Language Selection

English French German Italian Portuguese Spanish

Moz/FF

Exploring Collaboration and Communication with Mozilla Hubs

Filed under
Moz/FF

In April last year, Mozilla introduced Hubs, an immersive social experience that brings users together in shared 3D spaces. Hubs runs in the browser on mobile, desktop, and virtual reality devices. Since its initial release, the platform has undergone extensive development work to better enable communities and creators to embrace the opportunities that online collaborative environments have to offer. As a result, we’ve seen increased adoption of Hubs and new use cases have emerged.

The ability to connect to anyone around the world is a powerful tool available to us through the internet. As we look at advancements in mixed reality like the WebXR API, we are able to explore ways to feel more present with others through technology. One area where virtual reality shows considerable promise is in supporting distributed teams.

Mozilla is no stranger to remote collaboration. 46% of our employees work from home and the ten company offices span seven countries across six time zones. Because of this, we’re excited about finding opportunities to improve the ways we connect with our community of contributors and volunteers. Remote work and collaboration is a core part of how we connect to each other through the web.

Read more

Mozilla: Firefox Nightly and Building a Creative Foundation

Filed under
Moz/FF
  • Firefox Nightly: These Weeks in Firefox: Issue 64
  • Building a creative foundation

    Last week I spent two days at Harvard University participating in my third Professional Development class at Harvard. This time the subject was “Creative Thinking: Innovative Solutions to Complex Challenges.” The workshop was led by two experienced facilitators, Anne Manning and Susan Robertson.

    We started with introductions, and it soon became clear we had a very diverse group of participants - I was the lone person from the tech sector, but there was a nice blend of sectors represented, as well as some international participants. This made from some very interesting discussion outside the classroom and during the various breaks.

    I was also pleased that some people sought me out, especially once they found out I was an “Ideator.” Prior to the class, we had taken an assessment, and then were presented with the results. In one of the exercises, it turned out we were teamed up with other participants who fell into the same quadrant as us. I thought it was a good way to weave that assessment into the class content (and of course, initially without us being aware of it).

    I had some great takeaways from the two day class. I think the thing I appreciated the most was that the facilitators went to great lengths to give us a toolkit to take with us to apply the next time we are working on a project or interacting within a team. I think I also left the class with the distinct feeling that much like the diagram our team came up with above, you really have to build creativity into your system in a continuous manner.

Introducing ‘Stealing Ur Feelings,’ an Interactive Documentary About Big Tech, AI, and You

Filed under
Movies
Moz/FF

The six-minute documentary explains the science of facial emotion recognition technology and demystifies how the software picks out features like your eyes and mouth to understand if you’re happy, sad, angry, or disgusted. While it is not confirmed whether big tech companies have started using this AI, “Stealing Ur Feelings” explores its potential applications, including a Snapchat patent titled “Determining a mood for a group.” The diagrams from the patent show Snapchat using smartphone cameras to analyze and rate users’ expressions and emotions at concerts, debates, and even a parade.

The documentary was made possible through a $50,000 Creative Media Award from Mozilla. The Creative Media Awards reflect Mozilla’s commitment to partner with artists to engage the public in exploring and understanding complex technical issues, such as the potential pitfalls of AI in dating apps (Monster Match) and the hiring process (Survival of the Best Fit).

“Stealing Ur Feelings” is debuting online alongside a petition from Mozilla to Snapchat. Viewers are asked to smile at the camera at the end of the film if they would like to sign a petition demanding Snapchat to publicly disclose whether or not it is already using facial emotion recognition technology in its app. Once the camera detects a smile, the viewer is taken to a Mozilla petition, which they can read and sign.

Read more

Chromium/Mozilla Firefox: Chrome 78 Beta, Keygen Setback and iframes

Filed under
Google
Moz/FF
Web
  • Chrome 78 Beta: a new Houdini API, native file system access and more

    Unless otherwise noted, changes described below apply to the newest Chrome Beta channel release for Android, Chrome OS, Linux, macOS, and Windows. Find more information about the features listed here through the provided links or from the list on ChromeStatus.com. Chrome 78 is beta as of September 19, 2019.

  • Chrome 78 Hits Beta With Native File System API, Much Faster WebSockets

    Google on Friday released the Chrome 78 web-browser beta following last week's release of Chrome 77.

