[tor-reports] February 2014 Report for the Tor Browser Team

Mike Perry mikeperry at torproject.org
Sun Mar 2 05:17:21 UTC 2014

In February, the Tor Browser team made two releases: 3.5.2[1] and[2], and made solid progress on a number of fronts.

TBB 3.5.2 contained many of the pending patches mentioned in last
month's status report. Notably, we fixed the update notification's arrow
positioning for right-to-left languages[3], and prevented a rare
popup/exception on "New Identity"[4]. In addition, we fixed several
fingerprinting issues, including eliminating some cases where the
browser's resolution was not being properly set to a 200x100 pixel
multiple[5], preventing automatic window resizing on Ubuntu[6], and
preventing the content window from probing/enumerating open and closed
TCP ports on the user's computer[7].

TBB was a minor pointfix release to address a localization bug
introduced due to Mozilla's changeover to a new git mirror. Mozilla's
new git mirror was not properly exporting the browser version update
commits for their releases, which prevented the non-English language
packs from installing properly for 3.5.2. This issue has been tagged as
a priority test case for future automated testing.

On the Firefox merge process front, we have now filed bugs for all of
the patches that are solid merge candidates, have attached our patches
to them for comment, and have begun discussions with relevant component
owners. Mozilla has also assigned an engineer to work with us one day a
week to assist with preparing our patches for merge, and several Mozilla
engineers are in semi-regular contact with us with respect to new code
changes that may affect us.

On our side, the interview process to select a C++ developer to help
with the merge process and other C++ work is moving forward, with
candidates currently selecting tickets and writing proposals. We have
also finalized the selection of contractors for extension development
contract work, and will be signing contracts with them shortly.

On the automation front, we have begun automatically submitting our
complete patch set to Mozilla's automated build and testing
infrastructure[8]. More work still needs to be done to ensure our
patches build and pass all tests on all of their platforms (which are
substantially more numerous and varied in terms of compiler and OS
versions than we support), and to export the results of this build and
testing process in a publicly viewable fashion.

Also on the automation front, we have begun producing nightly TBB builds
based on the very latest source code in our repositories. These builds
are currently exported to people.torproject.org[9].

At the Tor Developer meeting in Iceland, we discussed ways of improving
the team's coordination both among its full and part-time paid members,
its volunteers, and with the wider Tor community and other Tor
components. To this end, we have created dedicated mailinglists for TBB
development[10], ticket updates[11], and code commits[12]. We also
scheduled weekly IRC meetings[13], created a policy of sending build
tags and changelogs to tor-qa[14] prior to build completion, and have
agreed to work with the Tor Support/helpdesk team to track high-impact
known issues, and include these issues in the release blog posts and in
a link from the download page.

At the dev meeting, we also agreed to consolidate all of the various TBB
components in the bug tracker, discussed UI flow for pluggable transport
selection and bridge distribution, and began documenting and planning
the work involved in creating a new short user manual for inclusion in
the TBB bundles[15].

After the development meeting, we had a big push to merge all of the
pending pluggable transport mechanisms[16], user interface support[17],
and helper code[18] into the official Tor Browser repository for
3.6-beta-1. Barring any additional major bugs in the nightlies and
developer builds, we should be ready to release 3.6-beta-1 as a single
unified TBB that supports both censored and uncensored users with the
same bundle package.

3.6-beta-1 will also feature a proper MacOS DMG archive format[19],
which we hope will address one of the remaining major remaining
usability issues ("archive confusion") uncovered in a study by Greg
Norcie et al[20]. With this change, the MacOS user experience for
installation of Tor Browser should now match that of other popular MacOS
applications, such as Firefox. A screenshot from a developer build
illustrates this new installation interface[21].

