Open Policy & AdvocacyIt’s the final countdown: US surveillance reform nearing the finish line

The USA FREEDOM Act was born out of the shocking revelations of overbroad government surveillance that began two years ago. In its short life (it was first introduced in 2013) the USA FREEDOM Act has gone through many iterations; along with many others we have supported this legislation in our push for broader surveillance reform. The USA FREEDOM Act, although not perfect and clearly a product of compromise, deserved our support. Yet, even after overwhelming support in the House, the Senate failed to do its job late last Friday night and failed to pass the USA FREEDOM Act (defeated by a 57-42 vote). Just three more votes were needed to move this legislation forward. The word “disappointing” doesn’t really express the proper sentiment.

Facing expiration (at midnight on May 31, 2015) of three legal authorities authorizing US surveillance programs, the Senate also declined on Friday night to advance a two-month reauthorization of these authorities (by a vote of 45-54). The strategic decision-making here is still confounding. Why wait until the night before a holiday recess when the House has already left to take these votes to the floor? Now, Senate Majority Leader Mitch McConnell – left with few options — is taking the unusual step of calling a Sunday May 31st session to try again to pass something just hours before these authorities sunset. This won’t be without several challenges.

Any paths for emergency reauthorization or any “compromises” will face filibuster threats from, among others, Senator Rand Paul, who took to the floor for 10 and half hours last week to lambast the surveillance state and refused Majority Leader McConnell’s attempts on Friday evening to extend these expiring provisions by even one day. Senator Paul’s hardline opposition, combined with the nuances of the Senate’s arcane procedures and the presence of a number of other privacy champions in the Senate, means it will be nearly impossible to pass legislation in such a short window of time.

On the House side, Representatives passed the USA FREEDOM Act overwhelmingly. The House is scheduled to return from recess and vote no earlier than 6:30PM on June 1st – well after the authorities sunset. There may be some last minute wrangling during this recess week, but without some agreement from the House to take up an interim reauthorization prior to the May 31st expiration, it appears that the Senate must either pass the House version of USA FREEDOM or let these authorities sunset. Put another way, if the Senate doesn’t pass the House version of USA FREEDOM, there will be a gap in authorized collection by the intelligence community. Justice Department officials have indicated that the NSA has already begun shutting down the 215 programs so as to be in compliance if a sunset occurs.

So what actually happens if these provisions sunset? It is tempting to view a sunset as a privacy win, as the government would be restrained from bulk collection of our telephone records after all. While there’s truth to that, we can and should expect to see the national security hawks and the intelligence community push hard to reinstate some version of these authorities. A likely possibility is a Senate effort to pass a weaker “reform” bill, a watered down USA FREEDOM Act. For example, several senators have been vocal about their belief in the need for a data retention mandate — which we’ve spoken out against before — so if these authorities expire, we fear post-sunset legislative efforts will likely include such a requirement as a pathway to 60 votes in the Senate. Already Senate Intelligence Chair Richard Burr and Vice Chair Diane Feinstein have each floated bills to this end. We oppose both of these bills; they do not provide the reforms that we need.

However, as Harley Geiger of CDT notes in a recent post on Lawfare: “A few hours’ sunset may not make much difference to beltway insiders, but a post-sunset vote re-instating Sec. 215 can correctly be seen by voters as a huge expansion in government surveillance power after that power had gone dormant.” While the Senate may look to compromise after sunset, the House may well lean the other direction. House Judiciary Chairman Goodlatte and Ranking Member Conyers have indicated in a recent statement, “If the Senate chooses to allow these authorities to expire, they should do so knowing that sunset may be permanent.”

Yet, permanent sunset of Section 215 would not satisfy the Senate, and it would not be a panacea for civil liberties. The government could still conduct bulk collection in a few different ways:

  1. The government could use the FISA pen register/trap and trace statute (PR/TT), for example, which the government has previously used to conduct bulk collection of email metadata (the program allegedly ended in 2011 due to a lack of resources and demonstrated efficacy). It’s worth noting that while bulk collection under PR/TT is curtailed in the USA FREEDOM Act, this statute doesn’t otherwise have a sunset.
  2. Through other legal pathways — the vast majority of mass surveillance occurs under other authorities such as Executive Order 12333 and Section 702 of the FISA Amendments Act. While the USA FREEDOM Act doesn’t address these authorities either, we believe passing this legislation will serve as a better foundation for further reform than a sunset.
  3. Through grandfathering — Section 215’s sunset provision has a clause saying that investigations that were begun before the sunset occurred may continue. The FBI doesn’t put a time limit on its investigations, whatever broad investigation they’ve been using to justify bulk collection could foreseeably continue indefinitely. While the recent 2nd Circuit Court of Appeals opinion might mitigate this a bit, it’s unclear if the Foreign Intelligence Surveillance Court will apply that court’s reasoning to the government.

Privacy and security of users on the Internet is fundamental. Mozilla stands in continued support of the USA FREEDOM Act, as do hundreds of thousands of users, tech companies, privacy advocates, the Director of National Intelligence, the Attorney General, and the White House. Indeed, a bipartisan majority of both chambers of Congress support this legislation. We urge the House to stand behind their overwhelming vote to approve this legislation and to demand reforms that are at least as strong as the USA FREEDOM Act. Ultimately, this bill failed on a procedural vote on Friday night by just three votes. When the Senate reconvenes this Sunday, we hope three senators will step up to help enact the real reforms that users demand.

 

 

Meeting NotesMobile: 2015-05-27

Schedule

Topics for This Week

  • Nightly builds not accessible via http://nightly.mozilla.org
  • Zoomed view enabled by default on Nightly (when ^ is fixed): bug 663803
  • Trying to collect all of the NIGHTLY_BUILD flags to see if they’re still necessary/useful (using Nightly+ flags)

Tracking Review

Beta

  • Next Build:
ID Summary Status Assigned to Last change time
1159049 x86 Android is sent the OpenH264 plugin for ARM Android NEW Chris AtLee [:catlee] (catlee) 2015-05-06T16:34:43Z


1 Total;
1 Open (100%);
0 Resolved (0%);
0 Verified (0%);

Aurora

  • Next Build:
ID Summary Status Assigned to Last change time
1010068 Disable OCSP for DV certificates in Firefox for Android ASSIGNED Brad Lassey [:blassey] (use needinfo?) (blassey.bugs) 2015-05-20T00:15:15Z
1016555 Disable OCSP checking for certificates covered by OneCRL ASSIGNED David Keeler [:keeler] (use needinfo?) (dkeeler) 2015-05-16T23:30:57Z
1150284 [Browser] Unable to zoom in/out on Google Maps ASSIGNED Robert O’Callahan (:roc) (Mozilla Corporation) (roc) 2015-05-21T04:41:27Z
1167208 Incorrect navigator.userAgent requested via Request Desktop Site ASSIGNED Nick Alexander :nalexander (nalexander) 2015-05-27T12:08:54Z


4 Total;
4 Open (100%);
0 Resolved (0%);
0 Verified (0%);

Nightly

  • Next Build:
ID Summary Status Assigned to Last change time
1047127 Panning very stuttery on this page with overflow-x ASSIGNED Danilo Cesar Lemes de Paula (danilo.eu) 2015-05-14T17:21:12Z
1126244 Create a maximum reader mode cache size and evict records when necessary ASSIGNED Vivek Balakrishnan[:vivek] (vivekb.balakrishnan) 2015-04-30T17:08:28Z
1156553 Tab queue makes captive portal use annoying ASSIGNED Martyn Haigh (:mhaigh) (mhaigh) 2015-05-27T16:59:23Z


3 Total;
3 Open (100%);
0 Resolved (0%);
0 Verified (0%);

Friends of the Mobile Team

Give a shoutout/thanks to people for helping fix and test bugs. Make sure friends also get awarded a badge. New contributors are highlighted in bold.

Android:

  • Aaron Raimist fixed bug 1163211 – Remove windowSoftInputMode comment in AndroidManifest.xml.in
  • Neil Bleasdale fixed bug 1165137 – Remove the ‘static’ keyword from ChangeVerifier interface
  • Dominique fixed bug 1165128 – Enable zoomedview by default.
  • Nicolas Croiset provided logs to help debug bug 1138943 – A long running ticket that looks like bad error handling in the face of some token server responses. We shall see!

iOS:

  • James Ide fixed bug 1167521 – Use the standard scroll view deceleration rate for faster vertical scrolling
  • dusek fixed bug 1166018 – Firefox pauses system audio when launched (while not previously running)

Stand ups

Suggested format:

  • What did you do last week?
  • What are working on this week?
  • Anything blocking you?

Please keep your update to under 2 minutes!

James W. (snorp)

  • Updating to NDK r10e to fix linking bug on x86 (bugs 1141693, 1165460)
    • Working around strange open() issue in child processes
  • Getting back to perf work
  • Spent some time improving jimdb to work with NDK-provided gdb (which is newer) and 64bit devices
  • APZ contract is finished, still maybe a couple patches away from being usable on Nightly

JChen

  • Not working on Presentation WebAPI
Fixed
Working on

GCP

<Read Only>

  • Last week:
    • SafeBrowsing & Load Manager reviews
    • Mentored SafeBrowsing bugs turning into
    • bug 1168345 nsTArray::Sort shouldn’t need Equals in the comparator
    • Fixed many Video sandboxing try failures
  • Next week:
    • Fix the remaining ones

Randall Barker

Last Week:

  • Broke UI fixes out of bug 659285 Extend media.autoplay.enabled to provide a way to disable untrusted play() invocations. UI portion now in bug 1166961 Re-enable missing video UI when element does not have controls.
  • Started looking at bug 1163664 Don’t check for plugin blocklist state on Android.

Next Week:

Eugen Sawin

Fixed
Working on

Brian Nicholson

  • bug 1153285 – Custom context menu (with Open In New Tab)
  • bug 1164828 – Fix icon alignment in search settings
  • bug 1137415 – Better search icons
  • Experimented with overriding BackForwardList to restore session history

WesJ

  • bug 1147071 – Use encrypted database storage for passwords. Spent some time reading up on ios’s db syncing. Now chasing a build error.
  • bug 1134532 – Pages can lock the urlbar from scrolling on screen. Backed out! There are some bugs with the webview touch event listener that I need to find a work around for (or a different way of doing this).
  • bug 1125835 – Design a good error page. A little confusion with reviews here, but still ready to go I think.
  • bug 1163120 – Restore tabs lazy.
  • bug 1166860 – Crash in BrowserViewController.webView(, didFinishNavigation:)

liuche

Highlights:

  • Finishing up doorhanger styling

Present:

karim

Past:

Present:

Margaret

Highlights:

Past:

Present:

mcomella

  • Search engine bar & followups
  • Partner stuff

Past:

Present:

rnewman

  • History sync on iOS and assorted miscellany.
  • Partner stuff.
Fixed
Working on

nalexander

  • Contributors: working with Ahmed and vivek last week on tabs database and split pane history panel tickets, respectively.
    • Special thanks to Nicolas Croiset for helping me debug bug 1138943
  • Partners: working on bi-directional Java Addons: bug 1168407
    • Proof of concept working as of last night; need to re-factor API to support “unloading” DEX files
  • Partners: working on integration with third-party identity services.
  • Android: continued investigating FxA sign-in over the web: bug androidwebfxa.
    • Met with dcoates and rfkelly
    • dcoates has built a “sign-in with Open ID” proof of concept for a partner demo
    • action is back to me to build an API for creating Firefox Accounts from chrome JS
    • mcomella has also been pushing Intent handling, which ties into this story
  • Partners: working on –with-android-distribution-directory; still waiting for bug 991983 to land to rebase.
  • iOS: reviews.
  • mach package-frontend: local improvements only — now using Tree Herder and the local pushlog database to scrape data.

Martyn Haigh

  • Finishing TQ
  • Hacking on Settings & Tabs Panel

Past:

Present:

Stefan

Just Closed:

  • 1160467 – [ga-IE] [sv-SE] [bn-IN] Firefox for iOS (build 9): Locale code mapping error due to Mozilla locale codes not adhering to BCP 47
  • 116266 – Upgrade the CI Server to Xcode 6.3.2
  • 1164555 – Do an optimized release build for the Firefox target
  • 1166860 – Crash in BrowserViewController.webView(, didFinishNavigation:)
  • 1167288 – Startup crash in Browser.historyList
  • 1165745 – Reading View Caching Issues
  • 1164160 – Local server pages don’t restore properly on resume
  • 1166491 – Session encoding unsafely unwraps web view’s URL
  • 1167310 – Do not store tab state at startup
  • 1168687 – Screenshots do not restore on resume

Current focus:

  • 1094262 – (ios) Implement the Send To Extension UI
  • 1141598 – Reader mode should open full screen
  • 1168136 – Add an option to prefer single-column or grid layout for tabs on iPhone

Steph

Issues Resolved

Ally

  • landed Bug 1065004 – Provide an option to always open tabs in Private Browsing landed
  • about:passwords, favicons test patch on bug, waiting on feedback
  • Bug 1141769 – Implement new style(unified) FHR/Telemetry password manager probes
    • bogged down in the talos mud, linux in particular
  • bevy of incoming data collection reviews
  • will be at google i/o Thursday/Friday

Emily

Highlights:

  • First Week
  • First PR

Past:

Present:

BLassey

Fixed
Working on

MFinkle

  • Trying to discuss more of the outcome of the Product Line Review
  • Getting ready for a mid-year review around projects and headcount
Fixed
Working on

Antlam

Read-only

  • Past
    • Partner stuff
    • Tab queue w/ mhaigh (copy wrangling)
    • Passwords & Doorhangers clean up
    • bug 1087644: Voice integration with Karim
    • bug 1165127: Zoomed-view animation
    • bug 1063058: Clean up Panels UI
  • Upcoming
    • At IO
    • Partner stuff
    • bug 1153389: Private browsing UI clean-up
    • bug 602818: QR input
    • On-boarding for iOS and Android
    • Add-ons
    • General follow up w/ Chenxia, Mcomella, Margaret

Darrin

  • Partner/Service Integration work week in Toronto last week – will post summary when it’s available
  • Filing many iOS UX polish bugs :)
  • Working on some mockups for UI tweaks based on user research/interviews
  • Starting to sketch some ideas for future areas of focus – contextual hints, etc.

A-Team

QA

Feature Focus

Android Summary

Happenings
  • ‘Mobile browsing history prioritized over synced DT history’ de-prioritized, and moved out to 42
  • ‘quick search bar above keyboard’ will not hit 40. Moved to 41.
  • There are a handful of over items that ‘may’ be targeted/re-targeted shortly. Follow-ups in progress. (Voice Integration, QR Code Reader, Magnifying glass on clustered links, click-to-view-images). Watch for updates!
    • Update – QR Code Reading and Voice Integration now targeted for 41
Links

iOS Summary

Happenings
  • No recent changes to iOS roadmap. See Aha! for the current ‘story’.
  • V1.0 continues to progress
    • Sync continues to chug along – History!
    • Ongoing improvements around scrolling and other visuals
    • Call for (additional) external beta testers received notable attention
    • New release date has not been established yet. Dependent on external feedback trends, as the program ramps up. Downstream teams will be notified with sufficient lead team once we have a better idea of timing.
Links

Details

  • Wednesdays – 9:30am Pacific, 12:30pm Eastern, 16:30 UTC
  • Dial-in: conference# 99998
    • US/Toll-free: +1 800 707 2533, (pin 369) Conf# 99998
    • US/California/Mountain View: +1 650 903 0800, x92 Conf# 99998
    • US/California/San Francisco: +1 415 762 5700, x92 Conf# 99998
    • US/Oregon/Portland: +1 971 544 8000, x92 Conf# 99998
    • CA/British Columbia/Vancouver: +1 778 785 1540, x92 Conf# 99998
    • CA/Ontario/Toronto: +1 416 848 3114, x92 Conf# 99998
    • UK/London: +44 (0)207 855 3000, x92 Conf# 99998
    • FR/Paris: +33 1 44 79 34 80, x92 Conf# 99998
  • irc.mozilla.org #mobile for backchannel
  • Mobile Vidyo Room

Meeting NotesFirefox/Gecko Delivery Planning: 2015-05-27

Schedule & Progress onUpcoming Releases (Liz/Sylvestre/Lawrence)

38.0.5 is going to the release channel but until we are certain it’s stable there we can’t put 39 onto the beta channel. 39 will have only 3.5 weeks on beta. One of those will be the workweek in Whistler.

38:

  • 38.0.5 beta 4 [mobile] release today
  • 38.0.5 [mobile] go to build (for the release channel) today
  • 38.0.5 [mobile] release Thursday

39:

  • 39.0 beta 1 build 2 [mobile] [desktop] should finally be on the beta channel on Thursday. Still not 100% certain.

40:

  • Dev edition special release coming up; we should avoid doing anything to destabilize aurora right now.

Firefox Mobile (Mark/Brad/Jenn)

Firefox for iOS

  • iOS Roadmap in Aha!
  • No recent changes to iOS roadmap. See Aha! for the current ‘story’.
  • V1.0 continues to progress
    • Sync continues to chug along – History!
    • Ongoing improvements around scrolling and other visuals
    • Call for (additional) external beta testers received notable attention
    • New release date has not been established yet. Dependent on external feedback trends, as the program ramps up. Downstream teams will be notified with sufficient lead team once we have a better idea of timing.

Firefox for Android

  • Fennec Roadmap in Aha!
  • ‘Mobile browsing history prioritized over synced DT history’ de-prioritized, and moved out to 42
  • ‘quick search bar above keyboard’ will not hit 40. Moved to 41.
  • There are a handful of over items that ‘may’ be targeted/re-targeted shortly. Follow-ups in progress. (Voice Integration, QR Code Reader, Magnifying glass on clustered links, click-to-view-images). Watch for updates!
    • Update – QR Code Reading and Voice Integration now targeted for 41

Developer Tools (Jeff)

<Read Only>

  • final stages of devedition-40 project, things are looking 10% less crazy than they did last time. I call it a win?

Feedback Summary (Cheng/Tyler/Matt)

No updates today.

Marketing, Press & Public Reaction (Arcadio)

  • Full throttle on Spring campaign
  • Android test campaign results coming in from Yahoo network

Planning Meeting Details

  • Wednesdays – 11:00am PT, 18:00 UTC
  • Mountain View Offices: Warp Core Conference Room
  • Toronto Offices: Finch Conference Room
  • irc.mozilla.org #planning for backchannel
  • (the developer meeting takes place on Tuesdays)

Video/Teleconference Details – NEW

Air MozillaKids' Vision - Mentorship Series

Kids' Vision - Mentorship Series Mozilla hosts Kids Vision Bay Area Mentor Series

Air MozillaQuality Team (QA) Public Meeting

Quality Team (QA) Public Meeting This is the meeting where all the Mozilla quality teams meet, swap ideas, exchange notes on what is upcoming, and strategize around community building and...

Air MozillaSecurity Services / MDN Update

Security Services / MDN Update An update on the roadmap and plan for Minion and some new MDN projects coming up in Q3 and the rest of 2015

WebmakerMozilla Academy Strategy Update

One of MoFo’s main goals for 2015 is to come up with an ambitious learning and community strategy. The codename for this is ‘Mozilla Academy’. As a way to get the process rolling, I wrote a long post in March outlining what we might include in that strategy. Since then, I’ve been putting together a team to dig into the strategy work formally.

This post is an update on that process in FAQ form. More substance and meat is coming in future posts. Also, there is lots of info on the wiki.

Q1. What are we trying to do?

Our main goal is alignment: to get everyone working on Mozilla’s learning and leadership development programs pointed in the same direction. The three main places we need to align are:

  1. Purpose: help people learn and hone the ability to read | write | participate.
  2. Process: people learn and improve by making things (in a community of like-minded peers).
  3. Poetry: tie back to ‘web = public resource’ narrative. Strong Mozilla brand.

At the end of the year, we will have a unified strategy that connects Mozilla’s learning and leadership development offerings (Webmaker, Hive, Open News, etc.). Right now, we do good work in these areas, but they’re a bit fragmented. We need to fix that by creating a coherent story and common approaches that will increase the impact these programs can have on the world.

Q2. What is ‘Mozilla Academy’?

That’s what we’re trying to figure out. At the very least, Mozilla Academy will be a clearly packaged and branded harmonization of Mozilla’s learning and leadership programs. People will be able to clearly understand what we’re doing and which parts are for them. Mozilla Academy may also include a common set of web literacy skills, curriculum format and learning approaches that we use across programs. We are also reviewing the possibility of a shared set of credentials or roles for people participating in Mozilla Academy.

Q3. Who is ‘Mozilla Academy’ for?

Over the past few weeks, we’ve started to look at who we’re trying to serve with our existing programs (blog post on this soon). Using the ‘scale vs depth’ graph in the Mozilla Learning plan as a framework, we see three main audiences:

  • 1.4 billion Facebook users. Or, whatever metric you use to count active people on the internet. We can reach some percentage of these people with software or marketing that invite people to ‘read | write | participate’. We probably won’t get them to want to ‘learn’ in an explicit way. They will learn by doing. Which is fine. Webmaker and SmartOn currently focus on this group.
  • People who actively want to grow their web literacy and skills. These are people interested enough in skills or technology or Mozilla that they will choose to participate in an explicit learning activity. They include everyone from young people in afterschool programs to web developers who might be interested in taking a course with Mozilla. Mozilla Clubs, Hive and MDN’s nascent learning program currently focus on this group.
  • People who want to hone their skills *and* have an impact on the world. These are people who already understand the web and technology at some level, but want to get better. They are also interested in doing something good for the web, the world or both. They include everyone from an educator wanting to create digital curriculum to a developer who wants to make the world of news or science better. Hive, ReMo and our community-based fellowships currently serve these people.

A big part of the strategy process is getting clear on these audiences. From there we can start to ask questions like: who can Mozilla best serve?; where can we have the most impact?; can people in one group serve or support people in another? Once we have the answers to these questions we can decide where to place our biggest bets (we need to do this!). And we can start raising more money to support our ambitious plans.

Q4. What is a ‘strategy’ useful for?

We want to accomplish a few things as a result of this process. A. A way to clearly communicate the ‘what and why’ of Mozilla’s learning and leadership efforts. B. A framework for designing new programs, adjusting program designs and fundraising for program growth. C. Common approaches and platforms we can use across programs. These things are important if we want Mozilla to stay in learning and leadership for the long haul, which we do.

Q5. What do you mean by ‘common approaches’?

There are a number of places where we do similar work in different ways. For example, Mozilla Clubs, Hive, Mozilla Developer Network, Open News and Mozilla Science Lab are all working on curriculum but do not yet have a shared curriculum model or repository. Similarly, Mozilla runs four fellowship programs but does not have a shared definition of a ‘Mozilla Fellow’. Common approaches could help here.

Q6. Are you developing a new program for Mozilla?

That’s not our goal. We like most of the work we’re doing now. As outlined in the 2015 Mozilla Learning Plan, our aim is to keep building on the strongest elements of our work and then connect these elements where it makes sense. We may modify, add or cut program elements in the future, but that’s not our main focus.

Q7. Are you set on the ‘Mozilla Academy’ name?

It’s pretty unlikely that we will use that name. Many people hate it. However, we needed a moniker to use during the strategy process. For better or for worse, that’s the one we chose.

Q8. What’s the timing for all of this?

We will have a basic alignment framework around ‘purpose, process and poetry’ by the end of June. We’ll work with the team at the Mozilla All Hands in Whistler. We will develop specific program designs, engage in a  broad conversation and run experiments. By October, we will have an updated version of the Mozilla Learning plan, which will lay out our work for 2016+.

As indicated above, the aim of this post is to give a process update. There is much more info on the process, who’s running it and what all the pieces are in the Mozilla Learning strategy wiki FAQ. The wiki also has info on how to get involved. If you have additional questions, ask them here. I’ll respond to the comments and also add my answers to the wiki.

In terms of substance, I’m planning a number of posts in coming weeks on topics like the essence of web literacy, who our audiences are and how we think about learning. People leading Mozilla Academy working groups will also be posting on substantive topics like our evolving thinking around the web literacy map and fellows programs. And, of course, the wiki will be growing with substantive strategy documents covering many of the topics above.

Air MozillaProduct Coordination Meeting

Product Coordination Meeting Duration: 10 minutes This is a weekly status meeting, every Wednesday, that helps coordinate the shipping of our products (across 4 release channels) in order...

