Language Selection

English French German Italian Portuguese Spanish

Moz/FF

Mozilla: Virtual Reality (VR) Work and the Coral Project is Moving to Vox Media

Filed under
Moz/FF
  • How to make VR with the web, a new video series

    Virtual reality (VR) seems complicated, but with a few JavaScript libraries and tools, and the power of WebGL, you can make very nice VR scenes that can be viewed and shared in a headset like an Oculus Go or HTC Vive, in a desktop web browser, or on your smartphone. Let me show you how:

    In this new YouTube series, How to make a virtual reality project in your browser with ThreeJS and WebVR, I’ll take you through building an interactive birthday card in seven short tutorials, complete with code and examples to get you started. The whole series clocks in under 60 minutes. We begin by getting a basic cube on the screen, add some nice 3D models, set up lights and navigation, then finally add music.

    All you need are basic JavaScript skills and an internet connection.

  • The Coral Project is Moving to Vox Media

    Since 2015, the Mozilla Foundation has incubated The Coral Project to support journalism and improve online dialog around the world through privacy-centered, open source software. Originally founded as a two-year collaboration between Mozilla, The New York Times and the Washington Post, it became entirely a Mozilla project in 2017.

    Over the past 3.5 years, The Coral Project has developed two software tools, a series of guides and best practices, and grown a community of journalism technologists around the world advancing privacy and better online conversation.

    Coral’s first tool, Ask, has been used by journalists in several countries, including the Spotlight team at the Boston Globe, whose series on racism used Ask on seven different occasions, and was a finalist for the Pulitzer Prize in Local Reporting.

    The Coral Project’s main tool, the Talk platform, now powers the comments for nearly 50 newsrooms in 11 countries, including The Wall Street Journal, the Washington Post, The Intercept, and the Globe and Mail. The Coral Project has also collaborated with academics and technologists, running events and working with researchers to reduce online harassment and raise the quality of conversation on the decentralized web.

Mozilla: Shivam Singhal, Phabricator and Servo

Filed under
Moz/FF
  • Friend of Add-ons: Shivam Singhal

    Please meet our newest Friend of Add-ons, Shivam Singhal! Shivam became involved with the add-ons community in April 2017. Currently, he is an extension developer, Mozilla Rep, and code contributor to addons.mozilla.org (AMO). He also helps mentor good-first-bugs on AMO.

    “My skill set grew while contributing to Mozilla,” Shivam says of his experiences over the last two years. “Being the part of a big community, I have learned how to work remotely with a cross-cultural team and how to mentor newbies. I have met some super awesome people like [AMO engineers] William Durand and Rebecca Mullin. The AMO team is super helpful to newcomers and works actively to help them.”

  • Code Coverage on Phabricator
  • This Week In Servo 124

today's howtos and Mozilla leftovers

Filed under
Moz/FF
HowTos

Mozilla: Rust 1.32.0, Privacy, UX and Firefox Nightly

Filed under
Moz/FF
  • Announcing Rust 1.32.0

    The Rust team is happy to announce a new version of Rust, 1.32.0. Rust is a programming language that is empowering everyone to build reliable and efficient software.

  • Rust 1.32 Released With New Debugger Macro, Jemalloc Disabled By Default

    For fans of Rustlang, it's time to fire up rustup: Rust 1.32 is out today as the latest feature update for this increasingly popular programming language.

    The Rust 1.32 release brings dbg!() as a new debug macro to print the value of a variable as well as its file/line-number and it works with more than just variables but also commands.

  • Julien Vehent: Maybe don't throw away your VPN just yet...

    At Mozilla, we've long adopted single sign on, first using SAML, nowadays using OpenID Connect (OIDC). Most of our applications, both public facing and internal, require SSO to protect access to privileged resources. We never trust the network and always require strong authentication. And yet, we continue to maintain VPNs to protect our most sensitive admin panels.

