Language Selection

English French German Italian Portuguese Spanish

Moz/FF

Mozilla: Firefox 67 Beta 16 Testday, Addon Issue, and Issues With "Clear Browsing Data"

Filed under
Moz/FF
  • Firefox 67 Beta 16 Testday Results

    As you may already know, last Friday May 3rd – we held a new Testday event, for Firefox 67 Beta 16.

    Thank you all for helping us make Mozilla a better place: Rok Žerdin, Fernando Espinoza, Kamila Kamciatek.

  • Firefox armagg-add-on: Lapsed security cert kills all browser extensions, from website password managers to ad blockers

    On Friday, Mozilla detected a great disturbance in its Firefox browser, as if millions of voices had cried out on social media in annoyance.

    Every single web extension, theme, search engine plugin, and language pack had been nuked from netizens' Firefox installations, stripping any data and settings associated with them as they were removed.

    For example, in a post on Hacker News, Rosser Schwarz, who works with databases, lamented how the add-on annihilation lost work stored in the Firefox container add-on.

    "I did not merely 'lose some tabs'; those, I could just re-open," he said. "I lost work. That data, effort, and time are gone."

    The source of the trouble was identified in a bug report as the expiration of an intermediate signing certificate, which is used to authenticate third-party Firefox add-ons, also known as extensions. With the cert's unanticipated demise, Firefox stopped allowing these add-ons to run or be installed.

  • Firefox extensions APIs fail to completely clear browsing data

    While I was working on Clear Browsing Data I have learned about several browser bugs that may render some Firefox extensions that focus on user privacy unreliable.

    The browsingData API in Firefox does not properly remove data, enabling sites to track users that rely on extensions to clear browsing data. Removing certain data types can also lead to side effects and data loss.

The Firefox EU Elections Toolkit helps you to prevent pre-vote online manipulation

Filed under
Moz/FF

What comes to your mind when you hear the term ‘online manipulation’? In the run-up to the EU parliamentary elections at the end of May, you probably think first and foremost of disinformation. But what about technical ways to manipulate voters on the internet? Although they are becoming more and more popular because they are so difficult to recognize and therefore particularly successful, they probably don’t come to mind first. Quite simply because they have not received much public attention so far. Firefox tackles this issue today: The ‘Firefox EU Election Toolkit’ not only provides important background knowledge and tips – designed to be easily understood by non-techies – but also tools to enable independent online research and decision-making.

Read more

Mozilla: LLVM Clang, Addon Apocalypse, Goals and Constraints

Filed under
Moz/FF
  • OpenSUSE Tumbleweed Eyeing LTO By Default; GCC 9 Optimization Work Thanks To Firefox

    Firefox developers and their desire to switch to LLVM Clang in the name of performance. Separately, openSUSE Tumbleweed has been looking at using link-time optimizations (LTO) by default for their packages and that has also motivated developers and help ensured the LTO support was in good shape for this annual compiler release.

  • A Glitch Is Disabling All Firefox Extensions, But A Workaround May Help

    A technical error has affected Mozilla Firefox’s extensions as all the extensions or add-ons have been disabled on the browser.

    Users trying to use the extensions are receiving a pop-up message which reads, “Could not be verified for use in Firefox and has been disabled.”

  • A glitch is breaking all Firefox extensions

    Did you just open Firefox only to find all of your extensions disabled and/or otherwise not working?

    You’re not alone, and it’s nothing you did.

    Reports are pouring in of a glitch that has spontaneously disabled effectively all Firefox extensions.

    Each extension is now being listed as a “legacy” extension, alongside a warning that it “could not be verified for use in Firefox and has been disabled”.

    A ticket submitted to Mozilla’s Bugzilla bug tracker first hit at around 5:40 PM Pacific, and suggests the sudden failure is due to a code signing certificate built into the browser that expired just after 5 PM (or midnight on May 4th in UTC time).

  • TenFourFox not affected by the addon apocalypse

    Tonight's Firefox add-on apocalypse, traced to a mistakenly expired intermediate signing certificate, is currently roiling Firefox users worldwide. It bit me on my Talos II, which really cheesed me off because it tanked all my carefully constructed site containers. (And that's an official Mozilla addon!)

  • Mozilla Had A Rough Night With Add-Ons Getting Disabled Due To An Expired Certificate

    If you are waking up this morning to find all of your Mozilla Firefox add-ons have expired, you are certainly not alone. A major blunder has found users of Firefox finding most add-ons getting disabled. 