Mozilla IndiaRegister for Mozilla Security project – SECURING WEB @ZAP

About Mozilla Security Project – Securing Web @ZAP:

“Securing Web @ZAP” is a community run pilot project aimed to bring awareness around various threats possessed by a web application. The first pilot workshop will be hosted at Collab House, Hyderabad.

Who can join the workshop?

Mozilla Security Project is aimed for students, security enthusiasts and anyone interested. During the workshop, participants will be trained on ways to detect the threats by performing security attacks using the ZAP security tool.
Dates:

Securing Web @ZAP is a 8 Day(4 Weekends) Workshop.

Workshop starts from:

  • June 19,20
  • June 27,28
  • July 04,05
  • July 11,12

To learn more visit: https://etherpad.mozilla.org/remo-securingweb-mozilla

About OWASP ZAP:

OWASP ZAP is an integrated pentest tool used to find vulnerabilities in a web application. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. Zap is one of the top voted Security Tools in 2014.

Why join Mozilla Security Workshop?

  • After successful completion of workshop, a project on ZAP is assigned to each team/person by Mozilla Security Staff.
  • Outstanding contributors to the assigned project get reference letter from Mozilla Security Team.
  • Chance to get the commit access privileges for a security tool.
  • Exclusive swag/ goodies for participants undergoing 8 day campaign!
  • A chance to collaborate directly with best talent from the security industry
  • Get a chance to add your name to the ZAP Help Credits page! https://code.google.com/p/zaproxy/wiki/HelpCredits

Apply Now!

Register here:
Loading…

Deadline:

  • There are limited slots available. The event is free to participate but registration is mandatory for the event. Selected participants will be contacted via email on further steps to join the project.
  • Kindly provide as much details with relevant links in the application form.

Team

Core team for Mozilla Security Project – Securing Web @ZAP:

  • Sumanth Damarla (Mozilla Rep, ZAP Evangelist, India)
  • Sudarshan Reddy
  • Sanjay Gouri

Remote Support:

  • Simon Bennetts (Mozilla Security Automation Engineer & ZAP Project Lead)
  • Emma Irwin

Mentor Support:

  • Vineel Reddy Pindi

Mozilla Add-ons BlogUpdate on Extension Signing and New Developer Agreement

If you have an active extension listing on AMO you probably got a message from us already, explaining how we will automatically sign your add-on and provide it to your users via automatic updates. The automatic signing process will run this week, in batches, and we will notify you when your add-on is signed. Please take some time to test the signed version in the current release version of Firefox and either Developer Edition or Nightly (where Firefox already warns about unsigned extensions).

If you’re unfamiliar with extension signing, please read the original announcement for context.

Next week, we will activate two new features on AMO: signing of new add-on versions after they are reviewed, and add-on submission for developers who wish to have their add-ons signed but don’t want them listed on AMO. We will post another update once this happens. When this is done, all extension developers will be able to have their extensions signed, with enough time to update their users before signing becomes a requirement in release versions of Firefox.

New Developer Agreement

Since we will be signing add-ons that won’t be listed on AMO, we have updated the Add-on Distribution Developer Agreement to cover the new ways in which we will handle add-ons. This document hadn’t been touched for years, so we took our time and significantly updated its contents to reflect how we do things now. Hopefully it is also easier to read than its previous version.

Note that the new agreement will go into effect on June 1st. The version that is displayed on AMO when you submit a new add-on will be updated then, and all active developers on AMO will be notified about it.

If you want to stay up to date with changes related to extension signing, you can follow this blog or check in regularly to the wiki page, where I update the timeline information as it becomes clearer.

Air MozillaBugzilla Development Meeting

Bugzilla Development Meeting Help define, plan, design, and implement Bugzilla's future!

Rumbling Edge - Thunderbird2015-05-26 Calendar builds

Common (excluding Website bugs)-specific: (23)

  • Fixed: 735253 – JavaScript Error: “TypeError: calendar is null” {file: “chrome://calendar/content/calendar-task-editing.js” line: 102}
  • Fixed: 768207 – Make the cache checkbox default-on in the new calendar dialog
  • Fixed: 1049591 – Fix lots of strict warnings
  • Fixed: 1086573 – Lightning and Thunderbird disagree about timezone support in ics files
  • Fixed: 1099592 – Make JS callers of ios.newChannel call ios.newChannel2 in calendar/
  • Fixed: 1149423 – Add Windows timezone names to list of aliases
  • Fixed: 1151011 – Calendar events show up on wrong day when printing
  • Fixed: 1151440 – Choose a color not responsive when creating a New calendar in Lightning 4.0b1
  • Fixed: 1153327 – Run compare-locales with merging for Lightning
  • Fixed: 1156015 – Email scheduling fails for recipients with URN id
  • Fixed: 1158036 – Support sendMailTo for URN type attendees
  • Fixed: 1159447 – TEST-UNEXPECTED-FAIL | xpcshell-icaljs.ini:calendar/test/unit/test_extract.js
  • Fixed: 1159638 – Getter fails in calender-migration-dialog on first run after installation
  • Fixed: 1159682 – Provide a more appropriate “learn more” page on integrated Lightning firstrun
  • Fixed: 1159698 – Opt-out dialog has a button for “disable”, but actually the addon is removed
  • Fixed: 1160728 – Unbreak Lightning 4.0b4 beta builds
  • Fixed: 1162300 – TEST-UNEXPECTED-FAIL | xpcshell-libical.ini:calendar/test/unit/test_alarm.js | xpcshell return code: 0
  • Fixed: 1163306 – Re-enable libical tests and disable ical.js in nightly builds when binary compatibility is back
  • Fixed: 1165002 – Lightning broken, tries to load libical backend although “calendar.icaljs” defaults to “true”
  • Fixed: 1165315 – TEST-UNEXPECTED-FAIL | xpcshell-icaljs.ini:calendar/test/unit/test_bug759324.js | xpcshell return code: 1 | ###!!! ASSERTION: Deprecated, use NewChannelFromURI2 providing loadInfo arguments!
  • Fixed: 1165497 – TEST-UNEXPECTED-FAIL | xpcshell-icaljs.ini:calendar/test/unit/test_alarmservice.js | xpcshell return code: -11
  • Fixed: 1165726 – TEST-UNEXPECTED-FAIL | /builds/slave/test/build/tests/mozmill/testBasicFunctionality.js | testBasicFunctionality.js::testSmokeTest
  • Fixed: 1165728 – TEST-UNEXPECTED-FAIL | xpcshell-icaljs.ini:calendar/test/unit/test_bug494140.js | xpcshell return code: -11

Sunbird will no longer be actively developed by the Calendar team.

Windows builds Official Windows

Linux builds Official Linux (i686), Official Linux (x86_64)

Mac builds Official Mac

Rumbling Edge - Thunderbird2015-05-26 Thunderbird comm-central builds

Thunderbird-specific: (54)

  • Fixed: 401779 – Integrate Lightning Into Thunderbird by Default and Ship Thunderbird with Lightning Enabled
  • Fixed: 717292 – Spell check language setting for subject and body not synchronized, but temporarily appears so when changing language and depending on focus (confusing ux)
  • Fixed: 914225 – Support hotfix add-on in Thunderbird
  • Fixed: 1025547 – newmailaccount/jquery.tmpl.js, line 123: reference to undefined property def[1]
  • Fixed: 1088975 – Answering mail with sendername containing encoded special chars and comma creates two “To”-entries
  • Fixed: 1101237 – Remove distribution directory during install
  • Fixed: 1109178 – Thunderbird OAuth implementation does not work with Evernote
  • Fixed: 1110166 – Port |Bug 1102219 – Rename String.prototype.contains to String.prototype.includes| to comm-central
  • Fixed: 1113097 – Fix misuse of fixIterator
  • Fixed: 1130854 – Package Lightning with Thunderbird
  • Fixed: 1131997 – Adapt for Debugger Server code for changes in bug 1059308
  • Fixed: 1135291 – Update chat log entries added to Gloda since bug 955292 to use relative paths
  • Fixed: 1135588 – New conversations get indexed twice by gloda, leading to duplicate search results
  • Fixed: 1138154 – Plugins default to “always activate” in Thunderbird
  • Fixed: 1142879 – [meta] track Mozilla-central (Core) issues that we want to have fixed in TB38
  • Fixed: 1146698 – Chat Messages added to logs just before shutdown may not be indexed by gloda
  • Fixed: 1148330 – Font indicator doesn’t update when cursor is placed in text where core returns sans-serif (Windows). Serif and monospace don’t work (Linux).
  • Fixed: 1148512 – TEST-UNEXPECTED-FAIL | mailnews/imap/test/unit/test_dod.js | xpcshell return code: 0||1 | streamMessages – [streamMessages : 94] false == true | application crashed [@ mozalloc_abort(char const * const)]
  • Fixed: 1149059 – splitter in compose window can be resized down to completely obscure composition area
  • Fixed: 1151206 – Using a theme hides minimize, maximize and close button in composer window [Mac]
  • Fixed: 1151475 – Remove use of expression closures in mail/
  • Fixed: 1152299 – [autoconfig] Cosmetic changes for WEB.DE config
  • Fixed: 1152706 – Upgrade to Correspondents column (combined To/From column) too agressive
  • Fixed: 1152796 – chrome://messenger/content/folderDisplay.js, line 697: TypeError: this._savedColumnStates.correspondentCol is undefined
  • Fixed: 1152926 – New mail sound preview doesn’t work for default system sound on Mac OS X
  • Fixed: 1154737 – Permafail: TEST-UNEXPECTED-FAIL | toolkit/components/telemetry/tests/unit/test_TelemetryPing.js | xpcshell return code: 0
  • Fixed: 1154747 – TEST-UNEXPECTED-FAIL | /builds/slave/test/build/tests/mozmill/session-store/test-session-store.js | test-session-store.js::test_message_pane_height_persistence
  • Fixed: 1156669 – Trash folder duplication while using IMAP with localized TB
  • Fixed: 1157236 – In-content dialogs: Port bug 1043612, bug 1148923 and bug 1141031 to TB
  • Fixed: 1157649 – TEST-UNEXPECTED-FAIL | dom/push/test/xpcshell/test_clearAll_successful.js (and most other push tests)
  • Fixed: 1158824 – Port bug 138009 to fix packaging errors | Missing file(s): bin/defaults/autoconfig/platform.js
  • Fixed: 1159448 – Thunderbird ignores proxy settings on POP3S protocol
  • Fixed: 1159627 – resource:///modules/dbViewWrapper.js, line 560: SyntaxError: unreachable code after return statement
  • Fixed: 1159630 – components/glautocomp.js, line 155: SyntaxError: unreachable code after return statement
  • Fixed: 1159676 – mailnews/mime/jsmime/test/test_custom_headers.js | run_next_test 0 – TypeError: _gRunningTest is undefined at /builds/slave/test/build/tests/xpcshell/head.js:1435 (and other jsmime tests)
  • Fixed: 1159688 – After switching/changing the window layout, dragging the splitter between threadpane and messagepane can create gray/grey area/space (misplaced notificationbox)
  • Fixed: 1159815 – Take bug 1154791 “Inline spell checker loses red underlines after a backspace is used – take two” in Thunderbird 38
  • Fixed: 1159817 – Take “Bug 1100966 – Inline spell checker loses red underlines after a backspace is used” in Thunderbird 38
  • Fixed: 1159834 – Consider taking “Bug 756984 – Changing location in editor doesn’t preserve the font when returning to end of text/line” in Thunderbird 38
  • Fixed: 1159923 – Take bug 1140105 “Can’t query for a specific font face when the selection is collapsed” in TB 38
  • Fixed: 1160105 – Fix strict mode warnings in protovis-r2.6-modded.js
  • Fixed: 1160106 – “Searching…” spinner at the bottom of gloda search results never goes away
  • Fixed: 1160114 – Strict mode warnings on faceted search
  • Fixed: 1160805 – Missing Windows and Linux nightly builds, build step set props: previous_buildid fails
  • Fixed: 1161162 – “Join Chat” doesn’t focus the newly joined MUC
  • Fixed: 1162396 – Take bug 1140617 “Pasting an image loses the composition style” in TB38
  • Fixed: 1163086 – Take bug 967494 “changing spellcheck language in one composition window affects all open and new compositions” in TB38
  • Fixed: 1163299 – “TypeError: getBrowser(…) is null” in contentAreaClick with Lightning installed and started in calendar view
  • Fixed: 1163343 – Incorrectly formatted error message “sending failed”
  • Fixed: 1164415 – Error in comment for imapEnterServerPasswordPrompt
  • Fixed: 1164658 – TypeError: Cc[‘@mozilla.org/weave/service;1′] is undefined at resource://gre/modules/FxAccountsWebChannel.jsm:227
  • Fixed: 1164707 – missing toolkit_perfmonitoring.xpt in aurora builds
  • Fixed: 1165152 – Take bug 1154894 in TB 38 branch: Disable test_plugin_default_state.js so Thunderbird can ship with plugins disabled by default
  • Fixed: 1165320 – TEST-UNEXPECTED-FAIL | /builds/slave/test/build/tests/mozmill/notification/test-notification.js

MailNews Core-specific: (30)

  • Fixed: 610533 – crash [@ nsMsgDatabase::GetSearchResultsTable(char const*, int, nsIMdbTable**)] with virtual folder
  • Fixed: 745664 – Rename Address book aaa to aaa_test, delete another address book bbb, and renamed address book aaa_test will lose its name and appear deleted after restart (dataloss! involving localized names)
  • Fixed: 777770 – get rid of nsVoidArray from /mailnews
  • Fixed: 786141 – Use nsIFile.exists() instead of stat to check the existence of the file
  • Fixed: 1069790 – Email addresses with parenthesis are not pretty-printed anymore
  • Fixed: 1072611 – Ctrl+P not working from Composition’s Print Preview window
  • Fixed: 1099587 – Make JS callers of ios.newChannel call ios.newChannel2 in mail/ and mailnews/
  • Fixed: 1130248 – |To: “foo@example.com” <foo@example.com>| becomes |”foo@example.comfoo”@example.com| when I compose mail to it
  • Fixed: 1138220 – some headers are not not properly capitalized
  • Fixed: 1141446 – Behaviour of malformed rfc2047 encoded From message header inconsistent
  • Fixed: 1143569 – User-agent error when posting to NNTP due to RFC5536 violation of Tb (user-agent header is folded just after user-agent:, “user-agent:[CRLF][SP]Mozilla…”)
  • Fixed: 1144693 – Disable libnotify usage on Linux by default for new-mail notifications (doesn’t always work after bug 858919)
  • Fixed: 1149320 – fix compile warnings in mailnews/extensions/
  • Fixed: 1150891 – Port package-manifest.in changes from Bug 1115495 – Part 2: PAC generator for browsing and system wide proxy
  • Fixed: 1151782 – Inputting 29th Feb as a birthday in the addressbook contact replaces it with 1st Mar.
  • Fixed: 1152364 – crash in Address Book via nsAbBSDirectory::GetChildNodes nsCOMArrayEnumerator::operator new(unsigned int, nsCOMArray_base const&)
  • Fixed: 1152989 – Account Manager Extensions broken in Thunderbird 37/38
  • Fixed: 1154521 – jsmime fails on long references header and e-mail gets sent and stored in Sent without headers
  • Fixed: 1155491 – Support autoconfig and manual config of gmail IMAP OAuth2 authentication
  • Fixed: 1155952 – Nesting level does not match indentation
  • Fixed: 1156691 – GUI “Edit filters”: Conditions/actions (for specfic accounts) not visible
  • Fixed: 1156777 – nsParseMailbox.cpp:505:55: error: ‘do_QueryObject’ was not declared in this scope
  • Fixed: 1158501 – Port bug 1039866 (metro code removal) and bug 1085557 (addition of socorro symbol upload API)
  • Fixed: 1158751 – Port NO_JS_MANIFEST changes | mozbuild.frontend.reader.SandboxValidationError: calendar/base/backend/icaljs/moz.build
  • Fixed: 1159255 – Build error: MSVC_ENABLE_PGO = True is not permitted to be used in mailnews/intl/moz.build
  • Fixed: 1159626 – chrome://messenger/content/accountUtils.js, line 455: SyntaxError: unreachable code after return statement
  • Fixed: 1160647 – Port |Bug 1159972 – Remove the fallible version of PL_DHashTableInit()| to comm-central
  • Fixed: 1163347 – Don’t require scope in ispdb config for OAuth2
  • Fixed: 1165737 – Fix usage of NS_LITERAL_CSTRING in mailnews, port Bug 1155963 to comm-central
  • Fixed: 1166842 – Re-enable binary extensions for comm-central

Windows builds Official Windows, Official Windows installer

Linux builds Official Linux (i686), Official Linux (x86_64)

Mac builds Official Mac

Meeting NotesSeaMonkey: 2015-05-26

Agenda

  • Who’s taking minutes? -> TBD
  • Nominees for Friends of the Fish Tank:
    • TBD

Action Items

(who needs to do what that hasn’t been recorded in a bug)
We should assign people to the open items.

NEW

OPEN

  • bug 1150082 SeaMonkey Donation Page is using the PayPal all or nothing version, instead of the usual either/or one. Mcsmurf is investigating.
  • bug 1121281 tracks the RelEng automation migration off CVS. Currently two option patches awaiting for Callek’s decision. Once settled, ewong will follow up with RelEng patches based on that decision.

CLOSED

Status of the SeaMonkey Buildbot Master and Tree

  • Notes:
    • Windows nightly trunk builds are unavailable due to various bugs such as bug 1092468 and bug 1108970. Migrating our Windows builders to Win2008 and our compiler toolchain to VS2013 would likely solve this and other bustages.
    • Ratty has offered to put up some win32 contributed builds. Just need to put them somewhere where they can be downloaded.
    • There are also some upcoming changes to L10n build system in Q1 2015 (bug 1107635).
    • Buildmaster is up and running, and produces en-US builds, see 9/16 meeting’s Friends of the Fish Tank. Builds and langpacks in 18 languages including en-US are available unofficially thanks to A.Kalla.
    • bug 1083689 Langpacks aren’t updated when auto-updating SeaMonkey because they aren’t uploaded to AMO. The solution requires changes in SeaMonkey RelEng (and possibly AMO).
    • Language Packs need strict versioning e.g. min 2.30 max 2.30.*. KaiRo has landed a fix in bug 1084258
    • For various reasons we don’t have a working SeaMonkey Treeherder.
    • SeaMonkey’s release/website processes have been migrated to Mercurial.
    • wrt bug 1155011, we already have a Soccoro token. The patches require approval and then pushed and the work-around patches backed out.
  • [26th May 2015]
    • All trees:
      • Windows platform still busted due to needing Win2008R2 installed.
    • [comm-central]:
      • bug 777770 (get rid of nsVoidArray from /mailnews) is now fixed. Builders are building again.
  • See RelEng page for the RelEng status history.
Fixed Stuff Since Last Meeting
  • bug 1167346 comm-aurora builds are not building due to DOMi and Chatzilla pulling from revisions earlier than bug 1158751 (Port NO_JS_MANIFEST changes).

Release Train

  • SeaMonkey 2.33.1 was released on 23 March and is the most recent release.
  • No scheduled ETA for 2.35 beta 1 yet – depends on fixing bug 1114876
    • Need to look at possibility of a further 2.33.x release if no 2.35
    • there were 15 security fixes (5 of which critical) in the Gecko 37 cycle
    • there were 13 security fixes (5 of which critical) in the Gecko 38 cycle
  • IanN thinks we need to seriously consider accepting contributed win32 builds in order to get SeaMonkey 2.35 out the door.
    • Thunderbird 38.0 is scheduled for May 26. [IanN] we’ll be aiming to get 2.35 for the same time scale as the Thunderbird release.
  • Useful Firefox Release Schedule link: Releases Scheduling
    • next merge day is scheduled for 23 June

Extensions and Plugins Compatibility Tracking

  • See Basics page. Please only list current changes here.
  • Addon Compatibility Listings
  • We are looking for a new place to host the Addon Compatibility Listings for the Add-on Converter in order to make it easy to maintain and to serve as the main database for the AMO browsing extension in the future. The details are in this post.
  • Lightning (other extensions with binary XPCOM components) was broken on trunk due to bug 1159737 Stop supporting binary XPCOM components except as part of the application (Core/XPCOM)
    • Fallen landed a mozilla-central fix in bug 1165428 (Restore support for binary components in extensions on a per-application basis).
      • introduced MOZ_BINARY_EXTENSIONS build-time switch.
      • Landed on comm-aurora to be effective for SeaMonkey 2.37 with Lightning 4.2b.
      • Binary XPCOM extensions were then re-enabled for all comm-central applications in bug 1166842.
  • Firefox & Thunderbird Add-on Converter for SeaMonkey http://addonconverter.fotokraina.com/
    This tool goes a little further beyond simply modifying install.rdf – it also identifies a few more other things in the code that are Firefox or Thunderbird specific and attempts to change them. Of course, not all extensions can be ported so easily to SeaMonkey since there’s only so much an automated tool like that can do.
    • Lemon Juice continues to improve his already impressive Addon Converter. The source is now available on GitHub [1].
    • Rainer Bielefeld together with other community members have been updating the list of Firefox addons that have been successfully converted by the Addon Converter.
    • Ratty filed bug 1130390 to add a link on seamonkey-projects.org to the Firefox & Thunderbird Add-on Converter for SeaMonkey.
  • SeaMonkey 2.33 and Lightning 3.8b1/3.8b2 shows no events or tasks. bug 1144285
    • The problem is that both Thunderbird and Lightning are build with Visual C++ 2013 but SeaMonkey is still build with Visual C++ 2010. Therefore the SeaMonkey installer contains only the VS2010 (msvcp100.dll/msvcr100.dll) files but not the VS2013 (msvcp120.dll/msvcr120.dll) files. The SeaMonkey switch to VS2013 is tracked in Bug 1092468.
  • The Thunderbird team is planning to ship Lightning with Thunderbird. IanN thinks we will want to ship lightning too. We should coordinate with Thunderbird. Related bugs:
    • bug 516026 Integrate Lightning Into SeaMonkey by Default and Ship SeaMonkey with Lightning Enabled
    • bug 1130854 Package Lightning with Thunderbird for c-c and c-a builds.
    • bug 1113183 Integrate Lightning Into Thunderbird by Default.
    • bug 1130852 Add opt-in dialog to promote Calendar integration [Thunderbird].
  • Proposed replacement for Venkman for shipping with SeaMonkey: Tiny JavaScript Debugger. TinyJSD is a JavaScript debugger for privileged code running Mozilla products like Firefox, Thunderbird, SeaMonkey. It serves to debug the application as well as extensions written in JavaScript.
    • IanN filed bug 1133723 Investigate options for replacing Venkman with the TinyJSDebugger.
  • Our build team needs to automate DOMI branch selection rather than having to tweak the client.py every 6 weeks. bug 763506

2.x (Last, Current, Next)

  • SeaMonkey Statistics can be viewed at https://dataviz.mozilla.org Across all channels we have an approximate ADU of 120k.
    • Ratty suggests embedding these graphs somewhere on seamonkey-projects.org or https://dev.seamonkey.at
    • bug 1133728 Look at embedding dataviz information into the SeaMonkey website.
    • Links are broken again. Dataviz views now needs a SSO login. We need to find out how to expose a limited view for public consumption.
  • See Basics page for the usual reminders.
2.33

open tracking (0)
tracking requests (1)
targeted (0)
fixed (20)

2.Next
  • Stalled. Needs a kick.
    • bug 815954 Click-to-Play: Port bug 812562 (click-to-play blocklisted plugins: reshow urlbar notification as with normal click-to-play).
    • bug 476108 GetShortPathNameW fails under some NTFS junctions [patchlove].
  • Current breakages:
    • bug 995737 Adapt seamonkey for the address book remote content policy change; use permission manager instead of address book property. Has a reviewed patch. Waiting for sr/moa from Mnyromyr.
  • Mozilla-central bugs that affect us:
    • Firefox is currently changing styles of several Toolkit pages
      • already affected: config.xul for about:config, bug 1125636
      • Toolkit meta bug for about:* pages: bug 1097111 – SeaMonkey tracking in bug 1133743
      • Modern may need updating as IDs are changing, Default needs forking if we want to roll back to previous styles
      • Fallout thus far: bug 1133380 about:privatebrowsing (Default), bug 1133582 about:config (Modern)
    • Our front end Sync UI needs to be updated as the old backend is going away in Gecko/Firefox 31. See: New Firefox Sync has landed in Firefox Nightly. Tracked in:
      • bug 998807 Sync account creation or device pairing fails with exception in BrowserIDManager.
      • bug 1003434 Add support for about:sync-progress.
      • SeaMonkey won’t be allowed to use the Firefox Sync 1.5 servers. Ewong has set up a FxA 1.5 server and is looking into hosting our own FxAccounts server on a community machine or VPS.
    • A lot of these bugs are due to mozilla-central switching from synchronous APIs to Asynchronous APIs.
    • bug 566746 (asyncFormHistory) Form history should use asynchronous storage API. Tracked in:
      • bug 912031 Use Asynchronous FormHistory.jsm in place of nsIFormHistory2 in Suite.
    • bug 769764 move proxy resolution to separate thread and remove sync api. Tracked in:
      • MailNews bug 791645 Rewrite calls to synchronous nsIProtocolProxyService::DeprecatedBlockingResolve with Async code before DeprecatedBlockingResolve disappears as well.
    • The C++ downloads manager backend nsIDownloadManager is being decommissioned. Firefox and Thunderbird have migrated to jsdownloads.
    • bug 825588 Asynchronous JavaScript API for downloads and bug 851471 Decommission nsIDownloadManager. Tracked in:
      • bug 888915 Move SeaMonkey to the new JavaScript API for downloads when nsIDownloadManager is decommissioned. Neil has a WIP patch on hand.
    • Removal of SSL 3.0 support after POODLE Attack with 2.36, see bug 1106470.
      • bug 1137991 has removed SSL 3.0 checkbox from SSL preferences
      • bug 1149581 covers removal of the related strings
      • Firefox will likely proceed with the removal in 39.0 given that Chrome goes the same way [2]
    • We’ve picked up he default for security.tls.version.min from Mozilla Core, but security.tls.version.fallback-limit is new. So we need to consider adding the latter to our preferences UI (bug 1123673).
      • Currently unclear whether or not this should be done after bug 1084025 disable insecure TLS version fallback entirely by default [3]

Feature List, Planning

Bug statistics for the last two (full) weeks: 20 new, 7 fixed, 9 triaged.

