Language Selection

English French German Italian Portuguese Spanish

Moz/FF

Mozilla: Shrinking Go Binaries, Sending Requests to Cloudflare, Taskcluster, Telemetry, This Week in Rust

Filed under
Moz/FF
  • Shrinking Go Binaries
  • Firefox Nightly Secure DNS Experimental Results

    A previous post discussed a planned Firefox Nightly experiment involving secure DNS via the DNS over HTTPS (DoH) protocol. That experiment is now complete and this post discusses the results.

    Browser users are currently experiencing spying and spoofing of their DNS information due to reliance on the unsecured traditional DNS protocol. A paper from the 2018 Usenix Security Symposium provides a new data point on how often DNS is actively interfered with – to say nothing of the passive data collection that it also endures. DoH will let Firefox securely and privately obtain DNS information from one or more services that it trusts to give correct answers and keep the interaction private.

  • Taskcluster Artifact API extended to support content verification and improve error detection
  • Let’s be Transparent

    Two years ago, we released the Firefox Hardware Report to share with the public the state of desktop hardware. Whether you’re a web developer deciding what hardware settings to test against or someone just interested in CPUs and GPUs, we wanted to provide a public resource to show exactly what technologies are running in the wild.

    This year, we’re continuing the tradition by releasing the Firefox Public Data Report. This report expands on the hardware report by adding data on how Firefox desktop users are using the browser and the web. Ever wanted to know the effect of Spring Festival on internet use in China? (it goes down.) What add-on is most popular this week in Russia? (it’s Визуальные закладки.) What country averages the most browser use per day? (Americans, with about 6 to 6.5 hours of use a day.) In total there are 10 metrics, broken down by the top 10 countries, with plans to add more in the future.

  • This Week in Rust 249

    This Week in Rust is openly developed on GitHub. If you find any errors in this week's issue, please submit a PR.

Mozilla: Cathy Davidson, SUMO Days Firefox 62, SETA, Venmo and Taskcluster

Filed under
Moz/FF
  • Thank You, Cathy Davidson

    Cathy Davidson joined the Mozilla Foundation board in 2012, and has been a force helping us broaden our horizons and enter new areas. Cathy was the first person to join the Foundation board without a multi-year history with browsers or open source. This was an act of bravery!

  • SUMO Days Firefox 62: you are invited!

    On these days, Support contributors will be online answering questions live and hanging out. If you do not see anyone active online, please contact Rachel (username: guigs) or another Administrator or Operator in the #sumo IRC channel listed in the wiki.

    There is also the two Telegram channels that are active for assignments of tweets and collaboration. You may need an account to participate, so just send a message to social Telegram group – there are guidelines on how to set up Tweetdeck for social if you would like your own workspace, or you can message guigs to add your trello account to the trello board with delegated tweets for the day.

  • Experiment: Adjusting SETA to run individual files instead of individual jobs

    I did an experiment in June (was PTO and busy on migrating a lot of tests in July/August) where I did some queries on the treeherder database to find the actual test cases that caused the failures instead of only the job names. I came up with a list of 171 tests that we needed to run and these ran in 6 jobs in the tree using 147 minutes of CPU time.

  • Dear Venmo: Update Your Privacy Settings

    Last month, privacy researcher and Mozilla Fellow Hang Do Thi Duc released Public By Default, a sobering look at the vast amount of personal data that’s easily accessible on Venmo, the mobile payment app.

    By using Venmo’s public API and its “public by default” setting for user transactions, Hang was able to watch a couple feud on Valentine’s Day, observe a woman’s junk food habits, and peer into a marijuana dealer’s business operations. Seven million people use Venmo every month — and many may not know that their transactions are available for anyone to see.

    Privacy, and not publicity, should be the default.

    Despite widespread coverage of Hang’s work — and a petition by Mozilla that has garnered more than 17,000 signatures — Venmo transactions are still public by default.

  • Taskcluster Credential Derivation in EC2 using S/MIME, OpenSSL's C api and Node.js's N-API

Mozilla: Rep of the Month for August 2018, Bitslicing with Quine-McCluskey, TenFourFox FPR9b3 Available

Filed under
Moz/FF
  • Rep of the Month – August 2018

    Please join us in congratulating Abhiram Ravikumar, our Rep of the Month for August 2018!

