Language Selection

English French German Italian Portuguese Spanish

Moz/FF

Mozilla: Bitslicing, Mixed Reality, and Sharing

Filed under
Moz/FF
  • Bitslicing with Karnaugh maps

    Bitslicing, in cryptography, is the technique of converting arbitrary functions into logic circuits, thereby enabling fast, constant-time implementations of cryptographic algorithms immune to cache and timing-related side channel attacks.

    My last post Bitslicing, An Introduction showed how to convert an S-box function into truth tables, then into a tree of multiplexers, and finally how to find the lowest possible gate count through manual optimization.

  • This Week in Mixed Reality: Issue 16

    On Monday Andrzej Mazur launched the 2018 edition of the JS13KGames competition. As the name suggests, you have to create a game using only thirteen kilobytes of Javascript (zipped) or less. Check out some of last year's winners to see what is possible in 13k.

    This year Mozilla is sponsoring the new WebXR category, which lets you use A-Frame or Babylon.js without counting towards the 13k. See the full rules for details. Prizes this year includes the Oculus Go for the top three champions.

  • Share files easily with extensions

    When we want to share digital files, most people think of popular file hosting services like Box or Dropbox, or other common methods such as email and messaging apps. But did you know there are easier—and more privacy-focused—ways to do it with extensions? WeTransfer and Fire File Sender are two intriguing extension options.

    WeTransfer allows you to send files up to 2GB in size with a link that expires seven days from upload. It’s really simple to use—just click the toolbar icon and a small pop-up appears inviting you to upload files and copy links for sharing. WeTransfer uses the highest security standards and is compliant with EU privacy laws. Better still, recipients downloading files sent through WeTransfer won’t get bombarded with advertisements; rather, they’ll see beautiful wallpapers picked by the WeTransfer editorial team. If you’re interested in additional eye-pleasing backgrounds, check out WeTransfer Moment.

Mozilla: WebTorrent, Bitslicing, Firefox Security Add-on and Time Dilation

Filed under
Moz/FF
  • These Weeks in Firefox: Issue 42
  • Dweb: Building a Resilient Web with WebTorrent

    WebTorrent is the first torrent client that works in the browser. It’s written completely in JavaScript – the language of the web – and uses WebRTC for true peer-to-peer transport. No browser plugin, extension, or installation is required.

    Using open web standards, WebTorrent connects website users together to form a distributed, decentralized browser-to-browser network for efficient file transfer. The more people use a WebTorrent-powered website, the faster and more resilient it becomes.

  • Bitslicing, An Introduction

    Bitslicing (in software) is an implementation strategy enabling fast, constant-time implementations of cryptographic algorithms immune to cache and timing-related side channel attacks.

    This post intends to give a brief overview of the general technique, not requiring much of a cryptographic background. It will demonstrate bitslicing a small S-box, talk about multiplexers, LUTs, Boolean functions, and minimal forms.

  • Firefox Security Add-on on 222k Devices Found Sending Browsing Data to Remote German Server

    There is a popular browser add-on which is installed by 222,746 Firefox users according to Mozilla’s own statistics of add-on downloads. According to a German security blogger, Mike Kuketz, and the author of uBlock Origin, Raymond Hill, this particular add-on has been spying on users’ activity by tapping into their browser histories and keeping track of the web pages that they visit. This add-on is the Web Security extension for the Mozilla Firefox browser.

    Web Security is designed to protect users from online phishing and malware attacks that could potentially steal personal information. This comes across as ironic as the extension is found to be unethically keeping tabs (pun intended) on your own information, evading your privacy without your consent. The reason that this news is hitting the stands so massively is that the add-on was publicized by Mozilla itself in a blog post just last week. The add-on boasts fantastic reviews and that’s why it is used so widely by so many people too.

  • Time Dilation

    I riffed on this a bit over at twitter some time ago; this has been sitting in the drafts folder for too long, and it’s incomplete, but I might as well get it out the door. Feel free to suggest additions or corrections if you’re so inclined.

