Language Selection

English French German Italian Portuguese Spanish

Moz/FF

Mozilla: Bazel, TLS and Decentralisation

Filed under
Moz/FF
  • evaluating bazel for building firefox, part 2

    In our last post, we highlighted some of the advantages that Bazel would bring. The remote execution and caching benefits Bazel bring look really attractive, but it’s difficult to tell exactly how much they would benefit Firefox. I looked for projects that had switched to Bazel, and a brief summary of each project’s experience is written below.

    The Bazel rules for nodejs highlight Dataform’s switch to Bazel, which took about 2 months. Their build involves some combination of “NPM packages, Webpack builds, Node services, and Java pipelines”. Switching plus enabling remote caching reduced the average time for a build in CI from 30 minutes to 5 minutes; incremental builds for local development have been “reduced to seconds from minutes”. It’s not clear whether the local development experience is also hooked up to the caching infrastructure as well.

  • Validating Delegated Credentials for TLS in Firefox

    At Mozilla we are well aware of how fragile the Web Public Key Infrastructure (PKI) can be. From fraudulent Certification Authorities (CAs) to implementation errors that leak private keys, users, often unknowingly, are put in a position where their ability to establish trust on the Web is compromised. Therefore, in keeping with our mission to create a Web where individuals are empowered, independent and safe, we welcome ideas that are aimed at making the Web PKI more robust. With initiatives like our Common CA Database (CCADB), CRLite prototyping, and our involvement in the CA/Browser Forum, we’re committed to this objective, and this is why we embraced the opportunity to partner with Cloudflare to test Delegated Credentials for TLS in Firefox, which is currently undergoing standardization at the IETF.

    As CAs are responsible for the creation of digital certificates, they dictate the lifetime of an issued certificate, as well as its usage parameters. Traditionally, end-entity certificates are long-lived, exhibiting lifetimes of more than one year. For server operators making use of Content Delivery Networks (CDNs) such as Cloudflare, this can be problematic because of the potential trust placed in CDNs regarding sensitive private key material. Of course, Cloudflare has architectural solutions for such key material but these add unwanted latency to connections and present with operational difficulties. To limit exposure, a short-lived certificate would be preferable for this setting. However, constant communication with an external CA to obtain short-lived certificates could result in poor performance or even worse, lack of access to a service entirely.

    The Delegated Credentials mechanism decentralizes the problem by allowing a TLS server to issue short-lived authentication credentials (with a validity period of no longer than 7 days) that are cryptographically bound to a CA-issued certificate. These short-lived credentials then serve as the authentication keys in a regular TLS 1.3 connection between a Firefox client and a CDN edge server situated in a low-trust zone (where the risk of compromise might be higher than usual and perhaps go undetected). This way, performance isn’t hindered and the compromise window is limited. For further technical details see this excellent blog post by Cloudflare on the subject.

  • Tantek Çelik: #Redecentralize 2019 Session: Decentralized Identity & Rethinking Reputation

    On Friday 2019-10-25 I participated in Redecentralize Conference 2019, a one-day unconference in London, England on the topics of decentralisation, privacy, autonomy, and digital infrastructure.

    I gave a 3 minute lightning talk, helped run an IndieWeb standards & methods session in the first open slot of the day, and participated in two more sessions. The second open session had no Etherpad notes, so this post is from my one week ago memory recall.

    [...]

    We did not get into any deep discussions of any specific decentralized identity systems, and that was perhaps ok. Mostly there discussion about the downsides of centrally controlled identity, and how each of us wanted more control over various aspects of our online identities.

    For anyone who asked, I posited that a good way to start with decentralized identity was to buy and use a personal domain name for your primary online presence, setting it up to sign-into sites, and build a reputation using that. Since you can pick the domain name, you can pick whatever facet(s) of your identity you wish to represent. It may not be perfectly distributed, however it does work today, and is a good way to explore a lot of the questions and challenges of decentralized identity.

Mozilla and Chromium Leftovers

Filed under
Google
Moz/FF
Web
  • The Lounge on Dokku

    Mozilla has hosted an enterprise instance of IRCCloud for several years now, and it’s been a great client to use with our IRC network. IRCCloud has deprecated their enterprise product and so Mozilla recently decommissioned our instance. I then saw several colleagues praising The Lounge as a good self-hosted alternative. I became even more interested when I saw that the project maintains a docker image distribution of their releases. I now have an instance running and I’m using irc.mozilla.org via this client and I agree with my colleagues: it’s a decent replacement.

  • Mozilla Addons Blog: Firefox to discontinue sideloaded extensions

    Sideloading is a method of installing an extension in Firefox by adding an extension file to a special location using an executable application installer. This installs the extension in all Firefox instances on a computer.

    Sideloaded extensions frequently cause issues for users since they did not explicitly choose to install them and are unable to remove them from the Add-ons Manager. This mechanism has also been employed in the past to install malware into Firefox. To give users more control over their extensions, support for sideloaded extensions will be discontinued.

