Language Selection

English French German Italian Portuguese Spanish

Moz/FF

Mozilla Leftovers

Filed under
Moz/FF

           

  • Driving Value as a Tiny UX Content Team: How We Spend Content Strategy Resources Wisely

    Our tiny UX content strategy team works to deliver the right content to the right users at the right time. We make sure product content is useful, necessary, and appropriate. This includes everything from writing an error message in Firefox to developing the full end-to-end content experience for a stand-alone product.

    Mozilla has around 1,000 employees, and many of those are developers. Our UX team has 20 designers, 7 researchers, and 3 content strategists. We support the desktop and mobile Firefox browsers, as well as satellite products.

    There’s no shortage of requests for content help, but there is a shortage of hours and people to tackle them. When the organization wants more of your time than you actually have, what’s a strategic content strategist to do?

  • These Weeks in Firefox: Issue 77
  •        

  • Improving Your Experience across Products

    When you log into your Firefox Account, you expect a seamless experience across all your devices. In the past, we weren’t doing the best job of delivering on that experience, because we didn’t have the tools to collect cross-product metrics to help us make educated decisions in a way that fulfilled our lean data practices and our promise to be a trusted steward of your data. Now we do.

    Firefox 81 will include new telemetry measurements that help us understand the experience of Firefox Account users across multiple products, answering questions such as: Do users who set up Firefox Sync spend more time on desktop or mobile devices? How is Firefox Lockwise, the password-manager built into the Firefox desktop browser, used differently than the Firefox Lockwise apps? We will use the unique privacy features of Firefox Accounts to answer questions like these while staying true to Mozilla’s data principles of necessity, privacy, transparency, and accountability–in particular, cross-product telemetry will only gather non-identifiable interaction data, like button clicks, used to answer specific product questions.

  • Possibly one step towards named arguments in Rust

    A number of programming languages offer a feature called “Named Arguments” or “Labeled Arguments”, which makes some function calls much more readable and safer.

    Let’s see how hard it would be to add these in Rust.

Mozilla VR, Security, Surveillance and More

Filed under
Moz/FF

  • Virtual Tours of the Museum of the Fossilized Internet

    In March 2020, Michelle Thorne and I announced office tours of the Museum of the Fossilized Internet as part of our new Sustainability programme. Then the pandemic hit, and we teamed up with the Mozilla Mixed Reality team to make it more accessible while also demonstrating the capabilities of social VR with Hubs.

    We now welcome visitors to explore the museum at home through their browsers.

  • Review of the year so far, and looking forward to the next 6 months.

    In 2019 we started looking into our experiences and 2020 saw us release the new responsive redesign, a new AAQ flow, a finalized Firefox Accounts migration, and a few other minor tweaks. We have also performed a Python and Django upgrade carrying on with the foundational work that will allow us to grow and expand our support platform. This was a huge win for our team and the first time we have improved our experience in years! The team is working on tracking the impact and improvement to our overall user experience.

    We also know that contributors in Support have had to deal with an old, sometimes very broken, toolset, and so we wanted to work on that this year. You may have already heard the updates from Kiki and Giulia through their monthly strategy updates. The research and opportunity identification the team did was hugely valuable, and the team identified onboarding as an immediate area for improvement. We are currently working through an improved onboarding process and look forward to implementing and launching ongoing work.

  •        

  • What's new in ECSY 0.4 and ECSY-THREE v0.1

    Since the initial release of ECSY we have been focusing on API stability and bug fixing as well as providing some features (such as components’ schemas) to improve the developer experience and provide better validation and descriptive errors when working in development mode.

  •        

  • Understanding Web Security Checks in Firefox (Part 2)

    This is the second and final part of a blog post series that explains how Firefox implements Web Security fundamentals, like the Same-Origin Policy and Content-Security-Policy. While the first post explained Firefox security terminology and theoretical foundations, this second post covers how to log internal security information to the console in a human readable format. Ultimately, we hope to inspire new security research in the area of web security checks and to empower participants in our bug bounty program to do better, deeper work.

    Generally, we encourage everyone to do their security testing in Firefox Nightly. That being said, the logging mechanisms described in this post, work in all versions of Firefox – from self-build, to versions of Nightly, Beta, Developer Edition, Release and ESR you may have installed locally already.