    You may have seen this list of latency numbers every programmer should know, and I trust we’ve all seen Grace Hopper’s classic description of a nanosecond at the top of this page, but I thought it might be a bit more accessible to talk about CPU-scale events in human-scale transactional terms. So: if a single CPU cycle on a modern computer was stretched out as long as one of our absurdly tedious human seconds, how long do other computing transactions take?

Mozilla: Rustfmt 1.0, Amy Keating Joins as General Counsel, Extension APIs and L10N Report

Filed under
Moz/FF
  • Rustfmt 1.0 release candidate

    The current version of Rustfmt, 0.99.2, is the first 1.0 release candidate. It is available on nightly and beta (technically 0.99.1 there) channels, and from the 13th September will be available with stable Rust.

    1.0 will be a huge milestone for Rustfmt. As part of it's stability guarantees, it's formatting will be frozen (at least until 2.0). That means any sub-optimal formatting still around will be around for a while. So please help test Rustfmt and report any bugs or sub-optimal formatting.

  • Welcome Amy Keating, our incoming General Counsel

    Amy joins Mozilla from Twitter, Inc. where she has been Vice President, Legal and Deputy General Counsel. When she joined Twitter in 2012, she was the first lawyer focused on litigation, building out the functions and supporting the company as both the platform and the employee base grew in the U.S. and internationally. Her role expanded over time to include oversight of Twitter’s product counseling, regulatory, privacy, employment legal, global litigation, and law enforcement legal response functions. Prior to Twitter, Amy was part of Google, Inc.’s legal team and began her legal career as an associate at Bingham McCutchen LLP.

  • Building Extension APIs with Friend of Add-ons Oriol Brufau

    Please meet Oriol Brufau, our newest Friend of Add-ons! Oriol is one of 23 volunteer community members who have landed code for the WebExtensions API in Firefox since the technology was first introduced in 2015. You may be familiar with his numerous contributions if you have set a specific badge text color for your browserAction, highlighted multiple tabs with the tabs.query API, or have seen your extension’s icon display correctly in about:addons.

    While our small engineering team doesn’t always have the resources to implement every approved request for new or enhanced WebExtensions APIs, the involvement of community members like Oriol adds considerable depth and breadth to technology that affects millions of users. However, the Firefox code base is large, complex, and full of dependencies. Contributing code to the browser can be difficult even for experienced developers.

    As part of celebrating Oriol’s achievements, we asked him to share his experience contributing to the WebExtensions API with the hope that it will be helpful for other developers interested in landing more APIs in Firefox.

  • L10N Report: August Edition

    After a quick pause in July, your primary source of localization information at Mozilla is back!

Mozilla: Licensing Edgecases, TLS, Chatra, Send and Rust

Filed under
Moz/FF
  • Licensing Edgecases

    While I’m not a lawyer – and I’m definitely not your lawyer – licensing questions are on my plate these days. As I’ve been digging into one, I’ve come across what looks like a strange edge case in GPL licensing compliance that I’ve been trying to understand. Unfortunately it looks like it’s one of those Affero-style, unforeseen edge cases that (as far as I can find…) nobody’s tested legally yet.

    I spent some time trying to understand how the definition of “linking” applies in projects where, say, different parts of the codebase use disparate, potentially conflicting open source licenses, but all the code is interpreted. I’m relatively new to this area, but generally speaking outside of copying and pasting, “linking” appears to be the critical threshold for whether or not the obligations imposed by the GPL kick in and I don’t understand what that means for, say, Javascript or Python.

  • TLS 1.3 Published: in Firefox Today

    On friday the IETF published TLS 1.3 as RFC 8446. It’s already shipping in Firefox and you can use it today. This version of TLS incorporates significant improvements in both security and speed.

