In this role, Ari will be responsible for Firefox OS and broader exploration of opportunities to advance our mission across the ever-increasing range of connection points of the modern Internet, i.e. phones, TVs, IoT, etc.
His deep understanding of Open Source projects and mobile leadership experience at Intel, HP, and Nokia developing platforms and products make him ideally positioned to lead our Firefox OS and Connected Devices strategy.
Firefox OS is an important part of our mobile strategy, in addition to Firefox for Android and iOS and other initiatives. We believe that building an open, independent alternative to proprietary, single-vendor platforms is critical to the future of a healthy mobile ecosystem. And it is core to our mission to promote openness, innovation and opportunity in online life.
We believe Mozilla’s role in the world is more important today than it has ever been. Issues of digital rights, privacy, online safety and security are real and impact our lives daily. The pace and complexity of online life continues to accelerate from here.
Over the last year we’ve focused on building our our team to compliment the vibrant Mozillian community adding the necessary know-how to continue to bring choice, control and opportunity to everyone on the Web.
Please join me in welcoming Ari to Mozilla!
Ghacks Technology News
Mozilla Edge: Firefox theme that replicates Microsoft Edge
Ghacks Technology News
If you like how Microsoft Edge looks but prefer to use the Firefox browser, then you may be able to get the best of both worlds by installing the third-party Mozilla Edge theme in Firefox. I don't particularly like the looks of Microsoft Edge as I ...
Mozilla sets plan to dump Firefox Add-Ons In Favor Of Chrome ExtensionsVoice Chronicle
alle 3 nieuwsartikelen »
the following changes have been pushed to bugzilla.mozilla.org:
-  Make the master kick-off bug “Confidential Mozilla Employee Bug” by default
-  Suggested reviewers should exclude the current user from the list displayed
-  group owners should always be able to view group membership reports for their groups
-  support automatic removal of inactive users from groups
-  “MozReview Requests” is not shown in the page after submitting a change
-  User stories aren’t saved as part of the “remember values as bookmarkable template”
-  Add link to bug history page to the top-right drop-down menu
-  bugzilla.mozilla.org help link is busted
-  Display only commits and only relevant data
-  Can’t mark inaccessible bug dependent on a regression it caused
-  show a warning near the attachments table for sec-high/sec-crit bugs without sec-approval? on patches
-  Changing password with MFA turned on will not work
discuss these changes on mozilla.tools.bmo.
Filed under: bmo, mozilla
Mozilla sets plan to dump Firefox Add-Ons In Favor Of Chrome Extensions
In the near future, major changes are expected to be incorporated in Firefox that would require extension developers to make big changes to their current extensions to ascertain that they are operational. To ascertain easy development of extensions ...
en meer »
A while back I wrote about reinstalling OS X. This is another one of those posts.
I like to reinstall OS X, a lot. So much so, you'd think I'd find some way to automate the process. There must be something soothing about it, though, because I keep doing it.
I'm writing this post now because since my last post, I've begun storing a snippets on gist.github.com to help automate the process. This way, I get "the best of both worlds":
- Automation of the tedious parts &
- Interaction with the fun parts.
Specifically, with El Capitan I've settled on these 4 snippets:Preferences Homebrew Python Misc
Next, I perform various additional steps manually either because I've not figured out how to automate them or the automation prospects are not attractive:
- Security & Privacy → Allow apps downloaded from Anywhere
- Drag /opt to Finder Favorites for easy access to Homebrew Casks, then:
- Users & Groups → Login items → Jumpcut
- Keyboard → Shortcuts → Mission Control → Move left a space → ⌘ ←
- Keyboard → Shortcuts → Mission Control → Move right a space → ⌘ →
Still, I'd trade all these steps for full automation if I could find an approach that's not more tedious than cut & pasting the above.
Lastly, I hope this helps someone. Please add a comment below if you have a better approach.
Watch the Participation Team share what we've learned and worked on in Q3 2015.
Back in September, the TaskCluster Platform team held a workweek in Berlin to discuss upcoming feature development, focus on platform stability and monitoring and plan for the coming quarter’s work related to Release Engineering and supporting Firefox Release. These posts are documenting the many discussions we had there.
Jonas kicked off our workweek with a brief look back on the previous year of development.Prototype to Production
In the last year, TaskCluster went from an idea with a few tasks running to running all of FirefoxOS aka B2G continuous integration, which is about 40 tasks per minute in the current environment.