    Abhiram Ravikumar is an amazing contributor from Bangalore India and a long time Mozillian contributing as a Rep since November 2015. He is the so-called backbone of the Bangalore community keeping activities going in and around the region.

  • Bitslicing with Quine-McCluskey

    Part one gave a short introduction of bitslicing as a concept, talked about its use cases, truth tables, software multiplexers, LUTs, and manual optimization.

    The second covered Karnaugh mapping, a visual method to simplify Boolean algebra expressions that takes advantage of humans’ pattern-recognition capability, but is unfortunately limited to at most four inputs in its original variant.

    Part three will introduce the Quine-McCluskey algorithm, a tabulation method that, in combination with Petrick’s method, can minimize circuits with an arbitrary number of input values. Both are relatively simple to implement in software.

  • TenFourFox FPR9b3 available

    TenFourFox Feature Parity Release 9 beta 3 is now available (downloads, hashes, release notes). This version has site-specific workarounds for Github's sudden hostility to TenFourFox (fixed using the same workaround we use for Imgur) and pages that use the new version of Cloudflare RocketLoader (by essentially defeating it). I also reduced idle time deferral for a couple rare crashes on the test systems that seemed to be from low memory and added a little tuneup for HTML5 parsing from Firefox 55.

    Of the security patches that landed in this version is a specific one for an issue that affects 10.5, but not 10.4. It's more of an information leak than anything else and wouldn't seem to be very common, but I was able to exploit it on the test network, so now it's worked around. Our implementation is completely different from Mozilla's largely for performance reasons since we only have two operating system flavours to worry about.

Mozilla: Localisation, VR, Hiring and Job Move

Filed under
Moz/FF
  • Support Localization – Top 20 Sprint and More

    It’s time to update you about the current status of the localization clean up initiative proposed a while ago. After an initial outreach to hundreds of previously registered contributors around Mozilla, small groups of still active localizers were asked to try and reach the goal of localizing the Top 20 articles into their language.

  • This Week in Mixed Reality: Issue 17, Hubs Edition

    As I do every week, I was going to say it's mostly be bug fixing. However this week the big news is our update to Hubs, Mozilla's VR chat system. You can now share any kind of media within Hubs: PDFs, images, music, and even Youtube videos.

  • Bias and Hiring: How We Hire UX Researchers

    This year, the Firefox User Research team is planning to add two new researchers to our group. The job posting went live last month, and after just a few weeks of accepting applications, we had over 900 people apply.

    Current members of the Firefox User Research Team fielded dozens of messages from prospective applicants during this time, most asking for informational meetings to discuss the open role. We decided as a team to decline these requests across the board because we did not have the bandwidth for the number of meetings requested, and more importantly we have spent a significant amount of time this year working on minimizing bias in our hiring process.

    We felt that meeting with candidates outside of the formal hiring process would give unfair advantage to some candidates and undermine our de-biasing work. At the same time, in alignment with Mozilla’s values and to build on Mozilla’s diversity and inclusion disclosures from earlier this year, we realized there was an opportunity to be more transparent about our hiring process for the benefit of future job applicants and teams inside and outside Mozilla thinking about how they can minimize bias in their own hiring.

  • Skill Tree Balancing with a Job Move

    I’m moving from Research to Cloud Ops within Mozilla. The following wall of text and silly picture are a brain dump of new ideas about skills and career growth that I’ve built through the process.

Thunderbird Monterail Themes Redux

Filed under
Moz/FF

It just got easier to install the stylish Monterail themes in Thunderbird, the free and open source email client.

The Monterail themes for Thunderbird were created last year by the open source community based on concept designs from a Polish design company.

And they proved an instant hit.

Read more

Mozilla: Screenshots from the Console, These Weeks in Firefox, RLS 1.0 and Bugzilla

Filed under
Moz/FF
  • Screenshots from the Console

    To access the command, open the Web Console via Tools → Web Developer → Console, type in :screenshot and press ENTER. A screenshot of the current document will be downloaded to your downloads directory.