    Transport Layer Security (TLS) is the protocol that powers every secure transaction on the Web. The version of TLS in widest use, TLS 1.2, is ten years old this month and hasn’t really changed that much from its roots in the Secure Sockets Layer (SSL) protocol, designed back in the mid-1990s. Despite the minor number version bump, this isn’t the minor revision it appears to be. TLS 1.3 is a major revision that represents more than 20 years of experience with communication security protocols, and four years of careful work from the standards, security, implementation, and research communities (see Nick Sullivan’s great post for the cool details).

  • Chatting with your website visitors through Chatra

    When I started the blog, I didn’t add a message board below each article because I don’t have the time to deal with spam. Due to broken windows theory, if I leave the spam unattended my blog will soon become a landfill for spammers. But nowadays many e-commerce site or brand sites have a live chatting box, which will solve my problem because I can simply ignore spam, while interested readers can ask questions and provide feedbacks easily. That’s why when my sponsor, Chatra.io, approached me with their great tool, I fell in love with it right away and must share it with everyone.

  • Send: Going Bigger

    Send encrypts your files in the browser. This is good for your privacy because it means only you and the people you share the key with can decrypt it. For me, as a software engineer, the challenge with doing it this way is the limited API set available in the browser to “go full circle”. There’s a few things that make it a difficult problem.

    The biggest limitation on Send today is the size of the file. This is because we load the entire thing into memory and encrypt it all at once. It’s a simple and effective way to handle small files but it makes large files prone to failure from running out of memory. What size of file is too big also varies by device. We’d like everyone to be able to send large files securely regardless of what device they use. So how can we do it?

    The first challenge is to not load and encrypt the file all at once. RFC 8188 specifies a standard for an encrypted content encoding over HTTP that is designed for streaming. This ensures we won’t run out of memory during encryption and decryption by breaking the file into smaller chunks. Implementing the RFC as a Stream give us a nice way to represent our encrypted content.

  • Never patterns, exhaustive matching, and uninhabited types (oh my!)

    One of the long-standing issues that we’ve been wrestling with in Rust is how to integrate the concept of an “uninhabited type” – that is, a type which has no values at all. Uninhabited types are useful to represent the “result” of some computation you know will never execute – for example, if you have to define an error type for some computation, but this particular computation can never fail, you might use an uninhabited type.

Mozilla: MDN Changelog, Servo and VR

Filed under
Moz/FF
  • MDN Changelog for July 2018: CDN tests, Goodbye Zones, and BCD

    We moved MDN Web Docs to a CDN in April 2018, and saw a 16% improvement in page load times. We shipped with 5 minute expiration times for MDN pages, so that the CDN will request a fresh copy after a short time. MDN is a wiki, and we can’t predict when a page will change. 300 seconds was a compromise between some caching for our most popular pages, and how long an author would need to wait for a changed page to be published to all visitors. 80% of visitors are getting an uncached page.

  • GSoC wrap-up - Splitting Servo's script crate

    The solution introduces a TypeHolder trait which contains associated types, and makes many structures in the script crate generic over this new trait. This allows the generic structs to refer to the new trait’s associated types, while the actual concrete types can be extracted into a separate crate. Testing shows significant improvement in memory consumption (25% lower) and build time (27% faster).

  • This Week in Mixed Reality: Issue 15

    This week is mainly about bug fixing and getting some new features to launch.

Mozilla Development and News

Filed under
Moz/FF
  • Firefox DevEdition 62 Beta 18 Testday, August 17th

    We are happy to let you know that Friday, August 17th, we are organizing Firefox 62 DevEdition Beta 18 Testday. We’ll be focusing our testing on Activity Stream, React Animation Inspector and Toolbars & Window Controls features. We will also have fixed bugs verification and unconfirmed bugs triage ongoing.

  • How to DoH-only with Firefox

    Firefox supports DNS-over-HTTPS (aka DoH) since version 62.

