mozilla

Mozilla Nederland LogoDe Nederlandse
Mozilla-gemeenschap

Nicholas Nethercote: A work-around for Tree Style Tab breakage on Firefox Nightly caused by mozRequestAnimationFrame removal

Mozilla planet - di, 28/07/2015 - 00:52

This post is aimed at Firefox Nightly users who also use the Tree Style Tab extension. Bug 909154 landed last week. It removed support for the prefixed mozRequestionAnimationFrame function, and broke Tree Style Tab. The GitHub repository that hosts Tree Style Tab’s code has been updated, but that has not yet made it into the latest Tree Style Tab build, which has version number 0.15.2015061300a003855.

Fortunately, it’s fairly easy to modify your installed version of Tree Style Tab to fix this problem. (“Fairly easy”, at least, for the technically-minded users who run Firefox Nightly.)

  • Find the Tree Style Tabs .xpi file. On my Linux machine, it’s at ~/.mozilla/firefox/ndbcibpq.default-1416274259667/extensions/treestyletab@piro.sakura.ne.jp.xpi. Your profile name will not be exactly the same. (In general, you can find your profile with these instructions.)
  • That file is a zip file. Edit the modules/lib/animationManager.js file within that file, and change the two occurrences of mozRequestAnimationFrame to requestAnimationFrame. Save the change.

I did the editing in vim, which was easy because vim has the ability to edit zip files in place. If your editor does not support that, it might work if you unzip the code, edit the file directly, and then rezip, but I haven’t tried that myself. Good luck.

Categorieën: Mozilla-nl planet

Chris Cooper: The changing face of buildduty, Summer 2015 edition

Mozilla planet - di, 28/07/2015 - 00:07

Buildduty is the Mozilla release engineering (releng) equivalent of front-line support. It’s made up of a multitude of small tasks, none of which on their own are particulary complex or demanding, but taken in aggregate can amount to a lot of work.

It’s also non-deterministic. One of the most important buildduty tasks is acting as information brokers during tree closures and outages, making sure sheriffs, developers, and IT staff have the information they need. When outages happen, they supercede all other work. You may have planned to get through the backlog of buildduty tasks today, but congratulations, now you’re dealing with a network outage instead.

Releng has struggled to find a sustainable model for staffing buildduty. The struggle has been two-fold: finding engineers to do the work, and finding a duration for a buildduty rotation that doesn’t keep the engineer out of their regular workflow for too long.

I’m a firm believer that engineers *need* to be exposed to the consequences of the software they write and the systems they design:

DevOpsSupport - You write the software, you get a shift carrying the pager for it, and you get a shift answering customer calls about it.

— mhoye (@mhoye) July 15, 2015

I also believe that it’s a valuable skill to be able to design a system and document it sufficiently so that it can be handed off to someone else to maintain.

Starting this week, we’re trying something new. We’re shifting at least part of the burden to management: I am now managing a pair of contractors who will be responsible for buildduty for the rest of 2015.

Alin and Vlad are our new contractors, and are both based in Romania. Their offset from Mozilla Standard Time (aka PST) will allow them to tackle the asynchronous activities of buildduty, namely slave loans, non-urgent developer requests, and maintaining the health of the machine pools.

It will take them a few weeks to find their feet since they are unfamiliar with any of the systems. You can find them on IRC in the usual places (#releng and #buildduty). Their IRC nicks are aselagea and vladC. Hopefully they will both be comfortable enough to append |buildduty to those nicks soon. :)

While Alin and Vlad get up to speed, buildduty continues as usual in #releng. If you have an issue that needs buildduty assistance, please ask in #releng, and someone from releng will assist you as quickly as possible. For less urgent requests, please file a bug.

Categorieën: Mozilla-nl planet

Daniel Stenberg: The HTTP Workshop started

Mozilla planet - ma, 27/07/2015 - 23:55

So we started today. I won’t get into any live details or quotes from the day since it has all been informal and we’ve all agreed to not expose snippets from here without checking properly first. There will be a detailed report put together from this event afterwards.

The most critical peace of information is however how we must not walk on the red parts of the sidewalks here in Münster, as that’s the bicycle lane and they can be ruthless there.

We’ve had a bunch of presentations today with associated Q&A and follow-up discussions. Roy Fielding (HTTP spec pioneer) started out the series with a look at HTTP full of historic details and views from the past and where we are and what we’ve gone through over the years. Patrick Mcmanus (of Firefox HTTP networking) took us through some of the quirks of what a modern day browser has to do to speak HTTP and topped it off with a quiz regrading Firefox metrics. Did you know 31% of all Firefox HTTP requests get fulfilled by the cache or that 73% of all Firfox HTTP/2 connections are used more than once but only 7% of the HTTP/1 ones?

Poul-Henning Kamp (author of Varnish) brought his view on HTTP/2 from an intermediary’s point of view with a slightly pessimistic view, not totally unlike what he’s published before. Stefan Eissing (from Green Bytes) entertained us by talking about his work on writing mod_h2 for Apache Httpd (and how it might be included in the coming 2.4.x release) and we got to discuss a bit around timing measurements and its difficulties.

