#tor-dev log

18:59:55 <GeKo> #startmeeting tbb-dev
18:59:55 <MeetBot> Meeting started Mon Jan  4 18:59:55 2016 UTC.  The chair is GeKo. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:59:55 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
19:00:11 <arthuredelstein> hi everyone
19:00:15 <boklm> hi
19:00:17 <GeKo> hi everyone! a happy new year and welcome to the first meeting 2016
19:00:25 <arthuredelstein> Happy New Year!
19:00:34 <boklm> Happy New Year!
19:00:43 <loganaden> Live long and proposer in 2016 !
19:01:11 <GeKo> i'll start with a small overview about what i did in the past two weeks.
19:01:39 <GeKo> i managed to take some days off (althought i almost failed due to #17931)
19:02:27 <GeKo> i kept a close eye on the blog comments until christmas and filed tickets for issues that showed up
19:02:37 <GeKo> i wrote a small patch for #17851
19:02:56 <GeKo> and i spent time with tbb team admin things
19:03:35 * isabela is around too :)
19:03:48 <GeKo> this week we want to make a bugfix release for the crash bug and i plan to do all the reporting work that happens with every new month
19:04:04 <GeKo> + i'll update the tickets etc.
19:04:29 <GeKo> I hope to get back to the things that still have my december tag.
19:04:34 <GeKo> that's it for me.
19:04:48 <loganaden> is nickm afk ?
19:05:23 <GeKo> dunno but he is usually not around the tor browser meeting
19:07:36 * arthuredelstein can go
19:08:01 <arthuredelstein> First I want to apologize to everyone here for the bug in #17931. It was my bad mistake and I'm sorry.
19:08:11 <arthuredelstein> Since the last meeting, I wrote a patch for #17790. And I worked on #17931.
19:08:25 <arthuredelstein> I helped amoghbl1 with rebasing to the latest tor-browser.git branch.
19:08:36 <arthuredelstein> I did some investigation of #16096.
19:08:40 <arthuredelstein> This week, I will help with anything related to #17931 or the bugfix release.
19:08:58 <arthuredelstein> Also I would like to work on HSTS/HPKP isolation (#6458 / #17965), unless someone has already started on it.
19:09:19 <arthuredelstein> That's it for me.
19:10:13 <GeKo> that's fine (re HSTS/HPKP). i guess starting with HPKP and seeing how it goes might be a good thing
19:11:31 <mcs> Are we going to try to get the new isolation work done in time TB 5.5?
19:11:33 <arthuredelstein> I skimmed both HSTS and HPKP and they looked quite similar. But I'll start with HPKP first.
19:11:41 <mcs> in time *for* TB 5.5
19:11:44 <mcs> ?
19:12:07 <GeKo> i think having an alpha first at last to shake out bugs ans see how it works seems wise
19:12:22 <mcs> OK. I agree.
19:12:31 <GeKo> so, this is probably something for 6.0 if we still think 5.5 will get out in three weeks
19:12:55 * mcs will give a quick report
19:13:07 <mcs> Since the last TB dev meeting, Kathy and I reviewed a fix for #17931.
19:13:12 <mcs> We spent a little time on #17858.
19:13:17 <mcs> We triaged some bugs.
19:13:22 <mcs> This week we will work on #13252.
19:13:26 <mcs> That’s all for now.
19:14:17 <GeKo> mcs: fwiw if you want to grab #17858, please do it. I fear it won't bubble up on my toDo list anytime soon
19:14:26 <GeKo> *ToDO
19:14:34 <GeKo> ha, *ToDo
19:14:45 <mcs> OK. The new year is starting with a lot for everyone to do ;)
19:14:57 <GeKo> indeed
19:16:05 * boklm can go next
19:16:14 <boklm> In the past two weeks I was mostly offline. This week I'm planning to improve the testsuite Windows setup process, and help with the bugfix release.
19:16:18 <boklm> That's it for me.
19:19:22 <GeKo> alright, anyone else here for a status update?
19:20:28 <GeKo> then i have two items on my discussion list: the bugfix release and tbb 5.5
19:20:54 <GeKo> regarding the former: arthur could you make a revised patch for it?
19:21:20 <GeKo> ("it" being #17931)
19:22:17 <Phoul> (sorry to interrupt) when the Tor Browser releases are being built, do the builds pull directly from the translation branches? Or does the Tor Browser snapshot the strings somewhere in its own repo? I'm guessing it must be the second one, but I cant seem to locate where. Could anyone point at it?
19:23:00 <GeKo> boklm: how does your build setup look like? do you have one tor-browser-bundle checkout and do you clean everything between stable/alpha/hardened builds?
19:23:05 <Phoul> (just now realizing this is a meeting, ignore me until after)
19:24:16 <boklm> GeKo: I used to have only one checkout, but it was a problem for the previous release, so I'll use one checkout for each branch
19:24:51 <boklm> (for the next)
19:25:11 <GeKo> yeah, that's what i would recommend. i have one branch for stable, one for alpha and one for hardened and one where i do dev things
19:25:13 <GeKo> ok.
