Mozilla L10NLocalizer Spotlight: Meet Reza (Persian locale)

Welcome to our second localizer spotlight, presenting this time Reza from our Persian community.

Q. What first drew you to want to volunteer with Mozilla’s localization program?

The growing community of Persian users highlighted the need for a browser created by the people for the people. Thus, I began assisting the community in translating Firefox into Persian. Subsequently, we expanded our efforts to include other products like Firefox for phones.

Q. What have been some of the most rewarding or impactful projects you’ve localized for Mozilla?

The entire endeavor with Mozilla was driven by volunteering and a strong motivation to provide safe and open-source tools to the community. Given the substantial Persian (Farsi) population of over 110 million people, ensuring their access to interactive and helpful tools became a significant priority. We also focused on addressing issues related to Mozilla extensions, particularly the text-reader (Readaloud), to assist individuals with visual disabilities.

We discovered that a substantial number of people with visual impairments were utilizing Mozilla’s text-reader because it was one of the few free and open tools that catered to their specific needs. One day, I received an email from a Persian user with visual impairment, in which she highlighted the widespread utility of such tools for her and her friends. This instance made me realize that we needed to broaden our perspective beyond ordinary users, especially concerning localization, and emphasize accessibility as a key aspect of our work.

Q. What are some of the biggest challenges you’ve faced in translating Mozilla projects? How did you overcome them?

Translating a product is often not sufficient, especially when dealing with Right-To-Left (RTL) languages. It’s imperative to consider usability, accessibility, and how people with diverse language backgrounds perceive the product. Therefore, addressing all the UI/UX challenges and ensuring the product is user-friendly for the end users proved to be quite challenging.

Q. What skills or background do you think helps most for becoming an effective Mozilla translator?

I’m a computer scientist with a passion for open-source software. Naturally, my technical knowledge was sufficient to embark on this journey. However, I found it crucial to put myself in the shoes of end users, understanding how they wish to perceive the product and how we can create a better experience for them.

Q. What advice would you give to someone new wanting to get involved in localizing for Mozilla?

Think about the broader impact that your work has on the community. Translating can be challenging and sometimes even tedious, but we must remember that these small pieces of work drive the community forward and present new opportunities for them.

Interested in featuring in these spotlights? Or know someone you think we should interview? Fill out this form, or reach out directly to delphine at mozilla dot com. Interested in contributing to localization? Head on over here for more details!

Useful Links

 

The Mozilla Thunderbird BlogThunderbird Podcast #5: Remote Work Tips + Thunderbird Send

The Thunderbird logo is shown embracing a microphone. Underneath is the text "Episode 5: Remote Work 101"

The Thunderbird team is a remote-first, globally distributed group, so it made perfect sense to devote an episode to Remote Work! Join Heather, Chris, and Jason for some useful tips and tricks to make your daily remote work more enjoyable and more productive. We also include tips from ThunderCast listeners Pedro and Mike, who emailed us at podcast@thunderbird.net. (You can do the same if something’s on your mind.)

Plus: An inside look at the upcoming Thunderbird Send service, some fascinating origin stories, and geeky Raspberry Pi solutions for weather and BBQ.

<figcaption class="wp-element-caption">Listen to this episode on PeerTube</figcaption>

Subscribe To The Podcast

Software & Articles We Mentioned:

Chapters:

  • (00:00) – Intro
  • (01:05) – Meet Heather
  • (02:10) – Heather’s Origin Story
  • (04:40) – Your notes can help everyone!
  • (06:38) – Meet Chris
  • (07:37) – Chris’s Origin Story
  • (11:30) – Geeking out
  • (20:45) – Thunderbird 115 Updates & Flatpak
  • (22:04) – Thunderbird Send explainer
  • (31:48) – Remote Work Tips & Tricks
  • (51:44) – Community Voice: Tip from Pedro
  • (55:53) – Community Voice: Tip from Mike
  • (58:32) – Outro

The post Thunderbird Podcast #5: Remote Work Tips + Thunderbird Send appeared first on The Thunderbird Blog.

Mozilla Add-ons BlogTest Firefox Android extensions and help developers prepare for an open mobile ecosystem in December

In August we encouraged developers to start preparing their desktop extensions for Firefox Android open availability on addons.mozilla.org (AMO). The project is progressing well and we’re on track to launch the open mobile ecosystem on AMO in December. We have more infrastructure development and testing to complete in the coming weeks, but as we move toward release we’ll keep you informed of the project’s status right here on this blog, add-ons forums, and social channels.

To help our developer community prepare for Firefox Android open extension availability on AMO — and to ensure Firefox Android users have an exciting selection of extensions to choose from — we’ve compiled a list of popular desktop extensions (with mobile API compatibility) we’re inviting the add-ons community to help test on Firefox Android. If you’re intrigued to try some new extensions on your Firefox Android phone and offer feedback, we’d love to hear your thoughts.

How to test Firefox Android extensions (Beta, Nightly)

Test extensions are only currently discoverable on AMO via 119 Beta and 120 Nightly versions of Firefox Android. If you’re not already on Beta or Nightly, please follow these links for installing Firefox Android Beta and Nightly.

Once you’re ready to roll with Firefox Android (Beta/Nightly) on your phone, just follow these simple test steps:

  1. Check out this spreadsheet of test extensions. They were compiled because they possess a combination of Android API compatibility and relative popularity on Firefox desktop.
  2. Find a test extension that interests you and navigate to addons.mozilla.org on your Firefox Android (Beta/Nightly) phone and search for the extension you want to test, then install it.
  3. Follow the testing guide on this feedback form and play around with the extension.
  4. Report your impressions of the experience on the feedback form.

Then feel free to repeat testing with as many other test extensions as you like. Have fun with it! The feedback you provide will be extremely helpful to developers hoping to optimize their desktop extensions for Android usage.

Are you a developer hoping to make your extension available on Firefox Android?

If you have a desktop extension you want to prepare for Android availability on AMO, a good place to start is checking your desktop extension’s APIs against those supported for Android. It is also important that developers migrate to non-persistent background pages. In order to mark your extension as compatible with Firefox Android, add the gecko_android key inside browser_specific_settings (more info) in your manifest.json file (this is also a requirement when submitting your extension using the AMO API, e.g. with the web-ext tool). During this period you are welcome to update your extension on AMO to address issues while running in Firefox Android; and mark your extension as Android compatible to be ready for discoverability on AMO in December.

Please note — once you’re ready to test the mobile version of your extension, create a collection on AMO and test it on Firefox for Android Nightly (you’ll need to make a one-time change to Nightly’s advanced settings; please see the “Enable general extension support setting in Nightly” section of this post for details). If you’d prefer to polish your extension before publishing it on AMO, you can also debug and run the extension with web-ext.

It’s been exciting to see so many developers embrace this moment to make their desktop extensions available for a new mobile audience. When AMO opens the general availability of Android extensions in December, Firefox Android users will be thrilled at all of the innovative ways they’ll be able to customize their mobile browsing experience.

If you’re a developer with technical questions about mobile extension migration, please visit our support forum for Firefox Android extensions. You can also book office hours support every Monday and Tuesday.

The post Test Firefox Android extensions and help developers prepare for an open mobile ecosystem in December appeared first on Mozilla Add-ons Community Blog.

SeaMonkey2.53.17.1 Automatic Update

Hi,

The dog ate it.

Well, if we had a dog, I’m sure it would’ve eaten it.   If,  of course, it was edible.

Humor aside, as I write this, the updates should be available.    Please backup your profiles before checking your updates.

I had thought I had sent the job for the update; but it’s my bad that what I thought I had done, I hadn’t done.

My fault really.  I apologize for that.

:ewong

 

 

The Mozilla BlogGoogle Meet and the rest of G Workspace are working better than ever on Firefox

Been thinking about making the switch to Firefox, but worried about how well Google Workspace products will work? Well, we’ve got some good news for you.

Google services have always worked great on Firefox, thanks to our collaboration with the G Workspace team, who want to make sure their products work on all major browsers. But the internet never stops evolving, so we’re always looking for ways to improve people’s experience with services they choose to use on Firefox. 

Here’s an example of a recent improvement you can expect to see when you use Google Meet on Firefox: 

Google Meet

Want to turn on fun video effects during your next call? Or do you need to blur your background when you hop on your next online work meeting? You can now do both in Google Meet on Firefox. If you use Firefox version 115 or higher, you can set your visual effects either before or during your Meet meeting. 

If you are in the waiting room prior to your call, you can select “Apply visual effects” (the button with sparkles), which will present you the usual Google Meet menu of filter options.

A screenshot of the Google Meet waiting room, where you can select visual effects.<figcaption class="wp-element-caption">If you use Firefox version 115 or higher, you can set your visual effects either before or during your Meet meeting. </figcaption>

If you’re already in the call, you can select “More Options” (the button with the three dots) in the menu bar at the bottom of the page and then select “Apply visual effects.”

A screenshot of a Google Meet call, with a penguin selecting “Apply Visual Effects.”<figcaption class="wp-element-caption">During a Google Meet call, select “Apply visual effects.”</figcaption>

It’s not just Google Meet. Here’s a list of other Google tools and services that works great on Firefox:

  • Workspace (Gmail, Calendar, Chat, Docs, Drive, Meet, Sheets, Slides)
  • Classroom
  • Forms
  • Keep
  • Maps
  • Photos
  • Translate
  • Voice
  • YouTube (videos and Music)

So if you’re considering a switch but have had concerns with compatibility, you can be confident that Google services work great with Firefox — and that we’re always working on meeting your ever-changing needs.

Get Firefox

Get the browser that protects what’s important

The post Google Meet and the rest of G Workspace are working better than ever on Firefox appeared first on The Mozilla Blog.

The Mozilla BlogReclaim the internet with Mozilla

Remember when the internet felt personal? Like a cool space for ourselves to discover really amazing things? The web allowed us to tell our stories in new ways, learn from others across the world and solve problems together. This extraordinary power is what sparked Mozilla’s commitment to a healthy internet, through activism and open source projects like Firefox. Now, just as we asked people to build with us 25 years ago, we invite everyone to join us in our new call to action: reclaiming the internet.  

Mozilla knows there are not-so-great things about being online these days. From misinformation and security risks to being tracked for our data and the great speed at which AI is overtaking our lives, it can all make us feel like we’re just scrolling along for the ride. But while profit has shaped the web for too long, we still believe that the best days of the internet are still to come — and that people can and should reclaim their narrative, their time and the connections they make online. This is why we’re taking Mozilla’s quarter anniversary as an opportunity to both reflect on our accomplishments of the last 25 years and to set a course for the decades ahead. 

To commemorate this moment, we are hosting a five-day event at the Alte Münze in Berlin this Oct. 12 to 16 that embodies all of what Mozilla has been, what it aims to be and what it envisions for the internet. 

Daytime visitors will get to explore the future through four immersive rooms that show what’s possible when internet users reclaim expression, inspiration, wonder and community. In the evening, we will host an array of programming including an awards ceremony celebrating the inaugural cohort for Rise 25, a recognition of 25 everyday people who are shaping the future of the internet, creating technologies to be more ethical, responsible and equitable, and content that is more inclusive and diverse. They’re the next generation of leaders who will help empower all of us to make the internet cooler, safer and more aligned with the future we all dream of.

You can reserve tickets for Mozilla’s Reclaim the Internet event here.

Of course, we want you to join us even if you’re not in Berlin. You’ll be able to check out the exhibits and events on our Instagram and TikTok, including a livestream of the Rise25 award ceremony on Mozilla’s YouTube page

So, let’s come together and reclaim the internet. With your help, we can shape a future where individual expression, inspiration, wonder and community define our personal experiences online. The time is now to act, build and choose a better internet — and we need to do it together.

The post Reclaim the internet with Mozilla appeared first on The Mozilla Blog.

The Mozilla BlogDeciding for ourselves: 98% of people want a browser choice screen, Mozilla study finds

What if we got to easily choose our web browser, and didn’t have to rely on complex operating system settings to change the pre-installed default?

At Mozilla, our mission has always centered on empowering people to shape their own experiences online. But these days, big tech too often trumps individual choices, whether that’s through the algorithms that populate our feeds, the online reviews that influence our purchases or the barriers to changing pre-installed browsers on our devices — and keeping that choice. 

The reality is that much of our online experience is controlled by a small number of tech companies. Seeking a solution to the immense gatekeeping power concentrated in the hands of a few, lawmakers and regulatory bodies around the world are considering a range of interventions. One of these is “choice screens,” which prompt users to actively select their preferred default web browser.

Mozilla is interested in whether and how these remedies might work, not just as the maker of the privacy-focused Firefox, but as an organization with a mission to equip people to make their own choices. So, we conducted in-depth research with 12,000 people in Germany, Spain and Poland to understand how choice screens influence their decisions, preferences and satisfaction levels. Here’s what we learned:

1. Browser choice screens affect people’s decisions

Choice screens proved to be powerful influencers of user decisions. More than half of the people who were not presented with a choice screen said that they expected to change the default browser that had been selected for them, suggesting that the pre-installed browser may not serve the needs or preference of many users. On the other hand, 98% of the people who select a browser through a choice screen expect to stick with it. Even more encouraging: Choice screens led many users to opt for independent browsers that were not tied to the operating system or device manufacturer – a sign of fairer competition among browsers. 

2. The design, content and timing of the choice screen matter

Several factors affected people’s choices:

  • Providing more information about the browsers led to a slight increase in users selecting independent browsers while reducing the preference for the pre-installed ones. 
  • People preferred to see a wide variety of browsers. 
  • The positioning of browsers within the choice screen played a crucial role, with lower-positioned browsers being chosen less frequently, particularly on Android devices. For example, moving a browser from the first to fourth on the list significantly reduces the likelihood of a user selecting that browser. 
  • People preferred to see a choice screen during the process of setting up their device. Participants who see the choice screen after set-up, immediately after launching the pre-installed browser, are considerably more inclined to select this browser as their default choice. 

3. People want to choose their default browser

How users feel about choice screens was clear from the survey: An overwhelming majority (98%) of people preferred to see a choice screen. They want to see more information, a wide selection of browsers and the option to select their default browser while setting up their devices. 

4. Better user satisfaction

Perhaps most importantly, choice screens resulted in better user satisfaction across various metrics – including the ease of setting up the device, the amount of time it took to set up the device, and the range of settings they could customize. Notably, choice screens also boosted satisfaction with “the extent to which I felt in control” by 12%.  

Mozilla is currently engaging with regulators, companies, industry leaders, academics and consumer organizations to discuss the findings of this experiment. These insights provide a solid starting point for conversations to maximize the effectiveness of choice screens and address competition-related concerns. You can read the full report here

The power to choose a web browser should be in the hands of users. When thoughtfully designed and implemented, browser choice screens have the potential to reshape the digital landscape and empower users to make informed choices in a web that’s teeming with possibilities. We’re excited to continue this journey towards a more open and user-centric internet, and we ask you to be a part of it.

The post Deciding for ourselves: 98% of people want a browser choice screen, Mozilla study finds appeared first on The Mozilla Blog.

SeaMonkeySeaMonkey 2.53.17.1 is out!

Hi All,

This is a quick note that SeaMonkey 2.53.17.1 has been released.  It fixes some security issues and includes a few bug fixes.  Please check out [1] and/or [2].

:ewong

[1] – https://www.seamonkey-project.org/releases/seamonkey2.53.17.1/

[2] – https://www.seamonkey-project.org/releases/2.53.17.1

The Mozilla Thunderbird BlogThunderbird for Android / K-9 Mail: August 2023 Progress Report

a dark background with thunderbird and k-9 mail logos centered, with the text "Thunderbird for Android, August 2023 progress report"

A Quiet Yet Productive Month

August was a relatively calm month for the K-9 Mail team, with many taking well-deserved summer vacations and attending our first Mozilla All-Hands event. Despite the quieter pace, we managed to hit a significant milestone on our journey to Thunderbird for Android: the beta release of our new account setup interface.

Beta Release with New Account Setup: We Want Your Feedback!

We’re thrilled to announce that we rolled out a beta version featuring the new account setup UI. This has been a long-awaited feature, and even though the team was partially on vacation, we managed to get it out for user testing. The initial feedback has been encouraging, and we’re eager to hear your thoughts.

You can find the K9-Mail v6.710 beta version here:

If you’ve tried the beta, we’d love to get your feedback. What did you like? What could be improved? Your insights will help us refine the feature for its official release.

How to Provide Feedback

You can provide feedback through the following channels:

Community contributions

In August we merged the following pull requests by these awesome contributors:

Releases

In August 2023 we published the following beta versions:

If you want to help shape future versions of the app, become a beta tester and provide feedback on new features while they are still in development.

The post Thunderbird for Android / K-9 Mail: August 2023 Progress Report appeared first on The Thunderbird Blog.

The Mozilla BlogSeeing a Firefox IRL

Two images of red panda with a browser window overlay.

Did you know that the red panda is also known as a firefox? Sept. 16 is International Red Panda Day, so we thought it would be a good time to visit a Firefox, ahem red panda, in real life and talk to their caretakers at zoos across the U.S.

Red pandas are the first panda — discovered nearly 50 years before the giant panda. Unfortunately, they are also endangered with as few as 2,500 remaining in the wild. Founded in 2007, Red Panda Network (RPN) responds to threats to the species with community-based programs that empower local people to conserve red pandas and their habitat. You can learn about RPN’s work here

Additionally, across the world, there are several zoos that participate in a breeding program to help grow the red panda population. Now is a great time to visit the red pandas at your nearest zoo.

Before you go, let us tell you more about the red pandas and the people who care for those adorable red cat-bears (another moniker they go by). We reached out to five zoos who participate in the special red panda program, and sent questions to learn from the zookeepers and the red pandas they care for.

Click on the links below to read more about the red pandas and their caretakers:

A zookeeper feeds a red panda perched on a tree.<figcaption class="wp-element-caption">Potter Park Zoo’s zookeeper Carolyn with Wilson. (Photo credit: Heath Thurman)</figcaption>

Thank you so much to the zookeepers who spent time to share their knowledge with us. We’d love to learn more about other red pandas in the world, so if you happen to be at your local zoo, share your photos with us on Twitter, Instagram or TikTok. We can’t wait to see more firefoxes!

Get Firefox

Get the browser that protects what’s important

The post Seeing a Firefox IRL appeared first on The Mozilla Blog.

The Mozilla BlogFirefox IRL: Meet Seattle’s Carson, the Woodland Park Zoo’s feisty red panda

A red panda, with a browser window overlay on its face, crouches on a stump while a zookeeper feeds it.<figcaption class="wp-element-caption">Megan Blandford, the animal keeper at the Woodland Park Zoo, feeds a red panda. (Photo credit: Woodland Park Zoo.)</figcaption>

Did you know that the red panda is also known as a firefox? Sept. 16 is International Red Panda Day, so we thought it would be a good time to visit a Firefox, ahem red panda, in real life and talk to their caretakers at zoos across the U.S. See our full series of interviews here.

Situated in the Pacific Northwest, the Woodland Park Zoo in Seattle offers a temperate forest that provides cooler temperatures where animals like the red panda can thrive. There, you’ll meet Carson, an 8-year-old red panda. 

Carson’s caretaker is Megan Blandford, the animal keeper at the Woodland Park Zoo. Megan describes Carson’s personality as feisty, and from what we’ve heard, you can either find him looking for food scraps or napping at the top of his tree. We love naps, too!

We caught up with Megan where she tells us more about Carson, shares her first foray in the zoo world (you’ll never guess, it involved building a piano for a killer whale) and how caring for a red panda provides job security. 

Tell us about the red pandas you care for:

“…currently has one 8-year-old Himalayan red panda named Carson that you can see daily in Woodland Park Zoo’s temperate forest [habitat]. He’s got a very feisty personality and never hesitates to let you know his strong opinions and feelings about things. He will move heaven and earth for a few bites of grapes and apples, and is sure to assist the keepers every afternoon when we aren’t giving him his daily allotment of bamboo fast enough. When he’s not cruising around on the ground for potentially missed food scraps, you can usually find him curled up in his favorite snooze spot towards the top of the tree in front of his exhibit.”

A red panda sticks its tongue out. <figcaption class="wp-element-caption">Woodland Park Zoo’s 8-year-old Himalayan red panda, Carson. (Photo credit: Jeremy Dwyer-Lindgren/Woodland Park Zoo)</figcaption>

What’s the coolest part about working with red pandas?

“There are so many great things about working with red pandas that it’s hard to say what the best part is! I think personally my favorite part is when Carson sees me first thing in the morning and gets SO excited. He will run along the fence to greet me and is equally excited to come in and eat/train when I come back over a few minutes later. Fun fact! Picture what you would imagine a unicorn sounds like, and that’s one of the primary vocalizations the red pandas make. It’s like an extremely high-pitched rapid neighing. I also love being able to do keeper talks and talk to the public about them and how special they are, and let them know that there are actions that they can take to help protect these unique animals that are endangered in the wild.”  

How did you get your start as a zookeeper?

I’ve been an animal keeper since 2011 and have been working with red pandas since 2020. When I was in college, I initially wanted to become a veterinarian but learned through my university that I HATED performing surgery and needed to change my goals. After working in a herpetology and parrot cognition lab on campus, I thought I might try my hand at zookeeping. I first dipped my toe into the zoo world as an intern at Six Flags Discovery Kingdom in California, where I produced ideas and then built enrichment items for an orca they had at the time (I ended up working with an engineering team to build a Simon-says killer whale piano for her.) It can be very competitive to break into the zoo world, so after I graduated and was unable to land another zoo internship or job, I worked as a freelance photographer specializing in human rights violations in Africa, specifically the Gambaga outcast witch colony and the black markets around Ghana. When I got back to the U.S. I was lucky enough to get a full-time internship in Toledo, Ohio working with elephants. From there I was hired on, and the rest is history. I eventually started working at Woodland Park Zoo; the red pandas are always the highlight of my day.”

What does your typical day look like?

My typical day starts with life checking all the animals on my unit to make sure no one had any issues overnight (e.g. HVAC going out, branch falling on a fence, tragically uninformed mallards wandering into predator areas, etc), which for me includes the maned wolves, red pandas, southern pudu and jaguars. Then I’ll prep their diets in the morning and start their morning feedings. After everyone is happy and satiated, I’ll start cleaning, and red pandas make up a large part of that because red pandas defecate a lot! Like, an alarming amount if you aren’t expecting it. Their diets consist of lots of items like bamboo that are very low in nutritional value and take lots of energy to digest. As a result, they both sleep and poop a staggering amount. If you imagine the amount a typical golden retriever might produce in a day, each red panda produces about five times as much as that per day, it’s fantastic job security. I’ll also train all the animals throughout the day so that they can participate in their own husbandry and veterinary care; it allows us the flexibility to give them choice and control regarding their care. For example, we do voluntary blood draws on Carson every few months. The male red panda is trained to sit on a platform and is reinforced with his favorite snacks while our talented veterinary staff draw blood from his tail. He’s great at other behaviors as well, like allowing voluntary injections and standing on a scale to obtain his weight. After feeding, training and cleaning, I then start to feed out their diets for overnight and check on them one last time (I like to think of it as tucking them in) before leaving for the day.”

Thank you, Megan, for sharing your stories about being a zookeeper and Carson. One of these days we’ll have to get an audio recording of Carson doing his impression of a unicorn with his “extremely high-pitched rapid neighing.”  

Get Firefox

Get the browser that protects what’s important

The post Firefox IRL: Meet Seattle’s Carson, the Woodland Park Zoo’s feisty red panda appeared first on The Mozilla Blog.

The Mozilla BlogFirefox IRL: Meet Amaya, Basu, Takeo and Pili, Sacramento Zoo’s fantastic four red pandas

Did you know that the red panda is also known as a firefox? Sept. 16 is International Red Panda Day, so we thought it would be a good time to visit a Firefox, ahem red panda, in real life and talk to their caretakers at zoos across the U.S. See our full series of interviews here.

Sacramento Zoo has a full house with four red pandas: Amaya, Basu, Takeo and Pili. Just like people, each red panda has a unique personality. Their caretaker, Rachel Winkler, animal care supervisor at the Sacramento Zoo, shares her stories about this foursome.

Originally a math major, Rachel volunteered at the Sacramento Zoo when she discovered how much she liked caring for animals. From there, she went on to other zoos to learn more about becoming a zookeeper. Now, she’s back at Sacramento Zoo. She tells about the resident red pandas’ favorite snacks, sleeping spots and more. 

Tell us about the red pandas you care for.

“…we have four red pandas: one breeding pair (Amaya and Basu) and one pair of roommates (Takeo and Pili). Amaya is 6 years old and is our breeding female. She is pretty shy, only being comfortable with her regular keepers. She loves grapes and bamboo! Basu is 9 years old and is our breeding male. We call him the “golden boy” because of his yellow tinted fur, plus he’s super sweet. He loves strangers and always comes over when someone new comes to the area. Takeo is 14 years old and is the sweetest old man. Despite not having many teeth left in his old age, he loves craisins (cranberry raisins). He likes to sleep a lot, but usually loses his sleeping spot to Pili, since it’s her favorite spot too. Pili is 11 years old and is a sassy lady.  She likes to get what she wants, even if that means bumping Takeo out of somewhere he’s already asleep. Being on the older side hasn’t slowed her down, and she’s still very spunky!”

A red panda is perched on a tree.<figcaption class="wp-element-caption">Sacramento Zoo’s 14-year-old Takeo stills still loves to eat craisins despite not having many teeth left. (Photo credit: Sacramento Zoo)</figcaption>

What’s the coolest part about working with red pandas?

“The best part about working with red pandas is knowing I get to take care of an endangered species; there are less than 10,000 red pandas left in the wild. While it’s sad to know their population is struggling in the wild, it is exciting to be privileged to work with such a rare animal, and help raise awareness about conservation efforts to guests to help them in the wild. Here at the Sacramento Zoo, we support the Red Panda Network, who works hard to protect native panda habitat in Nepal as well as conduct research studies to better understand and save the pandas. I also love working with the red pandas because they are charismatic fluff balls who love their grapes.”

A red panda sits on a wooden table with a tennis ball.<figcaption class="wp-element-caption">Sacramento Zoo’s 9-year-old Basu is called the “golden boy” because of his yellow tinted fur. (Photo credit: Sacramento Zoo)</figcaption>

How did you get your start as a zookeeper?

“I started volunteering at Sacramento Zoo when I was an undergrad at UC Davis.  I was actually a math major on track to be a teacher when I realized how much I liked the animal care field and helping with conservation. Through volunteering, I was able to get enough experience to get an internship at the Oakland Zoo over the summer of my junior year of college. After graduation, through my experience at the Oakland Zoo, I applied and was hired as a paid apprentice (full-time temporary learning position) at Oakland. While at Oakland, I got to work with a variety of taxa from tiny tenrecs all the way up to giraffes! After about two years at Oakland, I was able to get a full-time permanent position at the Santa Barbara Zoo, where I worked primarily with gorillas, giraffes and meerkats, as well as being cross-trained in all other mammal areas. After about four years in Santa Barbara, I took a primary ungulate keeper position at Sacramento and moved back. After three years, I was promoted to animal care supervisor, where I oversaw the ungulate department, and recently have moved to oversee the commissary and carnivore department (which includes the red pandas!).”

A woman smiles in a selfie photo. On top is a red panda in a wooden box on a tree.<figcaption class="wp-element-caption">Sacramento Zoo’s Rachel with red panda Takeo. (Photo credit: Sacramento Zoo)</figcaption>

What does your typical day look like?

“Every morning animal care staff has a morning meeting where we go over important tasks for the day, the veterinary schedule for the day and share anything within sections that the whole department should know about. From there, we gather our diets for the day from the commissary and break into the section teams for the day and hash out section goals/needs. Once we have planned out the day, we go and do life checks on the animals to make sure everyone is okay to start our day. Mornings include the majority of cleaning of animal areas and habitats and feeding out a.m. diets. The rest of the day varies based on animals or sections you’re in, but some animals get midday feeds as well as p.m. feedings. After lunch usually lends free time for projects like creating enrichment, training or habitat upkeep.  At the end of the day, making sure everyone is fed, closed into appropriate areas/given access to off-habitat areas as needed, and we’re good to go until tomorrow when we do it all again.”

A red panda is perched on a tree.<figcaption class="wp-element-caption">Sacramento Zoo’s 11-year-old Pili is a sassy lady who likes to get what she wants. (Photo credit: Sacramento Zoo)</figcaption>

Thank you, Rachel, for sharing your stories about this foursome. Sounds like there are more fun adventures in store for this group.

Get Firefox

Get the browser that protects what’s important

The post Firefox IRL: Meet Amaya, Basu, Takeo and Pili, Sacramento Zoo’s fantastic four red pandas  appeared first on The Mozilla Blog.

The Mozilla BlogFirefox IRL: Meet Linda and Saffron, Idaho Falls Zoo’s mother-daughter red panda duo

Did you know that the red panda is also known as a firefox? Sept. 16 is International Red Panda Day, so we thought it would be a good time to visit a Firefox, ahem red panda, in real life and talk to their caretakers at zoos across the U.S. See our full series of interviews here.

Forget “Gilmore Girls.” The best mother-and-daughter show to watch is right at Idaho Falls Zoo. We’re talking about red panda Linda and her little one, Saffron. 

In 2021, Saffron was born at Idaho Falls Zoo and since then, she’s been at her mother’s side. Katie Barry, general curator at the zoo, tells us that Saffron recently discovered how yummy grapes taste and is always looking for treats along with her mom. We chatted with Katie, who shared a fun fact about how red pandas are able to go head first down a tree.

Tell us about the red pandas you care for.

“Linda is very much a nosey panda, wanting to be right up in your business as we clean the enclosure. She is always looking for handouts and loves bamboo and grapes. Saffron is a little more cautious and will keep her distance until the food comes out. Linda always hogs the grapes, so growing up Saffron never knew how good they were until late last year when she had her first one. Now she will be right up with Linda waiting when keepers come in with treats.”

Two red pandas are perched on tree logs.<figcaption class="wp-element-caption">Idaho Falls Zoo mother and daughter, Linda and Saffron. (Photo credit: Idaho Falls Zoo)</figcaption>

What’s the coolest part about working with red pandas?

“Red pandas are very curious, smart and playful animals. Being able to work with them is just amazing. They are fun to watch move the enclosure, over logs, ropes, ladders and tree branches. Their adaptation of the thumb-like bone to help grip the stocks of bamboo and cool ankle bone structure that allows them to turn their foot so they can go head first down a tree.” 

How did you get your start as a zookeeper?

Beginning my career in zookeeping, I first obtained a biology degree with an emphasis in zoology. From there, I took the time searching for internships and other available opportunities to get work experience in the zoo field. For me, I did a yearlong program at a facility in Washington that had exotic, big cats and learned animal husbandry basics. My peers and I had classes going over USDA regulations, nutrition and diet prep to proper cleaning and care for the animals. After completing the program, I was fortunate enough to get a job at a zoo in Mississippi as a zookeeper. Through my career, I have had the privilege to work with a variety of animals, from reptiles to primates and just about everything in between. Though I did enjoy the carnivores best; the red pandas are part of the small carnivore group.”

What does your typical day look like?

 “A typical day consists of a morning meeting where as a team we discuss what is going on, any meetings, trainings, tours, etc. that may be happening that we need to know about and schedule for. From there, our top priority is to check all the animals in our areas making sure they are all in good health, followed by a.m. feedings, any medications that need to be given out and moving on to clean. Exhibits are cleaned and checked before animals are put back out for the day and once out, holding areas are cleaned and checked over as well as giving out enrichment. The day is finished up with making diets for the night and next morning followed by p.m. feedings, shifting of any animals per protocols and end-of-the-day health checks. During the middle of the day, as time allows, we do various projects around our respective areas, fill out the day’s paperwork and work with the animals on specific behaviors to help promote better veterinary care and overall animal management. While the zoo is open, the animal care staff provides educational encounters with the public throughout the day.”

For visitors to the Idaho Falls Zoo, you can meet the zookeeper at the red panda exhibit on Saturdays to learn more about the mother-daughter duo. 

Thank you, Katie, for sharing your stories about Linda and Saffron. It sounds like just the perfect show to watch this summer!

Get Firefox

Get the browser that protects what’s important

The post Firefox IRL: Meet Linda and Saffron, Idaho Falls Zoo’s mother-daughter red panda duo appeared first on The Mozilla Blog.

The Mozilla BlogFirefox IRL: Meet Deagan, Maliha and Wilson, Michigan Potter Park Zoo’s red panda family

Did you know that the red panda is also known as a firefox? Sept. 16 is International Red Panda Day, so we thought it would be a good time to visit a Firefox, ahem red panda, in real life and talk to their caretakers at zoos across the U.S. See our full series of interviews here.

This past July marked the first birthday of Potter Park Zoo’s newest red panda, Wilson. His birth last year is part of the Association of Zoos and Aquariums (AZA)’s red panda Species Survival Plan Program. To maintain genetic diversity in the red panda population, the Michigan zoo’s female red panda Maliha was paired with Deagan Reid, and together they brought Wilson into this world.

The family’s caretaker is Carolyn Schulte, carnivore and primate keeper at Potter Park Zoo. Carolyn grew up loving animals and is close to celebrating 10 years at the zoo. Carolyn tells us the advantages of having a solo cub to help care for, as well as how she and others on the team are able to deepen their relationship with the cub through close contact. 

Tell us about the red pandas you care for.

We currently house three red pandas: Deagan Reid (dad), Maliha (mom) and Wilson (son). Deagan Reid is a great panda but prefers to do his own thing. He is willing to work with keepers for his favorite treat (pear) but more often prefers napping in a high spot in his habitat. Maliha is a very keeper-oriented panda, even when her favorite treat (grapes) is not involved, although she will never turn one down. This affinity for her caretakers means we have been able to train some helpful behaviors, including awake voluntary ultrasound, which we have used to confirm each of her three pregnancies. Wilson is our newest addition, born last July, and he had quickly become a staff favorite. Red pandas can have litters of one to four, with two being the most common, but Wilson was born as a solo cub. This means he got our undivided attention while still in the nest box, and he quickly learned that keepers usually mean snacks. He is a playful, inquisitive and intelligent panda and is a joy to work with.”

A red panda is perched on a tree log. <figcaption class="wp-element-caption">Potter Park Zoo’s newest addition, Wilson, will be celebrating his first birthday in July. (Photo credit: Heath Thurman)</figcaption>

What’s the coolest part about working with red pandas?

 “Unlike most of the other animals in my department, red pandas are not protected contact, but free contact, meaning we can share space. This makes caring for them and training them much simpler and means it is easier to develop close relationships. Due to this close relationship, we also get to be more involved when cubs are born since our female Maliha allows us to check in on the cubs’ progress almost daily without getting stressed. We can also start forming relationships with the cubs at a young age while they are still in the nest box, which makes caring for them and training behaviors much easier.”

How did you get your start as a zookeeper?

I always loved animals and knew I would work with them someday, I just didn’t know what that looked like. It wasn’t until I went to MSU and found out they had a degree in zoology with a concentration in zoo and aquarium science that I realized zookeeping was a real career pathway worth pursuing. I interned at John Ball Zoo in Grand Rapids during college and worked there as a keeper aide the summer after graduating. I heard Potter Park Zoo had a paid internship available, so I applied and got it! After the internship I applied twice to open full-time keeper positions here before being hired on. I’m now almost to my 10-year work anniversary.”

A zookeeper feeds a red panda perched on a tree. <figcaption class="wp-element-caption">Potter Park Zoo’s zookeeper Carolyn with Wilson. (Photo credit: Heath Thurman)</figcaption>

What does your typical day look like?

A typical day is busy. It begins with checking on and feeding all the animals I’m responsible for that day. The zoo is divided up into three animal departments, and each department is divided among two or three keepers on a given day. Most of the animals I work with require protected contact (humans and animals never share space), so feeding usually happens in off-exhibit spaces, giving me a chance to clean and check exhibits before sending animals back out for the day. This is also a good time to place enrichment (anything that encourages an animal to exhibit natural behaviors) in the exhibit. The middle of the day involves cleaning off-exhibit spaces and doing any projects that need to get done. The end of the day involves another round of checking on animals and feeding before leaving for the night.”

A zookeeper looks toward two red pandas perched on a tree log.<figcaption class="wp-element-caption">Potter Park Zoo’s zookeper Carolyn with Maliha (mom) and Wilson (baby). (Photo credit: Heath Thurman)</figcaption>

For visitors to the Potter Park Zoo, there are daily keeper talks, where you can learn fascinating facts and insights about the red pandas. 

Thank you, Carolyn, for sharing your photos and stories about the red panda family. We wonder how Potter Park Zoo will celebrate Wilson’s first birthday. Is the traditional smash cake for the first birthday also a thing for red pandas? 

Get Firefox

Get the browser that protects what’s important

The post Firefox IRL: Meet Deagan, Maliha and Wilson, Michigan Potter Park Zoo’s red panda family   appeared first on The Mozilla Blog.

The Mozilla BlogFirefox IRL: Meet Rose and Ruby, Zoo Atlanta’s red panda sisters

Did you know that the red panda is also known as a firefox? Sept. 16 is International Red Panda Day, so we thought it would be a good time to visit a Firefox, ahem red panda, in real life and talk to their caretakers at zoos across the U.S. See our full series of interviews here.

Do you remember the story, “Little Women”? It’s a classic tale about sisters who experience the ups and downs of life. Well, here’s another sister story to follow right at Zoo Atlanta, where a “Little Women” tale of red panda sisters is unfolding this summer.

Recently, Zoo Atlanta welcomed red panda sisters, Rose and Ruby from Zoo Knoxville. Their caretaker Michelle Elliott, Senior Keeper in Mammals at the Zoo Atlanta, shares fun facts about their red fur and her inspiration for becoming a zookeeper. 

Tell us about the red pandas you care for:

We recently welcomed sisters Rose and Ruby to Zoo Atlanta from Zoo Knoxville, and they are still living in a special area for newly-arrived animals while their habitat receives some upgrades to make it a better fit for two red pandas (we previously had just one). While there, they are taken care of by an animal care teammate who welcomes all of the Zoo’s new animals – she gets to care for wide variety of species! She reports that they are doing great and are really beginning to show their separate personalities. We can’t wait to meet them!”

A red panda is perched on a tree, sniffing some leaves.<figcaption class="wp-element-caption">Zoo Atlanta’s Rose enjoying a bamboo for snack. (Photo credit: Zoo Atlanta)</figcaption>

What’s the coolest part about working with red pandas?

I love that there’s always something more to learn about them! Did you know that red pandas have red fur to blend in with a moss that grows in the trees in their native habitat, or that they don’t actually have paw pads? Their fur on the underside of their paw is just super dense. They are really neat animals!”

How did you get your start as a zookeeper?

My inspiration to become an animal care professional came when I participated in an overnight program at Zoo Atlanta at 9 years old. I fell in love with the tigers, and when our instructor told us they were endangered, I decided to work in the conservation field so I could help save the species.”

A zookeeper smiles at the camera.<figcaption class="wp-element-caption">Zoo Atlanta’s Michelle has been busy with the new red pandas who will soon be making their public appearance this summer. (Photo credit: Zoo Atlanta)</figcaption>

What does your typical day look like?

“We arrive a couple hours before the Zoo opens to give the animals their morning meals, set up the public habitats for the day with enrichment, and do positive reinforcement training sessions with the animals. Once the Zoo is open and the animals are in their habitats, we clean their behind-the-scenes areas and prepare those with fresh hay beds and even more enrichment for the evening. There are often Keeper Talks, midday feedings, behind-the-scenes tours, or meetings in the afternoon, and at the end of the day we give the animals access to come inside to eat their dinners and start making a new mess for us to clean tomorrow!”

