Language Selection

English French German Italian Portuguese Spanish


Mozilla Things Gateway, Firefox Telemetry with Prio and Servo Report

Filed under
  • Things Gateway - the Refrigerator and the Samsung Buttons

    Perhaps I'm being overly effusive, but right now, the Samsung SmartThings Button is my Holy Grail of the Internet of Things. Coupled with the Things Gateway from Mozilla and my own Web Thing API rule system, the Samsung Button grants me invincibility at solving some vexing Smart Home automation tasks.

    Consider this problem: my kitchen is in an old decrepit farm house built in 1920. The kitchen has a challenging layout with no good space for any modern appliance. The only wall for the refrigerator is annoyingly narrower than an average refrigerator. Unfortunately, the only switches for the kitchen and pantry lights are on that wall, too. The refrigerator blocks the switches to the point they can only be felt, not seen.

    For twenty years, I've been fine slipping my hand into the dusty cobwebs behind the refrigerator to turn on the lights. I can foresee the end of this era. I'm imagining two Samsung Buttons magnetically tacked to a convenient and accessible side of the refrigerator: one for the pantry and one for the kitchen.


    This is just a simple finite state machine. The three shop lights are controlled by the list, combinations, referenced by an index. The only trigger is the KitchenButton (again, played by a Samsung Button). If the button is short pressed the index is incremented modulo the number of combinations. If the button is longPressed, the finite state machine is reset to state 0 and all the shop lights turned off.

  • Testing Privacy-Preserving Telemetry with Prio

    Building a browser is hard; building a good browser inevitably requires gathering a lot of data to make sure that things that work in the lab work in the field. But as soon as you gather data, you have to make sure you protect user privacy. We’re always looking at ways to improve the security of our data collection, and lately we’ve been experimenting with a really cool technique called Prio.

    Currently, all the major browsers do more or less the same thing for data reporting: the browser collects a bunch of statistics and sends it back to the browser maker for analysis; in Firefox, we call this system Telemetry. The challenge with building a Telemetry system is that data is sensitive. In order to ensure that we are safeguarding our users’ privacy, Mozilla has built a set of transparent data practices which determine what we can collect and under what conditions. For particularly sensitive categories of data, we ask users to opt-in to the collection and ensure that the data is handled securely.


    In recent months, we’ve been experimenting with one such system: Prio, developed by Professor Dan Boneh and PhD student Henry Corrigan-Gibbs of Stanford University’s Computer Science department. The basic insight behind Prio is that for most purposes we don’t need to collect individual data, but rather only aggregates. Prio, which is in the public domain, lets Mozilla collect aggregate data without collecting anyone’s individual data. It does this by having the browser break the data up into two “shares”, each of which is sent to a different server. Individually the shares don’t tell you anything about the data being reported, but together they do. Each server collects the shares from all the clients and adds them up. If the servers then take their sum values and put them together, the result is the sum of all the users’ values. As long as one server is honest, then there’s no way to recover the individual values.

  • This Week In Servo 117

    In the past weeks, we merged 49 PRs in the Servo organization’s repositories.

Mozilla: Censorship, Nightly, WebRender, Women Who Tech

Filed under
  • Firefox, Chrome and the Future of Trustworthy Extensions

    Browser extensions are wonderful. Nearly every day I come across a new Firefox extension that customizes my browser in some creative way I’d never even considered. Some provide amusement for a short time, while others have become indispensable to my work and life. Extensions are a real-world manifestation of one of Mozilla’s core principles — that individuals must have the ability to shape the internet and their experiences on it.

    Another of Mozilla’s core principles is that an individual’s security and privacy on the internet are fundamental and must not be treated as optional. We’ve made the decision to support extensions, but it is definitely a balancing act. Our users’ freedom to customize their browser – their “user agent” – and to personalize their experience on the web can also be exploited by malicious actors to compromise users’ security and privacy.

  • These Weeks in Firefox: Issue 48
  • WebRender Reaches Beta For GPU-Accelerated Web Rendering In Firefox

    WebRender, the very exciting multi-year project for providing more GPU-accelerated rendering of web content and originally developed as part of the experimental Servo engine, has reached the beta milestone. 