    [...]

    An attacker could use a CSP bypass like this and target users on web pages that are susceptible to XSS or content injections. However, this bug was identified in a previous version of Firefox and has been fixed for all of our users since.

    To summarize, using the provided logging mechanism allows us to effectively detect security problems by visual inspection. One could take it even further and generate graph structures for nested page loads. Using these graphs to observe where the security context (e.g., the CSP) changes can be a very powerful tool for runtime security analysis.

    Going Forward

    We have explained how to enable logging mechanisms within Firefox which allows for visual inspection of every web security check performed. We would like to point out that finding security flaws might be eligible for a bug bounty. Finally, we hope the provided instructions foster security research and in turn allow researchers, bug bounty hunters and generally everyone interested in web security to contribute to Mozilla and the Security of the Open Web.

  •        

  • What’s new in Perfherder?

    Perfherder is one of the primary tools used by our performance sheriffs to triage and investigate regression (and improvement) alerts. It’s also a key part of the workflow any Firefox engineer may experience when working on performance, either responding to a regression, or proactively measuring the impact of their changes. This post will cover the various improvements that have been made to Perfherder so far in 2020.

  •        

  • Mozilla Performance Blog: Improving Firefox Startup Time With The about:home Startup Cache

    For the past year or so, the Firefox Desktop Front-End Performance team has been concentrating on making improvements to browser startup performance.

    The launching of an application like Firefox is quite complex. Meticulous profiling of Firefox startup in various conditions has, thankfully, helped reveal a number of opportunities where we can make improvements. We’ve been evaluating and addressing these opportunities, and several have made it into the past few Firefox releases.

    This blog post is about one of those improvements that is currently in the later stages of development. I’m going to describe the improvement, and how we went about integrating it.

    In a default installation of Firefox, the first (and only) tab that loads is about:home. (Note: this is only true if the user hasn’t just restarted after applying an update, and if they haven’t set a custom home page or configured Firefox to restore their previous session on start.)

  • How to use git branch aliases with Mozilla Central

    I just set up Mozilla Central with a git wrapper so I can contribute to the main Gecko codebase using Git. It works great, but the default branch has an unusual name compared to what I’m used to.

  •        

  • Automated end-to-end tests for Glean

    Last year at the Mozilla All-Hands in Whistler, Canada I went for a walk with my colleague Mark Reid who manages our Data Platform team. We caught up on personal stuff and discussed ongoing projects as well as shared objectives for the next half-year. These in-person conversations with colleagues are my favorite activity at our semi-annual gatherings and are helpful in ensuring that my team is working on the most impactful projects and that our tests create value for the teams we support. 

    [...]

    For Mozilla, getting reliable data from our products is critical to inform our decision making. Glean is a new product analytics and telemetry solution that provides a consistent experience and behavior across all of our products. Mark and I agreed that it would be fantastic if we had automated end-to-end tests to complement existing test suites and alert us of potential issues with the system as quickly as possible.

  • Data@Mozilla: Experimental integration Glean with Unity applications [Ed: Mozilla fusing together its Microsoft-hosted surveillance project with Microsoft Mono]

    As we know, Glean SDK has provided language bindings for different programming language requirements that include Kotlin, Swift, and Python. However, when we are talking about supporting applications that use Unity as their development toolkit, there are no existing bindings available to help us achieve it. Unity allows users using a Python interpreter to embed Python scripts in a Unity project; however, due to Unity’s technology being based on the Mono framework, that is not the same as our familiar Python runtime for running Python scripts. So, the alternative way we need to find out is how to run Python on .Net Framework or exactly on Mono framework. If we are discussing possible approaches to run Python script in the main process, using IronPython is the only solution. However, it is only available for Python 2.7, and the Glean SDK Python language binding needs Python 3.6. Hence, we start our plans to develop a new Glean binding for C#.

  • Google, nobody asked for a new Blogger interface

    I'm writing this post in what Google is euphemistically referring to as an improvement. I don't understand this. I managed to ignore New Blogger for a few weeks but Google's ability to fark stuff up has the same air of inevitability as rotting corpses. Perhaps on mobile devices it's better, and even that is a matter of preference, but it's space-inefficient on desktop due to larger buttons and fonts, it's noticeably slower, it's buggy, and very soon it's going to be your only choice.

