Mozilla Nederland LogoDe Nederlandse

Abonneren op feed Mozilla planet
Planet Mozilla -
Bijgewerkt: 1 dag 5 uur geleden

The Servo Blog: This Week In Servo 78

ma, 19/09/2016 - 02:30

In the last week, we landed 68 PRs in the Servo organization’s repositories.

Planning and Status

Our overall roadmap is available online and now includes the initial Q3 plans. From now on, we plan to include the quarterly plan with a high-level breakdown in the roadmap page.

This week’s status updates are here.

Special thanks to canaltinova for their work on implementing the matrix transition algorithms for CSS3 transform animation. This allows (both 2D and 3D) rotate(), perspective() and matrix() functions to be interpolated, as well as interpolations between arbitrary transformations, though the last bit is yet to be implemented. In the process of implementation, we had to deal with many spec bugs, as well as implementation bugs in other browsers, which complicated things immensely – it’s very hard to tell if your code has a mistake or if the spec itself is wrong in complicated algorithms like these. Great work, canaltinova!

Notable Additions
  • glennw added support for scrollbars
  • canaltinova implemented the matrix decomposition/interpolation algorithm
  • nox landed a rustup to the 9/14 rustc nightly
  • ejpbruel added a websocket server for use in the remote debugging protocol
  • creativcoder implemented the postMessage() API for ServiceWorkers
  • ConnorGBrewster made Servo recycle session entries when reloading
  • mrobinson added support for transforming rounded rectangles
  • glennw improved webrender startup times by making shaders compile lazily
  • canaltinova fixed a bug where we don’t normalize the axis of rotate() CSS transforms
  • peterjoel added the DOMMatrix and DOMMatrixReadOnly interfaces
  • Ms2ger corrected an unsound optimization in event dispatch
  • tizianasellitto made DOMTokenList iterable
  • aneeshusa excised SubpageId from the codebase, using PipelineId instead
  • gilbertw1 made the HTTP authentication cache use origins intead of full URLs
  • jmr0 fixed the event suppression logic for pages that have navigated
  • zakorgy updated some WebBluetooth APIs to match new specification changes
New Contributors

Interested in helping build a web browser? Take a look at our curated list of issues that are good for new contributors!


Some screencasts of matrix interpolation at work:

This one shows all the basic transformations together (running a tweaked version of this page. The 3d rotate, perspective, and matrix transformation were enabled by the recent change.

Servo’s new scrollbars!

Categorieën: Mozilla-nl planet

Karl Dubost: [worklog] Edition 036 - Administrative week

zo, 18/09/2016 - 16:55

Busy week without much things done for bugs. W3C is heading to Lisbon for the TPAC, so tune of the week: Amalia Rodrigues. I'll be there in spirit.

Webcompat Life

Progress this week:

326 open issues ---------------------- needsinfo 12 needsdiagnosis 106 needscontact 8 contactready 28 sitewait 158 ----------------------

You are welcome to participate

Webcompat issues

(a selection of some of the bugs worked on this week).

  • yet another appearance: none implemented in Blink. This time for meter. development Reading List Follow Your Nose TODO
  • Document how to write tests on using test fixtures.
  • ToWrite: Amazon prefetching resources with <object> for Firefox only.


Categorieën: Mozilla-nl planet

Andy McKay: TFSA Check

zo, 18/09/2016 - 09:00

The TFSA is a savings account for Canadians that was introduced in 2009.

As a quick check I wanted to see how much or little my TFSA had changed against what it should be. That meant a double check of how much room I had in the TFSA each year. So this is a quick cacluation the theoretical case: that you are able to invest the maximum amount each year, at the beginning of the year and get 5% return (after fees) on that.

Year Maximum Total invested Compounded 2009$5,000.00$5,000.00$5,250.00 2010$5,000.00$10,000.00$10,762.50 2011$5,000.00$15,000.00$16,550.63 2012$5,000.00$20,000.00$22,628.16 2013$5,500.00$25,500.00$29,534.56 2014$5,500.00$31,000.00$36,786.29 2015$10,000.00$41,000.00$49,125.61 2016$5,500.00$46,500.00$57,356.89

Which always raises the question for me of what is a reasonable rate to calculate at these days. It always used to be 10%, but that's very hard to get these days. Since 2006 the annualized return on the S&P 500 is 5.158% for example. Perhaps 5% represents too conversative a number.

Categorieën: Mozilla-nl planet

Matěj Cepl: OpenWeatherMapProvider for CyanogenMod 13

za, 17/09/2016 - 22:22

I don’t understand. CyanogenMod 13 introduced new Weather widget and lock screen support. Great! Unfortunately, the widget requires specific providers for weather services and CM does not provide any in the default installation. There exists Weather Underground provider, which works, but only other provider I found (Yahoo! Weather provider) does not work with my CM without Google Play!.

I would a way prefer OpenWeatherMap provider, but although CyanogenMod has the GitHub repository for one , but no APK anywhere (and certainly not one for F-Droid). Fortunately, I have found a blogpost which describes how simple it is build the APK from the given code. Unfortunately, author did not provide APK on his site. I am not sure, whether there is not some hook, but here is mine.

Categorieën: Mozilla-nl planet

Chris McDonald: Changing Optimization Targets

za, 17/09/2016 - 20:46
Alternate Title: How I changed my mental model to be a more effective game developer and human.

