18:02:11 <mikeperry> #startmeeting app-dev
18:02:11 <MeetBot> Meeting started Tue Jul 28 18:02:11 2015 UTC.  The chair is mikeperry. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:02:11 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
18:03:39 <mikeperry> ok, let's get started!
18:04:04 <mikeperry> is anyone ready to go first? I am very frazzled at the moment. just got done eating
18:04:17 <mcs> I can give a quick report.
18:04:25 <mcs> Last week, Kathy and I finished #16495 and #16236.
18:04:33 <mcs> We also helped with testing for #16632 and we fixed #16639.
18:04:46 <mcs> We performed some code reviews (#16429 and #16528).
18:04:55 <mcs> We also started to investigate #14205 and will do more this week.
18:05:01 <mcs> This week we will also plan to create a fix for #16488 and we will help with any other 5.0 issues.
18:05:12 <mcs> That's all for us.
18:06:33 <GeKo> here is what I did:
18:06:48 <GeKo> reviewed some bugs above all #16528 and #13313
18:07:23 <GeKo> and I had some fun with #16523
18:07:45 <GeKo> apart from that i tried to move 5.0a4 things forward and
18:07:54 <GeKo> am currently quite distracted by the workshop
18:08:10 <GeKo> this week is workshop and releases time it seems
18:08:27 <GeKo> we'll see what else I'll get done
18:08:32 <GeKo> that's it for me
18:10:03 <mikeperry> ok, I can go now
18:10:08 <mikeperry> Last week I spent a lot of time discussing website traffic fingerprinting research with mjuarez. They have some very promising results. I'm very excited. I also met with mozilla, reviewed HTTP/2, SPDY, TLS 1.3, and QUIC, and closed #12975, #16316, #16528, #15781, #16005, #16510, #16625, and #16632.  I also reviewed and merged a several other tickets.
18:10:30 <mikeperry> This week is the HTTP workshop. I'm working on slides for my review of HTTP/2, SPDY, TLS 1.3, and QUIC for tomorrow. I am also hoping to wrap up the 5.0a4 release, so GeKo and I can start a build. Hopefully boklm can join us as an official builder+signer.
18:10:47 <mikeperry> As for #14952, I think we need to wait before we enable it. We have quite a bit of isolation work to do, mostly due to protocol discovery issues and related statekeeping.
18:12:07 <mikeperry> for 5.0a4, the things on my radar are in https://trac.torproject.org/projects/tor/query?keywords=~tbb-5.0a4&status=!closed&order=priority and https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~TorBrowserTeam201507R
18:12:40 <mikeperry> if you have something for 5.0a4 that is not in those lists (or the list of already merged, closed tickets), you should speak up
18:12:43 <mikeperry> that's it for me
18:14:31 * arthuredelstein can go
18:14:40 <arthuredelstein> Last week I mainly revised my patches for #13313, #16429 and #16678.
18:15:08 <arthuredelstein> This week I plan to work more on #13313 (moving all patches to tor-browser.git and trying to homogenize font rendering settings across platforms).
18:15:23 <arthuredelstein> Also, I’ll try to help with some patches that are close to upstreaming in Firefox.
18:15:42 <arthuredelstein> And I’ll help with any last-minute 5.0a4 things as needed.
18:15:53 <arthuredelstein> That's all for me
18:18:03 <mikeperry> actually, did boklm say he was going to be on vacation/travelling this week? I think he may have
18:19:04 <mikeperry> oh, also: Mozilla's plan wrt isolation is https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers. We may be able to share some implementation wrt our first party isolation plumbing, but it will probably require some retooling. Dave Huseby is our point of contact for getting patches reveiwed, updated to match that containers plan, and/or merged, especially if things are stalling
18:20:31 <arthuredelstein> So none of this is implemented right now, correct?
18:20:55 <mikeperry> right. they just started working on it two weeks ago
18:21:26 <mikeperry> Steven Englehardt is the main person on it.