    Add-ons like Netflix, Amazon Assistant, Greasemonkey, Ghostery, NoScript, uBlock Origin, and many other popular browser add-ons ended up getting disabled at midnight... An intermediate signing certificate expired over now having an invalid signature. For whatever reason, Mozilla hadn't planned ahead and shipped a renewed certificate in advance. Whoops!

  • Mike Hoye: Goals And Constraints

    Last week I laid out the broad strokes of Mozilla’s requirements for our next synchronous-text platform. They were pretty straightforward, but I want to thank a number of people from different projects who’ve gotten in touch on IRC or email to ask questions and offer their feedback.

    Right now I’d like to lay out those requirements in more detail, and talk about some of the reasons behind them. Later I’m going to lay out the process and the options we’re looking at, and how we’re going to gather information, test those options and evaluate what we learn.

    While the Rust community is making their own choices now about the best fit for their needs, the Rust community’s processes are going to strongly inform the steps for Mozilla. They’ve learned a lot the hard way about consensus-building and community decision-making, and it’s work that I have both a great deal of respect for and no intention of re-learning the hard way myself. I’ll have more about that shortly as well.

    [...]

    It was easy not to care about this when somebody who wanted to contribute to an open source project with global impact had maybe four choices, the Linux kernel, the Mozilla suite, the GNU tools and maybe Apache. But that world was pre-Github, pre-NPM. If you want to work on hard problems with global impact now you have a hundred thousand options, and that means the experience of joining and becoming a part of the Mozilla community matters.

    In short, the amount of effort a project puts into making the path from “I want to help” to “I’m helping” easier is a reliable indicator of the value that project puts on community involvement. So if we say we value our community, we need to treat community involvement and contribution like a product, with all the usability and accessibility concerns that implies. To drive involvement friction as close to zero as possible.

    One tool we’ll be relying on – and this one, we did build in-house – is called Mozilla-IAM, Mozilla’s Identity and Access Management tool. I’ll have more to say about this soon, but at its core it lets us proxy authentication from various sources and methods we trust, Github, Firefox Accounts, a link in your email, a few others. We think IAM will let us support pseudonymous participation and a low-cost first-contact experience, but also let us keep our house in order and uphold the CPG in the process.

Mozilla: Firefox/Mozilla Addon Restrictions and New Report on Socorro (Crash Reporter)

Filed under
Moz/FF
  • Mozilla announces ban on Firefox extensions containing obfuscated code

    Mozilla announced plans today to ban Firefox extensions from its Add-ons portal if the extension contains obfuscated code.

  • Mozilla Addons Blog: Add-on Policy and Process Updates

    As part of our ongoing work to make add-ons safer for Firefox users, we are updating our Add-on Policy to help us respond faster to reports of malicious extensions. The following is a summary of the changes, which will go into effect on June 10, 2019.

  • Will Kahn-Greene: Socorro: April 2019 happenings

    Socorro is the crash ingestion pipeline for Mozilla's products like Firefox. When Firefox crashes, the crash reporter collects data about the crash, generates a crash report, and submits that report to Socorro. Socorro saves the crash report, processes it, and provides an interface for aggregating, searching, and looking at crash reports.

New From Mozilla Foundation and Document Foundation

Filed under
LibO
Moz/FF
  • Migrate to Fluent

    A couple of weeks ago the Localization Team at Mozilla released the Fluent Syntax specification. As mentioned in our announcement, we already have over 3000 Fluent strings in Firefox. You might wonder how we introduced Fluent to a running project. In this post I?ll detail on how the design of Fluent plays into that effort, and how we pulled it off.

    [...]

    Migrating your code will often be a trivial change from one API to another. Most of your code will get a string and show it, after all. You might convert several different APIs into just one in Fluent, in particular dedicated plural APIs will go away.

    You will also move platform-specific terminology into the localization side, removing conditional code. You should also be able to stop stitching several localized strings together in your application logic.

    As we’ll go through the process here, I’ll show an example of a sentence with a link. The project wants to be really sure the link isn’t broken, so it’s not exposed to localizers at all. This is shortened from an actual example in Firefox, where we link to our privacy policy. We’ll convert to DOM overlays, to separate localizable and non-localizable aspects of the DOM in Fluent. Let’s just look at the HTML code snippet now, and look at the localizations later.

  • Deconstruction of a Failure

    I first want to say that I don’t think MozReview was a total failure. There were many successes, despite the fact that we decommissioned it in favour of another system. Indeed, as I note below, we had quite a big userbase near the end. I am also sure that perspectives on MozReview vary quite a bit among the team that worked on it. These are just the particular failures that I felt most responsible for and, thus, were the most instructive for me.

