Language Selection

English French German Italian Portuguese Spanish

Moz/FF

Mozilla: WebPush Shield Study, Firefox Mania, Bleach 3.0.0 and This Week in Rust 254

Filed under
Moz/FF
  • Upcoming WebPush Shield Study

    WebPush does more than let you know you’ve got an upcoming calendar appointment or bug you about subscribing to a site’s newsletter (particularly one you just visited and have zero interest in doing). Turns out that WebPush is a pretty good way for us to do a number of things as well. Things like let you send tabs from one install of Firefox to another, or push out important certificate updates. We’ll talk about those more when we get ready to roll them out, but for now, we need to know if some of the key bits work.

    One of the things we need to test is if our WebPush servers are up to the job of handling traffic, or if there might be any weird issue we might not have thought of. We’ve run tests, we’ve simulated loads, but honestly, nothing compares to real life for this sort of thing.

    In the coming weeks, we’re going to be running an experiment. We’ll be using the Shield service to have your browser set up a web push connection. No data will go over that connection aside from the minimal communication that we need. It shouldn’t impact how you use Firefox. Chances are, you won’t even notice we’re doing this.

  • Firefox got maniac

    I don’t know what, I don’t know why, but Firefox behaves completely maniac on one of my computers. Opening simple tabs beats up 4 Web Content threads to nearly 100% CPU time, switching tabs the same.

  • Bleach v3.0.0 released!

    Bleach 3.0.0 focused on easing the problems with the html5lib dependency and fixing regressions created in the Bleach 2.0 rewrite

  • This Week in Rust 254

    Every week the team announces the 'final comment period' for RFCs and key PRs which are reaching a decision. Express your opinions now.

Mozilla: ESLint, The Things Gateway, Distributed Teams, Uplift, MDN

Filed under
Moz/FF
  • What’s next for ESLint on Firefox Source Code?

    Around 2015 a couple of projects had started using ESLint in mozilla-central. In the last quarter of 2015, there was a big push to enable ESLint for browser/ and toolkit/ – the two main directories containing the javascript source behind Firefox.

    Since then, we have come a long way. We have commands and hooks for developers to use, checks during the review phase, and automatic tests that run against our review tools and our continuous integration branches. Not only that, but we’ve also expanded our coverage to more directories, and expanded the amount of rules that are enabled.

    As we’ve done this work, we’ve caught lots of bugs in the code or in our tests (there’s much more than just those links). Some of those have been small, some have been user facing issues. There are also now the countless potential bugs that we don’t get to see where ESLint catches issues for us before they even hit the core source trees. All this helps to save developer time and leaves more for fixing bugs and implementing new features.

  • The Things Gateway - A Pythonic Rule System

    In my last post, I talked about the features and limitations of the Rules System within the Things Gateway by Mozilla graphical user interface. Today, I'm going to show an alternate rule system that interacts with the Things Gateway entirely externally using the Web Thing API. The Web Thing API enables anyone armed with a computer language that can use Web Sockets to create entirely novel applications or rules systems that can control the Things Gateway.

    In the past few months, I've blogged several times about controlling the Things Gateway with the Web Thing API using Python 3.6. In each one was a stand alone project, opening and managing Web Sockets in an asynchronous programming environment. By writing these projects, I've explored both functional and object oriented idioms to see how they compare. Now with some experience, I feel free to abstract some of the underlying common aspects to create a rule engine of my own.

  • Distributed Teams: Regional Holidays

    Today is German Unity Day, Germany’s National Day. Half of my team live in Berlin, so I vaguely knew they wouldn’t be around… but I’d likely have forgotten if not for a lovely tradition of “Holiday Inbound” emails at Mozilla.

    Mozilla is a broadly-distributed organization with employees in dozens of countries worldwide. Each of these countries have multiple days off to rest or celebrate. It’s tough to know across so many nations and religions and cultures exactly who will be unable to respond to emails on exactly which days.

