Hi all!
We had another Tor Browser meeting yesterday. The IRC log can be found at
http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-07-16-18.05.log....
and here come, as usual, the meeting notes from our pad:
Monday July 16, 2018
Discussion: - I think the Sandboxing Meeting is scheduled for next Tuesday 15:00 UTC? (GeKo: Yes) - We should think about possible sessions we could offer for the mexico dev meeting open days; we'll have a talk about Tor Browser 8 then (please volunteer if you want to do the talking part) but I think we are a big team with lots of things going on and we could contribute more
- mcs: some ideas: UX changes in Tor Browser 8, a design overview (aka “How is Tor Browser different from Firefox?”), sandboxing futures.
- arthuredelstein: I'd like to talk about browser privacy testing (For Tor Browser and other browsers with "Tor mode")
- Tor Browser on Github?
boklm: Last week: - reviewed #26355 (Make sure only Windows users on Windows7+ are trying to use Tor Browser based on ESR60) - reviewed #26251 (Adapt macOS snowflake compilation to new toolchain) - made patch for #26569 (Redirect pre-8.0a9 alpha users to a separate update directory) - looked with sisbell at list of things to do to integrate Tor Browser for Android into tor-browser-build and opened some tickets: #26693, #26695, #26696, #26697 This week: - on vacation
sysrqb: Last week: Investigated report of proxy-bypass (#21863) Investigated Android APK signing key (#26536) Discussed and researched some Android localization with Emma (#26536) Helped with BridgeDB things Prepared HOPE presentation slides for talking about Tor Browser, TBA, and Tor on Mobile Scheduled Sandboxed Tor Browser meeting on next Tuesday, 24 July at 15:00 UTC This week: Helping talk about Tor with high schoolers on Monday Talking at HOPE on Friday with other Tor people
tjr: - Worked on #26476 with sukbir a bunch. Currently blocked on needing to increase the file descriptor ulimit inside the container. Don't know how.
- I've tried increasing the ulimit for user account and root on the host; but it did not propagate into container.
- We know the issue is --gc-sections, we don't know why it happens to Tor and not Mozilla; we're investigating that. (It's not the sandbox or any Tor patches.)
- Jacek finished his contract: - He got --enable-stylo working: https://reviewboard.mozilla.org/r/256840/diff/1#index_header - He landed most of his patches into -esr60 - I have a few more to land for him, plus the build job - Not done for mingw-clang: --enable-sandbox, x86, debugging pdbs
- I need to investigate test failures for the x64 build, and then I can land that in esr60
- I am getting fuzzyfox reviewed, and then we could experiment with it maybe
GeKo: Last Week: -Vacation This Week: -Deal with my backlog -Help with the mobile alpha release as needed -Finish investigating Stylo related reproducibility issues on macOS (#26475) -Continue network review (#22176) -reminder to do the status: updates at least daily -reviews -Is there anything anybody needs from me urgently? (igt0: Not urgent, however I believe #26401 has high priority) (GeKo: Yes, I finish my comments tomorrow)
pospeselr: patch for #26456 (HTTP onion sites inheriting HTTPS certs) could use a review (GeKo: that's on my list for tomorrow, too) Last Week (s):
- found a potential solution for #26540 (pdfjs FPI violations) and have a patch up
little janky, people should definitely take a look at it
- needs to be tweaked for multi-process (ie browser.tabs.autostart = true)
- medical stuff
- took care of a bunch of moving related bs
This Week:
- partial vacation in Portland this week, working mornings in cafes
- fixup #26540 patch
- #25555 looks like interesting, so I'll grab that one (reimpleent Optimisitc SOCKS feature)
Next Week:
- moving apartments (hopefully) on the 24th, I'm sure there will be tons of problems to deal with/people to yell at but we'll see
igt0: Last Week:
- Took a look in the tor browser settings: #26574
- Fixed a typo in the mobile addon handler: #26704
- Tested torbutton functionalities on mobile: domain isolator, dragDropFilter, content-policy
- meeting about TBA release
This week:
- More preparation for TBA release
arthuredelstein: Last Week:
- Patches for:
#26590 (SVG isn't blocked in Safest security setting with 8.0a9)
#26603 (remove obsolete http pipelining prefs)
#26353 (speculative connect violating FPI)
#26237 (fix ordering of toolbar)
- Investigated:
#18598 (disabled WebSpeech by default)
#16339 (ensure ImageCapture API is disabled)
- Proposed #26765 (Add Tor Browser indicator where Firefox PB indicator is)
- Worked on my HTTP2 patch #14592, in progress
This week:
- Keep working on #14952
- More fingerprinting / ff60esr patches
Following week:
- I will be on vacation week July 23 - 27.
Am I the only one who finds this sandstorm document very hard to use? Wondering if I'm doing something wrong or if we could switch to an etherpad. (GeKo: There are more folks that seem to apply workarounds. Let's resume this discussion once everyone was able to think about it)
sisbell:
Last Week:
Got android and build dependencies in build container for RBM build
Added stretch for containers
This Week:
Get Android license acceptance working in build
Get mach build commands working on container build
sukhe:
Last Week:
- I am still working on #26476 (crash on Windows) with tjr and #12968 (HEASLR). Picked up #26251 (Snowflake) again.
- Since these all are blocking currently, is there anything else I can focus on in the meantime? (GeKo: Yes, #25485 would be helpful)
This Week:
- Continue the above and find something else to work on based on "Last Week"
isabela: - request (about TBA release)
Georg
tor-project@lists.torproject.org