    That these failures occurred early in my management career was, overall, a good thing. I can say that I learned quite a lot from the project, and it made me a better manager. I apply the lessons I’ve learned to all my team’s projects now, and I try to pass on this knowledge to others, not so they can avoid failure, but so that they can perhaps recognize it earlier than I did.

  • LibOCon Reminders
  • Reminder: LibOCon 2020 Call for Locations

    The Call for Location for LibreOffice Conference 2020 is open until June 30, 2019. It will be the 10th of a series of successful events: Paris, October 2011; Berlin, October 2012; Milan, September 2013; Bern, September 2014; Aarhus, September 2015; Brno, September 2016; Rome, October 2017; Tirana, September 2018, and Almeria, September 2019. During or around the event we will celebrate the 10th anniversary of the project, which was announced on September 28, 2010.

    The Call for Locations opens well in advance as TDF Board of Directors wants to to give the event organizers the opportunity to attend this year’s conference – in Almeria, Spain, September 11 to 13, 2019 – to familiarize with the community and the structure of the event. For historical and practical reasons, the LibreOffice Conference takes place between September and November, with a preference for September.

Mozilla: Firefox Reality coming to SteamVR, Firefox 67 Beta 16 Testday This Week, WebRender Update and Python 3 at Mozilla

Filed under
Moz/FF
  • Mozilla VR Blog: Firefox Reality coming to SteamVR

    We are excited to announce that we’re working with Valve to bring the immersive web to SteamVR!

    This January, we announced that we were bringing the Firefox Reality experience to desktop devices and the Vive stores. Since then, collaborating closely with Valve, we have been working to also bring Firefox Reality to the SteamVR immersive experience. In the coming months, users will be offered a way to install Firefox Reality via a new web dashboard button, and then launch a browser window over any OpenVR experience.

    With a few simple clicks, users will be able to access web content such as tips or guides or stream a Twitch comment channel without having to exit their immersive experiences. In addition, users will be able to log into their Firefox account once, and access synced bookmarks and cookies across both Firefox and Firefox Reality — no need to log in twice!

  • Firefox 67 Beta 16 Testday, May 3rd

    We are happy to let you know that Friday, May 3rd, we are organizing Firefox 67 Beta 16 Testday. We’ll be focusing our testing on: Track Changes M2 and WebExtensions compatibility & support.

    Check out the detailed instructions via this etherpad.

    No previous testing experience is required, so feel free to join us on #qa IRC channel where our moderators will offer you guidance and answer your questions.

  • Mozilla GFX: WebRender newsletter #44

    WebRender is a GPU based 2D rendering engine for web written in Rust, currently powering Mozilla’s research web browser servo and on its way to becoming Firefox‘s rendering engine.

  • Python 3 at Mozilla

    Mozilla uses a lot of Python. Most of our build system, CI configuration, test harnesses, command line tooling and countless other scripts, tools or Github projects are all handled by Python. In mozilla-central there are over 3500 Python files (excluding third party files), comprising roughly 230k lines of code. Additionally there are 462 repositories labelled with Python in the Mozilla org on Github (though many of these are not active). That’s a lot of Python, and most of it is Python 2.

    With Python 2’s exaugural year well underway, it is a good time to take stock of the situation and ask some questions. How far along has Mozilla come in the Python 3 migration? Which large work items lie on the critical path? And do we have a plan to get to a good state in time for Python 2’s EOL on January 1st, 2020?

Mozilla: Facebook and IRC/Slack Rants

Filed under
Moz/FF
  • Facebook’s Ad Archive API is Inadequate

    Facebook pledged in February to release an ad archive API, in order to make political advertising on the platform more transparent. The company finally released this API in late March — and we’ve been doing a review to determine if it is up to snuff.

    While we appreciate Facebook following through on its commitment to make the ad archive API public, its execution on the API leaves something to be desired. The European Commission also hinted at this last week in its analysis when it said that “further technical improvements” are necessary.

    The fact is, the API doesn’t provide necessary data. And it is designed in ways that hinders the important work of researchers, who inform the public and policymakers about the nature and consequences of misinformation.

    Last month, Mozilla and more than sixty researchers published five guidelines we hoped Facebook’s API would meet. Facebook’s API fails to meet three of these five guidelines. It’s too early to determine if it meets the two other guidelines.

  • Robert O'Callahan: Goodbye Mozilla IRC

    I've been connected to Mozilla IRC for about 20 years. When I first started hanging out on Mozilla IRC I was a grad student at CMU. It's how I got to know a lot of Mozilla people. I was never an IRC op or power user, but when #mozilla was getting overwhelmed with browser user chat I was the one who created #developers. RIP.

