mozilla

Mozilla Nederland LogoDe Nederlandse
Mozilla-gemeenschap

The internet needs our love

Mozilla Blog - to, 01/10/2020 - 04:33

It’s noisy out there. We are inundated with sensational headlines every minute, of every day. You almost could make a full-time job of sorting the fun, interesting or useful memes, feeds and reels from those that should be trashed. It’s hard to know what to pay attention to, and where to put your energy. With so much noise, chaos and division, it seems that one of the only things we all have in common is relying on the internet to help us navigate everything that’s happening in the world, and in our lives.

But the internet isn’t working.

I’m not talking about whether you have a wi-fi signal or can get online for work or school — in that sense the internet is doing its job for most of us, connecting billions of people around the globe. What I’m talking about is the magic. This amazing portal into the human experience has become a place filled with misinformation, corruption and greed. And in recent years we’ve seen those with power — Big Tech, governments, and bad actors — become more dominant, more brazen, and more dangerous. That’s a shame, because there’s still a lot to celebrate and do online. Whether it’s enjoying the absurd — long live cat videos — or addressing the downright critical, like beating back a global pandemic, we all need an internet where people, not profits, come first.

So it’s time to sound the alarm.

The internet we know and love is fcked up.

Let’s unfck it together. 

We are asking you to join us, and start a movement to create a better internet.

Let’s take back control from those who violate our privacy just to sell us stuff we don’t need. Let’s work to stop companies like Facebook and YouTube from contributing to the disastrous spread of misinformation and political manipulation. It’s time to take control over what we do and see online, and not let the algorithms feed us whatever they want.

You probably don’t know the name Mozilla. You might know Firefox. But we’ve been here, fighting for a better internet, for almost twenty years. We’re a non-profit backed organization that exists for the sole purpose of protecting the internet. Our products, like the Firefox browser, are designed with your privacy in mind. We’re here to prove that you can have an ethical tech business that works to make the internet a better place for all of us. We stand for people, not profit.

But we can’t fight this fight alone. Big tech has gotten too big. We need you. We need people who understand what it is to be part of something larger than themselves. People who love the internet and appreciate its magic. People who are looking for a company they can support because we are all on the same side.

We know it’s going to take more than provocative language to make this real. Which is why at the heart of this campaign are ways all of us can participate in changing the internet for the better. That’s what this is all about: working together to unfck the internet.

To start we’re giving you five concrete and shareable ways to reclaim what’s good about life online by clearing out the bad:

  1. Hold political ads accountable for misinformation: Download the Firefox extension that shares the political ads you see on Facebook to a public database so they can be tracked and monitored.
  2. Watch The Social Dilemma on Netflix & read our recommended readings from diverse voices: This #1 trending documentary unpacks the issues of the attention economy, and our compendium broadens the discussion by bringing more perspectives to the conversation.
  3. Get the Facebook Container extension: Prevent Facebook from following you around the rest of the web — which they can do even if you don’t have an account.
  4. Flag bad YouTube recommendations: This extension lets you report regrettable recos you’ve been served, so you can help make the engine better for everyone.
  5. Choose independent tech: Learn more about other independent tech companies and their products. Like shopping locally, using products like Firefox is a great way to vote your conscience online.

We’ll be updating the list frequently with new and timely ways you can take action, so check back regularly and bookmark or save the Unfck The Internet landing page.

Now, it’s time to get to work. We need you to speak up and own it. Tell your friends, your coworkers and your families. Tell the world that you’ve made the choice to “internet” with your values, and invite them to do the same.

It’s time to unfck the internet. For our kids, for society, for the climate. For the cats.

The post The internet needs our love appeared first on The Mozilla Blog.

Categorieën: Mozilla-nl planet

The Mozilla Blog: Launching the European AI Fund

Mozilla planet - wo, 23/09/2020 - 18:06

Right now, we’re in the early stages of the next phase of computing: AI. First we had the desktop. Then the internet. And smartphones. Increasingly, we’re living in a world where computing is built around vast troves of data and the algorithms that parse them. They power everything from the social platforms and smart speakers we use everyday, to the digital machinery of our governments and economies.

In parallel, we’re entering a new phase of  how we think about, deploy, and regulate technology. Will the AI era be defined by individual privacy and transparency into how these systems work? Or, will the worst parts of our current internet ecosystem — invasive data collection, monopoly, opaque systems — continue to be the norm?

A year ago, a group of funders came together at Mozilla’s Berlin office to talk about just this: how we, as a collective, could help shape the direction of AI in Europe. We agreed on the importance of a landscape where European public interest and civil society organisations — and not just big tech companies — have a real say in shaping policy and technology. The next phase of computing needs input from a diversity of actors that represent society as a whole.

