Language Selection

English French German Italian Portuguese Spanish


Mozilla: AR, Bugs, and Common Voice

Filed under
  • New API to Bring Augmented Reality to the Web
  • New API to Bring Augmented Reality to the Web

    Mozilla is excited to enter a new phase of work on JavaScript APIs that will help everyone create and share virtual reality (VR) and augmented reality (AR) projects on the open web.

    As you might know, Mozilla formally launched this work last year with the release of Firefox desktop support for the WebVR 1.1 API. Using that draft API, early adopters like WITHIN were able to distribute 3D experiences on the web and have them work well on a range of devices, from mobile phones and cardboard viewers to full-fledged, immersive VR headsets.

  • Security Bugs in Practice: SSRF via Request Splitting

    One of the most interesting (and sometimes scary!) parts of my job at Mozilla is dealing with security bugs. We don't always ship perfect code – nobody does – but I'm privileged to work with a great team of engineers and security folks who know how to deal effectively with security issues when they arise. I'm also privileged to be able to work in the open, and I want to start taking more advantage of that to share some of my experiences.

    One of the best ways to learn how to write more secure code is to get experience watching code fail in practice. With that in mind, I'm planning to write about some of the security-bug stories that I've been involved in during my time at Mozilla. Let's start with a recent one: Bug 1447452, in which some mishandling of unicode characters by the Firefox Accounts API server could have allowed an attacker to make arbitrary requests to its backend data store.

  • Fast Company Innovation by Design Award for Common Voice

    Today Common Voice — our crowdsourcing-initiative for an open and publicly available voice dataset that anyone can use to train speech-enabled applications — was honored as a Finalist in the Experimental category in Fast Company’s 2018 Innovation by Design Awards.

    Fast Company states that Innovation by Design is the only competition to honor creative work at the intersection of design, business, and innovation. 

The awards, which can be found in the October 2018 issue of Fast Company, on stands September 18th, recognize people, teams, and companies solving problems through design. After spending a year researching and reviewing applicants Fast Company is honoring an influential and diverse group of 398 leaders in fashion, architecture, graphic design and data visualization, social good, user experience, and more.

  • We’re intentionally designing open experiences, here’s why.

    At Mozilla, our Open Innovation team is driven by the guiding principle of being Open by Design. We are intentionally designing how we work with external collaborators and contributors — both at the individual and organizational level — for the greatest impact and shared value. This includes foundational strategic questions from business objectives to licensing through to overall project governance. But importantly, it also applies to how we design experiences for our communities. Including how we think about creating interactions, from onboarding to contribution.


    What is now Common Voice, an multi-language voice collection experience, started merely as an identified need. Since early 2016 Mozilla’s Machine Learning Group has been working on an Open Source speech recognition engine and model, project “Deep Speech”. Any high quality speech-to-text engines require thousands of hours of voice data to train them, but publicly available voice data is very limited and the cost of commercial datasets is exorbitant. This prompted the question, how might we collect large quantities of voice data for Open Source machine learning?

What Is the Point of Mozilla?

Filed under

Few journeys in the world of open source have been as exciting as Mozilla's. Its birth was dramatic. Netscape, the pioneering company whose Netscape Navigator browser shaped the early Web, had enjoyed the most successful IPO up until then, valuing the 18-month-year-old company at nearly $3 billion. That was in 1995. Three years later, the company was in freefall, as the browser wars took their toll, and Microsoft continued to gain market share with its Internet Explorer, launched alongside Windows 95. Netscape's response was bold and unprecedented. On January 27, 1998, it announced that it was making the source code for the next generation of its web browser freely available under a GPL-like license.

Although of huge symbolic importance for the still-young Free Software world—the term "open source" was coined only a month after Netscape's announcement—the release and transformation of the code for what became the Mozilla browser suite was fraught with difficulties. The main problem was trying to re-write the often problematic legacy code of Netscape Navigator. Mozilla 1.0 was finally released in 2002, but by then, Internet Explorer dominated the sector. The failure of the Mozilla browser to make much of an impact ultimately spurred development of the completely new Firefox browser. Version 1.0 was launched in 2004, after three years of work.