  • Uplift forms get a refresh

    Firefox is shipped using a train model. Without going into too much details, this means that we maintain several channel in parallel (Nightly, Beta, Release and ESR). Normal changes happen in Nightly. When a change needs to be cherry-picked from Nightly to another branch, the process is called “Uplift”.

    Uplifting is a key tool in the Firefox release management world. When developers want to apply a patch from Nightly to another branch, they will use Bugzilla, answering some questions in a textarea.

  • A New Way to Support MDN

    Starting this week, some visitors may notice something new on the MDN Web Docs site, the comprehensive resource for information about developing on the open web.

    We are launching an experiment on MDN Web Docs, seeking direct support from our users in order to accelerate growth of our content and platform. Not only has our user base grown exponentially in the last few years (with corresponding platform maintenance costs), we also have a large list of cool new content, features, and programs we’d like to create that our current funding doesn’t fully cover.

    In 2015, on our tenth anniversary (read about MDN’s evolution in the 10-year anniversary post), MDN had four million active monthly users. Now, just three years later, we have 12 million. Our last big platform update was in 2013. By asking for, and hopefully receiving, financial assistance from our users – which will be reinvested directly into MDN – we aim to speed up the modernization of MDN’s platform and offer more of what you love: content, features, and integration with the tools you use every day (like VS Code, Dev Tools, and others), plus better support for the 1,000+ volunteers contributing content, edits, tooling, and coding to MDN each month.

Mozilla: Mojolicious, CSS, MDN, Android Users and Desktop

Filed under
Moz/FF
  • happy bmo push day – mojolicious edition

    As previously announced at FOSDEM 2018 and then re-announced at MojoConf, bugzilla.mozilla.org is now running on Mojolicious “A next generation web framework for the Perl programming language”

    This release incorporates 28 changes and the Mojolicious migration is the least interesting to the end-user, but it is pretty important in terms of being able to deliver rich experiences moving forward.

  • Supporting Referrer Policy for CSS in Firefox 64

    Navigating from one webpage to another or requesting a sub-resource within a webpage causes a web browser to send the top-level URL in the HTTP referrer field. Inspecting that HTTP header field on the receiving end allows sites to identify where the request originated which enables sites to log referrer data for operational and statistical purposes. As one can imagine, the top-level URL quite often includes user sensitive information which then might leak through the referrer value impacting an end users privacy.

  • Hack on MDN: Better accessibility for MDN Web Docs

    Hack on MDN events evolved from the documentation sprints for MDN that were held from 2010 to 2013, which brought together staff members and volunteers to write and localize content on MDN over a weekend. As implied by the name, “Hack on MDN” events expand the range of participants to include those with programming and design skills. In its current incarnation, each Hack on MDN event has a thematic focus. One in March of this year focused on browser compatibility data.

    The Hack on MDN format is a combination of hackathon and unconference; participants pitch projects and commit to working on concrete tasks (rather than meetings or long discussions) that can be completed in three days or less. People self-organize to work on projects in which a group can make significant progress over a long weekend. Lightning talks provide an unconference break from projects.

  • New Firefox Focus comes with search suggestions, revamped visual design and an under-the-hood surprise for Android users

    When we first launched Firefox Focus, we wanted to quickly deliver a streamlined private browsing experience for your mobile device. Since then, we’ve been pleasantly surprised by how many people use Focus for more than just private browsing and we’ve made Focus better with a thoughtful set of features based on what our users are telling us. Custom tabs, tracker counter, full screen mode and so much more have been the result. Today, we’re pleased to announce another big update with another much-requested feature, a design refresh, and an exciting change to the underlying technology behind Focus for Android.

  • Working on Firefox desktop developer efficiency

    Mozilla is an engineering company. Its interface to—and impact on—the world is through its primary product, the Firefox web browser. Firefox is of course created, maintained, and improved by Mozilla’s developers (both employees and community members). Thus, when one increases Firefox developer efficiency and velocity the velocity of the Firefox product increases. Because Firefox is Mozilla’s primary product, an increase in Firefox product velocity transitively increases the velocity of the company and the mission overall.

