The Mozilla BlogNext steps for Mozilla and Trustworthy AI

(In short: Mozilla has updated its take on the state of AI — and what we need to do to make AI more trustworthy. Read the paper and share your feedback: AIPaper@mozillafoundation.org.)

In 2020, when Mozilla first focused its philanthropy and advocacy on trustworthy AI, we published a paper outlining our vision. We mapped the barriers to a better AI ecosystem — barriers like centralization, algorithmic bias, and poor data privacy norms. We also mapped paths forward, like shifting industry norms and introducing new regulations and incentives. 

The upshot of that report? We learned AI has a lot in common with the early web. So much promise, but also peril — with harms spanning privacy, security, centralization, and competition. Mozilla’s expertise in open source and holding incumbent tech players accountable put us in a good place to unpack this dynamic and take action. 

A lot has changed since 2020. AI technology has grown more centralized, powerful, and pervasive; its risks and opportunities are not abstractions. Conversations about AI have grown louder and more urgent. Meanwhile, within Mozilla, we’ve made progress on our vision, from research and investments to products and grantmaking

Today, we’re publishing an update to our 2020 report — the progress we’ve made so far, and the work that is left to do.

[Read: Accelerating Progress Toward Trustworthy AI]

Our original paper focused on four strategic areas: 

  • Changing AI development norms,
  • Building new tech and products,
  • Raising consumer awareness,
  • Strengthening AI regulations and incentives. 

This update revisits those areas, outlining what’s changed for the better, what’s changed for the worse, and what’s stayed the same. At a very high level, our takeaways are:

  • Norms: The people that broke the internet are the ones building AI. 
  • Products: More trustworthy AI products need to be mainstream. 
  • Consumers: A more engaged public still needs better choices on AI. 
  • Policy: Governments are making progress while grappling with conflicting influences. 

A consistent theme across these areas is the importance and potential of openness for the development of more trustworthy AI — something Mozilla hasn’t been quiet about

Our first trustworthy AI paper was both a guidepost and map, and this one will be, too. Within are Mozilla’s plans for engaging with AI issues and trends. The paper outlines five key steps Mozilla will take in the years ahead (like making open-source generative AI more trustworthy and mainstream), and also five steps the broader movement can take (like pushing back on regulations that would make AI even less open). 

Our first paper was also “open source,” and this one is, too. We are seeking input on the report and on the state of the AI ecosystem more broadly. Through your comments and a series of public events, we will take feedback from the AI community and use it to strengthen our understanding and vision for the future. Please contact us at AIPaper@mozillafoundation.org and send us your feedback on the report, as well as examples of trustworthy AI approaches and applications.

The movement for trustworthy AI has made meaningful progress since 2020, but there’s still much more work to be done. It’s time to redouble our efforts and recommit to our core principles, and this report is Mozilla’s next step in doing that. It will take all of us, working together, to turn this vision into reality. There’s no time to waste — let’s get to work.

The post Next steps for Mozilla and Trustworthy AI appeared first on The Mozilla Blog.

The Mozilla BlogActivist Chris Smalls reflects on taking on Amazon, forming worker unions and digital activism in 2024

At Mozilla, we know  we can’t create a better future alone, that is why each year we will be highlighting the work of 25 digital leaders using technology to amplify voices, effect change, and build new technologies globally through our Rise 25 Awards. These storytellers, innovators, activists, advocates. builders and artists are helping make the internet more diverse, ethical, responsible and inclusive.

This week, we chatted with winner Chris Smalls, an activist using technology to effect change and advocate for a better world. He’s the founder and president of the Amazon Labor Union in Staten Island that advocates for workers’ rights and conditions. In 2020, he was fired by Amazon after leading protests against its working conditions during the COVID-19 pandemic. We talk with Smalls about the early days of the union fight, his work in the community and how the digital world has impacted organizing efforts.

When people are fighting against Amazon, there are a lot of different fights — wages, time-off, to even remote work now. What was the main thing that you wanted to fight for like during that time? When you began to fight for the union.

The pandemic, for sure. It was COVID-19. That initially was the reason why I spoke up. You know, after working there for a number of years — five years — and realizing that we weren’t prepared for the virus on a local level, it was a very alarming situation to be in, and this was before the vaccine, before mask testing, before we even really understood what the virus was doing. We knew it was wiping people out, so my fear was that it would spread like wildfire within the warehouse and within the whole Amazon network. So initially, I was just trying to go through the proper channels. And one thing led to another, you know, when I wasn’t met with an answer that I felt was sustainable for not just myself, but for everybody, that’s when I started to pretty much rebel. I try to still do that in a respectable manner, but unfortunately, the company decided to take an aggressive route by just quarantining myself out of the thousands of people, and I felt that wasn’t right at all. So initially it was over COVID-19, but as things unfolded, the demands changed over time. And it wasn’t until 2021 — the end of 2021, spring — was when we decided that we were going to form this independent Amazon labor union.

