Language Selection

English French German Italian Portuguese Spanish

Moz/FF

Mozilla: The Meta WG, Firefox Origin Telemetry and IRC

Filed under
Moz/FF
  • language-design team meta working group

    I’m happy to announce the formation of the language-design team meta working group. The Meta WG is tasked with helping to manage the transition of the language-design team to a new process – and, if consensus is something that interests you, we’d like you to help!

  • AiC: Language-design team meta working group

    On internals, I just announced the formation of the language-design team meta working group. The role of the meta working group is to figure out how other language-design team working groups should work. The plan is to begin by enumerating some of our goals – the problems we aim to solve, the good things we aim to keep – and then move on to draw up more details plans. I expect this discussion will intersect the RFC process quite heavily (at least when it comes to language design changes). Should be interesting! It’s all happening in the open, and a major goal of mine is for this to be easy to follow along with from the outside – so if talking about talking is your thing, you should check it out.

  • Firefox Origin Telemetry: Putting Prio in Practice

    Prio is neat. It allows us to learn counts of things that happen across the Firefox population without ever being able to learn which Firefox sent us which pieces of information.

    For example, Content Blocking will soon be using this to count how often different trackers are blocked and exempted from blocking so we can more quickly roll our Enhanced Tracking Protection to our users to protect them from companies who want to track their activities across the Web.

    To get from “Prio is neat” to “Content Blocking is using it” required a lot of effort and the design and implementation of a system I called Firefox Origin Telemetry.

    Prio on its own has some very rough edges. It can only operate on a list of at most 2046 yes or no questions (a bit vector). It needs to know cryptographic keys from the servers that will be doing the sums and decryption. It needs to know what a “Batch ID” is. And it needs something to reliably and reasonably-frequently send the data once it has been encoded.

  • Mike Hoye: Synchronous Text

    Let’s lead with the punchline: the question of what comes after IRC, for Mozilla, is now on my desk.

    I wasn’t in the room when IRC.mozilla.org was stood up, but from what I’ve heard IRC wasn’t “chosen” so much as it was the obvious default, the only tool available in the late ’90s. Suffice to say that as a globally distributed organization, Mozilla has relied on IRC as our main synchronous communications tool since the beginning. For much of that time it’s served us well, if for some less-than-ideal values of “us” and “well”.

    Like a lot of the early internet IRC is a quasi-standard protocol built with far more of the optimism of the time than the paranoia the infosec community now refers to as “common sense”, born before we learned how much easier it is to automate bad acts than it is to foster healthy communities. Like all unauthenticated systems on the modern net it’s aging badly and showing no signs of getting better.

    While we still use it heavily, IRC is an ongoing source of abuse and harassment for many of our colleagues and getting connected to this now-obscure forum is an unnecessary technical barrier for anyone finding their way to Mozilla via the web. Available interfaces really haven’t kept up with modern expectations, spambots and harassment are endemic to the platform, and in light of that it’s no coincidence that people trying to get in touch with us from inside schools, colleges or corporate networks are finding that often as not IRC traffic isn’t allowed past institutional firewalls at all.

Browsers: Chromium 74 on Slackware, TenFourFox on OS/2, Debugging Firefox Trunk and Brave Forked

Filed under
Google
Moz/FF
Web
  • Chromium 74 available in my repository. Also for 32bit Slackware.

    The Chromium 74 sources were released a few days ago by Google, and it comes with a long list of fixes for security issues.
    I spent almost two months to investigate why the 32bit package could no longer be built (which is one of the reasons why there were so few updates in march and april – I only have a few hours every day that I can spend on Slackware these days) and had finally managed to compile a 32bit package for Chromium 73 in a 32bit chroot environment on a 64bit Slackware OS, and that package was online for one day…. and now I tried compiling the new release on a regular 32bit Slackware OS and that worked! No idea whether this is because of my modifications of the SlackBuild.

  • Cameron Kaiser: Another interesting TenFourFox downstream

    Because we're one of the few older forks of Firefox to still backport security updates, TenFourFox code turns up in surprising places sometimes. I've known about roytam's various Pale Moon and Mozilla builds; the patches are used in both the rebuilds of Pale Moon 27 and 28 and his own fork of 45ESR. Arctic Fox, which is a Pale Moon 27 (descended from Firefox 38, with patches) rebuild for Snow Leopard and PowerPC Linux, also uses TenFourFox security patches as well as some of our OS X platform code.
    Recently I was also informed of a new place TenFourFox code has turned up: OS/2. There's no Rust for OS/2, so they're in the same boat that PowerPC OS X is, and it doesn't look like 52ESR was ever successfully ported to OS/2 either; indeed, the last "official" Firefox I can find from Bitwise is 45.9. Dave Yeo took that version (as well as Thunderbird 45.9 and SeaMonkey 2.42.9) and backported our accumulated security patches along with other fixes to yield updated "SUa1" Firefox, Thunderbird and SeaMonkey builds for OS/2. If you're curious, here are the prerequisites.

