#tor-meeting log

14:59:25 <richard> #startmeeting Tor Browser Weekly Meeting 2023-06-20
14:59:25 <MeetBot> Meeting started Tue Jun 20 14:59:25 2023 UTC.  The chair is richard. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:59:25 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
14:59:32 <richard> hello everyone, the pad per usual: https://pad.riseup.net/p/tor-tbb-keep
14:59:58 <richard> and as usual, please tidy up your gitlab boards if they need it
15:02:18 <Jeremy_Rand_36C3[m]> Hi!
15:03:02 <richard> ok let's get started
15:03:22 <ma1> o/
15:03:40 <richard> so I remembered an important bugfix I forgot to submit an MR for last night (tor-bowser#41729)
15:03:48 <richard> tor-browser#41729
15:03:53 <richard> tor bowser is in another castle
15:04:12 <richard> it's just a pref flip an I think we should definitely get it in for 12.5
15:04:37 <donuts> plus it's mentioned in the release post and as we all know, words can't be changed :<
15:04:56 <PieroV> Can we at least inject it in projects/browser? ^_^;
15:04:58 <richard> the release date is tentatively tomorrow, so if we get the MR in (and fix the 12.5.0 -> 12.5 rename we can still be on track if I sign tomorrow morning
15:05:17 <PieroV> Oh, well, that will also need a Firefox rebuild
15:05:34 <richard> PieroV: I have a block full of meetings for the next however many hours so I'd be happy to leave it in your capable hands
15:06:01 <PieroV> ack
15:06:22 <richard> I'll plan on signing/etc tomorow AM
15:07:23 <richard> ok I assigned the issue to you PieroV
15:07:40 <PieroV> Oh, we don't have henry
15:07:46 <PieroV> Matrix bridge problems :(
15:07:51 <richard> oh no!
15:07:59 <PieroV> I think they should confirm the thing, though, if they have a Windows VM
15:08:09 <Jeremy_Rand_36C3[m]> Matrix bridge issues?
15:08:17 <Jeremy_Rand_36C3[m]> (seems to be working OK here?)
15:08:27 <Jeremy_Rand_36C3[m]> Unless you can't see my messages either?
15:08:30 <PieroV> Jeremy_Rand_36C3[m]: in the past days
15:08:31 <richard> iirc the user and thorin have confirmd ht epref flip
15:08:33 <PieroV> Maybe yesterday
15:08:43 <PieroV> And they haven't re-joined, yet
15:08:46 <richard> confirmed the pref flip fixes the issue
15:09:21 <richard> and apparently in Win 10 there is a built-in screen reader functionality which demonstrates the issue
15:09:28 <richard> ( https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41729#note_2910595 )
15:09:43 <richard> thank you zwiebelbot
15:10:06 <dan_b> I'n back home so I have access to win10 again so can prolly test? assuming it really is a built in feature
15:10:15 <richard> beyond that, once tor browser 12.5 is out the door I'll do the release prep for mullvad browser 12.5
15:10:24 <richard> dan_b: perfect
15:10:43 <dan_b> tho i will be afk after this meeting for ~<2 hours
15:11:00 <richard> no worries, it will be a bit for a build to go anyway
15:11:03 <PieroV> richard: so screen reader + tag + change the version to 12.5 + build?
15:11:08 <dan_b> cool
15:11:14 <richard> PieroV: exactly
15:11:38 <PieroV> Starting a build already lol
15:11:38 <richard> and ping me once it's going so I can kick off my buil as well
15:11:45 <richard> hah
15:11:53 <richard> ok, donuts
15:11:56 <richard> over to you with the weather
15:12:17 <donuts> are we still on announcements atm?
15:12:26 <PieroV> I think so
15:12:44 <donuts> cool in that case, please welcome our new product designer jagtalon!
15:12:49 <jagtalon> hello, all!
15:12:52 <donuts> jagtalon: would you like to introduce yourself?
15:13:13 <richard> welcome welcome o/
15:13:32 <henry-x> hello!
15:13:40 <PieroV> Welcome!
15:13:41 <richard> o/ welcome weclome :)
15:14:16 <jagtalon> yeah! i'm currently living in philadelphia, previously from the philippines. my previous work was at duckduckgo
15:14:31 <Jeremy_Rand_36C3[m]> jagtalon: cool cool, welcome!
15:14:43 <jagtalon> thank you for having me!
15:14:54 <dan_b> awesome! welcome 🙂
15:15:11 <jagtalon> (it's also my first time doing a text-only meeting i'm kinda digging this)
15:15:11 <ma1> benvenuto!