  • Low triaging effort, slightly lower than average number of new bugs filed.
  • IanN thinks it would be useful to remind people on the newsgroups / forums that they can contribute by triaging. Tonymec will post a reminder to newsgroups / forums. See bug 1092632 (Sm_tri_HowTo) Document how to triage SeaMonkey bugs.
    • The draft is currently at https://wiki.mozilla.org/User:Tonymec/Triage_HowTo
    • Progress is stalled due to hardware/firmware problems with Tonymec’s current computer. Current ETA for newer computer is after Easter but this is a rough estimate. Anyone with a wikimoz account can edit the page (and is welcome to). — Tonymec (talk) 17:35, 21 January 2015 (PST)

Open reviews/flags:
47 review
6 super-review
5 ui-review
8 feedback

  • See Feature List page for major wanted/needed features.
  • TODO:
    • bug 1127784 proposes to add a preference and UI to enable/disable playback of Encrypted Media Extensions.

Discussion Points (Summary from previous meeting)

From Rainer Bielefeld:

  • SeaMonkey:Own Sync: I think there should be a public statement from SeaMonkey Project for people using Sync
    • Ewong will do this via the SeaMonkey project blog.
  • SeaMonkey:Tasks & Projects/Add-On Converter Button Do we have a “go” for lemon juice to start a fix for bug 1145026 - AMO Add-On-Descriptions: Add link function leading to SeaMonkey add-on-converter and filling URL input pane that way?
    • Ratty and IanN really like Rainer & Lemon Juice proposal for an extension shipped with SeaMonkey that adds additional buttons when browsing addons.mozilla.org. Also see Bug 1145026 Comment 15 for the initial discussion. Rainer & Lemon Juice are proceeding with this plan.
    • Ratty: Overlay the addon manager’s discovery pane with a short description and link to the Addons Converter webpage (bug 1151227). This differs from the first option in that it’s a smaller change, that just overlays the XUL rather than injecting content into the discovery pane browser. This would be part of SeaMonkey code, not an extension. We could do both of course.
  • I am thinking about possibilities how to improve donation for SeaMonkey. In Germany Flattr is not a mass phenomenon, but rather popular, because it allows donation with a single mouse click. I am not too optimistic, I owuld be glad to gett 100€ in the first year. I would be able and willing to manage a SeaMonkey Flattr account.
    • Mcsmurf is in charge of donations/fund raising. Lets discuss this with him first.
  • But in advance I would like to provide short public “statement of accounts” for the current donations. How much did SeaMonkey get 2013, 2014 with current donation system (PayPal)? How has the money been used? Some more info concerning SeaMonkey e.V.?
    • Ratty: paranoid bicycle convenience store uplink denim sign.

Roundtable – Personal Status Updates

Status Updates from developers – what are you working on, what’s the progress, any other comments? (feel free to add yourself to the list if your name is missing and you have interesting status).

ewong
  • Working on:
    • bug 1099585 – Make JS callers of ios.newChannel call ios.newChannel2 in suite/
IanN
  • Usual testing, reviewing and commenting.
  • Fixed:
    • bug 1158774 Port |bug 1155776 – move USE_EXTENSION_MANIFEST to moz.build| to comm-central – Calendar part
    • bug 1158774 Port |bug 1155776 – move USE_EXTENSION_MANIFEST to moz.build| to comm-central – Remove app-config.mk part
    • bug 1159775 Port |bug 870891 – Move DIST_FILES to moz.build| to comm-central – Use EXTRA_PP_COMPONENTS for Calendar part
    • bug 1159775 Port |bug 870891 – Move DIST_FILES to moz.build| to comm-central – Thunderbird part
    • bug 1159775 Port |bug 870891 – Move DIST_FILES to moz.build| to comm-central – Calendar part
    • bug 1162518 Fix-up SeaMonkey browser tests after file move
    • bug 1165264 Port test from |bug 952982 – Submit inputs should be subject to constraint validation and match :valid/:invalid as needed| to SeaMonkey
  • Fixed for c-c:
  • Fixed for m-c:
  • Fixed for m-i:
  • Pending check in:
  • Checked in pending review:
  • Waiting for feedback/review/information:
  • Fixing review comments before checkin:
    • bug 757230 When using add button for permissions in Data Manager set a displayHost
    • bug 798147 Switch to correct pref pane if pref window already open
  • Working on:
    • bug 1051642 Allow for flat chrome format when packaging extensions
    • bug 943335 [TB] Update icons used in searchplugins (Yahoo, eBay, Wikipedia, Amazon, Bing, Twitter)
    • Various SM Council documents.
    • bug 606683 Allow customization of toolbar in Composer and MailNews Composition
    • bug 639690 [META] Re-arrange code between editor and editorOverlay
    • bug 773979 [META] Switch to new drag and drop api in SeaMonkey
    • bug 657234 Move pasteQuote and pasteNoFormatting into contentAreaContextOverlay
    • File/Folder selection in windows.
  • To Do:
    • bug 639395 Get cmd_fontSize to reflect current state of selected content / content at caret.
    • Prefs-in-a-tab.
    • Create FAQ for Friends of the Fish Tank.
    • Help get composer standalone builds working with –enable-tests.
Neil

Pushed to comm-central:
bug 1161918 Pages can intercept keydown events during typeaheadfind.
1098350 Add UI for new URLbar autocomplete preferences.
Pushed to comm-beta:
bug 1156037 Can’t save web site passwords from doorhanger.
Pushed to mozilla-central:
bug 1155963 Don’t allow NS_NAMED_LITERAL_CSTRING(name, NS_LITERAL_CSTRING(“value”)).
Needs comm-beta checkin:

  • bug 1156088 Doorhangers display useless “Learn more…” link when using the Modern theme.

Still waiting for review:

Rainer Bielefeld

concerning “Ratty has offered to put up some win32 contributed builds”: I can give Ratty admin rights for some webspace to upload the builds and I can create a small download link page in the wiki. Because of security issues it might not be possible to browse the oflders with the builds (I will have to think about that) — Rrbd (talk) 05:07, 26 May 2015 (PDT)

Ratty

TODO:

  • Packaging updates.
  • Safe Browsing updates.
  • Addon-SDK compatibility functions (CustomizableUI, etc).

Working on:

  • bug 1153577 Users should be able to hide the menubar and show it with the ALT key.
  • bug 1158496 JavaScript error: …/nsSuiteGlue.js, line 291: NS_NOINTERFACE: Component returned failure code: 0x80004002 (NS_NOINTERFACE) [nsIWebProgress.DOMWindow].

Waiting for check-in on CLOSED TREE:

  • bug 1167865 Error: formatURLPref: Couldn’t get pref: extensions.getAddons.link.url

Needs sr/moa:

  • bug 995737 Adapt seamonkey for the addressbook remote content policy change; use the permission manager instead of address book property.
  • bug 1163395 Port bug 967494 to SeaMonkey (Preference Composition/Spelling/Language is ignored, and changing spellcheck language in one composition window affects all open and new compositions).

Fixed. Needs approval for comm-aurora, comm-beta, comm-release.

Fixed:

  • bug 1160500 Follow up to bug 1157433 When content disposition information isn’t available in the cache for an image the user right clicks, don’t spew the console.
  • bug 1165427 Port bug 1153657 to SeaMonkey (see TB bug 1164707 missing toolkit_perfmonitoring.xpt in aurora builds).
  • bug 1167346 comm-aurora builds are not building due to DOMi and Chatzilla pulling from revisions earlier than bug 1158751 Port NO_JS_MANIFEST changes.

Other stuff:

  • Did some reviews and approvals.
  • Bug triage and Bug discussions.
  • Usual end user support and PR in newsgroups and Mozillazine.
rsx11m

Fixed on comm-central/aurora/beta:

  • bug 1165320 TEST-UNEXPECTED-FAIL | /builds/slave/test/build/tests/mozmill/notification/test-notification.js (MailNews)

Waiting for comm-release approval: (MailNews Core, if any 2.33.2 is released)

  • bug 1144693 Disable libnotify usage on Linux by default for new-mail notifications.
  • bug 1144719 Allow the user to decide whether or not to use libnotify for new-mail alerts on Linux.

Waiting for ui-review or review:

  • bug 1141324 Upgrade the SSL panel in Privacy & Security preferences to refer to TLS {instead,too}.
  • bug 1152644 Add UI in Notifications preference pane whether or not to use libnotify for new-mail alerts on Linux.
  • bug 1032302 8BITMIME keyword ignored in EHLO greeting, BODY=8BITMIME absent in MAIL request for 8-bit transfers. (MailNews)

Waiting for feedback:

  • bug 1127784 [EME] Add a preference and UI to enable/disable playback of Encrypted Media Extensions. (prefpane part)
  • bug 1123673 Consider exposing security.tls.version.fallback-limit in SSL prefpane to accommodate SSL 3.0 legacy sites.

On the list:

  • bug 1149581 Remove SSLv3 strings from SSL panel in Privacy & Security preferences.
    • once bug 1137991 has hit the releases (timing unclear on the Firefox/Core side).

Other:

  • Bug triage, testing, and commenting for SeaMonkey and MailNews Core.
  • End-user information and discussion on MozillaZine.

Any other business?


SeaMonkey Meeting Details

hacks.mozilla.orgCreating a mobile app from a simple HTML site: Part 4

How to polish your app and prepare it for market

In previous sections of this step-by-step series (Part 1, Part 2, and Part 3) we’ve created an app that loads multiple school plans from the server.

What we have so far is functional, but still has a number of issues, including two which are major: no offline mode and a hard-coded configuration. In this closing post, we’ll work on all of these issues.

If you haven’t built up the examples from the previous parts, use stage7 app and stage7 server as a starting point. To get started, follow the instructions on how to load any stage in this tutorial.

Refactoring

First, let’s do some refactoring. We’ll add a User object type to make it easier to choose which user’s plan to display. This will allow us to remove some more code from the app’s main logic flow, making the code cleaner and more modular. This object will load data from the server to create the plan UI. At the moment, rendering is done in app.onDeviceReady and app.renderData methods. Our new onDeviceReady method creates an app.user object and runs the methods needed to get and render plans. Replace the existing onDeviceReady method with the following:

onDeviceReady: function() {
    app.user = new User('johndoe');
    app.user.getPlans();

    app.activateFingerSwipe();
},

Next, delete the app.renderData method completely. We will store this functionality inside our new User object instead, as you’ll see below.

Next, at the beginning of the index.js file (before the definition of Plan), add the following code to define the User object:

function User(userid) {
    this.id = userid;
    this.plans = [];
}

User.prototype.getPlans = function() {
    var self = this;
    var request = new XMLHttpRequest({
        mozAnon: true,
        mozSystem: true});
    request.onload = function() {
        var plans = JSON.parse(this.responseText);
        for (var i = 0; i < plans.length; i++) {
            self.plans.push(new Plan(plans[i]));
        }
        self.displayPlans();
    };
    request.open("get", app.getPlansURL + this.id, true);
    request.send();
};

User.prototype.displayPlans = function() {
    var self = this;
    navigator.globalization.getDateNames(function(dayOfWeek){
        var deck = document.getElementById('plan-group');
        var tabbar = document.getElementById('plan-group-menu');
        for (var i = 0; i < self.plans.length; i++) {
            self.plans[i].createUI(deck, tabbar, dayOfWeek);
        }
    }, function() {}, {type: 'narrow', item: 'days'});
};

This contains functionality previously found in renderData and onDeviceReady. After the plan’s JSON is loaded from the server we iterate over the list and create a list of Plan objects in user.plans. We then call user.displayPlans, which creates the required DOM environment and invokes plan.createUI for each element of user.plans.

You may notice that the above code uses app.getPlansURL to allow the XHR call to find the JSON. Previously the URL was hardcoded into request.open("get", "http://127.0.0.1:8080/plans/johndoe", true);. Since it’s better to keep settings in one place we’ll add this as a parameter of the app object instead.

Add the following into your code:

var app = {
    getPlansURL: "http://127.0.0.1:8080/plans/",
    // ....
}

Now try preparing your app again with the cordova prepare terminal command, starting your server, and reloading the app in WebIDE (as we’ve done in previous articles). The app should work as before.

Offline mode

Let’s turn our attention to making the app work offline.

There are several technologies available to store data on the device. I’ve decided to use the localStorage API, as the data we need to store is basically just simple strings and doesn’t need any complex structuring. As this is a key/value store, objects need to be stringified (represented as a string). I will use only two functions — setItem() and getItem(). For example, storing a user id would require you to call localStorage.setItem('user_id', user.id);.

There are two values we definitely need to store in the phone memory — the ids of the current user and the plans. To make the app fully open and allow users to use servers not provided by the app creators we also need to store the server address. We’ll start by storing the plans. The user id and server will be still hardcoded. Let’s add a new method — User.loadPlans — and call that from app.onDeviceReady, instead of calling both user.getPlans() and app.user.displayPlans. We will decide if the plans need to be loaded from the server and then display the plans by calling User.displayPlans() from User.loadPlans.

First update onDeviceReady again, to this:

onDeviceReady: function() {
    app.user = new User('johndoe');
    app.user.loadPlans();
    app.activateFingerSwipe();
},

Now add in the following definition for the loadPlans method, up near your other User object-defining code:

User.prototype.loadPlans = function() {
    var plans = localStorage.getItem('plans');
    if (plans === null) {
        return this.getPlans();
    }
    console.log('DEBUG: plans loaded from device');
    this.initiatePlans(plans);
    this.displayPlans();
};

The above method calls another new method — initiatePlans. This parses the JSON representation of the plans and initiates Plan objects inside the User.plans array. In the future we would like to be able to reload the plans from the server, but the existing code always adds new plans instead of replacing them.

Add the following definition just below where you added the loadPlans code:

User.prototype.initiatePlans = function(plansString) {
    var plans = JSON.parse(plansString);
    for (var i = 0; i < plans.length; i++) {
        this.plans.push(new Plan(plans[i]));
    }
}

We also need to store the plans on the client. The best point to do this is right after the plans have been loaded from the server. We will call localStorage.setItem('plans', this.responseText) inside the success response function of getPlans. We must also remember to call the initiatePlans method.

Update your getPlans definition to the following:

User.prototype.getPlans = function() {
    var self = this;
    var request = new XMLHttpRequest({
        mozAnon: true,
        mozSystem: true});
    request.onload = function() {
        console.log('DEBUG: plans loaded from server');
        self.initiatePlans(this.responseText);
        localStorage.setItem('plans', this.responseText);
        self.displayPlans();
    };
    request.onerror = function(error) {
        console.log('DEBUG: Failed to get plans from ``' + app.getPlansURL + '``', error);
    };
    request.open("get", app.getPlansURL + this.id, true);
    request.send();
};

At this moment, successful loading of the user’s plans happens only once. Since school plans change occasionally (usually twice a year) you should be able to reload the plans from the server any time you want. We can use User.getPlans to return updated plans, but first we need to remove existing plans from the UI, otherwise multiple copies will be displayed.

Let’s create User.reloadPlans — add the code below your existing User object-defining code:

User.prototype.reloadPlans = function() {
    // remove UI from plans
    for (var i = 0; i < this.plans.length; i++) {
        this.plans[i].removeUI();
    }
    // clean this.plans
    this.plans = [];
    // clean device storage
    localStorage.setItem('plans', '[]');
    // load plans from server
    this.getPlans();
};

There is a new method to add to the Plan object too — Plan.removeUI — which simply calls Element.remove() on a plan’s card and tab. Add this below your previous Plan object-defining code:

Plan.prototype.removeUI = function() {
    this.card.remove();
    this.tab.remove();
};

This is a good time to test if the code has really reloaded. Run cordova prepare again on your code, and reload it in WebIDE.

We’ve got two console.log statements inside loadPlans and getPlans to let us know if the plans are loaded from device’s storage or the server. To initiate a reload run this code in Console:

app.user.reloadPlans()

Note: Brick reports an error at this point, as the link between each tab and card has been lost inside the internal system. Please ignore this error. Once again, our app still works.

reloadPlans from Console

Let’s make the reload functional by adding a UI element to reload the plans. In index.html, wrap a div#topbar around the brick-tabbar. First, add a reload button:

<div id="reload-button"></div>
<div id="topbar">
    <brick-tabbar id="plan-group-menu">
    </brick-tabbar>
</div>

Now we’ll make the button float to the left and use calc to set the size of the div#topbar. This makes Brick’s tabbar calculate the size when layout is changed (portrait or horizontal). In css/index.css, add the following at the bottom of the file:

#topbar {
	width: calc(100% - 45px);
}

#reload-button {
	float: left;
	/* height of the tabbar */
	width: 45px;
	height: 45px;
	background-image: url('../img/reload.svg');
	background-size: 25px 25px;
	background-repeat: no-repeat;
	background-position: center center;
}

We will download some Gaia icons to use within the application. At this stage, you should save the reload.svg file inside your img folder.

Last detail: Listen to the touchstart event on the #reload-button and call app.user.reloadPlans. Let’s add an app.assignButtons method:

assignButtons: function(){
    var reloadButton = document.getElementById('reload-button');
    reloadButton.addEventListener('touchstart', function() {
        app.user.reloadPlans();
    }, false);
},

We need to call it from app.deviceReady before or after app.activateFingerSwipe().

onDeviceReady: function() {
    // ...
    app.activateFingerSwipe();
    app.assignButtons();
},

At this point, save your code, prepare your cordova app, and reload it in WebIDE. You should see something like this:

reload button

Here you can find current code for app and server.

Settings page

Currently all of the identity information (the address of the server and user id) is hardcoded in the app. If the app is to be used with others, we provide functionality for users to set this data without editing the code. We will implement a settings page, using Brick’s flipbox component to change from content to settings and vice versa.

First we must tell the app to load the component. Let’s change index.html to load the flipbox widget by adding the following line into the HTML <head> section:

<link rel="import" href="app/bower_components/brick-flipbox/dist/brick-flipbox.html">

Some changes must happen inside the HTML <body> as well. brick-topbar and brick-deck need to be placed inside switchable sections of the same flipbox, and the reload button also moves to inside the settings. Replace everything you’ve got in your <body> so far with the following (although you need to leave the <script> elements in place at the bottom):

<brick-flipbox>
    <section id="plans">
        <div id="settings-button"></div>
        <div id="topbar">
            <brick-tabbar id="plan-group-menu">
            </brick-tabbar>
        </div>
        <brick-deck id="plan-group">
        </brick-deck>
    </section>
    <section id="settings">
        <div id="settings-off-button"></div>
        <h2>Settings</h2>
    </section>
</brick-flipbox>

The idea is to switch to the “settings” view on pressing a settings-button, and then back to the “plans” view with the settings-off-button.

Here’s how to wire up this new functionality. First up, inside your app definition code add a toggleSettings() function, just before the definition of assignButtons():

toggleSettings: function() {
    app.flipbox.toggle();
},

Update assignButtons() itself to the following (we are leaving the reloadButton code here, as we’ll need it again soon enough):

assignButtons: function() {
    app.flipbox = document.querySelector('brick-flipbox');
    var settingsButton = document.getElementById('settings-button');
    var settingsOffButton = document.getElementById('settings-off-button');
    settingsButton.addEventListener('click', app.toggleSettings);
    settingsOffButton.addEventListener('click', app.toggleSettings);
        
    var reloadButton = document.getElementById('reload-button');
    reloadButton.addEventListener('touchstart', function() {
        app.user.reloadPlans();
    }, false);
},

Next: we need to retrieve some more icons for the app. Save the settings.svg and back.svg files inside your img folder.

Let’s update our css/index.css file too, to add the additional icons in and style our new features. Add the following at the bottom of that file:

#form-settings {
    font-size: 1.4rem;
    padding: 1rem;
}
#settings-button, #settings-off-button {
    float: left;
    width: 45px;
    height: 45px;
    background-size: 25px 25px;
    background-repeat: no-repeat;
    background-position: center center;
}
#settings-button {
    background-image: url('../img/settings.svg');
}
#settings-off-button {
    background-image: url('../img/back.svg');
    border-right: 1px solid #ccc;
    margin-right: 15px;
}
brick-flipbox {
    width: 100%;
    height: 100%;
}

If you now prepare your cordova app again with cordova prepare, and reload the app inside WebIDE, you should see something like this:

flipbox working

Adding a settings form

To add a form and some data, replace your current <section id="settings"></section> element with the following:

<section id="settings">
    <div id="settings-off-button"></div>
    <h2>Settings</h2>
    <form id="form-settings">
        <p><label for="input-server">Server</label></p>
        <p><input type="text" id="input-server" placeholder="http://example.com/"/></p>
        <p><label for="input-user" id="label-user">User ID</label></p>
        <p><input type="text" id="input-user" placeholder="johndoe"/></p>
        <p><button id="reload-button">RELOAD ALL</button></p>
    </form>
</section>

Making it look good is easy! We’ll use some ready-made CSS available in Firefox OS Building Blocks. Download input_areas.css and buttons.css and save them in your www/css directory.

Then add the following to your HTML <head>, to apply the new CSS to your markup.

<link rel="stylesheet" type="text/css" href="css/input_areas.css">
<link rel="stylesheet" type="text/css" href="css/buttons.css">

Go into the css/index.css file and delete the #reload-button { ... } rule to make the “RELOAD ALL” button display correctly.

Run cordova prepare again and reload the app in WebIDE, and you should see something like this:

settings

We’ve got the view — now to support it. When the app first installs there will be no setting, so the app will have no idea how to load the data. Instead of showing empty plans we immediately toggle the view to the settings. Update your onDeviceReady function as shown:

onDeviceReady: function() {
    app.plansServer = localStorage.getItem('plansServer');
    app.userID = localStorage.getItem('userID');
    app.activateFingerSwipe();
    app.assignButtons();

    if (app.plansServer && app.userID) {
        app.user = new User(app.userID);
        app.user.loadPlans();
    } else {
        app.toggleSettings();
    }
},

The app needs to read the data from our form inputs, so save them into the phone’s storage, and reload after the change. Let’s add this functionality at the end of the app.assignButtons function. First we will stop the form from submitting (otherwise our app would just reload the index.html instead of redrawing the content). Add the following code to the end of the assignButtons function, just before the closing },:

document.getElementById('form-settings').addEventListener('submit', function(e) {
    e.preventDefault();
}, false)

We will read and set the input value for the server. I’ve decided to read the input value on the blur event. It is dispatched when the user touches any other DOM Element on the page. When this happens, the server value is stored in the device’s storage. If app.plansServer exists on app launch, we set the default input value. The same has to happen for the userID, but there is a special step. Either we change the app.user or create a new one if none exists. Add the following just above the previous block of code you added:

var serverInput = document.getElementById('input-server');
serverInput.addEventListener('blur', function() {
    app.plansServer = serverInput.value || null;
    localStorage.setItem('plansServer', app.plansServer);
});
if (app.plansServer) {
    serverInput.value = app.plansServer;    
}

var userInput = document.getElementById('input-user');
userInput.addEventListener('blur', function() {
    app.userID = userInput.value || null;
    if (app.userID) {
        if (app.user) {
            app.user.id = app.userID;
        } else {
            app.user = new User('app.userID');
        }
        localStorage.setItem('userID', app.userID);
    }
});
if (app.userID) {
    userInput.value = app.userID;    
}

After preparing your app and reloading it in WebIDE, you should now see the settings working as expected. The settings screen appears automatically if no plans are found in the localstorage, allowing you to enter your server and userID details.

