mozilla

Mozilla Nederland LogoDe Nederlandse
Mozilla gemeenschap

Abonneren op feed Mozilla planet
Planet Mozilla - http://planet.mozilla.org/
Bijgewerkt: 11 min 19 sec geleden

Christian Heilmann: Reconnecting at TEDxLinz – impressions, slides, resources

za, 27/09/2014 - 17:51

I just returned from Linz, Austria, where I spoke at TEDxLinz yesterday. After my stint at TEDxThessaloniki earlier in the year I was very proud to be invited to another one and love the variety of talks you encounter there.

TEDx_Linz_2014-5783

The overall topic of the event was “re-connect” and I was very excited to hear all the talks covering a vast range of topics. The conference was bilingual with German (well, Austrian) talks and English ones. Oddly enough, no speaker was a native English speaker.

TEDx_Linz_2014-5622

My favourite parts were:

  • Ingrid Brodnig talking about online hate and how to battle it
  • Andrea Götzelmann talking about re-integrating people into their home countries after emigrating. A heart-warming story of helping people out who moved out and failed just to return and succeed
  • Gergely Teglasy talking about creating a crowd-curated novel written on Facebook
  • Malin Elmlid of The Bread Exchange showing how her love of creating your own food got her out into the world and learn about all kind of different cultures. And how doing an exchange of goods and services beats being paid.
  • Elisabeth Gatt-Iro and Stefan Gatt showing us how to keep our relationships fresh and let love listen.
  • Johanna Schuh explaining how asking herself questions about her own behaviour rather than throwing blame gave her much more peace and the ability to go out and speak to people.
  • Stefan Pawel enlightening us about how far ahead Linz is compared to a lot of other cities when it comes to connectivity (150 open hot spots, webspace for each city dweller)

The location was the convention centre of a steel factory and the stage setup was great and not over the top. The audience was very mixed and very excited and all the speakers did a great job mingling. Despite the impressive track record of all of them there was no sense of diva-ism or “parachute presenting”.
I had a lovely time at the speaker’s dinner and going to and from the hotel.

The hotel was a special case in itself: I felt like I was in an old movie and instead of using my laptop I was tempted to grow a tufty beard and wear layers and layers of clothes and a nice watch on a chain.

hotel room

My talk was about bringing the social back into social media or – in other words – stopping to chase numbers of likes and inane comments and go back to a web of user generated content that was done by real people. I have made no qualms about it in the past that I dislike memes and animated GIFs cropped from a TV series of movie with a passion and this was my chance to grand-stand about it.

I wanted the talk to be a response to the “Look up” and “Look down” videos about social oversharing leading to less human interaction. My goal was to move the conversation into a different direction, explaining that social media is for us to put things we did and wanted to share. The big issue is that the addiction-inducing game mechanisms of social media platforms instead lead us to post as much as we can and try to be the most shared instead of the creators.

This also leads to addiction and thus to strange online behaviour up to over-sharing materials that might be used as blackmail opportunities against us.

My slides are on Slideshare.

Re/Connect – Putting the social back into social media (TEDx Linz) from Christian Heilmann

Resources I covered in the talk:

Other than having a lot of fun on stage I also managed to tick some things off my bucket list:

TEDx_Linz_2014-5792

  • Vandalising a TEDx stage
  • Being on stage with my fly open
  • Using the words “sweater pillows” and “dangly bits” in a talk

I had a wonderful time all in all and I want to thank the organisers for having me, the audience for listening, the other speakers for their contribution and the caterers and volunteers for doing a great job to keep everybody happy.

TEDx_Linz_2014-5806

Categorieën: Mozilla-nl planet

Eric Shepherd: The Sheppy Report: September 26, 2014

vr, 26/09/2014 - 23:25

I can’t believe another week has already gone by. This is that time of the year where time starts to scream along toward the holidays at a frantic pace.

What I did this week
  • I’ve continued working heavily on the server-side sample component system
    • Implemented the startup script support, so that each sample component can start background services and the like as needed.
    • Planned and started implementation work on support for allocating ports each sample needs.
    • Designed tear-down process.
  • Created a new “download-desc” class for use on the Firefox landing page on MDN. This page offers download links for all Firefox channels, and this class is used to correct a visual glitch. The class has not as yet been placed into production on the main server though. See this bug to track landing of this class.
  • Updated the MDN administrators’ guide to include information on the new process for deploying changes to site CSS now that the old CustomCSS macro has been terminated on production.
  • Cleaned up Signing Mozilla apps for Mac OS X.
  • Created Using the Mozilla build VM, based heavily on Tim Taubert’s blog post and linked to it from appropriate landing pages.
  • Copy-edited and revised the Web Bluetooth API page.
  • Deleted a crufty page from the Window API.
  • Meetings about API documentation updates and more.
Wrap up

That’s a short-looking list but a lot of time went into many of the things on that list; between coding and research for the server-side component service and experiments with the excellent build VM (I did in fact download it and use it almost immediately to build a working Nightly), I had a lot to do!

My work continues to be fun and exciting, not to mention outright fascinating. I’m looking forward to more, next week.

Categorieën: Mozilla-nl planet

Jeff Walden: Minor changes are coming to typed arrays in Firefox and ES6

vr, 26/09/2014 - 23:17

JavaScript has long included typed arrays to efficiently store numeric arrays. Each kind of typed array had its own constructor. Typed arrays inherited from element-type-specific prototypes: Int8Array.prototype, Float64Array.prototype, Uint32Array.prototype, and so on. Each of these prototypes contained useful methods (set, subarray) and properties (buffer, byteOffset, length, byteLength) and inherited from Object.prototype.

