Language Selection

English French German Italian Portuguese Spanish

Moz/FF

Mozilla News

Filed under
Moz/FF
  • Survey Says, Firefox Loves Oddballs

    For the second year in a row, we did a bit of informal censusing last month to get to know our users in the best way possible: anonymously and collectively. Maybe you saw and took the survey, which we shared through email, our about:home page, and social media. There were some important questions and some not quite as important questions on it, but what was important was that it was totally voluntary and—like everything we do—about openness and transparency. Well, and having at least some fun on the internet.

  • ES modules: A cartoon deep-dive

    ES modules bring an official, standardized module system to JavaScript. It took a while to get here, though — nearly 10 years of standardization work.

  • Briefly Noted: An overview of the past, present and future of Firefox Notes

    Hi, I’m Ryan Feeley, Staff Designer for Firefox Accounts, Sync and Privacy. Last year we launched the Notes experiment to see if a basic notepad in our newly extensible sidebar could, with regular user feedback and iterative development, grow to become an indispensable Firefox feature. It’s exciting that months later I’m writing my draft of this blog post in Notes, while I copy/paste source material from various tabs to my right.

  • Andy McKay: Leaving Mozilla

    Today is my last day at Mozilla as a paid employee. Seven and a half years at Mozilla has been a heck of ride. I feel lucky and honoured to have had such an awesome opportunity.

    In terms projects I've gone from AMO, through the Firefox OS Marketplace, through Marketplace Payments, then back to AMO and WebExtensions. Those last couple of years, as we rebooted the add-ons ecosystem, was probably my proudest moment professionally.

  • We’re Hiring a Build Engineer

    We at the Thunderbird project are hiring a Build and Release Engineer. Interested in getting paid to work on Thunderbird? You’ll find information about the role ,as well as how to apply, below!

  • New Firefox Extension Builds a Wall Around Facebook

    Mozilla on Tuesday announced Facebook Container, a Firefox browser extension that is designed to segregate users' activity on Facebook from their other Web activity, limiting Facebook's ability to track them and gather personal data.

    Mozilla recently has engaged in an aggressive strategy to counter Facebook data management policies that many see as intrusive.

    The extension is the culmination of more than two years of research into developing a more private browsing experience, Mozilla said. However, the organization accelerated its development after the Cambridge Analytica data scandal came to light.

  • Limit personal data exposure with Firefox containers

    There was some noise recently about the massive amount of data gathered by Cambridge Analytica from Facebook users. While I don't use Facebook myself, I do use Google and other services which are known to gather a massive amount of data, and I obviously know a lot of people using those services. I also saw some posts or tweet threads about the data collection those services do.

    Mozilla recently released a Firefox extension to help users confine Facebook data collection. This addon is actually based on the containers technology Mozilla develops since few years. It started as an experimental feature in Nightly, then as a test pilot experiment, and finally evolved into a fully featured extension called Multi-Account containers. A somehow restricted version of this is even included directly in Firefox but you don't have the configuration window without the extension and you need to configure it manually with about:config.

Mozilla and Facebook

Filed under
Moz/FF
  • The Firefox Accounts authentication zoo

    After my article on the browser sync mechanisms I spent some time figuring out how Firefox Accounts work. The setup turned out remarkably complex, with many different server types communicating with each other even for the most basic tasks. While this kind of overspecialization probably should be expected given the scale at which this service operates, the number of different authentication methods is surprising and the official documentation only tells a part of the story while already being fairly complex. I’ll try to show the entire picture here, in case somebody else needs to piece it all together.

    [...]

    Clearly, some parts of this setup made sense at some point but no longer do. This especially applies to the use of BrowserID: the complicated generation and verification process makes no sense if only one issuer is allowed. The protocol is built on top of JSON Web Tokens (JWT), yet using JWT without any modifications would make a lot more sense here.

    Also, why is Mozilla using their own token library that looks like a proprietary version of JWT? It seems that this library was introduced before JWT came along, today it is simply historical ballast.

  • Being Open and Connected on Your Own Terms with our New Facebook Container Add-On

    There’s an important conversation going on right now about the power that companies like Facebook wield over our lives. These businesses are built on technology platforms that are so complex, it’s unreasonable to expect users to fully understand the implications of interacting with them. As a user of the internet, you deserve a voice and should be able to use the internet on your own terms. In light of recent news on how the aggregation of user data can be used in surprising ways, we’ve created an add-on for Firefox called Facebook Container, based on technology we’ve been working on for the last couple of years and accelerated in response to what we see in terms of growing demand for tools that help manage privacy and security.

