14:59:52 <richard> #startmeeting Tor Browser Weekly Meeting 2023-09-18
14:59:52 <MeetBot> Meeting started Mon Sep 18 14:59:52 2023 UTC.  The chair is richard. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:59:52 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
15:00:01 <richard> the pad as usual: https://pad.riseup.net/p/tor-tbb-keep
15:01:02 <dan_b> o/
15:01:14 <thorin> /o
15:01:51 <richard> I reckon we'll have a release meeting at 1800 to go over *waves hands* everything
15:02:12 <richard> so we can avoid filling up today's meeting with 13.0 timeline chat
15:02:50 <richard> but generally speaking, we have 13.0a5 scheduled for the en of the week
15:03:11 <PieroV> Are we doing it on the new tags that we get today?
15:03:16 <PieroV> Even though Moz will release the next week?
15:03:54 <richard> please prioritise major bugs/regressions over 12.5, and then any Code Audit "Review Mozilla XYZ" issues
15:05:08 <richard> lets stay on 115.2.1 for now and avoid the rebase until the next releas
15:05:10 <richard> PieroV^
15:05:37 <richard> just to minimize the number of moving pieces on *hopefully* the last alpha in the 13.0 series
15:05:56 <PieroV> But 115.3 is coming out before our 13.0, very likely
15:06:19 <richard> its scheduled for the 26th if the release calendar is correct
15:06:26 <PieroV> Yes
15:07:14 <richard> yeah, that's when 13.0 is slotted into the calendar but it can slide to later in the week
15:08:48 <richard> boklm: do you have any issues/blockers for 13.0?
15:08:54 <richard> on your plate I mean
15:09:09 <boklm> I don't think
15:09:35 <richard> ack, then can you prioritise tor-browser-build#29815
15:09:41 <boklm> ok
15:10:31 <boklm> I will try updating the signing scripts for tor-browser-build#29815 this week
15:10:49 <richard> dan_b, claire: similarly once code audits+bug/regressions for 13.0, please prioritise the Android API Level update
15:11:04 <richard> i don't know the ticket off-hand
15:11:26 <dan_b> ah i think i know yea cool
15:12:33 <richard> and finally I'm going to be *actually* AFK in the first week of october, which i know kind of sucks w/ timing of the release but it is what it is
15:12:46 <richard> if you need anything from me please find me before then o/
15:13:26 <richard> now i'll hand it over to anyone elses discussion points
15:13:46 <Jeremy_Rand_36C3[m]> Should I go, or does anyone want to go before me?
15:14:34 <dan_b> I'll be AFKish from 10:30 my time till early afternoon. taking a friend for dental surgery and they need a pickup buddy to get them home. I can prolly attend the release meeting from my laptop in the waiting room tho 🙂
15:15:16 <richard> go ahead jeremy
15:15:17 <richard> :)
15:15:21 <Jeremy_Rand_36C3[m]> dan_b: tell your friend that a random guy in Oklahoma they've never heard of says best wishes on the surgery :)
15:15:32 <Jeremy_Rand_36C3[m]> ok so
15:15:42 <dan_b> ha will do
15:15:46 <Jeremy_Rand_36C3[m]> regarding the NEWNYM bug that PieroV fixed in the last week
15:16:12 <Jeremy_Rand_36C3[m]> Patrick observed that one of the reasons he was able to quickly notice that bug was that Whonix has onion-grater
15:16:31 <Jeremy_Rand_36C3[m]> If anyone here isn't familiar with onion-grater, you can think of it as like a MITM proxy for the Tor control port protocol
15:16:54 <Jeremy_Rand_36C3[m]> It was originally intended to let Tails and Whonix sandbox apps so that they can't deanonymize themselves via the control port
15:17:17 <Jeremy_Rand_36C3[m]> But, it also has nice logging features, which made it really easy for Patrick to notice that NEWNYM wasn't being sent by Tor Browser
15:17:46 <Jeremy_Rand_36C3[m]> Basically, Patrick is wondering whether the Tor Browser team has any similarly efficient tooling for snooping the traffic on the control port when doing QA testing,
15:18:17 <Jeremy_Rand_36C3[m]> and he's wondering whether you guys would benefit from him writing up some documentation about how to use onion-grater for exactly that purpose
15:18:59 <Jeremy_Rand_36C3[m]> Thoughts?