This system is a reasonable way to expose typed arrays. Yet as typed arrays have grown, it’s grown unwieldy. When a new typed array method or property is added, distinct copies must be added to Int8Array.prototype, Float64Array.prototype, Uint32Array.prototype, &c. Likewise for “static” functions like Int8Array.from and Float64Array.from. These distinct copies cost memory: a small amount, but across many tabs, windows, and frames it can add up.

A better system

ES6 changes typed arrays to fix these issues. The typed array functions and properties now work on any typed array.

var f32 = new Float32Array(8); // all zeroes var u8 = new Uint8Array([0, 1, 2, 3, 4, 5, 6, 7]); Uint8Array.prototype.set.call(f32, u8); // f32 contains u8's values

ES6 thus only needs one centrally-stored copy of each function. All functions move to a single object, denoted %TypedArray%.prototype. The typed array prototypes then inherit from %TypedArray%.prototype to expose them.

assertEq(Object.getPrototypeOf(Uint8Array.prototype), Object.getPrototypeOf(Float64Array.prototype)); assertEq(Object.getPrototypeOf(Object.getPrototypeOf(Int32Array.prototype)), Object.prototype); assertEq(Int16Array.prototype.subarray, Float32Array.prototype.subarray);

ES6 also changes the typed array constructors to inherit from the %TypedArray% constructor, on which functions like Float64Array.from and Int32Array.of live. (Neither function yet in Firefox, but soon!)

assertEq(Object.getPrototypeOf(Uint8Array), Object.getPrototypeOf(Float64Array)); assertEq(Object.getPrototypeOf(Object.getPrototypeOf(Int32Array)), Function.prototype);

I implemented these changes a few days ago in Firefox. Grab a nightly build and test things out with a new profile.

Conclusion

In practice this won’t affect most typed array code. Unless you depend on the exact [[Prototype]] sequence or expect typed array methods to only work on corresponding typed arrays (and thus you’re deliberately extracting them to call in isolation), you probably won’t notice a thing. But it’s always good to know about language changes. And if you choose to polyfill an ES6 typed array function, you’ll need to understand %TypedArray% to do it correctly.

Categorieën: Mozilla-nl planet

Frédéric Harper: HTML, not just for desktops at Congreso Universitario Móvil

vr, 26/09/2014 - 18:04
My translator, and me

My translator, and me

At the beginning of the month, I was in Mexico to represent Mozilla at Congreso Universitario Móvil, an annual conference at the Universidad Nacional Autónoma de México. Unfortunately, I did not have the time to visit a lot Mexico City, but I had an amazing full day at the event. I started the fourth day of the conference with a keynote on Firefox OS.

HTML, not just for desktops: Firefox OS – Congreso Universitario Móvil – 2014-09-04 from Frédéric Harper

 

You can also watch the recording of my session. The sound is not that good: the room was echoing a lot, but I promised to the attendees that no matter what, I’ll publish it online.

 

The attendees had so much interest in the Open Web that instead of taking a couple of minutes for the questions, I did a full one hours Q&A right after the keynote. They were supposed to have a one-hour break before the next session, but they used that time to learn more about Firefox OS, which is great. I think we would have been good to continue on the questions, but I had to stop them as it was time to start the three hours hackathons. I started the hackathon with explanations about the next hours we spent together, but also on how to build, and debug your application.

Firefox OS, getting started in 15 mins – Congreso Universitario Móvil – 2014-09-04 from Frédéric Harper

 

I also recorded that presentation, which took more than fifteen minutes as it include explanation about the hackathon itself. Again, we were in the same room, so the sound is not optinal.

 

Attendees worked hard to port their actual web application using HTML, CSS, and JavaScript to make them work on our platform. After the hacking part of the day, I did three interviews with local medias, and one is already online on Excélsior (in Spanish – English version translated by Google). The one with Reforma, and Financiero Bloomberg TV will follow soon. Overall, I had an amazing time again in Mexico, and I was amazed by the interest about HTML, the Open Web, and Firefox OS. Keep the great apps coming Mexico!


--
HTML, not just for desktops at Congreso Universitario Móvil is a post on Out of Comfort Zone from Frédéric Harper

Related posts:

  1. Firefox OS at the Congreso Universitario Movil in Mexico City Tomorrow, I’ll join the students as the developers from Mexico...
  2. Fixing the mobile web with Firefox OS at FITC Toronto This morning I was presenting at FITC Toronto about Firefox...
  3. Empower Mobile Web Developers with JavaScript & WebAPI at PragueJS HTML5 is a giant step in the right direction: it...
Categorieën: Mozilla-nl planet

Gervase Markham: Prevent Territoriality

vr, 26/09/2014 - 16:56

Watch out for participants who try to stake out exclusive ownership of certain areas of the project, and who seem to want to do all the work in those areas, to the extent of aggressively taking over work that others start. Such behavior may even seem healthy at first. After all, on the surface it looks like the person is taking on more responsibility, and showing increased activity within a given area. But in the long run, it is destructive. When people sense a “no trespassing” sign, they stay away. This results in reduced review in that area, and greater fragility, because the lone developer becomes a single point of failure. Worse, it fractures the cooperative, egalitarian spirit of the project. The theory should always be that any developer is welcome to help out on any task at any time.

— Karl Fogel, Producing Open Source Software

Categorieën: Mozilla-nl planet

Soledad Penades: Berlin Web Audio Hack Day 2014

vr, 26/09/2014 - 16:11

As with the Extensible Web Summit, we wrote some notes collaboratively. Here are the notes for the Web Audio Hackday!