Over the course of several months and with dozens of organizations around the table, we came up with the idea of a European AI Fund — a project we’re excited to launch this week.

The fund is supported by the Charles Stewart Mott Foundation, King Baudouin Foundation, Luminate, Mozilla, Oak Foundation, Open Society Foundations and Stiftung Mercator. We are a group of national, regional and international foundations in Europe that are dedicated to using our resources — financial and otherwise — to strengthen civil society. We seek to deepen the pool of experts across Europe who have the tools, capacity and know-how to catalogue and monitor the social and political impact of AI and data driven interventions — and hold them to account. The European AI Fund is hosted by the Network of European Foundations. I can’t imagine a better group to be around the table with.

Over the next five years, the European Commission and national governments across Europe will forge a plan for Europe’s digital transformation, including AI. But without a strong civil society taking part in the debate, Europe — and the world — risk missing critical opportunities and could face fundamental harms.

At Mozilla, we’ve seen first-hand the expertise that civil society can provide when it comes to the intersection of AI and consumer rights, racial justice, and economic justice. We’ve collaborated closely over the years with partners like European Digital Rights,  Access Now Algorithm Watch and Digital Freedom Fund. Alternatively, we’ve seen what can go wrong when diverse voices like these aren’t part of important conversations: AI systems that discriminate, surveil, radicalize.

At Mozilla, we believe that philanthropy has a key role to play in Europe’s digital transformation and in keeping AI trustworthy, as we’ve laid out in our trustworthy AI theory of change. We’re honoured to be working alongside this group of funders in an effort to strengthen civil society’s capacity to contribute to these tech policy discussions.

In its first step, the fund will launch with a 1,000,000 € open call for funding, open until November 1. Our aim is to build the capacity of those who already work on AI and Automated Decision Making (ADM). At the same time, we want to bring in new civil society actors to the debate, especially those who haven’t worked on issues relating to AI yet, but whose domain of work is affected by AI.

To learn more about the European AI Fund visit http://europeanaifund.org/

The post Launching the European AI Fund appeared first on The Mozilla Blog.

Categorieën: Mozilla-nl planet

The Firefox Frontier: How to spot (and do something) about real fake news

Mozilla planet - wo, 23/09/2020 - 17:36

Think you can spot fake news when you see it? You might be surprised even the most digitally savvy folks can (at times) be fooled into believing a headline or … Read more

The post How to spot (and do something) about real fake news appeared first on The Firefox Frontier.

Categorieën: Mozilla-nl planet

Daniel Stenberg: a Google grant for libcurl work

Mozilla planet - wo, 23/09/2020 - 15:46

Earlier this year I was the recipient of a monetary Google patch grant with the expressed purpose of improving security in libcurl.

This was an upfront payout under this Google program describing itself as “an experimental program that rewards proactive security improvements to select open-source projects”.

I accepted this grant for the curl project and I intend to keep working fiercely on securing curl. I recognize the importance of curl security as curl remains one of the most widely used software components in the world, and even one that is doing network data transfers which typically is a risky business. curl is responsible for a measurable share of all Internet transfers done over the Internet an average day. My job is to make sure those transfers are done as safe and secure as possible. It isn’t my only responsibility of course, as I have other tasks to attend to as well, but still.

Do more

Security is already and always a top priority in the curl project and for myself personally. This grant will of course further my efforts to strengthen curl and by association, all the many users of it.

What I will not do

When security comes up in relation to curl, some people like to mention and propagate for other programming languages, But curl will not be rewritten in another language. Instead we will increase our efforts in writing good C and detecting problems in our code earlier and better.

Proactive counter-measures

Things we have done lately and working on to enforce everywhere:

String and buffer size limits – all string inputs and all buffers in libcurl that are allowed to grow now have a maximum allowed size, that makes sense. This stops malicious uses that could make things grow out of control and it helps detecting programming mistakes that would lead to the same problems. Also, by making sure strings and buffers are never ridiculously large, we avoid a whole class of integer overflow risks better.

Unified dynamic buffer functions – by reducing the number of different implementations that handle “growing buffers” we reduce the risk of a bug in one of them, even if it is used rarely or the spot is hard to reach with and “exercise” by the fuzzers. The “dynbuf” internal API first shipped in curl 7.71.0 (June 2020).

Realloc buffer growth unification – pretty much the same point as the previous, but we have earlier in our history had several issues when we had silly realloc() treatment that could lead to bad things. By limiting string sizes and unifying the buffer functions, we have reduced the number of places we use realloc and thus we reduce the number of places risking new realloc mistakes. The realloc mistakes were usually in combination with integer overflows.

