting occasional reports of issues for some platforms and locales, such as those from Yawning and mcs.
19:59:43 <arthuredelstein> So that's one thing.
20:01:30 <GeKo> would it make sense to think about some kind of hotfix for the stable users before we have the real stuff ready?
20:03:19 <arthuredelstein> Maybe -- one possibility is to limit the number of font queries allowed per first party domain.
20:03:46 <arthuredelstein> That is more similar to our old patch. Except the old patch limited by origin, which does not protect against multiple iframes querying fonts.
20:04:12 <arthuredelstein> I think that query limiting might be a good patch to have on top of the whitelisting, as a sort of defense in depth.
20:05:24 <mcs> How many issues are there other than #17550 and #17661? Maybe the full patch is close to acceptable?
20:06:44 <GeKo> mcs: i think we need to grab some ux people that need to do some serious testing on high-profile websites
20:06:57 <GeKo> at least
20:07:06 <huseby> sorry, I was done
20:07:09 <huseby> got distracted
20:07:14 <GeKo> no worries
20:07:25 <arthuredelstein> GeKo: I think that's a good idea.
20:07:50 <mikeperry> and probably also re-run dcf's fingerprinting experiment to see what the real benefit is from the font packs vs just a simple whitelist and a query limit
20:08:06 <GeKo> yes, good point
20:10:27 <arthuredelstein> mikeperry: Do you mean whitelist vs query limit?
20:10:44 <arthuredelstein> Or bundling vs whitelist?
20:11:38 <mikeperry> I think we could combine a per-OS whitelist with a query limit as well, without bundling, right?
20:11:42 <GeKo> okay, maybe getting the bugs above sorted out and mike's idea done until we ship 5.5a5 and then try to rope some ux people in to test the shit out of tha alpha migth be a plan
20:11:52 <GeKo> *the
20:12:19 <arthuredelstein> mikeperry: Yes, on Mac and Windows we basically have a whitelist and few fonts bundled.
20:12:42 <arthuredelstein> On Linux we're bundling all fonts because system fonts aren't very predictable.
20:13:15 <GeKo> arthuredelstein: oh, and i like your defense in depth idea (too)
20:13:55 <arthuredelstein> We had decided not to bundle fonts on Mac and Windows for UX reasons. So I'm not sure we want to go back to bundling on those platforms, even if it offers an improvement in anti-fingerprinting.
20:14:30 <mikeperry> ah, I missed that
20:15:05 <arthuredelstein> I mean, the decision is not set in stone. But you might remember we originally bundled all Noto fonts on all platforms, and nobody UXy liked that.
20:15:19 <GeKo> yeah, alas
20:16:09 <arthuredelstein> We could look for bundlable free fonts that make more people happier, but I think that is a very challenging project.
20:16:12 <mikeperry> right. I remember that. I didn't know that meant no bundled fonts at all for those OS's. but that does make sense. no need to bloat the download size
20:17:13 <arthuredelstein> It's a hard optimization problem given the tension between UX and fingerprintability.
20:17:39 <arthuredelstein> Also the need to test across platforms to decide what the effects of each font are.
20:18:02 <mcs> And letting users decide (e.g., via a pref) proably means not everyone will choose "less fingerprint-ability" who should (but s pref is a possibility)
20:18:14 <mcs> "a pref"
20:18:42 <arthuredelstein> mcs: What pref do you have in mind?
20:18:48 <GeKo> i think that is not going to work
20:19:03 <mcs> I do not have one in mind. We could create one to control this / provide options for people.
20:19:06 <GeKo> i mean we could do that but i see no sane way to explain that to users
20:19:18 <mcs> Right, hard to explain.
20:21:42 <arthuredelstein> So I guess the approach I was thinking of, is that we keep relaxing the constraints until UX is acceptable.
20:22:00 <arthuredelstein> And once we reach UX nirvana, we move it to stable.
20:22:19 <arthuredelstein> Then we can continue to tweak/harden the font whitelist and/or bundling as we learn more, in the alpha.
20:23:03 <GeKo> hrm.
20:23:14 <GeKo> yes, maybe we have to bite that bullet
20:23:36 <GeKo> no perfect solution might be better here than none
20:23:45 <arthuredelstein> That avoids having to wait for the font fingerprinting to be absolutely optimized, which is more akin to a research problem.
20:23:55 <GeKo> true
20:26:57 <arthuredelstein> I guess another question I have is whether query limiting (say bound to first party domain) is actually capable of offering any protection.
20:27:10 <arthuredelstein> That's also, unfortunately, a bit of a research problem I think.
20:29:33 <arthuredelstein> Like, if we allow only 5 font queries, that's still potentially 32 bits.
20:29:59 <GeKo> potentially, yes :)
20:30:11 <arthuredelstein> Argh, not bits, 32 distuingishable sets.
20:30:26 <arthuredelstein> So that patch may or may not be worth it. idk
20:30:44 <GeKo> i think going with the current plan sounds fine to me
20:31:05 <GeKo> we should reassess this after we got some serious UX feedback
20:31:14 <GeKo> in case majro surprises popped up
20:31:16 <GeKo> *major
20:31:55 <GeKo> (or dcf's tests remind us we are doing things wrong)
20:33:08 <arthuredelstein> Sounds good to me.
20:34:28 <mikeperry> yep
20:35:39 <mikeperry> alright, the build machine upgrade succeeded!
20:36:00 <GeKo> have you seen boklm's comment?
20:36:11 <GeKo> getting docker on it, too?
20:37:49 <mikeperry> ah, ok. doing that too
20:38:41 <mikeperry> ok, done, I think
20:40:51 <GeKo> do we have something else? i need to go afk soon.
20:41:12 <mikeperry> I think no
20:41:17 <mikeperry> thanks everyone!
20:41:24 <mikeperry> #endmeeting *baf*