We started the day with me being late because I took a series of badly timed bad decisions and that ended up in me taking the wrong untergrund lines. In short: I don’t know how to metro in Berlin in the mornings and I’m still so sorry.

I finally arrived to Soundcloud’s offices, and it was cool that Jan was still doing the presentations, so Tiffany gave me a giant glass of water and I almost drank it all while they finished. Then I set up my computer and proceeded to give my talk/workshop!

It was an improved and revised version of the beta-talk I gave at Mozilla London past past week:


Note to self: maybe remove red banners behind me if wearing a red shirt, so as not to blend with them

Sadly it wasn’t recorded and I didn’t screencast it either, so you’ll have to make do with the slides and the code for the slides (which includes the examples). Or maybe wait until I maybe run this workshop again (which I have already been asked to do!)

Jordan Santell and the Web Audio Editor in Firefox Devtools

Then Jordan (of dancer.js and component.fm fame) talked about the fancy new Web Audio Editor which is one of the latest tools to join the Firefox Devtools collection of awesome—and it just appeared in Firefox Stable (32) so you don’t even need to run Beta, Aurora or Nightly to use it! (I talked a bit about it already).

You can use the editor to visualise the audio graph, change values of the nodes and also detect if you have a memory leak when allocating nodes (which is something that is part of the normal workflow of working with Web Audio).

There was a nice plug to Are We Dubstep Yet?, the minisite I am building to keep track of bugs in the Web Audio Editor. Yay plugs!

are we dubstep yet?

Jordan’s slides are here. You can also watch his JSConf talk where he introduced an early version of the tools!

Chris Wilson and the Web MIDI API

Finally the mighty Chris Wilson explained how the Web MIDI API works and made some demos using a few and assorted MIDI devices he had brought with him: a keyboard, pads, a DJ deck controller…!

It’s interesting that most of the development of the Web MIDI implementation seems to be happening in Japan, so they are super original in their examples.

Chris’ slides on Web MIDI and other audio in general slides.

Hacking + Hacks!

I think we had lunch then… and then it was HACK TIME! But before actually getting started, some people pitched their idea to see if someone else wanted to collaborate with them and hack together. I think that was a really neat idea :-)

Myself, I spent the hack time…

  • reconnecting with old acquaintances
  • answering questions! but very few of them and none of them were the usual “but why doesn’t my oscillator start anymore?” but more interesting ones, so that was cool!
  • asking questions! to Chris mostly–one cannot ask questions to a spec editor in person every day!
  • and even started a hack which I didn’t finish: visualising custom periodic waves for use with an Oscillator Node, given the harmonics array. I gave myself the idea while I was doing the workshop, which is a terrible thing to do to myself, as I was distracting myself and wanted to hack on that instead of finishing the workshop. My brain probably hates itself, or me in general.

Also this was really cool:

.@cwilso and me feeling a tremendous relief at not being the only ones randomly causing our machines to emit weird sounds #webaudiohackday

— ǝlosɹǝdns (@supersole) September 12, 2014

I’m always super aware that weird sounds might be coming out of any of the devices in my desk when I’m testing web audio stuff, so it was fun to see I’m not the only one feeling that way :D

After hack time, the hacks were presented:

These are the people that submitted a hack, in the same order they appear in the video. Not all of them have published their hack code so if you are one of those, please do and write a comment so I can update this post!

  1. Jelle Akkerman (github, twitter) – NoOsc was an experiment using NoFlo, trying to build something very visual and cool, super suitable for live-acts. I really liked the idea!
  2. Guillaume Marty (github, twitter) – a BPM detection algorithm, using the OfflineAudioContext
  3. Erik Woitschig (twitter) – Using SoundCloud as sample database
  4. Daniel Roth, Jonathan Lundin (twitter, github), Felix Niklas (twitter, github) – Oscillator reacting to mobile phone gyroscope – it sounded really nice and I liked that the same code worked even in iPads. Yay Web Audio!
  5. Chris Greeff (twittergithub), Nick Lockhart (twitterhttps://github.com/N1ck) – Beaty Bird – source code (Second prize)
  6. Lisa Passing (githubtwitter) – One Hand Soundgame – source code (Third prize)
  7. Thomas Fett (twittergithub) – Remix at once – source code (Fourth prize)
  8. Evan Sonderegger (twittergithub) – Vector Scope in Web Audio API (First prize)

The hardware prizes were sponsored by Mozilla. And the software prizes by Bitwig.

The unofficial/community Web Audio logo

We also publicised a thing that Martin Holzhauer had worked on: the unofficial/community Web Audio logo!

Web Audio logo

Here’s the SVG. Many thanks to Martin for putting it all together!

As far as we know there is/was not an official logo. I totally love this one as it kind of matches the various JS* aesthetics and it is immediately understandable–most of the W3C api icons are just too fancy for anyone to grasp what they actually mean. Sure they look cool, but they do not work as a logo from a purely functional perspective.

And now, what?

Well, the Web Audio Conference is next January in Paris. They’re still accepting submissions for papers until next month, so why don’t you go and submit something? :-)

Hopefully see you there!

flattr this!