15:15:19 <donuts> the plan is that jag's going to pick up more Tor Browser UX work going forward so I can dedicate more time to the VPN
15:15:48 <richard> exciting!
15:15:54 <donuts> Initially I'll still be doing the UX work for the 13.0 release while jag works on our design systems, which are in dire need of some TLC
15:15:54 <jagtalon> yes it's my first day today. doing some onboarding i hope to get to that right after
15:16:14 <donuts> but I think by the 13.5 release cycle he'll be involved in more sponsor-work/features
15:16:18 <henry-x> Who should we @ on gitlab for UX input? Still donuts for a while, or jagtalon from now on?
15:16:29 <donuts> henry-x: still me for now please :)
15:16:50 <henry-x> ok!
15:16:54 <Jeremy_Rand_36C3[m]> donuts: I take it the same goes for when I have a UX question on IRC?
15:17:13 <donuts> Jeremy_Rand_36C3[m]: yep!
15:17:24 <Jeremy_Rand_36C3[m]> cool
15:17:44 <donuts> I think the design systems work will take a while, but will be a good opportunity for jag to get up to speed on Tor Browser
15:17:49 <dan_b> do y'all have a #tor-ux channel set up we can just pop by and ask and get answers from who evers on?
15:18:11 <donuts> we do indeed dan_b ^^
15:18:22 <Jeremy_Rand_36C3[m]> (or maybe an IRC highlight keyword for the UX team?)
15:18:54 <donuts> Either #tor-ux or #tor-browser-dev are fine :)
15:18:58 <donuts> although gitlab is preferred
15:19:13 <dan_b> gotcha
15:19:46 <donuts> okay, over to you pierov?
15:20:02 <PieroV> henry-x: not sure you've read the backlog
15:20:10 <PieroV> But do you still have a Windows VM?
15:20:20 <PieroV> In case could you review a MR with screen reader on Windows?
15:21:38 <henry-x> I'm pretty sure I've used it with a NVDA in the last month on alpha and it was fine, but I can double check
15:22:05 <PieroV> ack. Starting a testbuild soonish on tb-build-05. Thank you!
15:22:22 <PieroV> Apart from that, Tor Browser and Mullvad Browser 115 MRs are ready!
15:22:28 <henry-x> what version do you want testing?
15:22:51 <PieroV> henry-x: we have this issue https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41729
15:23:02 <PieroV> And we need to rebuild 12.5 to fix it (and to fix the version number)
15:23:53 <henry-x> ok
15:24:16 <PieroV> Thanks!
15:24:55 <richard> ok, donuts: discussion points?
15:25:04 <PieroV> richard: wait
15:25:13 * donuts is waiting
15:25:22 * richard waiting
15:25:25 <PieroV> Again about MRs
15:25:45 <PieroV> https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests/679
15:25:53 <PieroV> https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/merge_requests/62
15:25:58 <PieroV> https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_requests/738
15:26:23 <PieroV> I'd like people to jump on it soonish
15:27:18 <ma1> "jump" as in...?
15:27:24 <PieroV> Review
15:27:30 <boklm> I'm planning to review tor-browser-build!738 this week
15:27:37 <PieroV> And switch new developments to 115
15:28:13 <PieroV> boklm: thank you! We'll need the MR for the Stretch update first
15:28:40 <PieroV> (okay, done, I wanted to add the URLs to make sure people found the MRs :))
15:28:42 <dan_b> pierov: i should be giving trying compiling 115 geckoview a try today
15:29:05 <PieroV> ack, thanks
15:29:17 <dan_b> thank you, then i can test android-components 😄
15:30:33 <donuts> should I stop waiting now
15:30:39 <richard> back
15:30:39 <ma1> :)
15:30:44 <donuts> wb richard
15:30:45 <richard> sorry
15:30:48 <PieroV> Yes please, go ahead :)
15:30:53 <donuts> ty pierov ^^
15:31:25 <donuts> So there were a few reports on reddit/the forum of downloads failing in 12.0.7
15:31:37 <donuts> I've created tor-browser#41854 to track the bug
15:31:43 * Jeremy_Rand_36C3[m] ran into that bug as well
15:32:00 <donuts> however thankfully Alphas new defaults don't seem to be triggering it? So I think we're still good for the release
15:32:23 <Jeremy_Rand_36C3[m]> donuts: there's a pref that you can flip that will fix it
15:32:42 <donuts> Jeremy_Rand_36C3[m]: interesting, could you add that info to the ticket pls? <3
15:32:54 <Jeremy_Rand_36C3[m]> it's browser.download.enable_spam_prevention
15:32:54 <ma1> But we flipped it to fix an issue reported in the security review
15:33:23 <donuts> ma1: oh interesting, and it's also flipped in alpha?