  • These Weeks in Firefox: Issue 43
  • More on the RLS and a 1.0 release

    In my last post, I announced a release candidate for the RLS 1.0. There has been a lot of feedback (and quite a lot of that was negative on the general idea), so I wanted to expand on what 1.0 means for the RLS, and why I think it is ready. I also want to share some of my vision for the future of the RLS, in particular changes that might warrant a major version release.

  • Good First Bugs

    One great way (of many) to get started in software development, particularly in open source, is to find good first bugs. This is a class of software bugs (which should be called issues, since they’re not always bugs) that are easy to fix with little experience. It can also be a great way, once you have software development skills, to learn a new domain or set of tools. Many projects, even well funded ones, are very happy to receive community contributions, if nothing else it’s one other way they can provide opportunities to the community.

    At Mozilla we use bugzilla to track our bugs, and use the good first bug keyword to identify such bugs. You’re welcome to contribute patches for these bugs, and potentially have your work included in Firefox. You can also search by component, so the list of open good first bugs for the garbage collector is here and I’d be happy to help with any of these.

Mozilla: Notes, Dweb, VR, Privacy, Competition and Getting Rid of Old Extensions/Addons

Filed under
Moz/FF
  • Notes now uses Rust & Android components

    Today we shipped Notes by Firefox 1.1 for Android, all existing users will get the updated version via Google Play.

    After our initial testing in version 1.0, we identified several issues with the Android’s “Custom Tab” login features. To fix those problems the new version has switched to using the newly developed Firefox Accounts Android component. This component should resolve the issues that the users experienced while signing in to Notes.

  • Dweb: Serving the Web from the Browser with Beaker

    We work on Beaker because publishing and sharing is core to the Web’s ethos, yet to publish your own website or even just share a document, you need to know how to run a server, or be able to pay someone to do it for you.

    So we asked ourselves, “What if you could share a website directly from your browser?”

    Peer-to-peer protocols like dat:// make it possible for regular user devices to host content, so we use dat:// in Beaker to enable publishing from the browser, where instead of using a server, a website’s author and its visitors help host its files. It’s kind of like BitTorrent, but for websites!

    [...]

    Beaker uses a distributed peer-to-peer network to publish websites and datasets (sometimes we call them “dats”).

  • New in Hubs: Images, Videos, and 3D Models

    A few months ago, we announced an early preview release of Hubs by Mozilla, an experiment to bring Social Mixed Reality to the browser. Since then, we’ve made major strides in improving usability, performance, and support for standalone devices like the Oculus Go. Today, we’re excited to share our first big feature update to Hubs: the ability bring your videos, images, documents, and even 3D models into Hubs by simply pasting a link.

  • Getting cross border lawful access in Europe right

    Lawmakers in the EU have proposed a new legal framework that will make it easier for police in one country to get access to user data in another country (so-called ‘e-evidence’) when investigating crimes. While the law seeks to address some important issues, there is a risk that it will inadvertently undermine due process and the rule of law in Europe. Over the coming months, we’ll be working with lawmakers in Europe to find a policy solution that effectively addresses the legitimate interests of law enforcement, without compromising the rights of our users or the security of our communications infrastructure.

  • Mozilla files FTC comments calling for interoperability to promote competition

    Mozilla’s Internet Health Report 2018 explored concentration of power and centralization online through a spotlight article, “Too big tech?” Five U.S. technology companies often hold the five largest market capitalizations of any industry and any country in the world. Their software and services are entangled with virtually every part of our lives. These companies reached their market positions in part through massive innovation and investment, and they created extremely popular (and lucrative) user experiences. As a consequence of their success, though, the product and business decisions made by these companies move socioeconomic mountains.

    And, like everyone, tech companies make mistakes, as well as some unpopular decisions. For many years, the negative consequences of their actions seemed dwarfed by the benefits. A little loss of privacy seemed easy to accept (for an American audience in particular) in exchange for a new crop of emojis. But from late 2016 through 2017, things changed. The levels of disinformation, abuse, tracking, and control crossed a threshold, sowing distrust in the public and catalyzing governments around the world to start asking difficult questions.

