Language Selection

English French German Italian Portuguese Spanish


Mozilla on VR Today

Filed under
  • Mozilla VR Blog: VoxelJS Reboot

    If you’ve ever played Minecraft then you have used a voxel engine. My 7 year old son is a huge fan of Minecraft and asked me to make a Minecraft for VR. After some searching I found VoxelJS, a great open source library created by @maxogden and @substack. Unfortunately it hasn’t been updated for about five years and doesn't work with newer libraries.

    So what to do? Simple: I dusted it off, ported it to modern ThreeJS & Javascript, then added WebXR support. I call it VoxelJS Next.

  • Hacks.Mozilla.Org: Sharpen your WebVR skills with experiments from Glitch and Mozilla

    Earlier this year, we partnered with to produce a WebVR starter kit. In case you missed it, the kit includes a free, 5-part video course with interactive code examples that teach the fundamentals of WebVR using A-Frame. The kit is intended to help anyone get started – no coding experience required.

    Today, we are kicking off a week of WebVR experiments. These experiments build on the basic fundamentals laid out in the starter kit. Each experiment is unique and is meant to teach and inspire as you craft your own WebVR experiences.

    To build these, we once again partnered with the awesome team at as well as Glitch creator Andrés Cuervo. Andrés has put together seven experiments that range from incorporating motion capture to animating torus knots in 3D.

Mozilla: Firefox 67 Beta 10 Testday and Firefox Nightly

Filed under
  • QMO: Firefox 67 Beta 10 Testday, April 12th

    We are happy to let you know that Friday, April 12th, we are organizing Firefox 67 Beta 10 Testday. We’ll be focusing our testing on: Graphics compatibility & support and Session Restore.

    Check out the detailed instructions via this etherpad.

    No previous testing experience is required, so feel free to join us on #qa IRC channel where our moderators will offer you guidance and answer your questions.

  • Firefox Nightly: These Weeks in Firefox: Issue 56

Mozilla says "privacy is not optional," but Mozillans complain about SPAM from Mozilla

Filed under
  • Mozilla Privacy Blog: A Path Forward: Rights and Rules to Protect Privacy in the United States

    Privacy is on the tip of everyone’s tongue. Lawmakers are discussing how to legislate it, big tech is desperate to show they care about it, and everyday people are looking for tools and tips to help them reclaim it.

    That’s why today, we are publishing our blueprint for strong federal privacy legislation in the United States. Our goals are straightforward: put people back in control of their data; establish clear, effective, and enforceable rules for those using that data; and move towards greater global alignment on governing data and the role of the internet in our lives.

    For Mozilla, privacy is not optional. It’s fundamental to who we are and the work we do. It’s also fundamental to the health of the internet. Without privacy protections, we cannot trust the internet as a safe place to explore, transact, connect, and create. But thanks to a rising tide of abusive privacy practices and data breaches, trust in the internet is at an all time low.

    We’ve reached this point because data practices and public policies have failed. Data has helped spur remarkable innovation and new products, but the long-standing ‘notice-and-consent’ approach to privacy has served people poorly. And the lack of truly meaningful safeguards and user protections have led to our social, financial and even political information being misused and manipulated without our understanding.

  • Wladimir Palant: Dear Mozilla, please stop spamming!

    It clearly says that I’ve opted out, so you didn’t forget. So why do you keep sending me promotional messages?

    This isn’t your only issue however. A year ago I reported a security issue in Mozilla Basket (not publicly accessible). The essence is that subscribing anybody to Mozilla’s newsletters is trivial even if that person opted out previously. The consensus in this bug seems to be that this is “working as expected.” This cannot seriously be it, right?

Programming: Tap-Hat, IBM, Python, Mozilla

Filed under
  • Debug Raspberry Pi software, and more, with this hardware

    Not available quite yet, it is being designed in the UK by eCosCentric – the source of the eCosPro RTOS.
    Physically, it mates with the Raspberry Pi IO header, but extends away from the Pi (unlike a typical HAT which site over the Pi) to allow probing access to Pi components. Its stacking header allows further HATs to be connected over the Pi in the normal orientation.
    To use Tap-Hat, certain Pi IO pins have to be re-allocated for JTAG use – the firm’s own Redboot SD Card boot-loader supports this configuration of Pi JTAG pin map, and configures the CPU’s alternate pin mappings to match the Tap-Hat board’s jumper settings.
    Supported external JTAG debuggers include Lauterbach TRACE32, Ronetix PEEDI and Segger J-Link.

