Security/Meetings/2011-07-13
From MozillaWiki
Contents
Mobile
- what can you do to help mobile?
- I can haz tablet? --> file an IT bug to get one.
- Woot has a deal today on a Xoom http://www.woot.com/ (refurbed)
- Lucas would like everyone to have a device and give a heads up on what they are doing for mobile
- I can haz tablet? --> file an IT bug to get one.
Blackhat
https://intranet.mozilla.org/ConferencesSchedule/Blackhat2011
- Hotel reservations can only be changed by chofmann
- Keeler is up in the air about BH travel/hotel
- Ricardo is set, just got his flight
- Dan needs a flight
- Pajama "milk & cookies" party will happen if engagement organizes it
- Room is reserved
- With so many Mozillians going to BH, we want to avoid everyone being at the party at once. update wiki with hours you can make it to milk & cookies, 10 or so at a time
- Schedule limo / hired car for those arriving at same time in LAS
Curtis
- Curtis PTO rest of this week
- Curtis will be back in town after blackhat
New Radar for security reviews
- https://wiki.mozilla.org/Security/Radar
- based on feature pages
- to keep track of things we want to work on
- tables are colored
- request for feedback
- right data? will this work?
- Item must be on the feature page to show up on radar, otherwise Curtis has to manually add it
- Assuming "not assigned to a release" means "far in the future" is sketchy. For example, "10.7 support" isn't assigned to a release but it's happening now.
- dria is working on improving feature pages, adding items
- feature page isn't used much outside of Firefox / mobile
- identity / thunderbird/ services need to use feature page more
Using feature pages
- If you want a feature to happen use the Create new feature page (don't just file a bug)
- To get it on the security roadmap, email Lucas
- To get it on the privacy roadmap, email Sid
Services coordination
- Lucas had discussion with mcoates, jim cook, todd
- we need a single template, model, security contact
- consistency between the teams
- the goal is to not duplicate work between the teams
- we need to keep working with the teams to push forward this model
identity
- progressing to staging
- mozid.org? is setup now for experiment
- not much on client side security yet
- creating jetpack to make verified e-mail easier
- not even prototyped
- Sid will bring it up again when it happens
UK Working Group Meeting on Cookie Directive
- Context: http://www.bbc.co.uk/news/technology-13541250
- Browser makers & UK gov't gathering to talk about the new cookie law
- not sure what will come of it.
Mobile/ARM fuzzing
- mobile fuzzing with e10s
- target ARM specific code may have highest ROI
- automation testing on tegra / mobile is still difficult
- has gotten slightly easier due to newer devices not requiring a device to be root'd
- Fennec-specific code
- Currently includes all the multi-process stuff
- Easier to test on desktop
- ARM-specific code
- Codecs: theora, webm? (not sure if supported on android yet)
- JavaScript Engine
- Android widgets & graphics
- ian will contact desktop guys to see if they have cycles for mobile testing/fuzzing
- get tegras to christian holler / christoph diehl?
- file a bug
- emulators?
- Emulators have trouble with gpu code, won't be the same as actual device
- qemu? or ARM simulator. translation vs emulation