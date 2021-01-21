Language Selection

Wednesday 10th of February 2021
Moz/FF
  • Mozilla Performance Blog: Performance Sheriff Newsletter (January 2021)

    In January there were 106 alerts generated, resulting in 15 regression bugs being filed on average 4.3 days after the regressing change landed.

    Welcome to the January 2021 edition of the performance sheriffing newsletter. Here you’ll find the usual summary of our sheriffing efficiency metrics, followed by some analysis of the bug products and components that were identified as the cause of regressions in 2020. If you’re interested (and if you have access) you can view the full dashboard.

  • Mozilla Attack & Defense: Guest Blog Post: Good First Steps to Find Security Bugs in Fenix (Part 2)

    Fenix’s architecture is unique. Many of the browser features are not implemented in Fenix itself – they come from independent and reusable libraries such as GeckoView and Mozilla Android Components (known as Mozac). Fenix as a browser application combines these libraries as building parts for the internals, and the fenix project itself is primarily a User Interface. Mozac is noteworthy because it connects web contents rendered in GeckoView into the native Android world.

    There are common pitfalls that lead to security bugs in the connection between web content and native apps. In this post, we’ll take a look at one of the pitfalls: private browsing mode bypasses. While looking for this class of bug, I discovered three separate but similar issues (Bugs 1657251, 1658231, and 1663261.)

  • Extensions in Firefox 86

    Firefox 86 will be released on February 23, 2021. We’d like to call out two highlights and several bug fixes for the WebExtensions API that will ship with this release.

  • Browser fuzzing at Mozilla

    Mozilla has been fuzzing Firefox and its underlying components for a while. It has proven to be one of the most efficient ways to identify quality and security issues. In general, we apply fuzzing on different levels: there is fuzzing the browser as a whole, but a significant amount of time is also spent on fuzzing isolated code (e.g. with libFuzzer) or whole components such as the JS engine using separate shells. In this blog post, we will talk specifically about browser fuzzing only, and go into detail on the pipeline we’ve developed. This single pipeline is the result of years of work that the fuzzing team has put into aggregating our browser fuzzing efforts to provide consistently actionable issues to developers and to ease integration of internal and external fuzzing tools as they become available.

  • Data@Mozilla: This Week in Glean: Backfilling rejected GPUActive Telemetry data

    Data ingestion is a process that involves decompressing, validating, and transforming millions of documents every hour. The schemas of data coming into our systems are ever-evolving, sometimes causing partial outages of data availability when the conditions are ripe. Once the outage has been resolved, we run a backfill to fill in the gaps for all the missing data. In this post, I’ll discuss the error discovery and recovery processes through a recent bug.

Manage your budget on Linux with this open source finance tool

In 2021, there are more reasons why people love Linux than ever before. In this series, I'll share 21 different reasons to use Linux. This article is about personal financial management. Personal finances can be difficult to manage. It can be frustrating and even scary when you don't have enough money to get by without financial assistance, and it can be surprisingly overwhelming when you do have the money you need but no clear notion of where it all goes each month. To make matters worse, we're often told to "make a budget" as if declaring the amount of money you can spend each month will somehow manifest the money you need. The bottom line is that making a budget is hard, and not meeting your financial goals is discouraging. But it's still important, and Linux has several tools that can help make the task manageable. Read more

Draw Mandelbrot fractals with GIMP scripting

The GNU Image Manipulation Program (GIMP) is my go-to solution for image editing. Its toolset is very powerful and convenient, except for doing fractals, which is one thing you cannot draw by hand easily. These are fascinating mathematical constructs that have the characteristic of being self-similar. In other words, if they are magnified in some areas, they will look remarkably similar to the unmagnified picture. Besides being interesting, they also make very pretty pictures! GIMP can be automated with Script-Fu to do batch processing of images or create complicated procedures that are not practical to do by hand; drawing fractals falls in the latter category. This tutorial will show how to draw a representation of the Mandelbrot fractal using GIMP and Script-Fu. Read more

Google Betrayals

  • Terraria canceled on Stadia after developer gets locked out of his Google accounts

    The co-creator of Terraria has called off development of the game for Google Stadia following a three-week stretch where he has been inexplicably locked out of all of his Google accounts.

    Andrew Spinks gave the ultimatum early Monday, after getting no response from Google since YouTube locked him out of his account in mid-January. The lockout has also cost Spinks access to apps he’s purchased on Google Stadia, wiped data he stored in Google drive, and terminated a Gmail account he’s used for more than 15 years.