  • What’s Happening with RISC-V ?
  • IBM Clarifies Java Options Following Oracle License Crackdown

    IBM i shops that are wondering how to maintain their Java environments following Oracle’s recent decision to restrict access to Java runtimes and development tools should pay close attention to some recommendations that IBM is making concerning Java, particularly how it impacts Access Client Solutions (ACS).

    Oracle is slated to ship a critical security update for Java Standard Edition (SE) 8 in a week and a half. But unless you have bought a commercial license for Java SE 8, your business won’t be getting that update, which could leave your systems vulnerable. That’s because in late 2018, Oracle made some rather large changes to the way customers will receive patches and updates for the aging Java environment.

  • Plot the balance of power graph with python

    We are supposed to finish the previous Forex and Stock application project already but because it has been a while I am not writing anything on this website, therefore I would like to include another feature into the previous project just to let you know that this site is still active.

    The feature I am going to include in the ongoing project is the balance of power graph. The Balance of Power indicator measures the market strength of buyers against sellers by assessing the ability of each side to drive prices to an extreme level. The calculation is: Balance of Power = (Close price – Open price) / (High price – Low price) The resulting value can be smoothed by a moving average.

  • Python for NLP: Sentiment Analysis with Scikit-Learn

    This is the fifth article in the series of articles on NLP for Python. In my previous article, I explained how Python's spaCy library can be used to perform parts of speech tagging and named entity recognition. In this article, I will demonstrate how to do sentiment analysis using Twitter data using the Scikit-Learn library.

  • This Week in Rust 280
  • QMO: Firefox 67 Beta 6 Testday Results

    As you may already know, last Friday March 29th – we held a new Testday event, for Firefox 67 Beta 6.

    Thank you all for helping us make Mozilla a better place: amirtha V, Shanthi Priya G,  Rok Žerdin, Aishwarya Narasimhan, Mohamed Bawas.

    From Mozilla Bangladesh Community: Maruf Rahman, Sayed Ibn Masud, Reazul Islam.

Security: Espionage, Mozilla, Apache, and Windows Ransomware

Filed under
  • Woman from China, with malware in tow, illegally entered Trump’s Mar-a-Lago
  • Govt allocates funds to boost election security

    The Federal Government has allocated an unspecified amount in Tuesday's Federal Budget to improve cyber security arrangements for the forthcoming election.

  • Former Mozilla CTO files complaint against border patrol over warrantless phone search

    According to the ACLU’s complaint, Customs and Border Protection agents in San Francisco International Airport stopped and interrogated Gal — a Hungarian-born US citizen — as he returned from a business trip in Sweden. The agents allegedly demanded that he hand over the passcodes to his Apple-issued phone and computer. When Gal asked to speak to an attorney, they allegedly threatened him with criminal prosecution for resisting a federal officer, “interrogated him about every aspect of his travel and his possessions,” and revoked his expedited Global Entry status for “refusal to comply with a search.”


    Gal and the ACLU speculate that the search was motivated by suspicion over Gal’s previous privacy advocacy and his political opinions, stating that the agents asked detailed questions about his work with the privacy-conscious Mozilla — which Gal left back in 2015 to help found Silk Labs, an AI startup that was later acquired by Apple. The Department of Homeland Security didn’t immediately respond to a request for comment on the complaint or its allegations.

  • DNS-over-HTTPS (DoH) Update – Recent Testing Results and Next Steps

    Back in November 2018, we rolled out a test of DoH in the United States to look at possible impacts to Content Delivery Networks (CDNs). Our goal was to closely examine performance again, specifically the case when users get less localized DNS responses that could slow the browsing experience, even if the DNS resolver itself is accurate and fast. We worked with Akamai to help us understand more about the possible impact.

    The results were strong! Like our previous studies, DoH had minimal impact or clearly improved the total time it takes to get a response from the resolver and fetch a web page.

  • Stay and Compile a While | LINUX Unplugged 295

    Is there really any advantage to building your software vs installing the package? We discuss when and why you might want to consider building it yourself.

    Plus some useful things Mozilla is working on and Cassidy joins us to tell us about elementary OS' big choice.