    WebRender was announced today to have achieved the beta milestone, but there are several blocker bugs remaining so it will remain in beta for a few release streams before it has "received enough polish to hit the release population."

  • Women Who Tech and Mozilla Announce Winners of Women Startup Challenge Europe

    Europe was at the center of a milestone for women in tech today as nonprofit Women Who Tech and tech giant Mozilla announced the winners of the Women Startup Challenge Europe. Women-led startup finalists from across Europe pitched their ventures before a prestigious panel of tech industry executives and investors on 25 October at Paris’s City Hall, co-hosted by the office of Mayor Anne Hidalgo.

    “While it’s alarming to see the amount of funding for women-led startups compared to European companies as a whole go down from 14% to 11% between 2016 and 2018, the Women Startup Challenge is on a mission to close the funding gap once and for all. If the tech world wants to innovate and solve the world’s toughest problems and generate record returns, they will invest in diverse startups,” said Allyson Kapin, founder of Women Who Tech. “If investors don’t know where to look, our Women Startup Challenge program has a pipeline of over 2,300 women-led ventures who are ready to scale.”

    Sampson Solutions from the UK won the grand prize, receiving $35,000 in funding via Women Who Tech to help scale their startup. The Audience Choice Award went to Inorevia from Paris, France. Mozilla awarded an additional $25,000 cash grant to Vitrue from the UK, selected by jury member Mitchell Baker, Chairwoman of Mozilla.

Announcing Rust 1.30

Filed under

The Rust team is happy to announce a new version of Rust, 1.30.0. Rust is a systems programming language focused on safety, speed, and concurrency.

Read more

Mozilla: Dweb, Research, Rust

Filed under
  • Dweb: Identity for the Decentralized Web with IndieAuth

    IndieAuth is a decentralized login protocol that enables users of your software to log in to other apps.

    From the user perspective, it lets you use an existing account to log in to various apps without having to create a new password everywhere.

    IndieAuth builds on existing web technologies, using URLs as identifiers. This makes it broadly applicable to the web today, and it can be quickly integrated into existing websites and web platforms.

    IndieAuth has been developed over several years in the IndieWeb community, a loosely connected group of people working to enable individuals to own their online presence, and was published as a W3C Note in 2018.

  • Keeping AI Accountable with Science Fiction, Documentaries, and Doodles (Plus $225,000)

    The artificial intelligence (AI) behind our screens has an outsized impact on our lives — it influences what news we read, who we date, and if we’re hired for that dream job.

    More than ever, it’s essential for internet users to understand how this AI works — and how it can go awry, from radicalizing YouTube users to promoting bias to spreading misinformation.

  • This Week in Rust 257
  • University of Dundee and Mozilla Announce Doctoral Program for ‘Healthier IoT’

    This week, the University of Dundee and Mozilla are announcing a new, innovative PhD program: OpenDoTT (Open Design of Trusted Things). This program will train technologists, designers, and researchers to create and advocate for connected products that are more open, secure, and trustworthy. The project is made possible through €1.5m in funding from the EU’s Horizon 2020 program.

Mozilla: Android, Search, Things Gateway, and More

Filed under
  • Firefox 63 for Android Brings Picture-In-Picture Support, App Now Targets Oreo

    Mozilla officially released today the Firefox 63 "Quantum" web browser on desktop platforms, including Linux, Windows, and Mac, as well on mobile platforms, for Android devices.

  • Save a step when you’re searching with Firefox

    We live in an amazing time. When all the knowledge in the world is at our fingertips. Where having an edge doesn’t come from being able to remember information, but instead from how quickly you can get to it. It’s part of why is one of the highest trafficked webpages in existence.

  • Things Gateway - Sunrise, Sunset, Swifty Flow the Days

    In my previous blog post, I introduced Time Triggers to demonstrate time based home automation. Sometimes, however, pegging an action down to a specific time doesn't work: darkness falls at different times every evening as one season follows another. How do you calculate sunset time? It's complicated, but there are several Python packages that can do it: I chose Astral.

