Subscribe: Planet Mozilla
http://planet.mozilla.org/rss20.xml
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
add  code  community  firefox  mozilla  new  nightly  open  people  project  release  rust  time  users  week  work   
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: Planet Mozilla

Planet Mozilla



Planet Mozilla - http://planet.mozilla.org/



 



Frédéric Wang: MathZilla collection ported to WebExtensions

Fri, 28 Apr 2017 22:00:00 +0000

MathZilla is a collection of MathML-related add-ons for Mozilla applications. It provides nice features such as forcing native MathML rendering (e.g. on Wikipedia), using Web fonts to render MathML or providing a context menu item to copy math formulas into the clipboard. Initially written as a single XUL overlay extension (with even binary code for the LaTeX-to-MathML converter) it grows up as a collection of restartless add-ons using bootstrapped or SDK-based extensions, following the evolution of Mozilla’s recommendations. Also, SDK-based extensions were first generated using a Python program called cfx before Mozilla recommended to switch to a JS-based replacement called jpm. Mozilla announced some time ago that they will transition to the WebExtensions format. On the one hand this sounds bad because developers have to re-write their legacy add-ons again and actually be sure that the transition is even possible or does break anything. On the other hand it is good for long-term interoperability since e.g. Chromium browsers or Microsoft Edge support that format. My colleague Michael Catanzaro also mentioned in a recent blog post that WebExtensions are considered for Epiphany too. It is not clear what Mozilla’s plan is for Thunderbird or SeaMonkey but hopefully they will use that format too (in the past I was suggested to make the MathZilla add-ons compatible with SeaMonkey). Recently, Mozilla announced their plans for Firefox 57 which is basically to allow only add-ons written as WebExtensions. This means I had to re-write the Mathzilla add-ons again or they will stop working at the end of the year. In general, I believe the features have been preserved although there might be some small behavior changes or minor bugs due to the WebExtensions format. Please check the GitHub bug trackers and release notes for known issues and report any other problems you find. Finally, I reorganized a bit the git repositories and add-on names. Here is the updated list (some add-ons are still being reviewed by Mozilla): MathML Fonts (~2300 users) - Provide MathML fonts as Web fonts, which is useful when they can not be installed (e.g. Firefox for Android). Native MathML (~1400 users) - Force MathJax/KaTeX/MediaWiki to use native MathML rendering. MathML Copy (~500 users) - Add context menu items to copy a MathML formula or other annotations attached to it (e.g. LaTeX) into the clipboard. TeXZilla (~500 users) - Add-on giving access to TeXZilla, a Unicode TeX-to-MathML converter. MathML Font Settings (~300 users) - Add context menu items to configure MathML font settings. Note that in recent Mozilla versions the advanced font preferences menu allows to configure “Fonts for Mathematics”. Presentation MathML Polyfill (~200 users) - Add support for some advanced presentation MathML features (currently using David Carlisle’s “mml3ff” XSLT stylesheet). Content MathML Polyfill (~200 users) - Add support for some content MathML features (currently using David Carlisle’s “ctop” XSLT stylesheet). MathML Zoom (~100 users) - Allow zooming of mathematical formulas. MathML View Source (experimental) - This is a re-writing of Mozilla’s ‘view MathML source’ feature with better syntax highlighting and serialization. The idea originated from this thread. Image To MathML (experimental) - Try and convert images of mathematical formulas into MathML. It has not been ported to WebExtensions yet and I do not plan to do it in the short term. As a conclusion, I’d like to thank all the MathZilla users for their kind comments, bug reporting and financial support. The next step will probably be to ensure addons work in more browsers but that will be for another time ;-)[...]



Mitchell Baker: New Mozilla Foundation Board Members: Mohamed Nanabhay and Nicole Wong

Fri, 28 Apr 2017 20:36:02 +0000

Today, I’m thrilled to announce that Mohamed Nanabhay and Nicole Wong have joined the Mozilla Foundation Board of Directors.

Over the last few years, we’ve been working to expand the boards for both the Mozilla Foundation and the Mozilla Corporation. Our goals for the Foundation board roles were to grow Mozilla’s capacity to move our mission forward; expand the number and diversity of people on our boards, and; add specific skills in areas related to movement building and organizational excellence. Adding Mohamed and Nicole represents a significant move forward on these goals.

We met Mohamed about seven years ago through former board member and then Creative Commons CEO Joi Ito. Mohamed was at Al Jazeera at the time and hosted one of Mozilla’s first Open News fellows. Mohamed Nanabhay currently serves as the Deputy CEO of the Media Development Investment Fund (MDIF), which invests in independent media around the world providing the news, information and debate that people need to build free, thriving societies.

Nicole is an attorney specializing in Internet, media and intellectual property law. She served as President Obama’s deputy chief technology officer (CTO) and has also worked as the vice president and deputy general counsel at Google to arbitrate issues of censorship. Nicole has already been active in helping Mozilla set up a new fellows program gathering people who have worked in government on progressive tech policy. That program launches in June.

Talented and dedicated people are the key to building an Internet as a global public resource that is open and accessible to all. Nicole and Mohammad bring expertise, dedication and new perspectives to Mozilla. I am honored and proud to have them as our newest Board members.

Please join me in welcoming Mohamed and Nicole to the Board. You can read more about why Mohamed chose to join the Board here, and why Nicole joined us here.

Mitchell




The Mozilla Blog: New Mozilla Foundation Board Members: Mohamed Nanabhay and Nicole Wong

Fri, 28 Apr 2017 20:29:27 +0000

Today, I’m thrilled to announce that Mohamed Nanabhay and Nicole Wong have joined the Mozilla Foundation Board of Directors.

Over the last few years, we’ve been working to expand the boards for both the Mozilla Foundation and the Mozilla Corporation. Our goals for the Foundation board roles were to grow Mozilla’s capacity to move our mission forward; expand the number and diversity of people on our boards, and; add specific skills in areas related to movement building and organizational excellence. Adding Mohamed and Nicole represents a significant move forward on these goals.

We met Mohamed about seven years ago through former board member and then Creative Commons CEO Joi Ito. Mohamed was at Al Jazeera at the time and hosted one of Mozilla’s first Open News fellows. Mohamed Nanabhay currently serves as the Deputy CEO of the Media Development Investment Fund (MDIF), which invests in independent media around the world providing the news, information and debate that people need to build free, thriving societies.

Nicole is an attorney specializing in Internet, media and intellectual property law. She served as President Obama’s deputy chief technology officer (CTO) and has also worked as the vice president and deputy general counsel at Google to arbitrate issues of censorship. Nicole has already been active in helping Mozilla set up a new fellows program gathering people who have worked in government on progressive tech policy. That program launches in June.

Talented and dedicated people are the key to building an Internet as a global public resource that is open and accessible to all. Nicole and Mohammad bring expertise, dedication and new perspectives to Mozilla. I am honored and proud to have them as our newest Board members.

Please join me in welcoming Mohamed and Nicole to the Board. You can read more about why Mohamed chose to join the Board here, and why Nicole joined us here.

Mitchell

The post New Mozilla Foundation Board Members: Mohamed Nanabhay and Nicole Wong appeared first on The Mozilla Blog.




The Mozilla Blog: Why I’m joining the Mozilla Board by Mohamed Nanabhay

Fri, 28 Apr 2017 20:28:57 +0000

Mozilla has been at the forefront of shaping internet culture and fighting to keep the Internet open. Being able to join the Board and be of service to that mission is an honor as the open internet played such an important role in my life and my work.

My generation came online to the shrill beeps of our modems connecting to this network that represented endless possibilities. Those beeps of our modems dialing up provided the soundtrack to some of our deepest friendships and community, crossing borders and breaking down barriers. I remember contributing to the SpreadFirefox.com campaign in 2004 to put an advert into the New York Times. That campaign epitomized the best of what we could achieve on the network – thousands coming together to promote the open source project that many thousands worked on that would go on to touch millions of people.

(image)

Mohamed Nanabhay, new Mozilla Foundation board member (photo credit: Joi Ito)

As the next billion come online, there are real questions about what sort of Internet they are coming online to. We know that it is most often through a mobile device (phone or tablet) and often the first contact is through Facebook (including WhatsApp). Navigating the usage (what role does the browser play when most people are using Apps?) and the social implications (will an even greater number of people confuse Facebook with the Internet?) are deeply important in the near term.

At Al Jazeera I was deeply focused on using social technologies to not only distribute news but also discover and amplify the voices of people being most impacted by power. With Creative Commons I worked to launch a repository of broadcast quality video footage under the most permissive license. At Global Voices, bridge building and providing a nuanced understand through a local lens is key to what we do. And at the Media Development Investment Fund (MDIF), we are deeply committed to funding the highest quality journalism in countries where there is a threat to press freedom.

This work has all really been around building bridges, connecting people, and amplifying voices. While our kids may never know the thrill of hearing a modem connection I hope that we can work to ensure that the Internet remains open so they can use it to learn, build, and grow in the same way we did.

Mohamed Nanabhay is the Deputy CEO of the Media Development Investment Fund (MDIF), which invests in independent media around the world providing the news, information and debate that people need to build free, thriving societies. He is also the board chair of GlobalVoices.org and the former head of Al Jazeera English. Mohamed was appointed to the Mozilla Foundation board in April 2017.

The post Why I’m joining the Mozilla Board by Mohamed Nanabhay appeared first on The Mozilla Blog.




The Mozilla Blog: Why I’m joining the Mozilla Board by Nicole Wong

Fri, 28 Apr 2017 20:28:42 +0000

It’s an honor for me to join the Mozilla Board. I’m so inspired by the Foundation’s mission and by the incredibly talented people that lead it. And, I’m looking forward to contributing to Mozilla’s plans to build out a leadership network focused on protecting the open Internet.

Though I’m still too new to the organization to be able to diagnose Mozilla’s biggest challenges, I think this is a really exciting and crucial time for Mozilla to develop products that really put users first. Today’s Internet users have complex needs, so I’ll be excited to see how the Mozilla community works to identify and solve them.

(image)

Nicole Wong, New Mozilla Foundation Board Member


Obviously, this is also a very challenging time to protect the Internet from the national and global trends toward authoritarianism, censorship and surveillance. Mozilla is in a great position to address some of those challenges.

During my career, I’ve had the privilege of working in both the private and public sector, but the consistent theme is focusing on the intersection of emerging technologies, law, and public policy. I have tried to build cultures, policies, and practices that are forward-leaning in the development and defense of a healthy internet. I’m looking forward to doing the same at the Foundation, helping build out the leadership network and focusing on emerging tech policy leaders.

Nicole is an attorney specializing in Internet, media and intellectual property law. She served as President Obama’s deputy chief technology officer (CTO) and has also worked as the vice president and deputy general counsel at Google to arbitrate issues of censorship. She was appointed to the Mozilla Foundation board in April 2017.

The post Why I’m joining the Mozilla Board by Nicole Wong appeared first on The Mozilla Blog.




Support.Mozilla.Org: Platform update & Q&A

Fri, 28 Apr 2017 20:22:00 +0000

Hey there, SUMO Nation! As you may have noticed, we are (for the time being) back to the previous engine powering the support site at support.mozilla.org You can follow the latest updates and participate in the discussion about this here. We are definitely present and following this discussion, noting your concerns and questions. We can provide you with answers and reassurance, even if we do not have ready-made solutions to some of the issues you are highlighting. Since some of you may not be frequently visiting the forums, we would also like to make sure you can find the answers to some of the more burning questions asked across our community here, on our blog. Q: Why is Mozilla no longer interested in using Kitsune, its own support platform? The software engineers and project managers developing Kitsune were shifted to work on critical development needs in the Firefox browser. Kitsune also had only a handful of contributors to the code base. After calculating the time and money requirements for maintaining our own platform, which were considerable and might have entailed a major overhaul, Mozilla decided that using an third-party solution was a better investment for the long term future of Mozilla’s support needs. (To be honest, it was one of the hardest decisions we have made.) We also considered that Lithium has significant ongoing software development which we think will lead to faster feature improvements than we might have achieved internally with Kitsune. Q: Why is the new support platform still not providing all the functionality available in Kitsune? Kitsune had been customized and hand-crafted from scratch by Mozillians and for Mozillians over a period of eight years. No other platform in the market can offer the same level of compatibility with Mozilla’s mission and contribution methods without a serious investment of time and development power. We have been working with Lithium for an extended period of time on matching the core functionality of Kitsune. This is a complex, lengthy, and ongoing process. Due to technical differences in development and deployment of features between both platforms, complete feature parity may not be possible. We promise that over time we will push aggressively to close the feature gap and even to develop useful new features that were not present in Kitsune. We understand that many in the community feel that Kitsune is a better option and there are many things we love about Kitsune. We are hopeful that Lithium will grow on you and ultimately surpass Kitsune. Q: How will you ensure that Mozilla’s image is not negatively influenced by issues with the support site now and in the future? We will do our very best to provide the best support site and the best workflows we can for the budget that we are allocated for support technology and tools. We are extremely serious about maintaining Mozilla’s good image and working with our community and users to ensure that Mozilla is viewed positively. We realize that changes in software and workflows may not work equally well for everyone but we will do our best to help. We always have and always will appreciate the contributions from you, our community – and that users choose to browse on Firefox. Q: What can the community members do to help any of the above now and in the future? First of all, please continue to contribute your time and hard work answering user questions. It’s the most valuable contribution you can make and one we greatly appreciate. Thank you. Second, your ideas on how to improve the Mozilla support platform are something we always listen closely to, as you are in the system as much as we are. These can be new features or improvements to existing features (or adding back in older features), including improvements to the Lithium platform. We can’t promise that we will be able to include all requests in our roadmap but the community does drive our priorities and inform our d[...]



Will Kahn-Greene: Using Localstack for a fake AWS S3 for local development

Fri, 28 Apr 2017 18:00:00 +0000

Summary

Over the last year, I rewrote the Socorro collector which is the edge of the Mozilla crash ingestion pipeline. Antenna (the new collector) receives crashes from Breakpad clients as HTTP POSTs, converts the POST payload into JSON, and then saves a bunch of stuff to AWS S3. One of the problems with this is that it's a pain in the ass to do development on my laptop without being connected to the Internet and using AWS S3.

This post covers the various things I did to have a locally running fake AWS S3 service.

Read more… (4 mins to read)




Gervase Markham: Don’t Pin To A Single CA

Fri, 28 Apr 2017 09:13:28 +0000

If you do certificate pinning, either via HPKP, or in your mobile app, or your IoT device, or your desktop software, or anywhere… do not pin solely to a single certificate, whether it’s a leaf certificate, intermediate or root certificate, and do not pin solely to certificates from a single CA. This is the height of self-imposed Single Point of Failure foolishness, and has the potential to bite you in the ass. If your CA goes away or becomes untrusted and it causes you problems, no-one will be sympathetic.

This Has Been A Public Service Announcement.

