#tor-meeting log

19:00:12 <GeKo> #startmeeting tor browser
19:00:12 <MeetBot> Meeting started Mon Nov  6 19:00:12 2017 UTC.  The chair is GeKo. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:00:12 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
19:00:14 <GeKo> hi!
19:00:27 <boklm> hi!
19:00:29 <isabela> o/
19:00:32 <GeKo> welcome to another tor browser meeting
19:01:05 <GeKo> who wants to go first with status updates?
19:01:56 <GeKo> alright, seems i can go
19:02:24 <GeKo> so last week (and actually part of the week before) i was occupied with the sec bug related release
19:02:38 <GeKo> it was a tricky one
19:02:47 <isis> o/
19:02:55 <GeKo> so thanks to everyone who helped with it and that we finally got the updated bundles out
19:03:06 <GeKo> even if it breaks functionality a bit
19:03:19 <GeKo> then i started to catch up with reviews and merging stuff
19:03:38 <GeKo> i did so for #10026 #23228# 23456
19:03:54 <GeKo> and #23997
19:04:23 <GeKo> furthermore i reivewed# #23261 a second time and found a way to reproduce another bug
19:04:47 <GeKo> then i started witht he begin of the  month admin work and am almost done with it
19:05:00 <GeKo> i finished #23409
19:05:17 <GeKo> and planned a bit for the nominally last month of sponsor4
19:05:40 <GeKo> this week i plan to move the sponosor8 hiring forward; there is still one position missing
19:05:52 <GeKo> then i need to take roadmap feedback into account
19:06:03 <GeKo> return to cloudflare related work
19:06:20 <GeKo> and start looking at #12420 and #20322
19:06:34 <GeKo> we need to prepare regular releases
19:06:45 <GeKo> (yes, this kind of thing is still existing)
19:06:52 <GeKo> and then start building stuff
19:07:09 <GeKo> boklm: i'll be in valencia next week, so i am not sure what i can commit to wrt releasing
19:07:22 <GeKo> i definitely plan to tag all the things and build both alpha and stable
19:07:36 <GeKo> but am not sure whether i get to sign all the things or put stuff out
19:07:39 <GeKo> probably not
19:07:43 <GeKo> that's it for me
19:08:03 <armadev> 'one position missing' -- does that mean we filled some?
19:08:03 <boklm> ok, I can do the signing if needed
19:08:25 <GeKo> armadev: yes, it seems we have two browser devs for mobile
19:08:32 <GeKo> who will start soon
19:08:38 <armadev> yay. i look forward to seeing the announcement.
19:08:54 <GeKo> who is next?
19:08:58 * arthuredelstein can go
19:09:11 <arthuredelstein> This past week I worked on #21394 and #24052.
19:09:21 <arthuredelstein> (No zwiebelbot I guess)
19:09:28 * GeKo wonders where the bots are
19:09:36 <isabela> :(
19:09:44 <mcs> Trac seems to be really slow at the moment
19:09:52 <isabela> (might have died during reboots?)
19:10:00 <isabela> (the bots)
19:10:13 <arthuredelstein> I also worked on #18101 for windows (URL in file dialog thing) and I'm think I am close to a solution that will work.
19:10:23 <arthuredelstein> This week I want to work on finished my #18101 Windows patch, and examine how I can test for Mac,
19:10:40 <arthuredelstein> Then try to finish up #22343, and, when I can, get back to Intel MPX and ubsan stuff.
