Language Selection

English French German Italian Portuguese Spanish

Moz/FF

Mozilla: Rust Compiler (rustc), TenFourFox FPR13b1 and Keeping Add-Ons Safe for Users

Filed under
Moz/FF
  • How to speed up the Rust compiler in 2018

    18 months ago I wrote about some work I did to speed up the Rust compiler (rustc). I’ve recently taken this work up again. Also, in the meantime rustc’s build system has been replaced and its benchmark suite has been overhauled. So it’s a good time for an update.

  • TenFourFox FPR13b1 available (now with WebP and AppleScript)

    TenFourFox Feature Parity Release 13 beta 1 is now available (downloads, hashes, release notes). I took a different tack on this release because I still don't have good solutions for the missing JavaScript features currently affecting Citibank, Github and a few other sites, so I've chosen to push out some side projects I've been working on in order not to make this a wasted release. Those features are support for WebP images and support for AppleScript automation.

    WebP images are an up-and-coming format based on the WebM VP8 codec, another way Google will consume the Web from the inside out, but they do have image size advantages and Firefox now supports them in Firefox 65. Google has two demonstration WebP galleries you can use to view some samples, and there are colour-managed examples in the Skia test suite. TenFourFox's WebP support currently can display lossy, lossless, transparent and colour-managed images, and will properly use any embedded colour profile. However, it is not currently AltiVec-accelerated (we do have some AltiVec VP8 code, so this should be possible at some point), and it does not yet support animated WebP images, which will appear blank. For this reason we don't pass an Accept: header indicating we accept WebP images like mainline Firefox and certain other browsers, though we will naturally try to display it if we get one. If you encounter issues related to WebP, you can try setting image.webp.enabled to false, but I'm planning to ship this support in FPR13 final, so it defaults to true.

  • Mozilla Future Releases Blog: Keeping Add-Ons Safe for our Users

    We’ve seen many changes in the tech landscape since we launched addons.mozilla.org (AMO) in 2005. A few add-ons have millions of users, while there are many add-ons that have smaller audiences with specific needs. One add-on I really like is AddToAny, which lets me share on social networks. It is similar to a feature we used to have in Firefox that we removed due to lack of use, and I’m sure the 5,000 Firefox users of AddToAny are happy to have it. Unfortunately, the same system that allows privacy and security extensions to work can also make people vulnerable to data mining and malicious activity. While our users love how they can make Firefox theirs, they also look to us to maintain their safety and privacy on the web.

    Now more than ever, we need to deliver on the trust our users place in us and the expectations we place on our users to understand the choices they make with regards to the software they install. In many ways, we’ve mitigated risks by adopting WebExtensions as our means for extending Firefox, but as more and more functionality migrates to the cloud, policing this ecosystem through code review and policy is impractical.

Fedora 30 Will Have Firefox Wayland By Default But Could Be Reverted If Too Buggy

Filed under
Red Hat
Moz/FF

The plan to use the Wayland-native version of Firefox by default for Fedora Workstation 30 atop GNOME has been tentatively approved by the Fedora Engineering and Steering Committee (FESCo).

At this morning's FESCo meeting, the Fedora stakeholders approved of this late change to ship the Wayland-enabled version of Firefox by default, after they've been carrying this spin of Firefox in their package repository for several cycles but haven't made use of it out-of-the-box. This Firefox Wayland version will be used by Fedora 30 straight-away when running on the GNOME Shell Wayland session.

Read more

Also: Bodhi 3.13.1 released

Mozilla: Extensions in Firefox 66 and Jingle Smash (VR)

Filed under
Moz/FF
  • Extensions in Firefox 66

    I want to start by highlighting an important change that has a major, positive impact for Firefox users. Starting in release 66, extensions use IndexedDB as the backend for local storage instead of a JSON file. This results in a significant performance improvement for many extensions, while simultaneously reducing the amount of memory that Firefox uses.