We rounded off the afternoon with a priority and dependency tree discussion topped off with a walk-through of numbers and slides from Kazuho Oku (author of H2O) on how dependency-trees really help and from Moto Ishizawa (from Yahoo! Japan) explaining Firefox’s (Patrick’s really) implementation of dependencies for HTTP/2.

We spent the evening having a 5-course (!) meal at a nice Italian restaurant while trading war stories about HTTP, networking and the web. Now it is close to midnight and it is time to reload and get ready for another busy day tomorrow.

I’ll round off with a picture of where most of the important conversations were had today:

kafeestation

Categorieën: Mozilla-nl planet

Mozilla IT & Operations: Product Delivery Migration: What is changing, when it’s changing and the impacts

Mozilla planet - ma, 27/07/2015 - 23:00

As promised, the FTP Migration team is following up from the 7/20 Monday Project Meeting where Sean Rich talked about a project that is underway to make our Product Delivery System better.

As a part of this project, we are migrating content out of our data centers to AWS. In addition to storage locations changing, namespaces will change and the FTP protocol for this system will be deprecated. If, after reading this post, you have any further questions, please email the team.

Action: The ftp protocol on ftp.mozilla.org is being turned off.
Timing: Wednesday, 5th August 2015.
Impacts:

    After 8/5/15, ftp protocol support for ftp.mozilla.org will be completely disabled and downloads can only be accessed through http/https.
    Users will no longer be able to just enter “ftp.mozilla.org” into their browser, because this action defaults to the ftp protocol. Going forward, users should start using archive.mozilla.org. The old name will still work but needs to be entered in your browser as https://ftp.mozilla.org/

Action: The contents of ftp.mozilla.org are being migrated from the NetApp in SCL3 to AWS/S3 managed by Cloud Services.
Timing: Migrating ftp.mozilla.org contents will start in late August and conclude by end of October. Impacted teams will be notified of their migration date.
Impacts:

    Those teams that currently manually upload to these locations have been contacted and will be provided with S3 API keys. They will be notified prior to their migration date and given a chance to validate their upload functionality post-migration.
    All existing download links will continue to work as they do now with no impact.
Categorieën: Mozilla-nl planet

Mark Surman: Mozilla Learning Strategy Slides

Mozilla planet - ma, 27/07/2015 - 22:03

Developing a long term Mozilla Learning strategy has been my big focus over the last three months. Working closely with people across our community, we’ve come up with a clear, simple goal for our work: universal web literacy. We’ve also defined ‘leadership’ and ‘advocacy’ as our two top level strategies for pursuing this goal. The use of ‘partnerships and networks’ will also be key to our efforts. These are the core elements that will make up the Mozilla Learning strategy.

Over the last month, I’ve summarized our thinking on Mozilla Learning for the Mozilla Board and a number of other internal audiences. This video is based on these presentations:

As you’ll see in the slides, our goal for Mozilla Learning is an ambitious one: make sure everyone knows how to read, write and participate on the web. In this case, everyone = the five billion people who will be online by 2025.

Our top level thinking on how to do this includes:

1. Develop leaders who teach and advocate for web literacy.

Concretely, we will integrate our Clubs, Hive and Fellows initiatives into a single, world class learning and leadership program.

2. Shift thinking: everyone understands the web / internet.

Concretely, this means we will invest more in advocacy, thought leadership and user education. We may also design ways to encourage web literacy more aggressively in our products.

3. Build a global web literacy network.

Mozilla can’t create universal web literacy on its own. All of our leadership and advocacy work will involve ‘open source’ partners with whom we’ll create a global network committed to universal web literacy.

Process-wise: we arrived at this high level strategy by looking at our existing programs and assets. We’ve been working on web literacy, leadership development and open internet advocacy for about five years now. So, we already have a lot in play. What’s needed right now is a way to focus all of our efforts in a way that will increase their impact — and that will build a real snowball of people, organizations and governments working on the web literacy agenda.

The next phase of Mozilla Learning strategy development will dig deeper on ‘how’ we will do this. I’ll provide a quick intro post on that next step in the coming days.


Filed under: mozilla
Categorieën: Mozilla-nl planet

Armen Zambrano: Enabling automated back-filling on mozilla-inbound for few hours

Mozilla planet - ma, 27/07/2015 - 20:56
tl;dr; we're going to enable automated back-filling tomorrow Tuesday for
few hours on mozilla-inbound.

We were aiming for Monday but pushed it to Tuesday to help publicize this more.

If on Wednesday there are no fall-outs we will leave it running for m-i for a week before enabling it on other places.

Posted on various mailing lists including mozilla.dev.tree-management.