    Chrome 78 Beta is coming with a new Houdini API or more formally known as the CSS Properties and Values API Level 1, which lets developers register variables as fully custom CSS properties and can better handle animations and other use-cases.

  • Firefox 69 dropped support for <keygen>

    With version 69, firefox removed the support for the <keygen> feature to easily deploy TLS client certificates.
    It's kind of sad how used I've become to firefox giving me less and less reasons to use it...

  • [Mozilla] Restricting third-party iframe widgets using the sandbox attribute, referrer policy and feature policy

    Adding third-party embedded widgets on a website is a common but potentially dangerous practice. Thankfully, the web platform offers a few controls that can help mitigate the risks. While this post uses the example of an embedded SurveyMonkey survey, the principles can be used for all kinds of other widgets.

    Note that this is by no means an endorsement of SurveyMonkey's proprietary service. If you are looking for a survey product, you should consider a free and open source alternative like LimeSurvey.

Mozilla Leftovers

Filed under
Moz/FF
  • Mozilla Localization (L10N): L10n Report: September Edition

    Please note some of the information provided in this report may be subject to change as we are sometimes sharing information about projects that are still in early stages and are not final yet.

  • Will Kahn-Greene: Markus v2.0.0 released! Better metrics API for Python projects.

    Markus is a Python library for generating metrics.

  • This Week In Rust: This Week in Rust 304

    Hello and welcome to another issue of This Week in Rust! Rust is a systems language pursuing the trifecta: safety, concurrency, and speed. This is a weekly summary of its progress and community. Want something mentioned? Tweet us at @ThisWeekInRust or send us a pull request. Want to get involved? We love contributions.

  • Mozilla VR Blog: Virtual identities in Hubs

    Identity is a complicated concept—who are we really? Most of us have government IDs that define part of our identity, but that’s just a starting point. We present ourselves differently depending on context—who we are with our loved ones might not be the same as who we are at work, but both are legitimate representations of ourselves.

    Virtual spaces make this even harder. We might maintain many virtual identities with different degrees of overlap. Having control over our representation and identity online is a critical component of safety and privacy, and platforms should prioritize user agency.

    More importantly, autonomy and privacy are intrinsically intertwined. If everyone saw my google searches, I would probably change what I search for. If I knew my employer could monitor my interactions when I’m not at work, I would behave differently. Privacy isn’t just about protecting information about myself, it’s about allowing me to express myself.

Mozilla: The Rust Programming Language and Firefox Releases

Filed under
Moz/FF
  • The Rust Programming Language Blog: Upcoming docs.rs changes

    On September 30th breaking changes will be deployed to the docs.rs build environment. docs.rs is a free service building and hosting documentation for all the crates published on crates.io. It's open source, maintained by the Rustdoc team and operated by the Infrastructure team.

  • Flatulence, Crystals, and Happy Little Accidents

    The recording of my Rust Conf talk on algorithmic art and pen plotters is up on YouTube!

    [...]

    I really enjoyed giving this talk, and I think it went well. I want more creative coding, joy, surprise, and silliness in the Rust community. This talk is a small attempt at contributing to that, and I hope folks left inspired.

  • You'll get a new Firefox each month in 2020 as Mozilla speeds up releases

    Mozilla will turn the Firefox crank faster in 2020, releasing a new version of its web browser every four weeks instead of every six. If you're using the browser, the change should deliver new features to you faster since there will be less waiting between when developers build them and when they arrive.

    "In recent quarters, we've had many requests to take features to market sooner. Feature teams are increasingly working in sprints that align better with shorter release cycles. Considering these factors, it is time we changed our release cadence," Firefox team members Ritu Kothari and Yan Or said in a blog post Tuesday. "Shorter release cycles provide greater flexibility to support product planning and priority changes due to business or market requirements."

Moving Firefox to a faster 4-week release cycle

Filed under
Moz/FF

We typically ship a major Firefox browser (Desktop and Android) release every 6 to 8 weeks. Building and releasing a browser is complicated and involves many players. To optimize the process, and make it more reliable for all users, over the years we’ve developed a phased release strategy that includes ‘pre-release’ channels: Firefox Nightly, Beta, and Developer Edition. With this approach, we can test and stabilize new features before delivering them to the majority of Firefox users via general release.