Code style – we’ve gradually improved our code style checker (checksrc.pl) over time and we’ve also gradually made our code style more strict, leading to less variations in code, in white spacing and in naming. I’m a firm believer this makes the code look more coherent and therefore become more readable which leads to fewer bugs and easier to debug code. It also makes it easier to grep and search for code as you have fewer variations to scan for.

More code analyzers – we run every commit and PR through a large number of code analyzers to help us catch mistakes early, and we always remove detected problems. Analyzers used at the time of this writing: lgtm.com, Codacy, Deepcode AI, Monocle AI, clang tidy, scan-build, CodeQL, Muse and Coverity. That’s of course in addition to the regular run-time tools such as valgrind and sanitizer builds that run the entire test suite.

Memory-safe components – curl already supports getting built with a plethora of different libraries and “backends” to cater for users’ needs and desires. By properly supporting and offering users to build with components that are written in for example rust – or other languages that help developers avoid pitfalls – future curl and libcurl builds could potentially avoid a whole section of risks. (Stay tuned for more on this topic in a near future.)

Reactive measures

Recognizing that whatever we do and however tight ship we run, we will continue to slip every once in a while, is important and we should make sure we find and fix such slip-ups as good and early as possible.

Raising bounty rewards. While not directly fixing things, offering more money in our bug-bounty program helps us get more attention from security researchers. Our ambition is to gently drive up the reward amounts progressively to perhaps multi-thousand dollars per flaw, as long as we have funds to pay for them and we mange keep the security vulnerabilities at a reasonably low frequency.

More fuzzing. I’ve said it before but let me say it again: fuzzing is really the top method to find problems in curl once we’ve fixed all flaws that the static analyzers we use have pointed out. The primary fuzzing for curl is done by OSS-Fuzz, that tirelessly keeps hammering on the most recent curl code.

Good fuzzing needs a certain degree of “hand-holding” to allow it to really test all the APIs and dig into the dustiest corners, and we should work on adding more “probes” and entry-points into libcurl for the fuzzer to make it exercise more code paths to potentially detect more mistakes.

See also my presentation testing curl for security.

Categorieën: Mozilla-nl planet

Mike Taylor: Seven Platform Updates from the Golden Era of Computing

Mozilla planet - wo, 23/09/2020 - 07:00

Back in the Golden Era of Computing (which is what the industry has collectively agreed to call the years 2016 and 2017) I was giving semi-regular updates at the Mozilla Weekly Meeting.

Now this was also back when Potch was the Weekly Project All Hands Meeting module owner. If that sounds like a scary amount of power to entrust to that guy, well, that’s because it was.

(This doesn’t have anything to do with the point of this post, I’m just trying to game SEO with these outbound links.)

So anyways, the point of these updates was to improve communication between Firefox and Platform teams which were more siloed than you would expect, and generally just let people know about interesting Platform work other teams were doing. I don’t even remember how that task fell upon me, I think it was just cause I just showed up to do it.

Rumor has it that Chris Beard wanted to switch to Blink back then but was moved by my artwork, and that’s why Gecko still exists to this day.

(Full disclosure: I just made up this rumor, but please quote me as “Anonymous Source” and link back to here if anyone wants to run with it.)

Categorieën: Mozilla-nl planet

Firefox UX: From a Feature to a Habit: Why are People Watching Videos in Picture-in-Picture?

Mozilla planet - ti, 22/09/2020 - 18:08

At the end of 2019, if you were using Firefox to watch a video, you saw a new blue control with a simple label: “Picture-in-Picture.” Even after observing and carefully crafting the feature with feedback from in-progress versions of Firefox (Nightly and Beta), our Firefox team wasn’t really sure how people would react to it. So we were thrilled when we saw signals that the response was positive.

Firefox’s Picture-in-Picture allows you to watch videos in a floating window (always on top of other windows) so you can keep an eye on what you’re watching while interacting with other sites, or applications.

From a feature to a habit

About 6 months after PiP’s release, we started to see some trends from our data. We know from our internal data that people use Firefox to watch video. In fact, some people watch video over 60% of the time when they’re using Firefox. And, some of these people use PiP to do that. Further, our data shows that people who use Picture-in-Picture open more PiP windows over time. In short, we see that not everyone uses PiP, but those who do seem to be forming a habit with it.

A habit is a behaviour “done with little or no conscious thought.”  So we asked ourselves:

  • Why is PiP becoming a habit for some people?
  • What are peoples’ motivations behind using PiP?

