#tor-meeting log

14:59:26 <pili> #startmeeting S27 02/25
14:59:26 <MeetBot> Meeting started Tue Feb 25 14:59:26 2020 UTC.  The chair is pili. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:59:26 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
14:59:33 <antonela> hello!
14:59:33 <pili> hi everyone
14:59:37 <pili> who's around today? :)
14:59:41 <dgoulet> hello
14:59:49 * syverson_ is lurking.
14:59:53 <pili> here's the pad as usual: https://pad.riseup.net/p/s27-meeting-keep
15:00:04 <pili> please add any updates and discussion points to the pad
15:00:07 <brade> hi
15:00:10 <pili> just over a month to go!! :)
15:00:15 <antonela> hey syverson_ nice to see you around :)
15:00:20 <mcs> hi at all
15:00:31 <sysrqb> o/
15:00:45 <syverson_> Hi antonela (et al)
15:00:58 <asn> hello!
15:01:14 <pospeselr> o/
15:01:29 <acat> hi!
15:02:34 <pili> will give until 10 past or so for updates :)
15:04:51 <asn> syverson_: hey thanks for the email!
15:05:00 <asn> i knew it would be a fun thread the moment i saw aaron's email
15:05:12 <syverson_> :)
15:05:12 <asn> i just replied with a hopefully useful response
15:05:34 * asn wriitng status
15:05:44 <syverson_> Can't see my email while on OFTC. Will look after meeting.
15:06:17 <asn> are you using VR mode?
15:06:25 <sysrqb> :)
15:07:21 <pili> ok I think we're more or less there
15:07:31 <pili> let's start by discussing/answering some of the bolded items
15:08:02 <asn> dgoulet: u've done some hs work this week, do u think it's worht mentioning in pad?
15:08:03 <pili> and then we can review objectives and deliverables in reverse order this week (starting with O2A5 and working our way backwards)
15:08:05 <asn> so that it gets to the last report
15:08:33 <pili> here's the wiki page to have everyone on the same page regarding deliverables: https://trac.torproject.org/projects/tor/wiki/org/sponsors/Sponsor27
15:08:42 <dgoulet> asn: not really except the warning logs and analyzing freenode's logs :S
15:09:39 <asn> dgoulet: ok
15:09:44 <pili> brade/mcs: about the "Learn More" links, we're currently thinking that these should go in the tb-manual(.tpo)
15:10:34 <pili> we were going to get our outreachy intern c1e0 to look into it but this is her last week
15:10:41 <pili> so she may not get around to it
15:10:46 <arma2> (hello world, i am kind of nearby too)
15:10:51 <antonela> why tb-manual pili? why not support.tpo?
15:11:21 <pili> well, support is more about questions, right? and what is the question in that case? :)
15:11:31 <pili> and even if there is a question... it probably makes sense to point to the manual for how to use this new feature
15:11:50 <antonela> https://support.mozilla.org/en-US/kb/what-does-your-connection-is-not-secure-mean?
15:11:57 <antonela> "what does your connection is not secure means?" for example
15:12:20 <antonela> im happy to discuss it with ggus at the community meeting, tho
15:12:22 <pili> oh, sorry, I was thinking about the client auth learn more
15:12:33 <antonela> well, same?
15:12:42 <mcs> we have several “learn more” links to worry about :)
15:12:51 <antonela> yep
15:13:20 <pili> yes, for the client auth I still think it makes more sense in the manual
15:13:25 <mcs> I actually think the client auth one is more important than the onion error links.
15:13:28 <pili> for the errors support.tpo makes more sense to me
15:14:03 <sysrqb> it sounds like we don't know where the boundary is between the "tor browser manual" topics and "support portal" topics
15:14:24 <sysrqb> these do overlap between the two
15:14:26 <pili> yup
15:14:50 <pili> I still think that feature should be explained in the manual and support can point to the manual
15:15:22 <pili> I'm happy to change my mind though
15:15:30 <sysrqb> maybe there is a distinction of "why is this happening to me?" - which is support
15:15:36 <pili> sysrqb: yup
15:15:42 <sysrqb> and "how do i do this thing, or how do i do it correctly" which is manual
15:15:46 <sysrqb> "the manual"
15:16:00 <pili> mcs: when do you need the links by?
15:16:37 <pili> because we can create placeholder links easily enough
15:16:46 <sysrqb> if we want it in the next release, then this week
15:16:52 <sysrqb> or next week, at the latest
15:17:12 <mcs> pili: I would say we must have something before we ship in a stable release, although it would have been good to have them for alpha.