Mozilla: Firefox 63 Beta 10, Firefox Nightly, October’s Featured Extensions and Privacy

Filed under
Moz/FF
  • QMO: Firefox 63 Beta 10 Testday Results
  • Firefox Nightly: These Weeks in Firefox: Issue 46
  • October’s Featured Extensions
  • ndian Supreme Court rules on Aadhaar: Delayed scrutiny

    The Aadhaar judgment holds important lessons (and warnings) for how courts and the polity should respond to the technological vision of the state. The task before the Supreme Court was to evaluate the constitutionality of a specific choice and design of technology made by the government. Note that this choice, of a single biometric identifier for each resident linked to a centralised database, was made almost a decade ago. And decisions about this project have largely evolved within the closed quarters of the executive, including the one to roll it out, and the subsequent call to link Aadhaar to essential services. All this was done without any statutory backing, until its hurried passage as a money bill in 2016.

    As one reads through the decision of the three judges that formed the majority opinion, it becomes clear that there are limits to this delayed judicial scrutiny of a technology-driven project that has already reached scale (over 99% of the population is already enrolled). While the judgment does well to impose limits on its scope, it disappoints in its reluctance to engage with its underlying technical and evidentiary claims, and the application of weak legal standards.

Mozilla: European Commission Contributions, Hubs by Mozilla, Localisation, DevTools GCLI

Filed under
Moz/FF
  • Contributing to the European Commission’s review of digital competition

    Following on the heels of our submission to the U.S. Federal Trade Commission last month, we have submitted a written filing to the European Commission Directorate-General for Competition, as part of a public consultation in advance of the Commission’s forthcoming January 2019 conference on competition challenges in the digital era. In our filing, we focus on two specific, related issues: the difficulty of measuring competitive harm in a data-powered and massively vertically integrated digital ecosystem, and the role played by interoperability (in particular, through technical interfaces known as APIs) in powering the internet as we know it.

    Mozilla’s Internet Health Report 2018 explored concentration of power and centralization online through a spotlight article, “Too big tech?” The software and services offered by a few companies are entangled with virtually every part of our lives. These companies reached their market positions in part through massive innovation and investment, and they created extremely popular (and lucrative) user experiences. But we are headed today down a path of excessive centralisation and control, where someday the freedom to code and compete will be realised in full only for those who work for a few large corporations.

  • Hubs by Mozilla: Immersive Communication on Any Device

    Hubs by Mozilla lets people meet in a shared 360-environment using just their browser. Hubs works on any device from head-mounted displays like HTC Vive to 2D devices like laptops and mobile phones. Using WebVR, a JavaScript API, Mozilla is making virtual interactions with avatars accessible via Firefox and other browser that people use every day.

    In the course of building the first online social platform for VR and AR on the web, Mozilla wanted confirm it was building a platform that would bring people together and do so in a low-friction, safe, and scalable way. With her years of experience and seminal studies examining the successes and pitfalls of social VR systems across the ecosystem, Jessica Outlaw and Tyesha Snow of The Extended Mind, set out to generate insights about the user experience and deliver recommendations of how to improve the Hubs product.

  • Support Localization – Top 50 Sprint and More

    I hope you can still remember that last month we kicked off a “Top 20 Sprint” for several locales available on the Support site. You can read more about the reasons behind it here and the way it had been going here.

    In September, the goal has been extended to include a wider batch of articles that quality into the “Top 50” – that is, the 50 most popular Knowledge Base articles globally. You can see their list on this dashboard: https://support.mozilla.org/en-US/contributors/kb-overview

    I wanted to share with you the progress our community has made over the last weeks and call out those who have contributed towards Mozilla’s broader linguistic coverage of support content, making all the possible versions of Firefox easier to use for millions of international users.

  • The Developer Toolbar (or GCLI) is no longer in DevTools

    The DevTools GCLI has been removed from the Firefox codebase (bug), which roughly translates into 20k less lines of code to think about, and the associated tests which are not running anymore, so yay for saving both brain and automation power!