Fogg’s Behavior Model describes habits and how they form. We already knew two parts of this equation: Behavior and Ability. But we didn’t know Motivation and Trigger.

Behavior = Motivation, Ability, Trigger

Fogg’s Behavior Model.

To get at these “why” questions, we conducted qualitative research with people who use PiP.  We conducted interviews with 11 people to learn more about how they discovered PiP and how they use it in their everyday browsing. We were even able to observe these people using PiP in action. It’s always a privilege to speak directly to people who are using the product. Talking to and observing peoples’ actions is an indispensable part of making something people find useful.

Now we’ll talk about the Motivation part of the habit equation by sharing how the people we interviewed use PiP.

Helps with my tasks

When we started to look at PiP, we were worried that the feature would bring some unintended consequences in peoples’ lives. Could PiP diminish their productivity by increasing distractibility? Surprisingly, from what we observed in these interviews, PiP helped some participants do their task, as opposed to being needlessly distracting. People are using PiP as a study tool, to improve their focus, or to motivate them to complete certain tasks.

PiP for note-taking

One of our participants was a student. He used Picture-in-Picture to watch lecture videos and take notes while doing his homework. PiP helped him complete and enhance a task.

PiP video open on the left with Pages applications in the main area of the screen

Taking notes in a native desktop application while watching a lecture video in picture-in-picture. (Recreation of what a participant did during an interview)

Breaks up the monotony of work

You might have this experience: listening to music or a podcast helps you “get in the zone” while you’re exercising or perhaps doing chores. It helps you lose yourself in the task, and make mundane tasks more bearable. Picture-in-Picture does the same for some people while they are at work, to avoid the surrounding silence.

“I just kind of like not having dead silence… I find it kind of motivating and I don’t know, it just makes the day seem less, less long.” — Executive Assistant to a Real Estate Developer

Calms me down

Multiple people told us they watch videos in PiP to calm themselves down. If they are reading a difficult article for work or study, or doing some art, watching ASMR or trance-like videos feels therapeutic. Not only does this calm people down, they said it can help them focus.

PiP on the bottom left with an article open in the main area of the screen

Reading an article in a native Desktop application while watching a soothing video of people running in picture-in-picture. (Recreation of what a participant did during an interview)

Keeps me entertained

And finally, some people use Picture-in-Picture for pure and simple entertainment. One person watches a comedic YouTuber talk about reptiles while playing a dragon-related browser game. Another person watches a friend’s live streaming gaming while playing a game themself.

PiP video in the upper left with a game in the main area of the screen

Playing a browser game while watching a funny YouTube video. (Recreation of what a participant showed us during an interview)

Our research impact 

Some people have habits with PiP for the reasons listed above, and we also learned there’s nothing gravely wrong with PiP to prevent habit-forming. Therefore, our impact is related to PiP’s strategy: Do not make “habit-forming” a measure of PiP’s success. Instead, better support what people already do with PiP. Particularly, PiP is getting more controls, for example, changing the volume.

Red panda in a PiP video

You don’t have to stop reading to watch this cute red panda in Picture-in-Picture

 

Share your stories

While conducting these interviews, we also prepared an experiment to test different versions of Picture-in-Picture, with the goal of increasing the number of people who discover it. We’ll talk more on that soon!

In the meantime, we’d like to hear even more stories. Are you using Picture-in-Picture in Firefox? Are you finding it useful? Please share your stories in the comments below, or send us a tweet @firefoxUX with a screenshot. We’d love to hear from you.

 

Thank you to Betsy Mikel for editing our blog post.

This post was originally published on Medium.

Categorieën: Mozilla-nl planet

Mozilla VR Blog: Your Security and Mozilla Hubs

Mozilla planet - ti, 22/09/2020 - 16:34
Your Security and Mozilla Hubs

Mozilla and the Hubs team takes internet security seriously. We do our best to follow best practices for web security and securing data. This post will provide an overview of how we secure access to your rooms and your data.

Room Authentication

In the most basic scenario, only people who know the URL of your room can access your room. We use randomly generated strings in the URLs to obfuscate the URLs. If you need more security in your room, then you can limit your room to only allow users with Hubs accounts to join (usually, anyone can join regardless of account status). This is a server-wide setting, so you have to run your own Hubs Cloud instance to enable this setting.

You can also make rooms “invite only” which generates an additional key that needs to be used on the link to allow access. While the room ID can’t be changed, an “invite only” key can be revoked and regenerated, allowing you to revoke access to certain users.

