Language Selection

English French German Italian Portuguese Spanish

Moz/FF

Mozilla: Extensions in Firefox 66 and Jingle Smash (VR)

Filed under
Moz/FF
  • Extensions in Firefox 66

    I want to start by highlighting an important change that has a major, positive impact for Firefox users. Starting in release 66, extensions use IndexedDB as the backend for local storage instead of a JSON file. This results in a significant performance improvement for many extensions, while simultaneously reducing the amount of memory that Firefox uses.

    This change is completely transparent to extension developers – you do not need to do anything to take advantage of this improvement. When users upgrade to Firefox 66, the local storage JSON file is silently migrated to IndexedDB. All extensions using the storage.local() API immediately realize the benefits, especially if they store small changes to large structures, as is true for ad-blockers, the most common and popular type of extension used in Firefox.

    The video below, using Adblock Plus as an example, shows the significant performance improvements that extension users could see.

  • Jingle Smash: Geometry and Textures

    I’m not a designer or artist. In previous demos and games I’ve used GLTFs, which are existing 3D models created by someone else that I downloaded into my game. However, for Jingle Smash I decided to use procedural generation, meaning I combined primitives in interesting ways using code. I also generated all of the textures with code. I don’t know how to draw pretty textures by hand in a painting tool, but 20 years of 2D coding means I can code up a texture pretty easily.

    Jingle Smash has three sets of graphics: the blocks, the balls, and the background imagery. Each set uses its own graphics technique.

Mozilla: Root Certificate Store, Rust and WebAssembly

Filed under
Moz/FF
  • Why Does Mozilla Maintain Our Own Root Certificate Store?

    Mozilla maintains a database containing a set of “root” certificates that we use as “trust anchors”. This database, commonly referred to as a “root store”, allows us to determine which Certificate Authorities (CAs) can issue SSL/TLS certificates that are trusted by Firefox, and email certificates that are trusted by Thunderbird. Properly maintaining a root store is a significant undertaking – it requires constant effort to evaluate new trust anchors, monitor existing ones, and react to incidents that threaten our users. Despite the effort involved, Mozilla is committed to maintaining our own root store because doing so is vital to the security of our products and the web in general. It gives us the ability to set policies, determine which CAs meet them, and to take action when a CA fails to do so.

    A major advantage to controlling our own root store is that we can do so in a way that reflects our values. We manage our CA Certificate Program in the open, and by encouraging public participation we give individuals a voice in these trust decisions. Our root inclusion process is one example. We process lots of data and perform significant due diligence, then publish our findings and hold a public discussion before accepting each new root. Managing our own root store also allows us to have a public incident reporting process that emphasizes disclosure and learning from experts in the field. Our mailing list includes participants from many CAs, CA auditors, and other root store operators and is the most widely recognized forum for open, public discussion of policy issues.

  • Extract Method Refactoring in Rust
  • Why should you use Rust in WebAssembly?

    WebAssembly (Wasm) is a technology that has the chance to reshape how we build apps for the browser. Not only will it allow us to build whole new classes of web applications, but it will also allow us to make existing apps written in JavaScript even more performant.

    In this article about the state of the Rust and Wasm ecosystem, I'll try to explain why Rust is the language that can unlock the true potential of WebAssembly.

Mozilla: ARCore and Arkit, Rust, Socorro and Free Speech

Filed under
Moz/FF
  • ARCore and Arkit, What is under the hood: SLAM (Part 2)

    In our last blog post (part 1), we took a look at how algorithms detect keypoints in camera images. These form the basis of our world tracking and environment recognition. But for Mixed Reality, that alone is not enough. We have to be able to calculate the 3d position in the real world. It is often calculated by the spatial distance between itself and multiple keypoints. This is often called Simultaneous Localization and Mapping (SLAM). And this is what is responsible for all the world tracking we see in ARCore/ARKit.

  • This Week in Rust 273
  • Socorro: January 2019 happenings

    Socorro is the crash ingestion pipeline for Mozilla's products like Firefox. When Firefox crashes, the crash reporter collects data about the crash, generates a crash report, and submits that report to Socorro. Socorro saves the crash report, processes it, and provides an interface for aggregating, searching, and looking at crash reports.

  • Mozilla Open Policy & Advocacy Blog: Mozilla Foundation fellow weighs in on flawed EU Terrorist Content regulation

    As we’ve noted previously, the EU’s proposed Terrorist Content regulation would seriously undermine internet health in Europe, by forcing companies to aggressively suppress user speech with limited due process and user rights safeguards. Yet equally concerning is the fact that this proposal is likely to achieve little in terms of reducing the actual terrorism threat or the phenomenon of radicalisation in Europe. Here, Mozilla Foundation Tech Policy fellow and community security expert Stefania Koskova* unpacks why, and proposes an alternative approach for EU lawmakers.