> Hello all,
>
> We are planning to turn on a service that automatically backfills
> failed test jobs on m-i. If there are no concerns, we would like to
> turn this on experimentally for a couple of hours on [Tuesday]. We
> hope this will make it easier to identify which revision broke a
> test. Suggestions are welcome.
>
> The backfilling works like this: - It triggers the job that failed
> one extra time - Then it looks for a successful run of the job on the
> previous 5 revisions. If a good run is found, it triggers the job
> only on revisions up to this good run. If not, it triggers the job on
> every one of the previous 5 revisions. Previous jobs will be
> triggered one time.
>
> The tracking bug is:
> https://bugzilla.mozilla.org/show_bug.cgi?id=1180732
>
> Best, Alice

--
Zambrano Gasparnian, Armen
Automation & Tools Engineer
http://armenzg.blogspot.ca


Creative Commons License
This work by Zambrano Gasparnian, Armen is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.
Categorieën: Mozilla-nl planet

Air Mozilla: Mozilla Weekly Project Meeting

Mozilla planet - ma, 27/07/2015 - 20:00

Mozilla Weekly Project Meeting The Monday Project Meeting

Categorieën: Mozilla-nl planet

Mozilla Reps Community: Thank you Emma, Arturo and Raj

Mozilla planet - ma, 27/07/2015 - 18:40

Being part of the Reps Council is a great experience, it is at the same time an honour and a challenge and it comes with a lot of responsibility, hard work, but also lessons and growth.

We want to thank and recognize our most recent former Reps Council members for serving their one year term bringing all the their passions, knowledge and dedication to the program and making it more powerful.

Emma Irwin

emmaEmma was a great inspiration not only for Reps, but specially for mentors and the Council. Her passion for education and empowering volunteers allowed her to push the program to be much more centered towards education and growth, marking a new era for Reps.

She was not only advocating for it, but also rolling up her sleeves and running different trainings, creating curriculum and working towards improving the mentorship culture. She was also extremely helpful helping us navigate some conflicts and getting Reps to grow and put aside differences.

Arturo Martinez

arturo

Arturo’s unchallenged energy and drive were great additions to the Council. Specially during his term as Council Chair he set the standard for effectively driving initiatives, helping everyone to achieve their goals and pushing us to be excellent. Thank you for the productivity boost!

Gauthamraj Elango

raj

Raj’s passion for Web literacy and for empowering everyone to take part of the open web helped him lead Reps program to work more closely with Webmaker team, showcasing an example on how Reps can bring much more value to initiatives. He drove efforts to innovate our initiatives both in terms of local organization and funding.

These are just a few examples of their exemplary work as Council members, that not only helped Reps all around the world to step up and have more impact, but also inspired new Mozillians and all the Reps around the world on how to lead change for the open Web.

Once again, thank you so much for your time, effort and your passion, you left an outstanding mark in the program.

You can share your gratitude with them in this topic on Discourse.

Categorieën: Mozilla-nl planet

Idea Town: Mozilla schafft neues Testprogramm für Firefox-Browser - WinFuture.de - WinFuture

Nieuws verzameld via Google - ma, 27/07/2015 - 16:45

WinFuture

Idea Town: Mozilla schafft neues Testprogramm für Firefox-Browser - WinFuture.de
WinFuture
Der Firefox-Anbieter Mozilla will demnächst ein neues Testprogramm starten, Nutzer des Browsers werden dabei neue Funktionen ausprobieren können. Diese dürfen und sollen dann ihr Feedback abliefern, auf Basis dieser Rückmeldungen werden die ...
Mozilla kündigt Testprogramm für neue Browser-Funktionen an | ZDNet.deZDNet.de
Mozilla bereitet Test-Programm für neue Firefox-Funktionen vor - ITespresso.deITespresso.de
Mozilla plant neues Testprogramm für neue Firefox-Funktionen - HardwareluxxHardwareLuxx
IT Magazine
alle 6 nieuwsartikelen »
Categorieën: Mozilla-nl planet

QMO: Firefox 40 Beta 7 Testday Results

Mozilla planet - ma, 27/07/2015 - 14:47

Hello Mozillians!

As you may already know, last Friday – July 24th – we held a new Testday event, for Firefox 40 Beta 7.

We’d like to take this opportunity to thank everyone for getting involved in the proposed testing activities and in general, for helping us make Firefox better.

Many thanks go out to the Bangladesh QA Community, for testing Firefox Hello context, WebGl, Adobe flash plugin and also verifying lots of bug fixes: Hossain Al Ikram, Nazir Ahmed Sabbir, Rezaul Huque Nayeem, MD.Owes Quruny Shubho, Mohammad Maruf Islam, Md.Rahimul Islam, Kazi Nuzhat Tasnem, Md. Ehsanul Hassan, Saheda.Reza Antora, Fahmida Noor, Meraj Kazi, Md. Jahid Hasan Fahim, Israt, Towkir Ahmed and Eyakub.

Special thanks go out to participants of Campus-Party Mexico that attended Firefox 40 beta 7 testday and helped with the testing of Firefox Hello context, WebGl and Adobe flash plugin: Mauricio Navarro Miranda, LASR21 Sánchez,  diegoehg, nataly Gurrola, Jorge Luis Flores Barrales, EZ274, Armando Gomez, Karla Danitza Duran Memijes and Eduardo Arturo Enciso Hernández.