18:21:37 <mikeperry> I invited him and dave to our meetings
18:21:46 <GeKo> back then I thought it did not exactly fit out needs
18:21:55 <GeKo> but maybe theat can be tweaked
18:22:10 <GeKo> *that
18:22:15 <arthuredelstein> It might be useful to schedule an online meeting with the Mozilla folks on this issue
18:23:02 <mikeperry> oh, I think englehardt might be that person
18:23:38 <GeKo> arthuredelstein: maybe but I guess just a regular application meeting might be enough
18:24:19 <GeKo> I definitely like to know why we should try to get all our stuff working in a container if we have profiles at hand
18:24:24 <arthuredelstein> Sure -- I just mean a meeting where we know they will be able to make it :)
18:24:27 <GeKo> i.e. a tor progile
18:24:29 <mikeperry> Dave said he should be able to make these meetings, though I didn't inform him of the time change for this week until late sunday night
18:24:45 <GeKo> he was in #tor-dev yesterday :(
18:25:00 <mikeperry> he acked my mail about the meeting time change
18:25:01 <GeKo> s/progile/profile
18:25:04 <mikeperry> aha, here he is
18:25:14 <huseby> (hey, sorry I'm late)
18:25:20 <GeKo> hi
18:25:23 <huseby> what'd I miss?
18:25:24 <arthuredelstein> Hi Dave!
18:25:42 <huseby> hi
18:25:59 <mikeperry> huseby: just the status updates. there will be a log as soon as the meeting is over
18:26:20 <huseby> k
18:26:30 <huseby> is everybody done?
18:26:35 <huseby> should I give my status update?
18:26:37 <mikeperry> we're wrapping up our last alpha based on 38esr before the switch, so most of the updates were about that
18:26:47 <huseby> k
18:26:48 <mikeperry> sure
18:27:16 <huseby> I've been mostly going through the spreadsheet of bugs and making sure that their status are right
18:27:23 <huseby> I've sent out a few ni? about some bugs
18:27:30 <huseby> and some r? for some rebased patches
18:28:01 <arthuredelstein> huseby: I'll look at the system colors r? later today.
18:28:20 <huseby> I'm trying to land: bz 232227/trac 6786,7920
18:28:27 <huseby> arthuredelstein: thanks
18:28:47 <huseby> that's it for me, expect more ni? soon.
18:28:52 <mikeperry> #6786 #7920
18:29:29 <huseby> I have an internal meeting with moz product/policy/engineering on thursday to set our internal goals for esr 45 so i'll report back on our roadmap next week
18:29:36 <huseby> that's it for me
18:30:01 <huseby> wait, one more thing
18:30:10 <huseby> it looks like #10715 is fixed on your end
18:30:26 <huseby> that's our bz 570342
18:30:36 <huseby> which is a meta bug that has all sub-bugs fixed
18:30:44 <huseby> is this confirmed to be fixed?
18:31:01 <huseby> it's pretty old, so I assume it is...just wanted to check before closing it out
18:31:10 <huseby> that's it for me
18:31:26 <GeKo> yeah, there was some issue with the user's setup
18:31:40 <GeKo> IIRC I was able to reproduce the problem back then
18:32:00 <GeKo> I have it on my TODO to try that with a newer Tor Browser
18:32:30 <GeKo> a, wait
18:32:43 <GeKo> wrong issue, nevermind
18:33:33 <GeKo> (I had #13507 in mind)
18:34:28 <huseby> GeKo: should that be linked to #10715 on my spreadsheet?
18:34:49 <GeKo> no, that's fine
18:35:10 <huseby> BTW, the spreadsheet I'm working with is here: https://docs.google.com/spreadsheets/d/1rF4Gah_OEequYDfPedoQu3oETM5Gj4NagxDuKQG-IOk/edit?usp=sharing
18:38:01 <GeKo> thanks
18:38:02 <arthuredelstein> Here's our mozconfigs, which includes #10715 fix which re-enabled webgl: https://gitweb.torproject.org/tor-browser.git/commit/?h=tor-browser-38.1.0esr-5.0-1&id=ef9ba2e266bfb844500bed8cd9b60b4102caff8b
18:38:17 <arthuredelstein> In our current branch.
18:39:12 <huseby> arthuredelstein: is there anything to upstream?
18:39:29 <huseby> AFAIK, we don't check in mozconfigs
18:39:39 <huseby> but there's no reason I couldn't start a contrib folder with these mozconfigs in there
18:40:18 <arthuredelstein> It doesn't look like it to me. Basically the commit mentioned as fixing #10715 removed a "--disable-webgl" flag from our mozconfig
18:40:55 <arthuredelstein> And that was later squashed into our "TB3:mozconfigs" patch.
18:41:29 <arthuredelstein> So, no I think nothing needs to be upstreamed.
18:41:52 <huseby> OK, I'll close out bz 570342 then and call that fixed
18:42:23 <arthuredelstein> huseby: One big question we have is how TBB's first-party isolation work can be upstreamed to Firefox, and whether that can/should mesh with the plan at https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers.
