18:01:40 #startmeeting 18:01:40 Meeting started Mon Oct 2 18:01:40 2017 UTC. The chair is GeKo. Information about MeetBot at http://wiki.debian.org/MeetBot. 18:01:40 Useful Commands: #action #agreed #help #info #idea #link #topic. 18:02:07 alright, i hope everyone made it to the new meeting channel 18:02:14 heehe 18:02:20 let's start with the weekly status update 18:02:34 who wants to go first today? 18:02:43 * arthuredelstein can go 18:02:59 This past week I worked on ubsan: https://bugzilla.mozilla.org/1404547 18:03:17 I focused on trying to land the -fsanitize=enum patches in Mozilla so that we can add that flag to the Mozilla debug build. The next flag I plan to work on is fsanitize=signed-integer-overflow -- I have a few patches for that as well but there are many more to do. 18:03:42 I also worked on #22343. I'm trying to writing unit tests to cover every possibility and then hopefully that will smoke out any more bugs in my patch. 18:03:59 I met with the Mozilla uplift team and reviewed a couple of their uplifted patches. 18:04:08 And I revised my patch for #23025. 18:04:45 This week I plan to try to finish #22343 and fsanitize=enum. 18:04:52 This week I plan to try to finish #22343 and fsanitize=enum. 18:04:56 And also high on my list is fixing #18101 (for Mac and Windows) and #23024. 18:05:02 Stupid copy/paste 18:05:09 That's it for me. 18:05:19 thanks. who is next? 18:05:34 I can go 18:05:52 I worked on MinGW some more, moving it closed to final merge. Got some mingw bugs fixed upstream 18:06:07 I talked with nmago about the crash reporter a bit 18:06:29 He seems to have found some unexpected code and behavior that was different from what he saw before. 18:06:56 breakpad bypassing the proxy 18:07:12 wow 18:07:13 also the about:config setting doesn't seem to apply, and he needed to edit a .ini file 18:07:19 So we're going to dig into that more 18:08:03 tor recently grew an http proxy IIRC, so if we need to use that I presume we'll be able to in some nearish future version of Tor Browser? 18:08:16 yes 18:08:28 Okay cool. That's it for me 18:09:02 thanks. who is next? 18:09:14 * pospeselr can go 18:09:41 looks like my fix for #22501 went in last week, and patch for #13398 has been approved 18:10:06 spent a fair bit of time in different VMs/configurations trying to repro #23016 (with no luck) 18:11:05 GeKo: could use another ticket to look at in parallel while we wait for more info from intrigeri 18:11:12 That's it for me 18:12:04 * mcs will go next 18:12:19 pospeselr: i think comment:22 might have a hint 18:12:39 the locales reconfiguration might help you 18:12:53 both intrigeri and i don't use a en-US system 18:13:04 ok! 18:13:15 and i tracked it down on my system to javascript.use_us_english_locale 18:13:26 flipping that pref fixes the problem on my system 18:13:52 now the question is why is that an issue and why is that related to multiprocess mode (in my case at least) 18:14:12 That's interesting. I think javascript.use_us_english_locale is a bit different in Firefox IIRC. 18:14:22 arthuredelstein: it happens there as well 18:14:28 ah ok awesome 18:14:33 i mean to file a firefox bug late 18:14:34 r 18:14:37 or tomorrow 18:14:51 but i wanted to get some feedback from intrigeri first 18:14:58 whether that fixes his issue as well 18:15:24 pospeselr: that said feel free to pick any ticket tagged with TorBrowserTeam201710 that interests you 18:15:27 should any fix for that be done on the firefox side of things and wait for the fix to come down, or both? 18:15:40 assuming it's a FF problem 18:15:43 yeah, good question 18:15:46 okay! 18:16:15 if we can easily provide a patch we should do it ourselves and upstream it 18:16:44 mcs: alright, sorry for the delay 18:16:46 understood 18:16:47 you have the floor 18:16:58 okay 18:17:03 Last week, Kathy and I made more progress on #23262 and along the way we also took care of some #23261 leftovers. 18:17:10 We reviewed Isabela’s roadmap – especially the UX items – and added some more items plus some links to tickets. 18:17:15 We met with catalyst and isabela to discuss the fancy progress bar for Tor Launcher, along with possible improvements in tor’s bootstrap status reporting. 18:17:21 This is a sketch of what the progress bar will eventually look like: https://marvelapp.com/3f6102d/screen/31457651 18:17:26 For now, Tor Launcher will have a simple progress bar; once the tor improvements are ready, we can work on the fancier one that should provide a better user experience. 