Language Selection

English French German Italian Portuguese Spanish

Moz/FF

Inside Firefox’s DOH engine

Filed under
Moz/FF

DNS over HTTPS (DOH) is a feature where a client shortcuts the standard native resolver and instead asks a dedicated DOH server to resolve names.

Compared to regular unprotected DNS lookups done over UDP or TCP, DOH increases privacy, security and sometimes even performance. It also makes it easy to use a name server of your choice for a particular application instead of the one configured globally (often by someone else) for your entire system.

DNS over HTTPS is quite simply the same regular DNS packets (RFC 1035 style) normally sent in clear-text over UDP or TCP but instead sent with HTTPS requests. Your typical DNS server provider (like your ISP) might not support this yet.

Read more

Mozilla and GitHub

Filed under
Moz/FF
  • Trying Firefox Variants: From Firefox ESR to Pale Moon to Quantum

    For the last year or so the Firefox development team has been making life ever harder for users. First they broke all the old extensions that were based on XUL and XBL, so a lot of customizations no longer worked. Then they made PulseAudio mandatory on Linux bug (1345661), so on systems like mine that don't run Pulse, there's no way to get sound in a web page. Forget YouTube or XenoCanto unless you keep another browser around for that purpose.

    For those reasons I'd been avoiding the Firefox upgrade, sticking to Debian's firefox-esr ("Extended Support Release"). But when Debian updated firefox-esr to Firefox 56 ESR late last year, performance became unusable. Like half a minute between when you hit Page Down and when the page actually scrolls. It was time to switch browsers.

  • Opting into European mode

    Trans Europa Express was covered on ghacks.net. This is an experimental Firefox extension that tries to get web sites to give you European-level privacy rights, even if the site classifies you as non-European.

  • "Will we complete this sprint in time?": Modifying GitHub To Work For Us

    My team estimates the time to complete an issue using “T-shirt sizing”: we assign size labels “S” (<= 1 day), “M” (2-3 days), and “L” (4-5 days). One quick, albeit rough, way to estimate the amount of time it’d take to complete a sprint is to sum together the number of days these size labels represent (we use the upper bounds to be safe) to find out the number of “engineering days” it’ll take to complete the sprint. To find out if you’ll complete the sprint on time, this number can be subtracted by the number of engineering days until the deadline: the number of days until the deadline multiplied by the number of engineers you have.

Mozilla: Rust, Extensions, Mixed Reality

Filed under
Moz/FF
  • Baby’s First Rust+WebAssembly module: Say hi to JSConf EU!

    The Arch is a a larger-than-life experience that uses 30,000 colored LEDs to create a canvas for light animations.

    And you can take charge of this space. Using modules, you can create a light animation.

    But even though this is JSConf, these animations aren’t just powered by JavaScript modules. In fact, we hope you will try something new… Rust + WebAssembly.

  • Mozilla Addons Blog: June’s Featured Extensions

    Enjoy a gorgeous new tab page with customizable background images and many informational widgets to choose from, like local weather, date/time, bookmarks, and more.

  • This week in Mixed Reality: Issue 8

    Now that we are back from our Chicago work week, we are heads down adding new features, making improvements and fixing bugs.

Mozilla: Development, Philosophy, and Improving DNS Privacy in Firefox

Filed under
Moz/FF
  • Applying Open Practices — Sage Bionetworks

    Founded as a spin-out from Merck in 2009, Sage Bionetworks is a non-profit research organization that seeks to develop predictors of disease and accelerate health research by applying a large and impactful set of open practises. These allow for a global research community to share knowledge, interpret large-scale data, crowdsource hypothesis-tests and foster innovation through community challenges.

  • Welcome Shruti to the Test Pilot team!

    A few weeks ago, Shruti Singh joined the Test Pilot team for the summer as an Outreachy intern. Read on to learn more about her and what she’ll be working on.

  • The importance of reviewing suggestions

    While at Mozilla we want to ensure consistent and high-quality translations, we also want to make sure that contributing is a rewarding and pleasant experience for everyone. Translating in a timely manner is important, however there are other essential things to take into consideration. For example, leaving non-urgent projects with missing strings so that new localizers can get involved is one of them. Reviewing pending suggestions regularly is another – and the main topic of this post.