  • Apache web server bug grants root access on shared hosting environments
  • Arizona Beverages knocked offline by ransomware attack

    The ransomware also infected the company’s Windows-powered Exchange server, knocking out email across the entire company. Although its Unix systems were unaffected, the ransomware outbreak left the company without any computers able to process customer orders for almost a week. Staff began processing orders manually several days into the outage.

Mozilla: Edouard Oger, Mike Hoye, Firefox Improvements and Firefox UX

Filed under
  • Crossing the Rust FFI frontier with Protocol Buffers

    My team, the application services team at Mozilla, works on Firefox Sync, Firefox Accounts and WebPush.

    These features are currently shipped on Firefox Desktop, Android and iOS browsers. They will soon be available in our new products such as our upcoming Android browser, our password manager Lockbox, and Firefox for Fire TV.

  • Mike Hoye: Fixer (Mozilla)

    My name is Mike Hoye; I go by "mhoye" out here on the intertubes, and I have the good fortune to work for Mozilla. I should mention that what follows aren't company opinions, but I suppose that'll be very, very obvious in a moment.

    I started at Mozilla years ago as their first engineering community manager. My early work focused on codebase and organizational accessibility, the ergonomics of Mozilla's commitment to open development. Since then I've been fortunate to work under some excellent managers who've given me the freedom to run towards fires and the support to carry some challenging, sometimes unpleasant tasks over the line. As a result my role has grown in a bunch of interesting directions, to the point where it's now hard to define; on top of the community work and organizational accessibility, I'm involved in training, licensing, communications mentoring, incident response coordination and a number of other org-crosscutting efforts. I've even ended up in charge of the venerable Planet Mozilla in the process somehow.

    Presently my title is "Senior Staff Project Manager" because, as my boss puts it, it's the closest thing on the list to "fixer". I mostly help people talk to each other; I seem to have found my niche solving problems that are supposedly about the tech but really about the people around it. My boss describes these as "mhoye-shaped problems", to my ongoing delight. It makes me think of the outline Wile E. Coyote leaves in the cliff face.

    Between all that I write about software, history, team-building, the industry in general or random nonsense, sometimes because I have something to say but often just to sharpen the tools.

    I should caution you: a few years ago a research paper was published that described a class of people whose technology choices were a reliable predictor those products would fail in the market. For a while now some colleagues have enjoyed keeping track of my tech choices so that they can short the companies that make them, so that paper quickly made the rounds attached to alarmed emails that basically said "there are more like him, we must warn the village". So on the one hand, if you're asking me for technology recommendations, you should know that I'm the angel of death. On the other hand, all my favorite Uses This interviews call to mind the Matsuo Bashō line that the footprints of the wise lead nowhere, a bar I'd like to clear as well. And it goes without saying that any sufficiently advanced aesthetic is indistinguishable from cosplay, that if your aesthetic is easily distinguished from cosplay it's insufficiently advanced. So calibrate your expectations accordingly and let's get into it.

  • Stop videos from automatically playing with new autoplay controls from Firefox

    The web is 30 years old. Over its lifetime we’ve had developments that have brought us to peaks of delight and others to the pits of frustration. The blink tag, pop-up ads, click bait and trolls are all things that diminish our web experience. Perhaps the greatest offender of internet etiquette today is video autoplay. Be it an ad, a YouTube video or a site that just can’t wait to tell you all about itself, autoplay video is an annoyance. In our own study 90% of the users polled wanted Firefox to stop videos from automatically playing. We’re here for you, so we’ve added a new feature called Block Autoplay to stop all that noise from starting in the first place.

  • Firefox UX: An exception to our ‘No Guerrilla Research’ practice: A tale of user research at MozFest

    Sometimes, when you’re doing user research, things just don’t quite go as planned. MozFest was one of those times for us.

    MozFest, the Mozilla Festival, is a vibrant conference and week-long “celebration for, by, and about people who love the internet.” Held at a Ravensbourne university in London, the festival features nine floors of simultaneous sessions. The Add-ons UX team had the opportunity to host a workshop at MozFest about co-designing a new submission flow for browser extensions and themes. The workshop was a version of the Add-ons community workshop we held the previous day.

    On the morning of our workshop, we showed up bright-eyed, bushy-tailed, and fully caffeinated. Materials in place, slides loaded…we were ready. And then, no one showed up.

    Perhaps because 1) there was too much awesome stuff going on at the same time as our workshop, 2) we were in a back corner, and 3) we didn’t proactively advertise our talk enough.

