[tor-project] Tor Browser team meeting notes, 7 May 2018

Georg Koppen gk at torproject.org
Mon May 7 19:34:00 UTC 2018


Hi all!

Here is another round of notes from our weekly Tor Browser meeting,
latest edition today.

The chat log can be found at

http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-05-07-17.59.log.txt

and our pad items were:


Monday May 7, 2018

Discussion:
    -meeting invites (specific meeting day one day earlier?) [GeKo: We
try to have a dedicated tor browser team day before the official team
meeting day this time and see how it goes]
    -how much should we care about nightlies being busted (build- and
function-wise) while having all the transitions to ESR-60 underway?
[GeKo: we'll update to newer toolchains starting with Linux presumably
breaking the other platoforms. I'll annouce that to tbb-dev and we'll
fix it as fast as we can. That way, we get the transition to ESR60 with
no additional effort while at least having nightlies  on Linux available
all the time]


GeKo:
    Last Week:
        -reviews and release preparations
        -finished macOS cross-compilation of rustc
(https://trac.torproject.org/projects/tor/ticket/25975)
        -started looking into updating macOS toolchain
(https://trac.torproject.org/projects/tor/ticket/24632)
        -further rebase review
(https://trac.torproject.org/projects/tor/ticket/25543)
        -made small progress on
https://bugzilla.mozilla.org/show_bug.cgi?id=1390583 (stylo build bug
for windows); still need to figure out some missing pieces
        -took 1 1/2 days off
        -Richard: How is the monthly meetup with Pari going on getting
up-to-date about issues users are facing? [GeKo: not sure, Richard will
ping Pari]
    This Week:
        -release help (signing etc.)
        -being of the month admin work (ticket keyword updates/roadmap
updates etc.)
        -finish rebase review
        -macOS toolchain update
        -start with the network code review ESR52-ESR60
        -further bug triage
        -I plan to be afk on Thursday (public holiday) and, potentially,
Friday


tjr

    RE https://trac.torproject.org/projects/tor/ticket/26019

    I think it should be possible to easily reintroduce separate
optimization settings so long as the setting exists on the JS Compartment.

    I did this for Timer Precision Reduction:
https://reviewboard.mozilla.org/r/226564/diff/10#index_header

    MinGW Work: https://bugzilla.mozilla.org/show_bug.cgi?id=1389967
[GeKo: so, you get the browser running and now are hitting the shutdown
crashes? Do you have a patch set somewhere I could try locally to bypass
the crashes I see?]

    Actually, this is in TaskCluster. Locally it seems to run (I don't
seem to be hitting the SVG Asert anymore, although I haven't changed
anything.)  I have not tried esr60 actually, this one a commit midway
through 61.

    However,
https://hg.mozilla.org/try/pushloghtml?changeset=3508e0987cd1d3822300563788787746c1e0d05a
is my patchset, of which the most important one is

    https://hg.mozilla.org/try/rev/ee28ff6445d0 to avoid runtime crashes

    More investigation is needed on my part before I feel comfortable
telling you "Yes, try it, you won't be wasting your time"


pospeselr:

    Last Week:

    - continued work on #23247 (Communicating security expectations for
.onion)

    - have a patch working in ~90% of cases

    - built test environments for various mixed-mode scenarios

    This Week

    - more #23247

    - there are a coupe of  edge cases not explicitly covered by the
google doc, will send out an email later with details

    - Arthur: one thing not accounted for with regards to this ticket is
the hanger menu off of the info/lock icon shows 'Connection is Not
Secure' and the wrong icon for https(s) onion domains

     Since you've had to mess around in there for the new onion circuit
UI, could you point me to where this rendering logic is handled?

