#tor-meeting log

18:01:40 <GeKo> #startmeeting
18:01:40 <MeetBot> Meeting started Mon Oct  2 18:01:40 2017 UTC.  The chair is GeKo. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:01:40 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
18:02:07 <GeKo> alright, i hope everyone made it to the new meeting channel
18:02:14 <isabela> heehe
18:02:20 <GeKo> let's start with the weekly status update
18:02:34 <GeKo> who wants to go first today?
18:02:43 * arthuredelstein can go
18:02:59 <arthuredelstein> This past week I worked on ubsan: https://bugzilla.mozilla.org/1404547
18:03:17 <arthuredelstein> I focused on trying to land the -fsanitize=enum patches in Mozilla so that we can add that flag to the Mozilla debug build. The next flag I plan to work on is fsanitize=signed-integer-overflow -- I have a few patches for that as well but there are many more to do.
18:03:42 <arthuredelstein> I also worked on #22343. I'm trying to writing unit tests to cover every possibility and then hopefully that will smoke out any more bugs in my patch.
18:03:59 <arthuredelstein> I met with the Mozilla uplift team and reviewed a couple of their uplifted patches.
18:04:08 <arthuredelstein> And I revised my patch for #23025.
18:04:45 <arthuredelstein> This week I plan to try to finish #22343 and fsanitize=enum.
18:04:52 <arthuredelstein> This week I plan to try to finish #22343 and fsanitize=enum.
18:04:56 <arthuredelstein> And also high on my list is fixing #18101 (for Mac and Windows) and #23024.
18:05:02 <arthuredelstein> Stupid copy/paste
18:05:09 <arthuredelstein> That's it for me.
18:05:19 <GeKo> thanks. who is next?
18:05:34 <tjr> I can go
18:05:52 <tjr> I worked on MinGW some more, moving it closed to final merge. Got some mingw bugs fixed upstream
18:06:07 <tjr> I talked with nmago about the crash reporter a bit
18:06:29 <tjr> He seems to have found some unexpected code and behavior that was different from what he saw before.
18:06:56 <tjr> breakpad bypassing the proxy
18:07:12 <GeKo> wow
18:07:13 <tjr> also the about:config setting doesn't seem to apply, and he needed to edit a .ini file
18:07:19 <tjr> So we're going to dig into that more
18:08:03 <tjr> tor recently grew an http proxy IIRC, so if we need to use that I presume we'll be able to in some nearish future version of Tor Browser?
18:08:16 <GeKo> yes
18:08:28 <tjr> Okay cool.  That's it for me
18:09:02 <GeKo> thanks. who is next?
18:09:14 * pospeselr can go
18:09:41 <pospeselr> looks like my fix for #22501 went in last week, and patch for #13398 has been approved
18:10:06 <pospeselr> spent a fair bit of time in different VMs/configurations trying to repro #23016 (with no luck)
18:11:05 <pospeselr> GeKo: could use another ticket to look at in parallel while we wait for more info from intrigeri
18:11:12 <pospeselr> That's it for me
18:12:04 * mcs will go next
18:12:19 <GeKo> pospeselr: i think comment:22 might have a hint
18:12:39 <GeKo> the locales reconfiguration might help you
18:12:53 <GeKo> both intrigeri and i don't use a en-US system
18:13:04 <pospeselr> ok!
18:13:15 <GeKo> and i tracked it down on my system to javascript.use_us_english_locale
18:13:26 <GeKo> flipping that pref fixes the problem on my system
18:13:52 <GeKo> now the question is why is that an issue and why is that related to multiprocess mode (in my case at least)
18:14:12 <arthuredelstein> That's interesting. I think javascript.use_us_english_locale is a bit different in Firefox IIRC.