    We triaged all the existing bugs, and moved a bunch worth keeping to DevTools → Shared Components, to avoid losing track of them (they’re mostly about taking screenshots). Then the ever helpful Emma resolved the rest as incomplete, and moved the component to the DevTools Graveyard in Bugzilla, to avoid people filing bugs about code that does not exist anymore.

    During this removal process we’ve heard from some of you that you miss certain features from GCLI, and we’ve taken note, and will aim to bring them back when time and resourcing allow. In the meantime, thank you for your feedback! It helps us better understand how you use the tools.

Mozilla: Privacy Settings, Recovery Keys and WebRender Progress

Filed under
Moz/FF
  • 25,000 Americans Urge Venmo to Update Its Privacy Settings

    Earlier this week, Mozilla visited Venmo’s headquarters in New York City and delivered a petition signed by more than 25,000 Americans. The petition urges the payment app to put users’ privacy first and make Venmo transactions private by default.

    Also this week: A new poll from Mozilla and Ipsos reveals that 77% of respondents believe payment apps should not make transaction details public by default. (More on our poll results below.)

    Millions of Venmo users’ spending habits are available for anyone to see. That’s because Venmo transactions are currently public by default — unless users manually update their settings, anyone, anywhere can see whom they’re sending money to, and why.

    Mozilla’s petition urges Venmo to change these settings. By making privacy the default, Venmo can better protect its seven million users — and send a powerful message about the importance of privacy. But so far, Venmo hasn’t formally responded to our petition and to the 25,000 Americans who signed their names.

  • Mozilla Firefox Account Gets A New Recovery Key Option For Forgotten Passwords

    The Mozilla team has announced a new recovery key option for Firefox accounts that can be used to access Firefox data if users forget their passwords.

    Starting today, users will be able to generate a one-time recovery key associated with their account. Once the key is used to access the account, it becomes invalid, and the user needs to create another one.

    [...]

    Sync encrypts the user’s browser data on a local computer by using Firefox account password. It then sends this encrypted data to Mozilla’s servers for storage making sure that no one can access it without the user’s password (which acts as a decryption key here).

  • WebRender newsletter #23

    Bonjour everyone! Here comes the twenty third installment of WebRender’s very best newsletter. This time I’m trying something a bit different. Instead of going through each pull request and bugzilla entry that landed since the last post, I’m only sourcing information from the team’s weekly meeting. As a result only the most important items make it to the list and not all items have links to their bug or pull request. Doing this allows me to spend considerably less time preparing the newsletter and will hopefully help with publishing it more often.

    Last time I mentioned WebRender being enabled on nightly by default for a small subset of the users, focusing on nVidia desktop GPUs on Windows 10. I’m happy to report that we didn’t set our nightly user population on fire and that WebRender is still enabled in these configurations (as expected, sure, but with a project as large and ambitious as WebRender it isn’t something that could be taken for granted). The choice of this particular configuration of hardware and driver led to a lot of speculation online, so I just want clarify a few things. We did not strike any deal with nVidia. nVidia didn’t send engineers to help us get WebRender to work on their hardware first. No politics, I promise. We learnt from past mistakes and chose to target a small population of Firefox users at first specifically because it is small. Each combination of OS/Vendor/driver exposes its own set of bugs and a progressive and targeted rollout means we’ll be better equipped to react in a timely manner to incoming bugs than we have been with past projects.
    Worry not, the end game is for WebRender to be Firefox’s rendering engine for everyone. Until then, are welcome to enable WebRender manually if your OS, hardware or driver isn’t in the initial target.

Mozilla: Account Recovery, Censorship Advocacy, Rust, Aadhaar

Filed under
Moz/FF
  • Firefox Accounts offer recovery key option

    Firefox Accounts help you get more out of your Firefox experience. With a Firefox Account, you can get all your bookmarks, passwords, open tabs and more — everywhere you use Firefox. Working on your desktop, browsing on your couch with a tablet, out and about in the world on your mobile device.