18:17:33 Last week we also did some research for #23136 and exchanged some email with dcf and isis. 18:17:38 This week we plan to continue working on #23136 with the goal of creating a good plan for implementation. 18:17:43 That’s all for us. 18:18:04 what does "merge_ready" for #23261 mean? 18:18:11 who needs to do something here? 18:18:59 I don’t think that ticket should be merge_ready because the code is not. I forgot that linda made that change at some point. 18:19:10 I will adjust the status in the ticket. 18:19:18 and could you give a rough percentage value for how far we already are wrt to the bridge selection improvement and moat? 18:19:28 like could we say in both cases that 50% is done? 18:19:39 or 50% in the former and 20% in the latter? 18:20:13 it's just for the spreadsheet 18:20:22 to give a rough estimate on where we are 18:20:41 I am not sure what the scope of the bridge selection improvement is, but if it includes all of the UX changes I would say we are 85% done. 18:20:53 mcs: on network team meeting just before this one isis gave an update on moat server - eta is mid this week to have something you can start using 18:20:54 moat is more like 20% 18:21:11 okay, sounds reasonable, thanks 18:21:12 isabela: I saw that; thanks for asking isis for us. 18:21:19 cool 18:21:25 i was thinking we follow up on this on wed 18:21:31 i will send email to everyone to do so 18:22:12 who else is here for a status update? 18:22:21 * boklm can go next 18:22:31 please do! 18:22:38 This past week I helped publishing the new releases. 18:22:43 * isabela has some points to share with the team :) eventually 18:22:46 I fixed #23680, started thinking about #23657, and finished #23384. 18:22:50 I also signed a Tor Messenger release and fixed #23734 and #23385 18:22:59 I created a ticket for creating a VM for fpcentral: #23737 18:23:13 This week I'm planning to work on #23738 (once the fpcentral VM has been created) and get back to the Windows 64 build. 18:23:22 That's it for me 18:23:34 yes, those are the most important issues. 18:23:55 one thing you can work on, too, is getting debug builds integrated into tor-browser-build 18:24:16 debug builds? 18:24:23 we have a fuzzing deliverable and i think having those build using them would be good 18:24:52 well, if we think we want to fuzz our patches without a special type of build fine 18:25:11 do we have a ticket for that? 18:25:42 #21998 18:25:45 yes 18:25:48 ok 18:26:06 and the activity mentioned Rigorously memory safety test (eg: fuzzing) using Address Sanitizer builds 18:26:28 ok 18:26:31 so strictly speaking we could think about doing something else instead of fuzzing 18:27:08 i am fine if we want 18:27:48 but we want to start to fuzz our code anyway 18:27:59 so we could use to set some infrastructure up for it 18:28:08 ok 18:28:33 boklm: my current plan is that you could mostly work on that in november 18:28:53 that sounds good 18:28:54 we'll see if that works out given the other things on your plate 18:28:59 good! 18:29:11 alright, i think i can go now 18:29:25 this week i got dragged into #23016 18:29:50 we had a rather bumpy release that needed more attention than usual 18:29:58 especially due to noscript bugs 18:30:30 like #23718, #23723 and #23724 18:30:48 i spent some time on #21256 18:30:59 and on #23409 18:31:27 additionally the clouldfalre extension review related things ate quite some time 18:31:51 i reviewed #13398 18:32:08 and started to look at the patch for #16678 18:32:22 this week i plan to be afk tomrrow 18:32:44 but apart from that i hope to finish review for #16678 and get #23409 done 18:33:12 then i'll probably spend some time preparing all the meetings we'll have next week 18:33:33 the cloudflare extension will be a topic this week as well 18:33:47 and i'll be doing the being-of-the-month-admin-stuff 18:34:05 not sure what time will remain for looking at code :/ 18:34:08 or other issues 18:34:14 that's it for me 18:34:21 * isabela could go 18:34:42 What are our plans with respect to the Cloudflare extension? [maybe this is a good discussion topic?] 