Architecture-wise, not a lot of major changes were made. We went from CloudAMQP to Pulse (in-house RabbitMQ). And shortly, Pulse itself be moving it’s backend to CloudAMQP! We introduced task statuses, and then simplified them.
On the implementation side, however, a lot changed. We added many features and addressed a ton of docker worker bugs. We killed Postgres and added Azure Table Storage. We rewrote the provisioner almost entirely, and moved to ES6. We learned a lot about babel-node.
We introduced the first alternative to the Docker worker, the Generic worker. We for the first time had Release Engineering create a worker, the Buildbot Bridge.
We have several new users of TaskCluster! Brian Anderson from Rust created a system for testing all Cargo packages for breakage against release versions. We’ve had a number of external contributors create builds for FirefoxOS devices. We’ve had a few Github-based projects jump on taskcluster-github.Features that go beyond BuildBot
One of the goals of creating TaskCluster was to not just get feature parity, but go beyond and support exciting, transformative features to make developer use of the CI system easier and fun.
Some of the features include:
- Interactive sessions
- Live logging (mentioned in our createArtifact() docs and visible in the task-inspector for a task)
- Public-first task statuses
- Easy Indexing
- Storage in S3 (see createArtifact() documentation)
- Public first, reference-style APIs
- Support for remote device lab workers
Release is a special use case that we need to support in order to take on Firefox production worload. The focus of development work in Q4 and beyond includes:
- Secrets handling to support Release and ops workflows. In Q4, we should see secrets.taskcluster.net go into production and UI for roles-based management.
- Scheduling support for coalescing, SETA and cache locality. In Q4, we’re focusing on an external data solution to support coalescing and SETA.
- Private data hosting. In Q4, we’ll be using a roles-based solution to support these.
Over time Mozilla has been trying to reduce the amount of time between developing a feature and getting it into a user’s hands. Some time ago we would do around one feature release of Firefox every year, more recently we’ve moved to doing one feature release every six weeks. But it still takes at least 12 weeks for a feature to get to users. In some cases we can speed that up by landing new things directly on the beta/aurora branches but the more we do this the harder it is for release managers to track the risk of shipping a given release.
The Go Faster project is investigating ways that we can speed up getting changes to users. System add-ons are one piece of this that will let us deliver updates to core Firefox features more often than the regular six week releases. Instead of being embedded in the rest of the code certain features will be developed as standalone system add-ons.
Building features as add-ons gives us more flexibility in how we deliver the features to users. System add-ons will ship in two different ways. First every Firefox release will include a default set of system add-ons. These are the latest versions of the features at the time the Firefox build was produced. Later during runtime Firefox will contact Mozilla’s update servers to ask for the current list of system add-ons. If there are new or updated versions listed Firefox will download and install them giving users access to the newest features without needing to update the entire application.
Building a feature as an add-on gives developers a lot of benefits too. Developers will be able to work on and test new features without doing custom Firefox builds. Users can even try out new features by just installing the add-ons. Once the feature is ready to ship it ships as an add-on with no code changes necessary for integration into Firefox. This is something we’ve attempted to do before with things like Test Pilot and pdf.js, but system add-ons make this process much smoother and reduces the differences between how the feature runs as an add-on and how it runs when shipped in the application.
The basic support for system add-ons is already included in current nightly builds and Firefox 44 should be the first release that we could use to deliver features like this if we choose. If you’re interested in the details you can read the client implementation plan or follow along the tracking bug for the client side of the feature.
