#tor-meeting log

14:59:24 <richard> #startmeeting Tor Browser Weekly Meeting 2022-12-12
14:59:24 <MeetBot> Meeting started Mon Dec 12 14:59:24 2022 UTC.  The chair is richard. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:59:24 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
14:59:28 <richard> dang what a magical date
14:59:51 <PieroV> Yeah, I've noticed too this morning
14:59:53 <richard> i'll give a few minutes for folks to roll in
15:00:02 <boklm> hi
15:00:21 <msim> 2022-12-13 over here :(
15:00:25 <msim> i'm missing out on the magical date
15:00:25 <ma1> o/
15:01:08 <donuts> o/
15:02:12 <richard> ok then
15:02:39 <richard> so the 12.0 release last week seems to have gone off w/ very few problem
15:02:58 <PieroV> \o/
15:03:00 <Jeremy_Rand_36C3[m]> \o/
15:03:15 <richard> we're planning on a 12.0.1 tomorrowish and our first 12.5 alpha shortly thereafter
15:03:31 <boklm> \o/
15:04:05 <PieroV> (I've added a bold item re 12.5a1 and l10n changes)
15:04:06 <richard> we've had a few issues come in: namely the drag-and-drop protections patch perhaps protected too much and broke some actually safe scenarios; ma1 has a MR for that and will be in 12.0.1
15:04:36 <dan_b> \o/
15:04:57 <donuts> nice
15:05:00 <richard> and there seems to be a regression in some env variable setup for users with *intersting* configurations (namely socks via unix domain socket) which seems to be a bit of a mystery so far
15:05:15 <richard> but isn't a blocker for 12.0.1
15:05:48 <richard> well specifically socks via unix domain when configured by env variable, setting manually in about:config is apparently fine
15:06:23 <PieroV> There's some magic in torbutton for that :/
15:06:42 <PieroV> I can handle it, not sure about the priority
15:07:10 <richard> beyond the alpha releases this week, hopefully the only other major thing of note is our s131 meeting on Thursday where hopefully we'll nail down their requirements so we'll know exactly what work we'll be doing in the new year
15:07:21 <PieroV> But I can be happy enough if it's the only problem caused by the tor-launcher refactor, I expected fires
15:08:18 <ma1> we've got another meeting later today (17UTC) , right?
15:08:21 <richard> PieroV: if it's an easy fix i wouldn't say no to a patch for 12.0.1 but it's not a very commonly used feature so it can wait for january if it will cause stress
15:08:37 <PieroV> richard: def not 12.0.1
15:08:49 <PieroV> I thought you wanted to start building asap
15:09:23 <richard> only thing blocking 12.0.1 is the drag and drop fix which i think is currently good enough in its current iteration
15:09:28 <PieroV> ma1: two other meetings today, that one and then the release meeting at 1800UTC
15:09:40 <msim> PieroV: what's the 1700 one?
15:09:47 <PieroV> That's for desktop
15:09:51 <ma1> PieroV, right, pile of meetings :)
15:09:52 <msim> ah
15:09:57 <PieroV> msim: it's a S131 meeting
15:10:18 <msim> ah
15:10:39 <richard> i think it's more of an org strategy meeting around s131 and the future and all of that
15:11:29 <richard> and the tor browser release meeting at 1800 which y'all are welcome to join as well
15:11:44 <richard> if you just need more meetings in your life
15:11:57 <donuts> Oh the Future plans meeting? It's a mix of S131 and S101
15:12:18 <richard> yop
15:12:50 <richard> hm ok, donuts why don't you take the first discussion point
15:13:01 <richard> otherwise i think we'll fill up the hour with computer talk
15:13:16 <donuts> haha sure thing
15:13:48 <donuts> For reference, the point is: Quick recap of some fresh TB 12.0 bug reports/user feedback
15:14:07 <richard> oh right, the pad for the records: https://pad.riseup.net/p/tor-tbb-keep
15:14:10 <donuts> we've already covered drag and drop protection, but that and anti-virus complaints are probably the biggest two points of feedback we've received so dar
15:14:37 <donuts> I wanted to quickly bring a few random smaller things up too
15:15:08 <donuts> richard: has anyone emailed cloudflare?