    This change is completely transparent to extension developers – you do not need to do anything to take advantage of this improvement. When users upgrade to Firefox 66, the local storage JSON file is silently migrated to IndexedDB. All extensions using the storage.local() API immediately realize the benefits, especially if they store small changes to large structures, as is true for ad-blockers, the most common and popular type of extension used in Firefox.

    The video below, using Adblock Plus as an example, shows the significant performance improvements that extension users could see.

  • Jingle Smash: Geometry and Textures

    I’m not a designer or artist. In previous demos and games I’ve used GLTFs, which are existing 3D models created by someone else that I downloaded into my game. However, for Jingle Smash I decided to use procedural generation, meaning I combined primitives in interesting ways using code. I also generated all of the textures with code. I don’t know how to draw pretty textures by hand in a painting tool, but 20 years of 2D coding means I can code up a texture pretty easily.

    Jingle Smash has three sets of graphics: the blocks, the balls, and the background imagery. Each set uses its own graphics technique.

Mozilla: Root Certificate Store, Rust and WebAssembly

Filed under
Moz/FF
  • Why Does Mozilla Maintain Our Own Root Certificate Store?

    Mozilla maintains a database containing a set of “root” certificates that we use as “trust anchors”. This database, commonly referred to as a “root store”, allows us to determine which Certificate Authorities (CAs) can issue SSL/TLS certificates that are trusted by Firefox, and email certificates that are trusted by Thunderbird. Properly maintaining a root store is a significant undertaking – it requires constant effort to evaluate new trust anchors, monitor existing ones, and react to incidents that threaten our users. Despite the effort involved, Mozilla is committed to maintaining our own root store because doing so is vital to the security of our products and the web in general. It gives us the ability to set policies, determine which CAs meet them, and to take action when a CA fails to do so.

    A major advantage to controlling our own root store is that we can do so in a way that reflects our values. We manage our CA Certificate Program in the open, and by encouraging public participation we give individuals a voice in these trust decisions. Our root inclusion process is one example. We process lots of data and perform significant due diligence, then publish our findings and hold a public discussion before accepting each new root. Managing our own root store also allows us to have a public incident reporting process that emphasizes disclosure and learning from experts in the field. Our mailing list includes participants from many CAs, CA auditors, and other root store operators and is the most widely recognized forum for open, public discussion of policy issues.

  • Extract Method Refactoring in Rust
  • Why should you use Rust in WebAssembly?

    WebAssembly (Wasm) is a technology that has the chance to reshape how we build apps for the browser. Not only will it allow us to build whole new classes of web applications, but it will also allow us to make existing apps written in JavaScript even more performant.

    In this article about the state of the Rust and Wasm ecosystem, I'll try to explain why Rust is the language that can unlock the true potential of WebAssembly.

Mozilla: ARCore and Arkit, Rust, Socorro and Free Speech

Filed under
Moz/FF
  • ARCore and Arkit, What is under the hood: SLAM (Part 2)

    In our last blog post (part 1), we took a look at how algorithms detect keypoints in camera images. These form the basis of our world tracking and environment recognition. But for Mixed Reality, that alone is not enough. We have to be able to calculate the 3d position in the real world. It is often calculated by the spatial distance between itself and multiple keypoints. This is often called Simultaneous Localization and Mapping (SLAM). And this is what is responsible for all the world tracking we see in ARCore/ARKit.

  • This Week in Rust 273
  • Socorro: January 2019 happenings

    Socorro is the crash ingestion pipeline for Mozilla's products like Firefox. When Firefox crashes, the crash reporter collects data about the crash, generates a crash report, and submits that report to Socorro. Socorro saves the crash report, processes it, and provides an interface for aggregating, searching, and looking at crash reports.

  • Mozilla Open Policy & Advocacy Blog: Mozilla Foundation fellow weighs in on flawed EU Terrorist Content regulation

    As we’ve noted previously, the EU’s proposed Terrorist Content regulation would seriously undermine internet health in Europe, by forcing companies to aggressively suppress user speech with limited due process and user rights safeguards. Yet equally concerning is the fact that this proposal is likely to achieve little in terms of reducing the actual terrorism threat or the phenomenon of radicalisation in Europe. Here, Mozilla Foundation Tech Policy fellow and community security expert Stefania Koskova* unpacks why, and proposes an alternative approach for EU lawmakers.