    Since our “Too big tech?” piece was published, this trajectory of government concern has continued. The Facebook / Cambridge Analytica scandal generated testimony from Facebook CEO Mark Zuckerberg on both sides of the Atlantic. The European Commission levied a $5 billion fine on Google for practices associated with the Android mobile operating system. Meanwhile Republican Treasury Secretary Steve Mnuchin called for a serious look at the power of tech companies, and Democratic Senator Mark Warner outlined a 20 point regulatory proposal for social media and technology firms.

  • TenFourFox and legacy addons and their euthanasia thereof

    Presently TenFourFox uses Mozilla Addons as a repository for "legacy" (I prefer "classic" or "can actually do stuff" or "doesn't suck") add-ons that remain compatible with Firefox 45, of which TenFourFox is a forked descendant. Mozilla has now announced these legacy addons will no longer be accessible in October. I don't know if this means that legacy-only addons will no longer be visible, or no longer searchable, or whether older compatible versions of current addons will also be no longer visible, or whatever, or whether everything is going to be deleted and HTH, HAND. The blog post doesn't say. Just assume you may not be able to access them anymore.

    This end-of-support is obviously to correlate with the end-of-life of Firefox 52ESR, the last version to support legacy add-ons. That's logical, but it sucks, particularly for people who are stuck on 52ESR (Windows XP and Vista come to mind). Naturally, this also sucks for alternative branches such as Waterfox which split off before WebExtensions became mandatory, and the poor beleaguered remnants of SeaMonkey.

  • Timeline for disabling legacy add-ons on addons.mozilla.org

    Mozilla will stop supporting Firefox Extended Support Release (ESR) 52, the final release that is compatible with legacy add-ons, on September 5, 2018.

    As no supported versions of Firefox will be compatible with legacy add-ons after this date, we will start the process of disabling legacy add-on versions on addons.mozilla.org (AMO) in September. On September 6, 2018, submissions for new legacy add-on versions will be disabled. All legacy add-on versions will be disabled in early October, 2018. Once this happens, users will no longer be able to find your extension on AMO.

    After legacy add-ons are disabled, developers will still be able to port their extensions to the WebExtensions APIs. Once a new version is submitted to AMO, users who have installed the legacy version will automatically receive the update and the add-on’s listing will appear in the gallery.

Mozilla on Fellows, Software Patents and Volunteer Add-on

Filed under
Moz/FF
  • Mozilla Announces 26 New Fellows in Openness, Science, and Tech Policy

    These technologists, activists, and scientists will spend the next 10 to 12 months creating a more secure, inclusive, and decentralized internet

    A neuroscientist building open-source hardware. A competition expert studying net neutrality enforcement in Nigeria. A technologist studying tools that combat disinformation.

    These are just three of Mozilla’s latest Fellows — 26 technologists, activists, and scientists from more than 10 countries. Today, we’re announcing our 2018-2019 cohort of Fellows, who begin work on September 1, 2018.

  • AV1 and the Video Wars of 2027

    Author’s Note: This post imagines a dystopian future for web video, if we continue to rely on patented codecs to transmit media files. What if one company had a perpetual monopoly on those patents? How could it limit our access to media and culture? The premise of this cautionary tale is grounded in fact. However, the future scenario is fiction, and the entities and events portrayed are not intended to represent real people, companies, or events.

  • Volunteer Add-on Reviewer Applications Open

    Thousands of volunteers around the world contribute to Mozilla projects in a variety of capacities, and extension review is one of them. Reviewers check extensions submitted to addons.mozilla.org (AMO) for their safety, security, and adherence to Mozilla’s Add-on Policies.

    Last year, we paused onboarding new volunteer extension reviewers while we updated the add-on policies and review processes to address changes introduced by the transition to the WebExtensions API and the new post-review process.

