19:00:54 <GeKo> #startmeeting tor browser
19:00:54 <MeetBot> Meeting started Mon Jan 15 19:00:54 2018 UTC.  The chair is GeKo. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:00:54 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
19:00:59 <arthuredelstein> hi everyone!
19:01:00 <GeKo> hi all!
19:01:07 <mcs> hi
19:01:09 <igt0> o/
19:01:09 <pospeselr> morning!
19:01:23 <GeKo> sorry for having thismeeting on a public holiday in the US, my bad
19:01:43 <GeKo> i'll check with the office and try to get the official tpo holidays for this year
19:01:56 <GeKo> and mark the  mondays accordingly in my calendar
19:02:02 <pospeselr> I can forward the calendar to you
19:02:17 <GeKo> oh, please do
19:02:43 <boklm> hi
19:02:55 <GeKo> anyway, let's have a look over the updates at https://storm.torproject.org/shared/tHoN4Ii7rLSjPE0OP4gydX4cMGadsXmRQNc-6lwru0N
19:03:02 <GeKo> and mark things in bold we want to talk about
19:03:33 <pari> hi
19:04:09 <GeKo> pospeselr: thanks!
19:04:17 <GeKo> hi pari, welcome
19:04:47 <pari> sorry for being late. was looking up to joining this meeting in case there is anything needing to be discussed wrt the user issues spreadsheet
19:05:25 <arthuredelstein> the spreadsheet is a great thing
19:05:58 <arthuredelstein> thanks for making it
19:06:14 <pari> you're welcome
19:06:23 <pari> I'm glad it was useful in some way
19:08:26 <GeKo> okay, let's start i think
19:08:53 <GeKo> arthuredelstein: just regarding the patch list for upstreaming
19:09:17 <GeKo> if you couldsort it by priority that might be good
19:09:27 <GeKo> s/couldsort/could sort/
19:09:44 <GeKo> we could at least have better discussion then if we want
19:09:59 <GeKo> do, the deadline for upstreaming is like begin of march
19:10:24 <GeKo> which leaves us 7 weeks
19:10:32 <arthuredelstein> Yes! Makes sense. We've also been setting priorities for fingerprinting patches with the Mozilla uplift team.
19:10:40 <GeKo> ok
19:11:02 <arthuredelstein> I'll post a link to that as well when I send the email
19:11:11 <GeKo> i thought about richard helping with the upstreaming
19:11:23 <GeKo> so that you are not the only one working on it
19:11:34 <arthuredelstein> that would be great
19:11:42 <GeKo> that way we migth get more patche sinto the tree
19:11:52 <GeKo> good, exciting
19:11:52 <pospeselr> yeah definitely
19:11:53 <arthuredelstein> right
19:12:15 <GeKo> pospeselr: looking at your pdf thing
19:12:23 <pospeselr> ugh
19:12:29 <GeKo> i think it's totally reaonsable to test the approcha in an alpha
19:12:45 <GeKo> we'll see if the performance costs merit it, i am skeptical
19:13:01 <pospeselr> disabling range-requests you mean?
19:13:07 <GeKo> yes
19:13:32 <GeKo> mozilla wants to get rid of pdfjs anyway in the future, so spending too much time might not be worth it
19:13:46 <GeKo> i have to look up when the actual switch to the google thing is
19:13:59 <pospeselr> ok excellent
19:14:03 <GeKo> i think it will miss esr60 but i am not sure
19:14:08 <arthuredelstein> The google thing's going to have potentially similar problems, I guess
19:14:26 <GeKo> well, it's a different architecture
19:14:27 <pospeselr> I beleive there's a about:config option we can set which disables it entirely
19:14:38 <GeKo> no js running in the browser
19:15:06 <GeKo> so, there is hope that the range requests are easier bound to the url bar domain
19:15:07 <arthuredelstein> right -- I just mean it may violate FPI
19:15:12 <GeKo> sure
19:16:10 <GeKo> pospeselr: looking at the roadmap there is the proxy bypass prevention to work on
19:16:26 <GeKo> do you think you'd switch gears to look at that topic a bit more
19:16:29 <GeKo> ?
19:16:36 <pospeselr> sounds good to me!
19:16:43 <GeKo> great
19:16:49 <pospeselr> do you have a link to the roadmap handy?