    "How uncool", I hear you object, "and here we thought you were all about DevOps and shit". And you would be correct, but I'm also pragmatic, and I can't count the number of times we've had authentication bugs that let our red team or security auditors bypass authentication. The truth is, even highly experienced programmers and operators make mistakes and will let a bug disable or fail to protect part of that one super sensitive page you never want to leave open to the internet. And I never blame them because SSO/OAuth/OIDC are massively complex protocols that require huge libraries that fail in weird and unexpected ways. I've never reached the point where I fully trust our SSO, because we find one of those auth bypass every other month. Here's the catch: they never lead to major security incidents because we put all our admin panels behind a good old VPN.

  • Reflections on a co-design workshop

    Co-design workshops help designers learn first-hand the language of the people who use their products, in addition to their pain points, workflows, and motivations. With co-design methods [1] participants are no longer passive recipients of products. Rather, they are involved in the envisioning and re-imagination of them. Participants show us what they need and want through sketching and design exercises. The purpose of a co-design workshop is not to have a pixel-perfect design to implement, rather it’s to learn more about the people who use or will use the product, and to involve them in generating ideas about what to design.

    We ran a co-design workshop at Mozilla to inform our product design, and we’d like to share our experience with you.

    [...]

    Our UX team was tasked with improving the Firefox browser extension experience. When people create browser extensions, they use a form to submit their creations. They submit their code and all the metadata about the extension (name, description, icon, etc.). The metadata provided in the submission form is used to populate the extension’s product page on addons.mozilla.org.

  • Firefox Nightly: These Weeks in Firefox: Issue 51

Mozilla's Work on a New Browsers Called "Fenix"

Filed under
Android
Moz/FF
Web
  • Mozilla Fenix: New Android browser's intriguing details start to surface

    The new non-Firefox browser for Android is apparently targeted at younger people, with Mozilla developers on GitHub tagging the description, 'Fenix is not your parents' Android browser'.

    Fenix mockups found by Mozilla contributor Sören Hentzschel and Ghacks suggest the makers of Fenix are turning the Firefox Android browser on its head, currently toying with the idea of putting the URL bar and home button down at the bottom of user interface.

    News of Fenix as a possible replacement surfaced in the middle of 2018 after someone spotted the new Mozilla mobile project on GitHub. Activity on the project has picked up in recent months.

  • Firefox Fenix for Android mockups

    Mozilla is working on a new web browser for Android to replace the currently available Firefox for Android mobile browser.

    Firefox users who use the browser on Android may have noticed that development slowed down in recent time. Updates are still released regularly but they address issues such as slowdowns, crashes, or security issues for the most part.

    The core reason for that is that Mozilla's working on Fenix, a new mobile browser for Android. Fenix is based on Android Components and GeckoView. In other words, Fenix will be powered by built-in components on Android and Mozilla's GeckoView.

  • Keep Smart Assistants from Spying on You with Alias, Security Advisory for Old scp Clients, Major Metasploit Framework Release, Mozilla Working on a New Browser for Android and VirtualBox 6.0.2 Is Out

    Mozilla is working on a new Android browser called Fenix. According to ZDNet, this "new non-Firefox browser for Android is apparently targeted at younger people, with Mozilla developers on GitHub tagging the description, 'Fenix is not your parents' Android browser'." In addition, mockups suggest that Fenix developers are "currently toying with the idea of putting the URL bar and home button down at the bottom of user interface."

Mozilla: Firefox 67 Plans, Servo, TenFourFox FPR12b1

Filed under
Moz/FF
  • Moving to a Profile per Install Architecture

    With Firefox 67 you’ll be able to run different Firefox installs side by side by default.

    Supporting profiles per installation is a feature that has been requested by pre-release users for a long time now and we’re pleased to announce that starting with Firefox 67 users will be able to run different installs of Firefox side by side without needing to manage profiles.