    With the proposed Terrorist Content regulation, the EU has the opportunity to set a global standard in how to effectively address what is a pressing public policy concern. To be successful, harmful and illegal content policies must carefully and meaningfully balance the objectives of national security, internet-enabled economic growth and human rights. Content policies addressing national security threats should reflect how internet content relates to ‘offline’ harm and should provide sufficient guidance on how to comprehensively and responsibly reduce it in parallel with other interventions. Unfortunately, the Commission’s proposal falls well short in this regard.

Mozilla: Tails 3.12, Better Testing of Firefox and Complaint About Facebook

Filed under
Moz/FF
Security
  • Tails 3.12.1 is out

    This release is an emergency release to fix a critical security vulnerability in Firefox.

    It also fixes other security vulnerabilities. You should upgrade as soon as possible.

  • Mozilla to use machine learning to find code bugs before they ship

    In a bid to cut the number of coding errors made in its Firefox browser, Mozilla is deploying Clever-Commit, a machine-learning-driven coding assistant developed in conjunction with game developer Ubisoft.

    Clever-Commit analyzes code changes as developers commit them to the Firefox codebase. It compares them to all the code it has seen before to see if they look similar to code that the system knows to be buggy. If the assistant thinks that a commit looks suspicious, it warns the developer. Presuming its analysis is correct, it means that the bug can be fixed before it gets committed into the source repository. Clever-Commit can even suggest fixes for the bugs that it finds. Initially, Mozilla plans to use Clever-Commit during code reviews, and in time this will expand to other phases of development, too. It works with all three of the languages that Mozilla uses for Firefox: C++, JavaScript, and Rust.

    The tool builds on work by Ubisoft La Forge, Ubisoft's research lab. Last year, Ubisoft presented the Commit-Assistant, based on research called CLEVER, a system for finding bugs and suggesting fixes. That system found some 60-70 percent of buggy commits, though it also had a false positive rate of 30 percent. Even though this false positive rate is quite high, users of this system nonetheless felt that it was worthwhile, thanks to the time saved when it did correctly identify a bug.

  • Facebook Answers Mozilla’s Call to Deliver Open Ad API Ahead of EU Election

    After calls for increased transparency and accountability from Mozilla and partners in civil society, Facebook announced it would open its Ad Archive API next month. While the details are still limited, this is an important first step to increase transparency of political advertising and help prevent abuse during upcoming elections.

    Facebook’s commitment to make the API publicly available could provide researchers, journalists and other organizations the data necessary to build tools that give people a behind the scenes look at how and why political advertisers target them. It is now important that Facebook follows through on these statements and delivers an open API that gives the public the access it deserves.

    The decision by Facebook comes after months of engagement by the Mozilla Corporation through industry working groups and government initiatives and most recently, an advocacy campaign led by the Mozilla Foundation.

    This week, the Mozilla Foundation was joined by a coalition of technologists, human rights defenders, academics, journalists demanding Facebook take action and deliver on the commitments made to put users first and deliver increased transparency.

    “In the short term, Facebook needs to be vigilant about promoting transparency ahead of and during the EU Parliamentary elections,” said Ashley Boyd, Mozilla’s VP of Advocacy. “Their action — or inaction — can affect elections across more than two dozen countries. In the long term, Facebook needs to sincerely assess the role its technology and policies can play in spreading disinformation and eroding privacy.”

Mozilla: Ubisoft, Physics Engines, Security and VR

Filed under
Moz/FF
  • Making the Building of Firefox Faster for You with Clever-Commit from Ubisoft

    Firefox fights for people online: for control and choice, for privacy, for safety. We do this because it is our mission to keep the web open and accessible to all. No other tech company has people’s back like we do.

    Part of keeping you covered is ensuring that our Firefox browser and the other tools and services we offer are running at top performance. When we make an update, or add a new feature the experience should be as seamless and smooth as possible for the user. That’s why Mozilla just partnered with Ubisoft to start using Clever-Commit, an Artificial Intelligence coding assistant developed by Ubisoft La Forge that will make the Firefox code-writing process faster and more efficient. Thanks to Clever-Commit, Firefox users will get to use even more stable versions of Firefox and have even better browsing experiences.