Back in February 2016, I started my journey as a professional game developer. I joined Sparkypants to work on the backend for Dropzone. This was about 7 months ago at time of writing. I didn’t enter the game development world in the standard ways. I wasn’t at one of the various schools with game dev programs, I didn’t intern at a studio, I haven’t spent much of my personal development time building my own indie games. I had on the other hand, spent years building backend services, writing dev tools, competing in AI competitions, and building a slew of half finished open source projects. In short, I was not a game developer when I started.

My stark contrast in background works to my advantage in many parts of my job. Most of our engineers haven’t worked on backend services and haven’t needed to scale that sort of infrastructure. My lead and friend Johannes has been instrumental in many of my successes so far in the company. He has background in backend development as well as game development and has often been a translator and guide to me as I learn what being a game developer means.

At first, I assumed my contrast would work itself out naturally and I’d just become a game developer by osmosis. If I am surrounded by folks doing this and I’m actively developing a game, I will become a game developer. But that presupposes success, which was only coming to me in limited amounts. The other conclusion would be leaving game development because I wasn’t compatible with it, something I’m unwilling to accept at this time.

I shared my concerns around not fitting the culture at Sparkypants with Johannes, as well as some productivity worries. I’ve learned over the years that if I’m feeling problems like this, my boss may be as well. Johannes with his typical wonderful encouraging personality reminded me that there are large aspects of my personality that fit in with the culture, just maybe my development style and conflict resolution needed work and recommended this talk by Jonathan Blow to show me the mental model that is closer to how many of the other developers operate, among some other advice.

That talk by Jonathan Blow spends a fair amount of its time on the topic of optimization. Whether it is using data oriented techniques to make data series processing faster or drawing in a specific way to make the graphics card use less memory or any number of topics, optimization comes up in nearly every game development talk or article at some point. His point though was that we often spend too much time optimizing the wrong things. If you’ve been in computer science for a bit you’ve inevitably heard at least a fragment of the following quote from Donald Knuth, if not you’re in for a treat, this is a good one:

Programmers waste enormous amounts of time thinking about, or worrying about, the speed of noncritical parts of their programs, and these attempts at efficiency actually have a strong negative impact when debugging and maintenance are considered. We should forget about small efficiencies, say about 97% of the time: premature optimization is the root of all evil. Yet we should not pass up our opportunities in that critical 3%.

The bolded text is the part most folks quote, implying the rest. I had heard this, quoted it, and used it as justification for doing or not doing things many times in the past. But, I’d also forgotten it, I’d apply it when it was convenient for me, but not generally to my software development. Blow starts with the more traditional overthinking algorithms and code in general that most bring up when they speak on premature optimization. Then he followed on with the idea that selecting data structures is a form of optimization. That follow on was a segue to point out that any time you are thinking about a problem, you should keep in mind if it is the most important or urgent problems for you to think about.

The end of the day, your job as a game developer is not to optimize for speed or correctness, but to optimize for fun. This means trying a lot of ideas and throwing many of them out. If you spent a lot of time optimizing for a million users of a feature and only some folks in the company use it before you decide to remove it, you’ve wasted a lot of effort. Maybe not completely, since you’ve probably learned during the process, but that effort could have been put into other features or parts of the system that may actually need attention. This shift in thinking has me letting go of details in more cases, spend less time on projects and focusing on “functional” over “correct and scalable.”

The next day after watching that talk and discussing with Johannes, I attended RustConf and saw a series of amazing talks on Rust and programming in general. Of particular note for changing my mental model was Julia Evan’s closing keynote about learning systems programming with Rust. There were so many things that struck me during that talk, but I’ll just focus on the couple that were most relevant.

First and foremost was the humility in the talk. Julia’s self described experience level was “intermediate developer” while having about as many years of experience as I have and I considered myself a more “senior developer.” At many points over the last couple years I’ve wrestled with this, considering myself senior then seeing evidence that I’m not. As more confident person, it is an easy trap for me to fall into. I’m in my first year as a game developer, regardless of other experience I’m a junior game developer at best.

Starting to internalize this humility has resulted in fighting my coworkers less when they bring up topics that I think I have enough knowledge to weigh in on. The more experienced folks at work have decades of building games behind them. I’m not saying my input to these discussions is worthless, I still have a lot to contribute, but I’ve been able to check my ego at the door more easily and collaborate through topics instead of being contrary.

The humility in the talk makes another major concept from it, life long learning, take on a new light. I’ve always been striving for more knowledge in the computer science space, so life long learning isn’t new to me, but like the optimization discussion above there is more nuance to be discovered. Having humility when trying to learn makes the experience so much richer for all parties. Teachers being humble will not over explain a topic and recognize that their way is not the only way. Learners being humble will be more receptive to ideas that don’t fit their current mental model and seek more information about them.

This post has become quite long, so I’ll try to wrap things up and use further blog posts to explore these ideas with more concrete examples. Writing this has been a mechanism for me to understand some of this change in myself as well as help others who may end up in similar shoes.

If this blog post were a tweet, I think it’d be summarized into “Pay attention to the important things, check your ego at the door, and keep learning.” which I’m sure would get me some retweets and stars or hearts or whatever. And if someone else said it, I’d go “of course, yeah folks mess this up all the time!” But, there is so much more nuance in those ideas. I now realize I’m just a very junior game developer with some other sometimes relevant experience, I’ve so much to learn from my peers and am extremely excited to do so.