18:14:22 <GeKo> arthuredelstein: it happens there as well
18:14:28 <pospeselr> ah ok awesome
18:14:33 <GeKo> i mean to file a firefox bug late
18:14:34 <GeKo> r
18:14:37 <GeKo> or tomorrow
18:14:51 <GeKo> but i wanted to get some feedback from intrigeri first
18:14:58 <GeKo> whether that fixes his issue as well
18:15:24 <GeKo> pospeselr: that said feel free to pick any ticket tagged with TorBrowserTeam201710 that interests you
18:15:27 <pospeselr> should any fix for that be done on the firefox side of things and wait for the fix to come down, or both?
18:15:40 <pospeselr> assuming it's a FF problem
18:15:43 <GeKo> yeah, good question
18:15:46 <pospeselr> okay!
18:16:15 <GeKo> if we can easily provide a patch we should do it ourselves and upstream it
18:16:44 <GeKo> mcs: alright, sorry for the delay
18:16:46 <pospeselr> understood
18:16:47 <GeKo> you have the floor
18:16:58 <mcs> okay
18:17:03 <mcs> Last week, Kathy and I made more progress on #23262 and along the way we also took care of some #23261 leftovers.
18:17:10 <mcs> We reviewed Isabela’s roadmap – especially the UX items – and added some more items plus some links to tickets.
18:17:15 <mcs> We met with catalyst and isabela to discuss the fancy progress bar for Tor Launcher, along with possible improvements in tor’s bootstrap status reporting.
18:17:21 <mcs> This is a sketch of what the progress bar will eventually look like: https://marvelapp.com/3f6102d/screen/31457651
18:17:26 <mcs> For now, Tor Launcher will have a simple progress bar; once the tor improvements are ready, we can work on the fancier one that should provide a better user experience.
18:17:33 <mcs> Last week we also did some research for #23136 and exchanged some email with dcf and isis.
18:17:38 <mcs> This week we plan to continue working on #23136 with the goal of creating a good plan for implementation.
18:17:43 <mcs> That’s all for us.
18:18:04 <GeKo> what does "merge_ready" for #23261 mean?
18:18:11 <GeKo> who needs to do something here?
18:18:59 <mcs> I don’t think that ticket should be merge_ready because the code is not. I forgot that linda made that change at some point.
18:19:10 <mcs> I will adjust the status in the ticket.
18:19:18 <GeKo> and could you give a rough percentage value for how far we already are wrt to the bridge selection improvement and moat?
18:19:28 <GeKo> like could we say in both cases that 50% is done?
18:19:39 <GeKo> or 50% in the former and 20% in the latter?
18:20:13 <GeKo> it's just for the spreadsheet
18:20:22 <GeKo> to give a rough estimate on where we are
18:20:41 <mcs> I am not sure what the scope of the bridge selection improvement is, but if it includes all of the UX changes I would say we are 85% done.
18:20:53 <isabela> mcs: on network team meeting just before this one isis gave an update on moat server - eta is mid this week to have something you can start using
18:20:54 <mcs> moat is more like 20%
18:21:11 <GeKo> okay, sounds reasonable, thanks
18:21:12 <mcs> isabela: I saw that; thanks for asking isis for us.
18:21:19 <isabela> cool
18:21:25 <isabela> i was thinking we follow up on this on wed
18:21:31 <isabela> i will send email to everyone to do so
18:22:12 <GeKo> who else is here for a status update?
18:22:21 * boklm can go next
18:22:31 <GeKo> please do!
18:22:38 <boklm> This past week I helped publishing the new releases.
18:22:43 * isabela has some points to share with the team :) eventually
18:22:46 <boklm> I fixed #23680, started thinking about #23657, and finished #23384.
18:22:50 <boklm> I also signed a Tor Messenger release and fixed #23734 and #23385
18:22:59 <boklm> I created a ticket for creating a VM for fpcentral: #23737
18:23:13 <boklm> This week I'm planning to work on #23738 (once the fpcentral VM has been created) and get back to the Windows 64 build.
18:23:22 <boklm> That's it for me
18:23:34 <GeKo> yes, those are the most important issues.
18:23:55 <GeKo> one thing you can work on, too, is getting debug builds integrated into tor-browser-build
18:24:16 <boklm> debug builds?