  • A Vision for Engineering Workflow at Mozilla (Part One)

    The OED’s second definition of “vision” is “the ability to think about or plan the future with imagination or wisdom.” Thus I felt more than a little trepidation when I was tasked with creating a vision for my team. What should this look like? How do I scope it? What should it cover? The Internet was of surprisingly little help; it seems that either no one thinks about tooling and engineering processes at this level, or (perhaps more likely) they keep it a secret when they do. The best article I found was from Microsoft Research in which they studied how tools are adopted at Microsoft, and their conclusion was essentially that they had no overarching strategy.

    Around six months later, I presented a Vision for Engineering Workflow at our fortnightly managers' meeting. But first, some context: a bit about Mozilla’s Engineering Workflow team, and about the challenges we face.

  • Improving DNS Privacy in Firefox

    Domain Name Service (DNS) is one of the oldest parts of internet architecture, and remains one that has largely been untouched by efforts to make the web safer and more private. On the Firefox network and security teams, we’re working to change that by encrypting DNS queries and by testing a service that keeps DNS providers from collecting and sharing your browsing history.

    For more than 30 years, DNS has served as a key mechanism for accessing sites and services on the web. Browsers (including Firefox) use DNS to access a distributed database that turns URLs into TCP/IP addressing information. Firefox cannot do much without the service. DNS hails from the days of a kinder, more gentle Internet where it was normal to make this kind of query using unencrypted protocols and send them to any nearby server who claimed to be able to answer it.

  • A cartoon intro to DNS over HTTPS

    Threats to users’ privacy and security are growing. At Mozilla, we closely track these threats. We believe we have a duty to do everything we can to protect Firefox users and their data.

    We’re taking on the companies and organizations that want to secretly collect and sell user data. This is why we added tracking protection and created the Facebook container extension. And you’ll be seeing us do more things to protect our users over the coming months.

  • Working for Good: Accel Lifestyle

    The web should be open to everyone, a place for unbridled innovation, education, and creative expression. That’s why Firefox fights for Net Neutrality, promotes online privacy rights, and supports open-source tech around the globe. We strive to make the online community a better place. We also know people everywhere work tirelessly to improve their own communities. In this series, we’re profiling businesses that work to make the world better—and use Firefox to support a healthy, open, and safe internet.

  • Distributed Teams: On the non-Universality of “Not it!”

    I’ve surprisingly not written a lot over here about working on a distributed team in a distributed organization. Mozilla is about 60% people who work in MoLos (office workers) and 40% people who don’t (remotees). My team is 50/50: I’m remote near Toronto, one works from his home in Italy, and the other two sit in the Berlin office most days.

Mozilla: WebAssembly, Mozilla Test Pilot, VR and Bootstrap

Filed under
Moz/FF
  • Testing GNU FreeDink in your browser

    This is a first version that can be polished further but it works quite well.
    This is the original C/C++/SDL2 code with a few tweaks, cross-compiled to WebAssembly (and an alternate version in asm.js) with emscripten.
    Nothing brand new I know, but things are getting smoother, and WebAssembly is definitely a performance boost.

    I like distributed and autonomous tools, so I'm generally not inclined to web-based solutions.
    In this case however, this is a local version of the game. There's no server side. Savegames are in your browser local storage. Even importing D-Mods (game add-ons) is performed purely locally in the in-memory virtual FS with a custom .tar.bz2 extractor cross-compiled to WebAssembly.

  • Welcome Punam to the Test pilot team!

    A couple months ago Punam transferred from another team at Mozilla to join the Test Pilot team. Below she answers some questions about her experience and what she’s looking forward to. Welcome, Punam!

    [...]

    Before Mozilla I have worked with SonicWall, eBay and Symantec doing web development.

  • This week in Mixed Reality: Issue 7

    Missed us last week? Our team met in Chicago for a work week. If you had the chance to come and meet us at the CHIVR / AR Chicago meetup, thanks for swinging by. We strategized our short and long term plans and we're really excited to share what we're unfolding in the coming weeks.

  • Why bootstrap?

    Over the next few quarters, I'm going to focus my attention on Mozilla's experimentation platform. One of the first questions we need to answer is how we're going to calculate and report the necessary measures of variance. Any experimentation platform needs to be able to compare metrics between two groups.

    For example, say we're looking at retention for a control and experiment group. Control shows a retention of 88.45% and experiment shows a retention of 90.11%. Did the experimental treatment cause a real increase in retention or did the experiment branch just get lucky when we assigned users? We need to calculate some measure of variance to be able to decide.