(image)



Ehsan Akhgari: Quantum Flow Engineering Newsletter #7

Fri, 28 Apr 2017 03:49:19 +0000

It’s time for another quick update about the recent Quantum Flow work. I want to start by shedding some light into the performance of synchronous IPC caused by JavaScript.  Here is a breakdown report for data as of today similar to the previous ones.  Let’s look at the top 10 worst offenders: All of the ones with names starting with Addons: or Content: are e10s compatibility shims that we have been using to make non-e10s compatible add-ons work with Firefox.  They essentially make synchronous XPCOM APIs work using sync IPC across process boundaries.  This is by far the majority of the issue here, and it skews all sorts of performance measurements that we do on Nightly.  We’re soon going to make changes to Nightly to disable running non-e10s compatible extensions so that we get better performance data. The second one is AdblockPlus:Message which presumably comes from one of the the Adblock Plus extension variants.  What’s curious about this one is the super high count of the messages, the median time isn’t that high.  And that the submission percentage is 100%!! #9 is contextmenu. Looking through more of these messages, there are a few more that stem from our code.  It’s a bit hard to spot everything due to everything being mixed together.  After traditional style extensions aren’t loaded any more a lot of these issues will go away but it also makes things difficult to evaluate when looking at the data.  This is also solid practical data that can be used as input to API design in the future, on why some functionality such as sync IPC is very dangerous to be exposed at the API level in the first place!  Moving to a more modern extension model is really good for performance from this perspective. The next topic I wanted to discuss was the issue of the usage of timers in our code.  Timers are terrible for responsiveness and are almost never what you want.  We sometimes use them to lazify some work (do this part of the initialization in 10 seconds!) or to do some periodic background task (refresh this cache every second) but they cause a lot of problems due to the fact that they can execute at unpredictable times.  From the perspective of improving the responsiveness of Firefox, if your goal is to keep the main thread as free as possible when the user’s input events are about to be handled, the last thing you want is to start running one of these timers right before the user clicks or types or something like that.  Gecko now supports the requestIdleCallback API which allows the caller to request a timer that only gets dispatched when the application is idle.  Where possible, you should consider re-examining the timers in your areas of the code and consider using to idle dispatch where appropriate.  Note that this API is currently only available to contexts where the Window object is available.  Bug 1358476 is adding the functionality to nsThread and hopefully we can expose it to JSMs afterwards as well. On to the list of the acknowledgements for the week.  As usual, I hope I’m not forgetting anyone’s names here! Kevin Jones’ heroic work on moving session restore to restore tabs using lazy-browsers finally landed.  He tried out a nice idea to improve the performance of restoring a session as the Virtual Tabs add-on, and then he started to take a stab at converting the add-on into a patch for Firefox! Tim Taubert’s work as of a few weeks ago around improving the performance of the session restore data collection times has heavily paid off so far.  This chart speaks for itself. Ben Tian used a pref cache instead of reading preferences repeatedly, potentially incurring expensive hashtable lookups. Thomas Nguyen did the same for the URLClassifier code. Gijs Kruitbosch prevented reading the full MIME type info from the OS just to get the mimetype string for an exte[...]



Air Mozilla: April Privacy Lab – The Future of Privacy and Artificial Intelligence (AI)

Fri, 28 Apr 2017 01:15:00 +0000

(image) Peter Eckersley, the Chief Computer Scientist for the Electronic Frontier Foundation (EFF), will discuss the new EFF initiative that he is leading on the policy,...




Air Mozilla: Localization Community Bi-Monthly Call, 27 Apr 2017

Thu, 27 Apr 2017 20:00:00 +0000

(image) These calls will be held in the Localization Vidyo room every second (14:00 UTC) and fourth (20:00 UTC) Thursday of the month and will be...




Air Mozilla: Reps Weekly Meeting Apr. 27, 2017

Thu, 27 Apr 2017 16:00:00 +0000

(image) This is a weekly call with some of the Reps to discuss all matters about/affecting Reps and invite Reps to share their work with everyone.




The Rust Programming Language Blog: Announcing Rust 1.17

Thu, 27 Apr 2017 00:00:00 +0000

The Rust team is happy to announce the latest version of Rust, 1.17.0. Rust is a systems programming language focused on safety, speed, and concurrency. If you have a previous version of Rust installed, getting Rust 1.17 is as easy as: $ rustup update stable If you don’t have it already, you can get rustup from the appropriate page on our website, and check out the detailed release notes for 1.17.0 on GitHub. What’s in 1.17.0 stable The story of Rust 1.17.0 is mostly one of small, quality of life improvements. For example, the 'static lifetime is now assumed in statics and consts. When writing a const or static like this: const NAME: &'static str = "Ferris"; static NAME: &'static str = "Ferris"; Rust 1.17 will allow you to elide the 'static, since that’s the only lifetime that makes sense: const NAME: &str = "Ferris"; static NAME: &str = "Ferris"; In some situations, this can remove lots of boilerplate: // old const NAMES: &'static [&'static str; 2] = &["Ferris", "Bors"]; // new const NAMES: &[&str; 2] = &["Ferris", "Bors"]; Another similar improvement is “field init shorthand.” Similar to ECMAScript 6, which calls this “Object Literal Property Value Shorthand”, duplication can be removed when declaring structs, like this: // definitions struct Point { x: i32, y: i32, } let x = 5; let y = 6; // old let p = Point { x: x, y: y, }; // new let p = Point { x, y, }; That is, the x, y form will assume that its values are set to a variable with the same name in its scope. For another small quality of life improvement, it’s common for new Rustaceans to try to use + to add two &strs together. This doesn’t work, you can only add String + &str. As such, a new error message was added to help users who make this mistake: // code "foo" + "bar" // old error[E0369]: binary operation `+` cannot be applied to type `&'static str` --> :2:5 | 2 | "foo" + "bar" | ^^^^^ | note: an implementation of `std::ops::Add` might be missing for `&'static str` --> :2:5 | 2 | "foo" + "bar" | ^^^^^ // new error[E0369]: binary operation `+` cannot be applied to type `&'static str` --> :2:5 | 2 | "foo" + "bar" | ^^^^^ | = note: `+` can't be used to concatenate two `&str` strings help: to_owned() can be used to create an owned `String` from a string reference. String concatenation appends the string on the right to the string on the left and may require reallocation. This requires ownership of the string on the left. | "foo".to_owned() + "bar" When using Cargo’s build scripts, you must set the location of the script in your Cargo.toml. However, the vast majority of people wrote build = "build.rs", using a build.rs file in the root of their project. This convention is now encoded into Cargo, and will be assumed if build.rs exists. We’ve been warning about this change for the past few releases, and you can use build = false to opt out. This release marks the removal of the old Makefile based build system. The new system, announced in Rust 1.15, is written in Rust and primarily uses Cargo to drive the build. It is now mature enough to be the only build system. As part of that change, packages from crates.io can now be used within Rust’s build system. The first one to be added was mdBook, and it’s now being used to render our various book-like documentation: The book (repo) The reference (repo) The nomicon (repo) In addition, see those links to their respective repositories; they’ve been moved out of tree. Also, we’ve added a fourth book, still in-tree: The Unstable Book. This provides a[...]



Mozilla Open Policy & Advocacy Blog: Mozilla is Ready to Fight: FCC Chairman Announces Plans to Reverse U.S. Net Neutrality Protections

Wed, 26 Apr 2017 23:40:36 +0000

In a speech at the Newseum today, FCC Chairman Ajit Pai shared some details about his plan to repeal and replace U.S. net neutrality protections enacted in 2015. These rules were adopted after more than a decade long battle to protect net neutrality, and after a massive amount of input by US citizens. Pai’s approach would leave internet users and innovators with no protections.

FCC Chairman Pai seeks to shift the source of the authority for the Net Neutrality rules away from “Title II” (where it now sits) and back to a weaker “Title I” classification for Internet Service Providers because it is “more consistent with the facts and the law.” We disagree – and we aren’t the only ones. So did the D.C. Circuit Court on three occasions, along with the late Justice Scalia, in the same 2005 Supreme Court case Pai cited. In that case Justice Scalia described what Pai has now chosen as his path, the classification of ISPs under Title I, “an implausible reading of the statute.”

Unfortunately, Pai’s assertions today are just as implausible.

This move is saddening, maddening and unacceptable, but we’re not surprised. This proposal is nothing more than a repetition of the same old ideas discussed by opponents of net neutrality over the past few years.

Net neutrality is under threat and we all need to work towards an “open internet that does not discriminate on content and protects free speech and consumer privacy.” Mozilla has rallied for this fight in the past, and as we have said before, we are ready to protect net neutrality – and the creativity, innovation, and economic growth it unlocks – again, and always. Today was the first clearly articulated threat  – we now need to begin mobilizing against these actions. Stay tuned for ways that you can help us win the fight again.

The post Mozilla is Ready to Fight: FCC Chairman Announces Plans to Reverse U.S. Net Neutrality Protections appeared first on Open Policy & Advocacy.




Air Mozilla: Bugzilla Project Meeting, 26 Apr 2017

Wed, 26 Apr 2017 20:00:00 +0000

(image) The Bugzilla Project developers meeting.




Air Mozilla: April Speaker Series: American Spies: Modern Surveillance and What We Can Do Speaker: Jennifer Granick

Wed, 26 Apr 2017 17:00:00 +0000

(image) Intelligence agencies in the U.S. (aka the American Spies) are exceedingly aggressive, pushing and sometimes bursting through the technological, legal and political boundaries of lawful...




Air Mozilla: Weekly SUMO Community Meeting Apr. 26, 2017

Wed, 26 Apr 2017 16:00:00 +0000

(image) This is the sumo weekly call




Firefox Nightly: These Weeks in Firefox: Issue 15

Wed, 26 Apr 2017 15:08:38 +0000

A big thank you goes out to Johann Hofmann who put these headlines together while I was away on vacation! Highlights Kevin Jones made sessions restore using lazy tabs & browsers which means restoring any session becomes almost instant! The Places refactoring to support hi-res favicons landed and brought an almost 30% perf win (in two stages) to some file I/O measurements! Some followup work still ongoing As part of Photon Animation we landed a pref to consolidate and turn on/off all cosmetic animations in browser UI, and have an incoming flag to enable/disable the photon motion animation changes specifically (nightly only until 57) To help us better measure the performance impact our Quantum Flow efforts are having, we are planning to turn off add-ons that require shims for Nightly builds. This means that only WebExtensions and addons that are marked as MultiProcessCompatible will remain enabled. mccr8 has been reducing the number of memory compartments that content processes use, which should reduce their impact by a few megs each! eslint-plugin-mozilla can now be used via npm for external projects. It includes a “recommended” config which is the one originally in toolkit/. “Optional” permissions for WebExtensions have been enabled by default Want to allow this WebExtension to do this? Up to you! The Form Autofill feature is being enabled on Nightly this week (for @autocomplete on ). Stay tuned! Firefox Screenshots is in Beta 2 preffed-off by default.  We’ll enable it very soon for everyone, or you can jump the gun by toggling extensions.screenshots.system-disabled .  If you run into anything fishy, please let #screenshots know Friends of the Firefox team (Give a shoutout/thanks to people for helping fix and test bugs. Introductions) Thanks to Robert Ward for using Oh no! Reflow! to help the photon-performance team file uninterruptible reflow bugs like this one! Resolved bugs (excluding employees): https://mzl.la/2q2y7fD More than one bug fixed: Dan Banner Pauline New contributors ( = First Patch!) Dan Banner Unshipped defaults/profile/prefs Made browser_bug431826 use a more reliable function to wait for error pages Removed unused files Aditya Srivastava fixed a style issue on about:newtab Ganesh Chaitanya Kale improved a function in our places API Pooja Gadige (:pgadige) enabled a flake8 rule for Telemetry Kristina Kurshakova correctly centered a button in the sync panel Mayank Madan [:mayankmadan] improved the type checking code in parse_events.py Ryan Riley made search.xml use AppConstants from the global scope Arjun Nair fixed a helper function in our Telemetry code Pauline modernized assertions in TelemetrySession.jsm and removed duplicate imports in test_TelemetrySendOldPings frankanthonyserrano updated eula.css to use a standard border Project Updates Add-ons Please only run WebExtensions and MPC=True add-ons to help us figure out if we are making Firefox faster or not. See this wiki page and bug 1352204. Want to try out running WebExtensions in their own process? Of course you do. Set extensions.webextensions.remote to true. Bugs welcome! ExtensionContent.jsm which is for content scripts is now loaded lazily. If you’ve got your host permissions wrong for webRequest filters, you’ll get a warning. We are turning on the new theming API by default, so extension authors get to do simple theming dynamically in WebExtensions. Activity Stream Test Pilot Activity Stream Activity Stream support for Pocket has landed in Test Pilot version.  Experiment launches May 1st (thanks csadilek!) You can try it now b[...]



Hacks.Mozilla.Org: Fathom: a framework for understanding web pages

Wed, 26 Apr 2017 15:07:29 +0000

It’s time we went beyond a browser that just renders pages. On the modern web, trying to accomplish a simple task can get you buffeted by pop-overs, squinting at content crammed into a tiny column, and trying to suss out the behavior of yet another site’s custom widgets. To restore a balance of power and reclaim user efficiency, we need a smarter browser. Imagine if Firefox understood pages like a human does: Arduous sign-on could be a thing of the past. The browser could recognize a Log In link, follow it in the background, and log you in, all without losing your place. The links could disappear from the page and be moved into a standard browser UI. Products could be recognized as such and manipulated as cohesive chunks. You could drag them to a shopping cart, complete with pictures and prices, for cross-site comparison shopping. You could enjoy easily scannable columns rather than a circus of tabs. Inefficient and inconsistent UI could be ironed out at last. We could have browser-provided hotkeys for dismissing popovers, navigating to the next logical page, standardizing the look of interface elements, or recognizing and flattening out needlessly paginated slideshows. On small screens or windows, superfluous navigation or header sections could be hidden, even on pages that don’t use responsive design. We could intelligently figure out what to print, even in the absence of print stylesheets. These possible futures all assume the browser can identify meaningful parts of the page. Over the decades, there have been many attempts to make this easier. But microformats, semantic tags, RDF, and link/rel header elements have failed to take over the world, due both to sites’ incentive to remain unscrapeable and to the extra work they represent. As a result, modern search engines and browsers’ reader modes have taken an alternative tack: they extract meaning by embracing the mess, bulling straight through unsemantic markup with a toolbelt full of heuristics. But a problem remains: these projects are single-purpose and expensive to produce. Readability, the basis of Safari and Firefox’s reader modes, is 1,800 lines of JavaScript and was recently shut down. Chrome’s DOM Distiller is 23,000 lines of Java. These imperative approaches get bogged down in the mechanics of DOM traversal and state accumulation, obscuring the operative parts of the “understanders” and making them arduous to write and difficult to comprehend. They are further entangled with the ad hoc fuzzy scoring systems and the site-specific heuristics they need to include. The economics are against them from the start, and consequently few of them are created, especially outside large organizations. But what if understanders were cheap to write? What if Readability could be implemented in just 4 simple rules? const rules = ruleset( rule(dom('p,div,li,code,blockquote,pre,h1,h2,h3,h4,h5,h6'), props(scoreByLength).type('paragraphish')), rule(type('paragraphish'), score(fnode => (1 - linkDensity(fnode, fnode.noteFor('paragraphish') .inlineLength)) * 1.5)), rule(dom('p'), score(4.5).type('paragraphish')), rule(type('paragraphish') .bestCluster({splittingDistance: 3, differentDepthCost: 6.5, differentTagCost: 2, sameTagCost: 0.5, strideCost: 0}), out('content').allThrough(domSort)) ); That scores [...]