18:24:23 <GeKo> we have a fuzzing deliverable and i think having those build using them would be good
18:24:52 <GeKo> well, if we think we want to fuzz our patches without a special type of build fine
18:25:11 <boklm> do we have a ticket for that?
18:25:42 <boklm> #21998
18:25:45 <GeKo> yes
18:25:48 <boklm> ok
18:26:06 <GeKo> and the activity mentioned Rigorously memory safety test (eg: fuzzing) using Address Sanitizer builds
18:26:28 <boklm> ok
18:26:31 <GeKo> so strictly speaking we could think about doing something else instead of fuzzing
18:27:08 <GeKo> i am fine if we want
18:27:48 <GeKo> but we want to start to fuzz our code anyway
18:27:59 <GeKo> so we could use to set some infrastructure up for it
18:28:08 <boklm> ok
18:28:33 <GeKo> boklm: my current plan is that you could mostly work on that in november
18:28:53 <boklm> that sounds good
18:28:54 <GeKo> we'll see if that works out given the other things on your plate
18:28:59 <GeKo> good!
18:29:11 <GeKo> alright, i think i can go now
18:29:25 <GeKo> this week i got dragged into #23016
18:29:50 <GeKo> we had a rather bumpy release that needed more attention than usual
18:29:58 <GeKo> especially due to noscript bugs
18:30:30 <GeKo> like #23718, #23723 and #23724
18:30:48 <GeKo> i spent some time on #21256
18:30:59 <GeKo> and on #23409
18:31:27 <GeKo> additionally the clouldfalre extension review related things ate quite some time
18:31:51 <GeKo> i reviewed #13398
18:32:08 <GeKo> and started to look at the patch for #16678
18:32:22 <GeKo> this week i plan to be afk tomrrow
18:32:44 <GeKo> but apart from that i hope to finish review for #16678 and get #23409 done
18:33:12 <GeKo> then i'll probably spend some time preparing all the meetings we'll have next week
18:33:33 <GeKo> the cloudflare extension will be a topic this week as well
18:33:47 <GeKo> and i'll be doing the being-of-the-month-admin-stuff
18:34:05 <GeKo> not sure what time will remain for looking at code :/
18:34:08 <GeKo> or other issues
18:34:14 <GeKo> that's it for me
18:34:21 * isabela could go
18:34:42 <mcs> What are our plans with respect to the Cloudflare extension? [maybe this is a good discussion topic?]
18:35:30 <GeKo> mcs: we can discuss it a bit later, yes
18:35:36 <mcs> sounds good
18:36:30 <GeKo> isabela: please go
18:36:40 <isabela> ok
18:37:15 <isabela> thanks for the input on the roadmap last week, i ran that with the ux team and we picked some stuff - the final list of what we are adding in the designer proposal is here
18:37:23 <isabela> https://docs.google.com/document/d/1kE6YbB1ecaXXFCLkLU2BmDVngb1u-IRZG2MW5tRKvns/edit#
18:37:27 <isabela> if you are curious :)
18:38:07 <isabela> another thing is that, I want to update the tor launcher feature brief with all the current work and decisions we are making
18:38:30 <isabela> i want to share this with otf at the end of our contract when we are done with the tor launcher and moat deliverables
18:38:52 <isabela> as of 'what is our vision for future iteractions here'
18:39:19 <isabela> otf will ask about that for sure :) and I have spoke about it with adam too
18:39:26 <isabela> for montreal
18:40:19 <GeKo> you want to have a session for it in montreal?
18:40:20 <isabela> i would like to ask the team 1. be part of the website redesign discussion :) specially because of the download path
18:40:38 <isabela> GeKo: nope
18:41:48 <isabela> and 2. i will put together the mobile sponsor8 deliverables by timeline order
18:42:04 <isabela> so you all can take those into consideration specially for things like
18:42:12 <isabela> changing the toolbar features
18:42:40 <isabela> from now on whatever you do on desktop will need a way to exist on mobile :)
18:42:57 <isabela> to take that into consideration when talking about roadmap tasks etc
18:43:06 <isabela> that's it
18:43:38 <GeKo> thanks
18:43:57 <GeKo> who else is here for a status update?