19:25:55 <GeKo> you could start building the current releases meanwhile until we have the new one ready to get built
19:26:24 <GeKo> that way it'll reduce the build time for the bugfix release considerably i guess
19:26:42 <boklm> ok, good idea
19:27:11 <arthuredelstein> GeKo: I'm working on the revised patch and will have it ready soon.
19:27:22 <GeKo> okay, thanks.
19:27:42 <GeKo> so, tbb-5.5
19:29:53 <GeKo> i guess the only things we want to keep out is #14429 and #12967 + related thigns
19:29:54 <GeKo> *things
19:31:30 * huseby can go
19:31:38 <huseby> hey, sorry for being a little late
19:31:46 <GeKo> hey, no worries
19:31:51 <huseby> so the origin attributes work is moving along niceley
19:32:07 <huseby> i've got a spreadsheet for all of the callsites for the principal creation functions:
19:32:09 <huseby> https://docs.google.com/spreadsheets/d/1MzKb8Bodhp3JhqpLArpnVqT4hkV-e1owXyM_yBZKlOs/edit?usp=sharing
19:32:18 <huseby> we've got some patches out already
19:32:22 <huseby> most of the fixup is trivial
19:32:32 <huseby> i'm working full time on this
19:32:41 <huseby> this will eliminate the need for the TPU patches
19:33:22 <huseby> when it's all done
19:33:30 <huseby> i will be able to move on to the isolation patches
19:33:41 <huseby> refactoring them to use the new origin attributes for isolation
19:34:02 <huseby> i'd like to flag some of you for extra review on the bugzilla bugs
19:34:13 <huseby> i'll be poking you here probably when the time comes
19:34:30 <huseby> i'm also investigating a 3rd party proxy management system
19:34:57 <huseby> no guarantees of course, but we're looking at it
19:35:06 <GeKo> cool!
19:35:49 <huseby> also, at some point we need to make sure that the new stuff being done around add-ons/web extensions doesn't break tor button/tor launcher
19:35:57 <huseby> has anybody looked at that yet?
19:36:21 <huseby> i've only been tangentially involved because i'm mostly heads down on origin attributes right now
19:36:34 <huseby> that's it for me
19:36:42 <mcs> brade and I looked at the Web Extensions APIs and what is lacking in order to reimplement Tor Launcher. Let me find the trac ticket.
19:36:58 <GeKo> #17248
19:37:01 <huseby> awesome
19:37:08 <mcs> What GeKo said ;)
19:37:17 <GeKo> there is a whole lot of input for you, huseby
19:37:20 <GeKo> :)
19:37:39 <huseby> thanks!
19:37:46 <mcs> It would be a lot better for us if we did not have to reimplement of course but I am not sure we will have a choice in the long run.
19:37:54 <huseby> i'll bring it up in the platform security meeting tomorrow
19:38:15 <mcs> Thanks!
19:38:16 <huseby> mcs: no guarantees, but mozilla is definitely responsive to your concerns
19:38:32 <huseby> i'm advocating for the tor browser/project internally
19:38:39 <huseby> (it's kind of my job :)
19:39:02 <huseby> thanks for that great feedback
19:39:50 <huseby> hrm...i was cc'd on that trac, i wonder why i didn't see that
19:39:55 * huseby debugs the email tubes
19:40:49 <GeKo> okay, back to tbb-5.5 planning.
19:40:52 <huseby> arthuredelstein: i'm reading your e10s isolation email and will respond shortly
19:41:01 * huseby is done
19:41:20 <GeKo> oh, while we are at it, there will be no e10s in fx45 it seems
19:42:34 <huseby> AFAICT, that's true
19:42:37 <huseby> but don't quote me on that
19:42:40 <huseby> i can find out if you want
19:42:45 <GeKo> which means much less work for us but sadly no content sandboxing either :(
19:43:04 <GeKo> i read dev-platform and there it is "announced"
19:43:14 <huseby> GeKo: but 52 is hopefully going to be a HUGE improvement in a lot of ways
19:43:32 <GeKo> yeah, that's true
19:43:56 <GeKo> anyway...
19:44:38 <GeKo> arthuredelstein: could you generate some data points on how the font fingerprinting defense fares against dcf's fingerprinting technique?
19:45:33 <GeKo> this should give us some hint where we are with out current approach and whether it is smart to have in tbb-5.5
19:53:24 <GeKo> okay, anything else to discuss (tbb-5.5 or a different topic)?
19:56:21 <GeKo> thanks for the meeting then. if you think we have more bugs we need to get fixed for tbb-5.5, please add the respective keyword.
19:56:24 <GeKo> *baf*
19:56:27 <GeKo> #endmeeting