    With the proposed Terrorist Content regulation, the EU has the opportunity to set a global standard in how to effectively address what is a pressing public policy concern. To be successful, harmful and illegal content policies must carefully and meaningfully balance the objectives of national security, internet-enabled economic growth and human rights. Content policies addressing national security threats should reflect how internet content relates to ‘offline’ harm and should provide sufficient guidance on how to comprehensively and responsibly reduce it in parallel with other interventions. Unfortunately, the Commission’s proposal falls well short in this regard.

Mozilla: Tails 3.12, Better Testing of Firefox and Complaint About Facebook

Filed under
Moz/FF
Security
  • Tails 3.12.1 is out

    This release is an emergency release to fix a critical security vulnerability in Firefox.

    It also fixes other security vulnerabilities. You should upgrade as soon as possible.

  • Mozilla to use machine learning to find code bugs before they ship

    In a bid to cut the number of coding errors made in its Firefox browser, Mozilla is deploying Clever-Commit, a machine-learning-driven coding assistant developed in conjunction with game developer Ubisoft.

    Clever-Commit analyzes code changes as developers commit them to the Firefox codebase. It compares them to all the code it has seen before to see if they look similar to code that the system knows to be buggy. If the assistant thinks that a commit looks suspicious, it warns the developer. Presuming its analysis is correct, it means that the bug can be fixed before it gets committed into the source repository. Clever-Commit can even suggest fixes for the bugs that it finds. Initially, Mozilla plans to use Clever-Commit during code reviews, and in time this will expand to other phases of development, too. It works with all three of the languages that Mozilla uses for Firefox: C++, JavaScript, and Rust.

    The tool builds on work by Ubisoft La Forge, Ubisoft's research lab. Last year, Ubisoft presented the Commit-Assistant, based on research called CLEVER, a system for finding bugs and suggesting fixes. That system found some 60-70 percent of buggy commits, though it also had a false positive rate of 30 percent. Even though this false positive rate is quite high, users of this system nonetheless felt that it was worthwhile, thanks to the time saved when it did correctly identify a bug.

  • Facebook Answers Mozilla’s Call to Deliver Open Ad API Ahead of EU Election

    After calls for increased transparency and accountability from Mozilla and partners in civil society, Facebook announced it would open its Ad Archive API next month. While the details are still limited, this is an important first step to increase transparency of political advertising and help prevent abuse during upcoming elections.

    Facebook’s commitment to make the API publicly available could provide researchers, journalists and other organizations the data necessary to build tools that give people a behind the scenes look at how and why political advertisers target them. It is now important that Facebook follows through on these statements and delivers an open API that gives the public the access it deserves.

    The decision by Facebook comes after months of engagement by the Mozilla Corporation through industry working groups and government initiatives and most recently, an advocacy campaign led by the Mozilla Foundation.

    This week, the Mozilla Foundation was joined by a coalition of technologists, human rights defenders, academics, journalists demanding Facebook take action and deliver on the commitments made to put users first and deliver increased transparency.

    “In the short term, Facebook needs to be vigilant about promoting transparency ahead of and during the EU Parliamentary elections,” said Ashley Boyd, Mozilla’s VP of Advocacy. “Their action — or inaction — can affect elections across more than two dozen countries. In the long term, Facebook needs to sincerely assess the role its technology and policies can play in spreading disinformation and eroding privacy.”

Mozilla: Ubisoft, Physics Engines, Security and VR

Filed under
Moz/FF
  • Making the Building of Firefox Faster for You with Clever-Commit from Ubisoft

    Firefox fights for people online: for control and choice, for privacy, for safety. We do this because it is our mission to keep the web open and accessible to all. No other tech company has people’s back like we do.