  • This Week In Servo 123

    In the past three weeks, we merged 72 PRs in the Servo organization’s repositories.

  • TenFourFox FPR12b1 available

    TenFourFox Feature Parity 12 beta 1 is now available (downloads, hashes, release notes). As before, this is a smaller-scope release with no new features, just fixes and improvements. The big changes are a fix for CVE-2018-12404, a holdover security fix from FPR11 that also helps improve JavaScript optimization, and Raphael's hand-coded assembly language AltiVec-accelerated string matching routines with special enhancements for G5 systems. These replace the C routines I wrote using AltiVec intrinsics, which will be removed from our hacked NSPR libc source code once his versions stick.

    Unfortunately, we continue to accumulate difficult-to-solve JavaScript bugs. The newest one is issue 541, which affects Github most severely and is hampering my ability to use the G5 to work in the interface. This one could be temporarily repaired with some ugly hacks and I'm planning to look into that for FPR13, but I don't have this proposed fix in FPR12 since it could cause parser regressions and more testing is definitely required. However, the definitive fix is the same one needed for the frustrating issue 533, i.e., the new frontend bindings introduced with Firefox 51. I don't know if I can do that backport (both with respect to the technical issues and the sheer amount of time required) but it's increasingly looking like it's necessary for full functionality and it may be more than I can personally manage.

Mozilla: Flexbox Inspector, WebRender and Another Person Quits

Filed under
Moz/FF
  • Designing the Flexbox Inspector

    The new Flexbox Inspector, created by Firefox DevTools, helps developers understand the sizing, positioning, and nesting of Flexbox elements. You can try it out now in Firefox DevEdition or join us for its official launch in Firefox 65 on January 29th.

    The UX challenges of this tool have been both frustrating and a lot of fun for our team. Built on the basic concepts of the CSS Grid Inspector, we sought to expand on the possibilities of what a design tool could be. I’m excited to share a behind-the-scenes look at the UX patterns and processes that drove our design forward.

  • WebRender newsletter #35

    Bonsoir! Another week, another newsletter. I stealthily published WebRender on crates.io this week. This doesn’t mean anything in terms of API stability and whatnot, but it makes it easier for people to use WebRender in their own rust projects. Many asked for it so there it is. Everyone is welcome to use it, find bugs, report them, submit fixes and improvements even!

    In other news we are initiating a notable workflow change: WebRender patches will land directly in Firefox’s mozilla-central repository and a bot will automatically mirror them on github. This change mostly affects the gfx team. What it means for us is that testing webrender changes becomes a lot easier as we don’t have to manually import every single work in progress commit to test it against Firefox’s CI anymore. Also Kats won’t have to spend a considerable amount of his time porting WebRender changes to mozilla-central anymore.

  • thank u, next

    I don’t believe that has any chance of changing; when I’ve tried to express my frustrations, I’ve only gotten disciplined. Mozilla is not interested in hearing what I have to say. And that’s fine, but when I take a step back and think about things, that means it’s time to go, for both my sake and Mozilla’s. So I’ve just put in my two weeks’ notice.

Mozilla and Bugzilla

Filed under
Software
Moz/FF
  • Correlations Between Firefox Bug Severity and Priority

    There are a lot of Firefox bugs in Bugzilla. To narrow the scope of my analysis, I selected bugs from the Firefox desktop product (Bugzilla Product “Firefox” or “Core”) that were filed and triaged within the last two years.

  • python-bugzilla + bugzilla 5.0 API keys

    Thankfully with bugzilla 5.0 and later there's a better option: API keys. Here's how to to use them transparently with /usr/bin/bugzilla and all python-bugzilla library usage. Here's steps for enabling API keys with bugzilla.redhat.com, but the same process should roughly apply to other bugzilla instances too.