15:15:15 <donuts> I know I brought that up in the meta ticket already
15:15:22 <donuts> but it was regarding this comment: https://forum.torproject.net/t/new-release-tor-browser-12-0/5820/17
15:15:41 <richard> iirc we did for 12.0 alpha, so I'll need to do again for 12.5
15:16:10 <donuts> oh, I assumed that user was talking about stable
15:16:18 <richard> yeah mailed back in october because of captchas in nightly
15:16:34 <PieroV> well, cloudflare should detect Firefox ESR update
15:16:43 <Jeremy_Rand_36C3[m]> Pretty sure I was the one who brought up the issue in Nightly back in October
15:16:47 <richard> yes, so we're good until June
15:16:52 <Jeremy_Rand_36C3[m]> Or maybe other people did too
15:16:52 <PieroV> But they should not really be able to detect 12.0 vs 12.5, that would be quite bad
15:16:58 <richard> or whenever we have our first esr115 nightlies
15:16:58 <boklm> yes, only when we switch 12.5 to the next esr
15:17:23 <boklm> (or 13.0)
15:17:48 <donuts> so, this user is reporting that media hosted on cloudflare isn't displaying for them – but that shouldn't be happening?
15:18:26 <boklm> I think cloudflare is still showing captcha in some cases
15:19:11 <donuts> I think they're talking about CDN type stuff
15:20:05 <richard> well i can check and see what the latest user agent is and see if its' changed in 12.0
15:20:18 <richard> i wouldn't expect it to have but vOv
15:20:26 <donuts> right, that could be it
15:21:03 <donuts> okay moving on – I spotted this post in the support section yesterday: https://forum.torproject.net/t/tor-process-says-alive-after-closing-browser/5895
15:21:22 <donuts> could it be tied to the tor-launcher changes pierov?
15:21:29 <PieroV> Yes
15:21:48 <donuts> would you like me to open a ticket?
15:21:51 <donuts> or shall I leave it with you?
15:22:13 <PieroV> Yes, please open an issue and assign to me
15:22:15 <richard> that's a weird one, tor should be managing that
15:22:24 <PieroV> If you can have the user doing so it would be even better
15:22:40 <donuts> sure thing, I'll ask them!
15:22:46 <PieroV> I think I've experienced something similar in the past with dev builds
15:22:49 <PieroV> But not reproducible
15:23:00 <PieroV> And I think it was like tor taking some more time than usual to close
15:23:08 <PieroV> Rather than remaining alive
15:23:59 <donuts> okay last thing: do you remember the bug with the browser chrome growing due to font changes?
15:24:01 <donuts> https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41356
15:24:34 <PieroV> Sure, but I expected it to be solved :)
15:24:40 <donuts> was that fix multiplatform? i.e. does the browser chrome look more or less the same on Win and Linux?
15:25:01 <donuts> reason is, I'm seeing a spike in "what are these grey borders" reports from people who've discovered letterboxing for the first time
15:25:46 <PieroV> I'm not sure I see the link between these two questions :)
15:25:48 <donuts> I'm assuming the letterbox fixes shouldn't be changing the trigger-points, and that it could be due to differences in the browser chrome between 11.5 and 12.0?
15:26:23 <donuts> basically taller browser chrome = smaller canvas, and triggers letterboxing earlier
15:26:26 <donuts> but it's a guess
15:27:57 <PieroV> I think I don't set a font-size anymore in my patch
15:28:09 <PieroV> So, Linux and Windows should have different heights now
15:28:16 <ma1> donuts, we now letterbox about:blank. Also it might be tor-browser#41516
15:28:46 <donuts> oh interesting – why?
15:28:53 <henry-x> donuts: could it be the language notification?
15:29:04 <PieroV> I had the same problem a while ago with 11.0, but I could never reproduce it
15:29:05 <donuts> henry-x: that's a great point
15:29:10 <richard> doesn't seem likely; the only way users would suddenly see letterboxes is if the chrome calculation had changed and these users had never modifeid their window size before
15:29:16 <PieroV> And thought it was my system
15:29:34 <donuts> richard: it tends to be from users who fullscreen 100% of the time, I've noticed
15:29:39 <donuts> so their window size remains the same
15:30:18 <ma1> The new window thing seems to be a rounding issue, and it might be fixed by tor-browser!480 (well a lot of stuff might be changed, hopefully for the better, by that changeset)
15:30:49 <donuts> riiight okay
15:30:58 <donuts> well I suppose it could be many things causing the spike in user reports
15:31:05 <donuts> I'll see if it dies down after a couple of weeks
15:31:15 <donuts> thanks all!