Discord OAuth Integration

Alternatively, users can create a room via the Hubs Discord bot, and the room becomes bound to the security context of that Discord. In this scenario, a user’s identity is tied to their identity in Discord, and they only have access to rooms that are tied to channels they have access to. Users with “modify channel” permissions in Discord get corresponding “room owner” permissions in Hubs, which allows them to change room settings and kick users out of the room. For example, if I am a member of the private channel #standup, and there is a room tied to that channel, only members of that channel (including me) are allowed in the associated room. Anyone attempting to access the room will first need to authenticate via Discord.

How we secure your data

We collect minimal data on users. For any data that we do collect, all database data and backups are encrypted at rest. Additionally, we don’t store raw emails in our database--this means we can’t retrieve your email, we can only check to see if the email you enter for log in is in our database. All data is stored on a private subnet and is not accessible via the internet.

For example, let’s go through what happens when a user uploads a file inside a room. First, the user uploads a personal photo to the room to share with others. This generates a URL via a unique key, which is passed to all other users inside the room. Even if others find the URL of the file, they cannot decrypt the photo without this key (including the server operator!). The photo owner can choose to pin the photo to the room, which saves the encryption key in a database with the encrypted file. When you visit the room again, you can access the file, because the key is shared with room visitors. However, if the file owner leaves the room without pinning the photo, then the photo is considered ‘abandoned data’ and the key is erased. This means that no users can access the file anymore, and the data is erased within 72 hours.

All data is encrypted in transit via TLS. We do not currently support end-to-end encryption.

Hubs Cloud Security

When you deploy your own Hubs Cloud instance, you have full control over the instance and its data via AWS or DigitalOcean infrastructure--Mozilla simply provides the template and automatic updates. Therefore, you can integrate your own security measures and technology as you like. Everyone’s use case is different. Hubs cloud is an as-is product, and we’re unable to predict the performance as you make changes to the template.

Server access is limited by SSH and sometimes two-factor authentication. For additional security, you can set stack template rules to restrict which IP addresses can SSH into the server.

How do we maintain Hubs Cloud with the latest security updates

We automatically update packages for security updates, and update our version in a monthly cadence, but if there’s a security issue exposed (either in our software or third party software), we can immediately update all stacks. We inherit our network architecture from AWS, which includes load balancing and DDoS protection.

Your security on the web is non-negotiable. Between maintaining security updates, authenticating users, and encrypting data at rest and in transit, we prioritize our users security needs. For any additional questions, please reach out to us. To contribute to Hubs, visit https://github.com/mozilla/hubs.

Categorieën: Mozilla-nl planet

Mozilla VR Blog: Your Privacy and Mozilla Hubs

Mozilla planet - ti, 22/09/2020 - 00:31
Your Privacy and Mozilla Hubs

At Mozilla, we believe that privacy is fundamental to a healthy internet. We especially believe that this is the case in social VR platforms, which process and transmit large amounts of personal information. What happens in Hubs should stay in Hubs.

Privacy expectations in a Hubs room

First, let’s discuss what your privacy expectations should be when you’re in a Hubs room. In general, anything transmitted in a room is available to everyone connected to that room. They can save anything that you send. This is why it’s so important to only give the Hubs link out to people you want to be in the room, or to use Discord authentication so only authorized users can access a room.

While some rooms may have audio falloff to declutter the audio in a room, users should still have the expectation that anyone in the room (or in the lobby) can hear what’s being said. Audio falloff is performed in the client, so anyone who modifies their client can hear you from anywhere in the room.

Other users in the room have the ability to create recordings. While recording, the camera tool will display a red icon, and your avatar will indicate to others with a red icon that you are filming and capturing audio. All users are notified when a photo or video has been taken. However, users should still be aware that others could use screen recorders to capture what happens in a Hubs room without their knowledge.

Minimizing the data we collect on you

The only data we need to create an account for you is your email address, which we store hashed in an encrypted database. We don’t collect any additional personal information like birthdate, real name, or telephone numbers. Accounts aren’t required to use Hubs, and many features are available to users without accounts.

Processing data instead of collecting data

There’s a certain amount of information that we have to process in order to provide you with the Hubs experience. For example, we receive and send to others the name and likeness of your avatar, its position in the room, and your interactions with objects in the room. If you create an account, you can store custom avatars and their names.

We receive data about the virtual objects and avatars in a room in order to share that data with others in the room, but we don’t monitor the individual objects that are posted in a room. Users have the ability to permanently pin objects to a room, which will store them in the room until they’re deleted. Unpinned files are deleted from Mozilla’s servers after 72 hours.

We do collect basic metrics about how many rooms are being created and how many users are in those rooms, but we don’t tie that data to specific rooms or users. What we don’t do is collect or store any data without the user's explicit consent.