    The two most common methods to do this calculation are the frequentist's two-sample t-test or some form of the bootstrap.

    In ye olden days, we'd be forced to use the two-sample t-test. The bootstrap requires a lot of compute power that just wasn't available until recently. As you can imagine, the bootstrap is all the rage in the Data Science world. Of course it is. We get to replace statistics with raw compute power! That's the dream!

Firefox 63 Plans and Mozilla's Error Code Plans

Filed under
Moz/FF
  • Firefox 63 to Get Improved Tracking Protection That Blocks In-Browser Miners

    Mozilla developers are working on an improved Tracking Protection system for the Firefox browser that will land in version 63, scheduled for release in mid-October.

    Tracking Protection is a feature that blocks Firefox from loading scripts from abusive trackers. It was first launched with Firefox's Private Browsing mode a few years back, but since Firefox 57, released in November 2017, users can enable it for normal browsing sessions at any time.

  • Firefox 63 To Block Cryptojackers With Advanced Tracking Protection

    It has been reported by Bleeping Computer, a security blog, that Firefox 63 will be launched with an improved tracking protection system to ward off the threats and security concerns posed by in-browser miners.

    With the surge in incidents involving mining malware trying to use your CPU power to perform some CPU-intensive calculations for their own benefit, many browsers have raised their guards by providing additional security features. (You can read more about blocking cryptocurrency mining in your browser in our earlier published article.)

  • What’s the 411 on 404 messages: Internet error messages explained

    Nothing’s worse than a broken website. Well, maybe an asteroid strike. Or a plague. So maybe a broken website isn’t the end of the world, but it’s still annoying. And it’s even more annoying not knowing what those weird error messages mean. That’s why we’ve decoded the most common HTTP error messages.

GDPR and Mozilla, Rust, Firefox

Filed under
Moz/FF
  • Data privacy in Sailfish OS is enhancing even further as GDPR comes into effect
  • The General Data Protection Regulation and Firefox

    We are only a few days away from May 25th, when the European General Data Protection Regulation (GDPR) will go into full effect. Since we were founded, Mozilla has always stood for and practiced a set of data privacy principles that are at the heart of privacy laws like the GDPR. And we have applied those principles, not just to Europe, but to all our users worldwide. We feel like the rest of the world is catching up to where we have been all along.

  • Ready for GDPR: Firefox Focus Offers Additional Tracking Protection Against Advertisers

    It’s been nearly a year since we launched Firefox Focus for Android, and it has become one of the most popular privacy browsers for mobile around the world. In light of recent events, more and more consumers have growing awareness for privacy and secure products. The upcoming implementation of the General Data Protection Regulation (GDPR) in Europe later this month reflects this and, at the same time, highlights how important privacy is for all users.

  • rust for cortex-m7 baremetal
  • Tags are now available in Pontoon to help you prioritize your work

    Almost a couple of years ago I started working on a concept called string tiers. The goal was twofold: on one side help locales, especially those starting from scratch, to prioritize their work on a project as large as Firefox, with currently over 11 thousand strings. On the other hand, give project managers a better understanding of the current status of localization.

    Given the growth in complexity and update frequency of Developer Tools within Firefox (currently almost 2,600 strings), finding a solution to this problem became more urgent. For example, is a locale in bad shape because it misses thousands of strings? The answer would not automatically be ”yes”, since the missing strings might have a low priority.

    The string tiers concept assigns priority to strings based on their target – who is meant to see them – and their visibility. The idea is quite simple: a string warning the user about an error, or requiring an action from them, is more important than one targeting developers or website owners, and buried in the Error Console of the browser.

Mozilla: Framework, WebAssembly, Taskcluster

Filed under
Moz/FF
  • Mozilla uncovers ‘new conceptual framework’ for open source

    A report has been generated which claims to offers ‘a new conceptual framework’ of open source project archetypes.

    This research cover aspects of open source spanning business objectives, licensing, community standards, component coupling and project governance.

    It also contains some practical advice on how to use the framework (it actually is a working framework) and on how to set up projects.

  • Qt for WebAssembly – check out the examples!

    WebAssembly is now supported by all major web browsers as a binary format for allowing sand-boxed executable code in web pages that is nearly as fast as native machine code. Qt for WebAssembly makes it possible to run Qt applications on many web browsers without any download steps or special server requirements (other than serving the wasm file).

