So, so tired of the "hot take" that having a single browser engine implementation is good, and there is no value to having multiple implementations of a standard. I have a little story to tell about this.
In the late 90s, I worked for a company called Vectiv. There isn't much info on the web (the name has been used by other companies in the meantime), this old press release is one of the few I can find.
Vectiv was a web-based service for commercial real estate departments doing site selection. This was pretty revolutionary at the time, as the state-of-the-art for most of these was to buy a bunch of paper maps and put them up on the walls, using push-pins to keep track of current and possible store locations.
The story of Vectiv is interesting on its own, but the relevant bit to this story is that it was written for and tested exclusively in IE 5.5 for Windows, as was the style at the time. The once-dominant Netscape browser had plummeted to negligible market share, and was struggling to rewrite Netscape 6 to be based on the open-source Mozilla Suite.
Around this time, Apple was starting to have a resurgence. Steve Jobs had returned, and the candy-colored iMac was proving to be successful. Apple was planning to launch official stores, and the head of their real estate department was a board member of Vectiv, so we managed to land our first deal - a pilot project with Apple's nascent real estate department.
We picked up a few iMacs around the office for testing, and immediately hit a snag - Steve had ordered that everyone in the company, real estate dept included, has to use the new Mac OS X. The iMacs that the dept used (and that we tested on) were pretty slow, but serviceable. The real snag was that our product didn't really work on IE for Mac. Like, at all. Pages wouldn't load, and the browser would consistently crash on certain pages.
This was before Safari and its Webkit engine, We started debugging and rewriting bits of the product, and simultaneously talking to Microsoft about our problems. They were responsive, and hopeful the upcoming update would fix some of our problems. Sadly, there were to be no further updates for IE 5 for Mac.
I was something on a Unix fanboy at the time, and had been using early releases of Mozilla Suite on my Solaris workstation, so I knew that our product basically worked with some rough edges (mostly minor things like CSS, with a few less trivial problems around divergent web standards.)
Long story short, our QA manager and myself visited Apple's real estate and test folks, and we settled on using Mozilla 0.6 for the pilot, and corresponding Netscape 6 when it was released (I think we ended up using Netscape 7.1, which I recall being a lot more usable, being based on Mozilla 1.4)
Vectiv had other clients like Dollartree and Quiznos, but getting over that initial pilot hurdle was key to proving that our product worked and had backing from a known brand. Vectiv was VC backed and like many startups caught up in the dot-com crash ran out of runway, although the product was sold and did live on. I did a few consulting gigs setting up local installs for the remaining clients.
Most people reading this probably know the rest of the story - IE stagnated, AOL pulled the plug on Netscape, and Mozilla Suite was reborn as the Firefox browser. With MS moving to Google Chrome's Blink browser engine, Mozilla Firefox's Gecko engine along with Apple Safari's Webkit are the only independent implementations of the various web standards.
(Blink is technically a fork of Webkit, but IE and Netscape were ultimately forks of NCSA Mosaic, I think it's fair to call it independent at this point.)
To be clear: having multiple browser engines didn't ultimately save Vectiv, but Firefox did open the door for Safari and Chrome, as Firefox's Firebug (the predecessor of today's integrated devtools) enticed web developers enough that they made their sites more standards-compliant just so they could have access to nice devtools.
It's easy for me to write a nice narrative of the past, complete with the moral of the story. The future isn't totally certain, but it's clear that the web will continue to play a large role in the world. Let's not (again) back ourselves into a corner and cede all meaningful control over that future.
The GPG key used to sign the Firefox release manifests is expiring soon, and so we’re going to be switching over to new key shortly.
The new GPG subkey’s fingerprint is 097B 3130 77AE 62A0 2F84 DA4D F1A6 668F BB7D 572E, and it expires 2021-05-29.
The public key can be fetched from KEY files from Firefox 68 beta releases, or from below. This can be used to validate existing releases signed with the current key, or future releases signed with the new key.
The GPG key used to sign the Firefox release manifests is expiring soon, and so we're going to be switching over to new key shortly.
The new GPG subkey's fingerprint is 097B 3130 77AE 62A0 2F84 DA4D F1A6 668F BB7D 572E, and it expires 2021-05-29.
The public key can be fetched from
KEY
files from Firefox 68 beta releases, or from below. This can be used to validate
existing releases signed with the current key, or future releases signed with
the new key.
In Firefox 68, we are introducing a new API and some enhancements to webRequest and private browsing. We’ve also fixed a few issues in order to improve compatibility and resolve issues developers were having with Firefox.
Captivating Add-ons
At airports and cafés you may have seen Firefox asking you to log in to the network before you can access the internet. In Firefox 68, you can make use of this information in an extension. The new captive portal API will assist you in making sure your add-on works gracefully when locked behind a captive portal.
For example, you could hold off your requests until network access is available again. If you have been using other techniques for detecting captive portals, we encourage you to switch to this API so your extension uses the same logic as Firefox.
Here is an example of how to use this API:
(async function(){// The current portal state, one of `unknown`, `not_captive`, `unlocked_portal`, `locked_portal`.let state = await browser.captivePortal.getState();// Get the duration since the captive portal state was last checkedlet lastChecked = await browser.captivePortal.getLastChecked();
console.log(`The captive portal has been ${state} since at least ${lastChecked} milliseconds`);
browser.captivePortal.onStateChanged.addListener((details)=>{
console.log("Captive portal state is: "+ details.state);});
browser.captivePortal.onConnectivityAvailable.addListener((status)=>{// status can be "captive" in an (unlocked) captive portal, or "clear" if we are in the open
console.log("Internet connectivity is available: "+ status);});})();
Note: if you use this API, be sure to add the captivePortal permission to your manifest.
Private and contained
We’ve made a few additions to the webRequest API to better support private browsing mode. You can now limit your webRequests to only include requests from private browsing mode. If instead you are interested in both types of requests it is now possible to differentiate them in the webRequest listener.
To improve the integration of containers, we’ve also added the container ID (cookieStoreId) to the webRequest listener.
Proxy new and proxy old
The two additional fields mentioned in the previous section are also available in the details object passed to the proxy.onRequest listener.
At the same time, we’d like to make you aware that we are deprecating the proxy.register, proxy.unregister and proxy.onProxyError APIs. As an alternative, you can use the proxy.onRequest API to determine how requests will be handled, and proxy.onError to handle failures. If your extension is using these APIs you will see a warning in the console. These APIs will ultimately be removed in Firefox 71, to be released on December 10th, 2019.
Timing is everything
We’ve changed the timing of tabs.duplicate for better compatibility with Chrome. The promise is now resolved immediately, before the duplicated tab finished loading. If you have been relying on this promise for a completed duplicated tab in Firefox, please adjust your code and make use of the tabs.onUpdated listener.
Miscellaneous
Since extensions cannot add bookmarks to the root folder, we’ve improved the error message you get when you try.
If you’ve been trying to remove indexedDB data via browser.browsingData.remove({}, { indexedDB: true }); and it failed in some cases, we’ve fixed this on our end now.
Removing cookies for IPv6 addresses has been fixed.
Fixes an issue when setting cookies with an IP address in the domain field, along with the url field being set.
Hard-to-debug performance issues using webRequest.onBeforeRequest with requestBody during large uploads have been solved.
We’ve had a great amount of support from the community. I’d like to thank everyone who has taken part, but especially our volunteer contributors Jan Henning, Myeongjun Go, Oriol Brufau, Mélanie Chauvel, violet.bugreport and Piro. If you are interested in contributing to the WebExtensions ecosystem, please take a look at our wiki.
Socorro is the crash ingestion
pipeline for Mozilla's products like Firefox. When Firefox crashes, the crash
reporter collects data about the crash, generates a crash report, and submits
that report to Socorro. Socorro saves the crash report, processes it, and
provides an interface for aggregating, searching, and looking at crash reports.
This blog post summarizes Socorro activities in May.
We are excited to announce the launch of the “What’s your idea for a Firefox extension for promoting credible content?”, a competition sponsored by Mozilla and posted to MindSumo, the world’s largest crowdsourcing community of Millennial and GenZ solvers. The goal of the competition is to create an extension (or other browser technology solution) to help internet users identify credible voices and credible sources of information online.
The Problems Plaguing the Internet of Today
Imagine the internet that is a place where meaningful and credible content is easily found. A place where everyone feels safe, empowered, and accurately informed.
Is this the internet we’re having today? Unfortunately, not. Today’s internet is unsavory mix of intrusive advertising, misinformation, and toxic social media full of offensive language, harassment, and harmful content. The problems plaguing the web are magnified by the economy that benefits from engagement of the most extreme and attention-grabbing material. Instead of improving a civil, informed online discourse, the internet of today is degrading it.
Solutions to the internet problems exist. Interestingly enough, they are owned by the large tech companies that allowed the problems grow and fester. However, the tech giants are reluctant to implement these solutions because doing so may negatively affect their bottom lines.
Mozilla is a recognized leader in the field of online Privacy & Security. Our commitment to the open and human internet anchored in the Mozilla Manifesto is solidified by our unwavering desire to put people before profits. This commitment was on display again recently with Mozilla’s launch of Enhanced Tracking Protection that blocks third-party tracking cookies by default.
Removing “Bad” Content or Promoting a Quality One?
Ensuring safe internet browsing is only part of Mozilla’s efforts to protect its users; equally important is fighting online harassment. Two general approaches can be considered here. The first is to design online tools to remove or filter “bad” content. However, serious doubts have been expressed whether this approach is technically feasible at all. Besides, this approach is also threatening free expression and the open internet ecosystem.
Instead of asking how we can filter hateful and misleading content, we’re asking: How can browser technology amplify credible and quality content and conversations?
As part of this new paradigm, we’ve launched a crowdsourcing challenge to identify approaches to using Firefox extensions or other browser technology solutions to find and promote credible sources of information online. (For a primer to technological approaches to access credibility online, see this report.)
How to Participate
The challenge was posted to the MindSumo platform, the world’s largest crowdsourcing community of Millennial and GenZ solvers. The competition will run until July 7 and the submitted proposals will be evaluated by the members of Mozilla’s Privacy & Security and Product Management teams. Up to $1,600 in prizes will be awarded to the best proposals.
The challenge is open to everyone (except for Mozilla employees and their families), and we especially encourage members of Mozilla’s communities to take part in it.
Consider the fox. It’s known for being quick, clever, and untamed — attributes easily applied to its mythical cousin, the “Firefox” of browser fame. Well, Firefox has another trait not found in earthly foxes: stretchiness. (Just look how it circumnavigates the globe.) That fabled flexibility now enables Firefox to adapt once again to a changing environment.
The “Firefox” you’ve always known as a browser is stretching to cover a family of products and services united by putting you and your privacy first. Firefox is a browser AND an encrypted service to send huge files. It’s an easy way to protect your passwords on every device AND an early warning if your email has been part of a data breach. Safe, private, eye-opening. That’s just the beginning of the new Firefox family.
Now Firefox has a new look to support its evolving product line. Today we’re introducing the Firefox parent brand — an icon representing the entire family of products. When you see it, it’s your invitation to join Firefox and gain access to everything we have to offer. That includes the famous Firefox Browser icon for desktop and mobile, and even that icon is getting an update to be rolled out this fall.
Here’s a peek behind the curtain of how the new brand look was born:
Design beyond identity.
This update is about more than logos. The Firefox design system includes everything we need to make product and web experiences today and long into the future.
A new color palette that expands the range of possibilities and makes distinctive gradients possible.
A new shape system derived from the geometry of the product logos that makes beautiful background patterns, spot illustrations, motion graphics and pictograms.
A modern typeface for product marks with a rounded feel that echoes our icons.
An emphasis on accessible color and type standards to make the brand open to everyone. Button colors signal common actions within products and web experiences.
Meaning beyond design.
Privacy is woven into every Firefox brand experience. With each release, our products will continue to add features that protect you and alert you to risks. Unlike Big Tech companies that claim to offer privacy but still use you and your data, with us you know where you stand. Everything Firefox is backed by our Personal Data Promise: Take Less, Keep It Safe, No Secrets.
The brand system is built on four pillars, present in everything we make and do:
Radical.It’s a radical act to be optimistic about the future of the internet. It’s a radical act to serve others before ourselves. We disrupt the status quo because it’s the right thing to do.
Kind. We want what’s best for the internet and for the world. So we lead by example. Build better products. Start conversations, Partner, collaborate, educate and inform. Our empathy extends to everybody.
Open. Open-minded. Open-hearted. Open source. An open book. We make transparency and a global perspective integral to our brand, speaking many languages and striving to reflect all vantage points.
Opinionated. Our products prove that we are driven by strong convictions. Now we’re giving voice to our point of view. While others can speak only to settings, we ground everything in our ethos.
The end of the beginning
The Firefox brand exploration began more than 18 months ago, and along the way we tapped into many talents. Michael Johnson of Johnson Banks provided early inspiration while working on the Mozilla brand identity. Jon Hicks, the designer behind the original Firefox browser logo, was full of breathtaking design and wise advice. Michael Chu of Ramotion was the driving force behind the new parent brand and system icons.
We worked across internal brand, marketing, and product teams to reach a consistent brand system for our users. Three members of our cross-org team have since moved on to new adventures: Madhava Enros, Yuliya Gorlovetsky, and Vince Joy. Along with Mozilla team members Liza Ruzer, Stephen Horlander, Natalie Linden, and Sean Martell, they formed the core working team.
Finally, we’re grateful to everyone who has commented on this blog with your passionate opinions, critiques, words of encouragement, and unique points of view.
Tell us. We can take it.
As a living brand, Firefox will never be done. It will continue to evolve as we change and the world changes around us. We have to stretch our brand guidelines even further in the months ahead, so we’re interested in hearing your reaction to what we’ve done so far. Feel free to let us know in the comments below. Thanks for being with us on this journey, and please stay tuned for more.
Last year, in a React side-project, I had to replace some content in a string with HTML markup. That is not a trivial thing to do with React, as you can't just put HTML as string in your content, unless you want to use dangerouslySetInnerHtml — which I don't. So, I hacked a little code to smartly split my string into an array of sub-strings and DOM elements.
More recently, while working on Translate.Next — the rewrite of Pontoon's translate page to React — I stumbled upon the same problem. After looking around the Web for a tool that would solve it, and coming up short handed, I decided to write my own and make it a library.
Introducing react-content-marker v1.0
react-content-marker is a library for React to mark content in a string based on rules. These rules can be simple strings or regular expressions. Let's look at an example.
Say you have a blob of text, and you want to make the numbers in that text more visible, for example by making them bold.
const content = 'The fellowship had 4 Hobbits but only 1 Dwarf.';
Matching numbers can be done with a simple regex: /(\d+)/. If we turn that into a parser:
const parser = {
rule: /(\d+)/,
tag: x => <strong>{ x }</strong>,
};
We can now use that parser to create a content marker, and use it to enhance our content:
The first thing to note is that you can pass any number of parsers to the createMarker function, and they will all be called in turn. The order of the parsers is very important though, because content that has already been marked will not be parsed again. Let's look at another example.
Say you have a rule that matches content between brackets: /({.*})/, and a rule that matches content between brackets that contain only capital letters: /({[A-W]+})/. Now let's say you are marking this content: I have {CATCOUNT} cats. Whichever rule you passed first will match the content between brackets, and the second rule will not apply. You thus need to make sure that your rules are ordered so that the most important ones come first. Generally, that means you want to have the more specific rules first.
The reason why this happens is that, behind the scene, the matched content is turned into a DOM element, and parsers ignore non-string content. With the previous example, the initial string, I have {CATCOUNT} cats, would be turned into ['I have ', <mark>{CATCOUNT}</mark>, ' cats'] after the first parser is called. The second one then only looks at 'I have ' and ' cats', which do not match.
Using regex
The second important thing to know relates to regex. You might have noticed that I put parentheses in my examples above: they are required for the algorithm to capture content. But that also gives you more flexibility: you can use a regex that matches some content that you do not want to mark. Let's say you want to match only the name of someone who's being greeted, with this rule: /hello (\w+)/i. Applying it to Hello Adrian will only mark the Adrian part of that content.
Sometimes, however, you need to use more complex regex that include several groups of parentheses. When that's the case, by default react-content-marker will mark the content of the last non-null capturing group. In such cases, you can add a matchIndex number to your parser: that index will be used to select the capture group to mark.
Here's a simple example:
const parser = {
rule: /(hello (world|folks))/i,
tag: x => <b>{ x }</b>,
};
Applying this rule to Hello World will show: Hello World. If we want to, instead, make the whole match bold, we'll have to use matchIndex:
const parser = {
rule: /(hello (world|folks))/i,
matchIndex: 0,
tag: x => <b>{ x }</b>,
};
Now our entire string will correctly be made bold: Hello World.
Advanced example
If you're interested in looking at an advanced usage example of this library, I recommend you check out how we use in Pontoon, Mozilla's localization platform. We have a long list of parsers there, and they have a lot of edge-cases.
Installation and stuff
react-content-marker is available on npm, so you can easily install it with your favorite javascript package manager:
npm install -D react-content-marker
# or
yarn add react-content-marker
The code is released under the BSD 3-Clause License, and is available on github. If you hit any problems with it, or have a use case that is not covered, please file an issue. And of course, you are always welcome to contribute a patch!
I hope this is useful to someone out there. It has been for me at least, on Pontoon and on several React-based side-projects. I like how flexible it is, and I believe it does more than any other similar tools I could find around the Web.
We are happy to let you know that Friday, June 14th we are organizing Firefox 68 Beta 10 Testday. We’ll be focusing our testing on: Sync & Firefox Account and Browser notifications & prompts.
Check out the detailed instructions via this etherpad.
No previous testing experience is required, so feel free to join us on #qa IRC channel where our moderators will offer you guidance and answer your questions.
On the one year anniversary of the Federal Communications Commission’s repeal of net neutrality, Mozilla is joining millions of people across the internet to once again stand up to protect the open internet.
When the FCC gutted net neutrality protections last year, we filed our lawsuit because we believed that repeal was unlawful. We also believed taking on the FCC was the right thing to do for the future of the internet and everyone who uses it.
Until the Senate listens to the American people and protects the open Internet, Mozilla v. FCC continues to be net neutrality’s best hope.
But it’s time our Senators do what they were elected to do – represent their constituents, and pass net neutrality legislation that has overwhelming support and protects Americans. With a victory in the courts, or bipartisan legislation, we can ensure that people – and not big cable and telephone companies – get to choose what they see and do online.
Hello and welcome to another issue of This Week in Rust!
Rust is a systems language pursuing the trifecta: safety, concurrency, and speed.
This is a weekly summary of its progress and community.
Want something mentioned? Tweet us at @ThisWeekInRust or send us a pull request.
Want to get involved? We love contributions.
This Week in Rust is openly developed on GitHub.
If you find any errors in this week's issue, please submit a PR.
This week's crate is uom, Units of measurement is a crate that does automatic type-safe zero-cost dimensional analysis. Thanks to ehsanmok for the suggestion!
Always wanted to contribute to open-source projects but didn't know where to start?
Every week we highlight some tasks from the Rust community for you to pick and get started!
Some of these tasks may also have mentors available, visit the task page for more information.
If you are running a Rust event please add it to the calendar to get
it mentioned here. Please remember to add a link to the event too.
Email the Rust Community Team for access.
The new Pocket Newtab is on track for 68 with performance parity
Slight regression with our usage of -webkit-line-clamp (thanks heycam for platform implementation!) and fixing with requestAnimationFrame (thanks performance best practices doc)
We’ve made some progress on migrating our build process into Firefox / making it easier to develop on Activity Stream features
Final release waiting on localizers to translate strings
Future Lockwise work will happen in tree as part of the Firefox Password Manager
Removing this Lockwise item after this meeting
Developer Tools
Layout Tools
Inactive CSS landed! It’s currently only ON by default in nightly (since 68) but will ship to everyone with Firefox 69. Bug 1306054. We will be adding a larger collection of warnings very soon too, to warn users about more tricky CSS cases.
This tooltip shows a CSS property that has no effect on the current element in the Inspector, and explains why.
Expandable CSS warnings also landed (shipping with 68). This allows jumping directly from a CSS warning displayed in the console to a node in the inspector when the warning occurred inside a CSS rule. Bug 1093953.
Now errors can expand and collapse, and link directly to any nodes they’re associated with.
CSS Grid level 2 (subgrid) is close to shipping in Firefox. We’re getting the tooling for it ready in Firefox 69 so it’s easy to see the relationship between a grid and a subgrid.
We’re continuing to prototype on WebCompat awareness tools. Our latest prototype is an addon that displays CSS compatibility information about a page from the Firefox toolbar. It now allows to jump from a warning into the Style Editor, and to open other browsers where issues occur. GitHub repo for the addon
This WebExtension helps bring attention to any detected web compatibility issues on the page. Handy!
We’re also focusing on fixing the last few remaining issues preventing to support the <meta viewport> tag in RDM, and therefore simulate mobile devices better.
Console
We now have borders between messages to make them easier to read. Bug 1519904. Thanks Florens Verschelde :fvsch for your keen eye for details.
Better visual separation and readability? Yes, please!
It is possible to resend network requests that were logged in the console. Bug 1530138. Thank you Christoph Walcher.
Want to resend that network request from the console? Now you can!
Debugger
Column breakpoints are stable now and we’re super happy with it.
Event breakpoints making good progress. The UI is ready and we’ll be landing the feature very soon. Follow along in this bug.
When this lands, developers will be able to set breakpoints on events, as well as lines of code.
Workers are now displayed in the source tree along all the other sources.
The new logpoint feature is now even better with dedicated icons in the web console.
Log log log!
Remote Debugging
The new about:debugging page will ride the trains with Firefox 69. A final QA testing phase will happen in beta 69 in a few weeks. The main implementation phase is over and the final few fixes have happened:
Stay on the same page when reloading about:debugging (reconnects to remote runtimes automatically) (bug)
Remember last temporary addon install directory (bug)
Disable temporary addon installation if xpinstall.enabled is false (bug)
Updated error message colors and borders
New “Remote Debugging” menu item in the Web Developer menu
Update for Fenix/Firefox Preview (name, icon and version) (bug)
Coming soon to a phone near you!
Fission
Abdoulaye has an initial version of the <select> dropdown working with Fission
Neil has a version of drag and drop working with Fission! \o/
mconley has a patch that makes PermitUnload work with Fission, but is blocked on some DOM work
mconley is starting efforts to make the context menu work with Fission
Glean is a new library for collecting data in Mozilla products. It’s been shipping in Firefox Preview for a little while and I’d like to take a minute to talk about how I validated that it sends what we think it’s sending.
Validating new data collections in an existing system like Firefox Desktop Telemetry is a game of comparing against things we already know. We know that some percentage of data we receive is just garbage: bad dates, malformed records, attempts at buffer overflows and SQL injection. If the amount of garbage in the new collection is within the same overall amount of garbage we see normally, we count it as “good enough” and move on.
