#tor-dev log

18:02:06 <GeKo> #startmeeting tor-browser
18:02:06 <MeetBot> Meeting started Mon Jun 27 18:02:06 2016 UTC.  The chair is GeKo. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:02:06 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
18:02:21 <GeKo> hi and welcome to another tor browser meeting
18:02:38 <xvzx> hello GeKo, happy monday
18:02:43 <huseby> hi, i'm here
18:02:45 <GeKo> thanks!
18:02:46 <mcs> hi
18:02:55 <arthuredelstein> hi
18:02:57 <boklm> hi
18:03:00 <GeKo> let's get started with status updates. who wants to go first?
18:03:08 * arthuredelstein can go
18:03:19 <arthuredelstein> Last week I wrote a patch for #19478.
18:03:38 <arthuredelstein> I then examined some of our patches for upstreaming or obsolescence. I proposed #19508, #19510, and #19511.
18:03:46 <arthuredelstein> I rebased some patches got them to pass all try server tests, and submitted them to Mozilla, including
18:03:51 <arthuredelstein> https://bugzilla.mozilla.org/show_bug.cgi?id=1281963 (#13313)
18:03:51 <arthuredelstein> https://bugzilla.mozilla.org/show_bug.cgi?id=1121643 (#17207)
18:03:51 <arthuredelstein> https://bugzilla.mozilla.org/show_bug.cgi?id=1281959 (#17502)
18:03:51 <arthuredelstein> https://bugzilla.mozilla.org/show_bug.cgi?id=1281949 (#18958)
18:04:01 <arthuredelstein> The last one has landed.
18:04:17 <arthuredelstein> This week I want to try upstreaming some more patches, fix up my patch for #19478, and go back to trying to work on #13018.
18:04:31 <arthuredelstein> That's it for me
18:07:42 <huseby> i'll go
18:07:52 <huseby> https://wiki.mozilla.org/Security/Tor_Uplift/Tracking
18:08:41 <huseby> so there are 6 bugs active, 4 diff engineers
18:08:46 <huseby> o
18:09:01 <huseby> i'll be wrapping up adding the isolation pref and origin attributes isolation based on first party uri
18:09:13 <huseby> good progress is being made on the patch uplift
18:09:27 <huseby> i'll have more to report next week
18:09:48 <huseby> still targeting firefox 52 for everything to be landed
18:09:53 <huseby> but don't quote me on that
18:09:56 <huseby> that's just the goal
18:09:59 <GeKo> huseby: how are the priorities assigned wrt the active bugs?
18:10:00 <huseby> that's it for me
18:10:12 <huseby> GeKo: there's a rought order to things
18:10:15 <GeKo> i am especially interested in 1211567
18:10:32 <huseby> 1) get origin attributes isolation done, land all isolation patches, land all isolation tests
18:10:40 <huseby> 2) then land everything else
18:10:45 <GeKo> because chances are high that we get our e10s deliverable replaced by one that is working on sandboxing for osx and linux
18:11:05 <GeKo> and help on that bug from your side would be cool then
18:11:13 <GeKo> ok
18:11:23 <arthuredelstein> I have a question about that one (1211567) but maybe it should wait for discussion
18:11:26 <huseby> 1211567 is assigned to gary chen on our necko team
18:11:36 <huseby> it is an active bug
18:12:01 <huseby> that got picked up because it will take some time and the necko team has prioritized it as their contribution
18:12:11 <GeKo> yes, so work is under why there irrespecitve of progress on the isolation things?
18:12:12 <huseby> there's no person saying do this, do that
18:12:16 <GeKo> *way
18:12:19 <huseby> it's a purely volunteer effort
18:12:28 <huseby> GeKo: absolutely
18:12:34 <huseby> the necko team wanted to get in on the action
18:12:35 <GeKo> ok, neat
18:13:03 <huseby> i befriended jason duell, the engineering manager of the necko team, convinced him it was worth doing
18:13:06 <huseby> so they picked it up
18:13:11 <huseby> :)
18:13:44 <mcs> huseby: thanks for your efforts on our behalf!