    Part of keeping you covered is ensuring that our Firefox browser and the other tools and services we offer are running at top performance. When we make an update, or add a new feature the experience should be as seamless and smooth as possible for the user. That’s why Mozilla just partnered with Ubisoft to start using Clever-Commit, an Artificial Intelligence coding assistant developed by Ubisoft La Forge that will make the Firefox code-writing process faster and more efficient. Thanks to Clever-Commit, Firefox users will get to use even more stable versions of Firefox and have even better browsing experiences.

  • Jingle Smash: Choosing a Physics Engine

    The key to a physics based game like Jingle Smash is of course the physics engine. In the Javascript world there are many to choose from. My requirements were for fully 3D collision simulation, working with ThreeJS, and being fairly easy to use. This narrowed it down to CannonJS, AmmoJS, and Oimo.js: I chose to use the CannonJS engine because AmmoJS was a compiled port of a C lib and I worried would be harder to debug, and Oimo appeared to be abandoned (though there was a recent commit so maybe not?).

  • Retailers: All We Want for Valentine’s Day is Basic Security

    This has been the case with smart dolls, webcams, doorbells, and countless other devices. And the consequences can be life threatening: “Internet-connected locks, speakers, thermostats, lights and cameras that have been marketed as the newest conveniences are now also being used as a means for harassment, monitoring, revenge and control,” the New York Times reported last year. Compounding this: It is estimated that by 2020, 10 billion IoT products will be active.

    Last year, in an effort to make connected devices on the market safer for consumers, Mozilla, the Internet Society, and Consumers International published our Minimum Security Guidelines: the five basic features we believe all connected devices should have. They include encrypted communications; automatic updates; strong password requirements; vulnerability management; and an accessible privacy policy.

  • Anyone can create a virtual reality experience with this new WebVR starter kit from Mozilla and Glitch

    Here at Mozilla, we are big fans of Glitch. In early 2017 we made the decision to host our A-Frame content on their platform. The decision was easy. Glitch makes it easy to explore, and remix live code examples for WebVR.

    We also love the people behind Glitch. They have created a culture and a community that is kind, encouraging, and champions creativity. We share their vision for a web that is creative, personal, and human. The ability to deliver immersive experiences through the browser opens a whole new avenue for creativity. It allows us to move beyond screens, and keyboards. It is exciting, and new, and sometimes a bit weird (but in a good way).

    Building a virtual reality experience may seem daunting, but it really isn’t. WebVR and frameworks like A-Frame make it really easy to get started. This is why we worked with Glitch to create a WebVR starter kit. It is a free, 5-part video course with interactive code examples that will teach you the fundamentals of WebVR using A-Frame. Our hope is that this starter kit will encourage anyone who has been on the fence about creating virtual reality experiences to dive in and get started.

Firefox Tips, Mozilla Against Facebook, DRM (EME) in GNU/Linux and MiUnlockTool Against Bootloader Lockdown

Filed under
Moz/FF
  • Change look & feel of Firefox pinned tabs

    Here's a curious corner case for you. About a year ago, Firefox Quantum introduced a whole bunch of radical changes in how it works and behaves, the biggest among them the switch to WebExtensions. This move made a lot of friendly, powerful extensions not work anymore, including a range of tab management addons. On the upside, Firefox also brought about the integrated tab pinning feature. It works nicely. But.

    Pinned tabs will detach from the tab bar and position themselves to the left, somewhat like a typical desktop quicklaunch icon area. So far so good, but the corner case be here! As it happens, the pinned tabs are relatively narrow, which means quick stab 'n' open action isn't quite possible. You need to be accurate positioning your mouse cursor, and that could slow you down. There does not seem to be a trivial option to change the width of the pinned tabs. Hence this guide.

  • Mozilla Open Letter: Facebook, Do Your Part Against Disinformation

    Is Facebook making a sincere effort to be transparent about the content on its platform? Or, is the social media platform neglecting its promises?

    Facebook promised European lawmakers and users it would increase the transparency of political advertising on the platform to prevent abuse during the elections. But in the very same breath, they took measures to block access to transparency tools that let users see how they are being targeted.

