15:01:30 <richard> #startmeeting Tor Browser Weekly Meeting 2023-07-24 15:01:30 <MeetBot> Meeting started Mon Jul 24 15:01:30 2023 UTC. The chair is richard. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:01:30 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic. 15:01:36 <richard> the pad: https://pad.riseup.net/p/tor-tbb-keep 15:02:07 <richard> as per usual, also take this time to update/cleanup your boards/etc 15:06:02 <richard> for once I don't think I have anything to go talk about this week 15:06:43 <richard> plannning signing/releasing 13.0a1 today assuming we don't have any more builds to do 15:06:50 <PieroV> richard: today is tag day 15:07:12 <PieroV> We're publishing a version that is going to be old already ^_^ 15:07:19 <richard> our signing infra continues to see improvement, and the jump host was replaced at the end of last week, which will allow us to set up a second backup/development signing machine 15:08:02 <richard> and we're in the very last stages of reference checking the potential new android dev 15:08:21 <richard> I suspect we won't make more forward progress until next week tho since erin is afk 15:09:00 <dan_b> no worries, i have some ideas of stuff to try still going from low probability but hopefully unblocks to larger reworks that'll be a litte longer 15:09:08 <richard> and I starte the actual work of the code+issue audit last week and have since been humbled in my git understanding 15:09:47 <richard> so it looks like you have a few items PieroV, so I'll hand it off to you 15:09:52 <PieroV> Yes 15:10:03 <PieroV> First is, we have are getting tags in a few hours/tomorrow 15:10:55 <richard> seems a little early no? 15:11:02 <PieroV> But we could publish 13.0a1 anyway 15:11:14 <PieroV> richard: nope. Tags are available around a week before the release 15:11:22 <PieroV> Release is August 1st, next Tuesday 15:12:43 <PieroV> Anyway, any plan for release job distribution? 15:12:55 <PieroV> 12.5 should be an easy job 15:13:15 <PieroV> 13.0a2 should also be easyish at the moment, because most of the patches have been shuffled already 15:14:21 <richard> I can alpha is someone else can take stable 15:14:32 <PieroV> Release prep or rebase? 15:15:01 <richard> I was thinking both tbh, but we can divide it up further 15:15:33 <richard> dan_b, ma1: y'all want some more rebase/release experience? :D 15:15:42 <PieroV> ack. I can rebase, too, in case 15:15:48 <PieroV> I think dan_b should focus bootstrapping Android 15:16:03 <richard> I'm inclined to agree re: dan_b actually 15:16:14 <dan_b> ha cool, works for me 15:16:25 <ma1> I'm gonna be fully afk from 31 to 7, but whatever I can do (including Android ports with advance notice if it arrives Thurs) I'll do. 15:16:37 <PieroV> (and I can release prepare, too; I think I could also rebase alpha if before going back on tor-browser!699) 15:17:23 <richard> ok 15:17:25 <richard> how about: 15:17:30 <richard> ma1: rebase stable 15:17:33 <richard> PieoV: rebase alpha 15:17:44 <richard> and i'll release prep both? 15:17:46 <PieroV> wfm 15:17:48 <ma1> wfm 15:18:03 <richard> god damn look at that beach factor 15:18:08 <richard> alright 15:18:45 <ma1> btw, did the mar-toools certutil mismatch granted us a new a01 build? 15:19:09 <PieroV> I don't have a clue about what happened, apart from seeing a bigger header 15:19:28 <PieroV> Also, I match with ma1's build (which is strange enough, since my computer is more similar to tb-build-05 than ma1's laptop) 15:19:44 <richard> hmm 15:19:58 <boklm> on which machine was done the build that doesn't match the other two? 15:20:04 <richard> tb-build-05 right? 15:20:07 <PieroV> Yes 15:20:20 <richard> is it possible i didn't clean something up properly? 15:20:34 <PieroV> richard: can you check your mar-tools in out/firefox? 