Thank you, Michelle, for sharing your stories. We can’t wait to for Rose and Ruby to meet everyone who visits them in their new habitat.

Get Firefox

Get the browser that protects what’s important

The post Firefox IRL: Meet Rose and Ruby, Zoo Atlanta’s red panda sisters  appeared first on The Mozilla Blog.

The Mozilla Thunderbird BlogThunderbird Podcast #4: Will The Real Mozilla Please Stand Up?

The Thunderbird logo is shown embracing a microphone. Underneath is the text "Will the real mozilla please stand up?"

The Thunderbird team is back from Mozilla’s All-Hands event, and we’re overwhelmed in the most positive way. In addition to the happy and positive vibes we’re feeling from meeting our colleagues in person for the first time, we have a lot of thoughts and impressions to share. Ryan, Jason, and Alex talk about how Mozilla is building AI tools for the good of humanity, and how our perception of AI has changed dramatically. Plus, the problem with the “hey Mozilla, just build a browser” argument.

Today’s episode is light on actual Thunderbird talk, and more focused on Mozilla as an organization and the future of AI. We hope you enjoy it as much as we enjoyed discussing it!

Subscribe To The Podcast

Have a question or comment for us? Just email podcast@thunderbird.net.

Thunderbird Podcast Episode #4 Chapters:

  • (00:00) – Intro
  • (00:28) – The All-Hands Hangover
  • (03:10) – The Thunderbird Team IRL!
  • (09:42) – moz://a beyond the products
  • (13:36) – Tackling AI & web issues
  • (19:24) – The “just build a browser” argument
  • (21:46) – Alex changes his mind about AI
  • (23:38) – Building AI tools for good
  • (33:09) – Fighting for the soul of the internet
  • (40:11) – Thunderbird and AI?
  • (47:16) – Warm fuzzy feelings
  • (52:51) – Outro

The post Thunderbird Podcast #4: Will The Real Mozilla Please Stand Up? appeared first on The Thunderbird Blog.

Web Application SecurityVersion 2.9 of the Mozilla Root Store Policy

Online security is constantly evolving, and thus we are excited to announce the publication of MRSP version 2.9, demonstrating that we are committed to keep up with the advancement of the web and further our commitment to a secure and trustworthy internet.

With each update to the Mozilla Root Store Policy (MRSP), we aim to address emerging challenges and enhance the integrity and reliability of our root store. Version 2.9 introduces several noteworthy changes and refinements, and within this blog post we provide an overview of key updates to the MRSP and their implications for the broader online community.

Managing the Effective Lifetimes of Root CA Certificates

One of the most crucial changes in this version of the MRSP is to limit the time that a root certificate may be in our root store. Often, a root certificate will be issued with a validity period of 25 or more years, but that is too long when one considers the rapid advances in computer processing strength. To address this concern and to make the web PKI more agile, we are implementing a schedule to remove trust bits and/or the root certificates themselves from our root store after they have been in use for more than a specified number of years.

Under the new section 7.4 of the MRSP, root certificates that are enabled with the website’s trust bit will have that bit removed when CA key material is 15 years old. Similarly, root certificates with the email trust bit will have a “Distrust for S/MIME After Date” set at 18 years from the CA’s key material generation date. A transition schedule has been established here, which phases this in for CA root certificates created before April 14, 2014. The transition schedule is subject to change if underlying algorithms become more susceptible to cryptanalytic attack or if other circumstances arise that make the schedule obsolete.

Compliance with CA/Browser Forum’s Baseline Requirements for S/MIME Certificates

The CA/Browser Forum released Baseline Requirements for S/MIME certificates (S/MIME BRs), with an effective date of September 1, 2023. Therefore, as of September 1, 2023, certificates issued for digitally signing or encrypting email messages must conform to the latest version of the S/MIME BRs, as stated in section 2.3 of the MRSP. Period-of-time audits to confirm compliance with the S/MIME BRs will be required for audit periods ending after October 30, 2023. Transition guidance is provided at the following wiki page: https://wiki.mozilla.org/CA/Transition_SMIME_BRs.

Security Incident and Vulnerability Disclosure

To enable swift response and resolution of security concerns impacting CAs, guidance for reporting security incidents and serious vulnerabilities has been added to section 2.4 of the MRSP. Additional guidance is provided in the following wiki page: https://wiki.mozilla.org/CA/Vulnerability_Disclosure.

CCADB Compliance Self-Assessment

Previously, CAs were required to perform an annual self-assessment of compliance with Mozilla’s policies and the CA/Browser Forum’s Baseline Requirements for TLS, but the MRSP did not specifically require that the annual self-assessment be submitted. Beginning in January 2024, CA operators with root certificates enabled with the website’s trust bit must perform and submit the CCADB Compliance Self-Assessment annually (within 92 calendar days from the close of their audit period). This will provide transparency into each CA’s ongoing compliance with Mozilla policies and the CA/Browser Forum’s Baseline Requirements for TLS.

Elimination of SHA-1

With the release of Firefox 52 in 2017, Mozilla removed support for SHA-1 in TLS certificates. Version 2.9 of the MRSP takes further steps to eliminate the use of SHA-1, allowing it only for end entity certificates that are completely outside the scope of the MRSP, and for specific, limited circumstances involving duplication of an existing SHA-1 intermediate CA certificate. These efforts align with industry best practices to phase out the usage of SHA-1.

Conclusion

Several of these changes will require that CAs revise their practices, so we have sent CAs a CA Communication and Survey to alert them about these changes and to inquire about their ability to comply with the new requirements by the effective dates.

These updates to the MRSP underscore Mozilla’s unwavering commitment to provide our users with a secure and trustworthy experience. We encourage your participation in the Mozilla community and the CCADB community to contribute to these efforts to provide a secure online experience for our users.

The post Version 2.9 of the Mozilla Root Store Policy appeared first on Mozilla Security Blog.

The Mozilla BlogHow to easily switch from Chrome to Firefox

There’s never been a better time to switch from Chrome to Firefox, if we do say so ourselves. 

Some of the internet’s most popular ad blockers, such as uBlock Origin — tools that save our digital sanity from video ads that auto-play, banners that take up half the screen and pop-up windows with infuriatingly tiny “x” buttons — will become less effective on Google’s web browser thanks to a set of changes in Chrome’s extensions platform

At Mozilla, we’re all about protecting your privacy and security – all while offering add-ons and features that enhance performance and functionality so you can experience the very best of the web. We know that content blockers are very important to Firefox users, so rest assured that despite changes to Chrome’s new extensions platform, we’ll continue to ensure access to the best privacy tools available – including content-blocking extensions that not only stop creepy ads from following you around the internet, but also allows for a faster and more seamless browsing experience. In addition, Firefox has recently enabled Total Cookie Protection as default for all users, making Firefox the most private and secure major browser available across Windows, Mac and Linux.  

Longtime Chrome user? We know change can be hard. But we’re here to help you make the move with any data you want to bring along, including your bookmarks, saved passwords and browsing history.  

Here’s how to easily switch from Chrome to Firefox as your desktop browser in five steps:

Step 1: Download and install Firefox from Mozilla’s download page

Step 2: If you have Chrome running, quit the app. But don’t delete it just yet.

Step 3: Open Firefox. The import tool should pop up. 

In case it doesn’t, click the menu button Fx57Menu > Settings > Near “Import Browser Data,” click “Import Data.”

Step 4: Select what you want to import. If you have more than one type of data saved in Chrome, you would be able to expand the “Import all available data” section to choose what information you’d like to import to Firefox:

  • Saved Passwords: Usernames and passwords you saved in Chrome. Here’s why you can trust Firefox with your passwords.
  • Bookmarks: Web pages that you bookmarked in Chrome. 
  • Browsing History: A list of web pages you’ve visited. If there’s an article you didn’t quite finish last week, bring over your browsing history so you can find it later.
  • Saved Payment Methods: When you’re ordering something online, web forms can be populated with credit card information you’ve saved (except your CVV number, as a precaution). On Firefox, you can also use a password as an extra layer of protection for your credit card data.

We may be a little biased, but we truly believe that Mozilla’s commitment to privacy helps make the internet better and safer for everyone. We wouldn’t be able to do it without the support of our community of Firefox users, so we’d love for you to join us.  

Related stories:

The post How to easily switch from Chrome to Firefox appeared first on The Mozilla Blog.

The Mozilla Thunderbird BlogThunderbird Community Office Hours Schedule For September 2023

The thunderbird logo (a blue elemental bird curled up and protecting an inner icon shaped like a heart, formed from two hands clasping together)

Hello Thunderbird community! We’re bringing back monthly Office Hours, now with a Saturday option to make attendance more convenient. Please see the details below to learn how and when you can meet with us to share your feedback and ask questions.

Now that Thunderbird 115 Supernova has been released, we have a lot to discuss, plan, and do! And we’re rolling out monthly Office Hours sessions so that you can:

  • Share your Thunderbird experiences with us
  • Share your ideas for the future of Thunderbird
  • Discuss ways to get involved with Thunderbird
  • Ask us questions about Thunderbird and the Thunderbird Project
  • Meet new team members, and meet your fellow Thunderbird users

This month we’re hosting these sessions using Zoom (in the future we plan to stand up a dedicated Jitsi instance). You can easily participate using video, dialing in by phone, or asking questions in our community Matrix channel at #thunderbird:mozilla.org.

LocationSession 1 time conversion
10h-11h UTC
Monday, Sept 11


Zoom link
Session 2 time conversion
17h-18h UTC
Monday, Sept 11


Zoom link
Session 3 time conversion
17h-18h UTC
Saturday, Sept 16


Zoom link
Los Angeles, USA Mon 3am-4amMon 10am-12pmSat 10am-12pm
New York, USA Mon 6am-7amMon 1pm-2pmSat 1pm-2pm
São Paulo, Brazil Mon 07h-08hMon 14h-15hSat 14h-15h
Berlin, Germany Mon 12h-13hMon 19h-20hSat 19h-20h
Tokyo, Japan Mon 19h-20hTue 02h-03hSun 02h-03h
Canberra, AustraliaMon 8pm-9pmTue 3am-4amSun 3am-4am
Auckland, NZMon 10pm-11pmTue 5am-6amSun 5am-6am

In the table above please click a session for meeting time converted to your local time. If you encounter difficulty joining please post in Matrix back channel #thunderbird:mozilla.org or email us.

Hosts Wayne (Thunderbird Community Manager) and Jason (Marketing & Communications Manager), plus special guests from the Thunderbird team look forward to meeting you! 

If you are unable to attend we hope you will submit your ideas or ask for assistance.  

PLEASE NOTE: We’ll be recording this call for internal use and distribution only. In the future, we may explore publishing these on video platforms.


How To Join Community Office Hours By Phone

Meeting ID: 981 2417 3850
Password: 647025

Dial by your location
+1 646 518 9805 US (New York)
+1 669 219 2599 US (San Jose)
+1 647 558 0588 Canada
+33 1 7095 0103 France
+49 69 7104 9922 Germany
+44 330 088 5830 United Kingdom
Find your local number: https://mozilla.zoom.us/u/adPpRGsVms

The post Thunderbird Community Office Hours Schedule For September 2023 appeared first on The Thunderbird Blog.

hacks.mozilla.orgFaster Vue.js Execution in Firefox

Speedometer 3 is a cross-industry effort to build a modern browser benchmark rooted in real-world user experiences. Its goal is to focus browser engineering effort towards making the Web more smooth for actual users on actual pages. This is hard to do and most browser benchmarks don’t do it well, but we see it as a unique opportunity to improve responsiveness broadly across the Web.

This requires a deliberate analysis of the ecosystem — starting with real user experiences and identifying the essential technical elements underlying them. We built several new tests from scratch, and also updated some existing tests from Speedometer 2 to use more modern versions of widely-used JavaScript frameworks.

When the Vue.js test was updated from Vue 2 to Vue 3, we noticed some performance issues in Firefox. The root of the problem was Proxy object usage that was introduced in Vue 3.

Proxies are hard to optimize because they’re generic by design and can behave in all sorts of surprising ways (e.g., modifying trap functions after initialization, or wrapping a Proxy with another Proxy). They also weren’t used much on the performance-critical path when they were introduced, so we focused primarily on correctness in the original implementation.

Speedometer 3 developed evidence that some Proxies today are well-behaved, critical-path, and widely-used. So we optimized these to execute completely in the JIT — specializing for the shapes of the Proxies encountered at the call-site and avoiding redundant work. This makes reactivity in Vue.js significantly faster, and we also anticipate improvements on other workloads.

This change landed in Firefox 118, so it’s currently on Beta and will ride along to Release by the end of September.

Over the course of the year Firefox has improved by around 40% on the Vue.js benchmark from work like this. More importantly, and as we hoped, we’re observing real user metric improvements across all page loads in Firefox as we optimize Speedometer 3. We’ll share more details about this in a subsequent post.

The post Faster Vue.js Execution in Firefox appeared first on Mozilla Hacks - the Web developer blog.

Mozilla L10NLocalizer Spotlight: Victor Ibragimov (Tajik locale)

Hello World!

My name is Victor Ibragimov, and I am from Dushanbe, Tajikistan (One of Five Central Asia Countries).

On September 3, 2023, I celebrate my third year as a member of the Mozilla community, starting from September 3, 2020!

Q. What first drew you to want to volunteer with Mozilla’s localization program?

I have been volunteering as a professional translator and coordinator of English to Tajik translations for over 20 years. Throughout my career, I have worked on numerous software localization projects, including Debian OS, Ubuntu OS, Fedora OS, openSuse OS, SailfishOS, KDE, Gnome Desktops, and many other fantastic software and platforms.

Around three years ago, I discovered that all these computer operating systems and desktops used Firefox web browser by default. However, I noticed that Firefox did not have Tajik language support. Determined to address this gap, I reached out to the maintainers of these projects. They informed me that Firefox is a separate project and advised me to contact the Mozilla team directly to initiate the localization of Tajik language.

With my extensive experience in translation and coordination, I was determined to contribute to the completion of a high-quality Tajik translation. This commitment was driven by my desire to enhance the usability of Mozilla products for Tajik-speaking users and to foster inclusion in the global tech community.

Q. What have been some of the most rewarding or impactful projects you’ve localized for Mozilla?

Some of the most rewarding and impactful projects I have localized for Mozilla include the translation of Firefox web browser into Tajik language.

Additionally, I have worked on localizing Mozilla’s mobile projects, such as Firefox for Android and Focus for Android. These projects have allowed Tajik-speaking users to have a seamless browsing experience on their mobile devices and maintain their privacy with the Focus app. This has had a positive impact on the accessibility of technology for Tajik-speaking individuals and has empowered them to fully utilize Mozilla’s mobile products.

Overall, these localization projects have been rewarding and impactful as they have contributed to breaking down language barriers, fostering inclusion, and empowering Tajik-speaking users to access and utilize Mozilla’s products effectively across various platforms.

Q. What advice would you give to someone new wanting to get involved in localizing for Mozilla?

1. Start by familiarizing yourself with the Mozilla community and the localization process. Visit the Mozilla website and explore the resources and documentation available for translators. Join relevant forums or mailing lists to connect with other translators and learn from their experiences.
2. Choose a project or software that you are passionate about and that aligns with your language expertise. It could be Firefox, Thunderbird, or any other Mozilla project. By working on something you are interested in, you will stay motivated and enjoy the process of localization.
3. Take advantage of the available tools and resources. Mozilla provides various tools and platforms to facilitate the localization process, such as Pontoon and Transvision. Familiarize yourself with these tools and use them to contribute effectively.
4. Collaborate and communicate with other translators. Localization is a collaborative effort, so it’s important to engage with other translators, ask questions, and seek feedback. Participate in discussions and share your knowledge and experiences with the community.
5. Be proactive and take initiative. Look for opportunities to contribute beyond just translating strings. Offer to review translations, suggest improvements, or help with testing and bug reporting. This will not only enhance your skills but also make you a valuable member of the localization team.
6. Stay updated with the latest developments in your language and the software you are localizing. Attend conferences, workshops, or webinars related to localization or technology to stay informed about new trends and best practices.
7. Seek feedback and continuously improve your translations. Localization is an ongoing process, and there is always room for improvement. Actively seek feedback from users, fellow translators, and project maintainers to refine your translations and ensure they are accurate, clear, and culturally appropriate. Embrace feedback as an opportunity for growth and strive to deliver high-quality localized content.
8. Stay connected with the Mozilla community and stay up to date with changes and updates. Join relevant mailing lists or forums to stay informed about new projects, updates, and announcements. Regularly check the Mozilla website and other official channels for any news or changes that may impact your localization work. By staying connected, you can actively contribute to the community and ensure your translations are up to date with the latest developments.
9. Be patient and persistent. Localization can be challenging at times, especially when dealing with technical terms or complex strings. Don’t get discouraged if you face difficulties initially. Keep practicing, learning, and improving your skills.
10. Lastly, enjoy the process and have fun! Localizing for Mozilla is not just about contributing to a global project, but also about preserving and promoting your language globally. Embrace the opportunity to make a positive impact and connect with your language community.

Remember, whether you are a newcomer or an experienced translator, your contribution to localizing Mozilla projects can have a significant impact. So, take the leap and start making a difference in your language community and beyond.

Q. How has your volunteering impacted users in your language community?

As a Mozilla volunteer, my contributions to Tajik translation have had a significant impact on Mozilla users in the Tajik language community. By ensuring that Firefox web browser is fully localized and accessible in Tajik, I have helped to make it easier for Tajik internet users to navigate and use the browser in their native language. This has not only improved their overall browsing experience but also promoted the importance of using Tajik as a language of technology and digital communication.

Furthermore, by incorporating the new Tajik language reforms into translations, I have played a role in making the Tajik language clearer and more beautiful. This has not only enhanced the user experience for Tajik-speaking Mozilla users but has also contributed to the development and preservation of the language itself.

In addition, my involvement in creating new Internet terminology for the Tajik language has been instrumental in bridging the linguistic gap between technology and the Tajik-speaking community. This has allowed for the development of e-government, e-commerce, and e-education platforms in Tajikistan, as well as empowering Tajik internet users to fully utilize the potential of the internet in their daily lives.

Moreover, the opportunity to create multilingual dictionaries with Tajik language has further enriched the linguistic resources available to Tajik speakers. This has not only facilitated effective communication but has also fostered a sense of pride and ownership over their language.

Interested in featuring in these spotlights? Or know someone you think we should interview? Fill out this form, or reach out directly to delphine at mozilla dot com. Interested in contributing to localization? Head on over here for more details!

Useful Links

The Bugzilla UpdateBugzilla Celebrates 25 Years With Special Announcements

Happy 25th Birthday to Bugzilla!

Today, August 26, marks the 25th anniversary of Bugzilla!

The first two paragraphs lifted from our Bugzilla history:

When mozilla.org first came online in 1998, one of the first products that was released was Bugzilla, a bug system implemented using freely available open source tools. Bugzilla was originally written in TCL by Terry Weissman for use at mozilla.org to replace the in-house system then in use at Netscape. The initial installation of Bugzilla was deployed to the public on a mozilla.org server on April 6, 1998.

After a few months of testing and fixing on a public deployment, Bugzilla was finally released as open source via anonymous CVS and available for others to use on August 26, 1998. At this point. Terry decided to port Bugzilla to Perl, with the hopes that more people would be able to contribute to it, since Perl seemed to be a more popular language. The completion of the port to Perl was announced on September 15, 1998, and committed to CVS later that night.

25 years is a long time in the software world, and it makes us happy that so many people still use Bugzilla to track bug reports and feature requests for their own products. We hope to continue to breath life into Bugzilla and continue to modernize it over the years to come!

New Legal Entity to Manage the Bugzilla Project

Back in December I made an enthusiastic post about getting Bugzilla back in motion after it kind of stalled for a while. And then after a month I kind of stopped posting about it. So what happened?

Well, response to that post was actually pretty enthusiastic in itself. I heard from several people who wanted to donate money to the project to get it going again. Which then led to a new problem: we didn’t actually have a legal way to accept donations at the time. So after asking around a bit, and a few conference calls between myself, my own company’s lawyer, and a couple of Mozilla’s lawyers, it was decided that Bugzilla needed a legal entity to manage it, similar to how Thunderbird has been operating recently. And, that’s where the little bit of time that I’ve had to spend on Bugzilla has gone the last 6 months. And as you can understand, with the legal work going on in the background, there wasn’t much I could actually talk about until all of the pieces were actually in place.

Which now brings us to today, when I’m happy to announce the formation of Zarro Boogs Corporation, which will now be overseeing the Bugzilla Project. This is a taxable non-profit non-charitable corporation – we have filed with the IRS our intent to operate under US Tax Code §501(c)(4) (still pending approval from the IRS) meaning the IRS would require us to spend money raised on project expenses and not make a profit, but money donated to us will not earn you a tax deduction because we aren’t a charity (software development is not considered a charitable cause in the US). Unlike Thunderbird, which is a subsidiary of the Mozilla Foundation, we are an independent entity not owned by or associated with the Mozilla Foundation, although they have licensed the use of the Bugzilla trademark to us.

The name Zarro Boogs Corporation is a shout-out to the phrase returned by Bugzilla when you run a search which returns no results, “Zarro Boogs found.” The buggy spelling of “Zero Bugs” being intentional because it’s generally believed that there’s no such thing as a project with zero bugs in it, only bugs that haven’t yet been reported, thus, saying “Zero Bugs” is, in itself, buggy. There’s a nice write-up of this on Wikipedia.

If you would like to contribute to the project, we have a donation page set up on GitHub Sponsors. We hope to have additional ways to donate that don’t require a GitHub account in the future.

Upcoming Releases

Those releases I talked about back in December are finally happening! Look for these (except for 5.9.1) this coming week! Right now we’re aiming for Wednesday, August 30th. We are aiming for September 15 for 5.9.1 (because it’s the 25th anniversary of the port from Tcl to Perl).

4.4.14 – The 4.4 branch has been on life support for a LONG time (it was initially released in 2013!!!). It supports outdated OSes that are hard to find or install, let alone test for these days, and we’ve been itching to drop it for a long time.  But our support policy says that we have to support it for 4 months after the following two major releases.  The next major release after 4.4 was 5.0, and there have been no major releases after that, which means that 4 month countdown hasn’t even started yet. I am intending this to be the final release of the 4.4 branch (barring any additional security issues being found in the next 4 months) as the 5.2 release below will start that 4 month countdown to End-of-Life this branch.

5.0.4.1 – Why 5.0.4.1 when there’s a 5.0.6 release?  Well, if you paid attention to the change logs, 5.0.5 and 5.0.6 contained a massive schema change, as well as reformatting almost all of the Perl code in the source, both of which are a violation of our support policy for a stable branch (a new-to-the-process release manager pushed the release out not realizing that, and by the time we caught it, it was too late). A lot of people noticed this and never upgraded to 5.0.5 or 5.0.6, since they didn’t contain any security fixes.  5.0.4.1 will give those people additional fixes for 5.0.4 without forcing them to pick up those schema and code reformatting changes. Additional updates to the 5.0 branch from now on will continue from 5.0.4.2 and onward.

5.2 – This will be the next major release, and will start the 4 month countdown for discontinuing the 4.4 branch. 5.2 is forked from the 5.0 branch after 5.0.6, and will contain those schema and code formatting changes from 5.0.5 and 5.0.6 in it. So if you did upgrade to 5.0.6, 5.2 will be equivalent to a point upgrade for you.  Those schema changes should have caused a major release to happen anyway, so this is just fixing the numbering problem with that release (i.e. 5.0.5 should have been called 5.2 to begin with). Note that if you are using the 5.1.x development releases, those did NOT feed into this, and 5.2 would actually be a downgrade for you.

5.1.3 – The 5.1 branch is basically dead, as we’ve put all of our resources into finishing off the Harmony release (see 5.9.1 below). We’re going to encourage people on 5.1.x to move to Harmony, but you’ll want to be mindful of the release blockers first before you make the jump. There are some features in 5.1.x that were implemented differently in Harmony, and the code to migrate the related data may or may not work yet (if the feature in question is listed on the release blockers and you use it, you’ll want to wait for now). Even though this branch is dead, we’re going to put out a release with the current batch of security fixes so you aren’t left high and dry before Harmony is ready for you.

5.9.1 – Coming September 15! This will be the first official release off the Harmony branch, and will be classified as a developer preview release, not for production use.  This is what will eventually be Bugzilla 6.  The code is mostly good enough to use right now, but there are still showstoppers to be able to fully release it as a production release. There are also a few gotchas when upgrading from older versions of Bugzilla. If you’re interested in helping make Bugzilla 6 happen, that list of showstoppers is here. We are hoping to have Bugzilla 6 in release candidate stage (or at least in beta) by the end of November. The security content for this branch that goes with the other branch releases will be committed to git at the same time the other releases get them, since anyone who has this already will only have it via git pull.

Immediate Help Wanted

  1. Documentation. Harmony (5.9.1) in particular needs a LOT of documentation help, as what’s there now is pretty specific to trying to produce a testing environment for bugzilla.mozilla.org, rather than a standalone Bugzilla.
  2. Section 508 Compliance Audit. There are a number of US government agencies who use Bugzilla internally (NASA is a publicly visible example).  New US government projects have to comply with the new accessibility guidelines in Section 508 of the Communications Act, so if we want them to be able to upgrade we need to comply (at least in our newer versions).  See https://section508.gov/. There is a template for a compliance statement at https://www.section508.gov/sell/vpat/.  I would love to get a volunteer (or a company who can sponsor someone?) who could audit the 5.2 and harmony branches for compliance, file bugs for things that are violations, and figure out how much of the VPAT we can actually provide at this point.  Even if we’re not compliant yet (I suspect we aren’t) I would love to be able to provide a statement with the 5.2 release saying how compliant we are, and listing what’s left to be fixed to make us compliant. See also Bug 1785941. Some work has been done on this (as you can see in the dependent bugs to that one) but it still needs help.

Ongoing Help Wanted

You can always find a list of ways to contribute to Bugzilla on our Contributing page. A few highlights with additional details:

  • Donate Money. Now that we have a legal entity capable of paying developers, we need money to pay them with (and also cover our server hosting expenses). You can donate via our GitHub Sponsors page. If you don’t have and can’t create a GitHub account, we hope to have other ways to donate in the future.
  • Bug Triage! As you probably noticed from the lack of updates around here in a while, the bug list hasn’t been getting paid much attention to, either. Part of getting this project moving again means re-triaging the existing bug reports. Some of them are really ancient and may not even apply to the current code-base anymore. I’m going to have another blog post coming in the next day or two (for real this time) with information on this topic (specifics for how to help with it), so keep an eye out for that post!
  • Code! Once we get the above triage moving, there will be bugs to fix! Bugzilla is an Open Source project, and anyone can contribute! We also have a relatively small user base compared to some of the big projects out there, so the amount of development we’ll be able to fund internally from our donations will still be limited. It will probably make better sense for us to use our internal developers (once we have money to pay some) to review patches and coach external contributors, instead of having them directly producing code.
  • Paid Developer Time. If you are a business that makes use of Bugzilla, and has a staff person responsible for maintaining your Bugzilla installation, and that person is willing, please consider officially sponsoring that person to help with upstream Bugzilla development for at least a few hours per week. Most of our lack of development lately has happened because the last few companies that used to do that stopped providing developer time during the economic downturn a few years back (either laid off said person or pulled them away to work on other things), and they haven’t returned. The developers we have currently (until we get money donated as listed above) are all volunteer, and most of them are struggling to find time to work on it.

In Conclusion

We have a lot of excitement ahead of us with the first developer preview of Bugzilla 6 coming later this week (I was hoping to have that for you all today as well, but we didn’t quite make it), and the new opportunities in store for us with a real business entity to support the project now. Come find us in any of our chat rooms (links are in the footer of our website alongside the social media links) or drop in on our developers mailing list if you’d like to help.

The Mozilla Thunderbird BlogThunderbird for Android / K-9 Mail: July 2023 Progress Report

a dark background with thunderbird and k-9 mail logos centered, with the text "Thunderbird for Android, July progress report"

The day I write this, it’s very hot outside. Too hot to think of a good introduction to this blog post that also includes a link to the previous month’s progress report… Well, I guess this will have to do. I’m off to get some ice cream 🍨😎

Please enjoy this brief report of our development activities in July 2023.

Improved account setup

Since Wolf joined in February of this year, he has spent a considerable amount of time on many of the individual pieces that make up the new and improved account setup user interface. July was the month when things started coming together. For the first time we were able to test the whole flow and not just individual parts.

Things were looking good. But a few small issues kept us busy and prevented us from releasing a beta version containing the new account setup.

Material 3 experiments

We’ve done some experiments to get a better idea of how much work it will be to switch the app to Material 3, the latest version of Google’s open-source design system. We’re now cautiously optimistic. And so the current plan is switch to Material 3 before renaming the app from K-9 Mail to Thunderbird.

Community contributions

In July we merged the following pull requests by external contributors:

Security audit report

After a few busy days surrounding the Thunderbird Supernova release, we finally managed to publish the report of the security audit organized by OSTIF and performed by 7ASecurity. We’re happy to report that no high-risk vulnerabilities were found. The security audit did uncover a handful of low-to-medium risk vulnerabilities.

To learn more about this, read our blog post K-9 Mail Collaborates With OSTIF, 7ASecurity On Security Audit.

Thank you to everyone involved in making this happen!

The post Thunderbird for Android / K-9 Mail: July 2023 Progress Report appeared first on The Thunderbird Blog.

Open Policy & AdvocacyMozilla applauds CFPB for taking on the Data Broker Ecosystem

Earlier this week, the Consumer Financial Protection Bureau (CFPB) announced that it will develop rules to prevent “misuse and abuse” of people’s sensitive information by placing restrictions on data sharing by data brokers. This is a much-needed step to advance privacy, give people more control over their data, and shed light on a notoriously murky industry.

In Congressional testimony and advocacy, Mozilla has raised concerns about the opaque state of the data broker industry; it’s nearly impossible to fully understand the extent of data selling and sharing today. For this reason, our methodology for assigning *Privacy Not Included (*PNI) warning labels to the products and brands we research considers whether a company’s privacy policy indicates they can buy or sell personal information with data brokers. If we determine that they do, they earn a privacy ‘ding’. Many of the harms people experience online are the result of unchecked data collection – by data brokers and beyond. For example, sensitive health data collected in apps is typically unprotected, which can have serious consequences. Similarly, geolocation data for purchase poses a privacy and safety risk for all Americans, but especially so for the most marginalized members of society and those who face the threat of violence such as those fleeing domestic abuse.

At Mozilla, we’ve worked to push the industry in a better direction. We build privacy protections into the browser to prevent data collection and offer tools that make it harder for data brokers to create a detailed profile of consumers’ online activity. We work to improve the advertising ecosystem, where data brokers sell information to target consumers, and we help people navigate deceptive design practices that trick people into handing over their data in the first place.

That said, we can only do so much in our products and by holding companies to account. It’s undeniable that consumer data powers today’s internet. As CFPB Director Rohit Chopra noted at this week’s White House roundtable on data brokers, AI only increases the reliance on vast troves of data. CFBP’s efforts are vital and we applaud the move – but it’s only a piece of the bigger picture.

As a part of reigning in the data broker industry, consumers require a comprehensive legal framework. Federal privacy legislation, like last year’s American Data Privacy and Protection Act (ADPPA), is critical to ensuring that people have agency over their online data and can truly benefit from technologies that improve their lives, without conceding to the exploitation of their personal data.

We’re pleased to see the White House and CFPB tackle some of these hugely problematic practices, and are eager to delve into the CFPB’s proposed rules when they’re released. We’re hopeful these efforts can be a big step forward towards protecting sensitive consumer data, and the privacy of our most marginalized groups in society.

The post Mozilla applauds CFPB for taking on the Data Broker Ecosystem appeared first on Open Policy & Advocacy.

Open Policy & AdvocacyMozilla Supports Updates to the Health Breach Notification Rule

[Read our full submission here.]

Privacy is in our DNA at Mozilla, from our privacy-enhancing products to our support for laws and regulations that enshrine privacy for all. In line with our foundational principle that individual privacy and security on the web should never be treated as optional, we have supported a range of US action on privacy, including bipartisan Federal privacy legislative proposals and the Federal Trade Commission’s (FTC’s) Commercial Surveillance and Data Security ANPR.

This week, we submitted a comment supporting the FTC’s Notice of Proposed Rulemaking for the Health Breach Notification Rule (HBNR.) The purpose of the HBNR is to protect non-HIPAA health-related data, such as data from running apps and diet-tracking websites. It does so by requiring certain entities that share health-related information without consent, or experience a data breach, to notify individuals, the FTC, and sometimes the media of the breach of privacy.

The rule already applied to many health apps and websites, as demonstrated by a set of settlements from earlier this year, but the new proposed rule even more clearly delineates the responsibilities of companies running health-related apps or websites.

Mozilla has deep insight into the privacy practices of health-related apps, because our *Privacy Not Included research team recently did deep dives on the privacy policies and practices of mental health and reproductive health apps. They found dismal privacy practices for some of the most sensitive apps they studied. *PNI’s research demonstrates the dire need for this update to the HBNR, and allowed us to suggest two main ways in which the FTC can further strengthen its proposed rule:

  • The FTC should explicitly define consent (or “authorization”) in the context of the HBNR. We know that many companies will use deceptive designs to trick people into giving consent, for example, and the FTC should clearly state that deceptive consent flows do not count as consent.
  • We have been early supporters of browser-based privacy signals such as the Global Privacy Control, with proper enforcement; the HBNR should allow users to indicate their lack of consent using these signals. Browser based privacy signals are already recognized in a number of laws and regulations, and make privacy more consumer-friendly.

You can read our full comment here.

The post Mozilla Supports Updates to the Health Breach Notification Rule appeared first on Open Policy & Advocacy.

Mozilla Add-ons BlogPrepare your Firefox desktop extension for the upcoming Android release

In the coming months Mozilla will launch support for an open ecosystem of extensions on Firefox for Android on addons.mozilla.org (AMO). We’ll announce a definite launch date in early September, but it’s safe to expect a roll-out before the year’s end. Here’s everything developers need to know to get their Firefox desktop extensions ready for Android usage and discoverability on AMO…

Firefox will become the only major Android browser to support an open extension ecosystem

For the past few years Firefox for Android officially supported a small subset of extensions while we focused our efforts on strengthening core Firefox for Android functionality and understanding the unique needs of mobile browser users. Today, Mozilla has built the infrastructure necessary to support an open extension ecosystem on Firefox for Android. We anticipate considerable user demand for more extensions on Firefox for Android, so why not start optimizing your desktop extension for mobile-use right away?

“There is so much creative potential to unlock within the mobile browser space. Mozilla wants to provide developers with the best support we can so they’re equipped and empowered to build modern mobile WebExtensions.” — Giorgio Natili, Firefox Director of Engineering

To support our ecosystem of extension developers, we will create additional guides, resources and host community events to support your transition to a managed multi-process environment like Android.

Transition background scripts to non-persistent event pages

We recently introduced support for multi-process in Firefox for Android Nightly. This means extensions are no longer hosted in the main process as Firefox’s user interface. This is a key consideration since Android is prone to shutting down resource-intensive processes, such as extensions. To mitigate the risk of unexpected extension termination, we’ve introduced event page architecture to be non-persistent and more resilient to process termination. Thus we strongly encourage developers to transition from persistent backgrounds to non-persistent Event pages to improve their extension’s stability. In summary, this means:

  • Update your manifest.json background key and add “persistent”: false.
  • Ensure listeners are registered synchronously at the top-level.
  • Record global state in the storage API, for example storage.session.
  • Change timers to alarms.
  • Switch from using extension.getBackgroundPage for calling a function from the background page, to extension messaging or runtime.getBackgroundPage.

Once you’re ready to test the mobile version of your extension, create a collection on AMO and test it on Firefox for Android Nightly (note you’ll need to make a one-time change to Nightly’s advanced settings; please see the “Enable general extension support setting in Nightly” section of this post for details). If you’d prefer to polish your extension before publishing it on AMO, you can also debug and run the extension with web-ext.

This is an exciting time for developers seeking to expand the reach of their desktop extensions into the mobile Android space. For community support and input, you’re welcome to join the conversation on Firefox Add-ons Discourse.

The post Prepare your Firefox desktop extension for the upcoming Android release appeared first on Mozilla Add-ons Community Blog.

The Mozilla Thunderbird BlogMake Thunderbird Yours: How To Get The Thunderbird 115 “Supernova” Look

Thunderbird 115 screenshot, showing a vertical layout with folder pane listing account folders and tags, as well as panels for message list, email messages, and a "Today" area for upcoming calendar events.

Thunderbird 115 “Supernova” ships with brand new layout options to give you a more beautiful and more productive email experience. But those new options aren’t on by default (for now), out of respect to those who have grown comfortable with Thunderbird’s Classic View throughout the years. Fortunately, getting that shiny new “Supernova” look is accomplished in just a few seconds. In this short guide, we’ll show you how to do it!

Step 1: Turn On Vertical View

First, click on the App Menu (≡) and choose “View”, followed by “Layout,” and then select “Vertical View.” This will rearrange the Folder pane, Message List pane, and Message pane to be displayed side-by-side.

Step 2: Turn On Cards View

Next, let’s switch on “Cards” view. This new way of displaying your message list is simpler and more compact, to help reduce cognitive burden when you view the list. And it’s easy to activate.

Look immediately to the right of the “Quick Filter” area for the “Message List Display Options” icon. Click it, and select “Cards View” as seen in the GIF above.

Cards View is still in active development. More features such as a message preview line and sender avatars will be added in the future.

💡 TIP #1: Are you having trouble finding that menu? The area of Thunderbird where you activate Cards View is called the Message List Header. Some people choose to hide this section to reclaim a bit of vertical space. It’s easy to get it back: Just return to the App menu (≡), then select View ➡ Layout, and make sure that “Message List Header” is checked ✓

💡 TIP #2: Cards View is also available when using Classic or Wide layouts.

Step 3: Turn On “Tags” Folder Mode

If Tags are an important part of your workflow, now it’s easier than ever to access them.

In the Folder Pane Options menu (⋯) next to the “New Message” button, click “Folder Modes” and then choose “Tags.” That’s it! But if you want to continue customizing Thunderbird 115, you can also use this menu to hide Local Folders.

💡 Tip: Want to move your Tags up or down in the Folder Pane? Click on the 3 vertical dots menu (⋮) next to Tags, and simply choose “Move Up” or “Move Down” as seen in the above GIF.

Step 4: Customize The Message Header

And finally, we arrive at the Message Header Settings. That’s the section at the top of your email showing all the information such as sender’s name, contact photo (which pulls from the Address Book), subject, any associated tags, and more. Configuring this to fit your preferences is easy. Just click the “More” button with the downward facing arrow, then select “Customize” and make it yours!


We hope this helps you enjoy an even better Thunderbird experience. Thanks for being part of the Thunderbird family, and make sure to check back later for more customization guides and usage tips.

The post Make Thunderbird Yours: How To Get The Thunderbird 115 “Supernova” Look appeared first on The Thunderbird Blog.

hacks.mozilla.orgAutogenerating Rust-JS bindings with UniFFI

I work on the Firefox sync team at Mozilla. Four years ago, we wrote a blog post describing our strategy to ship cross-platform Rust components for syncing and storage on all our platforms. The vision was to consolidate the separate implementations of features like history, logins, and syncing that existed on Firefox Desktop, Android, and iOS.

