Language Selection

English French German Italian Portuguese Spanish

Moz/FF

WWW: Chrome 89 and DevOps at Mozilla

Filed under
Google
Moz/FF

  • New in Chrome 89

    Chrome 89 is starting to roll out to stable now.

  • Chrome 89 Released With Various New Web APIs Deemed Stable

    Chrome 89 is out today as the latest stable version of Google's web browser. With Chrome 89 various new APis are deemed stable including WebHID, WebNFC, and Web Serial.

    Chrome 89 promoted its WebHID, WebNFC, and Web Serial support with those APIs for HID devices, near field communication, and serial devices being deemed ready for production use. Chrome 89 is also significant for AV1 encoding support for WebRTC in early form.

  •  

  • DevOps at Mozilla

    I first joined Mozilla as an intern in 2010 for the “Tools and Automation Team” (colloquially called the “A-Team”). I always had a bit of difficulty describing our role. We work on tests. But not the tests themselves, the the thing that runs the tests. Also we make sure the tests run when code lands. Also we have this dashboard to view results, oh and also we do a bunch of miscellaneous developer productivity kind of things. Oh and sometimes we have to do other operational type things as well, but it varies.

Mozilla Leftovers

Filed under
Moz/FF
  • A Better Terminal for Mozilla Build [Ed: Mozilla is moving in a bad direction that serves Windows, not standards or the open Web or software freedom]

    If you’re working with mozilla-central on Windows and followed the official documentation, there’s a good chance the MozillaBuild shell is running in the default cmd.exe console. If you’ve spent any amount of time in this console you’ve also likely noticed it leaves a bit to be desired. Standard terminal features such as tabs, splits and themes are missing. More importantly, it doesn’t render unicode characters (at least out of the box).

  • Mozilla Open Policy & Advocacy Blog: India’s new intermediary liability and digital media regulations will harm the open internet

    Last week, in a sudden move that will have disastrous consequences for the open internet, the Indian government notified a new regime for intermediary liability and digital media regulation. Intermediary liability (or “safe harbor”) protections have been fundamental to growth and innovation on the internet as an open and secure medium of communication and commerce. By expanding the “due diligence” obligations that intermediaries will have to follow to avail safe harbor, these rules will harm end to end encryption, substantially increase surveillance, promote automated filtering and prompt a fragmentation of the internet that would harm users while failing to empower Indians. While many of the most onerous provisions only apply to “significant social media intermediaries” (a new classification scheme), the ripple effects of these provisions will have a devastating impact on freedom of expression, privacy and security.

  • Karl Dubost: Capping User Agent String - followup meeting [Ed: Hopefully enough people understand the degree to which use agents in a Web browser are leveraged for fingerprinting/tracking/surveillance/abuse]

    A couple of weeks ago, I mentionned the steps which have been taken about capping the User Agent String on macOS 11 for Web compatibility issues. Since then, Mozilla and Google organized a meeting to discuss the status and the issues related to this effort. We invited Apple but probably too late to find someone who could participate to the meeting (my bad). The minutes of the meeting are publicly accessible.

Google for Slow Connections and Mozilla on Accessibility

Filed under
Google
Moz/FF
Web
  • Lyra: A New Very Low-Bitrate Codec for Speech Compression

    Connecting to others online via voice and video calls is something that is increasingly a part of everyday life. The real-time communication frameworks, like WebRTC, that make this possible depend on efficient compression techniques, codecs, to encode (or decode) signals for transmission or storage. A vital part of media applications for decades, codecs allow bandwidth-hungry applications to efficiently transmit data, and have led to an expectation of high-quality communication anywhere at any time.

    [...]

    To solve this problem, we have created Lyra, a high-quality, very low-bitrate speech codec that makes voice communication available even on the slowest networks. To do this, we’ve applied traditional codec techniques while leveraging advances in machine learning (ML) with models trained on thousands of hours of data to create a novel method for compressing and transmitting voice signals.

