Tor Browser team meeting notes, 3 April 2018 - tor-project

4 Apr 2018


      Hello all!
We had another team meeting yesterday. The chat log can be found on
http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-04-03-18.59.log....
and our pad items are:
Tuesday, April 3, 2018
Discussion:
    -roadmap
(https://docs.google.com/spreadsheets/d/1joFGDiHaqlorGeXhytKakiSnWY9TqTDv5Xqm...)
    -Mozilla All Hands from the browser side
    - Wednesday's sync with UX team at 1900utc #tor-meeting - isa will
send email to the list with agenda
GeKo:
    Last Week:
        -https://bugzilla.mozilla.org/show_bug.cgi?id=1442406 (still not
done, alas)
       -#25481 (made quite some progress)
       -update to the security control redesign proposal
       -continue triaging ages old bugs
       -during my Easter holidays came up with a fix for #21537
       -prepared for IRC interviews
    This Week:
        -more IRC interviewing
        -more work on #25481
        -monthly admin stuff
        -bug triage
        -getting back to #21777
mcs and brade:
   Last week:
    - Finished patches for #25405 (cannot use Moat if a meek bridge is
configured).
    - Created an updated patch for #21850 (Update #16940 patch for e10s
(about:tbupdate)).
    - Commented on #24309 (Activity 4.1: Improve how circuits are
displayed to the user).
    - Spent a little time on #25663 (Downloaded files are corrupted).
    - Reviewed all of the updater bugs that have been fixed in Firefox
since ESR52. [I am excited about the LZMA support that landed. I wonder
about all the pieces we need to switch on our side for that, do we get
that for free? GeKo]
  This week:
    - Review the team roadmap.
    - Help with code reviews including #25126 (about:tor should work on
small screens).
    - Create tickets for some ESR60 updater-related tasks.
    - Start rebasing the Tor Browser updater patches for ESR 60.
tjr: (may not make the meeting, feeling sick)
    - Got a MinGW x64 Build going in TaskCluster:
https://bugzilla.mozilla.org/show_bug.cgi?id=1434316
    - Don't have it running. Currently messing with
--disable-install-strip to try and get usable symbols
Might be a MinGW bug
https://sourceforge.net/p/mingw-w64/mailman/mingw-w64-public/thread/CA%2BcU7...
- Have done some easy P2 Resist Fingerprinting Bugs:
        - Canvas Learn More Link in the Permission Prompt (Not uplifted
to 60. Do you want it?) [Geko: that one looks like we would be interested]
        - WebGL Debug Info - uplifted to 60
        - Spoof English Gets Reset
https://bugzilla.mozilla.org/show_bug.cgi?id=1447592 Not uplifted yet. I
have to figure out how to reproduce this, if anyone knows what they're
talking about... [I think we don't need that one uplifted, GeKo]
        - Local IP Address Leak via WebRTC (being debated, not uplifting
to 60 unless you want it) [I think this is nothing for ESR60 either for
us, GeKo]
igt0:
    Last week:
        - Took a look in the domain isolator to verify if it was
possible to make it available for the alpha release. Final Status: The
effort to make it work would be too hard since for the alpha release
           we will use the android vpn service.
        - Helped out sysrqb debugging the https-e race condition (it is
still magical for us).
        - Investigated why cloudfare captcha doesn't render the image
for Orfox users.