    My biggest objection, however, is what they've done to the HTML editor. I'm probably the last person on earth to do so, but I write my posts in raw HTML. This was fine in the old Blogger interface which was basically a big freeform textbox you typed tags into manually. There was some means to intercept tags you didn't close, which was handy, and when you added elements from the toolbar you saw the HTML as it went in. Otherwise, WYTIWYG (what you typed is what you got). Since I personally use fairly limited markup and rely on the stylesheet for most everything, this worked well.

Introducing Firefox Reality PC Preview

Filed under
Moz/FF

Have you ever played a VR game and needed a tip for beating the game... but you didn’t want to take off your headset to find that solution? Or, have you wanted to watch videos while you played your game? Or, how about wanting to immerse yourself in a 360 video on Youtube?

Released today, Firefox Reality PC Preview enables you to do these things and more. This is the newest addition to the Firefox Reality family of products. Built upon the latest version of the well-known and trusted Firefox browser, Firefox Reality PC Preview works with tethered headsets as well as wireless headsets streaming from a PC.

Read more

Review of Firefox “Fenix” for Android

Filed under
Android
Moz/FF
Reviews

Mozilla has begun a staged roll-out of its redesigned and rearchitected Firefox browser for Android (codename “Fenix”). So far, Fenix has only been released in 14 countries through the Google Play Store. Here’s my review of Mozilla’s new flagship mobile browser as a long-time user and as an extension developer.

Fenix’s user interface is minimal, but it represents a large amount of work under the hood. It’s built on GeckoView and Mozilla Android Components (MOZAC); a set of reusable components for mobile app developers that makes it easier to build a web browser based on Mozilla technology. These components are a modernization of the old codebase as well as a direct competitor to WebView — the web engine that’s built-in to Android, as well as Google’s ChromiumView.

Read more

Mozilla: SameSite, SUMO, Firefox and More

Filed under
Moz/FF

           

  • Changes to SameSite Cookie Behavior – A Call to Action for Web Developers

    We are changing the default value of the SameSite attribute for cookies from None to Lax, per new IETF guidelines. This will greatly improve security for users. However, some web sites may depend (even unknowingly) on the old default, potentially resulting in breakage for those sites. At Mozilla, we are slowly introducing this change. And we are strongly encouraging all web developers to test their sites with the new default.

    [...]

    Testing in the Firefox Nightly and Beta channels has shown that website breakage does occur. While we have reached out to those sites we’ve encountered and encouraged them to set the SameSite attribute on their web properties, the web is clearly too big to do this on a case-by-case basis.

    It is important that all web developers test their sites against this new default. This will prepare you for when both Firefox and Chrome browsers make the switch in their respective release channels.

  •         

  • New platform milestone completed: Python upgrade

    In 2020 a lot of the SUMO platform’s team work is focused on modernizing our support platform (Kitsune) and performing some foundational work that will allow us to grow and expand the platform. We have started this in H1 with the new Responsive and AAQ redesign. Last week we completed a new milestone: the Python/Django upgrade.

    Why was this necessary

    Support.mozilla.org was running on Python 2.7, meaning our core technology stack was running on a no longer supported version. We needed to upgrade to at least 3.7 and, at the same time, upgrade to the latest Django Long Term Support (LTS) version 2.2.

  •        

  • Firefox 79 includes protections against redirect tracking

    A little over a year ago we enabled Enhanced Tracking Protection (ETP) by default in Firefox. We did so because we recognize that tracking poses a threat to society, user safety, and the autonomy of individuals and we’re committed to protecting users against these threats by default. ETP was our first step in fulfilling that commitment, but the web provides many covert avenues trackers can use to continue their data collection.

    Today’s Firefox release introduces the next step in providing a safer and more private experience for our users with Enhanced Tracking Protection 2.0, where we will block a new advanced tracking technique called redirect tracking, also known as bounce tracking. ETP 2.0 clears cookies and site data from tracking sites every 24 hours, except for those you regularly interact with. We’ll be rolling ETP 2.0 out to all Firefox users over the course of the next few weeks.