  • Google's New Lyra Voice Codec + AV1 Aim For Video Chats Over 56kbps Modems In 2021

    Google's AI team has announced "Lyra" as a very low bit-rate codec for speech compression designed for use-cases like WebRTC and other video chats... With a bit rate so low that when combined with the likes of the AV1 video codec could potentially allow video chats over 56kbps Internet connections.

    Google engineers formally announced Lyra on Thursday as this new codec to challenge the likes of Opus. Lyra leverages machine learning to make it suitable for delivering extremely low bit-rate speech compression.

    Google's Lyra announcement noted, "Lyra is currently designed to operate at 3kbps and listening tests show that Lyra outperforms any other codec at that bitrate and is compared favorably to Opus at 8kbps, thus achieving more than a 60% reduction in bandwidth. Lyra can be used wherever the bandwidth conditions are insufficient for higher-bitrates and existing low-bitrate codecs do not provide adequate quality."

  • Mozilla Accessibility: 2021 Firefox Accessibility Roadmap Update [Ed: Mozilla is not consistent. It speaks of people with disabilities, but was eager to go on with DRM (EME) inside Firefox despite is being an attack on disabled people]

    People with disabilities can experience huge benefits from technology but can also find it frustrating or worse, downright unusable. Mozilla’s Firefox accessibility team is committed to delivering products and services that are not just usable for people with disabilities, but a delight to use.

    The Firefox accessibility (a11y) team will be spending much of 2021 re-building major pieces of our accessibility engine, the part of Firefox that powers screen readers and other assistive technologies.

    While the current Firefox a11y engine has served us well for many years, new directions in browser architectures and operating systems coupled with the increasing complexity of the modern web means that some of Firefox’s venerable a11y engine needs a rebuild.

    Browsers, including Firefox, once simple single process applications, have become complex multi-process systems that have to move lots of data between processes, which can cause performance slowdowns. In order to ensure the best performance and stability and to enable support for a growing, wider variety of accessibility tools in the future (such as Windows Narrator, Speech Recognition and Text Cursor Indicator), Firefox’s accessibility engine needs to be more robust and versatile. And where ATs used to spend significant resources ensuring a great experience across browsers, the dominance of one particular browser means less resources being committed to ensuring the ATs work well with Firefox. This changing landscape means that Firefox too must evolve significantly and that’s what we’re going to be doing in 2021.

Mozilla: Rust, Firefox Logo, Nightly, Surveillance and VR/Hubs

Filed under
Moz/FF
  • The Rust Programming Language Blog: Const generics MVP hits beta!

    After more than 3 years since the original RFC for const generics was accepted, the first version of const generics is now available in the Rust beta channel! It will be available in the 1.51 release, which is expected to be released on March 25th, 2021. Const generics is one of the most highly anticipated features coming to Rust, and we're excited for people to start taking advantage of the increased power of the language following this addition.

    Even if you don't know what const generics are (in which case, read on!), you've likely been benefitting from them: const generics are already employed in the Rust standard library to improve the ergonomics of arrays and diagnostics; more on that below.

    With const generics hitting beta, let's take a quick look over what's actually being stabilized, what this means practically, and what's next.

  • Remain Calm: the fox is still in the Firefox logo

    If you’ve been on the internet this week, chances are you might have seen a meme or two about the Firefox logo.

    And listen, that’s great news for us. Sure, it’s stressful to have hundreds of thousands of people shouting things like “justice for the fox” in all-caps in your mentions for three days straight, but ultimately that means people are thinking about the brand in a way they might not have for years.

    People were up in arms because they thought we had scrubbed fox imagery from our browser. Rest easy knowing nothing could be further from the truth.

    The logo causing all the stir is one we created a while ago with input from our users. Back in 2019, we updated the Firefox browser logo and added the parent brand logo as a new logo for our broader product portfolio that extends beyond the browser.

  • django-querysetsequence 0.14 released!

    django-querysetsequence 0.14 has been released with support for Django 3.2 (and Python 3.9). django-querysetsequence is a Django package for treating multiple QuerySet instances as a single QuerySet, this can be useful for treating similar models as a single model. The QuerySetSequence class supports much of the API available to QuerySet instances.