    This Week:
        - Keep investigating about cloudfare captcha and Firefox. Looks
like if user is behind tor and the user agent is mobile, even the
firefox desktop doesn't render the captcha image. [See my theory about
"There is no ESR 52 for Android, therefore your browser is outdated and
insecure and therefore we won't serve you content idea"? GeKo] [yep, i
am using the latest fennec useragent and it didn't work (Mozilla/5.0
(Android; Mobile; rv:59.0) Gecko/59.0 Firefox/59.0) - igt0 Aha, so we
need a different theory the, good. GeKo]
boklm:
    Last week:
- finished publishing of the new releases
- started reviewing patch for #25483 (Windows reproducible build of
snowflake)
- worked on binutils reproducibility issue (#16472)
This week:
- continue work on toolchain updates
- fix #25318 (Add Tor Browser nightly builds email notification)
- work on getting the testsuite running
sysrqb:
    Last week:
        Built Orfox (52.7.3) - still waiting for release
https://people.torproject.org/~sysrqb/Orfox-tor-browser-52.7.3esr-7.5-1.apk
Made progress on updating https-everywhere add-on (25603) - still
debugging
Started troubleshooting #25659 (race condition during add-on
installation?)
Documented some TBA roadmap items on the wiki
https://trac.torproject.org/projects/tor/wiki/org/teams/ApplicationsTeam/Tor...
Updated (a little) the Application team wiki page
https://trac.torproject.org/projects/tor/wiki/org/teams/ApplicationsTeam
This week:
      Merge Orfox https-everywhere update
      Start rebase onto mozilla-central
sysrqb: gk, what should the review process look like? Will
tor-browser.git have two new branches, one more for stable and another
for alpha? [Okay, we'll wait on the rebase done by arthur; sysrqb and
igt0 will help with the mobile parts. once done and reviewed we rebase
the resulting patches onto mozilla-central used for tor browser alpha on
mobile GeKo]
pospeselr:
Last week:
Investigation on #20283 (Tor Browser should run without a /proc
filesystem)
Got a complete list of all open and openat sys calls requesting
something in /proc in firefox and plugin_container process (for 64 bit
linux)
About 8 different scenarios found, majority of which currently
handle failure gracefully
2 instances are dead code
mozilla::ThreadStackHelper::GetThreadStackBase() is the remaining
problem (pointed out by Yawning in the bug report)
current stack address is used as a sort of heuristic in several
places in the code
seems to be ranges certain types of JS are allowed to recurse down
to (system native, system js, user js)
from what I've been able to glean, the only way to get this
information on linux is via the /proc/self/maps file (this is file
parsed by pthreads calls)
stack size is queryable via getrlimit syscall
best thing I've been able to come up with is bouncing up the rbp
register until we get an address that's out of range in order to get a
good estimate of where the stack memory map begins/ends
seems unlikely this sort of hacky bs would get upstreamed
breaks as soon as the compilation options are changed to omit frame
pointer usage (-fno-omit-frame-pointer flag is required on amd64)
I've started investigating what we would need to do to refactor FF
to not need the stack memory layout, but this seems to be a security-ish
feature?
Have not investigated whether any fstat or other file related
syscalls are called on things in /proc but easy enough to do once this
GetThreadStackBase issue is sorted
arthuredelstein:
    Last week:
        * Worked on rebasing patches to ESR60
        * Worked on FPI of permissions patch
https://bugzilla.mozilla.org/show_bug.cgi?id=1330467
        * Revising circuit display patch:
https://trac.torproject.org/projects/tor/ticket/24309
    This week:
        * Try to finish rebasing desktop patches [mcs: where are you
doing this work?] [arthur: it's on a local branch atm. Tends to get
re-ordered a lot, but I could post a snapshot if needed.] [mcs: we don't
need it yet but would be useful soon-ish; maybe let me know which
patches brade and I should work on][arthur: will do, thanks]
        * Post revised circuit display patch
        * Try to finish permissions patch, continue Save As patch
        * AFK (vacation) on Thursday and Friday
isabela:
    Final report for sponsor4 - vixe!
    Working on sponsor8 Q1 2018 report
    Reviewed all roadmap and created a tab for the things ux team is
involved and i am organizing all that on ux (stakeholders) side
    question for arthur -> this item: "Click your flag" design - I will
want it to be a test not really a feature we ship - if its related to
the 'one click solve all censorship problem'. Something like this need
to be tested well before we put it on alpha.
Georg