19:00:18 <GeKo> #startmeeting tba-a3 prep 19:00:18 <MeetBot> Meeting started Thu Dec 13 19:00:18 2018 UTC. The chair is GeKo. Information about MeetBot at http://wiki.debian.org/MeetBot. 19:00:18 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic. 19:00:26 <sisbell> hi 19:00:34 <GeKo> let's see 19:00:57 <pili> I have put together a quick pad for some reference also: https://storm.torproject.org/shared/8rBxmOjPs26nzQvmUvH9icIvAIE07uWnq6EFwXD0P-k 19:01:05 <GeKo> first of all, we made the tba-a2 milestone, yay! 19:01:06 <pili> with some links and notes 19:01:19 <pili> \o/ 19:01:28 <GeKo> i think this has been the hardest so far 19:01:43 <GeKo> and i think the things yet to come won't be harder 19:02:02 <GeKo> and we have reproducible builds 19:02:07 <GeKo> and a multilocale .apk 19:02:32 <GeKo> good job so far! 19:02:37 <GeKo> now 19:02:43 <antonela> \o/ 19:02:50 <GeKo> https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~TBA-a3 19:03:09 <GeKo> is the link with all the tickets which i have collected to tba-a3 19:03:33 * emmapeel dances a multilocale dance 19:03:59 <GeKo> https://pad.riseup.net/p/tbb-roadmap-2018-19 19:04:13 <GeKo> has the things we want to have for this milestone 19:04:25 <GeKo> ("3rd alpha release") 19:04:36 <GeKo> end of december is too optimistic 19:04:40 <GeKo> :) 19:04:47 <GeKo> so we'll move this to january 19:05:00 <GeKo> i am still pondering whether we should have a separate release for that 19:05:09 <GeKo> and then the security update like a week later 19:05:12 <GeKo> as we did this time 19:05:34 <GeKo> but i think it's fair to say we want to have tba-a3 things out in january 19:05:51 <GeKo> with that in mind, please look over the tba-a3 tickets 19:06:06 <GeKo> and let me know whether it makes sense what i've collected there 19:06:41 <GeKo> additionally i've started using https://trac.torproject.org/projects/tor/query?keywords=~tba-8.5 19:06:51 <sisbell> It doesn't look like much reproducible build stuff for android is in this next release 19:07:04 <GeKo> to tag stuff we want to have in the final release, probably happening at the same time with 8.5 19:07:20 <GeKo> sisbell: we fixed all of it! 19:07:50 <GeKo> (well, probably compiling tor on our own brings some new issues, see the openssl ticket) 19:08:05 <GeKo> but maybe providing x86 builds raises new problems 19:08:07 <GeKo> we'll see 19:08:27 <sisbell> cool, i'll just need to know priorities for me 19:08:38 <sisbell> I can jump in on anything 19:08:39 <GeKo> yeah, no worries we get to that :) 19:08:50 <GeKo> just the basic outline first 19:09:54 <GeKo> sysrqb: what i am a bit unsure about is the state of the pt integration 19:10:14 <GeKo> especially if we don't want to have orbot any longer 19:10:35 <GeKo> which is why #28802 is rather vague 19:11:20 <sysrqb> yes, i think anto and me wanted to talk about that a little inthis meeting, too 19:11:30 <sysrqb> s/me/I/ 19:11:44 <GeKo> okay, let's do this 19:11:58 <sysrqb> in terms of UI 19:13:31 <antonela> yes, we really want to ship a browser that people open it and the browser starts. We may need to consider the bootstrapping moment and also that comment georg you made about exposing users in risk when they are connecting to tor 19:15:03 <antonela> we have been discussing a lot of options to do it, one of them is having a list of countries were we think tor access could be compromised and move users to the Network Settings screen 19:15:10 <antonela> s/were/where 19:16:08 <sysrqb> i think orbot integration depends on how comfortable we are with using #27609, too 19:16:14 <sysrqb> (which i guess may be the next discussion) 19:16:16 <antonela> at some point, we can do that bridge connection under the hoods, but for this scope we may need the user action 19:16:22 <antonela> yep 19:18:02 <sysrqb> at this point, i think we need to decide what we expect the user knows and understands 19:18:03 <GeKo> so, could we separate the ui question for a moment from being able to integrate pt/bridge functionality? 19:18:14 <GeKo> where are we with the latter? 19:18:33 <sysrqb> orbot already has support for obfsproxy and meek 19:18:54 <GeKo> yes. what do we do if we don't want to have orbot? 