18:43:22 <huseby> arthuredelstein: yes, that's the elephant in the room
18:43:30 <huseby> my meeting on thursday is primarily about that
18:43:54 <huseby> arthuredelstein: do I already have the tracs for your isolation work in my spreadsheet?
18:44:06 <huseby> I haven't gone through any of the new esr 38 tracs yet
18:44:35 <arthuredelstein> Yes, I think so. I can go through them again and send you updates
18:45:22 <GeKo> huseby: so, why containers and not just a separate tor profile? what does the container idea buy us additionally?
18:45:25 <huseby> that'd be great
18:45:50 <huseby> GeKo: I don't think I know enough about it to answer your question
18:45:54 <huseby> (yet)
18:45:58 <huseby> I'm playing catchup
18:46:08 <GeKo> ah, okay
18:46:10 <huseby> I just moved over from Firefox OS to platform security just two weeks ago
18:46:13 <arthuredelstein> huseby: One idea I had is to create some kind of "nsIIsolationKeyProducer" where plugins (such as torbutton) can provide their own function that takes channel/document and produces an "isolation key".
18:46:43 <huseby> and the isolation key gets appended whenever we do hashing of anything?
18:46:54 <arthuredelstein> huseby: Right.
18:46:56 <huseby> e.g. cookies, etc?
18:47:11 <huseby> I think that sounds similar to what we're working on
18:47:20 <arthuredelstein> Yes. Currently tor-browser uses first-party domain as its isolation key, but that might not match what Mozilla is working on.
18:47:33 <arthuredelstein> By first-party domain I mean URL bar domain
18:47:39 <huseby> jonas sicking and bobby holley just did some work in this area
18:48:01 <huseby> adding domain "attribute" flags that essentially appends characters to the input of the hash function
18:48:17 <GeKo> nice
18:48:21 <huseby> yes, I understood you, re: URL bar domain
18:48:49 <mikeperry> GeKo: the containers are meant to deal with identifier sources/storage to give the user better control over per-site state.. the tor profile would be for tor-wide prefs
18:48:51 <huseby> so their work was to support the new app security model on FxOS
18:49:47 <huseby> arthuredelstein: so we're using the terms "hat" and "containers"
18:50:08 <mikeperry> but huseby was saying on tuesday that maybe we would also virtualize/CoW/isolate the pref system for private/tor windows
18:50:09 <huseby> IIRC "hats" are profile overlays and "containers" are the hashing changes
18:50:24 <huseby> mikeperry: yes, i *think* that's part of the "hats" thing
18:50:33 <GeKo> mikeperry: ah, we are talking about conainers within the tor profile?
18:50:37 <GeKo> that makes sense
18:50:38 <mikeperry> yes
18:50:56 <huseby> where you have a base set of prefs and then a "tor hat" overlay that has the tor-specific set of settings
18:50:59 <huseby> but don't quote me on that
18:51:06 <huseby> as I said, I'm catching up as fast as I can
18:51:12 <huseby> i'll know more after my meeting on thursday
18:51:45 <arthuredelstein> Is that an online meeting. Like, can we eavesdrop? :)
18:56:10 <huseby> arthuredelstein: hrm...we're meeting with internal policy and product, so no
18:56:19 <arthuredelstein> OK, no worries :)
18:56:24 <huseby> but I'll arrange a follow-on meeting with just engineering and invite you and mike perry
18:56:29 <huseby> anybody else that i should invite?
18:56:42 <huseby> i think it would be good because we're actively developing this solution
18:57:02 <huseby> it would be great to be working together rather than on parallel solutions
18:57:14 <arthuredelstein> Yes exactly. thanks.
18:57:34 <GeKo> huseby: I'd like to attend, too
18:58:00 <huseby> GeKo: sure, will you email me with your PGP key fingerprint? I'm dhuseby@mozilla.com
19:01:39 <huseby> mikeperry: so is this meeting back to the regular time/place next week?
19:01:45 <mikeperry> yes
19:01:53 <huseby> k, thanks
19:01:58 <huseby> I won't be late next week :)
19:02:01 <Yawning> hey tbb people, cherrypick #16674 if you haven't already
19:02:03 <Yawning> that is all
19:02:07 <mikeperry> Yawning: already done
19:02:08 <Yawning> (merged in master)
19:02:09 <GeKo> we have
19:02:11 <Yawning> oh ok
19:02:18 <Yawning> sorry, didn't see a comemnt on the ticket
19:02:20 <GeKo> huseby: done
19:02:21 <Yawning> ty <3
19:02:32 <huseby> GeKo: thanks
19:02:46 <Yawning> the "problem" url appears to work fine with master for me so
19:02:59 <Yawning> (did I get the tags right when I added you two?)
