Language Selection

English French German Italian Portuguese Spanish

Moz/FF

Mozilla: Bitslicing, Mixed Reality, and Sharing

Filed under
Moz/FF
  • Bitslicing with Karnaugh maps

    Bitslicing, in cryptography, is the technique of converting arbitrary functions into logic circuits, thereby enabling fast, constant-time implementations of cryptographic algorithms immune to cache and timing-related side channel attacks.

    My last post Bitslicing, An Introduction showed how to convert an S-box function into truth tables, then into a tree of multiplexers, and finally how to find the lowest possible gate count through manual optimization.

  • This Week in Mixed Reality: Issue 16

    On Monday Andrzej Mazur launched the 2018 edition of the JS13KGames competition. As the name suggests, you have to create a game using only thirteen kilobytes of Javascript (zipped) or less. Check out some of last year's winners to see what is possible in 13k.

    This year Mozilla is sponsoring the new WebXR category, which lets you use A-Frame or Babylon.js without counting towards the 13k. See the full rules for details. Prizes this year includes the Oculus Go for the top three champions.

  • Share files easily with extensions

    When we want to share digital files, most people think of popular file hosting services like Box or Dropbox, or other common methods such as email and messaging apps. But did you know there are easier—and more privacy-focused—ways to do it with extensions? WeTransfer and Fire File Sender are two intriguing extension options.

    WeTransfer allows you to send files up to 2GB in size with a link that expires seven days from upload. It’s really simple to use—just click the toolbar icon and a small pop-up appears inviting you to upload files and copy links for sharing. WeTransfer uses the highest security standards and is compliant with EU privacy laws. Better still, recipients downloading files sent through WeTransfer won’t get bombarded with advertisements; rather, they’ll see beautiful wallpapers picked by the WeTransfer editorial team. If you’re interested in additional eye-pleasing backgrounds, check out WeTransfer Moment.

Mozilla: WebTorrent, Bitslicing, Firefox Security Add-on and Time Dilation

Filed under
Moz/FF
  • These Weeks in Firefox: Issue 42
  • Dweb: Building a Resilient Web with WebTorrent

    WebTorrent is the first torrent client that works in the browser. It’s written completely in JavaScript – the language of the web – and uses WebRTC for true peer-to-peer transport. No browser plugin, extension, or installation is required.

    Using open web standards, WebTorrent connects website users together to form a distributed, decentralized browser-to-browser network for efficient file transfer. The more people use a WebTorrent-powered website, the faster and more resilient it becomes.

  • Bitslicing, An Introduction

    Bitslicing (in software) is an implementation strategy enabling fast, constant-time implementations of cryptographic algorithms immune to cache and timing-related side channel attacks.

    This post intends to give a brief overview of the general technique, not requiring much of a cryptographic background. It will demonstrate bitslicing a small S-box, talk about multiplexers, LUTs, Boolean functions, and minimal forms.

  • Firefox Security Add-on on 222k Devices Found Sending Browsing Data to Remote German Server

    There is a popular browser add-on which is installed by 222,746 Firefox users according to Mozilla’s own statistics of add-on downloads. According to a German security blogger, Mike Kuketz, and the author of uBlock Origin, Raymond Hill, this particular add-on has been spying on users’ activity by tapping into their browser histories and keeping track of the web pages that they visit. This add-on is the Web Security extension for the Mozilla Firefox browser.

    Web Security is designed to protect users from online phishing and malware attacks that could potentially steal personal information. This comes across as ironic as the extension is found to be unethically keeping tabs (pun intended) on your own information, evading your privacy without your consent. The reason that this news is hitting the stands so massively is that the add-on was publicized by Mozilla itself in a blog post just last week. The add-on boasts fantastic reviews and that’s why it is used so widely by so many people too.

  • Time Dilation

    I riffed on this a bit over at twitter some time ago; this has been sitting in the drafts folder for too long, and it’s incomplete, but I might as well get it out the door. Feel free to suggest additions or corrections if you’re so inclined.

    You may have seen this list of latency numbers every programmer should know, and I trust we’ve all seen Grace Hopper’s classic description of a nanosecond at the top of this page, but I thought it might be a bit more accessible to talk about CPU-scale events in human-scale transactional terms. So: if a single CPU cycle on a modern computer was stretched out as long as one of our absurdly tedious human seconds, how long do other computing transactions take?