15:20:37 <richard> I only nuked the *browser/release/unsigned/13.0a1 dirs 15:21:20 <PieroV> The directory should be out/firefox/firefox-mullvad-browser-007f5b3e4faa-windows-x86_64-f20b69 15:21:29 <boklm> it's also possible that it is a reproducibility bug that only happens once in a while 15:21:31 <PieroV> If buildid doesn't match we have a possible other problem 15:21:41 <richard> one moment 15:22:47 <richard> richard@tb-build-05:~/tor-browser-build/out/firefox/firefox-mullvad-browser-007f5b3e4faa-windows-x86_64-f20b69$ sha256sum * 15:22:47 <richard> a57ab80ba14efd40185345458c47b2b1a746c0d0bd14045f36ddee5adc469ddb browser.tar.gz 15:22:47 <richard> 4fffdbd48c29f768b960b56a0351fcb18538224b199b3ba528fa4528bfd984e8 mar-tools-win64.zip 15:23:01 <richard> vOv 15:23:38 <richard> ah its the linux mar tool that don't match right 15:23:39 <PieroV> Yes, I match with this, unless I remember the wrong zip 15:24:34 <richard> ok linux: 15:24:35 <richard> richard@tb-build-05:~/tor-browser-build/out/firefox/firefox-mullvad-browser-007f5b3e4faa-linux-x86_64-bc89f5$ sha256sum * 15:24:35 <richard> 0c66dbbb087a7b6caa09a852faecc21f625e086f41ea26618e8969d9b18dc6a4 browser-debug.tar.xz 15:24:35 <richard> 7b5ed732f4f406ddcb8f15926df132268de0a371c01fc2124c04f7931800842c browser.tar.gz 15:24:35 <richard> 60ae68931d3267133f9cd567ce0ae8e8760223a55f3e2df7594d87cd464fa657 geckodriver-linux64.tar.xz 15:24:36 <richard> 84007caa31a0e84ddd1b12c90fe46451e7d7e51b3dc20ecd4c3a0a4f168b04db mar-tools-linux64.zip 15:25:01 <PieroV> I confirm same build id, but different hash on the zip 15:25:14 <ma1> yes, that's it 15:25:40 <Jeremy_Rand_36C3[m]> Have you run Diffoscope on the non-matching zips? 15:25:49 <PieroV> Jeremy_Rand_36C3[m]: yes, but it isn't great 15:26:06 <ma1> certutil & pk12util differ 15:26:16 <Jeremy_Rand_36C3[m]> Hmm. Yeah Diffoscope can be hit-or-miss 15:26:30 <PieroV> There's a slightly bigger header on one of the zip, so diffoscope is outputting a lot because everything is offsetted 15:26:31 <boklm> hmm, https://tb-build-05.torproject.org/~richard/builds/torbrowser/alpha/unsigned/13.0a1/sha256sums-unsigned-build.txt and https://people.torproject.org/~ma1/builds/torbrowser/alpha/unsigned/13.0a1/sha256sums-unsigned-build.txt look the same 15:26:56 <PieroV> boklm: it's mullvad browser 15:26:59 <boklm> ah, that's only in mullvadbrowser that it doesn't match 15:27:07 <PieroV> yes, which is even more strange 15:27:20 <PieroV> I think that we could have richard rebuild, and if that matches call it for 13.0a1 15:27:26 <ma1> might it be time based (like something we download remotely changed on the fly)? 15:27:51 <Jeremy_Rand_36C3[m]> MB is a small enough diff from TB that theoretically a Git bisect could maybe narrow it down easily? 15:28:18 <richard> they both build out of the same tor-browser-build repo tho 15:28:30 <PieroV> Jeremy_Rand_36C3[m]: it's the first official 115 build 15:28:43 <richard> and i *doubt* we have any mullvadbrowser or torbrowser patches affecting those components 15:28:48 <PieroV> But I'm quite sure we haven't touched the updater lately 15:28:49 <richard> but who knows 15:29:07 <richard> i'll re-run the build on b-build-05 and see what we get 15:29:25 <Jeremy_Rand_36C3[m]> If it's specifically affecting certutil and pk12util, my first guess would be to look for suspicious things in the NSS-specific build scripts 15:29:29 <richard> ma1/PieroV can one of you upload the mismatched artifacts if you haven't already 15:29:46 <PieroV> ack; ma1 have you? 15:29:51 <ma1> mine are all at https://people.torproject.org/~ma1/builds/ 15:29:51 <boklm> it's also strange that only linux64 build doesn't match, but linux32 build does match 15:30:00 <richard> indeed 15:30:05 <ma1> richard, ^ 15:30:11 <PieroV> Jeremy_Rand_36C3[m]: well, now that you mention it and I think of it, I've actually created a patch for using NSS for mar utils 15:30:14 <Jeremy_Rand_36C3[m]> Historically the NSS parts of Firefox have kind of done their own thing build-wise 15:30:38 <richard> HMMMM 15:30:42 <PieroV> And I've even uplifted it already (well, I've re-adapted the old patch to use NSS for mar signatures) 15:30:46 <richard> i love eating my own hat :p 15:30:48 <PieroV> But it touched the Windows + macOS parts 15:30:50 <Jeremy_Rand_36C3[m]> So it seems entirely plausible that a build script change would break reproducibility in just the NSS parts 15:32:02 <PieroV> Jeremy_Rand_36C3[m]: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_requests/759#note_2924380 15:32:22 <richard> (I've movd 13.0a1-build1 to 