    The Things Gateway doesn't know where it lives. The Raspberry Pi distribution that includes the Things Gateway doesn't automatically know and understand your timezone when it is booted. Instead, it uses UTC, essentially Greenwich Mean Time, with none of those confounding Daylight Savings rules. Yet when viewing the Things Gateway from within a browser, the times in the GUI Rule System automatically reflect your local timezone. The presentation layer of the Web App served by the Things Gateway is responsible for showing you the correct time for your location. Beware, when you travel and access your Things Gateway GUI rules remotely from a different timezone, any references to time will display in your remote timezone. They'll still work properly at their appropriate times, but they will look weird during travel.

  • Firefox 63 new contributors

    With the release of Firefox 63, we are pleased to welcome the 53 developers who contributed their first code change to Firefox in this release, 44 of whom were brand new volunteers!

  • Firefox 63 blocks tracking cookies, offers a VPN when you need one

    Tracking cookies store some kind of unique identifier that represents your browser. The cookie is tied to a third-party domain—the domain of the tracking company, rather than the site you're visiting. Each site you visit that embeds the tracking cookie will allow the tracking company to see the sites you visit and, using that unique identifier, cross-reference different visits to different sites to build a picture of your online behavior.

  • Calling Celery from Twisted

    I use Twisted and Celery daily at work, both are useful frameworks, both have a lot of great information out there, but a particular use (that I haven’t seen discussed much online, hence this post) is calling Celery tasks from Twisted (and subsequently using the result).

    The difference between Twisted and Celery seems to be a frequent question people have (check out the number of questions on StackOverflow). The main difference, from my point of view, is that Twisted is a “batteries included” networking framework that is asynchronous / evented for handling of I/O, Celery is a distributed task queue which excels at short CPU-bound tasks where the asynchronous nature comes from running multiple processes.

Mozilla: Firefox 65 Plans and Firefox 63 Analysis

Filed under

Latest Firefox Rolls Out Enhanced Tracking Protection

Filed under

At Firefox, we’re always looking to build features that are true to the Mozillia mission of giving people control over their data and privacy whenever they go online. We recently announced our approach to Anti-tracking where we discussed three key feature areas we’re focusing on to help people feel safe while they’re on the web. With today’s release, we’re making progress against “removing cross-site tracking” with what we’re calling Enhanced Tracking Protection.

Read more

Mozilla: Firefox 63, TenFourFox FPR10, Servo Progress

Filed under
  • Firefox 63 Released with Tab Switcher Changes, More Robust Web Extensions

    Firefox 63 is the first version of the web browser to run web extensions (previously known as add-ons) in their own processes on Linux systems. Firefox already runs “out-of-process extensions” in its Windows and Mac builds.

    Although largely a technical change it should lead to some tangible performance benefits, and help improve the overall security and stability of Firefox. Should an add-on crash or have a memory leak it can no longer take the rest of the browser (or its tabs) with it.

  • Cameron Kaiser: TenFourFox FPR10 available

    TenFourFox Feature Parity Release 10 final is now available (downloads, hashes, release notes). This version is live now. Other than outstanding security updates, in this version I also retracted the change (by flipping the pref) for unique data URL origins in issue 525 because of some reported add-on incompatibility. I'm looking at a way add-ons can get around this with their existing code for FPR11, but you're warned: many sites rely on this behaviour to reduce their cross-site scriping surface, and we will have to turn it back on sooner or later.

    The changes for FPR11 (December) and FPR12 will be smaller in scope mostly because of the holidays and my parallel work on the POWER9 JIT for Firefox on the Talos II. For the next couple FPRs I'm planning to do more ES6 work (mostly Symbol and whatever else I can shoehorn in) and to enable unique data URI origins, and possibly get requestIdleCallback into a releaseable state. Despite the slower pace, however, we will still be tracking the Firefox release schedule as usual.

  • RGSoC wrap-up - Supporting Responsive Images in Servo

    Hey everyone, this is Nupur Baghel and Paavini Nanda, from the team “101 Days of Summer”. Both of us are computer engineering undergraduate students from New Delhi, India. We were involved with Servo this summer under the Rails Girls Summer of Code program and spent an amazing 3 months implementing functionalities to support responsive images in Servo <3

  • This Week In Servo 116

    In the past weeks, we merged 61 PRs in the Servo organization’s repositories.

