Security/Meetings/2011-07-13: Difference between revisions
Jump to navigation
Jump to search
(Created page with "== Agenda == * Mobile/ARM fuzzing [imelven] * New Radar - feedback requested [curtisk] * Services Coordination [Lucas] * Identity update [Sid] * Using Feature Pages [Sid / L...") |
No edit summary |
||
| (3 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
== | == Mobile == | ||
* | * what can you do to help mobile? | ||
* New Radar | ** I can haz tablet? --> file an IT bug to get one. | ||
* | *** Woot has a deal today on a Xoom http://www.woot.com/ (refurbed) | ||
* | ** Lucas would like everyone to have a device and give a heads up on what they are doing for mobile | ||
* | == Blackhat == | ||
* UK Meeting on Cookie Directive | https://intranet.mozilla.org/ConferencesSchedule/Blackhat2011 | ||
** Hotel reservations can only be changed by chofmann | |||
== | * Keeler is up in the air about BH travel/hotel | ||
* Ricardo is set, just got his flight | |||
* Dan needs a flight | |||
* Pajama "milk & cookies" party will happen if engagement organizes it | |||
** Room is reserved | |||
** With so many Mozillians going to BH, we want to avoid everyone being at the party at once. update wiki with hours you can make it to milk & cookies, 10 or so at a time | |||
** Schedule limo / hired car for those arriving at same time in LAS | |||
== Curtis == | |||
*Curtis PTO rest of this week | |||
*Curtis will be back in town after blackhat | |||
== New Radar for security reviews == | |||
* https://wiki.mozilla.org/Security/Radar | |||
* based on feature pages | |||
* to keep track of things we want to work on | |||
* tables are colored | |||
* request for feedback | |||
** right data? will this work? | |||
** Item must be on the feature page to show up on radar, otherwise Curtis has to manually add it | |||
** Assuming "not assigned to a release" means "far in the future" is sketchy. For example, "10.7 support" isn't assigned to a release but it's happening now. | |||
* dria is working on improving feature pages, adding items | |||
* feature page isn't used much outside of Firefox / mobile | |||
** identity / thunderbird/ services need to use feature page more | |||
== Using feature pages == | |||
* If you want a feature to happen use the [https://wiki.mozilla.org/Features/Create_new Create new feature page] (don't just file a bug) | |||
** To get it on the security roadmap, email Lucas | |||
** To get it on the privacy roadmap, email Sid | |||
== Services coordination == | |||
* Lucas had discussion with mcoates, jim cook, todd | |||
* we need a single template, model, security contact | |||
** consistency between the teams | |||
* the goal is to not duplicate work between the teams | |||
* we need to keep working with the teams to push forward this model | |||
== identity == | |||
* progressing to staging | |||
* mozid.org? is setup now for experiment | |||
* not much on client side security yet | |||
** creating jetpack to make verified e-mail easier | |||
** not even prototyped | |||
* Sid will bring it up again when it happens | |||
== UK Working Group Meeting on Cookie Directive == | |||
* Context: http://www.bbc.co.uk/news/technology-13541250 | |||
* Browser makers & UK gov't gathering to talk about the new cookie law | |||
* not sure what will come of it. | |||
== Mobile/ARM fuzzing == | |||
* mobile fuzzing with e10s | |||
* target ARM specific code may have highest ROI | |||
* automation testing on tegra / mobile is still difficult | |||
** has gotten slightly easier due to newer devices not requiring a device to be root'd | |||
* Fennec-specific code | |||
** Currently includes all the multi-process stuff | |||
** Easier to test on desktop | |||
* ARM-specific code | |||
** Codecs: theora, webm? (not sure if supported on android yet) | |||
** JavaScript Engine | |||
* Android widgets & graphics | |||
* ian will contact desktop guys to see if they have cycles for mobile testing/fuzzing | |||
* get tegras to christian holler / christoph diehl? | |||
** file a bug | |||
* emulators? | |||
** Emulators have trouble with gpu code, won't be the same as actual device | |||
* qemu? or ARM simulator. translation vs emulation | |||
Latest revision as of 22:00, 13 July 2011
Mobile
- what can you do to help mobile?
- I can haz tablet? --> file an IT bug to get one.
- Woot has a deal today on a Xoom http://www.woot.com/ (refurbed)
- Lucas would like everyone to have a device and give a heads up on what they are doing for mobile
- I can haz tablet? --> file an IT bug to get one.
Blackhat
https://intranet.mozilla.org/ConferencesSchedule/Blackhat2011
- Hotel reservations can only be changed by chofmann
- Keeler is up in the air about BH travel/hotel
- Ricardo is set, just got his flight
- Dan needs a flight
- Pajama "milk & cookies" party will happen if engagement organizes it
- Room is reserved
- With so many Mozillians going to BH, we want to avoid everyone being at the party at once. update wiki with hours you can make it to milk & cookies, 10 or so at a time
- Schedule limo / hired car for those arriving at same time in LAS
Curtis
- Curtis PTO rest of this week
- Curtis will be back in town after blackhat
New Radar for security reviews
- https://wiki.mozilla.org/Security/Radar
- based on feature pages
- to keep track of things we want to work on
- tables are colored
- request for feedback
- right data? will this work?
- Item must be on the feature page to show up on radar, otherwise Curtis has to manually add it
- Assuming "not assigned to a release" means "far in the future" is sketchy. For example, "10.7 support" isn't assigned to a release but it's happening now.
- dria is working on improving feature pages, adding items
- feature page isn't used much outside of Firefox / mobile
- identity / thunderbird/ services need to use feature page more
Using feature pages
- If you want a feature to happen use the Create new feature page (don't just file a bug)
- To get it on the security roadmap, email Lucas
- To get it on the privacy roadmap, email Sid
Services coordination
- Lucas had discussion with mcoates, jim cook, todd
- we need a single template, model, security contact
- consistency between the teams
- the goal is to not duplicate work between the teams
- we need to keep working with the teams to push forward this model
identity
- progressing to staging
- mozid.org? is setup now for experiment
- not much on client side security yet
- creating jetpack to make verified e-mail easier
- not even prototyped
- Sid will bring it up again when it happens
UK Working Group Meeting on Cookie Directive
- Context: http://www.bbc.co.uk/news/technology-13541250
- Browser makers & UK gov't gathering to talk about the new cookie law
- not sure what will come of it.
Mobile/ARM fuzzing
- mobile fuzzing with e10s
- target ARM specific code may have highest ROI
- automation testing on tegra / mobile is still difficult
- has gotten slightly easier due to newer devices not requiring a device to be root'd
- Fennec-specific code
- Currently includes all the multi-process stuff
- Easier to test on desktop
- ARM-specific code
- Codecs: theora, webm? (not sure if supported on android yet)
- JavaScript Engine
- Android widgets & graphics
- ian will contact desktop guys to see if they have cycles for mobile testing/fuzzing
- get tegras to christian holler / christoph diehl?
- file a bug
- emulators?
- Emulators have trouble with gpu code, won't be the same as actual device
- qemu? or ARM simulator. translation vs emulation