13.0a1-build1.bak so tb-build-05 links are now broken) 15:32:24 <PieroV> This difference is pretty strange though, richard's build is 72 byte smaller 15:33:42 <Jeremy_Rand_36C3[m]> PieroV: ELF section headers being mismatched makes me think perhaps the NSS parts of the build scripts are doing something weird with binutils compared to the Firefox build scripts 15:34:10 <Jeremy_Rand_36C3[m]> (I can't prove that, just a hunch) 15:34:43 <PieroV> I haven't touched binutils, we don't quick/known test to check what Firefox expects 15:34:48 <richard> ok nuked the relevant out/browser and out/firefox dirs and release dirs, rebuilding 15:35:18 <PieroV> I updated it to 2.39 last year, which introduced the NSIS problem ^_^; But I don't remember why I did it 15:35:19 <Jeremy_Rand_36C3[m]> I seem to recall seeing ELF header reproducibility issues with cgo a couple years ago, which I traced to a bug in how the Go compiler calls out to GNU binutils 15:35:41 <Jeremy_Rand_36C3[m]> So maybe something similar is amiss in the NSS build scripts 15:36:52 <Jeremy_Rand_36C3[m]> I could totally be on the wrong track though 15:38:07 <richard> slighty differnt track 15:38:48 <richard> ma1: can you prioritize the ope letterboxing/default window size issues 15:38:56 <richard> re defining better defaults 15:38:58 <ma1> richard, ack 15:39:41 <richard> I think Thorin has alreay done most of the background work on that, so should just be a matter of updating code w/ new and improved defaults 15:40:33 <richard> ok, is there anything else we need to discuss beyond his reproducibility problem? 15:40:42 <PieroV> Yes 15:40:52 <PieroV> What if we released debug symbols on all the platforms? 15:41:07 <PieroV> I've just tried to build a zip with Windows PDBs, and it's "only" 250MB 15:41:20 <richard> oooh 15:41:21 <PieroV> So, +0.5GB for each release, but I think it'd be worth it 15:41:29 <richard> I'm inclined to agree 15:41:32 <PieroV> And I'd enable debug symbols also on Linux 32 15:41:46 <richard> re 'why don't we ship pdbs' 15:41:55 <PieroV> I'd do something for macOS too, but I don't have a clue on how it works 15:41:57 <richard> most likely because pdbs weren't even possible until relatively recently 15:42:19 <PieroV> Well, they were already possible when I started :) I used them for my first issue here 15:42:25 <richard> jesus 15:42:27 <donuts> on the letterboxing front, there are three things I'd like to consider for 13.0 (depending on what yall think): 1. better UX/more deliberate design in general, 2. better defaults, 3. option in preferences for new windows to open in the last used letterbox size, or to select a default size, or both 15:42:32 <richard> well 'relatively' is doing a lot of work there 15:42:57 <richard> o/ morning donuts 15:43:00 <donuts> hello ^^ 15:43:06 <donuts> i am lurking and listening lol 15:43:07 <PieroV> Last thing about PDBs, then leaving the mic to donuts 15:43:32 <PieroV> I think zip is fine for symbols on Windows, but if we are concerned about size I can try xz 15:44:06 <richard> windows users (even devs) tend to be complain if we use archives other than zips 15:44:19 <richard> since zip is the only thing that windows understands w/o 3rd party software 15:44:28 <PieroV> Yep, that's why I was suggesting zip 15:44:43 <Jeremy_Rand_36C3[m]> richard: lol who are these Windows devs? Literally the first thing I do when I create a Windows VM for QA testing stuff is install 7zip 15:45:14 <PieroV> Jeremy_Rand_36C3[m]: we have an issue about making tor expert bundle available in zip again (when we extended it to other platforms we switched to gz for all of them) 15:45:17 <richard> PieroV: as part of any PDB work, can you also update the Wiki re how to use the pdbs in conjunction w/ the source tarball to setup windbg on Windows? 15:45:37 <richard> yep, tor-expert-bundle users were sad about the lack of zip distribution 15:45:49 <Jeremy_Rand_36C3[m]> PieroV: doesn't current Windows have tar anyway? 