Mozilla: Rustfmt 1.0, Amy Keating Joins as General Counsel, Extension APIs and L10N Report

Filed under
Moz/FF
  • Rustfmt 1.0 release candidate

    The current version of Rustfmt, 0.99.2, is the first 1.0 release candidate. It is available on nightly and beta (technically 0.99.1 there) channels, and from the 13th September will be available with stable Rust.

    1.0 will be a huge milestone for Rustfmt. As part of it's stability guarantees, it's formatting will be frozen (at least until 2.0). That means any sub-optimal formatting still around will be around for a while. So please help test Rustfmt and report any bugs or sub-optimal formatting.

  • Welcome Amy Keating, our incoming General Counsel

    Amy joins Mozilla from Twitter, Inc. where she has been Vice President, Legal and Deputy General Counsel. When she joined Twitter in 2012, she was the first lawyer focused on litigation, building out the functions and supporting the company as both the platform and the employee base grew in the U.S. and internationally. Her role expanded over time to include oversight of Twitter’s product counseling, regulatory, privacy, employment legal, global litigation, and law enforcement legal response functions. Prior to Twitter, Amy was part of Google, Inc.’s legal team and began her legal career as an associate at Bingham McCutchen LLP.

  • Building Extension APIs with Friend of Add-ons Oriol Brufau

    Please meet Oriol Brufau, our newest Friend of Add-ons! Oriol is one of 23 volunteer community members who have landed code for the WebExtensions API in Firefox since the technology was first introduced in 2015. You may be familiar with his numerous contributions if you have set a specific badge text color for your browserAction, highlighted multiple tabs with the tabs.query API, or have seen your extension’s icon display correctly in about:addons.

    While our small engineering team doesn’t always have the resources to implement every approved request for new or enhanced WebExtensions APIs, the involvement of community members like Oriol adds considerable depth and breadth to technology that affects millions of users. However, the Firefox code base is large, complex, and full of dependencies. Contributing code to the browser can be difficult even for experienced developers.

    As part of celebrating Oriol’s achievements, we asked him to share his experience contributing to the WebExtensions API with the hope that it will be helpful for other developers interested in landing more APIs in Firefox.

  • L10N Report: August Edition

    After a quick pause in July, your primary source of localization information at Mozilla is back!

Mozilla: Licensing Edgecases, TLS, Chatra, Send and Rust

Filed under
Moz/FF
  • Licensing Edgecases

    While I’m not a lawyer – and I’m definitely not your lawyer – licensing questions are on my plate these days. As I’ve been digging into one, I’ve come across what looks like a strange edge case in GPL licensing compliance that I’ve been trying to understand. Unfortunately it looks like it’s one of those Affero-style, unforeseen edge cases that (as far as I can find…) nobody’s tested legally yet.

    I spent some time trying to understand how the definition of “linking” applies in projects where, say, different parts of the codebase use disparate, potentially conflicting open source licenses, but all the code is interpreted. I’m relatively new to this area, but generally speaking outside of copying and pasting, “linking” appears to be the critical threshold for whether or not the obligations imposed by the GPL kick in and I don’t understand what that means for, say, Javascript or Python.

  • TLS 1.3 Published: in Firefox Today

    On friday the IETF published TLS 1.3 as RFC 8446. It’s already shipping in Firefox and you can use it today. This version of TLS incorporates significant improvements in both security and speed.

    Transport Layer Security (TLS) is the protocol that powers every secure transaction on the Web. The version of TLS in widest use, TLS 1.2, is ten years old this month and hasn’t really changed that much from its roots in the Secure Sockets Layer (SSL) protocol, designed back in the mid-1990s. Despite the minor number version bump, this isn’t the minor revision it appears to be. TLS 1.3 is a major revision that represents more than 20 years of experience with communication security protocols, and four years of careful work from the standards, security, implementation, and research communities (see Nick Sullivan’s great post for the cool details).

  • Chatting with your website visitors through Chatra

    When I started the blog, I didn’t add a message board below each article because I don’t have the time to deal with spam. Due to broken windows theory, if I leave the spam unattended my blog will soon become a landfill for spammers. But nowadays many e-commerce site or brand sites have a live chatting box, which will solve my problem because I can simply ignore spam, while interested readers can ask questions and provide feedbacks easily. That’s why when my sponsor, Chatra.io, approached me with their great tool, I fell in love with it right away and must share it with everyone.