18:45:00 <GeKo> okay discussion time
18:45:25 <GeKo> i don't have anything in particular, so let's move to the cloudflare extension
18:46:20 <GeKo> to give some background: the underlying issue is that tor browser users have been seen a lot of CAPTCHAs due
18:46:40 <GeKo> to cloudflare giving tor exit relays a bad reputation
18:46:57 <GeKo> they guard that way against potential attacks
18:47:16 <GeKo> which led to users abandoning tor browser because they thought our browser is broken
18:48:04 <GeKo> they are developing an extension that tries to solve this issue in a privacy-preserving way by using some clever anonymous credential system where you need to spend tokens to avoid CAPTCHAs
18:48:21 <GeKo> i am currently reviewing that extension and provide feedback
18:48:43 <GeKo> our plans regarding the extension: that's a tricky issue
18:49:26 <GeKo> let me put it that way: we are currently looking only that it addresses tor browser needs
18:49:39 <GeKo> from a review point of view
18:50:01 <GeKo> but that does not mean that it automatically gets included once it is compatible with our design document
18:50:27 <mcs> That seems like a good first step. We don’t have to make a decision yet about whether to recommend it, bundle it, or recommend that people avoid it.
18:50:32 <GeKo> there are much far-reaching things to concern like what about non tor-browser tor users?
18:50:40 <GeKo> that don't have xul and js available?
18:50:51 <GeKo> mcs: yes
18:50:59 <arthuredelstein> Is there are place we can see the code?
18:51:13 <GeKo> we'll have at least two sessions in montreal about this topic
18:51:23 <GeKo> and i bet a bunch of other discussions
18:51:34 <GeKo> arthuredelstein: not yet, it's behind a private github repo
18:51:35 <mcs> Bundling is also costly for our small team due to potential for updates of the brower or extension to cause problems… see recent NoScript problems.
18:51:54 <GeKo> yeah, but that's the least of my problems with it right now :)
18:52:42 <GeKo> from a technical point of view one of the most problematic issues it that it needs third party cookies allowed
18:53:08 <GeKo> to avoid spending too many tokens on third-party requests behind cloudflare
18:53:24 <GeKo> and we are currently having those cookies disabled
18:53:26 <GeKo> but there is more
18:54:00 <GeKo> anyway, the technical side is currently being worked on and we'll have plenty of time to discuss that and other related issues in montreal i guess
18:54:01 <msvb-lab> GeKo: I believe there's still an outstanding bug for third party cookies.
18:54:32 <GeKo> well, double-keying should work
18:54:46 <arthuredelstein> Is it a webextension?
18:54:46 <GeKo> but we need to verify that and fix the cookie manager UI
18:54:49 <GeKo> yes
18:54:55 <tjr> I didn't realize third party cookies were disabled; i didn't think they mattered much with FPI
18:55:24 <GeKo> yes, we want to enable them
18:55:44 <GeKo> but did not get around yet to solving the two remaining tickets for it
18:56:55 <GeKo> #21905 is the one
18:57:10 <GeKo> and #10535 the other
18:57:16 <GeKo> err #10353
18:57:46 <GeKo> anything else to discuss today (or some additional points)?
18:58:28 <arthuredelstein> GeKo: I'm curious -- what privacy-preserving mechanism are they using?
18:58:57 <mcs> I have just a quick question: the deadline for our current Sponsor4 contract is to deliver by 12/1/2017, correct?
18:59:11 <GeKo> yes
18:59:19 <mcs> thx
18:59:26 <GeKo> arthuredelstein: blinded tokens
18:59:27 <mcs> I just wanted to be sure
19:00:08 <GeKo> thanks all for the meeting *baf*
19:00:11 <GeKo> #endmeeting