  • Jingle Smash: Choosing a Physics Engine

    The key to a physics based game like Jingle Smash is of course the physics engine. In the Javascript world there are many to choose from. My requirements were for fully 3D collision simulation, working with ThreeJS, and being fairly easy to use. This narrowed it down to CannonJS, AmmoJS, and Oimo.js: I chose to use the CannonJS engine because AmmoJS was a compiled port of a C lib and I worried would be harder to debug, and Oimo appeared to be abandoned (though there was a recent commit so maybe not?).

  • Retailers: All We Want for Valentine’s Day is Basic Security

    This has been the case with smart dolls, webcams, doorbells, and countless other devices. And the consequences can be life threatening: “Internet-connected locks, speakers, thermostats, lights and cameras that have been marketed as the newest conveniences are now also being used as a means for harassment, monitoring, revenge and control,” the New York Times reported last year. Compounding this: It is estimated that by 2020, 10 billion IoT products will be active.

    Last year, in an effort to make connected devices on the market safer for consumers, Mozilla, the Internet Society, and Consumers International published our Minimum Security Guidelines: the five basic features we believe all connected devices should have. They include encrypted communications; automatic updates; strong password requirements; vulnerability management; and an accessible privacy policy.

  • Anyone can create a virtual reality experience with this new WebVR starter kit from Mozilla and Glitch

    Here at Mozilla, we are big fans of Glitch. In early 2017 we made the decision to host our A-Frame content on their platform. The decision was easy. Glitch makes it easy to explore, and remix live code examples for WebVR.

    We also love the people behind Glitch. They have created a culture and a community that is kind, encouraging, and champions creativity. We share their vision for a web that is creative, personal, and human. The ability to deliver immersive experiences through the browser opens a whole new avenue for creativity. It allows us to move beyond screens, and keyboards. It is exciting, and new, and sometimes a bit weird (but in a good way).

    Building a virtual reality experience may seem daunting, but it really isn’t. WebVR and frameworks like A-Frame make it really easy to get started. This is why we worked with Glitch to create a WebVR starter kit. It is a free, 5-part video course with interactive code examples that will teach you the fundamentals of WebVR using A-Frame. Our hope is that this starter kit will encourage anyone who has been on the fence about creating virtual reality experiences to dive in and get started.

Firefox Tips, Mozilla Against Facebook, DRM (EME) in GNU/Linux and MiUnlockTool Against Bootloader Lockdown

Filed under
Moz/FF
  • Change look & feel of Firefox pinned tabs

    Here's a curious corner case for you. About a year ago, Firefox Quantum introduced a whole bunch of radical changes in how it works and behaves, the biggest among them the switch to WebExtensions. This move made a lot of friendly, powerful extensions not work anymore, including a range of tab management addons. On the upside, Firefox also brought about the integrated tab pinning feature. It works nicely. But.

    Pinned tabs will detach from the tab bar and position themselves to the left, somewhat like a typical desktop quicklaunch icon area. So far so good, but the corner case be here! As it happens, the pinned tabs are relatively narrow, which means quick stab 'n' open action isn't quite possible. You need to be accurate positioning your mouse cursor, and that could slow you down. There does not seem to be a trivial option to change the width of the pinned tabs. Hence this guide.

  • Mozilla Open Letter: Facebook, Do Your Part Against Disinformation

    Is Facebook making a sincere effort to be transparent about the content on its platform? Or, is the social media platform neglecting its promises?

    Facebook promised European lawmakers and users it would increase the transparency of political advertising on the platform to prevent abuse during the elections. But in the very same breath, they took measures to block access to transparency tools that let users see how they are being targeted.

    With the 2019 EU Parliamentary Elections on the horizon, it is vital that Facebook take action to address this problem. So today, Mozilla and 32 other organizations — including Access Now and Reporters Without Borders — are publishing an open letter to Facebook.

  • Review of Igalia’s Multimedia Activities (2018/H2)

    EME is a specification for enabling playback of encrypted content in Web bowsers that support HTML 5 video.

    In a downstream project for WPE WebKit we managed to have almost full test coverage in the YoutubeTV 2018 test suite.

    We merged our contributions in upstream, WebKit and GStreamer, most of what is legal to publish, for example, making demuxers aware of encrypted content and make them to send protection events with the initialization data and the encrypted caps, in order to select later the decryption key.

    We started to coordinate the upstreaming process of a new implementation of CDM (Content Decryption Module) abstraction and there will be even changes in that abstraction.

  • MiUnlockTool unlocks Xiaomi phones' bootloader on macOS and Linux

    MiUnlockTool is a third party bootloader unlock utility which runs on Linux and macOS. The official Xiaomi tool for unlocking bootloader is Windows only.