15:31:19 <donuts> that's it from me
15:31:35 <richard> ok PieroV, all you then
15:31:49 <PieroV> richard: first is actually yours
15:32:01 <PieroV> I've just reported it since we've talked among us earlier this morning
15:32:04 <richard> hah well i didn't write it there :p
15:32:08 <richard> ok but y es
15:32:08 <PieroV> And I didn't want it to get lost in the backlog
15:32:15 <PieroV> I've written for you, I know you're shy :P
15:32:38 <richard> so we h ave a patch on the 12.5 series that just migrates torbutton src to tor-browser
15:33:28 <richard> with ma1's patches for drag and drop i envisioned a future where we'd be havnig to backport/refactor torbrowser patches to torbutton
15:33:33 <richard> which frankly doesn't sound like fun
15:34:18 <richard> if we've no objectiosn i propose backporting the migration patches to stable asap before the divergence becomes difficult to maintain
15:34:31 <richard> and since there's no added functionality in alpha now seems the perfect time
15:34:36 <msim> yea sgtm
15:34:45 <PieroV> +1 on that, but I'd do that after we merge localization to Weblate
15:35:04 <PieroV> Because that's another "no fun" thing of having the two versions of torbutton
15:35:06 <richard> so early next year then rather then for 12.0.1
15:35:12 <richard> ?
15:35:48 <PieroV> Yes, unless we want to backport tor-browser!475
15:35:58 <PieroV> Which could work, actually.
15:36:19 <richard> that's more code shuffle then i want to deal with for an 'easy' release
15:36:26 <richard> so let's push it back to early january
15:36:48 <richard> ok, now i hand it over to PieroV
15:36:52 <PieroV> Moz's release is a bit too early for my likings in January
15:37:04 <PieroV> But that isn't what I wanted to talk about :D
15:37:19 <PieroV> Though I'd like to talk about 12.5a1 and Rlbox
15:37:26 <richard> i'll forward your complaints about Moz's release schedule to moz hq ;)
15:38:05 <PieroV> Basically, Moz has decided to compile some native libraries to WASM
15:38:12 <PieroV> To then use JS as a sandbox for them
15:38:23 <dan_b> oh wow
15:38:34 <PieroV> Which could be a very good idea (a sandbox is always a sandbox) but we don't use it, yet
15:38:43 <PieroV> Because $stuff broke (but that happened before I arrived at Tor)
15:38:54 <PieroV> I've got it working again, but with a caveat
15:39:34 <PieroV> The upstream project builds a copy of Clang to build a few supporting libraries
15:39:56 <PieroV> Mozilla uses a hack not to. I could not use the same hack, so we'd need to build Clang only to build this project and then throw it away
15:40:21 <PieroV> It takes time, but we could build this project once for all platforms (it produces WASM code, so platform-independent)
15:40:40 <PieroV> So it isn't that bad for us
15:40:59 <PieroV> But it might be bad for nightlies (Android would re-use it very likely, but I don't know about desktop archs)
15:41:20 <PieroV> I'd love to get it in 12.5a1
15:41:39 <PieroV> So that we can think about backporting for 12.0.x (.3, maybe?)
15:42:08 <PieroV> I think official Firefox binaries have it enabled by default, so it should be pretty safe
15:42:14 <PieroV> Any opinions?
15:42:17 <msim> PieroV: what's the hack that mozilla uses?
15:42:46 <Jeremy_Rand_36C3[m]> PieroV: if the only downside is making build take 2 hours longer (which is what I recall Clang taking?) and it's necessary to get RLBox working with minimal pain, then that sounds like a good trade to me.
15:43:25 <PieroV> msim: it injects the Clang they've built and then touches a file so that the sandbox project's makefile doesn't build it
15:43:54 <PieroV> Jeremy_Rand_36C3[m]: well, it was 15 minutes in my machine to build the whole sandbox with also Clang
15:43:58 <Jeremy_Rand_36C3[m]> PieroV: I am curious though why Mozilla's hack isn't suitable
15:44:02 <msim> ^
15:44:19 <PieroV> Jeremy_Rand_36C3[m]: now that I think of it you're also a veteran in cross compilation :D
15:44:25 <PieroV> Can I ping you on the MR?
15:44:41 <PieroV> It's tor-browser-build!603
15:44:53 <PieroV> And msim too, if interested
15:45:10 <msim> PieroV: yes please :)
15:45:14 <msim> (also dan_b, if you're interested in reading more about rlbox: https://www.usenix.org/system/files/sec20-narayan.pdf)
15:45:21 <boklm> it sounds like a good plan
15:45:22 <Jeremy_Rand_36C3[m]> PieroV: I mean, if "veteran" means "having veteran-related PTSD from fighting the Mozilla build system" then yes :P  But sure, ping me in the MR, though I'm skeptical that I'll be very helpful
15:45:24 <dan_b> thanks!