Read more

Also: Firefox Snap is the best way to run Beta Firefox

The WebExtocalypse

Filed under

Mozilla recently dropped support for Firefox XUL extensions.

The initial threat of this prompted me to discover how to re-enable XUL extensions by modifying Firefox's omni.ja file. That clearly is not going to last very long since Mozilla is also deleting XPCOM interfaces but I note the Tor Browser is temporarily still using XUL extensions.

Since I have some extensions I wrote for myself, I will need to rewrite them as WebExtension add-ons.

The first thing to do is check how to install WebExtension add-ons. My local XUL extensions are run from the corresponding git trees. Using an example extension I discovered that this no longer works. The normal way to install add-ons is to use the web-ext tool, upload to the Mozilla app store and then install from there. This seems like overkill for an unpolished local add-on. One way to workaround this is to disable signing but that seems suboptimal if one has installed Mozilla-signed add-ons, which I will probably have to do until Debian packages more add-ons. Luckily Mozilla offers alternative "sideloading" distribution mechanisms and Debian enables these by default for the Debian webext-* packages. Installing a symlink to the git repository into the extensions directory and adding a gecko identifier to the add-on manifest.json file works.

Read more

Mozilla Firefox 62 "Quantum" Is Now Available for All Supported Ubuntu Releases

Filed under

Firefox 62 introduces Canadian English (en-CA) locale, FreeBSD support for the WebAuthn (Web Authentication) API used for accessing Public Key Credentials Level 1, support for Firefox Home to display up to four rows of top sites, highlights, and Pocket stories, and a new "Reopen in Container" tab menu option that lets users reopen conternized tabs in a different container.

Furthermore, Firefox 62 enables web developers to create richer web page layouts and beautiful typography for sites thanks to the addition of CSS Shapes support and CSS Variable Fonts (OpenType Font Variations) support, as well as a brand-new Shape Path Editor in the CSS Inspector. It also allows users to distrust certificates issued by Symantec by setting "security.pki.distrust_ca_policy" to 2.

Read more

Mozilla: Privacy, Testing Firefox 63 Beta 6 and Firefox 62 Tools Cool for School

Filed under
  • On leveling the playing field and online tracking

    Over the years, browsers have spent significant efforts to restrict the attempts that these third-parties that are present on the Web today can do. However, these basic foundational problems have remained unsolved in most browsers. As a result, third-parties have been engaged in activities like collecting the user’s browsing history, personal data, information about their device, and so on, which is a subversion of the built-in protections that browsers provide to prevent the “straightforward” ways of getting this data from the third-party’s own website (aka, their own users). Safari is the notable exception in at least the area of exposure of global data to third-parties. I think they got the right defaults from the beginning which was hugely advantageous for both Safari and the browser community at large — for the latter since it showed that the “holy grail” of exposing no global data to third-parties is achievable, not some far-into-the-future dream which will never happen.

  • Firefox 63 Beta 6 Testday, September 14th

    We are happy to let you know that Friday, September 14th, we are organizing Firefox 63 Beta 6 Testday. We’ll be focusing our testing on Devtools Doorhanger menu, Web Compatibility features and PDF actions. We will also have fixed bugs verification and unconfirmed bugs triage ongoing.

    Check out the detailed instructions via this etherpad.

  • Firefox 62 – Tools Cool for School!

    Hello there! It’s been six-odd weeks, and the march of progress continues to, uh… march… progressingly. That means we have a brand new Firefox to share, with an abundance of bug fixes, performance improvements, and (in particular) sweet developer tool treats! So tuck in your napkin and enjoy this tasting menu of some of what’s new in Firefox 62.

New Release: Tor Browser 8.0

Filed under
  • New Release: Tor Browser 8.0

    For the past year, we have been collecting feedback on how we can make Tor Browser work better for you.

