#tor-meeting2 log

17:29:59 <sysrqb> #startmeeting Tor Browser Meeting 7 October, 2019
17:29:59 <MeetBot> Meeting started Mon Oct  7 17:29:59 2019 UTC.  The chair is sysrqb. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:29:59 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
17:30:11 <sysrqb> o/
17:30:19 <mcs> hi
17:30:20 <Jeremy_Rand_Talos> hello!
17:30:34 <acat> hi!
17:30:45 <sisbell> hi
17:31:13 <tjr> o/
17:31:17 <sysrqb> Okay, i see people are still writing
17:31:17 <brade> hi
17:31:23 <GeKo> hihi!
17:31:35 <sysrqb> we can start in another minute
17:31:47 <antonela> \hello!
17:33:08 <pili> hi :)
17:33:10 <sysrqb> is pili around?
17:33:13 <sysrqb> ah, ehllo :)
17:33:16 <sysrqb> *hello
17:33:17 <pili> o/ :D
17:33:26 <pili> sorry, bit late :)
17:33:31 <sysrqb> no worries
17:33:44 <pospeselr> \o/
17:33:48 <sysrqb> and sisbell ?
17:33:55 <sisbell> one sec
17:33:58 <sysrqb> okay
17:35:33 <sysrqb> okay, i don't see anyone with bolded items
17:35:46 * antonela goes to the pad, late sorry
17:35:50 <boklm> hi
17:36:03 <sysrqb> does anyone have something they want to discuss from the weekly updates?
17:36:30 <sysrqb> i'll wait a minute, maybe pili has something :)
17:36:39 <pili> I'm good, you can go ahead :)
17:36:46 <sysrqb> oh, okay! :)
17:37:10 <sysrqb> okay, we have two discussion points for this meeting
17:37:30 <sysrqb> the first item is not really for discussion (unless there's a major blocker)
17:37:45 <sysrqb> we're going to try releasing another alpha early next week
17:37:57 <sysrqb> so that means code freeze by Thursday, end-of-day
17:38:04 <GeKo> tjr: do you think it's reasonable to just squeeze https://bugzilla.mozilla.org/show_bug.cgi?id=1585351 into the next, last alpha?
17:38:09 <sysrqb> (ideally code will be finished earlier than that)
17:38:13 <GeKo> or should it have a bit more testing?
17:38:18 * sysrqb pauses for GeKO
17:38:21 <sysrqb> *o
17:38:22 <GeKo> oh, sorry
17:38:26 <sysrqb> np!
17:38:34 <GeKo> i thought we were already at item 2)
17:38:37 <tjr> GeKo: I have not tested it. So I would not
17:38:52 <GeKo> okay
17:39:01 <GeKo> then probably 9.5a1 material
17:39:38 <sysrqb> okay, and this leads into the second question.
17:39:58 <sysrqb> how do people feel about the current set of tickets we're targetting for 9.0?
17:40:20 <sysrqb> in particular, the tickets we want in this next alpha, and the tickets we want to squeeze into 9.0 later
17:40:33 <sysrqb> should we reconsider any tickets?
17:40:42 <sysrqb> and their priority?
17:41:21 <antonela> which is the query sysrqb? tbb-9.0-must-alpha?
17:41:28 <mcs> https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-9.0-must-alpha&order=id
17:41:29 <sysrqb> https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=merge_ready&status=needs_information&status=needs_review&status=needs_revision&status=new&status=reopened&keywords=~tbb-9.0-must&order=priority
17:41:36 <mcs> or that one :)
17:41:40 <antonela> nice, thanks
17:41:46 <sysrqb> there is the question about must-be-in-an-alpha-first
17:42:01 <sysrqb> and then squeezing into 9.0 after it becomes stable
17:42:13 <sysrqb> the latter set of tickets should be small :)
17:42:25 <sysrqb> unless it bakes in 9.5 for a little time
17:42:56 <antonela> all the tickets im interested on are there, groot here
17:43:39 <sysrqb> nice. pospeselr acat sisbell
17:44:05 <sysrqb> do any of you have opinions on any tickets?
17:44:36 <pospeselr> 31286 should be ready by Thursday
17:44:37 <sisbell> All of mine seem still open due to one issue, the dependency list
17:44:54 <sisbell> But I feel this is resolved after the investigation this morning
17:44:55 <pospeselr> barring something catastropihc
17:44:55 <sysrqb> boklm: i think you already have your plate full. do you have any tickets you'd like re-prioritized?