    After processing our initial heartache and disappointment, Emanuela, a designer on the team, suggested we try something we don’t do often at Mozilla, if at all: guerrilla research. Guerrilla user research usually means getting research participants from “the street.” For example, a researcher could stand in front of a grocery store with a tablet computer and ask people to use a new app. This type of research method is different than “normal” user research methods (e.g. field research in a person’s home, interviewing someone remotely over video call, conducting a usability study in a conference room at an office) because there is much less control in screening participants, and all the research is conducted in the public eye [1].

Mozilla/Firefox: TenFourFox and Listening Devices

Filed under
  • TenFourFox FPR14b1 available (now with H.264 video)

    I had originally plotted three main features for this release, but getting the urgent FPR13 SPR1 set me back a few days with confidence testing and rebuilds and I have business trips and some vacation time coming up, so I jettisoned the riskiest of the three features (a set of JavaScript updates and a ugly hack to get Github and other sites working fully again) and concentrated on the other two. I'll be looking at that again for FPR15, so more on that later.

    Before we get to the marquee features, though, there are two changes which you may not immediately notice. The first is a mitigation for a long-standing issue where some malicious sites keep popping up authentication modals using HTTP Auth. Essentially you can't do anything with the window until the modal is dealt with, so the site just asks for your credentials over and over, ultimately making the browser useless (as a means to make you call their "support line" where they can then social engineer their way into your computer). The ultimate solution is to make such things tab-modal rather than window-modal, but that's involved and sort of out of scope, so we now implement a similar change to what current Firefox does where there is a cap of three Cancels. If you cancel three times, the malicious site is not allowed to issue any more requests until you reload it. No actual data is leaked, assuming you don't type anything in, but it can be a nasty denial of service and it would have succeeded in ruining your day on TenFourFox just as easily as any other Firefox derivative. That said, just avoid iffy sites, yes?

    The second change is more fundamental. For Firefox 66 Mozilla briefly experimented with setting a frame rate cap on low-end devices. Surprise, surprise: all of our systems are low-end devices! In FPR13 and prior, TenFourFox would try to push as many frames to the compositor as possible, no matter what it was trying to do, to achieve a 60fps target or better. However, probably none of our computers with the possible exception of high-end G5s were probably achieving 60fps consistently on most modern websites, and the browser would flail trying to desperately keep up. Instead, by setting a cap and enforcing it with software v-sync, frames aren't pushed as often and the browser can do more layout and rendering work per frame. Mozilla selected a 30fps cap, so that's what I selected as an arbitrary first cut. Some sites are less smooth, but many sites now render faster to first paint, particularly pages that do a lot of DOM transforms because now the resulting visual changes are batched. This might seem like an obvious change to make but the numbers had never been proven until then.

  • Sustainable smart home with the TXT

    Mozilla started venturing into IoT recently. They are trying to advocate for better privacy and user freedom by promoting interoperability. These goals are unified in a proposal for a device API that is based on web protocols called “Web of Things”. It is developed in collaboration with smart home and “industry 4.0” manufacturers. This API isn’t necessarily implemented by each device directly, some devices are too low powered to provide a web server or are using other successful local mesh networks like Z-Wave or Zigbee. In these cases a gateway that is connected to the user’s local network would provide the web thing API.

    The web thing API breaks physical devices down into three attributes: properties, actions and events. Properties as stateful values that can both be changed by the device and the user (I’ll often refer to the user as the client). A device can however declare a property as read-only or add input value restrictions. Actions let the user execute an action on the device that either isn’t stateful or affects multiple properties. Lastly, events are fired by the device to indicate a momentary effect that is not reflected in the state. Above that is a capabilities system, with which devices can indicate the semantics of their features. For example a light bulb can advertise itself as being a “Lamp”, it’s brightness property will be a “BrightnessProperty” and the power toggle will be an “OnOffProperty”. These allow clients to expose appropriate UIs and behaviors for devices. The protocol is available over HTTP(S) and optionally WebSockets for real-time communication of changes.

    Mozilla is developing both a reference gateway to control devices using this protocol and reference implementations in multiple languages to build web things with. The “WebThing gateway” also has an adapter system to bridge other smart home protocols to the web of things data model.

Mozilla: Extensions in Firefox 67, Firefox 66.0.2, and Mozilla’s Firefox Lockbox

Filed under
  • Mozilla Addons Blog: Extensions in Firefox 67

    There are a couple of major changes coming to Firefox. One is in the current Beta 67 release, while the other in the Nightly 68 release, but is covered here as an early preview for extension developers.