Also a big thank you goes to all our moderators.

Keep an eye on QMO for upcoming events! :)

Categorieën: Mozilla-nl planet

Mozilla veut « aller plus vite » avec Firefox | MacGeneration - MacGeneration

Nieuws verzameld via Google - ma, 27/07/2015 - 14:32

MacGeneration

Mozilla veut « aller plus vite » avec Firefox | MacGeneration
MacGeneration
Début juillet, la fondation Mozilla a déclaré qu'elle allait tout mettre en œuvre pour redonner du poil de la bête à Firefox, son navigateur libre qui perd doucement mais sûrement des parts de marché. La stratégie est bâtie autour de trois axes : pas ...
Firefox mettra en sourdine les onglets tapageurs - Silicon.frSilicon
Firefox va permettre de savoir quel onglet joue de la musique | BlogNTBlogNT (Blog)

alle 5 nieuwsartikelen »
Categorieën: Mozilla-nl planet

Mozilla kündigt Testprogramm für neue Browser-Funktionen an | ZDNet.de - ZDNet.de

Nieuws verzameld via Google - ma, 27/07/2015 - 08:14

Mozilla kündigt Testprogramm für neue Browser-Funktionen an | ZDNet.de
ZDNet.de
Mozilla plant ein neues Testprogramm, das es Firefox-Nutzern erlauben soll, mögliche neue Funktionen für den Browser auszuprobieren. Das geht laut Computerworld aus Unterlagen hervor, die der Open-Source-Anbieter veröffentlicht hat. „Idea Town“ ...

Categorieën: Mozilla-nl planet

This Week In Rust: This Week in Rust 89

Mozilla planet - ma, 27/07/2015 - 06:00

Hello and welcome to another issue of This Week in Rust! Rust is a systems language pursuing the trifecta: safety, concurrency, and speed. This is a weekly summary of its progress and community. Want something mentioned? Tweet us at @ThisWeekInRust or send us an email! Want to get involved? We love contributions.

This Week in Rust is openly developed on GitHub. If you find any errors in this week's issue, please submit a PR.

This week's edition was edited by: Vikrant Chaudhary, Brian Anderson.

From the Blogosphere New Releases & Project Updates
  • Cupid. Native Rust access to the x86 and x86_64 CPUID instruction.
  • nue. I/O and binary data encoding for Rust.
  • oxcable. A signal processing framework for making music with Rust.
  • rsmpi. Message Passing Interface (MPI) bindings for Rust.
  • rust_box2d. Rust bindings for Box2D physics engine.
  • avr-emulator. Atmel 8-bit AVR Emulator in React and Rust.
  • Piston 0.5 released.
  • font-atlas. A set of crates for creating and using 'font atlases'.
  • Hound 1.0.0. A crate for reading and writing wav audio.
  • Rusty_Dodge. A simple polar dodging game using glium.
Friend of the Tree

The Rust Team likes to occassionally recognize people who have made outstanding contributions to The Rust Project, its ecosystem, and its community. These people are 'friends of the tree'.

This week's friend of the tree was @tshepang.

Over the last year Tshepang has landed over 100 improvements to our documentation. Tshepang saw where documentation was not, and said "No. This will not do."

We should all endeavor to care about docs as much as Tshepang.

Subteam reports

Every week The Rust Teams release a report on what is going on in their corner of the project. Here are the highlights from this week's report.

  • The compiler is being refactored to work on an HIR and an MIR.
  • Work is proceeding on stabilizing the core library.
  • Basic allocators will soon be available.
  • MSVC integration is proceeding rapidly.
What's cooking on nightly?

134 pull requests were merged in the last week.

New Contributors
  • Andy Caldwell
  • Antti Keränen
  • eternaleye
  • Jason Schein
  • Jonathan Hansford
  • Kornel Lesiński
  • Leif Arne Storset
  • midinastasurazz
  • mitaa
  • Ticki
Approved RFCs

Changes to Rust follow the Rust RFC (request for comments) process. These are the RFCs that were approved for implementation this week:

Final Comment Period

Every week the team announces the 'final comment period' for RFCs and key PRs which are reaching a decision. Express your opinions now. This week's FCPs are:

New RFCs Internals discussions Upcoming Events

If you are running a Rust event please add it to the calendar to get it mentioned here. Email Erick Tryzelaar or Brian Anderson for access.

fn work(on: RustProject) -> Money

There are some jobs writing Rust! This week's listings:

  • Assistant Researcher in Karlsruhe, Germany for embedded development on ARM stm32. Contact Oliver Schneider
Quote of the Week

Opening a vortex to Hell is actually safe, but de-referencing anything you pull from the vortex isn't safe.Steve Klabnik

Thanks to Gankro for the tip. Submit your quotes for next week!.

Categorieën: Mozilla-nl planet

This Week In Rust: This Week in Rust 89

Mozilla planet - ma, 27/07/2015 - 06:00

Hello and welcome to another issue of This Week in Rust! Rust is a systems language pursuing the trifecta: safety, concurrency, and speed. This is a weekly summary of its progress and community. Want something mentioned? Tweet us at @ThisWeekInRust or send us an email! Want to get involved? We love contributions.