    With the 2019 EU Parliamentary Elections on the horizon, it is vital that Facebook take action to address this problem. So today, Mozilla and 32 other organizations — including Access Now and Reporters Without Borders — are publishing an open letter to Facebook.

  • Review of Igalia’s Multimedia Activities (2018/H2)

    EME is a specification for enabling playback of encrypted content in Web bowsers that support HTML 5 video.

    In a downstream project for WPE WebKit we managed to have almost full test coverage in the YoutubeTV 2018 test suite.

    We merged our contributions in upstream, WebKit and GStreamer, most of what is legal to publish, for example, making demuxers aware of encrypted content and make them to send protection events with the initialization data and the encrypted caps, in order to select later the decryption key.

    We started to coordinate the upstreaming process of a new implementation of CDM (Content Decryption Module) abstraction and there will be even changes in that abstraction.

  • MiUnlockTool unlocks Xiaomi phones' bootloader on macOS and Linux

    MiUnlockTool is a third party bootloader unlock utility which runs on Linux and macOS. The official Xiaomi tool for unlocking bootloader is Windows only.

The Rust Vulkan Gfx-rs Portability Initiative Reaches New Milestone

Filed under
Development
Graphics/Benchmarks
Moz/FF

Gfx-rs Portability is the library being developed within the Rust programming language that implements the Vulkan Portability Initiative as an effort akin to MoltenVK for easily getting Vulkan applications running on macOS and other platforms where Vulkan API support may not be natively available.

Saturday marked a new release of gfx-rs/portability that implements version 0.2 of the VK_EXT_portability_subset extension. This release also offers improvements to the back-end for Apple's Metal graphics/compute API.

Read more

Also: A Tiny IDE For Your ATtiny

Session Sync - A nice session manager for Firefox Quantum

Filed under
Moz/FF
Web

Back in the good ole days, Firefox had a wealth of excellent, powerful extensions. Among them, Tab Mix Plus with a superb built-in session manager. Come Firefox Quantum (57 onwards) and WebExtensions, a lot of goodies have gone away, forever. We are left with diminished functionality.

One of the things that I've been hunting after the most is a flexible session manager akin to the old stuff, with the ability to manage multiple sessions in a smart, simple, elegant way. I think I've finally found an addon that does the trick. It's called Session Sync, and I'm happy enough to actually write a whole article about this.

Read more

Syndicate content

More in Tux Machines

Security: Windows 'Fun' at Melbourne and Alleged Phishing by Venezuela’s Government

today's howtos

GCC 8.3 Released and GCC 9 Plans

  • GCC 8.3 Released
    The GNU Compiler Collection version 8.3 has been released. GCC 8.3 is a bug-fix release from the GCC 8 branch containing important fixes for regressions and serious bugs in GCC 8.2 with more than 153 bugs fixed since the previous release. This release is available from the FTP servers listed at: http://www.gnu.org/order/ftp.html Please do not contact me directly regarding questions or comments about this release. Instead, use the resources available from http://gcc.gnu.org. As always, a vast number of people contributed to this GCC release -- far too many to thank them individually!
  • GCC 8.3 Released With 153 Bug Fixes
    While the GCC 9 stable compiler release is a few weeks away in the form of GCC 9.1, the GNU Compiler Collection is up to version 8.3.0 today as their newest point release to last year's GCC 8 series.
  • GCC 9 Compiler Picks Up Official Support For The Arm Neoverse N1 + E1
    Earlier this week Arm announced their next-generation Neoverse N1 and E1 platforms with big performance potential and power efficiency improvements over current generation Cortex-A72 processor cores. The GNU Compiler Collection (GCC) ahead of the upcoming GCC9 release has picked up support for the Neoverse N1/E1. This newly-added Neoverse N1 and E1 CPU support for GCC9 isn't all that surprising even with the very short time since announcement and GCC9 being nearly out the door... Arm developers had already been working on (and landed) the Arm "Ares" CPU support, which is the codename for what is now the Neoverse platform.

Android Leftovers