19:10:40 <hiro> (mcs on a separated channel you can pass me some more info about your trac slowness)
19:11:13 <arthuredelstein> That's it for me
19:11:20 <GeKo> arthuredelstein: one thing i was wondering is whether you could have a look at #24154 as well
19:11:34 <GeKo> this might interest you and is part of our sponsor4 stuff
19:11:51 <GeKo> boklm is working on it too (the build related part at least)
19:11:58 <arthuredelstein> Yes, I'll look into it
19:12:09 <GeKo> but he could maybe need some help given that we only have about 4 weeks left
19:12:12 <GeKo> thanks
19:12:27 <arthuredelstein> evil pseudo-reloc
19:12:27 <GeKo> so there is no need to deploy all fuzzing framworks we can find
19:13:04 <GeKo> put picking some or one after some investigation and try to get it goiong for our tor browser patches would be neat
19:13:12 <GeKo> *going
19:13:23 <GeKo> that would be pretty helpful
19:13:36 <tjr> You can ask the FF fuzzing team if they do anything special to try and target fuzzers like jsfunfuzz at particular APIs
19:13:39 <GeKo> given i am away next week due to the OTF summit and the upcoming release
19:13:43 <tjr> might narrow things at particular TB patches
19:13:54 <GeKo> oh, that might be cool as well
19:14:16 <GeKo> and might save us time
19:14:20 <GeKo> thanks tjr
19:14:45 <tjr> Another approach that might save time is get FF fuzzing with the --enable-hardening flag _and_ getting that flag matching tor's build hardening flags
19:15:02 <tjr> right now --enable-hardening implies fstack-protector=strong only
19:15:18 <tjr> I hope to reland fortify_source=2 this week (by default not just behind that flag)
19:15:34 <tjr> but in general landing flags behind --enable-hardening is easy because it's non-default
19:16:16 <GeKo> maybe. i think the deliverable is more a like "have an asan build +  some fuzzing tool to check for issues in patches" thing, though
19:16:23 <tjr> ah gotcha
19:16:48 <GeKo> okay. who is next?
19:17:15 * boklm can go next
19:17:33 <boklm> This past week I went to the reproducible build meeting which went well, and I helped build and publish the new releases.
19:17:37 <boklm> Today I started 2 Windows 64 builds on 2 machines to see if they match.
19:17:44 <boklm> This week I'm planning to send to tbb-dev a small summary of the reproducible build meeting, and some ideas of things we could do.
19:17:51 <boklm> Then I'm planning to finish cleaning all Windows 64 patches to make them ready for review, then do #23738.
19:17:59 <boklm> If enough time I will also start looking at #24154 and #21998.
19:18:04 <boklm> That's it for me.
19:18:42 * mcs will go next
19:19:01 <mcs> Last week, Kathy and I revised our patches for #23261 and #23262 (new Tor Launcher UI).
19:19:12 <mcs> We also helped with #24052 (security firedrill) including researching other possible bypasses and testing GeKo's fix on macOS.
19:19:18 <mcs> This week, we will revise the Tor Launcher UI patches again (#23261 and #23262).
19:19:23 <mcs> Thanks to GeKo for reviewing that code and for finding things that need to be fixed.
19:19:28 <mcs> Then we will get back to work on moat integration (#23136).
19:19:33 <mcs> The status of the moat work is that we are working on the code that will make requests to BridgeDB (including parsing of the responses), but it is not finished yet.
19:19:40 <mcs> We should be ready to start testing that code soon, which is exciting!
19:19:44 <mcs> That’s all for us.
19:19:50 <isabela> hi mcs o/ i have some follow up with tor launcher stuff
19:19:57 <isabela> and isis has some questions too
19:20:07 <tjr> boklm: At some point I should sync with you and learn what i need to do to get FF building for 64bit inside of TaskCluster
19:20:09 <isabela> (should we do now or after meeting?)
19:20:32 <mcs> isabela: maybe after the status report phase is done?
19:20:40 <isabela> isis: ^^
19:20:42 <GeKo> tjr: i think there should be all relevant bugs filed in bugzilla
19:20:42 <isabela> cool !
19:21:17 <GeKo> although maybe the nsis one needs to get fixed, hm
19:21:34 <tjr> I think there's just one or maybe two; but I meant more 'confirm that these compiler flags are needed and do the things'
19:21:41 <boklm> does firefox use nsis too?
19:23:03 <GeKo> okay. who is next?