    During the release cycle for Firefox version 73, which goes into pre-release channels on December 3, 2019 and into release on February 11, 2020, Firefox will continue to read sideloaded files, but they will be copied over to the user’s individual profile and installed as regular add-ons. Sideloading will stop being supported in Firefox version 74, which will be released on March 10, 2020. The transitional stage in Firefox 73 will ensure that no installed add-ons will be lost, and end users will gain the ability to remove them if they chose to.

  • Facebook Is Still Failing at Ad Transparency (No Matter What They Claim)

    Yesterday, Jack Dorsey made a bold statement: Twitter will cease all political advertising on the platform. “Internet political ads present entirely new challenges to civic discourse: machine learning-based optimization of messaging and micro-targeting, unchecked misleading information, and deep fakes. All at increasing velocity, sophistication, and overwhelming scale,” he tweeted.

    Later that day, Sheryl Sandberg responded: Facebook doesn’t have to cease political advertising… because the platform is “focused and leading on transparency.” Sandberg cited Facebook’s ad archive efforts, which ostensibly allow researchers to study the provenance and impact of political ads.

  • Chrome 79 Beta Adds The WebXR Device API For VR On The Web

    Following last week's release of Chrome 78, Google today promoted Chrome 79 to their beta channel.

    The Chrome 79 Beta most notably comes with WebXR Device API support for supporting VR head-mounted displays from the browser. The WebXR Device API will be the cross-browser standard for VR content on the web.

Firefox tips for Fedora 31

Filed under
Red Hat
Moz/FF

Fedora 31 Workstation comes with a Firefox backend moved from X11 to Wayland by default. That’s just another step in the outgoing effort of moving to Wayland. This affects Gnome on Wayland only. There is a firefox-wayland package available to activate the Wayland backend on other desktop environments (KDE, Sway)

Wayland architecture is completely different than X11. The team merged various aspects of Firefox internals to the new protocol where possible. However, some X11 features are missing completely. For such cases you can install and run firefox-x11 package as a fallback.

Read more

Software: Cockpit, HPLIP, and Mozilla Firefox on Fixed Aspect Ratio/Telemetry

Filed under
Software
Moz/FF
  • Cockpit 206 and Cockpit-podman 10

    Cockpit 206 and Cockpit-podman 10 are available now....

  • HPLIP 3.19.10 Released with 64-bit Ubuntu 19.10 Support

    HPLIP 3.19.10, HP developed printer and scanner drivers for Linux, was released today with new devices and 64-bit Ubuntu 19.10 support.

  • Creating HTML content with a fixed aspect ratio without the padding trick

    It seems to be a common problem, you want to display some content on the web with a certain aspect ratio but you don't know the size you will be displaying at. How do you do this? CSS doesn't really have the tools to do the job well currently (there are proposals). In my case I want to display a video and associated controls as large as possible inside a space that I don't know the size of. The size of the video also varies depending on the one being displayed.

  • William Lachance: Using BigQuery JavaScript UDFs to analyze Firefox telemetry for fun & profit

    For the last year, we've been gradually migrating our backend Telemetry systems from AWS to GCP. I've been helping out here and there with this effort, most recently porting a job we used to detect slow tab spinners in Firefox nightly, which produced a small dataset that feeds a small adhoc dashboard which Mike Conley maintains. This was a relatively small task as things go, but it highlighted some features and improvements which I think might be broadly interesting, so I decided to write up a small blog post about it.

    Essentially all this dashboard tells you is what percentage of the Firefox nightly population saw a tab spinner over the past 6 months. And of those that did see a tab spinner, what was the severity? Essentially we're just trying to make sure that there are no major regressions of user experience (and also that efforts to improve things bore fruit):

Firefox 71 Enters Development with New Kiosk Mode, Picture-in-Picture on Windows

Filed under
Moz/FF

While Firefox 71 doesn't look like a big update, it brings a couple of interesting new features, such as a new kiosk mode that allow you to open the web browser directly in full-screen mode without any other distractions. This is mostly useful for companies who want to use on their kiosks, and can be enabled via the --kiosk command-line parameter.

Another interesting feature that will land as part of the upcoming Firefox 71 web browser is Picture-in-Picture (PiP) mode on Windows systems, which lets users pop a video out of its webpage into a floating window that can be resized and placed on top of all windows and in any part of your desktop.

Read more

Latest From Mozilla

Filed under
Moz/FF
  • Password dos and don’ts

    So many accounts, so many passwords. That’s online life. The average person with a typical online presence is estimated to have close to 100 online accounts, and that figure is rising. If you’re reading this, you’re probably in that category. You have a collection of primary accounts that you care the most about because they’re important and you access them frequently, like your email, social media, bank, media subscriptions, streaming services, etc.

    Then you most likely also have a handful of lower priority accounts you set up without much thought, and some that you forgot about. Since those accounts are low priority, maybe you weren’t careful about password hygiene, and you slipped into bad habits like password reuse which can put your other accounts at a security risk should there be a data breach.