15:45:47 <richard> so in terms of timelines, i'm slightly hesitant to introduce this to tor-browser stable before our march milestones, but we can see how january goes if we introduce it in the next alpha
15:46:00 <PieroV> So, in my machine it was 15 minutes, but they're needed only once, and if you can re-use it to compile firefox 10 times is like 1:30 mins on average for platforms
15:46:27 <PieroV> But I don't know if artifacts are actually shared between platforms in nightly
15:46:34 <PieroV> And if I understand correctly, nightly rebuilds everything
15:46:40 <Jeremy_Rand_36C3[m]> As much as I like RLBox, I agree with richard that this is going to need a lot of QA testing, as I think this kind of sandboxing is likely to cause weird bugs that are unpleasant to track down
15:47:02 <richard> yes, especially w/ our non-standard build setup
15:47:08 <Jeremy_Rand_36C3[m]> yeah
15:47:09 <PieroV> Jeremy_Rand_36C3[m]: true, but I am confident that Mozilla tested it a lot
15:47:22 <richard> on the other hand mingw for windows :D
15:48:02 <richard> we'll see how things go, but we should be prepared for this to be a 12.5 feature
15:48:23 <richard> of course, also depends on how effective our testing efforts are in the coming month to validate these changes
15:49:14 <msim> richard: wdym mingw for windows?
15:50:01 <richard> windows is probably our most divergent build target from the 'golden path' so probably more likely to have bugs
15:50:16 <richard> see screen reader support, webrtc, etc, etc :p
15:50:21 <msim> ahh
15:50:58 <richard> but we can always enable per-platform
15:51:17 <PieroV> Well, wasm is cross platform by definition :)
15:51:27 <Jeremy_Rand_36C3[m]> richard: that reminds me, has anyone at Tor Project reached out to the IceCat devs about MinGW support?  IIRC IceCat refuses to distribute Windows binaries because they're not willing to use the Microsoft compiler and they don't know how to use MinGW to build Firefox
15:51:39 <Jeremy_Rand_36C3[m]> Might be a cool opportunity for coordination
15:52:00 <PieroV> Jeremy_Rand_36C3[m]: I think we still have a MS thing
15:52:07 <PieroV> The d3dcompiler DLLs
15:52:41 <PieroV> But maybe Wine has an open source alternative that works
15:52:47 <Jeremy_Rand_36C3[m]> PieroV: hmm, are those not part of MinGW?  I just assumed all the TBB build dependencies for Windows were FLOSS
15:53:10 <PieroV> Jeremy_Rand_36C3[m]: https://github.com/mozilla/fxc2
15:53:29 <PieroV> We don't use them for building, but we ship them
15:53:39 <henry-x> Do we have time in this meeting to ask another question?
15:53:44 <PieroV> 5 mins
15:53:47 <richard> go for it henry-x
15:53:50 <PieroV> I'm done
15:54:03 <richard> (we can chat after jeremy if you like)
15:54:16 <Jeremy_Rand_36C3[m]> richard: yep, no worries
15:54:56 <henry-x> I was looking at the weblate/translate code for fluent support to see if it was obvious how to fix it to support fluent attributes (our main blocker to using fluent)
15:56:27 <henry-x> I was considering whether it would be worth adding the support for them. I don't think they are going to get many other projects that use fluent since most existing fluet projects are using pontoon instead. So I think we would be the only project using it
15:56:48 <PieroV> henry-x: they've replied a few hours ago
15:56:57 <PieroV> They're not interested in keeping strings grouped :(
15:57:13 <PieroV> (not sure you received a notification, I had to enable GitHub's email notifications)
15:58:13 <henry-x> no, but we could try and make it work with their infrastructure by splitting the attributes into separate strings, like they want for weblates UI, but keep them grouped using the ids
15:58:38 <PieroV> I was thinking the same, anyway
15:58:44 <PieroV> But we should go now
15:58:48 <PieroV> There's another meeting here
15:59:00 <henry-x> ok
15:59:06 <Jeremy_Rand_36C3[m]> Thanks!  Good meeting.
15:59:21 <PieroV> Thanks! o/
15:59:23 <richard> thanks everyon!
15:59:25 <richard> #endmeeting