The Monday Project Meeting
Welcome to TaskCluster Platform’s 2015Q3 Retrospective! I’ve been managing this team this quarter and thought it would be nice to look back on what we’ve done. This report covers what we did for our quarterly goals. I’ve linked to “Publications” at the bottom of this page, and we have a TaskCluster Mozilla Wiki page that’s worth checking out.High level accomplishments
- Dramatically improved stability of TaskCluster Platform for Sheriffs by fixing TreeHerder ingestion logic and regexes, adding better logging and fixing bugs in our taskcluster-vcs and mozilla-taskcluster components
- Created and Deployed CI builds on three major platforms:
- Added Linux64 (CentOS), Mac OS X cross-compiled builds as Tier2 CI builds
- Completed and documented a prototype Windows 2012 builds in AWS and task configuration
- Deployed auth.taskcluster.net, enabling better security, better support for self-service authorization and easier contributions from outside our team
- Added region biasing based on cost and availability of spot instances to our AWS provisioner
- Managed the workload of two interns, and significantly mentored a third
- Onboarded Selena as a new manager
- Held a workweek to focus attention on bringing our environment into production support of Release Engineering
We laid out our Q3 goals in this etherpad. Our chosen themes this quarter were:
- Improve operational excellence — focus on sheriff concerns, data collection,
- Facilitate self-serve consumption — refactoring auth and supporting roles for scopes, and
- Exploit opportunities to differentiate from other platforms — support for interactive sessions, docker images as artifacts, github integration and more blogging/docs.
We had 139 Resolved FIXED bugs in TaskCluster product.
We also resolved 7 bugs in FirefoxOS, TreeHerder and RelEng products/components.
We received significant contributions from other teams: Morgan (mrrrgn) designed, created and deployed taskcluster-github; Ted deployed Mac OS X cross compiled builds; Dustin reworked the Linux TC builds to use CentOS, and resolved 11 bugs related to TaskCluster and Linux builds.
An additional 9 people contributed code to core TaskCluster, intree build scripts and and task definitions: aus, rwood, rail, mshal, gerard-majax, email@example.com, htsai, cmanchester, and echen.The Big Picture: TaskCluster integration into Platform Operations
Moving from B2G to Platform was a big shift. The team had already made a goal of enabling Firefox Release builds, but it wasn’t entirely clear how to accomplish that. We spent a lot of this quarter learning things from RelEng and prioritizing. The whole team spent the majority of our time supporting others use of TaskCluster through training and support, developing task configurations and resolving infrastructure problems. At the same time, we shipped docker-worker features, provisioner biasing and a new authorization system. One tricky infra issue that John and Jonas worked on early in the quarter was a strange AWS Provisioner failure that came down to an obscure missing dependency. We had a few git-related tree closures that Greg worked closely on and ultimately committed fixes to taskcluster-vcs to help resolve. Everyone spent a lot of time responding to bugs filed by the sheriffs and requests for help on IRC.
It’s hard to overstate how important the Sheriff relationship and TreeHerder work was. A couple teams had the impression that TaskCluster itself was unstable. Fixing this was a joint effort across TreeHerder, Sheriffs and TaskCluster teams.
When we finished, useful errors were finally being reported by tasks and starring became much more specific and actionable. We may have received a partial compliment on this from philor. The extent of artifact upload retries, for example, was made much clearer and we’ve prioritized fixing this in early Q4.
Both Greg and Jonas spent many weeks meeting with Ed and Cam, designing systems, fixing issues in TaskCluster components and contributing code back to TreeHerder. These meetings also led to Jonas and Cam collaborating more on API and data design, and this work is ongoing.
We had our own “intern” who was hired on as a contractor for the summer, Edgar Chen. He did some work with the docker-worker, implementing Interactive Sessions, and did analysis on our provisioner/worker efficiency. We made him give a short, sweet presentation on the interactive sessions. Edgar is now at CMU for his sophomore year and has referred at least one friend back to Mozilla to apply for an internship next summer.
Pete completed a Windows 2012 prototype build of Firefox that’s available from Try, with documentation and a completely automated process for creating AMIs. He hasn’t created a narrated video with dueling, British-English accented robot voices for this build yet.
We also invested a great deal of time in the RelEng interns. Jonas and Greg worked with Anhad on getting him productive with TaskCluster. When Anthony arrived, we also onboarded him. Jonas worked closely to get him working on a new project, hooks.taskcluster.net. To take these two bits of work from RelEng on, I pushed TaskCluster’s roadmap for generic-worker features back a quarter and Jonas pushed his stretch goal of getting the big graph scheduler into production to Q4.
We worked a great deal with other teams this quarter on taskcluster-github, supporting new Firefox and B2G builds, RRAs for the workers and generally telling Mozilla about TaskCluster.