Several other fixes were also merged for both 3.6-beta-1 and for the
next 3.5.x stable release, including a fix for keyboard input failure on
Ubuntu 13.10[22], a fix for a disk record leak while viewing video
content[23], a fix for a hang when downloading content from certain HTTP
server configurations[24], a fix for a localization fingerprinting
issue[25], build process and debugging improvements[26,27], and a fix to
enable the translation of Tor connectivity status and error messages in
the Tor Launcher UI[28].

In March, we will be presenting 3.6-beta-1 at RightsCon in San
Francisco[28], specifically to showcase the progress in usability
improvements that we have made in the past year, as well as the unified
circumvention bundles and configuration UI.

On March 18th, Mozilla is scheduled to do another security pointfix
release in our ESR branch, so we will be releasing an update based on
that code as soon as it is available.

We also intend to finalize the C++ interview process and award contracts
for future API work and merge process assistance.

Throughout the duration of the month, we will be working on stabilizing
3.6 for release as the next official TBB stable series, will continue
working with Mozilla, continue making progress on the deployment of the
Firefox auto-updater[30], and continue coordinating with the EFF on
HTTPS-Everywhere and the SSL Observatory.

Other high priority tasks include finalizing and merging the Windows
hardening improvements[31], improving the language in the download
warning box[32], investigating a pair of potentially related browser
hang bugs[33,34], and working with Mozilla on a patch to their test
suite to guard against future DNS leaks[35].

We will also be compiling the aforementioned known issues list with help
from support, (though it is likely to be incomplete for the a few
releases), initiating the planned bug tracker component merge and
associated triage, and will be making an effort to update the design
documentation[36] to cover 3.x, the new build process, and changes since
Firefox 17ESR.

1. https://blog.torproject.org/blog/tor-browser-352-released
2. https://blog.torproject.org/blog/tor-browser-3521-released
3. https://bugs.torproject.org/10640
4. https://bugs.torproject.org/10800
5. https://bugs.torproject.org/10095
6. https://bugs.torproject.org/9738
7. https://bugs.torproject.org/10419
8. https://github.com/boklm/tor-browser-try/
9. https://people.torproject.org/~linus/builds/
10. https://lists.torproject.org/pipermail/tbb-dev/
12. https://lists.torproject.org/pipermail/tbb-bugs/
11. https://lists.torproject.org/pipermail/tbb-commits/
13. https://lists.torproject.org/pipermail/tbb-dev/2014-February/000000.html
14. https://lists.torproject.org/pipermail/tor-qa/
15. https://trac.torproject.org/projects/tor/ticket/10974
16. https://trac.torproject.org/projects/tor/ticket/10362
17. https://trac.torproject.org/projects/tor/ticket/10418
18. https://trac.torproject.org/projects/tor/ticket/10845
19. https://trac.torproject.org/projects/tor/ticket/4261
20. http://petsymposium.org/2012/papers/hotpets12-1-usability.pdf
21. https://people.torproject.org/~mikeperry/images/TBBDMG.png
22. https://trac.torproject.org/projects/tor/ticket/9353
23. https://trac.torproject.org/projects/tor/ticket/10237
24. https://trac.torproject.org/projects/tor/ticket/9901
25. https://trac.torproject.org/projects/tor/ticket/10703
26. https://trac.torproject.org/projects/tor/ticket/10104
27. https://trac.torproject.org/projects/tor/ticket/9896
28. https://trac.torproject.org/projects/tor/ticket/10604
29. https://www.rightscon.org/
30. https://trac.torproject.org/projects/tor/ticket/4234
31. https://trac.torproject.org/projects/tor/ticket/10065
32. https://trac.torproject.org/projects/tor/ticket/7439
33. https://trac.torproject.org/projects/tor/ticket/9531
34. https://trac.torproject.org/projects/tor/ticket/10804
35. https://bugzilla.mozilla.org/show_bug.cgi?id=971153
36. https://www.torproject.org/projects/torbrowser/design/

Mike Perry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-reports/attachments/20140301/edc68692/attachment.sig>

More information about the tor-reports mailing list