  • Mozilla Launches “Facebook Container” To Stop Your Data Tracking On The Web

    Mozilla has designed the addon to make it harder for the blue network to track people everywhere they can. The company says that it’s based on technologies they have been working for years to help manage privacy and security.

  • Facebook Container Extension: Take control of how you’re being tracked

    Our Multi-Account Containers extension has been a game changer for many users, letting them manage various parts of their online life without intermingling their accounts. To help Firefox users have more control of their data on Facebook, we’ve created the Facebook Container Extension.

  • Meet the open sorcerers who have vowed to make Facebook history

    Once upon a time the internet ran on open protocols, and anyone could host servers that ran these protocols. Your first dial-up internet connection probably came with a bundle of tools for groups and chat. If you weren't happy with the service from your ISP you'd point the client at another. The internet was open and federated, with tons of innovation at the client end.

    But the protocol developers went to sleep for 20 years. We haven't seen much infrastructure development since the crypto protocols in the mid-1990s. Naturally, people wanted to do what they've always done, groups and chat, and so along came Mark Zuckerberg to turn the open, federated web into a private plantation. And here we all are, complaining that Mark Zuckerberg has too much power and no competition.

  • Experiments with "Good First Experience"

    If we think of an OSS project like a team of climbers ascending a mountain, a GFE is a camp part-way up the route that backpackers can visit in order to get a feel for the real thing. A GFE is also like a good detective novel: you know the mystery is going to get solved by the end, but nevertheless, it's thrilling to experience the journey, and see how it happens. Could I solve this before the book does?

  • Improving the Add-ons Linter

Mozilla: Firefox 59.0.2 and Graduation Reports

Filed under
Moz/FF
  • Mozilla Releases Firefox 59.0.2 to Fix High CPU/Memory Bug, Audio Issue on BSD

    Mozilla released on Monday the second point release of its latest Firefox 59 "Quantum" web browser for all supported platforms, fixing quite a bunch of issues and adding various improvements.

    The Firefox 59.0.2 maintenance release is here to address a high CPU and memory bug caused by third-party apps on various computers, though Mozilla didn't mention if it affects all supported platforms. It also improves page rendering when hardware acceleration is enabled.

  • Snooze Tabs Graduation Report

    Snooze Tabs launched as an experiment in Test Pilot in February 2017 with the goal of making it easier for people to continue tasks in Firefox at a time of their choosing. From previous research conducted by the Firefox User Research team on task continuity and workflows, we started to develop an understanding of the ways people’s workflows can span multiple contexts and the types of behaviors and tools that people use to support context switching and task continuity. We knew, for example, that leaving browser tabs open is one way that people actively hold tasks to which they intend to return later.

  • Voice Fill Graduation Report

    Last year, Mozilla launched several parallel efforts to build capability around voice technologies. While work such as the Common Voice and DeepSpeech projects took aim at creating a foundation for future open source voice recognition projects, the Voice Fill experiment in Test Pilot took a more direct approach by building voice-based search into Firefox to learn if such a feature would be valuable to Firefox users. We also wanted to push voice research at Mozilla by contributing general tooling and training data to add value to future voice projects.

  • Min Vid Graduation Report

    We launched the Min Vid experiment in Test Pilot in the Fall of 2016. Min Vid created a pop-out video player that let participants play videos in a small, standalone window that would sit on top of any other content on the screen.

    Min Vid has been a success in Test Pilot, both in terms of usage, and in terms of what we learned in the process of building it. From the start, the feature proved extremely popular with our audience. It’s consistently been our most installed experiment since Page Shot left Test Pilot to become Firefox Screenshots.

Mozilla: Project Meeting, Controlling the Web, This Week In Servo and More

Filed under
Moz/FF
  • Mozilla Weekly Project Meeting
  • Mozilla Open Policy & Advocacy Blog: Report of High Level Expert Group on “Fake News”: A good first step, more work is needed

    In mid March, the European Commission published the final report of the High Level Expert Group (HLEG) on Fake News, “A Multi-Dimensional Approach to Disinformation”. The group was established in early January of this year, and comprised a range of experts and stakeholders from the technology industry, broadcasters, the fact checking community, academics, consumer groups, and journalists. The group was expertly chaired by Dr Madeleine De Cock Buning of Utrecht University, specialised in Intellectual Property, Copyright and Media and Communication Law.