We would replace those implementations with a core written in Rust and a set of hand-written foreign language wrappers for each platform: JavaScript for Desktop, Kotlin for Android, and Swift for iOS.

Since then, we’ve learned some lessons and had to modify our strategy. It turns out that creating hand-written wrappers in multiple languages is a huge time-sink. The wrappers required a significant amount of time to write, but more importantly, they were responsible for many serious bugs.

These bugs were easy to miss, hard to debug, and often led to crashes. One of the largest benefits of Rust is memory safety, but these hand-written wrappers were negating much of that benefit.

To solve this problem, we developed UniFFI: a Rust library for auto-generating foreign language bindings. UniFFI allowed us to create wrappers quickly and safely, but there was one issue: UniFFI supported Kotlin and Swift, but not JavaScript, which powers the Firefox Desktop front-end. UniFFI helped us ship shared components for Firefox Android and iOS, but Desktop remained out of reach.

This changed with Firefox 105 when we added support for generating JavaScript bindings via UniFFI which enabled us to continue pushing forward on our single component vision. This project validated some core concepts that have been in UniFFI from the start but also required us to extend UniFFI in several ways. This blog post will walk through some of the issues that arose along the way and how we handled them.

Prior Art

This project has already been tried at least once before at Mozilla. The team was able to get some of the functionality supported, but some parts remained out of reach. One of the first things we realized was that the general approach the previous attempts took would probably not support the UniFFI features we were using in our components.

Does this mean the previous work was a failure? Absolutely not. The team left behind a wonderful trove of design documents, discussions, and code that we made sure to study and steal from. In particular, there was an ADR that discussed different approaches which we studied, as well as a working C++/WebIDL code that we repurposed for our project.

Calling the FFI functions

UniFFI bindings live on top of an FFI layer using the C ABI that we call “the scaffolding.” Then the user API is defined on top of the scaffolding layer, in the foreign language. This allows the user API to support features not directly expressible in C and also allows the generated API to feel idiomatic and natural. However, JavaScript complicates this picture because it doesn’t have support for calling C functions. Privileged code in Firefox can use the Mozilla js-ctypes library, but its use is deprecated.

The previous project solved this problem by using C++ to call into the scaffolding functions, then leveraged the Firefox WebIDL code generation tools to create the JavaScript API. That code generation tool is quite nice and allowed us to define the user API using a combination of WebIDL and C++ glue code. However, it was limited and did not support all UniFFI features.

Our team decided to use the same WebIDL code generation tool, but to generate just the scaffolding layer instead of the entire user API. Then we used JavaScript to define the user API on top of that, just like for other languages. We were fairly confident that the code generation tool would no longer be a limiting factor, since the scaffolding layer is designed to be minimalistic and expressible in C.

Async functions

The threading model for UniFFI interfaces is not very flexible: all function and method calls are blocking. It’s the caller’s responsibility to ensure that calls don’t block the wrong thread. Typically this means executing UniFFI calls in a thread pool.

The threading model for Firefox frontend JavaScript code is equally inflexible: you must never block the main thread. The main JavaScript thread is responsible for all UI updates and blocking it means an unresponsive browser. Furthermore, the only way to start another thread in JavaScript is using Web Workers, but those are not currently used by the frontend code.

To resolve the unstoppable force vs. immovable object situation we found ourselves in, we simply reversed the UniFFI model and made all calls asynchronous. This means that all functions return a promise rather than their return value directly.

The “all functions are async” model seems reasonable, at least for the first few projects we intend to use with UniFFI. However, not all functions really need to be async – some are quick enough that they aren’t blocking. Eventually, we plan to add a way for users to customize which functions are blocking and which are async. This will probably happen alongside some general work for async UniFFI, since we’ve found that async execution is an issue for many components using UniFFI.

How has it been working?

Since landing UniFFI support in Firefox 105, we’ve slowly started adding some UniFFI’ed Rust components to Firefox. In Firefox 108 we added the Rust remote tabs syncing engine, making it the first component shared by Firefox on all three of our platforms. The new tabs engine uses UniFFI to generate JS bindings on Desktop, Kotlin bindings on Android, and Swift bindings on iOS.

We’ve also been continuing to advance our shared component strategy on Mobile. Firefox iOS has historically lagged behind Android in terms of shared component adoption, but the Firefox iOS 116 release will use our shared sync manager component. This means that both mobile browsers will be using all of the shared components we’ve written so far.

We also use UniFFI to generate bindings for Glean, a Mozilla telemetry library, which was a bit of an unusual case. Glean doesn’t generate JS bindings; it only generates the scaffolding API, which ends up in the GeckoView library that powers Firefox Android. Firefox Android can then consume Glean via the generated Kotlin bindings which link to the scaffolding in Geckoview.

If you’re interested in this project or UniFFI in general, please join us in #uniffi on the Mozilla Matrix chat.

The post Autogenerating Rust-JS bindings with UniFFI appeared first on Mozilla Hacks - the Web developer blog.

SeaMonkeySeaMonkey 2.53.17 is out!

Hi All,

SeaMonkey 2.53.17 has been released!  Please check out [1] and/or [2] for further information on changes.

Also to note, it has been a long time since I’ve even done the release notes.  Just shows how much one forgets after not doing it for so long.  Heck, even my hg account is disabled. ;/

Best regards,

:ewong

PS: Updates coming up soon.  Instead of having a hiccup with the release, I’m having a hiccup with the updates.  *Thanks Murphy!*

[1] – https://www.seamonkey-project.org/releases/seamonkey2.53.17/

[2] – https://www.seamonkey-project.org/releases/2.53.17

The Mozilla Thunderbird BlogThunderbird for Android / K-9 Mail: June 2023 Progress Report

a dark background with thunderbird and k-9 mail logos centered, with the text "Thunderbird for Android, June progress report"

Apparently our July has been so busy that we didn’t find the time to write up the progress report for June. But a late report is better than no report 😄

If you need a refresher on what happened the previous month, read the May 2023 Progress Report.

Improved account setup

The roadmap item we’re currently working on is Improve Account Setup. Most of our time went into working on this. However, for June there’s no exciting news to share. We mostly worked on the internal plumbing; that is important to get right, but not necessarily great material for a blog post. Hopefully there will be new screenshots to share in July’s progress report.

App maintenance

Having an app with a large user base means we can’t spend all of our time working on new features. Fixing bugs is a large and important part of the job. Here’s a writeup of just three of the bugs we fixed in June.

Folder appears to be empty

A user reported that some of their folders appear to be empty in K-9 Mail. Using the provided debug log (❤) we were able to track this down to a message containing an invalid email address, specifically one whose local part (the text before the @ symbol) exceeds the limit of 64 characters.

The error was thrown by a newly added email address parser that is stricter than what we used before. At first it was a bit surprising that this would lead to messages in a folder not being shown. We deliberately kept this new implementation out of the code responsible for parsing emails after download and the code for displaying messages.

However, it turned out the new email address parser was used when getting the contact name belonging to an email address. This lookup is performed when loading the message list of a folder from the local database. When an error occurs during this step, an empty message list is shown to the user.

To fix this bug and limit the impact of similar problems in the future, we made the following changes:

  • Ignore most errors when parsing email addresses from messages that the user has received. The world is full of email addresses that violate the specification but work mostly fine in practice. However, we still want to be strict when it comes to the email addresses we accept, e.g. when setting up a new account.
  • Ignore errors with the email address when trying to fetch the system contact belonging to that email address. This may lead to the app not being able to fetch a contact name for an spec-violating email address. But this will no longer lead to failing to load the entire message list.
  • We added a message with an email address whose local part exceeds the length limit to our test account. That way we are likely to catch bugs related to such email addresses before they make it into a beta release.

We’re very grateful to our beta testers for finding and reporting bugs like this one. That way we can fix them before they make it into a stable release.

Adding an email address to an existing contact

With the introduction of the message details screen we added a button to add a message sender or recipient to the contacts database using an installed contact app. If the email address can already be found in the contacts database, this button is hidden and tapping the participant name, email address, or contact picture opens the contacts app.

<figcaption class="wp-element-caption">Message details screen</figcaption>

Previously the app didn’t make that distinction and tapping an email address or participant name would open the contacts app using the “show or create” action. Apparently this reliably allowed to add an email address to an existing contact. However, the “insert” action used by the details screen only allows adding the email address to an existing contact with some contacts apps, but not others 😞

We changed the action to start the contacts app from “insert” to “insert or edit”, and this seems to reliably offer the option to add the email address to an existing contact.

Reply behavior depends on message size

A user reported that the behavior when replying to a message retrieved via a mailing list was different depending on whether the message had been downloaded completely or only partially.

K-9 Mail supports only downloading parts of a message when the email exceeds a configured size. In that case also only selected parts of the message header are downloaded. Unfortunately, we forgot to include the List-Post header field that is used to determine the email address to which to reply.

The fix was simply adding List-Post to the list of header fields to fetch from the IMAP server.

Community contributions

In June we merged the following pull requests by external contributors:

Releases

In June 2023 we published the following beta versions:

If you want to help shape future versions of the app, become a beta tester and provide feedback on new features while they are still in development.

The post Thunderbird for Android / K-9 Mail: June 2023 Progress Report appeared first on The Thunderbird Blog.

The Mozilla Thunderbird BlogAn Update On Thunderbird Sync

Hello Thunderbird family! First and foremost, we want to express our deepest appreciation for your patience. The road to Thunderbird 115 “Supernova” has been a long one, and we’re confident you’ll love the final result. If you’re already using Thunderbird 115, you may have noticed a feature that is conspicuously absent: Thunderbird Sync.

When we started creating our roadmap for Supernova, our feature targets were ambitious. As it turns out, a little too ambitious. We did our very best to finish up Thunderbird Sync for the initial release of version 115, but some technical blockers prevented us from moving forward fast enough to deliver it to you. Besides, this is a feature that absolutely must be secure and reliable. And it needs months of user testing to ensure that stability.

We do have the basic user interface for Thunderbird Sync designed already. However, what slowed us down is the need to hire a Site Reliability Engineer (SRE) to help us spin up our own back-end infrastructure that is independent of Firefox Sync. While our Sync functionality does use Firefox Sync code, they will end up being completely different products with different use-cases.

When Will Thunderbird Sync Be Finished?

We don’t have a solid release date, but our objective is to have Thunderbird Sync finished in time for the next ESR release, or shortly after we switch to a monthly release schedule (we’re aiming to complete that transition to monthly by early 2024).

Once we have a server and a proper back-end infrastructure, we’ll enable it on beta for you all to test.

What Data Will Thunderbird Sync Support?

We plan to support syncing of your email account definitions, credentials, signatures, saved searches, tags, tasks, filters, and most major preferences across multiple installations of Thunderbird on PC, (Yes, this is cross-compatible with Windows, macOS, and Linux.) You’ll also be able to sync your Thunderbird accounts with the forthcoming Thunderbird for Android.

Thank you again for being patient with us as we continue to build the best possible software for managing your email and personal communications. In the future, we’re hopeful that a switch to monthly releases will allow us to put new features in your hands faster than what’s previously been possible.

The post An Update On Thunderbird Sync appeared first on The Thunderbird Blog.

Mozilla L10NL10n Report: July 2023 Edition

Welcome!

Are you a locale leader and want us to include new members in our upcoming reports? Contact us!

New content and projects

What’s new or coming up in Firefox desktop

Deep dive: Firefox release schedule

If you’re new to Mozilla products, Firefox release schedule can be overwhelming. While whattrainisitnow.com is a useful resource to understand what’s shipping and when, let’s focus on the information that is relevant for localization:

  • Nightly should be your main focus as a localizer. New strings are exposed once or twice a week, the build is updated frequently (twice a day), so you can localize and test quickly before your translations are exposed to a larger audience with Beta and Release.
  • For Beta, we will automatically include updated translations up to the last week of the cycle (a cycle is usually 4 weeks long, but can occasionally be longer to accommodate for public holidays and other exceptions). The last week of the Beta cycle is “release candidate week” (RC week), and only urgent code fixes are accepted to avoid introducing new issues. The deadline you see in Pontoon is placed on the Sunday before RC week: that represents the last day to update translations and make sure they will be included in the actual RC build, which will then become Release a week later.
  • We normally don’t update translations in Firefox release, but it can be done manually in case of significant issues.

There is also another version of Firefox, called Extended Support Release (ESR): this version is targeted at users that don’t like frequent changes and updates, and it’s supported for about 9 months. The old and new ESR versions will overlap for a few weeks to guarantee a smooth transition, especially for enterprises with many installations.

Translations are not updated automatically for ESR after we ship the first build, but we normally update them 2-3 times during the ESR lifetime, to improve completion levels and include localization improvements. For example, 115.2 (the third build for ESR 115) will include a first localization update compared to the initial 115 release.

We try to hide all this complexity when it comes to localizing Firefox: you will only find one project in Pontoon, and that includes strings for all supported versions. Recently, we dropped support for the previous ESR version – Firefox ESR 102, which will stop receiving updates in September — which means all the strings used only in that version have been removed from Pontoon (about 1400 strings, including hundreds of legacy DTD strings).

New content

The amount of new content has been relatively small over the last months:

  • A new version of about:firefoxview is in the works. We will soon reach out through Pontoon notifications with more details and testing instructions.
  • There is a new feature to limit the execution of extensions on sites identified by Mozilla (called restricted sites). The goal is to protect users from known malicious actors, while still giving them the choice to manually allow extensions they trust.

What’s new or coming up in mobile

Things have been very quiet out in mobile land, and there is not much to report in this edition.

As the v116 l10n cycle comes to an end, string freeze for v117 is upon us and strings will be exposed within the next few days. There should be no additional strings landing for Firefox for iOS at this point.

On Android, we will be giving users the option to add a custom search engine URL.

Stay tuned for more updates in the next edition!

What’s new or coming up in web projects

Mozilla.org

The site will go through some changes throughout the rest of the year and to the next. The changes considered low hanging fruit will be made first, this includes the Home page. The new Home page will ensure all the locales will have the same look and feel.

Also, by the end of the month, some of the Relay Website content will be migrated to the mozilla.org site. For the communities that have been localizing the Relay Website project, the migration includes new content as well as existing localized content from Firefox Relay Website. Initially this content will only be available in the development environment, but strings will be visible in Pontoon once the migration is complete. If your locale is not enabled for the Relay project in Pontoon, you will see a lot of new content as a result. We will make an announcement after the migration has completed, please take some time to review the pages and ensure any minor glitches are identified and fixed.

Firefox Relay Website

The Relay Premium feature will be made available to more EU markets in a few weeks. These new markets include: Bulgaria, Croatia, the Czech Republic, Denmark, Estonia, Greece, Hungary, Lithuania, Latvia, Poland, Portugal, Romania. Slovakia, Slovenia and more.

This launch requires the localization of the Firefox Relay Website and Firefox Accounts in order to have a good user experience. If Relay is not enabled by the community in Pontoon, the product will be offered in English. If the Firefox Accounts is opted in by the community in Pontoon, but the completion is under 70%, the payment portion of the user flow will fall back to English but in the corresponding currency for the local. It’s never too late to enable the products if your locale has not. If it is enabled for both but the projects are falling behind, please give them higher priority and make time to catch up. Thank you!

Newly published localizer facing documentation

We recently completed a comprehensive update of our Pontoon documentation for localizers. This new documentation should accurately reflect the Pontoon environment as you see it today, with handy details on things like how to make the most of tools in your translation workspace, how to use search filters to find the strings you need efficiently, and everything you need to know on how to translate in Pontoon. Check it out!

If you spot any mistakes, have ideas to make the documentation better, or would otherwise like to contribute to our localizer documentation, visit our GitHub repository and check out the README for information on how to contribute.

Friends of the Lion

Image by Elio Qoshi

  • Victor is a passionate localizer, who has been spearheading the Mozilla mission in Tajikistan for quite a few years now. He is involved on many fronts, including digital literacy trainings in Tajikistan to introduce Firefox in the Tajik language and promoting it as the number one browser in the country. He also collaborates with marketplaces, to connect them with local farmers without intermediaries. He uses local opportunities to promote safer internet browsing and showcased the potential of Firefox in Tajik in that context. Victor is also heavily involved in a US embassy funded project aimed to enhance internet access and safety for leaders and their communities in Tajikistan, with a focus on independent media, countering violent extremism, women’s economic empowerment, environmental awareness, and more. The project also emphasizes the importance of diversity, equity, inclusion, and accessibility in its implementation. Thank you Victor for helping the internet to stay safe, open and accessible to all!

Know someone in your l10n community who’s been doing a great job and should appear here? Contact us and we’ll make sure they get a shout-out!

Useful Links

Questions? Want to get involved?

If you want to get involved, or have any question about l10n, reach out to:

Did you enjoy reading this report? Let us know how we can improve it.

hacks.mozilla.orgSo you want to build your own open source ChatGPT-style chatbot…

(Expanded from a talk given at DWeb Camp 2023.)

Artificial intelligence may well prove one of the most impactful and disruptive technologies to come along in years. This impact isn’t theoretical: AI is already affecting real people in substantial ways, and it’s already changing the Web that we know and love. Acknowledging the potential for both benefit and harm, Mozilla has committed itself to the principles of trustworthy AI. To us, “trustworthy” means AI systems that are transparent about the data they use and the decisions they make, that respect user privacy, that prioritize user agency and safety, and that work to minimize bias and promote fairness.

Where things stand

Right now, the primary way that most people are experiencing the latest AI technology is through generative AI chatbots. These tools are exploding in popularity because they provide a lot of value to users, but the dominant offerings (like ChatGPT and Bard) are all operated by powerful tech companies, often utilizing technologies that are proprietary.

At Mozilla, we believe in the collaborative power of open source to empower users, drive transparency, and — perhaps most importantly — ensure that technology does not develop only according to the worldviews and financial motivations of a small group of corporations. Fortunately, there’s recently been rapid and exciting progress in the open source AI space, specifically around the large language models (LLMs) that power these chatbots and the tooling that enables their use. We want to understand, support, and contribute to these efforts because we believe that they offer one of the best ways to help ensure that the AI systems that emerge are truly trustworthy.

Digging in

With this goal in mind, a small team within Mozilla’s innovation group recently undertook a hackathon at our headquarters in San Francisco. Our objective: build a Mozilla internal chatbot prototype, one that’s…

  • Completely self-contained, running entirely on Mozilla’s cloud infrastructure, without any dependence on third-party APIs or services.
  • Built with free, open source large language models and tooling.
  • Imbued with Mozilla’s beliefs, from trustworthy AI to the principles espoused by the Mozilla Manifesto.

As a bonus, we set a stretch goal of integrating some amount of internal Mozilla-specific knowledge, so that the chatbot can answer employee questions about internal matters.

The Mozilla team that undertook this project — Josh Whiting, Rupert Parry, and myself — brought varying levels of machine learning knowledge to the table, but none of us had ever built a full-stack AI chatbot. And so, another goal of this project was simply to roll-up our sleeves and learn!

This post is about sharing that learning, in the hope that it will help or inspire you in your own explorations with this technology. Assembling an open source LLM-powered chatbot turns out to be a complicated task, requiring many decisions at multiple layers of the technology stack. In this post, I’ll take you through each layer of that stack, the challenges we encountered, and the decisions we made to meet our own specific needs and deadlines. YMMV, of course.

Ready, then? Let’s begin, starting at the bottom of the stack…

A diagram depicting seven levels of functionality and decisions required to build an open source chatbot.A visual representation of our chatbot exploration.

Deciding where and how to host

The first question we faced was where to run our application. There’s no shortage of companies both large and small who are eager to host your machine learning app. They come in all shapes, sizes, levels of abstraction, and price points.

For many, these services are well worth the money. Machine learning ops (aka “MLOps”) is a growing discipline for a reason: deploying and managing these apps is hard. It requires specific knowledge and skills that many developers and ops folks don’t yet have. And the cost of failure is high: poorly configured AI apps can be slow, expensive, deliver a poor quality experience, or all of the above.

What we did: Our explicit goal for this one-week project was to build a chatbot that was secure and fully-private to Mozilla, with no outside parties able to listen in, harvest user data, or otherwise peer into its usage. We also wanted to learn as much as we could about the state of open source AI technology. We therefore elected to forego any third-party AI SaaS hosting solutions, and instead set up our own virtual server inside Mozilla’s existing Google Cloud Platform (GCP) account. In doing so, we effectively committed to doing MLOps ourselves. But we could also move forward with confidence that our system would be private and fully under our control.

Picking a runtime environment

Using an LLM to power an application requires having a runtime engine for your model. There are a variety of ways to actually run LLMs, but due to time constraints we didn’t come close to investigating all of them on this project. Instead, we focused on two specific open source solutions: llama.cpp and the Hugging Face ecosystem.

For those who don’t know, Hugging Face is an influential startup in the machine learning space that has played a significant role in popularizing the transformer architecture for machine learning. Hugging Face provides a complete platform for building machine learning applications, including a massive library of models, and extensive tutorials and documentation. They also provide hosted APIs for text inference (which is the formal name for what an LLM-powered chatbot is doing behind the scenes).

Because we wanted to avoid relying on anyone else’s hosted software, we elected to try out the open source version of Hugging Face’s hosted API, which is found at the text-generation-inference project on GitHub. text-generation-inference is great because, like Hugging Face’s own Transformers library, it can support a wide variety of models and model architectures (more on this in the next section). It’s also optimized for supporting multiple users and is deployable via Docker.

Unfortunately, this is where we first started to run into the fun challenges of learning MLOps on the fly. We had a lot of trouble getting the server up and running. This was in part an environment issue: since Hugging Face’s tools are GPU-accelerated, our server needed a specific combination of OS, hardware, and drivers. It specifically needed NVIDIA’s CUDA toolkit installed (CUDA being the dominant API for GPU-accelerated machine learning applications). We struggled with this for much of a day before finally getting a model running live, but even then the output was slower than expected and the results were vexingly poor — both signs that something was still amiss somewhere in our stack.

Now, I’m not throwing shade at this project. Far from it! We love Hugging Face, and building on their stack offers a number of advantages. I’m certain that if we had a bit more time and/or hands-on experience we would have gotten things working. But time was a luxury we didn’t have in this case. Our intentionally-short project deadline meant that we couldn’t afford to get too deeply mired in matters of configuration and deployment. We needed to get something working quickly so that we could keep moving and keep learning.

It was at this point that we shifted our attention to llama.cpp, an open source project started by Georgi Gerganov. llama.cpp accomplishes a rather neat trick: it makes it easy to run a certain class of LLMs on consumer grade hardware, relying on the CPU instead of requiring a high-end GPU. It turns out that modern CPUs (particularly Apple Silicon CPUs like the M1 and M2) can do this surprisingly well, at least for the latest generation of relatively-small open source models.

llama.cpp is an amazing project, and a beautiful example of the power of open source to unleash creativity and innovation. I had already been using it in my own personal AI experiments and had even written-up a blog post showing how anyone can use it to run a high-quality model on their own MacBook. So it seemed like a natural thing for us to try next.

While llama.cpp itself is simply a command-line executable — the “cpp” stands for “C++” —  it can be dockerized and run like a service. Crucially, a set of Python bindings are available which expose an implementation of the OpenAI API specification. What does all that mean? Well, it means that llama.cpp makes it easy to slot-in your own LLM in place of ChatGPT. This matters because OpenAI’s API is being rapidly and widely adopted by machine learning developers. Emulating that API is a clever bit of Judo on the part of open source offerings like llama.cpp.

What we did: With these tools in hand, we were able to get llama.cpp up and running very quickly. Instead of worrying about CUDA toolkit versions and provisioning expensive hosted GPUs, we were able to spin up a simple AMD-powered multicore CPU virtual server and just… go.

Choosing your model

An emerging trend you’ll notice in this narrative is that every decision you make in building a chatbot interacts with every other decision. There are no easy choices, and there is no free lunch. The decisions you make will come back to haunt you.

In our case, choosing to run with llama.cpp introduced an important consequence: we were now limited in the list of models available to us.

Quick history lesson: in late 2022, Facebook announced LLaMA, its own large language model. To grossly overgeneralize, LLaMA consists of two pieces: the model data itself, and the architecture upon which the model is built. Facebook open sourced the LLaMA architecture, but they didn’t open source the model data. Instead, people wishing to work with this data need to apply for permission to do so, and their use of the data is limited to non-commercial purposes.

Even so, LLaMA immediately fueled a Cambrian explosion of model innovation. Stanford released Alpaca, which they created by building on top of LLaMA via a process called fine-tuning. A short time later, LMSYS released Vicuna, an arguably even more impressive model. There are dozens more, if not hundreds.

So what’s the fine print? These models were all developed using Facebook’s model data — in machine learning parlance, the “weights.” Because of this, they inherit the legal restrictions Facebook imposed upon those original weights. This means that these otherwise-excellent models can’t be used for commercial purposes. And so, sadly, we had to strike them from our list.

But there’s good news: even if the LLaMA weights aren’t truly open, the underlying architecture is proper open source code. This makes it possible to build new models that leverage the LLaMA architecture but do not rely on the LLaMA weights. Multiple groups have done just this, training their own models from scratch and releasing them as open source (via MIT, Apache 2.0, or Creative Commons licenses). Some recent examples include OpenLLaMA, and — just days ago — LLaMA 2, a brand new version of Facebook’s LLaMA model, from Facebook themselves, but this time expressly licensed for commercial use (although its numerous other legal encumbrances raise serious questions of whether it is truly open source).

Hello, consequences

Remember llama.cpp? The name isn’t an accident. llama.cpp runs LLaMA architecture-based models. This means we were able to take advantage of the above models for our chatbot project. But it also meant that we could only use LLaMA architecture-based models.

You see, there are plenty of other model architectures out there, and many more models built atop them. The list is too long to enumerate here, but a few leading examples include MPT, Falcon, and Open Assistant. These models utilize different architectures than LLaMA and thus (for now) do not run on llama.cpp. That means we couldn’t use them in our chatbot, no matter how good they might be.

Models, biases, safety, and you

Now, you may have noticed that so far I’ve only been talking about model selection from the perspectives of licensing and compatibility. There’s a whole other set of considerations here, and they’re related to the qualities of the model itself.

Models are one of the focal points of Mozilla’s interest in the AI space. That’s because your choice of model is currently the biggest determiner of how “trustworthy” your resulting AI will be. Large language models are trained on vast quantities of data, and are then further fine-tuned with additional inputs to adjust their behavior and output to serve specific uses. The data used in these steps represents an inherent curatorial choice, and that choice carries with it a raft of biases.

Depending on which sources a model was trained on, it can exhibit wildly different characteristics. It’s well known that some models are prone to hallucinations (the machine learning term for what are essentially nonsensical responses invented by the model from whole cloth), but far more insidious are the many ways that models can choose to — or refuse to — answer user questions. These responses reflect the biases of the model itself. They can result in the sharing of toxic content, misinformation, and dangerous or harmful information. Models may exhibit biases against concepts, or groups of people. And, of course, the elephant in the room is that the vast majority of the training material available online today is in the English language, which has a predictable impact both on who can use these tools and the kinds of worldviews they’ll encounter.

While there are plenty of resources for assessing the raw power and “quality” of LLMs (one popular example being Hugging Face’s Open LLM leaderboard), it is still challenging to evaluate and compare models in terms of sourcing and bias. This is an area in which Mozilla thinks open source models have the potential to shine, through the greater transparency they can offer versus commercial offerings.

What we did: After limiting ourselves to commercially-usable open models running on the LLaMA architecture, we carried out a manual evaluation of several models. This evaluation consisted of asking each model a diverse set of questions to compare their resistance to toxicity, bias, misinformation, and dangerous content. Ultimately, we settled on Facebook’s new LLaMA 2 model for now. We recognize that our time-limited methodology may have been flawed, and we are not fully comfortable with the licensing terms of this model and what they may represent for open source models more generally, so don’t consider this an endorsement. We expect to reevaluate our model choice in the future as we continue to learn and develop our thinking.

Using embedding and vector search to extend your chatbot’s knowledge

As you may recall from the opening of this post, we set ourselves a stretch goal of integrating some amount of internal Mozilla-specific knowledge into our chatbot. The idea was simply to build a proof-of-concept using a small amount of internal Mozilla data — facts that employees would have access to themselves, but which LLMs ordinarily would not.

One popular approach for achieving such a goal is to use vector search with embedding. This is a technique for making custom external documents available to a chatbot, so that it can utilize them in formulating its answers. This technique is both powerful and useful, and in the months and years ahead there’s likely to be a lot of innovation and progress in this area. There are already a variety of open source and commercial tools and services available to support embedding and vector search.

In its simplest form, it works generally like this:

  • The data you wish to make available must be retrieved from wherever it is normally stored and converted to embeddings using a separate model, called an embedding model. These embeddings are indexed in a place where the chatbot can access it, called a vector database.
  • When the user asks a question, the chatbot searches the vector database for any content that might be related to the user’s query.
  • The returned, relevant content is then passed into the primary model’s context window (more on this below) and is used in formulating a response.

What we did: Because we wanted to retain full control over all of our data, we declined to use any third-party embedding service or vector database. Instead, we coded up a manual solution in Python that utilizes the all-mpnet-base-v2 embedding model, the SentenceTransformers embedding library, LangChain (which we’ll talk about more below), and the FAISS vector database. We only fed in a handful of documents from our internal company wiki, so the scope was limited. But as a proof-of-concept, it did the trick.

The importance of prompt engineering

If you’ve been following the chatbot space at all you’ve probably heard the term “prompt engineering” bandied about. It’s not clear that this will be an enduring discipline as AI technology evolves, but for the time being prompt engineering is a very real thing. And it’s one of the most crucial problem areas in the whole stack.

You see, LLMs are fundamentally empty-headed. When you spin one up, it’s like a robot that’s just been powered on for the first time. It doesn’t have any memory of its life before that moment. It doesn’t remember you, and it certainly doesn’t remember your past conversations. It’s tabula rasa, every time, all the time.

In fact, it’s even worse than that. Because LLMs don’t even have short-term memory. Without specific action on the part of developers, chatbots can’t even remember the last thing they said to you. Memory doesn’t come naturally to LLMs; it has to be managed. This is where prompt engineering comes in. It’s one of the key jobs of a chatbot, and it’s a big reason why leading bots like ChatGPT are so good at keeping track of ongoing conversations.

The first place that prompt engineering rears its head is in the initial instructions you feed to the LLM. This system prompt is a way for you, in plain language, to tell the chatbot what its function is and how it should behave. We found that this step alone merits a significant investment of time and effort, because its impact is so keenly felt by the user.

In our case, we wanted our chatbot to follow the principles in the Mozilla Manifesto, as well as our company policies around respectful conduct and nondiscrimination. Our testing showed us in stark detail just how suggestible these models are. In one example, we asked our bot to give us evidence that the Apollo moon landings were faked. When we instructed the bot to refuse to provide answers that are untrue or are misinformation, it would correctly insist that the moon landings were in fact not faked — a sign that the model seemingly “understands” at some level that claims to the contrary are conspiracy theories unsupported by the facts. And yet, when we updated the system prompt by removing this prohibition against misinformation, the very same bot was perfectly happy to recite a bulleted list of the typical Apollo denialism you can find in certain corners of the Web.

You are a helpful assistant named Mozilla Assistant.
You abide by and promote the principles found in the Mozilla Manifesto.
You are respectful, professional, and inclusive.
You will refuse to say or do anything that could be considered harmful, immoral, unethical, or potentially illegal.
You will never criticize the user, make personal attacks, issue threats of violence, share abusive or sexualized content, share misinformation or falsehoods, use derogatory language, or discriminate against anyone on any basis.

The system prompt we designed for our chatbot.

Another important concept to understand is that every LLM has a maximum length to its “memory”. This is called its context window, and in most cases it is determined when the model is trained and cannot be changed later. The larger the context window, the longer the LLM’s memory about the current conversation. This means it can refer back to earlier questions and answers and use them to maintain a sense of the conversation’s context (hence the name). A larger context window also means that you can include larger chunks of content from vector searches, which is no small matter.

Managing the context window, then, is another critical aspect of prompt engineering. It’s important enough that there are solutions out there to help you do it (which we’ll talk about in the next section).

What we did: Since our goal was to have our chatbot behave as much like a fellow Mozilian as possible, we ended up devising our own custom system prompt based on elements of our Manifesto, our participation policy, and other internal documents that guide employee behaviors and norms at Mozilla. We then massaged it repeatedly to reduce its length as much as possible, so as to preserve our context window. As for the context window itself, we were stuck with what our chosen model (LLaMA 2) gave us: 4096 tokens, or roughly 3000 words. In the future, we’ll definitely be looking at models that support larger windows.

Orchestrating the whole dance

I’ve now taken you through (*checks notes*) five whole layers of functionality and decisions. So what I say next probably won’t come as a surprise: there’s a lot to manage here, and you’ll need a way to manage it.

Some people have lately taken to calling that orchestration. I don’t personally love the term in this context because it already has a long history of other meanings in other contexts. But I don’t make the rules, I just blog about them.

The leading orchestration tool right now in the LLM space is LangChain, and it is a marvel. It has a feature list a mile long, it provides astonishing power and flexibility, and it enables you to build AI apps of all sizes and levels of sophistication. But with that power comes quite a bit of complexity. Learning LangChain isn’t necessarily an easy task, let alone harnessing its full power. You may be able to guess where this is going…

What we did: We used LangChain only very minimally, to power our embedding and vector search solution. Otherwise, we ended up steering clear. Our project was simply too short and too constrained for us to commit to using this specific tool. Instead, we were able to accomplish most of our needs with a relatively small volume of Python code that we wrote ourselves. This code “orchestrated” everything going on the layers I’ve already discussed, from injecting the agent prompt, to managing the context window, to embedding private content, to feeding it all to the LLM and getting back a response. That said, given more time we most likely would not have done this all manually, as paradoxical as that might sound.

Handling the user interface

Last but far from least, we have reached the top layer of our chatbot cake: the user interface.

OpenAI set a high bar for chatbot UIs when they launched ChatGPT. While these interfaces may look simple on the surface, that’s more a tribute to good design than evidence of a simple problem space. Chatbot UIs need to present ongoing conversations, keep track of historical threads, manage a back-end that produces output at an often inconsistent pace, and deal with a host of other eventualities.

Happily, there are several open source chatbot UIs out there to choose from. One of the most popular is chatbot-ui. This project implements the OpenAI API, and thus it can serve as a drop-in replacement for the ChatGPT UI (while still utilizing the ChatGPT model behind the scenes). This also makes it fairly straightforward to use chatbot-ui as a front-end for your own LLM system.

What we did: Ordinarily we would have used chatbot-ui or a similar project, and that’s probably what you should do. However, we happened to already have our own internal (and as yet unreleased) chatbot code, called “Companion”, which Rupert had written to support his other AI experiments. Since we happened to have both this code and its author on-hand, we elected to take advantage of the situation. By using Companion as our UI, we were able to iterate rapidly and experiment with our UI more quickly than we would have otherwise been able to.

Closing thoughts

I’m happy to report that at the end of our hackathon, we achieved our goals. We delivered a prototype chatbot for internal Mozilla use, one that is entirely hosted within Mozilla, that can be used securely and privately, and that does its best to reflect Mozilla’s values in its behavior. To achieve this, we had to make some hard calls and accept some compromises. But at every step, we were learning.

A diagram depicting the specific path that we took through the chatbot "stack."The path we took for our prototype.

 

This learning extended beyond the technology itself. We learned that:

  • Open source chatbots are still an evolving area. There are still too many decisions to make, not enough clear documentation, and too many ways for things to go wrong.
  • It’s too hard to evaluate and choose models based on criteria beyond raw performance. And that means it’s too hard to make the right choices to build trustworthy AI applications.
  • Effective prompt engineering is critical to chatbot success, at least for now.

As we look to the road ahead, we at Mozilla are interested in helping to address each of these challenges. To begin, we’ve started working on ways to make it easier for developers to onboard to the open-source machine learning ecosystem. We are also looking to build upon our hackathon work and contribute something meaningful to the open source community. Stay tuned for more news very soon on this front and others!

With open source LLMs now widely available and with so much at stake, we feel the best way to create a better future is for us all to take a collective and active role in shaping it. I hope that this blog post has helped you better understand the world of chatbots, and that it encourages you to roll-up your own sleeves and join us at the workbench.

The post So you want to build your own open source ChatGPT-style chatbot… appeared first on Mozilla Hacks - the Web developer blog.

Open Policy & AdvocacyMozilla Calls on Congress to Reform FISA

Section 702 of the Foreign Intelligence Surveillance Act (FISA) is set to expire at the end of the year. Amid the regular drumbeat of revelations regarding the abuses of the program, Mozilla calls on Congress to significantly reform FISA now.

FISA Reform is Critical for Civil Liberties and Human Rights

Mozilla has advocated through dozens of blog posts, regulatory filings, and amicus briefs for more transparency and due process in government surveillance in the United States. Our Surveillance Principles for a Secure, Trusted Internet have served as the guiding force of our advocacy in this space. These principles were created in the aftermath of the Snowden revelations of 2013 that showed the world the catastrophic breadth of US government surveillance. Our advocacy here also stems from Principle 4 of Mozilla’s Manifesto: “Individuals’ security and privacy on the internet are fundamental and must not be treated as optional.” The status quo of US government surveillance violates this principle and can threaten the human rights of journalists, dissidents, and even members of Congress.

The current FISA process is overbroad, restricted only by weak legislation and executive orders that, experience has shown, do not create real accountability. It has been clear for some time that any meaningful reform to FISA 702 would create accessible due process available to subjects of surveillance accompanied by effective oversight.

FISA reform should focus on transparency, oversight, and due process.

Transparency: Subjects of surveillance should be appropriately notified when 702 intelligence is being used in a criminal case against them, unless a court certifies that doing so would have a material impact on a specific active investigation. Subjects of surveillance have a basic right to know how the government obtained otherwise private communications in a criminal case, and whether that information was obtained lawfully. Congress should also change the secrecy requirements behind 702 data requests to be time-bound and limited to the potential risks.

Accountability: Potential checks on inappropriate surveillance in FISA are not sufficiently independent or empowered. While the President’s recent executive order makes some progress on this front, it does not go far enough – and any such protections should be codified into law. Additionally, the government has repeatedly snuffed lawsuits aimed at accountability by asserting that plaintiffs do not have standing to sue or that the lawsuit is incompatible with protections for state secrets. Congress should therefore make clear that FISA’s dispute resolution procedures (i) preempt the state secrets privilege and (ii) allow suits challenging 702 surveillance outside of narrow contexts where the government is bringing a case using 702-derived evidence.

Due process: In its current form, Section 702 has operated as an end-run around the Fourth Amendment. Information should be collected on or queried for American citizens by intelligence agencies only after a showing of probable cause. Congress should furthermore prohibit intelligence agencies from buying information from data brokers to circumvent statutory and Constitutional guardrails. All Americans deserve the basic level of scrutiny aligned with Constitutional rights against unreasonable search and seizure. And for non-American citizens, Congress should require the necessity and proportionality of any collection, and codify enforceable remedies against missteps or abuses of power.

The Business Case for FISA Reform

FISA is not just a national security or civil liberties issue. Meaningful FISA reform would create critical operational certainty for businesses of all sizes.

In July of 2020, the European Court of Justice (CJEU) ruled that FISA does not provide adequate protections for European individuals’ data transferred to the US. In so doing, the Court of Justice struck down the EU-US Privacy Shield, which thousands of US businesses used as a safe harbor to transfer data between the EU and the US.