Hubs versus Hubs Cloud

Hubs Cloud owners have the capability to implement additional server-side analytics. We provide Hubs Cloud instances with their own versions of Hubs, with minimal data collection and no user monitoring, which they can then modify to suit their needs. Unfortunately, this means that we can’t make any guarantees about what individual Hubs Cloud instances do, so you’ll need to consult with the instance owner if you have any privacy concerns.

Our promise to you

We will never perform user monitoring or deep tracking, particularly using VR data sources like gaze-tracking. We will continue to minimize the personal data we collect, and when we do need to collect data, we will invest in privacy preserving solutions like differential privacy. For full details, see our privacy policy. Hubs is an open source project–to contribute to Hubs, visit https://github.com/mozilla/hubs.

Categorieën: Mozilla-nl planet

The Rust Programming Language Blog: Call for 2021 Roadmap Blogs Ending Soon

Mozilla planet - mo, 21/09/2020 - 02:00

We will be closing the collection of blog posts on October 5th. As a reminder, we plan to close the survey on September 24th, later this week.

If you haven't written a post yet, read the initial announcement.

Looking forward, we are expecting the following:

  • Roadmap RFC proposed by mid-November
  • Roadmap RFC merged by mid-December

We look forward to reading your posts!

Categorieën: Mozilla-nl planet

Cameron Kaiser: TenFourFox FPR27 available

Mozilla planet - snein, 20/09/2020 - 03:48
TenFourFox Feature Parity Release 27 final is now available for testing (downloads, hashes, release notes). Unfortunately, I have thus far been unable to solve issue 621 regarding the crashes on LinkedIn, so to avoid drive-by crashes, scripts are now globally disabled on LinkedIn until I can (no loss since it doesn't work anyway). If you need them on for some reason, create a pref tenfourfox.troublesome-js.allow and set it to true. I will keep working on this for FPR28 to see if I can at least come up with a better wallpaper, though keep in mind that even if I repair the crash it may still not actually work anyway. There are otherwise no new changes since the beta except for outstanding security updates, and it will go live Monday evening Pacific assuming no new issues.

For our struggling Intel friends, if you are using Firefox on 10.9 through 10.11 Firefox ESR 78 is officially your last port of call, and support for these versions of the operating system will end by July 2021 when support for 78ESR does. The Intel version of TenFourFox may run on these machines, though it will be rather less advanced, and of course there is no official support for any Intel build of TenFourFox.

Categorieën: Mozilla-nl planet

Firefox Nightly: These Weeks in Firefox: Issue 79

Mozilla planet - sn, 19/09/2020 - 22:23
Highlights
  • We’re testing some variations on the Picture-in-Picture toggle
    • An animated GIF shows a Picture-in-Picture toggle being moused over. When the mouse reaches the toggle, it extends, showing the text “Watch in Picture-in-Picture”

      An animated GIF shows a Picture-in-Picture toggle being moused over. Text describing Picture-is-Picture is shown.

  • Camera and microphone global mutes have landed, but are being held to Nightly
    • The WebRTC sharing indicator shows microphone, camera, and minimize buttons. The microphone button shows that it is muted.

  • Urlbar Design Update 2 is live in Nightly. Access “search mode” from the refresh one-off buttons, including one-offs for bookmarks, history, and tabs. This feature is targeting 82. Please file bugs against Bug 1644572!
Friends of the Firefox team Introductions/Shout-Outs
  • Welcome mtigley and daisuke to the Firefox Desktop team!
Resolved bugs (excluding employees) Fixed more than one bug
  • manas
Project Updates Add-ons / Web Extensions Addon Manager & about:addons
  • Shane landed a patch to make sure that Firefox will double-check the version compatibility for the installed langpacks and disable them if they are not strictly compatible with the currently running Firefox version (Bug 1646016), this was likely a major cause for some YSOD (yellow screen of death) issues that were originally triggered by an issue on the AMO side.

 

WebExtensions Framework
  • Matt Woodrow fixed a webRequest API regression which was preventing pages multipart/x-mixed-replace content to finish loading when extensions using webRequest blocking listeners are installed (e.g. uBlock origin) (Fixed in Bug 1638422, originally regressed by Bug 1600211)

 