And today we’re excited to announce that we’re moving to a four-week release cycle! We’re adjusting our cadence to increase our agility, and bring you new features more quickly. In recent quarters, we’ve had many requests to take features to market sooner. Feature teams are increasingly working in sprints that align better with shorter release cycles. Considering these factors, it is time we changed our release cadence.

Starting Q1 2020, we plan to ship a major Firefox release every 4 weeks. Firefox ESR release cadence (Extended Support Release for the enterprise) will remain the same. In the years to come, we anticipate a major ESR release every 12 months with 3 months support overlap between new ESR and end-of-life of previous ESR. The next two major ESR releases will be ~June 2020 and ~June 2021.

Read more

Mozilla: Media and Truth, Security and More

Filed under
Moz/FF
  • Examining AI’s Effect on Media and Truth

    Today, one of the biggest issues facing the internet — and society — is misinformation.

    It’s a complicated issue, but this much is certain: The artificial intelligence (AI) powering the internet is complicit. Platforms like YouTube and Facebook recommend and amplify content that will keep us clicking, even if it’s radical or flat out wrong.

    Earlier this year, Mozilla called for art and advocacy projects that illuminate the role AI plays in spreading misinformation. And today, we’re announcing the winners: Eight projects that highlight how AI like machine learning impacts our understanding of the truth.

  • Mozilla Open Policy & Advocacy Blog: Governments should work to strengthen online security, not undermine it

    On Friday, Mozilla filed comments in a case brought by Privacy International in the European Court of Human Rights involving government “computer network exploitation” (“CNE”)—or, as it is more colloquially known, government hacking.

    While the case focuses on the direct privacy and freedom of expression implications of UK government hacking, Mozilla intervened in order to showcase the further, downstream risks to users and internet security inherent in state CNE. Our submission highlights the security and related privacy threats from government stockpiling and use of technology vulnerabilities and exploits.

    Government CNE relies on the secret discovery or introduction of vulnerabilities—i.e., bugs in software, computers, networks, or other systems that create security weaknesses. “Exploits” are then built on top of the vulnerabilities. These exploits are essentially tools that take advantage of vulnerabilities in order to overcome the security of the software, hardware, or system for purposes of information gathering or disruption.

    When such vulnerabilities are kept secret, they can’t be patched by companies, and the products containing the vulnerabilities continue to be distributed, leaving people at risk. The problem arises because no one—including government—can perfectly secure information about a vulnerability. Vulnerabilities can be and are independently discovered by third parties and inadvertently leaked or stolen from government.

  • Time for some project updates

    I’m going to begin with some of the less-loved things I’ve been working on, partially in an attempt to motivate some forward-motion on things that I believe are rather important to Mozilla.

Mozilla's Privacy Words/Promises

Filed under
Moz/FF
  • Creating privacy-centric virtual spaces

    We now live in a world with instantaneous communication unrestrained by geography. While a generation ago, we would be limited by the speed of the post, now we’re limited by the speed of information on the Internet. This has changed how we connect with other people.

    As immersive devices become more affordable, social spaces in virtual reality (VR) will become more integrated into our daily lives and interactions with friends, family, and strangers. Social media has enabled rapid pseudonymous communication, which can be directed at both a single person and large groups. If social VR is the next evolution of this, what approaches will result in spaces that respect user identities, autonomy, and safety?

    We need spaces that reflect how we interact with others on a daily basis.

  • Mozilla previews Firefox VPN, will charge for service at some point

    Mozilla has not hidden its desire to branch into new revenue territories to divest from the more-or-less-single-source of search engine royalties. In June, CEO Chris Beard and other Mozilla officials said that paid service subscriptions would roll out this fall, but assured users that the browser itself would remain free of charge. The VPN could be the first of several paid services pitched to Firefox users, or part of a larger all-in-one package; Mozilla hasn't been clear about the form(s) this new revenue stream may take.

    Nor did Wood say how long her team will test Firefox Private Network. However, she did position this iteration of Test Pilot differently than before. "The difference with the newly relaunched Test Pilot program is that these products and services may be outside the Firefox browser, and will be far more polished, and just one step shy of general public release," she said.