18:14:05 <huseby> mcs: you're welcome :)
18:14:13 <huseby> it should have been done years ago
18:14:22 <huseby> i'm correcting a historical transgression :)
18:14:29 <GeKo> ha
18:14:32 <arthuredelstein> agreed. my thanks as well
18:14:37 <huseby> and lots of people at mozilla are behind this
18:14:55 <huseby> i've been able to get everybody to either not care, or support it.  nobody is fighting it anymore
18:15:10 <GeKo> \o/
18:15:56 <GeKo> okay, here is what i did:
18:16:43 <GeKo> i looked a bit at code for review (#8725 and #19478 + #19484)
18:16:57 <GeKo> then i was busy with the panopticlick GSoC project
18:17:09 <GeKo> i worked a bit on the documentation
18:17:32 <GeKo> and i spent some time dealing with the media stuff for the selfrando paper
18:18:12 <GeKo> i tried to follow bug reports wrt 6.0.2 closely but it seems we have now a stable version i can live with :)
18:19:45 <GeKo> this week i plan to work further on updating the design doc, #18925 and #19274.
18:19:58 <GeKo> that's it for me
18:21:33 * boklm can go next
18:21:53 <boklm> This past week I published the 6.0.2 release, I worked on #18923, #18497, and looked at the fp-central GSoC project.
18:22:03 <boklm> This week I'm planning to investigate the problems I have running our unit tests on #18923 and #15994
18:22:11 <boklm> That's it for me.
18:22:31 * mcs will go next
18:22:39 <mcs> Last week, Kathy and I worked some more on #19273 / #16623.
18:22:48 <mcs> We decide to change course and keep the separate prompt that is currently used.
18:22:54 <mcs> We are going to hook into the browser at the same points as Torbutton currently does (but in C++ instead of JS).
18:22:59 <mcs> We also spent a little time on #19484, #19481, #19491, and #19432.
18:23:12 <mcs> Finally, we helped with Tor Browser 6.x bug triage and reviewed the revised patch for #16998.
18:23:21 <mcs> This will be a short week for us but we hope to prepare a patch for #19273 (we will be away from keyboard Wednesday June 29th - Monday July 4th).
18:23:26 <mcs> That’s all for now.
18:23:51 <mcs> If it works for other people, we should move next week’s meeting to Tuesday.
18:24:02 <arthuredelstein> Works for me
18:24:03 <mcs> (if not, we will read the minutes)
18:24:28 <GeKo> yes, i was going to ask about that later.
18:24:33 <mcs> thx
18:24:43 <GeKo> fine with me (even better actually as i won't have time on monday either)
18:24:53 <boklm> Next tuesday works for me too
18:25:26 <GeKo> good. i'll send a mail to tbb-dev tomorrow then
18:25:44 <GeKo> anybody else here for a status update?
18:27:21 <GeKo> then let's move on to the discussion part.
18:27:36 <GeKo> i just had the meeting for next week on my list.
18:27:42 <GeKo> does anybody have something else?
18:27:51 <GeKo> arthuredelstein: you mentioned something above?
18:28:07 <arthuredelstein> Yes, I have a possibly dumb question about the domain socket stuff
18:28:38 <arthuredelstein> So the main idea is to use domain sockets so we can turn off networking for the browser, correct?
18:29:16 <arthuredelstein> The only connections allowed would be domain sockets to the tor process?
18:29:52 <GeKo> yes
18:29:55 <arthuredelstein> I guess my question is, is there an alternative possibility, where we just restrict networking to localhost?
18:30:08 <arthuredelstein> By whatever sandboxing mechanism we use.
18:30:21 <arthuredelstein> Or better yet, localhost + the ports needed for the tor process
18:31:23 <arthuredelstein> As a way of avoiding patching the browser.
18:32:51 <arthuredelstein> Or perhaps I am missing an additional advantage provided by domain sockets?
18:33:24 <arthuredelstein> Anyway, I was just reminded of this question, but no need to answer it now :)
18:34:52 <GeKo> what i find appealing is that you don't need to worry anymore about proxy bypass things with that feature
18:35:19 <GeKo> and you don't need to worry about your additional sandbox stuff you have behaving as expected
18:35:54 <GeKo> sure it is not for all platforms we support
18:36:14 <GeKo> but we won't get one sandbox solution there either
18:36:24 <boklm> for the sandbox, I also think restricting networking to localhost is more difficult to do than blocking network completly
18:36:45 <GeKo> yes, i'd assume that too
18:37:42 <arthuredelstein> I see. If that's the case on a given platform then domain sockets definitely seem like a better option.
18:37:51 <GeKo> another plus is that Mozilla has already done a great deal of the work with https://bugzilla.mozilla.org/show_bug.cgi?id=892114 and willing to support it out-of-the-box
18:38:12 <GeKo> s/and willing/and is willing/
18:40:10 <GeKo> okay. do we have anything else?
18:41:52 <GeKo> thanks everybody then and see you all next week on tuesady *baf*
18:41:57 <GeKo> #endmeeting