  • Firefox 66.0.2 Now Available for Download

    Mozilla has just released a new Firefox update, only a few days after the company previously published another version to address a couple of security vulnerabilities.

    Firefox 66.0.2, however, comes with no release notes, as Mozilla has just published the new version on its FTP server to begin serving the downloads. However, further information on what’s been changed in the update should be provided later today.

    Nevertheless, unless Mozilla introduces further security improvements, this browser version should be all about fixing bugs under the hood, so there’s a good chance you won’t notice any difference after installing it. Obviously, you’re still recommended to install it to get all these latest refinements.

  • Mozilla’s Firefox Lockbox To Store Passwords Now On Android

    The Firefox Lockbox password manager app allows users to securely store passwords, which are already stored in the Mozilla Firefox browser. Therefore, a downside appears; it doesn’t let users add new passwords or delete the existing ones.

  • Firefox Lockbox Now on Android, Keeping your Passwords Safe

    If you’re like most Firefox users, you have dozens if not hundreds of stored logins in your browser. When you use Firefox Accounts you get to take your logins on the web in Firefox Mobile. Today, many of those logins are the same ones used in the apps you download on mobile, so we’ve been working on making your various online identities work on your terms.

    Today, we are excited to bring Firefox Lockbox to Android users, a secure app that keeps people’s passwords with them wherever they go.

Mozilla Thunderbird 60.6.1 Released with Critical Security Fixes

Filed under

Mozilla Thunderbird 60.6.1 comes with the same security patches that were released as part of Firefox 66.0.1 last week.

As explained in the official advisory here, Mozilla resolved two different security flaws, both of which were reported by Trend Micro’s Zero Day Initiative.

Read more

Google Chrome and Mozilla Firefox Leftovers

Filed under
  • Chrome 74 beta: reducing unwanted motion, private class fields, and feature policy API

    Unless otherwise noted, changes described below apply to the newest Chrome Beta channel release for Android, Android WebView, Chrome OS, Linux, macOS, and Windows. View a complete list of the features in Chrome 74 on Chrome 74 is beta as of March 22, 2019.

  • Chrome 74 Beta Released With CSS Media Query To Prefer Reduced Motion/Animations

    Google engineers are ending out their work week by issuing the beta of Chrome 74. 

    The Chrome 74 Beta features the CSS "prefers-reduced-motion" media query for honoring accessibility settings for those that may want to reduce/eliminate animations or other motions. Also on the developer side is ECMAScript private class fields, a JavaScript API for feature policy, CSS transition events, WebRTC additions, and other changes.

  • Mike Conley: Firefox Front-End Performance Update #15

    Firefox 66 has been released, Firefox 67 is out on the beta channel, and Firefox 68 is cooking for the folks on the Nightly channel! These trains don’t stop!

    With that, let’s take a quick peek at what the Firefox Front-end Performance team has been doing these past few weeks…

  • SUMO A/B Experiments

    This year the SUMO team is focused on learning what to improve on our site. As part of that, we spent January setting up for A/B testing and last week we ran our first test!

  • Get the tablet experience you deserve with Firefox for iPad

    We know that iPads aren’t just bigger versions of iPhones. You use them differently, you need them for different things. So rather than just make a bigger version of our browser for iOS, we made Firefox for iPad look and feel like it was custom made for a tablet. Mostly because it was.

Syndicate content

More in Tux Machines

Programming/Development Leftovers

Openwashing Leftovers/New Examples

Kernel and Linux Foundation in Pockets of Proprietary Software Vendors

  • AT&T, Nokia open up the radio’s edge to third party apps [Ed: Openwashing to dominate the standards and interfaces (with patents) through the "Linux" Foundation]
    AT&T and Nokia have developed a radio edge cloud (REC) appliance that the two companies plan to release into open source via the Linux Foundation. The REC will make it possible for third parties to develop apps and get access to the radio access network (RAN). [...] Murphy said that it is not easy to predict all the use cases for REC but added that having an open source edge cloud with open interfaces to the RAN control will allow operators to have more options.
  • Accord Project to develop open source framework for smart legal contracts [Ed: They're promoting and spreading proprietary software and proprietary formats of Microsoft]
    One of the main purposes of Accord Project is, therefore, to provide a vendor-neutral “.doc” format for smart legal agreements.
  • Apple joins the open-source Cloud Native Computing Foundation
    Apple, in typical fashion, isn’t commenting on the announcement, but the CNCF notes that end-user memberships are meant for organizations that are “heavy users of open source cloud native technologies” and that are looking to give back to the community. By becoming a CNCF end-user member, companies also join the Linux Foundation .
  • Linux stable tree mirror at github [Ed: Greg Kroah-Hartman giving Microsoft more control over Linux]
    It differs from Linus’s tree at: in that it contains all of the different stable tree branches and stable releases and tags, which many devices end up building on top of. So, mirror away! Also note, this is a read-only mirror, any pull requests created on it will be gleefully ignored, just like happens on Linus’s github mirror. If people think this is needed on any other git hosting site, just let me know and I will be glad to push to other places as well.