This Week in Rust is openly developed on GitHub. If you find any errors in this week's issue, please submit a PR.

This week's edition was edited by: Vikrant Chaudhary, Brian Anderson.

From the Blogosphere New Releases & Project Updates
  • Cupid. Native Rust access to the x86 and x86_64 CPUID instruction.
  • nue. I/O and binary data encoding for Rust.
  • oxcable. A signal processing framework for making music with Rust.
  • rsmpi. Message Passing Interface (MPI) bindings for Rust.
  • rust_box2d. Rust bindings for Box2D physics engine.
  • avr-emulator. Atmel 8-bit AVR Emulator in React and Rust.
  • Piston 0.5 released.
  • font-atlas. A set of crates for creating and using 'font atlases'.
  • Hound 1.0.0. A crate for reading and writing wav audio.
  • Rusty_Dodge. A simple polar dodging game using glium.
Friend of the Tree

The Rust Team likes to occassionally recognize people who have made outstanding contributions to The Rust Project, its ecosystem, and its community. These people are 'friends of the tree'.

This week's friend of the tree was @tshepang.

Over the last year Tshepang has landed over 100 improvements to our documentation. Tshepang saw where documentation was not, and said "No. This will not do."

We should all endeavor to care about docs as much as Tshepang.

Subteam reports

Every week The Rust Teams release a report on what is going on in their corner of the project. Here are the highlights from this week's report.

  • The compiler is being refactored to work on an HIR and an MIR.
  • Work is proceeding on stabilizing the core library.
  • Basic allocators will soon be available.
  • MSVC integration is proceeding rapidly.
What's cooking on nightly?

134 pull requests were merged in the last week.

New Contributors
  • Andy Caldwell
  • Antti Keränen
  • eternaleye
  • Jason Schein
  • Jonathan Hansford
  • Kornel Lesiński
  • Leif Arne Storset
  • midinastasurazz
  • mitaa
  • Ticki
Approved RFCs

Changes to Rust follow the Rust RFC (request for comments) process. These are the RFCs that were approved for implementation this week:

Final Comment Period

Every week the team announces the 'final comment period' for RFCs and key PRs which are reaching a decision. Express your opinions now. This week's FCPs are:

New RFCs Internals discussions Upcoming Events

If you are running a Rust event please add it to the calendar to get it mentioned here. Email Erick Tryzelaar or Brian Anderson for access.

fn work(on: RustProject) -> Money

There are some jobs writing Rust! This week's listings:

  • Assistant Researcher in Karlsruhe, Germany for embedded development on ARM stm32. Contact Oliver Schneider
Quote of the Week

Opening a vortex to Hell is actually safe, but de-referencing anything you pull from the vortex isn't safe.Steve Klabnik

Thanks to Gankro for the tip. Submit your quotes for next week!.

Categorieën: Mozilla-nl planet

Chris Manchester: Introducing mach try

Mozilla planet - ma, 27/07/2015 - 03:41

This is a short introduction to mach try, a mach command that simplifies the process of selecting tests and pushing them to the try server.

To follow along at home you’ll either need to be using git cinnabar or have a modern mercurial and the hg “push-to-try” extension (available from |mach mercurial-setup|). Append —no-push to commands to keep them from pushing to the try server, and -n to see verbose messages associated with the results of commands.

# mach try is a command that takes try syntax and automates the steps # to push the current tree to try with that syntax. # For instance: $ ./mach try -p win32 -u mochitest-bc # ... will result in pushing "try: -b do -p win32 -u mochitest-bc -t none" # to try. This saves dealing with mq or other ways of generating the try # message commit. (An in-memory commit is generated with the appropriate # message -- mq is not invoked at any stage). # The more novel feature exposed by mach try is the ability to select # specific test directories containing xpcshell, mochitests or reftests # to run on the try server. # For instance, if I've just made a change to one of the python libraries # used by our test harnesses, and I'd like to quickly check that this # feature works on windows. I can run: $ ./mach try -p win64 testing/xpcshell testing/mochitest/tests # This will result in the small number of xpcshell and mochitest tests # that live next to their harnesses being run (in a single chunk) on # try, so I can get my results without waiting for the entire suite, # and I don't need to sift through logs to figure out which chunk a # test lives in when I only care about running certain tests.

For more details run ./mach help try. As the command will inform you, this feature is under development — bugs should be filed blocking bug 1149670).

Categorieën: Mozilla-nl planet

Daniel Stenberg: HTTPS and HTTP/2 plans for my sites

Mozilla planet - zo, 26/07/2015 - 21:56

I produce a fair amount of open source code. I make that code available online. curl is probably the most popular package.

