Hi all!
Here is another round of notes from our weekly Tor Browser meeting, latest edition today.
The chat log can be found at
http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-05-07-17.59.log....
and our pad items were:
Monday May 7, 2018
Discussion: -meeting invites (specific meeting day one day earlier?) [GeKo: We try to have a dedicated tor browser team day before the official team meeting day this time and see how it goes] -how much should we care about nightlies being busted (build- and function-wise) while having all the transitions to ESR-60 underway? [GeKo: we'll update to newer toolchains starting with Linux presumably breaking the other platoforms. I'll annouce that to tbb-dev and we'll fix it as fast as we can. That way, we get the transition to ESR60 with no additional effort while at least having nightlies on Linux available all the time]
GeKo: Last Week: -reviews and release preparations -finished macOS cross-compilation of rustc (https://trac.torproject.org/projects/tor/ticket/25975) -started looking into updating macOS toolchain (https://trac.torproject.org/projects/tor/ticket/24632) -further rebase review (https://trac.torproject.org/projects/tor/ticket/25543) -made small progress on https://bugzilla.mozilla.org/show_bug.cgi?id=1390583 (stylo build bug for windows); still need to figure out some missing pieces -took 1 1/2 days off -Richard: How is the monthly meetup with Pari going on getting up-to-date about issues users are facing? [GeKo: not sure, Richard will ping Pari] This Week: -release help (signing etc.) -being of the month admin work (ticket keyword updates/roadmap updates etc.) -finish rebase review -macOS toolchain update -start with the network code review ESR52-ESR60 -further bug triage -I plan to be afk on Thursday (public holiday) and, potentially, Friday
tjr
RE https://trac.torproject.org/projects/tor/ticket/26019
I think it should be possible to easily reintroduce separate optimization settings so long as the setting exists on the JS Compartment.
I did this for Timer Precision Reduction: https://reviewboard.mozilla.org/r/226564/diff/10#index_header
MinGW Work: https://bugzilla.mozilla.org/show_bug.cgi?id=1389967 [GeKo: so, you get the browser running and now are hitting the shutdown crashes? Do you have a patch set somewhere I could try locally to bypass the crashes I see?]
Actually, this is in TaskCluster. Locally it seems to run (I don't seem to be hitting the SVG Asert anymore, although I haven't changed anything.) I have not tried esr60 actually, this one a commit midway through 61.
However, https://hg.mozilla.org/try/pushloghtml?changeset=3508e0987cd1d38223005637887... is my patchset, of which the most important one is
https://hg.mozilla.org/try/rev/ee28ff6445d0 to avoid runtime crashes
More investigation is needed on my part before I feel comfortable telling you "Yes, try it, you won't be wasting your time"
pospeselr:
Last Week:
- continued work on #23247 (Communicating security expectations for .onion)
- have a patch working in ~90% of cases
- built test environments for various mixed-mode scenarios
This Week
- more #23247
- there are a coupe of edge cases not explicitly covered by the google doc, will send out an email later with details
- Arthur: one thing not accounted for with regards to this ticket is the hanger menu off of the info/lock icon shows 'Connection is Not Secure' and the wrong icon for https(s) onion domains
Since you've had to mess around in there for the new onion circuit UI, could you point me to where this rendering logic is handled?
[Arthur writes:
Here's where the security view and security subview are implemented in XUL:
https://dxr.mozilla.org/mozilla-central/source/browser/components/controlcen...
https://dxr.mozilla.org/mozilla-central/source/browser/components/controlcen...
A lot is done in CSS:
https://dxr.mozilla.org/mozilla-central/source/browser/themes/shared/control...
And I think most of the logic is here:
https://dxr.mozilla.org/mozilla-central/source/browser/base/content/browser-...
]
mcs and brade: Note: To accommodate a series of family events, Kathy and I will have limited availability for Tor work from May 16 - May 30. Last week: - Finished rebasing Tor Browser updater patches for ESR 60; tested on Linux and Windows. - Spent some time thinking about #25694 (improve updater UX) and made a comment on that ticket. - Participated in the UX/Tor Browser "sync" meeting. This week: - Review Matt's changes for #25750 (update Tor Launcher for ESR 60). - Do some testing of the revised Tor Launcher in an ESR60-based browser. - Follow up on some ESR60 updater loose ends. - File a Bugzilla bug for #25909 (disable updater telemetry) - Start to work on #22074 (Review Firefox Developer Docs and Undocumented bugs since FF52esr)
igt0: Last Week: - Investigated a bit more about accessibility on Fennec(#25902). - it fires events just when the Exploration by Touch feature is enabled. - Exploration by Touch changes how the user interacts with the apps and it must be enabled by the user, so IMO this bug doesn't have a high priority.
- Fennec is leaking the user's OS language (#26018)
- I sent a patch to mozilla: https://bugzilla.mozilla.org/show_bug.cgi?id=1459089
- HLS player on Android is not using the central Proxy Selector (#21863)
- Sent a patch to mozilla: https://bugzilla.mozilla.org/show_bug.cgi?id=1459420
This Week: - More linkability/fingerprinting/proxy bypass investigation on Android.
- Tor button with 60ESR Desktop/Mobile.
sysrqb: Last week: - Patch for building Orfox (#25980) - Investigated using Tor-Launcher with 60ESR and put patches in-review (#25750) - Merged https-everywhere update for Orfox (#25603) This week: - Return to testing TBA patches (#25741) - Read about igt0's investigation results on fingerprinting vectors - Begin designing Tor Launcher for Android - Pick up Bug1440789 again (upstream feature add-on support bug)
arthuredelstein: Last week: - Finished a new patch for #22343 (Save as... in the context menu results in using the catch-all circuit) - Built Tor Browser releases and confirmed and signed hashes - Worked on getting tor-browser-build to work with rebased patches This week: - Today I will post the latest 25543 branch with updater patches from mcs and brade) - Finish getting tor-browser-build branch for Linux [OS X will wait for #9711] - https://bugzilla.mozilla.org/show_bug.cgi?id=1330467 (When "privacy.firstparty.isolate" is true, double-key permissions to origin + firstPartyDomain) - https://trac.torproject.org/projects/tor/ticket/25794 (Sanitize Pointer Events), https://bugzilla.mozilla.org/show_bug.cgi?id=1363508
boklm: Last week: - helped build the new releases - worked on testsuite VMs setup - updated patches for #25817 (Add ansible scripts for setup of nigthly build server ) and #25318 (Add Tor Browser nightly builds email notification) after review comments - made some progress on the binutils bisect to find commit responsible for reproducibility issue in #16472 (Upgrade Binutils to 2.25+) This week: - Will be afk on Thursday and Friday - publishing the new releases on Wednesday - continue bisecting the binutils issue - continue work on testsuite VMs setup
Georg