15:19:16 <richard> so tldr we do not have any better tooling that I'm aware of
15:19:55 <Jeremy_Rand_36C3[m]> ok
15:20:22 <richard> i think in general we would like community contributions of this sort, but realistically speaking I don't see this specific effort being *very* useful to us long-term
15:20:22 <Jeremy_Rand_36C3[m]> would you like him to write up some docs on this, so that (obviously later, once the release madness is over) you can try it out and see if it makes your QA process easier?
15:21:01 <richard> given our transition to Arti hopefully in the 13.5 time-frame
15:21:04 <Jeremy_Rand_36C3[m]> not very useful long-term because of the Arti transition, or some other reason?
15:21:09 <PieroV> Tools and docs are always welcome :) But I think we cannot promise to actually use them
15:21:18 <richard> though I suppose if we'r estill on legacy tor for 14.0 next summer it would be useful then
15:21:47 <richard> since ideally 13.0 won't be changing much apart form security updates
15:21:57 <Jeremy_Rand_36C3[m]> ok yes, makes sense.
15:21:59 * richard taps the no backports sign
15:22:30 <richard> that said I think it may be useful for other apps in the ecoysystem
15:22:51 <richard> especially since not everyone is going to be switching to arti as soon as we hope to
15:23:04 <Jeremy_Rand_36C3[m]> Alright, so I'll relay that feedback to him. It sounds like he's happy to write up the docs, obviously there's no obligation for you to decide to use it. And yes, probably would be helpful for other apps that use the control port, e.g. Ricochet and Cwtch I guess
15:23:18 <richard> onion share :3
15:23:31 <Jeremy_Rand_36C3[m]> indeed
15:23:59 <PieroV> Thanks Jeremy
15:24:04 <Jeremy_Rand_36C3[m]> alright, that's all I wanted to bring up -- but also a huge thanks to PieroV for being super efficient at solving the multiple bugs that Patrick found
15:24:16 <thorin> ALL HAIL PieroV
15:24:57 <richard> :)
15:25:06 <richard> anyone else have anything?
15:25:10 * Jeremy_Rand_36C3[m] bows before our overlord PieroV
15:25:30 <PieroV> Speaking of QA, I might need some help to test my refactor on macOS
15:25:49 * Jeremy_Rand_36C3[m] doesn't have easy access to macOS so won't be much help there :(
15:25:56 <richard> clairehurst^ :D
15:26:14 <thorin> what sort of help re macOS - I have a mac here you can use for free, just remote in
15:26:27 <PieroV> Like testing a few env variables and preferences
15:26:30 <PieroV> The ones in https://gitlab.torproject.org/tpo/applications/team/-/wikis/Enviroment-variables-and-related-preferences
15:26:36 <clairehurst> I can help test
15:26:41 <PieroV> Thanks!
15:27:00 <thorin> warning though, I am on shitty ADSL
15:27:17 <PieroV> The way I used to test on Linux is using another instance on Tor Browser and then using it as a system tor
15:27:58 <PieroV> But just because it prepares the arguments for me already, starting tor from the command line with the appropriate args would also work
15:28:19 <PieroV> Crafting them is the difficult part ^_^
15:30:07 <richard> ok folks
15:30:15 <richard> if there's nothing else then lets end this meeting
15:30:22 <PieroV> nothing else from me
15:31:02 <richard> kk
15:31:04 <richard> later o/
15:31:06 <richard> #endmeeting