Mozilla Open Policy & Advocacy Blog: Mozilla at #rp17: What’s up with Internet Health?

Tue, 25 Apr 2017 16:59:25 +0000

Spring in Berlin means re:publica. This year, we invite you to join us for an interactive exhibition, in talks, and hopefully in many personal conversations to discover what we call Internet Health. From Monday to Wednesday (May 8-10), “the Station” will be expecting roughly 10,000 attendees from more than 100 countries. People will be traveling to Berlin to learn, discuss, and experience new things on topics such as digital rights, politics and society, e-health, science fiction, journalism, education, all sorts of new technologies and anything else related to the digital society. The schedule includes over 400 sessions taking place on 19 different stages and workshop rooms. The full list of the speakers is available here. All of the eight main stages will be live-streamed, recorded and translated. Mozilla @ re:publica 17 Mozilla’s Executive Director, Mark Surman, will hold a keynote on whether the Internet of Things we are building is ethical. He will discuss the importance of asking not just what’s possible? but also what’s responsible? Raegan MacDonald, Senior EU Policy Manager, will present a pitch on the EU copyright reform and the looming threat posed by mandatory upload filters and I will participate in a conversation on digital inclusion, in which we will talk about projects on enhancing digital literacy, equality and individual empowerment.   Where else to find us We invite you to embark on a new and fun adventure: Join us on Monday, May 8 in the Labore:tory to explore our Internet Health Clinic. We will create an engaging installation, which is designed  to foster structured dialogue about five issues that we believe are crucial for the health of the Internet as an ecosystem: privacy and security; digital inclusion; web literacy; openness; and decentralization. We are particularly thrilled to partner with the Global Innovation Gathering to welcome an international group of experts, who will enter into a journey across continents. The speakers will share with us their own personal stories and inspire us with their work on the ground, around the world. At the clinic we are inviting feedback and are looking forward to discovering and exploring new ideas, research, potential collaborations, and possibilities to assess the impact of our actions on a healthy Internet on an annual basis. In addition, we are excited to see the winners of our recent Equal Rating Innovation Challenge on stage as well.  If you want to learn more about their projects, this is where you need to go. A number of Mozillians from our Advocacy, Emerging Tech, Firefox, Open Innovation, Open IoT, and Policy teams, as well as some of our Open Web Fellows, will also be in Berlin. So join us at re:publica and of course on Monday in the Labore:tory in the Internet Health Clinic! See you in Berlin! Sessions Overview Day 1: Monday, May 8 (all times are CET) 12:45-1:15pm, Stage 2 Mark Surman (keynote): Are we living inside an ethical (and kind) machine?: https://re-publica.com/en/17/session/are-we-living-inside-ethical-and-kind-machine 2:00-5:00pm, Labore:tory Mozilla’s Internet Health Clinic will feature 15 global experts during “visiting hours”. Day 2: Tuesday, May 9 4:15 to 4:45pm, Stage 9 The Winner’s of Mozilla Equal Rating Innovation Challenge: Access all areas – Independent internet infrastructures in Brazil, India and South Africa Day 3: Wednesday, May 10 10:00-11:00am, Stage 4 Cathleen Berger (panel): Digital Equality and how the open web can contribute to a more equal world 11:15am-12:15pm, Stage 8 Raegan MacD[...]



Michael Kelly: content-UITour

Tue, 25 Apr 2017 15:57:00 +0000

Recently I found myself trying to comprehend an unfamiliar piece of code. In this case, it was content-UITour, a file that handles the interaction between unprivileged webpages and UITour.jsm. UITour allows webpages to highlight buttons in the toolbar, open menu panels, and perform other tasks involved in giving Firefox users a tour of the user interface. The event-based API allows us to iterate quickly on the onboarding experience for Firefox by controlling it via easily-updated webpages. Only a small set of Mozilla-owned domains are allowed access to the UITour API. Top-level View My first step when trying to grok unfamiliar JavaScript is to check out everything at the top-level of the file. If we take content-UITour and remove some comments, imports, and constants, we get: var UITourListener = { handleEvent(event) { /* ... */ }, /* ... */ }; addEventListener("mozUITour", UITourListener, false, true); Webpages that want to use UITour emit synthetic events with the name "mozUITour". In the snippet above, UITourListener is the object that receives these events. Normally, event listeners are functions, but they can also be EventListeners, which are simply objects with a handleEvent function. According to Mossop's comment, content-UITour is loaded in browser. A search for firefox loadFrameScript brings up two useful pages: nsIFrameScriptLoader, which describes how loadFrameScript takes our JavaScript file and loads it into a remote frame. If you don't innately know what a remote frame is, then you should read... Message manager overview, which gives a great overview of frame scripts and how they relate to multi-process Firefox. In particular, browser seems to be asking for a browser message manager. It looks like content-UITour is loaded for each tab with a webpage open, but it can do some more privileged stuff than a normal webpage. Also, the global object seems to be window, referring to the browser window containing the webpage, since events from the webpage are bubbling up to it. Neat! Events from Webpages So what about handleEvent? handleEvent(event) { if (!Services.prefs.getBoolPref("browser.uitour.enabled")) { return; } if (!this.ensureTrustedOrigin()) { return; } addMessageListener("UITour:SendPageCallback", this); addMessageListener("UITour:SendPageNotification", this); sendAsyncMessage("UITour:onPageEvent", { detail: event.detail, type: event.type, pageVisibilityState: content.document.visibilityState, }); }, If UITour itself is disabled, or if the origin of the webpage we're registered on isn't trustworthy, events are thrown away. Otherwise, we register UITourListener as a message listener, and send a message of our own. I remember seeing addMessageListener and sendAsyncMessage on the browser message manager documentation; they look like a fairly standard event system. But where are these events coming from, and where are they going to? In lieu of any better leads, our best bet is to search DXR for "UITour:onPageEvent", which leads to nsBrowserGlue. Luckily for us, I've actually heard of this file before: it's a grab-bag for things that need to happen to set up Firefox that don't fit anywhere else. For our purposes, it's enough to know that stuff in here gets run once when the browser starts. The lines in question: // Listen for UITour messages. // Do it here instead of the UITour module itself so that the UITour module is lazy loaded // when the first message is received. var globalMM = Cc["@mozilla.org/globalmessagemanag[...]



The Mozilla Blog: Mozilla Continues to Oppose the U.S. Administration’s Executive Order on Travel

Tue, 25 Apr 2017 15:16:39 +0000

Mozilla and more than 150 other tech companies continue to oppose the U.S. administration’s revised Executive Order on travel as it winds its way through the U.S. Court system.

This order seeks to temporarily prohibit the U.S. Government from issuing new visas to travelers from six predominantly Muslim countries and suspend the U.S refugee program. Soon after it was issued, two federal judges in Hawaii and Maryland held the revised order to be discriminatory and unconstitutional. So far, their decisions have prevented the order from being enforced, but the administration has appealed to higher courts asking for a reversal.

Last week, we filed two amicus briefs in the Fourth and Ninth Circuits against the Executive Order and in support of the district court decisions.

We are against this Executive Order, for the same reasons we opposed the original one.  People worldwide build, protect, and advance the internet, regardless of their nationality.

Travel is often necessary to the robust exchange of information and ideas within and across companies, universities, industry and civil society.  Undermining immigration law harms the international cooperation needed to develop and maintain an open internet.
We urge the Courts of Appeals to uphold the district court decisions and reinforce the harmful impact of the travel ban.

The post Mozilla Continues to Oppose the U.S. Administration’s Executive Order on Travel appeared first on The Mozilla Blog.




Air Mozilla: Martes Mozilleros, 25 Apr 2017

Tue, 25 Apr 2017 15:00:00 +0000

(image) Reunión bi-semanal para hablar sobre el estado de Mozilla, la comunidad y sus proyectos. Bi-weekly meeting to talk (in Spanish) about Mozilla status, community and...




Firefox Nightly: Guest post: India uses Firefox Nightly: Kick off on May 1, 2017

Tue, 25 Apr 2017 13:30:26 +0000

This is a guest post by Biraj Karmakar, who has been active promoting Mozilla and Mozilla software in India for over 7 years. Biraj is taking the initiative of organizing a series of workshops throughout the country to convince technical people to (mozillians or not) that may be interested in getting involved in Mozilla to use Firefox Nightly.     In my last blog, I have announced that Mozilla India is going to organize a special campaign on Firefox Nightly Usage in India. RSVP here. Everything is set. Gearing up for the campaign. BTW Recently we have organized one community call on this campaign. You can watch it to know more about how to organize events and technical things. How to get involved: Online Activities Telling and inviting friends! Create the event in social media! Writing about it on Facebook & Twitter. Posting updates on social media when the event is running. Running an online event like webinar for this campaign. Please, check the event flow. Blog posting regarding Firefox Nightly technical things, features and events. Offline Activities Introduction to Mozilla Introduction to Firefox Nightly Release cycle details Why we need Firefox Nightly users? Showing various stats regarding firefox Installing Nightly on participant’s PC WebCompat on Firefox Nightly How they can contribute in Nightly (QA and Promotion) Swag Distribution Duration of Campaign: 2 months Total Number of offline events: 15 only.  Hashtag: #INUsesFxNightly Duration of each event: 3-5 hours Swag is ready!    Swag for offline events For requesting swag, please read here. Also, we have the budget for these events. You can request it. Know more here . Other than that if you want to know more about activity format, event flow, resource and more thing, please read the wiki. If you have a special query, please send a mail to Biraj Karmakar [brnet00 AT gmail DOT com]. Don’t forget to join our telegram group for a realtime chat. [...]



Daniel Pocock: FSFE Fellowship Representative, OSCAL'17 and other upcoming events

Tue, 25 Apr 2017 12:57:23 +0000

The Free Software Foundation of Europe has just completed the process of electing a new fellowship representative to the General Assembly (GA) and I was surprised to find that out of seven very deserving candidates, members of the fellowship have selected me to represent them on the GA.

I'd like to thank all those who voted, the other candidates and Erik Albers for his efforts to administer this annual process.

Please consider becoming an FSFE fellow or donor

The FSFE runs on the support of both volunteers and financial donors, including organizations and individual members of the fellowship program. The fellowship program is not about money alone, it is an opportunity to become more aware of and involved in the debate about technology's impact on society, for better or worse. Developers, users and any other supporters of the organization's mission are welcome to join, here is the form. You don't need to be a fellow or pay any money to be an active part of the free software community and FSFE events generally don't exclude non-members, nonetheless, becoming a fellow gives you a stronger voice in processes such as this annual election.

Attending OSCAL'17, Tirana

During the election period, I promised to keep on doing the things I already do: volunteering, public speaking, mentoring, blogging and developing innovative new code. During May I hope to attend several events, including OSCAL'17 in Tirana, Albania on 13-14 May. I'll be running a workshop there on the Debian Hams blend and Software Defined Radio. Please come along and encourage other people you know in the region to consider attending.

(image)

What is your view on the Fellowship and FSFE structure?

Several candidates made comments about the Fellowship program and the way individual members and volunteers are involved in FSFE governance. This is not a new topic. Debate about this topic is very welcome and I would be particularly interested to hear any concerns or ideas for improvement that people may contribute. One of the best places to share these ideas would be through the FSFE's discussion list.

In any case, the fellowship representative can not single-handedly overhaul the organization. I hope to be a constructive part of the team and that whenever my term comes to an end, the organization and the free software community in general will be stronger and happier in some way.




Mozilla Open Innovation Team: Introducing FilterBubbler

Tue, 25 Apr 2017 12:49:39 +0000

Brainfood and Mozilla’s Open Innovation Team Kick Off Text Classification Open Source Experiment

Mozilla’s Open Innovation team is beginning a new effort to understand more about motivations and rewards for open source collaboration. Our goal is to expand the number of people for whom open source collaboration is a rewarding activity.

An interesting question is: While the server side benefits from opportunities to work collaboratively, can we explore them further on the client side, beyond browser features and their add-on ecosystems? User interest in “filter bubbles” gives us an opportunity to find out. The new FilterBubbler project provides a platform that helps users experiment with and explore what kind of text they’re seeing on the web. FilterBubbler lets you collaboratively “tag” pages with descriptive labels and then analyze any page you visit to see how similar it is to pages you have already classified.

(image)

You could classify content by age or reading-level rating, category like “current events” or “fishing”, or even how much you trust the source like “trustworthy” or “urban legend”. The system doesn’t have any bias and it doesn’t limit the number of tags you apply. Once you build up a set of classifications you can visit any page and the system will show you which classification has the closest statistical match. Just as a web site maintainer develops a general view of the technologies and communities of practice required to make a web site, we will use filter bubble building and sharing to help build client-side understanding.

The project aims to reach users who are motivated to understand and maybe change their information environment. Who want to transform their own “bubble” space and participate in collaborative work, but do not have add-on development skills.

Can the browser help users develop better understanding and control of their media environments? Can we emulate the path to contribution that server-side web development has? Please visit the project and help us find out. FilterBubbler can serve as a jumping off point for all kinds of specific applications that can be built on top of its techniques. Ratings systems, content suggestion, fact checking and many other areas of interest can all use the classifiers and corpora that the FilterBubbler users will be able to generate. We’ll measure our success by looking at user participation in filter bubble data sharing, and by how our work gets adapted and built on by other software projects.

Please find more information on the project, ways to engage and contact points on http://www.filterbubbler.org.

(image)

Introducing FilterBubbler was originally published in Mozilla Open Innovation on Medium, where people are continuing the conversation by highlighting and responding to this story.




Christian Heilmann: Talking about building the next interfaces with Machine Learning and AI at hackingui

Tue, 25 Apr 2017 07:45:39 +0000

Yesterday I was proud to be an invited speaker at the HackingUI masterclass where I presented about what Machine Learning and Artificial Intelligence means for us as developers and designers. I will be giving a similar talk tomorrow in Poland in my Code Europe talk. The Masterclass is using Crowdcast to allow for discussions between the moderators and the presenter, for the presenter to show his slides/demos and for people to chat and submit questions. You can see the whole one hour 45 minutes session by signing up to Hacking UI. Master Class #4: The Soul in The Machine – Developing for Humans It was exciting to give this presentation and the questions of the audience were interesting which meant that in addition to the topics covered in the talk I also managed to discuss the ethics of learning machines, how having more diverse teams can battle the issue of job loss because of automation and how AI can help combat bullying and antisocial behaviour online. The materials I covered in the talk: Chinese factory raising production by 250% and lowering defects by 80% through automation JP Morgan automating the job of lawyers BBC’s Will a robot take your job? and the paper it is based on AI software learns to write AI software Microsoft DeepCoder and the paper that describes DeepCoder Bookmark’s AIDA to create automatic designs Wix ADI for automatic page creation Microsoft’s Inclusive Design guidelines Facebook’s image alternative text explained Cognitive Services in Microsoft Office Pinterest’s Lens, a Shazam for real life objects AiPoly and a demo video of it in action Automatic text in Google Allo Microsoft’s Video Breakdown Google’s DeepMind Lip reading example and the scientific paper on lip reading The Enhance Trope in TV Pixel Recursive Super Resolution – a paper explaining how the “zoom to enhance” can work. NVIDIA’s Super Resolution tools Netflix’s deep learning driving adaptive video encoding Google Autodraw – a tool to create icons from your doodles Google QuickDraw – the game that fed Autodraw’s dataset Cracking Google’s Recaptcha using Google’s Speech-to-Text API ImageNet database and Open Images alternative Image Captioning in Google TensorFlow Microsoft’s CaptionBot Microsoft’s Cognitive Services CRIS - enhancing with context All in all there is a lot for us to be excited about and I hope I managed to make some people understand that the machine revolution is already happening and our job is it to make it benefit humankind, not work against it. [...]