  •        

  • Fast Company Recognizes Katharina Borchert as one of the Most Creative Business People

    We are proud to share that Katharina Borchert, Mozilla’s Chief Open Innovation Officer, has been named one of the  Most Creative People by Fast Company. The award recognizes her leadership on Common Voice and helping to diversify AI speech through machine learning. Katharina was recognized not just for a groundbreaking idea, but because her work is having a measurable impact in the world.

    [...]

    The full list also includes vintner, Krista Scruggs, dancer and choreographer Twyla Tharp, and Ryan Reynolds: “for delivering an honest message, even when it’s difficult”.

    “‘This is a real honor,” said Katharina, “which also reflects the contributions of an incredible alliance of people at Mozilla and beyond. We have a way to go before the full promise of Common Voice is realized. But I’m incredibly inspired by the different communities globally building it together with Mozilla, because language is so important for our identities and for keeping cultural diversity alive in the digital age. Extending the reach of voice recognition to more languages can only open the doors to more innovation and make tech more inclusive.”

  •        

  • Latest Firefox rolls out Enhanced Tracking Protection 2.0; blocking redirect trackers by default

    Today, Firefox is introducing Enhanced Tracking Protection (ETP) 2.0, our next step in continuing to provide a safe and private experience for our users. ETP 2.0 protects you from an advanced tracking technique called redirect tracking, also known as bounce tracking. We will be rolling out ETP 2.0 over the next couple of weeks.

    Last year we enabled ETP by default in Firefox because we believe that understanding the complexities and sophistication of the ad tracking industry should not be required to be safe online. ETP 1.0 was our first major step in fulfilling that commitment to users. Since we enabled ETP by default, we’ve blocked 3.4 trillion tracking cookies. With ETP 2.0, Firefox brings an additional level of privacy protection to the browser.

    Since the introduction of ETP, ad industry technology has found other ways to track users: creating workarounds and new ways to collect your data in order to identify you as you browse the web. Redirect tracking goes around Firefox’s built-in third-party cookie-blocking policy by passing you through the tracker’s site before landing on your desired website. This enables them to see where you came from and where you are going.

  •        

  • Moth wants you to design a Firefox Theme for San Francisco Shock

    This summer we partnered with Overwatch League’s San Francisco Shock to help the fans at home cheer on their 2019 Grand Finals Champions. This included Firefox Protection Plays and giving viewers a behind-the-scenes look at a day in the life of the SF Shock players.

    Before the summer season ends, we wanted to do one last thing for the SF Shock team and their fans. One of the players, Moth, shared that Firefox is the only browser he uses. He learned about Firefox while studying software engineering in college. Firefox and Mozilla’s mission along with the open source ethos is what keeps him a loyal user. To celebrate that, we’re inviting SF Shock fans — and anyone else who might be interested — to design an original Firefox theme.

Mozilla: Rust 1.45.2 and Code Quality/Security

Filed under
Moz/FF
  • Announcing Rust 1.45.2

    The Rust team is announcing a new version of Rust, 1.45.2. Rust is a programming language that is empowering everyone to build reliable and efficient software.

  • Reference Sheet for Principals in Mozilla Code
  • Understanding Web Security Checks in Firefox (Part 1)

    This is the first part of a blog post series that will allow you to understand how Firefox implements Web Security fundamentals, like the Same-Origin Policy. This first post of the series covers the architectural design, terminology, and introduces core interfaces that our implementation of the Same-Origin Policy relies on: nsIPrincipal and nsILoadinfo.

Mozilla Thunderbird 78.1 Released with Full OpenPGP Support, Search in Preferences Tab

Filed under
Moz/FF
Web

Mozilla Thunderbird 78.1 is now rolling out today to all supported platforms as the first point release to the latest major Mozilla Thunderbird 78 release with a bunch of exciting new features.

As you know, Mozilla Thunderbird 78 arrived two weeks ago with many exciting changes, including OpenPGP support, new minimum runtime requirements for Linux systems, DM support for Matrix, a new, centralized Account Hub, Lightning integration, and support for the Red Hat Enterprise Linux 7 operating system series.

Probably the most exciting new feature in Mozilla Thunderbird 78 is support for the OpenPGP open standard of PGP encryption, which lets users send encrypted emails without relying on a third-party add-on. However, OpenPGP support wasn’t feature complete in the Thunderbird 78 release and it was disable by default.