Mozilla: FCC, Brotli Compression and an Extension

Filed under
Moz/FF
  • Mozilla files arguments against the FCC – latest step in fight to save net neutrality

    Today, Mozilla is filing our brief in Mozilla v. FCC – alongside other companies, trade groups, states, and organizations – to defend net neutrality rules against the FCC’s rollback that went into effect early this year. For the first time in the history of the public internet, the FCC has disavowed interest and authority to protect users from ISPs, who have both the incentives and means to interfere with how we access online content.

    We are proud to be a leader in the fight for net neutrality both through our legal challenge in Mozilla v. FCC and through our deep work in education and advocacy for an open, equal, accessible internet. Users need to know that their access to the internet is not being blocked, throttled, or discriminated against. That means that the FCC needs to accept statutory responsibility in protecting those user rights — a responsibility that every previous FCC has supported until now. That’s why we’re suing to stop them from abdicating their regulatory role in protecting the qualities that have made the internet the most important communications platform in history.

    This case is about your rights to access content and services online without your ISP blocking, throttling, or discriminating against your favorite services. Unfortunately, the FCC made this a political issue and followed party-lines rather than protecting your right to an open internet in the US. Our brief highlights how this decision is just completely flawed...

  • Using Brotli compression to reduce CDN costs

    The Snippets Service allows Mozilla to communicate with Firefox users directly by placing a snippet of text and an image on their new tab page. Snippets share exciting news from the Mozilla World, useful tips and tricks based on user activity and sometimes jokes.

    To achieve personalized, activity based messaging in a privacy respecting and efficient manner, the service creates a Bundle of Snippets per locale. Bundles are HTML documents that contain all Snippets targeted to a group of users, including their Style-Sheets, images, metadata and the JS decision engine.

    The Bundle is transferred to the client where the locally executed decision engine selects a snippet to display. A carefully designed system with multiple levels of caching takes care of the delivery. One layer of caching is a CloudFront CDN.

  • Working around the extension popout-tab refusing to close on Firefox for Android

    How do you close an web extension popout-winndow (the small window that appears when you click on on extension’s toolbar button)? On the desktop, all you need is a simple window.close(). Because of the limited available screen space Firefox on Android have popout-tabs instead of popout-windows. Users can dismiss these tabs by pressing the back button, closing them manually, or switching to another tab. However, they’re deceptively difficult to close pragmatically.

    This article was last verified for Firefox 61, and applies to Firefox for Android versions 57 and newer.

    It’s common for web extension popout-windows to close themselves after the user has completed an action in them. While many web extensions work on Firefox for Android, users often have to manually close the popout-tabs on their own.

Mozilla: Bitslicing, Mixed Reality, and Sharing

Filed under
Moz/FF
  • Bitslicing with Karnaugh maps

    Bitslicing, in cryptography, is the technique of converting arbitrary functions into logic circuits, thereby enabling fast, constant-time implementations of cryptographic algorithms immune to cache and timing-related side channel attacks.

    My last post Bitslicing, An Introduction showed how to convert an S-box function into truth tables, then into a tree of multiplexers, and finally how to find the lowest possible gate count through manual optimization.

  • This Week in Mixed Reality: Issue 16

    On Monday Andrzej Mazur launched the 2018 edition of the JS13KGames competition. As the name suggests, you have to create a game using only thirteen kilobytes of Javascript (zipped) or less. Check out some of last year's winners to see what is possible in 13k.

    This year Mozilla is sponsoring the new WebXR category, which lets you use A-Frame or Babylon.js without counting towards the 13k. See the full rules for details. Prizes this year includes the Oculus Go for the top three champions.

  • Share files easily with extensions

    When we want to share digital files, most people think of popular file hosting services like Box or Dropbox, or other common methods such as email and messaging apps. But did you know there are easier—and more privacy-focused—ways to do it with extensions? WeTransfer and Fire File Sender are two intriguing extension options.

    WeTransfer allows you to send files up to 2GB in size with a link that expires seven days from upload. It’s really simple to use—just click the toolbar icon and a small pop-up appears inviting you to upload files and copy links for sharing. WeTransfer uses the highest security standards and is compliant with EU privacy laws. Better still, recipients downloading files sent through WeTransfer won’t get bombarded with advertisements; rather, they’ll see beautiful wallpapers picked by the WeTransfer editorial team. If you’re interested in additional eye-pleasing backgrounds, check out WeTransfer Moment.