    [Arthur writes:

    Here's where the security view and security subview are implemented
in XUL:


https://dxr.mozilla.org/mozilla-central/source/browser/components/controlcenter/content/panel.inc.xul#23


https://dxr.mozilla.org/mozilla-central/source/browser/components/controlcenter/content/panel.inc.xul#100

    A lot is done in CSS:


https://dxr.mozilla.org/mozilla-central/source/browser/themes/shared/controlcenter/panel.inc.css#180

    And I think most of the logic is here:


https://dxr.mozilla.org/mozilla-central/source/browser/base/content/browser-siteIdentity.js

    ]


mcs and brade:
  Note: To accommodate a series of family events, Kathy and I will have
limited availability for Tor work from May 16 - May 30.
  Last week:
    - Finished rebasing Tor Browser updater patches for ESR 60; tested
on Linux and Windows.
    - Spent some time thinking about #25694 (improve updater UX) and
made a comment on that ticket.
    - Participated in the UX/Tor Browser "sync" meeting.
  This week:
    - Review Matt's changes for #25750 (update Tor Launcher for ESR 60).
    - Do some testing of the revised Tor Launcher in an ESR60-based browser.
    - Follow up on some ESR60 updater loose ends.
    - File a Bugzilla bug for #25909 (disable updater telemetry)
    - Start to work on #22074 (Review Firefox Developer Docs and
Undocumented bugs since FF52esr)


igt0:
    Last Week:
        - Investigated a bit more about accessibility on Fennec(#25902).
           -  it fires events just when the Exploration by Touch feature
is enabled.
           - Exploration by Touch changes how the user interacts with
the apps and it must be enabled by the user, so IMO this bug doesn't
have a high priority.

     - Fennec is leaking the user's OS language (#26018)

        - I sent a patch to mozilla:
https://bugzilla.mozilla.org/show_bug.cgi?id=1459089

     - HLS player on Android is not using the central Proxy Selector
(#21863)

        - Sent a patch to mozilla:
https://bugzilla.mozilla.org/show_bug.cgi?id=1459420

   This Week:
       - More linkability/fingerprinting/proxy bypass investigation on
Android.

     - Tor button with 60ESR Desktop/Mobile.


sysrqb:
    Last week:
        - Patch for building Orfox (#25980)
        - Investigated using Tor-Launcher with 60ESR and put patches
in-review (#25750)
        - Merged https-everywhere update for Orfox (#25603)
    This week:
        - Return to testing TBA patches (#25741)
        - Read about igt0's investigation results on fingerprinting vectors
        - Begin designing Tor Launcher for Android
        - Pick up Bug1440789 again (upstream feature add-on support bug)

arthuredelstein:
    Last week:
        - Finished a new patch for #22343 (Save as... in the context
menu results in using the catch-all circuit)
        - Built Tor Browser releases and confirmed and signed hashes
        - Worked on getting tor-browser-build to work with rebased patches
    This week:
         - Today I will post the latest 25543 branch with updater
patches from mcs and brade)
        - Finish getting tor-browser-build branch for Linux [OS X will
wait for #9711]
        - https://bugzilla.mozilla.org/show_bug.cgi?id=1330467 (When
"privacy.firstparty.isolate" is true, double-key permissions to origin +
firstPartyDomain)
        - https://trac.torproject.org/projects/tor/ticket/25794
(Sanitize Pointer Events),
https://bugzilla.mozilla.org/show_bug.cgi?id=1363508

boklm:
    Last week:
        - helped build the new releases
        - worked on testsuite VMs setup
        - updated patches for #25817 (Add ansible scripts for setup of
nigthly build server  ) and #25318 (Add Tor Browser nightly builds email
notification) after review comments
        - made some progress on the binutils bisect to find commit
responsible for reproducibility issue in #16472 (Upgrade Binutils to 2.25+)
    This week:
        - Will be afk on Thursday and Friday
        - publishing the new releases on Wednesday
        - continue bisecting the binutils issue
        - continue work on testsuite VMs setup


Georg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20180507/5d57d630/attachment.sig>


More information about the tor-project mailing list