19:03:26 <GeKo> ?
19:03:56 <Yawning> I guessed at what tags I should add for "tbb tor should have this"
19:04:03 <mikeperry> yes, you got the review tag right
19:04:08 <Yawning> :D
19:04:18 <GeKo> ah, yes :)
19:04:27 <Yawning> sorry, been like, sick/busy/etc
19:04:49 <Yawning> mostly a combination of sick and trying to deal with real life
19:04:56 <GeKo> all of it? get better
19:05:09 <Yawning> thanks for the quick response <3
19:05:28 <Yawning> if there's other stuff that tor borwser needs from tor lemmie know
19:05:33 <GeKo> sure
19:06:16 <mrphs> I have a few questions at the end of the meeting. please let me know when is appropriate to ask them.
19:06:19 <mikeperry> ok, we've passed the 1hr mark. anything else for this week and/or 5.0a4?
19:06:42 <mikeperry> ah, sure, go ahead mrphs. we stopped doing status updates some time ago.
19:07:08 <GeKo> mikeperry: I can take care of all the tagging and boilerplate stuff for 5.0a4 so you can work on your slides
19:07:16 <mrphs> so my first question is whether there's an agenda for application team meetings that is being posted in advance?
19:07:57 <mikeperry> did you see my mails about them? they are scrum-style. no pre-set agenda, just a format
19:08:02 <mikeperry> https://lists.torproject.org/pipermail/tbb-dev/2014-February/000000.html
19:08:04 <Yawning> oh right, gl at the conference
19:08:17 <Yawning> I will be rooting for y'all to keep them from doing anything overly dumb to http
19:08:20 <Yawning> :D
19:08:21 <mrphs> mikeperry: sorry mike i missed it. reading...
19:08:33 <GeKo> Yawning: haha
19:08:53 <mrphs> my second question is, whether this meeting is a good place to talk and brainstorm about creating a usability team
19:10:03 <GeKo> why not?
19:10:10 <mrphs> i have some ideas and I'm talking with isabela to shape them better, but i dont want it to be a surprise to the rest of the devs
19:10:35 <mrphs> I'm more interested to figure whether we can create an echosystem of somesort
19:11:02 <GeKo> so you mean a team as part of the application team like the tor browser team?
19:11:33 <mrphs> yes, but may or may not include the same sets of people
19:12:05 <mikeperry> mrphs: as soon as things calm down from this conference and esr38 I plan on sending those UX principles around
19:12:24 <mrphs> who is going to be in that team isn't important right now. what's important is to have an echosystem that we all understand
19:13:01 <mrphs> mikeperry: so I'm afraid it might confuse people if they dont have background context of what and why
19:13:17 <mrphs> and might affect 'how' in a negative way
19:13:36 <mrphs> I suppose I should wait until after esr38 and re-surface this thing
19:17:32 <arthuredelstein> mrphs: Now I'm curious! :)
19:18:15 <mikeperry> yeah, August 11th is the switch date
19:18:34 <mikeperry> things should be calmer after next week though, I hope
19:18:37 <mrphs> arthuredelstein: I'm glad I intrigued you :D
19:18:49 <mrphs> let's touch base on/after Aug 11th
19:19:45 <huseby> mikeperry: which con are you presenting at?
19:19:50 <huseby> bh? dc?
19:19:57 <mikeperry> http workshop
19:20:06 <huseby> ah, goodluck
19:20:15 <huseby> mikeperry: you going to be at bsides/bh/dc?
19:20:18 <mrphs> oh btw, I'm gonna be at bh. if anyone else is going
19:20:27 <huseby> mrphs: no bh for me this year
19:20:29 <mikeperry> nope
19:20:34 <huseby> last year was kinda dumb
19:20:41 <huseby> not worth the money IMO
19:20:59 <huseby> i would have had more fun at the avn's
19:21:22 <Yawning> not even for the hallway/smoking area talks?
19:21:33 <Yawning> that's the best part of any tech conference imo :P
19:22:35 <mrphs> okay i gotta run. thanks for being awesome application team!
19:24:25 <mikeperry> ok, anything else?
19:25:14 <huseby> i've got nothin'
19:25:47 <mikeperry> alright, let's call it!
19:25:51 <mikeperry> #endmeeting *baf*