    You can instruct your Firefox to only use DoH and never fall-back and try the native resolver; the mode we call trr-only. Without any other ability to resolve host names, this is a little tricky so this guide is here to help you. (This situation might improve in the future.)

    In trr-only mode, nobody on your local network nor on your ISP can snoop on your name resolves. The SNI part of HTTPS connections are still clear text though, so eavesdroppers on path can still figure out which hosts you connect to.

    [...]

    network.trr.uri - set this to the URI of the DoH server you want to use. This should be a server you trust and want to hand over your name resolves to. The Cloudflare one we've previously used in DoH tests with Firefox is https://mozilla.cloudflare-dns.com/dns-query.

  • #5 State of Mozilla Support: 2018 Mid-year Update – Part 5

    We are happy to share with you the final post of the series, which started with two external research report analyses, moved on to sharing updates and plans for support forums, social support, and localization, and now is about to conclude with our strategic summary.

  • Rep of the Month – July 2018

    Please join us in congratulating Lívia Takács, our Rep of the Month for July 2018!

    Livia is a UI developer and visual designer from Hungary and has been part of the Reps program for a bit more than a year. In that time she organized a lot of events with different communities (like LibreOffice) and also workshops.

  • Updated Firefox 61.0.2 includes Bug Fixes and Automatic Recovery feature for Windows

    The latest update to Firefox 61.0.2 adds support for automatic restoring of Firefox session after Windows is restarted. Presently this feature is not available by default for majority of users but will possibly be enabled gradually in the coming few weeks.

  • Make your Firefox browser a privacy superpower with these extensions

    Privacy is important for everyone, but often in different ways. That’s part of why Firefox Extensions are so powerful. Starting with a browser like Firefox, that’s built for privacy out of the box, you can use extensions to customize your browser to suit your personal privacy needs.

  • The Video Wars of 2027

    This post imagines a dystopian future for web video, if we continue to rely on patented codecs to transmit media files. What if one company had a perpetual monopoly on those patents? How could it limit our access to media and culture? The premise of this cautionary tale is grounded in fact. However, the future scenario is fiction, and the entities and events portrayed are not intended to represent real people, companies, or events.

    [...]

    In 1998, the U.S. Congress passed the Sonny Bono Copyright Term Extension Act. This new law extended copyrights on corporate works to the author’s lifetime plus 95 years. The effort was driven by the Walt Disney Company, to protect its lucrative retail franchise around the animated character Mickey Mouse. Without this extension, Mickey would have entered the public domain, meaning anyone could create new cartoons and merchandise without fear of being sued by Disney. When the extension passed, it gave Disney another 20 years to profit from Mickey. The news sparked outrage from lawyers and academics at the time, but it was a dull and complex topic that most people didn’t understand or care about.

    In 2020, Disney again lobbied to extend the law, so its copyright would last for 10,000 years. Its monopoly on our culture was complete. No art, music, video, or story would pass into the public domain for millennia. All copyrighted ideas would remain the private property of corporations. The quiet strangulation of our collective creativity had begun.

Mozilla: San Francisco 2018 All Hands, Reps Council and More

Filed under
Moz/FF
  • State of Mozilla Support: 2018 Mid-year Update – Part 4

    The San Francisco 2018 All Hands flew by and so did the last two months. I cannot tell you how grateful I am to have been able to attend this event.

    If I were to look back on some of the highlights, they would be pretty nitty gritty detailed. But I will share with you a few of them.

  • Onboarding team for 2nd half of 2018

    As we have entered the second half of the year, the Reps Council has worked on updating the Onboarding Screening Team for 2018-2.

    The scope of this team is to help on evaluating the new applications to the Reps program by helping the Reps Council on this process.