People ask me how they can trust that they are actually downloading what I put up there. People ask me when my source code can be retrieved over HTTPS. Signatures and hashes don’t add a lot against attacks when they all also are fetched over HTTP…

HTTPS

SSL padlockI really and truly want to offer HTTPS (only) for all my sites.  I and my friends run a whole busload of sites on the same physical machine and IP address (www.haxx.se, daniel.haxx.se, curl.haxx.se, c-ares.haxx.se, cool.haxx.se, libssh2.org and many more) so I would like a solution that works for all of them.

I can do this by buying certs, either a lot of individual ones or a few wildcard ones and then all servers would be covered. But the cost and the inconvenience of needing a lot of different things to make everything work has put me off. Especially since I’ve learned that there is a better solution in the works!

Let’s Encrypt will not only solve the problem for us from a cost perspective, but they also promise to solve some of the quirks on the technical side as well. They say they will ship certificates by September 2015 and that has made me wait for that option rather than rolling up my sleeves to solve the problem with my own sweat and money. Of course there’s a risk that they are delayed, but I’m not running against a hard deadline myself here.

HTTP/2

Related, I’ve been much involved in the HTTP/2 development and I host my “http2 explained” document on my still non-HTTPS site. I get a lot of questions (and some mocking) about why my HTTP/2 documentation isn’t itself available over HTTP/2. I would really like to offer it over HTTP/2.

Since all the browsers only do HTTP/2 over HTTPS, a prerequisite here is that I get HTTPS up and running first. See above.

Once HTTPS is in place, I want to get HTTP/2 going as well. I still run good old Apache here so it might be done using mod_h2 or perhaps with a fronting nghttp2 proxy. We’ll see.

Categorieën: Mozilla-nl planet

Daniel Stenberg: HTTP Workshop 2015, day -1

Mozilla planet - zo, 26/07/2015 - 21:13

http workshopI’ve traveled to a rainy and gray Münster, Germany, today and checked in to my hotel for the coming week and the HTTP Workshop. Tomorrow is the first day and I’m looking forward to it probably a little too much.

There is a whole bunch of attendees coming. Simply put, most of the world’s best brains and the most eager implementers of the HTTP stacks that are in use today and will be in use tomorrow (with a bunch of notable absentees of course but you know you’ll be missed). I’m happy and thrilled to be able to take part during this coming week.

Categorieën: Mozilla-nl planet

Julien Vehent: Using Mozilla Investigator (MIG) to detect unknown hosts

Mozilla planet - zo, 26/07/2015 - 20:19

MIG is a distributed forensics framework we built at Mozilla to keep an eye on our infrastructure. MIG can run investigations on thousands of servers very quickly, and focuses on providing low-level access to remote systems, without giving the investigator access to raw data.

As I was recently presenting MIG at the DFIR Summit in Austin, someone in the audience asked if it could be used to detect unknown or rogue systems inside a network. The best way to perform that kind of detection is to watch the network, particularly for outbound connections rogue hosts or malware would establish to a C&C server. But MIG can also help the detection by inspecting ARP tables of remote systems and cross-referencing the results with local mac addresses on known systems. Any MAC address not configured on a known system is potentially a rogue agent.

First, we want to retrieve all the MAC addresses from the ARP tables of known systems. The netstat module can perform this task by looking for neighbor MACs that match regex "^[0-9a-f]", which will match anything hexadecimal.

$ mig netstat -nm "^[0-9a-f]" > /tmp/seenmacs

We store the results in /tmp/seenmacs and pull a list of unique MACs using some bash.

$ awk '{print tolower($5)}' /tmp/seenmacs | sort | uniq 00:08:00:85:0b:c2 00:0a:9c:50:b4:36 00:0a:9c:50:bc:61 00:0c:29:41:90:fb 00:0c:29:a7:41:f7 00:10:db:ff:10:00 00:10:db:ff:30:00 00:10:db:ff:f0:00 00:21:53:12:42:c1

We now want to check that every single one of the seen MAC addresses is configured on a known agent. Again, the netstat module can be used for this task, this time by querying local mac addresses with the -lm flag.

Now the list of MACs may be quite long, so instead of running one MIG query per MAC, we group them 50 by 50 using the following script:

#! /usr/bin/env bash i=50 input=$1 output=$2 while true do echo -n "mig netstat " >> $output for mac in $(awk '{print tolower($5)}' $1|sort|uniq|head -$i|tail -50) do echo -n "-lm $mac " >> $output done echo >> $output i=$((i+50)) if [ $i -gt $(awk '{print tolower($5)}' $1|sort|uniq|wc -l) ] then exit 0 fi done

The script will build MIG netstat command with 50 arguments max. Invoke it with /tmp/seenmacs as argument 1, and an output file as argument 2.

$ bash /tmp/makemigmac.sh /tmp/seenmacs /tmp/migsearchmacs

/tmp/migsearchmacs now contains a number of MIG netstat commands that will search seen MAC addresses across the configured interfaces of known hosts. Run the commands and pipe the output to a results file.