19:23:38 <tjr> FF uses NSIS, yes
19:23:57 <tjr> I can go
19:24:15 <isis> isabela: mcs: okay! i have to take off around 19:50 UTC to go to a mozilla meeting, but i could also talk after that
19:24:33 <tjr> I have been working on getting --enable-webrtc compiling with MinGW. There's a lot of bugs and I need to get back to them and clean them up, but i have solved all but a couple linking ones
19:24:54 <tjr> I also began, then paused in the middle of, getUserMedia and WebRTC related prefs to confirm they do the things we expect them to do
19:25:23 <tjr> There's a pref for disabling camera, mic, and screensharing we should put in the slider, I'd suggest
19:26:00 <tjr> (I also spent some time working on bwauth graphs for arthur's dns connection stuff but that's not too related :) )
19:26:07 <tjr> I think that's it
19:26:46 <GeKo> thanks.
19:26:55 <GeKo> anyone else here for some status update?
19:27:06 <boklm> tjr: ok for doing a sync about Windows 64 builds at some point
19:27:39 <GeKo> isabela: okay, the floor is yours :)
19:27:50 <GeKo> (discussion time)
19:29:05 <GeKo> isis: you can go ahead as well while we wait for isa
19:29:25 <armadev> while we wait for isa to type, i wanted to let people know about an initiative i'd like to start where we call out amazing volunteers and jon sends them swag
19:29:50 <armadev> https://trac.torproject.org/projects/tor/ticket/24148 is the ticket
19:30:01 <GeKo> +1
19:30:08 <arthuredelstein> great idea
19:30:13 <armadev> in an ideal world we would have it be part of the weekly process, where each week you notice the people who have been great for that week
19:30:26 <armadev> so, if you interacted with a great person this past week, please let us know
19:30:51 <tjr> +1 (We already did this with Jacek actually)
19:30:58 <mcs> maybe that should be a standing agenda item for these meetings
19:31:05 <armadev> yes please :)
19:31:06 <mcs> (so we remember)
19:31:20 <armadev> tjr: jacek?
19:31:24 <GeKo> caban
19:31:31 <GeKo> the mingw-w64 person
19:31:35 <tjr> JAcek Caban has helped a lot over the years with the Windows MinGW builds
19:31:46 <armadev> great
19:31:54 <arthuredelstein> Is there a place/person we should send these to?
19:32:13 <armadev> arthuredelstein: there is no process for that yet. "accumulate them here and get them to jon" is the best plan we have now
19:32:20 <arthuredelstein> o!
19:32:22 <arthuredelstein> k
19:32:51 <armadev> jon seems to have the right instincts in how to make people feel appreciated
19:33:29 <armadev> i've been thinking of telling him "imagine that the tor office lost its puppy, and you were really worried, and this person showed up at the office out of nowhere holding your puppy. what would you want to do to make them feel appreciated?"
19:33:50 <GeKo> hah
19:35:11 <GeKo> do we have anything else to discuss while we wait for isabela and isis?
19:35:51 <armadev> i've been wondering if a future tor launcher would want to use the tor in-process api, so tor is run in a thread and there is no external control port etc
19:36:10 <armadev> (partly stalling for isis and isa, partly actually curious)
19:37:05 <isis> ooops, sorry, got distracted helping atagar
19:37:11 <GeKo> np
19:37:25 <mcs> armadev: I have not thought about it, but it is an interesting idea. But there are implications for sandboxing and more, I am sure.
19:37:56 <armadev> mcs: good point. (man, why isn't this security thing easier.)
19:38:03 <GeKo> isis: so, what can we help with?
19:38:31 <isis> i was just wondering how the tor launcher using meek to talk to bridgedb was coming along, since i'm finishing up a beta of the server and i was wondering if we potentially want some sort of option to be able to hit moat resources not through a meek tunnel
19:39:32 <isis> i.e., if we're htitting a bunch of problems going through meek, should i go through the extra work to make moat also work not through meek?