Categorieën: Mozilla-nl planet

Daniel Stenberg: Changing networks with Firefox running

vr, 26/09/2014 - 08:24

Short recap: I work on network code for Mozilla. Bug 939318 is one of “mine” – yesterday I landed a fix (a patch series with 6 individual patches) for this and I wanted to explain what goodness that should (might?) come from this!

diffstat

diffstat reports this on the complete patch series:

29 files changed, 920 insertions(+), 162 deletions(-)

The change set can be seen in mozilla-central here. But I guess a proper description is easier for most…

The bouncy road to inclusion

This feature set and associated problems with it has been one of the most time consuming things I’ve developed in recent years, I mean in relation to the amount of actual code produced. I’ve had it “landed” in the mozilla-inbound tree five times and yanked out again before it landed correctly (within a few hours), every time of course reverted again because I had bugs remaining in there. The bugs in this have been really tricky with a whole bunch of timing-dependent and race-like problems and me being unfamiliar with a large part of the code base that I’m working on. It has been a highly frustrating journey during periods but I’d like to think that I’ve learned a lot about Firefox internals partly thanks to this resistance.

As I write this, it has not even been 24 hours since it got into m-c so there’s of course still a risk there’s an ugly bug or two left, but then I also hope to fix the pending problems without having to revert and re-apply the whole series…

Many ways to connect to networks

Firefox Nightly screenshotIn many network setups today, you get an environment and a network “experience” that is crafted for that particular place. For example you may connect to your work over a VPN where you get your company DNS and you can access sites and services you can’t even see when you connect from the wifi in your favorite coffee shop. The same thing goes for when you connect to that captive portal over wifi until you realize you used the wrong SSID and you switch over to the access point you were supposed to use.

For every one of these setups, you get different DHCP setups passed down and you get a new DNS server and so on.

These days laptop lids are getting closed (and the machine is put to sleep) at one place to be opened at a completely different location and rarely is the machine rebooted or the browser shut down.

Switching between networks

Switching from one of the networks to the next is of course something your operating system handles gracefully. You can even easily be connected to multiple ones simultaneously like if you have both an Ethernet card and wifi.

Enter browsers. Or in this case let’s be specific and talk about Firefox since this is what I work with and on. Firefox – like other browsers – will cache images, it will cache DNS responses, it maintains connections to sites a while even after use, it connects to some sites even before you “go there” and so on. All in the name of giving the users an as good and as fast experience as possible.

The combination of keeping things cached and alive, together with the fact that switching networks brings new perspectives and new “truths” offers challenges.

Realizing the situation is new

The changes are not at all mind-bending but are basically these three parts:

  1. Make sure that we detect network changes, even if just the set of available interfaces change. Send an event for this.
  2. Make sure the necessary parts of the code listens and understands this “network topology changed” event and acts on it accordingly
  3. Consider coming back from “sleep” to be a network changed event since we just cannot be sure of the network situation anymore.

The initial work has been made for Windows only but it allows us to smoothen out any rough edges before we continue and make more platforms support this.

The network changed event can be disabled by switching off the new “network.notify.changed” preference. If you do end up feeling a need for that, I really hope you file a bug explaining the details so that we can work on fixing it!

Act accordingly

So what is acting properly? What if the network changes in a way so that your active connections suddenly can’t be used anymore due to the new rules and routing and what not? We attack this problem like this: once we get a “network changed” event, we “allow” connections to prove that they are still alive and if not they’re torn down and re-setup when the user tries to reload or whatever. For plain old HTTP(S) this means just seeing if traffic arrives or can be sent off within N seconds, and for websockets, SPDY and HTTP2 connections it involves sending an actual ping frame and checking for a response.

The internal DNS cache was a bit tricky to handle. I initially just flushed all entries but that turned out nasty as I then also killed ongoing name resolves that caused errors to get returned. Now I instead added logic that flushes all the already resolved names and it makes names “in transit” to get resolved again so that they are done on the (potentially) new network that then can return different addresses for the same host name(s).

This should drastically reduce the situation that could happen before when Firefox would basically just freeze and not want to do any requests until you closed and restarted it. (Or waited long enough for other timeouts to trigger.)

The ‘N seconds’ waiting period above is actually 5 seconds by default and there’s a new preference called “network.http.network-changed.timeout” that can be altered at will to allow some experimentation regarding what the perfect interval truly is for you.

Firefox BallInitially on Windows only

My initial work has been limited to getting the changed event code done for the Windows back-end only (since the code that figures out if there’s news on the network setup is highly system specific), and now when this step has been taken the plan is to introduce the same back-end logic to the other platforms. The code that acts on the event is pretty much generic and is mostly in place already so it is now a matter of making sure the event can be generated everywhere.

My plan is to start on Firefox OS and then see if I can assist with the same thing in Firefox on Android. Then finally Linux and Mac.

I started on Windows since Windows is one of the platforms with the largest amount of Firefox users and thus one of the most prioritized ones.

More to do

There’s separate work going on for properly detecting captive portals. You know the annoying things hotels and airports for example tend to have to force you to do some login dance first before you are allowed to use the internet at that location. When such a captive portal is opened up, that should probably qualify as a network change – but it isn’t yet.

Categorieën: Mozilla-nl planet

Arky: Building Boot2Gecko(B2G) on Ubuntu

vr, 26/09/2014 - 05:12

Update: This documentation is out-of-date: Please read developer.mozilla.org/en-US/Firefox_OS/Building for latest information

You heard about Mozilla Boot2Gecko(B2G) mobile operating system. Boot2Gecko's Gaia user interface is developed entirely using HTML, CSS and Javascript web technologies. If you are an experienced web developer you can contribute to Gaia UI and develop new Boot2Gecko applications with ease. In this post I'll explain how to setup the Boot2Gecko (B2G) development environment on your personal computer.