Finally, we spent a significant amount of time interviewing, and then creating a more formal interview process that includes a coding challenge and structured-interview type questions. This is still in flux, but the first two portions are being used and refined currently. Jonas, Greg and Pete spent many hours interviewing candidates.Berlin Work Week
Toward the end of the quarter, we held a workweek in Berlin to focus our next round of work on critical RelEng and Release-specific features as well as production monitoring planning. Dustin surprised us with delightful laser cut acrylic versions of the TaskCluster logo for the team! All team members reported that they benefited from being in one room to discuss key designs, get immediate code review, and demonstrate work in progress.
We came out of this with 20+ detailed documents from our conversations, greater alignment on the priorities for Platform Operations and a plan for trainings and tutorials to give at Orlando. Dustin followed this up with a series of ‘TC Topics’ Vidyo sessions targeted mostly at RelEng.
Our Q4 roadmap is focused on key RelEng features to support Release.Publications
Our team published a few blog posts and videos this quarter:
- TaskCluster YouTube channel with two generic worker videos
- On Planet Taskcluster:
- On Air Mozilla
- Interactive Sessions (Edgar Chen)
- TaskCluster GitHub, Continuous integration for Mozillians by Mozillians (mrrrgn)
La llegada de la última versión de Windows causó mucho revuelo entre los usuarios al ver que su navegador predeterminado había sido cambiado. Por su parte, Mozilla reaccionó y su CEO Chris Beard le envió una carta a su similar de Microsoft Satya Nadella pidiendo que no retrocedieran en la elección y control de los usuarios.
Las versiones actuales del panda rojo deberían cambiar esto, pero si por alguna razón no lo hace y te gustaría recuperar Firefox u otro navegador como predeterminado, te recomiendo que sigas estos pasos:
- Haz clic en el botón de menú , después selecciona Opciones.
- En el panel General, haz clic en Convertir en predeterminado.
- La aplicación de Ajustes de Windows abrirá la pantalla de Selecciona programas predeterminados.
- Desplázate hacia abajo y haz clic en la entrada de Explorador web. En este caso, el icono mostrará Microsoft Edge o bien Selecciona tu navegador predeterminado.
- En la pantalla de Elegir una aplicación, haz clic en Firefox para establecerlo como el navegador predeterminado.
- Firefox ahora aparece como tu navegador predeterminado. Cierra la ventana para guardar tus cambios.
Y listo, ya tendrás Firefox de vuelta como tu navegador predeterminado y preferido.
Fuente: Mozilla Support
In the last week, we landed 69 PRs in the Servo repository!
Glenn wrote a short report on how webrender is coming along. Webrender is a new renderer for Servo which is specialized for web content. The initial results are quite promising!Notable additions
- Patrick and Corey reduced allocator churn in our DOMstring code and string joining code
- Josh restyled <select> so that <select multiple> works.
- Vladimir’s Windows work continues
- Corey implemented <font size>
- Martin simplified our stacking context creation code
Snazzy new form widgets:
I was invited as one of the speakers at the ApacheCon core conference in Budapest, Hungary on October 1-2, 2015.
I was once again spreading the news about HTTP/2, why it was made and how it works and of course: updated numbers on adoption right now.
The talk was unfortunately not filmed, but I’ve put my slides for this version of my talk online. Readers of this blog and those who’ve seen my presentations before will recognize large parts of it.
Following my talk was talks about mod_http2, the Apache module for HTTP/2 that will be coming in the upcoming 2.4.17 release of Apache Httpd, explained by its author Stefan Eissing. The name of the module was actually a bit of a surprise to me since it has been known as just mod_h2 for its entire life time up until now.
William A Rowe took us through the state of TLS for the main Apache servers and yeah, the state seem to be pretty good and they’re coming along really well. TLS and then HTTPS is important as that’s really a prerequisite for HTTP/2
I also got to listen to Mark Thomas explain the agonies of making Tomcat support HTTP/2, and then perhaps especially how ALPN and a good set of ciphers are hard to get in Java.
Jean-Frederic Clere then explained how to activate HTTP/2 on all the Apache servers (tomcat, httpd and traffic server) and a little about their HTTP/2 state, following with an explanation how they worked on tomcat to make that use OpenSSL for the TLS layer (including ALPN) to avoid the deadlock of decent TLS support in Java.
All in all, a great track and splendid talks with deep technical content. Exactly the way I like it. Thanks everyone. Apachecon certainly delivered for me! Twas fun.