    To give you a closer look, we compiled some demos. For best performance, use Firefox.

  • Redeploying Taskcluster: Hosted vs. Shipped Software

    The Taskcluster team’s work on redeployability means switching from a hosted service to a shipped application.

    A hosted service is one where the authors of the software are also running the main instance of that software. Examples include Github, Facebook, and Mozillians. By contrast, a shipped application is deployed multiple times by people unrelated to the software’s authors. Examples of shipped applications include Gitlab, Joomla, and the Rust toolchain. And, of course, Firefox!

Mozilla: Rust Compiler, Firefox Updates and Docker

Filed under
Moz/FF
  • The Rust compiler is getting faster

    As changes are made to the Rust compiler, a suite of benchmarks measuring compile time is run regularly on the development version. The data is viewable at http://perf.rust-lang.org. The default view is graphical, showing data from the past month.

  • These Weeks in Firefox: Issue 38
  • Scaling Firefox Development Workflows

    One of the central themes of my time at Mozilla has been my pursuit of making it easier to contribute to and hack on Firefox.

    I vividly remember my first day at Mozilla in 2011 when I went to build Firefox for the first time. I thought the entire experience - from obtaining the source code, installing build dependencies, building, running tests, submitting patches for review, etc was quite... lacking. When I asked others if they thought this was an issue, many rightfully identified problems (like the build system being slow). But there was a significant population who seemed to be naive and/or apathetic to the breadth of the user experience shortcomings. This is totally understandable: the scope of the problem is immense and various people don't have the perspective, are blinded/biased by personal experience, and/or don't have the product design or UX experience necessary to comprehend the problem.

  • Release of python-zstandard 0.9

    Zstandard is a highly tunable and therefore flexible compression algorithm with support for modern features such as multi-threaded compression and dictionaries. Its performance is remarkable and if you use it as a drop-in replacement for zlib, bzip2, or other common algorithms, you'll frequently see more than a doubling in performance.

  • Revisiting Using Docker

    When Docker was taking off like wildfire in 2013, I was caught up in the excitement like everyone else. I remember knowing of the existence of LXC and container technologies in Linux at the time. But Docker seemed to be the first open source tool to actually make that technology usable (a terrific example of how user experience matters).

    At Mozilla, Docker was adopted all around me and by me for various utilities. Taskcluster - Mozilla's task execution framework geared for running complex CI systems - adopted Docker as a mechanism to run processes in self-contained images. Various groups in Mozilla adopted Docker for running services in production. I adopted Docker for integration testing of complex systems.

Mozilla: Thunderbird Rebuts EFF, Debugging Modern Web Applications, Firefox Performance, Rust Turning 3

Filed under
Moz/FF
  • Mozilla Thunderbird: EFail and Thunderbird, What You Need To Know

    DO NOT DISABLE ENCRYPTION. We’ve seen recommendations from some outlets to stop using encrypted Email altogether. If you are sending sensitive data via Email, Thunderbird still recommends using encryption to keep those messages safe. You should, however, check the configuration of the applications you use to view encrypted EMail. For Thunderbird, follow our guidelines below to protect yourself.

  • Debugging Modern Web Applications

    Building and debugging modern JavaScript applications in Firefox DevTools just took a quantum leap forward. In collaboration with Logan Smyth, Tech Lead for Babel, we leveled up the debugger’s source map support to let you inspect the code that you actually wrote. Combined with the ongoing initiative to offer first-class JS framework support across all our devtools, this will boost productivity for modern web app developers.

    Modern JS frameworks and build tools play a critical role today. Frameworks like React, Angular, and Ember let developers build declarative user interfaces with JSX, directives, and templates. Tools like Webpack, Babel, and PostCSS let developers use new JS and CSS features before they are supported by browser vendors. These tools help developers write simpler code, but generate more complicated code to debug.

  • Firefox Performance Update #8

    Talos is a framework that we use to measure various aspects of Firefox performance as part of our continuous integration pipeline.

    There are a number of Talos “suites”, where each suite contains some number of tests. These tests, in turn, report some set of numbers that are then stored and graphable via our graph viewer here.

    Here’s a full list of the Talos tests, including their purpose, the sorts of measurements they take, and who’s currently a good person to ask about them if you have questions.

