#tor-dev log

19:00:50 <GeKo> #startmeeting tor browser
19:00:50 <MeetBot> Meeting started Mon Jan 30 19:00:50 2017 UTC.  The chair is GeKo. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:00:50 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
19:00:57 <GeKo> hi all! meeting time
19:01:06 <mcs> hi
19:01:13 <boklm> hi
19:02:07 <GeKo> before we start with the usual status update just a heads-up for the discussion items i have for today
19:02:21 <GeKo> #18530
19:02:33 <GeKo> and the meeting mail isabela sent to tbb-dev
19:02:38 <arthuredelstein> hi everyone
19:02:44 <GeKo> for next week's discussion  i have #20814
19:02:57 <GeKo> i plan to send an email to tbb-dev for that one
19:03:02 <GeKo> summarizing where we are
19:03:18 <GeKo> and then we can discuss next meeting what we want to do with our hardened series
19:03:24 <GeKo> that said status updates
19:03:35 <GeKo> who wants to go first today?
19:04:01 * mcs will go first
19:04:09 <mcs> Last week, Kathy and I created a Tor Launcher README (#21264).
19:04:16 <mcs> We also created a patch for #21326.
19:04:22 <mcs> We completed some code reviews.
19:04:26 <mcs> We did some more testing with Arthur’s latest ESR52 branch.
19:04:32 <mcs> And we helped triage some of the TB 6.5 and 7.0a1 issues that were reported on the blog and via Trac.
19:04:40 <mcs> This week we plan to continue to participate in the “future of tor-launcher” discussion on tbb-dev.
19:04:45 <mcs> We also plan to experiment with multiprocess TB and Firefox’s ESR52 content sandbox on Linux (we did not get to that last week).
19:04:50 <mcs> We will also help with ESR52 rebasing efforts as needed.
19:04:54 <mcs> That’s all for us.
19:05:48 <GeKo> i can go i think
19:06:13 <GeKo> last week i helped getting the releases out and tracked all the issues that came up afterwards
19:06:50 <GeKo> i tagged them with tbb-6.5-regression and opened new ones for non-regression things
19:07:19 <GeKo> i think from the former we should try to get #20095 fixed or the situation improved at least
19:07:23 <GeKo> err
19:07:26 <GeKo> #20905
19:07:50 <GeKo> i worked on our toolchains for esr52
19:07:54 <GeKo> i files #21328
19:08:30 <GeKo> it looks not bad as mozilla fixed their on breakage of those build in mozilla51
19:08:42 <GeKo> i tested with their toolchain and got things compiled
19:09:17 <GeKo> i got esr52 with mingw-w64 almost compiledand linked with jacek'S pacthes
19:09:40 <GeKo> there is just a small issue left i need to bisect and fix but i am optimistic
19:09:52 <GeKo> then i worked on #15988 and #20254
19:09:53 <tjr> oooooo. anything I should try/work on this week there?
19:10:21 <GeKo> tjr: i can send you patches tomorrow/wednesday i think
19:10:41 <GeKo> and started with the feature review #19048
19:11:19 <GeKo> when looking at our toolchain situation laste weekend i decided to improve as many things i can for our switch to esr53 and rbm
19:11:23 <GeKo> *esr52
19:11:41 <GeKo> thus, i set this weekend down and wrote a patch for #10369
19:12:03 <GeKo> and am almost done with getting rid of our old gcc4.2 based toolchain for os x
19:12:13 <GeKo> part of that work is #21343
19:12:31 <GeKo> this week i want to finish #15988
19:12:59 <GeKo> + get the remaining mingw sorted out
19:13:19 <GeKo> if time remains i get back to #19048
19:13:24 <GeKo> that's it for me
19:14:15 * arthuredelstein can go
19:14:22 <arthuredelstein> This past week I posted branches for #20680 and #21201.
19:14:30 <arthuredelstein> I worked on creating a number of fingerprinting tickets for bugzilla.mozilla.org and met with the Mozilla Tor uplift team regarding fingerprinting uplift. I also met with them on FPI.