With new data collection from a new system like Glean coming from new endpoints like the reference browser and Firefox Preview, we’re given an opportunity to compare against the ideal. Maybe the correct number of failures is 0?
But what is a failure? What is acceptable behaviour?
We have an “events” ping in Glean: can the amount of time covered by the events’ timestamps ever exceed the amount of time covered by the ping? I didn’t think so, but apparently it’s an expected outcome when the events were restored from a previous session.
So how do you validate something that has unknown error states?
I started with a list of things any client-based network-transmitted data collection system had to have:
How many pings (data transmissions) are there?
How many measurements are in those pings?
How many clients are sending these pings?
How often?
How long do they take to get to our servers?
How many poorly-structured pings are sent? By how many clients? How often?
How many pings with bad values are sent? By how many clients? How often?
From there we can dive into validating specifics about the data collections:
Do the events in the “events” ping have timestamps with reasonable separations? (What does reasonable mean here? Well, it could be anything, but if the span between two timestamps is measured in years, and the app has only been available for some number of weeks, it’s probably broken.)
Are the GUIDs in the pings actually globally unique? Are we seeing duplicates? (We are, but not many)
Are there other ping fields that should be unique, but aren’t? (For Glean no client should ever send the same ping type with the same sequence number. But that kind of duplicate appears, too)
Once we can establish confidence in the overall health of the data reporting mechanism we can start using it to report errors about itself:
Ping transmission should be quick (because they’re small). Assuming the ping transmission time is 0, how far away are the clients’ clocks from the server’s clock? (AKA “Clock skew”. Turns out that mobile clients’ clocks are more reliable than desktop clients’ clocks (at least in the prerelease population. We’ll see what happens when we start measuring non-beta users))
How many errors are reported by internal error-reporting metrics? How many send failures? How many times did the app try to record a string that was too long?
What measurements are in the ping? Are they only the ones we expect to see? Are they showing in reasonable proportions relative to each other and the number of clients and pings reporting them?
All these attempts to determine what is reasonable and what is correct depend on a strong foundation of documentation. I can read the code that collects the data and sends the pings… but that tells me what is correct relative to what is implemented, not what is correct relative to what is intended.
By validating to the documentation, to what is intended, we can not only find bugs in the code, we can find bugs in the docs. And a data collection system lives and dies on its documentation: it is in many ways a more important part of the “product” than the code.
At this point, aside from the “metrics” ping which is awaiting validation after some fixes reach saturation in the population, Glean haspassedall of these criteria acceptably. It still has a bit of a duplicate ping problem, but its clock skew and latency are much lower than Firefox Desktop’s. There are some outrageous clients sending dozens of pings over a period that they should be sending a handful, but that might just be a test client whose values will disappear into the noise when the user population grows.
Our support platform went through numerous changes and transitions during the last couple of years. With the SUMO team joining efforts with the Open Innovation group last year, we have started thinking about different approaches to our support platform strategy. Our support platform is complex and there are a lot of legacy items that need to be taken care of. Besides this we need to get ready for all the new things that are coming our way.
We want to ensure we’re providing a stable platform that will support Mozilla in the years to come as well as manage all the new products and changes expected in the following years.
During this first half of the year we have worked on setting up a roadmap that prioritizes the work and helps us be more intentional about the changes we want to make in order to provide the best support platform for our users. With this we have also worked on new processes that will hopefully simplify the way we work with the platform as well as the overall development process.
What’s new
Our current efforts are focused almost 100% on the integration of Firefox Accounts. In parallel we’ve also been working with the IT team to complete a migration of the infrastructure to a new instance of AWS (this has been completed on June 5th). Firefox Accounts implementation will follow shortly. After these major pieces of work are done our next big priorities are: Elastic search upgrades, ongoing UX experiments and a Responsive Design implementation that has become even more important as Google now indexes our site as mobile-first..
There will be more discussions about H2 and how we’re going to manage platform priorities in the second half of the year in July.
You can consult the current platform roadmap here.
This is a high-level overview on each project we’re working on and the expected timeline for completion. We’re going to review the roadmap items at the beginning of each month.
All the development work is being tracked in sprints and you can follow our current sprint here.
As mentioned before, the SUMO platform is a large complex platform with a lot of legacy issues that need to be dealt with. Currently we have around 700 bugs filed, many of them being more than 5 years old. As we don’t have enough resources to deal with this huge backlog we’ll need to change a few processes. We have designed a new triage and roadmap review process that you can read about here . Bugs that are not critical to the stability of the platform and are older than 6 months will be closed – this is a one time only event and we expect this to take care of most outdated bugs that will never be fixed. Feel free to open a new bug if you feel the issue is urgent or should be prioritized nonetheless.
Please note
We’re currently focusing on: Firefox Accounts implementation, the IT migration as well as any critical issues that break the site or block releases. Any other items are currently on hold. We can prioritize other issues as needed as per the process described in the document shared above.
We’re excited to share that Hubs is now available on Quest, the new standalone VR headset from Oculus. Because Hubs is web-based, there are no applications to install or limits on cross-platform compatibility. Simply invite people to join your rooms in VR, on a desktop, or with a phone at any time. Launch a browser on the Quest and go to hubs.mozilla.com to create a room, then invite people to join you by sending them the invite link or room code!
Standalone headsets like the Oculus Quest represent exciting new advancements in the systems that we have available for consumer VR technology. Untethered devices with tracking capabilities built into the headset allow for more freedom of movement around a space and more natural interactions within an environment.
At Mozilla, we're committed to supporting a rich, open ecosystem of online content that can be accessed by any device. This is one of the reasons that the immersive web is so powerful - like traditional websites, applications like Hubs can be accessed through browsers with a single URL on new devices without being limited to store requirements. By developing Hubs for the web, we’re able to iterate and deploy changes quickly, which allows us to get new features and bug fixes out quickly and often. It also means our users can be together in the same room on the Quest, PC, and smartphones as well.
We're excited by the opportunities that are enabled by an immersive, creative web where anyone can launch mixed reality experiences. For virtual reality to succeed, applications and experiences need to be designed for everyone in mind, and not separate communities based on their hardware preferences. We think it’s important that Hubs exists as a social VR platform that works across the different device families that you use to communicate, regardless of the platform.
There are a lot of misconceptions about what the immersive web is capable of, but it does a lot of important things really well. It keeps control of the experiences in the users’ hands and prioritizes accessibility over platform-exclusive features. It gives developers the ability to deliver their experiences across devices without the restrictions that come from publishing to app stores, and it’s born from a decades old community built around standards and openness, which we think is critical to the success of mixed reality.
If you’re a creator or developer interested in learning more about how we’re building virtual reality experiences for the web, join the Hubs Community meetup on Fridays at 11:30am PDT (UTC -7) to hear more from the team about the foundations of how (and why) we’re committed to bringing social VR to the browser. Jump into our Hubs discord server and keep an eye on the #meetup channel to participate!
Hubs is an open-source project by Mozilla to explore how social virtual worlds can be used for collaboration and communication. You can explore Hubs today at hubs.mozilla.com or view the source code at github.com/mozilla/hubs.
First, ensure you run ./mach boostrap, and select "4. GeckoView/Firefox for Android".
Here's the mozconfig I'm using (Ubuntu 18.04):
ac_add_options --enable-optimize ac_add_options --disable-debug ac_add_options --enable-release ac_add_options --disable-tests mk_add_options AUTOCLOBBER=1 ac_add_options --enable-debug-symbols # With the following compiler toolchain: CC="/home/chris/.mozbuild/clang/bin/clang" CXX="/home/chris/.mozbuild/clang/bin/clang++" export CC="/home/chris/.mozbuild/clang/bin/clang -fcolor-diagnostics" export CXX="/home/chris/.mozbuild/clang/bin/clang++ -fcolor-diagnostics" ac_add_options --with-ccache=/usr/bin/ccache mk_add_options 'export RUSTC_WRAPPER=sccache' # Build GeckoView/Firefox for Android: ac_add_options --enable-application=mobile/android # Work around issues with mozbuild not finding the exact JDK that works. # See also https://bugzilla.mozilla.org/show_bug.cgi?id=1451447#c7 ac_add_options --with-java-bin-path=/usr/lib/jvm/java-8-openjdk-amd64/bin # With the following Android NDK: ac_add_options --with-android-ndk="/home/chris/.mozbuild/android-ndk-r17b" ac_add_options --with-android-min-sdk=16 ac_add_options --target=arm-linux-androideabi
A noteworthy item in there is "--with-java-bin-path". I've had trouble on Ubuntu with the system default Java not being the right version. This helps.
Note that if you're profiling, you really want to be doing a release build. The behaviour of release is different from an optimized build.
adb shell am start -a android.intent.action.MAIN -c android.intent.category.LAUNCHER -n org.mozilla.geckoview_example/org.mozilla.geckoview_example.GeckoViewActivity -d 'https://www.youtube.com/watch?v=dQw4w9WgXcQ'
If you want to set environment variables, for example to turn on MOZ_LOGs, run like so:
adb shell am start -a android.intent.action.MAIN -c android.intent.category.LAUNCHER -n org.mozilla.geckoview_example/org.mozilla.geckoview_example.GeckoViewActivity -d 'https://www.youtube.com/watch?v=dQw4w9WgXcQ' --es env0 MOZ_LOG=MediaSource:5
Note if you want to create more than one environment variable, each one needs to be numberd, i.e. `--es env0 FOO=BAR env1 BAZ=FUZ`, and so on. Also note that you do not put quotes around environment variables here. That is, use `--es env0 FOO=BAR`, do not use `--es env0 FOO="BAR"`.
MOZ_LOGs go to adb logcat. To setup an output stream that reads specific MOZ_LOGs:
adb logcat | grep MediaSource
This stays open, printing logs until you terminate with CTRL+C. If you want to exit at the end of the logs buffered, pass -d. i.e.:
adb logcat -d > log_file.txt
Apparently you can pass a logtag filterspec to `adb logcat` to have it filter for you, but I never figured the syntax out.
To clear logcat's buffered logs:
adb logcat --clear
This is useful if you're prinf-debugging something via logcat, and want to clear the decks before each run.
Other useful commands...
To terminate a running GeckoView_example:
adb shell am force-stop org.mozilla.geckoview_example
To list all packages on your device related to Mozilla:
Note that this also uninstalls the GeckoView test app. Sometimes you may find you need to uninstall both apps before you can re-install. I think this is related to different versions of adb interacting.
To get the Android version on your device:
adb shell getprop ro.build.version.release
To simulate typing text:
adb shell input text "your text"
To profile a GeckoView_example session, you need to download the latest Firefox Desktop Nightly build, and install the Firefox Profiler add-on. Note that the Firefox Profiler Documentation is pretty good, so I'll only cover the highlights.
Once you've got Firefox Desktop Nightly and the Firefox Profiler add-on installed, start up your GeckoView_example app and URL you want to profile, and in Firefox Nightly Desktop open about:debugging. Click "Connect" to attach to the device you want to profile on, and then click "Profile Performance".
If you're profiling media playback, you want to add "Media" to the custom thread names under the "Threads" settings.
Since you're profiling a local build, you want to open the "Local build" settings, and ensure you add the path to your object directory.
Once you're configured, press "Start recording", do the thing in GeckoView_example you're profiling, and then hit "Stop and grab the recording".
The profile will open in a new tab in the browser. Sometimes I've noticed that the profiler hangs at "Waiting for symbol tables for library libxul.so". Just reloading the page seems to resovle this normally.
I find the Firefox Profiler very straightforward to use. The Flame Graph view can be particularly enlightening to see where threads are spending time.
Unfortunately the Firefox profiler can't symbollocate Java call stacks. Java calls usually show up as hex addresses, sometimes on the far side of an AndroidBridge C++ call.
In late 2018 Mozilla conducted an experiment to collect browser Telemetry data with Prio, a privacy-preserving data collection system developed by Stanford Professor Dan Boneh and PhD candidate Henry Corrigan-Gibbs. That experiment was a success: it allowed us to validate that our Prio data collections were correct, efficient, and integrated well with our analysis pipeline. Today, we want to let you know about our next steps in testing data collection with Prio.
As part of Content Blocking, Firefox will soon include default protections against tracking. Our protections are built on top of a blocklist of known trackers. We expect trackers to react to our protections, and in some cases attempt to work around them. We can monitor how our blocklists are applied in Firefox to detect these workarounds.
However, directly monitoring how our blocklists are applied would require data that we feel is too sensitive to collect from release versions of Firefox. That’s why Prio is so important: it allows us to understand how our blocklists are applied across a large number of users, without giving us the ability to determine how they are applied in any individual user’s browser or on any individual page visit.
To support this we’ve developed Firefox Origin Telemetry, which is built on top of Prio. We will use Firefox Origin Telemetry to collect counts of the number of sites on which each blocklist rule was active, as well as counts of the number of sites on which the rules were inactive due to one of our compatibility exemptions. By monitoring these statistics over time, we can determine how trackers react to our new protections and discover abuse.
In the next phase of testing we need validate that Firefox Origin Telemetry works at scale. To provide effective privacy, Prio requires that two independent parties each process a separate portion of the data — a requirement that we will not satisfy during this test. As in our initial test, we will run both data collection servers ourselves to complete end-to-end testing prior to involving a second party. That’s why we are running this test only in our pre-release channels, which we know are used by a smaller audience that has chosen to help us test development versions of Firefox. We’ve ensured that the data we’re collecting falls within our data collection policies for pre-release versions of Firefox, and we’ve chosen to limit the collection to 1% of Firefox Nightly users, as this is all that’s necessary to validate the API.
We expect to start this test during our Nightly 69 development cycle. Collecting this data in a production environment will require an independent third party to run one of the servers. We will provide further updates once we have such a partner in place.
The subgrid feature of the CSS Grid Specification is not yet shipping in any browser, but is now available for testing in Firefox Nightly. This is a feature that, if you have used CSS Grid for a layout of any complexity, you are likely to be pretty excited about. In this article I’m going to introduce the feature and some of the use cases it solves.
So what is subgrid exactly? In terms of syntax, it is a new keyword value for the grid-template-columns and grid-template-rows properties. These properties normally accept a track listing, or to put it another way, a listing of sizes of the tracks you want in your grid. For example, the following CSS would create a three column track grid with a 200px column, a column sized as max-content, and a final 1fr column.
grid-template-columns: 200px max-content 1fr;
You can find out more about track sizing in general, and the basics of grid layout via the MDN Guide Basic concepts of Grid Layout.
If we define a track as a subgrid, however, we replace the track listing with the keyword subgrid.
grid-template-columns: subgrid;
This instructs the grid-template-columns property to use the tracks defined on the parent as the track sizing and number used by this nested grid.
In the example below I have an element which is a grid container. It contains three child elements — two <div> elements and a <ul>.
If we make the <ul> with a class of box3 a grid, and set grid-template-columns to subgrid, the <ul> is now a three-column track grid. The list items are laid out using the tracks of the parent.
There are some additional nice features that make subgrid useful for patterns you might need to build. The *-gap properties are inherited by default into subgrids, however you can override this behavior by setting a gap, row-gap, or column-gap value on the subgrid itself.
The lines in your subgrid will inherit the line names set on the parent grid. This means that you can position items in the subgrid with the line names on your main grid. You can however also add line names just for the subgrid and these will be added to any inherited names.
Take a look at the guide to subgrid on MDN to read about all of these features and see example code.
What will subgrid be useful for?
In terms of new syntax, and new things to learn, this is a very small change for web developers who have learned grid layout. A grid defined as a subgrid is pretty much the same as a regular nested grid, albeit with its own track listings. However it makes a number of previously difficult patterns possible.
For example, if you have a card layout, and the cards have headers and footers with uneven amounts of content, you might want the card headers and footers to align across the rows. However, with a standard nested grid this isn’t possible. The grid on each card is independent, therefore the track sizing in card A can’t respond to change of height inside card B.
The card internal elements do not line up
If we cause each card to span across three rows however, we can then change the value of grid-template-rows to subgrid.
The card still spans three row tracks, but those rows are defined on the parent and therefore each footer is in the same row. If one footer gets taller, it makes the whole row taller.
You might want to work to a standard 12-column layout. Without subgrid, components that are not direct children of the grid container can’t be laid out on that parent grid. Instead, you need to be careful with track sizing in the nested components in order to get the layout to work. With subgrid we can opt nested grids into that parent grid as far into the structure as is required.
This means that in the below wireframe example, all elements are using the tracks defined on the main element — even things that are nested inside two grids such as the links inside a list inside a <nav> element. The screenshot below has the lines of that parent grid displayed using the Firefox Grid Inspector.
The twelve column grid highlighted by the Grid Inspector
A less obvious use case for subgrid is to help in the situation where you have an unknown amount of repeated content in your layout, and want to be able to place an item from the start to the end of the grid.
We can target the end of an explicit grid with -1, so an item placed with grid-row: 1 / -1 will stretch from the first to the last row line. The below grid has two row tracks defined. The block on the left stretches over both as it is spanning from column line 1 to column line -1.
The explicit grid highlighted with the Grid Inspector
However, if you are creating implicit row tracks, because you don’t know how many items there will be you can’t target the end of the implicit grid with -1. As we do not have explicit tracks after the first track (a grid always has one explicit track in each dimension) the blue item can’t span to the end line after all of the auto-placed items have been laid out.
Without an explicit grid the item cannot stretch to the end line
If you make the repeating section a subgrid for columns, with implicit rows, all of those rows fit into the same grid area of the parent, rather than creating more rows on the parent. This means that you can have a fully explicit parent grid and know exactly where the end line is no matter how many items are added in the subgridded part.
The only compromise would be the addition of an extra wrapper if your markup didn’t have a container for these repeating elements, however a single wrapping <div> is not going to cause any problems and enables this pattern.
The sidebar stretches to the height of the content
The DevTools team have been working on adding features to DevTools that will make it easier to work with multiple grids, including subgrid.
You can now highlight multiple grids with DevTools. This can be helpful to see how the grid lines up with each other. You can see this in action by highlighting multiple grids in the cards example above, letting you see how the lines of the rows on our cards align with the parent rows.
Two grids are highlighted here, one on the parent and one on a child
In the Grid Inspector subgrids have a little subgrid badge, and appear nested inside their parent. These things should help you to identify them better when working with complex arrangements of grids.
Subgrid is now available in Firefox Nightly, so you can test it out, and we would love you to do so. Firefox will have the first implementation of the specification, so feedback from web developers is vital both for the Firefox implementation, the DevTools, and for the CSS specification itself.
More resources can be found in the MDN guide, and I have started to build some more examples at Grid by Example — my website of CSS Grid examples. In addition, read CSS Grid Level 2: Here Comes Subgrid — an article I wrote about the specification before we had any implementations.
Whatever we do and whatever we try, no matter how hard we try to test, debug, review and do CI builds it does not change the eternal truth:
Nothing gets tested properly until released.
We worked hard on fixing bugs in the weeks before we shipped curl 7.65.0. We really did. Yet, several annoying glitches managed to creep in, remain unnoticed and cause problems to users when they first eagerly tried out the new release. Those were glitches that none in the development team had experienced or discovered but only took a few hours for users to detect and report.
The initial bad sign was that it didn’t even take a full hour from the release announcement until the first bug on 7.65.0 was reported. And it didn’t stop with that issue. We obviously had a whole handful of small bugs that caused friction to users who just wanted to get the latest curl to play with. The bugs were significant and notable enough that I quickly decided we should patch them up and release an update that has them fixed: 7.65.1. So here it is!
This patch release even got delayed. Just the day before the release we started seeing weird crashes in one of the CI builds on macOS and they still remained on the morning of the release. That made me take the unusual call to postpone the release until we better understood what was going on. That’s the reason why this comes 14 days after 7.65.0 instead of a mere 7 days.
Numbers
the 182nd release 0 changes 14 days (total: 7,747) 35 bug fixes (total: 5,183) 61 commits (total: 24,387) 0 new public libcurl function (total: 80) 0 new curl_easy_setopt() option (total: 267) 0 new curl command line option (total: 221) 27 contributors, 12 new (total: 1,965) 16 authors, 6 new (total: 687) 0 security fixes (total: 89) 0 USD paid in Bug Bounties
Bug-fixes
Let me highlight some of the fixes that went this during this very brief release cycle.
build correctly with OpenSSL without MD4
This was the initial bug report, reported within an hour from the release announcement of 7.65.0. If you built and installed OpenSSL with MD4 support disabled, building curl with that library failed. This was a regression since curl already supported this and due to us not having this build combination in our CI builds we missed it… Now it should work again!
CURLOPT_LOW_SPEED_* repaired
In my work that introduces more ways to disable specific features in curl so that tiny-curl would be as small as possible, I accidentally broke this feature (two libcurl options that allow a user to stop a transfer that goes below a certain transfer speed threshold during a given time). I had added a way to disable the internal progress meter functionality, but obviously not done a good enough job!
The breakage proved we don’t have proper tests for this functionality. I reverted the commit immediately to bring back the feature, and when now I go back to fix this and land a better fix soon, I now also know that I need to add tests to verify.
multi: track users of a socket better
Not too long ago I found and fixed a pretty serious flaw in curl’s HTTP/2 code which made it deal with multiplexed transfers over the same single connection in a manner that was far from ideal. When fixed, it made curl do HTTP/2 better in some circumstances.
This improvement ended up proving itself to have a few flaws. Especially when the connection is closed when multiple streams are done over it. This bug-fix now makes curl closing down such transfers in a better and cleaner way with fewer “loose ends”.
parse_proxy: use the IPv6 zone id if given
One more zone id fix that I didn’t get around to land in 7.65.0 has now landed: specifying a proxy with a URL that includes an IPv6 numerical address and a zone id – now works.
connection “bundles” on same host but different ports
Internally, libcurl collects connections to a host + port combination in a “bundle” (that’s just a term used for this concept internally). It does this to count number of connections to this combination and enforce limits etc. It is only used a bit for controlling when multiplexing can be done or not on this host.
Due to a regression, probably added already back in 7.62.0, this logic always used the default port for the protocol instead of the actual port number used in the given URL! An application that for example did parallel HTTP transfers to the hostname “example.org” on both port 80 and port 81, and used HTTP/1 on one of the ports and HTTP/2 on the other would be totally mixed up by curl and cause transfer failures.
But not anymore!
Coming up
This patch release was not planned. We will give this release a few days to stew and evaluate the situation. If we keep getting small or big bugs reported, we might not open the feature window at all in this release cycle and instead just fix bugs.
Ideally however, we’ve now fixed the most pressing ones and we can now move on and follow our regular development process. Even if we have, the feature window for next release will be open during a shorter period than normal.
Irvin Chen: will continue his work on bridging the local communities with the program
Of course we would like to thank our outgoing Reps council members Daniele, Manel and Oarabile for all their contributions during their last year in the program.
The Mozilla Reps Council is the governing body of the Mozilla Reps Program. It provides the general vision of the program and oversees day-to-day operations globally. Currently, 7 volunteers and 2 paid staff sit on the council. Find out more on the Reps wiki.