  • Update To rr Master To Debug Firefox Trunk

    The issue is that LMDB opens a file, maps it into memory MAP_SHARED, and then opens the file again and writes to it through the new file descriptor, and requires that the written data be immediately reflected in the shared memory mapping. (This behavior is not guaranteed by POSIX but is guaranteed by Linux.) rr needs to observe these writes and record the necessary memory changes, otherwise they won't happen during replay (because writes to files don't happen during replay) and replay will fail. rr already handled the case when the application write to the file descriptor (technically, the file description) that was used to map the file — Chromium has needed this for a while. The LMDB case is harder to handle. To fix LMDB, whenever the application opens a file for writing, we have to check to see if any shared mapping of that file exists and if so, mark that file description so writes to it have their shared-memory effects recorded. Unfortunately this adds overhead to writable file opens, but hopefully it doesn't matter much since in many workloads most file opens are read-only. (If it turns out to be a problem there are ways we can optimize further.) While fixing this, we also added support for the case where the application opens a file (possibly multiple times with different file descriptions) and then creates a shared mapping of one of them. To handle that, when creating a shared mapping we have to scan all open files to see if any of them refer to the mapped file, and if so, mark them so the effects of their writes are recorded.

  • Gab is forking Brave, and Brave is forking furious

    Gab, the free-speech absolutist social media network, continues to look for creative ways to resist being silenced.

    Having earned a reputation as a platform that is tolerant of even the most hateful (yet still technically legal) expressions of speech, Gab has been booted off virtually every Silicon Valley service imaginable—from payment processors to web host providers.

    Now, fresh off having its browser plug-in Dissenter, the “comment section of the Internet,” ejected from the Google and Mozilla extension libraries, Gab is taking the oft-used “if you don’t like it, go create your own” criticism to heart. The company has built its own web browser—a forked version of the open-source Brave browser—and will be releasing it within the next few weeks, Gab CEO Andrew Torba tells Decrypt .

Mozilla: Firefox Performance and Mozilla’s New Report on "Internet Health" and Rust

Filed under
Moz/FF

WWW and Development

Filed under
Development
Moz/FF
OSS
Web
  • Acquisition roundabout sees Zend Framework spun off to Linux Foundation

    The Zend Framework is to get a new name and a new home, under the auspices of the Linux Foundation, just a few months after its parent co was itself swallowed whole.

    Zend – as was – is an open source, object-oriented web application framework implemented in PHP 7. It was synonymous with Zend Technologies, which was taken over by Rogue Wave Software in 2015. Rogue Wave Software was itself acquired by private equity outfit Clear Lake Capital earlier this year.

    According to the website for the new organisation, “To take it to the next step of adoption and innovation, we are happy to announce that we are transitioning Zend Framework and all its subprojects to an open source project hosted at the Linux Foundation.”

  • Five RESTful web service client examples for developers

    How do you access a RESTful web service? That depends on what you're trying to accomplish.

    If you just want to test connectivity, a terminal-based utility like curl is a great RESTful web service client. If you want to inspect the JSON a service returns to you, a browser-based plugin will probably be a better fit. And if you are in the midst of application development, you'll likely need to use JAX-RS, Spring or a similar framework.

  • 5 Best Reasons to Opt for PHP Web Development

    Many companies now are choosing PHP web development to realize their IT needs. According to research, almost 83 percent of web services are using PHP, and it is the preferred choice of industry stalwarts such as BlaBlaCar, Slack, and Spotify. PHP is open source and comes with a great community, and it is continuously upgrading. There is no doubt about the same.

  • It’s Complicated: Mozilla’s 2019 Internet Health Report

    The Report paints a mixed picture of what life online looks like today. We’re more connected than ever, with humanity passing the ‘50% of us are now online’ mark earlier this year. And, while almost all of us enjoy the upsides of being connected, we also worry about how the internet and social media are impacting our children, our jobs and our democracies.