15:33:33 <Jeremy_Rand_36C3[m]> Yeah so I don't fully understand the security issue, but it looks like the "allow" button has no effect in TBB stable
15:33:46 <Jeremy_Rand_36C3[m]> Which might be the "right" thing to fix rather than reverting the pref
15:34:07 <ma1> donuts, yes, it is a recent "fix"
15:34:12 <donuts> is there an existing ticket for this pref?
15:34:44 <Jeremy_Rand_36C3[m]> I also don't fully understand how that pref is "supposed" to behave
15:34:52 <ma1> donuts, looking for it
15:34:58 <donuts> ty
15:35:12 <Jeremy_Rand_36C3[m]> If the intent is to stop a website from automatically initiating a bunch of downloads without user intervention, that's not what the pref is doing
15:35:13 <donuts> also lmk where this new "allow" UI exists, because I'm not seeing it in alpha at all
15:35:50 <ma1> (is it just me or gitlab is not behaving right now?)
15:35:55 <donuts> Jeremy_Rand_36C3[m]: somehow you appear to be immune to matrix bridge shenanigans
15:36:01 <Jeremy_Rand_36C3[m]> donuts: so, when a download is blocked, there's a button in the Downloads dialog that is supposed to allow the download to continue. IIRC (it's been a week or so since I hit the bug) in TBB stable clicking that Allow button has no effect
15:36:08 <donuts> ma1: fine for me atm
15:36:20 <PieroV> Maybe it's a problems with strings
15:36:41 <PieroV> If we've changed strings, it could be that an old string has been deleted by mistake, instead of waiting for 12.5 to become stable
15:37:23 <Jeremy_Rand_36C3[m]> donuts: I can try to trigger the bug again but unfortunately it's been a while and I flipped the pref as soon as I realized there was a bug, and it's hard to remember exactly what I did to trigger the bug. I *think* all I did was download a file, and then download another file from the same website?
15:37:28 <donuts> We turned a bunch of downloads dialogs off by default in Alpha to match Firefox, so that would explain why it's not obvious in alpha
15:37:37 <donuts> but there aren't any security gains then either
15:38:24 <ma1> donuts, tor-browser#41764
15:38:30 <donuts> ma1: ty
15:39:11 <donuts> idk why this is getting triggered by PDFs then, going by the user reports
15:39:18 <donuts> something weird is going on here
15:39:31 <PieroV> Ugh, PDFs have their own pref
15:39:33 <PieroV> Let me find it
15:39:35 <richard> so does it happen in the current alpha or no?
15:39:38 <dan_b> LOL
15:39:39 <donuts> this ticket also needed a ~UX tag :3
15:39:47 <donuts> richard: idk, I don't know how to trigger it
15:39:47 <Jeremy_Rand_36C3[m]> donuts: I vaguely recall that the first download I launched failed (due to a circuit going bad), and then the 2nd download (trying to get the same file) triggered the bug?
15:39:51 <PieroV> browser.download.open_pdf_attachments_inline
15:39:54 <Jeremy_Rand_36C3[m]> But I may be misremembering
15:40:17 <PieroV> This allows PDFs to be opened in the browser, without being downloaded. Maybe it can work as a workaround (and I'd appreciate it :P)
15:40:33 <donuts> pierov: that may be why the same user reported it was fixed in alpha
15:40:41 <donuts> but I suspect it's not
15:41:24 <PieroV> Nope, it's something we can flip to prevent PDFs from being downloaded automatically, even though it sounds like a workaround
15:42:08 <Jeremy_Rand_36C3[m]> Oh, hmm
15:42:49 <Jeremy_Rand_36C3[m]> I think the download that triggered it was on a file hosting site (one of MEGA's competitors, can't recall which one). A lot of those sites use HTTP redirects when launching a download, is it possible that's the trigger?
15:43:21 <donuts> uft the matrix spam is annoying
15:43:54 <Jeremy_Rand_36C3[m]> donuts: am I still immune to whatever Matrix crap is happening?
15:44:02 <donuts> seem to be!