The annual curl user survey 2019 ran for 14 days and ended a while ago. I’ve spent a good deal of time summing up the data, making graphs, tables and creating a document out of what I’ve learned.
Some quick insights:
HTTPS is now the most used protocol
Linux is the most used platform
Most of the users (who answered) are in Europe
Windows 10 grows as the dominant Windows version used for curl
55% of users use HTTP/2 while 4.1% of users use HTTP/0.9
For all this and much much more. See the full report.
It’s a common, but fairly easy-to-fix accessibility issue: lack of indicating focus. In this post I will explain what we mean by focus and show you how focus outlines make your site easier to use.
What is focus?
Focus indicators make the difference between day and night for people who rely on them. Let’s first look at what they are, and which people find them useful.
Focus is something that happens between the interactiveelements on a page. That’s the first thing you should know. (See the focusable elements compatibility table for a more detailed and nuanced definition.) Interactive elements are elements like links, buttons and form fields: things that users can interact with.
On a page, at any given time, there is one element that has focus. If you’ve just loaded a page, it is probably the document, but once you start to click or tab, it will be one of the aforementioned interactive elements. The currently focused element can be found with document.activeElement.
By default, browsers convey which element currently has focus by drawing an outline around that element. The defaults vary between browsers and platform. With CSS, you can override these defaults, which we’ll get to in a bit.
Who benefits
Focus outlines help users figure out where they are on a page. They show which form field is currently filled in, or which button is about to be pressed. People who use a mouse, might use their cursor for this, but not everyone uses a mouse. For instance, there are many keyboard users: a person with a baby on one arm, people with chronic diseases that prevent the use of a mouse, and of course… developers and other power users. Beyond keyboards, there are other tools and input devices that rely on clearly indicated focus, like switches.
It is not just keyboard users that benefit, though. Focus indication also helps people who have limited attention spans or issues with short term memory, for example if they are filling out a lengthy form.
If the idea of indicating the current element in a website seems weird, consider TV interfaces. Most people use them with a remote control or game controller, and therefore rely on the interface to convey what’s currently selected.
Never remove them
Not everyone likes how focus outlines look, some find them ugly. But then that’s the case with street lights, too. They are unlikely to win design awards, but if you have to walk home in the dark, you are glad they help you see where you are.
Removing focus styles, as some websites do, is as detrimental for keyboard users as removing the mouse cursor would be for mouse users.
Nobody would override the browser’s default cursor, effectively removing the cursor altogether:
body {
cursor: none; /* you wouldn't do this */
}
So we shouldn’t do this either, which removes the browser’s default outline:
:focus {
outline: none; /* so, please don't do this */
}
Laura Carvajal with slide: You wouldn’t steal their cursor
Even if you provide an alternative with something like box-shadow, best set outline to solid transparent, because box-shadow does not play well with high contrast modes.
Good focus indicators
One way to indicate focus is to rely on browser defaults. It works, but I would recommend designing your own focus outlines. This gives you maximum control over how easy they are to see, and lets you integrate them with brand colours or the style of your site. Usually, thicker outlines (from 2px onwards) are better, as they are simply easier to see.
The :focus pseudo class takes CSS rules like any other selector, so you could style it however you like. In some cases a background color or underline could indicate that something is active.
Examples
Below are focus outlines as seen on Schiphol.nl and the City of The Hague websites. They make it easy to distinguish in a list of links which one is currently active.
Transitions
Focus outlines do not have to be boring. The outline property can be transitioned with CSS, so why not add a subtle animation? Make it pop!
Contrast
In WCAG 2.1, focus indicators are bound to the same contrast rules as other parts of the content, as per 1.4.11: Non-text contrast. This means a contrast of 3:1 between the outlines and their background is required.
On websites that have both light and dark parts, it is quite common to have a dark and a light focus style. For example, if your focus outline is blue for parts with a white background (for instance, the main content area), you could make it white for parts with a black background (for instance, the footer).
Special cases
Focusing non-interactive elements
As mentioned earlier, focus works on interactive elements. In special cases, it makes sense to focus a non-interactive element, like a <div>, if that element is a piece of expanded content or a modal overlay that was just opened.
Any element can be added to focus order with the tabindex attribute in HTML. Best use it with 0 or -1:
tabindex="0": element can be focused with keyboard and through JavaScript
tabindex="-1": element can be focused through JavaScript, but cannot be tabbed to
A tabindex with a number larger than 0 is best avoided, as this sets a preference of where the element goes in the tab order. If you set it for one element, you will have to set and maintain (!) a tabindex value on all interactive elements on the page. See also: It rarely pays to be positive by Scott O’Hara.
Only for keyboard users
If you are a developer and the design team is unwilling to apply bold focus styles, you could propose to show them to users who need them, for instance only to keyboard users.
There are two caveats to this notion of “users who need them”:
Not all people who rely on focus styles use a keyboard. We mentioned switches earlier, but that’s only one use case. As a general rule, keep in mind that you can’t predict all the ways your visitors choose to browse the web.
Making focus styles keyboard-only takes away an affordance for mouse users too, as focus also indicates that something is interactive.
For these reasons, we should be careful making decisions about when and how to show focus styles. Luckily, there is a CSS property invented to help us out here: focus-visible. According to the spec, it lets us:
provide clearly identifiable focus styles which are visible when a user is likely to need to understand where focus is, and not visible in other cases
In other words: it aims to let you indicate focus only for people that need it. This is supported in Firefox (with prefix), but not yet in Chromium (they intend to implement), so it would be best to use the official focus-visible polyfill. It is preferable to avoid such heuristics and convey focus rings to everybody, but if you have to, focus-visible is ideal. Especially if the alternative is nothing at all.
Focus styles as keyboard accessibility
A focused element that isn’t highlighted has a big impact on usability for keyboard users. You could make keyboard checks part of your development workflow to ensure that you don’t forget focus indicators. For instance, you could include “Can be used with a keyboard” in your definition of done. This is a check that most people in the team should be able to do before a new feature goes live. As we’ve seen above, focus styles don’t just benefit keyboard users, but keyboard operability is a good way to test them.
When testing, you might find that not all browsers and platforms let you tab through interactive elements by default. Here are some of the most common settings across platforms and browsers:
macOS: under System Preferences > Keyboard > Shortcuts set ‘Full keyboard access’ to ‘All controls’
Safari, macOS: in `Safari > Preferences`, under ‘Advanced’, check ‘Press Tab to highlight each item on a webpage’
Chrome: in chrome://settings, under ‘Web content’, check ‘Pressing Tab on a webpage highlights links, as well as form fields’
Summing up
Hopefully this post inspires you to try out your (client’s) site with just a keyboard. Maybe it is a pleasure to use already. If not, perhaps this post convinces you or your team to address the problem and design some on-brand focus indicators. Together we make the web more friendly to users of keyboards, sticks and switches. Together we make the web work for everyone.
People everywhere are demanding basic consumer protections. We want our food to be healthy to eat, our water to be clean to drink, and our air to be safe to breathe.
This year people have started to demand more of the internet as well, however, there persists an expectation that on the internet people are responsible for protecting themselves.
You should not have to worry about trading privacy and control in order to enjoy the technology you love. Tech companies have put the onus on people to read through their opaque terms and conditions tied to your data and privacy to use their services. The average privacy policy from a tech company is thousands of words and written at a level that often requires legal training to interpret. As such the vast majority of people don’t bother to read, and just click through these agreements trusting that the companies have their interests at heart.
This isn’t right, and it’s not where we stand. We aspire to put people back in control of their connected lives. To better equip people to navigate the internet today, we’ve built the latest version of our flagship Firefox browser with Enhanced Tracking Protection on by default. These protections work in the background, blocking third-parties from tracking your online activity while increasing the speed of the browser.
We’re offering privacy protections by default as you navigate the web because the business model of the web is broken, with more and more intrusive personal surveillance becoming the norm. While we hope that people’s digital rights and freedoms will ultimately be guaranteed, we’re here to help in the interim.
In a world where tech companies expect you to cobble together different tools to protect your privacy putting the burden on you, we are providing an easy-to-use solution with just one Firefox login to get the full benefit of all of the protections and capabilities we’ve built into our products and services.
By creating a Firefox account you can increase convenience while decreasing your exposure to some harmful parts of the web. An account unlocks the full potential of tools like Lockwise, which securely manages passwords, and Monitor, a service that notifies you when your email has been part of a known data breach.
We’re deepening our relationship with you because we know you can’t go it alone anymore. With Firefox you have a partner who knows the ins and outs of the tech industry, but who is beholden to serving you, not shareholders. We’re optimistic that together we can take back power over our online lives.
We choose to lead, not follow. Join us.
You know what we stand for and what we’ve been about for over a decade thanks to our Manifesto and our Data Privacy Principles. Today we’re making it even more clear what you get when you sign up with us by announcing the Firefox Personal Data Promise — our commitment to handle your personal information with integrity and decency — and best practices for others to follow when it comes to protecting consumers privacy and rights online.
We’re taking these steps and we’re offering new tools to increase your protection and control, but it’s only the first step in our new relationship with you. We will continue to push back against collect-it-all business models that are set up to monetize people in seemingly every possible way. In addition to the tools and services we offer, we champion efforts like the fight for net neutrality, combat surveillance tactics and push for standards and practices that promote privacy and competition.
I hope you can see we’re different, and that we work hard every day to earn your trust. I believe that the internet can be a tool to make the world a better place where everyone is welcome. And safe. And respected. It can be a place that enables a free exchange of ideas. I know it can be because it once was.
The web the world needs can be ours again, if we want it. Please join me and millions of Firefox users in choosing a safer, more connected world.
What if I told you that on nearly every single website you visit, data about you was transmitted to dozens or even hundreds of companies, all so that the website could earn an additional $0.00008 per ad! This is a key finding from a new study on behaviorally targeted advertisements from Carnegie Mellon University and it should be a wake-up call to all of us. The status quo of pervasive data collection in service of ad targeting is untenable. That is why we’re announcing some key changes to Firefox.
Today marks an important milestone in the history of Firefox and the web. As of today, for new users who download and install Firefox for the first time, Enhanced Tracking Protection will automatically be set on by default, protecting our users from the pervasive tracking and collection of personal data by ad networks and tech companies.
It seems that each week a new tech company decides to decree that privacy is a human right. They tout how their products provide people with “choices” to change the settings if they wish to opt into a greater level of privacy protection to exemplify how they are putting privacy first. That begs the question — do people really want more complex settings to understand and fiddle with or do they simply want products that respect their privacy and align with their expectations to begin with?
Privacy shouldn’t be relegated to optional settings
When thinking about consumer privacy online, I’m reminded of the behavioral economics studies which led to 401K plans (US retirement savings plans) moving from voluntary enrollment to auto-enrollment. Not too long ago most defined contribution retirement savings plans in the US required employees to sign-up and volunteer to start participating. Participation rates were very low. Why was that? Was it because people didn’t care about saving for retirement? Not at all! There were simply too many barriers to aligning with people’s expectations and desires and the benefits of saving for retirement aren’t felt immediately.
We are in a similar position with respect to software privacy settings. Pervasive tracking is too opaque and potential privacy harms are never felt immediately. The general argument from tech companies is that consumers can always decide to dive into their browser settings and modify the defaults. The reality is that most people will never do that. Yet, we know that people are broadly opposed to the status quo of pervasive cross-site tracking and data collection, particularly when they learn the details on how tracking actually works.
We also know that traditional privacy features such as Chrome’s Incognito mode are failing to live up to consumer expectations. The feature might keep your spouse from knowing what you’re thinking about getting them for your anniversary by erasing your history, but it does not prevent third-party tracking. Our research shows that Firefox users are seeking out privacy protection, particularly through the use of Firefox’s Private Browsing mode. In fact, nearly 25% of web page loads in Firefox take place in a Private Browsing window. The good news for these users is that Firefox’s Private Browsing mode has long put users first by blocking tracking. The bad news is that this generally isn’t true for many popular browsers, which allow tracking even in private browsing/incognito mode. A recent study found that users don’t understand this and think their data is being protected, when it is actually not.
As was the case with retirement savings plans, what this shows us is that the burden needs to shift from the consumers to the companies whereby the complexity of privacy settings shouldn’t be placed on users to figure out. The product defaults should simply align with consumer expectations. That is the approach we are taking in Firefox.
Enhanced Tracking Protection by Default
As stated above, new Firefox users will have strong privacy protection from the moment they install. We also expect to deliver the same functionality to existing users over the coming months. Because we are modifying the fundamental way in which cookies and browser storage operate, we’ve been very rigorous in our testing and roll-out plans to ensure our users are not experiencing unforeseen usability issues. If you’re already using Firefox and can’t wait, you can turn this feature on by clicking on the menu icon marked by three horizontal lines at the top right of your browser, then Content Blocking. Go to your privacy preferences and click on the Custom option on the right side. Mark the Cookies checkbox and make sure that “Third-party trackers” is selected. To learn more about our privacy and security settings and get more detail on what each section — Standard, Strict, and Custom — includes, visit here.
For existing users, go to your privacy preferences and click on the Custom option, ark the Cookies checkbox
If you are new to Firefox, we’d love for you to give it a try. Download the latest version here.
When it comes to privacy, default settings matter! We hope that the actions we are taking can ultimately compel change in the industry. Afterall, consumers deserve better.
The word “privacy” gets thrown around a lot these days, but every tech company defines privacy differently. Respecting your privacy has been at our core from day one, with the … Read more
It’s been several weeks since I was promoted to Senior Vice President of Firefox, responsible for overall Firefox product and web platform development. As a long-time employee with 10+ years, I’ve seen a lot of things within the tech industry from data breaches, net neutrality and the rise and fall of tech companies. I believe that Firefox has and will continue to make a big impact in building the necessary protections to keep people safe online.
This past year, we’ve seen tech companies talk a big game about privacy as they’re realizing that, after several global scandals, people feel increasingly vulnerable. It’s unfortunate that this shift had to happen in order for tech companies to take notice. At Firefox, we’re doing more than that. We believe that in order to truly protect people, we need to establish a new standard that puts people’s privacy first. At Firefox, we have been working on setting this standard by offering privacy-related features, like Tracking Protection in Private Browsing, long before these issues were brought to light. With this new, increased awareness for privacy, we feel that the time is right for the next step in stronger online protections for everyone.
Last year, we announced our new approach to anti-tracking, and our commitment to help people stay safe whenever they used Firefox. One of those initiatives outlined was to block cookies from known third party trackers in Firefox. Today, Firefox will be rolling out this feature, Enhanced Tracking Protection, to all new users on by default, to make it harder for over a thousand companies to track their every move. Additionally, we’re updating our privacy-focused features including an upgraded Facebook Container extension, a Firefox desktop extension for Lockwise, a way to keep their passwords safe across all platforms, and Firefox Monitor’s new dashboard to manage multiple email addresses.
Enhanced Tracking Protection blocks sites from tracking you
For new users who install and download Firefox for the first time, Enhanced Tracking Protection will automatically be set on by default as part of the ‘Standard’ setting in the browser and will block known “third-party tracking cookies” according to the Disconnect list. We talk more about tracking cookies here. Enhanced Tracking Protection will be practically invisible to you and you’ll only notice that it’s operating when you visit a site and see a shield icon in the address bar next to the URL address and the small “i” icon. When you see the shield icon, you should feel safe that Firefox is blocking thousands of companies from your online activity.
For those who want to see which companies we block, you can click on the shield icon, go to the Content Blocking section, then Cookies. It should read Blocking Tracking Cookies. Then, click on the arrow on the right hand side, and you’ll see the companies listed as third party cookies and trackers that Firefox has blocked. If you want to turn off blocking for a specific site, click on the Turn off Blocking for this Site button.
For existing users, we’ll be rolling out Enhanced Tracking Protection by default in the coming months without you having to change a thing. If you can’t wait, you can turn this feature on by clicking on the menu icon marked by three horizontal lines at the top right of your browser, then under Content Blocking. Go to your privacy preferences and click on the Custom gear on the right side. Mark the Cookies checkbox and make sure that “Third-party trackers” is selected. To learn more about our privacy and security settings and get more detail on what each section – Standard, Strict, and Custom – includes, visit here.
For existing users, go to your privacy preferences, click on the Custom gear and mark the Cookies checkbox
Latest Facebook Container blocks tracking from other sites
Earlier this year, Mozilla was honored as one of the World’s Most Innovative Companies by Fast Company. Notably our Facebook Container extension played a big role in getting us selected. With more than two million downloads since it launched, our Facebook Container is an add-on/web extension that helps you take control and isolate your web activity from Facebook (i.e. following and tracking you across the web). Today, we’re releasing the latest update for Facebook Container which prevents Facebook from tracking you on other sites that have embedded Facebook capabilities such as the Share and Like buttons on their site.
For example, when you are on a news site and reading an article, you often see Facebook Like and Share buttons. Our Facebook Container will block these buttons and all connections to Facebook’s servers, so that Facebook isn’t able to track your visits to these sites. This blocking makes it much harder for Facebook to build shadow profiles of non-Facebook users. You will know the blocking is in effect when you see the Facebook Container purple fence badge.
Facebook Container will block these buttons and all connections to Facebook’s servers
To add the latest Facebook Container Add-On, visit here.
Meet Firefox Lockwise: Manage Your Passwords Safely and Take them Everywhere
Last Summer, we brought you Firefox Lockbox for iOS, and in March of this year we announced both Firefox Lockbox for Android and an iPad-optimized version to expand the ecosystem. One of the top most requested features from users was to find a way to manage their passwords. Today, we are rolling out a Firefox desktop extension that offers this feature and completes this product family we are now calling Firefox Lockwise.
As part of the Firefox Lockwise product suite, formerly known as Firefox Lockbox, the desktop extension will give you more control over your stored passwords with shared access from every device. With the new desktop extension, Firefox Lockwise will provide an additional touchpoint to store, edit and access your passwords. The extension provides an enhanced experience for your saved logins, which will allow you to more easily manage and interact with your stored passwords in Firefox. You will notice a seamless integrated experience in Firefox when you move from desktop to mobile, with a similar layout of key features for easy navigation and access, and easy access to your logins and passwords.
The new Firefox Lockwise desktop extension includes:
Manage your saved list of passwords – The new dashboard interface makes it simple to update and manage your saved list. If you’re no longer frequenting a site, you can easily delete your saved password. And for the sites you access frequently, you can quickly reference and edit what is being stored, thus giving you an easy way to take control of your online privacy.
Access your passwords anywhere – Whether you’re shopping for shoes on your desktop or purchasing them on-the-go from your favorite site, Firefox Lockwise has you covered. Both the mobile app and desktop extension can help you quickly retrieve your password to access your site account, no matter which device you’re on to take advantage of member discounts or free shipping.
Whether you are a loyal user or you are ready to take control of your passwords, try Firefox Lockwise, available on iOS, Android, and now a Firefox add-on for Desktop.
Firefox Monitor adds dashboard to manage multiple email addresses
Since the launch of Firefox Monitor, a free service that notifies you when your email has been part of a data breach, more than 635,000 people have signed up for alerts. Users have been checking multiple personal email addresses on Monitor since launch, and the ability to easily manage multiple accounts has been a top, frequently requested feature. Today we’re launching a central dashboard to help you track and manage multiple email addresses, whether it’s your personal email accounts or ones for professional use.
Through the breach dashboard, you’ll receive a quick summary of updates for all registered email accounts. You’ll be able to easily identify which emails are being monitored, how many known data breaches may have exposed your information, and specifically, if any passwords have been leaked across those breaches. Adding a new email address to your existing Firefox Monitor account is simple, and whether you’re managing one – or multiple – new email accounts, you will be able to select a primary email address to serve as the hub for all notifications and alerts. We added a safety measure to ensure that all email addresses are verified by email before they are activated.
Identify which emails are being monitored, how many known data breaches may have exposed your information, and if any passwords have been leaked across those breaches
Being part of a data breach is not fun, but keeping track of and knowing where your private information may have been made public is one of the first steps in taking control of your online privacy.
We invite you to check out the new breach dashboard on Firefox Monitor!
Tech companies are using the word “privacy” a lot these days. What do they mean when they say it? To one company, privacy means keeping your information between you and … Read more
The Mac Pro, like New Coke, is back. In a miniature cheese grater you could make a mean quesadilla with. A million Power Mac G5s and O.G. Mac Pros are singing out, "we told you so! We told you so!"
But if you're going to buy one of these things (starting at $6000), you don't get to complain how much a Talos II costs.
Hello and welcome to another issue of This Week in Rust!
Rust is a systems language pursuing the trifecta: safety, concurrency, and speed.
This is a weekly summary of its progress and community.
Want something mentioned? Tweet us at @ThisWeekInRust or send us a pull request.
Want to get involved? We love contributions.
This Week in Rust is openly developed on GitHub.
If you find any errors in this week's issue, please submit a PR.
Always wanted to contribute to open-source projects but didn't know where to start?
Every week we highlight some tasks from the Rust community for you to pick and get started!
Some of these tasks may also have mentors available, visit the task page for more information.
If you are running a Rust event please add it to the calendar to get
it mentioned here. Please remember to add a link to the event too.
Email the Rust Community Team for access.
Second only to watching video, most of the time people spend on computing devices today involves reading text and looking at vector graphics in the toolbars and user interfaces of programs. Over the last 20 years, a great deal of focus has gone into improving the quality of those fonts and graphics: subpixel anti-aliasing, cached font maps, etc.
Unfortunately, as you can see in the left image below, that work results in grainy and jagged text in modern AR headsets. Ideally, we would render text smoothly at all angles, as shown in the image on the right.
Document in built-in browser
Document in Pathfinder
The key limitation today is that most vector graphics or font rendering libraries assume that the images are viewed head on at a fixed resolution, rather than having a user walk around the content viewing it from many different angles and distances. Fortunately, Pathfinder fundamentally reimagines this rasterization process, and can render complex images and documents in real time.
The following movie provides a demonstration of both Pathfinder's font and vector graphics rendering.
Pathfinder running on the Magic Leap augmented reality headset
The main innovation in Pathfinder is to move rendering of curved shapes from the CPU to the GPU, and to support the transforms required for viewing from any angle. Since many modern devices have very powerful GPUs compared to their CPU, this results in a massive performance gain in 3D rendering, allowing graphics and text to be rendered on every frame, rather than rendered once at a fixed resolution. This is done by breaking down complex images into much smaller tiles, many of which are just flat colour, and writing GPU shader code to handle the tiles that are more complicated. (For more details, see A Look at Pathfinder by Nicolas Silva.)