15:45:49 <richard> which meh, I'm kind of ok with a little gatekeeping there 15:45:57 <richard> since it isn't meant for normal users 15:46:12 <richard> primarily a PT distribution method I think 15:46:21 <PieroV> richard: I didn't want to launch a debug session actually :D 15:46:29 <Jeremy_Rand_36C3[m]> I mean, maybe current Windows has a broken GUI for tar, but I'm quite certain I recall using tar on Windows from PowerShell without installing it myself 15:46:45 <PieroV> I'm doing this because someone from the community might do some work for us \o/ 15:46:59 <richard> ^PieroV: that's probably a good plan too 15:47:00 <Jeremy_Rand_36C3[m]> Anyway, if users really want zip, I suppose I'm not one to argue 15:47:40 <richard> vOv 15:48:19 <richard> ok donuts, talk to us about letterboxing 15:48:36 <donuts> so yes to better defaults, 100% 15:48:39 <richard> iirc ma1 has an open MR that modifies the design of the letterbox area but i haven't built or experience it 15:48:55 <donuts> yep! it looked like it was heading in a good direction 15:49:12 <donuts> one of the changes in the design proposal was to center the content area, which ma1 was experimenting with 15:49:23 <donuts> https://www.figma.com/file/gFE1rXBMdbZGJAIdwtZ508/Tor-Browser-13.0?type=design&node-id=205%3A10697&mode=design&t=GTDhvGaKBGDCT1Px-1 15:49:28 <donuts> that could potentially be an option though 15:49:51 <donuts> the main drive here was to try and make the feature look more deliberate, and less like a bug (which most new users assume it is) 15:50:06 <donuts> on top of that, adding something to preferences would also give us a nice place to describe the feature in general 15:50:06 <ma1> I think the button/label thing would go a long way about it 15:50:42 <donuts> the maybe-slightly-controversial thing I'd also like to propose is: additional option in preferences for new windows to open in the last used letterbox size, or to select a default size, or both 15:51:04 <donuts> because the first thing I see _everyone_ do when they open a new window is to manually change the size anyway 15:51:11 <jagtalon> donuts: definitely felt like a bug when i first saw letterboxing this looks so much nicer 15:51:42 <Jeremy_Rand_36C3[m]> donuts: hmm, so I *do* frequently change the window size when I open a new window... 15:51:43 <Jeremy_Rand_36C3[m]> but 15:51:49 <ma1> I like the "remember my last letterbox size" 15:52:00 <Jeremy_Rand_36C3[m]> I usually have 2 sizes I switch between depending on what I use the window for 15:52:25 <Jeremy_Rand_36C3[m]> And "the last one I used" isn't going to help that workflow very much AFAICT 15:52:35 <donuts> also these options could be opt-out by default if we have concerns, but I think they're still worth having 15:52:58 <Jeremy_Rand_36C3[m]> Would it be possible to remember the last, say, 2-3 sizes that the user has used, and have quick buttons available for resizing to those? 15:54:11 <richard> donuts: do you have designs for these drafted yet? 15:54:12 <ma1> mmm, that wouldn't help that much I guess. If you go "by hear" you get a letterboxed (quantized) size anyway. Unless you're talking about non-letterboxed windows (which I would like to discourage as much as possible) 15:54:23 <donuts> Jeremy_Rand_36C3[m]: mmm not sure about that 15:54:34 <donuts> richard: see the figma link I posted further up 15:54:40 <richard> because we're rapidly approaching the esr102 depracation date 15:54:44 <donuts> they're also in the "explain letterboxing" ticket 15:55:00 <richard> ack 15:55:38 <richard> i meant more for the preferences portion 15:56:18 <donuts> richard: oh gotcha, I haven't visualized those yet – was interested in your feedback first 15:56:27 <donuts> but I can mock that up pretty quick 15:57:03 <donuts> I'm thinking an option to choose between centering the content vs anchoring it to the top, and the "remember my last letterbox size" at minimum 15:57:14 <richard> ack 15:57:35 <richard> i like my content anchored at the top :D 15:57:52 <donuts> yeah I imagine many existing users will prefer to keep it that way 15:57:56 <richard> i think i'm happy with the proposed changes 15:58:03 <PieroV> (timecheck) 15:58:08 <richard> oh and we're done 15:58:20 <donuts> cool ty everyone :) 15:58:25 <richard> hav ea good week everyone let's scatter before the next folks realise we're taking their room 15:58:29 <richard> #endmeeting