    I represented Mozilla in the HLEG, in close cooperation with Katharina Borchert, our Chief Innovation Officer, who spearheads the Mozilla Information and Trust Initiative. Mozilla’s engagement in this High Level Expert Group complements our efforts to develop products, research, and communities to battle information pollution and so-called “fake news” online.

    The HLEG was assigned an ambitious task of advising the Commission on “scoping the phenomenon of fake news, defining the roles and responsibilities of relevant stakeholders, grasping the international dimension, taking stock of the positions at stake, and formulating recommendations.” The added challenge was that this was to be done in under two months with only four in-person meetings.

  • This Week In Servo 109

    We also got Servo running under the hood of Firefox Focus on Android as a proof of concept.

  • Merge Pull Requests without Merge Commits

    By default, GitHub’s pull request (or GitLab’s merge request) will merge with a merge commit. That means your feature branch will be merged into the master by creating a new commit, and both the feature and master branch will be kept.

    Let’s illustrate with an example:

    Let’s assume we branch out a feature branch called “new-feature” from the master branch, and pushed a commit called “Finished my new feature”. At the same time someone pushed another commit called “Other’s feature” onto the master branch.

More ad-versarial tech: Mozilla to pop limited ad blocker into Firefox

Filed under
Moz/FF

Mozilla intends to add basic ad filtering capabilities to its Firefox browser later this year, according to its recently updated roadmap.

The move follows from what Asa Dotzler, Firefox roadmap and community leader at Mozilla, describes as changes that are making the web experience worse.

"Trackers, intrusive ads and other dark patterns threaten to drive people away from the open web and that's not good for people browsing or publishing," he says in Firefox roadmap update made on Thursday.

"Over the next year or so, Firefox will take a stand against tracking, intrusive ads, and other dark patterns on the web by blocking the worst content and more clearly communicating the privacy and other protections the browser offers."

Read more

Mozilla: Facebook-Mozilla Rift, MDN, No More Notifications (If You Want)

Filed under
Moz/FF
  • Mozilla stops Facebook advertising, demands privacy changes

    It’s probably not top of Mark Zuckerberg’s worry list this week but Mozilla Corporation, developer of the Firefox browser, is officially unhappy with Facebook.

  • Results of the MDN “Competitive Content Analysis” SEO experiment

    The next SEO experiment I’d like to discuss results for is the MDN “Competitive Content Analysis” experiment. In this experiment, performed through December into early January, involved selecting two of the top search terms that resulted in MDN being included in search results—one of them where MDN is highly-placed but not at #1, and one where MDN is listed far down in the search results despite having good content available.

    The result is a comparison of the quality of our content and our SEO against other sites that document these technology areas. With that information in hand, we can look at the competition’s content and make decisions as to what changes to make to MDN to help bring us up in the search rankings.

  • No More Notifications (If You Want)

    Online, your attention is priceless. That’s why every site in the universe wants permission to send you notifications about new stuff. It can be distracting at best and annoying at worst. The latest version of Firefox for desktop lets you block those requests and many others.

Mozilla News and Progress

Filed under
Moz/FF
  • Zero coverage report

    Using these reports, we have managed to remove a good amount of code from mozilla-central, so far around 60 files with thousands of lines of code. We are confident that there’s even more code that we could remove or conditionally compile only if needed.

    As any modern software, Firefox relies a lot on third party libraries. Currently, most (all?) the content of these libraries is built by default. For example,~400 files are untested in the gfx/skia/ directory).

  • Shipping a security update of Firefox in less than a day

    One of Mozilla’s top priorities is to keep our users safe; this commitment is written into our mission. As soon as we discover a critical issue in Firefox, we plan a rapid mitigation. This post will describe how we fixed a Pwn2Own exploit discovery in less than 22 hours, through the collaborative and well-coordinated efforts of a global cross-functional team of release and QA engineers, security experts, and other stakeholders.

    Pwn2Own is an annual computer hacking contest. The goal of this event is to find security vulnerabilities in major software such as browsers. Last week, this event took place in Vancouver. Without getting into technical details of the exploit here, this blog post will describe how Mozilla responded quickly to ship updated builds of Firefox once an exploit was found during Pwn2Own.

  • Firefox Performance Update #4
  • The Essential Elements of Digital Literacies (Startklar?! March 2018)

    I presented today in Berlin at the Goethe Institute’s Startklar?! event. I went after a keynote (in German) by Cathleen Berger, Mozilla’s Global Engagement Lead. My time at Mozilla didn’t overlap with hers, but the subjects covered in our presentations certainly did!

