[tor-project] Tor Browser Team Meeting Notes, 04 November 2019
Matthew Finkel
sysrqb at torproject.org
Tue Nov 12 17:04:14 UTC 2019
Hello!
It seems I didn't sent this last week. Here are the meeting notes from
last Monday's meeting:
http://meetbot.debian.net/tor-meeting2/2019/tor-meeting2.2019-11-04-18.29.log.txt
During the meeting we mostly discussed our priorities for November.
Below are the notes from our meeting pad:
Discussions:
Status of 68esr rebasing tickets - #30429 and #31010 (GeKo: we are
close at least for #30429; I wanted to have a last look over them before
closing but am distracted by other work :( #30429 at least should get
done this week, though))
Do we need #31650 (pre-crunch and pre-strip PNG in
tor-service-android to make it reproducible)?
sysrqb:
Last week:
Release prep
Fixed locale-selector crash #32343 (boklm, thanks for providing
a better patch)
obfs4proxy incompatibility with Android O (#32303)
Reviewed torrc cleanup on Android #30552
Reviewed BridgesList Preferences is an overloaded field #30501
Tweaked EOY campaign patch for mobile #30783
This week:
9.0.1/9.5a2 Releases
Finish patch for #32303
Follow up on #31915 patch uplift
OTF proposal
Fastlane support #26844
pospeselr:
Last week:
- #32220 prototyping (letter-boxing white borders)
- working on patch which adds a border around the page
content, and sets the margin to the color of the chrome background to
indicate the margin is not part of the content (and varies with theme)
- 9.0.1 build
This week:
- finish up #32220, one remaining outstanding issue: newly
created windows do not have enough space to fit the browser element
without letter-boxing
- start work on exposing an option in about:preferences to
toggle letter-boxing (#32325)
- investigate #32308 (letter-boxing jiggling on window resize)
Jeremy Rand:
Last week:
- #19859: Ready for review.
- Stream isolation with Namecoin now fully works across the full
stack.
- Audited Electrum-NMC for proxy leaks; no leaks were detected.
- Not surprising, since Electrum is used in Tails and
Whonix, so presumably they would have noticed already if there were
proxy leaks.
- I also open-sourced my proxy leak detector that I
originally wrote for my master's thesis 2 years ago; I'll probably post
a link on the tor-dev mailing list since it might be interesting for the
Tor community. https://github.com/JeremyRand/heteronculous
This week:
- Main thing left on my end: clean up Git history of
Electrum-NMC stable 3.3.8 branch, tag an Electrum-NMC nc3.3.8 release,
make tor-browser-build use that Electrum-NMC tag.
- Remaining things that might be worth doing (which of these, if
any, are blockers for merging Namecoin support to nightly with Namecoin
disabled by default?):
- Properly handle some AuxPoW edge cases
- These edge cases mainly fall into the category
"Someone with large amounts of hashrate might be able to make 1 block
appear as 2 blocks, until someone else mines a block on top of the real
one", and similar attacks that are highly expensive and accomplish
virtually nothing attack-wise. Obviously worth fixing, but IMHO it's
not something that warrants blocking a nightly merge.
- Disable punycode/IDN's in the .bit TLD to prevent
homograph attacks
- In the DNS world, registries are supposed to prevent
homograph registrations; Namecoin treats registrations as binary blobs
without regard to Unicode, so Namecoin can't easily prevent homographs.
Long-term we should try to find a safe way to allow IDN's, but
short-term we should just disable punycode/IDN's from being looked up in
ncdns. IMHO disabling punycode/IDN's isn't worth blocking a nightly
merge, since it only affects users who have opted into Namecoin by both
enabling Namecoin via env var and navigated to a .bit site in the URL
bar.
- Stop hardcoding username/password/port for Electrum-NMC
RPC interface, use random instead
- Main reason why Electrum-NMC password-protects the RPC
interface is to prevent theft of coins/names. But the Electrum-NMC
instance in Tor Browser doesn't have the wallet enabled, so this is
mostly a moot point. Accessing the RPC interface *would* allow opening
connections with arbitrary stream isolation data... but that's also true
of the Tor SOCKS port, which is unauthenticated. AFAIK Tor Browser
doesn't allow websites to access localhost via AJAX and similar stuff,
so this seems like a pretty minimal attack risk. So IMHO it's not worth
blocking a nightly merge. Long-term we should definitely switch to
cookie authentication for the Electrum-NMC RPC port.
- Audit build reproducibility
- In theory everything should be reproducible (it all
builds in rbm and I've tried to follow best practices for rbm usage),
but there may be issues since I haven't carefully tested for
reproducibility (e.g. I've filed a few Go-related reproducibility bugs
on Trac that might or might not affect things here). Is audited
reproducibility considered a blocker for nightly, or just for
alpha/stable? (I have no idea what the policies are for this; I'll
follow whatever policies you have in this area.)
mcs and brade:
Last week:
- Sponsor 27 work: #30237 (v3 onion services client auth).
- rebased patches for ESR68/Tor Browser 9.
- worked on loose ends.
- Reviewed some patches.
This week/upcoming:
- #30237 (v3 onion services client auth).
- Provide updated biographical info to Al for use in proposals.
acat:
Last week:
- Finish fixing #27604: Relocating the Tor Browser directory is
broken with Tor Browser 8
- Landed https://bugzilla.mozilla.org/show_bug.cgi?id=1581537.
[Browser UI locale is leaked in several ways]
- Checked #32255: Missing ORIGIN header breaks CORS in Tor
Browser 9.0
This week:
- #23719: Make sure WebExtensions are spared from JIT disabling
in higher security settings (Medium-High)
- #21952 - Onion-location: increasing the use of onion services
through automatic redirects and aliasing
- send updated resume to Al for OTF proposal.
tjr:
- Working on bumping to clang-9 in -central.
- clang-10-trunk just had CFG support land, maybe worth
investigating bumping to that
sisbell:
Last Week:
-#30552/#30501/30767: Made changes to TOPL code based in feedback,
various code changes to improve readability, additional unit tests, bug
fixes
- #31130 - Android tor Debian - solved the Java installation issue
which was main barrier to completion, Next will upgrade https-everywhere
to buster
- #31922 - ApkTool - made changes to config (will be able to test once
I complete #31130)
This week:’
- #31130: Upgrade https-everywhere to buster and then test final apk
- #31922: ApkTool test using Debian version
- #30501: Code integration changes to tor-android-service, migration
code for different fields
pili:
Last week:
- Catching up from MozFest
- Browser proposal for transition away from ESRs
- end of month admin and roadmap gardening
This week:
- Sponsor 44 report
- Start of month roadmap planning
GeKo:
Last week
- release prep
- reviews (#27309, #32342, #32184, #27604, #32188, #30783,
#32220, #28745)
- small patches for the release (mainly backports): #32321,
#32318, #32250
- work on #27268 (while reviewing #28745)
- #32053 (macOS reproducibility issue); made small steps in
the right direction but we are still not there :(
This week:
- #32053
- #31597
- finish #30429
- look at/finish #31010
- work on setting up the Android signing (token)
boklm:
Last week:
- helped with building new releases
- Continued investigating reproducibility issues (#32052 and
#32053)
- Helped with fix for #32342
- Rebased patch for #30334 (build_go_lib for executables)
This week:
- Help with publishing of new releases
- Work on #18867 (Ship auto-updates for Tor Browser nightly
channel) and sub-tickets
- Test/review rebased patch for #30334 (build_go_lib for
executables)
- Matt
More information about the tor-project
mailing list