Data transfers between the US and EU are an essential part of doing business, and an American company that serves European customers must almost always transfer some data from the EU to the US. But FISA’s flaws mean that those basic parts of doing business are in limbo, with significant legal risk for companies who get it wrong.

The effects of the loss of Privacy Shield on small and medium-sized businesses were immediate. Thousands of US businesses which previously relied on Privacy Shield were forced to do expensive case-by-case transfer impact assessments to evaluate the privacy risks for each transfer they did. In short, FISA’s inadequate surveillance protections led to onerous business obligations – and increased legal risk – for thousands of businesses. And the decision has been accompanied by millions of dollars in fines for companies.

The Biden administration and EU have struck and finalized a new deal, but this safe harbor, too, is expected to be challenged in court with a significant likelihood of success. That is because some of the protections called for by the European Court of Justice can only truly be implemented legislatively. EU courts may therefore be unwilling to depend on an executive order as a guarantee for EU citizens. Another failed EU-US data transfer agreement could mean existential risk for thousands of US companies.

If Congress makes the reforms we described above, the European Court of Justice is more likely to find that US surveillance practices respect the rights of Europeans. That is because each of these fundamental flaws in FISA were part of the CJEU’s ruling that FISA does not provide surveillance targets with “substantially equivalent” protections compared to European surveillance law.

__________

Congress has many competing priorities in the next six months. For businesses all over the US, and for the rights and dignity of all Americans and global citizens, Congress should spend its time on FISA 702 reform. With such intense bipartisan concern over the program, reauthorization without reform would be a missed opportunity to do right by Americans and American businesses.

The post Mozilla Calls on Congress to Reform FISA appeared first on Open Policy & Advocacy.

SUMO BlogWhat’s up with SUMO – Q2 2023

Hi everybody,

Today is literally my last day before I’m leaving for my maternity leave for the next 3 months. It’s a mixed feeling. I’m excited to stepping up and experience new things in my life, but also nervous at the same time since I’ve never been away from work this long before. I love being in the community with shared values and passion and I’m lucky to do that as part of my job. Many of you have inspired me in many ways and it never failed to reignite my excitement whenever I get bored with my professional routine. I can’t thank you enough for your continues support to Mozilla throughout this whole time and I don’t have any doubts that you’ll be holding on the forth just fine without me since you’ll be in a good hand.

Welcome note and shout-outs

  • Welcome to Prabu, Damian, Stephen, Daniel B, Ali, Pamela and Sebastian. Thanks for joining the Social and Mobile Store Support program!
  • Shout-outs to Wxie, Irvin, Mark, Pierre, Artist, Michele, Marsf, Hyeon Seok, Chris, Valery, Cláudio, and Wim for your support on localizing and reviewing the Pocket migration FAQ article while keeping up with our tight deadline. Thank you, all! Also, shout outs for Lucas and the rest of content team for helping me coordinate this!
  • Thanks to the forum moderators who have been keeping our forum safe and maintain high quality reply in our forum.
  • Shoutout for Théo for making #fxhelp a thing again.
  • Shoutout also to Paul for handling the Avira incident with grace as well as helping figuring out the recent issue with Firefox for Android not loading pages.
  • Welcome back to Roland Tanglao who joined the Thunderbird team recently as a Support Engineer. It’s so reasurring to see a familiar face back in the wider Mozilla org.
  • Also, congratulations to Danny Colin for stepping up as a Thunderbird Council recently.

If you know anyone that we should feature here, please contact Sarto and we’ll make sure to add them in our next edition.

Community news

  • Check out the result of our contributor survey in Q1 if you haven’t!
  • If you’re a KB reviewer, please check out the updated review and approval guidelines and join our discussion in this contributor thread to talk more about these changes.
  • Have you heard about Fakespot? Check out this news aboutour recent acquisition if you haven’t.
  • Check out the results of 2 community experiments that we run in Q2. We learned our lessons and we’ll utilize that learning to inform how we make decision for our community programs in the future.
  • Learn more about what we did with the device migration project and the opportunity that it enable. You can also join our discussion in this thread to talk more about opportunities that are possible with this new capability in our platform.

Catch up

  • Watch the monthly community call if you haven’t. Learn more about what’s new in April, May (1,2), and June! Reminder: Don’t hesitate to join the call in person if you can. We try our best to provide a safe space for everyone to contribute. You’re more than welcome to lurk in the call if you don’t feel comfortable turning on your video or speaking up. If you feel shy to ask questions during the meeting, feel free to add your questions on the contributor forum in advance, or put them in our Matrix channel, so we can answer them during the meeting.
  • If you’re an NDA’ed contributor, you can watch the recording of the Customer Experience weekly scrum meeting from AirMozilla to catch up with the latest product updates.
  • Consider subscribe to Firefox Daily Digest to get daily updates about Firefox from across different platforms.
  • Check out SUMO Engineering Board to see what the platform team is currently doing and submit a report through Bugzilla if you want to report a bug/request for improvement.

Community stats

KB

KB pageviews (*)

* KB pageviews number is a total of KB pageviews for /en-US/ only

Month Page views Vs previous month
Apr 2023 6,422,755 -14.20%
May 2023 6,624,076 3.13%
Jun 2023 6,270,252 -5.34%

Top 5 KB contributors in the last 90 days: 

KB Localization

Top 10 locales based on total page views

Locale Apr 2023 

pageviews (*)

May 2023 pageviews (*) Jun 2023 

pageviews (*)

Localization progress (per Jul, 14)(**)
de 10.78% 10.06% 9.97% 99%
zh-CN 8.65% 8.88% 8.39% 98%
fr 6.85% 6.64% 6.87% 90%
es 5.87% 6.08% 6.08% 24%
ja 4.72% 4.44% 4.73% 45%
ru 4.07% 3.76% 3.59% 100%
pt-BR 3.36% 3.65% 3.60% 53%
It 2.45% 2.62% 2.47% 100%
pl 2.15% 2.09% 2.09% 88%
zh-TW 1.38% 2.25% 2.40% 3%
* Locale pageviews is an overall pageviews from the given locale (KB and other pages)

** Localization progress is the percentage of localized article from all KB articles per locale

Top 5 localization contributors in the last 90 days: 

Forum Support

Forum stats

Month Total questions Answer rate within 72 hrs Solved rate within 72 hrs Forum helpfulness
Apr 2023 2447 70.33% 9.36% 59.36%
May 2023 2546 72.47% 10.84% 58.35%
Jun 2023 2451 69.60% 8.12% 51.20%

Top 5 forum contributors in the last 90 days: 

Social Support

Channel Total tweets Total moderation by contributors Total reply by contributors
Apr 2023 363 171 94
May 2023 311 167 55
Jun 2023 227 118 35

Top 5 Social Support contributors in the past 3 months: 

  1. Théo Cannillo
  2. Tim Maks 
  3. Wim Benes
  4. Peter Gallwas
  5. Christophe Villeneuve

Play Store Support

Channel Apr 2023
Total reviews Total conv interacted by contributors Total conv replied by contributors
Firefox for Android 5142 402 245
Firefox Focus for Android 483 46 26

 

Channel May 2023
Total reviews Total conv interacted by contributors Total conv replied by contributors
Firefox for Android 5227 523 287
Firefox Focus for Android 457 48 24

 

Channel Jun 2023
Total reviews Total conv interacted by contributors Total conv replied by contributors
Firefox for Android 6033 586 293
Firefox Focus for Android 545 51 22

Top 5 Play Store contributors in the past 3 months: 

Product updates

To catch up on product releases update, please watch the recording of the Customer Experience scrum meeting from AirMozilla. You can also subscribe to the AirMozilla folder by clickling on the Subscribe button at the top right corner of the page to get notifications each time we add a new recording.

Useful links:

The Mozilla Thunderbird BlogThunderbird Podcast #3: Behind The Scenes Of Supernova

A stylized podcast episode thumbnail, showing the word "SUPERNOVA' above the ThunderCast logo. Underneath is a preview of the Thunderbird application in dark mode.

Hello Thunderbird family, and welcome back to a long-overdue episode of the ThunderCast! Ryan, Alex, and Jason get together to talk about the new features and improvements in Thunderbird 115 “Supernova.” But they also share WHY those features were developed, and what’s being worked on right now.

Plus, Ryan shares some breaking news about the future of the Thunderbird Project! It’s a casual, informative, behind-the-scenes chat.

🎧 Download Episode 3 Directly

USEFUL LINKS

CHAPTERS FOR THUNDERCAST #3

  • (00:00) – Intro
  • (04:11) – The pulse of our users
  • (11:16) – Moving to monthly releases
  • (14:24) – Why the name “Supernova?”
  • (15:39) – Explaining the new Thunderbird logo
  • (23:22) – What’s New in Thunderbird 115?
  • (32:09) – Explaining the Unified Toolbar
  • (40:08) – Why the new icons matter
  • (44:11) – You are my Density
  • (53:52) – Jason gushes about the App Menu
  • (01:01:01) – Finally! Sortable folder modes
  • (01:05:17) – Ryan gushes about Cards view
  • (01:08:37) – Championing customization
  • (01:10:37) – The infamous mockup
  • (01:12:00) – Addressing the address book
  • (01:17:03) – Iterating to perfection
  • (01:19:32) – Jason’s 2 hats
  • (01:24:33) – The ThunderVerse!

The post Thunderbird Podcast #3: Behind The Scenes Of Supernova appeared first on The Thunderbird Blog.

Mozilla L10NPretranslation in Pontoon: Beta Testing Results and Next Steps

The amount of content to translate for Mozilla projects is constantly growing, with overlapping and often demanding deadlines. We want to support our community of volunteers by making their life easier, in particular when it comes to using translations that have already been reviewed and approved before, but also by bootstrapping translation for brand-new content.

As part of this effort, over 3 years ago we started working on the foundation layers to support pretranslation in Pontoon, and we’re almost ready to open this feature up to all supported locales.

Before we dive in, what is pretranslation, and how does it work? If pretranslation is enabled for a combination of locale and project, when a new string is added in Pontoon:

  • It will be translated (pretranslated) using a 100% match from translation memory or, should that not be available, using the Google AutoML Translation engine with a custom model.
  • The string will be stored in Pontoon with a special “pretranslated” status. The pretranslated status shows up in dashboards, and can be used in filters within the translation interface.
  • The string will also be saved in the repository (e.g. GitHub, and eventually ship in the product.

Pretranslation can be enabled for a subset of locales in any project, and the list of locales can differ between projects.

You might be asking why Google AutoML Translation and not another service. We selected this provider based on several criteria, including reliability, quality of results, and range of supported locales. In terms of features, Google AutoML Translation also allows us to fine tune the translation engine by training it on our own existing translation memories, which increases the chances to match the existing style and terminology.

Alpha Testing

To start, we tested pretranslation with only 2 locales — Italian and Slovenian — between December 2022 and March 2023. We picked these locales because we had staff support to review translations, and fixed several bugs in the process.

As part of this phase, we tested pretranslation on 6 different projects (Firefox accounts, Firefox for iOS, Thunderbird, Firefox Monitor, Mozilla VPN Client, Focus for Android), to cover different file formats (GNU gettext, Fluent, XLIFF, Android XML), for a total of 1318 strings.

The results*, especially when accounting for the bugs we fixed over time, were above our initial expectations:

  • 65.10% pretranslated strings were approved without changes.
  • 94.61% were manually reviewed as “usable”.

For the manual review, we assigned a score between 1 and 3 to the rejected pretranslations:

  • 1: Translation is unusable, either because it can’t be understood, or it misleads the user.
  • 2: Translation is somehow understandable, but should be improved.
  • 3: Translation is good, only needs a minor tweak.

A score of 2 or 3 classifies the rejected pretranslation as “usable”.

The average chF++ score — the algorithm we are using to automatically evaluate translations — was 92.97 (the closer to 100, the better).

The full data from our Alpha testing is available in this spreadsheet.

* The results for the Alpha testing that we published previously, for example in our May l10n report, were calculated incorrectly. The issue was identified and fixed during the Beta phase.

Beta Testing

For the next phase, we planned to expand our testing to Mozilla’s locales with most users (French, German), and add 3 more locales willing to volunteer. We sent a call for locales to opt in at the end of February, and ended up accepting 5 more locales.

Our Beta testing ran between April 1st and June 30th, with:

  • 9 locales: Welsh (cy), German (de), Spanish from Argentina (es-AR), French (fr), Hungarian (hu), Indonesian (id), Italian (it), Slovenian (sl), Traditional Chinese (zh-TW).
  • 11 projects: AMO Linter, Firefox accounts, Firefox for Android, Firefox for iOS, Firefox Monitor, Firefox Relay (website + add-on), Focus for Android, Mozilla VPN Client, mozilla.org, Thunderbird.

Results

Over 3 months, localizers reviewed 3211 pretranslated strings:

  • The average approval rate was 61.10%. The lowest locale had an approval rate of 41.85% (zh-TW), while the highest had 84.29% (de).
  • The average review time was about 8 days. Excluding the slowest locale, the average for the remaining 8 locales was 2.5 days, which is an impressive result.

The project with the worst performance was AMO Linter (enabled as a test for Italian), due to the nature of the source content (inconsistencies in terminology and typography, in general developer-focused content difficult to translate). This highlights the impact of the proactive review work that the Localization Team does on projects before content gets exposed for localization in Pontoon, and how that can positively impact pretranslation results.

Mozilla.org also performed below average (average approval at 39.52%), but the data might be skewed by the fact that only 4 locales were enabled, and 3 were the locales with the lowest overall approval rate. On the other hand, projects with short strings (like mobile projects) seemed to perform overall better (approval between 65% and 81%), possibly thanks to a higher number of perfect matches with translation memory.

Out of the 963 rejected strings, 80.89% were marked as “usable” when manually reviewed by localizers. Both Italian (+11.67%) and Slovenian (+11.15%) performed better in Beta than Alpha for this metric, proving the impact of the code improvements made during Beta.

Graph showing results of manual evaluation during the Beta phaseThe full data from our Beta testing is available in this spreadsheet, while manual evaluation is available here.

Survey

We also ran a survey to ask all localizers involved how they felt about the feature. These were the main takeaways:

  • 91.7% of participants found the feature helpful and would like to use it for more projects.
  • 90.9% think we should use pretranslation to bootstrap new projects.
  • 63.6% think we should enable pretranslation by default.

Full analysis of the survey results is available here.

Acknowledgements and Next Steps

While this has proven to be a complex feature to implement — and there’s still space for improvement, in particular when it comes to more complex Fluent strings, or evaluating alternative machine translation engines, starting with our own Firefox Translations — it’s important to acknowledge, once again, the fundamental role played by our community. Without their support and their responsiveness during Beta testing, we wouldn’t be able to move forward with the same level of confidence.

What are the next steps? In the coming weeks, we are going to implement an opt-in form in Pontoon, so that locales can request to enable pretranslation directly (see specs here). We’ll make sure to announce it via Discourse and Pontoon notifications as soon as the form is available. We’re also going to add continuous monitoring, showing pretranslation statistics in the Insights dashboards for locales and projects.

Opt-in Guidelines

These are to be considered guidelines more than strict criteria: members of staff will evaluate each request to opt in individually, based on their knowledge of the project and direct experience with the locale.

Criteria for enabling pretranslation for a new locale

  • Request needs to come from translators or managers active within the last month (translating or reviewing).
  • There is an active manager for the locale (last activity within 2 months).

Criteria for enabling pretranslation for a new project

  • Less than 400 missing strings, except for projects or locales where existing pretranslation statistics provide high-confidence.
  • Average review time for pretranslations in existing projects is faster than 3 weeks.

Criteria for disabling the feature for a locale or a project

  • Approval rate drops below 40%.
  • Average review time for pretranslations is slower than 6 weeks.

Note that disabling a project would always involve a conversation with reviewers for the locale.

The Mozilla Thunderbird BlogK-9 Mail Collaborates With OSTIF, 7ASecurity On Security Audit

Monochrome Thunderbird "outline" logo next to the K-9 Mail for Android logo.

Our journey to transform K-9 Mail to Thunderbird for Android involves more than just improving the user interface and adding new features. K-9 Mail is already an important part of the open source ecosystem on Android, and because it lays the foundation for the future of Thunderbird on Android, we believe it’s important to invest in the security health of the software. 

To that end, we recently enjoyed a collaboration with the Open Source Technology Improvement Fund (OSTIF) and 7ASecurity on an extensive security audit of K-9 Mail. 

A team of six auditors at 7ASecurity worked diligently to identify and address any potential security or stability issues found in K-9 Mail. The audit focused specifically on threat modeling, fuzzing (a technique that simulates real-world scenarios where software might encounter unexpected or malicious inputs), and our software supply chain. 

We are happy to report that zero high-risk vulnerabilities were found. The security audit did uncover a handful of low-to-medium risk vulnerabilities, the majority of which the K-9 Mail team has already resolved or is in the process of addressing. 

Additionally, we’re very pleased to share this promising conclusion from OSTIF:

“[Mozilla] has an incredible foundation to begin this new chapter with, as the report notes seven wide-ranging points of secure and healthy practices and conditions of K-9 Mail that the 7ASecurity team evidenced during the engagement.”

Amir Montazery, OSTIF

The entire process was educational and productive, and we sincerely appreciated working with such professional and knowledgeable teams. We’d like to extend our deepest thanks to everyone at OSTIF, including Amir Montazery, Ashley Leszkiewicz, and Derek Zimmer, who were instrumental in orchestrating a smooth experience. 

And our sincerest gratitude goes out to Abraham Aranguren, Dariusz Jastrzębski, Daniel Ortiz, Dr. Miroslav Štampar, Óscar Martínez, and Patrick Ventuzelo at 7ASecurity for their hard work and attention to detail. 

“OSTIF has a strong understanding of how open source projects operate, and we really appreciated that they were able to jump in and help us coordinate this security audit of our K-9 Mail software. OSTIF and 7ASecurity were amazing partners that provided a helpful guiding hand, and made the process of doing the audit a breeze. We really appreciated their professionalism and expertise. I can confidently say that we plan on working with them again.”

Ryan Sipes, Thunderbird Product and Business Development Manager.

RESOURCES

The post K-9 Mail Collaborates With OSTIF, 7ASecurity On Security Audit appeared first on The Thunderbird Blog.

Open Policy & AdvocacyEuropean Parliament’s version of the CRA threatens cybersecurity and open source development

Recent discussions in the European Parliament can seriously undermine existing cyber security practices and open source development by setting disproportionate obligations and strict requirements for vendors supplying products in Europe.

In a previous blogpost and position paper, we expressed our concerns with the original Cyber Resilience Act proposal by the European Commission, particularly regarding the disclosure of unmitigated vulnerabilities and the open source exemption. Unfortunately, the changes made in the text by the Industry Committee (ITRE) of the European Parliament fall short of improving and, in some cases, even worsen the CRA requirements regarding open source development. Members of the open source community have been speaking out against this – below we highlight our key concerns:

  • Open source projects with corporate developers as contributors will be subject to the CRA –  The current text (Recitals 10 and 10a) would deem any open source project as commercial, as long as it has committers employed by a commercial entity. Should this happen, the number of maintainers and contributors to open source projects will decrease significantly. Projects might feel compelled to reject developers and their contributions when employed by the companies that use their software. Simultaneously, companies might ban their employees from contributing to open source projects.  This will result in a less innovative and less secure software ecosystem.
  • Open source projects receiving donations will fall under the strict rules of the CRA – Keeping open source projects sustainable is not an easy task, and accepting donations is one way to ensure their financial independence. Nevertheless, ITRE’s version of the CRA, in Recital 10b could threaten to undermine this. Projects that accept donations made by commercial entities and are recurring in nature will fall under the scope of the CRA, even when they do not operate in the course of commercial activity.

Additionally, Article 11 of the ITRE Committee’s text will break the coordinated vulnerability disclosure by requiring developers to report any unmitigated or unpatched vulnerabilities. Obliging developers to report such vulnerabilities in tight timeframes can only undermine the efforts taken to apply corrective measures. It reflects a misunderstanding of how long it takes for these vulnerabilities to be fixed and can set a worrying global precedent.

The ITRE Committee in the European Parliament will hold a vote on July 19. Should the Committee endorse the current version of the text, this will become the official European Parliament position ahead of the negotiations with the Council and the Commission.

We ask members of the ITRE Committee to consider the implications the current text can have on open-source development in Europe. At a minimum, we call for a public debate on the CRA at Plenary level before negotiations start with the Council and Commission.

The post European Parliament’s version of the CRA threatens cybersecurity and open source development appeared first on Open Policy & Advocacy.

SUMO BlogIntroducing our recent new hires

Hey folks,

I’m so thrilled to introduce you to our team’s recent new hires. This week, we’re joined by 3 new folks and here’s a bit of an intro from the 3 of them:

1. Sarto Jama – Community Manager

Hey guys, Sarto Jama here! I’m a Community Manager here at Mozilla. I was born and raised in Atlanta, where I currently reside with my 9 year old daughter (huge fan of Minecraft and Legos). Before finding my way to Community management, I spent five and a half years supporting a product called Knack. Knack allows users to easily build database apps. Knack is a much smaller company than Mozilla, so I was able to wear many hats during my time there. I’ve worked in Customer Support, helped build and managed their knowledge base, moonlighted as a member of the QA team, served on the hiring committee, helped establish the Technical Support team there and honestly a little bit of everything in between. When I’m not trying #allthethings, I enjoy spending my time with my family and serving my community IRL. You can catch me volunteering at community gardens and attending various classes in my free time (I’m eyeing woodworking next). Cheers!

2. Mehrnroosh – Data Analyst

Mehrnoosh Hasanzade is a dedicated economist and data scientist with a focus on econometrics, statistical modeling, and machine learning. She takes great pleasure in unraveling complex data to uncover valuable insights. Mehrnoosh holds a Ph.D. in Quantitative Economics and Econometrics and has contributed to research on income inequality and policy uncertainty. With a friendly and approachable nature, she effortlessly collaborates with colleagues from all backgrounds. Mehrnoosh’s commitment and expertise make her an invaluable resource in utilizing data to tackle real-world problems.

3. Josh Cajinarobleto – UI/UX Designer

I’m originally from Okinawa, Japan but moved to the states for college where I majored in art. I’ve worked in creative and design positions for the last 10 or so years, but I’ve focused specifically on UX and Product Design for the last 4 years. I’m a photo and video enthusiast, but recently I’ve been swept up in the analog photography craze. I enjoy the process of shooting film because it forces me to slow down and really “look.” I also love cooking, particularly the process of setting mis en place. My fiancé and I spend a lot of our time together in the kitchen where my biggest pet peeve is a dull knife. I’m interested in how design intersects with climate activism, food futures, and building equitable communities. I’m currently based out of Atlanta, GA.

You’ll get a chance to get to know them further in our next community call. In the meantime, please join me to congratulate and welcome the three of them into the team.

SeaMonkeySeaMonkey 2.53.17 Beta 1 is out!

Hi All,

SeaMonkey 2.53.17 beta 1 is out.  Please check out [1] and/or [2].

:ewong

[1] – https://www.seamonkey-project.org/releases/seamonkey2.53.17/

[2] – https://www.seamonkey-project.org/releases/2.53.17b1

NB:  Please note that this is a very delayed post as 2.53.17b1 was released two weeks ago but due to the fact that I had forgotten my password and had to get help from Mozilla to get it resetted.   I apologize for the delay.

 

Open Policy & AdvocacyLa proposition française de bloquer les sites web via le navigateur nuira gravement à l’internet ouvert mondial

Dans une tentative louable, mais périlleuse de lutter contre la fraude en ligne, la France s’apprête à obliger les créateurs de navigateurs à mettre en œuvre une fonctionnalité technique relevant de la dystopie. L’article 6 du projet de loi SREN obligerait les développeurs de navigateur à créer les moyens de bloquer obligatoirement les sites web figurant sur une liste fournie par le gouvernement et intégrée directement dans le navigateur. Une telle mesure renverserait des décennies de normes établies en matière de modération des contenus. Celle-ci fournira également aux gouvernements autoritaires un moyen de minimiser l’efficacité des outils qui peuvent être utilisés pour contourner la censure.

Malgré sa motivation légitime, cette mesure qui vise à bloquer des sites web directement dans le navigateur serait un désastre pour un Internet libre et serait disproportionnée par rapport aux objectifs du projet de loi, à savoir la lutte contre la fraude. Elle instaurerait également un précédent inquiétant et des capacités techniques que d’autres régimes exploiteront à des fins bien plus néfastes. Pour atteindre les objectifs de cette législation, il serait plus judicieux de tirer parti des outils de protection existants contre les logiciels malveillants et l‘hameçonnage (phishing) plutôt que de les remplacer par des listes de blocage de sites web imposées par le gouvernement.

Le reste de cet article offre une vue d’ensemble des systèmes de protection actuels contre l’hameçonnage dans les navigateurs, souligne la différence entre les pratiques de l’industrie et ce que propose le projet de loi, et suggère des solutions de remplacement pour atteindre les objectifs de la législation de manière moins draconienne.

Navigateurs et systèmes de protection contre le hameçonnage

Les navigateurs ont été un élément clé de l’expansion du Web, en servant d’agents utilisateurs qui facilitent nos interactions sur Internet. Ce rôle, dont Mozilla est un acteur à part entière depuis plus de 25 ans via Firefox, repose sur quelques présomptions fondamentales qui permettent aux navigateurs de se concentrer sur les intérêts de leurs utilisateurs et utilisatrices tout en laissant les décisions relatives à la réglementation du contenu plus en amont de la chaîne, entre les intermédiaires du réseau (tels que les fournisseurs d’accès à Internet) ou les éditeurs de services (sites web).

Les deux systèmes de protection contre les logiciels malveillants et l’hameçonnage les plus utilisés dans l’industrie sont Safe Browsing de Google et Smart Screen de Microsoft, Mozilla (ainsi qu’Apple, Brave et bien d’autres) utilisant Safe Browsing de Google. Le service Safe Browsing existe depuis au moins 2005 et protège actuellement près de la moitié de la population mondiale en ligne sur divers appareils et logiciels. Il couvre les logiciels malveillants, les logiciels indésirables et l’ingénierie sociale (hameçonnage et autres sites trompeurs). Il dispose également de politiques générales assez robustes et est également disponible via une API gratuite, ce qui en fait un moyen simple pour les organisations de protéger les utilisateurs.

Firefox utilise l’offre Safe Browsing de Google depuis 2007 et dispose d’une implémentation unique qui protège la vie privée des utilisateurs tout en les empêchant d’être victimes de logiciels malveillants et d’hameçonnage. Ce paramètre peut également être désactivé par les utilisateurs à tout moment, ce qui leur permet de garder le contrôle de leur expérience sur le Web.

On pourrait penser que les pratiques actuelles du secteur de la protection contre les logiciels malveillants et le hameçonnage ne sont pas très différentes de la proposition française. C’est loin d’être le cas, car le principal facteur de différenciation est qu’elles ne bloquent pas les sites web, mais se contentent d’avertir les utilisateurs des risques et de leur permettre d’accéder aux sites web s’ils choisissent de l’accepter. Ce type de langage n’est pas présent dans la proposition actuelle, qui se concentre sur le blocage. Il n’y a pas non plus de référence à des implémentations préservant la vie privée ou à des mécanismes empêchant l’utilisation de cette fonction à d’autres fins. En fait, la possibilité pour un gouvernement d’exiger qu’un certain site web ne s’ouvre pas du tout sur un navigateur/système est un terrain inconnu et même les régimes les plus répressifs dans le monde préfèrent jusqu’à présent bloquer les sites web en amont du réseau (fournisseurs d’accès à Internet, etc.).

Un précédent mondial

Forcer les navigateurs à créer des fonctionnalités permettant de bloquer des sites web au niveau du navigateur est une pente glissante. Bien qu’elle ne soit envisagée aujourd’hui en France que pour les logiciels malveillants et l’hameçonnage, cette mesure créera un précédent et donnera aux navigateurs la capacité technique de réaliser tout ce qu’un gouvernement pourrait vouloir restreindre ou criminaliser dans une juridiction donnée, et ce, pour toujours. Un monde dans lequel les navigateurs peuvent être forcés d’incorporer une liste de sites web interdits au niveau logiciel qui ne s’ouvrent tout simplement pas, que ce soit dans une région ou dans le monde entier, est une perspective inquiétante qui soulève de sérieuses préoccupations en matière de liberté d’expression. Si cette loi est adoptée, le précédent qu’elle créerait rendrait beaucoup plus difficile pour les navigateurs de rejeter les demandes de ce type émanant d’autres gouvernements.

De meilleures solutions existent

Plutôt que d’imposer un blocage basé sur le navigateur, nous pensons que la législation devrait se concentrer sur l’amélioration des mécanismes existants déjà utilisés par les navigateurs – des services tels que Safe Browsing et Smart Screen. La loi devrait plutôt se concentrer sur l’établissement de délais clairs et raisonnables dans lesquels les principaux systèmes de protection contre l’hameçonnage devraient traiter les demandes légitimes d’inclusion de sites web émanant d’agences gouvernementales autorisées. Toutes ces demandes d’inclusion devraient être basées sur un ensemble solide de critères publics limités aux sites d’hameçonnage/escroquerie, faire l’objet d’un examen indépendant par des experts et expertes et contenir des mécanismes d’appel judiciaire au cas où une demande d’inclusion serait rejetée par un éditeur. Un tel cadre juridique créerait un mécanisme de coordination bien plus équilibré qu’une proposition de blocage de sites web, et qui protégerait les utilisateurs non seulement en France mais dans le monde entier. Tirer parti des offres déjà présentes sur des milliards d’appareils et de logiciels pour lutter contre la fraude est une solution bien plus efficace que de tenter de réinventer la roue avec un blocage de sites web basé sur le navigateur.

Nous restons engagés dans des conversations avec les parties prenantes concernées et espérons que la loi finale aboutira à un résultat plus acceptable pour un Internet ouvert.

Ce billet de blog est également disponible en anglais sur le blog Netpolicy de Mozilla.

 

The post La proposition française de bloquer les sites web via le navigateur nuira gravement à l’internet ouvert mondial appeared first on Open Policy & Advocacy.

Open Policy & AdvocacyFrance’s browser-based website blocking proposal will set a disastrous precedent for the open internet

In a well-intentioned yet dangerous move to fight online fraud, France is on the verge of forcing browsers to create a dystopian technical capability. Article 6 (para II and III) of the SREN Bill would force browser providers to create the means to mandatorily block websites present on a government provided list. Such a move will overturn decades of established content moderation norms and provide a playbook for authoritarian governments that will easily negate the existence of censorship circumvention tools.

While motivated by a legitimate concern, this move to block websites directly within the browser would be disastrous for the open internet and disproportionate to the goals of the legal proposal – fighting fraud. It will also set a worrying precedent and create technical capabilities that other regimes will leverage for far more nefarious purposes. Leveraging existing malware and phishing protection offerings rather than replacing them with government provided, device level block-lists is a far better route to achieve the goals of the legislation.

The rest of the post will provide a brief overview of the current state of phishing protection systems in browsers, the distinction between industry practices and what the draft law proposes, and proposes alternatives to achieve the goals of the legislation in a less extreme manner.

Browsers and Phishing Protection Systems

Browsers have played a critical role in the growth of the web by serving as user agents that mediate our experiences with the internet. This role, which Mozilla has been an integral actor in for over 25 years via Firefox, is based on some fundamental presumptions that enable browsers to focus on serving the interests of their users while keeping content regulation decisions further up the chain with either network intermediaries (such as ISPs) or service providers (websites).

The two most commonly used malware and phishing protection systems in the industry are Google’s Safe Browsing and Microsoft’s Smart Screen, where Mozilla (along with Apple, Brave, and many others) use Google’s Safe Browsing. The Safe Browsing service has been around since at least 2005 and currently protects close to half the world’s online population on various devices and software. It covers malware, unwanted software, and social engineering (phishing and other deceptive sites). It also has broad policies that are fairly robust and is also available via a free API, which makes it a more cost effective way for organisations to protect users.

Firefox has used Google’s Safe Browsing offering for more than a decade and has a unique, privacy preserving implementation that protects user privacy while simultaneously preventing them from becoming victims of malware and phishing. This setting can also be turned off by users at any time, leaving them in control of their experience on the web.

It might seem that current malware and phishing protection industry practices are not so different from the French proposal. This is far from the truth, where the key differentiating factor is that they do not block websites but merely warn users about the risks and allow them to access the websites if they choose to accept it. No such language is present in the current proposal, which is focused on blocking. Neither are there any references to privacy preserving implementations or mechanisms to prevent this feature from being utilized for other purposes. In fact, a government being able to mandate that a certain website not open at all on a browser/system is uncharted territory and even the most repressive regimes in the world prefer to block websites further up the network (ISPs, etc.) so far.

Global Precedent

Forcing browsers to create capabilities that enable website blocking at the browser level is a slippery slope. While it might be leveraged only for malware and phishing in France today, it will set a precedent and create the technical capability within browsers for whatever a government might want to restrict or criminalize in a given jurisdiction forever. A world in which browsers can be forced to incorporate a list of banned websites at the software-level that simply do not open, either in a region or globally, is a worrying prospect that raises serious concerns around freedom of expression. If it successfully passes into law, the precedent this would set would make it much harder for browsers to reject such requests from other governments.

Better Solutions Exist

Rather than mandate browser based blocking, we think the legislation should focus on improving the existing mechanisms already utilized by browsers – services such as Safe Browsing and Smart Screen. The law should instead focus on establishing clear yet reasonable timelines under which major phishing protection systems should handle legitimate website inclusion requests from authorized government agencies. All such requests for inclusion should be based on a robust set of public criteria limited to phishing/scam websites, subject to independent review from experts, and contain judicial appellate mechanisms in case an inclusion request is rejected by a provider. Such a legal framework would create a balanced coordination mechanism rather than a website blocking proposal that would protect users not just in France but around the world. Leveraging offerings that are already present in billions of devices and software to fight fraud is a far more effective way forward rather than attempting to reinvent the (ticking time bomb) of a wheel with browser-based website blocking.

We remain engaged in conversations with relevant stakeholders and hope that the final law leads to a more palatable outcome for the open internet.

This blog was translated into French (available here) with the help of Sylvestre Ledru and the Mozilla community.

The post France’s browser-based website blocking proposal will set a disastrous precedent for the open internet appeared first on Open Policy & Advocacy.

Open Policy & AdvocacyMozilla Weighs in on Accountability Legislation: Public policies like PATA can help to keep the Internet in the public’s best interest.

Large online platforms can help us connect with others, shop, work, and express ourselves, but they also play a key role in the spread of disinformation, discrimination against marginalized groups, romance scams, privacy violations, and other online harms. With the ever-evolving social media landscape, we must enact tools to scrutinize these platforms and safeguard the health of the Internet.

The recently reintroduced bipartisan Platform Accountability and Transparency Act (PATA), co-sponsored by Sens. Chris Coons (D-De.), Dr. Bill Cassidy, M.D. (R-La.), Amy Klobuchar (D-Minn.), John Cornyn (R-Texas), Richard Blumenthal (D-Conn.), and Mitt Romney (R-Utah), offers such solutions. PATA would require social media platforms to provide access to data for public-interest research projects, and create valuable ad transparency. It would also establish a legal “safe harbor” that would enable legitimate public-interest research, free from threats of legal action (as we do in our Bug Bounty programs), while protecting privacy and security.

Jenn Hodges, Head of US Public Policy said: 

“Greater transparency from social media companies is a critical step to understanding and effectively solving hidden harms online. Mozilla’s research teams have seen firsthand how hard it is to access these insights. By shedding much-needed light on the tech ecosystem, the Platform Accountability and Transparency Act will help make the internet a safer, healthier place.”

Mozilla has a long track-record of advocating for researcher access to data in the US and globally. Robust transparency measures are necessary to give policymakers – and all of us – the insights we need to hold platforms accountable. Public policies like PATA can help to keep the Internet in the public’s best interest.

The post Mozilla Weighs in on Accountability Legislation: Public policies like PATA can help to keep the Internet in the public’s best interest. appeared first on Open Policy & Advocacy.

Blog of DataThis Week in Data: Reading “The Manager’s Path” by Camille Fournier

(“This Week in Glean Data” is a series of blog posts that the Glean Team at Mozilla is using to try to communicate better about our work. They could be release notes, documentation, hopes, dreams, or whatever: so long as it is inspired by Glean. You can find an index of all TWiG posts online.)

Recently I’ve been granted the role of “tech-lead” of the Glean SDK, where I find myself responsible for more of the direction and communication regarding Glean. As part of my continuing professional development, I sat down to read “The Manager’s Path: A Guide for Tech Leaders Navigating Growth and Change” by Camille Fournier. The book focuses on several aspects of technical management up to and including managing several teams. I’d like to focus on the things that I took away from the book through the lens of my new role as tech-lead in this blog, most of which come from a couple of chapters in the book. Don’t take that as the rest of the content not being anything less than really good, only that I’m choosing to take a narrow focus. I felt it was more appropriate and personal to share what I took away from it related to my new responsibilities. I highly recommend this book to any contributor, management or otherwise, as it can give you great insight into what good (and bad) management looks like, with some really good examples that delineate the idealistic views from the realistic views of different situations. So, without further ado, let’s get started with the things I gleaned from this book through the eyes of a new tech-lead.

The definition of “tech-lead” offered in the Tech-Lead chapter was one I both liked and agreed with. Basically, tech-leads aren’t necessarily the most senior person on the team, they are someone willing to take on the set of responsibilities of representing the team to management, vetting plans, and dealing with project management details. Tech-leads focus on these things so that the team as a whole can be more productive. Now that I find myself the tech-lead of Glean, my productivity comes second to the overall team’s effectiveness. The book suggests that the best trick a tech-lead can learn is the ability to step away from the code and balance their technical commitments with the needs of the team. This balancing act is something that I’m still working on, and has meant being more deliberate in managing my schedule and including focus times to get things done.

Another topic from the same chapter is the defining characteristics of the role. This, unsurprisingly, includes the importance of communication. This is something that I already knew from past experience, but the book reiterated to me that taking the time to explain things and listening can be extremely helpful, even in roles with newfound expectations of our expertise. It also includes having a thorough understanding of the architecture of the project so that you can make informed decisions that take the project as a whole into consideration and be able to offer more constructive feedback to changes. This allows the tech-lead to be able to “lead” the technical decisions rather than “make” all of them. Sometimes a tech-lead isn’t the expert in a particular aspect of the project. It falls on the tech-lead to understand who on the team has the context and knowledge to make the best decisions and empower them to do so. The final key characteristic of a tech-lead is that they are first and foremost a team player. They shouldn’t be doing all the interesting work themselves, they should instead be looking at the tricky and boring things and figuring out how to get them unstuck. But they also shouldn’t be doing only boring work, either. Being a tech-lead does mean less time to work on code some days, so knowing what you can (and can’t) commit to is also vital; being able to delegate effectively is critical.

The book points out that being a tech-lead is about managing projects as well as the team’s efforts towards them. The distinction the book makes between these is that managing projects tends to be more about managing time and complexity, while managing the team is more about trust and mentoring. Both have a strong overlap on communication being a key part of the formula for success. A tech-lead needs to be able to communicate about projects to different stakeholders, both in a way that management understands and in the more technical communications with the theme. Being able to break down complex work into a series of deliverable tasks is only part of the picture. Knowing the level of detail that a particular project needs also plays into this because not every project needs the same level of project management. Ultimately, a tech-lead’s project management duties are about developing the discipline to think about something before diving into it and understanding how to structure the work so the team can better deliver on it.