Mozilla: WebAssembly, WebExtensions, Firefox Starts Testing 3rd-Party VPN Service

Filed under
  • WebAssembly’s post-MVP future: A cartoon skill tree

    People have a misconception about WebAssembly. They think that the WebAssembly that landed in browsers back in 2017—which we called the minimum viable product (or MVP) of WebAssembly—is the final version of WebAssembly.

    I can understand where that misconception comes from. The WebAssembly community group is really committed to backwards compatibility. This means that the WebAssembly that you create today will continue working on browsers into the future.

    But that doesn’t mean that WebAssembly is feature complete. In fact, that’s far from the case. There are many features that are coming to WebAssembly which will fundamentally alter what you can do with WebAssembly.

    I think of these future features kind of like the skill tree in a videogame. We’ve fully filled in the top few of these skills, but there is still this whole skill tree below that we need to fill-in to unlock all of the applications.

  • Firefox 63.0 Available With WebExtensions On Linux Now Run In Their Own Process

    Ahead of the expected official release announcement tomorrow, Firefox 63.0 is now available from the Mozilla servers.

    Firefox 63.0 is notable for Linux desktop users in that WebExtensions now run in their own processes. There are a number of other changes though that benefit exclusively macOS and Windows users.

  • Mozilla Firefox Starts Testing 3rd-Party VPN Service

    It seems like Mozilla is following the footsteps of Opera. A German website reports that Mozilla will start testing commercial VPN for a few users in the USA, starting from today.

    Unlike Opera that offers its own VPN service, Mozilla is partnering with Swiss VPN provider ProtonVPN to use their networking resources for a more, advanced level of security.

Mozilla: WebRender, Spoke, Encrypted SNI, Blender, Opus 1.3

Filed under
  • WebRender newsletter #26

    Here comes the 26th issue of WebRender’s newsletter.

  • Getting serious about political ad transparency with Ad Analysis for Facebook

    Do you know who is trying to influence your vote online? The votes of your friends and neighbors? Would you even know how to find out? Despite all the talk of election security, the tech industry still falls short on political ad transparency. With the U.S. midterm elections mere weeks away, this is a big problem.

    We can’t solve this problem alone, but we can help by making it more visible and easier to understand. Today we are announcing the release of our experimental extension, Ad Analysis for Facebook, to give you greater transparency into the online advertisements, including political ads, you see on Facebook.

  • Introducing Spoke: Make your own custom 3D social scenes

    Today we’re thrilled to announce the beta release of Spoke: the easiest way to create your own custom social 3D scenes you can use with Hubs.

    Over the last year, our Social Mixed Reality team has been developing Hubs, a WebVR-based social experience that runs right in your browser. In Hubs, you can communicate naturally in VR or on your phone or PC by simply sharing a link.

    Along the way, we’ve added features that enable social presence, self-expression, and content sharing. We’ve also offered a variety of scenes to choose from, like a castle space, an atrium, and even a wide open space high in the sky.

  • Encrypted SNI Comes to Firefox Nightly

    Firefox Nightly now supports encrypting the TLS Server Name Indication (SNI) extension, which helps prevent attackers on your network from learning your browsing history. You can enable encrypted SNI today and it will automatically work with any site that supports it. Currently, that means any site hosted by Cloudflare, but we’re hoping other providers will add ESNI support soon.

  • If you build it (together), they will come…

    Mozilla and the Khronos Group collaborate to bring glTF capabilities to Blender

    Mozilla is committed to the next wave of creativity in the open Web, in which people can access, create and share immersive VR and AR experiences across platforms and devices. What it takes though is an enthusiastic, skilled and growing community of creators, artists, and also businesses forming a healthy ecosystem, as well as tool support for web developers who build content for it. To overcome a fragmented environment and to allow for broad adoption, we need the leading content format to be open, and frameworks and toolsets to be efficient and interoperable. Ensuring that tools for creation, modification and viewing are open to the entire community and that there aren’t gatekeepers to creativity is one of the main working areas for Mozilla’s Mixed Reality (WebXR) Team. Building on its “Open by Design” strategy Open Innovation partnered with that team around Lars Bergstrom to find neat, yet impactful ways to stimulate external collaboration, co-development and co-funding of technology.