    I'll be sad to see it go, but I understand the decision. Technologies have best-before dates. I hope that Mozilla chooses a replacement that sucks less. I hope they don't choose Slack. Slack deliberately treats non-Chrome browsers as second-class — in particular, Slack Calls don't work in Firefox. That's obviously a problem for Mozilla users, and it would send a bad message if Mozilla says that sort of attitude is fine with them.

Mozilla: The Meta WG, Firefox Origin Telemetry and IRC

Filed under
Moz/FF
  • language-design team meta working group

    I’m happy to announce the formation of the language-design team meta working group. The Meta WG is tasked with helping to manage the transition of the language-design team to a new process – and, if consensus is something that interests you, we’d like you to help!

  • AiC: Language-design team meta working group

    On internals, I just announced the formation of the language-design team meta working group. The role of the meta working group is to figure out how other language-design team working groups should work. The plan is to begin by enumerating some of our goals – the problems we aim to solve, the good things we aim to keep – and then move on to draw up more details plans. I expect this discussion will intersect the RFC process quite heavily (at least when it comes to language design changes). Should be interesting! It’s all happening in the open, and a major goal of mine is for this to be easy to follow along with from the outside – so if talking about talking is your thing, you should check it out.

  • Firefox Origin Telemetry: Putting Prio in Practice

    Prio is neat. It allows us to learn counts of things that happen across the Firefox population without ever being able to learn which Firefox sent us which pieces of information.

    For example, Content Blocking will soon be using this to count how often different trackers are blocked and exempted from blocking so we can more quickly roll our Enhanced Tracking Protection to our users to protect them from companies who want to track their activities across the Web.

    To get from “Prio is neat” to “Content Blocking is using it” required a lot of effort and the design and implementation of a system I called Firefox Origin Telemetry.

    Prio on its own has some very rough edges. It can only operate on a list of at most 2046 yes or no questions (a bit vector). It needs to know cryptographic keys from the servers that will be doing the sums and decryption. It needs to know what a “Batch ID” is. And it needs something to reliably and reasonably-frequently send the data once it has been encoded.

  • Mike Hoye: Synchronous Text

    Let’s lead with the punchline: the question of what comes after IRC, for Mozilla, is now on my desk.

    I wasn’t in the room when IRC.mozilla.org was stood up, but from what I’ve heard IRC wasn’t “chosen” so much as it was the obvious default, the only tool available in the late ’90s. Suffice to say that as a globally distributed organization, Mozilla has relied on IRC as our main synchronous communications tool since the beginning. For much of that time it’s served us well, if for some less-than-ideal values of “us” and “well”.

    Like a lot of the early internet IRC is a quasi-standard protocol built with far more of the optimism of the time than the paranoia the infosec community now refers to as “common sense”, born before we learned how much easier it is to automate bad acts than it is to foster healthy communities. Like all unauthenticated systems on the modern net it’s aging badly and showing no signs of getting better.

    While we still use it heavily, IRC is an ongoing source of abuse and harassment for many of our colleagues and getting connected to this now-obscure forum is an unnecessary technical barrier for anyone finding their way to Mozilla via the web. Available interfaces really haven’t kept up with modern expectations, spambots and harassment are endemic to the platform, and in light of that it’s no coincidence that people trying to get in touch with us from inside schools, colleges or corporate networks are finding that often as not IRC traffic isn’t allowed past institutional firewalls at all.

Browsers: Chromium 74 on Slackware, TenFourFox on OS/2, Debugging Firefox Trunk and Brave Forked

Filed under
Google
Moz/FF
Web
  • Chromium 74 available in my repository. Also for 32bit Slackware.

    The Chromium 74 sources were released a few days ago by Google, and it comes with a long list of fixes for security issues.
    I spent almost two months to investigate why the 32bit package could no longer be built (which is one of the reasons why there were so few updates in march and april – I only have a few hours every day that I can spend on Slackware these days) and had finally managed to compile a 32bit package for Chromium 73 in a 32bit chroot environment on a 64bit Slackware OS, and that package was online for one day…. and now I tried compiling the new release on a regular 32bit Slackware OS and that worked! No idea whether this is because of my modifications of the SlackBuild.