With the Thunderbird 78.1 point release, Mozilla says that OpenPGP support is now feature complete, including the new Key Wizard, the ability to search online for OpenPGP keys, and many other goodies. But it’s still disable by default to allow more time for testing, so you need to enable it manually to take full advantage of the new Thunderbird release.

Read more

The Rust Programming Language Blog: Announcing Rust 1.45.1

Filed under
Development
Moz/FF

The Rust team is happy to announce a new version of Rust, 1.45.1. Rust is a programming language that is empowering everyone to build reliable and efficient software.

Read more

Mozilla: Firefox, Rust, Redox, Servo, Telecommunications and Other Legislation Amendment (TOLA), Open Technology Fund and Tor

Filed under
Moz/FF

  • Karl Dubost: Formatted console.log lines. Stacktraces export wish.

    When we select the console.log lines in Firefox devtools, and cut and paste in an editor, there are newline characters added to the output.

    [...]

    Silly idea of the day. This is not available right now in devtools, but I wish it was.

    Put two breakpoints in devtools.
    Run the code as record stacktrace in between these two targets
    export the stack trace as a json in a standard format in between these two breakpoints (do the same thing in another browser)
    Have a diff tool giving the possibility to explore the differences in between the two stack traces.

  • Rust-Written Redox OS Now Supports GDB Debugging

    For helping to debug more issues within the Rust-written Redox operating system, the GNU Debugger (GDB) is beginning to work well on the platform.

    Thanks to work being achieved during the Redox Summer of Code, the GDB debugger is beginning to work well enough on the platform that bugs are being evaluated with the popular GNU Debugger. In recent weeks it's been serving well for debugging the operating system's dynamic linker and issues with shared libraries.

  • This Week In Servo 134

    In the past week, we merged 69 PRs in the Servo organization’s repositories.

    The latest nightly builds for common platforms are available at download.servo.org.

    Servo has been successfully integrated into 3d Unity scenes as a 2d browser plugin.

  • Australian watchdog recommends major changes to exceptional access law TOLA

    Australia’s Independent National Security Legislation Monitor (INSLM) earlier this month released a 316-page report calling for significant, and much needed, reforms to the nation’s 2018 Telecommunications and Other Legislation Amendment (TOLA) law. The Parliamentary Joint Committee on Intelligence and Security (PJCIS) will meet later this month to consider the INSLM’s recommendations. While we still believe this dangerous law should be repealed, if enacted, these recommendations would go a long way in reducing the risk of this flawed piece of legislation.

    This legislation – which Mozilla has continually opposed – allows Australian authorities to force nearly all actors in the digital ecosystem (Designated Communications Providers or DCPs) to do “acts or things” with an explicit goal of weakening security safeguards. For example, under this law, using a Technical Assistance Notice (TAN), Australian authorities could force a company to turn over sensitive security information, or using a Technical Capability Notice (TCN), they could force a company to redesign its software.

    [...]

    Mozilla has been involved throughout the legislative process and the development of the INSLM’s report. We filed comments to the PJCIS in late 2018 and early 2019 warning of TOLA’s dangerous effects. Martin Thomson, Mozilla Distinguished Engineer, testified at a hearing held by the INSLM – which ultimately proceeded to quote a portion of Martin’s testimony in his final report. Moreover, our team has provided comments to the Australian Ministry of Communications, Cyber Safety & the Arts relating specifically to the significant security risks posed by TCNs. Our December 2019 cover letter to the INSLM contributing input to his report can be found here. A detailed list of Mozilla’s recommendations alongside related INSLM recommendations can be found here.

    The PJCIS will hold a hearing later this month to discuss the recommendations and likely begin the process of discussing amendments to TOLA. This presents the PJCIS with a unique opportunity to demonstrate leadership in defending individuals’ online privacy and security while enabling effective access to justice. The implementation of TOLA continues to pose serious privacy, security, and due process issues for both users and developers, and Mozilla will continue to oppose this law. In the event that the bill is not repealed, we strongly urge the involved MPs and Senators to adopt the INSLM’s recommendations which may help soften the blow of some of the law’s most damaging provisions.