    Tor Browser 8.0, our first stable release based on Firefox 60 ESR, is now available from the Tor Browser Project page and also from our distribution directory. This release is all about users first.

  • Tor Browser 8.0 Released: New Onboarding Experience & Optimized Bridge Fetching

    The Tor project has unveiled all new Tor Browser 8.0 with an updated language page, new onboarding experience for new users, additional language support and optimized bridge fetching technique.

    Tor browser is famous for establishing an anonymous connection by bundling data into encrypted packets before passing them through the network, thus hiding your internet footprint.

Latest on Chrome and Mozilla

Filed under
  • Google Wants to Kill the URL


    The focus right now, they say, is on identifying all the ways people use URLs to try to find an alternative that will enhance security and identity integrity on the web while also adding convenience for everyday tasks like sharing links on mobile devices.

  • Keybase: "Our browser extension subverts our encryption, but why should we care?"

    Two days ago I decided to take a look at Keybase. Keybase does crypto, is open source and offers security bug bounties for relevant findings — just the perfect investigation subject for me. It didn’t take long for me to realize that their browser extension is deeply flawed, so I reported the issue to them via their bug bounty program. The response was rather… remarkable. It can be summed up as: “Yes, we know. But why should we care?”

  • Daniel Stenberg: DoH in curl

    DNS-over-HTTPS (DoH) is being designed (it is not an RFC quite yet but very soon!) to allow internet clients to get increased privacy and security for their name resolves. I've previously explained the DNS-over-HTTPS functionality within Firefox that ships in Firefox 62 and I did a presentation about DoH and its future in curl at curl up 2018.

    We are now introducing DoH support in curl. I hope this will not only allow users to start getting better privacy and security for their curl based internet transfers, but ideally this will also provide an additional debugging tool for DoH in other clients and servers.

    Let's take a look at how we plan to let applications enable this when using libcurl and how libcurl has to work with this internally to glue things together.

  • Firefox 63 Beta On Linux Finally Runs WebExtensions In Their Own Process

    With Firefox 62.0 having shipped, Mozilla promoted Firefox 63.0 to beta as part of their usual release cadence.

    With Firefox 63.0 there are several Windows 10 and macOS improvements including better multi-GPU handling on Macs, faster tab switching, and better Windows 10 integration. But for Linux users there is one notable platform-specific change and that is WebExtensions now running in their own process.

Mozilla: Firefox Release, Week in Rust, DNS, Tracking and Shape Path Editor

Filed under
  • Latest Firefox Releases Available Today

    The latest versions of Firefox for desktop, Android and iOS launched today. Since our last release update, we’ve been working on a couple improvements and laying the foundation for upcoming future releases. To get the details on what’s new with today’s release, check out the release notes.

    In the coming months, we’ll unveil and share new features that help people feel safe while on the web, and worry less about who’s collecting their personal data. You can read more about it in our blog post where we talked about our approach to Anti-tracking.

  • This Week in Rust 250

    This week's crate is cgroups, a native Rust library for managing control groups under Linux.

  • Conservative web development

    The text of the article is a total of 9037 bytes, including the title, author, and date. I downloaded the images relevant to the article, including the 1477x10821 title image. Before I ran them through an optimizer, they weighed 260 KB; after, 236 KB (using only lossless optimizations). 8% of the total download was dedicated to the content. 5 discrete external companies were informed of my visit to the page and given the opportunity to run artibrary JavaScript on it.

    If these are the symptoms, what is the cure? [...]

  • On Firefox moving DNS to a third party

    It has been argued that users are not sophisticated enough to reason about this subject and that the DNS move should happen by default, with an opt-out for those that care. Another idea that has been raised is a startup dialogue that proposes a more secure [I]nternet experience and a ‘Got it!’ button. This clearly does not go far enough in educating users about the change they will be authorizing.

  • Why we need better tracking protection

    Mozilla has recently announced a change in our approach to protecting users against tracking. This announcement came as a result of extensive research, both internally and externally, that shows that users are not in control of how their data is used online. In this post, I describe why we’ve chosen to pursue an approach that blocks tracking by default.

