#tor-dev log

18:01:43 <GeKo> #startmeeting tor browser
18:01:43 <MeetBot> Meeting started Mon Oct 24 18:01:43 2016 UTC.  The chair is GeKo. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:01:43 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
18:01:48 <GeKo> hi all!
18:01:53 <arthuredelstein> hi everyone!
18:01:54 <boklm> hi
18:01:56 <GeKo> and welcome to another tor browser meeting
18:02:08 * isabela is lurking
18:02:16 <GeKo> who wants to give a status update?
18:03:02 * boklm can go
18:03:10 <boklm> This past week I have been working on #19067, #15138 and #20439
18:03:17 <boklm> This week I'm planning to finish #19067, #15138 and #20439
18:03:23 <boklm> That's it for me
18:04:31 <GeKo> boklm: if you feel like doing review business, #20147 might be something
18:04:42 <GeKo> to get you are bit distracted from the other work :)
18:04:48 <boklm> ok :)
18:06:14 <GeKo> okay, i did mostly spend my time reviewing and testing patches
18:06:40 <GeKo> this morning the queue seemed to be quite empty but it seems it is filling again :)
18:07:00 <GeKo> so i probably will be spending again quite some time with reviews
18:07:50 <GeKo> then i plan to make serious progress on #20352
18:08:15 <GeKo> and get back to investigate crashes i encountered with h the sandboxed tor browser
18:08:21 <GeKo> s/h//
18:08:45 <GeKo> i plan to work on #20442
18:09:09 <GeKo> seems worthwhile to get fixed although i think this will go into the alpha series first
18:09:24 <GeKo> the changes apply to that cleanly
18:09:30 <GeKo> that's it for me for now
18:09:58 * mcs will go next
18:10:09 <mcs> Last week, Kathy and I worked on #20121. We will post patches soon.
18:10:15 <mcs> We did some followup work for #20111 and we spent a little time on #20204.
18:10:23 <GeKo> yay, patches
18:10:32 <mcs> Also, we reviewed some patches and spent some time on bug triage.
18:10:35 <mcs> This week we will debug the new issues that are caused by the #20204 backported patches,
18:10:42 <mcs> we will revise our #20185 patch,
18:10:49 <mcs> and then we will work some more on MacOS sandboxing (#20121).
18:10:55 <mcs> That’s all for us.
18:11:26 <GeKo> if you have some idea for how to get debug logs for #20427 please post to the ticket
18:11:26 * arthuredelstein can go
18:11:31 <GeKo> mcs: ^
18:11:47 <GeKo> maybe that is related to the os x control port issues?
18:11:57 <mcs> GeKo: OK. Difficult on Windows :(
18:12:00 <GeKo> and it seems the user is willing to help to track things down
18:12:03 <GeKo> yeah i know
18:12:30 <GeKo> otherwise i'll sit down tomorrow and try to figure a proper comment on the ticket out
18:12:54 <GeKo> (and hopefully without overwhelming and scaring away them)
18:13:15 <GeKo> sorry arthuredelstein
18:13:30 <arthuredelstein> np! Sorry I jumped the gun :)
18:13:35 <arthuredelstein> This week I worked on and posted patches for
18:13:38 <arthuredelstein> #20399, #20347, and #20264.
18:13:44 <arthuredelstein> I also revised #20394 and #19459,
18:13:53 <arthuredelstein> and I worked on #16622 (not done yet).
18:13:58 <arthuredelstein> I opened #20414.
18:14:04 <arthuredelstein> I also opened https://bugzilla.mozilla.org/show_bug.cgi?id=1308340
18:14:05 <arthuredelstein> which generated some interesting discussion.
18:14:22 <arthuredelstein> This week I hope to finish #16622 and start working on memory allocator stuff for SponsorU. And continue to help Mozilla folks with the isolation patch uplifting ahead of the November 7 deadline.
18:14:33 <arthuredelstein> That's it for me.
18:16:44 <GeKo> okay. who else is here for giving some kind of status update?
18:16:52 <arlolra> I
18:16:55 <tjr> I
18:17:44 <tjr> arlolra: why don't you go
18:17:48 <arlolra> ok
18:18:33 <arlolra> TorMessenger has a release queued, but we're blocked on preparing dist for the updates.  boklm said he'd look into that next month, so we may just wait until the next esr
18:19:32 <GeKo> yeah
18:19:53 <arlolra> separately, we have a build of snowflake working that we (serene and I) would like to get into the TB alpha releases
18:20:17 <GeKo> for all three platforms?
18:20:22 <GeKo> and it is reproducible?
18:20:25 <arlolra> no, just linux and macos
18:20:33 <arlolra> maybe just linux
18:20:35 <GeKo> hrm.