  • Encrypted DNS could help close the biggest privacy gap on the Internet. Why are some groups fighting against it?

    Thanks to the success of projects like Let’s Encrypt and recent UX changes in the browsers, most page-loads are now encrypted with TLS. But DNS, the system that looks up a site’s IP address when you type the site’s name into your browser, remains unprotected by encryption.

    Because of this, anyone along the path from your network to your DNS resolver (where domain names are converted to IP addresses) can collect information about which sites you visit. This means that certain eavesdroppers can still profile your online activity by making a list of sites you visited, or a list of who visits a particular site. Malicious DNS resolvers or on-path routers can also tamper with your DNS request, blocking you from accessing sites or even routing you to fake versions of the sites you requested.

Mozilla: Firefox Sending DNS Traffic to Cloudflare, Shepherds 3.0

Filed under
Moz/FF
    Turn off DoH, Firefox. Now.

    DoH means that Firefox will concentrate all DNS traffic on Cloudflare, and they send traffic from all their users to one entity. So what does that mean? It means people outside the US can now be fully tracked by US government: now some of you might wonder if this is actually in line with GDPR (The EU General Data Protection Regulation). It is indeed very questionable if DoH is rolled out as default, since users do NOT opt in, but have to opt out.

  • DoH disabled by default in Firefox

    Disable DoH by default. While encrypting DNS might be a good thing, sending all DNS traffic to Cloudflare by default is not a good idea. Applications should respect OS configured settings. The DoH settings still can be overriden if needed. ok landry@ job@

  • Niko Matsakis: AiC: Shepherds 3.0

    What I’m proposing, at its heart, is very simple. I want to better document the “agenda” of the lang-team. Specifically, if we are going to be moving a feature forward1, then it should have a shepherd (or multiple) who is in charge of doing that.

    In order to avoid unbounded queues, the number of things that any individual can shepherd should be limited. Ideally, each person should only shepherd one thing at a time, though I don’t think we need to make a firm rule about it.

    Becoming a shepherd is a commitment on the part of the shepherd. The first part of the lang team meeting should be to review the items that are being actively shepherded and get any updates. If we haven’t seen any movement in a while, we should consider changing the shepherd, or officially acknowleding that something is stalled and removing the shepherd altogether.

    Assigning a shepherd is a commitment on the part of the rest of the lang-team as well. Before assigning a shepherd, we should discuss if this agenda item is a priority. In particular, if someone is shepherding something, that means we all agree to help that item move towards some kind of completion. This means giving feedback, when feedback is requested. It means doing the work to resolve concerns and conflicts. And, sometimes, it will mean giving way. I’ll talk more about this in a bit.

Syndicate content

More in Tux Machines

Fedora, Red Hat and IBM Leftovers

  • Feora: How to setup an anonymous FTP download server

    Sometimes you may not need to set up a full FTP server with authenticated users with upload and download privileges. If you are simply looking for a quick way to allow users to grab a few files, an anonymous FTP server can fit the bill. This article shows you show to set it up.

  • Kubernetes networking, OpenStack Train, and more industry trends

    As part of my role as a senior product marketing manager at an enterprise software company with an open source development model, I publish a regular update about open source community, market, and industry trends for product marketers, managers, and other influencers. Here are five of my and their favorite articles from that update.

  • How collaboration fueled a development breakthrough at Greenpeace

    We'd managed to launch a prototype of Planet 4, Greenpeace's new, open engagement platform for activists and communities. It's live in more than 38 countries (with many more sites). More than 1.75 million people are using it. We've topped more than 3.1 million pageviews. To get here, we spent more than 650 hours in meetings, drank 1,478 litres of coffee, and fixed more than 300 bugs. But it fell short of our vision; it still wasn't the minimum lovable product we wanted and we didn't know how to move it forward. We were stuck. Planet 4's complexity was daunting. We didn't always have the right people to address the numerous challenges the project raised. We didn't know if we'd ever realize our vision. Yet a commitment to openness had gotten us here, and I knew a commitment to openness would get us through this, too.