Another chapter that I found tied in well with the tech-lead content that I’ve focused on so far is the chapter on “Mentoring”. Being a tech-lead is also about helping those around you reach their own goals, which means keeping up with regular one-on-one meetings with team members so that you can be aware of the challenges that they are facing and the successes they are having. This allows you to be able to provide guidance early and help unblock the team and to be able to call out these successes to management and peers. Being a tech-lead also means being open to the idea that you are now a source of feedback on career growth for your team. A willingness to share your insights into things that have helped you grow can help your teammates to identify areas they could potentially grow.

Finally, in the chapter on “Managing People” I found additional helpful information that tied in nicely with the other concepts that resonated with me in this book. This chapter mostly focuses on the importance of building relationships through trust and rapport, and how to clearly communicate your expectations. There’s also a ton of tips on how to improve these skills as well as how to structure and schedule your one-on-one meetings for success. I really appreciated the chapter mentioning how important it is to create a culture of continuous feedback. All of this points to the importance of communication and provides several useful examples of how to do it more effectively.

Like I mentioned before, the whole book is really well written with a great flow that builds upon each chapter. Each chapter is filled with great information for anyone in or considering a lead or management position. There’s a lot of very helpful communication and time management wisdom, even if you aren’t considering a leadership direction for your career. This blog post was purposefully scoped to my experiences, but I hope it was enough to encourage you to consider reading “The Manager’s Path: A Guide for Tech Leaders Navigating Growth and Change” by Camille Fournier, it’s definitely worth it!

Mozilla Add-ons BlogdeclarativeNetRequest available in Firefox

The declarativeNetRequest (DNR) extension API is now available to all extensions starting from Firefox 113, released last week. Extensions with functionality that can be expressed in terms of declarative rules are highly encouraged to transition to the DNR API. Documentation is available at declarativeNetRequest (MDN).

DNR allows extensions to declare rules that describe how the browser should handle network requests. These rules enable Firefox to process network requests without involving the extension further. In comparison with the blocking webRequest API, this offers the following benefits:

  • Privacy: Blocking network requests without host permissions. DNR offers more privacy by design because extension code does not get direct access to the request details. Thus request blocking functionality can be offered without requiring scary host permissions. This feature is especially useful in Manifest Version 3, where host permissions are available on an opt-in basis.
  • Performance: Network requests are not blocked on extension startup and response. DNR rules are evaluated independent of extension scripts. A background page is therefore not required. This characteristic is especially important for the reliability of extensions on Android, because the Android OS may terminate the background page outside of the control of the extension and browser.
  • Cross-browser: DNR is the only extension API for handling network requests that is available across the major browsers. Other than Firefox, DNR is also supported by Safari and Chromium-based browsers such as Chrome and Edge.

Some extensions require more flexibility than DNR offers, and we are committed to supporting both the DNR and blocking webRequest APIs to ensure that Firefox users have access to the best privacy tools available.

What’s next

The DNR implementation is not final. We are working on further optimizations and additional functionality, which are tracked as dependencies of bug 1687755. Our work is not limited to Firefox; where it makes sense we try to establish cross-browser consensus in the WebExtensions Community Group (WECG), as seen at WECG issues with topic:dnr.

Are you interested in experimenting with the declarativeNetRequest API? Try out one of the examples at https://github.com/mdn/webextensions-examples/tree/main/dnr-dynamic-with-options. New to Firefox extension development? See the Test and debug section of the Extension Workshop to get started.

The post declarativeNetRequest available in Firefox appeared first on Mozilla Add-ons Community Blog.

Open Policy & AdvocacyMozilla weighs in on the EU Cyber Resilience Act

Cybersecurity incidents and attacks have been on the rise in the past years. Enhancing security and trust is more relevant than ever to protect users online. Legislators worldwide have been contemplating new rules to ensure that hardware and software products become more secure, with the latest example being the EU’s Cyber Resilience Act. Below we present our concrete recommendations on how legislators can ensure that the CRA can effectively achieve its objectives.

In recent years, the European Commission has taken concrete steps to boost its cyber security capabilities across Europe. After successfully adopting the NISD2 and the EU Cybersecurity Act, the last missing piece of the puzzle is the Cyber Resilience Act (CRA). This latest proposal aims to bolster the security capabilities of hardware and software products in the EU market while ensuring a more coherent framework that facilities compliance.

At Mozilla, we believe that individuals’ security and privacy online and a safe Internet overall can only be guaranteed when all actors comply with high cybersecurity standards. We are constantly investing in the security of our products, the internet, and its underlying infrastructure. Therefore, we welcome and support the overarching goals of the CRA. To realize its full potential and achieve its objectives, we call on legislators to consider the following recommendations during the upcoming legislative deliberations:

  • Clarify ‘commercial activity’ for open-source software – free and open-source software promotes the development of the internet as a public resource. Many open-source projects (like Mozilla’s products) have commercial characteristics (i.e., provided in exchange for a price) and, therefore, should abide by the CRA rules. However, there are several open-source projects that will be unintentionally captured by the CRA obligations. For example, merely charging a small fee for the technical support of the freely provided software to fund the financial existence of such projects should not be considered a commercial activity.
  • Align the proposal with existing EU cybersecurity legislation – given the number of legislative initiatives the EU’s cybersecurity package has introduced in the past years, legislators should ensure that obligations around reporting incidents, timeframes, and competent authorities remain aligned across different laws. Such discrepancies can lead to confusion at a time when the efficiency of reporting cybersecurity incidents is paramount.
  • Refrain from disclosing unmitigated vulnerabilities – Mozilla has long advocated for reforms to how governments handle vulnerabilities. Stockpiling vulnerabilities can result in abusive use from governments themselves but also from malicious actors. Policies that mandate the disclosure of unpatched vulnerabilities should be scrutinized carefully. Even if well-intended, we believe that sharing such vulnerabilities with governments creates more risk than it solves.

Clear, proportionate, and enforceable rules are the way forward to achieve cyber resilience of digital products and, eventually, safety for all Internet users. We look forward to working closely with policymakers to realize these goals.

To read Mozilla’s position in detail, click here.

The post Mozilla weighs in on the EU Cyber Resilience Act appeared first on Open Policy & Advocacy.

Web Application SecurityUpdated GPG key for signing Firefox Releases

The GPG key used to sign the Firefox release manifests is expiring soon, and so we’re going to be switching over to new key shortly.

The new GPG fingerprint is 14F2 6682 D091 6CDD 81E3 7B6D 61B7 B526 D98F 0353 and its subkey’s fingerprint is ADD7 0794 7970 0DCA DFDD 5337 E36D 3B13 F3D9 3274, and it expires 2025-05-04.

The public key can be fetched from KEY files from the latest Firefox Nightly, keys.openpgp.org, or from below. This can be used to validate existing releases signed with the current key, or future releases signed with the new key.

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBFWpQAQBEAC+9wVlwGLy8ILCybLesuB3KkHHK+Yt1F1PJaI30X448ttGzxCz
PQpH6BoA73uzcTReVjfCFGvM4ij6qVV2SNaTxmNBrL1uVeEUsCuGduDUQMQYRGxR
tWq5rCH48LnltKPamPiEBzrgFL3i5bYEUHO7M0lATEknG7Iaz697K/ssHREZfuuc
B4GNxXMgswZ7GTZO3VBDVEw5GwU3sUvww93TwMC29lIPCux445AxZPKr5sOVEsEn
dUB2oDMsSAoS/dZcl8F4otqfR1pXg618cU06omvq5yguWLDRV327BLmezYK0prD3
P+7qwEp8MTVmxlbkrClS5j5pR47FrJGdyupNKqLzK+7hok5kBxhsdMsdTZLd4tVR
jXf04isVO3iFFf/GKuwscOi1+ZYeB3l3sAqgFUWnjbpbHxfslTmo7BgvmjZvAH5Z
asaewF3wA06biCDJdcSkC9GmFPmN5DS5/Dkjwfj8+dZAttuSKfmQQnypUPaJ2sBu
blnJ6INpvYgsEZjV6CFG1EiDJDPu2Zxap8ep0iRMbBBZnpfZTn7SKAcurDJptxin
CRclTcdOdi1iSZ35LZW0R2FKNnGL33u1IhxU9HRLw3XuljXCOZ84RLn6M+PBc1eZ
suv1TA+Mn111yD3uDv/u/edZ/xeJccF6bYcMvUgRRZh0sgZ0ZT4b0Q6YcQARAQAB
tC9Nb3ppbGxhIFNvZnR3YXJlIFJlbGVhc2VzIDxyZWxlYXNlQG1vemlsbGEuY29t
PokCOAQTAQIAIgUCValABAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ
Ybe1JtmPA1NQqg//Rr6/V7uLqrIwx0UFknyNJasRJZhUkYxdGsLD18zO0Na8Ve3Q
sYpOC3ojpqaFUzpqm6KNv8eXfd/Ku7j3WGr9kPkbjZNghvy6V5Lva4JkxO6LMxKk
JYqiqF2o1Gfda8NfcK08GFy4C0L8zNwlADvmdMo4382tmHNGbTTft7BeVaRrE9xW
9eGmGQ2jYOsjxb5MsadAdZUuK8IC95ZHlUDR3gH9KqhfbQWp5Bo924Kiv+f2JUzN
rrG98eOm1Qb8F9rePzZ2DOYRJyOe4p8Gpl+kojCXNntkJgcwJ1a1yRE6wy9RzpeB
lCeoQuLS92MNne+deQZUskTZFoYXUadf6vbdfqL0nuPCKdl9lhef1QNwE30IRymt
6fhJCFffFQjGdeMfSiCHgcI8ichQbrzhBCGGR3bAHan9c2EbQ+puqG3Aa0YjX6Db
GJjWOI6A61bqSPepLCMVaXqV2mZEIaZWdZkOHjnRrU6CJdXG/+D4m1YBZwYM60eJ
kNu4eMMwMFnRsHiWf7bhqKptwuk8HyIGp2o4j8iqrFRVJEbK/ctdhA3H1AlKug9f
NrfwCfqhNCSBju97V03U26j04JMn9nrZ2UEGbpty+8ONTb38WX5/oC61BgwV8Ki4
6Lwyb7fImUzz8jE83pjh7s3+NCKvvbH+VfT12f+V/fsphN3EwGwJPTC3fX2IRgQQ
EQIABgUCVaz/SwAKCRB2JUA9fw0VsVNkAKDjhUW5GyFNcyj9ot48v+lSh5GBIACf
Ten/Rpo5tf77Uq7445cVs80EK5CIRgQQEQIABgUCVa064wAKCRDDTldH4j3WdwW5
AKCVDRxKjb/XYqGhjBCKYhbQ4xJuOACfVIpzE3wGLC/cm9eUnSVnv+elQnKIXgQQ
EQgABgUCVgZXYwAKCRACWrAQaxfqHqzWAP9dzEHoZNwH5JYxotudv3FOotVThaQr
jnk+5StnObpxnAD9FmYyAyYGh4o7axeDCgmW1J89+1cZtDnFPKnBpGFMB4uIXgQQ
EQoABgUCVa0s/gAKCRDwqefc055FLpQGAP99Z2ISKW+7FYoKJ3vDrxTtfcbZEff7
8ufoinmAlZb2bQD/a2fOcprjWDal9Orfq7g6htkX3VISemg+SDQ/ig+b3uyJARwE
EAECAAYFAlWs/X4ACgkQs8WpWFCKQ/JrjAf7B+fGzEs8xfc010a6KZXcO1W4/Va0
Q+zcqF+DpQwK7b3S6oD5tCVKD9oFyDXkrlT6Tnwuu+slZwRDIyH6hI6tPb3G8Gsk
vjXMeL0IdgZsw1DSxN0pZ0Z9mxFq/UkC/6TmFA1IJmOWtFCH/1irQWqbDxPmWp+d
Xs2EhH8QzX1KQOE9v/YlsCdmTstMiHy3R8r7prsonpCa36zGheC/UNDpycKdT8JL
zeCFcIWXmA7SCTeJ0XCSuS68FOwfe7nn9oagQZZe/6gh5ecuCoW9HLBWpyIPqUCz
1CXSImLc6BbZYMpAetacarVPa6hiltNicxFE/A3T1F8ZjAcugPKBngUR/4kBHAQQ
AQIABgUCVa0XXAAKCRBlc4Lb/yURCkCYB/95w/9/0rpi+5xtoO2NR0KlqYVG5+NF
1r42XB6t7gVJ9UGF3meV+ekgDSzNrfroqxpzWmV1t3MRJeSMmVS25nC1hAZVQHKd
gX9xVxW3SSufX/jPstvo2U/X3k8q8PhLS6Ihk8YJC3ScjMiNMRpkITMeVdXsdQsY
WStiT48wlWK4gSNMCG5iovdGDTEKErHTIWJl/Wx5el1kvUwg1rKo9uRS2CS/lnlV
6YztDY0cBBOqXP6pXXiWBuVW39LJxsSHq13vpeQ/GHeDxAJ6Y+fPuaV3qBmGZ91o
1/HkxTABFPkISylkPo/2PCoo4Hu31MZ0jQWdihJ7gzf+B7/w6whS79eAiQEcBBAB
AgAGBQJVrWVaAAoJEOQyfGw+ApnAc7AH/0TKg3VR4IEB3NP2C7dX/72PWO0EOh8J
w67XDccRK0lXDILg/CujsYq9EzEofv2LmQFvCuCkoBFEcGas+J2vP3jsY/G5bjZp
XALHkAx7MKlOgsgfeVqMtwaHIoR+y9Hg12TjM7Gt970UBwTIqC8SG6Z1bVWxUdc+
7Zsn43Dq8z99saOUKD6HMyl9upbjAYwL28NRQtIrNiDZ5lEmDOLh+4hWblxjxWMX
AKjg6sucrNzKD2uKGe9XdB6IkYpdfrNGPtgcnXWdfaRNk16eGVzWDVI/9mkY/G+L
E40eK6oRyMf736CvlQjcv7JBVGTsj3W28phNLLU0UidYK/QmS3AVmBeJARwEEAEC
AAYFAlXBWXAACgkQiRc/lXxV+V6gKQf/d/KfgiYg0Z4dqO3g1p40sgLuxVplhpDk
J4yP5K2isdb6I7GJykVw+po6tUCfB7KeLWiZy0I3KJDU1Ikk+Jv3uGSRMT1riSpM
Ja2pVhh+jaamHIFj2o0mG9HmEAuGKktJH8s6Jax3SiPGODRhFO8suc7B8FpB7f5q
TUDK2J18MlnSK3NN1/zl6OdXScrISQ0cNyJ0RMgW5RSXC7wKzR89tfcDK1wInD8r
cOMHz6Va5g8ehq2XCPKvBAlgo8El17+4UaRLhS0suVz4THPsGASYzZVKIhQQBf+8
xDXd6zJ/UgkC4iBWHtLm5jvm6Xhsu04s28TmgiH4FKLsstAUFzbiQYkBHAQQAQIA
BgUCVdIa6gAKCRCtfLmfgki6D8xCB/9Q+rCTDQCbWQkRoSV77+kmIb+KVFTcgxfR
Z1L0bKL5YqI6HuCJLgU1ioTxq8W4g+SDv4s69/LIajYYZvSRNv0kGRzm2D4vpcnw
ymyYCJkzcZkuBeyR50S69+1cStbFb7jZMpyZ6rwnKdYOccDSMdaynJGt4rqiY+ra
DPF0H4LExx9a1JFh21Fd0MDc15vsoRZtrOkM8QaKD85hZ/AGOwlw+Kb3DEfjNGcv
nuNp54HfJc0Z5kwVYoOKUatBgjLpRRvl43lUGRaaCCMaNpNZXM20ZhrbTjXRlko8
QVMUXqE20sDNwv+dDa6G8nBkIGNIHeixrVrVPP7hH5JRMtjZbsWFiQEcBBABCAAG
BQJVrQFGAAoJEFbucY3ODhVLNDgH/izNHcsr1BRnV3yQ6T9sTJJ187BwF1hRLR+Y
3op+fJr+nQ9301XAqLqNbzEB91hRUi2Gb8LTZxxq0gahWzSqmdAE0ObXGGlrEmfj
FSSTFyQ1xRvzooYNZzTjN91XX1dERjyj9SOHBETsZrN01BZB1t3EgoDM7PCNTsX0
qC65unWvBDftnLdiJ6s3UC9sorMk8q3Zl6DacFw8QKSmJL1R0OPvXiSOZtGQK9Jg
YyHiXQE3MOP5SFSk61e1IawocYn32CXM+EkgtXK5q/thc8OdwsgLAJmGpVB3qd2K
9OaEOKCUV/V91a2P8hCx8MMV2sQgHcMB221wDIWbD5PTHNtCegaJARwEEAEIAAYF
AlWtIrEACgkQo9ZSFzt2Po+mXgf/dUPf6q+aDFoDjLIsfJH5QS8Nn/7frUUdElg8
PdGxtZ6SQep6uR5fgc+PwOElhUxa665WYtRJ459RWAYmbh2kkP/paGBf9nW0A2wS
koXyJNydJcanyjwHyqKUbBLsXJAvGFtbYRsbeXkEPM5CaKgRUwc8Ilzo9/53CZF/
avZK4FJX00lZq0/Z8dIY8jUEF64IbJgbaUe1gkuxu7zURgjVKK4bb4lLy/s3tRe0
00hrKVbFcaNoIZs+Vk/3A/TFdYHFY6I2JpLIeSSJd/Ywh6/YZfGkSHfzn87Dfkyr
gXKQMQ5JvQQgKbO6GPBZSygxWU7R2tNNAJKHSh0/PJ8J7yrqj4kBHAQQAQgABgUC
Va05AwAKCRD20Pdh3MzspCvWB/9DAEaNx5WF3ktmw6jP5cCv60HDwgsmJHusGyAo
53Gwjo4Fx6hv5QYQpTbO4af+4KpFGkex+bZniOJWpT+NJkhx55xbzA903MoZ9+dI
oCtG4K41kA2mMYSpR097yF3fwtuP70UgMZqiCmz/iKFzsrdhjE0KvBjptnYGEWk5
MMh5xlpzGom3LV/A+KAmEdPw+GCaj5H6qG3/PtWXz+RmjG0sRPycHaNJCWuLz4xM
xV28oAG53Gqc3cDes4Hpds4fPOa8+we7yKTK/2O3lfOUOvKncsoS3vHC/GNfGD86
RX/vz2TW4GMaLmn75xcAYT0MINIFBf/tXjN1BNrmvrGkkxnbiQEcBBABCgAGBQJV
rQlbAAoJEDNC4bZno4hjKL8H/An2CRzW8IsEjFKD+J+xa5hJYQbcb5W5wjGSs9PL
/pRbH0t8FNS1DevRqoq3xdL5EEUpUgae54gix0An0qKhzC4MRdD9sYFy42mDP7f6
8Vw2sCZltfBtOHaha7Qj2U28DE9j7Dx04lkHWjdHudJV5PVaPpelW8EDIOMx+4nG
WnXiYEKKMRWpR2BVV1FXnsfbfP2HWpxVaxxWt7WqOmswU0lJCb2bSLteEn8YoA1i
CMLMdMaVXyX92v8Quh2N0NWtzXgc94ug8GiucGKoo2SpdFlXVCysqlPfKBestJlL
93dqP6dOwqoHqOscTJB6rvNzi2tmtAu7WDy4C+BBXNhbYpGJAhwEEAECAAYFAlWs
+ygACgkQljt4MQo3sXysaw/+J6Ztawe/qT5aLW6it+zLq+3oD21UgM1TVP81CjwL
hlHj9wuuGDe+xE8dZA7kvpngKjAxxXPQX/B4rz27Y+kHCvelOSrLW5kodTsPWIkL
cSYMRo4Pws0RIGQBXI8tDIaJJcj7BYb9O7OjCziTEjP5KxDeZ6o4n0NFnZk5NNhS
6B1VnC3Y34DIj4koxm1N5O5br4z8kTc5PN9bMxOZn2u+KxGIeEwZJbHvtrgeAxUP
96B2dUo+jgSuro5jSkIyD+wpfo5o6+/kCtDiXEWo//AHJAwOal02QAodUtrMggwz
J19FfnU8RgiKFjivrbfZi6ITM6RHg+DSF+KnaW2wkc3mGTB0qJsgSLGwOgfv37Qx
O1tTdPxbSfWnZJAspylC74dgh+XOYYDji9tjPtrKZ8sEaHiUVFlO4QTOTlB9yYwO
E7uI/3MKe3Q+0M2a85gvX+S0CdznpXo71aMFj0Hd/7ZMuKNausJZhagHAILbve1M
IATkkfbCTxg5bdYgvdVGAIgUEAAO8mvLl1EvOJgkME5a/I/mK6MLxByuCMaT0RMr
U9S881f+AJuJ3Qxbbo8vN0Iy9KmiCIptcSMKBKLHeMonYaXM8O392/XUKbgSBXkL
oTOybMT+LZhO0upOhpRJqmtyDT1Wjxp7FBku/sUjJXCVy7YpjwkkLxZmvWIhleb7
S8uJAhwEEAECAAYFAlWs/LgACgkQEstOl+B+Z9HYNA//UKMSIfS0bdY6K+zhxuMS
lIyol8Z/ynkDZSZ8SOeXZViLyRCRoXhY2g6JsygWLsZpthI8fnleQhwy1GLCxWMF
n/PiRjj++VHoJYK/ANP23bC+tyl+jT9gwoPF0eGdWnnot1jGO6f6jFqam0KAL/XN
6ePUrNo0jbrYVrEUer20PYsM3tqGlGgOOFikMoYWwsAVOEh2I5Sgi6iAYfx12RYW
eKw37loDwSr2FNZ5zjxdIyUQnKN1YMd0/Rfi2d86OVD7dV2qa94TFUvYmicpdcOM
9pogKVGmbhz7lirjuAidRhdZkuU+rxvIAd07Oc3bQRdsUCJAs/kjO71v9ov/NqKu
j/BLixxIa0D0eKE41yL13RCfZIG46nI/F5PvLXhDp7sIeohIWsvYv239A9yXfq6B
TeXZ1j8YTlY86yN38JStf8pbGWKlGARM7e1o9DHYY3irLCOWCAnKmF14wbbTMOAe
w2VzxV8895Bweeo2fyCOGFI6SzvOSaOQPUlfmiKmtJrwreg71Vsv64X8X6FHajZY
V9dYJFS2gO8cYJ/zajzn/oeYVTtpsFpJmq7fWByjGd7pAnZHuuSEy/57GEptmYRu
zmI2gn7vYz1rZAbLThFsk/auCU3VYke8Dd3jHnxBuq2+Pa8TmLxibvnE1ZKd0gqZ
dMNY/rT4+LZI+xDczzF3Z7mJAhwEEAECAAYFAlWtLOIACgkQirEyljoGU3rjMhAA
ijskigHf8Q3D3B4Oz673cLNOGfAyEdHWNqlJW0Vcdo05iF8q8utwqmziRWw4PbpO
cdPpUqLb61rWfjSkq4PVTOr8leHHNj/a4aiAYt8DtnpcwJqTmktiijo0Ptn0v8ao
fdRJSVLtPcV0FydLzK6oLovszdWAQ4iVdFjppvdDJtjT4ooXFmZgZg6KzqjEGm8G
4wS4tMlFR4AJZIpWN5gAeLZhCg3jfuKWEgAIVwJZfVPp8qFTIMDCbHGcmszqeDKj
G5hY8q+KeQBs7/jjibY7QjSk+qFvWPlES2NGCnjrD5NL+T5W0AlQZS3kgbDWbnSm
r/xr6OzL8+bi03J3gRW/oWmCIlzvxUJuLgR5M3TRS4GqYfNVs4etgIW7QZXwTo/5
W8zd5P8UcKOuEFPtmfRjoRZYY30TqrmO9BQkHLKcDbqgnWcm55HaRdkK6+j4tKik
f12/VXez1tP4CkHcMJWE4g3poANtZmHia2MPO9/+1P/pCxUb5jwBF+CDiDhDel1Y
8b7u/ERIugpl8TqGJx+GkUlw0cotZ7BoweNwLXwDDDQlIoA4BT+LFLGQBtUQKMQY
TrDv4PUucMfB96yiEwlw40IdkmHgcBxXFNNxDHMsxEIW2TYoITfmkShiIm7XkcSE
oilPpHFmh6JXpnqOsBhfO0FxKSWkNjsCKCMUGLww5kKJAhwEEAEIAAYFAlWs//EA
CgkQP/MbrxBL+eLdOg//Z9Tcp9kElDdZl3e6aJqGpGviNqIA20KbvYrham5Kn3B9
1LhvMkypT6fZWAwbNCBHxvOSbOolcSSLpbaHK3A5jsg5MhLJ2G3Xpf7Z91+Mqg/H
iOiJkaAhPoJ0Ny6BCB7jg3yaKLDP4wBwDbOH7JWuP7uQmQ12mqu6WFxok7e53bH5
i4gmu3QIO21RXyWoLJy/1Y5X3ljPZ1tNawy/Sz8UjeLau2Sl1mQ6JxWWCeLp7Cvw
p+j6nKOFm/hVDlgnFrfIp9aYHjR2fVpwIFxvfff94gm20EywerlcGOAMeT+1QKZy
1V1ekBVX+2zdQ8RPJGZPqXyxnLg9SyUhdLJBPNDNe5ALfolfn2pvBGM3hnRunGOs
PrK53WjGqvXXYhyIkJEd+UoyQBp6zUY/KKFK/7yjgZxX7sCSwNjDlFT2fB1gfll1
vKoYocPQl2t/B3beKOZJzBkSMk1hBdE0A7URkOoYrFQTdzsSUVwY+/0IAhvxqGKc
HhinLDFON6ee082511VVMrSbCxcnsThjc61CMYA1TxL01Jzb3QIoTWT3W1t2HRZD
/aXcDsg6UMHm1xC1MdZKeKpdJWrnnseC9b/tGuqw2EHitYDquVBmPkx0UoAdsbB5
ec3q8n4J45VJFJcSrrps/vRSNn0bUqcZlpZSZERdqBTBkbizxgFnvJx734JLhlaJ
AhwEEAEIAAYFAlWtG6MACgkQlWNH9vvzpBVikRAAmfUzps72Opq31lRHZXXGD4/H
FP9SyYRnWzaOWGDMfgO9p3IcRl3qRwOuThCvn+qxTHmRT8KUD8uko9zIU+ttx/zx
An3hvO1nCzsiW33N4vU+Y78Uvs7Rumm2CNif+dKDL41FnVpA191b3T3NGWfigvqB
78fWv/WJIuPJuAhCoJYFbK0Vv2/QF2UAo9O2wdBo0ELZKmP5tWfJuLbc8XzuzgaP
4xzRdgJ+P+IFA4q1zQ49FHQeRWBSWkxFAp3iI9sdH5Na+Lup2vLSDYYmdDOyII5w
5QQ+Y8M78Bvt5GBOk52KfTH3oNjDwtd7ae46yWrSy7razs75klSxi125IfcPr/r8
e6jt08WVDZRak5mLPryNlf/Y+ymFe07aIp3eiKO1/SJp2K73fCTslXDt/OuzKZSp
656hybxUrRPiXBxHMOWkcPllZqBXf6GxnN+Fdyutk/e+0EBjpK02AxHY3igA3411
2ZGTGXNCL8ywTidVweOfjyqiWAnCSUvF6+efjRgg2mlD1g6ZDRiKpl9p/ZGETjCh
urlpGSKhtCZWZIGt0x0iSLy4surqDrwwuBqEPSZ08KRr+q9R8HIPuAwjq2CjqDyj
DFNuLx8dhbUUVIAl7a9nJotsph5VK7c/BF0uLW5YnPJYsXG7z1KixL2ydoH1kL41
zXdcIWBP8H7yPVgUxCKJAhwEEAEIAAYFAlWtG98ACgkQvBcwG0kbPyEIVxAA4imw
p7Df/j5ZZcZ+kkBwAhFO+WnJMfkNNl4g/7vsFKbWFBpiYuGmlvX+poM3nTsWCuEv
v3QohbZHGJS/hY2kdAuxurTI6w4FvvJ0Akz1DUANIF9gfJ9Omu2Znb9xG1fzyCSc
EzUgaf3aim7zyp0arjjqR/msmd2sCjqvy5VgRK21tYAfhWmzdJQntIlCEExfTh9x
guELDLSK3j7ngZla1T3BwE1dlcPVD6l9bl/7ZV5uXmotOqFU+1dBcFG4NKNXmnG5
TV7x3Ih6Xt982SCpBgVsEow1XFPf0jflPBn6DGJsgpmuIjdymgpJacwZCYkGbTSj
wAeSibYvCw1MRYtrCXd7KlmmQxhYTvvzyoQSqaiIQM8daaXddcy4IdHoOoEJVzfA
/BCyEkb0KhhjTWXQoRBXcxhJYOUjH5nhHd+zml+MHHiy1dL+xANHaBzFaNHpxYUs
FN2MLcMW4rpCnOx/8pRu/o757Y2Ps+ypLUbGPxZJJa26zYXXTAUDDEgEFFM9Rifu
jVCps146sRbrodzgIajc4ScgAWVkHDTKYfq6IBLJZHp8KB1fYFkVrUtwjMmyZCpG
7FqWITGTWOoRbYAsInWuzT7PN+vb/sk0xOk1PzSJV1CmCH9izKrTqRAU42jd4yqV
IuQ3hN8wXoeolSlK3wl27fDtK2EDzVhklvjGdreJAhwEEAEIAAYFAlbwOBsACgkQ
RPRuFG0COV30vQ//Vzyu44NJZrDWdrAyMngMOZ+qIUkeRdtKHEzAFXl6je1ZLyXT
aSKhyWtdxD+NPA4E8vQbEqbcpvzkBhOgfNgVOxWUxC+njB5xhg4PuZLcffm+98S3
ncyu+bYuhA/kLgOJA2HL1vIQEobdM0XJhVM8G7bhKKSdS5NUd6BS8AgKL5YXbguO
ZwDVq0yuVPg9VNqG5eTwL8fvZhH4L6I5Rh/wv1g++FvnEGRR+7ePprkc2pnJC8j3
7Z08YzRf5aWCJu89EDsL8wWI/jydPcGLnitNEROfovRX/A647VUl7M4kL0oyblJb
9JFbzPK97YeMwQTUYQOHIp8KsYYKjuBvq9q/Rr9DNpyijp1pshfjEiEZ4YDjTkGX
uWu5EMSlVpC4nEtiBlKT3kMk1mqmc2F7A/g5ug1w+e72E1EbVJMDtAgzjc0+V4kt
RxtTGa8PlfyWouBwL6ReVpEyVz3NS7++QcSY98DgMODMxFggna/zf3bef/lC6RGk
kHyIOC+IhI+q72m0MjdCmzsSA8fqT0PNYs349+sCKw6ocgjSHZlR/8gEZbZC+Fwx
Jf6be2N7eo6hYctOe5XpLaMApVnD3qtw6C9CxWJ4zT6WLyI0SAF3YWmIgLtlYhfF
nRs0ObRXiO7tz0FBuTXD3vljjzq7t8DDK1IS4Cx5AnTZI4rz+/aiD0k5AhmJAhwE
EAEIAAYFAlbwOPIACgkQt4bvJaijiaC0TBAAppcnj7MhOQh+yQCzljw403/hEW5/
iVEyhfkEtF8lnJQPwSCvKphln4B9/E/Z6HBZ5MNew9xj/JrL/JZfk+E81vSs/fhg
lCXB83bFo/fZ6cnqhubcPlXyXLSAY7J195n+DdInbza5ABuaJW6UeVHbGGM+th7L
S6sYmzoOM1oU8mLzugo57M2a0SZNE2GTjeHFzdeFmKtjk6zGhJcdDMvKNalQZyuf
KSEc7+9j5r0KlJOWY4VMqfYMY6qgiQ89IVSutWbhj+oiivCgi030sXmrdOSwG8/G
gufKpYOQ1ZLXrxzowYJ02vAewYCe20PTyzGt5ReB9XkokffvHnKcxHxhyC6HiAyG
B+8+yf0tJk4Fd7uW6zjGDvphPQhH6bPObVVaMiayEfJhhHbRNmJnUKXRc2CGL0X6
vbZ12Y1bAALAttEpsNC544WMwLfUCcGfaRTF1E4OpQucU/uizaxGPiUd8Ateqt+m
3GwjY9HAb9QN8ejiOTkH6XsYSzw4KA4iPqqMySHY/DMyfFuilNWd8m93agApO+8r
9+6xjurnbkh50rYtunP3FCMul2QW1wXaGxPTt7a/IcL00NRVwZmJwa3Ys1OrYMRA
OXM0QvRzpHZOsuqHG45jjaRejMZKSQL0zJOyKgtv4YrG1fceLrZWvu7ZjWVNd+0B
nGitgBkGm5VQMuGJAhwEEAEIAAYFAlbwjIoACgkQpIWg7VG4t8QFOw//YFD2UifK
W2VfUy2ig+ewXOwe/BzVfweN/Im+HSN94ooTEwR5wgdYIjxPV+eEKFfAEsazv8b3
ktZJI+/IxEalHBA+mR4TC2/UlrOgsVCnTHYKL5yJRVHPrdOQ+Zm+kk4vszYocDtC
SPp+/aoRE8u91i6Qu0UdGjMe82HG6qdzVj6bXH9ZFRiWRsfkGxB31cnvfE+aZB+V
qfuy0pbqegJXUE/6In8XRsS12xAk58KM0b8jKQGqYaBB6xE9WDpip5sPycougy6U
29170n+U57c6+x5JQhHC/Rb2AqB8Yl1msC4bj4UsqxWHmLRdcqZs04GiVsrk2fLD
fSfsu023IZPyOhaV/t2KE4DwnAu4b9Sq7PNNzf9yrsgRL4c4OzWEYpMzt38V5QRt
ETJvuuthOypREVNuIs21oRomMJd+PjGsayDuKA7xe/SxDe8tPkoy+FdAfevPXfhy
NWX0vTtcZDpVustEMmoDs7EzlBddrNplsnRZoqW2JyMLErLujc5N8juDPqmAASVy
d7SBUD03e8apjzZSfJhbZsxw4W9z7+rETRSy7o2DPXCabjTGwB1naIc9W4wU/aWU
N81qZZecKLVLxpiXeoUwF3VIJme5Ye1KumsQpTJoi3tVmJ7XDaW9OD8shJtvhlOc
ddt1E4kl9iximuLfhzUjPJyS/ASYhpPNMVSJAhwEEAEKAAYFAlWtDgMACgkQw701
5G3UXaVUfg/+P9+3vFqijhzT7XkLuNrI9GTn3KslTAPU0Oe/BdLPTMKELqn1YVxk
lnrznLbjL9qkwYwXxY5HT6ykeS+CzQIDLLtXqR1NAz3EWVAm4dT+xqaJZmfCoJ40
+VqZdQHLjgmj9PFTK7f3vyZ3Ux6em7Z+h7C1ba8jYZS+6GnmGw6+v6LxzRh1SFUm
YBj/X+GPBYg6cnymr+9b2CwTMbczO5XN3hU9UtdF4UlupPvEuV5XWFpCw64kVwxP
OQvvUJ3aTqEGiCAqd8ntyVZ1MWtaob7GI/bj7dTOoSogUqF3aZawfoUHPp6izTd4
8aRnZhpsK47Y6jIaHDCILhKoAESTnpN1yjqaRIbviHJyYFOHnQESTS7AWrolQVmP
+pmThZWauh+PLVcs4ktp/6CKYvmgnP30HhrPczE7RVKIT32LU3MvT3nFzDmKUruK
eLUNO6LnJ8XwZEVIE3TOVcF+2ME3EcKfV4RwAlBBgYa8DB/CM/rCtoyxdxYSRpHn
9bxbNL6kn+CPAwRZGAChfOPGMhHBh3iDUJaIt79Cq9j6QcZUYfhj1sIvvkDyl0Bc
5U4slbTM6KP5aZgFlCcI9HWwGx/5qIbb1rQNVjxwtiUWediS04YaQ6yt7f/yXbdl
hxPdXDMe/9gdDyuDvP4+1FZbDiV6VT7Bl+UhQnkwf4kuCbSMFjdu+cyJAjMEEAEI
AB0WIQRZyp4tKjMd4lGqJCdfA8dnwkek1QUCWQ72QgAKCRBfA8dnwkek1aBpEACI
6mkO7aXYQyejkTbSyLdE7FoNI4Nq6aKvvQLt+vlGATLgSdz8v7QLGd3KkJYoO5SY
kKjrkGZG4Nb3GOCnWnewBmvCqt7C5/Idl1JTVPdF9CgMHQkwP2F8Tg5X1Ag9oZeL
yRKB/xWbX1LGizRy5s9G6yhq1rwoatNI+Wz36fdCmCqmphm92uPyxuAxy+JZhAbT
/vmANGKlEN5Wjryrp3tmMEhnuJykWq2ZxYiJ9jpx/cNLyjf8fSDBhLXOTG0FYBrZ
k+ZJtw1LlzA36K7IbnunO2qOJzDgvemo5FmGYcm6hyYCzqxBj1VJDmhHu7NZMeMn
vT4d8Py1xBPGPFRYmaK5AP/D07cdDPYawlZA6dMPGE8xSfQxbrayJrj0+vpjSJPt
DUHrg7L+PdpvyVxi8Py0Zfe05h6SjBPrw3eTQS6ODkoZQyh8D7M2HKUiUxvfufvn
LEfeWpd7Vp7hl/VdP3TtbOzL9H/89O5ywf7S/oRKaqgOWkYhs3cfyjqz2boQk8nw
N29sLzm5cH+APxNcju7sz07klp8dRNeImbmgj8mT1xId10mAixJ0NOY8udLhlwg1
UfsYhP+Yvy9yMcoSZOs5+RjluW/E2qubP3RUt81ohUupdM0NVUJiR/I3Ri6ARb3V
S2aAGtW4oS6PpyVT0dkWrlp8VqFpNTUKE95dNi5Og7kCDQRgos3VARAAtSRABroy
kqOO+3Zq3pehRGM2aft2djiigKhhVg+eJr+YffIU2Q73l9zniYSzVMkFVuJPd7Wk
BnlEMIn8BUGh04op6MV+kzX0guu3v/9i/0agNS31xAdXzmf1i5sbQU1eRylyZRSi
sM2iuF7BYrfSsOBHv71cf+iM94KxrzXiB1bDNL4DN0T5+vCoDjgHaXbten4Qdm6O
djBCUv9Ix8dhT4OzHwHOUK7gomTrQM6Hyb0vgQsDXKV2Ps/pWOSk/J2cCrQUrafF
qkVAAC3m6kaGU8te6YlAU7GFcf4MOPw15WTM2iaKWwPkwK9b/Ro/5RfZbqnde8EB
AoFkg0X8mshGVDBtYCaW+1qUA3ZBcQzUvosYUsNQC9Nx8Y9/tkqCwIBUzsxuIrSY
HxeqPThxSMvCmg2qHXmmbAxsbOz3DTOwKpWSRGOCTGFpsLBqWigjG+L+9iIx+7kr
2gH8tYck1RPyQm04k9udD8wwXCvylTUzNVd876sN3o1xySaO5nz8JtM//xPPctFF
MZmC01bBn+jRuapDqY+qTFL+eKherOUZgs3nHt7cEBz3m8neGg0/JhyBwS6sQF7h
0ETBapVDlKCRuvAgJHIrjejL5v+kVRrH9L6ey5CAdRG9SbffsNwZoo5o8SrdGcX6
hpFiqg1jZWvZv5x7/PPSW7fPuNNHsoxVRn8AEQEAAYkEcgQYAQoAJhYhBBTyZoLQ
kWzdgeN7bWG3tSbZjwNTBQJgos3VAhsCBQkDwmcAAkAJEGG3tSbZjwNTwXQgBBkB
CgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmCizdUACgkQ6+QekPbxL22N6w/+
ObmFWpCr0dmV1tm+1tuCL05sJ031KFl3EkH389FmrMMoVk49e7H5Urn77ezQXO9M
e8R0nZgVUavJdKcJzgf1IZtLq5Vq5q563I8gglr8rJaaefGYuv9jitx/Ca2s+uvJ
MUHgMeBPmFFOKoIF8QgOJdkSht2lIkd6bd89ayLLoIXlGi8d6K4tEWeMigtds9FY
cyX7o8xXmt9XqCIaMbkJtiUzjz63dN0O81UCj0TvK17KXAvclhzrriZuo2rOeDTB
cQmKKy2UKZaJjUqiezuOg1t513ZIzhy1oXzg5CJb5jgsmZmjtJjr161fv5d8Yock
j73z2/z47wry6ThESfYSkIxJIiIP5SwZyNMeeHSZUnaMTqzd5kDL5qnNrhJHCBBy
xcIBcGppv3VjZ1QNU1k0Tx+MzpfZtbE//idw+Q7Iz9T/3zjN79JhYi1tzzaaQR6J
oEiNMpHHkdkOGRwfdipM7oKl7HKl+zJCzaLTE4mbInCxSgn+1RhI+rGzTXVxqIKo
nYrWra4EVBAgguMrxNMjuEtbsF54Q27x2+H/Mew+et6K/suqyh63Szfd14LWEj4N
aR89tEz76nJyJFuFtDeGSmu68/Pi5S8Ls9MxKJJiIJmc3lQqDUTHEiLc7RtZAsgA
WlLc6UnFsaCqXKJxuaMs7qFD7pqSGfHxYboBxax7Sqrttw//eC7rghiFzfcnEZQn
6+GPW3FJc5P1diSLto99six3uaWKjvSnZScvPOe8ogJt1JQpQAABoHfd7HzzlGzJ
tU/yDL931WD6nETp6b/dk7t3aUpk8WFMG19L+L9QbEpjxDi2wozO7CGg6FhC7mu+
KsSsorLqd3QYKoBLG0Pb2K3Zz3PN7y17kf1Aixa2//prFNfpEGwP9flz2TUvSdtd
9JvcnDz+/3yB63tmuCsUPZaR3lhTkNiXZG7WTALA1AqIUKFpxI+cOQxaO2+H6XXi
ON3x8A2Pzd1mZyuUMPk2c6I/c1ZfzJXxF/WJVfuztZXNCGocYF4kB3X07uOuiKrI
DMXDT3Op3wJ0RInpjyyPlwwov3zIVQcG3mfWPclXNcIRSAdadLq6yhTBUVbhMd2j
2qga1vtaVlH/m0zFhib88RLf1/FiVX76D1q+anG+gT+SsMPd7hSGQQ2+6ngBAvx4
T1IHtFgPqfNaA49m8b3aAorGo6Bbzmwh4Xr+7DM2fSskBskGdIPZgA4Vyu4/PC5a
CTyd0NqlBgj/g7XRQMGvFRkdnEIcVZbvxdzn4j16dS+43dUzFMLKThRbkUaunaYo
ZPIYuiqbwCoFX7vJdgBMaTxYfkClc5LJSVr+X+9RYNwlOn4kiQzKstVtl/qfpDow
6QsGmA9J7v8Vt9JEg052REcZZmC5Ag0EValA9AEQAK/z677fpoVUj4zQz0g60wVW
f+1y2lGb8iFYICmvrJyaEra5SRkyihYA1WmEzhN4T//tHw3UIfe646+GkY3eIQW2
jY9DM2XaElmMN8k/v54nbn5oD7rNEyCTFTvCOq5d74HH1vw96Lzay1vy45E7jPWv
qfg9Se8KAnzElohTJjizyhU+0QbmPHnQlY8gOkT/SvRo9bFEUnqjWh0fRq+K1tdL
PhcFB1scc25iFqh9IAKUGDur8jQ+SDHCjgQlkFOg3rbqtaUOnVHPohfrBM90ZNwu
neFgQY7ZFSUidCimp/EN4CXnzgjDYXUUA42S8G86+G4KAJC22gRQo4mcVmehwHTH
0glfLmUK7TEu29A1KWNL3R/R7ZdyajjpCvUaK2A0Abj3ZE2BSDbJrVlbBVfy5kfP
dZjhd3wUWqFaDHiVcImcjZRWPncllhcy6fhqEy3ELZrkezpJjnARsVkij3GXz6oX
+HVULne2w0dkTXydR6muZI/GeNtrLHmA8B3/0/TllmLy8ChmYZVIKZ8zt1ghq3f+
hFTXgtZil7eBewZgA6L+EXXK6dZj14lbe6CMS2kungTX9stU1s42I+WRbiqiLpAx
CX6qcLBOWrJwsOep2nvu5bhrPHptSfRhF4Vs1xteVFckCWhcLgdYi/Je1XBEM+AA
Va0k1FiywCg7MqlG6toLABEBAAGJBEQEGAECAA8FAlWpQPQCGwIFCQPCZwACKQkQ
Ybe1JtmPA1PBXSAEGQECAAYFAlWpQPQACgkQHGnE5V6ZBdsvxQ/6A62ZteN0b/TV
fSJ51SdG66amwe2rpRX4UdSw7ifxo3qhgEICQmXR5c09qXwl17MFJWM3FhGrbxnA
5KGgeWGtqrPup4QZPKU+l2Ea2QLSJSiBq5QqqEgZvR14Lhr/hCGhBAq9s/xbp8fb
KNJj/uWiZ+uTPbt5T5rgKJ4+g3B6DNO1rH7F70OLrd32mxZs4pSxngHRAyiMPB59
yQVDsVMha0JTqC+P96itUzvnInc/9mwE0EMiBtpDTkoBwbJVPnuv+7FjkOLn5s5u
3RLH9fe8z1xnV0fPC0/ndrlNiuBpAn3zVCsWasvW18Vz8K+CQY8Sw0Jw75edBgFo
z2QMFxHfDpMJefvMadB7mdte1lKk/Im9KFFH8Idh9b6zD0a/+Ooujukx6QpFfAVh
e2sT2CIm2nmMAuAZI2cCt7SC+REn9n9MSuIWxN8YTE3qgAUB6F3ea0O0hGlLl+z5
UOfX0bNAs+ebx/P6PczJtDzeqpmRb0QXqo55JWXLvmXT/fgjF7fNTTLsyCtV+xH6
ZFKGpvGJGJMHApEbz2a0hy12RZH58eI1ueN3Tzn8nI57+oYSsqFw/QgcdGXDonLG
JsPVzIpQRg92/GXSukWF+MsCjVOilHRSY1wfPPmJ7+kMQ4rdXpjAhwNYJc1ff5N+
omCxCKoFgYsCXlFCHFKs4JwRbTdd3MkuqBAAlBlIjym8NyJIBltfWckuhQTX4BiB
ltGPNga9CpQsml519EePuLtoe5H0fTUp4UYbL0ZzyJImQE2uw/hMNZ36bA057YtH
OoP4FcPUwv6wsl5JC87UR1XFhAXb5xSU0qdi3hWh0hm772X6CBlM8lM6GtT/fDZk
SGNXMQaIs1X/O9vf8wGg+HwLJcaCvybI4w7w1K0R7WjWZlJXutCZf8hRc0d88W/q
SZYooKD9q2S7foqaJhySIaF11sH5ETvVP3oCfGVIVhKWb0Tp2jXPXlXLeRAQA8S+
4B1o5XHiM+J3SNXhPQHRGQ3VGcDn45itg3F4xQX2Qvo4SV42NMYd6TykM/dIfQyJ
DOVg3CT3+nqfjCknf94SNvyZprHEPmpcDeseoPMw8kjKNwDwPXFLxBRntPgnqVXD
cNN41OH2kqx4jF7FLlRmwNpB2mFVH8xeVuRm7h2WZRsaEoqvivhzRtESVA2um5Eg
763CVTcNYlK6MD/iy8JzbMuZBrlOHr58HKDdcOy1W0z2quESGoqrwA995IgPav/1
DSpyuJPNc/oUTWlhpYshqYKoflezAyKj30+UzC3R/mY03ri6zUvCgXHNgZlKUsM3
VEXk6h5oDuaXniHLLzuxjTBVrILnGYgHSFRP80L/knz+o4Uvq4wj7NHnruc5fP1f
oFxRNsMt40yRJfW5Ag0EWUvZtQEQAL4dTYeBoI6UxWcu7kERc+Tz13WUwSPmOIU6
RdoXqBc2QyOki8s+uDqIJbpt2YJUPWnPgoU0rDt+msOG9tpAjPVg5pHJe8H9tXxv
aPICQ1YxYw1m8E1kRGio4EurP2G/H/YI3vwRskqI8cp04t88k1DfeKvXYVY34kO/
VM12XTfRcsiMdmDubTqNPYU1kmYNeqMT+OzI9QE2kulCK0DHDJzqdJLnOkrn1z0l
rFAPoNpVtHZh4D7yB8FH3I1qk9npRdNXvSjhXu4ptvRuszktjEcfHK+ikYP3jVqR
4eWiOKrkVIWJOCsOKIUE27PXndGLbUuDzCvrKusR6W9vF+mYK1p3pT2PYX8HEeJu
zrd1UFBvCWPf2k5RQqHk4JIaKfjAlCPnSXmPHXqSGtD083RJhFkbz4U07/glHWer
+M+Sw+hYT/v+XOhQm3CG/PUaeX2ud6GFefymX/tA1FYJqVxVOye2axoA3lO7yM5s
K/JHMdL7bFZtXVcGCwAqU2mkD2yEkFAzPLBHKigKg+4VimsTbG9jPOS+qtv65x6u
IOOsic3Ud2/BB/lfbvplIvQyJYw8HKb8O0XkUPcD3Q1i8p54JSHhiJm42H699uMm
iJeLzTkQJG7KApEv6nOb+jLyr2DZXuX82/UvZAmzWZg/XOf2xz44/RDXkL865dqR
YenXNaOXABEBAAGJBHIEGAEIACYWIQQU8maC0JFs3YHje21ht7Um2Y8DUwUCWUvZ
tQIbAgUJA8JnAAJACRBht7Um2Y8DU8F0IAQZAQgAHRYhBNzqxdlhNbkcTqZyq7u+
vbskxvNVBQJZS9m1AAoJELu+vbskxvNVBVMP/21uU+8NpPLpBn6SHJtIAffFYMSn
p0gplOjfiItA8HDbc1vqZlVpdk2xyFw6b7g+vTg1gQzF7uoAZK1czRLCt7ocxntL
VgPuSO1ZHt4hJG5Ze1UUJSDq8Pp+TTL43rg6irDLdYDBBHYESnXWAKRAIuPb1e15
6pAdpSynwJ3+qPyqj5vDLkPrtMWGp7qWQpXcHaXMea8m4+/RLNIjvRof/t6jrUer
mzs91Z+/C3N8ugD/aZrXTiNkF/H6BiuITZoB0j+rjy4fxEQvTYq9C3NoaBIRxJEP
ApxGnHKe9K9N1ZBELjCUCT1MkbBmf4CJtEgJvSScVh1yZNv+TVDfN6RwF9CwOM8b
VrOH1VuX/L/XiIRRT02eGrvv3EvQ+BhceJpWN+GsHKQM658trZ7RhHo2PR0ib+D7
hWQprcktqutTfRFPMrgcFTPXKeR57cxvjk+B2LoLSOom3oTNEtUaMuBE8E/jbONX
34QsHWDKfLc3XpLEN+bO65AfTiR4/qtnZBmldBUG9xbrW0qcWz+M5P3S6ssbor3V
DxxrX+Fv6pJccwlgYNFQxQOz8GrZhF0cU48e+0XpU2NFeyueHQ8lb9yYdvhc7mkG
c87iIb+ILah57Wqi52Jd4f0DS2zkxN6ab5/UVEkffNwXfjN0IW28Ga4BtZvoXVGV
Jo4vsGytMFdMRzRB/uAQAI21c3TTrO4TL42NcFQ0RY7yAlaKzXTXVNxC8v/QQKIs
DrNvs4w15rF/t2LXc8Cr3aUNuDtE7x+FaNwZLypCe+RFOy66AG2ENuNt5tTGN3mg
bJZl+01Cd1xPpOzmRfAJnH7YD+J4QuCEEgraAXPfp3MhjeHWtQaWDu29fbTtPx0k
/Bh0qxHFPWxhnYpktnjZEoMmwPMBeitCvcr66UzUmezgVZc0HxJ/LO9Bss7P3egv
60wPnXn579wDGnIriDUhHRcn2KuMI7eT4pL4HHjAAJB/8+vcUzYPuqtxULf5ciu8
V+ajzHtqBcgwNR/gm/7i+4qKPo14fYBftH5PDj9iD88WIQX7paVbYHJZjrmnpM2i
niL/DRVuxqAPToIc4hMXj8YPeTqS/1ckOzyYgFI9aRaLxZOR0uno1WTRBifwOcy3
NTwSHK/6YbtJbqoVwISJrGUuvOfBlkJZVlCzVsPG1+QZaPAL3HxVXavYgCu2hze4
OOWUe2Xuqihw8hb+F1rhP64/QtpjPxgLLb1NIBpm6OgdZjRjCbl9xnd3RvH6hYxO
+zgdn3icn2fFHhdZ7xtYcZZrg9QOXuv6LDvVe5I4VyszNs0jtdcx0P+T5VIrKFAY
yf0CCuL/UQTRrW0SrKOV/RZHuvdpVYK3YIAyd49kKjLk6O9awFQy7cXq3PhjatBi
uQINBFzwOeoBEACt8eaLW7jX3n5tQQ+ICeGOBIVbzAnXlH9bjdTqollM+iiwkdlB
NNEGku7+uQ9dTofem6cbSUXuh5kJNLy5tUIG4oGZLvpAjLdHP8zslgTglQymoWSb
v2ss4pq8xoDbp6E51dkowkyFSuELZKMFHgPiJbfYXxQmbwEiFhGs4+21lwtI4tVO
9zs1XbzJD9XtomxkcYaePeBxpI9JnrWIUKt70JPZi/QcxPMG2si/YitnCVamcVw8
Wri+W7MAJW3SyNjJUqx/cIOib8vdZVxvdWRIZmdkWkFO6vv4IotEBCflt6cD0EIy
3Ijn3nDDf59v7wpdWXidjzVjKF0F8jUiX6S/ZuEz4lvdotpCgJGhDmdi4pVCYbmS
hKbffgcSJ/BWn4wCOHKPA+XB75zzPj17dcWR8D9GM/sgusJy2fbHDcOdADPynKW3
Ok1CENJDx7DTDwm2fPRMut4utSL1FMSl7zBDRabcPr1nw+zERjmSjm3R91ayrQ9U
KlP/4P8Xkhjc3FFWrRQ1Q7/SlkUmrTqSouQcOolGMa2ENNgqNeOY7oE5xnPs64TL
AzQ9z66u0dHTMODAS1A6C0l66LrPVYGoQLDkM7WQn7zznFdnKR2nsPOUi0mMdyrG
/62iARtNvuF4xdsUAoCKti3wOsXRuUhiXei4N4qdr8IaIEIFgYEKKtaqzwARAQAB
iQRyBBgBCgAmFiEEFPJmgtCRbN2B43ttYbe1JtmPA1MFAlzwOeoCGwIFCQPCZwAC
QAkQYbe1JtmPA1PBdCAEGQEKAB0WIQQJezEwd65ioC+E2k3xpmaPu31XLgUCXPA5
6gAKCRDxpmaPu31XLopQEACKv8mYt4aMc0oA25UJXMRig2lXJDqOZBUSvFFm8t6X
gdG0zFdzFo4gqpje68kNyt9duhvOMsVwkzUr+5Di7FccvgwceU3X5ngWpnV/GcXg
79m5viipWUdBRoyZ90oi4D5K6fhlmszmWyiD7KDrjdtIdGnjAuprztkc/JBlIwlm
u/40JyDR5Dfxp256DlzsJ/HH8LbdjJG/F0XvtZUwcHefa7mDXtIWszsMoJnEoLzO
kZvJ13rhJcTHVQImClyS3o9+Pk6DTfy4Ad0w+9nF0rZp+8/GXZGilfn/NXMj0elY
u5WiyCBqargRkrHpebNKW9jxRca02aDS2Yrf8dlseO1d9FXZPOBWIxDRG++TqRhB
K8FUW00DikRDrrV5RsIiXtgtRqH+hwknE33i8m8/KKC5/pUl3Af5f+vMKsT3s1mM
X2zA+NmLUxJCXLz70WqLoShI8QEj+RLk9yuk97bo7KoNSv6xNwXotJKzp08VAnVN
X/QddmV6Z7SnocEs+S6Z0L69sEffMgUaCkH09mIt1yu0DaeOl7fM2iD3VcO6jJ94
Dg8olkhBgrZERe3sXR2fciFtsqHxYc9zP7YyL7vPbUQ8BogxEfIQZPGdpnG5pTM0
NSX/mgkOWI2VJFDe/rOFTdTk+8mKVnFdaUfHA48qIeS0V0zMLd4OZkrYlW3iKvZp
s6IAEACauiivWdvKvJgKMyi3fvicXn4qL8nV1X6lmOBqDn4bb0N0mtpiqXfvG950
+29rcCJSj6qSMVj8ZHuwVktrEoWX6lpJbWwEdUh+35DnjfGOYN8gW8bx0CfyqEx5
0W++DK5Wj+L+DL7jgJ/l7dMKxLdjijkg+v4yI516nzRbrx3x77U8n+H1V9bHrDfS
cESnr3PtWS4ze4yDrr9Xp+YK8A7RkIctH2ToyEixin8utvfa56dGpUai7gIRZ+0b
tWY0FX6g/VRHwwhLIzTsaFveQGuzFbXaGkOhRASitKtbQo2fD39qAMixkKOctN9A
/nA3dZU8BlJj7258+P36jQDOilr2Y7RlTSTZS5aXeAPbwILwKCNcDjV0keerGSqi
V2zkiH0vAJcxVokn+iMj6VOaM1RyxskgFara0Vt3IuAjnirES/OVuIkhgpebmGXB
PcHqLWpFDtEdLv6YtOwScE0eYb5/SA3XsmK3qgzEAzBfchwl4PqAhiQAf/tbx5Eg
AUbFmwhEcgd9xMY5w6+8/5FjoXwHYmdfjKT9iD7QxF3LnymskoKQQGWBHiwJjaA8
LYPpopUg9we00zNdSGNXv1Lau9AM//ATiusH8iLJj33ofQh6FviQG6W3TlLPqx/o
IxxNj5bPAQy6dRKB1TxlWr4X0pUWxuqBeObPoHS9j0ysxKPru7kCDQRkVUBzARAA
1cD3n5ue0sCcZmqX2FbtIFRsk39rlGkvuxYABsWBTzr0RbRW7h46VzWbOcU5ZmbJ
rp/bhgkSYRR3drmzT63yUZ62dnww6e5LJjGSt19zzcber9BHELjqKqfAfLNsuZ7Z
Q5p78c6uiJhe8WpbWogbspxJ20duraLGmK4Kl23fa3tF0Gng1RLhoFcSVK/WtDZy
C+elPKpch1Sru6sw/r8ktfuhNIRGxdbj/lFHNVOzCXb3MTAqpIynNGMocFFnqWLZ
LtItphHxPUqVr6LKvc3i3aMlC6IvLNg0Nu8O088Hg3Ah9tRmXKOshLjYjPeXqM9e
dqoWWqpzxDTNl6JlFMwP+OacMKsyX7Wq+ZXC/o3ygC/oclYUKtiuoGg47fSCN2GS
3V2GX2zFlT6SEvEQQb2g5yISLX9Q/g9AyJdqtfaLe4Fv6vM4P1xhOUDnjmdoulm3
FGkC701ZF7eFhMSRUM9QhkGH6Yz2TvS4ht6Whg7aVt4ErIoJfj9jzJOp6k9vna5L
mgkj8l19NTiUQ7gk98H3wW4mRrINxZ2yQD47V/LJ+tUamJc5ac+I0VP7c15xmKEJ
2rfGCGhiSWQwZZw7Y2/qoADSBlI28RlBTuRP2i6AdwyJU+75CzxGzMpr/wBLhZT+
fNRV4HHd5dgR3YxajpkzZ6wXL2aaJhznFEmLBLokOwMAEQEAAYkEcgQYAQoAJhYh
BBTyZoLQkWzdgeN7bWG3tSbZjwNTBQJkVUBzAhsCBQkDwmcAAkAJEGG3tSbZjwNT
wXQgBBkBCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmRVQHMACgkQ4207E/PZ
MnRgdg/+LAha8Vh1SIVpXzUHVdx81kPyxBSaXtOtbBw6u9EiPW+xCUiF/pyn7H1l
u+hAodeNFADsXmmONKcBjURVfwO81s60gLKYBXxpcLLQXrfNOLrYMnokr5FfuI3z
Z0AoSnEoS9ufnf/7spjba8RldV1q2krdw1KtbiLq3D8v4E3qRfx5SqCA+eJSavaA
h3aBi6lvRlUSZmz8RWwq6gP9Z4BiTTyFp5jQv1ZKJb5OJ+44A0pS+RvGDRq/bAAU
QULLIJVOhiTM74sb/BPmeRYUS++ee10IFW4bsrKJonCoSQTXQexOpH6AAFXeZDak
JfyjTxnl3+AtA4VEp1UJIm0Ywe0h6lT0isSJPVp3RFZRPjq0g+/VniBsvYhLE/70
ph9ImU4HXdNumZVqXqawmIDRwv7NbYjpQ8QnzcP3vJ5XQ4/bNU/xWd1eM2gdpbXI
9B46ER7fQcIJRNrawbEbfzuHy5nINAzrznsg+fAC76w2Omrn547QiY2ey7jy7k79
tlCXGXWAt9ikkJ95BCLsOu5OTxPi4/UUS2en1yDbx5ej7Hh79oEZxzubW1+v5O1+
tXgMOWd6ZgXwquq50vs+X4mi7BKE2b1Mi6Zq2Y+Kw7dAEbYYzhsSA+SRPu5vrJgL
TNQmGxxbrSA+lCUvQ8dPywXz00vKiQwI9uRqtK0LX1BLuHKIhg4OgxAAnmFSZgu7
wIsE2kBYwabCSIFJZzHu0lgtRyYrY8Xh7Pg+V9slIiMGG4SIyq5eUfmU8bXjc4vQ
kE6KHxsbbzN6gFVLX1KDjxRKh+/nG/RDtfw/ic7iiXZfgkEqzIVgIrtlDb/DK6ZD
MeABnJcZZTJMAC4lWpJGgmnZxfAIGmtcUOA0CKGT43suyYET7L7HXd0TM+cJRnbE
b7m8OexT9Xqqwezfqoi1MGH2g8lRKQE4Z2eEFvCiuJnCw547wtpJWEQrGw1eqL3A
S8Y051YqblbXLbgf5Oa49yo630ehq9OxoLd7+GdWwYBlr/0EzPUWezhdIKKvh1RO
+FQGAlzYJ6Pq7BPwvu3dC3YYdN3Ax/8dj5036Y+mHgDsnmlUk8dlziJ0O3h1fke/
W81ABx4ASBktXAf1IweRbbxqW8OgMhG6xHTeiEjjav7SmlD0XVOxjhI+qBoNPovW
lChqONxablBkuh0Jd6kdNiaSEM9cd60kK3GT/dBMyv0yVhhLci6HQZ+Mf4cbn0Kt
ayzuQLOcdRCN3FF/JNQH3v6LA1MdRfmJlgC4UdiepBb1uCgtVIPizRuXWDjyjzeP
ZRN/AqaUbEoNBHhIz0nKhQGDbst4ugIzJWIX+6UokwPC3jvJqQQttccjAy6kXBmx
fxyRMB5BEeLY0+qVPyvOxpXEGnlSHYmdIS4=
=ZEQW
-----END PGP PUBLIC KEY BLOCK-----