18:20:55 <arlolra> linux is reproducible
18:20:57 <arlolra> macos not yet
18:21:15 <mcs> I feel like we need a better way to deliver new experimental PTs without integrating them into TB.
18:21:35 <GeKo> how much would it add to the bundle size?
18:22:02 <arlolra> #19001 has some info
18:22:41 <arlolra> also, https://trac.torproject.org/projects/tor/ticket/19569#comment:1
18:22:56 <arlolra> roughly, a couple MB
18:23:41 <arlolra> but maybe we want to let tjr update before discussing in detail?
18:23:52 <GeKo> sounds good
18:23:57 <tjr> kk
18:24:04 <tjr> Don't have much to report right now, but Richard Barnes, Dan Veditz, and I are having an allday meeting tomorrow about Tor stuff. We'll go over:
18:24:04 <tjr> Patch Uplift (I believe I'm at least somewhat familiar with all of the open issues right now)
18:24:04 <tjr> things we can do to improve our release process wrt TB (proxy escape testing, new features & origin attributes, prefs etc)
18:24:04 <tjr> general browser hardening/exploit mitigation (memory partitioning, selfrando, CFI)
18:24:04 <tjr> Fennec, relay hosting, future desktop integration
18:24:05 <tjr> Related to Fennec, I also chatted with Nathan and Hans today about fennec/tor integration and figuring out what the most important things for us to do would be to move that process along
18:24:07 <tjr> So, lots of discussions but nothing concrete. If there's anything you want us to consider specifically, or weight heavily, speak up =)
18:24:51 <GeKo> yeah, i have a mail in my queue replying to all the loose end but am only waiting on mikeperry's input
18:24:56 <GeKo> *ends
18:25:25 <GeKo> ideally you should already have it. will see if you can get it to you tomorrow
18:25:27 <mikeperry> I am here. I will reply to that mail today
18:25:33 <GeKo> ah, cool
18:26:51 <GeKo> tjr: i think an important thing for mobile is to get the critical fixes backported to esr45 as well
18:27:03 <GeKo> iirc that ddid not happen in the past
18:27:08 <GeKo> at least not for esr38
18:27:30 <tjr> Ah, I'm unfamiliar with this, can you unpack it for me?
18:27:37 <tjr> (I didn't know Mobile had an esr?)
18:27:48 <GeKo> well not really
18:27:57 <dveditz> GeKo: that's good feedback. For mobile-only bugs we have not backported because we don't have a mobile ESR
18:27:57 <tjr> okay, just building orfox from the esr branch
18:28:11 <GeKo> okay
18:28:20 <tjr> ahha!
18:28:34 <dveditz> (luckily we don't have may mobile-only bugs)
18:28:38 <dveditz> many
18:28:44 <GeKo> yeah, tor browser for mobile will be based on esrXX as well
18:28:59 <GeKo> at least for the time being, so getting something done on that front would be neat
18:29:09 <dveditz> yeah, sorry I didn't think about that
18:29:37 <GeKo> no worries. we talked about it a while back via email iirc
18:29:49 <GeKo> but then i was not sure whether it got resolved meanwhile
18:30:05 <dveditz> do you need to me to scan back for old bugs or have you gotten them all in?
18:30:56 <GeKo> back then i looked over the esr38 ones you gave us a link to
18:31:10 <GeKo> and pointed nathan at them
18:31:18 <GeKo> but i have not done so for esr45
18:31:23 <dveditz> I'll check 45 then
18:31:33 <GeKo> cool, thanks
18:31:43 <dveditz> and push back on release management when they don't want us to backport
18:31:58 <GeKo> that would be helpful as well i guess
18:32:35 <GeKo> alright any other status updates before discussion time?
18:32:37 <dveditz> from a risk mgmt POV (theirs) the fewer patches the better
18:32:49 <GeKo> sure, i can  understand that
18:32:51 <dveditz> oh, sorry if I've fallen into a mtg
18:33:01 <GeKo> you are welcome :)
18:33:20 <dveditz> got an irc ping on "exploit" above and dropped in to see what was up
18:33:31 <GeKo> ha! that's the weekly tor browser meeting
18:33:54 <GeKo> and it feels you are in the correct place ;)
18:33:59 <dveditz> ironically did not get a ping on my name because tjr spelled it out instead of using my nick :-)
18:34:10 <tjr> I didn't think to check if you were here, sorry!
18:34:27 <arthuredelstein> tjr: +1 for discussing future desktop integration
18:36:14 <GeKo> okay, snowflake
18:36:14 <tjr> So when the meeting is done I want to confirm my understanding of TorButton around that topic
18:36:22 <tjr> (and after snowflake)
18:37:10 <GeKo> arlolra: so, i think we could try to get the linux version in
18:37:16 <arlolra> great
18:37:28 <GeKo> we have reproduciblilty as a requirement
18:37:45 <GeKo> and i am not comfortable to exempt the osx version from it
18:38:02 <arlolra> understood
18:38:17 <GeKo> do you have gitian patches for review somewhere?