19:39:40 <mcs> We started with getting the meek tunnel part working, so at this point we are happy to just use meek. But we will know more once we have the two sides talking :)
19:39:50 <isis> ok great
19:40:08 <isis> i should have a preliminary test server up today or tomorrow
19:40:15 <mcs> great!
19:40:26 <isis> it's still buggy, be warned, but you can talk to most of it :)
19:40:39 <mcs> I am sure our side is buggy too ;)
19:40:57 <isis> haha
19:41:06 <isis> ok cool, that's all from me
19:41:12 <GeKo> thanks.
19:41:23 <isabela> !
19:41:29 <isabela> sorry i got distracted with an email
19:41:35 <GeKo> isabela: you have the mic now!
19:41:59 <isabela> yes!
19:42:15 <isabela> i will start an email thread to do check ins on the tor launcher stuff :)
19:42:33 <isabela> i gave the heads up to the network team already, i think that will help coordination
19:42:41 <isabela> specially with the holidays season coming up :)
19:42:57 <isabela> also, i do want to talk about roadmaps a little bit
19:43:04 <GeKo> you mean on improving the ui further wrt to boostrap messages?
19:43:21 <isabela> yes
19:43:23 <GeKo> (re email thread)
19:43:26 <GeKo> ok, thanks
19:43:45 <isabela> i hope to keep these things in the check in email:
19:43:46 <isabela> Tor Launcher work check in - moat implementation, check in with Browser team too, progress bar msgs.
19:43:49 <isabela> *keep track
19:44:00 <isabela> is beyond just the sponsor4 stuff
19:44:17 <isabela> but of course, it has that stuff too :)
19:44:18 <isabela> anw
19:44:41 <isabela> re:roadmaps :) i hope to work with the ux team this week and start building a roadmap we can eventually share with y'all
19:45:02 <isabela> i knwo TB is a team with depencies crossed with ux  so i wanted to give you this heads up
19:45:06 <GeKo> i think the outline we made for the OTF piece
19:45:11 <isabela> *dependencies
19:45:19 <GeKo> and which we incorporated into our roadmap was not so bad
19:45:26 <isabela> i agree
19:46:06 <isabela> (and once all roadmaps exist i will send a note to tor-project sharing them, i am trying to give a heads up on that too because is a public list)
19:46:20 * isabela is done
19:46:37 <GeKo> alright, thanks!
19:47:09 <GeKo> arthuredelstein: mcs: i might grab you for some last minute reviews this week (it's release week). just as a reminder :)
19:47:57 <GeKo> arthuredelstein: mcs: actually, speaking of which: if you could look at #16678 that might be useful
19:48:11 <GeKo> this is matt's keyboard fingerprinting enhancement
19:48:23 <GeKo> and it should be in the alpha if possible
19:48:42 <GeKo> that said: anything else for today?
19:48:50 <mcs> GeKo: We will take a look.
19:48:55 <arthuredelstein> #16678 a little complicated because I think Mozilla came up with a divergent idea
19:48:58 <arthuredelstein> for solving it.
19:49:23 <GeKo> arthuredelstein: okay. could you update the ticket with that info?
19:49:30 <arthuredelstein> Yes, will do.
19:49:31 <mcs> arthuredelstein: Does that mean we should wait on Matt’s patch?
19:49:43 <GeKo> then we can think whether we want to move forward with matt's patch or not
19:49:48 <mcs> sounds good
19:49:49 <arthuredelstein> I'm not sure. It's a good patch in the meantime, so maybe we should
19:49:58 <arthuredelstein> But I think Mozilla's approach might be better in the longer tem
19:50:00 <arthuredelstein> term
19:50:45 <arthuredelstein> GeKo: Also, yes, I'll stay alert for any other needed reviews!
19:51:16 <GeKo> :)
19:51:30 <GeKo> thanks all then for the meeting *baf*
19:51:32 <GeKo> #endmeeting