The Rust Vulkan Gfx-rs Portability Initiative Reaches New Milestone

Filed under
Development
Graphics/Benchmarks
Moz/FF

Gfx-rs Portability is the library being developed within the Rust programming language that implements the Vulkan Portability Initiative as an effort akin to MoltenVK for easily getting Vulkan applications running on macOS and other platforms where Vulkan API support may not be natively available.

Saturday marked a new release of gfx-rs/portability that implements version 0.2 of the VK_EXT_portability_subset extension. This release also offers improvements to the back-end for Apple's Metal graphics/compute API.

Read more

Also: A Tiny IDE For Your ATtiny

Session Sync - A nice session manager for Firefox Quantum

Filed under
Moz/FF
Web

Back in the good ole days, Firefox had a wealth of excellent, powerful extensions. Among them, Tab Mix Plus with a superb built-in session manager. Come Firefox Quantum (57 onwards) and WebExtensions, a lot of goodies have gone away, forever. We are left with diminished functionality.

One of the things that I've been hunting after the most is a flexible session manager akin to the old stuff, with the ability to manage multiple sessions in a smart, simple, elegant way. I think I've finally found an addon that does the trick. It's called Session Sync, and I'm happy enough to actually write a whole article about this.

Read more

Mozilla: Privacy, Immersive Media Content Creation Guide and 15 Firefox Addons To Consider Using Right Now

Filed under
Moz/FF
  • Mozilla Open Policy & Advocacy Blog: Kenya Government mandates DNA-linked national ID, without data protection law

    Last month, the Kenya Parliament passed a seriously concerning amendment to the country’s national ID law, making Kenya home to the most privacy-invasive national ID system in the world. The rebranded, National Integrated Identity Management System (NIIMS) now requires all Kenyans, immigrants, and refugees to turn over their DNA, GPS coordinates of their residential address, retina scans, iris pattern, voice waves, and earlobe geometry before being issued critical identification documents. NIIMS will consolidate information contained in other government agency databases and generate a unique identification number known as Huduma Namba.

    It is hard to see how this system comports with the right to privacy articulated in Article 31 of the Kenyan Constitution. It is deeply troubling that these amendments passed without public debate, and were approved even as a data protection bill which would designate DNA and biometrics as sensitive date is pending.

    Before these amendments, in order to issue the National ID Card (ID), the government only required name, date and place of birth, place of residence, and postal address. The ID card is a critical document that impacts everyday life, without it, an individual cannot vote, purchase property, access higher education, obtain employment, access credit, or public health, among other fundamental rights.

    Mozilla strongly believes that that no digital ID system should be implemented without strong privacy and data protection legislation. The proposed Data Protection Bill of 2018 which Parliament is likely to consider next month, is a strong and thorough framework that contains provisions relating to data minimization as well as collection and purpose limitation. If NIIMS  is implemented, it will be in conflict with these provisions, and more importantly in conflict with Article 31 of the Constitution, which specifically protects the right to privacy.

  • Immersive Media Content Creation Guide

    Firefox Reality is ready for your panoramic images and videos, in both 2D and 3D. In this guide you will find advice for creating and formatting your content to best display on the immersive web in Firefox Reality.

  • 15 Firefox Addons To Consider Using Right Now

    Firefox is a hugging amazing browser. It’s fast, smooth and respects your privacy & security very much. Firefox also comes by default on most Linux distributions, such as Ubuntu/Fedora/openSUSE. It also has the ability to add addons, which will allow you to boost your productivity a lot depending on your user setup.

    In this post, we’ll take a tour on some extremely important Firefox addons that you should check right now.

Mozilla: Mozilla’s Project Fission and New Goals for Mozilla Localization

Filed under
Moz/FF
  • Firefox “Site Isolation” Will Protect Users From Spectre-style Attacks

    Mozilla’s Project Fission will finally bear some fruitful results after one year in the making. Mozilla has publicly announced an overhaul of Firefox with Project Fisson, which will protect the browser form Spectre-class attacks.

    Side-channel attacks have always been problematic for the browsers, which is why Google Chrome introduced a similar effort back in May 2018. Now, Firefox is following the same footsteps.

  • A New Year with New Goals for Mozilla Localization

    We had a really ambitious and busy year in 2018! Thanks to the help of the global localization community as well as a number of cross-functional Mozilla staff, we were able to focus our efforts on improving the foundations of our localization program.