17:44:58 <GeKo> sisbell: there is #30665 that would be neat to get fixed for the alpha
17:45:10 <GeKo> there is still a comment unadressed
17:45:29 <GeKo> *unaddressed
17:45:55 <GeKo> sysrqb: i wonder what to do with the obfs4 custom bridge ticket
17:46:00 <sisbell> Right, I see that now. I'll invesigate
17:46:10 <GeKo> i agree it would be neat to have that fixed for 9.0
17:46:20 <GeKo> but if so i think we should have this for 9.0a8
17:46:25 <GeKo> and not ship it directly to stable
17:46:39 <acat> i thought about doing #31602 for the alpha, it should be just a pref fix, other than that ok for me
17:46:49 <GeKo> yeah
17:47:17 <sysrqb> GeKo: at this point, i think it should go into 9.5a and then backport it to 9.0 after it bakes
17:47:44 <GeKo> acat: the important ticket from your list is #13543
17:48:05 <GeKo> so we might need some workaround if we don't get it fixed properly for the alpha
17:48:16 <GeKo> sysrqb: sounds reasonable
17:48:25 <sysrqb> GeKo: i don't think i'm confortable solving that this week, espeicialy with all the other tor-android-service+TOPL changes happening in this release
17:48:35 <sysrqb> *comfortable
17:48:49 <GeKo> wfm
17:49:08 <GeKo> acat: i think i can do #31942 tomorrow. should not be too hard to test and write a patch for
17:49:16 <GeKo> (if that helps you any)
17:49:35 * boklm plans to review #29013 to get it in the alpha
17:49:44 <acat> GeKo: ok, then i'll remove it from my list
17:49:48 <acat> thanks
17:49:53 <GeKo> sure
17:50:05 <acat> but #13543 is not for the alpha, right
17:50:07 <acat> ?
17:50:25 <acat> tbb-9.0-must
17:50:57 <GeKo> depending on the fix someone comes up with
17:51:07 <GeKo> i think the real fix is someting for the alpha
17:51:18 <GeKo> and depending on "real" even for 9.5a1
17:51:29 <GeKo> but we need to do something about it for 9.0
17:51:44 <sysrqb> 17:50 < acat> but #13543 is not for the alpha, right
17:51:45 <sysrqb> 17:50 < acat> but #13543 is not for the alpha, right
17:51:45 <sysrqb> 17:50 < acat> but #13543 is not for the alpha, right
17:51:45 <sysrqb> 17:50 < acat> but #13543 is not for the alpha, right
17:51:45 <sysrqb> 17:50 < acat> but #13543 is not for the alpha, right
17:51:48 <sysrqb> 17:50 < acat> but #13543 is not for the alpha, right
17:51:50 <sysrqb> 17:50 < acat> but #13543 is not for the alpha, right
17:51:53 <sysrqb> 17:50 < acat> but #13543 is not for the alpha, right
17:51:54 <GeKo> huh
17:51:55 <sysrqb> 17:50 < acat> but #13543 is not for the alpha, right
17:51:58 <sysrqb> 17:50 < acat> but #13543 is not for the alpha, right
17:52:08 <GeKo> lol we lost our mod
17:52:24 <GeKo> what do we do, what do we do...
17:52:33 <antonela> oh whats going on
17:52:34 <antonela> lol
17:52:36 <sysrqb> that was excting. sorry about that everyone
17:52:41 <GeKo> wb
17:52:44 <pospeselr> lol
17:52:47 <sysrqb> thanks.
17:52:50 <GeKo> nice stunt, sysrqb
17:52:52 * antonela likes chaos
17:52:55 <Jeremy_Rand_Talos> haha
17:53:10 <sysrqb> in any case, back to the meeting? :)
17:53:15 <acat> :)
17:53:54 <sysrqb> okay, GeKo, i think you're next
17:54:22 <sysrqb> oh, one more thing
17:54:29 <sysrqb> sorry GeKo
17:54:54 <sysrqb> pospeselr: are you interested in helping with building this release?
17:55:12 <pospeselr> yeah, now that the gradel issue seems to be resolved
17:55:21 <pospeselr> i can donate some CPU cycles :)
17:55:28 <sysrqb> yep, great
17:55:29 <sysrqb> thanks
17:55:41 <sysrqb> okay, moving on :)
17:55:44 <sysrqb> GeKo: .
17:55:53 <GeKo> okay
17:56:28 <GeKo> before i look finally over acat's work for #25711 i wanted to know from the crowd whether we are good with the broom icon
17:56:31 <GeKo> ugh
17:56:33 <GeKo> #27511
17:56:49 <GeKo> that's what acat worked with and which looks good to me
17:57:00 <GeKo> but there is still time so swap the icon with another one
17:57:41 <pospeselr> very nice broom :)
17:57:51 <Jeremy_Rand_Talos> broom looks great to me (from my not-an-expert-on-UX perspective)
17:57:56 <mcs> I think the broom is fine. Our users will have to learn what it is in any case. I assume there is a tooltip?