Today, we are providing demos of the technology, available for daydream VR and Magic Leap here! These are provided to give an early glimpse of what Pathfinder is capable of, and not for deploying in production yet! We are working to enable Pathfinder inside of WebRender, which will allow it to be used directly in our new browsers for AR headsets based on Servo and potentially in all Firefox Gecko-based browsers in the future. And we'd like to make it available for use in Unity projects and as a WASM package, which will not have full integration with the operating system but still provide a dramatic improvement in rasterization quality. Please drop by the Github repository to check it out for your own projects and contribute to ensure that our new computing platforms have the best possible readability.
Hey all! Today we're happy to announce the Governance Working Group is going public. We've been spending the last couple weeks finding our bearings and structuring the working group.
You can find our charter outlining our main goals and priorities in our work repository. We are using the Github issues, milestones and projects to organise and track our progress. The readme in the repository explains our working process a bit more in detail. It also states how you can talk to us (hint, via discord) and get involved.
If you're interested in the governance working group, you may also be interested in the Lang Team Meta WG, which is exploring solutions specific to the lang team.
My fellow Advisory Board (AB) candidates and additional members of the W3C Community have shared their thoughts on the AB election, some on their blogs, and some on W3C Member only list(s).
It is very important that you explicitly rank candidates according to what is most important to you due to the way the current W3C STV mechanism is interpreted and implemented by the W3C Team. Past STV elections have shown that a Ranked 1 vote is crucial to candidates, Ranked 2 may have some impact, and the likelihood of effect drops off precipitously from there (though you should still rank at least a few more, ideally all candidates, just in case).
I’ve previously stated why I think W3C is facing several existential crises, how I will do my best to help W3C during this crucial time of transition, and thus ask for your Ranked 1 vote:
The AB has seven open spots in this election, so I will recommend six others for your consideration of a Ranked 1 vote.
Each of these candidates has many strengths, I am highlighting just one or two, depending on what may be most important to help steer the W3C in the next two years. Each of these candidates has many more strengths. Ordered by those with their own posts/blogs first (then by full name).
If web developer perspective is most important to you, choose Aaron Gustafson as Ranked 1
Aaron has worked as a profession web developer, written several well regarded books on web development, and spoken with & taught numerous web developers. Of all candidates he brings the most modern and most aware perspective of what matters to web developers today on the web, and what standards the W3C must prioritize in order to better serve today and tomorrow’s web development community, the community that builds the web you and I depend on day-to-day. Read his blog post for more
If experience is most important to you, choose Chris Wilson as Ranked 1
Chris Wilson has been working on the web for over 25 years, more than any other candidate. He has written code in web browsers, written specifications, chaired working groups, and served for five years on the Advisory Board. He has more experience, and a broader perspective, across more companies essential to the evolution of the web, than any other canidate. See his post for more
If bold directness & standing up to W3C Management is most important to you, choose Elika Etemad as Ranked 1
I have had the good fortune of working with Elika (AKA fantasai) for numerous years in the CSS Working Group, have seen her contribute to invited W3C Advisory Board discussions, and Advisory Committee meetings as well. She always brings a well considered, often bold, and always direct perspective. She brings a strength of commitment that is inspiring and I believe necessary to represent the needs of the web community especially when such needs require standing up to W3C Management. This will be an essential skill during W3C’s upcoming transitions. Read her blog post for more
If accessibility is most important to you, choose Léonie Watson as Ranked 1
I have had the good fortune to work with Léonie Watson during my past tenure on the Advisory Board. She has consistently brought a diverse and inclusive perspective in all our matters, especially making sure the AB was aware of accessibility implications of any number of policy decisions. Read her blog for more
If consensus building is most important to you, choose Alan Stearns as Ranked 1
I have also had the good fortune of working with Alan Stearns for many years. He has been an extremely effective chair of the CSS Working Group, a very large and diverse set of individuals with a variety of backgrounds, interests, and priorities, that is also extremely prolific. He has demonstrated time & time again that when there is conflict, he is able to mediate a dialog to find common ground, find fair ways to resolve differences, or often get parties to defer when progress can be made regardless.
If Chinese standards efforts representation is most important to you, choose Judy (Hongru) Zhu as Ranked 1
While I was on the Advisory Board, I got to know Judy and very much appreciate her participation. She brought key insights with regards to the interactions of global standards efforts, especially with standards efforts in China. I believe these insights have helped the governance of W3C, and W3C’s goals of producing truly global standards.
Thank you Natasha and Mike
Huge thanks to Advisory Board incumbents Natasha and Mike for their service. I am glad I got a chance to work with Natasha and Mike on the AB. Natasha provided a refreshing perspective and I hope she considers running for the AB in the future. Mike has served on the AB for a very long time, and demonstrated the ability to actively evolve the AB, the W3C, and forge a productive relationship with the WHATWG (as noted in the recenty announced MoU). Both Mike and Natasha set good examples for whoever is next elected to the AB.
If you have already voted, thank you for voting. If you have not, please take the few minutes to do so. In either case please consider the above candidates for their strengths and consider (re)ranking accordingly. Thank you for your consideration.
It’s just another meaningless number, but today there are 3,000 forks done of the curl GitHub repository.
This pops up just a little over three years since we reached our first 1,000 forks. Also, 10,000 stars no too long ago.
Why fork?
A typical reason why people fork a project on GitHub, is so that they can make a change in their own copy of the source code and then suggest that change to the project in the form of a pull-request.
The curl project has almost 700 individual commit authors, which makes at least 2,300 forks done who still haven’t had their pull-requests accepted! Of course those are 700 contributors who actually managed to work all the way through to inclusion. We can imagine that there is a huge number of people who only ever thought about doing a change, some who only ever just started to do it, many who ditched the idea before it was completed, some who didn’t actually manage to implement it properly, some who got their idea and suggestion shut down by the project and of course, lots of people still have their half-finished change sitting there waiting for inspiration.
Then there are people who just never had the intention of sending any change back. Maybe they just wanted to tinker with the code and have fun. Some want to do private changes they don’t want to offer or perhaps they already know the upstream project won’t accept.
We just can’t tell.
Many?
Is 3,000 forks a lot or a little? Both. It is certainly more forks than we’ve ever had before in this project. But compared to some of the most popular projects on GitHub, even comparing to some other C projects (on GitHub the most popular projects are never written in C) our numbers are dwarfed by the really popular ones. You can probably guess which ones they are.
In the end, this number is next to totally meaningless as it doesn’t say anything about the project nor about what contributions we get or will get in the future. It tells us we have (or had) the attention of a lot of users and that’s about it.
I will continue to try to make sure we’re worth the attention, both now and going forward!
Getting either no devices listed or just unauthorized from adb devices when running adb in a virtual machine? My setup is VirtualBox running Ubuntu 18.04 LTS hosted in Windows 10 machine. Connecting one of my Android devices with Lineage 16 and running adb in the VM doesn’t make the device ask for debugging authorization. When connecting with adb from the host machine, it does.
On both the host and the virtual machine make sure the version of adb is exactly the same. Otherwise the client will ask the server to restart and unexpectedly fail, when using the below provided solution.
For instance, Firefox for Android build uses internally adb version 1.0.41. But the system wide adb (up to date) in Ubuntu is 1.0.39. To download platform-tools for Windows, in my case, with that version you have to hack the URL bar a bit as there are no download links on the android site for older versions. Trial and error got me this link to get the tools with adb version 1.0.39 for Windows.
On the host machine:
Connect the device with USB debugging enabled, as usually
Don’t connect it in the running VirtualBox VM
Run adb devices to check the host machine sees the devices, check the server has started on port 5037
On the virtual machine:
Make sure the adb server is not running with adb kill-server
Check nothing listens on the 5037 port with netstat -nao | grep :5037
Run socat tcp-listen:5037,fork tcp:10.0.2.2:5037 where 10.0.2.2 should be the host address as seen from the VirtualBox VM
Run adb devices
You should see the same result as on the host machine and be able to work with the device now
The trick is to simply forward the TCP traffic between the two machines and pretend a server in the VM. It can work well the other way around with any kind of direct TCP relay in Windows, any kind of port and any IP address of choice.
I wrote this more for myself to not forget till next time, but maybe it will help someone.
Alan Davidson, Vice President of Global Policy, Trust and Security testified today on behalf of Mozilla before the International Grand Committee on Big Data, Privacy and Democracy. The International Grand Committee, composed of representatives from numerous governments around the world, has gathered in Ottawa, Canada for its second meeting, hosted by the House of Commons of Canada.
“We believe the internet can be better. And to build an internet that is both innovative and worthy of people’s trust, we will need better technology and better policy,” said Alan. In his testimony Alan focused on the need for better product design to protect privacy; getting privacy policy and regulation right; and the complexities of content policy issues. Against the backdrop of tech’s numerous missteps over the last year, our mission-driven work is a clear alternative to much of what is wrong with the web today.
For more, check out the replay of the hearing or read Alan’s prepared statement for the Committee.
Author’s note: Hi, I’m an engineer at Mozilla working on the Firefox DevTools server. I’m also a TC39 representative. This post focuses on some of the experiments I am trying out at the TC39, the standards body that manages the JavaScript specification. A follow up post will follow…
In what ways can empirical evidence be used in the design of a language like JavaScript? What kind of impact would a more direct connection to developers give us? As stewards of the JavaScript specification, how do we answer questions about the design of JavaScript and help make it accessible to the thousands of new coders who join the industry each year? To answer this we need to experiment, and I need your help.
I know, it isn’t so exciting. It’s a survey. We are testing whether or not the methods used in this survey provide useful information about specific parts of a proposal. In other words, we are testing how we can identify different factors related to code: Cognitive load, error proneness, readability, and learn-ability.
The goal is to see what we can learn from the data you share. Whether it will be useful remains to be seen. This is the first attempt to do this, so it will not be perfect.
This is also why I need everyone’s help. Whatever your background, your responses will be very much appreciated. You might be learning JavaScript as your first language, coming to JavaScript from another language, or working in the language professionally.
Well, I hope I have gotten everyone excited to take a survey. I am certainly excited. It is estimated to be 15 minutes, I hope it is enjoyable!
I am running for the W3CAdvisory Board (AB). If you work on or care about open web standards, I am asking you, and in particular your W3C Advisory Committee representative, to vote me for as their #1 vote (due to the way the current W3C STV mechanism is interpreted and implemented by the W3C Team).
The web community depends on W3C as a key venue for open web standards development. We are in a period of transition and existential risks for W3C (detailed in my official Advisory Board nomination statement). I bring both the experience (served on the AB for five years, 20+ years of first-hand standards work at W3C), and the boldness (created and drove numerous open reforms) necessary to work with an Advisory Board committed to modernizing W3C into a form that continues to support pragmatic & responsive open standards development.
There are many highly qualified candidates running for the W3C Advisory Board in this election, with a variety of strengths and abilities.
I believe the most important issue for this election is the active modernization of W3C to both avoid its existential risks and hopefully refocus on its best qualities, providing an even better venue for modern open web standards development.
Now more than ever we need an active Advisory Board composed of individuals who have demonstrated that they are bold web-doers that can actively drive change at the W3C. This means they must both have experience with editing & shipping broadly applicable specifications at W3C (ideally also experience with W3C processes), and have shown the initiative to teach themselves to pragmatically first-hand use the technologies of the web itself to express their work, i.e. using their own websites.
There are (currently) four additional AB candidates that have such experience and actively use the web itself to do their work. I encourage you to read their blog posts (or blogs in general) and vote for them as well:
Please Vote in the 2019 W3C Advisory Board Election (W3C Member-only link, only Advisory Committee members can vote) for myself (preferably as "Ranked 1"), and at least the other abovementioned candidates (Ranked 2 through Ranked 5) in an order according to who you think has the experience, capabilities, and will to actively collaborate and drive positive changes at the W3C. Thank you for your consideration.
Again, a polite reminder that Intel Macs aren't supported, but that doesn't mean people don't want to run TenFourFox on them. Thanks to new builder Hayley, Tiger-compatible versions of FPR14 and the MP4 Enabler are available for Intel. Previous versions have had issues on Tiger due to issue 209, so watch for that if you choose to run these, but initial testing at least looks very promising.
I've also given Ken direct access to that folder so that he can coordinate and upload Intel builds on a semi-regular basis without me as the rate limiting step. Remember, the Intel build is unsupported and issues posted to Tenderapp about it will be closed. There are no guarantees that it works, and there are no guarantees that builds will continue.
Meanwhile, I'm working on what may be a fruitless effort to add async/await support and am about halfway done with the merge. It will probably build but no guarantees that it will work, and there's probably some additional fixes needed to get it up to reasonable standards compliance. I'm trying to keep it all in one easily managed commit which is why there hasn't been much activity on Github for FPR15; this may be the only major new feature in order to reduce regression risk. More later.
Today we’re presenting new brand marks for Firefox Monitor and Firefox Lockwise. Lockwise? Yes, that’s the official name for the service we’d nicknamed “Lockbox” during its product development phase. The new icons are meant to signal the functions these apps perform. Firefox Monitor, which helps you discover if your email address has been part of a data breach and can alert you about further breaches, is represented by a magnifying glass. Firefox Lockwise, which provides an easy way to store your Firefox passwords and protect your data, suggests both a lock and a profile. The marks reinforce that all of our Firefox products and services help you keep your personal life private.
If you’ve been wondering whatever happened to the Firefox brand identity work we shared in this space last year, and whether System 1 or System 2 prevailed, these new icons offer a clue. They are not the whole story. We’ll be unveiling an evolved Firefox brand the week of June 10th, so please stay tuned. We look forward to hearing what you think.
Our newest Friend of Add-ons is Martin Giger! Martin is a leader and member of the Mozilla Switzerland community, an extension developer, and a frequent contributor to Mozilla’s community forums, where he helps people find answers to their questions about extension development. If you have ever visited our forums or joined one of our channels on IRC, there’s a good chance you’ve seen Martin kindly and patiently helping people resolve their issues. (He has also written a great blog post about how to effectively ask for help when you get stuck on a problem.)
Martin began contributing to Mozilla in the early 2010s when he began localizing a Thunderbird extension into German and building his first Firefox extension. He also became involved with the Nightingle Media Player project, an open-source audio player and web browser based on the Mozilla XULRunner.
Since then, Martin has contributed to a number of add-on projects, including the Add-on SDK, the add-ons linter, the site addons.mozilla.org, and the WebExtensions API. Always interested in finding creative technical solutions to solve problems he encounters in everyday life, he has recently been tinkering with Mozilla’s Web of Things platform, rewriting a Twitter tool used by the Mozilla Switzerland community, and managing web-related activities for the concert band he plays in.
In addition to spending time with Mozillians online, Martin also enjoys socializing in person with members of his local community. “Doing things with local contributors is meaningful,” he remarks. “No matter what they contributed to, meeting up with people and talking about things you’re passionate about makes Mozilla something you can grasp (and not just something you spend time in front of a computer on).”
Martin, the entire add-ons team extends their gratitude and appreciation to you for your kindness, willingness to help others, and sound judgement. Thank you for all of your contributions to our ecosystem!
If you are interested in getting involved with the add-ons community, please take a look at our wiki for some opportunities to contribute to the project.
Hello and welcome to another issue of This Week in Rust!
Rust is a systems language pursuing the trifecta: safety, concurrency, and speed.
This is a weekly summary of its progress and community.
Want something mentioned? Tweet us at @ThisWeekInRust or send us a pull request.
Want to get involved? We love contributions.
This Week in Rust is openly developed on GitHub.
If you find any errors in this week's issue, please submit a PR.
Always wanted to contribute to open-source projects but didn't know where to start?
Every week we highlight some tasks from the Rust community for you to pick and get started!
Some of these tasks may also have mentors available, visit the task page for more information.
No issues were proposed for CfP.
If you are a Rust project owner and are looking for contributors, please submit tasks here.
If you are running a Rust event please add it to the calendar to get
it mentioned here. Please remember to add a link to the event too.
Email the Rust Community Team for access.
Tweet us at @ThisWeekInRust to get your job offers listed here!
Quote of the Week
I used to think of programs as execution flowing and think about what the CPU is doing. As I moved to rust I started thinking a lot more about memory: how the data was laid out in memory, and how ownership of different parts of memory is given to different parts of the program at run time.
We are happy to let you know that Friday, May 31st we are organizing Firefox 68 Beta 6 Testday. We’ll be focusing our testing on: Activity Stream and Pin Firefox shortcut to taskbar for Windows 10.
Check out the detailed instructions via this etherpad.
No previous testing experience is required, so feel free to join us on #qa IRC channel where our moderators will offer you guidance and answer your questions.
We have read in the news that big platforms are willing to tackle head on privacy. The word "privacy" became an act of marketing, a way to sell a brand, to grow market shares, to renew or increase trust. This became an object of commerce. We even see debates on who could provide the best solution for a privacy oriented platform or that privacy is a hype.
In the same time, another topic of concerns has increased, security with different angles:
being safe online for individual people
stopping massive data hacking
protecting knowledge and speech with regards to the surge of fake news
All of these mostly resonate around the one-to-many/many-to-one issues.
But one thing is certain. The big platforms will redefine the word "privacy". It will be a space where you communicate with your friends protected from the mass. Privacy will be redefined as small group communications. Don't be fooled. There is still one entity which will be recording everything, studying patterns of communications, making money on understanding your behavorial patterns.
Worse… with the illusion of privacy given by this smaller spaces of communications, the people using them will feel more secure, comfortable, more at home. They will stop thinking twice about sharing something, while the entity is still listening.
Intimacy is something we share with others in small groups indeed. It has a lot of variations, levels of opacity, adjusted for contexts. Big platforms will never be able to provide a true space of privacy or intimacy, while their core business is about listening on what we express. Smaller communication groups are indeed sometimes the solution, but they need to exist outside of any listening/recording apparatus created by a third party. Communications are a contract in between the people who choose to have them. Any third party listening, recording, analyzing to sell the value extracted from these communications challenges right away the notion of privacy. The forest is not dark, when someone is listening.
Tuesday’s release of Firefox 67 brought a number of performance enhancing features that make this our fastest browser ever. Among these is the high performance, royalty free AV1 video decoder dav1d, now enabled by default on all desktop platforms (Windows, OSX and Linux) for both 32-bit and 64-bit systems.
With files more than 30% smaller than today’s most popular web codec VP9 [1], and nearly 50% smaller than its widely deployed predecessor H.264 [2], AV1 allows high-quality video experiences with a lot less network usage, and has the potential to transform how and where we watch video on the Internet. However, because AV1 is brand new and more sophisticated, some experts had predicted that market adoption would wait until 2020 when high-performance hardware decoders are expected. Dav1d in the browser upends these predictions.
Sponsored by the Alliance for Open Media, dav1d is a joint effort between the French non-profit VideoLAN and the greater FFmpeg open source audio/video community. Some of the leading minds in open source multimedia joined forces to release the first version of dav1d last fall, already 2x to 5x faster than libaom, the reference decoder published by AOMedia as part of the AV1 standards effort.
Since then the dav1d developers have squeezed out even more performance by profiling and rewriting critical sections in highly-parallelized SIMD assembly. And this shows in the benchmarks:
Higher performance and greater efficiency means smooth playback of AV1 video in the browser with significantly less CPU utilization.
AV1 already seeing adoption on the web
Landing dav1d in Firefox could not have happened at a better time. In just the past few months we’ve seen remarkable growth in the use of AV1, with our latest figures showing that 11.8% of video playback in Firefox Beta used AV1, up from 3% in March and 0.85% in February.
Now that desktop Firefox contains dav1d, we expect even more websites will take advantage of this next-generation, royalty-free video codec AV1.
Mozilla investing in the AV1 future
State-of-the-art decoders like dav1d are great for video playback, but best-in-class, free and open source software encoders are equally important to a healthy AV1 community. The AOMedia reference encoder was developed with the goal of creating the AV1 standard, not a production encoder. Thus, Mozilla and Xiph.Org are jointly developing a clean-room encoder named rav1e (the Rust AV1 Encoder) to increase encoding gains over the reference encoder and allow software encoding fast enough for real-time applications like WebRTC.
Good encoders make heavy use of psychovisual models to allocate bits for what humans perceive as good visual quality (not PSNR). With rav1e we are applying the perceptual analysis expertise from our earlier Daala and Theora codec development efforts to add activity masking, better color balancing, improved rate control and perceptual distortion metrics like CDEF that bring new, improved quality to AV1 encoding.
We’re also investing considerable research to improve encoder speed, optimizing new techniques that appear for the first time in AV1. It’s not enough to rewrite existing code from the initial reference encoder in SIMD assembly and make it four times faster. Rav1e is developing ways to make AV1 encoding tools 1000x faster by finding new algorithms rather than simply optimizing existing code.
Rav1e is getting better all the time. Active development continues at a rapid pace, landing major new improvements weekly.
Join the conversation
Do you find video compression and related technologies fascinating? Then join us in New York on June 26 for the Big Apple Video 2019 conference co-hosted by Mozilla and Vimeo. This full day event focuses on cutting edge video technologies and the user experiences they enable. With speakers from Twitch, Cisco, NGCodec, Intel, Wikimedia and other well known companies, this conference is designed for video technology enthusiasts like you!
We’d love to have you with us in New York, but if not you can register to attend remotely and watch our on-line video stream. What else would you expect from a conference on video and related technologies?
Hi there! I first published this newsletter episode on May 21st and hitting the publish button at the same time as Jessie who wrote an excellent announcement post about WebRender on the stable channel. We decided to unpublish the newsletter for a couple of days to avoid shadowing the other post.
WebRender is a GPU based 2D rendering engine for web written in Rust, currently powering Mozilla’s research web browser servo and on its way to becoming Firefox‘s rendering engine.
WebRender enabled by default for a subset of users on stable
Firefox users on the stable channel are starting to use WebRender without opting into it manually.
This is a huge milestone for everyone involved! The initial target configuration is Windows 10 with nvidia desktop GPUs and recent enough drivers. A very specific and small set of users for sure, and this is so that we can progressively roll out this massive change to Firefox’s graphics engine and appropriately react to the bugs that went unnoticed during all these months of testing and polish (and I am sure there will be). On the nightly channel, we’ve already started enabling WebRender by default on some AMD and Intel configurations on Windows and Linux.
Congratulations and big thanks to everyone who helped pushing WebRender forward, mozilla staff and volunteers alike. In particular, I would like to highlight the tremendous amount help provided by volunteer contributors Darkspirit and Alice0775 White in filing, reproducing and triaging bugs.
Bug triage is an often underapreciated, yet absolutely vital part of the process of making Firefox. Without it developers would not know about important bugs that need fixing. It is crucial to our ability to see and react to problems in the wild and impacts priorities and other decision making. Bug Triage is time consuming and requires a lot of knowledge about the project. So once again, many thanks to Alice0775 White, Darkspirit and many other volunteers who’s help and impact on the project is really appreciated.
What’s new in WebRender
Glenn landed a number of changes towards generating separate batches per dirty region. The goal is to improve the performance of incremental updates.
Glenn fixed external scroll offsets for perspective elements.
On top of this Nical started implementing render graph optimizations for items with many shadows.
Nical increased the amount of blob tiles that are rendered asynchronously.