    When we published last year’s Report, the world was watching the Facebook-Cambridge Analytica scandal unfold — and these worries were starting to grow. Millions of people were realizing that widespread, laissez-faire sharing of our personal data, the massive growth and centralization of the tech industry, and the misuse of online ads and social media was adding up to a big mess.

    Over the past year, more and more people started asking: what are we going to do about this mess? How do we push the digital world in a better direction?

    As people asked these questions, our ability to see the underlying problems with the system — and to imagine solutions — has evolved tremendously. Recently, we’ve seen governments across Europe step up efforts to monitor and thwart disinformation ahead of the upcoming EU elections. We’ve seen the big tech companies try everything from making ads more transparent to improving content recommendation algorithms to setting up ethics boards (albeit with limited effect and with critics saying ‘you need to do much more!’). And, we’ve seen CEOs and policymakers and activists wrestling with each other over where to go next. We have not ‘fixed’ the problems, but it does feel like we’ve entered a new, sustained era of debate about what a healthy digital society should look like.

Mozilla on Nuisance Videos and Servo Progress

Filed under
Moz/FF

Mozilla: VoxelJS, AiC and Mozilla B-Team

Filed under
Moz/FF
  • Mozilla VR Blog: VoxelJS: Chunking Magic

    A couple of weeks ago I relaunched VoxelJS with modern ThreeJS and modules support. Today I'm going to talk a little bit about how VoxelJS works internally, specifically how voxels are represented and drawn. This is the key magic part of a voxel engine and I owe a tremendous debt to Max Ogden, James Halliday and Mikola Lysenko

    Voxels are represented by numbers in a large three dimensional array. Each number says what type of block goes in that block slot, with 0 representing empty. The challenge is how to represent a potentially infinite set of voxels without slowing the computer to a crawl. The only way to do this is to load just a portion of the world at a time.

  • AiC: Collaborative summary documents

    One of my goals was that we could, at least for a moment, disconnect people from their particular position and turn their attention towards the goal of achieving a shared and complete summary. I didn’t feel that we were very succesful in this goal.

    For one thing, most participants simply left comments on parts they disagreed with; they didn’t themselves suggest alternate wording. That meant that I personally had to take their complaint and try to find some “middle ground” that accommodated the concern but preserved the original point. This was stressful for me and a lot of work. More importantly, it meant that most people continued to interact with the document as advocates for their point-of-view, rather than trying to step back and advocate for the completeness of the summary.

    In other words: when you see a sentence you disagree with, it is easy to say that you disagree with it. It is much harder to rephrase it in a way that you do agree with – but which still preserves (what you believe to be) the original intent. Doing so requires you to think about what the other person likely meant, and how you can preserve that.

    However, one possible reason that people may have been reluctant to offer suggestions is that, often, it was hard to make “small edits” that addressed people’s concerns. Especially early on, I found that, in order to address some comment, I would have to make larger restructurings. For example, taking a small sentence and expanding it to a bullet point of its own.

    Finally, some people who were active on the thread didn’t participate in the doc. Or, if they did, they did so by leaving comments on the original GitHub thread. This is not surprising: I was asking people to do something new and unfamiliar. Also, this whole process played out relatively quickly, and I suspect some people just didn’t even see the document before it was done.

    If I were to do this again, I would want to start it earlier in the process. I would also want to consider synchronous meetings, where we could go try to process edits as a group (but I think it would take some thought to figure out how to run such a meeting).

    In terms of functioning asynchronously, I would probably change to use a Google Doc instead of a Dropbox Paper. Google Docs have a better workflow for suggesting edits, I believe, as well, as a richer permissions model.

    Finally, I would try to draw a harder line in trying to get people to “own” the document and suggest edits of their own. I think the challenge of trying to neutrally represent someone else’s point of view is pretty powerful.

  • Mozilla B-Team: happy bmo push day!

    Bugfixes + enabling the new security feature for API keys.

Android Browser Choice Screen in Europe

Filed under
Android
Google
Moz/FF
Web

Today, Google announced a new browser choice screen in Europe. We love an opportunity to show more people our products, like Firefox for Android. Independent browsers that put privacy and security first (like Firefox) are great for consumers and an important part of the Android ecosystem.

There are open questions, though, about how well this implementation of a choice screen will enable people to easily adopt options other than Chrome as their default browser. The details matter, and the true measure will be the impact on competition and ultimately consumers. As we assess the results of this launch on Mozilla’s Firefox for Android, we’ll share our impressions and the impact we see.