You can run Boot2Gecko(B2G) inside an emulator or inside a Firefox web browser. Using Boot2Gecko(B2G) with QEMU emulator is very resource intensive, so we will focus on the later in this post. I'll assume you are comfortable with Mozilla build environment. So, get that pot of coffee brewing and prepare for a long night of hacking.


Building Boot2Gecko(B2G) Firefox App

Before you start, let us make sure that you have all the prerequisites for building Firefox on your computer. Please have a look at the build prerequisites for your Linux, Window and OSX operating system.


# Let get the source code # Download mozilla-central repository $ hg clone http://hg.mozilla.org/mozilla-central mozilla-central # Download the Gaia source code $ git clone https://github.com/mozilla-b2g/gaia gaia # Change directory and create our profile $ cd gaia $ make profile # Change directory into your mozilla-central directory $ cd mozilla-central # Create a .mozconfig file inside your mozilla-central directory: $ nano .mozconfig mk_add_options MOZ_OBJDIR=../b2g-build mk_add_options MOZ_MAKE_FLAGS="-j9 -s" ac_add_options --enable-application=b2g ac_add_options --disable-libjpeg-turbo ac_add_options --enable-b2g-ril ac_add_options --with-ccache=/usr/bin/ccache # Build the Firefox B2G app and wait for the build to finish $ make -f client.mk build # Create a simple b2g bash script to launch B2G app; change paths you suit your environment # Note: Have to use to -safe-mode option due to bug on my Ubuntu box #!/bin/sh export B2G_HOMESCREEN=http://homescreen.gaiamobile.org/ /home/arky/src/b2g-build/dist/bin/b2g -profile /home/arky/src/gaia/profile

If everything goes well. You should have boot2gecko running inside a firefox now.


Boot2Gecko running inside firefox on Ubuntu

Customizing Firefox B2G App

For better Boot2Gecko (B2G) experience, we will customize Firefox features offline cache and touch events using a custom Firefox profile.



Create a Custom Firefox Profile

You can use dist/bin/b2g -ProfileManager option to launch Firefox Profile Manager. Create a new profile called 'b2g'. Now we can add customizations to this new profile.


On Linux computers, the profile is created under ~/.mozilla/b2g/ directory. You can find the information about location of firefox profiles for your operating system here.



You launch B2G with your new custom profile using the '-P' option. Modify your B2G bash script and add the custom profile option. dist/bin/b2g -P b2g


Disable offline cache

Create a user.js file inside your custom 'b2g' firefox profile directory. Add the following line to disable offline cache.

user_pref('browser.cache.offline.enable', false);

Enabling Touch events

Add the following line in your user.js file inside your custom 'b2g' Firefox profile directory to enable touch events.

user_pref('dom.w3c_touch_events.enabled', true);


That's it. You now have a Boot2Gecko(B2G) running inside Firefox on your computer. Happy Hacking!

Categorieën: Mozilla-nl planet

Julien Vehent: Shellshock IOC search using MIG

vr, 26/09/2014 - 01:06

Shellshock is being exploited. People are analyzing malwares dropped on systems using the bash vulnerability.

I wrote a MIG Action to check for these IOCs. I will keep updating it with more indicators as we discover them. To run this on your Linux 32 or 64 bits system, download the following archive: mig-shellshock.tar.xz 

Download the archive and run mig-agent as follow:

$ wget https://jve.linuxwall.info/ressources/taf/mig-shellshock.tar.xz$ sha256sum mig-shellshock.tar.xz 0b527b86ae4803736c6892deb4b3477c7d6b66c27837b5532fb968705d968822 mig-shellshock.tar.xz $ tar -xJvf mig-shellshock.tar.xz 
shellshock_iocs.json
mig-agent-linux64
mig-agent-linux32$ ./mig-agent-linux64 -i shellshock_iocs.json This will output results in JSON format. If you grep for "foundanything" and both values return "false", it means no IOC was found on your system. If you get "true", look at the detailed results in the JSON output to find out what exactly was found.$ ./mig-agent-linux64 -i shellshock_iocs.json|grep foundanything
    "foundanything": false,
    "foundanything": false,The full action for MIG is below. I will keep updating it over time, I recommend you use the one below instead of the one in the archive.{
"name": "Shellshock IOCs (nginx and more)",
"target": "os='linux' and heartbeattime \u003e NOW() - interval '5 minutes'",
"threat": {
"family": "malware",
"level": "high"
},
"operations": [
{
"module": "filechecker",
"parameters": {
"searches": {
"iocs": {
"paths": [
"/usr/bin",
"/usr/sbin",
"/bin",
"/sbin",
"/tmp"
],
"sha256": [
"73b0d95541c84965fa42c3e257bb349957b3be626dec9d55efcc6ebcba6fa489",
"ae3b4f296957ee0a208003569647f04e585775be1f3992921af996b320cf520b",
"2d3e0be24ef668b85ed48e81ebb50dce50612fb8dce96879f80306701bc41614",
"2ff32fcfee5088b14ce6c96ccb47315d7172135b999767296682c368e3d5ccac",
"1f5f14853819800e740d43c4919cc0cbb889d182cc213b0954251ee714a70e4b"
],
"regexes": [
"/bin/busybox;echo -e '\\\\147\\\\141\\\\171\\\\146\\\\147\\\\164'"
]
}
}
}
},
{
"module": "netstat",
"parameters": {
"connectedip": [
"108.162.197.26",
"162.253.66.76",
"89.238.150.154",
"198.46.135.194",
"166.78.61.142",
"23.235.43.31",
"54.228.25.245",
"23.235.43.21",
"23.235.43.27",
"198.58.106.99",
"23.235.43.25",
"23.235.43.23",
"23.235.43.29",
"108.174.50.137",
"201.67.234.45",
"128.199.216.68",
"75.127.84.182",
"82.118.242.223",
"24.251.197.244",
"166.78.61.142"
]
}
}
],
"description": {
"author": "Julien Vehent",
"email": "ulfr@mozilla.com",
"revision": 201409252305
},
"syntaxversion": 2
}
Categorieën: Mozilla-nl planet

Armen Zambrano: Making mozharness easier to hack on and try support

do, 25/09/2014 - 21:42
Yesterday, we presented a series of proposed changes to Mozharness at the bi-weekly meeting.