    It was good to see Cathleen reference the Web Literacy Map, work that I led from 2012 to 2015 at Mozilla. She also referenced the recent Cambridge Analytica revelations and the DQ Institute.

  • Mozilla Accepting Applications for Internet Fellowships, Node.js Now Available as a Snap, Krita 4.0.0 Released and More

    Mozilla is accepting applications for its 2018–2019 Internet Fellowships: "Mozilla Fellows are technologists, activists, and policy experts building a more humane digital world." Apply here. Applications are due April 20, 2018 at 5pm EDT.

Browsers: Mozilla and Chrome

Filed under
Google
Moz/FF
  • Mozilla Presses Pause on Facebook Advertising

    Mozilla is pressing pause on our Facebook advertising. Facebook knows a great deal about their two billion users — perhaps more intimate information than any other company does. They know everything we click and like on their site, and know who our closest friends and relationships are. Because of its scale, Facebook has become one of the most convenient platforms to reach an audience for all companies and developers, whether a multibillion corporation or a not-for-profit.

  • Results of the MDN “Duplicate Pages” SEO experiment

    Following in the footsteps of MDN’s “Thin Pages” SEO experiment done in the autumn of 2017, we completed a study to test the effectiveness and process behind making changes to correct cases in which pages are perceived as “duplicates” by search engines. In SEO parlance, “duplicate” is a fuzzy thing. It doesn’t mean the pages are identical—this is actually pretty rare on MDN in particular—but that the pages are similar enough that they are not easily differentiated by the search engine’s crawling technology.

  • Send, getting better

    Send continues to improve incrementally. Since our last post we’ve added a few requested features and fixed a bunch of bugs. You can now choose to allow multiple downloads and change the password on a file if you need to.

    Send is also more stable and should work more reliably across a wider set of browsers. We’ve brought back support for Microsoft Edge and some older versions of Safari.

  • Chrome 66 Beta: CSS Typed Object Model, Async Clipboard API, AudioWorklet

    Unless otherwise noted, changes described below apply to the newest Chrome Beta channel release for Android, Chrome OS, Linux, macOS, and Windows. View a complete list of the features in Chrome 66 on ChromeStatus.

  • Chrome 66 Beta Delivers On Async Clipboard API, Web Locks API

    Following the Chrome 65 release earlier this month, Google developers have now catapulted the Chrome 66 beta.

Mozilla: Privacy Violations, Privacy Rants, Development and More

Filed under
Moz/FF
  • Mozilla's opt-out Firefox DNS privacy test sparks, er, privacy outcry

    Mozilla's plan to test a more secure method for resolving internet domain names – known as Trusted Recursive Resolver (TRR) via DNS over HTTPs (DoH) – in Firefox Nightly builds has met with objections from its user community due to privacy concerns.

    The browser maker's intentions appear to be beneficial for Firefox users. As Patrick McManus, one of the Mozilla software engineers conducting the test, explains in a note posted this week to one of the company's developer forums, DoH can make DNS communication more secure.

  • Mozilla Statement, Petition: Facebook and Cambridge Analytica

    The headlines speak for themselves: Up to 50 million Facebook users had their information used by Cambridge Analytica, a private company, without their knowledge or consent. That’s not okay.

  • Enough is enough. Let’s tell Facebook what we want fixed.

    I had one big loud thought pounding in my head as I read the Cambridge Analytica headlines this past weekend: it’s time for Facebook users to say ‘enough is enough‘.

  • Crash-Stop, an extension to help handle crashes on Bugzilla

    Crash-stop is a webextension I wrote for Bugzilla to display crash stats by builds and patch information.

    The goal is to have enough information to be able to decide if a patch helped (hence its name) and, if needed, uplift it to the Beta/ESR/Release trains as appropriate.

    This project was initially meant to assist release-managers but it’s been useful for developers who fix/monitor crashes or for folks doing bug triage.

  • New features in Notes v3

    Today we are updating TestPilot Notes to v3.1! We have several new user-facing features and behind the scenes changes in this v3 release. The focus of this release was discoverability, speed and a bit of codebase cleanup.

    We heard your feedback about “Exporting notes…” and with this release we have added the first export related feature. You can now export the notepad as HTML using the menu. We are still playing around with Markdown and other exporting features.

  • compare-locales 3.0 – GSOC

    There’s something magic about compare-locales 3.0. It comes with Python 3 support.

    It took me quite a while to get to it, but the writing is on the wall that I had to add support for Python 3. That’s just been out for 10 years, too. Well, more like 9ish.