18:38:36 <arlolra> yup, let me dig that up
18:39:09 <arlolra> everything so far is on the snowflake branch here
18:39:09 <arlolra> https://gitweb.torproject.org/user/dcf/tor-browser-bundle.git/log/?h=snowflake
18:39:39 <arlolra> but we'll rebase and squash that into something reviewable
18:40:08 <GeKo> that would be neat. please put it in a separate ticket and add the Tor BrowserTeam201610R keyword
18:40:18 <arlolra> dcf documented a lot of the process in #19001
18:40:22 <GeKo> otherwise we might forget it
18:40:50 <arlolra> ok, we'll do that very soon
18:41:03 <arlolra> ie. before nov 8
18:41:29 <GeKo> okay. i can't promise you that we get it in. but we'll try
18:41:41 <arlolra> that's fair, thanks GeKo
18:42:15 <GeKo> mcs: i think i agree with your sentiment but i have no idea how this would look like in practise
18:42:54 <GeKo> the whole idea is to test that in a tor browser context
18:43:20 <GeKo> and i guess we don't want to have another bunch of tor browser series :)
18:43:22 <tjr> Mozilla has a thing I'm not too familiar with called TestPilot which AIUI is an extension people install (opt-in) to get experiments
18:43:51 <GeKo> hm, yeah.
18:44:15 <mcs> So the plan is to ship Snowflake with TB alpha? Has small-scale testing been done with people who know each other? (I assume so)
18:45:13 <arlolra> yeah, we've been running it amongst ourselves
18:46:12 <GeKo> mcs: yes. i think starting with linux at least
18:46:23 <GeKo> seems not a bad choice
18:46:38 <dveditz> TestPilot manages add-ons. If a patch/feature needs to be built-in then you'd need to build it in and preffed off, then TestPilot could manage an experiment to flip the pref on for some people
18:47:07 <mcs> OK. If it is an experiment, let’s label it as such, e,g., in the menu we could have “Snowflake (experimental)” or something similar
18:47:21 <GeKo> yes
18:47:37 <arlolra> sure
18:48:30 <GeKo> do we have anything else for discussion?
18:48:34 <mikeperry> yeah
18:49:00 <mikeperry> I was talking with some folks at OTF, and a forensics report came up. It was from a year or so ago.
18:49:35 <mikeperry> basically, they proved a whistleblower used Tor Browser to leak some documents by examining usage timestamps as well as pagefile.sys (the windows swap file)
18:50:25 <mikeperry> so we discussed what we could do about this
18:50:29 <tjr> usage timestamps on TB or the documents?
18:50:44 <mikeperry> TB
18:50:53 <mikeperry> the thing that clinched it was the URLs in the swapfile
18:51:07 <arthuredelstein> Is it the same case as this one: #17367 ?
18:51:34 <mikeperry> we discussed if mlock() might work. ISTR that needing a special cap or root privs, and either way it might be unstable and not cross-platform?
18:52:10 <mikeperry> the other option would be to have a "Safe Shutdown" button, that allocated and zeroed memory until the system ran out, kind of like tails
18:52:30 <mikeperry> this might work, but probably shouldn't be the default shutdown, since it is slow and may make other apps on the system OOM first
18:53:27 <mikeperry> ah, yeah, I think maybe that is the bug. it certainly is the hting I'm most worried about
18:53:30 <GeKo> mikeperry: the ticket above has some good discussion it seems
18:53:54 <mikeperry> waiting for it to load...
18:54:19 <GeKo> meanwhile: i won't be here next monday. could we move the meeting to tuesday instead?
18:55:01 <GeKo> and do we want to keep 18:00 UTC? i guess so until the US is changing time as well?
18:55:14 <mikeperry> ok, I will add the shutdown idea to that ticket
18:55:31 <mcs> Tuesday is OK for us.
18:55:38 <mikeperry> it should be relatively easy to implement. just a malloc and memset loop at shutdown, with a warning dialog first
18:55:38 <boklm> next tuesday is OK for me
18:56:00 <tjr> I may be unable to join, but don't let me block
18:56:32 <GeKo> mikeperry: if we could get away with that tha might be neat
18:56:46 <GeKo> the other options in the ticket seemed fairly invasive
18:57:05 <GeKo> or not possible tor browser land
18:57:21 <GeKo> arthuredelstein: does tuesday 18:00 UTC work for you as well?
18:58:41 <GeKo> two minutes left. any last minute things?
18:59:33 <GeKo> okay. thanks for the meeting all. *baf*
18:59:36 <GeKo> #endmeeting