Syndicate content

More in Tux Machines

today's leftovers

Software: 14 Excellent Free Plotting Tools and Texinfo 6.6

  • 14 Excellent Free Plotting Tools
    A plotting tool is computer software which helps to analyze and visualize data, often of a scientific nature. Using this type of software, users can generate plots of functions, data and data fits. Software of this nature typically includes additional functionality, such as data analysis functions including curve fitting. A good plotting tool is very important for generating professional looking graphics for inclusion in academic papers. However, plotting tools are not just useful for academics, engineers, and scientists. Many users will need to plot graphs for other purposes such as presentations. Fortunately, Linux is well endowed with plotting software. There are some heavyweight commercial Linux applications which include plotting functionality. These include MATLAB, Maple, and Mathematica. Without access to their source code, you have limited understanding of how the software functions, and how to change it. The license costs are also very expensive. And we are fervent advocates of open source software. The purpose of this article is to help promote open source plotting tools that are available. To provide an insight into the quality of software that is available, we have compiled a list of 14 excellent plotting tools. Many of the applications are very mature. For example, gnuplot has been in development since the mid-1980s. The choice of plotting software may depend on which programming language you prefer. For example, if your leaning towards Python, matplotlib is an ideal candidate as it’s written in, and designed specifically for Python. Whereas, if you’re keen on the R programming language, you’ll probably prefer ggplot2, which is one of the most popular R packages. With good reason, it offers a powerful model of graphics that removes a lot of the difficulty in making complex multi-players graphics. R does come with “base graphics” which are the traditional plotting functions distributed with R. But gpplot2 takes graphics to the next level.
  •  
  • [GNU] Texinfo 6.6 released
    We have released version 6.6 of Texinfo, the GNU documentation format.

Bare-Metal Kubernetes Servers and SUSE Servers

  • The Rise of Bare-Metal Kubernetes Servers
    While most instances of Kubernetes today are deployed on virtual machines running in the cloud or on-premises, there is a growing number of instances of Kubernetes being deployed on bare-metal servers. The two primary reasons for opting to deploy Kubernetes on a bare- metal server over a virtual machine usually are performance and reliance on hardware accelerators. In the first instance, an application deployed at the network edge might be too latency-sensitive to tolerate the overhead created by a virtual machine. AT&T, for example, is working with Mirantis to deploy Kubernetes on bare-metal servers to drive 5G wireless networking services.
  • If companies can run SAP on Linux, they can run any application on it: Ronald de Jong
    "We have had multiple situations with respect to security breaches in the last couple of years, albeit all the open source companies worked together to address the instances. As the source code is freely available even if something goes wrong, SUSE work closely with open source software vendors to mitigate the risk", Ronald de Jong, President of -Sales, SUSE said in an interview with ET CIO.
  • SUSE Public Cloud Image Life-cycle
    It has been a while since we published the original image life-cycle guidelines SUSE Image Life Cycle for Public Cloud Deployments. Much has been learned since, technology has progressed, and the life-cycle of products has changed. Therefore, it is time to refresh things, update our guidance, and clarify items that have led to questions over the years. This new document serves as the guideline going forward starting February 15th, 2019 and supersedes the original guideline. Any images with a date stamp later than v20190215 fall under the new guideline. The same basic principal as in the original guideline applies, the image life-cycle is aligned with the product life-cycle of the product in the image. Meaning a SLES image generally aligns with the SUSE Linux Enterprise Server life-cycle and a SUSE Manager image generally aligns with the SUSE Manager life-cycle.

Steam's Slipping Grip and Release of Wine-Staging 4.2

  • Steam's iron grip on PC gaming is probably over even if the Epic Games Store fails
     

    It doesn’t matter though. Whether Epic succeeds or not, Steam has already lost. The days of Valve’s de facto monopoly are over, and all that matters is what comes next.

  • Wine-Staging 4.2 Released - Now Less Than 800 Patches Atop Upstream Wine
    Wine 4.2 debuted on Friday and now the latest Wine-Staging release is available that continues carrying hundreds of extra patches re-based atop upstream Wine to provide various experimental/testing fixes and other feature additions not yet ready for mainline Wine.  Wine-Staging for a while has been carrying above 800 patches and at times even above 900, but with Wine-Staging 4.2 they have now managed to strike below the 800 patch level. It's not that they are dropping patches, but a lot of the Wine-Staging work has now been deemed ready for mainline and thus merged to the upstream code-base. A number of patches around the Windows Codecs, NTDLL, BCrypt, WineD3D, and other patches have been mainlined thus now coming in at a 798 patch delta.