    A lot of work has been done to reduce the amount of noise in our Talos tests, but they’re still quite sensitive and noisy. This is why it’s often necessary to do 5-10 retriggers of Talos test runs in order to do meaningful comparisons.

    Sometimes Talos detects regressions that aren’t actually real regressions1, and that can be a pain. However, for the times where real regressions are caught, Talos usually lets us know much faster than Telemetry or user reports.

    Did you know that you can get profiles from Try for Talos runs? This makes it much simpler to diagnose Talos regressions. Also, we now have Talos profiles being generated on our Nightly builds for added convenience!

  • This Week in Rust 234
  • Thoughts on retiring from a team

    The Rust Community Team has recently been having a conversation about what a team member’s “retirement” can or should look like. I used to be quite active on the team but now find myself without the time to contribute much, so I’m helping pioneer the “retirement” process. I’ve been talking with our subteam lead extensively about how to best do this, in a way that sets the right expectations and keeps the team membership experience great for everyone.

  • Rust turns three

    Three years ago today, the Rust community released Rust 1.0 to the world, with our initial vision of fearless systems programming. As per tradition, we’ll celebrate Rust’s birthday by taking stock of the people and the product, and especially of what’s happened in the last year.

    [...]

    Finally, the Rust community continues to work on inclusivity, through outreach programs like Rust Reach and RustBridge, as well as structured mentoring and investments in documentation to ease contribution. For 2018, a major goal is to connect and empower Rust’s global community, which we’re doing both through conference launches in multiple new continents, as well as work toward internationalization throughout the project.

Syndicate content

More in Tux Machines

Debian GNU/Linux 10 "Buster" Installer Updated with Linux Kernel 4.16 Support

Developed under the Debian Testing umbrella, the forthcoming Debian GNU/Linux 10 "Buster" operating system series just received today the third alpha milestone of its installer, which lets people install the Linux-based operating system on their personal computers, servers, and IoT devices, such as the Raspberry Pi. One of the most interesting changes that caught out eyes is the bump of the kernel support from Linux kernel 4.13, which was used in the second alpha build, to Linux kernel 4.16. Of course, this means that there's better hardware support, so chances are you'll be able to install the development version of Debian GNU/Linux 10 "Buster" on newer machines or if you have some exotic components on your PC. Read more

The New Microsoft

  • Microsoft ICE Contract Draws Fire

    “ICE’s decision to accelerate IT modernization using Azure Government will help them innovate faster while reducing the burden of legacy IT. The agency is currently implementing transformative technologies for homeland security and public safety, and we’re proud to support this work with our mission-critical cloud,” he wrote.

  • Microsoft faces outrage for blog post touting ICE contract

    As outrage grew online, a Microsoft employee quietly removed mention of ICE from the January press release this morning. Social media users noticed that, too. The company has since restored the press release's original language, and called its removal a "mistake."

  • Microsoft Removes Mention of ICE Cloud Work After Protests

    Microsoft Corp. scrubbed an online reference to its work for U.S. Immigration and Customs Enforcement as the agency faces criticism for its role in separating families at the U.S.-Mexican border.

  • Microsoft briefly removes blog post mentioning ICE contract after backlash
  • Microsoft's Ethical Reckoning Is Here

    Tech Workers Coalition, a labor group for tech industry employees, urged Microsoft employees to coordinate their opposition. “If you are a worker building these tools or others at Microsoft, decide now that you will not be complicit,” the group tweeted.

Android Leftovers

First Ubuntu Touch OTA-4 Release Candidate Based on Ubuntu 16.04 LTS Is Here

The latest Ubuntu Touch update from UBports, OTA-3, was released last year near the Christmas holidays, but it was still based on Ubuntu 15.04 (Vivid Vervet), so if you though Ubuntu Phones are dead, think again, because the UBports team has been hard at work to bring you the OTA-4, which will be the first to rebase the operating system on Ubuntu 16.04 LTS (Xenial Xerus). "The main reason why the arrival of OTA-4 seemed to take so long is because Ubuntu Touch switched its base to Ubuntu 16.04 LTS Xenial Xerus. This is a mammoth milestone for the project, because it allowed us to transition from the unsupported Ubuntu 15.04 Vivid Vervet to a Long Term Support (LTS) base," reads today's announcement. Read more Also: UBports' Ubuntu Touch OTA-4 RC Released, Upgrades To Ubuntu 16.04 LTS