  • After Seven Quarters Of Growth, Power Systems Declines

    The tough compares have hit home on IBM’s Power Systems business, but the good news is that this has happened after seven consecutive quarters of growth for the Power-based server business that Big Blue owns lock, stock, and barrel. Even with this decline, which was quite steep because of the triple whammy of tough compares (more on that in a moment), there is still a healthy underlying Power Systems business that is much better off than the last time it was hit by similar declines. Let’s take a look at the numbers for IBM’s Power Systems division and then work our way up through its Systems group and to the company at large. According to the presentation put together by IBM’s chief financial officer, Jim Cavanaugh, to go over the numbers for the third quarter of 2019, the Power Systems division had a decline of 27 percent in constant currency (meaning growth in local currencies aggregated across those economies), with as-reported sales also being down 27 percent. In other words, currency had no effect on the overall Power Systems business even if it did impact IBM’s sales, as reported in U.S. dollars, by 1.3 percent in the period ended in September.

  • Red Hat Government Symposium: Transforming culture and creating open innovation powerhouses

    For state, local and federal government agencies, digital transformation means much more than just migrating away from legacy technology systems. It involves inspiring ideas, encouraging communication and collaboration, and empowering government employees to forge their organizations’ innovation pathways.  That’s why we are focusing on cultural transformation at our upcoming Red Hat Government Symposium. This year’s one-day event—Open transforms: A future built on open source—will be on Nov. 12, 2019, in Washington, D.C., and will feature a stellar lineup of keynotes and panels, as well as fantastic networking opportunities with industry peers.  

  • Journey to the Future of Money with Red Hat at Money 20/20

    Event season is in full swing for the Red Hat Financial services team, and this time, we are headed to the bright lights of Las Vegas to attend Money 20/20 USA, being held from October 27 - 30th. Red Hat will be attending to sponsor a number of activities and discuss the important role open source technologies play in the future of payments, money and banking activities. 

SUSE Leftovers

  • Digital Transformation – it’s dead, Jim?

    However, digital transformation is like life – it’s an ongoing process, not something you just do once and then it’s done and dusted. A large part of digital transformation is your cloud strategy, which I wrote about fairly recently. That is also something that isn’t a one-off task, but is instead an evolving, transformational process. It was interesting to see, after speaking to attendees at the Gartner event in Frankfurt, that a number of them still hadn’t defined their cloud strategy outside of “we need to move everything to the cloud for cost savings and agility”, while some hadn’t even begun writing a cloud strategy. Looking at a chart showing the trends in Google searches for digital transformation in the US (the global trend is the same) over the past 5 years, you can see that while it trends up and then down fairly regularly, it still continues to grow on the whole. So if it’s been around for a while, why does it continue to grow, and is it still relevant?

  • New Security Tools for Application Delivery

    What if you could shut down cybercriminals’ most frequently used method of attack? At SUSE we’ve recently made a move to help you get closer to that goal. As you may know, SUSE recently released new versions of our application delivery solutions, SUSE CaaS Platform 4 and SUSE Cloud Application Platform 1.5. The releases contain a number of important updates and features, but the one most exciting in terms of protecting your organization is the addition of Cilium to SUSE CaaS Platform.

Security: Patches, Nostromo, PureBoot and Microsoft's Latest DRM Lock-down (Locking GNU/Linux Out for 'Security')

  • Security updates for Monday

    Security updates have been issued by Debian (aspell, graphite-web, imagemagick, mediawiki, milkytracker, nfs-utils, and openjdk-11), Fedora (kernel, kernel-headers, kernel-tools, mediawiki, and radare2), openSUSE (dhcp, libpcap, lighttpd, and tcpdump), Scientific Linux (java-1.8.0-openjdk), Slackware (python), SUSE (bluez, kernel, and python-xdg), and Ubuntu (aspell).

  • Nostromo web servers exposed by resurrected RCE vulnerability

    A security researcher has disclosed the existence of a remote code execution (RCE) vulnerability in the open source Nostromo web server software. On Monday, a threat analyst and bounty hunter with the online handle Sudoka published a technical analysis of the bug, tracked as CVE-2019-16278. The vulnerability impacts Nostromo, also known as nhttpd, a niche web server used by some in the Unix and open source community but altogether dwarfed in popularity by Apache. In a blog post, Sudoka said the vulnerability stems from shortcomings in how the path of URLs are verified. Inadequate URL checks mean that an unauthenticated attackers is able to force a server to point to a shell file, resulting in the potential execution of arbitrary code.