  • The Open Technology Fund’s vital role for democracy worldwide should not be undermined

    The Open Technology Fund plays a vital role for democracy worldwide. That’s why Mozilla on Friday joined a friend of the court brief in support of the Open Technology Fund’s independence from government control as OTF’s case moves forward to the D.C. Circuit Court of Appeals.

    The Open Technology Fund is a U.S. government funded, independent nonprofit corporation with a mission to support development of open-source technologies that “increase free expression, circumvent censorship, and obstruct repressive surveillance as a way to promote human rights and open societies.” One such OTF-supported project is Tor Browser, which is built on the Firefox codebase and enables encrypted access to the web for anonymous browsing. Another is Let’s Encrypt, a free certificate authority enabling more secure web connections that began as a project of Mozilla, EFF, and the University of Michigan. These are invaluable tools not only to citizens of authoritarian regimes, but more broadly to internet users everywhere who rely on them to protect the privacy of their personal associations, communications, and interests.

  • New alpha release: Tor 0.4.4.3-alpha

    There's a new alpha release available for download. If you build Tor from source, you can download the source code for 0.4.4.3-alpha from the download page on the website. Packages should be available over the coming weeks, with a new alpha Tor Browser release by mid-August.

    Remember, this is an alpha release: you should only run this if you'd like to find and report more bugs than usual.

Mozilla Firefox 79 Is Now Available for Download with New Password Export Feature

Filed under
Moz/FF

The Mozilla Firefox 79 web browser is now available for download ahead of tomorrow’s official launch with a new password export fearture and various other improvements.

Firefox 79 entered public beta testing at the end of June 2020, shortly after Mozilla launched Firefox 78 as the newest ESR (Extended Support Release) series. Since then, the new release received a total of nine beta versions which brought just a handful of changes to out beloved web browser.

One of the coolest new features of the Firefox 79 release is the ability to export saved passwords and logins to a CSV file without having to install a third-party extension like FF Password Exporter, which I saw featured in numerous tutorials all over the Web.

Read more

Also Mozilla: A-localized work or distributed work

Syndicate content

More in Tux Machines

today's howtos

Kernel: Linux Plumbers and New in Linux 5.9

  • Linux Plumbers currently sold out

    Linux Plumbers is currently sold out of regular registration tickets. Although the conference is virtual this year our virtual platform cannot support an unlimited number of attendees, hence the cap on registration. We are currently reviewing our capacity limits to see if we can allow more people to attend without over burdening the virtual platform and potentially preventing discussion. We will make another announcement next week regarding registration.

  • Linux 5.9 Supports A Lot Of New Audio Hardware, Intel Silent Stream Added

    The Linux kernel continues supporting a lot more audio devices and much more punctual than a decade or two ago.

  • Linux 5.9 Networking Changes Are As Active As Ever

    Each kernel cycle the networking subsystem sees a lot of churn given the importance of network interconnect performance and reliability especially in high performance computing environments where Linux dominates.

5 of the Best Linux Laptops in 2020

If you’re shopping for a laptop and know you’re planning to run Linux, you can either get any laptop, reformat the hard drive and install your favorite Linux distro on it or just get a laptop that is running Linux right out of the box. Here are some of the best Linux laptops you can get in 2020. [...] These all come preloaded with Ubuntu 20.04 LTS, which is a solid base for any of the various flavors or just vanilla Ubuntu. Many of the drivers have been contributed upstream by Dell, so many distros that use newer kernels should be able to take full advantage of the Killer Wi-Fi cards and Intel Iris Plus Graphics. [...] Pine64 has been in the news often for its Pinephone, but the Pinebook Pro is another great product from them. It’s a 14” ARM laptop that weighs less than 3 lbs/1.5 KG and sips power. It’s a great little machine that helps to push Linux forward on the ARM platform and comes in just under $200. Read more

Richard Stallman: A Discussion on Freedom, Privacy & Cryptocurrencies

Dr. Richard Stallman is well-known for his free software movement activism. His speeches and work revolve around a term: freedom. And it is precisely that word that prompted Stallman to launch the GNU Project, founding the Free Software Foundation and releasing the GNU General Public License, among other projects, to promote the free software concept. RMS, as Dr. Stallman is also known, has some opinions regarding the concept of cryptocurrencies that have been widely discussed within the crypto community. Read more