    People are uncomfortable with the data collection that happens on the web. The actions we take on the web are deeply personal, and yet we have few options to understand and control the data collection that happens on the web. In fact, research has repeatedly shown that the majority of people dislike the collection of personal data for targeted advertising. They report that they find the data collection invasive, creepy, and scary.

  • Make your web layouts bust out of the rectangle with the Firefox Shape Path Editor

    The web doesn’t have to be boxy. Historically, every element in a page is rendered as a rectangle of some kind, but it doesn’t have to be this way. With CSS Shapes you can create web layouts every bit as stylish as print magazines, but with all of the advantages of the web.

    CSS Shapes let your web designs break out of the rectangular grid. All of those classic magazine design elements like non-rectangular text flow and shaped images can be yours, for the low low price of using a new CSS standard. Text can flow, images can be rounded, even just a few non-parallel lines can make your site stand out and make your brand distinctive. Standing out is the biggest challenge most sites face today. Shapes can help!

Mozilla Firefox 62.0 is Out and Recommend Extensions ("Contextual Feature Recommender") Coming Soon

Filed under
  • Firefox 62.0 Now Available For Download With Some Wayland Fixes, CSS Variable Fonts

    While Mozilla isn't expected to officially announce Firefox 62.0 until tomorrow, as usual the binaries are available for wanting this web browser update right now.

    Firefox 62.0 delivers support for CSS Variable Fonts, easier clearing of site data/cookies, text-to-speech on Firefox for Android via the Speech Synthesis API, several bug fixes pertaining to Wayland support although the Wayland support doesn't appear complete yet, WebExtensions API additions, easier toggling of tracking protection items, and various other minor improvements.

  • Happy BMO Push Day!
  • Firefox to Recommend Extensions Related to Sites You Visit

    In future versions of Firefox, the browser will display recommended browser extensions that are related to the site that a user is visiting. These extension will provide extra functionality to the site such as enhancing search functions, protecting a user's privacy, or performing some other behavior.

    This new feature is called Contextual Feature Recommender, or CFR, and will recommend extensions that Mozilla feels would be beneficial to users of various sites. Currently this feature is only available in the Firefox Nightly builds, but is expected to be rolled out in Firefox 63.

  • Firefox Plans To Recommend Extensions as You Browse. Is That a Good Idea?

    An upcoming Firefox feature will highlight extensions as you browse the web, pointing out tools that might protect your privacy or otherwise enhance the site.

    The feature, called Contextual Feature Recommender, is currently only available in Nightly builds, but will roll out with Firefox 63 in October. The idea is that Firefox can point out potentially helpful extensions that are relevant to the site you’re currently browsing.

Mozilla: Variable Fonts Arrive in Firefox 62, Welcoming Alan Davidson, Mozilla's Firefox Anti-Tracking

Filed under
  • Variable Fonts Arrive in Firefox 62

    Firefox 62, which lands in general release this week, adds support for Variable Fonts, an exciting new technology that makes it possible to create beautiful typography with a single font file. Variable fonts are now supported in all major browsers.

    What are Variable Fonts?

    Font families can have dozens of variations: different weights, expanded or condensed widths, italics, etc. Traditionally, each variant required its own separate font file, which meant that Web designers had to balance typographic nuance with pragmatic concerns around page weight and network performance.

    Compared to traditional fonts, variable fonts contain additional data, which make it possible to generate different styles of the font on demand. For one example, consider Jost*, an open-source, Futura-inspired typeface from indestructible type*. Jost* comes in nine weights, each with regular and italic styles, for a total of eighteen files.

  • Welcome Alan Davidson, Mozilla’s new VP of Global Policy, Trust and Security

    I’m excited to announce that Alan Davidson is joining us today as our new Vice President of Global Policy, Trust and Security.