Read more

Introducing Mozilla WebThings

Filed under
Moz/FF

The Mozilla IoT team is excited to announce that after two years of development and seven quarterly software updates that have generated significant interest from the developer & maker community, Project Things is graduating from its early experimental phase and from now on will be known as Mozilla WebThings.

Read more

Also: Mozilla "WebThings" No Longer An Experiment

Mozilla and Firefox News

Filed under
Moz/FF
  • Chris H-C: Distributed Teams: A Test Failing Because It’s Run West of Newfoundland and Labrador

    When Firefox starts up the first time, it doesn’t know where it is. And it needs to know where it is to properly make a first guess at what language you want and what search engines would work best. Google’s results are pretty bad in Canada unless you use “google.ca”, after all.

    But while Firefox doesn’t know where it is, it does know is what timezone it’s in from the settings in your OS’s clock. On top of that it knows what language your OS is set to. So we make a first guess at which search region we’re in based on whether or not the timezone overlaps a US timezone and if your OS’ locale is `en-US` (United States English).

    What this fails to take into account is that United States English is the “default” locale reported by many OSes even if you aren’t in the US. And how even if you are in a timezone that overlaps with the US, you might not be there.

  • Fluent 1.0: a localization system for natural-sounding translations

    Fluent is a family of localization specifications, implementations and good practices developed by Mozilla. It is currently used in Firefox. With Fluent, translators can create expressive translations that sound great in their language. Today we’re announcing version 1.0 of the Fluent file format specification. We’re inviting translation tool authors to try it out and provide feedback.

  • Mark Surman: Getting crisper about ‘better AI’

    As I wrote a few weeks back, Mozilla is increasingly coming to the conclusion that making sure AI serves humanity rather than harms it is a key internet health issue. Our internet health movement building efforts will be focused in this area in the coming years.

    In 2019, this means focusing a big part of our investment in fellowships, awards, campaigns and the Internet Health Report on AI topics. It also means taking the time to get crisper on what we mean by ‘better’ and defining a specific set of things we’d like to see happen around the politics, technology and use of AI. Thinking this through now will tee up work in the years to come.

    We started this thinking in an ‘issue brief’ that looks at AI issues through the lens of internet health and the Mozilla Manifesto. It builds from the idea that intelligent systems are ultimately designed and shaped by humans — and then looks at areas where we need to collectively figure out how we want these systems used, who should control them and how we should mitigate their risks. The purpose of this brief is to spark discussions in and around Mozilla that will help us come up with more specific goals and plans of action.

  • Mozilla B-Team: happy bmo push day!
  • Mozilla reacts to European Parliament plenary vote on EU Terrorist Content regulation

    As the recent atrocities in Christchurch underscored, terrorism remains a serious threat to citizens and society, and it is essential that we implement effective strategies to combat it. But the Terrorist Content regulation passed today in the European Parliament is not that. This legislation does little but chip away at the rights of European citizens and further entrench the same companies the legislation was aimed at regulating. By demanding that companies of all sizes take down ‘terrorist content’ within one hour the EU has set a compliance bar that only the most powerful can meet.

    Our calls for targeted, proportionate and evidence-driven policy responses to combat the evolving threat, were not accepted by the majority, but we will continue to push for a more effective regulation in the next phase of this legislative process. The issue is simply too important to get wrong, and the present shortfalls in the proposal are too serious to let stand.

  • Mark J. Wielaard: Valgrind 3.15.0 with improved DHAT heap profiler

    Julian Seward released valgrind 3.15.0 which updates support for existing platforms and adds a major overhaul of the DHAT heap profiler. There are, as ever, many refinements and bug fixes. The release notes give more details.

    Nicholas Nethercote used the old experimental DHAT tool a lot while profiling the Rust compiler and then decided to write and contribute A better DHAT (which contains a screenshot of the the new graphical viewer).

  • A better DHAT

    DHAT is a heap profiler that comes with Valgrind. (The name is short for “Dynamic Heap Analysis Tool”.) It tells your where all your heap allocations come from, and can help you find the following: places that cause excessive numbers of allocations; leaks; unused and under-used allocations; short-lived allocations; and allocations with inefficient data layouts. This old blog post goes into some detail.

    In the new Valgrind 3.15 release I have given DHAT a thorough overhaul.

    The old DHAT was very useful and I have used it a lot while profiling the Rust compiler. But it had some rather annoying limitations, which the new DHAT overcomes.