Valgrind’s Memcheck tool works on Linux and MacOS, but not on Windows. Interestingly, there is something like it for Windows: “Dr Memory”. Similar in style to Memcheck, Dr Memory is an open source memory checking tool built on top of a JIT-based instrumentation framework called DynamoRIO. It provides essentially identical functionality: detection of invalid memory accesses, uninitialised value uses and memory leaks. Dr Memory claims to be considerably faster than Memcheck, so I was curious to see how it performed.
I recently tried Dr Memory 1.9.0-RC1 on Windows 7, running 32-bit Firefox builds, to see to what extent it can provide coverage for the Windows-specific parts of Gecko.
Installing and getting started isn’t difficult. There are command line flags to direct the output, control the level of instrumentation, specify files listing errors to hide, and so on. As you’d expect.
Despite considerable efforts with Dr Memory, I came away feeling it was a promising tool, but just a bit too hard to use. I encountered two kinds of problems.
Firstly, about half of my Firefox startups ended up spinning. Some of the time, Firefox would start (slowly, of course) and be usable after a couple of minutes. Other runs would spin for an hour or more and still not produce a usable browser. I never figured out why. This seems to be related to the instrumentation, because if I run Firefox uninstrumented on the DynamoRIO core, like Valgrind’s –tool=none, it works reliably.
A second problem was the considerable number of uninitialised memory read errors. I tried out both non-optimised (“/Zi /Od”) and optimised (“/Zi /O2 /Oy- /Ob0”) builds of Firefox.
For the non-optimised builds, Dr Memory reports no invalid accesses and a few uninitialised memory reads, which is what I’d expect. But it’s unusably slow, because the unoptimised build lacks reasonable register allocation, which easily doubles the number of memory accesses that have to be checked.
So my next step was to try an optimised build. This runs a great deal faster. There’s a down side, though: the number of uninitialised memory accesses goes way up. Most of these must be false positives, because they weren’t reported in the unoptimised runs.
I investigated further. It is likely that one source of false positives is Dr Memory’s incomplete description of the Windows system call interface. Valgrind’s description of the Linux syscall interface is itself complex, and it is said that the Windows interface makes the Linux interface look simple. Given that, I’m impressed that Dr Memory works as well as it does.
The other source of false positives appears to be bitfields. Dr Memory tracks the definedness state of each byte of memory using one bit for each byte. Consequently it has no way to accurately model partially initialised bytes, and so must unavoidably either report false positives, or miss real errors, depending on which of the two available shadow states partially initialised bytes are mapped to.
One way to detect probable false-positive bitfield errors in cross platform Gecko code is to check whether Memcheck reports errors at the same places. In many cases it doesn’t. I created a suppressions file, which tells Dr Memory to hide errors I identified as clearly false. A second line of defense is to add extra initialisation code for bitfields purely in order to keep Dr Memory happy. Neither of these are really what one wants to do, though.
The false positive problem seriously compromises Dr Memory’s usefulness on optimised Gecko code, compared to Memcheck. The effect is to create a lot more undefined value errors needing investigation. The situation is exacerbated because Dr Memory doesn’t have an equivalent to Memcheck’s origin-tracking feature, which makes it more difficult to analyse the errors and to determine where, if any, dummy initialisations should be placed.
Dr Memory does have a “light” mode, which restricts it to invalid-address and leak checking only. This increases usability at the expense of losing undefined value checking. If you’re looking for possible heap corruption on Windows, this would be worth a try.
As you may already know, last Friday – October 2nd – we held a new Testday event, for Firefox 42 Beta 3.
I must admit that this testday is by far one of the most successful event. Besides the fact that we had a large number of participants we also have an impressive number of verified bugs. Congratulations to all participants!
- no new issues were found while testing Tab visual sound indicator
- 3 potential issues were logged for Control Center – 1211064 1211073, 1211074 (Thanks PreethiDhinesh for finding it!)