17:58:11 <acat> mcs: yes
17:58:22 * boklm likes the broom
17:58:22 <antonela> mcs and we have an onboarding card?
17:58:39 <antonela> very spooky, specially for an october release :)
17:58:41 <mcs> yes that will also help
17:58:51 <sysrqb> antonela: heh :)
18:00:02 <sysrqb> (i'm okay fine with the broom)
18:00:23 <GeKo> okay. good
18:00:40 <GeKo> antonela: are we good with all the strings we need for 9.0?
18:01:10 <antonela> i saw your comment and mcs review on the onboarding ticket, will iterate it today/tomorrow morning
18:01:17 <GeKo> okay.
18:01:20 <antonela> almost there, just want to see what title we want to have
18:01:26 <GeKo> that's actually the part that is really urgent
18:01:37 <GeKo> so we get as much time as possible for translators
18:01:40 <antonela> i know, that is why i ping steph last week and we reviewed those
18:01:47 <pili> which file are the strings going to be in and is that in transifex already?
18:02:08 <antonela> pili: we are talking about #31768
18:02:15 <pili> yup
18:02:15 <GeKo> you are talking abour #31768?
18:02:18 <GeKo> ah
18:02:26 <antonela> oh, yes i am
18:02:38 <pili> well, any tickets which have new strings that need translation for 9.0 :)
18:02:59 <GeKo> where our other strings are
18:03:04 <GeKo> into torbutton
18:03:17 <mcs> browserOnboarding.properties (I think)
18:03:19 <pospeselr> gah that reminds me, we may need new strings for #31286 as well
18:03:24 <GeKo> the file (browserOnboarding.properties) is in transifex
18:03:35 <sysrqb> pospeselr: right, that was another question
18:03:36 <GeKo> pospeselr: that would have b een my next question
18:03:40 <antonela> pospeselr: we have the torlauncher ones?
18:03:41 <GeKo> heh
18:03:47 <sysrqb> are we reusing the same strings as torlauncher?
18:03:52 <antonela> pospeselr's thread
18:03:53 <sysrqb> :)
18:03:53 <pospeselr> the majority can be reused
18:03:53 <sysrqb> heh
18:04:07 <pospeselr> but there's copy in the the description for 'Bridges'
18:04:12 <antonela> true
18:04:27 <pili> ok
18:04:34 <pospeselr> and we probably need something for the Tor log viewer UX
18:04:51 <pili> so, the torbutton strings I think are ok because any changes get picked up and updated in transifex?
18:04:56 <pili> emmapeel: is that right? ^
18:05:00 <pospeselr> i'll put string integration at the top of my list for today
18:05:05 <sysrqb> thanks
18:05:29 <GeKo> pili: yes, that's correct
18:05:39 <pili> ok, cool :)
18:05:47 <sysrqb> there will be a log viewer now? instead of copy-to-clipboard?
18:05:50 <sysrqb> pospeselr: ^
18:06:04 <sysrqb> (i haven't followed closely)
18:06:39 <pospeselr> https://share.riseup.net/#vndYLqGb3jNSQazS0OlJyA
18:06:39 <pospeselr> :)
18:06:41 <antonela> is a default popup, you can copy or read (i think)
18:06:47 <antonela> there you are
18:07:02 <antonela> fancy pospeselr
18:08:09 <sysrqb> nice, okay
18:08:14 <pospeselr> mostly would just need something real for 'View the Tor logs' and "View Logs..."
18:08:19 <sysrqb> +1 for usability
18:08:32 <pospeselr> everything else can be scrounged elsewhere
18:08:35 <sysrqb> cool
18:08:54 <sysrqb> okay, anything else for this?
18:09:14 <sysrqb> (we started at the broom icon and then moved onto string localization)
18:09:19 <antonela> i think we are good
18:09:26 <antonela> good journey tho!
18:09:31 <sysrqb> :)
18:09:38 <sysrqb> okay, pili, you're next
18:09:44 <pospeselr> :)
18:09:56 <pili> hi, just a friendly reminder to update "actual points" when the ticket is closed :)
18:10:03 <pili> or you could do it when you send it for review
18:10:13 <pili> and then update the points if there are revisions needed :)
18:10:28 <pili> whatever is easiest for people ;)
18:10:48 * mcs appreciates the reminder because I am not yet in the habit of adding points
18:10:54 <sysrqb> +1
18:11:09 <mikeperry> what are the tickets for the ff68esr networking and feature reviews?
18:11:14 <sysrqb> antonela: your weekly status update contains '?'. do you want answers for those?