  • Send: Going Bigger

    Send encrypts your files in the browser. This is good for your privacy because it means only you and the people you share the key with can decrypt it. For me, as a software engineer, the challenge with doing it this way is the limited API set available in the browser to “go full circle”. There’s a few things that make it a difficult problem.

    The biggest limitation on Send today is the size of the file. This is because we load the entire thing into memory and encrypt it all at once. It’s a simple and effective way to handle small files but it makes large files prone to failure from running out of memory. What size of file is too big also varies by device. We’d like everyone to be able to send large files securely regardless of what device they use. So how can we do it?

    The first challenge is to not load and encrypt the file all at once. RFC 8188 specifies a standard for an encrypted content encoding over HTTP that is designed for streaming. This ensures we won’t run out of memory during encryption and decryption by breaking the file into smaller chunks. Implementing the RFC as a Stream give us a nice way to represent our encrypted content.

  • Never patterns, exhaustive matching, and uninhabited types (oh my!)

    One of the long-standing issues that we’ve been wrestling with in Rust is how to integrate the concept of an “uninhabited type” – that is, a type which has no values at all. Uninhabited types are useful to represent the “result” of some computation you know will never execute – for example, if you have to define an error type for some computation, but this particular computation can never fail, you might use an uninhabited type.

Mozilla: MDN Changelog, Servo and VR

Filed under
Moz/FF
  • MDN Changelog for July 2018: CDN tests, Goodbye Zones, and BCD

    We moved MDN Web Docs to a CDN in April 2018, and saw a 16% improvement in page load times. We shipped with 5 minute expiration times for MDN pages, so that the CDN will request a fresh copy after a short time. MDN is a wiki, and we can’t predict when a page will change. 300 seconds was a compromise between some caching for our most popular pages, and how long an author would need to wait for a changed page to be published to all visitors. 80% of visitors are getting an uncached page.

  • GSoC wrap-up - Splitting Servo's script crate

    The solution introduces a TypeHolder trait which contains associated types, and makes many structures in the script crate generic over this new trait. This allows the generic structs to refer to the new trait’s associated types, while the actual concrete types can be extracted into a separate crate. Testing shows significant improvement in memory consumption (25% lower) and build time (27% faster).

  • This Week in Mixed Reality: Issue 15

    This week is mainly about bug fixing and getting some new features to launch.

Mozilla Development and News

Filed under
Moz/FF
  • Firefox DevEdition 62 Beta 18 Testday, August 17th

    We are happy to let you know that Friday, August 17th, we are organizing Firefox 62 DevEdition Beta 18 Testday. We’ll be focusing our testing on Activity Stream, React Animation Inspector and Toolbars & Window Controls features. We will also have fixed bugs verification and unconfirmed bugs triage ongoing.

  • How to DoH-only with Firefox

    Firefox supports DNS-over-HTTPS (aka DoH) since version 62.

    You can instruct your Firefox to only use DoH and never fall-back and try the native resolver; the mode we call trr-only. Without any other ability to resolve host names, this is a little tricky so this guide is here to help you. (This situation might improve in the future.)

    In trr-only mode, nobody on your local network nor on your ISP can snoop on your name resolves. The SNI part of HTTPS connections are still clear text though, so eavesdroppers on path can still figure out which hosts you connect to.

    [...]

    network.trr.uri - set this to the URI of the DoH server you want to use. This should be a server you trust and want to hand over your name resolves to. The Cloudflare one we've previously used in DoH tests with Firefox is https://mozilla.cloudflare-dns.com/dns-query.

  • #5 State of Mozilla Support: 2018 Mid-year Update – Part 5

    We are happy to share with you the final post of the series, which started with two external research report analyses, moved on to sharing updates and plans for support forums, social support, and localization, and now is about to conclude with our strategic summary.

  • Rep of the Month – July 2018

    Please join us in congratulating Lívia Takács, our Rep of the Month for July 2018!

    Livia is a UI developer and visual designer from Hungary and has been part of the Reps program for a bit more than a year. In that time she organized a lot of events with different communities (like LibreOffice) and also workshops.