Gankro landed the refactoring to how we represent webrender display items, reducing the size of lots of items, eliminating lots of meaningless states, and making it easier to read webrender captures.
Gankro got cbindgen to work with rust 2018 extern crate idioms, unlocking the ability for us to bump webrender and other gecko crates to Rust 2018.
Please note some of the information provided in this report may be subject to change as we are sometimes sharing information about projects that are still in early stages and are not final yet.
Are you a locale leader and want us to include new members in our upcoming reports? Contact us!
New community/locales added
Bashkirs (ba), a Turkic language mostly spoken in Russia
New content and projects
What’s new or coming up in Firefox desktop
Firefox 68 has officially entered Beta. The deadline to ship localization updates into this version is June 25. It’s important to remember that 68 is going to be an ESR version too: if your localization is incomplete on Jun 26, or contains errors, it won’t be possible to fix them later on for ESR.
A lot of content has landed in Firefox 68 towards the end of the cycle. In particular, make sure to test the new stub installer in the coming weeks, and the redesigned about:welcome experience. Detailed instructions are available in this thread on dev-l10n. You should also check out this post on how to localize the new “Join Firefox” message.
Partially related to Firefox Desktop: Facebook Container is quickly approaching version 2.0, adding several informative panels to the initial bare UI.
What’s new or coming up in mobile
As promised, more new and exciting things are happening in mobile land since our last report.
In fact, we have recently enabled two new projects in Pontoon, since we are opening up localization of a new password management product for both Android and iOS: Lockwise for Android (strings are located inside the locale folders, with a path starting by mozilla-mobile/lockwise-android/) and Lockwise for iOS – both formerly known as “Lockbox”. Ideal deadline for localizing and testing these projects is May 27th. As for previously enabled mobile projects, we are only exposing these strings to a subset of locales for now. We’ll add more locales as we get a handle on this first batch.
For Fenix and android-components strings, the current deadline for localizing and testing is still June 13th.
What’s new or coming up in web projects
Version 2 of the Firefox Monitor website is launching in the coming days. It’s a complete redesign, that will allow users to sign up with their Firefox Account, and monitor multiple emails easily.
Firefox Accounts: many strings were added in the recent feature updates. Please check Pontoon for the deadline. There might be more strings to be added before the weekend. The team will push codes more regularly to include as much localized content as possible on production before the launch of the new feature.
Mozilla.org added and updated four files in the past week: firefox/accounts-2019.lang, firefox/new/trailhead.lang, firefox/whatsnew_67.0.5.lang, and mozorg/newsletters.lang. Follow the deadline and prioritize against other requests.
Events
The Thai community meetup took place in Bangkok on 18-19 of May. This was the first localization meetup of the year led by the l10n-drivers. Community manager Vee summarized well through this blog.
Want to showcase an event coming up that your community is participating in? Reach out to any l10n-driver and we’ll include that (see links to emails at the bottom of this report)
Friends of the Lion
Image by Elio Qoshi
Know someone in your l10n community who’s been doing a great job and should appear here? Contact on of the l10n-drivers and we’ll make sure they get a shout-out (see list at the bottom)!
The Rust team is happy to announce a new version of Rust, 1.35.0. Rust is a
programming language that is empowering everyone to build reliable and efficient software.
If you have a previous version of Rust installed via rustup, getting Rust 1.35.0 is as easy as:
The highlight of this release is the implementation of the FnOnce, FnMut,
and Fn closure traits for Box<dyn FnOnce>, Box<dyn FnMut>, and Box<dyn Fn> respectively.
Additionally, closures may now be coerced to unsafe function pointers.
The dbg! macro introduced in Rust 1.32.0 can now also be called without arguments.
Moreover, there were a number of standard library stabilizations.
Read on for a few highlights, or see the detailed release notes for additional information.
Fn* closure traits implemented for Box<dyn Fn*>
In Rust 1.35.0, the FnOnce, FnMut, and the Fn traits are now implemented for Box<dyn FnOnce>,
Box<dyn FnMut>, and Box<dyn Fn> respectively.
Previously, if you wanted to call the function stored in a boxed closure, you had to use FnBox.
This was because instances of Box<dyn FnOnce> and friends did not implement the respective Fn* traits.
This also meant that it was not possible to pass boxed functions to code expecting an implementor of a Fn trait,
and you had to create temporary closures to pass them down.
This was ultimately due to a limitation in the compiler's ability to reason about such implementations,
which has since been fixed with the introduction of unsized locals.
With this release, you can now use boxed functions in places that expect items implementing a function trait.
Furthermore, you can now directly call Box<dyn FnOnce> objects:
fn foo(x: Box<dyn FnOnce()>) {
x()
}
Coercing closures to unsafe fn pointers
Since Rust 1.19.0, it has been possible to coerce closures that do not capture from their environment into function pointers.
For example, you may write:
This has however not extended to unsafe function pointers.
With this release of Rust, you may now do so. For example:
/// The safety invariants are those of the `unsafe fn` pointer passed.
unsafe fn call_unsafe_fn_ptr(f: unsafe fn()) {
f()
}
fn main() {
// SAFETY: There are no invariants.
// The closure is statically prevented from doing unsafe things.
unsafe {
call_unsafe_fn_ptr(|| {
dbg!();
});
}
}
Calling dbg!() with no argument
For the benefit of all the occasional and frequent "print debuggers" out there,
Rust 1.32.0 saw the release of the dbg! macro.
To recap, the macro allows you to quickly inspect the value of some expression with context.
For example, when running:
fn main() {
let mut x = 0;
if dbg!(x == 1) {
x += 1;
}
dbg!(x);
}
...you would see:
[src/main.rs:4] x == 1 = false
[src/main.rs:8] x = 0
As seen in the previous section, where the higher order function call_unsafe_fn_ptr is called,
you may now also call dbg! without passing any arguments.
This is useful when tracing what branches your application takes.
For example, with:
fn main() {
let condition = true;
if condition {
dbg!();
}
}
...you would see:
[src/main.rs:5]
Library stabilizations
In 1.35.0, a number of APIs have become stable.
In addition, some implementations were added and other changes occured as well.
See the detailed release notes for more details.
Copy the sign of a floating point number onto another
With this release, new methods copysign have been added to the floating point primitive types f32 and f64:
This function takes a raw pointer and hashes it. Using ptr::hash,
you can avoid hashing the pointed-to value of a reference and instead hash the address.
Copy the contents of an Option<&T>
From the very beginning with Rust 1.0.0,
the methods Option::cloned for Option<&T> and Option<&mut T> have allowed you to clone the contents in case of Some(_).
However, cloning can sometimes be an expensive operation and the methods opt.cloned() provided no hints to that effect.
The functionality of opt.copied() is the same as for opt.cloned().
However, calling the method requires that T: Copy.
Using this method, you can make sure that code stops compiling should T no longer implements Copy.
Changes in Clippy
In this release of Rust,
Clippy (a collection of lints to catch common mistakes and improve your Rust code) added a new lint drop_bounds.
This lint triggers when you add a bound T: Drop to a generic function. For example:
fn foo<T: Drop>(x: T) {}
Having a bound T: Drop is almost always a mistake as it excludes types,
such as u8, which have trivial drop-glues.
Moreover, T: Drop does not account for types like String not having interesting destructor behavior directly but rather as a result of embedding types,
such as Vec<u8>, that do.
In addition to drop_bounds,
this release of Clippy split the lintredundant_closure into redundant_closure and redundant_closure_for_method_calls.
We announced our glorious return to the “bug bounty club” (projects that run bug bounties) a month ago, and with the curl 7.65.0 release today on May 22nd of 2019 we also ship fixes to security vulnerabilities that were reported within this bug bounty program.
Announcement
Even before we publicly announced the program, it was made public on the Hackerone site. That was obviously enough to get noticed by people and we got the first reports immediately!
We have received 19 reports so far.
Infrastructure scans
Quite clearly some people have some scripts laying around and they do some pretty standard things on projects that pop up on hackerone. We immediately got a number of reports that reported variations of the same two things repeatedly:
Our wiki is world editable. In my world I’ve lived under the assumption that this is how a wiki is meant to be but we ended up having to specifically mention this on curl’s hackerone page: yes it is open for everyone on purpose.
Sending emails forging them to look like the come from the curl web site might work since our DNS doesn’t have SPF, DKIM etc setup. This is a somewhat better report, but our bounty program is dedicated for and focused on the actual curl and libcurl products. Not our infrastructure.
Bounties!
Within two days of the program’s life time, the first legit report had been filed and then within a few more days a second arrived. They are CVE-2019-5435 and CVE-2019-5436, explained somewhat in my curl 7.65.0 release post but best described in their individual advisories, linked to below.
I’m thrilled to report that these two reporters were awarded money for their findings:
Wenchao Li was awarded 150 USD for finding and reporting CVE-2019-5435.
l00p3r was awarded 200 USD for finding and reporting CVE-2019-5436.
Both these issues were rated severity level “Low” and we consider them rather obscure and not likely to hurt very many users.
Donate to help us fund this!
Please notice that we are entirely depending on donated funds to be able to run this program. If you use curl and benefit from a more secure curl, please consider donating a little something for the cause!
Everything you share on the internet is a story. You read blog posts and watch videos that make you feel connected to people across the world. Virtual Reality has made these experiences even stronger, but it wasn’t available to most people as a storytelling tool, until now.
This breakthrough in accessibility comes from VR pioneer and award winning journalist, Nonny de la Peña, who is founder & CEO of the immersive technology company Emblematic Group. Their newest initiative was to launch a browser based platform that allows anyone to tap into the immersive power of virtual reality, regardless of their technical background. That is exactly what they did with REACH. With support from like minded partners such as Mozilla and the John S. and James L. Knight Foundation, de la Peña launched the platform at the 2019 Sundance Film Festival. REACH completely simplifies authorship and distribution of virtual reality experiences using a simple drag and drop interface which anyone can access from any device, including a laptop, tablet, or smartphone.
VR for Storytelling
De la Peña was one of the first to recognize that VR is a powerful way to tell stories. As an international journalist, she knew what it took to write stories that touch people on a deep level. Putting people inside those stories made sense to her, and as supporters of a free and open web, Mozilla wanted to support her mission.
The stories de la Peña tells in virtual reality are beautiful and sometimes, gut-wrenching. You feel the raw emotion of a protect at an abortion clinic and experience the loneliness of a solitary confinement cell.
The team at Emblematic wanted to do more than create, they wanted to make it easy for people without coding experience to tell their own stories in VR. REACH gives all VR storytellers a voice, something that Mozilla knows is crucial for the future of the internet.
VR for Creation
“What if VR took you somewhere you didn’t necessarily know you wanted to go, but needed to see to fully comprehend? That’s the goal of REACH.”
– Nonny de la Peña
REACH uses WebVR and other web technologies to allow anyone to create their own virtual reality experiences. It has a simple drag-and-drop interface that lets users place real people into high-res 3D environments and then share the results across multiple platforms.
With the REACH platform, you can host and distribute 3D models. These can be used by first-time content makers, veteran creators and news organizations to create innovative and inexpensive “walk around” VR content.
“I wanted people to feel the whole story with their bodies, not just with their minds.”
– Nonny de la Peña.”
VR for Journalism
Mozilla hosts Developer Roadshows to help people learn the skills to build the web. That’s why we partnered with Emblematic for a recent event. There, Rick Adams–a news correspondent for Los Angeles–who has been using an early version of REACH in news reporting said that it’s perfect for journalists with average technical skills.
“You can place yourself or any of your interviewees into the environment, create, and then open on the web with a link, which is revolutionary. You create a complex and rich story, allowing people to really feel like they are involved in the story themselves.”
VR for the Web
REACH is revolutionary for a number of reasons but especially because it is \ built in WebVR. WebVR was created by Mozilla to make immersive content accessible on the web. This means that anyone with a computer, tablet or smartphone can use REACH. If you don’t have a pricey headset, you can still enjoy WebVR experiences like REACH through your browser. All it takes is a link.
This is critical if we want this new medium to grow and it’s why De La Peña chose to create a WebVR platform like REACH that lowers the barrier to entry and puts VR in the hands of the people.
Innovators like Nonny de la Peña have the vision, drive, and stubborn optimism to create positive change in the world. By supporting efforts like REACH, you can empower creators to build experiences that speak to you and tell stories that help break down the walls that divide us.
REACH is currently in beta. You can sign up to be a beta tester at beta.reach.love
After another eight week cycle was been completed, curl shipped a new release into the world. 7.65.0 brings some news and some security fixes but is primarily yet again a set of bug-fixes bundled up. Remember 7.64.1?
As always, download it straight from curl.haxx.se!
One fun detail on this release: we have 500 less lines of source code in the lib/ directory compared to the previous release!
Things that happened in curl since last release:
we announced a new Bug Bounty program and already paid the first rewards
CURLOPT_MAXAGE_CONN is a new option that controls how long to keep a live connection in the connection cache for reuse.
Security
This release comes with fixes for two separate security problems. Both rated low risk. Both reported via the new bug bounty program.
CVE-2019-5435 is an issue in the recently introduced URL parsing API. It is only a problem in 32 bit architectures and only if an application can be told to pass in ridiculously long (> 2GB) strings to libcurl. This bug is similar in nature to a few other bugs libcurl has had in the past, and to once and for all combat this kind of flaw libcurl now (in 7.65.0 and forward) has a “maximum string length” limit for strings that you can pass to it using its APIs. The maximum size is 8MB. (The reporter was awarded 150 USD for this find.)
CVE-2019-5436 is a problem in the TFTP code. If an application decides to uses a smaller “blksize” than 504 (default is 512), curl would overflow a buffer allocated on the heap with data received from the server. Luckily, very few people actually download data from unknown or even remote TFTP servers. Secondly, asking for a blksize smaller than 512 is rather pointless and also very rare: the primary point in changing that size is to enlarge it. (The reporter was awarded 200 USD for this find.)
Bug-fixes
Over one hundred bug-fixes landed in this release, but some of my favorites from release cycle include…
mark connection for close on TLS close_notify
close_notify is a message in the TLS protocol that means that this connection is about to close. In most circumstances that message doesn’t actually provide information to curl that is needed, but in the case the connection is closed prematurely, understanding that this message preceded the closure helps curl act appropriately. This change was done for the OpenSSL backend only as that’s where we got the bug reported and worked on it this time, but I think we might have reasons to do the same for other backends going forward!
show port in the verbose “Trying …” message
The verbose message that says “Trying 12.34.56.78…” means that curl has sent started a TCP connect attempt to that IP address. This message has now been modified to also include the target port number so when using -v with curl 7.65.0, connecting to that same host for HTTPS will instead say “Trying 12.34.56.78:443…”.
To aid debugging really. I think it gives more information faster at a place you’re already looking.
new SOCKS 4+5 test server
The test suite got a brand new SOCKS server! Previously, all SOCKS tests for both version 4 and version 5 were done by firing up ssh (typically openssh). That method was decent but made it hard to do a range of tests for bad behavior, bad protocol replies and similar. With the new custom test server, we can basically add whatever test we want and we’ve already extended the SOCKS testing to cover more code and use cases than previously.
SOCKS5 user name and passwords must be shorter than 256
curl allows user names and passwords provided in URLs and as separate options to be more or less unrestricted in size and that include if the credentials are used for SOCKS5 authentication – totally ignoring the fact that the protocol SOCKS5 has a maximum size of 255 for the fields. Starting now, curl will return an error if the credentials for SOCKS5 are too long.
Warn if curl and libcurl versions do not match
The command line tool and the library are independent and separable, as in you can run one version of the curl tool with another version of the libcurl library. The libcurl API is solid enough to allow it and the tool is independent enough to not restrict it further.
We always release curl the command line tool and libcurl the library together, using the same version number – with the code for both shipped in the same single file.
There should rarely be a good reason to actually run curl and libcurl with different versions. Starting now, curl will show a little warning if this is detected as we have learned that this is almost always a sign of an installation or setup mistake. Hopefully this message will aid people to detect the mistake earlier and easier.
Better handling of “–no-” prefixed options
curl’s command line parser allows users to switch off boolean options by prefixing them with dash dash no dash. For example we can switch off compressed responses by using “–no-compression” since there regular option “–compression” switches it on.
It turned out we stripped the “–no-” thing no regarding if the option was boolean or not and presumed the logic to handle it – which it didn’t. So users could actually pass a proxy string to curl with the regular option “–proxy” as well as “–no-proxy”. The latter of course not making much sense and was just due to an oversight.
In 7.65.0, only actual boolean command line options can be used with “–no-“. Trying it on other options will cause curl to report error for it.
Add CURLUPART_ZONEID to the URL API
Remember when we added a new URL parsing API to libcurl back in 7.62.0? It wasn’t even a year ago! When we did this, we also changed the internals to use the same code. It turned out we caused a regression when we parsed numerical IPv6 addresses that provide the zone ID within the string. Like this: “https://[ffe80::1%25eth0]/index.html”
Starting in this release, you can both set and get the zone ID in a URL using the API, but of course setting it doesn’t do anything unless the host is a numeric IPv6 address.
parse proxy with the URL parser API
We removed the separate proxy string parsing logic and instead switched that over to more appropriately use the generic URL parser for this purpose as well. This move reduced the code size, made the code simpler and makes sure we have a unified handling of URLs! Everyone is happy!
longer URL schemes
I naively wrote the URL parser to handle scheme names as long as the longest scheme we support in curl: 8 bytes. But since the parser can also be asked to parse URLs with non-supported schemes, that limit was a bit too harsh. I did a quick research, learned that the longest currently registered URI scheme is 36 characters (“microsoft.windows.camera.multipicker”). Starting in this release , curl accepts URL schemes up to 40 bytes long.
Coming up next
There’s several things brewing in the background that might be ready to show in next release. Parallel transfers in the curl tool and deprecating PolarSSL support seem likely to happen for example. Less likely for this release, but still being worked on slowly, is HTTP/3 support.
We’re also likely to get a bunch of changes and fine features we haven’t even thought about from our awesome contributors. In eight weeks I hope to write another one of these blog posts explaining what went into that release…
Wow, what a weekend! Hopefully your add-ons are all working now.
A small set of users are still reporting add-on outages. We suspect that the Master Password and Anti-virus software are interfering with the original fix for those users. We’ve released 66.0.5 to try to handle those cases.
…and everyone is reviewing like crazy to get things in 68 as planned because this weekend was “relaxing downtime” before soft code freeze.
Applications
Lockwise
Rebranding going on this week.
The team is working on polishing the extension for an initial release, and then integrating the extension into desktop Firefox.
Firefox Accounts
Ed and Vlad are finalizing the sign-in UX for Fenix, our next-generation Android browser 🚦
Ed landed Rust APIs for FxA device registration and New Send Tab. Grisha is working on integrating this into Android Components so that Fenix can use it 📑
Sync and Storage
Mark has an RFC for a sync manager in Rust, to orchestrate syncing of multiple data types 🔄
Thom landed code to import Firefox for iOS bookmarks into the Rust bookmarks component. The next iOS release will use the bookmarks component, and offer bookmark editing! 🔖
Lina has been working on adding telemetry for Android and iOS 🔍, and enabled the new bookmark sync by default in Nightly and Beta 📚
Push
Jonathan and JR are bringing Push for internal Mozilla consumers (New Send Tab, FxA verification) to Fenix! 📣
Browser Architecture
RKV conversions have been rolled back for now while we investigate issues migrating from 32-bit to 64-bit builds.
browser.html conversion ready to go, but waiting until the next cycle.
Fluent cache for chrome documents ready to land. This will fix corner cases where DOM mutations might not trigger Fluent updates.
Developer Tools
Console
Jefry Lagrange added a way to export console output to a file in bug 1517728.
“Copy as Fetch” and “Use in console” have been added to the network monitor context menu in bug 1540054.
When CSS warnings are displayed in the console, you can now expand them (like a console group) to reveal all the DOM nodes that this warning applies to. So it allows you to jump from a CSS warning in the console directly to the inspector.
Debugger
Work on DOM & Event breakpoints started
Progress with captured stacks for various errors appearing in the Console panel (for web developers) or Browser Console window (for browser + addon developers).
Network
Local HTTP requests are marked as secure now (bug).
Remote Debugging
DevTools shortcuts now supported in about:devtools-toolbox (bug)
Favicons and user friendly titles for about:debugging and about:devtools-toolbox (bug)
This should allow us to avoid searching the disk for those files on start-up for users that don’t have those customizations, which will improve start-up performance.
aswan did some detective work and found some nice places where we can improve start-up time in the AddonManager for brand new profiles
We also landed the telemetry pieces to do the announced release measurements on permission prompt usage in 67 release. This will hopefully allow us to narrow down on a set of good heuristics for automatically blocking.
Mozilla recently announced that we are planning to de-commission irc.mozilla.org in favour
of a yet to be determined solution. As a long time user and supporter of IRC, this decision causes
me some melancholy, but I 100% believe that it is the right call. Moreover, having had an inside
glimpse at the process to replace it, I’m supremely confident whatever is chosen will be the best
option for Mozilla’s needs.
I’m not here to explain why deprecating IRC is a good idea. Otherpeople have
already done so much more eloquently than I ever could have. I’m also not here to push for a
specific replacement. Arguing over chat applications is like arguing over editors or version
control. Yes, there are real and important differences from one application to the next, but if
there’s one thing we’re spoiled for in 2019 it’s chat applications. Besides, so much time has been
spent thinking about the requirements, there’s little anyone could say on the matter that
hasn’t already been considered for hours.
This post is about an unrelated, but adjacent issue. An issue that began when mozilla.slack.com
first came online, an issue that will likely persist long after irc.mozilla.org rides off into
the sunset. An issue I don’t think is brought up enough, and which I’m hoping to start some
discussion on now that communication is on everyone’s mind. I’m talking about using two
communication platforms at once. For now Slack and IRC, soon to be Slack and something else.
New in Firefox 67, the prefers-color-scheme media feature allows sites to adapt their styles to match a user’s preference for dark or light color schemes, a choice that’s begun to appear in operating systems like Windows, macOS and Android. As an example of what this looks like in the real world, Bugzilla uses prefers-color-scheme to trigger a brand new dark theme if the user has set that preference.
The prefers-color-scheme media feature is currently supported in Firefox and Safari, with support in Chrome expected later this year.
Additionally, the revert keyword is now supported, making it possible to revert one or more CSS property values back to their original values specified by the user agent’s default styles (or by a custom user stylesheet if one is set). Defined in Cascading and Inheritance Level 4, revert is also supported by Safari.
WebRender’s Stable Debut
Nearly four years ago we started work on a new rendering architecture for Firefox with the goal of better utilizing modern graphics hardware. Today, we’re beginning to gradually enable WebRender for users on Windows 10 with qualified hardware. This marks the first time that WebRender has been enabled outside of Nightly and Beta builds of Firefox, and we hope to expand the supported platforms in future releases.