19:17:42 <GeKo> i think one bug to get started which is yawning complaning about for a while is #22794
19:17:45 <GeKo> yes
19:17:53 <GeKo> https://storm.torproject.org/shared/roevbMxlBi5rxSAh57iRjy8w1MB2HZArEmM2JekbqPM
19:18:30 <pospeselr> alright I'll start with that bug then!
19:18:33 <GeKo> i am pretty excited about https://bugzilla.mozilla.org/show_bug.cgi?id=1322426
19:18:49 <GeKo> it might be worth following the move to a dedicated network process
19:19:14 <GeKo> which we can send sandbox like heck only allowing things like communicating via unix domain sockets
19:19:36 <GeKo> okay!
19:20:11 <GeKo> boklm: one question  i had: we have regular nightly builds right now, right?
19:20:34 <GeKo> are the test suites run somewhere as well or is that broken?
19:21:09 <boklm> this part (running test suites on it) is broken. I can work on fixing that.
19:21:27 <GeKo> i think we should do that before working at the nightly updates
19:21:29 <boklm> ok
19:21:35 <GeKo> (priority-wise)
19:21:48 <boklm> so I can work on that this week
19:22:02 <GeKo> then i guess there will be progress possible on the fpcentral thing
19:22:08 <boklm> yes
19:22:31 <GeKo> i think weasel can do the thing he can do and then you can take over from there
19:22:43 <GeKo> we only have to the end of january for that
19:22:45 <boklm> ok
19:23:09 <GeKo> so i think this is the highest prio right now, as we want to have some time left to iron things out and add a test maybe
19:23:51 <GeKo> okay, discussion topics. i've collected some over the week(s)
19:24:13 <GeKo> pari is here who collected the stats regarding users coming to the helpdesk
19:24:37 <GeKo> this is pretty helpful both for planning as for getting feedback
19:24:58 <GeKo> i think we should have someone within the team to be the point of contact for this feedback
19:25:15 <pari> GeKo yes, that will be useful
19:25:25 <GeKo> that mainly means helping pari to keep track of browser side things like new tickets reflecting those reports
19:25:45 <pospeselr> i can do that!
19:25:47 <GeKo> or sneding a note once we resolved such a ticket
19:25:58 <GeKo> pospeselr: thanks, it's yours then!
19:26:19 <pari> pospeselr: great :D
19:26:53 <pari> you can drop me a mail and we can discuss further on how we will collaborate
19:27:02 <pospeselr> yeah for sure
19:27:15 <GeKo> i had some conversations at the 34c3 that were pretty useful
19:27:24 <GeKo> one of them were with the Taler people
19:28:12 <GeKo> they urged me to make some kind of commitment to include their extension into tor browser once it's ready
19:28:52 <GeKo> Taler is an online payment system which tries to provide a good solution for online payments
19:29:04 <GeKo> both privacy as security and free software-wise
19:29:20 <GeKo> i wonder what i should reply to them
19:29:37 <GeKo> it's usecase is not directly covered by out design document
19:29:43 <GeKo> *its
19:29:46 <mcs> My initial reaction is that if we include Taler we will be pressured to include many other things (but I do not know anything about Taler).
19:29:47 <GeKo> *our
19:30:05 <arthuredelstein> I think it would be cool to have some sort of cryptocurrency support in Tor Browser.
19:30:06 <igt0> Do you know if there is any kind of interop or if it uses webpayments api?
19:30:10 <pospeselr> this one? https://addons.mozilla.org/en-US/firefox/addon/taler-wallet/
19:30:15 <GeKo> yes, that's one risk
19:30:37 <GeKo> igt0: they had some issues with the webpayments api efforts
19:31:15 <GeKo> because it if i understand it correctly those webpayments efforts took privacy not as seriously
19:31:20 <GeKo> pospeselr: yes
19:31:21 <arthuredelstein> Most of the cryptocurrencies (such as bitcoin) are trackable, though. Does taler support zcash?
19:32:19 <GeKo> not right now i think
19:32:44 <pospeselr> this smells kind of out of scope of Tor Browser
19:32:48 <arthuredelstein> I would be hesitant about providing users a footgun where their wallet ends up getting tracked on the blockchain.