    At a time when people are questioning the impact of technology on their lives and looking for leadership from organizations like Mozilla, Alan will add considerable capacity to our public policy, trust and security efforts, drawing from his extensive professional history working to advance a free and open digital economy.

    Alan will work closely with me to help scale and reinforce our policy, trust and security capabilities and impact. He will be responsible for leading Mozilla’s public policy work promoting an open Internet and a healthy web around the world. He will also supervise a trust and security team focused on promoting innovative privacy and security features that put people in control of their online lives.

    “For over 15 years, Mozilla has been a driving force for a free and open Internet, building open source products with industry-leading privacy and security features. I am thrilled to be joining an organization so committed to putting the user first, and to making technology a force for good in people’s lives,” says Alan Davidson, Mozilla’s new Vice President of Global Policy, Trust and Security.

  • Mozilla Firefox Announces a Change in their Approach to Anti-Tracking

    In an announcement made through Mozilla blog, it was revealed that Mozilla developers will be changing their approach towards anti-tracking. This announcement came on August 30th, 2018 and stated that in the upcoming days, Firefox will be protecting its users from potential data breaches by default. Mozilla would achieve this by blocking all kinds of tracking and offering a clear set of controls. The blog stated that these controls aimed to give users ‘more choice over what information they share with sites.’

    Mozilla developers also mentioned the reason for why are they announcing this approach, “This is about more than protecting users — it’s about giving them a voice. Some sites will continue to want user data in exchange for content, but now they will have to ask for it, a positive change for people who up until now had no idea of the value exchange they were asked to make.”

Syndicate content

More in Tux Machines

today's howtos

Andrew Crouthamel: How I Got Involved in KDE

Since this blog is starting after the beginning of my contributions to KDE, the first few regular posts will be explaining my prior contributions, before moving into the present. Read more

Security: Debian LTS, Linux Potential Local Privilege Escalation Bug, Australia Wants to Mandate Back Doors, Equifax Breach the Fault of Equifax

Graphics: NVIDIA and Gallium3D

  • NVIDIA Vulkan Beta Adds New KHR_driver_properties & KHR_shader_atomic_int64
    Not to be confused with the new NVIDIA Linux/Windows drivers that should be out today for RTX 2070/2080 "Turing" support and also initial RTX ray-tracing support, there is also out a new Vulkan beta driver this morning. The NVIDIA 396.54.06 driver is this new Vulkan beta and as implied by the version number is still on the current stable branch and not in the Turing era. But this driver release is quite exciting as it does bring support for two new extensions... These extensions are very fresh and not yet in the official Vulkan specification: VK_KHR_driver_properties and VK_KHR_shader_atomic_int64.
  • GeForce RTX 2080 Ti Linux Benchmarks Coming Today, NVIDIA Driver Bringing Vulkan RTX
    NVIDIA's review/performance embargo has now lifted on the GeForce RTX 2080 series ahead of the cards shipping tomorrow. I should have out initial Linux benchmarks later today, assuming Linux driver availability. As wrote about yesterday, just yesterday I ended up receiving the GeForce RTX 2080 Ti for Linux benchmarking. But, unfortunately, no Linux driver yet... But I am told it will be posted publicly soon with the Windows driver. Assuming that happens within the hours ahead, I'll still have initial RTX 2080 Ti benchmarks on Ubuntu Linux out by today's end -- thanks to the Phoronix Test Suite and recently wrapping up other NVIDIA/AMD GPU comparison tests on the current drivers.
  • Intel's New Iris Gallium3D Driver Picks Up Experimental Icelake Bits, GL Features
    One of the talks we are most interested in at XDC2018 is on the Intel "Iris" Gallium3D driver we discovered last month was in development. We stumbled across the Iris Gallium3D driver that's been in development for months as a potential replacement to their "i965" classic Mesa driver. But they haven't really detailed their intentions in full, but we should learn more next week. This is particularly exciting the prospects of an official Intel Gallium3D driver as the company is also expected to introduce their discrete GPUs beginning in 2020 and this new driver could be part of that plan.