[tor-project] Tor Browser team meeting notes, 23 July 2018

Georg Koppen gk at torproject.org
Tue Jul 24 09:45:00 UTC 2018


Below are the notes from our latest Tor Browser meeting. As usual the
IRC log can be found at meetbot.debian.org:


The notes from our pad are:

Tor Browser Meeting Notes

Monday July 23, 2018
   -I [tjr] read through the Hacking document. Had a few observations:
        "For historical reasons, Tor Browser tickets are spread across
several Trac components: "Tor bundles/installation", "TorBrowserButton",
"Firefox Patch Issues", and "Tor Launcher". We are considering
consolidating many of these components and switching to keywords
instead, but that hasn't happened yet."
        I don't think this is still true?

    Maybe we could move Orfox/Orbot to another page? [GeKo: I'll open a
ticket for restructuring the Hacking document]

    when a new nightly build is available on
‚Äčhttps://people.torproject.org/~linus/builds/.  <- I don't think this is
active anymore?

    [boklm: ah yes, this part of the page (about QA and Testing) needs
some updates][GeKo: I'll open a ticket for this item]

 -How do we want to use Github (if at all)? [GeKo: I'll think a bit more
about it and then wil write a mail later this week as reply to Isa
getting the discussion started on the mailing list taking into account
what we discussed during the meeting]
 -Moving away from storm to some etherpad for meeting notes? [GeKo:
We'll decide that next week when Arthur is back]
 - Sandboxing meeting: what should we prepare? Any agenda? (Did I miss it?)

mcs and brade:
  Last week:
    - Finished reviewing undocumented bugs since FF52esr for #22074.
    - Debugged and created a workaround for #26514 (intermittent updater
failures on Win64 (Error 19)).
    - Tried to test Snowflake on macOS 10.9 for #26251 (Adapt macOS
snowflake compilation).
       - Got sidelined due to #26876 (tor.real fails to start on macOS
    - Helped with triage of incoming tickets.
    - Reviewed a couple of patches:
       - #26603 (remove obsolete HTTP pipelining prefs)
       - #26353 (First request goes over catch-all circuit)
  This week:
    - Prepare for and attend sandboxing futures meeting.
    - Start on #25695: Activity 5.1: Redesign Tor Browser homepage
    - Review our notes from #22074 (undocumented bugs since FF52esr) and
file additional tickets if necessary.
    - Get back to #26381 (about:tor page does not load on first start in
localized Windows bundle)
    - After the Tor Browser nightly builds include the network team's
fix for #26876, do some testing for #26251 (Adapt macOS snowflake
compilation to new toolchain).

    Moving house tomorrow  and Tuesday so won't be in the meeting
    Won't have internet installed until *sometime* on Wednesday
    Last week:
        - Portland
        - #26540 patch works now (pdfjs range-based request first party
        - failed to reproduce windows DNS leak we got email'd about
        - fixed up #26456 patch and ran automated try server tests to
verify changes don't break anything (haven't had a chance to look at
results yet)
    This Week:
        - moving

      - #21785 (storage api)

      -  #tbbfingerprinting

    Note: currently traveling to PETS so I will be missing second half
of the meeting (after 18:30 UTC)
    Last week:
        - vacation
    This week:
        - finish dealing with backlog
        - attending PETS
        - can help with building a new alpha if we want to do one this
week [GeKo: Not this week, but hopefully next week]
        - fill binutils ticket


    - More #26476 work. I have reduced even more differences between the
two toolchains, still crashes.

    - Confirmed that the TC build runs though:

    - Confusingly though, if I remove --disable-maintenance-service I
get a NSS build error....  If nothing else gives me a result I guess
I'll dig into that more