Syndicate content

More in Tux Machines

OSS Leftover

  • How an affordable open source eye tracker is helping thousands communicate
    In 2015, while sat in a meeting at his full-time job, Julius Sweetland posted to Reddit about a project he had quietly been working on for years, that would help people with motor neurone disease communicate using just their eyes and an application. He forgot about the post for a couple of hours before friends messaged him to say he'd made the front page. Now three years on Optikey, the open source eye-tracking communication tool, is being used by thousands of people, largely through word of mouth recommendations. Sweetland was speaking at GitHub Universe at the Palace of Fine Art in San Francisco, and he took some time to speak with Techworld about the project. [...] Originally, Sweetland's exposure to open source had largely been through the consumption of tools such as the GIMP. "I knew of the concept, I didn't really know how the nuts and bolts worked, I was always a little blase about how do you make money from something like that... but flipping it around again I'm still coming from the point of view that there's no money in my product, so I still don't understand how people make money in open source...
  • Fission open source serverless framework gets updated
    Platform9 just released updates to Fission.io - the open source, Kubernetes-native Serverless framework, with new features enabling developers and IT Operations to improve the quality and reliability of serverless applications. Other new features include Automated Canary Deployments to reduce the risk of failed releases, Prometheus integration for automated monitoring and alerts, and fine-grained cost and performance optimization capabilities. With this latest release, Fission offers the most complete set of features to allow Dev and Ops teams to safely adopt Serverless and benefit from the speed, cost savings and scalability of this cloud native development pattern on any environment - either in the public cloud or on-premises.
  • Alphabet’s DeepMind open-sources key building blocks from its AI projects
  • United States: It's Ten O'Clock: Do You Know Where Your Software Developers Are? [Ed: Smith Gambrell & Russell LLP are liars. Dana Hustins says FSF "purport to convert others' proprietary software into open source software" in there. They paint GPL as a conspiracy of some kind to entrap proprietary s/w developers.]
  • Transatomic Power To Open Source IP Regarding Advanced Molten Salt Reactors [Ed: There's no such thing as "IP", Duane Morris LLP. There are copyrights, trademarks, patents etc. and Transatomic basically made code free.]
  • Code Review--an Excerpt from VM Brasseur's New Book Forge Your Future with Open Source
    Even new programmers can provide a lot of value with their code reviews. You don't have to be a Rockstar Ninja 10x Unicorn Diva programmer with years and years of experience to have valuable insights. In fact, you don't even have to be a programmer at all. You just have to be knowledgable enough to spot patterns. While you won't be able to do a complete review without programming knowledge, you may still spot things that could use some work or clarification. If you're not a Rockstar Ninja 10x Unicorn Diva programmer, not only is your code review feedback still valuable, but you can also learn a great deal in the process: Code layout, programming style, domain knowledge, best practices, neat little programming tricks you'd not have seen otherwise, and sometimes antipatterns (or "how not to do things"). So don't let the fact that you're unfamiliar with the code, the project, or the language hold you back from reviewing code contributions. Give it a go and see what there is to learn and discover.

Security Leftovers

Android Leftovers

Ubuntu 18.10 (Cosmic Cuttlefish) Is Now Available to Download

After six months in development, Ubuntu 18.10 (Cosmic Cuttlefish) is now finally here, and you can download the ISO images right now for all official flavors, including Kubuntu, Xubuntu, Lubuntu, Ubuntu MATE, Ubuntu Budgie, Ubuntu Kylin, and Ubuntu Studio, for 64-bit and 32-bit architectures (only Lubuntu and Xubuntu). The Ubuntu Server edition is also out and it's supported on more hardware architectures than Ubuntu Desktop, including 64-bit (amd64), ARM64 (AArch64), IBM System z (s390x), PPC64el (Power PC 64-bit Little Endian), and Raspberry Pi 2/ARMhf. A live Ubuntu Server flavor is also available only for 64-bit computers. Read more Also: Ubuntu Linux 18.10 arrives