If you have additional resources that you’d think I or others who read this would find valuable, please comment below or send me at tweet.

Categorieën: Mozilla-nl planet

Mozilla Security Blog: Update on add-on pinning vulnerability

za, 17/09/2016 - 05:05

Earlier this week, security researchers published reports that Firefox and Tor Browser were vulnerable to “man-in-the-middle” (MITM) attacks under special circumstances. Firefox automatically updates installed add-ons over an HTTPS connection. As a backup protection measure against mis-issued certificates, we also “pin” Mozilla’s web site certificates, so that even if an attacker manages to get an unauthorized certificate for our update site, they will not be able to tamper with add-on updates.

Due to flaws in the process we used to update “Preloaded Public Key Pinning” in our releases, the pinning for add-on updates became ineffective for Firefox release 48 starting September 10, 2016 and ESR 45.3.0 on September 3, 2016. As of those dates, an attacker who was able to get a mis-issued certificate for a Mozilla Web site could cause any user on a network they controlled to receive malicious updates for add-ons they had installed.

Users who have not installed any add-ons are not affected. However, Tor Browser contains add-ons and therefore all Tor Browser users are potentially vulnerable. We are not presently aware of any evidence that such malicious certificates exist in the wild and obtaining one would require hacking or compelling a Certificate Authority. However, this might still be a concern for Tor users who are trying to stay safe from state-sponsored attacks. The Tor Project released a security update to their browser early on Friday; Mozilla is releasing a fix for Firefox on Tuesday, September 20.

To help users who have not updated Firefox recently, we have also enabled Public Key Pinning Extension for HTTP (HPKP) on the add-on update servers. Firefox will refresh its pins during its daily add-on update check and users will be protected from attack after that point.

Categorieën: Mozilla-nl planet

Air Mozilla: Webdev Beer and Tell: September 2016

vr, 16/09/2016 - 20:00

 September 2016 Once a month web developers across the Mozilla community get together (in person and virtually) to share what cool stuff we've been working on in...

Categorieën: Mozilla-nl planet

Wladimir Palant: More Last Pass security vulnerabilities

vr, 16/09/2016 - 19:49

With Easy Passwords I develop a product which could be considered a Last Pass competitor. In this particular case however, my interest was sparked by the reports of two Last Pass security vulnerabilities (1, 2) which were published recently. It’s a fascinating case study given that Last Pass is considered security software and as such should be hardened against attacks.

I decided to dig into Last Pass 4.1.21 (latest version for Firefox at that point) in order to see what their developer team did wrong. The reported issues sounded like there might be structural problems behind them. The first surprise was the way Last Pass is made available to users however: on Addons.Mozilla.Org you only get the outdated Last Pass 3 as the stable version, the current Last Pass 4 is offered on the development channel and Last Pass actively encourages users to switch to the development channel.

My starting point were already reported vulnerabilities and the approach that Last Pass developers took in order to address those. In the process I discovered two similar vulnerabilities and a third one which had even more disastrous consequences. All issues have been reported to Last Pass and resolved as of Last Pass 4.1.26.

Password autocomplete

Having your password manager fill in passwords automatically is very convenient but not exactly secure. The awareness for the issues goes back to at least year 2006 when a report sparked a heavy discussion about the Firefox password manager. The typical attack scenario involves an (unfortunately very common) Cross-site scripting (XSS) vulnerability on the targeted website, this one allows an attacker to inject JavaScript code into the website which will create a login form and then read out the password filled in by the password manager — all that in the background and almost invisible to the user. So when the Firefox password manager requires user interaction these days (entering the first letter of the password) before filling in your password — that’s why.

Last Pass on the other hand supports filling in passwords without any user interaction whatsoever, even though that feature doesn’t seem to be enabled by default. But that’s not even the main issue, as Mathias Karlsson realized the code recognizing which website you are on is deeply flawed. So you don’t need to control a website to steal passwords for it, you can make Last Pass think that your website is actually and then fill in your Twitter password. This is possible because Last Pass uses a huge regular expression to parse URLs and this part of it is particularly problematic:


This is meant to match the username/password part before the hostname, but it will actually skip anything until a @ character in the URL. So if that @ character is in the path part of the URL then the regular expression will happily consider the real hostname part of the username and interpret anything following the @ character the hostname — oops. Luckily, Last Pass already recognized that issue even before Karlsson’s findings. Their solution? Add one more regular expression and replace all @ characters following the hostname by %40. Why not change the regular expressions so that it won’t match slashes? Beats me.

The bug that Karlsson found was then this band-aid code only replacing the last @ character but not any previous ones (greedy regular expression). As a response, Last Pass added more hack-foo to ensure that other @ characters are replaced as well, not by fixing the bug (using a non-greedy regular expression) but by making the code run multiple times. My bug report then pointed out that this code still wasn’t working correctly for data: URLs or URLs like While it’s not obvious whether the issues are still exploitable, this piece of code is just too important to have such bugs.