Firefox 67 and 68 Developer Edition bring enormous improvements to Firefox’s JavaScript Debugger. Discover faster load times, amazing support for source maps, more predictable breakpoints, brand new logpoints, and much more.
In addition to the Debugger, the Web Console saw numerous updates, including greater keyboard accessibility and support for importing modules into the current page.
We’ve also removed or deprecated a few seldom-used and experimental tools, including the Canvas Debugger, Shader Editor, Web Audio Inspector, and WebIDE.
In addition, the browser will warn you if you try to open a newer profile with an older version of Firefox, as such mismatches can occasionally lead to data loss. This protection can be bypassed with the new -allow-downgrade command line argument.
Enhanced Privacy Controls
Firefox 67 better protects your privacy online with new Content Blocking options to avoid known cryptominers and fingerprinters.
This is the default for all newly installed extensions in Firefox 67, though your previously installed extensions will receive permission by default. You can adjust these permissions on a per-extension basis by visiting about:addons.
Easier Access to Firefox Accounts and Saved Passwords
We’re working hard to make Firefox Accounts more useful and discoverable this year, starting with a new default icon in the browser toolbar.
The new icon indicates whether or not you’re signed into a Firefox Account, and makes it easy to perform actions like sending tabs to other devices or manually triggering a sync. Like other toolbar buttons, you can freely move or hide the Firefox Account button according to your preferences.
Check out the many improvements to Firefox’s built-in password manager, including quicker access to your list of saved credentials. You can either click on the new “Logins and Passwords” item in the main menu, or the new “View Saved Logins” button in the login autocomplete popup.
This can be especially useful if you need to look up or edit a login outside of the normal autofill workflow. And, if you use Firefox Sync, you can access your saved passwords with the Firefox Lockbox app for Android or iOS.
Web Platform Features
Support for legacy FIDO U2F APIs
We’ve enabled legacy FIDO U2F support to improve backwards compatibility with sites that have not yet upgraded to its standards-based successor, WebAuthn.
These APIs make it possible for websites to authenticate users with strong, hardware-backed authentication mechanisms like USB security keys or Windows Hello.
AV1 on Windows, Linux, and macOS
Firefox now supports AV1, a next-generation video codec, on all major desktop platforms. Also, playback on those platforms is now powered by dav1d, a faster and more efficient AV1 decoder developed by the VideoLAN and FFmpeg communities.
JavaScript: String.prototype.matchAll() and Dynamic Imports
Firefox joins Chrome in supporting the matchAll() String prototype method, which takes a regular expression and returns an iterator of all matching text, including capturing groups.
The import() function can now be used to dynamically load JavaScript modules, similarly to how the static import statement works. Now it’s possible to load modules conditionally or in response to user actions, though such imports are harder to reason about for build tools that use static analysis for optimizations like tree shaking.
And more awaits!
This release includes plenty of other fixes and enhancements not covered here, and lots more to come. So what are you waiting for? Download Firefox 67 today and let us know what you think!
With the introduction of the new Firefox Quantum browser in 2017 we changed the look, feel, and performance of our core product. Since then we have launched new products to complement your experience when you’re using Firefox and serve you beyond the browser. This includes Facebook Container, Firefox Monitor and Firefox Send. Collectively, they work to protect your privacy and keep you safe so you can do the things you love online with ease and peace of mind. We’ve been delivering on that promise to you for more than twenty years by putting your security and privacy first in the building of products that are open and accessible to all.
Today’s new Firefox release continues to bring fast and private together right at the crossroads of performance and security. It includes improvements that continue to keep Firefox fast while giving you more control and assurance through new features that your personal information is safe while you’re online with us.
To see how much faster Firefox is today take a look:
How did we make Firefox faster?
To make Firefox faster, we simply prioritized our performance management “to-do” list. We applied many of the same principles of time management just like you might prioritize your own urgent needs. For example, before you go on a road trip, you check for a full tank of gas, make sure you have enough oil, or have the right air pressure in your tires.
For this latest Firefox release, we adopted the well-known time management strategy of “procrastinate on purpose.” The result is that Firefox is better at performing tasks at the optimal time. Here’s how we reorganized our to-do list to make Firefox faster:
Deprioritize least commonly used features: We reviewed areas that we felt could be delayed and delivered on “painting” the page faster so you can browse quicker. This includes delaying set Timeout in order to prioritize scripts for things you need first while delaying others to help make the main scripts for Instagram, Amazon and Google searches execute 40-80% faster; scanning for alternative style sheets after page load; and not loading the auto-fill module unless there is an actual form to complete.
Suspend Idle Tabs: You shouldn’t feel guilty about opening a zillion tabs, but keeping all those tabs open uses your computer’s memory and slows down its performance. Firefox will now detect if your computer’s memory is running low, which we define as lower than 400MB, and suspend unused tabs that you haven’t used or looked at in a while. Rest assured if you decide you want to review that webpage, simply click on the tab, and it will reload where you left off.
Faster startup after customization: For users who have customized their browser with an add-on like a favorite theme, for example changing it to the seasons of the year, or utilizing one of the popular ad-blockers, we’ve made it so that the browser skips a bunch of unnecessary work during subsequent start-ups.
For today’s release we continue to bring you privacy features and set protections to help you feel safe online when you are with Firefox. Today’s privacy features include:
Blocking fingerprinting and cryptomining: In August 2018, we shared our adapted approach to anti-tracking to address growing consumer demand for features and services that respect online privacy. One of the three key areas we said we’d tackle was mitigating harmful practices like fingerprinting which builds a digital fingerprint that tracks you across the web, and cryptomining which uses the power of your computer’s CPU to generate cryptocurrency for someone else’s benefit. Based on recent testing of this feature in our pre-release channels last month, today’s Firefox release gives you the option to “flip a switch” in the browser and protect yourself from these nefarious practices.
To turn this feature on click on the small “i” icon in the address bar and under Content Blocking, click on the Custom gear on the right side. The other option is to go to your Preferences. Click on Privacy & Security on the left hand side. From there, users will see Content Blocking listed at the top. Select Custom and check “Cryptominers” and “Fingerprinters” so that they are both blocked.
Saving Passwords– Although you may enjoy what Private Browsing has to offer, you may still want some of the convenience from a typical Firefox experience. This included not having to type in passwords each time you visit a site. In today’s release, you can visit a site in Private Browsing without the hassle of typing in your password each time. Registering and saving passwords for a website in Private Browsing will work just as it does in normal mode.
Enable or Disable add-ons/web extensions – Starting with today’s release, you can now decide which extensions you want to enable or disable in Private Browsing. As part of installing an extension, Firefox will ask if it should be allowed to run in Private Browsing, with a default of Don’t Allow. For extensions you’ve installed before today’s release, you can go to your Add-Ons menu and enable or disable for Private Browsing by simply clicking on the extension you’d like to manage.
Manage existing add-ons
Additional features in today’s release:
Online accessibility for all –Mozilla has always strived to make the web easier to access for everyone. We’re excited to roll out a fully keyboard accessible browser toolbar in today’s release. To use this feature, simply press the “tab” or “arrow” keys to reach the buttons on the right end of the toolbar including their extension buttons, the toolbar button overflow panel and the main Firefox menu. This is just one more step forward in making access to the web easier for everyone, no matter what your abilities are. To learn about our work on accessibility, you can read more on our Internet Citizen blog.
WebRender Update – We will be shipping WebRender to a small group of users, specifically Windows 10 desktop users with NVIDIA graphics cards. Last year we talked about integrating WebRender, our next-generation GPU-based 2D rendering engine. WebRender will help make browsing the web feel faster, efficient, and smoother by moving core graphics rendering processes to the Graphics Processing Unit. We are starting with this group of users and plan to roll out this feature throughout the year. To learn more visit here.
Smoother video playback with today’s AV1 Update –AV1 is the new royalty-free video format jointly developed by Mozilla, Google, Microsoft, Amazon and others as part of the Alliance for Open Media (AOMedia). We first provided AV1 support by shipping the reference decoder in January’s Firefox release. Today’s Firefox release is updated to use the newer, higher-performance AV1 decoder known as dav1d. We have seen great growth in the use of AV1 even in just a few months, with our latest figures showing that 11.8% of video playback in Firefox Beta used AV1, up from 0.85% in February and 3% in March.
To see what else is new or what we’ve changed in today’s release, you can check out our release notes.
Check out and download the latest version of Firefox Quantum, available here.
Cryptocurrency, cryptomining. We hear these terms thrown around a lot these days. It’s a new way to invest. It’s a new way to pay. It’s a new way to be … Read more
Is your computer fan spinning up for no apparent reason? Your electricity bill inexplicably high? Your laptop battery draining much faster than usual? It may not be all the Netflix … Read more
If you wonder why you keep seeing the same ad, over and over, the answer could be fingerprinting. Fingerprinting is a type of online tracking that’s different from cookies or … Read more
Private browsing was invented 14 years ago, making it possible for users to close a browser window and erase traces of their online activity from their computers. Since then, we’ve … Read more
After many months of hard work and preparation, I’m pleased to announce the general availability of WebRender for selected Windows 10 devices. WebRender is a major rewrite of the Firefox rendering architecture using the same kind of GPU-based acceleration techniques used by games.
Until now, our browser rendering pipeline varied depending on the platform and OS. This has a number of drawbacks:
In some of those variations, rendering happens on the main CPU, which consumes resources that could otherwise be used to run the rest of the browser.
It is costly in terms of time and overhead to maintain and support multiple backends.
WebRender replaces this with a modern, unified architecture which consists of two major elements:
The representation of the page in the compositor is no longer a set of rasterized layers, but now an unrasterized display list.
The compositing and rasterization steps have been joined into a single GPU-powered rendering step.
This design provides very fast throughput and eliminates the need for complicated heuristics to guess which parts of the website might change in future frames. Moreover, a single backend that we control means bringing hardware acceleration to more of our users: we run the same code across Windows, Mac, Linux, and Android, and we’re much better-equipped to work around driver bugs and avoid blacklisting. It also moves GPU work out of the content process which will let us have stricter sandboxing in the content process.
We’ve seen significant performance improvements on many websites already, but we’ve only scratched the surface of what’s possible with this architecture. Expect to see even more performance improvements as we begin to take full advantage of our architectural investment in WebRender.
Release Schedule
Since WebRender was quite a large undertaking, we decided to split up the release across a number of smaller targets. The aim of today’s release is to ship a WebRender MVP (minimum viable product) to one target; we plan to learn from that, and then gradually ship WebRender to additional platforms. This release of Firefox 67 will see us roll-out WebRender to users running Windows 10 on desktop machines with NVIDIA graphics cards. This currently represents approximately 4% of Firefox’s desktop population.
The go-live date for Firefox 67 is Tuesday, May 21st at 6am PST. WebRender will ship disabled by default. On May 27th, 25% of the qualified population will have WebRender enabled. We will then increase that rollout to 50% by Thursday, May 30th – assuming that everything is going smoothly. WebRender will then be enabled for 100% of the qualified population by the following week.
We will be keeping a close eye on various health metrics to ensure everything is working as expected. We also plan to conduct an A/B test to compare performance against non-WebRender-enabled Firefox instances in release. We have spent the past several months putting WebRender through its paces in Nightly and Beta and even conducted an experiment in the Firefox 66 release to help uncover any potential bugs and issues we might face.
This milestone is a significant one, and we are excited to get here! A big congrats goes out to everyone on the Graphics team and all of those who have pitched in to help us get to this point. We are all looking forward to shipping WebRender to more users throughout the rest of this year.
FAQs
So, is WebRender faster/better than non-WebRender?
When it came to performance, our main goal for the MVP was to avoid regressing performance or correctness vs. making it wildly better right away. That said, during our experiments in Nightly and Beta, we’ve observed that users with WebRender experience less jank, and that a number of website performance problems disappear. We will keep a close eye on our metrics as we ship throughout Firefox 67 and will report back on how things are looking in Release.
We are also continuing to prioritize performance work in WebRender. Picture caching 2.0, various display list improvements, and document splitting are all enhancements that leverage our flexible, new architecture to speed things up further.
How did you decide which hardware you were going to target for the MVP?
There are a couple of reasons why we choose to ship WebRender first on Windows 10 machines with NVIDIA graphics cards. This is the platform where we currently have the best performance with WebRender, and we wanted to compete with our flagship graphics experience to prove that this was a better architecture. Also the percentage of Firefox users with this combination in release (approximately 4%) is a safe number such that we don’t introduce too much risk for this first milestone.
Feels like y’all have been talking about WebRender for a while now. Why has it taken so long?
In short: computers are hard.
WebRender started as an experiment in the Servo research project and as such, only needed to support a small number of use cases. Integrating WebRender into Gecko meant that we had to build on that and account for the multitude of variables possible to encounter in sites on the web today. As I am sure you can imagine, that has been no small feat.
Replacing the browser’s existing rendering engine is a task that required careful consideration, planning and thoughtfulness. We have basically been performing open heart surgery on a living, moving beast (that wasn’t put under anaesthesia).
The good news is that we have learned quite a bit throughout this process and are confident in our plans going forward when it comes to continuing to ship WebRender this year.
I am not on qualified hardware, but I really want to try WebRender! How can I help/test?
We currently have WebRender enabled in Nightly for:
Recent Intel and AMD GPUs on Windows 10 desktops
Linux users on Intel integrated GPUs with Mesa 18.2 or newer with screens smaller than 4K
To turn on WebRender, go to about:config, enable the gfx.webrender.all pref, and restart the browser. Note: doing so may cause pages to render incorrectly, your browser to crash, or other problems. Proceed with caution!
The best place to report bugs related to WebRender in Firefox is the Graphics :: WebRender component in Bugzilla.
Congrats on shipping the MVP! When are you shipping WebRender to more places?
Why, thank you! Our goal is to ship WebRender out to more users throughout the year while continuing to make it more performant. Our top priorities for the next few months will be the following:
Monitor the health of Firefox 67 and continue to work on some correctness bugs for Firefox 68
Ship WebRender to users running Windows 10 on desktop with AMD graphics cards in Firefox 68
We are also currently working on the foundational tasks for getting WebRender performing well on Android/GeckoView and deciding when we can turn that on in GeckoView Nightly
We also want to determine potential release targets for hardware with Intel graphics cards
We got together in Toronto in early April and created a high-level roadmap.
We will keep everyone posted as our plans develop.
Hello and welcome to another issue of This Week in Rust!
Rust is a systems language pursuing the trifecta: safety, concurrency, and speed.
This is a weekly summary of its progress and community.
Want something mentioned? Tweet us at @ThisWeekInRust or send us a pull request.
Want to get involved? We love contributions.
This Week in Rust is openly developed on GitHub.
If you find any errors in this week's issue, please submit a PR.
Rust in Motion - a video series by Carol Nichols and Jake Goulding (requires purchase).
Rust in Action - a book by Tim McNamara (early access, requires purchase).
Crate of the Week
This week we have two crates: memory-profiler, does what it says on the box. momo is a procedural macro that outlines generic conversions to reduce monomorphized code. Thanks to ehsanmok and llogiq for the suggestion!
Always wanted to contribute to open-source projects but didn't know where to start?
Every week we highlight some tasks from the Rust community for you to pick and get started!
Some of these tasks may also have mentors available, visit the task page for more information.
If you are running a Rust event please add it to the calendar to get
it mentioned here. Please remember to add a link to the event too.
Email the Rust Community Team for access.
Tweet us at @ThisWeekInRust to get your job offers listed here!
Quote of the Week
Just the presence of well integrated Algebraic Data Types (ADTs) makes an incredible amount of difference. They are used to represent errors in a meaningful and easy to understand way (Result<T>), are used to show that a function may or may not return a meaningful value without needing a garbage value (Option<T>), and the optional case can even be used to wrap a null pointer scenario in a safe way (Option<Ref<T>> being the closest to a literal translation I think).
That’s just one small feature that permeates the language. Whatever the opposite of a death-of-a-thousand-cuts is, Rust has it.
We're excited for the 2019 conference season, which we're actually late in writing up. Some
incredible events have already happened! Read on to learn more about all the events occurring
around the world, past and future.
The Rust Latam Conference is Latin America's leading event about Rust. Their first
event happened in Montevideo this year, and the videos are available to watch!
Rust Latam plans to be a yearly event, so watch Twitter for information about next
year's event.
Oxidize was a conference specifically about using Rust on embedded devices that took
place in Berlin. The videos are now available on YouTube, and follow @oxidizeconf on Twitter for future updates.
June 28-29, 2019: RustLab
RustLab is a new conference for this year that will be taking place in Florence, Italy.
Their session and workshop lineup has been announced, and tickets are now available! Follow the
conference on Twitter for the most up-to-date information.
August 22-23: RustConf
The official RustConf will again be taking place in Portland, OR, USA. Thursday is a
day of trainings and Friday is the main day of talks. See Twitter for the latest
announcements!
September 20-21: Colorado Gold Rust
Colorado Gold Rust is a new conference for this year, and is taking place in
Denver, CO, USA. Their CFP and ticket sales are open now, and you can also follow them on
twitter!
October 18-19: Rust Belt Rust
This year's Rust Belt Rust will be taking place in Dayton, OH, USA, the birthplace of
flight! The CFP and ticket sales will open soon. Check Twitter for announcements.
November: RustFest Barcelona
The exact dates for RustFest Barcelona haven't been announced yet, but it's
slated to happen sometime in November. Keep an eye on the RustFest Twitter for
announcements!
We are so lucky and excited to have so many wonderful conferences around the world in 2019! Have
fun at the events, and we hope there are even more in 2020!
TenFourFox Feature Parity Release 14 final is now available for testing (downloads, hashes, release notes). Besides outstanding security updates, this release fixes the current tab with TenFourFox's AppleScript support so that this exceptional script now functions properly as expected:
tell application "TenFourFoxG5" tell front browser window set URL of current tab to "https://www.google.com/" repeat while (current tab is busy) delay 1 end repeat tell current tab run JavaScript "let f = document.getElementById('tsf');f.q.value='tenfourfox';f.submit();" end tell repeat while (current tab is busy) delay 1 end repeat tell current tab run JavaScript "return document.getElementsByTagName('h3')[0].innerText + ' ' + document.getElementsByTagName('cite')[0].innerText" end tell end tell end tell
The font blacklist has also been updated and I have also hard-set the frame rate to 30 in the pref even though the frame rate is capped at 30 internally and such a change is simply a placebo. However, there are people claiming this makes a difference, so now you have your placebo pill and I hope you like the taste of it. :P The H.264 wiki page is also available, if you haven't tried MPEG-4/H.264 playback. The browser will finalize Monday evening Pacific as usual.
For FPR15, the JavaScript update that slipped from this milestone is back on. It's hacky and I don't know if it will work; we may be approaching the limits of feature parity, but it should compile, at least. I'm trying to reduce the changes to JavaScript in this release so that regressions are also similarly limited. However, I'm also looking at adding some later optimizations to garbage collection and using Mozilla's own list of malware scripts to additionally seed basic adblock, which I think can be safely done simultaneously.
The first version of the WebXR Device API is close to being finalized, and browsers will start implementing the standard soon (if they haven't already). Over the past few months we've been working on updating the WebXR Viewer (source on github, new version available now on the iOS App Store) to be ready when the specification is finalized, giving developers and users at least one WebXR solution on iOS. The current release is a step along this path.
Most of the work we've been doing is hidden from the user; we've re-written parts of the app to be more modern, more robust and efficient. And we've removed little-used parts of the app, like video and image capture, that have been made obsolete by recent iOS capabilities.
There are two major parts to the recent update of the Viewer that are visible to users and developers.
A New WebXR API
We've updated the app to support a new implementation of the WebXR API based on the official WebXR Polyfill. This polyfill currently implements a version of the standard from last year, but when it is updated to the final standard, the WebXR API used by the WebXR Viewer will follow quickly behind. Keep an eye on the standard and polyfill to get a sense of when that will happen; keep an eye on your favorite tools, as well, as they will be adding or improving their WebXR support over the next few months. (The WebXR Viewer continues to support our early proposal for a WebXR API, but that API will eventually be deprecated in favor of the official one.)
We've embedded the polyfill into the app, so the API will be automatically available to any web page loaded in the app, without the need to load a polyfill or custom API. Our goal is to have any WebXR web applications designed to use AR on a mobile phone or tablet run in the WebXR Viewer. You can try this now, by enabling the "Expose WebXR API" preference in the viewer. Any loaded page will see the WebXR API exposed on navigator.xr, even though most "webxr" content on the web won't work right now because the standard is in a state of constant change.
You can find the current code for our API in the webxr-ios-js, along with a set of examples we're creating to explore the current API, and future additions to the API.These examples are available online. A glance at the code, or the examples, will show that we are not only implementing the initial API, but also building implementations of a number of proposed additions to the standard, including anchors, hit testing, and access to real world geometry. Implementing support for requesting geospatial coordinate system alignment allows integration with the existing web Geolocation API, enabling AR experiences that rely on geospatial data (illustrated simply in the banner image above). We will soon be exploring an API for camera access to enable computer vision.
Most of these APIs were available in our previous WebXR API implementation, but the former here more closely aligns with the work of the Immersive Web Community group. (We have also kept a few of our previous ARKit-specific APIs, but marked them explicitly as not being on the standards-track yet.)
A New Approach to WebXR Permissions
The most visible change to the application is a permissions API that is popped up when a web page requests a WebXR Session. Previously, the app was an early experiment and devoted to WebXR applications built with our custom API, so we did not explicitly ask for permission, inferring that anyone running an app in our experimental web browser intends to use WebXR capabilities.
When WebXR is released, browsers will need to obtain a user's permission before a web page can access the potentially sensitive data available via WebXR. We are particularly interested in what levels of permissions WebXR should have, so that users retain control of what data apps may require. One approach that seems reasonable is to differentiate between basic access (e.g., device motion, perhaps basic hit testing against the world), access to more detailed knowledge of the world (e.g., illumination, world geometry) and finally access to cameras and other similar sensors. The corresponding permission dialogs in the Viewer are shown here.
If the user gives permission, an icon in the URL bar shows the permission level, similar to the camera and microphone access icons in Firefox today.
Tapping on the icon brings up the permission dialog again, allowing the user to temporarily restrict the flow of data to the web app. This is particularly relevant for modifying access to cameras, where a mobile user (especially when HMDs are more common) may want to turn off sensors depending on the location, or who is nearby.
A final aspect of permissions we are exploring is the idea of a "Lite" mode. In each of the dialogs above, a user can select Lite mode, which brings up a UI allowing them to select a single ARKit plane.
The APIs that expose world knowledge to the web page (including hit testing in the most basic level, and geometry in the middle level) will only use that single plane as the source of their actions. Only that plane would produce hits, and only that plane would have it's geometry sent into the page. This would allow the user to limit the information passed to a page, while still being able to access AR apps on the web.
Moving Forward
We are excited about the future of XR applications on the web, and will be using the WebXR Viewer to provide access to WebXR on iOS, as well as a testbed for new APIs and interaction ideas. We hope you will join us on the next step in the evolution of WebXR!