  • Firefox Nightly: These Weeks in Firefox: Issue 88
  • Will Kahn-Greene: Data Org Working Groups: retrospective (2020)

    Data Org architects, builds, and maintains a data ingestion system and the ecosystem of pieces around it. It covers a swath of engineering and data science disciplines and problem domains. Many of us are generalists and have expertise and interests in multiple areas. Many projects cut across disciplines, problem domains, and organizational structures. Some projects, disciplines, and problem domains benefit from participation of other stakeholders who aren't in Data Org.

  • Mozilla VR Blog: Behind-the-Scenes at Hubs Hack Week

    Earlier this month, the Hubs team spent a week working on an internal hackathon. We figured that the start of a new year is a great time to get our roadmap in order, do some investigations about possible new features to explore this year, and bring in some fresh perspectives on what we could accomplish. Plus, we figured that it wouldn’t hurt to have a little fun doing it! Our first hack week was a huge success, and today we’re sharing what we worked on this month so you can get a “behind the scenes” peek at what it’s like to work on Hubs.

Mozilla Leftovers

Filed under
Moz/FF
  • Firefox 86 brings multiple Picture-in-Picture, “Total Cookie Protection”

    In December 2019, Firefox introduced Picture-in-Picture mode—an additional overlay control on in-browser embedded videos that allows the user to detach the video from the browser. Once detached, the video has no window dressing whatsoever—no title bar, min/max/close, etc.

    PiP mode allows users who tile their windows—automatically or manually—to watch said video while consuming a bare minimum of screen real estate.

    Firefox 86 introduces the concept of multiple simultaneous Picture-in-Picture instances. Prior to build 86, hitting the PiP control on a second video would simply reattach the first video to its parent tab and detach the second. Now, you can have as many floating, detached video windows as you'd like—potentially turning any monitor into something reminiscent of a security DVR display.

    The key thing to realize about multi-PiP is that the parent tabs must remain open—if you navigate away from the parent tab of an existing PiP window, the PiP window itself closes as well. Once I realized this, I had no difficulty surrounding my Firefox 86 window with five detached, simultaneously playing video windows.

  • This Week in Glean: Boring Monitoring [Ed: Mozilla insists that it is not surveillance when they call it "data science" and "big data"]

    Every Monday the Glean has its weekly Glean SDK meeting. This meeting is used for 2 main parts: First discussing the features and bugs the team is currently investigating or that were requested by outside stakeholders. And second bug triage & monitoring of data that Glean reports in the wild.

    [...]
    It probably can! But it requires more work than throwing together a dashboard with graphs. It’s also not as easy to define thresholds on these changes and when to report them. There’s work underway that hopefully enables us to more quickly build up these dashboards for any product using the Glean SDK, which we can then also extend to do more reporting automated. The final goal should be that the product teams themselves are responsible for monitoring their data.

  • William Lachance: Community @ Mozilla: People First, Open Source Second [Ed: Is this why Mozilla pays its CEO over 3 million dollars per year (quadruple the older sum) while sacking even its own people and spying on Firefox users (people)?]

    It seems ridiculously naive in retrospect, but I can remember thinking at the time that the right amount of “open source” would solve all the problems. What can I say? It was the era of the Arab Spring, WikiLeaks had not yet become a scandal, Google still felt like something of a benevolent upstart, even Facebook’s mission of “making the world more connected” sounded great to me at the time. If we could just push more things out in the open, then the right solutions would become apparent and fixing the structural problems society was facing would become easy!

    What a difference a decade makes. The events of the last few years have demonstrated (conclusively, in my view) that open systems aren’t necessarily a protector against abuse by governments, technology monopolies and ill-intentioned groups of individuals alike. Amazon, Google and Facebook are (still) some of the top contributors to key pieces of open source infrastructure but it’s now beyond any doubt that they’re also responsible for amplifying a very large share of the problems global society is experiencing.