19:14:41 <arthuredelstein> I did some investigation of #21323 and discussed with legind. I will write up something there.
19:14:54 <arthuredelstein> And I worked on #20905, which requires fixing https://bugzilla.mozilla.org/581863, so I've been working on that.
19:15:10 <arthuredelstein> So this week I will try to finish #20905, and then go back to working on fixups for the rebase, including #21309 and #21308 and other child tickets of #20680.
19:15:19 <arthuredelstein> That's it for me
19:15:33 <GeKo> interesting, thanks.
19:16:04 <GeKo> you said you were close with #21224?
19:16:24 <GeKo> if so, might be a thing for the next alpha at least as well
19:16:33 <arthuredelstein> Yes, I should try and get back to that too.
19:16:51 <GeKo> cool. oh, one more: https://bugzilla.mozilla.org/show_bug.cgi?id=1334468
19:17:01 <GeKo> that might be a thing to keep an eye on
19:17:23 <GeKo> comment 12 is neat: "I usually use Tor Browser but wanted to test out the
19:17:25 <GeKo> feature in Firefox now that it has been uplifted."
19:17:30 <GeKo> yay!
19:17:46 <arthuredelstein> :)
19:18:07 <tjr> boklm: Do you want to go? Most of my stuff is discussion-y…
19:18:29 <arthuredelstein> I can have a look at 1334468 and see if it's anything obvious
19:18:41 * boklm can go
19:19:02 <boklm> This past week I helped publish the new releases, and started working on adding pluggable transports on #17380. I also took some days off.
19:19:09 <boklm> This week I'm planning to continue working on #17380 to add meek and obsf4, and start the sandboxing part.
19:19:18 <boklm> That's it for me.
19:19:39 <tjr> Okay, I can go
19:20:07 <tjr> I worked on mingw build patches some more
19:20:34 <tjr> I think I have a proposed patch for every major issue, and can start working on the less major ones (gcc 5.4; —enable-debug; sandbox)
19:21:04 <tjr> I sent an email about GSOC projects. Does anyone like/not like any of them
19:21:15 <tjr> And/or want to mentor one or more of them with me?
19:21:46 <tjr> They are: Crash Reporter, Privacy PReserving stats gather, .onion http/2 alt-srv investigation, and security slider enhancements
19:22:05 <GeKo> i think i could help with the crash reporter/HTTP/2 stuff
19:22:23 <GeKo> i agree that the sec slider things might not be enough for GSoC
19:23:39 <tjr> Okay.  I spoke with arthur a bunch about an experiment in getting tor in FF proper and the very beginning explorations of that
19:24:06 <tjr> I have a meeting with some extension people tomorrow to pick their brain and see how we (mozilla) could build something to experiment with
19:24:22 <GeKo> neat!
19:24:25 <arthuredelstein> cool! :)
19:24:40 <tjr> I don't know where this will land in terms of priority but… trying to move forward :)
19:24:56 <tjr> I got asked about https://bugzilla.mozilla.org/show_bug.cgi?id=1314448 - it seems this has gotten assigned a high priority and therefore they want to work on it ASAP.
19:25:28 <tjr> But before that gets pushed forward it might be better to kill the —disable-webrtc flag entirely, which is #16221 I think
19:25:36 <tjr> Maybe it's #14836
19:25:58 <GeKo> those things are not related to the build flag
19:26:26 <tjr> the moz bug is https://bugzilla.mozilla.org/show_bug.cgi?id=1314443 and they were linked to from there
19:27:00 <tjr> So I'm wondering which is the better solution 'for now':
19:27:09 <tjr> a) make the —disable-webrtc build
19:27:34 <tjr> b) investigate the prefs, confirm they work as expected, and add automated tests to make sure the prefs don't expose any dom elements
19:27:44 <tjr> and then, later, create the proxy bypass framework
19:28:04 <tjr> Or if WebRTC is too scary to trust just prefs for now
19:28:59 <GeKo> i think if we have everything ready for esr59
19:29:14 <GeKo> plan b) sounds fine with me
19:29:47 <tjr> 'everything' meaning the proxy bypass framework?