Of course, improving regular expressions isn’t really the solution here. Last Pass just shouldn’t do their own thing when parsing URLs, it should instead let the browser do it. This would completely eliminate the potential for Last Pass and the browser disagreeing on the hostname of the current page. Modern browsers offer the URL object for that, old ones still allow achieving the same effect by creating a link element. And guess what? In their fix Last Pass is finally doing the right thing. But rather than just sticking with the result returned by the URL object they compare it to the output of their regular expression. Guess they are really attached to that one…

Communication channels

I didn’t know the details of the other report when I looked at the source code, I only knew that it somehow managed to interfere with extension’s internal communication. But how is that even possible? All browsers provide secure APIs that allow different extension parts to communicate with each other, without any websites listening in or interfering. To my surprise, Last Pass doesn’t limit itself to these communication channels and relies on window.postMessage() quite heavily in addition. The trouble with this API is: anybody could be sending messages, so receivers should always verify the origin of the message. As Tavis Ormandy discovered, this is exactly what Last Pass failed to do.

In the code that I saw origin checks have been already added to most message receivers. However, I discovered another communication mechanisms: any website could add a form with id="lpwebsiteeventform" attribute. Submitting this form triggered special actions in Last Pass and could even produce a response, e.g. the getversion action would retrieve details about the Last Pass version. There are also plenty of actions which sound less harmless, such as those related to setting up and verifying multifactor authentication.

For my proof-of-concept I went with actions that were easier to call however. There was get_browser_history_tlds action for example which would retrieve a list of websites from your browsing history. And there were setuuid and getuuid actions which allowed saving an identifier in the Last Pass preferences which could not be removed by regular means (unlike cookies).

Last Pass resolved this issue by restricting this communication channel to and domains. So now these are the only websites that can read out your browsing history. What they need it for? Beats me.

Full compromise

When looking into other interactions with websites, I noticed this piece of code (reduced to the relevant parts):

var src = window.frameElement.getAttribute("lpsrc"); if (src && 0 < src.indexOf("lpblankiframeoverlay.local")) window.location.href = g_url_prefix + "overlay.html" + src.substring(src.indexOf("?"));

This is how Last Pass injects its user interface into websites on Firefox: since content scripts don’t have the necessary privileges to load extension pages into frames, they create a frame with an attribute like lpsrc="http://lpblankiframeoverlay.local/?parameters". Later, the code above (which has the necessary privileges) looks at the frame and loads the extension page with the correct parameters.

Of course, a website can create this frame as well. And it can use a value for lpsrc that doesn’t contain question marks, which will make the code above add the entire attribute value to the URL. This allows the website to load any Last Pass page, not just overlay.html. Doesn’t seem to be a big deal but there is a reason why websites aren’t allowed to load extension pages: these pages often won’t expect this situation and might do something stupid.

And tabDialog.html indeed does something stupid. This page still has a message handler reacting to messages sent via window.postMessage() without checking the origin. And not only that, the command it is expecting is “call” — it would call an arbitrary function with the parameters supplied in the message. Which function did I choose? Why, eval() of course! Game over, we have arbitrary websites inject JavaScript code into the extension context, they can now do anything that the Last Pass user interface is capable of.


The security issues discovered in Last Pass are not an isolated incident. The base concept of the extension seems sound, for example the approach they use to derive the encryption key and to encrypt your data before sending it to the server is secure as far as I can tell. The weak point is the Last Pass browser extension however which is necessarily dealing with decrypted data. This extension is currently violating best practices which opens up unnecessary attack surfaces, the reported security vulnerabilities are a consequence of that. Then again, if Tavis Ormandy is right then Last Pass is in good company.

Categorieën: Mozilla-nl planet

About:Community: Firefox 49 new contributors

vr, 16/09/2016 - 18:32

With the release of Firefox 49, we are pleased to welcome the 48 developers who contributed their first code change to Firefox in this release, 39 of whom were brand new volunteers! Please join us in thanking each of these diligent and enthusiastic individuals, and take a look at their contributions:

Categorieën: Mozilla-nl planet

Kat Braybrooke: PhD Fieldwork, Day 1: A Researcher in Residence at the Tate (^.^)

vr, 16/09/2016 - 17:24

Today is a big day in the web-wolf glitter land that is my PhD. After a crazy and wonderful year of reading, discussing, traveling and (over!)thinking everything there is to think about spaces for digital making, cultural institutions, methodologies and open creative practices, I start the pilot stage of my doctoral fieldwork at the Tate Britain, situated within the ever-colourful Taylor Digital Studio as its new Researcher-in-Residence. I have consent forms ready from the University of Sussex, about a thousand web broswer windows open on the Tate’s computers, a T4 file full of community photos and about 20 pages of to-do’s - and yet, it feels no small task to get started.

As a part of the study I’m undertaking with the Tate and other cultural institutions in the UK, my aim in hanging out, messing around and geeking out at these spaces, in addition to implementing more formal qualitative methods like participant observation and interviews, is to engage with the situated knowledges and actor-network theories of Donna Haraway, Bruno Latour, Doreen Massey and other great thinkers as a user myself - not as an “objective” researcher, seemingly removed from the environments I am actually an active part of. This is because when we make things in a space like the Tate’s Digital Studio together, we all become connected - whether we happen to be a computer, a workshop participant, a gallery curator or an observer. We all help make these sites what they are. Without these interactions, a makerspace is just a conglomeration of infrastructures, plaster and walls alone, without meaning or identity.