  • Mozilla B-Team: happy bmo push day!
  • DWeb: Social Feeds with Secure Scuttlebutt

    Scuttlebutt is a free and open source social network with unique offline-first and peer-to-peer properties. As a JavaScript open source programmer, I discovered Scuttlebutt two years ago as a promising foundation for a new “social web” that provides an alternative to proprietary platforms. The social metaphor of mainstream platforms is now a more popular way of creating and consuming content than the Web is. Instead of attempting to adapt existing Web technologies for the mobile social era, Scuttlebutt allows us to start from scratch the construction of a new ecosystem.

Browsers That Spy

Filed under
Google
Moz/FF
Web
  • Firefox Advance Uses Your Browser History to Recommend Web Content

    If you’re short on things to read — seriously? — be sure to check out the latest experiment in the Firefox Test Pilot program.

    It’s called Advance and it aims to ‘advance’ you past the site you’re currently gawping at and on to the next. How? By giving you a list of articles and web pages based on your browsing history, of course.

    Don’t scream. Honestly. This feature is not part of the default browser (not yet, anyway). You have to explicitly choose to enable it.

    [...]

    Now, before anyone screams “I already use this! It’s called Google Chrome!” let me stress that this is an entirely optional, opt-in feature for Firefox. You have to go out of your way to install it. It is not part of the default install. If you don’t want it, you don’t have to use it.

    You remain in control when Advance is running. You can, at any point, see what browser history Laserlike has processed and — GDPR box check — request the deletion of that information.

    Advance by Firefox limits its remit to your search history, specifically web page addresses. It doesn’t monitor what you write/say/do when using a website, or the specific content that’s on it.

  • Dev Channel Update for Desktop

    The dev channel has been updated to 70.0.3514.0 for Windows & Linux, and 70.0.3514.2 for Mac.  

  • Chrome 70 Dev Release With Shape Detection API

    While Chrome 69 was released last week, today Google has shipped their latest "dev" release of Chrome 70 for interested testers.

    New Chrome 70 dev channel releases are available today for Linux, macOS, and Windows. Key features for Chrome 70 is the introduction of the Shape Detection API, disabling some touch event APIs by default on desktop hardware, CSS Grid Layout behavior updates, WebUSB support within dedicated worker contexts, several security enhancements, and various other minor updates.

Mozilla: More on Gervase Markham and Thunderbird 60

Filed under
Moz/FF
  • In Memoriam: Gervase Markham

    Gerv was Mozilla’s first intern. He arrived in the summer of 2001, when Mozilla staff was still AOL employees. It was a shock that AOL had allocated an intern to the then-tiny Mozilla team, and we knew instantly that our amazingly effective volunteer in the UK would be our choice.

    When Gerv arrived a few things about him jumped out immediately. The first was a swollen, shiny, bright pink scar on the side of his neck. He quickly volunteered that the scar was from a set of surgeries for his recently discovered cancer. At the time Gerv was 20 or so, and had less than a 50% chance of reaching 35. He was remarkably upbeat.

    The second thing that immediately became clear was Gerv’s faith, which was the bedrock of his response to his cancer. As a result the scar was a visual marker that led straight to a discussion of faith. This was the organizing principle of Gerv’s life, and nearly everything he did followed from his interpretation of how he should express his faith.

  • Thunderbird email client gets a new look, new features, and a new logo

    A new version of Thunderbird is now available to download.

    Thunderbird 60 is the first stable release of the ephemeral desktop email client since the launch of Thunderbird 52 way back in early 2017.

    A year in development — but has it been worth the wait?

  • Mozilla Thunderbird 60.0 Ships With New Photon Look, Important Changes

    After more than one year since the previous major stable release (52.0), Mozilla Thunderbird 60.0 was released with some important changes, including a new Firefox-like "Photon" look, new logo, and attachment management improvements, among others.

    The free and open source email, news, RSS and chat client Thunderbird version 60.0 includes a Firefox-like Photon look, in which the tabs are square (and other theme improvements), along with new light and dark themes. WebExtension themes are enabled in Thunderbird with version 60, and you'll also find multiple chat themes.