This Week In Rust: This Week in Rust 179

Tue, 25 Apr 2017 04:00:00 +0000

Hello and welcome to another issue of This Week in Rust! Rust is a systems language pursuing the trifecta: safety, concurrency, and speed. This is a weekly summary of its progress and community. Want something mentioned? Tweet us at @ThisWeekInRust or send us a pull request. Want to get involved? We love contributions. This Week in Rust is openly developed on GitHub. If you find any errors in this week's issue, please submit a PR. Updates from Rust Community News & Blog Posts Announcing Serde 1.0.0 - zero-copy deserialization and remote derive. rustc-serialize is deprecated in favour of Serde. Rust MessagePack and Serde 1.0. Rust container cheat sheet. Visualisation of in-memory representation of Rust types. A visual guide for rustfmt’s configs. Redox OS 0.2.0 - Celebrating 2 years of Redox. Gtk-rs official tutorial is released. Unification in Chalk, part 2. Chalk is a PROLOG-ish interpreter written in Rust, intended eventually for use in the compiler. Negative reasoning in Chalk. How to fuzz a Rust program. Tricking Rust into following the XDG Base Directory specification. This week in Rust docs 53. This week in Servo 99. Crate of the Week This week's crate of the week is pq, a crate to generically decode protobuf messages. Thanks to sevagh for the suggestion. Submit your suggestions and votes for next week! Call for Participation Always wanted to contribute to open-source projects but didn't know where to start? Every week we highlight some tasks from the Rust community for you to pick and get started! Some of these tasks may also have mentors available, visit the task page for more information. What topics would you like to see covered in a video course about Rust? rust: Debian Rust packages. rdedup - a data deduplication with compression and public key encryption library, is looking for contributors who are interested in crypto, command line, and backups. PumpkinDB has a list of starter issues for people interested in an event sourcing database engine. [easy] maud: Remove error! macro. Maud is an HTML template engine for Rust. [easy] maud: Document toggled classes. [less easy] rust-bindgen: Add in-worklist bits to the analysis runner. [easy] flate2: Use distinct Flush types for Compress::compress vs Decompress::decompress. flate2 implements FLATE, Gzip, and Zlib bindings for Rust. [easy] flate2: Write usage examples. If you are a Rust project owner and are looking for contributors, please submit tasks here. Updates from Rust Core 98 pull requests were merged in the last week. repr struct alignment (RFC #1358] syntax: support parenthesis around trait bounds :vis matcher for macro_rules traits::select(..) filters out predicates from other traits cache DTOR check constraints on abstract data types performance audit Spring 2017 remove unstable deprecated items don't panic if attribute macros don't resolve at crate root hoedown makes a comeback! re-enable hoedown by default specialize Vec::extend(IntoIter) specialize {Path, OsStr}.clone_into() add functions to transmute floats to ints don't clog register allocator with byvals back out backtrace pruning logic (it was too eager) convert calls to visit_all_item_likes_in_crate(..) fix debug infinite loop on-demand-ify associated_item_def_ids on-demand-ify monomorphic_const_eval polymorphic const_eval(..) cargo: add overflow_checks to profile[...]



Myk Melez: Headless Firefox

Mon, 24 Apr 2017 19:24:38 +0000

Over in Headless SlimerJS with Firefox, fellowzillian Brendan Dahl writes about the work he’s been doing to support running Firefox headlessly. A headless mode for Firefox makes it easier to test websites with the browser, especially in continuous integration, to ensure Firefox remains compatible with the Web. It also enables a variety of other interesting use cases.

Brendan started with Linux, the most popular platform for CI services like Travis, and focused first on SlimerJS, a popular tool for testing websites with Firefox (and scripting the browser more generally) that uses Firefox to run a different XUL application (rather than running Firefox itself). Now he’s working on support for full headless Firefox as well as Windows and Mac.

Check out his blog post for more details and to tell him how you’d use the feature!




Air Mozilla: Mozilla Weekly Project Meeting, 24 Apr 2017

Mon, 24 Apr 2017 18:00:00 +0000

(image) The Monday Project Meeting




David Burns: Harassment of Open Source Maintainers or Contributors

Mon, 24 Apr 2017 11:27:38 +0000

On Friday I had the unfortunate pleasure of taking the brunt on an unhappy Selenium user. Their issue? My team said that a release of GeckoDriver would happen when we are confident in the code. They said that was not professional. They started by telling me that they contribute to Mozilla and this is not acceptable for them as a customer.

Below is a break down of why I took exception to this:

  • My team was being extremely professional. Software, by its very nature, has bugs but we try minimize the amount of bugs we ship. To do this we don't set release dates, we set certain objectives. My team is relatively small compared to the user group it needs to service so we need to triage bugs, fix code. We have both groups inside and outside of Mozilla. By saying we can only release when it is ready is going to be the best we can do.
  • Please don't ever tell open source maintainers you are their customer unless you are paying for support and you have a contract with SLAs. So that there is no issue with definition of customer I suggest you look at Merriam Webster's definition. It says "one that purchases a commodity or service". Mozilla, just like Google, Microsoft, and Apple, are working on WebDriver to help web developers. There is no monetary benefit from doing this. The same goes for the Selenium project. The work and products are given freely.
  • And finally, and this goes for any F/OSS project even if it comes from large corporations like Google or Facebook, never make demands. Ask how you can help instead. If you disagree with the direction of the project, fork it. Make your own project. They have given everything away for free. Take it, make it better for whatever better means for you.

Now, even after explaining this, the harassment continued. It has lead to that user being blocked on social media for me and my team as well as them being blocked on Github. I really dislike blocking people because I know when they approach us they are frustrated but taking that frustration out on my team doesn't help anyone. If you continue, after being warned, you will be blocked. This is not a threat, this a promise.

Next time you feel frustrated with open source ask the maintainers if you can donate time/money/resources to make their lives easier. Don't be the moron that people will instantly block.




Firefox Nightly: Release Notes for Nightly

Mon, 24 Apr 2017 09:33:07 +0000

(image) Every day, multiple changesets are merged or backed out on mozilla-central and every day we compile a new version of Firefox Nightly based on these changes so as to provide builds that our core community can use, test and report feedback on.

This is why we historically don’t issue release notes for Nightly, it is hard to maintain release notes for software to gets a new release every day. However, knowing what happens, what’s new, what should be tested, has always been a recurring request from our community over the years.

So as to help with this legitimate request, we set up a twitter account that regularly informs about significant new features, and we also have the great “These weeks in Firefox” posts by Mike Conley every two weeks. These new communication channels certainly did improve things for our community over the last year.

We are now going a step further and we just started maintaining real release notes for Nightly at this address: Release Notes for Firefox Nightly

But what does it mean to have release notes for a product released every day?

It means that in the context of Project Dawn, we have started monitoring all the commits landing on mozilla-central so as to make sure changes that would merit a mention in Firefox final release notes are properly documented. This is something that we used to do with the Aurora channel, we are just doing it for Nightly instead and we do that several times a week.

Having release notes for Nightly of course means that those are updated continuously and that we only document features that have not been merged yet to Beta. We also do not intend to document unstable features or features currently hidden behind a preference flag in about:config.

The focus today is Firefox Desktop, but we will  also  produce release notes for Firefox Nightly for Android at a later stage, once we have polished the process for Desktop.




Anthony Ricaud: On the utility of filing bugs

Mon, 24 Apr 2017 08:36:09 +0000

During my five years working at Mozilla, I’ve been known to ask people to file bugs when they encountered an issue. Most of the time, the answer was that they didn’t have time to do so and it was useless. I think it is actually very valuable. You get to learn from that experience: how to file actionable bugs, getting deeper knowledge into a specification, maybe a workaround for the problem.

A recent example

Three weeks ago, at work, we launched a new design for the website header. We got some reports that the logo was missing in Firefox on some pages. After investigation, we discovered that Firefox (and also Edge) had a different behaviour with SVG’s on pages with a element. We fixed it right away by using an absolute URL for our logo. But we also filed bugs against Gecko and Edge. As part of filing those bugs, I found the change in the SVG specification clarifying how it should be handled. Microsoft fixed the issue in less than two weeks. Mozilla fixed it in less than three weeks.

In October this year1, all browsers should behave the same way in regard to that issue. And a four year old workaround will be obsolete. We will be able to remove the code that we had to introduce. Less code, yeah!

I hope this will convince you that filing bugs has an impact. You can learn more on how to file actionable bugs. If you’d like an easier venue to file bugs when browsers are incompatible, the WebCompat project is a nice place to start.


  1. Firefox 55 should be released on August 8 and the next Edge should be released in September (maybe even earlier, I’m not clear on Edge’s release schedule) 




The Servo Blog: This Week In Servo 99

Mon, 24 Apr 2017 00:30:00 +0000

In the last week, we landed 127 PRs in the Servo organization’s repositories. By popular request, we added a ZIP archive link to the Servo nightlies for Windows users. Planning and Status Our overall roadmap is available online, including the overall plans for 2017. Q2 plans will appear soon; please check it out and provide feedback! This week’s status updates are here. Notable Additions hiikezoe corrected the animation behaviour of pseudo-elements in Stylo. UK992 added some auto cleanup mechanisms for TravisCI. Manishearth implemented system font support in Stylo. glennw added groove and ridged border support to WebRender. bholley converted simple CSS selectors and combinators to use inline storage for improved performance. MortimerGoro implemented the missing GetShaderPrecisionFormat WebGL API. sbwtw corrected the behaviour of CSS’ calc API in certain cases. metajack removed the DOMRectList API. BorisChious extended CSS transition support to shorthand properties. nox improved the parsing of the background-size CSS property. avadacatavra added support for creating Rust-based extensions of the C++ JSPrincipals API for SpiderMonkey. kvark avoided a panic in WebRender encountered when using it through Firefox. paulrouget clamped mouse scrolling to a single dimension at a time. Gankro added IPC overhead profiling to WebRender. stshine improved the inline size calculation for inline block layout. mrobinson fixed several problems with laying out absolute positioned blocks. canaltinova implemented support for the -moz-transform CSS property for Stylo. MortimerGoro modernized the infrastructure surrounding Android builds. New Contributors Alex Touchet alfredoyang coalman cu1t 石博文 Bruce Mitchener Interested in helping build a web browser? Take a look at our curated list of issues that are good for new contributors![...]



Wladimir Palant: How bad is a buffer overflow in an Emscripten-compiled application?

Sun, 23 Apr 2017 08:57:34 +0000

Emscripten allows compiling C++ code to JavaScript. It is an interesting approach allowing porting large applications (games) and libraries (crypto) to the web relatively easily. It also promises better performance and memory usage for some scenarios (something we are currently looking into for Adblock Plus core). These beneficial effects largely stem from the fact that the “memory” Emscripten-compiled applications work with is a large uniform typed array. The side-effect is that buffer overflows, use-after-free bugs and similar memory corruption mistakes are introduced to JavaScript that was previously safe from them. But are these really security-relevant? Worst-case scenario are obviously memory corruption bugs that can be misused in order to execute arbitrary code. At the first glance, this don’t seem to be possible here — even with Emscripten the code is still running inside the JavaScript sandbox and cannot escape. In particular, it can only corrupt data but not change any code because code is kept separately from the array serving as “memory” to the application. Then again, native applications usually cannot modify code either due to protection mechanisms of modern processors. So memory corruption bugs are typically abused by manipulating function pointers such as those found on the stack. Now Emscripten isn’t working with return pointers on the stack. I could identify one obvious place where function pointers are found: virtual method tables. Consider the following interface for example: class Database { virtual User* LookupUser(char* userName) = 0; virtual bool DropTable(char* tableName) = 0; ... }; Note how both methods are declared with the virtual keyword. In C++ this means that the methods should not be resolved at compile time but rather looked up when the application is running. Typically, that’s because there isn’t a single Database class but rather multiple possible implementations for the Database interface, and it isn’t known in advance which one will be used (polymorphism). In practice this means that each subclass of the Database interface will have a virtual method table with pointers to its implementations of LookupUser and DropTable methods. And that’s the memory area an attacker would try to modify. If the virtual method table can be changed in such a way that the pointer to LookupUser is pointing to DropTable instead, in the next step the attacker might make the application try to look up user "users" and the application will inadvertently remove the entire table. There are some limitations here coming from the fact that function pointers in Emscripten aren’t actual pointers (remember, code isn’t stored in memory so you cannot point to it). Instead, they are indexes in the function table that contains all functions with the same signature. Emscripten will only resolve the function pointer against a fixed function table, so the attacker can only replace a function pointer by a pointer to another function with the same signature. Note that the signature of the two methods above is identical as far as Emscripten is concerned: both have an int-lik[...]



Niko Matsakis: Unification in Chalk, part 2

Sun, 23 Apr 2017 04:00:00 +0000

In my previous post, I talked over the basics of how unification works and showed how that “mathematical version” winds up being expressed in chalk. I want to go a bit further now and extend that base system to cover associated types. These turn out to be a pretty non-trival extension. What is an associated type? If you’re not a Rust programmer, you may not be familiar with the term “associated type” (although many langages have equivalents). The basic idea is that traits can have type members associated with them. I find the most intuitive example to be the Iterator trait, which has an associated type Item. This type corresponds to kind of elements that are produced by the iterator: trait Iterator { type Item; fn next(&mut self) -> Option; } As you can see in the next() method, to reference an associated type, you use a kind of path – that is, when you write Self::Item, it means “the kind of Item that the iterator type Self produces”. I often refer to this as an associated type projection, since one is “projecting out”1 the type Item. Let’s look at an impl to make this more concrete. Consider the type std::vec::IntoIter, which is one of the iterators associated with a vector (specifically, the iterator you get when you invoke vec.into_iter()). In that case, the elements yielded up by the iterator are of type T, so we have an impl like: impl Iterator for IntoIter { type Item = T; fn next(&mut self) -> Option { ... } } This means that if we have the type IntoIter::Item, that is equivalent to the type i32. We usually call this process of converting an associated trait projection (IntoIter::Item) into the type found in the impl normalizing the type. In fact, this IntoIter::Item is a kind of shorthand; in particular, it didn’t explicitly state what trait the type Item is defined in (it’s always possible that IntoIter implements more than one trait that define an associated type called Item). To make things fully explicit, then, one can use a fully qualified path like this: as Iterator>::Item ^^^^^^^^^^^^^ ^^^^^^^^ ^^^^ | | | | | Associated type name | Trait Self type I’ll use these fully qualified paths from here on out to avoid confusion. Integrating associated types into our type system In this post, we will extend our notion of types to include associated type projections: T = ?X // type variables | N // "applicative" types | P // "projection" types (new in this post) P = ::X Projection types are quite different from the existing “applicative” types that we saw before. The reason is that they introduce a kind of “alias” into the equality relationship. With just applicative types, we could always make progress at each step: that is, no matter what two types were being equated, we could always break the problem down into simple[...]