Security Leftovers

  • Industry Watch: Of open source, data breaches and speed [Ed: And proprietary software is a lot less suitable for security and privacy purposes because there are surveillance 'features' disguised and back doors too]
    Open-source software helps developers work faster and smarter, as they don’t have to ‘re-invent the wheel’ every time create an application. They just need to be sure the license attached to that software allows them to use the component the way they want. They also need to stay on top of that application, so if the component changes, or an API changes, their application isn’t affected and they are still in compliance. Data protection is also something organizations must get serious about. While the GDPR only affects users in the European Union, it’s only a matter of time before those or similar regulations are in place in the U.S. and elsewhere. Companies should get a jump on that by doing a thorough audit of their data, to know they are prepared to be compliant with whatever comes down from the statehouses or from Washington, D.C. On the speed side, the benefits of Agile and DevOps are clear. These methodologies enable companies to bring new software products to market faster, with the result of getting a jump on the competition, working more efficiently and ultimately serving your customers. Unfortunately, these efforts are usually done by different teams of developers, database administrators and security experts. If the Equifax and Facebook breaches have taught us anything, it’s that you can’t expect developers to be security experts, and you can’t expect DB admins to understand the ramifications on the business when data is misunderstood. It will take a coordinated approach to IT to achieve business goals while not leaving the company — and its IP and PII data — exposed.
  • VLC patches critical flaws through EU open source bug bounty program
    More than 30 security issues have been fixed in VLC, the popular open source media player, with developers praising an EU-funded bug bounty program for helping produce its most secure update yet. VLC media player, created by the software non-profit VideoLAN, was found to have 33 vulnerabilities within various versions, including two that were considered critical. An out-of-bounds write was one of the severe vulnerabilities found to affect all VLC versions, and a stack buffer overflow was also discovered in VLC 4.0. Less severe vulnerabilities consisted of out-of-band reads, heap overflows, NULL-dereference, and use-after-free bugs. An updated version, VLC 3.0.7, has since been released for users to download.
  • VLC Player Gets Patched for Two High Severity Bugs
  • Asigra FreeNAS plugin brings open source data protection [Ed: Some openwashing of proprietary software]
    Asigra is trying to capture FreeNAS users with a free-to-try plugin version of its backup software. The Asigra FreeNAS plugin released this week allows customers to turn their iXsystems FreeNAS storage systems into backup targets. It encrypts and deduplicates data before it is sent to the FreeNAS system. The plugin also detects and quarantines malware and ransomware so that it doesn't get backed up.
  • TrueCommand Brings Single Pane of Glass Management to TrueNAS and FreeNAS Fleets
  • WSO2 and Ping Identity Partner to Provide Comprehensive, AI-Powered Cyber-Attack Protection for APIs
  • The Open Source Cookbook: A Baker’s Guide to Modern Application Development
    Let’s begin our cookbook by selecting our recipe. I’ve had some phenomenal baked goods, and I’ve had some not-so-phenomenal baked goods (there is rarely a bad baked good). But I’ve been surprised before, by a croissant from a diner that didn’t taste like the one from the local French bakery, or by a buttercream frosting at a supermarket that just didn’t have the same delicate touch as the one I make at home. In each case, I expected the same as I had before – by title – yet encountered a much different experience. When selecting your recipes, it’s important to understand which type of a particular food you are expecting to make, or you may be met with a different taste when you finish than you were hoping for when you began. [...] As with cooking, when incorporating open source components into applications, it’s important to understand origin and evolution of what you’re baking into your software. Carefully review your open source component versions, and evaluate the community’s activity in order to have the greatest chance possible to predict the possible technical debt you may inherit.