Mozilla: Code Review, Translations, and Tor Browser 10.0.12

Filed under
Moz/FF
  • The Benefits Of Code Review For The Reviewer

    Code Review is an essential part of the process of publishing code. We often talk about the benefits of code review for projects and for people writing the code. I want to talk about the benefits for the person actually reviewing the code.

    [...]

    There is a feel good opportunity when doing good code reviews. Specifically, when the review helped to improve both the code and the developer. Nothing better than the last comment of a developer being happy of having the code merged and the feeling of improving skills.

  • Introducing Fabiola Lopez

    Please join us in welcoming Fabiola Lopez (Fabi) to the team. Fabi will be helping us with support content in English and Spanish, so you’ll see her in both locales.

  • New Release: Tor Browser 10.0.12

    Tor Browser 10.0.12 is now available from the Tor Browser download page and also from our distribution directory.

    This version updates Desktop Firefox to 78.8.0esr and Android Firefox to 86.1.0. In addition, Tor Browser 10.0.12 updates NoScript to 11.2.2, Openssl to 1.1.1j, and Tor to 0.4.5.6. This version includes important security updates to Firefox for Desktop, and similar important security updates to Firefox for Android.

Firefox 86 Brings Total Cookie Protection and Multi-PIP Feature

Filed under
Moz/FF

Mozilla announced the latest release of Firefox 86 and it brings important features that make you more secure on the web.
Read more

Firefox 87 Enters Beta with the Backspace Key Disabled as a “Back” Button

Filed under
Moz/FF

While it doesn’t appear to include any major or important changes, Firefox 87 will apparently be the first update to the popular web browser used by default on numerous GNU/Linux distributions to disable the Backspace key from working as a “Back” button when you want to navigate back to the previous page.

This change was supposed to land in the Firefox 86 release that arrived earlier today, but, for some reason unknown to me, it didn’t happen, and it looks like Mozilla delayed it for Firefox 87. Mozilla recommends that you use the Alt + Left arrow keyboard shortcut instead.

Read more

Firefox 86 Released with Multiple Picture-in-Picture Support by Default

Filed under
Moz/FF

The biggest change in Firefox 86 was supposed to be the enablement of AV1 Image File Format (AVIF) support by default. AVIF is a powerful, royalty-free and open-source image file format designed to encode AV1 bitstreams in the HEIF (High Efficiency Image File Format) container.

While AVIF support was offered in during the beta testing, Firefox 86 doesn’t come with AVIF support enabled by default. However, you can enable it yourselves by setting the image.avif.enable option in about:config to true.

Read more

Firefox Proton upcoming update - Half-integer spin

Filed under
Moz/FF

Every few years, there's a new visual revamp in Firefox. First, we had the classic look, then Australis, then Quantum, which sort of gave us the old look but in a new guise, and now, Mozilla is aiming for yet another makeover called Proton. The UI refresh seems to be all the rage, except, I don't see why there's a need for one, but hey. Modern problems require modern solutions, or something.

I wanted to get an early glimpse of the change, mostly to see what I ought to expect. As you very well recall from me articles and rants, I found Australis abominable, Quantum okay, and now, I'm not sure why Firefox should be modified yet again. If by any measure we look at competition, say Chrome, what made it popular definitely isn't any series of UI changes, because largely, it hasn't changed much since inception. Not that Firefox should ape Chrome, far from it. But the sense of activity associated with visual polish doesn't necessarily translate into anything meaningful. Whether it does, well, we need to see. Early hands on, let's see.

[...]

I don't see any major value in this revamp. On its own, the name Proton, while full of punchy sounds, is also tricky. Because it's associated with tons of other products - including but not limited to mail service, car manufacturer, gaming engine, and so on. Then, the tab redesign and the icon stripping from menus don't add any great value. I really don't understand - for the time being, that is - how this is going to contribute in any great way to the success of Firefox.

'Tis a painful realization for me, because I want Firefox to remain around, alive and relevant and fun, because at the moment, it's the only thing that makes the Internet still usable, especially on the mobile. A last bastion of semi-sanity in the great ocean of idiocracy. But then, that does not mean I blindly embrace whatever Mozilla has in its repertoire of daily surprises.