Daniel Stenberg: Fewer mallocs in curl

Sat, 22 Apr 2017 18:26:23 +0000

Today I landed yet another small change to libcurl internals that further reduces the number of small mallocs we do. This time the generic linked list functions got converted to become malloc-less (the way linked list functions should behave, really). Instrument mallocs I started out my quest a few weeks ago by instrumenting our memory allocations. This is easy since we have our own memory debug and logging system in curl since many years. Using a debug build of curl I run this script in my build dir: #!/bin/sh export CURL_MEMDEBUG=$HOME/tmp/curlmem.log ./src/curl http://localhost ./tests/memanalyze.pl -v $HOME/tmp/curlmem.log For curl 7.53.1, this counted about 115 memory allocations. Is that many or a few? The memory log is very basic. To give you an idea what it looks like, here’s an example snippet: MEM getinfo.c:70 free((nil)) MEM getinfo.c:73 free((nil)) MEM url.c:294 free((nil)) MEM url.c:297 strdup(0x559e7150d616) (24) = 0x559e73760f98 MEM url.c:294 free((nil)) MEM url.c:297 strdup(0x559e7150d62e) (22) = 0x559e73760fc8 MEM multi.c:302 calloc(1,480) = 0x559e73760ff8 MEM hash.c:75 malloc(224) = 0x559e737611f8 MEM hash.c:75 malloc(29152) = 0x559e737a2bc8 MEM hash.c:75 malloc(3104) = 0x559e737a9dc8 Check the log I then studied the log closer and I realized that there were many small memory allocations done from the same code lines. We clearly had some rather silly code patterns where we would allocate a struct and then add that struct to a linked list or a hash and that code would then subsequently add yet another small struct and similar – and then often do that in a loop.  (I say we here to avoid blaming anyone, but of course I myself am to blame for most of this…) Those two allocations would always happen in pairs and they would be freed at the same time. I decided to address those. Doing very small (less than say 32 bytes) allocations is also wasteful just due to the very large amount of data in proportion that will be used just to keep track of that tiny little memory area (within the malloc system). Not to mention fragmentation of the heap. So, fixing the hash code and the linked list code to not use mallocs were immediate and easy ways to remove over 20% of the mallocs for a plain and simple ‘curl http://localhost’ transfer. At this point I sorted all allocations based on size and checked all the smallest ones. One that stood out was one we made in curl_multi_wait(), a function that is called over and over in a typical curl transfer main loop. I converted it over to use the stack for most typical use cases. Avoiding mallocs in very repeatedly called functions is a good thing. Recount Today, the script from above shows that the same “curl localhost” command is down to 80 allocations from the 115 curl 7.53.1 used. Without sacrificing anything really. An easy 26% improvement. Not bad at all! But okay, since I modified curl_multi_wait() I wanted to also see how it actually improves things for a slightly more advanced transfer. I took the multi-double.c example code, added the call to initiate the memory logging, made it uses curl_mult[...]



About:Community: Revitalize participation by understanding our communities

Fri, 21 Apr 2017 21:37:16 +0000

As part of the bigger Open Innovation strategy project on how openness can better drive Mozilla products and technologies, during the next few months we will be conducting research about our communities and contributors. We want to take a detailed, data-driven look into our communities and contributors: who we are, what we’re doing, what our motivations are and how we’re connected. Who: Understanding the people in our communities How many contributors are there in the Mozilla community. Who are we? (how diverse is our community?) Where are we? (geography, groups, projects) What: Understanding what people are doing What are we doing? (contributing with) What are our skillsets? How much time we’re able to devote to the project. The tools we use. Why do people contribute? (motivations) What blocks people from contributing? What other projects do we contribute to? What other organisations are we connected to? How much do people want to get involved? Why: Understanding why people contribute What are people’s’ motivations. What are the important factors in contributing for Mozilla (ethical, moral, technological etc). Is there anything Mozilla can do that will lead volunteers to contribute more? For people who have left the project:why do they no longer contribute?) How & Where: Understanding the shape of our communities and our people’s networks What are the different groups and communities. Who’s inside each group (regional and functional). What is the overlap between people in groups? Which groups have the most overlap, which have the least? (not just a static view, but also over time) How contributors are connected to each other? (related with the “where”) How are our contributors connected to other projects, Mozilla etc In order to answer all these questions, we have divided the work in three major areas. Contributors and Contributions Data Analysis Analyzing past quantitative data about contributions and contributors (from sources like Bugzilla, Github, Mailing Lists, and other sources) to identify patterns and draw conclusions about contributors, contributions and communities. Communities and Contributors survey Designing and administering a qualitative survey to as many active contributors as possible (also trying to survey people who have stopped contributing to Mozilla) to get a full view of our volunteers (demographics), motivations, which communities people identify with, and their experience with Mozilla. We’ll use this to identify patterns in motivations. Insights We’ll bring together the conclusions and data from both of the above components to articulate a set of insights and recommendations that can be a useful input to the Open Innovation Strategy project. In particular, one aim that we have is to cross reference individuals from the Mozillians Survey and Data Analysis to better understand — on aggregate — how things like motivations and identity relate to contribution. Our commitments In all of this work we are handling data with the care you would expect from Mozilla, in line w[...]



Firefox UX: Ratings and reviews on add-ons.mozilla.org

Fri, 21 Apr 2017 21:00:01 +0000

Hello!My name is Philip Walmsley, and I am a Senior Visual Designer on the Firefox UX team. I am also one of the people tasked with making addons.mozilla.org (or, “AMO”) a great place to list and find Firefox extensions and themes.There are a lot of changes happening in the Firefox and Add-ons ecosystem this year (Quantum, Photon, Web Extensions, etc.), and one of them is a visual and functional redesign of AMO. This has been a long time coming! The internet has progressed in leaps and bounds since our little site was launched many years ago, and it’s time to give it some love. We’ve currently got a top-to-bottom redesign in the works, with the goal of making add-ons more accessible to more users.I’m here to talk with you about one part of the add-ons experience: ratings and reviews. We have found a few issues with our existing approach:The 5-star rating system is flawed. Star ratings are arbitrary on a user by user basis, and it leads to a muddling of what users really think about an add-on.Some users just want to leave a rating and not write a review. Sometimes this is referred to as “blank page syndrome,” sometimes a user is just in a time-crunch, sometimes a user might have accessibility issues. Forcing users to do both leads to glib, unhelpful, and vague reviews.On that note, what if there was a better way to get reviews from users that may not speak your native tongue? What if instead of writing a review, a user had the option to select tags or qualities describing their experience with an add-on? This would greatly benefit devs (‘80% of the global community think my extension is “Easy to use”!’) and other users (‘80% of the global community believe this extension is “Easy to use”!’).We don’t do a very good job of triaging users actual issues: A user might love an extension but have an (unbeknownst to them) easily-solved technical problem. Instead of leaving a negative 1-star review for this extension that keeps acting weird, can we guide that user to the developer or Mozilla support?We also don’t do a great job of facilitating developer/user communication within AMO. Wouldn’t it be great if you could rectify a user’s issue from within the reviews section on your extension page, changing a negative rating to a positive one?So, as you can see, we’ve got quite a few issues here. So let’s simplify and tackle these one-by-one: Experience, Tags, Triage.So many feelsExperienceSomeone is not familiar with Lisa HanawaltThe star rating has its place. It is very useful in systems where the rating you leave is relevant to you and you alone. Your music library, for example: you know why you rate one song two stars and another at four. It is a very personal but very arbitrary way of rating something. Unfortunately, this rating system doesn’t scale well when more than one person is reviewing the same thing: If I love something but rate it two stars because it lacks a particular feature, what does that mean to other users or the overall aggregated rating? It [...]



Air Mozilla: Webdev Beer and Tell: April 2017

Fri, 21 Apr 2017 18:00:00 +0000

(image) Once a month web developers across the Mozilla community get together (in person and virtually) to share what cool stuff we've been working on in...




Mozilla Open Policy & Advocacy Blog: Dutch court ruling puts net neutrality in question

Fri, 21 Apr 2017 15:21:19 +0000

On Thursday, April 20th a Rotterdam Court ruled that T-Mobile’s zero rated service “Data Free Music” is legal. The court declared that the Dutch net neutrality law, which prohibits zero rating, is not in accordance with the EU net neutrality law that Brussels lawmakers passed last year.

Zero rating is bad for the long term health of the internet. By disrupting the level playing field and allowing discrimination, zero rating poses a threat to users, competition, and opportunity online.

The Netherlands has been a model to the world in protecting net neutrality. It’s alarming to see these vital protections for users, competition, and opportunity online struck down.

The power and potential of the Internet is greatest when users can access the full diversity of the open Internet, not just some parts of it. We urge the Authority for Consumers & Markets (ACM) to appeal this decision swiftly, and we hope that higher courts will restore the Internet’s level playing field.

The post Dutch court ruling puts net neutrality in question appeared first on Open Policy & Advocacy.




Doug Belshaw: Can digital literacy be deconstructed into learnable units?

Fri, 21 Apr 2017 09:35:37 +0000

Earlier this week, Sally Pewhairangi got in touch to ask if I’d be willing to answer four questions about digital literacy, grouped around the above question. She’ll be collating answers from a number of people in due course but, in the spirit of working openly, I’m answering her questions here.  1. What are the biggest mistakes novices make when becoming digitally literate? The three things I stress time and time again in my keynotes, writing, and workshops on this subject are: Digital literacies are plural Digital literacies are context-dependent Digital literacies are socially-negotiated As such, there is no stance from which you could call someone ‘digitally literate’, because (as Allan Martin has pointed out), it is a condition, not a threshold. There is no test you could devise to say whether someone was ‘digitally literate’, except maybe at a very particular snapshot in time, for a very defined purpose, in a certain context. That being said, and to answer the question, I think the main mistake that we make is to equate surface-level, procedural skills with depth of thought and understanding. I’m certain this is where the myth of the ‘digital native’ came from. Use does not automatically lead to expertise and understanding.  2. What mistakes are common at a pro level? By ‘pro level’, I’m assuming that this means someone who is seen as having the requisite digital knowledge, skills, and behaviours to thrive in their given field. As such, and because this is so context-dependent, it’s difficult to generalise. Nevertheless, what I observe in myself and others is an assumption that I/we/they have somehow ‘made it’ in terms of digital literacies. It’s an ongoing process of development, not something whereby you can sit back and rest on your laurels. I’m constantly surprised by digital practices and the effects that technologies have on society. As with the stock market, past performance isn’t a reliable guide to future success, so just because something looks ‘stupid’, ‘unimportant’, or otherwise outside my/your/our frame of reference doesn’t mean that it’s not worth investigating. I’d also comment on how important play is to the development of digital literacies. Learning something because you have to, or because someone has set you a target, is different from doing so of your own accord. Self-directed learning is messy and, from the point of view of an instructor, ‘inefficient’. However, to my mind, it’s the most effective type of learning there is. In general, there should be more remixing and experimentation in life, and less deference and conformity.  3. Can you learn the building blocks of digital literacy without access to the web? Where would you start? What would be the biggest misuse of time? To be ‘literate’ means to be part of a community of literate peers. To quote my own thesis: Given the ubiquitous and mandated use of technology[...]



Ehsan Akhgari: Quantum Flow Engineering Newsletter #6

Fri, 21 Apr 2017 06:26:10 +0000

I would like to share some updates about some of the ongoing performance related work. We have started looking at the native stack traces that are submitted through telemetry from the Background Hang Reports that take more than 8 seconds.  (We were hoping to have been able to reduce this threshold to 256ms for a while now, but the road has been bumpy — but this should land really soon now!)  Michael Layzell put together a telemetry analysis job that creates a symbolicated version of this data here: https://people-mozilla.org/~mlayzell/bhr/.  For example, this is the latest generated report.  The grouping of this data is unfortunate, since the data is collected based on the profiler pseudo-stack labels, which is captured after 128ms, and then native stack (if the hang continues for 8 seconds) gets captured after that, so the pseudo-stack and the native stack may or may not correspond, and this grouping also doesn’t help going through the list of native stacks and triage them more effectively.  Work is under way to create a nice dashboard out of this data, but in the mean time this is an area where we could really use all of the help that we can get.  If you have some time, it would be really nice if you can take a look at this data and see if you can make sense of some of these call stacks and find some useful bug reports out of them.  If you do end up filing bugs, these are super important bugs to work on, so please make sure you add “[qf]” to the status whiteboard so that we can track the bug. Another item worthy of highlight is Mike Conley’s Oh No! Reflow! add-on.  Don’t let the simple web page behind this link deceive you, this add-on is really awesome!  It generates a beep every time that a long running reflow happens in the browser UI (which, of course, you get to turn off when you don’t need to hunt for bugs!), and it logs the sync reflows that happened alongside the JS call stack to the code that triggered them, and it also gives you a single link that allows you to quickly file a bug with all of the right info in it, pre-filled!  In fact you can see the list of already filed bugs through this add-on! Another issue that I want to bring up is the [qf:p1] bugs.  As you have noticed, there are a lot of them.    It is possible that some of these bugs aren’t important to work on, for example because they only affect edge case conditions that affects a super small subset of users and that wasn’t obvious when the bug was triaged.  In some other cases it may turn out that fixing the bug requires massive amounts of work that is unreasonable to do in the amount of time we have, or that the right people for it are doing more important work and can’t be interrupted, and so on.  Whatever the issue is, whether the bug was mis-triaged, or can’t be fixed, please make sure to raise it on the bug!  In general the earlier these issues are uncovered the better it is, b[...]



Cameron Kaiser: The аррӏе bites back

Fri, 21 Apr 2017 02:00:00 +0000

I've received a number of inquiries about whether TenFourFox will follow the same (essentially wontfix) approach of Firefox for dealing with those international domain names that happen to be whole-script homographs. The matter was forced recently by one enterprising sort who created just this sort of double using Cyrillic characters for https://www.аррӏе.com/, which depending on your font and your system setup, may look identical to https://www.apple.com/ (the site is a proof of concept only). The circulating advice is to force all IDNs to be displayed in punycode by setting network.IDN_show_punycode to true. This is probably acceptable for most of our users (the vast majority of TenFourFox users operate with a Latin character set), but I agree with Gerv's concern in that Bugzilla entry that doing so disadvantages all other writing systems that are not Latin, so I don't feel this should be the default. That said, I also find the current situation unacceptable and doing nothing, or worse relying on DNS registrars who so far don't really care about anything but getting your money, similarly so. While the number of domains that could be spoofed in this fashion is probably small, it is certainly greater than one, and don't forget that they let the proof-of-concept author register his spoof! Meanwhile, I'm not sure what the solution right now should be other than "not nothing." Virtually any approach, including the one Google Chrome has decided to take, will disadvantage non-Latin scripts (and the Chrome approach has its own deficiencies and is not IMHO a complete solution to the problem, nor was it designed to be). It would be optimal to adopt whatever solution Firefox eventually decides upon for consistency if they do so, but this is not an issue I'd like to sit on indefinitely. If you use a Latin character set as your default language, and/or you don't care if all domains will appear in either ASCII or punycode, then go ahead and set that pref above; if you don't, or consider this inappropriate, stay tuned. I'm thinking about this in issue 384. By the way, TenFourFox "FPR0" has been successfully uploaded to Github. Build instructions to follow and the first FPR1 beta should be out in about two to three weeks. I'm also cogitating over a blog post discussing not only us but other Gecko forks (SeaMonkey, Pale Moon, etc.) which for a variety of reasons don't want to follow Mozilla into the unclear misty haze of a post-XUL world. To a first approximation our reasons are generally technical and theirs are primarily philosophical, but we both end up doing some of the same work and we should talk about that as an ecosystem. More later.[...]