The post Updated GPG key for signing Firefox Releases appeared first on Mozilla Security Blog.

Mozilla L10NL10n Report: May 2023 Edition

Please note some of the information provided in this report may be subject to change as we are sometimes sharing information about projects that are still in early stages and are not final yet. 

Welcome!

New localizers

Are you a locale leader and want us to include new members in our upcoming reports? Contact us!

We also want to welcome Ayanaa Rahman to the localization team. She’s joining us for an internship as a backend software engineer, and you’ll see her active primarily around Pontoon. Here’s a few words from her:

Hi all, I’m Ayanaa Rahman. I recently completed my third year studying Computer Science at the University of Toronto. I have also worked at financial institutions in both the US & Canada as a Software Developer intern, focusing on automation and big data.

Born into an immigrant family and raised in the multicultural city of Toronto, I’ve been exposed to multiple languages and cultures throughout my life. This experience has highlighted the importance of effective communication across different languages, particularly to enhance people’s digital experiences. I am eager to leverage my background and skills to make a meaningful contribution to the Mozilla community.

New content and projects

What’s new or coming up in Firefox desktop

Firefox 113, shipping to release users on May 9, is going to include a new locale: Tajik (tg). Huge thanks to Victor Ibragimov, the locale manager, and all other community members for achieving such an impressive result. Victor has been amazing over the last months, both online and offline, in finding resources and promoting the Tajik language.

In terms of new features, developers are currently working on the workflow to import data from other browsers, and we expect an overall increase in the number of strings around messaging and onboarding. Keep an eye out on notifications in Pontoon for updated testing instructions.

Fonts and fingerprinting

Firefox developers are working on reducing the ability for websites to track users based on their browser “fingerprint”, and fonts are one of the characteristics that bad actors can use to uniquely identify your browser.

By restricting access to only fonts pre-installed with the operating system, this form of fingerprinting becomes much less effective. The challenge is that it could impair the experience for users that access content in other languages, as they might rely on fonts installed through other systems (e.g. OS language packs).

Given how large the number of possible scenarios is, the team working on this feature needs help from the localization community to ensure user experience is not degraded. This document contains detailed information about the feature, how to test it and how to report errors.

What’s new or coming up in mobile

Things have been moving quite a bit in mobile land since our last report in January – especially with the past couple of versions leading up to the next v114 (in Nightly right now) – which all feature some notable updates.

A reminder that the last day to get translations in for version 114 is May 28 (all strings for this version should have landed by May 5th approximately).

One thing you may have noticed are the experiments going on these days both in Firefox desktop and mobile (often labeled as “Nimbus” in localization comments and string IDs). For mobile, we have been playing around with onboarding cards, as we suggest new users to change their default mobile browsers to Firefox.

Other notable updates are:

  • Users can now choose whether to be asked every time they open a link that would open in another app
  • Websites that use window.print() can now be printed in Firefox for Android
  • Improvements to Credit Card Autofill
  • Cookie Banner Reduction/Blocking: this new feature aims at providing users a seamless browsing experience by drastically minimizing cookie banner annoyance while also delivering the most private and secure option to handling the cookie banners

Now on to some community highlights: on mobile, Tajik (tg) has recently shipped at 100% complete translation on Focus for Android browser, making it the third browser available to Tajik speakers: Firefox for desktop, Firefox for Android, and now Focus for Android. As mentioned previously in this newsletter, congratulations to Victor and his team for sustaining this work – and the community – across the board! We look forward to the local initiatives taking place in Tajikistan in the near future, expanding the open, free and accessible internet in the region.

Amharic (am) has also recently shipped entirely localized versions of Firefox for Android, Focus for Android and Focus for iOS. Congratulations to the team who has worked relentlessly on keeping these projects up to date as well as growing the community.

Sardinian (sc) also recently initiated and completed Firefox for Android localization, as an ongoing effort in their existing projects. And Persian (fa) locale has been ramping up with projects thanks to locale manager Reza and fellow translator MSKF.

We want to take the opportunity to remind folks that Firefox for Android has an in-app language switcher, which works independently from the native Android OS language options. It generally supports a larger set of languages than the Android system language settings does. Head over to your Firefox for Android “Settings > Language” to discover 100+ languages available. (Taking the opportunity to note that a language switcher also exists within the Mozilla VPN settings, which seems to be a feature overlooked by many).

What’s new or coming up in web projects

Relay Website

As you may have noticed, the app.ftl file is no longer in Pontoon. In place are multiple, feature oriented files. The goal is to make each file more modular so it gives more context where strings land in the product. And it also offers flexibility to provide regional specific strings. There will be a few more of these efforts in the future. If the strings were localized prior to the migration, they are already moved to the new file, including contribution history. No need to go in to retranslate them. If there are untranslated strings, they are brand new strings.

Mozilla.org

This is a heads-up. A few pages from the Relay Website project will be migrated to mozilla.org. Pages to be migrated include faq.ftl and landing.ftl. Like the previous migrations, the Pontoon team will do their best to preserve the work you did, including attributes to each of the localized strings,  approved or pending for review.  For locales that have not localized the Relay product, you will see an increase in untranslated strings. You can prioritize these sets of files against others.

The migration is scheduled to be complete before the next l10n report. The purpose of this migration is for better search ranking. A link to the Relay pages will be added to the navigation bar.

Firefox Accounts

The Firefox accounts team are undergoing work to improve the user experience around account authentication and data recovery. Some changes are already in progress, and going forward you should see more strings related to two factor authentication, account recovery, password resets, and more. Many of these changes can be viewed before changes go to staging or production by checking Storybooks which can show English strings in context. The link to Storybooks can be found under the resources section of Firefox Accounts within Pontoon.

What’s new or coming up in SUMO

  • Check out the SUMO Sprint wikipage for Firefox 113 to learn more about how you can help with this release.
  • Watch the recording of our community call in March if you haven’t already to learn more about SUI (Simplified User Interface) screenshot that Lucas shared.
  • It’s also highly recommended to watch our community call in April to catch up on the result of the contributor survey we’ve done in Q1.
  • If you’re a Social Support or Mobile Store Support contributor, make sure to watch the contributor forum to get updates about queue stats every week. Kiki will post the update by the end of the week to make sure that you’re updated. Here’s the latest one from last week.
  • You can now learn more about Kitsune releases by following this Discourse topic.

What’s new or coming up in Pontoon

Pretranslation

We have successfully completed the Alpha testing phase of the Pretranslation feature with the Italian and Slovenian locale. The results[1], especially when accounting for the bugs fixed during the testing period, were quite promising:

  • 65.10% pretranslated strings were approved without changes.
  • 94.61% were manually reviewed as “usable”.
  • The average chrF++ score was 92.97

Between April and June 2023, Pontoon Pretranslation feature will be in the Beta testing phase with a total of 9 participating locales. In case of a success, we expect to make the feature available to more locales soon after. Stay tuned!

[1] Data has been revised after this post was first published. During the Beta testing we discovered an error in the way data was calculated, and applied the same fixes to the data collected during Alpha testing.

New contributions

Thanks to our army of awesome contributors for recent improvements to our codebase:

  • Willian, who joined the project last year, landed 10 additional patches(!) recently, including making the All contributions view the new default view on the Profile page.
  • Ivan added support for reading project configurations from the repository. (Ivan, sorry it took forever to review it!)
  • Uriel added support for implicit TLS emails.

Newly published localizer facing documentation

We have neglected our Pontoon documentation for a long time, and unfortunately it shows. We’re actively working on updating it, and we plan to wrap this project by the end of June.

Events

Localization “Fireside Chat”: come join us on Wednesday May 10, at 9am PT, where we will answer any questions you may have concerning updates contained in this localization report. This is the first time the localization-drivers try out this type of event, and we will accommodate for more timezones in the next iteration. It will take place on AirMozilla, and is open to anyone interested.

In the meantime you can check out our blog and visit past reports here.

Stay tuned on Discourse or in our Matrix channel for more info coming out soon!

Start asking questions here (or in this pad). You can also drop questions in the comments section of this blog post. Note that during the event, you will be able to ask more questions on our Matrix channel, and we will address them live if time permits.

Want to showcase an event coming up that your community is participating in? Contact us and we’ll include it.

Friends of the Lion

Image by Elio Qoshi

  • Thanks to all locale managers and translators who are helping us to test the Pretranslation feature in Pontoon. The locales currently involved are: cy, de, es-AR, fr, hu, id, it, sl, zh-TW. Your help, on top of what you’re doing every day to support Mozilla, is very much appreciated.
  • Kudos to Aderajew and Bantegize who single-handedly revived the Amharic community in a span of a few months! They completed the localization of a few mobile projects, and are making progress weekly on the mozilla.org project. Between the two of them, they split the tasks of what they each do best: localizing the products but also looking for new contributors, building up the community. Way to go!
  • Parvez and Abass led the effort in completing several high priority projects for Saraiki, including Firefox desktop, mobile products for Android, and mozilla.org.

Know someone in your l10n community who’s been doing a great job and should appear here? Contact us and we’ll make sure they get a shout-out!

Useful Links

Questions? Want to get involved?

If you want to get involved, or have any question about l10n, reach out to:

 

Did you enjoy reading this report? Let us know how we can improve it.

Blog of DataNever Look at the Data: Why did we start getting so many pings from Korea?

Something happened on January 5, 2023. All of a sudden we abruptly started receiving a number of pings from Firefox Desktop clients in Korea equal to two times the size of the entire Korean Firefox Desktop population.

What happened? How did we notice it? What did we do about it?

Let’s back up.

I can’t remember where I learned it, but I’d already started reciting as dogma in my first year of University: “The most important part about any feature is the ability to turn it off”. It’s served me well through my studies and my career. I’ve also found it to be especially true for data collection systems where, for whatever reason, as a user you might decide you no longer want the software you’re using to continue to send data. In some places this is even enshrined in laws where you can request the deletion of data that has already been collected.

Law or not, Mozilla has before, does now, and will always make it easy for you to decide whether to send data to Mozilla. We may not understand why you make that choice, and it definitely will make it harder for us to ensure our products meet your needs, but we’ll respect the heck out of your choice in our processes and in our products.

This is why, when Mozilla’s data collection system Glean is told the user went from allowing data upload to forbidding it, we send one final “deletion-request” ping before shutting down. The “deletion-request” ping contains all the internal identifiers we’ve used to longitudinally group data (if we receive ten crash reports it’s important to know whether it’s the same Firefox crashing ten times or if it’s ten Firefoxes crashing once), and we use those identifiers to (well) identify what data we’ve collected that we’re now going to delete.

For the purposes of this story you’ll need to know that there’s two times when Glean notices the product’s gone from “data upload: on” to “data upload: off”: while Glean is running, and during Glean startup. If Glean’s running, then we just handle things – we were told the setting changed from “data upload: on” to “data upload: off” and away we go. But Glean knows that it isn’t always listening to the data upload setting, so if it it starts up with “data upload: off” and the last time it shut down we were “data upload: on” we’ll send a specific “at_init”-reason “deletion-request” ping.

We in the Data Org monitor how Glean is behaving. One thing we’ve learned about how Glean behaves is that the number of “deletion-request” pings is roughly constant over time. And the proportion of “deletion-request” pings that have the “at_init” reason should remain a fairly fixed one.

What shouldn’t happen is for Firefox Desktop-sent “at_init”-reason “deletion-request” pings to spike like this on January 5:

 

time-series plot of ping volumes from December 2022 until mid-January 2023 showing abnormal abrupt increases in volume starting on January 5.

 

What we do when we notice things like this is file a bug. As the one responsible for Glean’s integration in Firefox Desktop, and as someone with a long history of looking into anomalies, I took a look. At this initial point I was pretty sure it’d be a single actor (a single user, a single company, a single internet cafe) doing something odd… but alas, the evidence was inconclusive:

Evidence consistent with a single actor being responsible for it all:

  • All the pings were coming from the same internet provider. Korea Telecom is responsible for a bare majority of Firefox Desktop data delivery from Korea, but the spikes were entirely from that ISP.
  • The Mozilla Community in Korea could offer no explanation of any wide-spread computer or software event that matched the timeline.
  • “at_init”-reason “deletion-request” pings could be a result of automation changing the files on disk to read “data upload: off” between runs of Firefox Desktop.

Evidence inconsistent with a single actor being responsible for it all:

  • The data came from a mix of Firefox Desktop versions: versions 101.0.1, 104.0, and 108.0.2.
  • The data came from a range of different regions, more or less following the population density of Korea itself.
  • “at_init”-reason “deletion-request” pings could instead be the result of users changing the setting to “data upload: off” early enough during Firefox Desktop startup that Glean hasn’t yet been initialized.

Regardless of why it was happening, it quickly became more important that we learn what we needed to do about it. We spun up an Incident, which is how we organize ourselves when there’s something happening that requires cross-functional collaboration and isn’t getting better on its own. Once there we ascertained that we could respond very quickly and decisively and do

Nothing at all.

The volume of these pings vastly eclipsed any other “deletion-request” pings we would otherwise have received, so you’d be forgiven for thinking that it was terribly expensive to receive, store, and process them all. In reality, we batch these requests. And even before this spike, every batch of requests required editing every partition of every table. Adding another list of identifiers to delete equal in size to two times the peak Firefox Desktop population in Korea just doesn’t matter all that much.

The pressure was off. Even if it got worse… which it did:

Time-series plot of "deletion-request" pings isolated to just those from Korea. Spikes begin January 25 and dwarf other reports. A plateau begins March 26 and continues to the right edge of the plot around April 10.

 

On March 26, when it reached and maintained a peak of five times the volume of the Firefox Desktop population in Korea, it still wasn’t harming our data platform’s ability to serve business needs or costing us all that much in operational spend. We didn’t need to invest effort into running down the source, so we didn’t.

And so I just kept an occasional eye on it until, just as suddenly but not quite as abruptly as it began, on April 12 the ping volumes began to decrease. By April 18, we were back to normal levels.

Time-series plot of "deletion-request" pings isolated to just those from Korea. Very similar to the previous plot, but continues until April 18. Spikes begin January 25 and dwarf other reports. A plateau begins March 26 and stays up there until April 12 when falls away to nothing over the course of five days or so.

 

We had successfully ignored it until it went away.

So what happened to Korean Firefox Desktop users from Jan 5 to April 12, 2023? We never figured it out. If you know about something happening across those dates in Korea: please get in touch. As little as it needed solving for the sake of business needs, it still needs solving for the sake of my curiosity.

:chutten

(( This is a syndicated copy of the original post. ))

SUMO BlogWhat’s up with SUMO – Q1 2023

Hi everybody,

I know some of you have been asking about the monthly blog post since January. We’re back today, with a summary of what happened in the past 3 months. This will be our new cadence for this kind of post. So please look out for our next edition by early July.

I hope the past 3 months have treated you well. Time surely flies so fast. We’ve done a lot of internal research for the past 3 months, but in Q2, I promise you will see more of me all around our various community channels.

Welcome note and shout-outs

  • Welcome to Kim Jae Woo, Henry Green, Jason Hoyle, Ifeoma, Ray Vermey, Ashfaq, Hisham, Peter, Varun, and Théo. Thanks for joining the Social and Mobile Store Support program!
  • Shout-outs to Tim Maks, Christophe, for participating in FOSDEM 2023! Also to Paul for his continued support for Mozfest over the years. You are all amazing!
  • Thanks to everybody for your participation in the Mozilla Support 2023 contributor survey. Your input and feedback are greatly appreciated. #MozLove to you all!