  • Mozilla Productivity Tip: Managing try pushes

    I tend to do a lot of try pushes for testing changes to Gecko and other stuff, and by using one of TreeHerder's (apparently) lesser-known features, managing these pushes to see their results is really easy. If you have trouble managing your try pushes, consider this:

    Open a tab with an author filter for yourself. You can do this by clicking on your email address on any of your try pushes (see highlighted area in screenshot below). Keep this tab open, forever. By default it shows you the last 10 try pushes you did, and if you leave it open, it will auto-update to show newer try pushes that you do.

  • Opus 1.3 Released - One Of The Leading Lossy Open-Source Audio Codecs

    Opus 1.3 features improvements to allow using SILK with bitrates down to around 5kb/s, wideband encoding down to 9kb/s, improved Ambisonics support, better security hardening, a new speech/music detector, and more.

  • Introducing Opus 1.3

    The Opus Audio Codec gets another major update with the release of version 1.3 (demo).

    Opus is a totally open, royalty-free audio codec that can be used for all audio applications, from music streaming and storage to high-quality video-conferencing and VoIP. Six years after its standardization by the IETF, Opus is now included in all major browsers and mobile operating systems. It has been adopted for a wide range of applications, and is the default WebRTC codec.

Syndicate content

More in Tux Machines

Today in Techrights

Security: Bo Weaver, New Scares, Clones With Malware

  • Bo Weaver on Cloud security, skills gap, and software development in 2019
    Bo Weaver, a Kali Linux expert shares his thoughts on the security landscape in the cloud. He also talks about the skills gap in the current industry and why hiring is a tedious process. He explains the pitfalls in software development and where the tech is heading currently. Bo, along with another Kali Linux expert Wolf Halton were also interviewed on why Kali Linux is the premier platform for testing and maintaining Windows security. They talked about advantages and disadvantages for using Kali Linux for pentesting. We also asked them about what they think about pentesting in cybersecurity, in general. They have also talked about their stance about the role of pentesting in cybersecurity in their interview titled, “Security experts, Wolf Halton and Bo Weaver, discuss pentesting and cybersecurity” [...] I laugh and cry at this term. I have a sticker on my laptop that says “There is no Cloud…. Only other people’s computers.” Your data is sitting on someone else’s system along with other people’s data. These other people also have access to this system. Sure security controls are in place but the security of “physical access” has been bypassed. You’re “in the box”. One layer of security is now gone. Also, your vendor has “FULL ACCESS” to your data in some cases. How can you be sure what is going on with your data when it is in an unknown box in an unknown data center? The first rule of security is “Trust No One”. Do you really trust Microsoft, Amazon, or Google? I sure don’t!!! Having your data physically out of your company’s control is not a good idea. Yes, it is cheaper but what are your company and its digital property worth? [...] In software development, I see a dumbing down of user interfaces. This may be good for my 6-year-old grandson, but someone like me may want more access to the system. I see developers change things just for the reason of “change”. Take Microsoft’s Ribbon in Office. Even after all these years, I find the ribbon confusing and hard to use. At least, with Libre Office, they give you a choice between a ribbon and an old school menu bar. The changes in Gnome 3 from Gnome 2. This dumbing down and attempting to make a desktop usable for a tablet and a mouse totally destroyed the usability of their desktop. What used to take 1 click now takes 4 clicks to do.
  • Security experts, Wolf Halton and Bo Weaver, discuss pentesting and cybersecurity [Interview]
  • Cloud security products uninstalled by mutating malware [Ed: Affects already-compromised servers]
    Linux is more prevalent than one might think, Microsoft Azure is now predominantly run on Linux servers - it's not just the Chinese cloud environments being hosted via Linux, it's likely that your business is running at least one cloud service on a Linux server too.
  • Google Play still has a clone problem in 2019 with no end in sight
    A fake app tries to clone another app in name, looks, and functionality, often also adding something like malware. Despite Google’s best efforts, both types of apps were fairly common in 2018.