Air Mozilla: WorldBots Meetup 4/20/17

Fri, 21 Apr 2017 02:00:00 +0000

(image) WorldBots Meetup 2017-04-20 19:00 - 21:00 We're throwing the first World Bot Meetup! International experts from all over the world will talk about the culture,...




Air Mozilla: Reps Weekly Meeting Apr. 20, 2017

Thu, 20 Apr 2017 16:00:00 +0000

(image) This is a weekly call with some of the Reps to discuss all matters about/affecting Reps and invite Reps to share their work with everyone.




QMO: Firefox 54 Beta 3 Testday, April 28th

Thu, 20 Apr 2017 14:20:57 +0000

Hello Mozillians,

We are happy to let you know that Friday, April 28th, we are organizing Firefox 54 Beta 3 Testday. We’ll be focusing our testing on the following new features: Net Monitor MVP and Download Panel UX Redesign.

Check out the detailed instructions via this etherpad.

No previous testing experience is required, so feel free to join us on #qa IRC channel where our moderators will offer you guidance and answer your questions.

Join us and help us make Firefox better!

See you on Friday!




Mozilla Localization (L10N): Localizing Firefox in Barcelona

Thu, 20 Apr 2017 13:23:54 +0000

We were thrilled to start the year’s localization (l10n) community workshops in Barcelona at the end of March 2017! Thanks to the help of the ever dedicated Alba and Benny the workshop was fun, productive, and filled with amazing Catalonian food. This workshop aimed to gather together core and active localizers from twenty-one l10n communities scattered throughout the southern parts of Western and Eastern Europe. Unlike the 2016 l10n hackathons, this was the first time we brought these twenty-one communities together to share experiences, ideas, and hack on Mozilla l10n projects together. The workshop was held at Betahaus, a local co-working space in Barcelona located in Villa de Grácia, Barcelona. The space was great for both large group presentations and small group breakouts. We had room to move around, brainstorm on whiteboards, and play our favorite icebreaker game, spectograms. All of the l10n-drivers were present for this workshop (another first) and many gave presentations on their main projects. Localizers got a look into new developments with L20n, Pontoon, and Pootle. We also had a glimpse into cross-channel localization for Firefox and how localizers can prepare for it to come in June. Following tradition, l10n communities came to the workshop with specific goals to accomplish while there. While together, these communities were able to complete around 75% of their goals. These goals largely surrounded addressing the question of localization quality and testing, but also included translating strings for Mozilla products, web sites, and planning for recruiting new localizers. We couldn’t think of being in Barcelona without taking advantage of participating in a cultural activity as a group. Alba was kind enough to guide the whole group through the city on Saturday night and show us some of the most prominent sites, like Sagrada Familia (which happened to be the most popular site among the l10n communities). On Sunday, the l10n communities and drivers gathered around four different tables to discuss four different topics in 30-minute chunks of time. Every 30 minutes, Mozillians moved to a different table to discuss the topic assigned to that table. These topics included localization quality, style guides, recruiting new localizers, and mentoring new localizers. It was a great opportunity for both veteran and new localizers to come together and share their experience with each topic and ideas on how to take new approaches to each. Sure, it was a bit chaotic, but everyone was flexible and willing to participate, which made it a good experience nevertheless. For more info about the workshop (including the official Spotify playlist of the workshop), visit the event’s wiki page here. ¡Hasta luego! More pictures from the event: [...]



Mozilla Reps Community: Reps Program Objectives – Q2 2017

Thu, 20 Apr 2017 13:10:07 +0000

As we did in the past few quarters, we have decided on the Reps Program Objectives for this quarter. Again we have worked with the Community Development Team to align our goals to the broader scope of their goals. These are highly relevant for the Reps program and the Reps’ goals are tightly coupled with these. In the following graphic you can see how all these goals play together. Objective 1 – RepsNext is successfully completed paving the way for our next improvement program KR 1 – The Coaching plan is implemented and we are able to scale KR 2 – Budget requests submitted after June, 1st go through the trained Resource Reps KR 3 – Reps can get initial resources to improve their Leadership skills KR 4 – Core community sentiment NPS >11.5 (Konstantina as in Q1) KR 5 – Mobilizer sentiment NPS >15 (Konstantina as in Q1) KR 6 – We have a GitHub issue to plan for the future of Reps with an exclusive focus on functional contributions KR 7 – The Facebook experiment is analyzed and being continued if successful KR 8 – 2 communication improvements are identified KR 9 – It takes a maximum of 2 weeks for new applicants to have their first task assigned Objective 2 – MozActivate focuses mobilizers on impactful areas KR 1 – General feedback form is used by 100% of MozActivate activities KR 2 – We have implemented metrics and measurements for the existing MozActivate and to-be-launched activities as well as for the website itself KR 3 – 70 Reps have organized one or more MozActivate activity KR 4 – Activate is actively engaging 70 new technical contributors KR 5 – 2 new activities are launched Objective 3 – The Reps program demonstrates operational excellence in the Mozilla Project KR 1 – Goals for Q3 have been set KR 2 – We were involved and gave feedback about the Community Development Team OKRs for Q3 as well as the broader Open Innovation ones KR 3 – The budget allocation for Q3 is finalized and communicated to all Reps KR 4 – We have on average maximum one open action item from last week before every Council Meeting that is not tracked on GitHub and next steps/blockers are identified KR 5 – We have planned 2 brainstorm sessions for the next improvement program KR 6 – We have given feedback for Open Innovation’s “Strategy” project and are a valuable source for future consultation for strategy related questions We will work closely with the Community Development Team to achieve our goals. You can follow the progress of these tasks in the Reps Issue Tracker. We also have a new Dashboard1 to track the status of each objective. Which of the above objectives are you most interested in? What key result would you like to hear more about? What do you find intriguing? Which thoughts cross[...]



The Mozilla Blog: This April, Mozilla is Standing Up for Science

Thu, 20 Apr 2017 12:09:47 +0000

Mozilla supports the March for Science. And we’re leading projects to make scientific research more open and accessible, from extraterrestrial hackathons to in-depth fellowships   We believe openness is a core component not just of a healthy Internet, but also a healthy society. Much like open practices can unlock innovation in the realm of technology, open practices can also invigorate fields like civics, journalism — and science. In laboratories and at academic institutions, open source code, data and methodology foster collaboration between researchers; spark scientific progress; increase transparency and encourage reproducibility; and better serve the public interest. Open data has been shown to speed up the study process and vaccine development for viruses, like Zika, at global scale. And open practices have allowed scientific societies from around the globe to pool their expertise and explore environments beyond Earth. This April, Mozilla is elevating its commitment to open science. Mozilla Science Lab, alongside a broader network of scientists, developers and activists, is leading a series of programs and events to support open practices in science. Our work aligns with the April 22 March for Science, a series of nonpartisan gatherings around the world that celebrate science in the public interest. We’re proud to say Teon Brooks, PhD — neuroscientist, open science advocate and Mozilla Science Fellow — is serving as a March for Science Partnership Outreach Co-Lead. From science fellowships to NASA-fueled hackathons, here’s what’s happening at Mozilla this April: Signage for Science Marchers We want to equip March for Science participants — from the neuroscientist to the megalosaurus-obsessed third grader — with signs that spotlight their passion and reverence for science. So Mozilla is asking you for your most clever, impassioned science-march slogans. With them, our designers will craft handy posters you can download, print and heft high. Learn more here. Seeking Open Science Fellows This month, Mozilla began accepting applications for Mozilla Fellowships for Science. For the third consecutive year, we are providing paid fellowships to scientists around the world who are passionate about collaborative, iterative and open research practices. Mozilla Science Fellows spend 10 months as community catalysts at their institutions, and receive training and support from Mozilla to hone their skills around open source, data sharing, open science policy and licensing. Fellows also craft code, curriculum and other learning resources. Fellowship alums hail from institutions like Stanford University and University of Cambridge, and have developed open source tools to teach and study issues like [...]



Mozilla VR Blog: WebVR Google Daydream support lands in Servo

Wed, 19 Apr 2017 18:29:22 +0000

Want to try this now? Download this three Rollercoaster Demo (Android APK)! We are happy to announce that Google Daydream VR headset and Gamepad support are landing in Servo. The current implementation is WebVR 1.1 spec-compliant and supports asynchronous reprojection to achieve low-latency rendering. If you are eager to explore, you can download an experimental three Rollercoaster Demo (Android APK) compatible with Daydream-ready Android phones. Put on the headset, switch on your controller, and run the app from Daydream Home or from a direct launch. We have contributed to many parts in the Servo browser codebase in order to allow polished WebVR experiences on Android. It’s nice that our WebVR support goals has allowed to push forward some improvements that are also useful for other areas of the Android version of Servo. VR Application life cycle Daydream VR applications have to gracefully handle several VR Entry flows such as transitions between the foreground and background, showing and hiding the Daydream pairing screen, and adding the GvrLayout Android View on top of the view hierarchy. To manage the different scenarios we worked on proper implementations of native EGL context lost and restore, animation loop pause/resume, immersive full-screen mode, and support for surface-size and orientation changes. Servo uses a NativeActivity, in combination with android-rs-glue and glutin, as an entry point for the application. We realized that NativeActivity ignores the Android view hierarchy because it’s designed to take over the surface from the window to directly draw to it. The Daydream SDK requires a GvrLayout view in the Activity’s view hierarchy in order to show the VR Scene, so things didn’t work out. A research about this issue shows that most people decide to get rid of NativeActivity or bypass this limitation using hacky PopupWindow modal views. The PopupWindow hack may work for simple views like an Google AdMob banner but causes complications with a complex VR view. We found a more elegant solution by releasing the seized window and injecting a custom SurfaceView with its render callbacks redirected to the abstract implementation in NativeActivity: This approach works great, and we can reuse the existing code for native rendering. We do, however, intend to remove NativeActivity in the future. We’d like to create a WebView API-based Servo component that will allow developers to embed their content from Android standalone apps or using WebView-based engine ecosystems such as Cordova. This will involve modifications to various Servo layers coupled with NativeActivity callbacks. Build System Thanks to the amazing job of both the Rustlang and Servo t[...]



Wladimir Palant: Is undetectable ad blocking possible?

Wed, 19 Apr 2017 18:29:02 +0000

This announcement by the Princeton University is making its rounds in the media right now. What the media seems to be most interested in is their promise of ad blocking that websites cannot possibly detect, because the website can only access a fake copy of the page structures where all ads appear to be visible. The browser on the other hand would work with the real page structures where ads are hidden. This isn’t something the Princeton researchers implemented yet, but they could have, right? First of all, please note how I am saying “hidden” rather than “blocked” here — in order to fake the presence of ads on the page you have to allow the ads to download. This means that this approach won’t protect you against any privacy or security threats. But it might potentially protect your eyes and your brain without letting the websites detect ad blocker usage. Can we know whether this approach is doable in practice? Is a blue pill for the website really possible? The Princeton researchers don’t seem to be aware of it but it has been tried before, probably on a number of occasions even. One such occasion was the history leak via the :visited CSS pseudo-class — this pseudo-class is normally used to make links the user visited before look differently from the ones they didn’t. The problem was, websites could detect such different-looking links and know which websites the user visited — there were proof-of-concept websites automatically querying a large number of links in order to extract user’s browsing history. One of the proposals back then was having getComputedStyle() JavaScript API return wrong values to the website, so that visited and unvisited links wouldn’t be distinguishable. And if you look into the discussion in the Firefox bug, even implementing this part turned out very complicated. But it doesn’t stop here, same kind of information would leak via a large number of other APIs. In fact, it has been demonstrated that this kind of attack could be performed without any JavaScript at all, by making visited links produce a server request and evaluating these requests on the server side. Hiding all these side-effects was deemed impossible from the very start, and the discussion instead focused on the minimal set of functionality to remove in order to prevent this kind of attack. There was a proposal allowing only same-origin links to be marked as visited. However, the final solution was to limit the CSS properties allowed in a :visited psedo-class to those merely changing colors and nothing else. Also, the conclusion was that APIs like canvas.drawWindow() which allowed websites to inspect the display of the page direct[...]



Hacks.Mozilla.Org: Firefox 53: Quantum Compositor, Compact Themes, CSS Masks, and More

Wed, 19 Apr 2017 16:11:42 +0000

Firefox 53, available today, includes the following key new features and enhancements. Quantum Compositor Process on Windows One of the first pieces of Project Quantum, the Compositor Process, has arrived on Windows. Compositors are responsible for flattening all of the various elements on a webpage into a single image to be drawn on the screen. Firefox can now run its compositor in a completely separate process from the main Firefox program, which means that Firefox will keep running even if the compositor crashes—it can simply restart it. For more details on how this aspect of Project Quantum reduces crash rates for Firefox users, check out Anthony Hughes’ blog post. Light and Dark Compact Themes The “compact” themes that debuted with Firefox Developer Edition are now a standard feature of Firefox. Users can find light and dark variants of this space-saving, square-tabbed theme listed under the “Themes” menu in Customize mode. New WebExtension Features WebExtensions are browser add-ons that are designed to work safely and efficiently in Firefox, Chrome, Opera, and Edge, while also supporting powerful features unique to Firefox. In Firefox 53, WebExtensions gained compatibility with several pre-existing Chrome APIs: The browsingData API lets add-ons clear the browser’s cache, cookies, history, downloads, etc. For example, Firefox’s Forget Button could now be implemented as a WebExtension. The identity API allows add-ons to request OAuth2 tokens with the consent of the user, making it easier to sign into services within an add-on. The storage.sync API allows add-ons to save user preferences to Firefox Sync, where it can be shared and synchronized between devices. The webRequest.onBeforeRequest API can now access the request body, in addition to headers. The contextMenus API now supports adding menus to browser actions and page actions. Firefox 53 also supports the following unique APIs: Contextual Identities, the basis of the Containers experiment in Test Pilot, can now be created and managed via the contextualIdentities API. Context menus can be created on tabs and password fields with the contextMenus API. CSS injected into pages with tabs.insertCSS can specify if the new styles should be considered part of the author stylesheet or the user stylesheet, which exist at different levels in the cascading order. New CSS Features: Positioned Masks and Flow-Root Firefox 53 supports positioned CSS Masks, which allow authors to partially or fully hide visual elements within a webpage. Masks work by overlaying images or other graphics (like linear gradients) that define which regions of an element should be visible,[...]