19:29:53 <GeKo> which means having https://bugzilla.mozilla.org/show_bug.cgi?id=1314793 on the esr59 radar as well
19:29:56 <GeKo> yes
19:30:20 <tjr> okay. I think that will be okay but I will confirm…
19:30:32 <GeKo> thanks
19:30:45 <tjr> And then finally I just wanted to repeat a comment earlier about Tor Launcher
19:30:57 <arthuredelstein> Another interesting project would be to figure out if it's possible for some subset of WebRTC features to work over Tor.
19:31:29 <arthuredelstein> tjr: (sorry, go ahead)
19:31:34 <tjr> I've been prodding the FF sandboxing team to think about sandboxing the main FF process, but if they do it I think it will be a long while. So I could see a future where we want to put chromium sandbox onto FF; in which case when we're thinking about the Web Extension future, making tor launcher a separate launcher may have an advantage there
19:32:29 <GeKo> hrm
19:33:11 <tjr> That's it for me
19:33:29 <tjr> I definetly think WebRTC over Tor is worth investigating; but if you mean a GSOC project I'm not sure what the goal would be :)
19:34:11 <arthuredelstein> I wan't thinking necessarly a GSOC project. But it could be. I think the first step would be to audit it and understand the privacy implications.
19:34:32 <arthuredelstein> And then to try to figure out how to make it TCP-only, IIUC.
19:34:46 <GeKo> #16621
19:34:51 <GeKo> #16221
19:35:11 <GeKo> is a really cooly idea leif made
19:35:28 <GeKo> and could be worth a GSoC project i guess
19:35:57 <GeKo> anyway
19:36:04 <GeKo> do we have other status updates
19:36:05 <GeKo> ?
19:37:21 <GeKo> or re #16221: the project could be to build a thing that makes it easier for us to investigate webrtc threats
19:37:43 <GeKo> (+ starting that investigation and generating first results)
19:37:52 <GeKo> okay, discussion time
19:38:05 <GeKo> let's start with the meeting mail
19:38:20 <GeKo> i thought about having three meetings i think
19:38:42 <GeKo> 1) for sponsor work which is currently sponsor4 and maybe the upcoming drl stuff, too
19:39:05 <GeKo> 2) one meeting with mozilla folks to discuss where we are and where we want to be in fall 2017
19:39:44 <GeKo> 3) I think we should meet with UX folks to think about some of our big usability issues and how to overcome them
19:39:57 <GeKo> (font related, locale related etc.)
19:40:14 <GeKo> does that make sense? do we need more meetings? should we have less?
19:40:24 <mcs> Your 3 meetings make sense to me.
19:40:42 <arthuredelstein> Which grant is the drl stuff again?
19:40:47 <GeKo> isabela: ^
19:40:51 <mcs> Do we need to produce roadmap kind of output? Maybe that will be covered by the sponsor meeting?
19:41:01 <GeKo> yes, that is sponsor meeting
19:41:29 <arthuredelstein> I think it would be helpful to discuss Orfox as well
19:41:30 <GeKo> arthuredelstein: the money for Tor Browser on Mobile would come from DRL
19:41:49 <GeKo> it looks like we have good chances to get that
19:42:05 <arthuredelstein> Great.
19:42:12 <GeKo> we need to make a final (hopefully) revision of our proposl which is due during the dev meeting
19:42:41 <GeKo> but i'd say it is coming and the plan is to hire a bunch of folks for that
19:42:49 <GeKo> so, exciting!
19:42:53 <arthuredelstein> Fantastic!
19:43:33 <mcs> Is the scope Android or iOS as well?
19:43:49 <mcs> (in any case, exciting!)
19:43:56 <ahf> dgoulet, asn, nickm: yes, assign away! :-) sounds good with looking into some tests as well.