19:19:18 <sysrqb> that depends on #27609 19:19:25 <sysrqb> i haven't really looked at it 19:19:44 <GeKo> sisbell: where are we with that one? 19:19:57 <sisbell> The tor onion proxy library doesn't have UI so all of that would need to be defined and built 19:20:01 <sysrqb> but i was under the impression that integrating PTs shouldn't be too difficult 19:20:36 <sysrqb> right, no UI, but would shipping additional binaries (pluggable transports) and installing/upgrading be "easy"? 19:20:47 <sisbell> Installing is easy 19:20:57 <sysrqb> do you think? 19:21:04 <sisbell> I'm not sure what pluggable transports involves 19:21:23 <sysrqb> okay, i guess this'll need some more research 19:21:32 <sisbell> Yeah, the installing is just copying files from tor-android-binary 19:21:58 <sysrqb> these binaries won't necessarily be in tor-android-binary 19:22:08 <sysrqb> they're currently built by tor-browser-build 19:22:25 <sysrqb> but i assume we can just copy them into the asset directory before bundling 19:22:37 <sysrqb> but maybe not 19:22:45 <GeKo> yes, that could be a first step 19:22:55 <GeKo> for the final thing we have #28803 19:24:14 <sisbell> if its just putting files in assets, that will be easy 19:24:14 <GeKo> so, i think the big question to decide right now is 19:25:04 <GeKo> should we take the onion proxy library and start thinking for ui around it 19:25:17 <GeKo> or should we continue with orbot and improve its ui for our needs 19:25:36 <GeKo> i suspect the latter might be less work 19:25:44 <GeKo> but not the right solution 19:26:06 <sysrqb> yeah. my understanding is the latter is less work, but the former is better long term 19:26:17 <sisbell> There are a lot of new tools and recommendations from google for building out the UI 19:26:32 <sysrqb> we need a new UI for both 19:26:33 <sisbell> So going legacy at this point may not make as much sense 19:27:04 <sisbell> but that depends on timelines 19:27:45 <sisbell> https://developer.android.com/topic/libraries/architecture/ 19:27:58 <sisbell> There is a newer view model which is way cleaner 19:27:58 <sysrqb> ~4 weeks :) 19:28:32 <sisbell> We'd need a list of UI features and design first, so that would be pretty tight 19:28:58 <sysrqb> we're contrained by the android support library we're using, as well 19:29:20 <sysrqb> we only work on tight deadlines :) 19:29:29 <GeKo> tm 19:29:37 <sysrqb> but anyway... 19:30:00 <GeKo> how about this 19:30:17 <pili> :) 19:30:35 <sysrqb> i guess one option is we ship the first stable with orbot, and we ship the 9.0 with the onion proxy library? 19:30:49 <GeKo> sisbell: could you look at possible pt integration with the onion proxy library? 19:31:01 <sisbell> yes, I'll take a look 19:31:02 <GeKo> looking how orbot does that 19:31:14 <GeKo> and thinking about the proxy library could do it 19:31:30 <GeKo> and sysrqb and anto could work on the UI design further? 19:31:38 <GeKo> i mean we need a new UI anyway 19:31:54 <GeKo> so the waste of time in case we switched away from orbot 19:31:58 <sysrqb> yeah 19:32:04 <GeKo> could maybe minimized 19:32:15 <antonela> yes, both options will require a UI 19:32:15 <sysrqb> yep 19:32:16 <GeKo> sysrqb: i think your plan is a good fallback plan 19:32:41 <GeKo> but if it is not too hard we should try for the better option first 19:32:57 <GeKo> the good thing is 8.5 does not get out on day X 19:33:02 <GeKo> we have some leeway here 19:33:15 <sysrqb> yeah 19:34:00 <sysrqb> i'm okay with this plan 19:34:31 <GeKo> igt0: what do you think? 19:34:46 <igt0> I think it is a good plan. 19:34:57 <GeKo> sisbell: you good, too? 19:35:00 <sisbell> sounds good to me 19:35:04 <GeKo> great 19:36:11 <GeKo> sysrqb: antonela: do we need further ui discussions here or can we do this on the ticket or...? 19:36:36 <antonela> i just thought that was important to agree on what we want to build 19:36:59 <antonela> and core questions are 1. Connect button 2. No Connect button 19:37:29 <GeKo> what would the connect button entail? 19:37:37 <GeKo> like, just connect? 19:37:43 <antonela> yes 19:37:46 <GeKo> or an experience like on desktop? 