  • Account recovery keys in Firefox Accounts

    The Firefox Accounts team is in the process of releasing a new feature called Account Recovery. Previously, when a user resets their password, they would be given new encryption keys and could potentially risk losing any synced bookmarks, passwords and browsing history. With Account Recovery, a user can keep their encryption keys and not lose any data.

    A more technical overview of how this feature works can be found here.

    If you are interested in trying it out, simply goto your Firefox Account settings and click Account Recovery. If you do not see the Account Recovery option, you might not be in the rollout group yet. However, it can be manually enabled using these instructions.

  • EU Code published: another step forward in the fight against disinformation

    Today, the advertising and technology sectors presented the world’s first ever Code of Practice on Disinformation. Brokered in Europe, and motivated by the European Commission’s Communication on Tackling Disinformation and the report of the High Level Expert Group on Fake News, the Code represents another step towards countering the spread of disinformation.

    This initiative complements the work we’ve been doing at Mozilla to invest in technologies and tools, research and communities, to fight against information pollution and honour our commitment to an internet that elevates critical thinking, reasoned argument, shared knowledge, and verifiable facts.

  • This Week in Rust 253

    This week's crate is packed_simd, a crate with portable SIMD vector types. Thanks to Gabriel Majeri for the suggestion!

  • A mixed bag: Mozilla reacts to the Indian Supreme Court’s landmark verdict on Aadhaar

    By holding Section 57 of the Aadhaar Act to be unconstitutional, the Supreme Court of India has recognized the privacy risks created by the indiscriminate use of Aadhaar for private services. While this is welcome, by allowing the State wide powers to make Aadhaar mandatory for welfare subsidies and PAN, this judgment falls short of guaranteeing Indians meaningful choice on whether and how to use Aadhaar. This is especially worrisome given that India still lacks a data protection law to regulate government or private use of personal data. Now, more than ever, we need legal protections that will hold the government to account.

Mozilla: Rust, Servo, Firefox Monitor and Curl

Filed under
Moz/FF
  • The Rust Programming Language Blog: Announcing Rust 1.29.1

    The Rust team is happy to announce a new version of Rust, 1.29.1. Rust is a systems programming language focused on safety, speed, and concurrency.

  • This Week In Servo 114

    Big shout-out to @eijebong for digging into the underlying cause of an ongoing, frustrating intermittent problem with running websocket tests in CI.

  • Mozilla Launches Firefox Monitor To Alert You When Your Data Is Breached

    Mozilla just launched a free service called Firefox Monitor to help users find out whether their accounts have been a part of the numerous data breaches that occur every year.

    Just enter your email ID on the Firefox Monitor website and get it scanned to find any cases of compromised online accounts.

  • Daniel Stenberg: 10,000 stars

    On github, you can 'star' a project. It's a fairly meaningless way to mark your appreciation of a project hosted on that site and of course, the number doesn't really mean anything and it certainly doesn't reflect how popular or widely used or unused that particular software project is. But here I am, highlighting the fact that today I snapped the screenshot shown above when the curl project just reached this milestone: 10,000 stars.

    In the great scheme of things, the most popular and starred projects on github of course have magnitudes more stars. Right now, curl ranks as roughly the 885th most starred project on github. According to github themselves, they host an amazing 25 million public repositories which thus puts curl in the top 0.004% star-wise.

More Malware-Like Behaviour From Chrome and Firefox Introduces Firefox Monitor, Other News

Filed under
Google
Moz/FF
Web
  • Now Chrome Doesn’t Delete “Google Cookies” Even If You Clear All Cookies

    Yet another privacy concern for Google Chrome users! Previously, we talked about Google’s auto-login mechanism which is hijacking our local Google Chrome data. Now, another Chrome 69 setting has come to light which is risking our freedom to remove data.

  • Introducing Firefox Monitor, Helping People Take Control After a Data Breach

    Data breaches, when information like your username and password are stolen from a website you use, are an unfortunate part of life on the internet today. It can be hard to keep track of when your information has been stolen, so we’re going to help by launching Firefox Monitor, a free service that notifies people when they’ve been part of a data breach. After testing this summer, the results and positive attention gave us the confidence we needed to know this was a feature we wanted to give to all of our users.