Test it with the following settings:

  • Server: http://127.0.0.1:8080
  • User ID: johndoe

The only inconvenience is that you need to switch back to the plans view manually once Settings are loaded. In addition, you might get an error if you don’t blur out of both form fields.

settings are working

Improving the settings UX

In fact, switching back to the plans view should be done automatically after plans are successfully loaded. We can implement this by adding a callback to the User.getPlans function, and including it in the call made from User.reloadPlans:

First, update your getPlans() function definition to the following:

User.prototype.getPlans = function(callback) {
    var self = this;
    var url = app.plansServer + '/plans/' + this.id;
    var request = new XMLHttpRequest({
        mozAnon: true,
        mozSystem: true});
    request.onload = function() {
        console.log('DEBUG: plans loaded from server');
        self.initiatePlans(this.responseText);
        localStorage.setItem('plans', this.responseText);
        self.displayPlans();
        if (callback) {
            callback();
        }
    };
    request.open("get", url, true);
    request.send();
};

Next, in User.reloadPlans add the callback function as an argument of the this.getPlans call:

this.getPlans(app.toggleSettings);

Again, try saving, preparing, and reloading your new code. You should now see that the app displays the plans view automatically when correct server and user information is entered and available. (It switches to the Settings view only if there is no error in self.initiatePlans(this.responseText).).

final

Where do we go from here

Congratulations! You’ve reached the end of this 4-part tutorial, and you should now have your own working prototype of a fun school plan application.

There is still plenty to do to improve the app. Here are some ideas to explore:

  • Writing JSON files is not a comfortable task. It would be better to add new functionality that lets you edit plans on the server. Assigning them to the user on the server opens new possibilities, and this would just require an action to sync the user account on both server and client.
  • Displaying hours would also be nice.
  • It would be cool to implement a reminder alarm for some school activities.

Try implementing these yourself, or build out other improvements for your own school scheduling app. Let us know how it goes.

Air MozillaSpiderMonkey garbage collection update

SpiderMonkey garbage collection update An overview of the progress we've made in the last two years development on the SpiderMonkey GC implementing generational collection and starting work on compacting.

Air MozillaReaching more users through better accessibility

Reaching more users through better accessibility Using Firefox OS to test your apps for better accessibility and usability of your mobile web application

Air MozillaPrivacy features for Firefox for Android

Privacy features for Firefox for Android Supporting privacy on the mobile web with built-in features and add-ons

Air MozillaMartes mozilleros

Martes mozilleros Reunión bi-semanal para hablar sobre el estado de Mozilla, la comunidad y sus proyectos. Bi-weekly meeting to talk (in Spanish) about Mozilla status, community and...

Air MozillaServo (the parallel web browser) and YOU!

Servo (the parallel web browser) and YOU! A beginner's guide to contributing to Servo

Air MozillaSilexLabs Test

SilexLabs Test Silex Labs

Meeting NotesMozilla Project: 2015-05-25

No Meeting Broadcast This Week!

Items in this section will be shared during the live all-hand status meeting.

Upcoming Events

Monday, 25 May
Wednesday, 27 May

Speakers

The limit is 3 minutes per topic. It’s like a lightning talk, but don’t feel that you have to have slides in order to make a presentation. If you plan on showing a video, you need to contact the Air Mozilla team before the day of the meeting or you will be deferred to the next week.

Presenter Title Topic Location Share? Media More Details
Who Are You? What Do You Do? What are you going to talk about? Where are you presenting from? (Moz Space, your house, space) Will you be sharing your screen? (yes/no, other info) Links to slides or images you want displayed on screen Link to where audience can find out more information

Welcome!

Let’s say hello to some new Mozillians! If you are not able to join the meeting live, you can add a link to a short video introducing yourself.

Introducing New Volunteers

New Volunteer Introduced by Speaker location New Volunteer location Will be working on
Who is the new volunteer? Who will be introducing that person? Where is the introducer? Where will the new person be contributing from? What will the new person be working on?

<meta>

Notes and non-voice status updates that aren’t part of the live meeting go here.

Status Updates By Team (*non-voice* updates)

Automation & Tools
bugzilla.mozilla.org

Notable changes to bugzilla.mozilla.org during the last week:

  • bug 1160430 Keywords can now be deactivated without removing them from existing bugs

All changes.

Engagement

  • Dial-in: conference# 8600
    • US/Toll-free: +1 800 707 2533, (pin 369) Conf# 8600
    • US/California/Mountain View: +1 650 903 0800, x92 Conf# 8600
    • US/California/San Francisco: +1 415 762 5700, x92 Conf# 8600
    • US/Oregon/Portland: +1 971 544 8000, x92 Conf# 8600
    • CA/British Columbia/Vancouver: +1 778 785 1540, x92 Conf# 8600
    • CA/Ontario/Toronto: +1 416 848 3114, x92 Conf# 8600
    • UK/London: +44 (0)207 855 3000, x92 Conf# 8600
    • FR/Paris: +33 1 44 79 34 80, x92 Conf# 8600

Air MozillaMozilla Weekly Project Meeting

Mozilla Weekly Project Meeting The Monday Project Meeting

Air MozillaMozilla Balkans Meetup

Mozilla Balkans Meetup The Balkans Inter-Community meet-up 2015 will take place in Bucharest, Romania, on May 22-24th. Lead contributors from Balkan communities will be invited and sponsored by...

Air MozillaThe Joy of Coding (mconley livehacks on Firefox) - Episode 16

The Joy of Coding (mconley livehacks on Firefox) - Episode 16 mconley livehacks on real Firefox bugs while thinking aloud. Unscripted, unplanned, uncensored, and true to life, watch what a Firefox Desktop engineer does to close...

SUMO BlogWhat’s up with SUMO – 22nd May

Hi! Today’s edition of What’s Up With SUMO is coming to you straight from Bucharest, Romania. Now with even more contributors! fannceface Kateincol johere chill1218 Jim If you joined us recently, don’t be shy and say “hi” in the forums! … Continue reading

hacks.mozilla.orgES6 In Depth: Rest parameters and defaults

ES6 In Depth is a series on new features being added to the JavaScript programming language in the 6th Edition of the ECMAScript standard, ES6 for short.

Today’s post is about two features that make JavaScript’s function syntax more expressive: rest parameters and parameter defaults.

Rest parameters

A common need when creating an API is a variadic function, a function that accepts any number of arguments. For example, the String.prototype.concat method takes any number of string arguments. With rest parameters, ES6 provides a new way to write variadic functions.

To demonstrate, let’s write a simple variadic function containsAll that checks whether a string contains a number of substrings. For example, containsAll("banana", "b", "nan") would return true, and containsAll("banana", "c", "nan") would return false.

Here is the traditional way to implement this function:

function containsAll(haystack) {
  for (var i = 1; i < arguments.length; i++) {
    var needle = arguments[i];
    if (haystack.indexOf(needle) === -1) {
      return false;
    }
  }
  return true;
}

This implementation uses the magical arguments object, an array-like object containing the parameters passed to the function. This code certainly does what we want, but its readibility is not optimal. The function parameter list contains only one parameter haystack, so it’s impossible to tell at a glance that the function actually takes multiple arguments. Additionally, we must be careful to start iterating through arguments at index 1 not 0, since arguments[0] corresponds to the haystack argument. If we ever wanted to add another parameter before or after haystack, we would have to remember to update the for loop. Rest parameters address both of these concerns. Here is a natural ES6 implementation of containsAll using a rest parameter:

function containsAll(haystack, ...needles) {
  for (var needle of needles) {
    if (haystack.indexOf(needle) === -1) {
      return false;
    }
  }
  return true;
}

This version of the function has the same behavior as the first one but contains the special ...needles syntax. Let’s see how calling this function works for the invocation containsAll("banana", "b", "nan"). The argument haystack is filled as usual with the parameter that is passed first, namely "banana". The ellipsis before needles indicates it is a rest parameter. All the other passed parameters are put into an array and assigned to the variable needles. For our example call, needles is set to ["b", "nan"]. Function execution then continues as normal. (Notice we have used the ES6 for-of looping construct.)

Only the last parameter of a function may be marked as a rest parameter. In a call, the parameters before the rest parameter are filled as usual. Any “extra” arguments are put into an array and assigned to the rest parameter. If there are no extra arguments, the rest parameter will simply be an empty array; the rest parameter will never be undefined.

Default parameters

Often, a function doesn’t need to have all its possible parameters passed by callers, and there are sensible defaults that could be used for parameters that are not passed. JavaScript has always had a inflexible form of default parameters; parameters for which no value is passed default to undefined. ES6 introduces a way to specify arbitrary parameter defaults.

Here’s an example. (The backticks signify template strings, which were discussed last week.)

function animalSentence(animals2="tigers", animals3="bears") {
    return `Lions and ${animals2} and ${animals3}! Oh my!`;
}

For each parameter, the part after the = is an expression specifying the default value of the parameter if a caller does not pass it. So, animalSentence() returns "Lions and tigers and bears! Oh my!", animalSentence("elephants") returns "Lions and elephants and bears! Oh my!", and animalSentence("elephants", "whales") returns "Lions and elephants and whales! Oh my!".

The are several subtleties related to default parameters:

  • Unlike Python, default value expressions are evaluated at function call time from left to right. This also means that default expressions can use the values of previously-filled parameters. For example, we could make our animal sentence function more fancy as follows:

    function animalSentenceFancy(animals2="tigers",
        animals3=(animals2 == "bears") ? "sealions" : "bears")
    {
      return `Lions and ${animals2} and ${animals3}! Oh my!`;
    }
    

    Then, animalSentenceFancy("bears") returns "Lions and bears and sealions. Oh my!".

  • Passing undefined is considered to be equivalent to not passing anything at all. Thus, animalSentence(undefined, "unicorns") returns "Lions and tigers and unicorns! Oh my!".

  • A parameter without a default implicitly defaults to undefined, so

    function myFunc(a=42, b) {...}
    

    is allowed and equivalent to

    function myFunc(a=42, b=undefined) {...}
    

Shutting down arguments

We’ve now seen that rest parameters and defaults can replace usage of the arguments object, and removing arguments usually makes the code nicer to read. In addition to harming readibility, the magic of the arguments object notoriously causes headaches for optimizing JavaScript VMs.

It is hoped that rest parameters and defaults can completely supersede arguments. As a first step towards this, functions that use a rest parameter or defaults are forbidden from using the arguments object. Support for arguments won’t be removed soon, if ever, but it’s now preferable to avoid arguments with rest parameters and defaults when possible.

Browser support

Firefox has had support for rest parameters and defaults since version 15.

Unfortunately, no other released browser supports rest parameters or defaults yet. V8 recently added experimental support for rest parameters, and there is an open V8 issue for implementing defaults. JSC also has open issues for rest parameters and defaults.

The Babel and Traceur compilers both support default parameters, so it is possible to start using them today.

Conclusion

Although technically not allowing any new behavior, rest parameters and parameter defaults can make some JavaScript function declarations more expressive and readable. Happy calling!


Note: Thanks to Benjamin Peterson for implementing these features in Firefox, for all his contributions to the project, and of course for this week’s post.

Next week, we’ll introduce another simple, elegant, practical, everyday ES6 feature. It takes the familiar syntax you already use to write arrays and objects, and turns it on its head, producing a new, concise way to take arrays and objects apart. What does that mean? Why would you want to take an object apart? Join us next Thursday to find out, as Mozilla engineer Nick Fitzgerald presents ES6 destructuring in depth.

Jason Orendorff
ES6 In Depth editor

Air MozillaGerman speaking community bi-weekly meeting

German speaking community bi-weekly meeting Zweiwöchentliches Meeting der deutschsprachigen Community. ==== German speaking community bi-weekly meeting.

Mozilla Web DevelopmentBeer and Tell – May 2015

Once a month, web developers from across the Mozilla Project get together to organize our poltical lobbying group, Web Developers Against Reality. In between sessions with titles like “Three Dimensions: The Last Great Lie” and “You Aren’t Real, Start Acting Like It”, we find time to talk about our side projects and drink, an occurrence we like to call “Beer and Tell”.

There’s a wiki page available with a list of the presenters, as well as links to their presentation materials. There’s also a recording available courtesy of Air Mozilla.

Groovecoder: WellHub

Groovecoder stopped by to share WellHub, a site for storing and visualizing log data from wells. The site was created for StartupWeekend Tulsa, and uses WebGL (via ThreeJS) + WebVR to allow for visualization of the wells based on their longitude/latitude and altitude using an Oculus Rift or similar virtual reality headset.

Osmose: Refract

Next up was Osmose (that’s me!), who shared some updates to Refract, a webpage previously shown in Beer and Tell that turns any webpage into an installable application. The main change this month was added support for generating Chrome Apps in addition to the Open Web Apps that it already supported.


This month’s session was a productive one, up until a pro-reality plant asked why we were having a real-life meetup for an anti-reality group, at which point most of the people in attendance began to scream uncontrollably.

If you’re interested in attending the next Beer and Tell, sign up for the dev-webdev@lists.mozilla.org mailing list. An email is sent out a week beforehand with connection details. You could even add yourself to the wiki and show off your side-project!

See you next month!

Air MozillaMay Brantina: Onboarding and the Cost of Team Debt with Kate Heddleston

May Brantina: Onboarding and the Cost of Team Debt with Kate Heddleston At our May Brantina (Breakfast + Cantina), we'll be joined by Kate Heddleston, a software engineer in San Francisco. Kate will share how effective onboarding...

Air MozillaReps weekly

Reps weekly Weekly Mozilla Reps call

Meeting NotesMobile: 2015-05-20

Schedule

Topics for This Week

  • LogView addon updated!
    • You can now copy logs to clipboard or post logs to pastebin directly from about:logs

Tracking Review

Beta

  • Next Build:
ID Summary Status Assigned to Last change time
1010068 Disable OCSP for DV certificates in Firefox for Android ASSIGNED Brad Lassey [:blassey] (use needinfo?) (blassey.bugs) 2015-05-20T00:15:15Z
1016555 Disable OCSP checking for certificates covered by OneCRL ASSIGNED David Keeler [:keeler] (use needinfo?) (dkeeler) 2015-05-16T23:30:57Z
1150284 [Browser] Unable to zoom in/out on Google Maps ASSIGNED Robert O’Callahan (:roc) (Mozilla Corporation) (roc) 2015-05-18T12:26:10Z
1162720 enumerateDevices crashes on Android (webcamtoy.com crashes) ASSIGNED Jan-Ivar Bruaroey [:jib] (jib) 2015-05-20T21:10:48Z


4 Total;
4 Open (100%);
0 Resolved (0%);
0 Verified (0%);

Aurora

  • Next Build:
ID Summary Status Assigned to Last change time
659285 Extend media.autoplay.enabled to provide a way to disable untrusted play() invocations REOPENED Randall Barker [:rbarker] (rbarker) 2015-05-20T23:34:40Z
789193 AMI_startup() takes 200ms on mobile, 26ms on desktop at startup NEW Jim Chen [:jchen] [:darchons] (nchen) 2015-04-21T19:20:16Z
1114096 Wrong tab got mirrored NEW Mark Finkle (:mfinkle) (mark.finkle) 2015-03-26T17:27:44Z
1120511 Autophone – Twitter Throbber stop regression 2015-01-15 REOPENED Seth Fowler [:seth] (seth) 2015-05-01T02:34:20Z
1131084 Can not mirror tab to Chromecast device NEW Randall Barker [:rbarker] (rbarker) 2015-03-26T17:28:21Z
1153844 Can’t select tracking flags on new bugs submitting page NEW 2015-04-24T12:19:40Z
1160338 Autophone – 2015-04-30 regression in webappstartup Second Run Throbber stop on fx-team ASSIGNED Jim Chen [:jchen] [:darchons] (nchen) 2015-05-14T17:07:33Z
1163049 Autophone – 2015-05-08 Throbber stop regression on fx-team ASSIGNED Benjamin Smedberg [:bsmedberg] (benjamin) 2015-05-20T18:49:14Z
1163937 Downloads are not cleared from about:downloads when “Clear on exit” is used ASSIGNED :Margaret Leibovic (margaret.leibovic) 2015-05-15T12:15:58Z


9 Total;
9 Open (100%);
0 Resolved (0%);
0 Verified (0%);

Nightly

  • Next Build:
ID Summary Status Assigned to Last change time
1047127 Panning very stuttery on this page with overflow-x ASSIGNED Danilo Cesar Lemes de Paula (danilo.eu) 2015-05-14T17:21:12Z
1126244 Create a maximum reader mode cache size and evict records when necessary ASSIGNED Vivek Balakrishnan[:vivek] (vivekb.balakrishnan) 2015-04-30T17:08:28Z
1156553 Tab queue makes captive portal use annoying NEW 2015-05-14T17:25:01Z


3 Total;
3 Open (100%);
0 Resolved (0%);
0 Verified (0%);

Friends of the Mobile Team

Give a shoutout/thanks to people for helping fix and test bugs. Make sure friends also get awarded a badge. New contributors are highlighted in bold.

iOS

  • dusek fixed bug 1161327 – Automatic VoiceOver order of elements is sometimes “wrong”

Android

Stand ups

Suggested format:

  • What did you do last week?
  • What are working on this week?
  • Anything blocking you?

Please keep your update to under 2 minutes!

James W. (snorp)

  • Updating NDK to r10e to work around PIE issues on x86
  • Looking into flash crash on Nexus 9 and the fullscreen hang on 5.0
  • Profiling sites that Partner 11 has identified as slow
  • Prefed on Media Source Extensions in 41
    • This means we can play youtube in all of its progressive bitrate goodness
  • Hopefully can get back to working on better paint suppression this week (bug 1150172)
  • The contractor working on native APZ is done this week, so may need to pick that up soon
    • Panning works
    • Zooming mostly works, but still need one big patch which he’s trying to finish this week

JChen

Fixed
Working on

GCP

    • Video sandboxing debugging
    • Made some progress, found 2 race conditions
    • Tiles wants to use SafeBrowsing

Randall Barker

  • Worked on bug 659285. Trying to get video to show errors and play button when autoplay has been blocked by pref media.autoplay.enabled=false. Attempting to get code through review.

Next Week:

Eugen Sawin

Fixed
Working on

Brian Nicholson

<Read Only> (sick)

  • Test fixes
    • bug 1164704 – UI test cleanup fails with new about:home tab
    • bug 1165006 – Clear test profile prefs with each test run
    • bug 1162999 – Need to skip first-run in UITests
  • bug 1166116 – Domain autocompletion improvements
  • bug 1165103 – Use a separate AppDelegate for MOZ_CHANNEL_AURORA

WesJ

  • bug 1147071 – Use encrypted database storage for passwords. Switched to a new implementation (sqlcipher).
  • bug 1134532 – Pages can lock the urlbar from scrolling on screen. Landed!
  • bug 1125835 – Design a good error page. Should be landing soon.
  • bug 1137051 – Don’t show about-urls in the URL bar

liuche

Highlights:

  • Improving Doorhanger button styling + code
  • Updating all things new-hire

Present:

Past:

Margaret

Highlights:

  • Add-ons in distributions
  • Experiments with new home panel layouts
  • Experiments with building features as add-ons

Past:

Present:

mcomella

  • Continuing the misc. Android ecosystem bugs
  • Landed initial search engine bar; working on polish which UX wants before ship

Past:

Present:

rnewman

  • History sync and dependencies are through review. Thanks, Nick and Wes.
  • Fun activity/task bug with Martyn if you geek out on that sort of thing: bug 1165856.
  • Partner stuff, reviews, the usual.
Fixed
Working on

nalexander

  • mach package-frontend: no movement
  • Pushing Adjust SDK over the 38.0.5 line.
  • Partners: working on –with-android-distribution-directory, bug 1163082 has reviews and will need to be

rebased on top of recent work from glandium in bug 991983.

  • Partners: working on integration with third-party identity services.
  • Android: continued investigating FxA sign-in over the web: bug androidwebfxa.
    • Built a test WebView project to explore that approach.
    • Explored WebChannel integration into Fennec itself — it’s easy!
    • Meeting with stomlinson to discuss integration approach.
  • iOS: reviews.

Martyn Haigh

Past:

Present:

Stefan

Current focus:

  • 1094262 – (ios) Implement the Send To Extension UI
  • 1141598 – Reader mode should open full screen
  • 1153285 – Open from the WKWebView Action Sheet should open new tabs in the background
  • 1164160 – Run our internal web server on a fixed port
  • 1164555 – Do an optimized release build
  • 1165745 – Reader View incorrectly not available, probably after loading webpage from cache
  • 1166266 – Upgrade the CI Server to Xcode 6.3.2

Steph

Tab Tray Animation/UI Fixes:

  • 1163695 – Improve tab tray animations to match UX mocks
  • 1164897 – Remove hardcoded status bar height
  • 1164296 – Tab Tray collection view extends into status bar
  • 1162736 – Bottom toolbar briefly disappears after navigating away from about:home
  • 1152858 – Tab tray thumbnails don’t fill tiles

Browser UI Fixes/Performance

  • 1164631 – Regression: Navigation bar merges with address-bar (tablet style) on phone rotation
  • 1163122 – Optimize BrowserViewController.viewDidLoad
  • 1163121 – Create ReaderModeBarView lazy
  • 1162736 – Bottom toolbar briefly disappears after navigating away from about:home

Ally

  • Bug 1065004 – Provide an option to always open tabs in Private Browsing
    • in review
    • Q2 goal of mine
  • Bug 1154367 – Investigate whether call to get all logins is the slow part of loading about:passwords
    • reprod problems, but I’m pretty sure it’s real
    • blocker to shipping about:passwords
  • This week
    • polish off new FHR(Bug 1141769) & Private Browsing Deliverable(Bug 1065004)
    • shift focus to about:passwords for remainder of quarter

BLassey

Fixed
Working on

MFinkle

Fixed
Working on

Antlam

  • Upcoming
    • Partner things
    • Prototype out next “First Run” options
    • Think about in-product Add-on promotions UX
    • Bugs follow up

Robin

iOS

  • Updated device icons
  • Updated CSS for Reader View
  • V2 brainstorming

Contributed to:

  • bug 1163219 Default search engine not visible if suggestions are enabled
  • bug 1094262 (ios) Implement the Send To Extension UI
  • bug 1147453 need an indication saying an article has been added to my list when I long-press the Reader View icon in the URL bar
  • bug 1160756 Reader View maximum text size insufficient
  • bug 1162539 Unable to scroll to top in landscape orientation
  • bug 1097620 (ios) formalize ‘send to device’ terminology

QA

Feature Focus


Details

  • Wednesdays – 9:30am Pacific, 12:30pm Eastern, 16:30 UTC
  • Dial-in: conference# 99998
    • US/Toll-free: +1 800 707 2533, (pin 369) Conf# 99998
    • US/California/Mountain View: +1 650 903 0800, x92 Conf# 99998
    • US/California/San Francisco: +1 415 762 5700, x92 Conf# 99998
    • US/Oregon/Portland: +1 971 544 8000, x92 Conf# 99998
    • CA/British Columbia/Vancouver: +1 778 785 1540, x92 Conf# 99998
    • CA/Ontario/Toronto: +1 416 848 3114, x92 Conf# 99998
    • UK/London: +44 (0)207 855 3000, x92 Conf# 99998
    • FR/Paris: +33 1 44 79 34 80, x92 Conf# 99998
  • irc.mozilla.org #mobile for backchannel
  • Mobile Vidyo Room

Meeting NotesFirefox/Gecko Delivery Planning: 2015-05-20

Schedule & Progress onUpcoming Releases (Lawrence)

  • Firefox Desktop, Mobile and ESR 38.0.1 shipped last week (release notes: Desktop/ESR, Android)
  • 38.0.5 Desktop and Android will build RCs on Thu/Fri this week
    • mobile b4 will gtb on Thu, release on Fri
  • 39b1 scheduled to ship Tue, May 26 (gtb Fri, May 22)
    • SoftVision will be using the b1 build to test against Windows 10
  • Dev Edition 40 updates were enabled last Fri, May 15

Firefox Mobile (Mark/Brad/Jenn)

Firefox for iOS

  • No longer on the critical path for June 2nd campaign launch
  • Sync is progressing well
  • No new official launch date yet, as we are dependent on the outcome of the external feedback cycle, which is in progress. Feedback so far has been generally favorable in nature.