  • Cameron Kaiser: Another interesting TenFourFox downstream

    Because we're one of the few older forks of Firefox to still backport security updates, TenFourFox code turns up in surprising places sometimes. I've known about roytam's various Pale Moon and Mozilla builds; the patches are used in both the rebuilds of Pale Moon 27 and 28 and his own fork of 45ESR. Arctic Fox, which is a Pale Moon 27 (descended from Firefox 38, with patches) rebuild for Snow Leopard and PowerPC Linux, also uses TenFourFox security patches as well as some of our OS X platform code.
    Recently I was also informed of a new place TenFourFox code has turned up: OS/2. There's no Rust for OS/2, so they're in the same boat that PowerPC OS X is, and it doesn't look like 52ESR was ever successfully ported to OS/2 either; indeed, the last "official" Firefox I can find from Bitwise is 45.9. Dave Yeo took that version (as well as Thunderbird 45.9 and SeaMonkey 2.42.9) and backported our accumulated security patches along with other fixes to yield updated "SUa1" Firefox, Thunderbird and SeaMonkey builds for OS/2. If you're curious, here are the prerequisites.

  • Update To rr Master To Debug Firefox Trunk

    The issue is that LMDB opens a file, maps it into memory MAP_SHARED, and then opens the file again and writes to it through the new file descriptor, and requires that the written data be immediately reflected in the shared memory mapping. (This behavior is not guaranteed by POSIX but is guaranteed by Linux.) rr needs to observe these writes and record the necessary memory changes, otherwise they won't happen during replay (because writes to files don't happen during replay) and replay will fail. rr already handled the case when the application write to the file descriptor (technically, the file description) that was used to map the file — Chromium has needed this for a while. The LMDB case is harder to handle. To fix LMDB, whenever the application opens a file for writing, we have to check to see if any shared mapping of that file exists and if so, mark that file description so writes to it have their shared-memory effects recorded. Unfortunately this adds overhead to writable file opens, but hopefully it doesn't matter much since in many workloads most file opens are read-only. (If it turns out to be a problem there are ways we can optimize further.) While fixing this, we also added support for the case where the application opens a file (possibly multiple times with different file descriptions) and then creates a shared mapping of one of them. To handle that, when creating a shared mapping we have to scan all open files to see if any of them refer to the mapped file, and if so, mark them so the effects of their writes are recorded.

  • Gab is forking Brave, and Brave is forking furious

    Gab, the free-speech absolutist social media network, continues to look for creative ways to resist being silenced.

    Having earned a reputation as a platform that is tolerant of even the most hateful (yet still technically legal) expressions of speech, Gab has been booted off virtually every Silicon Valley service imaginable—from payment processors to web host providers.

    Now, fresh off having its browser plug-in Dissenter, the “comment section of the Internet,” ejected from the Google and Mozilla extension libraries, Gab is taking the oft-used “if you don’t like it, go create your own” criticism to heart. The company has built its own web browser—a forked version of the open-source Brave browser—and will be releasing it within the next few weeks, Gab CEO Andrew Torba tells Decrypt .

Mozilla: Firefox Performance and Mozilla’s New Report on "Internet Health" and Rust

Filed under
Moz/FF
Syndicate content

More in Tux Machines

Announcing Oracle Solaris 11.4 SRU12

Today we are releasing the SRU 12 for Oracle Solaris 11.4. It is available via 'pkg update' from the support repository or by downloading the SRU from My Oracle Support Doc ID 2433412.1. Read more Also: Oracle Solaris 11.4 SRU12 Released - Adds GCC 9.1 Compiler & Python 3.7

Redcore Linux 1908 Released, Which Fixes Many of the Pending Bugs

Redcore Linux developer has released the new version of Redcore Linux 1908 and code name is Mira. This release fixes most of the outstanding bugs and some more polishing. Also, added new features as well. Bunch of packages (1000+) got updated because this release is based on Gentoo’s testing branch, unlike previous releases which were based on a mix of Gentoo’s stable and testing branches. Starting from Redcore Linux 1908, the packages shold be up-to-date since it’s using Gentoo’s testing branch. Read more

Red Hat Satellite 6.6 Beta is now available with enhancements across reporting, automation, and supportability

We are pleased to announce that Red Hat Satellite 6.6 is now available in beta to current Satellite customers. Red Hat Satellite is a scalable platform to manage patching, provisioning, and subscription management of your Red Hat infrastructure, regardless of where it is running. The Satellite 6.6 beta is focused on enhancements across reporting, automation, and supportability While Satellite 6.6 Beta supports Red Hat Enterprise Linux 8 hosts, it is important to note that Satellite 6.6 must be installed on a Red Hat Enterprise Linux 7 host. Support for running Satellite itself on a Red Hat Enterprise Linux 8 host is scheduled for a later release. Read more Also: Serverless on Kubernetes, diverse automation, and more industry trends

Android Leftovers