  • Updated Firefox 61.0.2 includes Bug Fixes and Automatic Recovery feature for Windows

    The latest update to Firefox 61.0.2 adds support for automatic restoring of Firefox session after Windows is restarted. Presently this feature is not available by default for majority of users but will possibly be enabled gradually in the coming few weeks.

  • Make your Firefox browser a privacy superpower with these extensions

    Privacy is important for everyone, but often in different ways. That’s part of why Firefox Extensions are so powerful. Starting with a browser like Firefox, that’s built for privacy out of the box, you can use extensions to customize your browser to suit your personal privacy needs.

  • The Video Wars of 2027

    This post imagines a dystopian future for web video, if we continue to rely on patented codecs to transmit media files. What if one company had a perpetual monopoly on those patents? How could it limit our access to media and culture? The premise of this cautionary tale is grounded in fact. However, the future scenario is fiction, and the entities and events portrayed are not intended to represent real people, companies, or events.

    [...]

    In 1998, the U.S. Congress passed the Sonny Bono Copyright Term Extension Act. This new law extended copyrights on corporate works to the author’s lifetime plus 95 years. The effort was driven by the Walt Disney Company, to protect its lucrative retail franchise around the animated character Mickey Mouse. Without this extension, Mickey would have entered the public domain, meaning anyone could create new cartoons and merchandise without fear of being sued by Disney. When the extension passed, it gave Disney another 20 years to profit from Mickey. The news sparked outrage from lawyers and academics at the time, but it was a dull and complex topic that most people didn’t understand or care about.

    In 2020, Disney again lobbied to extend the law, so its copyright would last for 10,000 years. Its monopoly on our culture was complete. No art, music, video, or story would pass into the public domain for millennia. All copyrighted ideas would remain the private property of corporations. The quiet strangulation of our collective creativity had begun.

Mozilla: San Francisco 2018 All Hands, Reps Council and More

Filed under
Moz/FF
  • State of Mozilla Support: 2018 Mid-year Update – Part 4

    The San Francisco 2018 All Hands flew by and so did the last two months. I cannot tell you how grateful I am to have been able to attend this event.

    If I were to look back on some of the highlights, they would be pretty nitty gritty detailed. But I will share with you a few of them.

  • Onboarding team for 2nd half of 2018

    As we have entered the second half of the year, the Reps Council has worked on updating the Onboarding Screening Team for 2018-2.

    The scope of this team is to help on evaluating the new applications to the Reps program by helping the Reps Council on this process.

  • Mozilla B-Team: happy bmo push day!
  • DWeb: Social Feeds with Secure Scuttlebutt

    Scuttlebutt is a free and open source social network with unique offline-first and peer-to-peer properties. As a JavaScript open source programmer, I discovered Scuttlebutt two years ago as a promising foundation for a new “social web” that provides an alternative to proprietary platforms. The social metaphor of mainstream platforms is now a more popular way of creating and consuming content than the Web is. Instead of attempting to adapt existing Web technologies for the mobile social era, Scuttlebutt allows us to start from scratch the construction of a new ecosystem.

Browsers That Spy

Filed under
Google
Moz/FF
Web
  • Firefox Advance Uses Your Browser History to Recommend Web Content

    If you’re short on things to read — seriously? — be sure to check out the latest experiment in the Firefox Test Pilot program.

    It’s called Advance and it aims to ‘advance’ you past the site you’re currently gawping at and on to the next. How? By giving you a list of articles and web pages based on your browsing history, of course.

    Don’t scream. Honestly. This feature is not part of the default browser (not yet, anyway). You have to explicitly choose to enable it.

    [...]

    Now, before anyone screams “I already use this! It’s called Google Chrome!” let me stress that this is an entirely optional, opt-in feature for Firefox. You have to go out of your way to install it. It is not part of the default install. If you don’t want it, you don’t have to use it.

    You remain in control when Advance is running. You can, at any point, see what browser history Laserlike has processed and — GDPR box check — request the deletion of that information.

    Advance by Firefox limits its remit to your search history, specifically web page addresses. It doesn’t monitor what you write/say/do when using a website, or the specific content that’s on it.

  • Dev Channel Update for Desktop

    The dev channel has been updated to 70.0.3514.0 for Windows & Linux, and 70.0.3514.2 for Mac.  

