Tor Browser team meeting notes, 8 Jan 2018 - tor-project

8 Jan 2018


      Hi!
The first Tor Browser meeting in 2018 finished about one hour ago. The
meeting notes are at:
http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-01-08-18.59.log....
And the notes from the pad are:
Monday, January 08, 2018
Discussion:
    - Tor button proposal
mcs and brade:
    Since December 18th:
        - Worked on Moat integration for Tor Launcher (#23136) and
pushed code to torproject.org repo.
        - Helped a little with bug triage.
        - Took time off for Christmas and to spend time with family.
        - Did end of 2017 stuff for our company.
    Planned for this week:
        - Work on Moat integration loose ends (#23136),
- Note that review and deployment is waiting for BridgeDB
server deployment (#24432).
- Review Igor's Torbutton proposal.
- Look at stall due to LZMA consensus diffs (#24826) and other
new tickets.
igt0:
    Did:
        - Reviewed sysrqb Orfox tor-browser branch
        - Sent tor button proposal
    Planned for this week:
        - Update proposal after comments
        - Take a look in the tor browser setting extension, we can make
it part of the tor button for mobile.
        - Look at the Fortify C extension and verify why is it disable
on firefox for android(https://bugzilla.mozilla.org/show_bug.cgi?id=1415595)
sysrqb:
    Past:
-Pushed first tor-browser branch including Orfox patches for
review (#19675)
-https://github.com/sysrqb/tor-browser/commits/tor-browser-52.5.2esr-7.5-2_at...
-Began writing proposal for tor-launcher re-write/migration for
webextensions
-This should be completed and emailed tonight
-Began reading about Firefox sandboxing and IPC
-Looked (a little) at Sandboxed Tor Browser
This week:
-Finish tor-launcher proposal and email it
-Finish investigating Firefox sandboxing on Android (why it is
disabled?)
-Read Igor's proposal
-Review comments on Orfox patches and begin making branch merge-ready
- Look at new Orfox tickets (#24753, etc) and tbb-mobile keyword
-Oh, and look at/think about
https://bugzilla.mozilla.org/show_bug.cgi?id=1415595 (enabling
FORTIFY_SOURCE on Android)
pospeselr:
Did:
- so much email
- took off the week between xmas and new-year
- researched root cause of #15599 ( Range requests used by pdfjs are
not isolated to URL bar domain )
XMLHttpRequest object derives the firstPartyDomain (and other
various attributes) from a generic nsIGlobalObject object passed in,
normally this is an nsIWindow associated somehow with the JS context,
but for the rangeRequest in the Web Worker the method used for creating
the request just passes in a generic global object associated with the
system principal (which is why we get put on the default circuit)
- investigated a couple of possible avenues to resolving via
changing: pdf.js, Web Worker code,
pdf.js : XMLHttpRequest doesn't seem to support overwriting the
firstPartyDomain via JS so dosn't seem to be much we can do here
Web Worker : actually has a copy of the firstPartyDomain and friends
associated with it, but we seem to lose the association by the time the
JS is running
This week:
- investigate how we can get the window or worker actually
associated with the running JS; comments in the code suggest there is a
way to do so, they just opted to use a generic global because it was easier
boklm:
    since december 18:
        - published the 7.5a10 release
        - worked on #24514, #23892, #23911, #24197
        - took some time off
    this week:
        - work on getting windows builds away from precise (#18691)
        - look at the Win64 nsis build issue (#23561)
        - start looking at the work for having tor-browser-nightly
updates (#18867)
arthuredelstein
Since december 18:
Took time off
Finished and posted a new revised patch for
https://trac.torproject.org/projects/tor/ticket/22343
Investigated https://trac.torproject.org/projects/tor/ticket/21805
Opened and posted a patch for
https://trac.torproject.org/projects/tor/ticket/24702
Started work on rebasing to mozilla-central for nightly rebase
This week:
Continue rebase work
Review some Mozilla bugs for the uplift team
https://trac.torproject.org/14952
GeKo
- since december 18
  * took time off (from dec 21 to jan 5 inclusive)
  * worked on the new clang toolchain
https://trac.torproject.org/projects/tor/ticket/21777
  * got STACK running with Tor Browser/Firefox
  * fought my backlog today
- this week
  * reviews
  * 7.5 release planning
  * work on the design doc update (this has to be done before 7.5 is
getting released)
  * start proposal for A2.1 of the OTF contract (security
features/button and how to show them on the toolbar)
  * generic tor browser team admin things
isabela
 - finishing sponsor4 reports
 - organizing UX and TB sync for wed (more coming via email0
 - building sponsor9 work plan (lots of user testing! related to the
work we will talk about on wed)
tjr
Have been working on Spectre/Meltdown work
Going to send an intent to implement on the canvas permission prompt
to Mozilla to gather feedback: https://github.com/w3c/permissions/issues/165
Would like to work on more MinGW build stuff; but Spectre stuff will
take priority
Georg