18:11:21 <sysrqb> or did you already receive answers?
18:11:28 <antonela> yes
18:11:31 * antonela goes to update it
18:12:07 <GeKo> mikeperry: the feature review i am working on i #31591 and #31597
18:12:36 <GeKo> network is #31144
18:13:03 <sysrqb> mikeperry: anything you want to talk about, while we're all here?
18:14:09 <mikeperry> yeah I have a handful of questions about stuff I have noticed, if now is a good time. otherwise I can put them on the ticket
18:14:22 <sysrqb> now is a great time
18:15:17 <mikeperry> ok.. so first in my list is devtools.. is that disabled? I vaguely recall us disabling it before
18:15:54 <GeKo> the whole devtools? no
18:15:57 <GeKo> what in particular?
18:17:08 <mikeperry> debugger discovery
18:17:14 <mikeperry> let me find the file again
18:18:50 <sysrqb> (we have about 10 min, just fyi, so we can use the ticket for all the other items on your list)
18:19:59 <mikeperry> damnit... yeah I need to go through and find file locations for all of these.. they are just keywords+components at this point
18:20:45 <sysrqb> okay, if working through these on the ticket will be esaier, then we can do that
18:21:45 * Jeremy_Rand_Talos has a minor inquiry Namecoin-related if there's time today
18:22:10 <mikeperry> these were all in old code surrounding changed lines, and not the diff itself, so I didn't take great notes on them, but I watned to double check
18:22:31 <mikeperry> I will go throiugh and find them again and list them on the bug
18:22:37 <GeKo> thanks
18:22:44 <sysrqb> mikeperry: okay, thanks
18:23:04 <sysrqb> okay, Jeremy_Rand_Talos
18:23:17 <Jeremy_Rand_Talos> So, Electrum client verifies TLS certs of Electrum servers in 2 ways -- self-signed certs are verified via TOFU pinning; CA-signed certs are verified via standard CA verification.
18:23:58 <Jeremy_Rand_Talos> The latter method means that Electrum needs to distribute a copy of the Mozilla root CA list in binaries, which turns out to be rather big (275.5 KiB)
18:25:26 <Jeremy_Rand_Talos> It was pointed out to me by Ryan Castellucci that we could just remove all the uncommonly used root CA's from that list.  The only CA that's actually used by any public Electrum Namecoin servers in the wild is Let's Encrypt.  Leaving the top 7 root CA's (corresponding to top 10 intermediate CA's in Alexa top 1m) reduces the size to 12.7 KiB
18:26:21 <Jeremy_Rand_Talos> I think that's a useful space savings.  The only implication for security I can see is that it reduces CA diversity mildly.  Given that Let's Encrypt is the only CA used in the wild right now, I think this is a theoretical concern that's not going to have an impact.
18:26:55 <Jeremy_Rand_Talos> Are there any strong reasons I'm missing that we should keep all of the CA's, or is this change okay?
18:27:34 <sysrqb> without thinking too hard about this, that would've been my suggestion, too
18:27:37 <Jeremy_Rand_Talos> Note that if all of the selected CA's decide to mass-revoke certs to attack Namecoin users, the servers could simply switch to self-signed and use TOFU
18:28:10 <sysrqb> i guess it depends on how likely it is Electrum servers will use certs signed by other, weird CAs
18:29:03 <sysrqb> but, if that happens, and the CAs "mass revoke", then you're probably screwed for other reasons
18:29:11 <Jeremy_Rand_Talos> sysrqb, I think it's unlikely, but if desired I could try to rig up a script that checks the CA's used by the Electrum servers for Bitcoin, which will give a better sample size than Namecoin since Bitcoin has a lot more servers
18:30:19 <sysrqb> that's probably a good idea
18:31:30 <sysrqb> i also don't have a good understanding of how Electrum servers are used/selected
18:31:59 <sysrqb> but we're at 1hour now
18:32:02 <Jeremy_Rand_Talos> sysrqb, ok.  I'll write a script for that and see how the stats look.  In terms of what's a blocker for getting into Nightly, should I get those stats before a Nightly merge, or should we stick to the top 7 root CA's, or should we leave in the whole set of root CA's and accept the larger binary size initially?
18:32:06 <sysrqb> so we can pick this up next week
18:32:11 <Jeremy_Rand_Talos> yes, that's fine
18:32:35 <sysrqb> yeah, let's discuss this next week
18:32:36 <sysrqb> thanks!
18:32:46 <Jeremy_Rand_Talos> great, sounds good
18:32:49 <sysrqb> okay, thanks everyone!
18:32:52 <antonela> thanks o/
18:32:57 <sysrqb> #endmeeting