[tor-project] Tor Browser team meeting notes, 8 Jan 2018

Georg Koppen gk at torproject.org
Mon Jan 8 20:27:00 UTC 2018


The first Tor Browser meeting in 2018 finished about one hour ago. The
meeting notes are at:


And the notes from the pad are:

Monday, January 08, 2018

    - Tor button proposal

mcs and brade:
    Since December 18th:
        - Worked on Moat integration for Tor Launcher (#23136) and
pushed code to torproject.org repo.
        - Helped a little with bug triage.
        - Took time off for Christmas and to spend time with family.
        - Did end of 2017 stuff for our company.
    Planned for this week:
        - Work on Moat integration loose ends (#23136),

            - Note that review and deployment is waiting for BridgeDB
server deployment (#24432).

      - Review Igor's Torbutton proposal.

        - Look at stall due to LZMA consensus diffs (#24826) and other
new tickets.

        - Reviewed sysrqb Orfox tor-browser branch
        - Sent tor button proposal
    Planned for this week:
        - Update proposal after comments
        - Take a look in the tor browser setting extension, we can make
it part of the tor button for mobile.
        - Look at the Fortify C extension and verify why is it disable
on firefox for android(https://bugzilla.mozilla.org/show_bug.cgi?id=1415595)


        -Pushed first tor-browser branch including Orfox patches for
review (#19675)


    -Began writing proposal for tor-launcher re-write/migration for

    -This should be completed and emailed tonight

    -Began reading about Firefox sandboxing and IPC

    -Looked (a little) at Sandboxed Tor Browser

    This week:

    -Finish tor-launcher proposal and email it

    -Finish investigating Firefox sandboxing on Android (why it is

    -Read Igor's proposal

    -Review comments on Orfox patches and begin making branch merge-ready

    - Look at new Orfox tickets (#24753, etc) and tbb-mobile keyword

    -Oh, and look at/think about
https://bugzilla.mozilla.org/show_bug.cgi?id=1415595 (enabling



    - so much email

    - took off the week between xmas and new-year

    - researched root cause of #15599 ( Range requests used by pdfjs are
not isolated to URL bar domain )

    XMLHttpRequest object derives the firstPartyDomain (and other
various attributes) from a generic nsIGlobalObject object passed in,
normally this is an nsIWindow associated somehow with the JS context,
but for the rangeRequest in the Web Worker the method used for creating
the request just passes in a generic global object associated with the
system principal (which is why we get put on the default circuit)

    - investigated a couple of possible avenues to resolving via
changing: pdf.js, Web Worker code,

    pdf.js : XMLHttpRequest doesn't seem to support overwriting the
firstPartyDomain via JS so dosn't seem to be much we can do here

    Web Worker : actually has a copy of the firstPartyDomain and friends
associated with it, but we seem to lose the association by the time the
JS is running

    This week:

    - investigate how we can get the window or worker actually
associated with the running JS; comments in the code suggest there is a
way to do so, they just opted to use a generic global because it was easier

    since december 18:
        - published the 7.5a10 release
        - worked on #24514, #23892, #23911, #24197
        - took some time off
    this week:
        - work on getting windows builds away from precise (#18691)
        - look at the Win64 nsis build issue (#23561)
        - start looking at the work for having tor-browser-nightly
updates (#18867)


    Since december 18:

    Took time off

    Finished and posted a new revised patch for

    Investigated https://trac.torproject.org/projects/tor/ticket/21805

    Opened and posted a patch for

    Started work on rebasing to mozilla-central for nightly rebase

    This week:

    Continue rebase work

    Review some Mozilla bugs for the uplift team


- since december 18
  * took time off (from dec 21 to jan 5 inclusive)
  * worked on the new clang toolchain
  * got STACK running with Tor Browser/Firefox
  * fought my backlog today
- this week
  * reviews
  * 7.5 release planning
  * work on the design doc update (this has to be done before 7.5 is
getting released)
  * start proposal for A2.1 of the OTF contract (security
features/button and how to show them on the toolbar)
  * generic tor browser team admin things

 - finishing sponsor4 reports
 - organizing UX and TB sync for wed (more coming via email0
 - building sponsor9 work plan (lots of user testing! related to the
work we will talk about on wed)


    Have been working on Spectre/Meltdown work

    Going to send an intent to implement on the canvas permission prompt
to Mozilla to gather feedback: https://github.com/w3c/permissions/issues/165

    Would like to work on more MinGW build stuff; but Spectre stuff will
take priority


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20180108/e2ac5abf/attachment.sig>

More information about the tor-project mailing list