This project’s data collection starts, perhaps fittingly, with making. From September to December, I’ll be spending my Fridays in the Studio, collaborating with other PhD and researcher groups and with the Tate’s excellent Digital Learning team members, while playing the role of both researcher and designer through a few different hands-on projects. The first intervention I’ll be working on is SPACEHACKER, an evolving artwork that I’ll be launching as part of MozEx, an exhibit curated by the Tate and the V&A as part of this year’s Mozilla Festival in London. SPACEHACKER implements critical and speculative design models by asking participants to sketch out their imaginaries of a digital space that members of their community would feel welcome at. For those interested in getting involved (I’d love collaborators on this project!), I’ll be presenting it along with a few other (mega talented!) MozEx artists in this public pop-up at the Tate on October 10th-11th.

Community making at a workshop entitled “Wandering Ruins” in 2014.

While learning about speculative user imaginations of digital spatiality through this artwork, I’ll also be working with Tate teams as a design practitioner, building a digital mosaic website on the ever-excellent Tumblr platform that highlights the many workshops and community happenings that have occurred at the Digital Studio since it opened in November 2013. Through these hands-on methods and more traditional qualitative observation and interviews, I hope to help build a public-minded narrative of the myriad experiences of users at this site, and the groups who have helped bring them to life - while building an understanding of the politics and institutional apparatuses of access, ownership and power that may also weave themselves around these interactions. My goal with this multi-level approach is to keep the research process as open, iterative and participatory as possible - which makes blog posts like this (and the discussions they bring about) just as important to me as formal academic journal articles and conference presentations. It just wouldn’t feel right to not share this work openly with the communities of makers, thinkers, curators and users who are actually involved in it!

As you can probably tell from my e-tone, I’m massively excited to be getting started on fieldwork this autumn with the Tate and other institutions who are quickly becoming pioneers of digital participation by mixing spaces for making with cultural spaces. I will keep sharing work here as it evolves, and in the meantime I’ll be heading to Johannesburg for a few days to see whether there are similar-minded initiatives that merge culture with digital learning and making in their communities (have any ideas? Please let me know!), and I’ll also be talking about these ideas and others on a panel entitled “Who is the digital revolution for?” in Brighton at the end of this month for those who are in town. Summer may be winding down and the days of sun getting shorter, but it’s shaping up to be an exciting autumn - and I’m already looking forward to meeting, making and thinking these ideas over with many of you throughout it!

Categorieën: Mozilla-nl planet

Daniel Stenberg: A sea of curl stickers

vr, 16/09/2016 - 12:59

To spread the word, to show off the logo, to share the love, to boost the brand, to allow us to fill up our own and our friend’s laptop covers I ordered a set of curl stickers to hand out to friends and fans whenever I meet any going forward. They arrived today, and I thought I’d give you a look. (You can still purchase your own set of curl stickers from

The sticker is 74 x 26 mm at its max.

curl stickers en masse

a bunch of curl stickers

Categorieën: Mozilla-nl planet

Wil Clouser: Getting Firefox Nightly to stick to Ubuntu's Unity Dock

vr, 16/09/2016 - 09:00

I installed Ubuntu 16.04.1 this week and decided to try out Unity, the default window manager. After I installed Nightly I assumed it would be simple to get the icon to stay in the dock, but Unity seemed confused about Nightly vs the built-in Firefox (I assume because the executables have the same name).

It took some doing to get Nightly to stick to the Dock with its own icon. I retraced my steps and wrote them down below.

My goal was to be able to run a couple versions of Firefox with several profiles. I thought the easiest way to accomplish that would be to add a new icon for each version+profile combination and a single left click on the icon would run the profile I want.

After some research, I think the Unity way is to have a single icon for each version of Firefox, and then add Actions to it so you can right click on the icon and launch a specific profile from there.

Installing Nightly

If you don't have Nighly yet, download Nightly (these steps should work fine with Aurora or Beta also). Open a terminal:

$ mkdir /opt/firefox $ tar -xvjf ~/Downloads/firefox-51.0a1.en-US.linux-x86_64.tar.bz2 /opt

You may need to chown some directories to get that in /opt which is fine. At the end of the day, make sure your regular user can write to the directory or else you won't be able to install Nightly's updates.

Adding the icon to the dock

Then create a file in your home directory named nightly.desktop and paste this into it:

[Desktop Entry] Version=1.0 Name=Nightly Comment=Browse the World Wide Web Icon=/opt/firefox/browser/icons/mozicon128.png Exec=/opt/firefox/firefox %u Terminal=false Type=Application Categories=Network;WebBrowser; Actions=Default;Mozilla;ProfileManager; [Desktop Action Default] Name=Default Profile Exec=/opt/firefox/firefox --no-remote -P minefield-default [Desktop Action Mozilla] Name=Mozilla Profile Exec=/opt/firefox/firefox --no-remote -P minefield-mozilla [Desktop Action ProfileManager] Name=Profile Manager Exec=/opt/firefox/firefox --no-remote --profile-manager

Adjust anything that looks like it should change, the main callout being the Exec line should have the names of the profiles you want to use (in the above file mine are called minefield-default and minefield-mozilla). If you have more profiles just make more copies of that section and name them appropriately.