- 26 bugs were verified: 1183044, 1179031, 486262, 1182769, 1047713, 1184170, 1184184, 1184243, 1180734, 1196313, 1183079, 1135812, 1185953, 1185960, 1101100, 1031661, 1149745, 1089240, 1196437, 1196947, 1209030, 1205100, 1180387, 1058251, 1181253, 1111555
- 7 bugs were triaged: 1209030, 1178781, 1210354, 1183156, 1182435, 1184916, 1185447
We’d like to take this opportunity to thank Bolaram Paul, Mohammed Adam , Ionce Stelian, Ruwan Ranganath, Jayesh KR, Arshad Abid, Moin Shaikh, Syed Muhammad Mahmudul Haque (Yamin), Nischaytv, Jyotsna Gupta, PreethiDhinesh, Kevin Le, Gunjan Tank and the people from our Bangladesh Community: Hossain Al Ikram, Khalid Syfullah Zaman, Ashickur Rahman, Md. Asiful Kabir, Rezaul Huque Nayeem, Kazi Nuzhat Tasnem, Nazir Ahmed Sabbir, Saheda Reza Antora, Md.Ehsanul Hassan, Mohammad Maruf Islam, Sayed Mohammad Amir, Meraj Kazi, Forhad Hossain, T.M. Sazzad Hossain and Towkir Ahmed for getting involved in this event and making Firefox as best as it could be.
Also a big thank you goes to all our active moderators.
Keep an eye on QMO for upcoming events!
It seems to be a common theme in elections for the incumbent party to ask the question, "Are you better off?". The Conservatives have been in power now since the 2006 election.
Financially? I'm better off, due to having a decent paying job in a company not based in Canada. The economy is moving along despite a Conservative running multiple deficits in a row. Really, I don't place too much faith in the Government to do a huge amount to the economy, no matter what the Conservative attack adverts say.
Privacy? Much worse off, the Government have introduced multiple bills to reduce our privacy, none worse than bill C-51 which greatly increases the Government spying powers and reduces the amount of oversight.
Rights? Much worse off, the Government introduced bill C-24 which means that the citizenship of me (and most of my friends and colleagues) can now be revoked. We are all second class citizens and not "old stock canadians". The reduction of our charter of rights and freedoms is breathtaking.
Environment? We are the only country in the world to withdraw from Kyoto and become isolated Canada on the world stage. There's the oil sands turning Alberta into Mordor, there's been major oil spills, the tragic Lac-Mégantic incident, the proposed pipelines and so on. And of course environmentalists are terrorists.
Science? The census was gutted and decisions are not made on data, but ideology.
Right now? I am worse off. I have much less security and privacy than before. So no, I won't be voting Conservative and I'm not sure why anyone would.
Hello and welcome to another issue of This Week in Rust! Rust is a systems language pursuing the trifecta: safety, concurrency, and speed. This is a weekly summary of its progress and community. Want something mentioned? Tweet us at @ThisWeekInRust or send us an email! Want to get involved? We love contributions.
- When Rust makes sense, or the state of typed languages.
- [podcast] Rusty radio: Episode 4. Raft, Paxos, and Distributed Systems in Rust.
- This week in Servo 35.
- Resurrecting impl Trait.
- Combining Rust and Haskell.
- [video] Using Rust with Ruby, a deep dive with Yehuda Katz.
- How to print a struct in Rust.
- Trying Rust for web services.
- An introduction to differential dataflow, part 1.
- Experiences building an OS in Rust.
- Ownership is theft: Experiences building an embedded OS in Rust.
- Rust faster!
- [podcast] New Rustacean podcast episode 01. Documentation in general, and rustdoc and cargo doc in particular.
- Rusty queens. An n-queens solver in Rust.
- Redox. A Rust Operating System.
- Webrender. An experimental renderer for Servo that aims to draw web content like a modern game engine.
- Coroutine I/O. Coroutine scheduling with work-stealing algorithm.
- Rustation. PlayStation emulator in Rust.
102 pull requests were merged in the last week.
See the subteam report for 2015-10-02 for details.Notable changes
- Backporting accepted PRs to beta.
- Use the adjusted callee type in effect checking.
- Derive Clone for Peekable.
- Make fs::canonicalize work on directories on Windows.
- Don't crash on non-existent path in constant.
- Un-regress conflicting destructors.
- Don't use jemalloc when crossing to MSVC.
- Implement AsMut for Vec.
- Fix Cygwin support on Windows 10.
- Don't display duplicate trait errors.
- Early-prohibit objects with Self-containing supertraits.
- Swap link order of native libs/rust deps.
- Add support for the rumprun unikernel.
- Don't ICE if an archive isn't actually an archive.
- Avoid unnecessary temporaries when ref'ing a DST value.