And at this point, I'm not sure how Mozilla can recapture some of the lost market share. Yes, the nerds are now all waking up, shouting privacy, but a) nerds are a tiny tiny minority Cool these are the same nerds that help convert everyone to Chrome because JAVASCRIPT SPEED in the last few years. My view is, this should be Mozilla's one and only argument - privacy. Everything else is a game of attrition that it cannot win. Simple, innocent privacy and a calm, quiet browser that does not upend established usage patterns, the opposite of what Mozilla is occasionally doing.

Idiots don't care either way, and nerds deeply care about any change in their ecosystem. Revamping the UI is a lose-lose situation really, and a waste of resources. Privacy is going to be the next battlefield, and here Mozilla has a huge lead over its competitors. Hopefully, this is where the browser's future and focus will be. And trust me, you don't want to contemplate the Internet future without Firefox. Nerds, you've been warned.

Read more

Syndicate content

More in Tux Machines

Canonical Chooses Google’s Flutter UI SDK to Build Future Ubuntu Apps

For those not in the known, Flutter is an open-source UI SDK (software development kit) created by Google to helps those who want to build quick and modern applications for a wide-range of operating systems, including Android, Linux, Mac, iOS, Windows, Google Fuchsia, that work across desktop, mobile, and the Web. A year ago, Canonical teamed up with Google to make the Flutter SDK available on Linux as Snap, the universal software deployment and package management system for Ubuntu `and other GNU/Linux distributions, allowing those interested in building beautiful apps on the Linux desktop. Read more

Python: Security and NumPy 1.20 Release

  • Python Package Index nukes 3,653 malicious libraries uploaded soon after security shortcoming highlighted

    The Python Package Index, also known as PyPI, has removed 3,653 malicious packages uploaded days after a security weakness in the use of private and public registries was highlighted. Python developers use PyPI to add software libraries written by other developers in their own projects. Other programming languages implement similar package management systems, all of which demand some level of trust. Developers are often advised to review any code they import from an external library though that advice isn't always followed. Package management systems like npm, PyPI, and RubyGems have all had to remove subverted packages in recent years. Malware authors have found that if they can get their code included in popular libraries or applications, they get free distribution and trust they haven't earned. Last month, security researcher Alex Birsan demonstrated how easy it is to take advantage of these systems through a form of typosquatting that exploited the interplay between public and private package registries.

  • A pair of Python vulnerabilities [LWN.net]

    Two separate vulnerabilities led to the fast-tracked release of Python 3.9.2 and 3.8.8 on February 19, though source-only releases of 3.7.10 and 3.6.13 came a few days earlier. The vulnerabilities may be problematic for some Python users and workloads; one could potentially lead to remote code execution. The other is, arguably, not exactly a flaw in the Python standard library—it simply also follows an older standard—but it can lead to web cache poisoning attacks. [...] [Update: As pointed out in an email from Moritz Muehlenhoff, Python 2.7 actually is affected by this bug. He notes that python2 on Debian 10 ("Buster") is affected and has been updated. Also, Fedora has a fix in progress for its python2.7 package.]

  • NumPy 1.20 has been released

    NumPy is a Python library that adds an array data type to the language, along with providing operators appropriate to working on arrays and matrices. By wrapping fast Fortran and C numerical routines, NumPy allows Python programmers to write performant code in what is normally a relatively slow language. NumPy 1.20.0 was announced on January 30, in what its developers describe as the largest release in the history of the project. That makes for a good opportunity to show a little bit about what NumPy is, how to use it, and to describe what's new in the release. [...] NumPy adds a new data type to Python: the multidimensional ndarray. This a container, like a Python list, but with some crucial differences. A NumPy array is usually homogeneous; while the elements of a list can be of various types, an ndarray will, typically, only contain a single, simple type, such as integers, strings, or floats. However, these arrays can instead contain arbitrary Python objects (i.e. descendants of object). This means that the elements will, for simple data types, all occupy the same amount of space in memory. The elements of an ndarray are laid out contiguously in memory, whereas there is no such guarantee for a list. In this way, they are similar to Fortran arrays. These properties of NumPy arrays are essential for efficiency because the location of each element can be directly calculated. Beyond just adding efficient arrays, NumPy also overloads arithmetic operators to act element-wise on the arrays. This allows the Python programmer to express computations concisely, operating on arrays as units, in many cases avoiding the need to use loops. This does not turn Python into a full-blown array language such as APL, but adds to it a syntax similar to that incorporated into Fortran 90 for array operations.