15:44:14 <Jeremy_Rand_36C3[m]> weird. I don't think my Matrix setup is unusual
15:44:19 <Jeremy_Rand_36C3[m]> anyways
15:44:33 <PieroV> Jeremy_Rand_36C3[m]: it's people joining on IRC, that's why you don't see it
15:44:44 <donuts> So, major releases invite a lot of attention to Tor Browser and also result in a lot of users upgrading – and I'm not really sure here what the scale of the breakage is here
15:44:46 <donuts> ^ richard
15:44:57 <Jeremy_Rand_36C3[m]> if you can't find a way to reproduce the bug, ping me on #tor-browser-dev and I'll spend a couple of hours trying to retrace my steps to reproduce it
15:45:11 <donuts> I've also not tested this at all obvs
15:45:15 <ma1> sorry, more air-conditioning induced black outs. Are we still talking about the PDF download issue?
15:45:21 <donuts> ma1: yep :)
15:45:30 <Jeremy_Rand_36C3[m]> I'm hesitant to spend a lot of time on it unless you guys are having trouble reproing it
15:45:48 <donuts> ma1: I'd like to figure out how to reproduce this in alpha before we can say whether or not it's a problem for the release
15:45:50 <Jeremy_Rand_36C3[m]> (things are hectic this week as I'm mostly occupied shuffling paperwork for a new grant...)
15:46:14 <donuts> is richard here or has the whole internet imploded?
15:46:17 <richard> o/
15:46:21 <donuts> lol hello
15:46:22 <ma1> OK, I'll try to give a shot at it later today. By "alpha" are we still talking of tomorrow's stable? Or 13?
15:46:22 <PieroV> donuts: remember we have candidate binaries
15:46:25 <PieroV> https://tb-build-05.torproject.org/~richard/builds/torbrowser/release/unsigned/12.5.0-build1/
15:46:32 <PieroV> So, you might want to test here
15:46:34 <PieroV> Instead
15:46:35 <donuts> pierov: unsigned tho
15:46:46 <PieroV> There's dan_b's script :)
15:47:16 * ma1 guesses we're talking about the 12.5 release candidate(s)
15:47:22 <richard> ma1: by alpha I think 12.5 release candidates
15:47:23 <donuts> I think it would be better if a dev can investigate and post screenshots in the ticket pls
15:47:56 <ma1> ack
15:48:08 <donuts> by alpha I meant 12.5a7, because I don't have the RC installed atm
15:48:31 <donuts> in fact I'm not sure it was available when I replied to the reporter either
15:48:31 <richard> well 12.5a7 is p much the same a 12.5 fwiw donuts
15:48:35 <donuts> yeah :)
15:49:47 <dan_b> ah I need to fix a few "typos" in that script, I'll try that now
15:50:00 <donuts> So, can someone investigate this today please? To figure out how it can be reproduced, what the bug fix is, and what the new UX is like?
15:50:25 <Jeremy_Rand_36C3[m]> donuts: OK, I'll see if I can repro it later today
15:50:27 <Jeremy_Rand_36C3[m]> May or may not be successful
15:50:28 <donuts> if the scope of the issue is minor I think the release can continue, but I really don't understand it well enough atm
15:50:42 <Jeremy_Rand_36C3[m]> I mean, it totally broke my workflow until I flipped the pref on stable
15:50:49 <Jeremy_Rand_36C3[m]> Could not download any files
15:51:02 <richard> dan_b: can you look into reproing this today?
15:51:07 <Jeremy_Rand_36C3[m]> But I don't know how Alpha may be different
15:51:35 <dan_b> richard: sure I'll give it a try
15:52:17 <richard> thx thx please post relevant screenshots for donuts in the ticket
15:52:17 <donuts> thanks everyone :)
15:52:33 <richard> ok, we've 6 minutes before the hour
15:52:37 <donuts> let's hold off on publishing tomorrow until we know more pls, out of an abundance of caution
15:52:38 <richard> is there anything else pressing?
15:53:00 <donuts> the draft of the release post is here, if folks want to read/review it: https://gitlab.torproject.org/tpo/web/blog/-/merge_requests/199
15:53:13 <Jeremy_Rand_36C3[m]> nothing else on my end, Arthur is still working on the circuit display Namecoin rewrite, and I still need to follow up with the Whonix guys about the circuit display UX for them
15:53:14 <donuts> please note it's written for a general audience given the reach our releases tend to have
15:53:50 <Jeremy_Rand_36C3[m]> (I would have dealt with the Whonix thing weeks ago but stupid medical issues set me back on everything work-related)
15:54:06 <richard> donuts: i'll have a review later today
15:54:25 <donuts> thanks!
15:54:44 <donuts> also henry-x, if you could doublecheck the a11y list that would be great thanks <3
15:54:47 <donuts> I'm not sure how accurate it is
15:54:55 <donuts> I think reasonably so
15:55:33 <richard> ok thanks everyone
15:55:41 <richard> #endmeeting