If you think you've got it, run this command:

$ desktop-file-validate nightly.desktop

No output? Great -- it passed the validator. Now install it:

$ desktop-file-install --dir=.local/share/applications nightly.desktop

Two notes on this command:

  1. If you leave off --dir it will write to /usr/share/applications/ and affect all users of the computer. You'll probably need to sudo the command if you want that.
  2. Something is weird with the parsing. Originally I passed in --dir=~/.local/... and it literally made a directory named ~ in my home directory, so, if the menu isn't updating, double check the file is getting copied to the right spot.

Some people report having to run unity again to get the change to appear, but it showed up for me. Now left-clicking runs Nightly and right-clicking opens a menu asking me which profile I want to use.

Modifying the Firefox Launcher

I also wanted to launch profiles off the regular Firefox icon in the same way.

The easiest way to do that is to copy the built-in one from /usr/share/applications/firefox.desktop and modify it to suit you. Conveniently, Unity will override a system-wide .desktop file if you have one with the same name in your local directory so installing it with the same commands as you did for Nightly will work fine.


I should probably add a disclaimer that I've used Unity for all of two days and there may be a smoother way to do this. I saw a couple of 3rd-party programs that will generate .desktop files but I didn't want to install more things I'd rarely use. Please leave a comment if I'm way off on these instructions! :)

Categorieën: Mozilla-nl planet

Mozilla Open Design Blog: Progress in the making

vr, 16/09/2016 - 02:05
Since posting the seven initial design directions for the Mozilla brand identity three weeks ago, we’ve continued to shape the work. Guided by where Mozilla is headed strategically, principles of good design, and the feedback we’ve received through this open process, today we release four design contenders. These will continue to be refined over the course of the next two weeks, then put through global consumer testing. We expect a brand identity recommendation to emerge in October. mj_tm_Moz_Nashville_edits for new pics.key

If you’re just joining this process, you can get oriented here and here. We’re  grateful that this process has sparked such interest among Mozillians, those who care about Mozilla, and the global design community—dozens of articles, hundreds of tweets, thousands of comments, and perhaps tens of thousands of words of feedback. As believers in transparency at Mozilla, we consider this a success.

Thanks to all of you who have added your voice to the conversation. Your many constructive comments and suggestions have helped us chart a path forward. Some of you will find that your favored design directions have been let go in the pursuit of something better. We hope you’ll find a design here that you feel best represents Mozilla today and tomorrow.

mj_tm_Moz_Nashville_edits for new pics.key

Some that we’ve left behind. Of our original seven, four have fallen by the wayside, one has remained intact and two others have directly led to new ideas. We have let go The Open Button, which upon further study we found lacked a clear connection to Mozilla’s purpose, and Flik Flak, which had its fervent supporters but was either too complex, or too similar to other things, depending on your point of view.

For many, The Impossible M was an early favorite, but we discovered that it was just too close to other design treatments already in the public domain. The Connector stayed in the running for some time, but was eventually overtaken by new ideas (and always slightly suffered from being a bit too complex).

What we resolved to do next.
Working in tandem with our London agency partner johnson banks and making the most of our time zone difference nearly around the clock, we agreed to redirect efforts toward these design goals:

  • Focusing first on the core marks, particularly on their visual simplicity, before figuring out how they extend into design systems.
  • Exploring the dinosaur. From the blog feedback, it was clear that we had permission to link more directly back to the former dinosaur logo. Aside from The Eye, what other paleo elements might we explore?
  • Celebrating the Internet. Rather than seeking ways to render the Internet in three dimensions (as Wireframe World and Flik-Flak had bravely attempted to do), might be influenced by the random beauty of the Internet works and how people use it?
  • Refining and simplifying the two routes, Protocol and Wireframe World, that showed the most promise in the first round.
How the work links to the core narratives At this stage of the project, we’re down to four overarching narratives, three from the original set and a new one:

The Pioneers: This is still a strong and resonant territory, and one that works well with at least one of the final four.
Taking a stand: This positioning emerged directly from our earliest discussions and is still very strong.
The maker spirit: We’ve seen from the first round, the community of Mozillians is vocal and engaged and is key to the organization going forward.
The Health of the Internet: This is a new idea that posits Mozilla is a guardian and promoter of the Internet’s overall well-being.

The Final Four Below is our continued work in progress on the four refined identity directions that we’ll take into testing with our key audiences. Please click on the image to be taken to a page revealing the related design system, and make individual comments there. If you wish to compare and contrast these designs, please do so in the comments section below. Route One: Protocol protocol_master_logo   Route 2: Burst burst_rotating Route 3: Flame flame_flicker Route 4: Dino 2.0 dino_2-0_chomping1So there you have it: four final directions. Let us know what you think!
Categorieën: Mozilla-nl planet

Mozilla Open Design Blog: Route Four: Dino 2.0

vr, 16/09/2016 - 02:04

Comments from the first round on ‘The Eye’ route confirmed a suspicion that the typography might suggest something we didn’t intend, so first we looked at ways to make this creature more approachable.

mj_tm_Moz_Nashville_edits for new pics.key


The, we took a step back and looked again for ways to hint at a ‘zilla (whilst not being too specific), and create the basis of a wide-ranging design scheme. After weeks of experiments and simplification, Dino 2.0 emerged.

Essentially this Dino is just a red chevron and some white type – but somehow that one raised eye can watch and blink in a very unique way. And those jaws can merrily chomp when needs be.