4 Best Free and Open Source Graphical MPD Clients

MPD is a powerful server-side application for playing music. In a home environment, you can connect an MPD server to a Hi-Fi system, and control the server using a notebook or smartphone. You can, of course, play audio files on remote clients. MPD can be started system-wide or on a per-user basis. MPD runs in the background playing music from its playlist. Client programs communicate with MPD to manipulate playback, the playlist, and the database. The client–server model provides advantages over all-inclusive music players. Clients can communicate with the server remotely over an intranet or over the Internet. The server can be a headless computer located anywhere on a network. There’s graphical clients, console clients and web-based clients. To provide an insight into the quality of software that is available, we have compiled a list of 4 best graphical MPD clients. Hopefully, there will be something of interest here for anyone who wants to listen to their music collection via MPD. Here’s our recommendations. They are all free and open source goodness. Read more

LWN on Kernel: 5.12 Merge, Lockless Algorithms, and opy_file_range()

  • 5.12 Merge window, part 1 [LWN.net]

    The beginning of the 5.12 merge window was delayed as the result of severe weather in the US Pacific Northwest. Once Linus Torvalds got going, though, he wasted little time; as of this writing, just over 8,600 non-merge changesets have been pulled into the mainline repository for the 5.12 release — over a period of about two days. As one might imagine, that work contains a long list of significant changes.

  • An introduction to lockless algorithms [LWN.net]

    Low-level knowledge of the memory model is universally recognized as advanced material that can scare even the most seasoned kernel hackers; our editor wrote (in the July article) that "it takes a special kind of mind to really understand the memory model". It's been said that the Linux kernel memory model (and in particular Documentation/memory-barriers.txt) can be used to frighten small children, and the same is probably true of just the words "acquire" and "release". At the same time, mechanisms like RCU and seqlocks are in such widespread use in the kernel that almost every developer will sooner or later encounter fundamentally lockless programming interfaces. For this reason, it is a good idea to equip yourself with at least a basic understanding of lockless primitives. Throughout this series I will describe what acquire and release semantics are really about, and present five relatively simple patterns that alone can cover most uses of the primitives.

  • How useful should copy_file_range() be? [LWN.net]

    Its job is to copy len bytes of data from the file represented by fd_in to fd_out, observing the requested offsets at both ends. The flags argument must be zero. This call first appeared in the 4.5 release. Over time it turned out to have a number of unpleasant bugs, leading to a long series of fixes and some significant grumbling along the way. In 2019 Amir Goldstein fixed more issues and, in the process, removed a significant limitation: until then, copy_file_range() refused to copy between files that were not located on the same filesystem. After this patch was merged (for 5.3), it could copy between any two files, falling back on splice() for the cross-filesystem case. It appeared that copy_file_range() was finally settling into a solid and useful system call. Indeed, it seemed useful enough that the Go developers decided to use it for the io.Copy() function in their standard library. Then they ran into a problem: copy_file_range() will, when given a kernel-generated file as input, copy zero bytes of data and claim success. These files, which include files in /proc, tracefs, and a large range of other virtual filesystems, generally indicate a length of zero when queried with a system call like stat(). copy_file_range(), seeing that zero length, concludes that there is no data to copy and the job is already done; it then returns success. But there is actually data to be read from this kind of file, it just doesn't show in the advertised length of the file; the real length often cannot be known before the file is actually read. Before 5.3, the prohibition on cross-filesystem copies would have caused most such attempts to return an error code; afterward, they fail but appear to work. The kernel is happy, but some users can be surprisingly stubborn about actually wanting to copy the data they asked to be copied; they were rather less happy.