18:35:30 mcs: we can discuss it a bit later, yes 18:35:36 sounds good 18:36:30 isabela: please go 18:36:40 ok 18:37:15 thanks for the input on the roadmap last week, i ran that with the ux team and we picked some stuff - the final list of what we are adding in the designer proposal is here 18:37:23 https://docs.google.com/document/d/1kE6YbB1ecaXXFCLkLU2BmDVngb1u-IRZG2MW5tRKvns/edit# 18:37:27 if you are curious :) 18:38:07 another thing is that, I want to update the tor launcher feature brief with all the current work and decisions we are making 18:38:30 i want to share this with otf at the end of our contract when we are done with the tor launcher and moat deliverables 18:38:52 as of 'what is our vision for future iteractions here' 18:39:19 otf will ask about that for sure :) and I have spoke about it with adam too 18:39:26 for montreal 18:40:19 you want to have a session for it in montreal? 18:40:20 i would like to ask the team 1. be part of the website redesign discussion :) specially because of the download path 18:40:38 GeKo: nope 18:41:48 and 2. i will put together the mobile sponsor8 deliverables by timeline order 18:42:04 so you all can take those into consideration specially for things like 18:42:12 changing the toolbar features 18:42:40 from now on whatever you do on desktop will need a way to exist on mobile :) 18:42:57 to take that into consideration when talking about roadmap tasks etc 18:43:06 that's it 18:43:38 thanks 18:43:57 who else is here for a status update? 18:45:00 okay discussion time 18:45:25 i don't have anything in particular, so let's move to the cloudflare extension 18:46:20 to give some background: the underlying issue is that tor browser users have been seen a lot of CAPTCHAs due 18:46:40 to cloudflare giving tor exit relays a bad reputation 18:46:57 they guard that way against potential attacks 18:47:16 which led to users abandoning tor browser because they thought our browser is broken 18:48:04 they are developing an extension that tries to solve this issue in a privacy-preserving way by using some clever anonymous credential system where you need to spend tokens to avoid CAPTCHAs 18:48:21 i am currently reviewing that extension and provide feedback 18:48:43 our plans regarding the extension: that's a tricky issue 18:49:26 let me put it that way: we are currently looking only that it addresses tor browser needs 18:49:39 from a review point of view 18:50:01 but that does not mean that it automatically gets included once it is compatible with our design document 18:50:27 That seems like a good first step. We don’t have to make a decision yet about whether to recommend it, bundle it, or recommend that people avoid it. 18:50:32 there are much far-reaching things to concern like what about non tor-browser tor users? 18:50:40 that don't have xul and js available? 18:50:51 mcs: yes 18:50:59 Is there are place we can see the code? 18:51:13 we'll have at least two sessions in montreal about this topic 18:51:23 and i bet a bunch of other discussions 18:51:34 arthuredelstein: not yet, it's behind a private github repo 18:51:35 Bundling is also costly for our small team due to potential for updates of the brower or extension to cause problems… see recent NoScript problems. 18:51:54 yeah, but that's the least of my problems with it right now :) 18:52:42 from a technical point of view one of the most problematic issues it that it needs third party cookies allowed 18:53:08 to avoid spending too many tokens on third-party requests behind cloudflare 18:53:24 and we are currently having those cookies disabled 18:53:26 but there is more 18:54:00 anyway, the technical side is currently being worked on and we'll have plenty of time to discuss that and other related issues in montreal i guess 18:54:01 GeKo: I believe there's still an outstanding bug for third party cookies. 18:54:32 well, double-keying should work 18:54:46 Is it a webextension? 18:54:46 but we need to verify that and fix the cookie manager UI 18:54:49 yes 18:54:55 I didn't realize third party cookies were disabled; i didn't think they mattered much with FPI 18:55:24 yes, we want to enable them 18:55:44 but did not get around yet to solving the two remaining tickets for it 18:56:55 #21905 is the one 18:57:10 and #10535 the other 18:57:16 err #10353 18:57:46 anything else to discuss today (or some additional points)? 18:58:28 GeKo: I'm curious -- what privacy-preserving mechanism are they using? 18:58:57 I have just a quick question: the deadline for our current Sponsor4 contract is to deliver by 12/1/2017, correct? 18:59:11 yes 18:59:19 thx 18:59:26 arthuredelstein: blinded tokens 18:59:27 I just wanted to be sure 19:00:08 thanks all for the meeting *baf* 19:00:11 #endmeeting