    Login to the bugzilla web UI, click your email, select Preferences, select API Keys. Generate an API key with an optional comment like 'python-bugzilla'. Afterwards the screen will look something like this:

Awards for UNIX and for Security Protocols (Mozilla)

Filed under
OS
Moz/FF
OSS
Security
Sci/Tech
  • The National Inventors Hall of Fame Announces Its 2019 Inductees

    Posthumously honored inventors include Lee; UNIX co-creator Dennis Ritchie; thiazide diuretic pioneers John Baer, Karl H. Beyer Jr., Frederick Novello and James Sprague; hand-held electric drill inventors Duncan Black and Alonzo G. Decker of the popular Black & Decker power tool company; Andrew Higgins, the mastermind behind the Higgins Boats used by American troops landing at Normandy on D-Day; and Joseph Muhler and William Nebergall, creators of the cavity-preventing stannous fluoride toothpaste better known today by the brand name Crest.

  • National Inventors Hall of Fame honors creators of Unix, power drills and more
  • Eric Rescorla Wins the Levchin Prize at the 2019 Real-World Crypto Conference

    The Levchin Prize awards two entrepreneurs every year for significant contributions to solving global, real-world cryptography issues that make the internet safer at scale. This year, we’re proud to announce that our very own Firefox CTO, Eric Rescorla, was awarded one of these prizes for his involvement in spearheading the latest version of Transport Layer Security (TLS). TLS 1.3 incorporates significant improvements in both security and speed, was completed in August and already secures 10% of sites.

    Eric has contributed extensively to many of the core security protocols used in the Internet, including TLS, DTLS, WebRTC, ACME, and the in development IETF QUIC protocol.  Most recently, he was editor of TLS 1.3, which already secures 10% of websites despite having been finished for less than six months. He also co-founded Let’s Encrypt, a free and automated certificate authority that now issues more than a million certificates a day, in order to remove barriers to online encryption and helped HTTPS grow from around 30% of the web to around 75%. Previously, he served on the California Secretary of State’s Top To Bottom Review where he was part of a team that found severe vulnerabilities in multiple electronic voting devices.

  • Great, you've moved your website or app to HTTPS. How do you test it? Here's a tool to make local TLS certs painless

    A Google cyrptoboffin is close to releasing a tool that will hopefully make all of us more secure online.

    Now that most web traffic travels over HTTPS and browser features increasingly expect security, developers really should be creating and testing apps in an HTTPS environment.

    Doing so requires installing a TLS/SSL certificate locally, but the process isn't as easy as it might be. With a bit of effort, devs can generate their own certificate, self-signed or signed by the local root, and install it. Various online tutorials offers ways to do so. There are also projects like minica that aim to ease the pain.

    But it could be easier still, along the lines of Let's Encrypt, a tool that lets websites handle HTTPS traffic through automated certificate issuance and installation.

Mozilla Firefox 65 Promises Enhanced Security for Linux, Android, and macOS

Filed under
Moz/FF
Security

That's right, we're talking here about Firefox 65, the next major release of the popular open-source web browser used by millions of computer and mobile users worldwide. With the Firefox 65 release, Mozilla adds support for the WebP image format for all platforms, the ability to change the UI's display language in the Options page, as well as AV1 video codec support for Window users.

macOS users would be happy to learn that with the Firefox 65 release they'll be able to continue browsing from their iPhone or iPad devices on their Macs as this release supports the Handoff feature. There's also good news for Linux users as they will finally be able to switch tabs by scrolling in the tab bar. Also, Windows users can now install Firefox using an MSI installer.