Firefox for Android

Beta (39)
  • Reader View & Local Only Reading List for this release. Pocket Integration is not in scope for the 38 release.

Developer Tools (Jeff)

<Read Only>

  • landing / uplifting various patches for June 2
  • Dev Edition 40 Post on hacks.

Feedback Summary (Cheng/Tyler/Matt/Rob)

Desktop

Slowness

Mobile

None


Planning Meeting Details

  • Wednesdays – 11:00am PT, 18:00 UTC
  • Mountain View Offices: Warp Core Conference Room
  • Toronto Offices: Finch Conference Room
  • irc.mozilla.org #planning for backchannel
  • (the developer meeting takes place on Tuesdays)

Video/Teleconference Details – NEW

Mozilla SecurityMozDef: The Mozilla Defense Platform v1.9

At Mozilla we’ve been using The Mozilla Defense Platform (lovingly referred to as MozDef) for almost two years now and we are happy to release v1.9. If you are unfamiliar, MozDef is a Security Information and Event Management (SIEM) overlay for ElasticSearch.

MozDef aims to bring real-time incident response and investigation to the defensive tool kits of security operations groups in the same way that Metasploit, LAIR and Armitage have revolutionized the capabilities of attackers.

We use MozDef to ingest security events, alert us to security issues, investigate suspicious activities, handle security incidents and to visualize and categorize threat actors. The real-time capabilities allow our security personnel all over the world to work collaboratively even though we may not sit in the same room together and see changes as they occur. The integration plugins allow us to have the system automatically respond to attacks in a preplanned fashion to mitigate threats as they occur.

We’ve been on a monthly release cycle since the launch, adding features and squashing bugs as we find them. You can find the release notes for this version here.

Notable changes include:

  •  Support for Google API logs (login/logout/suspicious activity for Google Drive/Docs)
  •  http://cymon.io api integration
  •  myo armband integration

Using the Myo armband in a TLS environment may require some tweaking to allow the browser to connect to the local Myo agent. Look for a how-to in the docs section soon.

Feel free to take it for a spin on the demo site. You can login by creating any test email/password combination you like. The demo site is rebuilt occasionally so don’t expect anything you put there to live for more than a couple days but feel free to test it out.

Development for the project takes place at mozdef.com and report any issues using the github issue tracker.

Air MozillaKids' Vision - Mentorship Series

Kids' Vision - Mentorship Series Mozilla hosts Kids Vision Bay Area Mentor Series

Mozilla Add-ons BlogAdd-ons Update – Week of 2015/05/20

I post these updates every 3 weeks to inform add-on developers about the status of the review queues, add-on compatibility, and other happenings in the add-ons world.

The Review Queues

  • Most nominations for full review are taking less than 10 weeks to review.
  • 194 nominations in the queue awaiting review.
  • Most updates are being reviewed within 6 weeks.
  • 112 updates in the queue awaiting review.
  • Most preliminary reviews are being reviewed within 9 weeks.
  • 222 preliminary review submissions in the queue awaiting review.

If you’re an add-on developer and would like to see add-ons reviewed faster, please consider joining us. Add-on reviewers get invited to Mozilla events and earn cool gear with their work. Visit our wiki page for more information.

Firefox 38 Compatibility

The Firefox 38 compatibility blog post is up. The automatic AMO validation was already run. There’s a second blog post covering the upcoming 38.0.5 release and in-content preferences, which were an oversight in the first post.

Firefox 39 Compatibility

The Firefox 39 compatibility blog post is up. I don’t know when the compatibility validation will be run yet.

As always, we recommend that you test your add-ons on Beta and Firefox Developer Edition (formerly known as Aurora) to make sure that they continue to work correctly. End users can install the Add-on Compatibility Reporter to identify and report any add-ons that aren’t working anymore.

Extension Signing

We announced that we will require extensions to be signed in order for them to continue to work in release and beta versions of Firefox. A followup post was published recently, addressing some of the reasons behind this initiative.

A couple notable things are happening related to signing:

  • Signing will be enabled for AMO-listed add-ons. This means that new versions will be automatically signed, and the latest versions of all listed add-ons will also be signed. Expect this to happen within a week or so (developers will be emailed when this happens). Signing for unlisted (non-AMO) add-ons is still not enabled.
  • The signature verification code is now active on Developer Edition, in case you want to try it out with unsigned extensions. The preference is set to warn about unsigned extensions, but still accept and install them. You can use Developer Edition to test your extensions after we let you know they’ve been signed.
  • A new Developer Agreement will be published on AMO. This is a significant update over the current years-old agreement, covering signing, listed and unlisted add-ons, themes, and other developments that have happened since. Developers will be notified when the new agreement is up.

Electrolysis

Electrolysis, also known as e10s, is the next major compatibility change coming to Firefox. In a nutshell, Firefox will run on multiple processes now, running each content tab in a different one. This should improve responsiveness and overall stability, but it also means many add-ons will need to be updated to support this.

We will be talking more about these changes in this blog in the future. For now we recommend you start looking at the available documentation.

Air MozillaProduct Coordination Meeting

Product Coordination Meeting Duration: 10 minutes This is a weekly status meeting, every Wednesday, that helps coordinate the shipping of our products (across 4 release channels) in order...

Air MozillaThe Joy of Coding (mconley livehacks on Firefox) - Episode 15

The Joy of Coding (mconley livehacks on Firefox) - Episode 15 Watch mconley livehack on Firefox Desktop bugs!

Mozilla Gfx TeamOff-main-thread compositing on Linux

We recently enabled off-main-thread compositing on Linux. As I write this post it is enabled on Firefox nightly and Firefox developer edition and if nothing bad comes up it will ride the trains and get enabled in beta and in the stable release of Firefox 40.

Web browsers render web content in separate intermediate surfaces (we call them layers) in order to be able to efficiently animate, scroll or zoom some elements independently of the others. Compositing is the action of taking these layers and flattening them in one surface that can be brought to the screen.

Gecko used to render and composite layers from the same thread (the main thread), which is also responsible for a lot of expensive operations such as running JavaScript and computing the layout of the page. This meant that if something was taking too long on the main thread, it would also block/delay everything else.

But some operations can be performed independently of one another. For instance, a video decoder should be able to send video frames to the screen without being blocked by a script taking too long. To some extent, scrolling and zooming should also be performed without being blocked by a script that contains an infinite loop. Here comes off-main-thread compositing (let’s save a few key strokes and call it OMTC from now on).

With OMTC, Gecko does the compositing work on a dedicated thread. This thread is never waiting for the main thread, so we can make sure it runs smoothly. This lets us, for example, have video decoding threads talk directly to the compositor which improves video playback dramatically. This also opens the door to a lot of optimizations that we have been building on other platforms, but could not on Linux because they were relying on OMTC’s architecture. Chief among them, asynchronous panning and zooming (APZ), letting us perform scrolling and zooming on the compositor thread at 60 frames per seconds even when the main thread can’t keep this frame rate up (teaser: APZ is a real game changer). There is also asynchronous animations which (no surprise there) lets animations be performed by the compositor, again with 60 frames per second no matter how busy the main thread is. Currently, async animations are enabled on Linux but APZ is still in the work.

OMTC has been around for a long while. In fact we have shipped it on mobile platforms for years, but it took a long while before we managed to enable it by default on Mac, then Windows and finally on Linux recently. APZ is already enabled on mobile platforms and is getting close to ship on Mac and Windows, Linux should come soon after.

This is very exciting for the gfx team, because we have been working on getting OMTC enabled for a long time now. This is the base for a lot of important optimizations and will let us finally simplify a lot of code since we now use the same compositing architecture on all of our platforms. While this change is not obvious to user, it is a – hidden but huge – step towards great things to come, so there will be a lot to be excited about moving forward (although don’t expect everything to happen tomorrow or the day after, these things take time!).

OMTC on Linux, in its current state is still pretty new and comes with some improvements and regressions we are confident that we will be able to catch up with all of the regressions eventually but, as usual, don’t hesitate to file bugs at bugzilla.mozilla.org.

Another thing to be excited about is the work to move from Gtk 2 to Gtk 3. This is a long-standing project and I will blog about it later, when we get closer to enabling it by default. I am very pleased to see progress in this area and I’ll use this post as an opportunity to thank Martin Stránský, Lee Salzman, and the many others who are helping making this happen.


Air MozillaLost in Data - Episode 1

Lost in Data - Episode 1 Join Joel Maher in a livehacking session where he is triaging and investigating Firefox performance alerts.

Open Policy & AdvocacyMozilla Advocacy – 2015 Plan

Mozilla Advocacy — Our 2015 Plan for Protecting and Advancing the Open Web

Advocacy is a relatively new area of focus for Mozilla. Our increased emphasis on advocacy is born out of the recognition that, like code, public policy has an impact on the shape and health of the open web — and that a vital force protecting the web will be the millions of people who consider themselves to be citizens of the web.

Over the next few weeks, the Mozilla Advocacy team — including Andrea Wood, Director of Digital Advocacy and Fundraising; Melissa Romaine, Advocacy Manager; Chris Riley, Head of Public Policy; Stacy Martin, Senior Manager of Privacy and Engagement; Jochai Ben-Avie, Internet Policy Manager; and, Alina Hua, Senior Data Privacy Manager —  will lay out our latest thinking about how we’re developing public policy and creating advocacy initiatives.

Our goal with Mozilla Advocacy is to advance the Mozilla mission by empowering people to create measurable changes in public policy to protect the Internet as a global public resource, open and accessible to all. Our three strategies to achieve this goal are:

  1. Leadership Development — Grow a global cadre of leaders — activists, technologists, policy experts — who advance the free and open web.

  2. Community — Assist, grow, and enable the wider policy & advocacy community.

  3. Grassroots Advocacy — Run issue-based campaigns to grow mainstream engagement with Mozilla and open web issues.

Each of these strategies ties directly to the goal of empowering people. Yet, as we execute there are still open questions that need input and more thought from the community. For instance, how can we create better scale and participation, recognizing that real impact happens when the community is empowered to take action on policy and advocacy initiatives. A key to this is making our own policy positions and advocacy efforts easier for people to understand and engage with.

We need you to play an active role. Because the web is growing in markets where we are not experts, the Mozilla community will play a central role in scaling efforts to protect the open web throughout the world. We invite you to help shape our thinking by reading the 2015 Policy & Advocacy Plan and offering input through this thread in the Mozilla Advocacy Community.

–Dave Steer, Director of Advocacy, Mozilla

Mozilla Add-ons BlogWhich T-shirt Design is Your Favorite?

The judges have selected their three favorite designs for a new AMO t-shirt, and now it’s your turn to tell us which one you’d like to see printed. The shirts will be sent to add-on developers as a thank-you gift, so choose wisely!

The deadline to vote is Tuesday, June 2.

hacks.mozilla.orgDeveloper Edition 40: Always active network monitoring, CSS rules filtering, and much more

Firefox 40 was just uplifted, and we have a lot of updates to share. This release took a major effort by Developer Tools contributors to address feedback we’ve heard directly from people using our tools. Grab a copy of the Developer Edition browser and check it out.

Experimental Multi-process Support: A Request

When you update to Developer Edition 40, you’ll be prompted to opt in to test multi-process Firefox. Please consider helping us test this new feature and providing feedback around any issues you see.

New in the Inspector

  • There is now a filter box in the CSS Rules view that lets you find rules that match a string. See the Filter Styles screencast or the screenshot below. (Development notes: 1120616 and 1157293.)

Inspector Filter Styles Screenshot

  • There is a new CSS documentation tooltip for CSS properties. Right click on any property in the CSS Rules view and select “Show MDN Docs” to see more information about that property. (Development notes.)

MDN Tooltip In Inspector Screenshot

  • Inspector search now includes results from iframes and also includes class / id results without the CSS prefix. (Development notes: 873443 and 1149346.)
  • There is a new CSS Filter Editor Tooltip added by Mahdi Dibaiee. Check out the CSS Filter Editor Tooltip screencast for a demo, or try it on the filter demos page in Developer Edition. (development notes)
  • The Animation Inspector has had some major updates. It now shows subtree animations, playback rate can be controlled, and it previews and highlights animated DOM nodes. (Development notes: 1155651, 1155653, and 1144615.)

There are too many changes to list in this post, but here are a few more interesting updates you may come across in the Inspector:

  • The Box Model view has legends for the regions and tooltips to show which CSS rule invoked the computed value. (Development notes: 1141571 and 1151956.)
  • shift+clicking a color swatch switches between color unit formats in place. (Development notes.)
  • New Scroll Into View, Open Link in New Tab, Copy Link, Open In Style Editor, and Open in Debugger context menu items in the Markup View. (Development notes: 901250, 921102, and 1158822.)

Network Monitor News

Cached network requests in Network Monitor Screenshot

Here’s a selection of other changes and improvements in this release:

  • New Copy Response, Copy URL parameters, and Copy Request/Response Headers context menu items on each request. (Development notes: 955933, 1150717, and 1150715.)
  • Search box to filter requests. (Development notes.)
  • IP address included in Domain tooltip for network monitor. (Development notes.)
  • Added access keys to the request context menu. (Development notes.)

Web Console

  • New console method: console.dirxml(). (Development notes.)
  • New filter options in the web console to show console messages from workers. (Development notes.)
  • Quotes in strings are no longer added if logged via console.log. Thanks to new contributor Dmitry Sagalovskiy for adding this feature! (Development notes.)

Debugger

General

Special thanks to all the people who contributed patches to Firefox Developer Tools this release! Here is a list of all the DevTools bugs resolved for Firefox 40. Kudos to the many contributors.

Do you have feedback, bug reports, feature requests, or questions? As always, you can comment here, get in touch with the team at @FirefoxDevTools, or share your constructive feedback and feature requests on our Firefox Dev Tools feedback channel.

Air MozillaMartes Mozilleros

Martes Mozilleros Reunión bi-semanal para hablar sobre el estado de Mozilla, la comunidad y sus proyectos. Bi-weekly meeting to talk (in Spanish) about Mozilla status, community and...

Air MozillaMaintaining & growing a technical community

Maintaining & growing a technical community How do you support a diverse community, acknowledge many different voices and perspectives, be open and inclusive, and still get things done (especially when you...

Air MozillaWhat's new in Firefox?

What's new in Firefox? Let's review together what happened with Firefox in 2014 and where we are headed in 2015.

Air MozillaKeeping secrets with JavaScript

Keeping secrets with JavaScript An Introduction to the WebCrypto API.

The Mozilla BlogOpen Web Device Compliance Review Board Certifies First Handsets

Announcement Marks Key Point in Development of Open Source Mobile Ecosystem

San Francisco, Calif. – May 18, 2015: – The Open Web Device Compliance Review Board (CRB), in conjunction with its members ALCATEL ONE TOUCH, Deutsche Telekom, Mozilla, Qualcomm Technologies, Inc., and Telefónica, has announced the first handsets to be certified by the CRB. The CRB is an independently operated organization designed to promote the success of the open Web device ecosystem by encouraging API compliance as well as ensuring competitive performance.

The two devices are the Alcatel ONETOUCH Fire C and the Alcatel ONETOUCH Fire E. ALCATEL ONETOUCH has also authorized a CRB lab.

The certification process involves OEMs applying to the CRB for their device to be certified. CRB’s authorized labs test the device for open web APIs and key performance benchmarks. CRB’s subject matter experts review the results and validate against CRB stipulated benchmarks with a reference device to ensure compatibility and performance across key use cases. The two ALCATEL ONETOUCH devices passed the CRB authorized test lab procedure and met all CRB certification requirements.

The process is open to all device vendors whether they are a member of CRB or not. The CRB website www.openwebdevice.org will publish the process for applying for certification.

CRB certification testing is conducted by industry labs authorized by the CRB, with each submission expected to be completed within approximately three days. The CRB offers a platform for the rest of the industry to request certification.

“As an initial founding member of the CRB, we are pleased to know that the Board has achieved one of its major objectives in certifying Firefox OS devices on a standard set of Web APIs and performance metrics,” said Jason Bremner, Senior Vice President of Product Management, Qualcomm Technologies, Inc. “We expect other companies will also certify, improving their product development cycle time while ensuring a compelling user experience and compliance to standard Web APIs.”

“As one of the partners of the CRB and owners of these certified devices, ALCATEL ONETOUCH is excited to witness the solid progress and achievements made by all members,” said Alain Lejeune, Senior Vice President, ALCATEL ONETOUCH. “In the coming year, ALCATEL ONETOUCH will continue to contribute to the CRB and establishment of the Firefox OS ecosystem. This news is not only an honor for us but will inspire more Firefox OS partners to strive for certification.”

“In the last three years Mozilla has proven with Firefox OS that open Web technology is a strong, viable platform for mobile,” said Andreas Gal, Chief Technology Officer, Mozilla. “Certification by the CRB provides a launch pad for those who complete to prove that their device offers a consistent and excellent experience for users, reducing time and cost to qualify across operators and markets. Today’s announcement paves the way for other device makers to reach this milestone.”

“TELEFÓNICA supports the opportunities that an open Web ecosystem delivers to mobile consumers,” said Francisco Montalvo, Head of Group Devices Unit at TELEFÓNICA S.A.. “Having CRB as a product certification scheme helps all the partners guarantee that rich Web content is delivered to certified devices with the right level of quality. We are glad to collaborate on this effort.”

“Deutsche Telekom is pleased to be a close partner with Mozilla, Qualcomm, Telefonica, and ALCATEL ONETOUCH among others in the development of the Firefox OS,” said Louis Schreier, Vice President of Telekom Innovation Laboratories’ Silicon Valley Innovation Center. “As one of the founding members of the CRB, our goal in focusing on API compliance and performance is to establish a uniform set of requirements, test and acceptance criteria, enabling uniform and independent testing by accredited labs.”

For more information about the Open Web Device Compliance Review Board, please visit https://openwebdevice.org.

About the CRB
The Open Web Device Compliance Review Board (CRB) is an independently operated organization designed to promote the success of the open Web device ecosystem. It is a partnership between operators, device OEMs, silicon vendors and test solution providers to define and evolve a process to encourage API compatibility and competitive performance for devices. Standards are based on Mozilla’s principles of user privacy and control.

Media Contact: press@mozilla.com

Meeting NotesMozilla Project: 2015-05-18

All-hands Status Meeting Agenda

Items in this section will be shared during the live all-hand status meeting.

Friends of Mozilla

  • Huge thanks to Ram Dayal for organizing the first-ever regional Marketplace Day event in Hyderabad, India this weekend. 25 attendees stayed up all night fixing bugs, figuring out how to make it easier to contribute code, and bonding. Read more and see photos!
  • Thanks to Cate and Chiu-Ki who publish Technically Speaking and the Twitter account @callbackwomen – a weekly email and a twitter stream listing CFPs for technical events and conferences that welcome women and other under-represented speakers, and write about the issues tech speakers deal with…
  • Arturo Martinez, Emma Irwin and Gauthamraj Elango who are leaving their 1 year term at the Mozilla Reps Council. Thank you SO much for your awesome work at the Council, you have been an inspiration for all Reps.

Upcoming Events

Monday, 18 May
  • Weekly Bug Triage Day
  • DORS/CLUC, Zagreb, Croatia, 18th-20th.
    • DORS/CLUC is one of the biggest free and open source conferences in Croatia. Conference gathers international and local IT experts in order to exchange experiences and ideas.
    • We will have one keynote by Brian King, a workshop, 2 talks, and a booth run by the community.
Wednesday, 20 May
  • Weekly Bug Verification Day
  • MedellinJS, Medellin, Colombia.
    • We are going to talk about Webcomponent and how they are going to change the web is moving. A lot of people has some interest to work on Webcomponents and it’s the moment to talk about X-tag, the incredible implementation by Mozilla of Webcomponents.
    • More info in Reps event page.
Thursday, 21 May
  • Introducing the May Brantina (Breakfast + Cantina, 9am PST / 4pm UTC / 6pm CEST), a format we’re testing to join time zones over breakfast, lunch or happy hour and learn from guest speakers. This month Kate Heddleston, a software engineer in the Bay Area, will share how insufficient onboarding leads to ‘team debt,’ an analogy she makes to technical debt, where poor system design slows down the system. Kate will also provide some guidance on some fairly immediate things individual teams can do to reduce the debt.
Saturday, 23 May
  • Mozilla Balkans Community Meetup, Bucharest, Romania. 23rd-24th.
    • The Balkans Inter-Community meet-up 2015 will take place in Bucharest, Romania, on May 22-24th. Lead contributors from Balkan communities will be invited to participate in a 2-day event with sessions and workshops. The aim of the meetup is to enable Mozilla communities in the Balkans to share and learn from each other’s experience working on the Mozilla Project, improve collaboration in the future, and work on specific tasks.
  • Rust 1.0 Release Party: Bangalore, Bangalore, India.
    • Mozilla’s Rust programming language’s first stable release is this month & it’s being celebrated globally. In India, we’re starting to have traction around this beautiful system programming language & would want to spread the word.

Project Status Updates (voice updates)

Firefox and Cloud Services

Speaker Location: vidyo (bsmedberg)

Mozilla Learning Networks

Amira Dhalla, Brooklyn: Introducing Maker Party 2015 and Mozilla Clubs. Blog post: http://mzl.la/1PtKQ2b

Also, this week’s Teach The Web podcast: https://plus.google.com/u/0/events/cdddvap0ev2o6771so2mnhtctj8

Speakers

The limit is 3 minutes per topic. It’s like a lightning talk, but don’t feel that you have to have slides in order to make a presentation. If you plan on showing a video, you need to contact the Air Mozilla team before the day of the meeting or you will be deferred to the next week.

Presenter Title Topic Location Share? Media More Details
Who Are You? What Do You Do? What are you going to talk about? Where are you presenting from? (Moz Space, your house, space) Will you be sharing your screen? (yes/no, other info) Links to slides or images you want displayed on screen Link to where audience can find out more information
Diane Tate Program Manager Announcing the first-ever MDN Fellows! Mozilla San Francisco no n/a https://blog.mozilla.org/community/2015/05/14/mdnfellowsannouncement/
Andrea Wood dir. of digital advocacy + fundraising Update on US surveillance reform campaign remote – Oakland, CA, USA yes Link to slides in PDF This week is critical, please use+share https://call.mozilla.org/

Welcome!

Let’s say hello to some new Mozillians! If you are not able to join the meeting live, you can add a link to a short video introducing yourself.

Introducing New Volunteers

New Volunteer Introduced by Speaker location New Volunteer location Will be working on
Who is the new volunteer? Who will be introducing that person? Where is the introducer? Where will the new person be contributing from? What will the new person be working on?

Introducing New Hires

New Hire Introduced by Speaker location New Hire location Will be working on
Who is the new hire Who will be introducing that person? Where is the introducer? Where will the new person be working from? What will the new person be working on?
Jason Crain Sylvie Veilleux Mountain View Mountain View IT Service Operations Excellence

Introducing New Interns

New Intern Introduced by Speaker location New Hire location Will be working on
Nihanth Subramanya Drew Willcoxon Mountain View Mountain View Firefox Desktop
Alexis Beingessner Aaron Turon Mountain View San Francisco Research
Gabriel Luong Nick Fitzgerald Mountain View San Francisco Dev tools
Bernardo Rittmeyer Matthew Noorenberghe Mountain View Mountain View Firefox Desktop
Francesco Polizzi Christopher More Mountain View Mountain View Growth Hacker
Julian Hector Guillaume Destuynder Mountain View San Francisco Firefox OS (Security)
Edouard Oger Chris Karlof Mountain View San Francisco Firefox Accounts
Peter Elmers Erik Rose Mountain View Mountain View DXR Eng.
Miles Crabill Wes Dawson Mountain View Mountain View Cloud Services
Spenser Bauman Shuyu Guo Mountain View San Francisco Research
Kyle Zentner Daniel Holbert Mountain View San Francisco Platform: Layout
Karim Benhmida Chenxia Liu Mountain View San Francisco Firefox Mobile

<meta>

Notes and non-voice status updates that aren’t part of the live meeting go here.