We're mainly focused on making it easier for developers and allow for further flexibility.
We will initially focus on the testing side of the automation and make ground work for other further improvements down the line.

The set of changes discussed for this quarter are:

  1. Move remaining set of configs to the tree - bug 1067535
    • This makes it easier to test harness changes on try
  2. Read more information from the in-tree configs - bug 1070041
    • This increases the number of harness parameters we can control from the tree
  3. Use structured output parsing instead of regular where it applies - bug 1068153
    • This is part of a larger goal where we make test reporting more reliable, easy to consume and less burdening on infrastructure
    • It's to establish a uniform criteria for setting a job status based on a test result that depends on structured log data (json) rather than regex-based output parsing
    • "How does a test turn a job red or orange?" 
    • We will then have a simple answer that is that same for all test harnesses
  4. Mozharness try support - bug 791924
    • This will allow us to lock which repo and revision of mozharnes is checked out
    • This isolates mozharness changes to a single commit in the tree
    • This give us try support for user repos (freedom to experiment with mozharness on try)


Even though we feel the pain of #4, we decided that the value gained for developers through #1 & #2 gave us immediate value while for #4 we know our painful workarounds.I don't know if we'll complete #4 in this quarter, however, we are committed to the first three.
If you want to contribute to the longer term vision on that proposal please let me know.

In the following weeks we will have more updates with regards to implementation details.

Stay tuned!

Creative Commons License
This work by Zambrano Gasparnian, Armen is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.
Categorieën: Mozilla-nl planet

Mozilla Release Management Team: Firefox 33 beta6 to beta7

do, 25/09/2014 - 18:27

This beta has been driven by the NSS chemspill. We used this unexpected beta to test the behavior of 33 without OMTC under Windows.

  • 8 changesets
  • 232 files changed
  • 73163 insertions
  • 446 deletions

ExtensionOccurrences cc73 h45 py23 c11 vcproj8 sh7 xcconfig6 mn6 pump4 mk4 cpp3 cbproj3 txt2 sln2 plist2 pbxproj2 m42 html2 def2 mm1 list1 +1 js1 in1 groupproj1 dep1 cmake1 am1 ac1

ModuleOccurrences security151 security69 image4 widget1 modules1 +1 js1 gfx1

List of changesets:

Michael WuBug 1062886 - Fix one color padded drawing path. r=seth, a=sledru - 232c3b4708b9 Michael WuBug 1068230 - Don't use the gfxContext transform in intermediate surface. r=seth, a=sledru - bca0649c9b79 Douglas CrosherBug 1013996 - irregexp: Avoid unaligned accesses in ARM code. r=bhackett, a=sledru - 5e2a5b6c7a0d Bas SchoutenBug 1030147 - Switch off OMTC on windows. r=milan, a=sylvestre - f631df57b34c Steven MichaudBug 1056251 - Changing to a Firefox window in a different workspace does not focus automatically. r=masayuki a=lmandel - 7c118b1cf343 Kai EngertBug 1064636, upgrade to NSS 3.17.1 release, r=rrelyea, a=lmandel - fb8ff9258d02 Matt WoodrowBug 1030147 - Release the DrawTarget to drop the surface ref in ThebesLayerD3D9. r=Bas a=lmandel CLOSED TREE - 280407351f1b L. David BaronBug 1064636 followup: Add new function to config/external/nss/nss.def r=khuey a=bustage CLOSED TREE - 2431af782661

Categorieën: Mozilla-nl planet

Mike Hommey: So, hum, bash…

do, 25/09/2014 - 09:43

So, I guess you heard about the latest bash hole.

What baffles me is that the following still is allowed:

env echo='() { xterm;}' bash -c "echo this is a test"

Interesting replacements for “echo“, “xterm” and “echo this is a test” are left as an exercise to the reader.

Categorieën: Mozilla-nl planet

Sean Bolton: From the Furthest Edge to the Deepest Middle

do, 25/09/2014 - 03:36

In my role as Community Building Intern at Mozilla this summer, my goal has been to be explicit about how community building works so that people both internal and external to Mozilla can better understand and build upon this knowledge. This requires one of my favorite talents: connecting what emerges and making it a thing. We all experience this when we’ve been so immersed in something that we begin to notice patterns – our brains like to connect. One of my mentors, Dia Bondi, experienced this with her 21 Things, which she created during her time as a speech coach and still uses today in her work.

I set out to develop a mental model to help thing-ify this seemingly ambiguous concept of community building so that we all could collectively drive the conversation forward. (That might be the philosopher in me.) What emerged was this sort of fascinating overarching story: community building is connecting the furthest edge to the deepest middle (and making the process along that path easier). What I mean here is that the person with the largest of any form of distance must be able to connect to the hardest to reach person in the heart of the formal organization. For example, the 12 year old girl in Brazil who just taught herself some new JavaScript framework needs to be able to connect in some way to the module owner of that new JavaScript framework located in Finland because when they work together we all rise further together.

community building

The edge requires coordination from community. The center requires internal champions. The goal of community building is then to support community by creating structures that bridge community coordinators and internal champions while independently being or supporting the development of both. This structure allows for more action and creativity than no structure at all – a fundamental of design school.