  • Chrome 70 Dev Release With Shape Detection API

    While Chrome 69 was released last week, today Google has shipped their latest "dev" release of Chrome 70 for interested testers.

    New Chrome 70 dev channel releases are available today for Linux, macOS, and Windows. Key features for Chrome 70 is the introduction of the Shape Detection API, disabling some touch event APIs by default on desktop hardware, CSS Grid Layout behavior updates, WebUSB support within dedicated worker contexts, several security enhancements, and various other minor updates.

Mozilla: More on Gervase Markham and Thunderbird 60

Filed under
Moz/FF
  • In Memoriam: Gervase Markham

    Gerv was Mozilla’s first intern. He arrived in the summer of 2001, when Mozilla staff was still AOL employees. It was a shock that AOL had allocated an intern to the then-tiny Mozilla team, and we knew instantly that our amazingly effective volunteer in the UK would be our choice.

    When Gerv arrived a few things about him jumped out immediately. The first was a swollen, shiny, bright pink scar on the side of his neck. He quickly volunteered that the scar was from a set of surgeries for his recently discovered cancer. At the time Gerv was 20 or so, and had less than a 50% chance of reaching 35. He was remarkably upbeat.

    The second thing that immediately became clear was Gerv’s faith, which was the bedrock of his response to his cancer. As a result the scar was a visual marker that led straight to a discussion of faith. This was the organizing principle of Gerv’s life, and nearly everything he did followed from his interpretation of how he should express his faith.

  • Thunderbird email client gets a new look, new features, and a new logo

    A new version of Thunderbird is now available to download.

    Thunderbird 60 is the first stable release of the ephemeral desktop email client since the launch of Thunderbird 52 way back in early 2017.

    A year in development — but has it been worth the wait?

  • Mozilla Thunderbird 60.0 Ships With New Photon Look, Important Changes

    After more than one year since the previous major stable release (52.0), Mozilla Thunderbird 60.0 was released with some important changes, including a new Firefox-like "Photon" look, new logo, and attachment management improvements, among others.

    The free and open source email, news, RSS and chat client Thunderbird version 60.0 includes a Firefox-like Photon look, in which the tabs are square (and other theme improvements), along with new light and dark themes. WebExtension themes are enabled in Thunderbird with version 60, and you'll also find multiple chat themes.

Firefox Offers Recommendations with Latest Test Pilot Experiment: Advance

Filed under
Moz/FF
  • Firefox Offers Recommendations with Latest Test Pilot Experiment: Advance

    The internet today is often like being on a guided tour bus in an unfamiliar city. You end up getting off at the same places that everyone else does. While it’s convenient and doesn’t require a lot of planning, sometimes you want to get a little off the beaten path.

    With the latest Firefox experiment, Advance, you can explore more of the web efficiently, with real-time recommendations based on your current page and your most recent web history.

    With Advance we’re taking you back to our Firefox roots and the experience that started everyone surfing the web. That time when the World Wide Web was uncharted territory and we could freely discover new topics and ideas online. The Internet was a different place.

  • Firefox Test Pilot: Advancing the Web

    The web runs on algorithms. Your search results, product recommendations, and the news you read are all customized to your interests. They are designed to increase the time you spend in front of a screen, build addiction to sites and services, and ultimately maximize the number of times you click on advertisements.

    Without discounting the utility that this personalization can provide, it’s important to consider the cost: detailed portfolios of data about you are sitting on a server somewhere, waiting to be used to determine the optimum order of your social media feeds. Even if you trust that the parties collecting that data will use it responsibly, it has to live somewhere and has to be transmitted there, which makes it a juicy target for bad actors who may not act so responsibly.