On Thursday April 18, my primary mechanism for talking to friends notified me that it was going away. I’d been using BlackBerry Messenger (BBM) since I started work at Research in Motion in 2008 and had found it to be tolerably built. It messaged people instantly over any data connection I had access to, what more could I ask for?
The most important BBM feature in my circle of contacts was its Groups feature. A bunch of people with BBM could form a Group and then messages, video, pictures, lists were all shared amongst the people in the group.
Essentially it acted as a virtual private social network. I could talk to a broad group of friends about the next time were getting together or about some cute thing my daughter did. I could talk to the subset who lived in Waterloo about Waterloo activities, and whose turn it was for Sunday Dinner. The Beers group kept track of whose turn it was to pay, and it combined nicely with the chat for random nerdy tidbits and coordinating when each of us arrived at the pub. Even my in-laws had a group to coordinate visits, brag about child developmental milestones, and manage Christmas.
And then BBM announced it was going away, giving users six weeks to find a replacement… or, as seemed more likely to me, replacements.
First thing I did, since the notice came during working hours, was mutter angrily that Mozilla didn’t have an Instant Messaging product that I could, by default, trust. (We do have a messaging product, but it’s only for Desktop and has an email focus.)
The second thing I did was survey the available IM apps, cross-correlating them with whether or not various of my BBM contacts already had it installed… the existing landscape seemed to be a mess. I found that WhatsApp was by far the most popular but was bought by Facebook in 2014 and required a real phone number for your account. Signal’s the only one with a privacy/security story that I and others could trust (Telegram has some weight here, but not much) but it, too, required a phone number in order to sign up. Slack’s something only my tech friends used, and their privacy policy was a shambles. Discord’s something only my gaming friends used, and was basically Slack with push-to-talk.
So we fragmented. My extended friend network went to Google Hangouts, since just about everyone already had a Google Account anyway (even if they didn’t use it for anything). The Beers group went to Discord because a plurality of the group already had it installed.
And my in-laws’ family group… well, we still have two weeks left to figure that one out. Last I heard someone was stumping for Facebook Messenger, to which I replied “Could we not?”
The lack of reasonable options and the (sad, understandable) willingness of my relatives to trade privacy for convenience is bothering me so much that I’ve started thinking about writing my own IM/virtual private social network.
You’d think I’d know better than to even think about architecting anything even close to either of those topics… but the more I think about it the more webtech seems like an ideal fit for this. Notifications, Push, ServiceWorkers, WebRTC peer connections, TLS, WebSockets, OAuth: stir lightly et voila.
But even ignoring the massive mistake diving into either of those ponds full of crazy would be, the time was too short for that four weeks ago, and is trebly so now. I might as well make my peace that Facebook will learn my mobile phone number and connect it indelibly with its picture of what advertisements it thinks I would be most receptive to.
Script debugging is one of the most powerful and complex productivity features in the web developer toolbox. Done right, it empowers developers to fix bugs quickly and efficiently. So the question for us, the Firefox DevTools team, has been, are the Firefox DevTools doing it right?
We’ve been listening to feedback from our community. Above everything we heard the need for greater reliability and performance; especially with modern web apps. Moreover, script debugging is a hard-to-learn skill that should work in similar fashion across browsers, but isn’t consistent because of feature and UI gaps.
With these pain points in mind, the DevTools Debugger team – with help from our tireless developer community – landed countless updates to design a more productive debugging experience. The work is ongoing, but Firefox 67 marks an important milestone, and we wanted to highlight some of the fantastic improvements and features. We invite you to open up Firefox Quantum: Developer Edition, try out the debugger on the examples below and your projects and let us know if you notice the difference.
A rock-solid debugging experience
Fast and reliable debugging is the result of many smaller interactions. From initial loading and source mapping to breakpoints, console logging, and variable previews, everything needs to feel solid and responsive. The debugger should be consistent, predictable, and capable of understanding common tools like webpack, Babel, and TypeScript.
We can proudly say that all of those areas have improved in the past months:
Faster load time. We’ve eliminated the worst performance cliffs that made the debugger slow to open. This has resulted in a 30% speedup in our performance test suite. We’ll share more of our performance adventures in a future post.
Excellent source map support. A revamped and faster source-map backend perfects the illusion that you’re debugging your code, not the compiled output from Babel, Webpack, TypeScript, vue.js, etc.
Generating correct source maps can be challenging, so we also contributed patches to build tools (i.e. babel, vue.js, regenerator) – benefiting the whole ecosystem.
Reduced overhead when debugger isn’t focused. No need to worry any longer about keeping the DevTools open! We found and removed many expensive calculations from running in the debugger when it’s in the background.
Predictable breakpoints, pausing, and stepping. We fixed many long-standing bugs deep in the debugger architecture, solving some of the most common and frustrating issues related to lost breakpoints, pausing in the wrong script, or stepping through pretty-printed code.
Faster variable preview. Thanks to our faster source-map support (and lots of additional work), previews are now displayed much more quickly when you hover your mouse over a variable while execution is paused.
These are just a handful of highlights. We’ve also resolved countless bugs and polish issues.
Looking ahead
Foremost, we must maintain a high standard of quality, which we’ll accomplish by explicitly setting aside time for polish in our planning. Guided by user feedback, we intend to use this time to improve new and existing features alike.
Second, continued investment in our performance and correctness tests ensures that the ever-changing JavaScript ecosystem, including a wide variety of frameworks and compiled languages, is well supported by our tools.
Debug all the things with new features
Finding and pausing in just the right location can be key to understanding a bug. This should feel effortless, so we’ve scrutinized our own tools—and studied others—to give you the best possible experience.
Inline breakpoints for fine-grained pausing and stepping
Why should breakpoints operate on lines, when lines can have multiple statements? Thanks to inline breakpoints, it’s now easier than ever to debug minified scripts, arrow functions, and chained method calls. Learn more about breakpoints on MDN or try out the demo.
Logpoints combine the power of Console and Debugger
Console logging, also called printf() debugging, is a quick and easy way to observe your program’s flow, but it rapidly becomes tedious. Logpoints break that tiresome edit-build-refresh cycle by dynamically injecting console.log() statements into your running application. You can stay in the browser and monitor variables without pausing or editing any code. Learn more about log points on MDN.
Seamless debugging for JavaScript Workers
Web Workers power the modern web and need to be first-class concepts in DevTools. Using the new Threads panel, you can switch between and independently pause different execution contexts. This allows workers and their scripts to be debugged within the same Debugger panel, similarly to other modern browsers. Learn more about Worker debugging on MDN.
Human-friendly variable names for source maps
Debugging bundled and compressed code isn’t easy. The Source Maps project, started and maintained by Firefox, bridges the gap between minified code running in the browser and its original, human-friendly version, but the translation isn’t perfect. Often, bits of the minified build output shine through and break the illusion. We can do better!
By combining source maps with the Babel parser, Firefox’s Debugger can now preview the original variables you care about, and hide the extraneous cruft from compilers and bundlers. This can even work in the console, automatically resolving human-friendly identifiers to their actual, minified names behind the scenes. Due to its performance overhead, you have to enable this feature separately by clicking the “Map” checkbox in the Debugger’s Scopes panel. Read the MDN documentation on using the map scopes feature.
What’s next
Developers frequently need to switch between browsers to ensure that the web works for everyone, and we want our DevTools to be an intuitive, seamless experience. Though browsers have converged on the same broad organization for tools, we know there are still gaps in both features and UI. To help us address those gaps, please let us know where you experience friction when switching browsers in your daily work.
Your input makes a big difference
As always, we would love to hear your feedback on how we can improve DevTools and the browser.
While all these updates will be ready to try out in Firefox 67, when it’s released next week, we’ve polished them to perfection in Firefox 68 and added a few more goodies. Download Firefox Developer Edition (68) to try the latest updates for devtools and platform now.
I’m writing this in lieu of a traditional Firefox Front-end Performance Update, as I think this will be more useful in the long run than just a snapshot of what my team is doing.
I want to talk about main thread disk access (sometimes referred to more generally as “main thread IO”). Specifically, I’m going to argue that main thread disk access is lethal to program responsiveness. For some folks reading this, that might be an obvious argument not worth making, or one already made ad nauseam — if that’s you, this blog post is probably not for you. You can go ahead and skip most or all of it, if you’d like. Or just skim it. You never know — there might be something in here you didn’t know or hadn’t thought about!
For everybody else, scoot your chairs forward, grab a snack, and read on.
Disclaimer: I wouldn’t call myself a disk specialist. I don’t work for Western Digital or Seagate. I don’t design file systems. I have, however, been using and writing software for computers for a significant chunk of my life, and I seem to have accumulated a bunch of information about disks. Some of that information might be incorrect or imprecise. Please send me mail at mike dot d dot conley at gmail dot com if any of this strikes you as wildly inaccurate (though forgive me if I politely disregard pedantry), and then I can update the post.
The mechanical parts of a computer
If you grab a screwdriver and (carefully) open up a laptop or desktop computer, what do you see? Circuit boards, chips, wires and plugs. Lots of electrons flowing around in there, moving quickly and invisibly.
Notably, there aren’t many mechanical moving parts of a modern computer. Nothing to grease up, nowhere to pour lubricant. Opening up my desktop at home, the only moving parts I can really see are the cooling fans near the CPU and power supply (and if you’re like me, you’ll also notice that your cooling fans are caked with dust and in need of a cleaning).
There’s another moving part that’s harder to see — the hard drive. This might not be obvious, because most mechanical drives (I’ve heard them sometimes referred to as magnetic drives, spinny drives, physical drives, platter drives and HDDs. There are probably more terms.) hide their moving parts inside of the disk enclosure.1
If you ever get the opportunity to open one of these enclosures (perhaps the disk has failed or is otherwise being replaced, and you’re just about to get rid of it) I encourage you to.
As you disassemble the drive, what you’ll probably notice are circular parts, layered on top of one another on a motor that spins them. In between those circles are little arms that can move back and forth. This next image shows one of those circles, and one of those little arms.
<figcaption>There are several of those circles stacked on top of one another, and several of those arms in between them. We’re only seeing the top one in this photo.</figcaption>
Does this remind you of anything? The circular parts remind me of CDs and DVDs, but the arms reaching across them remind me of vinyl players.
<figcaption>Vinyl’s back, baby!</figcaption>
The comparison isn’t that outlandish. If you ignore some of the lower-level details, CDs, DVDs, vinyl players and hard drives all operate under the same basic principles:
The circular part has information encoded on it.
An arm of some kind is able to reach across the radius of the circular part.
Because the circular part is spinning, the arm is able to reach all parts of it.
The end of the arm is used to read the information encoded on it.
There’s some extra complexity for hard drives. Normally there’s more than one spinning platter and one arm, all stacked up, so it’s more like several vinyl players piled on top of one another.
Hard drives are also typically written to as well as read from, whereas CDs, DVDs and vinyls tend to be written to once, and then used as “read-only memory.” (Though, yes, there are exceptions there.)
Lastly, for hard drives, there’s a bit I’m skipping over involving caches, where parts of the information encoded on the spinning platters are temporarily held elsewhere for easier and faster access, but we’ll ignore that for now for simplicity, and because it wrecks my simile.2
So, in general, when you’re asking a computer to read a file off of your hard drive, it’s a bit like asking it to play a tune on a vinyl. It needs to find the right starting place to put the needle, then it needs to put the needle there and only then will the song play.
For hard drives, the act of moving the “arm” to find the right spot is called seeking.
Contiguous blocks of information and fragmentation
Have you ever had to defragment your hard drive? What does that even mean? I’m going to spend a few moments trying to explain that at a high-level. Again, if this is something you already understand, go ahead and skip this part.
Most functional hard drives allow you to do the following useful operations:
Write data to the drive
Read data from the drive
Remove data from the drive
That last one is interesting, because usually when you delete a file from your computer, the information isn’t actually erased from the disk. This is true even after emptying your Trash / Recycling Bin — perhaps surprisingly, the files that you asked to be removed are still there encoded on the circular platters as 1’s and 0’s. This is why it’s sometimes possible to recover deleted files even when it seems that all is lost.
Allow me to explain.
Just like there are different ways of organizing a sock drawer (at random, by colour, by type, by age, by amount of damage), there are ways of organizing a hard drive. These “ways” are called file systems. There are lots of different file systems. If you’re using a modern version of Windows, you’re probably using a file system called NTFS. One of the things that a file system is responsible for is knowing where your files are on the spinning platters. This file system is also responsible for knowing where there’s free space on the spinning platters to write new data to.
When you delete a file, what tends to happen is that your file system marks those sectors of the platter as places where new information can be written to, but doesn’t immediately overwrite those sectors. That’s one reason why sometimes deleted files can be recovered.
Depending on your file system, there’s a natural consequence as you delete and write files of different sizes to the hard drive: fragmentation. This kinda sounds like the actual physical disk is falling apart, but that’s not what it means. Data fragmentation is probably a more precise way of thinking about it.
Imagine you have a sheet of white paper broken up into a grid of 5 boxes by 5 boxes (25 boxes in total), and a box of paints and paintbrushes.
Each square on the paper is white to start. Now, starting from the top-left, and going from left-to-right, top-to-bottom, use your paint to fill in 10 of those boxes with the colour red. Now use your paint to fill in the next 5 boxes with blue. Now do 3 more boxes with yellow.
So we’ve got our colour-filled boxes in neat, organized rows (red, then blue, then yellow), and we’ve got 18 of them filled, and 7 of them still white.
Now let’s say we don’t care about the colour blue. We’re okay to paint over those now with a new colour. We also want to fill in 10 boxes with the colour purple. Hm… there aren’t enough free white boxes to put in that many purple ones, but we have these 5 blue ones we can paint over. Let’s paint over them with purple, and then put the next 5 at the end in the white boxes.
So now 23 of the boxes are filled, we’ve got 2 left at the end that are white, but also, notice that the purple boxes aren’t all together — they’ve been broken apart into two sections. They’ve been fragmented.
This is an incredibly simplified model, but (I hope) it demonstrates what happens when you delete and write files to a hard drive. Gaps open up that can be written to, and bits and pieces of files end up being distributed across the platters as fragments.
This also occurs as files grow. If, for example, we decided to paint two more white boxes red, we’d need to paint the ones at the very end, breaking up the red boxes so that they’re fragmented.
So going back to our vinyl player example for a second — the ideal scenario is that you start a song at the beginning and it plays straight through until the end, right? The more common case with disk drives, however, is you read bits and pieces of a song from different parts of the vinyl: you have to lift and move the arm each time until eventually you have heard the song from start to finish. That seeking of the arm adds overhead to the time it takes to listen to the song from beginning to end.
When your hard drive undergoes defragmentation, what your computer does is try to re-organize your disk so that files are in contiguous sectors on the platters. That’s a fancy way of saying that they’re all in a row on the platter, so they can be read in without the overhead of seeking around to assemble it as fragments.
Skipping that overhead can have huge benefits to your computer’s performance, because the disk is usually the slowest part of your computer.
On the relative input / output speeds of modern computing components
I mentioned in the disclaimer at the start of this post that I’m not a disk specialist or expert. Scott Davis is probably a better bet as one of those. His bio lists an impressive wealth of experience, and mentions that he’s “a recognized expert in virtualization, clustering, operating systems, cloud computing, file systems, storage, end user computing and cloud native applications.”
I don’t know Scott at all (if you’re reading this, Hi, Scott!), but let’s just agree for now that he probably knows more about disks than I do.
I’m picking Scott as an expert because of a particularly illustrative analogy that was posted to a blog for a company he used to work for. The analogy compares the speeds of different media that can be used to store information on a computer. Specifically, it compares the following:
RAM
The network with a decent connection
Flash drives
Magnetic hard drives — what we’ve been discussing up until now.
For these media, the post claims that input / output speed can be measured using the following units:
RAM is in nanoseconds
10GbE Network speed is in microseconds (~50 microseconds)
Flash speed is in microseconds (between 20-500+ microseconds)
Disk speed is in milliseconds
That all seems pretty fast. What’s the big deal? Well, it helps if we zoom in a little bit. The post does this by supposing that we pretend that RAM speed happens in minutes.
If that’s the case, then we’d have to measure network speed in weeks.
And if that’s the case, then we’d want to measure the speed of a Flash drive in months.
And if that’s the case, then we’d have to measure the speed of a magnetic spinny disk in decades.
Update (May 23, 2019): My Uncle Mark, who also works in computing, sent me links that show similar visualizations of computing latency: this one has a really excellent infographic, and this one has more discussion. These articles highlight network latency as the worst offender, which is true especially when the quality of service is low, but I’m mostly writing this post for folks who hack on Firefox where the vast majority of networking occurs off of the main thread.
I wish I had some ACM paper, or something written by a computer science professor that I could point to you to bolster the following claim. I don’t, not because one doesn’t exist, but because I’m too lazy to look for one. I hope you’ll forgive me for that, but I don’t think I’m saying anything super controversial when I say:
In the common case, for a personal computer, it’s best to assume that reading and writing to the disk is the slowest operation you can perform.
Sure, there are edge cases where other things in the system might be slower. And there is that disk cache that I breezed over earlier that might make reading or writing cheaper. And sometimes the operating system tries to do smart things to help you. For now, just let it go. I’m making a broad generalization that I think covers the common cases, and I’m talking about what’s best to assume.
Single and multi-threaded restaurants
When I try to describe threading and concurrency to someone, I inevitably fall back to the metaphor of cooks in a kitchen in a restaurant. This is a special restaurant where there’s only one seat, for a single customer — you, the user.
Single-threaded programs
Let’s imagine a restaurant that’s very, very small and simple. In this restaurant, the cook is also acting as the waiter / waitress / server. That means when you place your order, the server / cook goes into the kitchen and makes it for you. While they’re gone, you can’t really ask for anything else — the server / cook is busy making the thing you asked for last.
This is how most simple, single-threaded programs work—the user feeds in requests, maybe by clicking a button, or typing something in, maybe something else entirely—and then the program goes off and does it and returns some kind of result. Maybe at that point, the program just exits (“The restaurant is closed! Come back tomorrow!”), or maybe you can ask for something else. It’s really up to how the restaurant / program is designed that dictates this.
Suppose you’re very, very hungry, and you’ve just ordered a complex five-course meal for yourself at this restaurant. Blanching, your server / cook goes off to the kitchen. While they’re gone, nobody is refilling your water glass or giving you breadsticks. You’re pretty sure there’s activity going in the kitchen and that the server / cook hasn’t had a heart attack back there, but you’re going to be waiting a looooong time since there’s only one person working in this place.
Maybe in some restaurants, the server / cook will dash out periodically to refill your water glass, give you some breadsticks, and update you on how things are going, but it sure would be nice if we gave this person some help back there, wouldn’t it?
Multi-threaded programs
Let’s imagine a slightly different restaurant. There are more cooks in the kitchen. The server is available to take your order (but is also able to cook in the kitchen if need be), and you make your request from the menu.
Now suppose again that you order a five-course meal. The server goes to the kitchen and tells the cooks what you just ordered. In this restaurant, suppose the kitchen staff are a really great team and don’t get in each other’s way3, so they divide up the order in a way that makes sense and get to work.
The server can come back and refill your water glass, feed you breadsticks, perhaps they can tell you an entertaining joke, perhaps they can take additional orders that won’t take as long. At any rate, in this restaurant, the interaction between the user and the server is frequent and rarely interrupted.
The waiter / waitress / server is the main thread
In these two examples, the waiter / waitress / server is what is usually called the main thread of execution, which is the part of the program that the user interacts with most directly. By moving expensive operations off of the main thread, the responsiveness of the program increases.
Have you ever seen the mouse turn into an hourglass, seen the “This program is not responding” message on Windows? Or the spinny colourful pinwheel on macOS? In those cases, the main thread is off doing something and never came back to give you your order or refill your water or breadsticks — that’s how it generally manifests in common operating systems. The program seems “unresponsive”, “sluggish”, “frozen”. It’s “hanging”, or “stuck”. When I hear those words, my immediate assumption is that the main thread is busy doing something — either it’s taking a long time (it’s making you your massive five course meal, maybe not as efficiently as it could), or it’s stuck (maybe they fell down a well!).
In either case, the general rule of thumb to improving program responsiveness is to keep the server filling the user’s water and breadsticks by offloading complex things on the menu to other cooks in the kitchen.
Accessing the disk on the main thread
Recall that in the common case, for a personal computer, it’s best to assume that reading and writing to the disk is the slowest operation you can perform. In our restaurant example, reading or writing to the disk on the main thread is a bit like having your server hop onto their bike and ride out to the next town over to grab some groceries to help make what you ordered.
And sometimes, because of data fragmentation (not everything is all in one place), the server has to search amongst many many shelves all widely spaced apart to get everything.
And sometimes the grocery store is very busy because there are other restaurants out there that are grabbing supplies.
And sometimes there are police checks (anti-virus / anti-malware software) occurring for passengers along the road, where they all have to show their IDs before being allowed through.
It’s an incredibly slow operation. Hopefully by the time the server comes back, they don’t realize they have to go back out again to get more, but they might if they didn’t realize they were missing some more ingredients.4
Slow slow slow. And unresponsive. And a great way to lose a hungry customer.
For super small programs, where the kitchen is well stocked, or the ride to the grocery store doesn’t need to happen often, having a single-thread and having it read or write is usually okay. I’ve certainly written my fair share of utility programs or scripts that do main thread disk access.
Firefox, the program I spend most of my time working on as my job, is not a small program. It’s a very, very, very large program. Using our restaurant model, it’s many large restaurants with many many cooks on staff. The restaurants communicate with each other and ship food and supplies back and forth using messenger bikes, to provide to you, the customer, the best meals possible.
But even with this large set of restaurants, there’s still only a single waiter / waitress / server / main thread of execution as the point of contact with the user.
Part of my job is to help organize the workflows of this restaurant so that they provide those meals as quickly as possible. Sending the server to the grocery store (main thread disk access) is part of the workflow that we absolutely need to strike from the list.
Start-up main-thread disk access
Going back to our analogy, imagine starting the program like opening the restaurant. The lights go on, the chairs come off of the tables, the kitchen gets warmed up, and prep begins.
While this is occurring, it’s all hands on deck — the server might be off in the kitchen helping to do prep, off getting cutlery organized, whatever it takes to get the restaurant open and ready to serve. Before the restaurant is open, there’s no point in having the server be idle, because the customer hasn’t been able to come in yet.
So if critical groceries and supplies needed to open the restaurant need to be gotten before the restaurant is open, it’s fine to send the server to the store. Somebody has to do it.
For Firefox, there are various things that need to take place before we can display any UI. At that point, it’s usually fine to do main-thread disk access, so long as all of the things being read or written are kept to an absolute minimum. Find how much you need to do, and reduce it as much as possible.