Below is a model of community management. We see this theme of furthest edge to deepest middle. “It’s broken” is the edge. “I can do something about it” approaches the middle. This model shows how to take action and make the pathway from edge to middle easier.

community management

Community building is connecting the furthest edge to the deepest middle. It’s implicit. It’s obvious. But, when we can be explicit and talk about it we can figure out where and how to improve what works and focus less on what does not.


Categorieën: Mozilla-nl planet

Ted Clancy: A better way to input Vietnamese

do, 25/09/2014 - 02:06

Earlier this year I had the pleasure of implementing for Firefox OS an input method for Vietnamese (a language I have some familiarity with). After being dissatisfied with the Vietnamese input methods on other smartphones, I was eager to do something better.

I believe Firefox OS is now the easiest smartphone on the market for out-of-the-box typing of Vietnamese.

The Challenge of Vietnamese

Vietnamese uses the Latin alphabet, much like English, but it has an additional 7 letters with diacritics (Ă, Â, Đ, Ê, Ô, Ơ, Ư). In addition, each word can carry one of five tone marks. The combination of diacritics and tone marks means that the character set required for Vietnamese gets quite large. For example, there are 18 different Os (O, Ô, Ơ, Ò, Ồ, Ờ, Ỏ, Ổ, Ở, Õ, Ỗ, Ỡ, Ó, Ố, Ớ, Ọ, Ộ, Ợ). The letters F, J, W, and Z are unused. The language is (orthographically, at least) monosyllabic, so each syllable is written as a separate word.

This makes entering Vietnamese a little more difficult than most other Latin-based languages. Whereas languages like French benefit from dictionary lookup, where the user can type A-R-R-E-T-E and the system can from prompt for the options ARRÊTE or ARRÊTÉ, that is much less useful for Vietnamese, where the letters D-O can correspond to one of 25 different Vietnamese words (do, , , , dỗ, , dở, dỡ, dợ, đo, đò, đỏ, đó, đọ, đô, đồ, đổ, đỗ, đố, độ, đơ, đờ, đỡ, đớ, or đợ).

Other smartphone platforms have not dealt with this situation well. If you’ve tried to enter Vietnamese text on an iPhone, you’ll know how difficult it is. The user has two options. One is to use the Telex input method, which involves memorizing an arbitrary mapping of letters to tone marks. (It was originally designed as an encoding for sending Vietnamese messages over the Telex telegraph network.) It is user-unfriendly in the extreme, and not discoverable. The other option is to hold down a letter key to see variants with diacritics and tone marks. For example, you can hold down A for a second and then scroll through the 18 different As that appear. You do that every time you need to type a vowel, which is painfully slow.

Fortunately, this is not an intractable problem. In fact, it’s an opportunity to do better. (I can only assume that the sorry state of Vietnamese input on the iPhone speaks to a lack of concern about Vietnamese inside Apple’s hallowed walls, which is unfortunate because it’s not like there’s a shortage of Vietnamese people in San José.)

Crafting a Solution

To some degree, this was already a solved problem. Back in the days of typewriters, there was a Vietnamese layout called AĐERTY. It was based on the French AZERTY, but it moved the F, J, W, and Z keys to the periphery and added keys for Ă, Đ, Ơ, and Ư. It also had five dead keys. The dead keys contained:

  • a circumflex diacritic for typing the remaining letters (Â, Ê, and Ô);
  • the five tone marks; and
  • four glyphs each representing the kerned combination of the circumflex diacritic with a tone mark, needed where the two marks would otherwise overlap

Photo of a Vietnamese typewriter

My plan was to make a smartphone version of this typewriter. Already it would be an improvement over the iPhone. But since this is the computer age, there were more improvements I could make.

Firstly, I omitted F, J, W, and Z completely. If the user needs to type them — for a foreign word, perhaps — they can switch layouts to French. (Gaia will automatically switch to a different keyboard if you need to type a web address.) And obviously I could omit the glyphs that represent kerned pairs of diacritic & tone marks, since kerning is no longer a mechanical process.

The biggest change I made is that, rather than having keys for the five tone marks, words with tones appear as candidates after typing the letters. This has numerous benefits. It eliminates five weird-looking keys from the keyboard. It eliminates confusion about when to type the tone mark. (Tone marks are visually positioned in the middle of the word, but when writing Vietnamese by hand, tone marks are usually added last after writing the rest of the word.) It also saves a keystroke too, since we can automatically insert a space after the user selects the candidate. (For a word without a tone mark, the user can just hit the space bar. Think of the space bar as meaning “no tone”.)

This left just 26 letter keys plus one key for the circumflex diacritic. Firefox OS’s existing AZERTY layout had 26 letter keys plus one key for the apostrophe, so I put the circumflex where the apostrophe was. (The apostrophe is unused in Vietnamese.)

Screenshot of Vietnamese input method in use

In order to generate the tone candidates, I had to detect when the user had typed a valid Vietnamese syllable, because I didn’t want to display bizarre-looking nonsense as a candidate. Vietnamese has rules for what constitutes a valid syllable, based on phonotactics. And although the spelling isn’t purely phonetic (in particular, it inherits some peculiarities from Portuguese), it follows strict rules. This was the hardest part of writing the input method. I had to do some research about Vietnamese phonotactics and orthography. A good chunk of my code is dedicated to encoding these rules.