Read more

Syndicate content

More in Tux Machines

Programming: Node.js, Micro:bit, L4Re, Python, Go and More

  • 14 Best NodeJS Frameworks for Developers in 2019
    Node.js is used to build fast, highly scalable network applications based on an event-driven non-blocking input/output model, single-threaded asynchronous programming. A web application framework is a combination of libraries, helpers, and tools that provide a way to effortlessly build and run web applications. A web framework lays out a foundation for building a web site/app. The most important aspects of a web framework are – its architecture and features (such as support for customization, flexibility, extensibility, security, compatibility with other libraries, etc..).
  • Debian now got everything you need to program Micro:bit
    I am amazed and very pleased to discover that since a few days ago, everything you need to program the BBC micro:bit is available from the Debian archive. All this is thanks to the hard work of Nick Morrott and the Debian python packaging team. The micro:bit project recommend the mu-editor to program the microcomputer, as this editor will take care of all the machinery required to injekt/flash micropython alongside the program into the micro:bit, as long as the pieces are available. There are three main pieces involved. The first to enter Debian was python-uflash, which was accepted into the archive 2019-01-12. The next one was mu-editor, which showed up 2019-01-13. The final and hardest part to to into the archive was firmware-microbit-micropython, which needed to get its build system and dependencies into Debian before it was accepted 2019-01-20. The last one is already in Debian Unstable and should enter Debian Testing / Buster in three days. This all allow any user of the micro:bit to get going by simply running 'apt install mu-editor' when using Testing or Unstable, and once Buster is released as stable, all the users of Debian stable will be catered for.
  • Some Ideas for 2019
    Well, after my last article moaning about having wishes and goals while ignoring the preconditions for, and contributing factors in, the realisation of such wishes and goals, I thought I might as well be constructive and post some ideas I could imagine working on this year. It would be a bonus to get paid to work on such things, but I don’t hold out too much hope in that regard. In a way, this is to make up for not writing an article summarising what I managed to look at in 2018. But then again, it can be a bit wearing to have to read through people’s catalogues of work even if I do try and make my own more approachable and not just list tons of work items, which is what one tends to see on a monthly basis in other channels. In any case, 2018 saw a fair amount of personal focus on the L4Re ecosystem, as one can tell from looking at my article history. Having dabbled with L4Re and Fiasco.OC a bit in 2017 with the MIPS Creator CI20, I finally confronted certain aspects of the software and got it working on various devices, which had been something of an ambition for at least a couple of years. I also got back into looking at PIC32 hardware and software experiments, tidying up and building on earlier work, and I keep nudging along my Python-like language and toolchain, Lichen. Anyway, here are a few ideas I have been having for supporting a general strategy of building flexible, sustainable and secure computing environments that respect the end-user. Such respect not being limited to software freedom, but also extending to things like privacy, affordability and longevity that are often disregarded in the narrow focus on only one set of end-user rights.
  • 5 Best Python IDEs You Can Get in 2019
    If you’re taking Python lessons online, you will eventually need a good IDE (Integrated Development Environment) to write better code. The command line interface can only prove so useful. At Python.com you can download a native IDE called IDLE (Integrated Development and Learning Environment). However, it is rather basic in scope, and debugging can consume more time than necessary. With this in mind, here are a few of the best IDEs for Python which add to your productivity.
  • Python’s Requests Library (Guide)
  • Factorial one-liner using reduce and mul for Python 2 and 3
  • Sample Chapters from Creating wxPython Applications Book
  • Migrating from Pelican 3 to Pelican 4
  • Python Software Foundation Fellow Members for Q4 2018 [Ed: Python Software Foundation has many Microsoft employees in it now. Not good. Microsoft has been using money to filtrate just about everything, including its competition. This isn't so new a strategy and many examples of it exist.]
  • PyCoder’s Weekly: Issue #352 (Jan. 22, 2019)
  • Why Don't People Use Formal Methods?

    Before we begin, we need to lay down some terms. There really isn’t a formal methods community so much as a few tiny bands foraging in the Steppe.1 This means different groups use terms in different ways. Very broadly, there are two domains in FM: formal specification is the study of how we write precise, unambiguous specifications, and formal verification is the study of how we prove things are correct. But “things” includes both code and abstract systems. Not only do we use separate means of specifying both things, we often use different means to verify them, too. To make things even more confusing, if somebody says they do formal specification, they usually mean they both specify and verify systems, and if somebody says they do formal verification, they usually mean mean they both specify and verify code.