But as soon as UI is presented to the user, the restaurant is open. At that point, the server should stay off their bike and keep chatting with the customer, even if the kitchen hasn’t finished setting up and getting all of their supplies. So to stay responsive, don’t do disk access on the main thread of execution after you’ve started to show the user some kind of UI.
Disk contention
There’s one last complication I want to capture here with our restaurant example before I wrap up. I’ve been saying that it’s important to send anyone except the server to the grocery store for supplies. That’s true — but be careful of sending too many other people at the same time.
Moving disk access off of the main thread is good for responsiveness, full stop. However, it might do nothing to actually improve the overall time that it takes to complete some amount of work. Put it another way: just because the server is refilling your glass and giving you breadsticks doesn’t mean that your five-course meal is going to show up any faster.
Also, disk operations on magnetic drives do not have a constant speed. Having the disk do many things at once within a single program or across multiple programs can slow the whole set of operations down due to the overhead of seeking and context switching, since the operating system will try to serve all disk requests at once, more or less.5
Disk contention and main thread disk access is something I think a lot about these days while my team and I work on improving Firefox start-up performance.
Some questions to ask yourself when touching disk
So it’s important to be thoughtful about disk access. Are you working on code that touches disk? Here are some things to think about:
Is UI visible, and responsiveness a goal?
If so, best to move the disk access off of the main-thread. That was the main thing I wanted to capture, and I hope I’ve convinced you of that point by now.
Does the access need to occur?
As programs age and grow and contributors come and go, sometimes it’s important to take a step back and ask, “Are the assumptions of this disk access still valid? Does this access need to happen at all?” The fastest code is the code that doesn’t run at all.
What else is happening during this disk access? Can disk access be prioritized more efficiently?
This is often trickier to answer as a program continues to run. Thankfully, tools like profilers can help capture recordings of things like disk access to gain evidence of simultaneous disk access.
Start-up is a special case though, since there’s usually a somewhat deterministic / reliably stable set of operations that occur in the same way in roughly the same order during start-up. For start-up, using a tool like a profiler, you can gain a picture of the sorts of things that tend to happen during that special window of time. If you notice a lot of disk activity occurring simultaneously across multiple threads, perhaps ponder if there’s a better way of ordering those operations so that the most important ones complete first.
Can we reduce how much we need to read or write?
There are lots of wonderful compression algorithms out there with a variety of performance characteristics that might be worth pondering. It might be worth considering compressing the data that you’re storing before writing it so that the disk has to write less and read less.
Of course, there’s compression and decompression overhead to consider here. Is it worth the CPU time to save the disk time? Is there some other CPU intensive task that is more critical that’s occurring?
Can we organize the things that we want to read ahead of time so that they’re more likely to be read contiguously (without seeking the disk)?
If you know ahead of time the sorts of things that you’re going to be reading off of the disk, it’s generally a good strategy to store them in that read order. That way, in the best case scenario (the disk is defragmented), the read head can fly along the sectors and read everything in, in exactly the right order you want them. If the user has defragmented their disk, but the things you’re asking for are all out of order on the disk, you’re adding overhead to seek around to get what you want.
Supposing that the data on the disk is fragmented, I suspect having the files in order anyways is probably better than not, but I don’t think I know enough to prove it.
Flawed but useful
One of my mentors, Greg Wilson, likes to say that “all models are flawed, but some are useful”. I don’t think he coined it, but he uses it in the right places at the right times, and to me, that’s what counts.
The information in this post is not exhaustive — I glossed over and left out a lot. It’s flawed. Still, I hope it can be useful to you.
Thanks
Thanks to the following folks who read drafts of this and gave feedback:
Mandy Cheang
Emily Derr
Gijs Kruitbosch
Doug Thayer
Florian Quèze
There are also newer forms of disks called Flash disks and SSDs. I’m not really going to cover those in this post. ↩
The other thing to keep in mind is that the disk cache can have its contents evicted at any time for reasons that are out of your control. If you time it right, you can maybe increase the probability of a file you want to read being in the cache, but don’t bet the farm on it. ↩
When writing multi-threaded programs, this is much harder than it sounds! Mozilla actually developed a whole new programming language to make that easier to do correctly. ↩
Keen readers might notice I’m leaving out a discussion on Paging. That’s because this blog post is getting quite long, and because it kinda breaks the analogy a bit — who sends groceries back to a grocery store? ↩
I’ve never worked on an operating system, but I believe most modern operating systems try to do a bunch of smart things here to schedule disk requests in efficient ways. ↩
One of the promises of immersive technologies is real time communication unrestrained by geography. This is as transformative as the internet, radio, television, and telephones—each represents a pivot in mass communications that provides new opportunities for information dissemination and creating connections between people. This raises the question, “what’s the immersive future we want?”
We want to be able to connect without traveling. Indulge our curiosity and creativity beyond our physical limitations. Revolutionize the way we visualize and share our ideas and dreams. Enrich everyday situations. Improve access to limited resources like healthcare and education.
The internet is an integral part of modern life—a key component in education, communication, collaboration, business, entertainment and society as a whole.
— Mozilla Manifesto, Principle 1
My first instinct is to say that I want an immersive future that brings joy. Do AR apps that help me maintain my car bring me joy? Not really.
What I really want is an immersive future that respects individual creators and users. Platforms and applications that thoughtfully approach issues of autonomy, privacy, bias, and accessibility in a complex environment. How do we get there? First, we need to understand the broader context of augmented and virtual reality in ethics, identifying overlap with both other technologies (e.g. artificial intelligence) and other fields (e.g. medicine and education). Then, we can identify the unique challenges presented by spatial and immersive technologies. Given the current climate of ethics and privacy, we can anticipate potential problems, identify the core issues, and evaluate different approaches.
From there, we have an origin for discussion and a path for taking practical steps that enable legitimate uses of MR while discouraging abuse and empowering individuals to make choices that are right for them.
For details and an extended discussion on these topics, see this paper.
The immersive web
Whether you have a $30 or $3000 headset, you should be able to participate in the same immersive universe. No person should be excluded due to their skin color, hairstyle, disability, class, location, or any other reason.
The internet is a global public resource that must remain open and accessible.
— Mozilla Manifesto, Principle 2
The immersive web represents an evolution of the internet. Immersive technologies are already deployed in education and healthcare. It's unethical to limit their benefits to a privileged few, particularly when MR devices can improve access to limited resources. For example, Americans living in rural areas are underserved by healthcare, particularly specialist care. In an immersive world, location is no longer an obstacle. Specialists can be virtually present anywhere, just like they were in the room with the patient. Trained nurses and assistants would be required for physical manipulations and interactions, but this could dramatically improve health coverage and reduce burdens on both patients and providers.
While we can build accessibility into browsers and websites, the devices themselves need to be created with appropriate accomodations, like settings that indicate a user is in a wheelchair. When we design devices and experiences, we need to consider how they'll work for people with disabilities. It's imperative to build inclusive MR devices and experiences, both because it's unethical to exclude users due to disability, and because there are so many opportunities to use MR as an assistive technology, including:
Real time subtitles
Gaze-based navigation
Navigation with vehicle and obstacle detection and warning
The immersive web is for everyone.
Representation and safety
Mixed reality offers new ways to connect with each other, enabling us to be virtually present anywhere in the world instantaneously. Like most technologies, this is both a good and a bad thing. While it transforms how we can communicate, it also offers new vectors for abuse and harassment.
All social VR platforms need to have simple and obvious ways to report abusive behavior and block the perpetrators. All social platforms, whether 2D or 3D should have this, but the VR-enabled embodiment intensifies the impact of harassment. Behavior that would be limited to physical presence is no longer geographically limited, and identities can be more obfuscated. Safety is not a 'nice to have' feature — it's a requirement. Safety is a key component in inclusion and freedom of expression, as well as being a human right.
Freedom of expression in this paradigm includes both choosing how to present yourself and having the ability to maintain multiple virtual identities. Immersive social experiences allow participants to literally build their identities via avatars. Human identity is infinitely complex (and not always very human — personally, I would choose a cat avatar). Thoughtfully approaching diversity and representation in avatars isn't easy, but it is worthwhile.
Individuals must have the ability to shape the internet and their own experiences on it.
— Mozilla Manifesto, Principle 5
Suppose Banksy, a graffiti artist known both for their art and their anonymity, is an accountant by day who used an HMD to conduct virtual meetings. Outside of work, Banksy is a virtual graffiti artist. However, biometric data could tie the two identities together, stripping Banksy of their anonymity. Anonymity enables free speech; it removes the threats of economic retailiation and social ostracism and allows consumers to process ideas free of predjudices about the creators. There's a long history of women who wrote under assumed names to avoid being dismissed for their gender, including JK Rowling and George Sand.
Unique considerations in mixed reality
Immersive technologies differ from others in their ability to affect our physical bodies. To achieve embodiment and properly interact with virtual elements, devices use a wide range of data derived from user biometrics, the surrounding physical world, and device orientation. As the technology advances, the data sources will expand.
The sheer amount of data required for MR experiences to function requires that we rethink privacy. Earlier, I mentioned that gaze-based navigation can be used to allow mobility impaired users to participate more fully on the immersive web. Unfortunately, gaze tracking data also exposes large amounts of nonverbal data that can be used to infer characteristics and mental states, including ADHD and sexual arousal.
Individuals’ security and privacy on the internet are fundamental and must not be treated as optional.
— Mozilla Manifesto, Principle 4
While there may be a technological solution to this problem, it highlights a wider social and legal issue: we've become too used to companies monetizing our personal data. It's possible to determine that, although users report privacy concerns, they don't really care, because they 'consent' to disclosing personal information for small rewards. The reality is that privacy is hard. It's hard to define and it's harder to defend. Processing privacy policies feels like it requires a law degree and quantifying risks and tradeoffs is nondeterministic. In the US, we've focused on privacy as an individual's responsibility, when Europe (with the General Data Protection Regulation) shows that it's society's problem and should be tackled comprehensively.
Concrete steps for ethical decision making
Ethical principles aren't enough. We also need to take action — while some solutions will be technical, there are also legal, regulatory, and societal challenges that need to be addressed.
Educate and assist lawmakers
Establish a regulatory authority for flexible and responsive oversight
Engage engineers and designers to incorporate privacy by design
Empower users to understand the risks and benefits of immersive technology
Incorporate experts from other fields who have addressed similar problems
Tech needs to take responsibility. We've built technology that has incredible positive potential, but also serious risks for abuse and unethical behavior. Mixed reality technologies are still emerging, so there's time to shape a more respectful and empowering immersive world for everyone.
Smart home devices can make busy lives a little easier, but they also require you to give up control of your usage data to companies for the devices to function. In a recent article from the New York Times’ Privacy Project about protecting privacy online, the author recommended people to not buy Internet of Things (IoT) devices unless they’re “willing to give up a little privacy for whatever convenience they provide.”
This is sound advice since smart home companies can not only know if you’re at home when you say you are, they’ll soon be able to listen for your sniffles through their always-listening microphones and recommend sponsored cold medicine from affiliated vendors. Moreover, by both requiring that users’ data go through their servers and by limiting interoperability between platforms, leading smart home companies are chipping away at people’s ability to make real, nuanced technology choices as consumers.
At Mozilla, we believe that you should have control over your devices and the data that smart home devices create about you. You should own your data, you should have control over how it’s shared with others, and you should be able to contest when a data profile about you is inaccurate.
Mozilla WebThings follows the privacy by design framework, a set of principles developed by Dr. Ann Cavoukian, that takes users’ data privacy into account throughout the whole design and engineering lifecycle of a product’s data process. Prioritizing people over profits, we offer an alternative approach to the Internet of Things, one that’s private by design and gives control back to you, the user.
User Research Findings on Privacy and IoT Devices
Before we look at the design of Mozilla WebThings, let’s talk briefly about how people think about their privacy when they use smart home devices and why we think it’s essential that we empower people to take charge.
Today, when you buy a smart home device, you are buying the convenience of being able to control and monitor your home via the Internet. You can turn a light off from the office. You can see if you’ve left your garage door open. Prior research has shown that users are passively, and sometimes actively, willing to trade their privacy for the convenience of a smart home device. When it seems like there’s no alternative between having a potentially useful device or losing their privacy, people often uncomfortably choose the former.
Still, although people are buying and using smart home devices, it does not mean they’re comfortable with this status quo. In one of our recent user research surveys, we found that almost half (45%) of the 188 smart home owners we surveyed were concerned about the privacy or security of their smart home devices.
User Research Survey Results
Last Fall 2018, our user research team conducted a diary study with eleven participants across the United States and the United Kingdom. We wanted to know how usable and useful people found our WebThings software. So we gave each of our research participants some Raspberry Pis (loaded with the Things 0.5 image) and a few smart home devices.
Smart Home Devices Given to Participants for User Research Study
We watched, either in-person or through video chat, as each individual walked through the set up of their new smart home system. We then asked participants to write a ‘diary entry’ every day to document how they were using the devices and what issues they came across. After two weeks, we sat down with them to ask about their experience. While a couple of participants who were new to smart home technology were ecstatic about how IoT could help them in their lives, a few others were disappointed with the lack of reliability of some of the devices. The rest fell somewhere in between, wanting improvements such as more sophisticated rules functionality or a phone app to receive notifications on their iPhones.
We also learned more about people’s attitudes and perceptions around the data they thought we were collecting about them. Surprisingly, all eleven of our participants expected data to be collected about them. They had learned to expect data collection, as this has become the prevailing model for other platforms and online products. A few thought we would be collecting data to help improve the product or for research purposes. However, upon learning that no data had been collected about their use, a couple of participants were relieved that they would have one less thing, data, to worry about being misused or abused in the future.
By contrast, others said they weren’t concerned about data collection; they did not think companies could make use of what they believed was menial data, such as when they were turning a light on or off. They did not see the implications of how collected data could be used against them. This showed us that we can improve on how we demonstrate to users what others can learn from your smart home data. For example, one can find out when you’re not home based on when your door has opened and closed.
Door Sensor Logs can Reveal When Someone is Not Home
From our user research, we’ve learned that people are concerned about the privacy of their smart home data. And yet, when there’s no alternative, they feel the need to trade away their privacy for convenience. Others aren’t as concerned because they don’t see the long-term implications of collected smart home data. We believe privacy should be a right for everyone regardless of their socioeconomic or technical background. Let’s talk about how we’re doing that.
Decentralizing Data Management Gives Users Privacy
Vendors of smart home devices have architected their products to be more of service to them than to their customers. Using the typical IoT stack, in which devices don’t easily interoperate, they can build a robust picture of user behavior, preferences, and activities from data they have collected on their servers.
Take the simple example of a smart light bulb. You buy the bulb, and you download a smartphone app. You might have to set up a second box to bridge data from the bulb to the Internet and perhaps a “user cloud subscription account” with the vendor so that you can control the bulb whether you’re home or away. Now imagine five years into the future when you have installed tens to hundreds of smart devices including appliances, energy/resource management devices, and security monitoring devices. How many apps and how many user accounts will you have by then?
The current operating model requires you to give your data to vendor companies for your devices to work properly. This, in turn, requires you to work with or around companies and their walled gardens.
Mozilla’s solution puts the data back in the hands of users. In Mozilla WebThings, there are no company cloud servers storing data from millions of users. User data is stored in the user’s home. Backups can be stored anywhere. Remote access to devices occurs from within one user interface. Users don’t need to download and manage multiple apps on their phones, and data is tunneled through a private, HTTPS-encrypted subdomain thatthe usercreates.
The only data Mozilla receives are the instances when a subdomain pings our server for updates to the WebThings software. And if a user only wants to control their devices locally and not have anything go through the Internet, they can choose that option too.
Decentralized distribution of WebThings Gateways in each home means that each user has their own private “data center”. The gateway acts as the central nervous system of their smart home. By having smart home data distributed in individual homes, it becomes more of a challenge for unauthorized hackers to attack millions of users. This decentralized data storage and management approach offers a double advantage: it provides complete privacy for user data, and it securely stores that data behind a firewall that uses best-of-breed https encryption.
The figure below compares Mozilla’s approach to that of today’s typical smart home vendor.
Comparison of Mozilla’s Approach to Typical Smart Home Vendor
Mozilla’s approach gives users an alternative to current offerings, providing them with data privacy and the convenience that IoT devices can provide.
Ongoing Efforts to Decentralize
In designing Mozilla WebThings, we have consciously insulated users from servers that could harvest their data, including our own Mozilla servers, by offering an interoperable, decentralized IoT solution. Our decision to not collect data is integral to our mission and additionally feeds into our Emerging Technology organization’s long-term interest in decentralization as a means of increasing user agency.
WebThings embodies our mission to treat personal security and privacy on the Internet as a fundamental right, giving power back to users. FromMozilla’s perspective, decentralized technology has the ability to disrupt centralized authorities and provide more user agency at the edges, to the people.
Decentralization can be an outcome of social, political, and technological efforts to redistribute the power of the few and hand it back to the many. We can achieve this by rethinking and redesigning network architecture. By enabling IoT devices to work on a local network without the need to hand data to connecting servers, we decentralize the current IoT power structure.
With Mozilla WebThings, we offer one example of how a decentralized, distributed system over web protocols can impact the IoT ecosystem. Concurrently, our team has an unofficial draft Web Thing API specification to support standardized use of the web for other IoT device and gateway creators.
While this is one way we are making strides to decentralize, there are complementary projects, ranging from conceptual to developmental stages, with similar aims to put power back into the hands of users. Signals from other players, such as FreedomBox Foundation, Daplie, and Douglass, indicate that individuals, households, and communities are seeking the means to govern their own data.
By focusing on people first, Mozilla WebThings gives people back their choice: whether it’s about how private they want their data to be or which devices they want to use with their system.
This project is an ongoing effort. If you want to learn more or get involved, check out the Mozilla WebThings Documentation, you can contribute to our documentation or get started on your own web things or Gateway.
If you live in the Bay Area, you can find us this weekend at Maker Faire Bay Area (May 17-19). Stop by our table. Or follow @mozillaiot to learn about upcoming workshops and demos.
tl;dr Enable support for Transport Layer Security (TLS) 1.2 today!
As you may have read last year in the original announcement posts, Safari, Firefox, Edge and Chrome are removing support for TLS 1.0 and 1.1 in March of 2020. If you manage websites, this means there’s less than a year to enable TLS 1.2 (and, ideally, 1.3) on your servers, otherwise all major browsers will display error pages, rather than the content your users were expecting to find.
In this article we provide some resources to check your sites’ readiness, and start planning for a TLS 1.2+ world in 2020.
As of this week, there are just over 8,000 affected sites from the one million listed by Tranco.
There are a few potential gotchas to be aware of, if you do find your site on this list:
4% of the sites are using TLS ≤ 1.1 to redirect from a bare domain (https://example.com) to www (https://www.example.com) on TLS ≥ 1.2 (or vice versa). If you were to only check your site post-redirect, you might miss a potential footgun.
2% of the sites don’t redirect from bare to www (or vice versa), but do support TLS ≥ 1.2 on one of them.
The vast majority (94%), however, are just bad—it’s TLS ≤ 1.1 everywhere.
If you find that a site you work on is in the TLS “Carnage” list, you need to come up with a plan for enabling TLS 1.2 (and 1.3, if possible). However, this list only covers 1 million sites. Depending on how popular your site is, you might have some work to do regardless of whether you’re not listed by Tranco.
Run an online test
Even if you’re not on the “Carnage” list, it’s a good idea to test your servers all the same. There are a number of online services that will do some form of TLS version testing for you, but only a few will flag not supporting modern TLS versions in an obvious way. We recommend using one or more of the following:
Hardenize will fail your site if it doesn’t support TLS 1.2.
ImmuniWeb will indicate old versions of TLS as violations of PCI DSS requirements.
Another way to do this is open up Firefox (versions 68+) or Chrome (versions 72+) DevTools, and look for the following warnings in the console as you navigate around your site.
What’s Next?
This October, we plan on disabling old TLS in Firefox Nightly and you can expect the same for Chrome and Edge Canaries. We hope this will give enough time for sites to upgrade before affecting their release population users.
The latest in the continued death march of speculative execution attacks is ZombieLoad (see our previous analysis of Spectre and Meltdown on Power Macs). ZombieLoad uses the same types of observable speculation flaws to exfiltrate data but bases it on a new class of Intel-specific side-channel attacks utilizing a technique the investigators termed MDS, or microarchitectural data sampling. While Spectre and Meltdown attack at the cache level, ZombieLoad targets Intel HyperThreading (HT), the company's implementation of symmetric multithreading, by trying to snoop on the processor's line fill buffers (LFBs) used to load the L1 cache itself. In this case, side-channel leakages of data are possible if the malicious process triggers certain specific and ultimately invalid loads from memory -- hence the nickname -- that require microcode assistance from the CPU; these have side-effects on the LFBs which can be observed by methods similar to Spectre by other processes sharing the same CPU core. (Related attacks against other microarchitectural structures are analogously implemented.)
The attackers don't have control over the observed address, so they can't easily read arbitrary memory, but careful scanning for the type of data you're targeting can still make the attack effective even against the OS kernel. For example, since URLs can be picked out of memory, this apparent proof of concept shows a separate process running on the same CPU victimizing Firefox to extract the URL as the user types it in. This works because as the user types, the values of the individual keystrokes go through the LFB to the L1 cache, allowing the malicious process to observe the changes and extract characters. There is much less data available to the attacking process but that also means there is less to scan, making real-time attacks like this more feasible.
That said, because the attack is specific to architectural details of HT (and the authors of the attack say they even tried on other SMT CPUs without success), this particular exploit wouldn't work even against modern high-SMT count Power CPUs like POWER9. It certainly won't work against a Power Mac because no Power Mac CPU ever implemented SMT, not even the G5. While Mozilla is deploying a macOS-specific fix, we don't need it in TenFourFox, nor do we need other mitigations. It's especially bad news for Intel because nearly every Intel chip since 2011 is apparently vulnerable and the performance impact of fixing ZombieLoad varies anywhere from Intel's Pollyanna estimate of 3-9% to up to 40% if HT must be disabled completely.
Is this a major concern for users? Not as such: although the attacks appear to be practical and feasible, they require you to run dodgy software and that's a bad idea on any platform because dodgy software has any number of better ways of pwning your computer. So don't run dodgy programs!
Meanwhile, TenFourFox FPR14 final should be available for testing this weekend.
Collected here are the most recent blog posts from all over the Mozilla community.
The content here is unfiltered and uncensored, and represents the views of individual community members.
Individual posts are owned by their authors -- see original source for licensing information.
<figcaption>An early success rendering a website in the HoloLens emulator.</figcaption>
WebRender enabled by default for a subset of users on stable 
This is the default for all newly installed extensions in Firefox 67, though your previously installed extensions will receive permission by default. You can adjust these permissions on a per-extension basis by visiting 
<figcaption>There are several of those circles stacked on top of one another, and several of those arms in between them. We’re only seeing the top one in this photo.</figcaption>
<figcaption>Vinyl’s back, baby!</figcaption>