Knowing about the limited set of valid Vietnamese syllables, I was able to add some convenience to the input method. For example, if the user types V-I-E, a circumflex automatically appears on E because VIÊ is a valid sequence of letters in Vietnamese while VIE is not. If the user types T to complete the partial word VIÊT, only two tone candidates appear (VIỂT and VIỆT), because the other three tone marks can’t appear on a word ending with T.

Using it yourself

You can try the keyboard for yourself at Timothy Guan‑tin Chien’s website.

The keyboard is not included in the default Gaia builds. To include it, add the following line to the Makefile in the gaia root directory:

GAIA_KEYBOARD_LAYOUTS=fr,vi-Typewriter

The code is open source. Please steal it for your own open source project.

 


Categorieën: Mozilla-nl planet

Erik Vold: Jetpack Pro Tip - setImmediate and clearImmediate

do, 25/09/2014 - 02:00

Do you know about window.setImmediate or window.clearImmediate ?

Did you know that you can use these now with the Add-on SDK ?

We’ve managed to keep them a little secret, but they are awesome because setImmediate is much quicker than setTimeout(fn, 0) especially if it is used a lot as it would be if it were in a loop or if it were used recursively. This is well described in the notes in MDN on window.setImmediate.

To use these function with the Add-on SDK, do the following:

const { setImmediate, clearImmediate } = require("sdk/timers"); function doStuff() {} let timerID = setImmediate(doStuff); // to run `doStuff` in the next tick clearImmediate(timerID) // to cancel `doStuff`
Categorieën: Mozilla-nl planet

Monty Montgomery: Intra-Paint: A new Daala demo from Jean-Marc Valin

wo, 24/09/2014 - 21:36

Intra paint is not a technique that's part of the original Daala plan and, as of right now, we're not currently using it in Daala. Jean-Marc envisioned it as a simpler, potentially more effective replacement for intra-prediction. That didn't quite work out-- but it has useful and visually pleasing qualities that, of all things, make it an interesting postprocessing filter, especially for deringing.

Several people have said 'that should be an Instagram filter!' I'm sure Facebook could shake a few million loose for us to make that happen ;-)

Categorieën: Mozilla-nl planet

Wil Clouser: The Great Add-on Bug Triage

wo, 24/09/2014 - 20:44

The AMO team is meeting this week to discuss road maps and strategies and among the topics is our backlog of open bugs. Since mid-2011 there has averaged around 1200 bugs open at any one time.

Currently any interaction with AMO’s bugs is too time consuming: finding good first bugs, triaging existing bugs, organizing a chunk of bugs to fix in a milestone — they all require interacting with a list of 1200 bugs, many of which are years old and full of discussions by people who no longer contribute to the bugs. The small chunks of time I (and others) get to work on AMO are consumed by digging through these old bugs and trying to apply them to the current site.

In an effort to get this list to a manageable size the AMO team is aggressively triaging and closing bugs this week, hopefully ending the week with a realistic list of items we can hope to accomplish. With that list in hand we can prioritize the bugs, divide them into milestones, and begin to lobby for developer time.

Many of the bugs which are being closed are good ideas and we’d like to fix them, but we simply need to be realistic about what we can actually do with the resources we have. If you contribute patches to any of the bugs, please feel free to reopen them.

Thanks for being a part of AMO.

Categorieën: Mozilla-nl planet

Jean-Marc Valin: Daala: Painting Images For Fun (and Profit?)

wo, 24/09/2014 - 19:20

As a contribution to Monty's Daala demo effort, I decided to demonstrate a technique I've recently been developing for Daala: image painting. The idea is to represent images as directions and 1-D patterns.

Read more!

Categorieën: Mozilla-nl planet

Frédéric Harper: HTML for the Mobile Web at All Things Open

wo, 24/09/2014 - 17:23

allthingsopen

In about a month, I’ll speak at All Things Open in Raleigh, North Carolina. I’m quite excited as even if I never attended this event, I hear a lot of good things about it. Funny enough, I don’t go on stage quite often in the United States, so it’s a great opportunity to do so. What could be a better topic than talking about HTML for the Mobile Web at an event like this?

Firefox OS is a new operating system for mobile phones to bring web connectivity to those who can not get top-of-the-line smartphones. By harvesting the principles of what made the web great and giving developers access to the hardware directly through web standards it will be the step we need to make a real open and affordable mobile web a reality. In this talk, Frédéric Harper from Mozilla will show how Firefox OS works, how to build apps for it and how end users will benefit from this open alternative to other platforms.

It’s not too late to register for this event on October 22-23: they still have early birds tickets. See you there to share, and dicuss with you about open source, open tech and the open web!


--
HTML for the Mobile Web at All Things Open is a post on Out of Comfort Zone from Frédéric Harper

Related posts:

  1. Empower Mobile Web Developers with JavaScript & WebAPI at PragueJS HTML5 is a giant step in the right direction: it...
  2. Mobile Startups Toronto, and Firefox OS as an opportunity The year is not yet done that I’m starting to...
  3. Fixing the mobile web with Firefox OS at FITC Toronto This morning I was presenting at FITC Toronto about Firefox...
Categorieën: Mozilla-nl planet

Pete Moore: Highlights from this week xyz Goals for next week: xyz Bugs I created this week: Bug 1072274 –...

wo, 24/09/2014 - 17:09

Highlights from this week

  • xyz

Goals for next week:

  • xyz

Bugs I created this week:

Other bugs I updated this week:

Categorieën: Mozilla-nl planet

Pagina's