We see this Dino as someone who can straddle two narratives – one that can stand up, be counted, shout, bark and bite when needed – yet act as a figurehead for Mozilla’s maker community across the globe. We’re developing a kind of ‘agit’ toolkit for this route, with crude hand-drawn industrial typefaces, and a suitably red, white and black colour scheme.

We’ve discovered Dino 2.0 successfully change its spots for communities and countries too.





Categorieën: Mozilla-nl planet

Mozilla Open Design Blog: Route Three: Burst

vr, 16/09/2016 - 02:04

This route has stemmed from two trains of thought – firstly a new narrative direction where we have been actively considering Mozilla’s role in recording and advancing the health of the Internet. Visually we’ve been investigating data-led ideas and classic internet imagery, whilst not forgetting some of the thinking of ‘Wireframe World’ from the first round.

As we looked harder at data sources we realised that five was a key number: Mozilla is collecting data around five key measurements of Internet health as we type (and you read), and there are five nodes in a capital ‘M’. So we combined the two thoughts.

This creates a very beautiful, almost fragile idea that we know has great potential in online and animated forms. It also lends itself well to a set of interlinked images for Mozilla’s many initiatives.









Categorieën: Mozilla-nl planet

Mozilla Open Design Blog: Route Two: Flame

vr, 16/09/2016 - 02:03

This is a completely new direction. Whilst rooted in the ethos of the ‘Pioneer’ thinking it also crosses over into the ‘Taking a stand’ narratives. We started to think that a flame could be a powerful symbol of Mozilla’s determination to remain the beacon for an open, accessible and equal internet for all, and something that a community gathers around for warmth.

As we started to experiment with flame symbolism, one simple design won through which simply merges an ‘M’ and a flame. After some experimentation, we think a dot/pixellated form for this idea work nicely. It animates nicely, and might even be dynamically generated with lightweight code.

Here are some key slides showing applications out to sub-brands, community designs and merchandise.





Categorieën: Mozilla-nl planet

Mozilla Open Design Blog: Route One: Protocol 2.0

vr, 16/09/2016 - 02:03

Protocol is a strong contender from the first round of ideas that we’ve continued to work on and improve. By putting the internet http:// protocol directly into the word – Moz://a – it creates a type-able word mark, and by doing so alludes to Mozilla’s role at the core of the Internet (and hence the ‘Pioneers’ positioning).

We’ve been strengthening the typography from the first round and looking at ways to expand the graphic language out across a typographic and pictogram language. We’ve also enhanced the blue to reflect the palette of the early Web. Here’s an early exploration:

mj_tm_Moz_Nashville_edits for new pics.key

We’re also experimenting with a thought that some of the characters in the mark could swap in and out, randomly, pulling fonts characters or emoticons from a local computer or the web itself. A freaky thought, but could be great.





Categorieën: Mozilla-nl planet

Support.Mozilla.Org: What’s Up with SUMO – 15th September

do, 15/09/2016 - 21:51

Hello, SUMO Nation!

We had a bit of a delay with the release of the 49th version of Firefox this week… but for good reasons! The release is coming next week – but our latest news are coming right here, right now. Dig in!

Welcome, new contributors!

If you just joined us, don’t hesitate – come over and say “hi” in the forums!

Contributors of the week

We salute you!

Don’t forget that if you are new to SUMO and someone helped you get started in a nice way you can nominate them for the Buddy of the Month! SUMO Community meetings
  • LATEST ONE: 14th of September- you can read the notes here and see the video at AirMozilla.
  • NEXT ONE: happening on the 21st of September!
  • If you want to add a discussion topic to the upcoming meeting agenda:
    • Start a thread in the Community Forums, so that everyone in the community can see what will be discussed and voice their opinion here before Wednesday (this will make it easier to have an efficient meeting).
    • Please do so as soon as you can before the meeting, so that people have time to read, think, and reply (and also add it to the agenda).
    • If you can, please attend the meeting in person (or via IRC), so we can follow up on your discussion topic during the meeting with your feedback.
Community Platform
  • PLATFORM REMINDER! The Platform Meetings are BACK! If you missed the previous ones, you can find the notes in this document. (here’s the channel you can subscribe to).
    • We have a first version of working {for} implementation on the staging site for the Lithium migration – thanks to Tyson from the Lithium team.
    • Some of the admins will be meeting with members of the Lithium team in two weeks to work face-to-face on the migration.
    • More questions from John99 and answers from our team – do check the document linked above for more details.
    • If you are interested in test-driving the new platform now, please contact Madalina.
      • IMPORTANT: the whole place is a work in progress, and a ton of the final content, assets, and configurations (e.g. layout pieces) are missing.
  • QUESTIONS? CONCERNS? Please take a look at this migration document and use this migration thread to put questions/comments about it for everyone to share and discuss. As much as possible, please try to keep the migration discussion and questions limited to those two places – we don’t want to chase ten different threads in too many different places.
Social Support Forum
  • SUMO Day coming up next week! (As mentioned above).
  • The Norton startup crash for version 49 is still waiting for a fix from Symantec – if that doesn’t happen, expect a few questions in the forums about that.
  • A vulnerability was found in the Flash player last week – if you’re using it, please update it as soon as you can to the latest version!
  • Reminder: If you are using email notifications to know what posts to return to, jscher2000 has a great tip (and tool) for you. Check it out here!
Knowledge Base & L10n
  • We are (still) 1 week before next release / 5 weeks after current release. What does that mean? (Reminder: we are following the process/schedule outlined here)