  • PureBoot Best Practices

    Recently we started offering the PureBoot Bundle–PureBoot installed and configured on your laptop at the factory and bundled with a pre-configured Librem Key so you can detect tampering from the moment you unbox your laptop. It’s been great to see so many customers select the PureBoot Bundle and now that PureBoot is on so many more customer laptops, we felt it was a good time to write up a post to describe some best practices when using PureBoot. If you are just getting started with PureBoot and want to know the basics, check out our Getting Started Guide for pointers on what to do when you start up your PureBoot Bundle for the first time. In this post I’ll assume you have already gone through the first boot and first reboot of your laptop and have settled into daily use.

  •                
  • Secured-core PCs offer new defense against firmware attacks
                     
                       

    Microsoft, chipmakers, and several PC makers on Monday announced Secured-core PCs, which use hardware-based defense mechanisms to combat firmware-level security attacks.

  •                
  • Microsoft's New Plan to Defend the Code Deep Within PCs
                     
                       

    The idea of secured-core PC is to take firmware out of that equation, eliminating it as a link in the chain that determines what's trustworthy on a system. Instead of relying on firmware, Microsoft has worked with AMD, Intel, and Qualcomm to make new central processing unit chips that can run integrity checks during boot in a controlled, cryptographically verified way. Only the chip manufacturers will hold the encryption keys to broker these checks, and they're burned onto the CPUs during manufacturing rather than interacting with the firmware's amorphous, often unreliable code layer.

  •                            

Games: Remote Play Together, OpenRA, The Coma 2, Humble Store and Shiver

  • Steam 'Remote Play Together' is now in Beta, allowing local multiplayer games over the net

    Today, Valve have released an exciting update to the Steam Beta Client which adds in Remote Play Together, allowing you to play local co-op, local multiplayer and shared/split screen games over the net with your friends. From what Valve said, it will allow up to four players "or even more in ideal conditions", meaning if you all have reasonable internet connections you might be able to play with quite a few people. Something that has of course been done elsewhere, although the advantage here is no extra payments or software needed as it runs right from the Steam client. It's very simply done too. Just like you would invite friends to join your online game, you invite them to Remote Play Together from the Steam Friends list and if they accept…away you go. Only the host needs to own the game too, making it easy to get going.

  • Another OpenRA preview build is up needing testing, Tiberian Sun support is coming along

    Work continues on the open source game engine OpenRA which allows you to play Command & Conquer, Red Alert and Dune 2000 on Linux and other modern platforms with support for Tiberian Sun progressing well. [...] One issue they've been dealing with is deployable units in Tiberian Sun, while OpenRA had basic support for the feature due to the Construction Yards in classic C&C it wasn't suitable for Tiberian Sun. Now though? They've overhauled it and expanded it. You can now queue up deploy commands between other orders, deployable units can be ordered to pack up and then move somewhere else as a single action too. Additionally, the code for aircraft and helicopter movement has also been given an overhaul to add in many of the extra features and dynamics needed for Banshees, Orcas, and Carryalls. The transport behaviour for the Carryall was also updated, with unit pick-up behaviour closer to the original game and allowing you to queue up multiple transport runs.

  • Devespresso Games join with Headup for Western release of The Coma 2: Vicious Sisters

    The Korean survival horror-adventure The Coma 2: Vicious Sisters from Devespresso Games is now getting a helping hand from publisher Headup for Western audiences. Also confirmed through the press emails is that The Coma 2 will be entering Steam Early Access on November 5th, with a full release expected in "Q1 2020".

  • Humble Store is doing a Female Protagonist Sale, plus the upcoming Steam sale dates leaked

    The week has only just begun and there's plenty of sales going on, with even more coming up. Let's have a little look. First up, Humble Store is doing a Female Protagonist Sale celebrating various heroines across multiple genres.

  • Kowai Sugoi Studios close up so they've made their point & click horror 'Shiver' free

    Times are tough for indies, with Kowai Sugoi Studios announcing they're closing up shop and so they've set their point and click horror title Shiver free for everyone. Kowai Sugoi Studios said in a blog post on the official site that this month they're shutting down, no reason for it was given but they gave their "sincere appreciation to our friends, family, and fans" for supporting them along the way. Shiver seems to be their only game, released originally back in 2017.