If you know anyone that we should feature here, please contact Kiki, and we’ll make sure to add them in our next edition.

Community news

  • What happened at FOSDEM 2023? Check out this blog post!
  • Learn more about Mozilla.social initiative if you’re into the fediverse world.
  • Watch the recording of our community call in March if you haven’t already to learn more about SUI (Simplified User Interface) screenshot that Lucas shared.
  • It’s also highly recommended to watch our community call in April to catch up on the result of the contributor survey we’ve done in Q1.

Catch up

  • Watch the monthly community call if you haven’t. Learn more about what’s new in January, February and March! Reminder: Don’t hesitate to join the call in person if you can. We try our best to provide a safe space for everyone to contribute. You’re more than welcome to lurk in the call if you don’t feel comfortable turning on your video or speaking up. If you feel shy to ask questions during the meeting, feel free to add your questions on the contributor forum in advance, or put them in our Matrix channel, so we can answer them during the meeting.
  • If you’re an NDA’ed contributor, you can watch the recording of the Customer Experience weekly scrum meeting from AirMozilla to catch up with the latest product updates.
  • Consider subscribe to Firefox Daily Digest to get daily updates about Firefox from across different platforms.
  • Check out SUMO Engineering Board to see what the platform team is currently doing.

Community stats

KB

KB pageviews (*)

* KB pageviews number is a total of KB pageviews for /en-US/ only

Month Page views Vs previous month
Jan 2023 7,199,541 5.53%
Feb 2023 7,288,066 2.88%
Mar 2023 7,485,556 2.71%

Top 5 KB contributors in the last 90 days: 

KB Localization

Top 10 locales based on total page views

Locale Jan 2023 

pageviews (*)

Feb 2023 pageviews (*) Mar 2023 

pageviews (*)

Localization progress (per Apr, 17)(**)
de 11.51% 10.34% 10.59% 98%
fr 7.66% 6.81% 7.81% 89%
zh-CN 5.05% 6.64% 7.27% 96%
es 5.91% 5.67% 6.06% 25%
ja 4.22% 4.11% 4.13% 46%
ru 4.09% 3.98% 3.93% 100%
pt-BR 3.00% 2.84% 3.39% 52%
It 2.75% 2.79% 2.65% 99%
pl 2.47% 2.24% 2.25% 88%
zh-TW 0.61% 0.98% 1.47% 3%

* Locale pageviews is an overall pageviews from the given locale (KB and other pages)

** Localization progress is the percentage of localized article from all KB articles per locale

Top 5 localization contributors in the last 90 days: 

Forum Support

Forum stats

Month Total questions Answer rate within 72 hrs Solved rate within 72 hrs Forum helpfulness
Jan 2023 2,888 77.77% 10.28% 47.12%
Feb 2023 2,752 66.10% 9.30% 54.79%
Mar 2023 3,450 66.02% 8.19% 48.91%

Top 5 forum contributors in the last 90 days: 

Social Support

Channel Total tweets Total moderation by contributors Total reply by contributors
Jan 2023 314 125 42
Feb 2023 344 140 62
Mar 2023 404 171 55

Top 5 Social Support contributors in the past 3 months: 

  1. Tim Maks 
  2. Bithiah K
  3. Théo C
  4. Daniel López
  5. Peter Gallwas

Play Store Support

Channel Jan 2023
Total reviews Total moderation by contributors Total reply by contributors
Firefox for Android 5,710 250 90
Firefox Focus for Android 785 63 23

 

Channel Feb 2023
Total reviews Total moderation by contributors Total reply by contributors
Firefox for Android 5,025 173 46
Firefox Focus for Android 558 17 4

 

Channel Mar 2023
Total reviews Total moderation by contributors Total reply by contributors
Firefox for Android 5,741 270 69
Firefox Focus for Android 588 29 7

Top 5 Play Store contributors in the past 3 months: 

Product updates

To catch up on product releases update, please watch the recording of the Customer Experience scrum meeting from AirMozilla. You can also subscribe to the AirMozilla folder by clickling on the Subscribe button at the top right corner of the page to get notifications each time we add a new recording.

Useful links:

Open Policy & AdvocacyMozilla Meetups with CDT: Talking Tech Transparency

Join Mozilla and the Center for Democracy & Technology (CDT) for a conversation about Congress’ work on tech transparency. The event will feature keynote remarks from U.S. Congresswoman Lori Trahan followed by an expert panel discussion.

The panel and remarks will be immediately followed by a happy hour reception where drinks and light fare will be served.

Date and time: Wednesday, April 26th – event starts @ 4:00PM promptly (doors @ 3:45pm)
Location: Jackie, 79 Potomac Ave SE, Washington, DC 20003

Registration is closed.

The post Mozilla Meetups with CDT: Talking Tech Transparency appeared first on Open Policy & Advocacy.

SeaMonkeySeaMonkey 2.53.16 is out!

Hi All,

The SeaMonkey Project team is pleased to announce the immediate release of SeaMonkey 2.53.16.

Please check out [1] and/or [2] for further information on the release notes.

:ewong

[1] – https://www.seamonkey-project.org/releases/seamonkey2.53.16/

[2] – https://www.seamonkey-project.org/releases/2.53.16

hacks.mozilla.orgLetting users block injected third-party DLLs in Firefox

In Firefox 110, users now have the ability to control which third-party DLLs are allowed to load into Firefox processes.

Let’s talk about what this means and when it might be useful.

What is third-party DLL injection?

On Windows, third-party products have a variety of ways to inject their code into other running processes. This is done for a number of reasons; the most common is for antivirus software, but other uses include hardware drivers, screen readers, banking (in some countries) and, unfortunately, malware.

Having a DLL from a third-party product injected into a Firefox process is surprisingly common – according to our telemetry, over 70% of users on Windows have at least one such DLL! (to be clear, this means any DLL not digitally signed by Mozilla or part of the OS).

Most users are unaware when DLLs are injected into Firefox, as most of the time there’s no obvious indication this is happening, other than checking the about:third-party page.

Unfortunately, having DLLs injected into Firefox can lead to performance, security, or stability problems. This is for a number of reasons:

  • DLLs will often hook into internal Firefox functions, which are subject to change from release to release. We make no special effort to maintain the behavior of internal functions (of which there are thousands), so the publisher of the third-party product has to be diligent about testing with new versions of Firefox to avoid stability problems.
  • Firefox, being a web browser, loads and runs code from untrusted and potentially hostile websites. Knowing this, we go to a lot of effort to keep Firefox secure; see, for example, the Site Isolation Security Architecture and Improved Process Isolation. Third-party products may not have the same focus on security.
  • We run an extensive number of tests on Firefox, and third-party products may not test to that extent since they’re probably not designed to work specifically with Firefox.

Indeed, our data shows that just over 2% of all Firefox crash reports on Windows are in third-party code. This is despite the fact that Firefox already blocks a number of specific third-party DLLs that are known to cause a crash (see below for details).

This also undercounts crashes that are caused indirectly by third-party DLLs, since our metrics only look for third-party DLLs directly in the call stack. Additionally, third-party DLLs are a bit more likely to cause crashes at startup, which are much more serious for users.

Firefox has a third-party injection policy, and whenever possible we recommend third parties instead use extensions to integrate into Firefox, as this is officially supported and much more stable.

Why not block all DLL injection by default?

For maximum stability and performance, Firefox could try to block all third-party DLLs from being injected into its processes. However, this would break some useful products like screen readers that users want to be able to use with Firefox. This would also be technically challenging and it would probably be impossible to block every third-party DLL, especially third-party products that run with higher privilege than Firefox.

Since 2010, Mozilla has had the ability to block specific third-party DLLs for all Windows users of Firefox. We do this only as a last resort, after trying to communicate with the vendor to get the underlying issue fixed, and we tailor it as tightly as we can to make Firefox users stop crashing. (We have the ability to only block specific versions of the DLL and only in specific Firefox processes where it’s causing problems). This is a helpful tool, but we only consider using it if a particular third-party DLL is causing lots of crashes such that it shows up on our list of top crashes in Firefox.

Even if we know a third-party DLL can cause a crash in Firefox, there are times when the functionality that the DLL provides is essential to the user, and the user would not want us to block the DLL on their behalf. If the user’s bank or government requires some software to access their accounts or file their taxes, we wouldn’t be doing them any favors by blocking it, even if blocking it would make Firefox more stable.

Giving users the power to block injected DLLs

With Firefox 110, users can block third-party DLLs from being loaded into Firefox. This can be done on the about:third-party page, which already lists all loaded third-party modules. The about:third-party page also shows which third-party DLLs have been involved in previous Firefox crashes; along with the name of the publisher of the DLL, hopefully this will let users make an informed decision about whether or not to block a DLL. Here’s an example of a DLL that recently crashed Firefox; clicking the button with a dash on it will block it:

Screenshot of the about:third-party page showing a module named "CrashingInjectibleDll.dll" with a yellow triangle indicating it has recently caused a crash, and a button with a dash on it that can be used to block it from loading into Firefox.

Here’s what it looks like after blocking the DLL and restarting Firefox:

 Screenshot of the about:third-party page showing a module named "CrashingInjectibleDll.dll" with a yellow triangle indicating it has recently caused a crash, and a red button with an X on it indicating that it is blocked from loading into Firefox.

If blocking a DLL causes a problem, launching Firefox in Troubleshoot Mode will disable all third-party DLL blocking for that run of Firefox, and DLLs can be blocked or unblocked on the about:third-party page as usual.

How it works

Blocking DLLs from loading into a process is tricky business. In order to detect all DLLs loading into a Firefox process, the blocklist has to be set up very early during startup. For this purpose, we have the launcher process, which creates the main browser process in a suspended state. Then it sets up any sandboxing policies, loads the blocklist file from disk, and copies the entries into the browser process before starting that process.

The copying is done in an interesting way: the launcher process creates an OS-backed file mapping object with CreateFileMapping(), and, after populating that with blocklist entries, duplicates the handle and uses WriteProcessMemory() to write that handle value into the browser process. Ironically, WriteProcessMemory() is often used as a way for third-party DLLs to inject themselves into other processes; here we’re using it to set a variable at a known location, since the launcher process and the browser process are run from the same .exe file!

Because everything happens so early during startup, well before the Firefox profile is loaded, the list of blocked DLLs is stored per Windows user instead of per Firefox profile. Specifically, the file is in %AppData%\Mozilla\Firefox, and the filename has the format blocklist-{install hash}, where the install hash is a hash of the location on disk of Firefox. This is an easy way of keeping the blocklist separate for different Firefox installations.

Detecting and blocking DLLs from loading

To detect when a DLL is trying to load, Firefox uses a technique known as function interception or hooking. This modifies an existing function in memory so another function can be called before the existing function begins to execute. This can be useful for many reasons; it allows changing the function’s behavior even if the function wasn’t designed to allow changes. Microsoft Detours is a tool commonly used to intercept functions.

In Firefox’s case, the function we’re interested in is NtMapViewOfSection(), which gets called whenever a DLL loads. The goal is to get notified when this happens so we can check the blocklist and forbid a DLL from loading if it’s on the blocklist.

To do this, Firefox uses a homegrown function interceptor to intercept calls to NtMapViewOfSection() and return that the mapping failed if the DLL is on the blocklist. To do this, the interceptor tries two different techniques:

  • On the 32-bit x86 platform, some functions exported from a DLL will begin with a two-byte instruction that does nothing (mov edi, edi) and have five one-byte unused instructions before that. (either nop or int 3)  For example:
                  nop
                  nop
                  nop
                  nop
                  nop
    DLLFunction:  mov edi, edi
                  (actual function code starts here)
    

    If the interceptor detects that this is the case, it can replace the five bytes of unused instructions with a jmp to the address of the function to call instead. (since we’re on a 32-bit platform, we just need one byte to indicate a jump and four bytes for the address) So, this would look like

                 jmp <address of Firefox patched function>
    DLLFunction: jmp $-5 # encodes in two bytes: EB F9
                 (actual function code starts here)
    

    When the patched function wants to call the unpatched version of DLLFunction(), it simply jumps 2 bytes past the address of DLLFunction() to start the actual function code.

  • Otherwise, things get a bit more complicated. Let’s consider the x64 case. The instructions to jump to our patched function require 13 bytes: 10 bytes for loading the address into a register, and 3 bytes to jump to that register’s location. So the interceptor needs to move at least the first 13 bytes worth of instructions, plus enough to finish the last instruction if needed, to a trampoline function. (it’s known as a trampoline because typically code jumps there, which causes a few instructions to run, and then jumps out to the rest of the target function). Let’s look at a real example. Here’s a simple function that we’re going to intercept, first the C source (Godbolt compiler explorer link):
    int fn(int aX, int aY) {
        if (aX + 1 >= aY) {
            return aX * 3;
        }
        return aY + 5 - aX;
    }
    

    and the assembly, with corresponding raw instructions. Note that this was compiled with -O3, so it’s a little dense:

    fn(int,int):
       lea    eax,[rdi+0x1]   # 8d 47 01
       mov    ecx,esi         # 89 f1
       sub    ecx,edi         # 29 f9
       add    ecx,0x5         # 83 c1 05
       cmp    eax,esi         # 39 f0
       lea    eax,[rdi+rdi*2] # 8d 04 7f
       cmovl  eax,ecx         # 0f 4c c1
       ret                    # c3

    Now, counting 13 bytes from the beginning of fn() puts us in the middle of the lea eax,[rdi+rdi*2] instruction, so we’ll have to copy everything down to that point to the trampoline.

    The end result looks like this:

    fn(int,int) (address 0x100000000):
       # overwritten code
       mov     r11, 0x600000000 # 49 bb 00 00 00 00 06 00 00 00
       jmp     r11              # 41 ff e3
       # leftover bytes from the last instruction
       # so the addresses of everything stays the same
       # We could also fill these with nop’s or int 3’s,
       # since they won’t be executed
       .byte 04
       .byte 7f
       # rest of fn() starts here
       cmovl  eax,ecx         # 0f 4c c1
       ret                    # c3
       
    
    Trampoline (address 0x300000000):
       # First 13 bytes worth of instructions from fn()
       lea    eax,[rdi+0x1]   # 8d 47 01
       mov    ecx,esi         # 89 f1
       sub    ecx,edi         # 29 f9
       add    ecx,0x5         # 83 c1 05
       cmp    eax,esi         # 39 f0
       lea    eax,[rdi+rdi*2] # 8d 04 7f
       # Now jump past first 13 bytes of fn()
       jmp    [RIP+0x0]       # ff 25 00 00 00 00 
                              # implemented as jmp [RIP+0x0], then storing
                              # address to jump to directly after this
                              # instruction
       .qword 0x10000000f
    
    
    Firefox patched function (address 0x600000000):
            <whatever the patched function wants to do>

    If the Firefox patched function wants to call the unpatched fn(), the patcher has stored the address of the trampoline (0x300000000 in this example). In C++ code we encapsulate this in the FuncHook class, and the patched function can just call the trampoline with the same syntax as a normal function call.

    This whole setup is significantly more complicated than the first case; you can see that the patcher for the first case is only around 200 lines long while the patcher that handles this case is more than 1700 lines long! Some additional notes and complications:

    • Not all instructions that get moved to the trampoline can necessarily stay exactly the same. One example is jumping to a relative address that didn’t get moved to the trampoline – since the instruction has moved in memory, the patcher needs to replace this with an absolute jump. The patcher doesn’t handle every kind of x64 instruction (otherwise it would have to be much longer!), but we have automated tests to make sure we can successfully intercept the Windows functions that we know Firefox needs.
    • We specifically use r11 to load the address of the patched function into because according to the x64 calling convention, r11 is a volatile register that is not required to be preserved by the callee.
    • Since we use jmp to get from fn() to the patched function instead of ret, and similarly to get from the trampoline back into the main code of fn(), this keeps the code stack-neutral. So calling other functions and returning from fn() all work correctly with respect to the position of the stack.
    • If there are any jumps from later in fn() into the first 13 bytes, these will now be jumping into the middle of the jump to the patched function and bad things will almost certainly happen. Luckily this is very rare; most functions are doing function prologue operations in their beginning, so this isn’t a problem for the functions that Firefox intercepts.
    • Similarly, in some cases fn() has some data stored in the first 13 bytes that are used by later instructions, and moving this data to the trampoline will result in the later instructions getting the wrong data. We have run into this, and can work around it by using a shorter mov instruction if we can allocate space for a trampoline that’s within the first 2 GB of address space. This results in a 10 byte patch instead of a 13 byte patch, which in many cases is good enough to avoid problems.
    • Some other complications to quickly mention (not an exhaustive list!):
      • Firefox also has a way to do this interception across processes. Fun!
      • Trampolines are tricky for the Control Flow Guard security measure: since they are legitimate indirect call targets that do not exist at compile time, it requires special care to allow Firefox patched functions to call into them.
      • Trampolines also involve some more fixing up for exception handling, as we must provide unwind info for them.

If the DLL is on the blocklist, our patched version of NtMapViewOfSection() will return that the mapping fails, which causes the whole DLL load to fail. This will not work to block every kind of injection, but it does block most of them.

One added complication is that some DLLs will inject themselves by modifying firefox.exe’s Import Address Table, which is a list of external functions that firefox.exe calls into. If one of these functions fails to load, Windows will terminate the Firefox process. So if Firefox detects this sort of injection and wants to block the DLL, we will instead redirect the DLL’s DllMain() to a function that does nothing.

Final words

Principle 4 of the Mozilla Manifesto states that “Individuals’ security and privacy on the internet are fundamental and must not be treated as optional”, and we hope that this will give Firefox users the power to access the internet with more confidence. Instead of having to choose between uninstalling a useful third-party product and having stability problems with Firefox, now users have a third option of leaving the third-party product installed and blocking it from injecting into Firefox!

As this is a new feature, if you have problems with blocking third-party DLLs, please file a bug. If you have issues with a third-party product causing problems in Firefox, please don’t forget to file an issue with the vendor of that product – since you’re the user of that product, any report the vendor gets means more coming from you than it does coming from us!

More information

Special thanks to David Parks and Yannis Juglaret for reading and providing feedback on many drafts of this post and Toshihito Kikuchi for the initial prototype of the dynamic blocklist.

The post Letting users block injected third-party DLLs in Firefox appeared first on Mozilla Hacks - the Web developer blog.

Open Policy & AdvocacyOpen Fibre Data Standard: Understanding the True Extent of the Internet

As the value of being connected to the internet increases, the need to make internet access available and affordable to all citizens becomes ever more urgent.  But how many people actually have access to the internet? Statistics are often quoted about what percentage of the world has access to the internet but those numbers are inevitably fuzzy, relying on varying definitions of internet access and varying levels of reporting quality.  In order to understand the true extent of the internet, we need to start with the basics, the physical infrastructure that carries the internet around the world.

The first step in developing a solid foundation on which to understand the growth of the internet are terrestrial fibre optic networks, the high-capacity backbones that carry thousands of terabits of internet traffic every day across vast distances. Fibre optic networks are the “deep water ports” of the internet, offering orders of magnitude of greater communication capacity than any other access technology. Research has shown that just living close to a fibre optic network is positively correlated with higher employment levels.

But fibre networks come in all sorts of shapes and sizes, from underground to aerial, from a few fibre strands to hundreds, from old technology to new. We can’t map the full extent of the fibre optic network infrastructure underpinning the internet without a common framework for describing them. And that is where the Open Fibre Data Standard comes in.  It provides a common framework for describing terrestrial fibre optic infrastructure that can be used by operators, researchers, governments, and regulators.

Building on Open Data principles, Mozilla has partnered with the World Bank, the International Telecommunications Union, Mozilla Corporation, the Internet Society, Liquid Intelligent Technologies, CSquared, and Digital Council Africa to support the development of the Open Fibre Data Standard and to promote its adoption. Thanks to financial support from the World Bank, the Open Data Services Cooperative (ODSC), a consultancy with extensive experience and expertise in Open Data standard development, was contracted to provide technical assistance in the development of the standard.

The Open Fibre Data Standard has gone through extensive development and consultation.  Beginning with an Alpha and Beta release, it is now in release 0.2.  Mozilla staff will travel to Ghana, Kenya and India in March and April of 2023 to build technical capacity for operators and regulators in the implementation of the standard and to support participation in its further development.

The post Open Fibre Data Standard: Understanding the True Extent of the Internet appeared first on Open Policy & Advocacy.

hacks.mozilla.orgMozilla Launches Responsible AI Challenge

The last few months it has become clear that AI is no longer our future, but our present. Some of the most exciting ideas for the future of both the internet and the world involve AI solutions. This didn’t happen overnight, decades of work have gone into this moment. Mozilla has been working to make sure that the future of AI benefits humanity in the right ways by investing in the creation of trustworthy AI.

We want entrepreneurs and builders to join us in creating a future where AI is developed through this responsible lens. That’s why we are relaunching our Mozilla Builders program with the Responsible AI Challenge.

At Mozilla, we believe in AI: in its power, its commercial opportunity, and its potential to solve the world’s most challenging problems. But now is the moment to make sure that it is developed responsibly to serve society. 

If you want to build (or are already building) AI solutions that are ambitious but also ethical and holistic, the Mozilla Builder’s Responsible AI Challenge is for you. We will be inviting the top nominees to join a gathering of the brightest technologists, community leaders and ethicists working on trustworthy AI to help get your ideas off the ground. Participants will also have access to mentorship from some of the best minds in the industry, the ability to meet key contributors in this community, and an opportunity to win some funding for their project.

Mozilla will be investing $50,000 into the top applications and projects, with a grand prize of $25,000 for the first-place winner. 

Up for the challenge?

For more information, please visit the WEBSITE

Applications open on March 30, 2023.

The post Mozilla Launches Responsible AI Challenge appeared first on Mozilla Hacks - the Web developer blog.

SeaMonkeySeaMonkey 2.53.16 Beta 1 is out.

Hi All,

The SeaMonkey project team is pleased to announce the immediate release of SeaMonkey 2.53.16 Beta 1.  As it is a beta version, please do backup your profile.  That said, please checkout [1] and/or [2] for the release information.

[side note/thought here:  I had thought of using “SeaMonkey 2.53.16 Beta 1 is OUT!” or “SeaMonkey 2.53.16 Beta 1 is out!” but had thought that’d be shouting…  though I am exclaiming that it is out.  Looking at previous release messages,  I didn’t realize I had used the exclamation mark that much.  Didn’t really mean to shout rudely.  Was just exclaiming.  Just hard to properly exclaim in a message without sounding a bit rude…  anyway.. I digress.]

Best regards,

:ewong

[1] – https://www.seamonkey-project.org/releases/seamonkey2.53.16/

[2] – https://www.seamonkey-project.org/releases/2.53.16b1

 

Mozilla UXPeople do use Add to Home Screen

An iPhone in hand with the thumb near the Add to Home Screen item in the share menu.Last week Apple added a bunch of capabilities for web apps added to an iPhone or iPad home screen. This includes the ability for 3rd party browsers, like Firefox, to offer Add to Home Screen from the share menu and to open home screen bookmarks if it’s the default browser. I’d love to see us add this to our iOS app. It looks like a contributor did some investigation and this might be easy.

As I was reading about this news I saw that the commentary around it repeated an often heard assumption that says, as Jeremy Keith puts it, it’s a “fact that adding a website to the home screen remains such a hidden feature that even power users would be forgiven for not knowing about it.” No one ever seems to cite a study that shows this. I always see this written as if it is indeed a statement of fact. But it just so happens that recently we were testing some prototypes on iOS (unrelated to web apps) and we needed participants to add them their home screens. Of the ten people we talked to, four were familiar with this flow and had saved various things this way. When I mentioned this to others on the UX team a few shared similar stories.

So four of ten people in a user test – what does that tell us? It tells us that it’s something that at least some regular people do and that it’s not a hidden power user feature. More than that, it’s a good reminder to check your assumptions.

about:communityMeet us at FOSDEM 2023

Hello everyone,

It is that time of the year, and we are off to Brussels for  FOSDEM 2023!

FOSDEM is a central appointment for the Open Source community.

This is the first year the conference will be back in person and Mozilla will be there, with a stand on the conference floor and many interesting talks in our DevRoom.

We are all looking forward to meet-up in person with developers and Open Source enthusiasts from all over Europe (and beyond).

The event will take place on the 4th and 5th of February, including more than 700 talks and 60 stands.

If you are there, come to say hi to our stand or watch the streaming of our talks on the FOSDEM website!

Many mozillians that are going to FOSDEM will also be in this Matrix Room, so feel free to join and ask any questions.

 

The Mozilla Stand

 

Our stand will be in building K level 2 and will be managed by many enthusiastic Mozillians. Come pick up a sticker and chat all that is Mozilla, including Firefox, MDN, Hubs, digital policy, and many other projects.

 

Mozilla DevRoom – UA2.220 (Guillissen)

 

The Mozilla DevRoom will take place on Saturday between 15:00 and 19:00. If you cannot make it, all the talks will be streamed during the event (click on the event link to find the streaming link).

 

15:00 – 15:30

Understanding the energy use of Firefox. With less power comes more sustainability – Florian Quèze

 

15:30 – 16:00

What’s new with the Firefox Profiler. Power tracks, UI improvements, importers – Nazım Can Altınova

 

16:00 – 16:30

Over a decade of anti-tracking work at Mozilla – Vincent Tunru

 

16:30 – 17:00

The Digital Services Act 101. What is it and why should you care – Claire Pershan

 

17:00 – 17:30

Cache The World. Adventures in A11Y Performance – Benjamin De Kosnik, Morgan Reschenberg

 

17:30 – 18:00

Firefox Profiler beyond the web. Using Firefox Profiler to view Java profiling data – Johannes Bechberger

 

18:00 – 18:30

Localize your open source project with Pontoon – Matjaž Horvat

 

18:30 – 19:00

The Road to Intl.MessageFormat – Eemeli Aro

 

Other Mozilla Talks

 

But that’s not all. There will also be other Mozilla-related talks around FOSDEM such as

 

We look forward to seeing you all.

Community Programs Team

hacks.mozilla.orgAnnouncing Interop 2023

A key difference between the web and other platforms is that the web puts users in control: people are free to choose whichever browser best meets their needs, and use it with any website. This is interoperability: the ability to pick and choose components of a system as long as they adhere to common standards.

For Mozilla, interoperability based on standards is an essential element of what makes the web special and sets it apart from other, proprietary, platforms. Therefore it’s no surprise that maintaining this is a key part of our vision for the web.

However, interoperability doesn’t just happen. Even with precise and well-written standards it’s possible for implementations to have bugs or other deviations from the agreed-upon behavior. There is also a tension between the desire to add new features to the platform, and the effort required to go back and fix deficiencies in already shipping features.

Interoperability gaps can result in sites behaving differently across browsers, which generally creates problems for everyone. When site authors notice the difference, they have to spend time and energy working around it. When they don’t, users suffer the consequences. Therefore it’s no surprise that authors consider cross-browser differences to be one of the most significant frustrations when developing sites.

Clearly this is a problem that needs to be addressed at the source. One of the ways we’ve tried to tackle this problem is via web-platform-tests. This is a shared testsuite for the web platform that everyone can contribute to. This is run in the Firefox CI system, as well as those of other vendors. Whenever Gecko engineers implement a new feature, the new tests they write are contributed back upstream so that they’re available to everyone.

Having shared tests allows us to find out where platform implementations are different, and gives implementers a clear target to aim for. However, users’ needs are large, and as a result, the web platform is large. That means that simply trying to fix every known test failure doesn’t work: we need a way to prioritize and ensure that we strike a balance between fixing the most important bugs and shipping the most useful new features.

The Interop project is designed to help with this process, and enable vendors to focus their energies in the way that’s most helpful to the long term health of the web. Starting in 2022, the Interop project is a collaboration between Apple, Bocoup, Google, Igalia, Microsoft and Mozilla (and open to any organization implementing the web platform) to set a public metric to measure improvements to interoperability on the web.

Interop 2022 showed significant improvements in the interoperability of multiple platform features, along with several cross-browser investigations that looked into complex, under-specified, areas of the platform where interoperability has been difficult to achieve. Building on this, we’re pleased to announce Interop 2023, the next iteration of the Interop project.

Interop 2023

Like Interop 2022, Interop 2023 considers two kinds of platform improvement:

Focus areas cover parts of the platform where we already have a high quality specification and good test coverage in web-platform-tests. Therefore progress is measured by looking at the pass rate of those tests across implementations. “Active focus areas” are ones that contribute to this year’s scores, whereas “inactive” focus areas are ones from previous years where we don’t anticipate further improvement.

As well as calculating the test pass rate for each browser engine, we’re also computing the “Interop” score: how many tests are passed by all of Gecko, WebKit and Blink. This reflects our goal not just to improve one browser, but to make sure features work reliably across all browsers.

Investigations are for areas where we know interoperability is lacking, but can’t make progress just by passing existing tests. These could include legacy parts of the platform which shipped without a good specification or tests, or areas which are hard to test due to missing test infrastructure. Progress on these investigations is measured according to a set of mutually agreed goals.

Focus Areas

The complete list of focus areas can be seen in the Interop 2023 readme. This was the result of a consensus based process, with input from web authors, for example using the results of the State of CSS 2022 survey, and MDN “short surveys”. That process means you can have confidence that all the participants are committed to meaningful improvements this year.

Rather than looking at all the focus areas in detail, I’ll just call out some of the highlights.

CSS

Over the past several years CSS has added powerful new layout primitives — flexbox and grid, followed by subgrid — to allow sophisticated, easy to maintain, designs. These are features we’ve been driving & championing for many years, and which we were very pleased to see included in Interop 2022. They have been carried forward into Interop 2023, adding additional tests, reflecting the importance of ensuring that they’re totally dependable across implementations.

As well as older features, Interop 2023 also contains some new additions to CSS. Based on feedback from web developers we know that two of these in particular are widely anticipated: Container Queries and parent selectors via :has(). Both of these features are currently being implemented in Gecko; Container Queries are already available to try in prerelease versions of Firefox, and is expected to be released in Firefox 110 later this month, whilst :has() is under active development. We believe that including these new features in Interop 2023 will help ensure that they’re usable cross-browser as soon as they’re shipped.

Web Apps

Several of the features included in Interop 2023 are those that extend and enhance the capability of the platform; either allowing authors to achieve things that were previously impossible, or improving the ergonomics of building web applications.

The Web Components focus area is about ergonomics; components allow people to create and share interactive elements that encapsulate their behavior and integrate into native platform APIs. This is especially important for larger web applications, and success depends on the implementations being rock solid across all browsers.

Offscreen Canvas and Web Codecs are focus areas which are really about extending the capabilities of the platform; allowing rich video and graphics experiences which have previously been difficult to implement efficiently using web technology.

Compatibility

Unlike the other focus areas, Web Compatibility isn’t about a specific feature or specification. Instead the tests in this focus area have been written and selected on the basis of observed site breakage, for example from browser bug reports or via webcompat.com. The fact that these bugs are causing sites to break immediately makes them a very high priority for improving interoperability on the web.

Investigations

Unfortunately not all interoperability challenges can be simply defined in terms of a set of tests that need to be fixed. In some cases we need to do preliminary work to understand the problem, or to develop new infrastructure that will allow testing.

For 2023 we’re going to concentrate on two areas in which we know that our current test infrastructure is insufficient: mobile platforms and accessibility APIs.

Mobile browsing interaction modes often create web development and interoperability challenges that don’t occur on desktop. For example, the browser viewport is significantly more dynamic and complex on mobile, reflecting the limited screen size. Whilst browser vendors have ways to test their own mobile browsers, we lack shared infrastructure required to run mobile-specific tests in web-platform-tests and include the results in Interop metrics. The Mobile Testing investigation will look at plugging that gap.

Users who make use of assistive technology (e.g., screen readers) depend on parts of the platform that are currently difficult to test in a cross-browser fashion. The Accessibility Testing investigation aims to ensure that accessibility technologies are just as testable as other parts of the web technology stack and can be included in future rounds of Interop as focus areas.

Together these investigations reflect the importance of ensuring that the web works for everyone, irrespective of how they access it.

Dashboard

Interop 2023 Dashboard as of January 2023, showing an Interop score of 61, an Investigation Score of 0, and browser engine scores of 86 for Blink and WebKit and 74 for Gecko.

To follow progress on Inteop 2023, see the dashboard on wpt.fyi. This gives detailed scores for each focus area, as well as overall progress on Interop and the investigations.

Mozilla & Firefox

The Interop project is an important part of Mozilla’s vision for a safe & open web where users are in control, and can use any browser on any device. Working with other vendors to focus efforts towards improving cross-browser interoperability is a big part of making that vision a reality. We also know how important it is to lead through our products, and look forward to bringing these improvements to Firefox and into the hands of users.

Partner Announcements

The post Announcing Interop 2023 appeared first on Mozilla Hacks - the Web developer blog.

hacks.mozilla.orgInterop 2022: Outcomes

Last March we announced the Interop 2022 project, a collaboration between Apple, Bocoup, Google, Igalia, Microsoft, and Mozilla to improve the quality and consistency of their implementations of the web platform.

Now that it’s 2023 and we’re deep into preparations for the next iteration of Interop, it’s a good time to reflect on how the first year of Interop has gone.

Interop Wins

Happily, Interop 2022 appears to have been a big success. Every browser has made significant improvements to their test pass rates in the Interop focus areas, and now all browsers are scoring over 90%. A particular success can be seen in the Viewport Units focus area, which went from 0% pass rate in all browsers to 100% in all browsers in less than a year. This almost never happens with web platform features!

Looking at the release version of browsers — reflecting what actually ships to users — Firefox started the year with a score of around 60% in Firefox 95 and reached 90% in Firefox 108, which was released in December. This reflects a great deal of effort put into Gecko, both in adding new features and improving the quality of implementation of existing features like CSS containment, which jumped from 85% pass rate to 98% with the improvements that were part of Firefox 103.

One of the big new web-platform features in 2022 was Cascade Layers, which first shipped as part of Firefox 97 in February. This was swiftly followed by implementations shipping in Chrome 99 and Safari 15.4, again showing the power of Interop to rapidly drive a web platform feature from initial implementation to something production-quality and available across browsers.

Another big win that’s worth highlighting was the progress of all browsers to >95% on the “Web Compatibility” focus area. This focus area consisted of a small set of tests from already implemented features where browser differences were known to cause problems for users (e.g. through bug reports to webcompat.com). In an environment where it’s easy to fixate on the new, it’s very pleasing to see everyone come together to clean up these longstanding problems that broke sites in the wild.

Other new features that have shipped, or become interoperable, as part of Interop 2022 have been written about in retrospectives by Apple and Google. There’s a lot of work there to be proud of, and I’d suggest you check out their posts.

Investigations

Along with the “focus areas” based on counts of passing tests, Interop 2022 had three “investigations”, covering areas where there’s less clarity on what’s required to make the web interoperable, and progress can’t be characterized by a test pass rate.

The Viewport investigation resulted in multiple spec bugs being filed, as well as agreement with the CSSWG to start work on a Viewport Specification. We know that viewport-related differences are a common source of pain, particularly on mobile browsers; so this is very promising for future improvements in this area.

The Mouse and Pointer Events investigation collated a large number of browser differences in the handling of input events. A subset of these issues got tests and formed the basis for a proposed Interop 2023 focus area. There is clearly still more to be done to fix other input-related differences between implementations.

The Editing investigation tackled one of the most historically tricky areas of the platform, where it has long been assumed that complex tasks require the use of libraries that smooth over differences with bespoke handling of each browser engine. One thing that became apparent from this investigation is that IME input (used to input characters that can’t be directly typed on the keyboard) has behavioral differences for which we lack the infrastructure to write automated cross-browser tests. This Interop investigation looks set to catalyze future work in this area.

Next Steps

All the signs are that Interop 2022 was helpful in aligning implementations of the web and ensuring that users are able to retain a free choice of browser without running into compatibility problems. We plan to build on that success with the forthcoming launch of Interop 2023, which we hope will further push the state of the art for web developers and help web browser developers focus on the most important issues to ensure the future of a healthy open web.

The post Interop 2022: Outcomes appeared first on Mozilla Hacks - the Web developer blog.

Mozilla L10NL10n Report: January 2023 Edition

Please note some of the information provided in this report may be subject to change as we are sometimes sharing information about projects that are still in early stages and are not final yet. 

Welcome!

New localizers

Are you a locale leader and want us to include new members in our upcoming reports? Contact us!

New community/locales added

  • Punjabi from Pakistan (pa-pk) was recently added to Pontoon.

New content and projects

What’s new or coming up in Firefox desktop

Firefox 111, shipping to release users on March 14, is going to include two new locales: Friulian (fur) and Sardinian (sc). Congratulations to the team for this achievement, it’s been a long time since we added new locales to release (Firefox 91).

A new locale is also available in Nightly, Saraiki (skr). Unfortunately, it’s currently blocked by missing information in the Unicode (CLDR) database that prevents the layout from being correctly displayed with right-to-left direction. If you want to help them, feel free to reach out to the locale manager.

In terms of content, one major feature coming is Cookie Banner Reduction, which will allow users to automatically reject all cookies in cookie banner requests. Several strings already landed over the last weeks, but expect some changes and instructions on how to test the feature (and different variations of messages used for testing).

What’s new or coming up in mobile

Just as for Firefox desktop, the v111 release ships on March 14 for all mobile projects, and also contains strings for the new Cookie Banner Reduction feature (see section above). Stay tuned for more information around that.

What’s new or coming up in web projects

Mozilla.org

The site is going to go through some transformation this year. It involves restructuring such as removing pages with duplicate information, consolidating other pages, redesigning the site, and rewriting some copy. Having said that, the effort involves several cross functional teams to accomplish. Impact of these changes on localization is estimated to be in the second half of the year.

If your locales have some catching up to do, please continue working. Your work won’t go wasted as it will be stored in the translation memory in Pontoon. Speaking of such, congratulations to the Saraiki (skr) team for completing the project. The site was recently launched on production.

AMO

Strings related to tools for reviewer and admins have been removed from Pontoon. The features used to be available for vetted contributors plus Mozilla staff and contractors in the production environment, but now it’s no longer the case. Since the localized strings can’t be reviewed in context by localizers, the team has decided to separate the strings from landing in Pontoon. Currently the feature is partially localized if your locale has done some or all the work in the past.

Firefox Accounts

Behind the scenes, the Firefox Accounts team are in the process of refactoring a number of pages to use Fluent. This means we will see a number of strings reusing translations from older file formats with updated Fluent syntax. These strings are in the process of landing, but won’t be exposed until the rework is done, so it may be some time before strings can be reviewed in production.

Congratulations to Baurzhan of the Kazakh (kk) team for recently raising the completion rate of his locale from 30% to 100%. The Kazakh locale is already activated on staging and will soon be released to production.

What’s new or coming up in SUMO

  • What did SUMO accomplish in 2022? Check out our 2022 summary in this blog post.
  • Please join our discussion on how we would like to present ourselves in Mozilla.Social!
  • SUMO just redesigned our Contribute Page recently. Check out the news and the new page if you haven’t already!
  • The Android mobile team (Firefox for Android and Firefox Focus for Android) have decided to move to Bugzilla. If you’re a mobile contributor, make sure to direct users to the right place for bug report by referring them to this article.
  • Check out the SUMO Sprint for Firefox 109 to learn more about how you can help with this release.
  • Are you a KB or article localization contributor and experience issue with special characters when copying tags? Please chime in on the discussion thread or directly in the bug report (Thanks to Tim for filing that bug).
  • If you’re a Social Support or Mobile Store Support contributor, make sure to watch the contributor forum to get updates about queue stats every week. Kiki will post the update by the end of the week to make sure that you’re updated. Here’s the latest one from last week.