    Before we begin, we need to lay down some terms. There really isn’t a formal methods community so much as a few tiny bands foraging in the Steppe.1 This means different groups use terms in different ways. Very broadly, there are two domains in FM: formal specification is the study of how we write precise, unambiguous specifications, and formal verification is the study of how we prove things are correct. But “things” includes both code and abstract systems. Not only do we use separate means of specifying both things, we often use different means to verify them, too. To make things even more confusing, if somebody says they do formal specification, they usually mean they both specify and verify systems, and if somebody says they do formal verification, they usually mean mean they both specify and verify code. For clarity purposes, I will divide verification into code verification (CV) and design verification (DV), and similarly divide specification into CS and DS. These are not terms used in the wider FM world. We’ll start by talking about CS and CV, then move on to DS and DV.

  • Learning C as an uneducated hobbyist

    V=Programming, however, is conscious. It’s an activity in which you have to think in order to act. Unlearning bad practice in programming takes no energy at all apart from that spent being told that the practice is bad and coming to understand and remember it. Once you’ve done that, it’s almost impossible to make the same mistake again.

    That’s why you shouldn’t be afraid of learning “along the way”, “as you go” or “in an ad-hoc manner” because “you might learn bad practice”. If you learn the wrong thing, you can learn the right thing later. After all, you’re not a professional programmer. It doesn’t matter very much if you make a mistake; your job doesn’t depend on it.

  • Demystifying Pointers in Go
    If you’ve never worked with a language that exposes pointers, it could be a little confusing. But the good news is pointers don’t need to be scary. In fact, pointers can be pretty straightforward. Here are the basics of pointers in Go:

GNOME 3.32 Desktop Environment to Launch with a "Radical New Icon Style"

Besides the slightly revamped default theme, it looks like the GNOME 3.32 desktop environment will come with a "radical new icon style," along with new guidelines for app developers to provide a more unified icon style across the GNOME ecosystem. GNOME designer Jakub Steiner writes in his latest blog article about the improvements needed for the revamped icon style to be included by default with the GNOME 3.32 release of the open-source desktop environment used by numerous Linux-based operating systems, including Ubuntu. Read more Also: GNOME Is Making Great Progress On Overhauling Their App Icons

Dell XPS 13 9380 Developer Edition Now Available, Shipping With Ubuntu 18.04 LTS

Dell is now shipping their new XPS 13 8th gen (9380) laptop in a developer edition that comes preloaded with Ubuntu 18.04 LTS. The Dell XPS 9380 is only an incremental upgrade over the previous-generation 9370: it has the slightly newer Intel Whiskey Lake processors, moves the web camera position to the top of the display rather than at the bottom, and other minor refinements but nothing too dramatic. From the Developer Edition side, they have moved from Ubuntu 16.04 LTS to 18.04 LTS. Read more Also: The new Dell XPS 13 developer edition now available in the US, Europe and Canada New Dell XPS 13 Laptop with Ubuntu Is Now Available in the US, Europe and Canada

Microsoft Windows Server Benchmarked Against Six Linux Distributions

While it was not too long ago that Microsoft Windows Server 2019 began shipping and that we conducted some end-of-year benchmarks between Windows and Linux, with being in the process of running a number of Windows and Linux benchmarks as part of our ongoing 10GbE OS performance testing, I also took the opportunity to run some other benchmarks on Windows Server 2016 and 2019 as well as a set of Linux distributions. With carrying out the fresh OS installations anyways for the network testing, with recently having brought over some more Phoronix Test Suite test profiles with Windows support, I decided to run some fresh Windows Server vs. Linux benchmarks anyways. Granted, not all of the tests are server-oriented and not all of the traditional Linux server distributions were used. Just take this as you wish of some fresh Windows vs. Linux performance benchmarks. Read more