19:38:19 <antonela> no 19:38:32 <GeKo> what's the point of the connect button then? 19:38:50 <antonela> https://trac.torproject.org/projects/tor/attachment/ticket/28329/mockups-1.1.png 19:39:03 <antonela> this option includes the connect button and the settings button (as a secondary one) 19:39:15 <antonela> it allows users to opt-in to connect and also to config if is needed 19:39:15 <sysrqb> from user testing, as i understand it, it seems like most people don't understand what we're asking them 19:39:33 <antonela> exactly, the desktop version has problems and i dont want to carry it to mobile 19:39:34 <sysrqb> when we give them an option for connect or configure 19:40:03 <GeKo> as long as we provide a secure alternative to mobile users that's fine with me 19:40:22 <GeKo> so what is behind "settings"? 19:40:49 <antonela> so, something we discussed in all hands is that lets do our best effort to prescind from the connect button without compromise users safety 19:41:15 <antonela> behind settings we will have Network Settings, depending on which library we will have (orbot or onion proxy) the options we will have available 19:41:34 <antonela> ideally that Network Settings aims to be close with the features we have in desktop 19:41:47 <antonela> under the same section 19:41:52 <GeKo> okay, sound good to me 19:42:12 <antonela> great, how we can do it is the next question 19:42:19 <GeKo> fwiw, i am a fan of the all hands plan :) 19:42:28 <antonela> :) 19:43:12 <GeKo> so i guess as a step in the right direction we could start with the connect/settings combo? 19:43:23 <GeKo> and see how far this gets us? 19:44:02 <GeKo> or did i misunderstand the plan? 19:44:58 <antonela> mmm i would like to think that we don't need a connect button, bootstrap automagically and think about the scenarios where tor is compromised and what is the best flow to move users to network settings in that cqse 19:45:04 <antonela> s/cqse/case 19:45:18 <GeKo> okay 19:45:45 <antonela> from product perspective, is my aim, on the tech side, you have the final word :) 19:46:28 <GeKo> i personally fear this will be a deep rabbit hole which needs quite some time to get right 19:46:42 <GeKo> especially as we want to keep our safety level 19:46:52 <antonela> okey, if this is the case, we can back to the connect button idea, but could we try? 19:47:01 <sysrqb> ideally we would create different a few different UIs and having user testing for each, see which one works best 19:47:20 <sysrqb> in particular, i'm worried we're adding a connect button simply because we don't know the correct answer 19:47:30 <GeKo> i suspect we should sit down first for that idea to enumerate all the possible scenarios we care about and what could go wrong with the new design 19:47:32 <sysrqb> but the user doesn't know the correct answer either, so they select connect anyway 19:47:38 <antonela> yes, specially for the flows which may have frictions 19:47:42 <GeKo> or do we have such an analysis somewhere already? 19:47:59 <sysrqb> but this all requries more time and research 19:48:15 <GeKo> yes, i agree 19:48:25 <GeKo> and i'd love to see this kind of testing 19:48:48 <GeKo> to get some data which could back up our reasoning and decisions 19:48:50 <antonela> this could be part of s19 i think 19:48:59 <GeKo> yes 19:49:08 <antonela> so maybe, we can do it 19:49:20 <sysrqb> but for this version, i agree we can show the connect button first 19:49:20 <antonela> what we need? an anti censorship team? haha 19:49:34 <GeKo> antonela: yes, we can do it 19:49:39 <GeKo> but the issue is time 19:49:43 <antonela> yep 19:49:54 <GeKo> s19 goes longer than march/april 19:49:58 <sysrqb> so this guarantees tor browser doesn't do anything until we know the user wants to connect 19:50:02 <GeKo> where we want to have the stable out 19:50:14 <GeKo> so this would work 19:50:22 <pili> s19 funding ends at the end of May I believe :) 19:50:31 <antonela> matt, yes lets do it 19:50:52 <antonela> lets have a connect button for this version and lets think about how we/someone can research about that 19:50:58 <sysrqb> kk:) 19:51:06 <GeKo> how about we do the connect/settings combo for 8.5 stable and start working asap on the other option for 9.0? 