The Mozilla Blog: Firefox faster and more stable with the first big bytes of Project Quantum, simpler with compact themes and permissions redesign

Wed, 19 Apr 2017 16:00:59 +0000

Today’s release of Firefox includes the first significant piece of Project Quantum, as well as various visible and the under-the-hood improvements. The Quantum Compositor speeds up Firefox and prevents graphics crashes on Windows In case you missed our Project Quantum announcement, we’re building a next-generation browser engine that takes full advantage of modern hardware. Today we’re shipping one of the first important pieces of this effort – what we’ve referred to as the “Quantum Compositor”. Some technical details – we’ve now extracted a core part of our browser engine (the graphics compositor) to run in a process separate from the main Firefox process. The compositor determines what you see on your screen by flattening into one image all the layers of graphics that the browser computes, kind of like how Photoshop combines layers. Because the Quantum Compositor runs on the GPU instead of the CPU, it’s super fast. And, because of occasional bugs in underlying device drivers, the graphics compositor can sometimes crash. By running the Quantum Compositor in a separate process, if it crashes, it won’t bring down all of Firefox, or even your current tab. In testing, the Quantum Compositor reduced browser crashes by about 10%. You can learn more about our findings here. The Quantum Compositor will be enabled for about 70% of Firefox users – those on Windows 10, 8, and 7 with the Platform Update, on computers with graphics cards from Intel, NVidia, or AMD. And if you’re wondering about the Mac – graphics compositing is already so stable on MacOS that a separate process for the compositor is not necessary. Save screen real estate – and your eyes – with compact themes and tabs It’s a browser’s job to get you where you want to go, and then get out of the way. That’s why today’s release of Firefox for desktop ships with two new themes: Compact Light and Compact Dark. Compact Light shrinks the size of the browser’s user interface (the ‘chrome’) while maintaining Firefox’s default light color scheme. The Compact Dark theme inverts colors so it won’t strain your eyes, especially if you’re browsing in the dark. To turn on one of these themes, click the menu button and choose Add-ons. Then select the Appearance panel, and the theme you’d like to activate. Firefox for Android also ships with a new setting for compact tabs. When you switch tabs, this new setting displays your tabs in two columns, instead of one, so it’s easier to switch tabs when you have several open. To activate compact tabs, go to Settings > General. Easily control a website’s permis[...]



Air Mozilla: Weekly SUMO Community Meeting Apr. 19, 2017

Wed, 19 Apr 2017 16:00:00 +0000

(image) This is the Sumo Weekly call for 4/19/17. PLEASE NOTE***( Known audio issue for the 2nd half of video)




Nathan Froyd: on customer service; or, how to treat bug reports

Wed, 19 Apr 2017 13:18:40 +0000

From United: Broken Culture, by Jean-Louis Gassée, writing on his time as the head of Apple France:

Over time, a customer service theorem emerged. When a customer brings a complaint, there are two tokens on the table: It’s Nothing and It’s Awful. Both tokens are always played, so whoever chooses first forces the other to grab the token that’s left. For example: Customer claims something’s wrong. I try to play down the damage: It’s Probably Nothing…are you sure you know what you’re doing? Customer, enraged at my lack of judgment and empathy, ups the ante: How are you boors still in business??

But if I take the other token first and commiserate with Customer’s complaint: This Is Awful! How could we have done something like this? Dear Customer is left with no choice, compelled to say Oh, it isn’t so bad…certainly not the end of the world..

It’s simple, it works…even in marriages, I’m told.

There’s no downside to taking the It’s Awful position. If, on further and calm investigation, the customer is revealed to be seriously wrong, you can always move to the playbook’s Upon Further Review page.




Daniel Stenberg: curl bug bounty

Wed, 19 Apr 2017 08:00:08 +0000

The curl project is a project driven by volunteers with no financing at all except for a few sponsors who pay for the server hosting and for contributors to work on features and bug fixes on work hours. curl and libcurl are used widely by companies and commercial software so a fair amount of work is done by people during paid work hours. This said, we don’t have any money in the project. Nada. Zilch. We can’t pay bug bounties or hire people to do specific things for us. We can only ask people or companies to volunteer things or services for us. This is not a complaint – far from it. It works really well and we have a good stream of contributions, bugs reports and more. We are fortunate enough to make widely used software which gives our project a certain impact in the world. Bug bounty! Hacker One coordinates a bug bounty program for flaws that affects “the Internet”, and based on previously paid out bounties, serious flaws in libcurl match that description and can be deemed worthy of bounties. For example, 3000 USD was paid for libcurl: URL request injection (the curl advisory for that flaw) and 1000 USD was paid for libcurl duphandle read out of bounds (the corresponding curl advisory). I think more flaws in libcurl could’ve met the criteria, but I suspect more people than me haven’t been aware of this possibility for bounties. I was glad to find out that this bounty program pays out money for libcurl issues and I hope it will motivate people to take an extra look into the inner workings of libcurl and help us improve. What qualifies? The bounty program is run and administered completely out of control or insight from the curl project itself and I must underscore that while libcurl issues can qualify, their emphasis is on fixing vulnerabilities in Internet software that have a potentially big impact. To qualify for this bounty, vulnerabilities must meet the following criteria: Be implementation agnostic: the vulnerability is present in implementations from multiple vendors or a vendor with dominant market share. Do not send vulnerabilities that only impact a single website, product, or project. Be open source: finding manifests itself in at least one popular open source project. In addition, vulnerabilities should meet most of the following criteria: Be widespread: vulnerability manifests itself across a wide range of products, or impacts a large number of end users. Have critical impact: vulnerability has extreme negative consequences for the general public. Be novel: vulnerability is new or unusual i[...]



Mozilla Localization (L10N): Localizing Nightly by Default

Tue, 18 Apr 2017 23:59:41 +0000

One of our goals for 2017 is to implement a continuous localization system at Mozilla for Firefox and other projects. The idea is to expose new strings to localizers earlier and more frequently, and to ship updates to users as soon as they’re ready. I’m excited to say that we’ve arrived at one of the key milestones toward a continuous localization system: transitioning localization from Aurora to Nightly. How can you help? Starting April 19th, the focus for localization is going to be on Nightly. If you are a localizer, you should install Nightly in your own language and test your localization. If you are a member of a local community, you should start spreading the message about the importance of using Nightly to help improve localized versions of Firefox and share feedback with localizers. If you are new to localization, and you want to help with translation tasks, check out our tools (Pontoon and Pootle), and get in touch with the contributors already working on your language. The amount of information might be overwhelming at times, if you ever get lost you can find help on IRC in the #l10n channel, on our mailing list, and even via Twitter @mozilla_l10n. Firefox release channels Mozilla has three (previously four) release channels for Firefox, each with their own dedicated purpose. There’s Nightly (built from the mozilla-central repository), Beta (mozilla-beta), and Release (mozilla-release). Nightly: development of Firefox (and now localization) Aurora: testing & localization (no longer available) Beta: stable testing of Firefox Release: global distribution of Firefox to general audience A version of Firefox will “ride the trains” from Nightly to Beta and finally to Release, moving down the channel stream every 6-8 weeks. With Aurora, localizers were given one cycle to localize new, unchanging content for Firefox. In fact, once moved to Aurora, code would be considered “string frozen”, and only exceptional changes to strings would be allowed to land. Any good update from localizers during that time was signed off and rode the trains for 6-12 weeks before end-users received it. We spent the last two years asking localizers about their contribution frequency preferences. We learned that, while some preferred this 6 week cycle to translate their strings, the majority preferred to have new content to translate more frequently. We came away from this with the understanding that the thing localizers want most when it comes to their contribution frequency is freedom: freedo[...]



Alex Gibson: My fourth year working at Mozilla

Tue, 18 Apr 2017 23:00:00 +0000

Mozilla staff photo from All-Hands event in Hawaii, December 2016 This week marks my 4th year Mozillaversary! As usual, I try to put together a short post to recap on some of the things that happened during the past year. It feels like I have some things to talk about this time around which are slightly more process-heavy than previous year’s efforts, but gladly there’s some good work in there too. Here goes! Our team grew Our functional team grew over the past year which is really great to see. We now manage the development and infrastructure for both www.mozilla.org and MDN. The idea is that having both teams more closely aligned will lead to increased sharing of knowledge and skills, as well as standardization on common tools, libraries, infra, deployment and testing. It’s great to have some more talented people on the team, hooray! Are we agile yet? While most of my day-to-day work is still spent tending to the needs of www.mozilla.org, a lot has changed in the last year with regard to how our development team manages work processes. The larger marketing organization at Mozilla has switched to a new agile sprint model, with dedicated durable teams for each focus area. While I think this is a good move for the marketing org as a whole, it has also been a struggle for many teams to adjust (the mozorg team included). While two week sprints can work well for product focused teams, a website such as mozorg can be quite a different beast; with multiple stakeholders, moving parts, technical debt, and often rapidly shifting priorities. It is also an open source project, with real contributors. We’re still experimenting with trying to make this new process fit the needs of our project, but I do wonder if we’ll slowly creep back to Kanban (our previous methodology) during the course of the next year. Let’s wait and see ;) Contributions and other stats Here are the usual stats from the past year: I made over 166 commits to bedrock this past year (down from 269 commits last year). I have now filed over 424 bugs on Bugzilla, been assigned over 474 bugs and made over 3967 comments. I cycled over 1657 miles on my lunch breaks (one of my personal goals this past year was to become more healthy!). Now, the number of commits to bedrock aren’t always a good representation of the level of work that occurred during the year. I did work on some large, far reaching bugs which took a lot of time and effort. But it does make me wonder if our new s[...]



Armen Zambrano: Docker image to generate allthethings.json

Tue, 18 Apr 2017 15:14:17 +0000

I've created a lot of hackery in the past (mozci) based on Release Engineering's allthethings.json file as well as improving the code to generate it reliably. This file contains metadata about the Buildbot setup and the relationship between builders (a build trigger these tests).

Now, I have never spent time ensuring that the setup to generate the file is reproducible. As I've moved over time through laptops I've needed to modify the script to generate the file to fit my new machine's set up.

Today I'm happy to announce that I've published a Docker image at Docker hub to help you generate this file anytime you want.

You can find the documentation and code in here.

Please give it a try and let me know if you find any issues!
docker pull armenzg/releng_buildbot_docker
docker run --name allthethings --rm -i -t releng_buildbot_docker bash
# This will generate an allthethings.json file; it will take few minutes
/braindump/community/generate_allthethings_json.sh
# On another tab (once the script is done)
docker cp allthethings:/root/.mozilla/releng/repos/buildbot-configs/allthethings.json .


(image)
This work by Zambrano Gasparnian, Armen is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License. (image)



Gervase Markham: MOSS End-of-Award Report: Mio

Tue, 18 Apr 2017 12:26:30 +0000

We are starting to ask MOSS project awardees to write an end-of-award report detailing what happened. Here’s one written a few months ago by the Mio project (Carl Lerche).

(image)



Bruce Van Dyk: Migrating From LastPass to KeePass

Tue, 18 Apr 2017 09:23:13 +0000

I've recently been trying out KeePass 2 as an alternative to LastPass, in this post I'm going to go briefly into why I made the switch, and detail how you can do so with a fairly minimal amount of pain. If you're just interested in how to migrate, you can skip straight to the how section. Why The two major reasons I'm trying something else are security and performance. That said: I think any password manager is much better than the alternative of manually managing passwords. I also think LastPass is pretty good, I've used it historically because I like it. In terms of the why I'm trying something else, these reasons will apply to pretty much any browser extension based password manager. Security Password managers running in the browser have an attack surface which includes JavaScript and the DOM. This doesn't mean these managers are busted, but it makes the job of securing them that much harder. For example, LastPass recently have had some issues with their browser extenstion brought to light: see here and here. That said, they have swiftly dealt with the vulnerabilities raised, which is a great thing. LastPass is in good company here, Project Zero have shown up issues with other password manager browser extensions such as 1Password and Dashlane. These issues too have been fixed, but they can exist in the first place because of the design of these extension based managers. KeePass doesn't integrate into browsers (though it has plugins that do so). In switching I'm hoping to guard myself against vulnerabilities such as those above. I'm going to lose out on things like autofill. However, at this stage this is a trade I'm at least willing to try out. Performance I've found the LastPass extension to be a bit of a performance hog. In Firefox I would often run into janks when using IRCCloud (web based IRC client) with the LastPass addon installed. There's a bugzilla bug on it here. Aside from specific cases like this, LastPass adds also an inherent overhead which I'm not sure I'm cool with. Obviously these programs need to use some resources run. However, extension based managers can end up doing quite a lot, some of which I didn't expect. For example, some of these extensions will parse the DOM to try and find places to insert icons (click me to fill passwords) or autofill, however, if you're dealing with large DOMs this can take seconds. This may not sound like a lot, but it gets ol[...]



This Week In Rust: This Week in Rust 178

Tue, 18 Apr 2017 04:00:00 +0000

Hello and welcome to another issue of This Week in Rust! Rust is a systems language pursuing the trifecta: safety, concurrency, and speed. This is a weekly summary of its progress and community. Want something mentioned? Tweet us at @ThisWeekInRust or send us a pull request. Want to get involved? We love contributions. This Week in Rust is openly developed on GitHub. If you find any errors in this week's issue, please submit a PR. Updates from Rust Community News & Blog Posts Carol Nichols and Nick Cameron join the core team, and Patrick Walton retires. Announcing the Rust infrastructure team. Updated: Rust language 2017 ergonomic improvements initiative. RLS now available on nightly (and via rustup). Introducing Relm, a GUI library, based on GTK+ and futures, written in Rust. Optimizing Rust struct size: A 6-month compiler development project. As part of MOSS, Mozilla awards $50,000 to Tokio - an asynchronous I/O project in Rust. Servo: Windows nightly builds now available. Prolonging temporaries in Rust. Telling compiler to hold on to a temporary value for the scope of the outer block. Rust's fearless concurrency in rdedup. [slides] The end of unsafety: The past, present, and future of the Rust programming language. Boilerplate-free struct transforms in Rust. The path to Rust on the web with WebAssembly. This week in Servo 98. This week in Rust docs 52. Crate of the Week Sadly, for lack of nominations we have no Crate of this Week. Submit your suggestions and votes for next week! Call for Participation Always wanted to contribute to open-source projects but didn't know where to start? Every week we highlight some tasks from the Rust community for you to pick and get started! Some of these tasks may also have mentors available, visit the task page for more information. rust: Error message when VS 2015 build tools exist but not the SDK needs to be better. [easy] lazy_static: Include homepage in Cargo.toml. lazy_static is a small macro for defining lazy evaluated static variables in Rust. [easy] lazy_static: Include categories in Cargo.toml. [easy] lazy_static: Publish CI badges for all Tier 1 platforms. [easy] flate2: Wire up rustdoc hyperlinks. flate2 implements FLATE, Gzip, and Zlib bindings for Rust. [easy] flate2: Use distinct Flush types for Compress::compress vs Decompress::decompress. [easy] flate2: Document error conditions in "Errors" sections.[...]