Status Updates By Team (*non-voice* updates)

Automation & Tools
bugzilla.mozilla.org

Notable changes to bugzilla.mozilla.org during the last week:

  • bug 751862 You are no longer able to request a review from someone who hasn’t logged in to Bugzilla within the last 60 days

All changes.

Engagement

  • Dial-in: conference# 8600
    • US/Toll-free: +1 800 707 2533, (pin 369) Conf# 8600
    • US/California/Mountain View: +1 650 903 0800, x92 Conf# 8600
    • US/California/San Francisco: +1 415 762 5700, x92 Conf# 8600
    • US/Oregon/Portland: +1 971 544 8000, x92 Conf# 8600
    • CA/British Columbia/Vancouver: +1 778 785 1540, x92 Conf# 8600
    • CA/Ontario/Toronto: +1 416 848 3114, x92 Conf# 8600
    • UK/London: +44 (0)207 855 3000, x92 Conf# 8600
    • FR/Paris: +33 1 44 79 34 80, x92 Conf# 8600

Mozilla L10NFirefox L10n Report (Aurora 40)

Hello localizers!

Thank you all for your great work with Firefox 38 and 39. Here’s an outline of what is currently in Aurora this cycle (40) and what we accomplished together last cycle:

This cycle (Fx40) — 11 May – 29 June

Key dates:
– Beta (39) sign-offs for new locales must be completed by 9 June.
– Beta (39) sign offs for already shipping locales must be completed before 16 June.
– Aurora (40) sign offs must be completed before 29 June.
– Firefox 39 released 12 May.
– Firefox 38.0.5 (Northern Spring Release) releases 2 June.

Remember that the schedule for the next few cycles is going to be odd. Here are the basics:
– May 11 – June 29 — This cycle will be 7 weeks in order to catch up to the regular schedule after cutting the Fx38 in Aurora cycle short by one week.

Features:
– Approximately 239 new string changes landed in Firefox Aurora desktop and 35 for Fennec Aurora exclusively (unshared).
– 40% of desktop string changes are related to devtools. 13% are related to e10s and add-ons. 9% are related to Firefox Hello and 10% are related to new tabs and new prefs. Please see https://wiki.mozilla.org/Features/Release_Tracking#Likely_in_Firefox_40 for more info.
– 2 devtools files, (gcli.properties and gclicommands.properties) were moved from browser (browser/locales/en-US/chrome/browser/devtools) to toolkit (toolkit/locales/en-US/chrome/global/devtools). Tools like Pootle will automatically detect this change; if you’re localizing directly on Mercurial, you should move the files using ‘hg mv’. Feel free to ask more information on the mailing list or IRC (#l10n) if you need any help.
– 50% of the Fennec strings changes are related to tab queue management. ~30% are related to doorhangers firstrun, and onboarding, and prefs. ~20% are related to tab queues. 37% are obsolete strings that need to be removed from your repo.
– In addition to Firefox and Fennec, Firefox for iOS will launch it’s first version after the Northern Spring Release. I’m hoping to have more information about this next week.

Notes:
Please remember that sign offs are a critical piece to the cycle and mean that you approve and can vouch for the work you’re submitting for shipment. For the 38 Northern Spring Release sign-offs, Axel and I made the decision to accept sign-offs for locales who had spent a long time trying to come up-to-date but have struggled to complete translation for all necessary parts. Our rationale was that it was better for a new user to receive the most up-to-date localization, even if that localization is only 80% localized, rather than a localization of Firefox that was 65% localized. If anyone has questions about this, please feel free to find Axel and I.

Last cycle — 30 March – 11 May

Noteworthy events:
82% of all locales shipped Firefox 38 on desktop updates on time. Congratulations to everyone who signed off and shipped this last cycle! This is a stunning 11% increase in locale coverage between Firefox 37 and Firefox 38! Hooray!
87% of all locales shipped Fennec 38 on time. Congratulations to everyone who signed off and shipped this last cycle! This is a stunning 12% increase in locale coverage between Fennec 37 and Fennec 38! Hooray!
– The Azerbaijani [az] team launched their first localizations of Fennec with Fennec 38. Please reach out to them with your congratulations!
– The Persian [fa] team launched their first complete localization update of Firefox desktop in nearly two years with Firefox 38. Please reach out to them with your congratulations! Here’s to many more Persian localizations of Firefox!

Thank you to everyone for all of your dedication and hard work this last sprint. As always, if you note anything missing in these reports, please let me know.

The Mozilla BlogOpen Web Device Compliance Review Board Certifies First Handsets

Announcement Marks Key Point in Development of Open Source Mobile Ecosystem

San Francisco, Calif. – May 18, 2015: – The Open Web Device Compliance Review Board (CRB), in conjunction with its members ALCATEL ONE TOUCH, Deutsche Telekom, Mozilla, Qualcomm Technologies, Inc., and Telefónica, has announced the first handsets to be certified by the CRB. The CRB is an independently operated organization designed to promote the success of the open Web device ecosystem by encouraging API compliance as well as ensuring competitive performance.

The two devices are the Alcatel ONETOUCH Fire C and the Alcatel ONETOUCH Fire E. ALCATEL ONETOUCH has also authorized a CRB lab.

The certification process involves OEMs applying to the CRB for their device to be certified. CRB’s authorized labs test the device for open web APIs and key performance benchmarks. CRB’s subject matter experts review the results and validate against CRB stipulated benchmarks with a reference device to ensure compatibility and performance across key use cases. The two ALCATEL ONETOUCH devices passed the CRB authorized test lab procedure and met all CRB certification requirements.

The process is open to all device vendors whether they are a member of CRB or not. The CRB website will publish the process for applying for certification for their devices.

CRB certification testing will be conducted by industry labs authorized by the CRB, with each submission expected to be completed within approximately three days. The CRB offers a platform for the rest of the industry to request certification.

“As an initial founding member of the CRB, we are pleased to know that the Board has achieved one of its major objectives in certifying Firefox OS devices on a standard set of Web APIs and performance metrics,” said Jason Bremner, Senior Vice President of Product Management, Qualcomm Technologies, Inc. “We expect other companies will also certify, improving their product development cycle time while ensuring a compelling user experience and compliance to standard Web APIs.”

“As one of the partners of the CRB and owners of these certified devices, ALCATEL ONETOUCH is excited to witness the solid progress and achievements made by all members,” said Alain Lejeune, Senior Vice President, ALCATEL ONETOUCH. “In the coming year, ALCATEL ONETOUCH will continue to contribute to the CRB and establishment of the Firefox OS ecosystem. This news is not only an honor for us but will inspire more Firefox OS partners to strive for certification.”

“In the last three years Mozilla has proven with Firefox OS that open Web technology is a strong, viable platform for mobile,” said Andreas Gal, Chief Technology Officer, Mozilla. “Certification by the CRB provides a launch pad for those who complete to prove that their device offers a consistent and excellent experience for users, reducing time and cost to qualify across operators and markets. Today’s announcement paves the way for other device makers to reach this milestone.”

“TELEFÓNICA supports the opportunities that an open Web ecosystem delivers to mobile consumers,” said Francisco Montalvo, Head of Group Devices Unit at TELEFÓNICA S.A.. “Having CRB as a product certification scheme helps all the partners guarantee that rich Web content is delivered to certified devices with the right level of quality. We are glad to collaborate on this effort.”

“Deutsche Telekom is pleased to be a close partner with Mozilla, Qualcomm, Telefonica, and ALCATEL ONETOUCH among others in the development of the Firefox OS,” said Louis Schreier, Vice President of Telekom Innovation Laboratories’ Silicon Valley Innovation Center. “As one of the founding members of the CRB, our goal in focusing on API compliance and performance is to establish a uniform set of requirements, test and acceptance criteria, enabling uniform and independent testing by accredited labs.”

For more information about the Open Web Device Compliance Review Board, please visit https://openwebdevice.org.

About the Open Web Device Compliance Review Board
The Open Web Device Compliance Review Board (CRB) is an independently operated organization designed to promote the success of the open Web device ecosystem. It is a partnership between operators, device OEMs, silicon vendors and test solution providers to define and evolve a process to encourage API compatibility and competitive performance for devices. Standards are based on Mozilla’s principles of user privacy and control.

Media Contact:
press@mozilla.com

hacks.mozilla.orgLet’s get charged: Updates to the Battery Status API

Web APIs provide a way for Open Web Apps to access device hardware, data and sensors through JavaScript, and open the doors to a number of possibilities especially for mobile devices, TVs, interactive kiosks, and Internet of Things (IoT) applications.

Knowing the battery status of a device can be useful in a number of situations or use cases. Here are some examples:

  • Utility apps that collect statistics on battery usage or simply inform the user if the device is charged enough to play a game, watch a movie, or browse the Web.
  • High-quality apps that optimize battery consumption: for example, an email client may check the server for new email less frequently if the device is low on battery.
  • A word processor could save changes automatically before the battery runs out in order to prevent data loss.
  • A system checking if an interactive kiosk or TV installed in a showroom of an event is charging or if something wrong happened with the cables
  • A module that checks the battery status of a drone in order to make it come back to the base before it runs out of power.

This article looks at a standardized way to manage energy consumption: The Battery Status API.

The Battery Status API

Open Web Apps can retrieve battery status information thanks to the Battery Status API, a W3C Recommendation supported by Firefox since version 16. The API is also supported by Firefox OS, and recently by Chrome, Opera, and the Android browser, so now it can be used in production across many major platforms.

Also, the W3C Recommendation has recently been improved, introducing Promise Objects, and the ability to handle multiple batteries installed on the same device.

At the time of writing, this W3C update has not yet been implemented by Firefox: please check the following bugs for implementation updates or in case you want to contribute to Gecko development:

  • [1050749] Expose BatteryManager via getBattery() returning a Promise instead of a synchronous accessor (navigator.battery)
  • [1050752] BatteryManager: specify the behavior when a host device has more than one battery

Below we will look at using the Battery Status API in an instant messaging app running on Firefox OS and all the browsers that currently support the API.

Demo: Low Energy Messenger

Low Energy Messenger is an instant messaging demo app that pays close attention to battery status. The app has been built with HTML + CSS + Javascript (no libraries) and uses static data. It does not include web services running on the Internet, but includes real integration with the Battery Status API and has a realistic look & feel.

You’ll find a working demo of Low Energy Messenger, along with the demo code on Github, and an >MDN article called Retrieving Battery status information that explains the code step-by-step.

Low Energy Messenger

Low Energy Messenger has the following features:

  • A battery status bar, containing battery status information.
  • A chat section, containing all the messages received or sent.
  • An action bar, containing a text field, a button to send a message, a button to take a photo, and a button to install the app on Firefox OS
  • In order to preserve battery life when the power level is low, the app doesn’t allow users to take photos when the device is running out of battery.

The visual representation of the battery, in the app’s status bar, changes depending on the charge level. For example:

13% Discharging: 0:23 remaining
40% Discharging: 1:19 remaining
92% Charging: 0:16 until full

Low Energy Messenger includes a module called EnergyManager.js that uses the Battery Status API to get the information displayed above and perform checks.

The battery object, of type BatteryManager, is provided by the navigator.getBattery method, using Promises, or by the deprecated navigator.battery property, part of a previous W3C specification and currently used by Firefox and Firefox OS. As mentioned above, follow this bug for implementation updates or if you want to contribute to Gecko development.

The EnergyManager.js module eliminates this difference in API implementation in the following way:

/* EnergyManager.js */
 init: function(callback) {
     var _self = this;
    /* Initialize the battery object */
    if (navigator.getBattery) {
       navigator.getBattery().then(function(battery) {
           _self.battery = battery;
           callback();
       });
    } else if (navigator.battery || navigator.mozBattery) { // deprecated battery objects
        _self.battery = navigator.battery || navigator.mozBattery;
        callback();
    }
 }

The navigator.getBattery method returns a battery promise, which is resolved in a BatteryManager object providing events you can handle to monitor the battery status. The deprecated navigator.battery attribute returns the BatteryManager object directly; the implementation above checks for vendor prefixes as well, for even older, experimental, API implementations carried on by Mozilla in earlier stages of the specification.

Logging into the Web Console of a browser is a useful way to understand how the Battery Status API actually works:

/* EnergyManager.js */
 log: function(event) {
    if (event) {
        console.warn(event);
    }
    console.log('battery.level: ' + this.battery.level);
    console.log('battery.charging: ' + this.battery.charging);
    console.log('battery.chargingTime: ' + this.battery.chargingTime);
    console.log('battery.dischargingTime: ' + this.battery.dischargingTime);
 }

Here is how the logs appear on the Web Console:

Web Console

Every time an event (dischargingtimechange, levelchange, etc.) gets fired, the BatteryManager object provides updated values that can be used by the application for any purpose.

Conclusions

The Battery Status API is a standardized way to access the device hardware and is ready to be used in production, even if at the time of writing some compatibility checks still have to be performed on Firefox. Also, the W3C specification is generic enough to be used in different contexts, thus the API covers a good number of real-world use cases.

Air MozillaMozilla Weekly Project Meeting

Mozilla Weekly Project Meeting The Monday Project Meeting

Air MozillaFirefox OS web API's

Firefox OS web API's New cool web apis and their impact

Air MozillaFirefox OS Tricoder

Firefox OS Tricoder Reading device sensor data in JavaScript

WebmakerMaker Party is Right Around the Corner: July 15 – July 31!

Maker Party 2015 is less than two months away! The party starts on July 15 and runs to July 31. Each day, makers, mentors, and learners across the world will celebrate making and teaching by running events to create awesome things on the open Web.

9cc6d132-fa53-11e4-8f27-cda5596ebb2f

In 2014, Maker Party brought together almost 130,000 people who hosted more than 2,500 hands-on, community-run events across 86 countries. And they built some 44,000 projects — fun, funky, and useful apps, web pages, and games that made the Web a more exciting place. There were apps that allowed us to save kittens with code, and games that let us remix Pharrell Williams’ best dance moves.

We’re looking forward to doing the same thing this year: empowering people around the globe to become online inventors. We’ll share compelling, fun activities that allow participants of all skill levels to become creators of the Web. It will be 17 days of making, remixing, and sharing.

There’s more good news. When our two-week celebration winds down on July 31, we’ll keep the creativity and momentum rolling. July 31 will be the start of something equally inspiring: Mozilla Clubs, a new way for makers and mentors to get together regularly and make a difference. Mozilla Clubs can meet anywhere — a classroom, a library, a coffee shop, a living room. Members will teach and build the open Web together.

The Mozilla Club Curriculum helps people think critically about what they read on the Web, remix and write their own digital content, and participate online as citizens. You can learn to effectively research and search online by reading about the dreaded Kraken; understand web mechanics and how the Internet works by playing “Ping Kong”; and unpack the basics of coding with HTML puzzle boxes. Other activities teach open source principles, community participation, and how to remix content.

Help us get started now! First, head to https://teach.mozilla.org/events/resources/. We have resources to help make your party perfect. Whether it’s just you and a friend or a classroom of more than 50 makers, we can help from start to finish.

Next, spread the word. The more people participating, the better the party. Share this tweet with your friends and followers:

“Get ready to make cool stuff on the Web with @Mozilla’s global #MakerParty this July. Learn more: http://mzl.la/1PINLyT.”

And tell us all about your ideas and suggestions by tweeting @mozilla or by emailing makerparty@mozilla.org.

Mozilla Clubs will allow you to sustain the excitement and creativity of Maker Party events. But we need the help of educators, inventors and curious learners. So remember: start tweeting, start planning your event, and start thinking about forming your own Club. And start making.

Air MozillaOuiShare Labs Camp #3

OuiShare Labs Camp #3 OuiShare Labs Camp #3 is a participative conference dedicated to decentralization, IndieWeb, semantic web and open source community tools.

Mozilla Korea[업데이트]디지털 저작권 관리(DRM)와 Firefox

일 년전 HTML5 비디오 태그 상 영상 재생 시 디지털 저작권 관리(Digital Rights Management;이하 DRM)로 미디어를 보호하겠다고 알려드렸었지요. 저희의 사명과 다소 상충되는 DRM의 특성 때문에 사실 이는 쉽지 않은 결정이었습니다. 당시 설명드린 대로 프리미엄 비디오 컨텐츠의 접근을 위해 DRM을 제공하고 있습니다. DRM이 이상적인 해결방안이라고 생각하지 않지만 현재 컨텐츠에 관한 한 유일한 해결책이기에 사용하고 있습니다.

저희는 DRM으로 구성된 컨텐츠 재생 시 Adobe 사의 콘텐츠 복호 모듈(Content Decryption Module;이하 CDM)통합 프로그램을 포함하고 있습니다. 이는 Firefox를 설치하거나 업그레이드 한 뒤 처음으로 Adobe CDM을 사용하는 사이트에서 다운로드 될 것입니다. Netflix를 포함한 프리미엄 비디오 서비스들은 Firefox상에서 이러한 해결책을 테스트하고 있습니다.

DRM이 오픈소스가 아닌 ‘블랙박스’기술이기에 CDM 곁에 둘 보안 샌드박스 시스템을 고안했습니다.다른 브라우저들이 어떻게 ‘블랙박스’문제를 다루는지 모르지만, 샌드박스는 보안에 필요한 레이어를 제공합니다. 아울러 Firefox상 복제에서CDM을 제거하는 방법에 대해서도 소개 드렸었지요. 저희는 보안의 중요성과 이런 기술에 대한 소개가 블랙박스 타입의 통합에 부정적인 영향들을 줄일 수 있음을 믿습니다.

DRM/CDM  메세지

저희는 여러분 모두가 DRM을 원하는 것은 아님을 잘 알고 있습니다. 이에 Firefox설치시 기본 설정값으로 CDM다운로드없이 Firefox를 다운로드하는 소스를 따로 제공 하고 있습니다.

저희가 나눈 내용대로 DRM은 쉽지 않은 사안입니다. 저희는 여러분이 이를 이해 해주실 수 있기를 바라는 마음으로 DRM을 소개하는 가벼운 소개자료를 만들었습니다. 왜 일부 컨텐츠 제작자들이 이를 사용하는며 이것이 왜 쉽지 않은 사안인지 확인하실 수 있을 것입니다.

*역주              
1] Mozilla의 DRM에 대한 2014년 결정 내용과 소개      2] Mozilla의 결정에 대한 국내 기사 

Mozilla IndiaMarketplace Day

Marketplace Day, the first ever and one of its kind event which was totally based on Marketplace code-contribution happened on May 16th at Hyderabad Mozilla Community Space - Collab House. The event was not just tech but fun and entertain as well - In one word , Awesome \o/. We had a count of 16 Participants & 9 volunteers who joined the event. Both the participants and volunteers were curated based on their applications. We had a great Volunteers team and the participants also to volunteer fellow participants.
CFJJ4mFUsAAg3ZS
As per our Planned Agenda, We kicked off the event at 6:00 PM with introduction activity Catch the ball. All volunteers and participants introduced themselves in a very entertaining manner.
We also had one more ice-breaker sessions where every participant was supposed to pick one random participant from the attendees and  form a team. Then one person from each is supposed to teach something new to the other person in a given time of one minute, and then they changes roles for next one minute for vice-versa. This! This changed everything. The Participants started getting familiar to each other and Guess what?! After an hour  of this ice breaker, everyone were friends <3

IMG_1926Too much love, i know. Moving on, Later we briefed the participants about all the upcoming session as mentioned in agenda for the whole night. We were all set, our minds ready.We had only one goal in our heart – Eat, Code, Laugh, Repeat. 

The first per-requisite for the event was linux, we needed linux installed in everyone’s laptop. But unfortunately most of participants didn’t have it and that was the first big challege before us. It took us time to finish this part (where participants were very nicely helping  each others) and somehow we managed to start the event.

The main session got started by Ram explaining about Mozilla – Mission, projects, products and community. It followed by explaining Firefox OS & its Story to the participants. We also had some Firefox OS devices with us which were shown to participants. Last but not the least, We introduced the man of the hour, Heart of Firefox OS, Marketplace <3 and closed the first session for Dinner.
IMG_1953
Dinner  and Gossip | 9.30 PM.
Post dinner, we had a surprise for the participants.  A online video interaction session with  Amy Tsay, the Community manager for Firefox Marketplace project. It hyped the whole atmosphere, they were motivated and were ready to go. Thanks to Amy for joining us on Firefox Hello. :D
CFJQQaCUUAEWBT1After the video call,The night was spent on quick introductions on –

Bugzilla

  • Bugs lift-cycle, Different status and resolutions of bugs
  • Whiteboard & Flags
  • How to search bugs
  • About bugsahoy
  • Bugzilla etiquettes
  • Release cycle of Mozilla products (how and when are your changes pushed to production)
Git

  • This session was opened by one of participants, Ravi Teja (wow /). We were really honoured to have such awesome audience with us. He gave the basic knowledge of git to everyone. 
  • Since git is the most important part of such contributions, we set up a sample repository and asked everyone to make changes and submit pull requests. Many people got conflicts, and that was what we had it. So they learn about these things. We got 10 PRs on this repo, few of which had conflicts, which were resolved by participants themselves and finally merged. This was the another challenging part of the event where participants were finding it very touch to deal with the syncing remote branch with upstream branch.

IRC, Mailing list

We talked about how much IRC & mailing lists are helpful in open source world and gave some information about how to use these channels for communication. We had hands-on on #marketplaceday channel

Tick tick tick – This was 3 in Morning – People were feeling every energy less. This was the time to have some more ice-breakers :D This time we had Rule of seven and Ali baba and the 40 thieves. This was really fun and much more than enough to fill audience back with energy.

IMG_1941Marketplace Community

Before getting started with the code contribution to the marketplace project, we talked about all awesome work which the marketplace community do :) Here is the link of slides deck used for the event.

Setting up fireplace & docker

This was initially supposed to be a separate session, but you know what ? Till we reached here as part of the event flow, many of our awesome participants were already done with everything set up on their systems. They also faced many issues, but they fixed them  themselves. The best part was the collaboration of participants - Solving issues while setting environments like a Community. <3

Thanks to whole Marketplace engineers team for helping us in having the sample good-first-bugs ready for the event in prior. We shared this list of good-first-bugs with audience and they started working on them right away. ( Trust me, Too much of enthusiasm). Few of them search and found the bugs and they were already working on few of those bugs.

The participants all together worked on 15 bugs and submitted 11 pull requests during the event. They also filed 5 new bugs during the event. The event etherpad has all useful links and other information used during the event.

The clock hit 6 AM – we didn’t even realize – people were busy coding and submitting PRs. But we had to close the event, so we all gathered again in a circle. We asked all volunteers to share their experience about the event and the take-aways. This was really nice to hear from the audience about their awesome experience, and we were also very delighted to share with them the they were also the great audience !

IMG_1953We had lot of swags, and were happy to give them to the super awesome participants who did really great job whole night! Swags blew the minds of participants as it has that cute marktelplace pendrive as well (Thanks Amy for the pendrives). We ended the event with a many group picture in all crazy ways and went back to sleep :D

IMG_2079

Mozilla IndiaTake Aways of MozDeccan, The Mozilla Hyderabad Meetup 2015

Following up MozDeccan’s day 1 updates, here are updates from day 2 and take-aways of MozDeccan, the Mozilla Hyderabad local community meet-up 2015. On day 1, all active and core members of the local community were invited for planning road-map for 2015, with help of our past experience. The focus was on looking back at what we did till now, where we are today, framing goals for future & fine tuning the road-map.
IMG_1351Around 40 people enthusiastic about Mozilla joined us on the second day of the meet-up – MozDeccan. Many of them had good idea of the community, but few new faces were also there, who were quite new to the local community.

Vineel opened the event by introducing Mozilla Hyderabad to participants. Akshay Tiwari and Harsha Bandaru, continued the discussion by sharing the statistics of the community with everyone. This was a very proud moment for all of us. Seeing the achievement and awesome work done by the awesome community members in last year was indeed the most pleasant feeling indeed. During ice breaker sessions, all of us enjoyed the activities over hot topics like net neutrality & mobile phones usage.