  • ‘Terraria’ Creator Cancels Stadia Version After Google Account Lockout

    Spinks concludes that his problems stem from Google trying to “burn a bridge,” and if that’s the way it’s going to be, he says, he’s cancelling the Stadia release of Terraria, as he “will not be involved with a corporation that values their customers and partners so little. Doing business with you is a liability.”

  • Terraria co-creator says Stadia version is canceled after losing access to Google accounts

    The cancellation of a Stadia port for Terraria comes at a challenging time for Google Stadia: last week, the company announced it was closing its in-house development studio and said it would rely instead solely on third-party developers. The cloud gaming service is also losing one of its biggest exclusives, Crayta, as its timed exclusivity deal is slated to end soon.

  • Terraria on Stadia Canceled After Developer Is Locked Out Of Google Accounts

    The developers of Terraria, Re-Logic, have shared more details about what their severed ties with Google mean. Including how the boycott will include future versions of Terraria and future games from the studio. But existing versions of Terraria on Android and Google Play will not be impacted by the co-creator's decisions today.

    In a statement to IGN, Re-Logic says “Punishing existing customers who paid for our game on these platforms is not what we are about. To be clear: there should be no impact whatsoever to Terraria on Google platforms, both existing/purchased games as well as ongoing store availability.”

    The studio also provided a more in-depth timeline on how its issues with Google came about.

  • Terraria Creator Cancels Stadia Port, Calls Doing Business With Google A "Liability"

    "After using every resource I have to get this resolved, you have done nothing but given me the runaround." He cites his frustration as being linked to thousands of dollars in-app purchases, movie purchases, and Google Drive data now being beyond his reach. Additionally, "I can't access my YouTube channel. The worst of all is losing access to my Gmail address of over 15 years."

  • Google Chrome is killing off support for some ancient PCs

    If you’re one of the few whose PC contains an Intel Pentium 4 or an AMD Athlon 64, bad news: You’re about to lose access to Google’s Chrome browser.

today's howtos

  • Normal situations should not be warnings (especially not repeated ones)

    Every so often (or really, too often), people with good intentions build a program that looks at some things or does some things, and they decide to have that program emit warnings or set status results if things are not quite perfect and as expected. This is a mistake, and it makes system administrators who have to deal with the program unhappy. An ordinary system configuration should not cause a program to raise warnings or error markers, even if it doesn't allow all of the things that a program is capable of doing (or that the program wants to do by default). In addition, every warning should be rate-limited in any situation that can plausibly emit them regularly.

  • Using a custom boot logo on Lenovo ThinkPad T460s

    Lenovo makes it possible to change the boot logo of my refurbished ThinkPad T460s. So let’s turn the big red rectangle into something BSD.

  • an atonement of nano

    for years nano has been nothing but a mockery for those who use emacs or vim. a friendly and pragmatic editor? what a laughable prospect.

    well this is where it ends. nano is a friendly and pragmatic editor, but it's no notepad. nano has depth. let's take a look.

  • Gemini, a modern protocol that looks retro: Back to the 1990s with a protocol and format to distribute real content, without tracking and visual effects

    Many people are unhappy with the current state of the Web: pervasive user tracking, a lot of distractions from the actual content, so complicated that it is very hard to develop from scratch a new browser. Why not going back to the future, with a protocol and format focused on lightweight distribution of content? This is Gemini, both a new ultra-simple protocol and a simple format. Not to develop an alternative to YouTube but useful to access content with a minimal client. Gemini is not "retro" but it "looks retro".

  • A visual guide to SSH tunnels

    This page explains use cases and examples of SSH tunnels while visually presenting the traffic flows. For example, here's a reverse tunnel that allows only users from IP address 1.2.3.4 access to port 80 on the SSH client through an SSH server.

    SSH tunnels are encrypted TCP connections between SSH clients and servers that allows traffic entering one side of the tunnel to transparently exit through the other. While the term originally referred to tunnels using TUN/TAP virtual network interfaces, it's commonly used to refer to SSH port forwarding nowadays. Use cases include: [...]

  • OpenPGP in Your Pocket

    Access to the smart card reader on the Librem 5 is something we at Purism have been looking forward to for a long time. That day is finally here; those who have their Librem 5 can follow this guide to set up access to the smart card. Orders shipping soon will come with the card reader already setup.

  • How to Install VMware Workstation 16 Pro on Linux Systems

    VMware Workstation 16 Pro is an industry-standard software for running multiple different virtual machines (operating systems) on a single Linux or Windows PC.

  • Open and Save Documents | Inkscape

    This tutorial is the 2nd of the Inkscape for Students series. Below you will learn about graphics formats, the graphic format SVG, and how to open & save graphics, including how to insert ones in a document. Let's learn!