Syndicate content

More in Tux Machines

BSD: FreeBSD 12.0 Beta and Upgrading OpenBSD with Ansible

Graphics: XRGEARS and Arcan's Latest

  • XRGEARS: Infamous "Gears" Now On VR Headsets With OpenHMD, Vulkan
    Well, the virtual reality (VR) demo scene is now complete with having glxgears-inspired gears and Utah teapot rendering on VR head mounted displays with the new XRGEARS. Kidding aside about the gears and teapot, XRGEARS is a nifty new open-source project with real value by Collabora developer Lubosz Sarnecki. XRGEARS is a standalone VR demo application built using the OpenHMD initiative for tracking and Vulkan for rendering. XRGEARS supports both Wayland and X11 environments or even running off KMS itself. This code also makes use of VK_EXT_direct_mode_display with DRM leasing.
  • Arcan versus Xorg – Approaching Feature Parity
    This is the first article out of three in a series where I will go through what I consider to be the relevant Xorg feature set, and compare it, point by point, to how the corresponding solution or category works in Arcan. This article will solely focus on the Display Server set of features and how they relate to Xorg features, The second article will cover the features that are currently missing (e.g. network transparency) when they have been accounted for. The third article will cover the features that are already present in Arcan (and there are quite a few of those) but does not exist in Xorg.
  • Arcan Display Server Is Nearing Feature Parity With The X.Org Server
    The Arcan display server, which started off years ago sounding like a novelty with being a display server built off a game engine in part and other interesting features, is nearing feature parity with the X.Org Server. While most hobbyist display server projects have failed, Arcan has continued advancing and with an interesting feature set. Recently they have even been working on a virtual reality desktop and an interesting desktop in general. Arcan is getting close to being able to offering the same functionality as a traditional X.Org Server. If you are interested in a lengthy technical read about the differences between Arcan and X.Org, the Arcan developers themselves did some comparing and contrasting when it comes to the display support, windowing, input, font management, synchronization, and other areas.

CoC/Systemd Supremacy Over Linux Kernel

  • New Linux Code of Conduct Revisions: CoC Committee Added Plus Interpretation & Mediator
    The Linux Code of Conduct introduced last month that ended up being quite contentious will see some revisions just ahead of the Linux 4.19 stable kernel release. Greg Kroah-Hartman has outlined the planned changes as well as a new Code of Conduct Interpretation document. In the weeks since the Linux kernel CoC was merged, various patches were proposed but none merged yet. It turns out Greg KH was working in private with various kernel maintainers/developers on addressing their feedback and trying to come up with solutions to the contentious issues in private.
  • Some kernel code-of-conduct refinements
    Greg Kroah-Hartman has posted a series of patches making some changes around the newly adopted code of conduct. In particular, it adds a new document describing how the code is to be interpreted in the kernel community.
  • Systemd Adds Feature To Fallback Automatically To Older Kernels On Failure
    Systemd's latest feature is the concept of "boot counting" that will track kernel boot attempts and failures as part of an automatic boot assessment. Ultimately this is to provide automatic fallback to older kernels should a newer kernel be consistently failing. The feature was crafted over the past few months by Lennart Poettering himself to provide a way when making use of systemd-boot on UEFI systems it can automatically fallback to an older kernel if a newer kernel is consistently causing problems. This is treated as an add-on to the Boot Loader Specification. The systemd boot assessment is designed that it could also be used by non-UEFI systems and other boot platforms.

ODROID 'Hacker Board'

  • ODROID Rolling Out New Intel-Powered Single Board Computer After Trying With Ryzen
    While ODROID is most known for their various ARM single board computers (SBCs), some of which offer impressive specs, they have dabbled in x86 SBCs and on Friday announced the Intel-powered ODROID-H2. In the announcement they mentioned as well they were exploring an AMD Ryzen 5 2500U powered SBC computer, which offered fast performance but the price ended up being prohibitive. After the falling out with Ryzen over those cost concerns, they decided to go ahead with an Intel Geminilake SoC. Geminilake is slower than their proposed Ryzen board, but the price was reasonable and it ends up still being much faster than ODROID's earlier Apollolake SBC.
  • Odroid-H2 is world’s first Gemini Lake hacker board
    Hardkernel unveiled the Odroid-H2, the first hacker board with an Intel Gemini Lake SoC. The Ubuntu 18.10 driven SBC ships with 2x SATA 3.0, 2x GbE, HDMI and DP, 4x USB, and an M.2 slot for NVMe. When the Odroid-H2 goes on sale in November at a price that will be “higher than $100,” Hardkernel will join a small group of vendors that have launched a community backed x86-based SBC. This first open spec hacker board built around Intel’s new Gemini Lake SoC — and one of the first Gemini Lake SBCs of any kind — follows earlier Arm-based Odroid winners such as the Odroid-C2 Raspberry Pi pseudo clone and the octa-core Odroid-XU4.