  • Firefox Monitor, take control of your data

    That sinking feeling. You’re reading the news and you learn about a data breach. Hackers have stolen names, addresses, passwords, survey responses from a service that you use. It seems like we’re having that sinking feeling more and more. But we don’t have to despair. While technology will never be impervious to attacks, we can make sure that we’re able to respond when we learn that our personal data and passwords are part of a breach.

  • Firefox Quantum, Beta and Nightly Affected by ‘Reap Firefox’ Crash Attack

    A particular vulnerability in the present Firefox browser has been unraveled by the security researcher and basically the creater of this bug, Sabri Haddouche in his blog post. He pointed towards a bug which brings the browser and also the operating system possibly with a ‘Reap Firefox’ attack crash. This vulnerability affects Firefox versions working under Linux, macOS and Windows.

  • $1.6 Million to Connect Unconnected Americans: Our NSF-WINS Grand Prize Winners

    After months of prototyping and judging, Mozilla and the National Science Foundation are fueling the best and brightest ideas for bringing more Americans online

    Today, Mozilla and the National Science Foundation (NSF) are announcing the grand prize winners in our Wireless Innovation for a Networked Society (NSF-WINS) Challenges — an audacious competition to connect millions of unconnected Americans.

    The grand prize winners are as novel as they are promising: An 80-foot tower in rural Appalachia that beams broadband connectivity to residents. And, an autonomous network that fits in two suitcases — and can be deployed after earthquakes and hurricanes.

Mozilla: Privacy, R.I.P., and Consent Management at Mozfest 2018

Filed under
Moz/FF
  • Firefox collects data on you through hidden add-ons

    Mozilla, the organisation that produces the Firefox browser and makes a loud noise about its open source credentials, is quietly collecting telemetry data on its users by the use of hidden add-ons, even though publicly visible telemetry controls are not selected.

  • R.I.P., Charles W. Moore, a fine man who liked fine Macs

    A farewell and au revoir to a great gentleman in making the most of your old Mac, Charles W. Moore, who passed away at his home in rural Canada on September 16 after a long illness. Mr Moore was an early fan of TenFourFox, even back in the old bad Firefox 4 beta days, and he really made his famous Pismo PowerBook G3 systems work hard for it.

  • Consent management at Mozfest 2018

    Good news. It looks like we're having a consent management mini-conference as part of Mozfest next month. (I'm one of the organizers for the Global Consent Manager session, and plan to attend the others.)

Syndicate content

More in Tux Machines

today's howtos

Linus Torvalds Comments On STIBP & He's Not Happy - STIBP Default Will End Up Changing

It turns out that Linus Torvalds himself was even taken by surprise with the performance hit we've outlined on Linux 4.20 as a result of STIBP "Single Thread Indirect Branch Predictors" introduction as well as back-porting already to stable series for cross-hyperthread Spectre V2 protection. He doesn't want this enabled in full by default. All of the benchmarking I've been doing the past few days to shine the light on the Linux kernel's STIBP addition appears to be paying off. My tests have found Linux 4.20 to incur significant performance penalties in many workloads -- in fact, more so than some of the earlier Spectre and Meltdown mitigations -- and STIBP is already being back-ported to stable series like Linux 4.19.2. PHP, Pythom, Java, and many other workloads are measurably affected and even the gaming performance to some extent. Read more

Submissions now open for the Fedora 30 supplemental wallpapers

Each release, the Fedora Design team works with the community on a set of 16 additional wallpapers. Users can install and use these to supplement the standard wallpaper. Submissions are now open for the Fedora 30 Supplemental Wallpapers, and will remain open until January 31, 2019 Have you always wanted to start contributing to Fedora but don’t know how? Submitting a supplemental wallpaper is one of the easiest ways to start as a Fedora contributor. Keep reading to learn how. Read more

Android Leftovers