19:32:55 <pospeselr> yeah exactly
19:33:10 <arthuredelstein> hesitant --> worried
19:33:48 <GeKo> okay, i see
19:33:56 <arthuredelstein> Personally I think it could be in-scope, but we would need to be very cautious.
19:34:11 <arthuredelstein> I mean, if we don't provide a cryptocurrency support, then users will build their own footguns :)
19:34:27 <GeKo> i wonder whether we should use the taler case to think about general requiremtns for getting additional extensions into tor browser
19:34:43 <GeKo> arthuredelstein: yeah, that's a good point
19:35:17 <mcs> Another general concern is with shipping additiional extension code that we do not maintain (e.g., it that may interfere with other stuff in Tor Browser and we will be asked to fix it).
19:35:28 <GeKo> so what i made clear to them is that we don't include it right now anyway
19:35:47 <GeKo> because there are no merchants yet where one can pay with Taler
19:35:48 <mcs> I like the idea of thinking about general requirements wihout making any promises about shipping anything.
19:36:25 <mcs> It would also be bad to lead the Taler people along if we plan to say no in the end though.
19:37:26 <GeKo> that's why they'd like to have kind of a letter to show around saying  "hey, Tor is interested in including our stuff let's set up some merchants"
19:37:56 <GeKo> mcs: yes, leading them along is a thing i'd like to avoid, too
19:38:02 <arthuredelstein> I don't understand taler, but it seems to be more than just currency support, but some kind of integration with bank accounts, etc. I would lean toward something that was more neutral in terms of provider if possible. Like, there are many ways to obtain bitcoins. That seems an orthogonal feature to having a GUI wallet.
19:39:17 <GeKo> yeah, it's no new currency
19:39:33 <GeKo> they want to provide a secure online payment system
19:39:48 <GeKo> which preserves your privacy
19:40:14 <GeKo> it's like paying with cash on the  internet :)
19:40:46 <arthuredelstein> sure, but lots of cryptocurrency companies do that, right?
19:41:11 <arthuredelstein> they sell you bitcoins and then you can spend them at any merchant accepting bitcoins
19:42:12 <GeKo> okay, thanks for the feedback so far
19:42:20 <GeKo> last item on my list
19:43:09 <GeKo> i thought about setting up some 1to1 meetings with all team me,bers mainly to get feedack
19:43:18 <GeKo> on my work and on how the team is functioning
19:43:32 <GeKo> i think this is important especially as the team is growing
19:43:52 <GeKo> i might start to lose track of things
19:44:02 <GeKo> or do not put enough weight on areas i should
19:44:31 <GeKo> that's not meant as a performance review or such kind of a thing
19:44:42 <GeKo> we don't have that at tor (at least not yet)
19:45:03 <GeKo> just as a general exchange at least once a year about how things are
19:45:14 <GeKo> and what could get improved
19:45:48 <GeKo> i thought about doing those 1to1 meeting at the end of june this year
19:45:52 <mcs> 1:1 meetings seem like a good idea. I am not sure what frequency makes sense; I leave that up to you.
19:46:12 <GeKo> dunno either, we'll see i guess
19:46:21 <mcs> Yes.
19:46:27 <arthuredelstein> Just in general my feeling is that it's good to have frequent feedback.
19:46:47 <arthuredelstein> To correct things earlier, resolve misunderstandings, etc.
19:47:27 <GeKo> well i think that is happening via this meeting/reviews/the dev meetings etc. to some extents already
19:47:31 <GeKo> but, yes, sure
19:47:38 <GeKo> *extent
19:47:38 <arthuredelstein> yes definitely
19:47:54 <GeKo> so we are not totally in the dark :)
19:48:26 <GeKo> and as i said earlier please ping me if there is anyting you think we/i should address
19:48:48 <GeKo> that said, we'll try the 1:1 thing out
19:48:57 <GeKo> and take it from there
19:49:02 <GeKo> okay
19:49:05 <GeKo> that's all i had
19:49:12 <GeKo> do we have something else for today?
19:50:02 <GeKo> hearing crickets
19:50:02 <mcs> Nothing from me.
19:50:15 <pospeselr> *chirp chirp chirp*
19:50:16 <GeKo> thanks then everyone *baf*
19:50:19 <GeKo> hehe
19:50:22 <GeKo> #endmeeting