    - I'm getting pushback on landing required NSS patches into
-esr60... so I am delaying pushing back on that until I have more ducks
in a row regarding tests running [GeKo: What are we talking about here?
And what would be the impact if we don't get those patches landed? I
wonder if we could cope with that and maybe it would be more useful to
focus on getting nightlies with mingw-w64 running again?] [tjr: The
impact would be that we can't get the gcc or clang MinGW builds running
in ESR branch. I have been focusing on that rather than mingw-clang on
-central.] [GeKo: Well, RyanVM told me a while ago, that tests for
mingw-w64 are running (to catch regressions due to security bugfixes
etc. so, I was under the impression that there are things running on
ESR60 for us, even it is not exactly what we ship, hence my
question][tjr: esr60 is running the x86 build only. I forgot about that.
These NSS patches are holding up the x64 build and tests (assuming I can
the damn tests fixed for whatever else is breaking them).] [GeKo: Okay,
the plan here is to let the 32bit esr60 on Mozilla's infrastructure and
the manual 64bit testing before release be enough and focus on
mozilla-central again instead]

    - But that is going slowly/hard to allocate time for

    - This is holding up landing the build jobs for x64 or mingw-clang

    - I don't think the mingw-clang build (with stylo) is as stable as
Jacek thinks it is [GeKo: Why not? Any bug reports/pointers?][tjr: I
don't know anything more than "I tried to run it and it didn't always
start for me, or stay running. Haven't investigated, or compared
with/without stylo or asked Jacek.]

    - A few other outstanding issues for MinGW:

    - jemalloc on mingw-gcc (This is a shame, because it means Tor
Browser will be lacking exploit mitigations)

    - mingw-clang sandbox

    Last week:
        Received good feedback on TBA/Orfox rebased patches (26401) and
worked on revisions
        Attended HOPE
        Spoke at HOPE
        Contributed to joint statement against white
nationalists/fascists at HOPE and in our spaces
        Talked with some people about sandboxing Tor Browser
    This week:
        Finish 26401
        Read Isa's sponsor 8 mail and respond
        Sandboxing meeting tomorrow at 15:00 UTC
        Review igt0's torbutton modification for mobile

    Last Week:
        Android toolchain + licenses working in RBM
        Worked on getting arm target working on Rust (nearly complete)
    This week:
        Complete arm target on rust
        Working browser on Android
        Create branch for public review
        Cleanup build changes

    Last week:
        -coped with my backlog
        -bunch of reviews (most importantly, and most time-consuming the
one for #26401; then #26590, #26795, #26477, #26569, #26216, #9145, #25485)
        -worked further on #26475 (there might be light on the end of
the tunnel due to alex's last comment  given that I can already feel
glandium's "this-drives-me-crazy" mentioned in
https://github.com/rust-lang/rust/issues/52044. Thus the bug has to be
the same. :) )
        -helped with Sponsor8 reporting (sysrqb, igt0: please add items
I forgot, see tbb-dev mail) [sysrqb: yes!]
        -worked a bit on #26628 (backporting an Origin Attributes bug
that could lead to browser crashes)
        -looked a bit a proxy bypasses on mobile and resumed network
code review (#22176)
        -looked over remaining UX issues for both mobile and desktop alphas
    This week:
        -finally tracking down #26475 and hopefully finding a fix for it
        -more reviews
        -more network code review (#22176)
        -I need someone looking at #26874 (pospeselr can you do that?)
and I need someone working on the onboarding part (#25695) (mcs/brade
could you do that); sysrqb, igt0: who has #25696 on his plate? [sysrqb:
I can put it on my plate, unless igt0 wants it] [igt0: either way is fine]
        -PSA: I have to be AFK from 8/2-8/12, alas (this is one of the
things I could not postpone as the planning for it where already done
before Mozilla moved the ESR release, I am sorry for that)

    Last week:
        - Tried to make the preferences.xul work on mobile, started to
migrate the code to xhtml (#26884)
        - Investigated how the onboarding works on  android and reviewed
#25696 (Design of alpha onboarding for Tor Browser for Android)
        - Investigated about MAR on android. (Firefox team never used it)
    This Week:
        - Finish #26884
        - Review again #26401

        Last Week:
        - I continue with  #26476 (crash on Windows) with tjr, #12968
        - I have given up on up #26251 (Snowflake) again. I am going to wait
          for the mingw-w64/clang builds perhaps.
        - Worked on #25485; waiting for more discussion to finalize
    This Week:
        - Continue the above tickets unless something comes up.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20180724/c7c39776/attachment.sig>

More information about the tor-project mailing list