    We’re testing against Python 2.7, 3.5, and 3.6 now.

  • Multilingual Gecko Status Update 2018.1

    As promised in my previous post, I’d like to do a better job at delivering status updates on Internationalization and Localization technologies at Gecko at shorter intervals than once per year.

    In the previous post we covered recent history up to Firefox 58 which got released in January 2018. Since then we finished and shipped Firefox 59 and also finished all major work on Firefox 60, so this post will cover the two.

  • Bringing interactive examples to MDN
  • March Add(on)ness: Ghostery (2) Vs Decentraleyes (3)

Mozilla News/Views

Filed under
Moz/FF
  • What we learned about gender identity in Open Source

    To learn more, we launched a Diversity & Inclusion in Open Source survey earlier this year, which sought to better understand how people identify, including gender-identity.

    Our gender spectrum question, was purposely long — to experiment with the value people found in seeing their identity represented in a question. People from over 200 open projects participated. Amazingly, of 17 choices, each was uniquely selected, by a survey participant at least once.

  • Why we participate in support

    Users will not use Firefox if they don’t know how to use it, or if it is not working as expected. Support exists to retain users. If their experience of using Firefox is a bad, we’re here to make it good, so they continue to use Firefox.

  • WebRender newsletter #16
  • A good question, from Twitter

    Why do I pay attention to Internet advertising? Why not just block it and forget about it? By now, web ad revenue per user is so small that it only makes sense if you're running a platform with billions of users, so sites are busy figuring out other ways to get paid anyway.

  • This Week In Servo 108

    We have been working on adding automated performance tests for the Alexa top pages, and thanks to contributions from the Servo community we are now regularly tracking the performance of the top 10 websites.

Syndicate content

More in Tux Machines

Android Leftovers

Tidelift Backed by Former Red Hat Chairman and CEO Matthew Szulik

  • Open source startup Tidelift snags $15 mln Series A
    Boston-based Tidelift, an open source startup, has secured $15 million in Series A funding. General Catalyst, Foundry Group and former Red Hat Chairman and CEO Matthew Szulik led the round. In conjunction with the funding, Larry Bohn, managing director at General Catalyst, Ryan McIntyre, co-founder and managing director at Foundry Group and Szulik have all joined Tidelift’s board of directors.
  • Tidelift raises $15M to find paying gigs for open-source developers maintaining key projects
    Tidelift wants to give open-source developers a way to earn some money for contributing to important open-source projects and while helping the companies that are using those projects in key parts of their business, and it just raised $15 million to build those connections. General Catalyst, Foundry Group, and former Red Hat CEO Matthew Szulik co-led the Series A founding round into the Boston-based startup, the first time the 17-person company has taken financing, said Donald Fischer, co-founder and CEO of Tidelift. The other co-founders — Havoc Pennington, Jeremy Katz, and Luis Villa — share a wealth of open-source experience across companies like Red Hat and organizations like The Wikimedia Foundation and the Mozilla Foundation.
  • Tidelift Raises $15M Series A To Make Open Source Work Better--For Everyone

today's howto

Linux and CPU Security

  • 22 essential security commands for Linux
    There are many aspects to security on Linux systems – from setting up accounts to ensuring that legitimate users have no more privilege than they need to do their jobs. This is look at some of the most essential security commands for day-to-day work on Linux systems.
  • CVE-2018-3639: Spectre Variant 4 Vulnerability Affects the Linux Kernel
    A Spectre variant 4 vulnerability has been identified in the Linux kernel and represents a very dangerous threat to all affected machines. All system administrators are urged to apply the latest updates as soon as possible to mitigate any possible impact.
  • Spectre Number 4, STEP RIGHT UP!
    In the continuing saga of Meltdown and Spectre (tl;dr: G4/7400, G3 and likely earlier 60x PowerPCs don't seem vulnerable at all; G4/7450 and G5 are so far affected by Spectre while Meltdown has not been confirmed, but IBM documentation implies "big" POWER4 and up are vulnerable to both) is now Spectre variant 4. In this variant, the fundamental issue of getting the CPU to speculatively execute code it mistakenly predicts will be executed and observing the effects on cache timing is still present, but here the trick has to do with executing a downstream memory load operation speculatively before other store operations that the load does not depend on. If the CPU is convinced to speculatively execute down this victim path incorrectly, it will revert the stores and the register load when the mispredict is discovered, but the loaded address will remain in the L1 cache and be observable through means similar to those in other Spectre-type attacks.