$ for migcmd $(cat /tmp/migsearchmacs); do $migcmd >> /tmp/migfoundmacs; done

We now have a file with seen MAC addresses, and another one with MAC addresses configured on known systems. Doing the delta of the two is fairly easy in bash:

$ for seenmac in $(awk '{print tolower($5)}' /tmp/seenmacs|sort|uniq); do
hasseen=""; hasseen=$(grep $seenmac /tmp/migfoundmacs)
if [ "$hasseen" == "" ]; then
echo "$seenmac is not accounted for"
fi
done
00:21:59:96:75:7f is not accounted for
00:21:59:98:d5:bf is not accounted for
00:21:59:9c:c0:bf is not accounted for
00:21:59:9e:3c:3f is not accounted for
00:22:64:0e:72:71 is not accounted for
00:23:47:ca:f7:40 is not accounted for
00:25:61:d2:1b:c0 is not accounted for
00:25:b4:1c:c8:1d is not accounted forAutomating the detection

It's probably a good idea to run this procedure on a regular basis. The script below will automate the steps and produce a report you can easily email to your favorite security team.

#!/usr/bin/env bash
SEENMACS=$(mktemp)
SEARCHMACS=$(mktemp)
FOUNDMACS=$(mktemp)
echo "seen mac addresses are in $SEENMACS"
echo "search commands are in $SEARCHMACS"
echo "found mac addresses are in $FOUNDMACS"

echo "step 1: obtain all seen MAC addresses"
$(which mig) netstat -nm "^[0-9a-f]" 2>/dev/null | grep 'found neighbor mac' | awk '{print tolower($5)}' | sort | uniq > $SEENMACS

MACCOUNT=$(wc -l $SEENMACS | awk '{print $1}')
echo "$MACCOUNT MAC addresses found"

echo "step 2: build MIG commands to search for seen MAC addresses"
i=50
while true;
do
    echo -n "$i.."
    echo -n "$(which mig) netstat -e 50s " >> $SEARCHMACS
    for mac in $(cat $SEENMACS | head -$i | tail -50)
    do
        echo -n "-lm $mac " >> $SEARCHMACS
    done
    echo -n " >> $FOUNDMACS" >> $SEARCHMACS
    if [ $i -gt $MACCOUNT ]
    then
        break
    fi
    echo " 2>/dev/null &" >> $SEARCHMACS
    i=$((i+50))
done
echo
echo "step 3: search for MAC addresses configured on local interfaces"
bash $SEARCHMACS

sleep 60

echo "step 4: list unknown MAC addresses"
for seenmac in $(cat $SEENMACS)
do
    hasseen=$(grep "found local mac $seenmac" $FOUNDMACS)
    if [ "$hasseen" == "" ]; then
        echo "$seenmac is not accounted for"
    fi
done

The list of unknown MACs can then be used to investigate the endpoints. They could be switches, routers or other network devices that don't run the MIG agent. Or they could be rogue endpoints that you should keep an eye on.

Happy hunting!

Categorieën: Mozilla-nl planet

Panos Astithas: Lessons from Startup Weekend

Mozilla planet - zo, 26/07/2015 - 18:04
I had an exhausting but fun weekend at the Athens Startup Weekend a few days ago. Along with Christos I joined Yannis, Panagiotis Christakos and Babis Makrinikolas on the Newspeek project. When Yannis pitched the idea on Friday night, the main concept was to create a mobile phone application that would provide a better way to view news on the go. I don't believe it was very clear in his mind then, what would constitute a "better" experience, but after some chatting about it we all defined a few key aspects, which we refined later with lots of useful feedback and help from George. Surprisingly, for me at least, in only two days we managed to design, build and present a working prototype in front of the judges and the other teams. And even though the demo wasn't exactly on par with our accomplishments, I'm still amazed at what can be created in such a short time frame.
Newspeek, our product, had a server-side component that periodically collected news items from various news feeds, stored them and provided them to clients through a simple REST API. It also had an iPhone client that fetched the news items and presented them to the user in a way that respected the UI requirements and established UX norms for that device.
So, in the interest of informing future participants about what works and what doesn't work in Startup Weekend, here are the lessons I learned:
  1. If you plan to win, work on the business aspect, not on the technology. Personally, I didn't go to ASW with plans to create a startup, so I didn't care that much about winning. I mostly considered the event as a hackathon, and tried my best to end up with a working prototype. Other teams focused more on the business side of things, which is understandable, given the prize. Investors fund teams that have a good chance to return a profit, not the ones with cool technology and (mostly) working demos. Still, the small number of actual working prototypes was a disappointment for me. Even though the developers were the majority in the event, you obviously can't have too many of them in a Startup Weekend.
  2. For quick server-side prototyping and hosting, Google App Engine is your friend. Since everyone in the team had Java experience, we could have gone with a JavaEE solution and set up a dedicated server to host the site. But, since I've always wanted to try App Engine for Java and the service architecture mapped nicely to it, we tried a short experiment to see if it could fly. We built a stub service in just a few minutes, so we decided it was well worth it. Building our RESTful service was really fast, scalability was never a concern and the deployment solution was a godsend, since the hosting service provided for free by the event sponsors was evidently overloaded. We're definitely going to use it again for other projects.
  3. jQTouch rocks! Since our main deliverable would be an iPhone application, and there were only two of us who had ever built an iPhone application (of the Hello World variety), we knew we had a problem. Fortunately, I had followed the jQTouch development from a reasonable distance and had witnessed the good things people had to say, so I pitched the idea of a web application to the team and it was well received. iPhone applications built with web technologies and jQTouch can be almost indistinguishable from native ones. We all had some experience in building web applications, so the prospect of having a working prototype in only two days seemed within the realm of possibility again. The future option of packaging the application with PhoneGap and selling it in the App Store was also a bonus point for our modest business plan.
  4. For ad-hoc collaboration, Mercurial wins. Without time to set up central repositories, a DVCS was the obvious choice, and Mercurial has both bundles and a standalone server that make collaborative coding a breeze. If we had zeroconf/bonjour set up in all of our laptops, we would have used the zeroconf extension for dead easy machine lookup, but even without it things worked flawlessly.
  5. You can write code with a netbook. Since I haven't owned a laptop for the last three years, my only portable computer is an Asus EEE PC 901 running Linux. Its original purpose was to allow me to browse the web from the comfort of my couch. Lately however, I'm finding myself using it to write software more than anything else. During the Startup Weekend it had constantly open Eclipse (for server-side code), Firefox (for JavaScript debugging), Chrome (for webkit rendering), gedit (for client-side code) and a terminal, without breaking a sweat.
  6. When demoing an iPhone application, whatever you do, don't sweat. Half-way through our presentation, tapping the buttons didn't work reliably all the time, so anxiety ensued. Since we couldn't make a proper presentation due to a missing cable, we opted for a live demo, wherein Yannis held the mic and made the presentation, and I posed as the bimbo that holds the product and clicks around. After a while we ended up both touching the screen, trying to make the bloody buttons click, which ensured the opposite effect. In retrospect, using a cloth occasionally would have made for a smoother demo, plus we could have slipped a joke in there, to keep the spirit up.
All in all it was an awesome experience, where we learned how far we can stretch ourselves, made new friends and caught up with old ones. Next year, I'll make sure I have a napkin, too.
Categorieën: Mozilla-nl planet