19:44:08 <GeKo> okay. then i ask isabela that we go with that idea and hope we can get those meetings scheduled
19:44:13 <GeKo> mcs: android for now
19:44:36 <GeKo> then we have #18530
19:44:58 <GeKo> i looked at that part closer and am quite sure that we could support 10.6
19:45:05 <GeKo> it is just a small patch away
19:45:36 <mcs> My instinct is that we will eventually be unable to support the older OSX versions (because Mozilla is removing code, etc.)
19:45:43 <mcs> But maybe we can for ESR52
19:45:44 <GeKo> firefox would run on 10.7 still and i am quitue sure that it would run on 10.6 as well
19:46:03 <GeKo> the question is: should we do that?
19:46:27 <GeKo> i am currently inclined to say "no"
19:46:32 <GeKo> even for esr52
19:46:35 <mcs> Those operating system versions are most likely not getting security fixes from Apple
19:46:57 <GeKo> 10.6 not any longer and iirc 10.7 neither
19:47:32 <GeKo> my main fear is that some secruity fix backport makes the assumption they can happily deal with 10.9+
19:47:50 <mcs> That is a good point.
19:48:04 <GeKo> and that it breaks for us supporing 10.6 and not being easy to fix
19:48:04 <mcs> We would not have much time to fix the problem assuming we notice it right away.
19:48:12 <GeKo> yes
19:48:35 <GeKo> so, i'd argue for following mozilla and making that cut with esr52
19:48:45 <arthuredelstein> I agree it seems dangerous to try to support more platforms than Mozilla does.
19:49:12 <tjr> I agree.  Do we have a similar plan for XP? (Or make that decision already?)
19:49:13 <GeKo> good.
19:49:26 * boklm agrees
19:49:35 <GeKo> tjr: i am pretty sure we want to follow mozilla in that case as well
19:49:53 <mcs> WinXP is supported during the ESR52 lifetime, right?
19:49:58 <mcs> (by Mozilla)
19:49:58 <GeKo> yes
19:50:01 <tjr> Okay. I believe the current plan for XP is that they're going to get orphaned onto ESR branches….  Or maybe just ESR 52….
19:50:17 <GeKo> esr59 won't have xp support anymore
19:50:22 <tjr> okay
19:50:32 <mcs> I guess some Tor Browser users will need to upgrade their OS and maybe their hardware.
19:50:39 <GeKo> at least that is what i understood from the whole discussion
19:51:07 <mcs> Maybe XP and Vista go together: https://blog.mozilla.org/futurereleases/2016/12/23/firefox-support-for-xp-and-vista/
19:51:16 <GeKo> yes, they do
19:51:29 <mcs> Fine by me :)
19:51:36 <GeKo> yeah :)
19:51:51 <GeKo> okay, do we have anything else for the remaining 8 minutes?
19:51:55 <tjr> maybe
19:52:12 <tjr> I was thinking we should register with Microsoft and see if we have crash reporter reports for tor/Tor Browser
19:52:32 <atagar> meejah: 'is there a GSoC 2017 wiki page? i didn't find one (yesterday)' => Sorry, I don't understand your question. Are you looking for a tor wiki or google wiki? And a wiki of what?
19:52:37 <GeKo> tjr: that's interesting
19:52:40 <tjr> It's free, AFAICT; just requires agreeing to stuff
19:52:48 <GeKo> how would one do that?
19:52:51 <tjr> Which presumably requires getting our lawyers to read it :-p
19:52:56 <tjr> https://msdn.microsoft.com/en-us/windows/hardware/drivers/dashboard/windows-error-reporting-getting-started
19:53:12 <tjr> You'll find one needs an Azure something something account
19:53:16 <tjr> Which I believe is governed by https://azure.microsoft.com/en-us/support/legal/
19:53:26 <GeKo> hm
19:53:50 <GeKo> could you file a ticket on trac and put all ht einfo you have in it?
19:53:55 <tjr> Yup!
19:54:37 <GeKo> okay, anything else for today?
19:55:02 <GeKo> then thanks for the meeting *baf*
19:55:06 <GeKo> #endmeeting