IMG_1528Next we briefed about the functional areas to the participants and had interactive sessions on the same. These sessions were taken care of by the respective mentors. This made the audience select the areas which interests them and get more clarity about it.
IMG_1524Post lunch we had hands-on learning sessions for different functional areas. A big round of applause for Akshay, Harsha, Sai Charan and other volunteers who did a great job in handling the hands on sessions. And Indeed, a big round of applause for the whole community and the audience of the day. Find out more about the demos and tasks accomplished during these sessions on the etherpad.
IMG_1581The biggest take-away of the event was the mentors based functional areas groups. The audience selected the areas in which they want to contribute, and the mentors share the road of their functional area with the group members. As the take away, the mentors of the groups will do continuous follow up with the group members, we all group will do their best to achieve the goals we defined for 2015 at earliest. For example you can read about Bugzilla group’s goals and milestones in this blogpost. The event was closed with the take away, road maps, and the cheering faces :)

IMG_1597

Mozilla L10NMozilla l10n efforts to measure translation quality

Measuring translation quality is a shared priority

Part of what makes Mozilla projects so unique is the involvement of the community. Our community prides themselves on being experts on the Web, Mozilla, and all of Mozilla’s products. Thus, delivering high quality localizations of Mozilla products to users is not only a priority for the l10n-drivers, but one that is close to the community’s heart. For something that we all care deeply about, we have trouble collecting the required data to measure and benchmark translation quality within Mozilla.

Why do we need to measure translation quality?

It’s in Mozilla’s best interest to measure translation quality for three reasons:

  1. Our l10n community rocks and everyone outside of Mozilla needs to know it! Community-based translation, as a practice, is often underestimated. We have tons of anecdotes that illustrate how dedicated, skilled, and talented our community is at weaving together the perfect translations for Mozilla projects, but we can’t measure a cool story. We’re out to collect measurable data that demonstrates how awesome our l10n community is, in addition to the stories we know and love.
  2. Our l10n community rocks and everyone within Mozilla needs to know it! This information could help key decision-makers within Mozilla when making internal decisions that have an impact the direction of product development.
  3. Our l10n community rocks and our localizers themselves need to know it! Many of us who have attempted to bring new Mozillians into the l10n community often mention that l10n is a good place to learn, grow, and develop skills. Unfortunately, without accountability or a standard way of measuring and certifying an individual localizer’s growth, that promise becomes meaningless. Regularly gathering this data in intervals would allow the l10n-drivers to benchmark translation quality and make good on the promise that a localizer can show the world that they’re awesome through participating in Mozilla l10n.

Currently, Mozilla has no criteria-based framework for evaluating a localization/translation’s accuracy or quality. Determining how to evaluate translation quality is a very difficult task because language itself is very flexible and subjective. Critical to creating a successful framework for evaluating translation quality is including elements of a project’s scope as well as the most objective pieces of language, such as orthography, grammar, and corporate style guide. A translation quality assessment framework would need to be flexible, robust, interoperable, and easy for graders to use. Developing such a framework is difficult, but there are efforts from standards bodies working to solve that problem.

Evaluating the options

Pilot projects are a good way for us to determine the most appropriate standard and accompanying toolchain to use within the Mozilla l10n program. In June, we’ll be running another pilot project to assess the translation quality of new strings between Firefox OS 2.1 and Firefox OS 2.2 in Spanish using two different standards and their accompanying toolchains. We’ll collect data from each, analyze their efficiency in providing actionable feedback for localizers, and determine which standard and toolchain to begin implementing within the l10n program. If you are fluent in Spanish & English and would like to help evaluate Firefox OS 2.2 translations with this project, we would love for you to get involved! Visit us in #translation-quality on IRC. If you’re interested in other opportunities to help with translation quality assessment projects, stay tuned to the l10n blog for updates.

Air MozillaWebdev Beer and Tell: May 2015

Webdev Beer and Tell: May 2015 Once a month web developers across the Mozilla community get together (in person and virtually) to share what cool stuff we've been working on in...

hacks.mozilla.orgDiving into Rust for the first time

Rust programming languageRust is a new programming language which focuses on performance, parallelization, and memory safety. By building a language from scratch and incorporating elements from modern programming language design, the creators of Rust avoid a lot of “baggage” (backward-compatibility requirements) that traditional languages have to deal with. Instead, Rust is able to fuse the expressive syntax and flexibility of high-level languages with the unprecedented control and performance of a low-level language.

Choosing a programming language usually involves tradeoffs. While most modern high-level languages provide tools for safe concurrency and memory safety, they do this with added overhead (e.g. by using a GC), and tend to lack performance and fine-grained control.

To deal with these limitations, one has to resort to low-level languages. Without the safety nets of most high-level languages this can be fragile and error-prone. One suddenly has to deal with manual memory management, resource allocation, dangling pointers, etc. Creating software that can leverage the growing number of cores present in today’s devices is difficult — making sure said code works correctly is even harder.

So how does Rust incorporate the best of both worlds in one language? That’s what we’ll show you in this article. Rust 1.0.0 stable has just been released. The language already has a vibrant community, a growing ecosystem of crates (libraries) in its package manager, and developers harnessing its capabilities in a variety of projects. Even if you’ve never touched a lower-level language, it’s a perfect time for you to dive in!

The community has celebrated Rust's first stable release worldwide at 'Rust release parties'Rust t-shirts celebrate the release of Rust 1.0 worldwide.

Use cases for Rust today

So for systems hackers, Rust seems like a great choice, but how about those who are not familiar with low-level languages? Maybe the last time you heard the words “C” and “stack/heap allocation” was 10 years ago in CompSci 101 (or maybe never). Rust provides the performance typically seen only in low-level systems languages — but most of the time it certainly feels like a high-level language! Here are a few examples of how you can leverage Rust now in practical applications:

I want to hack on hardware/write Internet-of-Things applications

The IoT era and the expansion of the maker movement enables a real democratization of hardware projects. Whether it is the Raspberry Pi, Arduino, or one of the young titans like the BeagleBone or Tessel, you can choose from a slew of languages to code your hardware projects, including Python or JavaScript.

There are times, however, when the performance these languages offer is simply not adequate. At other times, the microcontroller hardware you are aiming for is not suited to the runtimes these languages require: slow chips with tiny memory reserves and ultra-low-power applications still require a close-to-the-metal language. Traditionally that language has been C — but as you might have guessed, Rust is the new kid on the block.

Rust supports a wide variety of exotic platforms. While some of this is still experimental, support includes generic ARM hardware, the Texas Instruments TIVA dev board, and even the Raspberry Pi. Some of the newest IoT boards like the Tessel 2 even come with official, out-of-the-box Rust support!

I’m operating high-performance computing applications that scale to multiple cores

Studies suggest Rust is already great for HPC (high-performance computing). You don’t even have to rewrite your whole application in Rust: its flexible Foreign Function Interface (FFI) provides efficient C bindings that let you expose and call Rust code without any noticable overhead. This allows you to rewrite your app module by module, slowly transitioning towards a better developer experience that will result in performance on par with the old code or better. You also get a more maintainable codebase with fewer errors, which scales better on a high number of cores.

I simply need something fast!

Rust is great for rewriting performance-sensitive parts of your application. It interfaces well with other languages via FFI and has a tiny runtime that competes with C and C++ in most cases, even when resources are limited.

Despite the work-in-progress nature of the language, there are already business-critical, live production applications that have been making good use of Rust for some time: Yehuda Katz’s startup, Skylight uses high-performance Rust code embedded in a ruby gem for data-crunching. The 1.0.0 stable release is also an important milestone in that no breaking changes should happen from now on. That makes it safe to recommend Rust for even the most demanding and robust applications!

Watch Yehuda Katz and Tom Dale talk about the basics of Rust programming and how they used Rust with Ruby in their app.

Getting started with Rust

There are many tutorials covering Rust in general, as well as specific aspects of the language. For example, the Rust blog has great articles on various facets of developing Rust applications. There are also excellent introductory talks such as Aaron Turon’s talk at Stanford University. He explains the main concepts and motivations behind Rust nicely, and the talk serves as the perfect appetizer, starting you on your journey:

Talks and tutorials are no substitute for writing code, right? Rust’s got you covered in that regard, too! The Rust Book was conceived to help you get started — from installation to that first Hello World to providing an in-depth reference for all the core language features.

Another resource worth mentioning is Rust by Example, which guides you through Rust’s key features, from the basics to the arcane powers of traits, macros, and the FFI. Rust By Example offers invaluable live-editable, in-browser examples with all of the articles. You don’t even have to download and compile Rust, as you can try (and edit) all of these examples from the comfort of your living room couch, just as they are. There is also a Rust Playpen for the exact same purpose.

Not that downloading and installing Rust is much trouble, anyway. Head to the Rust homepage and download the appropriate binary/installer there. The downloads contain all the tools you need to get started (like rustc, the compiler, or cargo the package manager), and are available pre-built for all platforms (Windows, Linux, and OSX).

What is it then, that makes Rust so unique, so different?

The Rust Way

Arguably it’s Rust’s unique ownership model that allows it to really shine — eliminating whole classes of errors related to threading and memory management, while easing development and debugging. It is also invaluable in keeping the language runtime minimal and the compiler output lean and performant.

The ownership model

The basic principle of Rust’s ownership model is that every resource can belong to one and only one “owner.” A “resource” can be anything — from a piece of memory to an open network socket to something more abstract like a mutex lock. The owner of said resource is responsible for using, possibly lending out the resource (to other users), and finally cleaning it up.

All this happens automatically, with the help of scopes and bindings: bindings either own or borrow values, and last till the end of their scope. As bindings go out of scope, they either give their borrowed resource back, or in case they were the owner, dispose of the resource.

What’s even better is that the checks required for the ownership model to work are executed and enforced by the Rust compiler and “borrow checker” during compilation, which in turn results in various benefits.

Zero-cost abstractions

Since the correct operation of a program is asserted at compilation time, code that compiles can generally be considered safe with regard to most common types of memory and concurrency errors (such as use-after-free bugs or data races). This is possible because Rust complains at compilation time if the programmer attempts to do something that violates the principles above, which in turn helps keep the language runtime minimal.
By deferring these checks till compilation time, there’s no need to perform them during runtime (code is already “safe”), and no runtime overhead. In the case of memory allocations, there is no need for runtime garbage collection, either. This — advanced language constructs with little to no runtime overhead — is the basic idea of “zero-cost abstractions.”

Though a thorough explanation of the ownership model is outside the scope of this article, the Rust Book (linked above) and various talks and articles excel in explaining its principles. The principles of ownership and the borrow checker are essential for understanding Rust, and are key to other powerful aspects of the language, like its handling of concurrency and parallelism.

Two birds, one language construct

Shared mutable state is the root of all evil. Most languages attempt to deal with this problem through the mutable part, but Rust deals with it by solving the shared part.
The Rust Book

Aside from memory safety, paralellism and concurrency are the second most important focus in Rust’s philosophy. It might seem surprising, but the ownership system (coupled with a few handy traits) also provides powerful tools for threading, synchronization, and concurrent data access.

When you try some of the built-in concurrency primitives and start digging deeper into the language, it may come as a surprise that those primitives are provided by the standard library, rather than being part of the language core itself. Thus, coming up with new ways to do concurrent programming is in the hands of library authors — rather than being hard-wired into Rust, restricted by the language creators’ future plans.

Performance or expressiveness? Choose both!

Thanks to its static type system, carefully selected features, and having no garbage collector, Rust compiles into performant and predictable code that’s on par with code written in traditional, low-level languages (such as C/C++).

By moving the various checks out of the runtime and getting rid of garbage collection, the resulting code mimics the performance characteristics of other low-level languages, while the language itself remains much more expressive. The (seemingly) high level constructs (strings, collections, higher order functions, etc.) mostly avoid the runtime performance hit commonly associated with them. Since the Rust compiler’s output is in the LLVM intermediate representation, the final machine code makes good use of the LLVM compiler’s cross-platform benefits and all additional (current and future) optimizations automatically.

We could go on for hours about how with Rust you never have to worry about closing sockets or freeing memory, how traits and macros give you incredible flexibility for overloading operators, or even working with Rust’s functional aspect, juggling iterators, closures and higher order functions. But we wouldn’t want to overwhelm you early on! Sooner or later you will come across these anyway — and it’s more fun to discover for yourself exactly how deep the rabbit hole is.

So now instead, let’s finally look at some code.

Say hello to Rust

Without further ado — your very first Rust code:

fn main() {
    println!("Hello, Rust!");
}

Open this snippet in the Online Rust Playpen >>

Wait, is that it? This may seem a bit anti-climactic, but there are only so many ways to write a Hello World in Rust. Bear with us while we share a slightly more complex example — and another timeless classic.

What’s all this Fizzbuzz about

We are going old-school with the FizzBuzz program! Fizzbuzz is an algorithm in which we count upwards for all eternity, replacing some of the numbers with fizz (for numbers evenly divisible by 3), buzz (for numbers divisible by 5), or fizzbuzz (divisible by both 3 and 5).

Also to show our point (and to help familiarize you with Rust’s semantics), we have included the C and Python versions of the same algorithm:

Imperative fizzbuzz – C version

#include 

int main(void)
{
    int num;
    for(num=1; num<101; ++num)
    {
        if( num%3 == 0 && num%5 == 0 ) {
            printf("fizzbuzz\n");
        } else if( num%3 == 0) {
            printf("fizz\n");
        } else if( num%5 == 0) {
            printf("buzz\n");
        } else {
            printf("%d\n",num);
        }
    }

    return 0;
}
Imperative fizzbuzz – Python version

for num in xrange(1,101):
    if num%3 == 0 and num%5 == 0:
        print "fizzbuzz"
    elif num%3 == 0:
        print "fizz"
    elif num%5 == 0:
        print "buzz"
    else:
        print num
Imperative fizzbuzz – Rust version

fn main() {
    for num in 1..101 { // Range notation!
        match (num%3, num%5) { // Pattern Matching FTW!
            (0, 0) => println!("fizzbuzz"),
            (0, _) => println!("fizz"),
            (_, 0) => println!("buzz"),
                 _ => println!("{}", num) 
        }
    }
}

Open this snippet in the Online Rust Playpen >>

Even on such a small snippet, some of Rust’s power starts to show. The most obvious difference might be that we are using pattern matching, instead of traditional if statements. We could use those, however match is a very useful addition to a Rustacean‘s arsenal.

The other thing to note is the range notation in the for-loop’s declaration (similar to its Python counterpart). It interesting, though, that in this case we could not have used a “traditional” C-like for loop instead — as it is by design unsupported in Rust. Traditional for loops are considered error-prone and are replaced with the safer and more flexible iterable concept.

Here’s a more elaborate look at what happens in the pattern-matching phase of our fizzbuzz example:

...
 
// For pattern matching, we build a tuple, containing
// the remainders for integer division of num by 3 and 5
match (num%3, num%5) {
    // When "num" is divisible by 3 AND 5 both
    // (both remainders are 0)
    // -> print the string "fizzbuzz"
    (0, 0) => println!("fizzbuzz"),

    // When "num" is divisible by 3 (the remainder is 0)
    // Is "num" divisible by 5? -> we don't care
    // -> print the string "fizz"
    (0, _) => println!("fizz"),

    // When "num" is divisible by 5 (the remainder is 0)
    // Is "num" divisible by 3? -> we don't care
    // -> print the string "buzz"
    (_, 0) => println!("buzz"),

    // In any other cases, just print num's value
    // Note, that matching must be exhaustive (that is,
    // cover all possible outcomes) - this is enforced
    // by the compiler!
         _ => pintln!("{}", num)
}
...

This is not the place to go deep on how pattern matching or destructuring work, or what tuples are. You’ll find excellent articles on these topics in the Rust Book, the Rust Blog, or over at Rust By Example, but we think it’s a great way to demonstrate the features and nuances that make Rust both powerful and effective.

How about some functional Fizzbuzz

To expand on the last example and demonstrate Rust’s true flexibility, in our second example we’ll crank our fizzbuzz up a notch! Rust calls itself multi-paradigm. We can put that to the test by rewriting our fizzbuzz example in functional style. To help put the code in perspective, we will also show the implementations in JavaScript (the ECMAScript 6 flavor), too:

Functional fizzbuzz – JavaScript (ES6) version

Array.from(Array(100).keys()).slice(1)
    .map((num) => {
        if (num%3 === 0 && num%5 === 0) {
            return "fizzbuzz";
        } else if (num%3 === 0) {
            return "fizz";
        } else if (num%5 === 0) {
            return "buzz";
        } else {
            return num;
        }
    })
    .map(output => console.log(output));
Functional fizzbuzz – Rust version

fn main() {
    (1..101)
        .map(|num| {
            match (num%3, num%5) { // Pattern Matching FTW!
                (0, 0) => "fizzbuzz".to_string(),
                (0, _) => "fizz".to_string(),
                (_, 0) => "buzz".to_string(),
                     _ => format!("{}", num) 
            }
        })
        .map(|output| { println!("{}", output); output })
        .collect::<Vec<_>>();
}

Open this snippet in the Online Rust Playpen >>

Not only can we mimic JavaScript’s functional style with closures and functional method calls, but thanks to Rust’s powerful pattern matching, we can even trump JavaScript’s expressiveness a bit.

Note: Rust’s iterators are lazy, so we actually need the .collect() call (which is called a consumer) for this to work — if you leave that out, none of the above code will execute. Check out the consumers section of the Rust Book to learn more.

Picking a project

You’re eager to dive into Rust and ready to start something cool. But what to build? You could start small—write a small app or a tiny library, and upload it to crates.io. People have created many exciting projects in Rust already — from pet *nix-like kernels to embedded hardware projects, from games to web server frameworks, proving that the only limit is your imagination.

If you want to start small, but contribute something useful while learning the intricacies of Rust programming, consider contributing to some of the projects already thriving on GitHub (or even the Rust compiler itself — which is also written in Rust).
Or, you could start by rewriting small parts of your production app, and experimenting with the results. Rust’s Foreign Function Interface (FFI) is intended as a drop-in replacement for C code. With minimal effort you could replace small parts of your application with Rust implementations of the same code. But interoperability doesn’t stop there — these C bindings work both ways. This means you can use all standard C libraries in your Rust apps — or (since many programming languages come with standard C interface libraries) make calls back-and-forth between Rust and Python, Ruby, or even Go!

Watch Dan Callahan’s talk “My Python’s a little Rust-y on how to hook up Rust with Python.

There are virtually no languages that don’t work with Rust: want to compile Rust to JavaScript or use inline assembly in your code? Yes, you can!

Now get out there and build something awesome.

Please don’t forget — Rust is not simply a programming language — it’s also a community. Should you ever feel stuck, don’t be shy to ask for help, either on the Forums or IRC. You could also share your thoughts and creations on the Rust Reddit.

Rust is already great — it’s people like you who are going to make it ever more awesome!

SUMO BlogWhat’s up with SUMO – 15th May

Hello there! Time for the latest updates from the world of SUMO. This week’s new arrivals Jamie_ argonaft1365 Abhishek Singh Kushwah If you joined us recently, don’t be shy and say “hi” in the forums! The latest SUMO Community meeting … Continue reading

The Mozilla BlogFirst Panasonic Smart TVs powered by Firefox OS Debut Worldwide

The first Panasonic VIERA Smart TVs powered by Firefox OS are now available in Europe and will be available worldwide in the coming months.Firefox OS Smart TV“Through our partnership with Mozilla and the openness and flexibility of Firefox OS, we have been able to create a more user friendly and customizable TV UI. This allows us to provide a better user experience for our consumers providing a differentiator in the Smart TV market,” said Masahiro Shinada, Director of the TV Business Division at Panasonic Corporation.

The Panasonic 2015 Smart TV lineup includes these models powered by Firefox OS: CR850, CR730, CX800, CX750, CX700 and CX680 (models vary by country).

“We’re happy to partner with Panasonic to bring the first Smart TVs powered by Firefox OS to the world,” said Andreas Gal, Mozilla CTO. “With Firefox and Firefox OS powered devices, users can enjoy a custom and connected Web experience and take their favorite content (apps, videos, photos, websites) across devices without being locked into one proprietary ecosystem or brand.”

Panasonic Smart TVs powered by Firefox OS are optimized for HTML5 to provide strong performance of Web apps and come with a new intuitive and customizable user interface which allows quick access to favorite channels, apps, websites and content on other devices. Through Mozilla-pioneered WebAPIs, developers can leverage the flexibility of the Web to create customized and innovative apps and experiences across connected devices.

Firefox OS is the first truly open mobile platform built entirely on Web technologies, bringing more choice and control to users, developers, operators and hardware manufacturers.

Meeting NotesChannel: 2015-05-14

Attendees

lmandel, blizzard, jorge, fabio, rrayborn, hwine, kairo, elan, roland

Schedule Update

  • Firefox ESR 38.0.1 may ship today
    • need to rebuild for bug 1162055 (build 2), build starting in 5 mins
  • Fennec 38.0.1 may gtb today
  • 38.0.5b2 gtb today – just need to find time for a few more approval requests

Add-ons

  • State of in-content preferences for add-on compat was very confusing (bug 718011, bug 738797, and others).

Stability

Aurora / Dev Edition

  • this is 40
  • bug 1163900 is pretty large in 40 data, ~10% of crashes, needs to be fixed before we turn on updates.
  • bug 1160148 is a startup crash that we also need fixed before opening updates.
  • bug 1163735 is also pretty high.

Beta

  • this is for 38.0.5
  • Overall rate: 1.45 (target <1.4)

Release

  • bug 1154703 – startup crash in layers::CompositorD3D11::Initialize – the fix we had done before had a typo, we needed 38.0.1 for that.

Mobile

  • bug 1163814 is a blocker for turning on Android Aurora updates.
  • bug 1163841 was new with 38.0b10 and fix should ship to release and beta users, mostly startup crash when hardware acceleration is not available

RelEng

  • m-i issues (actually a dev services action)
  • head’s up: long TCW May 23 8-12h

Special Topics

Post-Mortem (Tues 2wks from GA Release)


Channel Meeting Details

Video/Teleconference Details – NEW

  • 650-903-0800 or 650-215-1282 x92 Conf# 99951 (US/INTL)
  • 1-800-707-2533 (pin 369) Conf# 99951 (US)
  • Vidyo Room: ReleaseCoordination
  • Vidyo Guest URL

hacks.mozilla.orgES6 In Depth: Template strings

ES6 In Depth is a series on new features being added to the JavaScript programming language in the 6th Edition of the ECMAScript standard, ES6 for short.

Last week I promised a change of pace. After iterators and generators, we would tackle something easy, I said. Something that won’t melt your brain, I said. We’ll see whether I can keep that promise in the end.

For now, let’s start with something simple.

Backtick basics

ES6 introduces a new kind of string literal syntax called template strings. They look like ordinary strings, except using the backtick character ` rather than the usual quote marks ' or ". In the simplest case, they really are just strings:

context.fillText(`Ceci n'est pas une chaîne.`, x, y);

But there’s a reason these are called “template strings” and not “boring plain old strings that don’t do anything special, only with backticks”. Template strings bring simple string interpolation to JavaScript. That is, they’re a nice-looking, convenient way to plug JavaScript values into a string.

There are one million ways to use this, but the one that warms my heart is the humble error message:

function authorize(user, action) {
  if (!user.hasPrivilege(action)) {
    throw new Error(
      `User ${user.name} is not authorized to do ${action}.`);
  }
}

In this example, ${user.name} and ${action} are called template substitutions. JavaScript will plug the values user.name and action into the resulting string. This could generate a message like User jorendorff is not authorized to do hockey. (Which is true. I don’t have a hockey license.)

So far, this is just a slightly nicer syntax for the + operator, and the details are what you would expect:

  • The code in a template substitution can be any JavaScript expression, so function calls, arithmetic, and so on are allowed. (If you really want to, you can even nest a template string inside another template string, which I call template inception.)

  • If either value is not a string, it’ll be converted to a string using the usual rules. For example, if action is an object, its .toString() method will be called.

  • If you need to write a backtick inside a template string, you must escape it with a backslash: `\`` is the same as "`".

  • Likewise, if you need to include the two characters ${ in a template string, I don’t want to know what you’re up to, but you can escape either character with a backslash: `write \${ or $\{`.