15:17:20 <sysrqb> otherwise it will slip to the end of march for Alpha
15:17:25 <mcs> placeholder at least would mean the browser side is ready
15:17:35 <sysrqb> yep
15:18:42 <pili> ok, let me add to websites meeting discussion and try to get some action on it this week
15:18:44 <mcs> my suggestion would be to drop the “learn more” links from the error pages for now but keep them for the client auth prefs and prompt
15:18:47 <mcs> sounds good
15:19:09 <mcs> and thanks
15:19:21 <pili> ok, let's move on then :)
15:19:32 <pili> acat: Re #21952 and meta tags
15:19:44 <pili> I haven't looked at the latest update yet, let me read quickly
15:21:29 <sysrqb> acat: have you looked at the relevant code?
15:21:43 <sysrqb> do you have a feeling about how much work that will require?
15:21:49 <pili> sysrqb: +1
15:21:56 <sysrqb> (work = time?)
15:22:28 <pili> I think it's fine to keep what we have and iterate on it outside of this project as long as we have a working solution that serves as a good start
15:22:50 <pili> as in, are we already increasing the use of onion services through redirects with the existing work?
15:22:57 <sysrqb> that's how i feel, too
15:23:08 <sysrqb> but if it is "easy", then i'll take the updated patch :)
15:23:18 <mcs> metatag support seems nice to have if it is easy though
15:23:21 <pili> yup
15:23:23 <mcs> what sysrqb said
15:23:24 <acat> sysrqb: difficult to say, but i think 2 days, but then we need new reviews and so on
15:23:29 <sysrqb> if it's not, thne we have a lot of other tickets we need to work on
15:23:39 <sysrqb> hrm
15:24:59 <sysrqb> it's sad that will likes the idea
15:25:04 <sysrqb> i mean, i like the idea, too
15:25:10 <sysrqb> *Will
15:25:27 <asn> what is the idea that will likes in tldr mode?
15:25:32 <asn> move it from http header to something html?
15:25:35 <sysrqb> but i think we shouldn't spend another 2-3 (or more days on this)
15:26:15 <sysrqb> asn: it's easy to ignore, and if you support "the thing", then you can act on it
15:26:24 <sysrqb> if you don't support it, then nothing changes
15:26:39 <sysrqb> maybe acat has a better tl;dr for it :)
15:27:13 <asn> ack got it
15:27:37 <asn> so fb puts it in its html, and tb parses it?
15:27:47 <asn> is this the first occurence of tb parsing HTML?
15:27:55 <sysrqb> yes
15:27:57 <pili> so, let's give acat 2-3 days to try to implement this and if it's looking like it will take longer we just go with what we have already?
15:28:02 <asn> sysrqb: fun
15:28:04 <pili> just to be clear what we're going to do :)
15:28:35 <pili> all agreed?
15:28:38 <sysrqb> Will also says facebook will probably never use this, but he thinks other sites are more likely to add the html
15:28:39 <acat> asn: so there are some headers that have an equivalent <meta> tag in html (see https://www.w3.org/TR/WCAG20-TECHS/H76.html)
15:28:52 <acat> i suggested doing that for onion-location
15:29:39 <acat> so that it will work either with a header or with a <meta http-equiv="onion-location" content="http://some.onion"> HTML tag
15:29:48 <asn> interesting
15:29:50 <asn> ack thx
15:31:05 <sysrqb> pili: acat: okay, let's try it
15:31:22 <pili> ok, shall we move on to review objectives?
15:31:36 <pili> or does someone have any other topics/comments before we move on to that?
15:33:21 <pili> ok
15:33:50 <pili> so let's start with O2A5: #30029
15:34:19 <pili> which is really just #28005
15:34:52 <pili> acat: I guess we need to find you some reviewers?
15:35:26 <acat> yup, i think a UX review first would be better
15:35:58 <antonela> could i have a build to play with it?
15:36:02 <pili> antonela: is that ok? how does that fit in with your other work?
15:36:25 <acat> antonela: here https://people.torproject.org/~acat/builds/28005_testbuild/
15:36:25 <antonela> i think im done with everything, i just need to review all the things now
15:36:38 <pili> and for O2A5 I believe we're also waiting on some update channels from securedrop
15:36:44 <pili> at least some test ones
15:36:58 <antonela> acat: thank you!