    First, the old DHAT dumped its data as text at program termination. The new DHAT collects its data in a file which is read by a graphical viewer that runs in a web browser. This gives several advantages.

Mozilla: Firefox Accounts, Firefox for 'Hype' Things and Hubs

Filed under
Moz/FF
Syndicate content

More in Tux Machines

Linux Candy: ASCIIQuarium – embrace marine life from the terminal

Who loves eye candy? Don’t be shy — you can raise both hands!! Linux Candy is a new series of articles covering interesting eye candy software. We’re only going to feature open-source software in this series. I’m not going to harp on about the tired proverb “All work and no play makes Jack a dull boy”. But there’s a certain element of truth here. If you spend all day coding neural networks, mastering a new programming language, sit in meetings feeling bored witless, you’ll need some relief at the end of the day. And what better way by making your desktop environment a bit more memorable. Read more

Bookworm is a light-weight eBook reader for Linux

While Calibre has a built-in reader, and is the absolute best when it comes to managing and converting eBooks, some people may prefer an alternative when it comes to reading ebooks. Bookworm, a lightweight ebook reader for Linux, offers a minimalist experience. Developed for Elementary OS, Bookworm is also available for other Linux distributions such as Ubuntu or OpenSUSE. Options to install from source or flatpack are provided as well. Read more

Review: Drauger OS 7.4.1, and EndeavourOS 2019.07.15

This week I once again turned to the DistroWatch waiting list to sample new items I had not tried before. Near the top of the list of projects waiting for evaluation was Drauger OS, a Linux distribution based on Xubuntu. The project uses the Xfce desktop environment and is built to run on 64-bit (x86_64) computers. The project places a strong focus on offering easy access to games and, correspondingly, good desktop performance. To this end, Drauger ships with Steam installed by default, along with WINE and PlayOnLinux. Drauger OS also comes with the modified, low-latency, Liquorix Linux kernel, which is based off the ZEN kernel. According to the project's documentation, the distribution can run on UEFI-enabled machines, but booting in legacy BIOS mode is recommended. The documentation also mentions that in place of the regular Xubuntu installer, Drauger uses the System Install utility to copy the operating system from the live media to the local hard drive. While most of the project's listed features are technical in nature, one of the main talking points goes a bit over the top when describing Drauger's security advantage: "Drauger OS is far more secure than the leading desktop operating system. This means that you can game without fear of trolls hacking into your computer, getting a virus, or losing your data." Of course Linux systems can be hacked and certainly may lose data due to various bugs, security breaches or hardware failure. The developers' claims strike me as being optimistic, at best. Drauger is available in one edition and the distribution's ISO file is a 3.2GB download. Booting from the disc brings up a menu asking if we would like to run a live desktop session or launch a system installer. The live option shows the Ubuntu boot screen, which identifies the distribution as "Ubuntu 7.4.1". The system then presents us with a graphical login screen where we are given the choice of using a "user" account or a "guest" account. In either case we can sign in without a password. Drauger's live mode uses the Xfce 4.12 desktop. Once the desktop loads, a welcome screen appears, showing buttons that open links to the distribution's website, launch a tool for installing third-party drivers, open a readme file, and link to some on-line resources. There is also a tutorial button which opens a series of pop-up messages about the desktop elements. We can only move forward through the tutorial tips one at a time, and cannot go back to previous pop-ups. The Additional Drivers button opens the Ubuntu software sources, updates and driver utility. On-line resources and documentation are opened in the Firefox web browser. The welcome window is pretty straight forward to use and navigate and I like that we are put in touch with both on-line and off-line resources. Read more

GNU Guile 2.9.4 (beta) released

We are delighted to announce GNU Guile 2.9.4, the fourth beta release in preparation for the upcoming 3.0 stable series. See the release announcement for full details and a download link. This release enables inlining of references to top-level definitions within a compilation unit, speeding up some programs by impressive amounts. It also improves compilation of floating-point routines like sin, implements the Ghuloum/Dybvig "Fixing Letrec (reloaded)" algorithm, and allows mixed definitions and expressions within lexical contours, as is the case at the top level. Try it out, it's good times! GNU Guile 2.9.4 is a beta release, and as such offers no API or ABI stability guarantees. Users needing a stable Guile are advised to stay on the stable 2.2 series. Experience reports with GNU Guile 2.9.4, good or bad, are very welcome; send them to guile-devel@gnu.org. If you know you found a bug, please do send a note to bug-guile@gnu.org. Happy hacking! Read more