19:51:11 <antonela> but hey, this is temporary 19:51:13 <antonela> yes! 19:51:30 <GeKo> we could start working on this hard problem in parallel to stablizing 8.5 19:51:36 <GeKo> no need to wait until it is finally out 19:51:55 <antonela> coolio 19:51:58 <sysrqb> sounds good 19:51:59 <GeKo> okay, great, i am happy 19:52:05 <antonela> that is great 19:52:06 <antonela> hahaha 19:52:12 <GeKo> :) 19:52:35 <antonela> what else? snowflake in android is not a thing yet really? 19:52:58 <sysrqb> not yet 19:52:58 <GeKo> there is something like that made by _hc 19:53:15 <GeKo> and we are supposed to integrate that int the mobile browser :) 19:53:19 <GeKo> *into 19:53:20 <antonela> nice 19:53:27 <GeKo> as part of s19 19:53:52 <GeKo> so i wanted to look over that once we have a clear way froward with out pt story 19:54:10 <GeKo> i think _hc did the hard work 19:54:22 <GeKo> and i hope the remaining piece will be less hard 19:54:34 <GeKo> not sure if we can squeeze it into 8.5 19:54:40 <GeKo> it would be cool, for sure 19:55:02 <GeKo> but i suspect snowflake itself might need more baking time on android 19:55:07 <sysrqb> yep 19:55:09 <GeKo> so probably 9.0a1 19:55:17 <GeKo> with the aim of having it in 9.0 19:55:41 <GeKo> oO(it seems this 9.0 thing will be a great release) 19:55:53 * antonela dreams with a TB9 without tor-launcher 19:55:58 * antonela drops the bomb 19:55:59 <sysrqb> igt0: are you okay with the goals for the next alpha? 19:56:01 <sysrqb> particularly, with the ones that have your name next to them? 19:56:02 <pili> I was thinking to wait until february for the snowflake part :) 19:56:25 <pili> in fact, I was thinking of waiting until february for most of the s19 part, but we can discuss during our next team meeting 19:56:32 <igt0> sysrqb, yep, if we moved things to january, yep. End of december will be tough. 19:56:38 <pili> well, starting at least, not finishing :P 19:56:44 <GeKo> igt0: yeah, no worries 19:56:54 <antonela> #28145 19:56:58 <sysrqb> yeah, for sure 19:56:58 <sysrqb> cool 19:57:01 <sysrqb> antonela: lol 19:57:03 <antonela> i'll talk with ggus or alison to have it reviewed 19:57:03 <GeKo> aiming at mid-end january 19:57:12 <GeKo> antonela: thx 19:57:23 <igt0> yep mid january would be great 19:57:54 <GeKo> i wanted to point out at the beginning of the meeting (yes!) the parity section of pili's document 19:58:00 <antonela> the one who is going to work on #28800, when that please ping me 19:58:07 <GeKo> please add stufff that i missed 19:58:32 <GeKo> yeah, that's not decided yet 19:59:02 <GeKo> so, as a final thing so everyone has 2-3 tickets on the radar 19:59:30 <GeKo> sisbell: top prio i think is #27609 + the pt story associated with it 19:59:47 <GeKo> and for the build part #28752 and #27210 19:59:52 <sisbell> understood 20:00:04 <sisbell> I have fix for #28752 20:00:12 <sisbell> So i'll check in today 20:00:17 <GeKo> saw it, great! 20:01:08 <_hc> about snowflake on android, there are binaries now that in theory should work. 20:01:29 <sysrqb> wooo! 20:01:32 <GeKo> igt0: i guess you work on #25764 20:01:47 <igt0> yes, i am on it right now 20:01:58 <sysrqb> _hc: that's awesome 20:01:59 <_hc> the open issues are: 1) how to integrate it into things (n8fr8 is working on a first attempt there) 2) making sure its not linking to proprietary Google Play libraries 20:02:07 <GeKo> and i guess you could pick of the ned identity ticket afterwards 20:02:12 <GeKo> i.e. #28800 20:02:20 <igt0> yep, they are related 20:02:21 <GeKo> sysrqb: you are doing the rest :) 20:02:31 <sysrqb> ha. yeah :) 20:02:31 <GeKo> (just kidding) 20:02:33 <antonela> haha 20:02:49 <GeKo> but #28329 i guess? 20:02:58 <sysrqb> (mostly) 20:03:07 <sysrqb> yeah 20:03:13 <GeKo> what about or open localization things 20:03:19 <GeKo> like the fastlane stuff 20:03:23 <GeKo> *our 20:03:34 <GeKo> do you think you want to look into that? 20:03:58 <sysrqb> yeah, i'll take that too 20:04:05 <GeKo> okay, thanks. 20:04:18 <GeKo> i think that's enough work for the time being 20:04:45 <GeKo> are we good with the short and medium term plan and work assignments? 20:04:55 <antonela> yeess sounds like a plan! 20:05:11 <sisbell> yes 20:05:14 <sysrqb> yep 20:05:24 <GeKo> igt0: ? 20:05:34 <igt0> yep 20:05:39 <GeKo> \o/ 20:05:57 <pili> great! :) 20:06:01 <GeKo> thanks all then and happy mobile-improving *baf* 20:06:05 <GeKo> #endmeeting