15:37:21 <pili> which looks like may not happen for a couple of weeks
15:37:22 <pili> at least
15:37:28 <pili> acat: are there any other blockers/dependencies for you on this item?
15:37:47 <acat> not that i can think of
15:38:12 <pili> ok, so once you have a UX review, if there are no UX revisions we will need some code review
15:38:30 <pili> sysrqb: who do you think would be good for this one, so I can add them to the ticket already
15:38:34 <sysrqb> acat: your question about rewriting .onion -> .tor.onion
15:39:00 <sysrqb> i believe that was the original plan
15:39:29 <sysrqb> but i understand a concern about it
15:39:55 <sysrqb> this also reminds me of the discussion we had ~two years ago on this topic
15:39:59 <acat> hmm true, if we need that, that would be a blocker :)
15:40:30 <sysrqb> where rewriting the address messes with tls cert verification, and any urls within the document
15:40:49 <sysrqb> if the webserver doesn't know about the rewrite and assumes everything uses the .onion address
15:41:26 <sysrqb> so maybe we should not implement that rewrite until we solve these problems
15:41:52 <acat> well, but the url rewrites here are just cosmetic, right? i mean, we just rewrite what is displayed in the urlbar
15:41:58 <sysrqb> i guess tls cert validation shouldn't be affected, because this is at a different layer
15:42:12 <sysrqb> yeah
15:42:14 <sysrqb> that's true
15:42:23 <sysrqb> i wonder if that will be confusing, though
15:42:44 <sysrqb> the url says .tor.onion and all other components remain .onion
15:42:53 <sysrqb> maybe most users wouldn't notice
15:43:22 <antonela> mmm
15:43:40 <sysrqb> okay. i'm okay with the current patch, as you described it on the ticket
15:43:57 <asn> 15:43 <+sysrqb> the url says .tor.onion and all other components remain .onion
15:43:57 <asn> 15:43 <+sysrqb> maybe most users wouldn't notice
15:44:05 <asn> can we have a "learn more" situation for the ones who do notice?
15:44:06 <sysrqb> but we can iterate on it, and modify https-e for the next version
15:44:21 <sysrqb> asn: so much learning happening :)
15:44:34 <sysrqb> asn: but, yes, i don't see why we couldn't add that
15:45:04 <brade> I disagree;
15:46:00 <brade> I don't think we should add it now.  In the long run, it is a great feature but now is not the time.  We don't have resources to write the content and it will be bad to send users to a page that isn't complete
15:46:35 <pospeselr> yeah same
15:46:44 <antonela> +1
15:46:45 <antonela> how users can learn that other components remain .onion? which other components?
15:46:48 <sysrqb> are you referring to the learn more page?
15:47:26 <brade> sysrqb: yes I was but there is also burden on UX for designing placement of "Learn More" in browser
15:47:41 <sysrqb> i didn't mean to imply we would/could add this immediately
15:47:52 <sysrqb> i only meant it is something we could technically add in the future
15:47:58 <sysrqb> sorry that wasn't clear
15:48:16 <brade> ok
15:49:13 <sysrqb> especially if this only lands in nightly for some time period
15:49:29 <sysrqb> i'm not worried about confusing people
15:49:34 <pili> ok, so we'll continue with the patch as is
15:49:43 <pili> and we still need to find 2 reviewers
15:50:14 <sysrqb> i'll be one of them
15:50:23 <pili> anything else on O2A5?
15:50:25 <pili> thanks sysrqb
15:50:34 <pili> we only have 10 minutes left in the meeting although maybe that's ok since we already discussed other deliverables last week
15:50:47 <sysrqb> brade or mcs: dcan either of you give a second review?
15:50:53 <sysrqb> *can
15:51:22 <pili> anyone else who feels they are blocked on any of their work please speak up now :)
15:51:41 <mcs> sysrqb: sure; add me and we will both look at it
15:51:55 <sysrqb> thanks
15:52:39 <pili> than you
15:52:43 <pili> *thank
15:53:22 <pili> ok, anyone else blocked on anything?
15:53:23 <pili> or any last topics for discussion?
15:54:22 <antonela> im groot
15:54:42 <sysrqb> +1
15:54:56 <antonela> secure drop is working on a big release but jenn was supportive so i think we are going to be groot with it as well
15:55:20 <pili> yup :)
15:55:56 <pili> ok
15:56:03 <pili> let's leave it there for today then
15:56:07 <pili> thanks everyone
15:56:10 <pili> #endmeeting