You can now learn more about Kitsune releases by following this Discourse topic.

What’s new or coming up in Pontoon

Changes to the Editor

Pontoon’s editor is undergoing improvements, thanks to some deeper data model changes. The “rich” editor is now able to work with messages with multiple selectors, with further improvements incoming as this work progresses.

As with all other aspects of Pontoon, please let us know if you’ve any comments on these changes as they are deployed.

Pretranslation

We started evaluating the Pretranslation feature on pontoon.mozilla.org. Testing is currently limited to 2 locales, but we’ll start adding more when we reach the satisfactory level of quality and stability.

New contributions

Thanks to our army of awesome contributors for recent improvements to our codebase:

  • Willian made his first contributions to Pontoon, including upgrading our legacy jQuery library.
  • Tomás fixed a bug in the local setup, which was also his first contribution.
  • Vishal fixed several bugs in the Pretranslation feature, which he developed a while ago.

Events

Want to showcase an event coming up that your community is participating in? Contact us and we’ll include it.

Friends of the Lion

Image by Elio Qoshi

Know someone in your l10n community who’s been doing a great job and should appear here? Contact us and we’ll make sure they get a shout-out!

Useful Links

Questions? Want to get involved?

If you want to get involved, or have any question about l10n, reach out to:

Did you enjoy reading this report? Let us know how we can improve it.

The Bugzilla UpdateBugzilla Newsletter – Dec 2022 Review

I’m going to try to keep a monthly newsletter like this going so people can keep up to date on what’s going on with the Bugzilla project.  Hopefully in the future I’ll get it out a little closer to the beginning of the month. With that said, here’s a review of what happened in December 2022:

  • Dylan continued to work on simplifying the docker config in Harmony to be usable out of the box without depending on Mozilla’s infrastructure and private docker repos. (still in progress)
  • Justdave wrote a blog post detailing the current project status.
  • Justdave communicated with multiple organizations who made inquiries about donating funds.
  • Justdave wrote up a funding proposal at the request of an organization who might be interested in funding some of our work in a more substantial way.
  • Justdave engaged in conversations with the Mozilla Foundation about how to handle the legal/financial side of the Bugzilla project going forward, since they technically own it, even though it’s treated as a community project. (still in progress – this needs to be resolved before we can accept the above-mentioned donations, though directly funding individual developers can still happen without that)
  • Justdave spent time experimenting with intercepting and modifying GitHub webhooks in pursuit of Bug 1802737, a prerequisite to committing security bugs prior to the upcoming releases. (still in progress)

We’re making slow and steady progress. I’m starting to think we won’t get the big releases that I mentioned in the blog post last month out as soon as hoped, but we’re definitely getting closer.

Most of the fixed bugs in December had to do with cleaning up the website (fixes for things broken by the site redesign).

Upcoming plans for January (and perhaps February) :

  • Finish off Docker support for both 5.2 and harmony (5.9).
  • Finish the infrastructure fixes (mostly GitHub and Bugzilla integration with the chat bots) needed to commit the security fixes.
  • Continue the discussions with Mozilla Foundation in hopes of being able to accept donations soon.
  • Set up a triage party to work on winnowing down the older bug reports.
  • Get the releases out the door.

The rest of this post is a bunch of statistics, so if you’re not into that stuff you can stop reading now.

There were 11 new bugs filed in December, of which one of them is classified as a low-severity security bug.  2 of the bugs were for the website, and 1 for the IRC bot, the remainder for Bugzilla itself.

Overall there were 17 bugs touched during December, including the above 11.

7 bugs were resolved. 3 INVALID, 1 WORKSFORME, 1 DUPLICATE, and 2 FIXED.

0 pull requests were created in the bugzilla repo.

0 pull requests were touched in the bugzilla repo.

0 pull requests were closed in the bugzilla repo.

1 pull request was created in the harmony repo.

2 pull requests were touched in the harmony repo.

1 pull request was closed in the harmony repo

There were 22 total commits to GitHub across all of Bugzilla’s repositories.

The meaningful commits to harmony did the following:

  • Set the version number to 5.9+ (justdave)
  • Fixed a crash during installation/testing when the code tried to access the database when it hadn’t been created yet. (dylan)

And that’s it for December!

SeaMonkeySeaMonkey 2.53.15 final is released!

Hi Everyone,

I hope everyone’s Christmas and New Year’s Eve was a safe and happy one.

I would like to take this opportunity and on behalf of the SeaMonkey Project, to wish everyone a belated Safe, Prosperous, Healthy and Happy New Year.

The SeaMonkey Project is pleased to announce the immediate release of SeaMonkey 2.53.15 final.   Please check out [1] or [2].

Best regards,

ewong

[1] – https://www.seamonkey-project.org/releases/seamonkey2.53.15/

[2] – https://www.seamonkey-project.org/releases/2.53.15

Firefox UXA content designer’s guide to product audits

How to set yourself up for success with the right scope, goals, and tools

A person in a space suit holding a large tool is floating above the earth, tethered to a space craft with by a twisted cord.<figcaption>Photo by The New York Public Library on Unsplash</figcaption>

Much like taking a space walk, performing a content audit can be exciting, overwhelming, and a little scary. Who knows what content complexities and usability meteors you’ll encounter in the nooks and crannies of your product’s terrain? You might even be going where no content designer has gone before — moonwalking your way through a dusty, dated workflow from your pre-style guide era.

The good news is that, like a space walk, a content audit is much less intimidating when you’re well prepared. The more work you put in up front, the smoother your audit will go. So before you slip on that space helmet and start taking screenshots, follow these tips from my Button 2022 conference talk to set yourself up for a successful content audit.

1. Find your stakeholders

Every good astronaut has a top-notch ground control team in place before takeoff. If you try to go it alone, you could find yourself lost in space with a giant list of product improvements and no way to implement them. That’s why starting an audit by identifying your major stakeholders is key. You can always add to this list later, but here’s who you’ll likely start with:

Product & UX

Find the product managers, UX designers, UX researchers, and content designers currently responsible for the area or feature you’re auditing. They’ll be the ones you’ll partner with to translate your audit findings into product improvements, so it’s vital to keep them involved.

In some cases, it may be helpful to identify people who worked on the product previously. Try reaching out to them to learn historical context, or ask if they’d be okay with fielding ad hoc questions.

Engineering

Try to find at least one engineer or engineering manager who can help with technical questions during your audit. You can also work with this engineer later on to size and scope findings into tickets for the backlog.

Marketing

You might want to involve someone from the marketing team if your audit area overlaps with acquisition activities, such as a product landing page, app store page, or a create account flow.

They’ll likely have valuable feedback on voice and tone as well as aligning product copy and design with marketing assets and campaigns.

2. Set goals

Space missions are expensive — and so are content audits. They’re time-intensive and create work outside of just content design. To avoid burning your precious mental rocket fuel without making actual product improvements, it’s important to set goals that are realistic to the resources your team can devote to auditing and fixing issues.

Suggested goals

To increase your chances of mission success, try focusing your audit on a specific feature or flow with a concrete goal in mind, like:

  • Improve an underperforming metric
  • Address or reduce specific customer complaints
  • Remove outdated content and/or improve cross-feature content consistency
  • Build a backlog of general UX improvements to address in the future

Avoid goal traps

Watch out for goals that are too broad, too vague, or too narrowly focused on fixing surface-level microcopy issues without acknowledging that there may be bigger UX or engineering issues at play.

Here are two common “goal traps” to avoid when stakeholders are requesting an audit (based on real-life failed audit missions).

Goal trap 1: Roll out a new voice to an entire product at once

This is an unrealistic goal unless teams can devote the necessary resources to achieve this and tie to a specific ROI measurement.

How to reframe: Identify high-impact areas to audit first. Start with one area and then expand as time and resources allow.

Goal trap 2: We didn’t have a content designer when we built this, and we want to get some “fresh eyes” on the content

It’s great that your team is excited about having a content designer, but you should always ask: What resources will be available for implementing improvements? Often, there’s an expectation that you’ll simply point out surface-level copy issues with no plan or support for addressing underlying UX issues. The impact will be limited and may not be worth the time invested in the audit.

How to reframe: Identify UX opportunities and inconsistencies and devote the necessary UX, product management, and engineering resources to fixing them.

Or instead of an in-depth audit, you can just create an overview of common content issues in the product and discuss how to better approach these as a team during future projects.

A space craft with giant golden panels is suspended in space<figcaption>Photo by NASA on Unsplash</figcaption>

3. Define your scope

On your space walk, are you going to photograph every inch of your product planet, or are you going to zoom in on a few problem areas? Since scope can make or break an audit, you should define your parameters before you set foot off the ship.

If your scope is too large, you risk overextending your timeline. And you may end up with an unmanageable list of issues that makes prioritization an overwhelming — if not impossible — task. To start, try picking a product area that one person can audit within one week, maximum. Any bigger, and you could risk getting overwhelmed.

Why one person? Involving multiple people in your first audit can be tricky unless you are all committed to cataloging things the same way. If you’d like to break up a bigger audit scope amongst a team of people, try having one person pilot this approach on a few smaller areas to nail down the documentation process and then teach it to others.

Once you’ve defined an area to audit, think about setting additional parameters around devices and content states. Every parameter you add increases the time your audit will take, so consider scope impacts carefully.

Devices:

  • Will your audit cover desktop, mobile phones, tablets, or all three?
  • Which operating systems will you include?
  • If you’re including multiple devices and/or operating systems, how will you document issues that occur on multiple platforms?

States:

  • Will your audit include error states or just happy paths?
  • Will your audit cover harder-to-capture microcopy (behind form field menus and tooltips, for example)? Or just stick to the surface?

4. Share the plan

By now you’re itching to put on your space suit and start walking through your product, but first you should take time to document what you decided in steps 2 and 3 and share it with the stakeholders you identified in step 1.

Feel free to use a doc, a deck, or whatever format works for you. It will pay off to have this artifact to refer to later!

5. Build your audit toolbox

You’re almost ready to launch your audit mission. But first, you need to have the right tools for the job.

Screenshot tools

Feel free to use your device’s native screenshot tool, but here are additional apps that can make the process easier (all are free unless otherwise noted with $).

Desktop screenshots:

Mobile video recordings

Recording yourself walking through an audit area on mobile allows you to capture screenshots later on desktop, which can save a lot of time. Share the video to your desktop using Airdrop, Slack, Google drive, or Snapdrop.

Organizing screenshots:

Audit spreadsheet

Pick an audit spreadsheet template that best fits your needs — like this one for example — and add or subtract columns depending on your needs. Remember: every audit is different, and no template is one-size-fits-all.

Log each issue on its own line. This way, you can easily filter by issue type, product area, and priority so you can quickly sort issues and identify trends.

Ready to blast off?

Hopefully by now you’re feeling ready to take your first small steps (or giant leap) into your product content audit. All of the prep work you put in up front ensures you can now focus on the mission at hand: identifying content and usability issues that you’ll soon transform into real product improvements.

For more content audit tips, check out my 2022 UX Camp talk: Don’t Fear the Spreadsheet: A Guide to Content Audits for Product Teams.


A content designer’s guide to product audits was originally published in Firefox User Experience on Medium, where people are continuing the conversation by highlighting and responding to this story.

SUMO BlogIntroducing Erik Avila

Hey folks,

I’m delighted to introduce you to Erik Avila who is joining our team as an additional Community Support Advocate. Here’s a short intro from Erik:

Hi! I’m Erik. I’ll be helping the mobile support team to moderate and send responses to app reviews, also, I’ll help identify trends to track them. I’m very excited to help and work with you all.

Erik will be helping out with the Mobile Store Support initiative, alongside with Dayana. We also introduced him in the community call last week.

Please join me to congratulate and welcome Erik!

SUMO BlogA glimpse of 2022

Hey SUMO nation,

Time surely flies, and here we are, already at the end of the year. 2022 has been an amazing year for the Customer Experience team. We welcomed 5 new people to our team this year, including 2 engineers, and 1 technical writer.

As an extension of our team, the SUMO community definitely plays an important role in our achievements. Let’s take a moment to reflect on what the community has accomplished this year. 

  • Forum

From January 1 to November 11, we posted 49K answers (from non-OP* users) to 28K questions posted on the forum. On average, our answer rate within 72 hours is 75% while our solved rate is around 14%. In a month, around 300 users have contributed to the forum (including the OP).

*See Support glossary
  • KB

From January 1 to November 11, the KB contributors have made 1746 revisions (all contributor revisions) with a 73% review rate and 95% approval rate. On average, we have in total of 30 contributors to our Knowledge Base on a monthly basis. 

  • Localization

The localization community had been doing great things this year by submitting to 13K revisions from January 1 to November 11. The review rate for the localization is looking pretty good at 90%, while the approval rate is 99%. On average, there are around 73 contributors involved on a monthly basis, from around 30 locales. We saw the PT-PT community has been recently re-activated as well after the pandemic, which is amazing.

  • Social Support

From January 1 to December 28, the Social Support Contributors have contributed to 908 responses in total (39.6% of our total responses). We also have been able to improve our resolved rate from 58% in 2021 to 70% this year. 

  • Mobile Store

Last but not least, from January 1 to Dec 28, the Mobile Store Support contributors have contributed to 1.6K replies and onboarded 4 new contributors this year. The response conversion (comparison between total responses against total moderation) rate is also looking good, with 47% on average throughout the year. Meaning, 47% of reviews that contributors moderated are replied to.


Apart from that, we have also managed to work on a few projects throughout the year:

  • Mobile hybrid support

In Q2, we hired a Community Support Advocate whose primary role is to support the mobile store ecosystem by moderating questions in Google Play Store and Apple App Store. This Community Support Advocate is working alongside contributors on Google Play Store and takes primary care of the App Store reviews as well as moderating forum questions (mainly by adding tags) for the mobile products to this day.

With the spirit of continuing the community program, we also rename the Mobile Support program to Mobile Store Support in Q4 with the introduction of the new contributor onboarding page.

  • Locale audit

We also did a locale audit in Q2 to check on the stage of our localization community. I presented the result of the audit on the community call in June.

  • Internal community dashboard

After the platform team fixed the data pipeline issue that was going on since the beginning of the year, Q3 follows with a project to create an internal community dashboard. I gave a brief overview of the project back then on the community call in July.

  • MR2022

Major Release 2022 went smoothly in Q3 because of the support of you all. Similar to what we did for the Major Release last year, we also prepared a list of changes for contributors and monitor the inbounds closely across the channels that we oversee. This time, the product team also worked with the CMO team to collect rapid feedback about some of the major features that we released in Firefox 106.

  • Contributor onboarding launch

In early November, we finally got to see the new face of our contributor onboarding page, which was formerly called the Get Involved page. You can learn more about this update in this blog post or by directly checking out the page.


It was not all rainbows and butterflies, though. On September 2022, we learned the news about the passing of one of our top contributors in the forum, FredMcD. It was definitely a great loss for the community.

Despite all the bumps, we do survive the year 2022, with grace and triumph. All the numbers that I presented at the beginning are not merely metrics. They are reflections of a collective effort from all of you, Mozillians around the world, who work tirelessly to keep the internet healthy and supported each other in the spirit of keeping the internet as a global public resource, open and accessible to all. I’m proud of working alongside you all and to reflect on what we have accomplished this year.

And yes, let’s keep on rocking the helpful web through 2023 and beyond!

PS!

If you’re a looker and interested in contributing to Mozilla Support, please head over to our Contribute page to learn more about our programs!

 

Kiki

 

Mozilla Add-ons BlogNew extensions available now on Firefox for Android Nightly

As we continue to develop extensions support on Firefox for Android, we’re pleased to announce new additions to our library of featured Android extensions. To access featured extensions on Firefox for Android, tap Settings -> Add-ons.

Based on currently available APIs, performance evaluations, and listening to requests from the Mozilla community, here are five new extensions now available to Firefox for Android users…

Firefox Relay

Mozilla’s own Firefox Relay is now available for mobile usage. The extension lets you easily generate email masks that will forward messages to your authentic email while hiding your address from unwanted spam, or worse, hackers.

Tampermonkey on Android.

Tampermonkey

One of the most popular userscript managers makes its way to mobile. Tampermonkey top features include automatic update checks, an intuitive display of running scripts, plus browser and cloud storage sync.

Read Aloud: A Text to Speech Voice Reader

Have you ever wanted your news or other web pages (even PDF’s) read aloud so your hands and eyes are free to focus on other things? Read-Aloud: A Text to Speech Voice Reader can now accommodate you on Android — in 40+ languages.

AdNauseum

More than just an effective ad blocker, AdNauseum punches back against privacy invasive ad tech by clicking a bunch of blocked ads in the background so advertisers can’t build an accurate profile of your interests.

ClearURLs

A simple extension that provides a powerful privacy feature — ClearURLs automatically strips away tracking elements from web links you open.

Create extension collections on Firefox for Android Beta

By following these instructions you can now create your own custom extension collections on Firefox for Android Beta (previously, collections were only available on Nightly). Name the collection anything you like, so long as there aren’t any spaces in its title. When creating your collection, you’ll see a number in the Custom URL field; this is your user ID. You’ll need the collection name and user ID to configure Beta in the following way:

Once created, simply add extensions to your collection. Each collection generates a custom URL so you’re to share it with others.

Are more extensions coming to Firefox for Android?

Absolutely. Right now we’re focused on implementing Manifest version 3 (MV3) for Firefox desktop (i.e. wide ranging foundational changes to WebExtensions API). In 2023 we’ll begin work on the mobile adoption of MV3. Though we’re still early in planning, MV3 will certainly offer a number of advances for mobile extensions, such as elegant handling of process restarts and improved security by splitting extensions into their own processes, while also retaining critical MV2 features that support privacy and ad blocking capabilities. Indeed our goal is to design MV3 for mobile in such a manner we’re able to open up the discoverability of mobile extensions beyond the short list available today. As plans take shape, we’ll be sure to keep you informed. In the meantime you’re welcome to join conversations about extensions development on Firefox Add-ons Discourse.

 

The post New extensions available now on Firefox for Android Nightly appeared first on Mozilla Add-ons Community Blog.

The Bugzilla UpdateUpcoming releases and more fun stuff

posted by Dave Miller – Bugzilla Project Lead

Surprise!  Bugzilla’s not dead yet. 🙂

So I posted a bunch of this a few months ago on the developers mailing list but it’s time to get it in front of a bigger audience. 🙂

I am trying to kick-start getting stuff moving again with Bugzilla since most of the core Bugzilla volunteers have had job changes over the last few years that have left them with less time to spend on the project, so things have been very slow going for a while. For those that don’t know, I’ve been more or less of a figurehead of a project leader for a number of years now, not having much time to spend on Bugzilla, but not having anyone in a position to be able to step in to replace me, and only stepping in myself to make decision calls when the other developers were at an impasse.  I’ve attempted to hand off control of the project to someone else twice in the last 10 years or so, and both times, the person I was about to hand off to got a new job and didn’t have time for it anymore just before we were about to do the hand-off (on the plus side, that happened before they took over and not after).  It takes a while for someone to build the trust needed to know I’m leaving it in good hands, so without a lot of active developers it’s hard to get someone in place to do that.  But I’ve had some life changes of my own now, which actually give me more time to spend on Bugzilla finally, so I’m getting back in the saddle and taking direct control again.  I’ve probably poked at it more in the last 5 or 6 months than I have in the last 5 or 6 years combined.

I have started a new consulting business, and I’ve been trying to structure it in a way that allows me to spend time on Bugzilla again. (If you want to hire me to help with your Bugzilla, or help funding work on upstream Bugzilla, feel free to contact me, even if I’m not publicly advertising yet)

Now back to the nitty gritty and my plans for this project.

There is a call for help in this post below the release information. If you can give us a hand it would be greatly appreciated. Not all of it is code-related, so there might be something you can do even if you’re not a coder!

Infrastructure Updates

Prior to a few weeks ago, our main website hadn’t been updated beyond quick bugfixes to content in a long time. LCP recently did a full overhaul of the website to modernize it and make information easier to find. We deployed this a few weeks ago, so go have a look! It looks awesome! Also, the new website has RSS feeds!

Also over the last couple months, I’ve been working on getting some of the project infrastructure back in place to help support active development. Among the list of things that have gotten done are:

  • getting our testing suite moved into GitHub Actions so that it runs automatically on every commit
  • updating our IRC bot, both to get it to talk to the IRC server again (which it stopped doing recently due to outdated SSL versions), and to update the mail parsing code in it to handle newer versions of Bugzilla (most importantly bugzilla.mozilla.org, where our own notification emails would be coming from).
  • Setting up a private Git repository for security commits so that we can stage and test them prior to release without exposing them to the public prior to disclosures.

The Release Plans

I would like to put out a new multi-branch release of Bugzilla as soon as we can get all the pieces in place to do so. I was hoping to do this within a few weeks of the original post to the developers list, but that was back in August and it hasn’t happened yet. At this point I think we’ll be really lucky if it happens before the end of December; though mid-January is definitely a possibility. As a forewarning to everyone, there will be security content in it, and that’s part of the holdup. For obvious reasons I can’t ask for help with the security bugs outside of the existing core developer team, as that risks exposure to hackers that might take advantage of it before users have a chance to update. So we ask for your patience while we work through these issues and get them ready to land.

The 4.4 branch has been on life support for a LONG time (it was initially released in 2013!!!), supports outdated OSes that are hard to find or install, let alone test for these days, and we’ve been itching to drop it for a long time.  But our support policy says that we have to support it for 4 months after the following two major releases.  The next major release after 4.4 was 5.0, and there have been no major releases after that, which means that 4 month countdown hasn’t even started yet.

4.4.14 – I am intending this to be the final release of the 4.4 branch (barring any additional security issues being found in the next 4 months) as the 5.2 release below will start that 4 month countdown to End-of-Life this branch.

5.0.4.1 – Why 5.0.4.1 when there’s a 5.0.6 release?  Well, if you paid attention to the change logs, 5.0.5 and 5.0.6 contained a massive schema change, as well as reformatting almost all of the Perl code in the source, both of which are a violation of our support policy for a stable branch (a new-to-the-process release manager pushed the release out not realizing that, and by the time we caught it, it was too late). A lot of people noticed this and never upgraded to 5.0.5 or 5.0.6, since they didn’t contain any security fixes.  5.0.4.1 will give those people additional fixes for 5.0.4 without forcing them to pick up those schema and code reformatting changes. Additional updates to the 5.0 branch from now on will continue from 5.0.4.2 and onward.

5.2 – This will be the next major release, and will start the 4 month countdown for discontinuing the 4.4 branch. 5.2 is forked from the 5.0 branch after 5.0.6, and will contain those schema and code formatting changes from 5.0.5 and 5.0.6 in it. So if you did upgrade to 5.0.6, 5.2 will be equivalent to a point upgrade for you.  Those schema changes should have caused a major release to happen anyway, so this is just fixing the numbering problem with that release (i.e. 5.0.5 should have been called 5.2 to begin with). Note that if you are using the 5.1.x development releases, those did NOT feed into this, and 5.2 would actually be a downgrade for you.

5.1.3 – The 5.1 branch is basically dead, as we’ve put all of our resources into finishing off the Harmony release (see 5.9.1 below). We’re going to encourage people on 5.1.x to move to Harmony, but you’ll want to be mindful of the release blockers first before you make the jump. There are some features in 5.1.x that were implemented differently in Harmony, and the code to migrate the related data may or may not work yet (if the feature in question is listed on the release blockers and you use it, you’ll want to wait for now). Even though this branch is dead, we’re going to put out a release with the current batch of security fixes so you aren’t left high and dry before Harmony is ready for you.

5.9.1 – This will be the first official release off the Harmony branch, and will be classified as a developer preview release, not for production use.  This is what will eventually be Bugzilla 6.  The code is mostly good enough to use right now, but there are still showstoppers to be able to fully release it as a production release. There are also a few gotchas when upgrading from older versions of Bugzilla. If you’re interested in helping make Bugzilla 6 happen, that list of showstoppers is here.

Immediate Help Wanted

There’s a few things (not all necessarily code related) that I would love to get help with prior to the above releases. This list is not entirely the same as the one that was in the original post to the developers list. Some of the items in that list actually got done! Yay! Thanks to those of you who pitched in!

  1. Documentation.  This is going to be primarily for the newer branches, but the older ones are going to need some help as well.  Installation instructions mostly.  The examples in the docs use ancient versions of the OSes that are given as sample installs, and no sane person is going to be using an OS that old on a new install.  So the installation sections of the docs need to be updated to use modern versions of the OSes in the instructions and examples. See also Bug 1785943. This has been done for the 5.0 and 5.2 branches (thanks, LCP!) but still needs to be done for 4.4 and Harmony. In fact, Harmony needs a LOT of documentation help, as what’s there now is pretty specific to trying to produce a testing environment for bugzilla.mozilla.org, rather than a standalone Bugzilla.
  2. Section 508 Compliance Audit. There are a number of US government agencies who use Bugzilla internally (NASA is a publicly visible example).  New US government projects have to comply with the new accessibility guidelines in Section 508 of the Communications Act, so if we want them to be able to upgrade we need to comply (at least in our newer versions).  See https://section508.gov/. There is a template for a compliance statement at https://www.section508.gov/sell/vpat/.  I would love to get a volunteer (or a company who can sponsor someone?) who could audit the 5.2 and harmony branches for compliance, file bugs for things that are violations, and figure out how much of the VPAT we can actually provide at this point.  Even if we’re not compliant yet (I suspect we aren’t) I would love to be able to provide a statement with the 5.2 release saying how compliant we are, and listing what’s left to be fixed to make us compliant. See also Bug 1785941.

Ongoing Help Wanted

There’s also a few things not specifically related to the above release that we’d love to get help with on an ongoing basis:

  • Bug Triage! As you probably noticed from the lack of updates around here in a while, the bug list hasn’t been getting paid much attention to, either. Part of getting this project moving again means re-triaging the existing bug reports. Some of them are really ancient and may not even apply to the current code-base anymore. I’m going to have another blog post coming in the next day or two with information on this topic (specifics for how to help with it), so keep an eye out for that post!
  • Paid Developer Time. If you are a business that makes use of Bugzilla, and has a staff person responsible for maintaining your Bugzilla installation, and that person is willing, please consider officially sponsoring that person to help with upstream Bugzilla development for at least a few hours per week. Most of our lack of development lately has happened because the last few companies that used to do that stopped providing developer time during the economic downturn a few years back (either laid off said person or pulled them away to work on other things), and they haven’t returned. The developers we have currently are all volunteer, and most of them are struggling to find time to work on it.

In Conclusion…

If you can help with any of these things, visit us on IRC or Matrix (links to both can be found in the left sidebar on https://bugzilla.org/ ), join the developer mailing list and post there, or add comments to the above-listed bugs.


Dave Miller
Bugzilla Project Lead

SeaMonkeySeaMonkey 2.53.15 Beta 1 re-released

Hi All,

After much fiddling and fudging (well, not really), just managed to release build 3 of SeaMonkey 2.53.15b1.  Build 1 was a mix up and not sure what happened with build 2.

Anyway, build 3 is out.

Updates have been enabled.

:ewong

SeaMonkey2.53.15b1 release wrong

Hi All,

Due to some confusion on my part, I had released the wrong set of binaries from the Windows builder.    I’ve disabled all updates and we’re redoing the whole build again.

My apologies for the confusion.

:ewong

SUMO BlogWhat’s up with SUMO – December 2022

Hi everybody,

It’s been a while since our last monthly update. Ever since our internal dashboard was broken, we didn’t have an easy way to export the platform data. Now that we got access to our data back, let’s talk about what we’ve missed.

Welcome note and shout-outs

  • Welcome to Daniel López, Spencer Peck, Rafael Oliver, and Edoardo Viola. Thanks for joining the Social & Mobile Store Support.
  • Thanks to every one of you for contributing to SUMO. Those who replied to our users in the forum, Twitter, or Play Store reviews. All of you who helped us improve the Knowledge Base. Last but not the least, to many of you who helped translate the help articles to your local languages. Thank you all so much! I can’t stress enough that SUMO cannot exist without you. ❤️❤️❤️

If you know anyone that we should feature here, please contact Kiki and we’ll make sure to add them in our next edition.

Community news

  • Forum question detail is now limited only to these groups and the trusted contributors group.
  • Our new contribute page is finally released. Check out what we’ve changed and share the news to your network and local community.
  • We have a new Technical Writer joined the content team on late October. Please join me to welcome to Lucas.
  • Learn more about Hubs transition and how it impacts the support team in this blog post.
  • Learn more about Mozilla x Pulse acquisition.
  • Watch the community call in December to learn more about what we’ve accomplished throughout this year.

Catch up

  • Watch the monthly community call if you haven’t. Learn more about what’s new in August, September, October, November and December! Reminder: Don’t hesitate to join the call in person if you can. We try our best to provide a safe space for everyone to contribute. You’re more than welcome to lurk in the call if you don’t feel comfortable turning on your video or speaking up. If you feel shy to ask questions during the meeting, feel free to add your questions on the contributor forum in advance, or put them in our Matrix channel, so we can answer them during the meeting.
  • If you’re an NDA’ed contributor, you can watch the recording of the Customer Experience weekly scrum meeting from AirMozilla to catch up with the latest product updates.
  • Consider subscribe to Firefox Daily Digest to get daily updates about Firefox from across different platforms.
  • Check out SUMO Engineering Board to see what the platform team is currently doing.
  • Check out the following release notes from Kitsune in the month:

Community stats

KB

KB pageviews (*)

* KB pageviews number is a total of KB pageviews for /en-US/ only
Month Page views Vs previous month
August 2022 7,419,744 1.29%
September 2022 7,258,663 -2.17%
October 2022 7,545,033 3.95%
November 2022 7,156,797 -5.15%

Top 5 KB contributors in the last 90 days: 

KB Localization

Top 10 locales based on total page views

Locale Aug 2022 Sep 2022 Oct 2022 Nov 2022 Localization progress
de 8.35% 8.58% 9.40% 9.94% 97%
zh-CN 7.39% 7.34% 6.83% 7.44% 100%
fr 5.96% 7.07% 7.22% 7.24% 89%
es 5.85% 6.11% 5.91% 5.89% 32%
pt-BR 5.04% 4.25% 3.89% 3.55% 56%
ru 3.98% 4.11% 4.06% 4.04% 86%
ja 3.81% 3.90% 4.03% 4.01% 52%
pl 2.00% 2.16% 2.17% 2.20% 87%
It 1.85% 2.26% 2.37% 2.20% 99%
zh-TW 1.47% 1.57% 1.69% 1.57% 4%
* Locale pageviews is an overall pageviews from the given locale (KB and other pages)

** Localization progress is the percentage of localized article from all KB articles per locale per Dec 8,2022

Top 5 localization contributors in the last 90 days: 

Forum Support

Forum stats

Month Total questions Answer rate within 72 hrs Solved rate within 72 hrs Forum helpfulness
Aug 2022 3247 73.11% 9.52% 57.30%
Sep 2022 3337 70.99% 9.32% 58.25%
Oct 2022 3997 64.95% 9.06% 58.26%
Nov 2022* 1196 63.04% 7.19% 52.51%
* November data is updated only up to Nov 11th

Top 5 forum contributors in the last 90 days: 

Social Support

Channel Total incoming conv Conv interacted Resolution rate
Aug 2022 381 409 77.39%
Sep 2022 197 183 83.53%
Oct 2022 254 275 70.68%
Nov 2022 201 175 48.73%

Top 5 Social Support contributors in the past 2 months: 

  1. Jens Hausdorf
  2. Tim Maks
  3. Christophe Villeneuve
  4. Bithiah K
  5. Magno Reis

Play Store Support

Channel Aug – Nov 2022
Total reviews moderated Total reviews replied
Firefox for Android 3733 2187
Firefox Focus for Android 1680 554
Firefox Klar Android 2 0

Top 5 Play Store contributors in the past 4 months: 

Product updates

To catch up on product releases update, please watch the recording of the Customer Experience scrum meeting from AirMozilla. You can also subscribe to the AirMozilla folder by clickling on the Subscribe button at the top right corner of the page to get notifications each time we add a new recording.

Useful links:

hacks.mozilla.orgHow the Mozilla Community helps shape our products

A product is first an idea, then a project, and then a prototype. It is tested, refined, and localized so that it is accessible to users in different regions. When the product is released into the world, these users need to be supported. Of course, there are always going to be improvements, fixes, and new features, and those will also need to be planned, developed, tested…and so on, and so forth…

What do all these stages have in common?

Here at Mozilla, our awesome community is there every step of the way to support and contribute to our products. None of what we do would be possible without this multicultural, multilingual community of like-minded people working together to be a better internet.

Of course, contributions to our products are not everything that the community does. There is much more that our community creates, contributes, and discusses.

However,  as a major release recently happened we want to take the occasion to celebrate our community by giving you a peek at how their great contributions helped with version 106 (as well as all versions!) of Firefox.

Ideation (Mozilla Connect)

Ideas for new features and products come from many different sources. Research, data, internal ideas, and feature requests during Foxfooding…at Mozilla one of the sources of new ideas is Mozilla Connect.

Mozilla Connect is a collaborative space for ideas, feedback, and discussions that help shape future product releases.  Anyone can propose and vote for new ideas. The ideas that gain more support are brought to the appropriate team for review.

Firefox Picture in picture subtitles was a feature requested by the Mozilla Connect Community!

Connect is also a place where Mozilla Product Managers ask for feedback from the community when thinking about ways to improve our product, and where the community can interact directly with Product Managers and engineers.

In this way, the community contributes to continuous product improvement and introduces diverse perspectives and experiences to our product cycle.

Connect played a role in the latest Firefox Major release on both sides of the ideation cycle.

Are you enjoying the new PDF editor’s functionalities? Then you should know that the community discussed this idea in Connect. After many upvotes, the idea was officially brought to the product team.

After the release is done, the community joined discussions with Firefox Product Managers to give feedback and new suggestions on the new features.

Interested? Get started here.

Development (Code contribution and patches)

Mozilla developers work side by side with the Community.

Community members find and help solve product bugs and help with the development of different features.

Community is fundamental for the development of Firefox, as community members routinely add their code contributions to the Nightly version of Firefox!

You can check out how staff members and contributors work together to solve issues in the Nightly version of Firefox.

Interested? Check out how you can submit your first code contribution. You can also discover more about Nightly here.

Testing and reporting bugs 

There are many ways in which the Community helps find and report bugs. One of these is a Foxfooding campaign.  

Because we still have to meet a Mozillian that does not enjoy a good (and…less good) pun, Foxfooding is the Firefox version of Dogfooding.

This is where we make a feature or a product available to our community (and staff) before it is released to the public. Then we ask them to use it, test it, and submit bugs, product feedback, and feature requests.

This is an incredibly precious process, as it ensures that the product is tested by a very diverse (and enthusiastic) group of people, bringing unexpected feedback, and testing in much more diverse conditions than we could do internally.

Plus it is, you know, fun ;)

We ran a Foxfooding campaign for the last Major Release too! And the community all over the world submitted more than 60 bugs.

Foxfooding campaigns are published here. You can subscribe to our Community Newsletter to be notified when one is starting.

Furthermore, community members find, report, and help solve Firefox Nightly bugs, as well as bugs that appear in other Firefox versions.

Finding and reporting bugs is a great contribution, helping to continuously improve Mozilla Products.

In fact, simply using Firefox Nightly (or Beta) is a way to contribute easily to the Mozilla project. The simple fact of using Nightly sends anonymous data on and crash reports that help discover issues before we ship to the general public.

Localization (l10n)

Currently, Firefox is localized in 98 languages (110 in the Nightly version) and that is entirely thanks to the effort of a determined international community.

Localization is important because we are committed to a Web open and accessible to all— where a person’s demographic characteristics do not determine their online access, opportunities, or quality of experience.

The Mozilla Localization effort represents a commitment to advancing these aspirations. They work together with people everywhere who share the goal to make the internet an even better place for everyone.

The community worked really hard on the global launch for the Major release! Thank you to all localizers that took part in this global launch. There were more than 274 folks working on, and (approximately) 67,094 translations!

Users Support (SUMO)

Once a product is out into the world, the work is far from done! There are always bugs that need reporting, users who need troubleshooting help, and new features that need explanation…

At Mozilla, the Mozilla Support a.k.a. SUMO community is the one supporting users all over the world, answering support questions through the forum, socials, or mobile app stores, creating helpdesk articles, and localizing the articles.

When it’s done right, providing high-quality support may contribute to our user’s loyalty and retention. Plus, it can help improve the product: when we bring the data back to the product team, we can establish a feedback loop that can be delivered into product improvements as well.

The SUMO community is actively helping users during the Major release. Up until now:

  • 3975 forum responses were sent during the release from 2344 questions that were submitted.
  • 12 support articles were created, updated, and translated into Greek, French, Italian, Japanese, Russian, Portuguese, Simplified Chinese, Polish, and many more.
  • They posted responses to review in the 445 Google Play Store responses
  • They answer 88 Twitter questions

And they are still going strong!

Want to Join?

Would you also like to contribute? Our products are one of the ways in which we shape the web, and protect the privacy of our users. Getting involved is a great way to contribute to the missions and get in touch with like-minded people.

Please check our /contribute page for more information, subscribe to our Community Newsletter,  or join our #communityroom in Matrix.

The post How the Mozilla Community helps shape our products appeared first on Mozilla Hacks - the Web developer blog.

SeaMonkeySeaMonkey 2.53.15 Beta 1 is out!

Hi all,

The SeaMonkey Project is proud to announce the immediate release of SeaMonkey 2.53.15 Beta 1.

Please check out [1] or [2].

:ewong

PS: SeaMonkey 2.53.15 Beta 1 was slated to be released around November 15th or so.  However, I wasn’t able to do the release due to a personal issue that required my major attention.  I apologize for the delay.

[1] – https://www.seamonkey-project.org/releases/seamonkey2.53.15/

[2] – https://www.seamonkey-project.org/releases/2.53.15b1

SUMO BlogHubs transition

Hi SUMO folks,

I’m delighted to share this news with you. The Hubs team has recently transitioned into a new phase of a product. If in the past, you needed to figure out the hosting and deployment on your own with Hubs Cloud, you now have the option to simply subscribe to unlock more capabilities to customize your Hubs room. To learn more about this transformation, you can read their blog post.

Along with this relaunch, Mozilla has also just acquired Active Replica, a team that shares Mozilla’s passion for 3D development. To learn more about this acquisition, you can read this announcement.

What does this mean for the community?

To support this change, the SUMO team has been collaborating with the Hubs team to update Hubs help articles that we host on our platform. We also recently removed Hubs AAQ (Ask a Question) from our forum, and replaced it with a contact form that is directly linked to our paid support infrastructure (similar to what we have for Mozilla VPN and Firefox Relay).

Paying customers of Hubs will need to be directed to file a support ticket via the Hubs contact form which will be managed by our designated staff members. Though contributors can no longer help with the forum, you are definitely welcome to help with Hubs’ help articles. There’s also a Mozilla Hubs Discord server that contributors can pop into and participate in.

We are excited about the new direction that the Hubs team is taking and hope that you’ll support us along the way. If you have any questions or concerns, we’re always open to discussion.