    • Only Joni or other admins can introduce and/or approve potential last minute changes of next release content; only Joni or other admins can set new content to RFL; localizers should focus on this content.
  • We have some extra time, so please remember to localize the main articles for the upcoming release:
  • for Android
    • To repeat what you’ve heard last week (because it’s still true!): version is 49 coming next week. Highlights include:

      • caching selected pages (e.g. for offline retrieval
      • usual platform and bug fixes
  • for Desktop
    • You’ve heard it before, you’ll hear it again: version 49 is coming next week – read more about it in the release thread (thank you, Philipp!). Highlights include:
      • text-to-speech in Reader mode
      • ending support for older Mac OS versions
      • ending support for older CPUs
      • ending support for Firefox Hello
      • usual platform and bug fixes
  • for iOS
    • …I hear there’s a new iPhone in town, but it’s far from being a jack of all trades ;-)

OK, I admit it, I’m not very good at making hardware jokes. I’m sorry! I guess you’ll have to find better jokes somewhere on the internet – do you have any interesting places that provide you with fun online? Tell us in the comments – and see you all next week!

Categorieën: Mozilla-nl planet

Mozilla Localization (L10N): Localization Hackathon in Kuala Lumpur

do, 15/09/2016 - 20:08

13975340_10153976510682153_2559748474514988567_oThe last weekend of August saw the largest localization hackathon event the l10n-drivers ever organized. Thirty-four community contributors representing 12 languages from 13 East and Southeast Asian countries journeyed to Kuala Lumpur, Malaysia on Friday, August 26. Jeff, Flod, Gary Kwong and I arrived in time for the welcome dinner with most of the community members. The restaurant, LOKL Coffee, was ready for a menu makeover and took the opportunity to use this Mozilla event to do just that. A professional photographer spent much of the evening with us snapping photos.

We started off Saturday morning with Spectrogram, where l10n contributors moved from one side of the room to another to illustrate whether they agreed or disagreed with a statement. Statements help us understand each community’s preferences to address localization requests. An example: There are too many translation/localization tasks for me to keep up; I want to work on 2000 strings sliced up in 1 year, twice, 6 weeks, 4 weeks, weekly, every other day, daily.

Jeff, the newly appointed localization manager, updated everyone on l10n organization change; the coming attraction of the l20n development; Pontoon as one of the centralized l10n tools; and the ultimate goal of having a single source of l10n dashboard for the communities and l10n project managers.

29278375225_14057983ee_z1Flod briefed on the end of Firefox OS and the new initiatives with Connected Device. He focused on Firefox primarily. He discussed the 6-week rapid release cycles or cadence. He also covered the five versions of Firefox: Aurora, nightly, beta, release, and ERS. He described the change to a single source of repository, allowing strings move to production sooner. Firefox for iOS and Android were also presented. It was welcome news that the localized product can be shipped through automatic signoff, without community’s involvement.

I talked about the importance of developing a style guide for each of the languages represented. This helps with onboarding new comers, consistency among all contributors and sets the style and tone for each of the Mozilla products. I also briefly touched upon the difference between brand names and product names. I suggested to take this gathering as an opportunity to work on these.

For the rest of the weekend, our communities worked through the goals they set for ourselves. Many requested to move their locales to Pontoon, causing a temporarily stall in sync. Others completed quite a few projects, making significant advances on the dashboard charts. Even more decided to tackle the style guides, referencing the template and leveraging information from established outlets. When the weekend was over, nine communities reported to have some kind of draft versions, or modified and updated an existing one. Other accomplishments included identifying roles and responsibilities; making plans for meetup for the rest of the year; tool training; improving translation quality by finding critical errors; updating glossaries; completing some high priority projects.

28990074610_b82176fccc_kThe weekend was not just all work, but filled with cultural activities. Our Saturday dinner at Songket Restaurant was followed by almost an hour of Malaysian cultural dances from across the country, showcasing the diverse cultures that made up Malaysia. Many community members were invited to the stage to participate. It was a fun evening filled with laughter. Our Sunday dinner was arranged inside Pasar Seni, or the Central Market, a market dating back to 1888. It is now filled with shops and restaurants, giving all visitors a chance to take home some souvenirs and fond memories. Many of us visited the near by Pedaling Street, sampling tropical fruits, including Durian, made in all shapes and forms.

Putting together the largest l10n hackathon ever is a big achievement and lots of credit goes to our local support. 29262607536_235530cd88_zA big thanks to our Malaysian community, led by Syafiq, who was our eyes and ears on the ground from day one, planning, selecting the venue location, advising us on restaurants, lodging, transportation and cultural events. Not only we accomplished what we set out to do, we did it safely, we all had fun and we made more friends. Also a shout-out to Nasrun, our residence photographer for documenting the weekend through his lens. And a thank you to everyone for sharing a very special and productive weekend with fellow Mozillians! See you next time at another hackathon!

Categorieën: Mozilla-nl planet

Air Mozilla: Reps weekly, 15 Sep 2016

do, 15/09/2016 - 18:00

Reps weekly This is a weekly call with some of the Reps to discuss all matters about/affecting Reps and invite Reps to share their work with everyone.

Categorieën: Mozilla-nl planet