- Cargo: Do not skip the root path if it's a dotdir.
- Andreas Sommer
- Dato Simó
- James Bell
- Jethro Beekman
- Ted Mielczarek
- Will Speak
- Willy Aguirre
Changes to Rust follow the Rust RFC (request for comments) process. These are the RFCs that were approved for implementation this week:
No RFCs were approved this week!Final Comment Period
- Amend #911 const-fn to allow unsafe const functions.
- Place left arrow syntax (place <- expr).
- Allow a re-export for main.
- Incremental compilation.
- Add a SharedSender to std::sync::mpsc that implements Sync.
- Define the general semantics of intrinsic functions.
- Add a let...else expression, similar to Swift's guard let...else.
- Abstract output type parameters.
- Add some additional utility methods to OsString and OsStr.
- 10/12. Seattle Rust Meetup.
- 10/13. San Diego Rust Meetup #9.
- 10/14. RustBerlin Hack and Learn.
- 10/19. Rust Paris.
No jobs listed for this week. Tweet us at @ThisWeekInRust to get your job offers listed here!Crate of the Week
So today I'll write about Itertools. Because iterators in Rust are awesome, and this crates makes them even awesome-r. If you want to do something with iterators that seems to be slightly impossible using the std APIs, chances are Itertools already implements a way that is both fast and elegant. Knowing your itertools APIs will level up your Rust-fu.
For a (very small and simple) example, haven't you wished to zip two iterators, but don't stop iteration after the shorter iterator has run out? With Itertools you can just say x.zip_longest(y) and get an iterator of EitherOrBoth<X, Y>.Quote of the Week
In programming (as opposed to politics), safety=freedom. — llogiq on /r/rust.
Wow! I’ve been a way from this blog for too long. I also haven’t posted any new episodes for The Joy of Coding. I also haven’t been keeping up with my Things I’ve Learned posts.
Time to get back in the saddle. First thing’s first, here are 6 episodes of The Joy of Coding that have aired. Unfortunately, I haven’t put together summaries for any of them, but I’ve put their agendas near the videos so that might give some clues.
Here we go!Episode 23
Mozilla-Petition gegen Vorratsdatenspeicherung
„Angesichts der jüngsten Vorwürfe, die Bundesregierung habe Informationen über ihre Bürger mit den USA geteilt, ist es wichtiger denn je, die Datenspeicherung einzuschränken“ erläutert Mozilla. „Doch neue Gesetze zur Vorratsdatenspeicherung, wie sie ...
SHA-1 certificates are on their way out, and you should upgrade to a SHA-256 certificate as soon as possible... unless you have very old clients and must maintain SHA-1 compatibility for a while.
If youare in this situation, you need to either force your clients to upgrade (difficult) or implement some form of certificate selection logic: we call that "cert switching".
The most deterministic selection method is to serve SHA-256 certificates to clients that present a TLS1.2 CLIENT HELLO that explicitly announces their support for SHA256-RSA (0x0401) in the signature_algorithms extension.
Modern web browsers will send this extension. However, I am not aware of any open source load balancer that is currently able to inspect the content of the signature_algorithms extension. It may come in the future, but for now the easiest way to achieve cert switching is to use HAProxy SNI ACLs: if a client presents the SNI extension, direct it to a backend that presents a SHA-256 certificate. If it doesn't present the extension, assume that it's an old client that speaks SSLv3 or some broken version of TLS, and present it a SHA-1 cert.
This can be achieved in HAProxy by chaining frontend and backends:
The configuration above receives inbound traffic in the frontend called "https-in". That frontend is in TCP mode and inspects the CLIENT HELLO coming from the client for the value of the SNI extension. If that value exists and matches our target site, it sends the connection to the backend named "jve_https", which redirects to a frontend also named "jve_https" where the SHA256 certificate is configured and served to the client.
If the client fails to present a CLIENT HELLO with SNI, or presents a SNI that doesn't match our target site, it is redirected to the "https_jve_sha1" backend, then to its corresponding frontend where a SHA1 certificate is served. That frontend also supports an older ciphersuite to accommodate older clients.
Both frontends eventually redirect to a single backend named "jve" which sends traffic to the destination web servers.
This is a very simple configuration, and eventually it could be improved using better ACLs (HAproxy regularly adds news ones), but for a basic cert switching configuration, it gets the job done!