Unlike ordinary strings, template strings can cover multiple lines:

$("#warning").html(`
  <h1>Watch out!</h1>
  <p>Unauthorized hockeying can result in penalties
  of up to ${maxPenalty} minutes.</p>
`);

All whitespace in the template string, including newlines and indentation, is included verbatim in the output.

OK. Because of my promise last week, I feel responsible for your brain health. So a quick warning: it starts getting a little intense from here. You can stop reading now, maybe go have a cup of coffee and enjoy your intact, unmelted brain. Seriously, there’s no shame in turning back. Did Lopes Gonçalves exhaustively explore the entire Southern Hemisphere after proving that ships can cross the equator without being crushed by sea monsters or falling off the edge of the earth? No. He turned back, went home, and had a nice lunch. You like lunch, right?

Backtick the future

Let’s talk about a few things template strings don’t do.

  • They don’t automatically escape special characters for you. To avoid cross-site scripting vulnerabilities, you’ll still have to treat untrusted data with care, just as if you were concatenating ordinary strings.

  • It’s not obvious how they would interact with an internationalization library (a library for helping your code speak different languages to different users). Template strings don’t handle language-specific formatting of numbers and dates, much less plurals.

  • They aren’t a replacement for template libraries, like Mustache or Nunjucks.

    Template strings don’t have any built-in syntax for looping—building the rows of an HTML table from an array, for example—or even conditionals. (Yes, you could use template inception for this, but to me it seems like the sort of thing you’d do as a joke.)

ES6 provides one more twist on template strings that gives JS developers and library designers the power to address these limitations and more. The feature is called tagged templates.

The syntax for tagged templates is simple. They’re just template strings with an extra tag before the opening backtick. For our first example, the tag will be SaferHTML, and we’re going to use this tag to try to address the first limitation listed above: automatically escaping special characters.

Note that SaferHTML is not something provided by the ES6 standard library. We’re going to implement it ourselves below.

var message =
  SaferHTML`<p>${bonk.sender} has sent you a bonk.</p>`;

The tag here is the single identifier SaferHTML, but a tag can also be a property, like SaferHTML.escape, or even a method call, like SaferHTML.escape({unicodeControlCharacters: false}). (To be precise, any ES6 MemberExpression or CallExpression can serve as a tag.)

We saw that untagged template strings are shorthand for simple string concatenation. Tagged templates are shorthand for something else entirely: a function call.

The code above is equivalent to:

var message =
  SaferHTML(templateData, bonk.sender);

where templateData is an immutable array of all the string parts of the template, created for us by the JS engine. Here the array would have two elements, because there are two string parts in the tagged template, separated by a substitution. So templateData will be like Object.freeze(["<p>", " has sent you a bonk.</p>"].

(There is actually one more property present on templateData. We won’t use it in this article, but I’ll mention it for completeness: templateData.raw is another array containing all the string parts in the tagged template, but this time exactly as they looked in the source code—with escape sequences like \n left intact, rather than being turned into newlines and so on. The standard tag String.raw uses these raw strings.)

This gives the SaferHTML function free rein to interpret both the string and the substitutions in a million possible ways.

Before reading on, maybe you’d like to try to puzzle out just what SaferHTML should do, and then try your hand at implementing it. After all, it’s just a function. You can test your work in the Firefox developer console.

Here is one possible answer (also available as a gist).

function SaferHTML(templateData) {
  var s = templateData[0];
  for (var i = 1; i < arguments.length; i++) {
    var arg = String(arguments[i]);

    // Escape special characters in the substitution.
    s += arg.replace(/&/g, "&amp;")
            .replace(/</g, "&lt;")
            .replace(/>/g, "&gt;");

    // Don't escape special characters in the template.
    s += templateData[i];
  }
  return s;
}

With this definition, the tagged template SaferHTML`<p>${bonk.sender} has sent you a bonk.</p>` might expand to the string "<p>ES6&lt;3er has sent you a bonk.</p>". Your users are safe even if a maliciously named user, like Hacker Steve <script>alert('xss');</script>, sends them a bonk. Whatever that means.

(Incidentally, if the way that function uses the arguments object strikes you as a bit clunky, drop by next week. There’s another new feature in ES6 that I think you’ll like.)

A single example isn’t enough to illustrate the flexibility of tagged templates. Let’s revisit our earlier list of template string limitations to see what else you could do.

  • Template strings don’t auto-escape special characters. But as we’ve seen, with tagged templates, you can fix that problem yourself with a tag.

    In fact, you can do a lot better than that.

    From a security perspective, my SaferHTML function is pretty weak. Different places in HTML have different special characters that need to be escaped in different ways; SaferHTML does not escape them all. But with some effort, you could write a much smarter SaferHTML function that actually parses the bits of HTML in the strings in templateData, so that it knows which substitutions are in plain HTML; which ones are inside element attributes, and thus need to escape ' and "; which ones are in URL query strings, and thus need URL-escaping rather than HTML-escaping; and so on. It could perform just the right escaping for each substitution.

    Does this sound far-fetched because HTML parsing is slow? Fortunately, the string parts of a tagged template do not change when the template is evaluated again. SaferHTML could cache the results of all this parsing, to speed up later calls. (The cache could be a WeakMap, another ES6 feature that we’ll discuss in a future post.)

  • Template strings don’t have built-in internationalization features. But with tags, we could add them. A blog post by Jack Hsu shows what the first steps down that road might look like. Just one example, as a teaser:

    i18n`Hello ${name}, you have ${amount}:c(CAD) in your bank account.`
    // => Hallo Bob, Sie haben 1.234,56 $CA auf Ihrem Bankkonto.
    

    Note how in this example, name and amount are JavaScript, but there’s a different bit of unfamiliar code, that :c(CAD), which Jack places in the string part of the template. JavaScript is of course handled by the JavaScript engine; the string parts are handled by Jack’s i18n tag. Users would learn from the i18n documentation that :c(CAD) means amount is an amount of currency, denominated in Canadian dollars.

    This is what tagged templates are about.

  • Template strings are no replacement for Mustache and Nunjucks, partly because they don’t have built-in syntax for loops or conditionals. But now we’re starting to see how you would go about fixing this, right? If JS doesn’t provide the feature, write a tag that provides it.

    // Purely hypothetical template language based on
    // ES6 tagged templates.
    var libraryHtml = hashTemplate`
      <ul>
        #for book in ${myBooks}
          <li><i>#{book.title}</i> by #{book.author}</li>
        #end
      </ul>
    `;
    

The flexibility doesn’t stop there. Note that the arguments to a tag function are not automatically converted to strings. They can be anything. The same goes for the return value. Tagged templates are not even necessarily strings! You could use custom tags to create regular expressions, DOM trees, images, promises representing whole asynchronous processes, JS data structures, GL shaders...

Tagged templates invite library designers to create powerful domain-specific languages. These languages might look nothing like JS, but they can still embed in JS seamlessly and interact intelligently with the rest of the language. Offhand, I can’t think of anything quite like it in any other language. I don’t know where this feature will take us. The possibilities are exciting.

When can I start using this?

On the server, ES6 template strings are supported in io.js today.

In browsers, Firefox 34+ supports template strings. They were implemented by Guptha Rajagopal as an intern project last summer. Template strings are also supported in Chrome 41+, but not in IE or Safari. For now, you’ll need to use Babel or Traceur if you want to use template strings on the web. You can also use them right now in TypeScript!

Wait—what about Markdown?

Hmm?

Oh. ...Good question.

(This section isn’t really about JavaScript. If you don’t use Markdown, you can skip it.)

With template strings, both Markdown and JavaScript now use the ` character to mean something special. In fact, in Markdown, it’s the delimiter for code snippets in the middle of inline text.

This brings up a bit of a problem! If you write this in a Markdown document:

To display a message, write `alert(`hello world!`)`.

it’ll be displayed like this:

To display a message, write alert(hello world!).

Note that there are no backticks in the output. Markdown interpreted all four backticks as code delimiters and replaced them with HTML tags.

To avoid this, we turn to a little-known feature that’s been in Markdown from the beginning: you can use multiple backticks as code delimiters, like this:

To display a message, write ``alert(`hello world!`)``.

This Gist has the details, and it’s written in Markdown so you can look at the source.

Up next

Next week, we’ll look at two features that programmers have enjoyed in other languages for decades: one for people who like to avoid an argument where possible, and one for people who like to have lots of arguments. I’m talking about function arguments, of course. Both features are really for all of us.

We’ll see these features through the eyes of the person who implemented them in Firefox. So please join us next week, as guest author Benjamin Peterson presents ES6 default parameters and rest parameters in depth.

Meeting NotesMobile: 2015-05-13

Schedule

Topics for This Week

- Major stumbler bug https://bugzilla.mozilla.org/show_bug.cgi?id=1164468. Pinging release drivers to see if we can get it to a 38 point release.

Tracking Review

Beta

  • Next Build:
ID Summary Status Assigned to Last change time
1051556 crash in java.lang.IllegalArgumentException: invalid selection notification range at org.mozilla.gecko.GeckoEditable.onSelectionChange(GeckoEditable.java) ASSIGNED Eugen Sawin [:esawin] (esawin) 2015-04-15T16:09:34Z
1148391 Tapping the bottom of the screen will make the reader mode toolbar bounce up and down NEW :Margaret Leibovic (margaret.leibovic) 2015-05-04T16:06:10Z
1154732 Google search home screen shortcut displays blank page when opened NEW Mark Finkle (:mfinkle) (mark.finkle) 2015-05-07T06:10:10Z
1155597 Quick share icons are too big in quick share context menu (Gingerbread) NEW Michael Comella (:mcomella) (michael.l.comella) 2015-04-29T16:51:23Z
1159049 x86 Android is sent the OpenH264 plugin for ARM Android NEW Chris AtLee [:catlee] (catlee) 2015-05-06T16:34:43Z


5 Total;
5 Open (100%);
0 Resolved (0%);
0 Verified (0%);

Aurora

  • Next Build:
ID Summary Status Assigned to Last change time
1010068 Disable OCSP for DV certificates in Firefox for Android NEW Brad Lassey [:blassey] (use needinfo?) (blassey.bugs) 2015-04-17T21:48:34Z
1016555 Disable OCSP checking for certificates covered by OneCRL ASSIGNED David Keeler [:keeler] (use needinfo?) (dkeeler) 2015-04-09T17:17:52Z
1047127 Panning very stuttery on this page with overflow-x NEW Danilo Cesar Lemes de Paula (danilo.eu) 2015-04-01T16:44:34Z
1084456 Enable MSE for MP4 on Jelly Bean+ NEW James Willcox (:snorp) (jwillcox@mozilla.com) (snorp) 2015-05-13T22:57:30Z
1093815 Use AndroidPlatformDecoder for standalone MP3 on Android ASSIGNED Eugen Sawin [:esawin] (esawin) 2015-05-13T13:17:56Z
1129614 Regression: Sometimes thumbnails in the tabs drawer are not updated, they expire ASSIGNED Mark Finkle (:mfinkle) (mark.finkle) 2015-05-06T17:03:33Z
1132508 Last tab is cut off in tab tray after rotation REOPENED Martyn Haigh (:mhaigh) (mhaigh) 2015-05-04T09:27:23Z
1150284 [Browser] Unable to zoom in/out on Google Maps NEW Robert O’Callahan (:roc) (Mozilla Corporation) (roc) 2015-05-12T15:51:26Z


8 Total;
8 Open (100%);
0 Resolved (0%);
0 Verified (0%);

Nightly

  • Next Build:
ID Summary Status Assigned to Last change time
1126244 Create a maximum reader mode cache size and evict records when necessary ASSIGNED Vivek Balakrishnan[:vivek] (vivekb.balakrishnan) 2015-04-30T17:08:28Z
1153087 If tap “play” on a YouTube video in a Private Browsing tab, the external Android YouTube app is launched, dropping any pretense of privacy NEW 2015-05-13T17:26:31Z


2 Total;
2 Open (100%);
0 Resolved (0%);
0 Verified (0%);

Friends of the Mobile Team

Give a shoutout/thanks to people for helping fix and test bugs. Make sure friends also get awarded a badge. New contributors are highlighted in bold.

Android

  • Tomas Flek fixed bug 1127139 – BounceAnimator incorrectly overrides start
  • Clayton Bodendein fixed bug 1159904 – Fix syntax error in Reader.js.
  • Giorgos fixed bug 1155579 – Allow multiple countries per snippet
  • Nathan Toone fixed bug 1161195 – Don’t hard-code class names in AppConstants.java.in and AndroidManifest.xml
  • Vivek fixed bug 1162254 – default icon for entries in about:passwords list

iOS

  • dusek fixed bug 1161324 – Aural feedback with VoiceOver needed when loading a webpage

Stand ups

Suggested format:

  • What did you do last week?
  • What are working on this week?
  • Anything blocking you?

Please keep your update to under 2 minutes!

James W. (snorp)

Bugs 1141693, 1084456, 1163841

JChen

  • Looked at small startup/pageload optimizations
  • Looked at click-to-play for images
Fixed
Working on

GCP

<Read Only>

  • Last week
    • WebRTC video sandboxing: lots of small fixes
    • WebRTC video sandboxing: investigating try failures
    • Set up a Mac
    • Fried a Mac
  • Next week
    • More of the same I fear

Randall Barker

Last Week:

  • Worked on bug 659285. Trying to get video to show errors and play button when autoplay has been blocked by pref media.autoplay.enabled=false. Code seems to work but still trying to fix test breakages.

Next Week:

  • Continue on bug 659285
  • Examine start up performance.
  • Land patch for: bug 1159830. After patch lands, will need to set a preference (consoleservice.logcat) to see gecko console in logcat for release builds.

Eugen Sawin

  • MP3 demuxer (bug 1093815, bug 1153731)
    • Improved MP3 seeking stability
    • Landed MP3 demuxer and tests
    • Next: improve seeking performance
  • Uplifts
    • bug 1158131 – Retrieving update URL pref from Gecko causes pref URL to be dereferenced as a complex pref, resulting in an HTTP request
  • Blocked on
    • Gecko profiler add-on crashing when retrieving profile (jemalloc.c#4711)

Brian Nicholson

WesJ

  • bug 1153300 – Consider returning user to an about:home tab after closing last tab. Patch up for review.
  • bug 1134532 – Pages can lock the urlbar from scrolling on screen. Working through some comments.
  • bug 1147071 – Use encrypted database storage for passwords. Working through some comments.
  • Some snackbar cleanup – bug 1151432 – Hide snackbars when switching tabs and bug 1162315 – Cleanup snackbar constraints

liuche

Highlights:

  • “Select Login” fallback UI in review

Present:

Past:

Margaret

Highlights:

  • Making sure add-ons work in distributions
  • Investigating options for bundling home panel images in distribution add-ons
  • New home panel API for specifying default panel

Past:

Present:

mcomella

  • Making search engine bar stick
  • Misc. bugs that make us a better part of the Android ecosystem (intent:// URIs & Browser.EXTRA_APPLICATION_ID)

Past:

Present:

rnewman

  • Sync and Push meetings.
  • Partner work is breeding.
  • Reworking iOS history to support Sync. Thanks to Nick for vetting design yesterday.
  • Reviews, meetings, et al.
Fixed
Working on

nalexander

  • mach package-frontend is unusable due to some time-stamp issues that lead to terrible binary incompatibilities. Thanks to vivek for reporting this issue first! I have the fixes in hand and additional review comments to address so expect movement early next week.
  • Partners: working on --with-android-distribution-directory, which opens a can of build system worms: bug 1163082
  • Partners: working on integration with third-party identity services
  • Android: started investigating FxA sign-in over the web: bug androidwebfxa
  • iOS: nada.

Martyn Haigh

Past:

  • Working with antlam to spec up settings & private mode revamps

Present:

Stefan

iOS: Still working through the tracking+ bugs. Current focus: Bringing the Send To extension up to date. Reading View fixes. Also started to connect to the WebKit team. New iOS build coming today.

Steph

Last week

  • bug 1135814 – Content should not be under the bottom toolbar
  • bug 1147157 – position:fixed elements break layout on orientation change
  • bug 1161071 – Improve location bar and toolbar scrolling
  • bug 1162936 – Settings and “+” buttons in tab view are not relocated vertically when switching between landscape and portrait mode

Working On

  • bug 1135814 – Content should not be under the bottom toolbar
  • bug 1133564 – Google Maps interaction problem
  • bug 1162736 – Bottom toolbar briefly disappears after navigating away from about:home
  • bug 1163695 Improve tab tray animations to match UX mocks

Ally

  • may be late, previous meeting running over
  • getting new FHR probes unstuck (see previous meeting)
  • passwords research offsites
  • holy doorhanger review batman!
  • other bugs
    • 1139232 Door hanger shows up in the tab over view (landed safely on aurora)
    • 1065004 (Q2) Provide an option to always open tabs in Private Browsing
    • 1145858 Rename FirstrunPane to be less confusing
    • 1139553 Black overlay for doorhanger background
    • 1162930 The welcome page doesn’t scroll and isn’t fully readable in the portrait orientation

BLassey

Fixed
Working on

MFinkle

Fixed
Working on

Antlam

  • Upcoming
    • Other partners stuff
    • Search next-steps
    • First Run next-steps
    • Continue with everything above
    • bug 1153389: Private browsing UI clean up

Robin

iOS

  • Rework device icons to match new icon style
  • Update CSS for Reader View to match spec
  • V2 mocks

Android

  • Revisiting kidfox ideas
  • bug 1163219 Default search engine not visible if suggestions are enabled
  • bug 1094262 (ios) Implement the Send To Extension UI
  • bug 1162629 Sync Tabs Panel needs a ‘no tabs’ state
  • bug 1147453 need an indication saying an article has been added to my list when I long-press the Reader View icon in the URL bar
  • bug 1160756 Reader View maximum text size insufficient
  • bug 1162539 Unable to scroll to top in landscape orientation
  • bug 1097620 (ios) formalize ‘send to device’ terminology
  • bug 1164067 Find in Page (android)
  • bug 1160604 Advertise privacy coach add-on in privacy settings page
  • bug 1143156 Advertise Firefox Account sign up/state in Synced Tabs panel

QA

Feature Focus


Details

  • Wednesdays – 9:30am Pacific, 12:30pm Eastern, 16:30 UTC
  • Dial-in: conference# 99998
    • US/Toll-free: +1 800 707 2533, (pin 369) Conf# 99998
    • US/California/Mountain View: +1 650 903 0800, x92 Conf# 99998
    • US/California/San Francisco: +1 415 762 5700, x92 Conf# 99998
    • US/Oregon/Portland: +1 971 544 8000, x92 Conf# 99998
    • CA/British Columbia/Vancouver: +1 778 785 1540, x92 Conf# 99998
    • CA/Ontario/Toronto: +1 416 848 3114, x92 Conf# 99998
    • UK/London: +44 (0)207 855 3000, x92 Conf# 99998
    • FR/Paris: +33 1 44 79 34 80, x92 Conf# 99998
  • irc.mozilla.org #mobile for backchannel
  • Mobile Vidyo Room

Meeting NotesFirefox/Gecko Delivery Planning: 2015-05-13

Schedule & Progress onUpcoming Releases (Lawrence)

<read only>

  • Tuesday releases
    • Firefox 38.0 desktop and mobile
    • Firefox ESR 38.0 and 31.7.0
    • Firefox 38.0.5b1
  • Firefox 38.0.1 – coming this week to fix stability issues reported in both desktop and mobile
  • Firefox 38.0.5b2 gtb Thursday, expected release Friday (may be impacted by the 38.0.1 release)

Developer Tools (Jeff)

  • <Read Only>
  • uplift has passed, but we expect a number of Aurora Branch uplifts in the next few weeks. All strings should be in.
  • we fixed 75 user-facing bugs since 2015-04-07.
  • current e10s plan is to default off, but prompt on update for users to test. There are currently known performance problems but also known performance improvements. ¯\_(ツ)_/¯

Feedback Summary (Cheng/Tyler/Matt)

Desktop

Gearing up for Firefox 38 feedback. We’re not seeing much yet, but we expect that to change as we ramp up unthrottling.


Planning Meeting Details

  • Wednesdays – 11:00am PT, 18:00 UTC
  • Mountain View Offices: Warp Core Conference Room
  • Toronto Offices: Finch Conference Room
  • irc.mozilla.org #planning for backchannel
  • (the developer meeting takes place on Tuesdays)

Video/Teleconference Details – NEW

about:communityAnnouncing the MDN Fellows!

The Mozilla Developer Network (MDN) is one of the most frequently used resources for web developers for all things documentation and code. This year we’re making the rich content on MDN available to even more people. We’re developing beginning learning materials as well as a template (which we’re calling “Content Kits”) to make preparing presentations on web topics much easier.

As part of this effort, we also launched the MDN Fellowship last quarter. This is a 7-week pilot contribution program for advanced web developers to expand their expertise through curriculum development on MDN. MDN Fellows are experts that will continue to grow their skills and impact by teaching others about web technologies. Specifically, the Fellows will be developing  Content Kits, a collection of resources about specific topics related to web development to empower technical topic presenters.

After a lengthy process where we solicited applications and involved reviewers from across Mozilla, we’re delighted to announce our inaugural MDN Fellowship Fellows! Here they are in their own words – feel free to Tweet them a congratulations!

Steve Kinney, Curriculum Fellow (Colorado, U.S.A.) – @stevekinney

I am an instructor at the Turing School of Software and Design in Denver, Colorado, where I teach open web technologies. Prior to Turing, I hailed from the great state of New Jersey and was a New York City public school teacher for seven years, where I taught special education, science, and — eventually — JavaScript to students in high-need schools in Manhattan, Brooklyn, and Queens. I have a master’s degree in special education. I’ve spoken at EmberConf and RailsConf, and will be speaking at JSConf US at the end of the month. In my copious free time, I teach classes on web development with Girl Develop It.

István “Flaki” Szmozsánszky, Service Workers Fellow (Budapest, Hungary) – @slsoftworks

I’ve been following Service Workers’ journey since before it was cool  as a web developer and longtime contributor to Mozilla. Known as “Flaki” in the community, I’ve been evangelizing new technologies to make the Open Web a first-class citizen. As Service Workers seemingly play a key role in this battle, there is no better place to do this than at Mozilla, the most adamant proponent of the Open Web. During my Fellowship I hope to further previous work on MDN’s offline support, while helping in the explorations into Firefox OS’s reimagined new architecture.

Ben Boyle, Test The Web Forward Fellow (Upper Caboolture, Australia) – @bboyle

I’m a front-end developer from Australia, making websites since 1998 primarily for the Queensland Government. Lots of forms, templates and QA. I also mentor front-end web development students at Thinkful. I got interested in automated quality control using custom stylesheets and scripts in Opera, then YUItest, then inspired by ThoughtWorks developers on a project when they introduced selenium and automated acceptance tests in the browser. I’m excited to be helping Test The Web Forward as an opportunity to both learn and share. Because everything runs off browser. Love the latest front-end frameworks? They don’t exist without web standards. I cannot sufficiently appreciate the work so many people have done creating a solid foundation for everything we (as web developers) often take for granted. I am really glad to have this chance to give back!

Vignesh Shanmugam, Web App Performance Fellow (Bangalore, India) – @_vigneshh

I’m a Web Developer from India focused on building the Web Performance platform at Flipkart, one of Asia’s leading e-commerce sites. I am also responsible for advocating front-end engineering best practises, developing tools that help identify performance bottlenecks, and analyzing metrics. I am an Open Source contributor with a deep research background in front-end performance and am happy to be a part of the MDN Fellowship program to contribute to MDN’s Web App Performance curriculum.

Greg Tatum, WebGL Fellow (Oklahoma, U.S.A) – @tatumcreative

My background is in contemporary sculpture, aquarium exhibit design, marketing, animation, and web development: in short, it is all over the place :)  But the central guiding principle behind my work is to find the middle ground between the technical and creative, and explore it to see what emerges. I am a Senior Web Developer at Cubic, a Tulsa, Oklahoma-based creative branding agency where I help create rich experiences for tourism and destinations. I applied for the MDN Fellowship because I’m passionate about the open web and inspired by the possibilities of using 3D for new, richer experiences online with the potential reach that WebGL can have. I really enjoy helping to build the creative coding community and hope to make it even easier for more people to get involved with my own passion of exploring creative code.

WebmakerApril 2015 Board Presentation

What’s happening at the Mozilla Foundation? This post contains the presentation slides from the April 2015 Board Meeting, plus an audio guide from Executive Director Mark Surman.