  • Mozilla Open Policy & Advocacy Blog: A Year in Review: Fighting Online Disinformation

    A year ago, Mozilla signed the first ever Code of Practice on Disinformation, brokered in Europe as part of our commitment to an internet that elevates critical thinking, reasoned argument, shared knowledge, and verifiable facts. The Code set a wide range of commitments for all the signatories, from transparency in political advertising to the closure of fake accounts, to address the spread of disinformation online. And we were hopeful that the Code would help to drive change in the platform and advertising sectors.

    Since then, we’ve taken proactive steps to help tackle this issue, and today our self assessment of this work was published by the European Commission. Our assessment covers the work we’ve been doing at Mozilla to build tools within the Firefox browser to fight misinformation, empower users with educational resources, support research on disinformation and lead advocacy efforts to push the ecosystem to live up to their own commitments within the Code of Practice.

  • A Year with Spoke: Announcing the Architecture Kit

    Spoke, our 3D editor for creating environments for Hubs, is celebrating its first birthday with a major update. Last October, we released the first version of Spoke, a compositing tool for mixing 2D and 3D content to create immersive spaces. Over the past year, we’ve made a lot of improvements and added new features to make building scenes for VR easier than ever. Today, we’re excited to share the latest feature that adds to the power of Spoke: the Architecture Kit!

    We first talked about the components of the Architecture Kit back in March. With the Architecture Kit, creators now have an additional way to build custom content for their 3D scenes without using an external tool. Specifically, we wanted to make it easier to take existing components that have already been optimized for VR and make it easy to configure those pieces to create original models and scenes. The Architecture Kit contains over 400 different pieces that are designed to be used together to create buildings - the kit includes wall, floor, ceiling, and roof pieces, as well as windows, trim, stairs, and doors.

  • Auditing For Accessibility Problems With Firefox Developer Tools

    Since its debut in Firefox 61, the Accessibility Inspector in the Firefox Developer Tools has evolved from a low-level tool showing the accessibility structure of a page. In Firefox 70, the Inspector has become an auditing facility to help identify and fix many common mistakes and practices that reduce site accessibility. In this post, I will offer an overview of what is available in this latest release.

Mozilla: Newtab and Search, Firefox Nightly and Bazel

Filed under
Moz/FF
  • Mozilla Addons Blog: Add-on Policies Update: Newtab and Search

    As part of our ongoing work to make add-ons safer for Firefox users, we are updating our Add-on Policies to add clarification and guidance for developers regarding data collection. The following is a summary of the changes, which will go into effect on December 2, 2019.

  • Firefox Nightly: These Weeks in Firefox: Issue 67
  • evaluating bazel for building firefox, part 1

    The motivation behind switching build systems was twofold. The first motivation was that build times are one of the most visible developer-facing aspects of the build system and everybody appreciates faster builds. What’s less obvious, but equally important, is that making builds faster improves automation: less time waiting for try builds, more flexibility to adjust infrastructure spending, and less turnaround time with automated reviews on patches submitted for review. The second motivation was that our build system is used by exactly one project (ok, two projects), so there’s a lot of onboarding cost both in terms of developers who use the build system and in terms of developers who need to develop the build system. If we could switch to something more off-the-shelf, we could improve the onboarding experience and benefit from work that other parties do with our chosen build system.

    You may have several candidates that we should have evaluated instead. We did look at other candidates (although perhaps none so deeply as Bazel), and all of them have various issues that make them unsuitable for a switch. The reasons for rejecting other possibilities fall into two broad categories: not enough platform support (read: Windows support) and unlikely to deliver on making builds faster and/or improving the onboarding/development experience. I’ll cover the projects we looked at in a separate post.

Firefox 71 Doesn't Do Much For Performance

Filed under
Moz/FF

Following last week's release of Firefox 70 and Chrome 78 I posted some fresh Linux web browser benchmarks where the Mozilla browser continued to get beat severely by Google on Linux. But is the situation any better with Firefox 71 in beta? Not really.

The Firefox 71 beta released last week brings a new kiosk mode, a picture-in-picture mode for video playback on Windows, a redesigned about:config, a new certificate viewer, and other changes. But, unfortunately, nothing major in terms of performance.

Read more

Also: Firefox UX: Prototyping Firefox With CSS Grid

Avast Online Security and Avast Secure Browser are spying on you

Filed under
Moz/FF
Security

Are you one of the allegedly 400 million users of Avast antivirus products? Then I have bad news for you: you are likely being spied upon. The culprit is the Avast Online Security extension that these products urge you to install in your browser for maximum protection.

But even if you didn’t install Avast Online Security yourself, it doesn’t mean that you aren’t affected. This isn’t obvious but Avast Secure Browser has Avast Online Security installed by default. It is hidden from the extension listing and cannot be uninstalled by regular means, its functionality apparently considered an integral part of the browser. Avast products promote this browser heavily, and it will also be used automatically in “Banking Mode.” Given that Avast bought AVG a few years ago, there is also a mostly identical AVG Secure Browser with the built-in AVG Online Security extension.

Read more

Audiocasts/Shows: Mozilla's IRL, OggCamp 2019 and GNU World Order

Filed under
GNU
Linux
Moz/FF
Syndicate content