Firefox Offers Recommendations with Latest Test Pilot Experiment: Advance

Filed under
Moz/FF
  • Firefox Offers Recommendations with Latest Test Pilot Experiment: Advance

    The internet today is often like being on a guided tour bus in an unfamiliar city. You end up getting off at the same places that everyone else does. While it’s convenient and doesn’t require a lot of planning, sometimes you want to get a little off the beaten path.

    With the latest Firefox experiment, Advance, you can explore more of the web efficiently, with real-time recommendations based on your current page and your most recent web history.

    With Advance we’re taking you back to our Firefox roots and the experience that started everyone surfing the web. That time when the World Wide Web was uncharted territory and we could freely discover new topics and ideas online. The Internet was a different place.

  • Firefox Test Pilot: Advancing the Web

    The web runs on algorithms. Your search results, product recommendations, and the news you read are all customized to your interests. They are designed to increase the time you spend in front of a screen, build addiction to sites and services, and ultimately maximize the number of times you click on advertisements.

    Without discounting the utility that this personalization can provide, it’s important to consider the cost: detailed portfolios of data about you are sitting on a server somewhere, waiting to be used to determine the optimum order of your social media feeds. Even if you trust that the parties collecting that data will use it responsibly, it has to live somewhere and has to be transmitted there, which makes it a juicy target for bad actors who may not act so responsibly.

Syndicate content

More in Tux Machines

A Look At The Windows vs. Linux Scaling Performance Up To 64 Threads With The AMD 2990WX

This past week we looked at the Windows 10 vs. Linux performance for AMD's just-launched Ryzen Threadripper 2990WX and given the interest from that then ran some Windows Server benchmarks to see if the performance of this 64-thread CPU would be more competitive to Linux. From those Windows vs. Linux tests there has been much speculation that the performance disparity is due to Windows scheduler being less optimized for high core/thread count processors and its NUMA awareness being less vetted than the Linux kernel. For getting a better idea, here are benchmarks of Windows Server 2019 preview versus Ubuntu Linux when testing varying thread/core counts for the AMD Threadripper 2990WX. Toggled via the BIOS was SMT as well as various CCX configurations and each step of the way comparing the Windows Server 2019 Build 17733 performance to that of Ubuntu 18.04 LTS with the Linux 4.18 kernel in various multi-threaded benchmarks supported under both operating systems. Read more

Kernel: RISC-V and Virtual Machine

  • RISC-V's Linux Kernel Support Is Getting Into Good Shape, Userspace Starting To Work
    The RISC-V open-source processor ISA support within the mainline kernel is getting into good shape, just a few releases after this new architecture port was originally added to the Linux Git tree. The RISC-V code for Linux 4.19 includes the ISA-mandated timers and first-level interrupt controllers, which are needed to actually get user-space up and running. Besides the RISC-V first-level interrupt controller, Linux 4.19 also adds support for SiFive's platform-level interrupt controller that interfaces with the actual devices.
  • A Hearty Batch Of KVM Updates Land In Linux 4.19
    There is a lot of new feature work for the Kernel-based Virtual Machine (KVM) within the Linux 4.19 kernel.

Kate/KTextEditor Picks Up Many Improvements To Enhance KDE Text Editing

Even with KDE's annual Akademy conference happening this past week in Vienna, KDE development has been going strong especially on the usability front. The Kate text editor and the KTextEditor component within KDE Frameworks 5 have been the largest benefactors of recent improvements. This KDE text editing code now has support for disabling syntax highlighting entirely if preferred. When using syntax highlighting, there have been many KTextEditor enhancements to improve the experience as well as improvements to the highlighting for a variety of languages from JavaScript to YAML to AppArmor files. Read more

KStars v2.9.8 released

KStars 2.9.8 is released for Windows, MacOS, and Linux. It is a hotfix release that contains bug fixes and stability improvements over the last release. Read more Also: KDE Itinerary - How did we get here?