About:Community: Firefox 53 new contributors

Tue, 18 Apr 2017 02:50:26 +0000

With the release of Firefox 53, we are pleased to welcome the 63 developers who contributed their first code change to Firefox in this release, 58 of whom were brand new volunteers! Please join us in thanking each of these diligent and enthusiastic individuals, and take a look at their contributions: bakkot: 1317375, 1332052 catdesk: 1313834 jay.harris: 1318965, 1319159, 1319197 johannkoenig: 1223692, 1328330, 1328744, 1331498 oliver.scheiwiller: 1317745 pass2pawan: 1306538, 1319432, 1319539, 1319541, 1319551, 1319849, 1320126 s7hoang: 1028200 tharvik: 1321877 y.gravrand: 1319989 zirakertan: 1325473 Adrian Zatreanu: 1316008, 1321480 Ajit: 1316511 Aman Dwivedi: 1320663, 1323685 Aniruddha Patil: 1322975 Avikalpa Kundu: 1319368 Bao Quan: 1326265 Brian Chen: 1325488 Conache Cristian: 1315403 Denis Scott: 1323115 Dimitrij Mijoski: 1322655 Dylan Sharhon: 1043423 Florian Apolloner: 1324929 Francisco Aguiar: 1330009 George: 1324656 George Veneel Dogga: 887876 HAMMAD AKHTAR: 1289779, 1302765, 1302800, 1302804, 1311810, 1322193, 1323633, 1325429, 1326462 Hal Gentz: 1234317 Hamel Joshi: 1316017, 1320317 Ilya Gordeev: 1247602 ItielMaN: 1322389 Iulian Radu: 1322565 Jalen Adams: 1320154, 1324171, 1326581 Jared Beach: 430745 Jing-wei Wu: 1285802, 1325586 Julien Vehent: 1301956 Karolien: 944117, 1320829, 1321076, 1329104, 1331528 Kimberly Pennington: 1319079 Lars Bergstrom: 1283898 Louis Chang: 1313295, 1323120 Matheus Longaray: 1319067 Mauro Doglio: 1314173 Mayank: 1329926 Michael: 1300784 Ori Avtalion (salty-horse): 424390 Owais Kazi: 1220316 Pavan Karthik: 1196395, 1235547, 1305681, 1324571 Pierre Brochard: 1326311 Premang: 498976 Shan: 1316006, 1316012, 1316021, 1320298 Srivatsav Gunisetty: 1027174 Steve Jarvis: 1279533, 1319762 Steven Ellul: 1302767 Taahir Ahmed: 1294042 Thomas Charles: 1316975 Thomas Dräbing: 1251728 Tom Puttemans: 1052045 Tom Ritter: 1314784, 1317642 Tomislav Jurin: 1296189, 1316005, 1316009 Tyler Maklebust: 1309935 Vangelis Katsikaros: 1279203 Vedant Sareen: 1301311, 1323134 Vlad Zuga: 1294541 friedger: 1317933 jbonnafo: 545066, 752823, 1322146 [...]



Air Mozilla: Mozilla and Stanford Law Panel on Intellectual Property Law and the First Amendment

Tue, 18 Apr 2017 00:30:00 +0000

(image) Join us for a Mozilla and Stanford Program in Law, Science & Technology hosted panel series about the intersection between intellectual property law and the...




Mozilla Addons Blog: Add-ons Update – 2017/04

Mon, 17 Apr 2017 22:06:57 +0000

Here’s the state of the add-ons world this month. The Road to Firefox 57 (recently updated) explains what developers should look forward to in regards to add-on compatibility for the rest of the year. Please give it a read if you haven’t already. The Review Queues In the past month, 1,209 listed add-on submissions were reviewed: 984 (81%) were reviewed in fewer than 5 days. 31 (3%) were reviewed between 5 and 10 days. 194 (16%) were reviewed after more than 10 days. There are 821 listed add-ons awaiting review. If you’re an add-on developer and are looking for contribution opportunities, please consider joining us. Add-on reviewers are critical for our success, and can earn cool gear for their work. Visit our wiki page for more information. Compatibility The blog post for 53 is up and the bulk validation was run. Here’s the post for Firefox 54 and the bulk validation is pending. Multiprocess Firefox is enabled for some users, and will be deployed for most users very soon. Make sure you’ve tested your add-on and either use WebExtensions or set the multiprocess compatible flag in your add-on manifest. As always, we recommend that you test your add-ons on Beta to make sure that they continue to work correctly. You may also want  to review the post about upcoming changes to the Developer Edition channel. End users can install the Add-on Compatibility Reporter to identify and report any add-ons that aren’t working anymore. Recognition We would like to thank the following people for their recent contributions to the add-ons world: bkzhang Aayush Sanghavi saintsebastian Thomas Wisniewski Michael Kohler Martin Giger Andre Garzia jxpx777 wildsky You can read more about their work in our recognition page. The post Add-ons Update – 2017/04 appeared first on Mozilla Add-ons Blog.[...]



Jennie Rose Halperin: Hello world!

Mon, 17 Apr 2017 19:59:12 +0000

Welcome to WordPress. This is your first post. Edit or delete it, then start writing!




Air Mozilla: Mozilla Weekly Project Meeting, 17 Apr 2017

Mon, 17 Apr 2017 18:00:00 +0000

(image) The Monday Project Meeting




Hacks.Mozilla.Org: Simplifying Firefox Release Channels and Improving Developer Edition’s Stability

Mon, 17 Apr 2017 15:02:54 +0000

Streamlining our release process and quickly getting stable new features to users and developers is a priority for Firefox. Taking a close critical look at our release channels, it became clear that Aurora was not meeting our expectations as a first stabilization channel. Starting on April 18, the Firefox Aurora channel will stop updating, and over the course of the next several months, the Aurora build will be removed from the train release cycle. Developer Edition will be based on the Beta build. Developer Edition users will maintain their Developer Edition themes, tools, and preferences, will keep their existing profile, and should not experience any disruption. This change benefits developers in several ways: Clearer choices in pre-release channels – Nightly for experimental features and Developer Edition/Beta for stability. Higher quality and more stable environment for Developer Edition users. Faster release cycles for platform features. (Benefits everyone!) Here’s the timeline: On April 18, code for Firefox 54 will move from Aurora to Beta as usual, while Firefox 55 will remain on Nightly for a second cycle in a row (a total of 14 weeks). On the next merge day, June 12, Firefox 55 will move directly from Nightly to Beta. Between April and June, Firefox Aurora on Desktop (54) will continue to receive updates for critical security issues and the Aurora and Developer Edition populations will be migrated to the Beta update channel. On Android, Aurora users will be migrated to Nightly. Aurora was originally created in 2011 to provide more user feedback after Firefox shifted from version 5 to the high-speed release cycle. Today, in 2017, we have more modern processes underlying our train model, and believe we can deliver feature-rich, stable products without the additional 6-8 week Aurora phase. A staged rollout mechanism, similar to what we do today with Release, will be used for the first weeks of Beta. Our engineering and release workflow will continue to have additional checks and balances rolled out to ensure we ship a high quality release. A new feature will merge from Nightly to Beta only when it’s deemed ready, based on preestablished criteria determined by our engineering, product a[...]



Cameron Kaiser: 45.9.0 available

Mon, 17 Apr 2017 12:30:00 +0000

TenFourFox 45.9.0 is now available for testing (downloads, hashes, release notes), a bit behind due to Mozilla delaying this release until the Wednesday and my temporary inability to get connected at our extended stay apartment. The only changes in this release from the beta are some additional tweaks to JavaScript and additional expansion of the font block list. Please test; this build will go live Tuesday "sometime."

The next step is then to overlay the NSPR from 52 onto 45.9, overlay our final stack of changesets, and upload that as the start of FPR1 and our Github repository. We can then finally retire the changesets and let them ride off into the sunset. Watch for that in a couple weeks along with new build instructions.




Mozilla Release Management Team: Dawn project or the end of Aurora

Mon, 17 Apr 2017 08:30:23 +0000

As described in the post on the Hacks blog, we are changing the release mechanism of Firefox. What In order to address the complexity and cycle length issues, the release management team, in coordination with Firefox product management and engineering, is going to remove the Aurora stabilization phase from the cycle. When On April 18th, Firefox 55 will remain on Nightly. This means Firefox 55 will remain on Nightly for two full cycles. On June 13th, Firefox 55 will migrate directly from Nightly to Beta. Why As originally intended, Aurora was to be the first stabilization channel having a user base 10x the size of Nightly so as to provide additional user feedback. This original intent never materialized. The release cycle time has required that we subvert the model regularly over the years by uplifting new features to meet market requirements. How The stabilization cycle from Nightly to Release will be shortened by 6-8 weeks. A staged rollout mechanism, similar to what we do today with Release, will be used for the first weeks of Beta. Our engineering and release workflow will continue to have additional checks and balances rolled out to ensure we ship a high quality release. We will focus on finding and fixing regressions during the Nightly cycle and alleviate time pressure to ship to reduce the 400-600 patches currently uplifted to Aurora. A new feature will merge from Nightly to Beta only when it's deemed ready, based on pre-established criteria determined by engineering, product, and product integrity. Tooling such as static analysis, linters, and code coverage will be integrated into the development process FAQ What will happen to the Aurora population on Desktop? The Aurora population will be migrated to the Beta update channel in April 2017. We plan to keep them on a separate “pre-beta” update channel as compared to the rest of the Beta population. We will use this pre-beta audience to test and improve the stability and quality of initial Beta builds until we are ready to push to 100% of beta population. Because we presented Aurora as a stable product in the past, the beta channel is the closest in terms of stability [...]



The Servo Blog: This Week In Servo 98

Mon, 17 Apr 2017 00:30:00 +0000

In the last week, we landed 127 PRs in the Servo organization’s repositories. We started publishing Windows nightly builds on download.servo.org. Please test them out and file issues about things that don’t work right! Planning and Status Our overall roadmap is available online, including the overall plans for 2017. Q2 plans will appear soon; please check it out and provide feedback! This week’s status updates are here. Notable Additions jdm fixed an assertion failure when loading multiple stylesheets from the same element. mckaymatt made line numbers correct in errors reported for inline stylesheets. canaltinova implemented support for the shape-outside CSS property in Stylo. waffles removed much of the code duplication for CSS parsing and serialization of basic shapes. nox preserved out of bounds values when parsing calc() expressions. Manishearth implemented MathML presentation hints for Stylo. bholley improved performance of the style system by caching runtime preferences instead of querying them. ferjm added an option to unminify JS and store it to disk for easier web compatibility investigations. tiktakk converted a recursive algorithm to an iterative one for complex selectors. emilio fixed some bugs that occurred when parsing media queries. Manishearth implemented queries for font metrics during restyling. jryans added support for @page rules to Stylo. UK992 allowed Servo to build with MSVC 2017. MortimerGoro implemented the Gamepad API. jdm corrected an assertion failure when using text-overflow: ellipsis. tomhoule refactored the style system types to preserve more specified values. jonathandturner worked around the mysterious missing key events on Windows. charlesvdv improved the handling of non-ascii characters in text inputs. clementmiao added common keyboard shortcuts for text inputs. manuel-woelker implemented support for Level 4 RGB and HSL CSS syntax. New Contributors Brad Werth Clement Miao Dominik Boehi Fausto Núñez Alberro KuoE0 Mantaroh Yoshinaga Sadman Kazi Tom Houlé Yash Mehrotra tamamu Interested in helpi[...]



Karl Dubost: [worklog] Edition 063. Spring is here

Fri, 14 Apr 2017 09:05:00 +0000

webcompat life

  • Some issues takes a lot longer to analyze understand than what it seems at the start.

webcompat issues

webcompat.com dev

Otsukare!




Ehsan Akhgari: Quantum Flow Engineering Newsletter #5

Fri, 14 Apr 2017 04:33:22 +0000

Another week full of performance related updates quickly went by, I’d like to share a few of them. We’re almost mid-April, about 3 weeks after I shared my first update on our progress battling our sync IPC issues.  I have prepared a second Sync IPC Report for 2017-04-13.  For those who looked at the previous report, this is in the same spreadsheet, and the data is next to the previous report, for easy comparison.  We have made a lot of great progress fixing some of the really bad synchronous IPC issues in the recent few weeks, and even though telemetry data is laggy, we are starting to see this reflect in the data coming in through telemetry!  Here is a human readable summary of where we are now: PCookieService::Msg_GetCookieString is still at the top of the list, now taking a whopping 45% piece of the pie chart!  I don’t think there is any reason to believe that this has gotten particularly worse, it’s just that we’re starting to get better at not doing synchronous IPC, so this is standing out even more now!  But its days are numbered.  PContent::Msg_RpcMessage and PBrowser::Msg_RpcMessage at 19%.  We still need to get better data about the sync IPC triggered from JS, that shows up in this data under one of these buckets. PJavaScript::Msg_Get at 5% (CPOW overhead) could be caused by add-ons that aren’t e10s compatible. PAPZCTreeManager::Msg_ReceiveMouseInputEvent.  This one (and a few other smaller APZ related ones) tends to have really low mean values, but super high count values which is why they tend to show high on this list, but they aren’t necessarily too terrible compared to the rest of our sync IPC issues. PVRManager::Msg_GetSensorState also relatively low mean values but could be slightly worse. PJavaScript::Msg_CallOrConstruct, more CPOW overhead. PContent::Msg_SyncMessage, more JS triggered sync IPC. A few items further down on the list are either being worked on or recently fixed as well.  I expect this to keep improving over the next few weeks.  It is really great to see this progress, thanks to everyone who has worked on [...]



Mozilla Open Policy & Advocacy Blog: Should Patent Law Be a First Amendment Issue?

Thu, 13 Apr 2017 23:10:50 +0000

On Monday April 17th, Mozilla and Stanford Law are presenting a panel about intellectual property law and the First Amendment. We’ll talk about how IP law and the First Amendment intersect in IP disputes, eligibility tests, and the balance of interests between patent holders and users. Judge Mayer’s concurring opinion last year in Intellectual Ventures I LLC v. Symantec Corp, has put the debate over the First Amendment and boundaries of patent protection back in the spotlight. Our all star panel will discuss both sides of the debate. Panelists Dan Burk, professor of law at UC Irvine School of Law. Sandra Park, Senior Staff Attorney for the ACLU Women’s Rights Project. Robert Sachs, a partner at Fenwick & West LLP, a leading Intellectual Property law firm. Wendy Seltzer, Strategy Lead and Policy Counsel for the World Wide Web Consortium. Elvin Lee, Product and Commercial Counsel at Mozilla, will moderate the event. We’ll also hear opening remarks from professor Mark A. Lemley, who serves as the Director of the Stanford Program in Law, Science and Technology. Topics and questions we’ll cover Does patent law create conflicts with the First Amendment? Do the subject-matter eligibility tests created by the Supreme Court (e.g., Alice) mitigate or impact any potential First Amendment issues? How does the First Amendment’s intersection with patent law compare to other IP and regulatory contexts? What are the different competing interests for IP owners and creators? Registration of ‘offensive’ marks is currently being reviewed in light of the First Amendment. Are there any parallels to the grant of patent protection by the USPTO, or subsequent enforcement? Watch AirMozilla and Mozilla’s Facebook page will carry the livestream for this event. We hope you’ll tune in. The post Should Patent Law Be a First Amendment Issue? appeared first on Open Policy & Advocacy.[...]