WebExtensions API
  • As part of fission-related work on the extensions framework and APIs, Tomislav landed some changes needed to make the browser.tabs.captureTab API method to work with Fission iframes (Bug 1636508)
Applications Sync and Storage
  • 98% of our sync storage nodes have been migrated over to the new Rust based sync storage service, aka “Durable Sync”.
  • JR Conlin is working on implementing a sync quota; we’ll limit users to 2GB per sync collection (ie, bookmarks, tabs, history, etc) and plan to roll this out in late September.
Fission
  • Fission Nightly experiment is tentatively targeted for Nightly 83
Installer & Updater
  • Mhowell and Nalexander are researching how to move forward with a Gecko based background update agent. Work will continue on this effort through the end of the year.
  • Bytesized has a patch open to add telemetry to track windows verified app settings to help us better understand barriers to installation for Win10 users.
Lint
  • Sonia has continued work on enabling rules that were previously disabled when *.xul files moved to *.xhtml, with toolkit and accessible landing in the last week.
Password Manager PDFs & Printing
  • Beta uplifts are complete as of Thursday
  • QA has been looking over the feature and the old print UI on beta and haven’t found any blockers for backing out our latest uplifts
  • Go/no-go decision to be made on Friday, Sept 11
Performance Picture-in-Picture
  • The toggle variation experiment is now live! We should hopefully have some data to help us make a selection on which toggle to proceed with soon.
    • media.videocontrols.picture-in-picture.video-toggle.mode
      • Default = -1
      • Mode 1 = 1
      • Mode 2 = 2
    • media.videocontrols.picture-in-picture.video-toggle.position
      • “right” = right side (default)
      • “left” = left side
    • media.videocontrols.picture-in-picture.video-toggle.has-used (only affects Mode 2)
      • true – the user has used Picture-in-Picture before in 80+
      • false (default) – the user has not used Picture-in-Picture before in 80+
  • MSU students are working on improving Picture-in-Picture! Here’s the metabug.
Search and Navigation Search
  • Cleanup the search service after modern configuration shipped – Bug 1619922
    • Legacy search configuration code has been removed – Bug 1619926, Bug 1642990
    • Work is ongoing to improve some of the architecture of the search service and should be complete in the 82 cycle.
  • Consolidation of search aliases and bookmark keywords – Bug 1650874
    • Internal search keywords are now shown in about:preferences#search – Bug 1658713
    • WIP – Initial implementation of user defined search engines – Bug 1106626
Address Bar
  • Urlbar Design Update 2
    • Behavior change: Left/Right keys on one-off buttons move the caret rather than trapping the user in one-off buttons – Bug 1632318
    • Improvement: Some restriction characters (*, %, ^) are converted to search mode when a space is typed after them to restrict results – Bug 1658964
User Journey WebRTC UI
  • mconley is working on adding Task Tray icons on Windows to indicate that devices are being shared
    • We have something similar on macOS already
Categorieën: Mozilla-nl planet

Cameron Kaiser: Google, nobody asked to make the Blogger interface permanent

Mozilla planet - sn, 19/09/2020 - 21:01
As a followup to my previous rant on the obnoxious new Blogger "upgrade," I will grudgingly admit Blogger has done some listening. You can now embed images and links similarly to the way you used to, which restores some missing features and erases at least a part of my prior objections. But not the major one, because usability is still a rotting elephant's placenta. I remain an inveterate user of the HTML blog view and yet the HTML editor still thinks it knows better than you how to format your code and what tags you should use, you can't turn it off and you can't make it faster. And I remain unclear what the point of all this was because there is little improvement in functionality except mobile previewing.

Naturally, Google has removed the "return to legacy Blogger" button, but you can still get around that at least for the time being. On your main Blogger posts screen you will note a long multidigit number in the URL (perhaps that's why they're trying to hide URLs in Chrome). That's your blog ID. Copy that number and paste it in where the XXX is in this URL template (all one line):

https://www.blogger.com/blogger.g?blogID=XXX&useLegacyBlogger=true#allposts

Bookmark it and you're welcome. I look forward to some clever person making a Firefox extension to do this very thing very soon, and if you make one post it in the comments.

Categorieën: Mozilla-nl planet

Daniel Stenberg: My first 15,000 curl commits

Mozilla planet - fr, 18/09/2020 - 16:12

I’ve long maintained that persistence is one of the main qualities you need in order to succeed with your (software) project. In order to manage to ship a product that truly conquers the world. By continuously and never-ending keeping at it: polishing away flaws and adding good features. On and on and on.

Today marks the day when I landed my 15,000th commit in the master branch in curl’s git repository – and we don’t do merge commits so this number doesn’t include such. Funnily enough, GitHub can’t count and shows a marginally lower number.

This is of course a totally meaningless number and I’m only mentioning it here because it’s even and an opportunity for me to celebrate something. To cross off an imaginary milestone. This is not even a year since we passed 25,000 total number of commits. Another meaningless number.

15,000 commits equals 57% of all commits done in curl so far and it makes me the only committer in the curl project with over 10% of the commits.