Programming: GNU Binutils, Qt, Python, GStreamer, C++ and GTK+

  • GNU Binutils 2.32 Branched Ahead Of Release With New Features
    A new release of the GNU Binutils programming tools will soon be available. The upcoming Binutils 2.32 release is primarily made up of new CPU ports.  GNU Binutils 2.32 is bringing a MIPS port to the Loongson 2K1000 processor and the Loongson 3A1000/3A2000/3A3000 processors, all of which are based on the MIPS64r2 ISA but with different instruction set extensions. These new GPUs are exposed via -march=gs264e, -march=gs464, and -march=gs464e flags. With Binutils 2.32, the utilities like objdump and c++filt now have a maximum amount of recursion that is allowed while demangling strings with the current default being 2048. There is also a --no-recurse-limit for bypassing that limit. Objdump meanwhile allows --disassemble to specify a starting symbol for disassembly.
  • Building Qt apps with Travis CI and Docker
    I recently configured Travis CI to build Nanonote, my minimalist note-taking application. We use Jenkins a lot at work, and despite the fact that I dislike the tool itself, it has proven invaluable in helping us catch errors early. So I strongly believe in the values of Continuous Integration. When it comes to CI setup, I believe it is important to keep your distances with the tool you are using by keeping as much setup as possible in tool-agnostic scripts, versioned in your repository, and making the CI server use these scripts.
  • PyPI Security and Accessibility Q1 2019 Request for Proposals Update
    Earlier this year we launched a Request for Information (RFI) followed by the launch of a Request for Proposals (RFP) in November to fulfill a contract for the Open Technology Fund (OTF) Core Infrastructure Fund.  The initial deadline for our RFP was December 14th. We had hoped to begin work with the selected proposers in January 2019, but ultimately fell short of the ability to do so.
  • GStreamer 1.15.1 Released With Work On AV1, V4L HEVC Encode/Decode
    GStreamer 1.15.1 was announced on Friday as the first development release in the trek towards GStreamer 1.16 for this powerful open-source multimedia framework.
  • GStreamer 1.15.1 development release
    The GStreamer team is pleased to announce the first development release in the unstable 1.15 release series. The unstable 1.15 release series adds new features on top of the current stable 1.14 series and is part of the API and ABI-stable 1.x release series of the GStreamer multimedia framework. The unstable 1.15 release series is for testing and development purposes in the lead-up to the stable 1.16 series which is scheduled for release in a few weeks time. Any newly-added API can still change until that point, although it is rare for that to happen.
  • Is C++ fast?
    A library that I work on often these days, meshoptimizer, has changed over time to use fewer and fewer C++ library features, up until the current state where the code closely resembles C even though it uses some C++ features. There have been many reasons behind the changes - dropping C++11 requirement allowed me to make sure anybody can compile the library on any platform, removing std::vector substantially improved performance of unoptimized builds, removing algorithm includes sped up compilation. However, I’ve never quite taken the leap all the way to C with this codebase. Today we’ll explore the gamut of possible C++ implementations for one specific algorithm, mesh simplifier, henceforth known as simplifier.cpp, and see if going all the way to C is worthwhile.
  • Python Counters @PyDiff
  • Report: (clxi) stackoverflow python report
  • Regular Expressions in Python
  • Starting on a new map rendering library
    Currently in Maps, we use the libchamplain library to display the bitmap map titles (based on OpenStreetMap data and aerial photography) that we get from our tile provider, currently MapBox. This library is based on Clutter and used via the GTK+ embed support within libchamplain, which in turn makes use of the Clutter GTK embed support. Since this will not be supported when moving along to GTK+ 4.x and the Clutter library is not maintained anymore (besides the copy of it that is included in the GNOME Shell window manager/Wayland compositor, Mutter) eventually Maps will have to find a replacement. There's also some wonky bugs especially with regards to the mixing of event handling on the Clutter side vs. the GTK+ side. So to at least get the ball rolling a bit, I recently decided to see how hard it would be to take the code from libchamplain and keep the grotty deep-down internals dealing with tile downloading and caching and such and refocus the top-level parts onto new GTK+ 4 technologies such as the Snapshot, GSK (scene graph), and render node APIs.

today's howtos