Emma Irwin: #MozLove for April

Mozilla planet - zo, 26/07/2015 - 16:22

This month’s #mozlove post is for April Morone.

I wrote this post with  inspiration from the first version of ‘Participation Personas . Personas (V1) is a  list of contributor profiles I use to design participation opportunities.  For each persona I also suggest a series of ‘lenses’ which, I believe can help us design with, and for greater diversity and dimension.

A lens can be anything from gender identity and age, to what I called a ‘toxic rating’, which changes the flexibility and value of collaborating with someone.   Another lens is what I have (so far) called ‘accessibility’, which encourages thinking about physical challenges of contribution.  This could be anything from asking ourselves if resources are ‘screen reader friendly’, to building in a respect for periods of time people may ‘disappear’ to take care of their wellness.  

In that light I would like to highlight the contributions, enthusiasm and dedication of April Morone. April describes herself as a ‘disabled contributor’ living with partial blindness, hearing loss and neuro-muscular problems . April is also advocate for helping other people living with disabilities contribute to the Mozilla project.   April was kind enough to take time to answer my questions, the first of which was “What got you started contributing?”

“What got me contributing was this insatiable need to help and insatiable need to learn more in the IT field, as well as to DO more in the IT field. I’ve always been helping others, from my cousins, helping teach them at the age of twelve on up, to teaching and helping others.”

You will find April embedded in the project helping others, especially focused on new contributors people setting up local environments for bug-fixes.  When I asked her what sustains her participation, she felt equally as motivated by people who ‘want to learn’, as her own interest in teaching and helping.

When listing the challenges to contribution, April identified the continual challenges posed by health issues which include the emotional effects of  surviving domestic abuse.  On the more predicable scale, April also listed issues with technology fails and limited time as worthy opponants.  What’s I think is very inspiring about both April and the community around her is how she describes her continued involvement and the people making a difference for her:

Abishek Gupta, Gautam Sharma, David Walsh, Luke Crouch, Janet Swisher, Hagen Halbach, and Daniel Desira have kept me going. They have been contributors and now also friends who have supported me through difficult times when I might have otherwise have given up contributing. I had thought of dropping out of contributing and even just giving up. But they stood by me, listened, and gave support, which help.  What also kept me going is my love of helping others, my love of Mozilla, and my love of IT and web development.

I think this is really, really special in that the community is as much a place to find ‘your people’, as it is a cause to contribute to.   I know April is among a small group of volunteers at Mozilla with ambitions of creating a more supportive network for contributors living with disability through directed documentation and on-boarding –  which I think is just amazing.  I am grateful to be a part of a community that includes April and many of the people she listed who help her be successful.

 

db8dadb3c7cc3bc2083881ff935416bd54101ced

Next month I hope to write a couple of these posts – we’ll see.

“Felt Heart” Image credit: Lauren Jong

 

Categorieën: Mozilla-nl planet

Pagina's