The curl git history starts on December 29 1999, so the first 19 months of commits from the early curl history are lost. 15,000 commits over this period equals a little less than 2 commits per day on average. I reached 10,000 commits in December 2011, so the latest 5,000 commits were done at a slower pace than the first 10,000.

I estimate that I’ve spent more than 15,000 hours working on curl over this period, so it would mean that I spend more than one hour of “curl time” per commit on average. According to gitstats, these 15,000 commits were done on 4,271 different days.

We also have other curl repositories that aren’t included in this commit number. For example, I have done over 4,400 commits in curl’s website repository.

With these my first 15,000 commits I’ve added 627,000 lines and removed 425,000, making an average commit adding 42 and removing 28 lines. (Feels pretty big but I figure the really large ones skew the average.)

The largest time gap ever between two of my commits in the curl tree is almost 35 days back in June 2000. If we limit the check to “modern times”, as in 2010 or later, there was a 19 day gap in July 2015. I do take vacations, but I usually keep up with the most important curl development even during those.

On average it is one commit done by me every 12.1 hours. Every 15.9 hours since 2010.

I’ve been working full time on curl since early 2019, up until then it was a spare time project only for me. Development with pull-requests and CI and things that verify a lot of the work before merge is a recent thing so one explanation for a slightly higher commit frequency in the past is that we then needed more “oops” commits to rectify mistakes. These days, most of them are done in the PR branches that are squashed when subsequently merged into master. Fewer commits with higher quality.

curl committers

We have merged commits authored by over 833 authors into the curl master repository. Out of these, 537 landed only a single commit (so far).

We are 48 authors who ever wrote 10 or more commits within the same year. 20 of us committed that amount of commits during more than one year.

We are 9 authors who wrote more than 1% of the commits each.

We are 5 authors who ever wrote 10 or more commits within the same year in 10 or more years.

Our second-most committer (by commit count) has not merged a commit for over seven years.

To reach curl’s top-100 committers list right now, you only need to land 6 commits.

can I keep it up?

I intend to stick around in the curl project going forward as well. If things just are this great and life remains fine, I hope that I will be maintaining roughly this commit speed for years to come. My prediction is therefore that it will take longer than another twenty years to reach 30,000 commits.

I’ve worked on curl and its precursors for almost twenty-four years. In another twenty-four years I will be well into my retirement years. At some point I will probably not be fit to shoulder this job anymore!

I have never planned long ahead before and I won’t start now. I will instead keep focused on keeping curl top quality, an exemplary open source project and a welcoming environment for newcomers and oldies alike. I will continue to make sure the project is able to function totally independently if I’m present or not.

The 15,000th commit?

So what exactly did I change in the project when I merged my 15,000th ever change into the branch?

It was a pretty boring and non-spectacular one. I removed a document (RESOURCES) from the docs/ folder as that has been a bit forgotten and now is just completely outdated. There’s a much better page for this provided on the web site: https://curl.haxx.se/rfc/

Celebrations!

I of coursed asked my twitter friends a few days ago on how this occasion is best celebrated:

I showed these results to my wife. She approved.

Categorieën: Mozilla-nl planet

Mike Taylor: Upcoming US Holidays (for Mike Taylor)

Mozilla planet - fr, 18/09/2020 - 07:00

This is a copy of the email I sent a few days ago to all of Mozilla. I just realized that I’m possibly not the only person with a mail filter to auto-delete company-wide “Upcoming $COUNTRY Holidays” emails, so I’m reposting here.

Maybe I’ll blog later about my experience at Mozilla.

Subject: Upcoming US Holidays (for Mike Taylor)

Howdy all,

This is my last full week at Mozilla, with my last day being Monday, September 21. It’s been just over 7 years since I joined (some of them were really great, and others were fine, I guess).

I’m grateful to have met and worked with so many kind and smart people across the company.

I’m especially grateful for Karl Dubost inviting me to apply to Mozilla 7 years ago, and for getting to know and become friends with the people who joined our team after (Cipri, Dennis, James, Ksenia, Oana, Tom, Guillaume, Kate, et al). I believe they’ve made Firefox a significantly better browser for our users and will continue to unbreak the web.

Anyways, you can find me on the internet in all the usual places. Don’t be a stranger.

Blog: https://miketaylr.com/posts/ Twitter: https://twitter.com/miketaylr Facebook: https://fishbrain.com/anglers/miketaylr LinkedIn: https://www.linkedin.com/in/mike-taylor-7a09163/ Email: (redacted, stalkers. also it’s TOTALLY unguessable don’t even try)

Later,

– Mike Taylor Web Compat, Mozilla

Categorieën: Mozilla-nl planet

Pages