How did you get people on board with this? How did you convince people to buy into it?

I used Amazon’s principles — really, to be honest with you — earning the trust, building the relationships. One of my favorite principles out of the 14 was, have backbone, disagree and commit, so that’s exactly what I did. I disagreed with the way they were responding. I had a backbone to stand up to it, and I committed myself to the movement and committed myself to building relationships and earning the trust of the workers. So, over the course of 11 months, you know, organizing outside across the street, meeting people, having conversations, having barbecues, giving out free food — and yes, we did give out free weed — we did all these things, little things that mattered the most. Things that Amazon overlooked all the time – the little things. How do people get to work? How do they eat lunch every day? How do they get a ride to and from work in a snowstorm? We were there for them during those times, and we did those little bit of things with a little bit of money that we had from donations, and that’s ultimately how we defeated them, which is bringing people together from all different backgrounds.

<figcaption class="wp-element-caption">Chris Smalls at Mozilla’s Rise25 award ceremony in October 2023.</figcaption>

When you reflect on your time at Amazon, what do you remember most about that period in your life in terms of the work that you did there?

What I remember most is really just being allowed to be exactly who people see today. When I worked there, I was so well respected because I was a good employee, that I was allowed to pretty much create my culture within my own little department no matter what building I was in. I opened up 3 buildings for Amazon — one in New Jersey, Connecticut and Staten Island — and for me to go to each of these buildings and be able to have the respect of upper management and have the morale of the people underneath me to make them productive, and my team go number one in our department. I think people respected the fact that I was always siding with the workers, no matter what position I was in, and I was a supervisor. To have the morale that I had, I had to understand where people came from, and I understood where they came from because I was them at one point in time. I was an entry level worker on the line, picking and packing boxes just like the rest of them. So for me, I never forgot where I came from, and by having those types of skill sets, along with learning those principles, that’s what made me the best organizer I can possibly be.

You’ve gotten a lot of different spotlights — being on The Daily Show, meeting President Joe Biden, magazine features —  which experience from the last few years has kind of made you stop and realize the magnitude of what you did?

The Daily Show is definitely up there, that was a cool one. The Breakfast Club, that was a cool one for me. Desus and Mero was a cool one for me. And of course, the White House. I’m not fond of the President, but to go to the White House as a young black man from where I came from is unheard of, so, that’s always going to be a highlight of my life, regardless of who the President is. 

Where do you draw inspiration from to continue the work that you do today?

I draw definitely from the youth, the younger generation. I try to stay young and hip — I’m still 35 years old and I have kids already, I have kids about to be in high school. My kids are 11 going on 12, and they’re watching me on YouTube, especially on TikTok. I’m in their classroom. They’re talking to their friends about their dad. So for me, my inspiration is being a good role model, being a good father and understanding that the youth is paying attention now, and because of my uniqueness and our style, our swag, the way my union is so different, I want to continue to build off of that. I want to make sure that we’re making unionizing cool because before it was boring, you know, to talk about it. But now we’re trying to change the culture of what labor looks like.

What do you think is the biggest challenge that we face right now in the world, on and offline? How do you think we combat it?

Well, the biggest challenge is the opposition. The system that’s been in place is still operating against us, and they got a lot more money and power than we do. The reason why they continue to get away with the things that they do is because we’re still divided. 

I’m a fast learner in my few years of organizing, the labor movement itself is in a small bubble. If you talk about social injustice, it’s in a small bubble. You talk about women’s rights, it’s in the small bubble. Climate is in a different bubble. We’re not really, truly connected until we see something like a George Floyd where everybody’s out in the streets, and that’s the problem with America. We all go out in the streets when we see things like George Floyd. But then, after a while, we forget about it, and then we go back to work. And then it’s like, “Oh well, I can’t, because of my own individual problems that I have, and it’s not everybody’s fault. It’s the system that we live in that is designed to keep us distracted and not together.” So I think that’s the biggest issue that we got to overcome is, how do we connect all these different movements? Because at the end of the day, we’re all a part of the working class, no matter what movement, we’re all part of the working class. And if you’re in the labor movement, everybody here is a worker, no matter what job you work for or what industry you work for, you’re a worker. My goal one day is to connect trade unions to all the different movements and make this a class struggle, This is a class struggle. It’s 99.9% of us versus the one percent class, the billionaires. And I think if we all realize — that we’re all poor compared to these billionaires that are the ones who make the decisions for the rest of us and control these corporations — then we’ll be way better off than we are as a country.

What gives you hope about the future of our world to reach a place where we’re all much better?

What gives me hope now is that I’m walking into middle schools now and these 10-year-olds are telling me that Jeff Bezos is a bad man. Back in the day I didn’t go to class, and on Career Day, there was no Chris Small walking into a classroom on Career Day. There was always police officers, firefighters or nurses and doctors. But there was never a young, Black, cool-looking, Urban-like, brother to come in and say “Yo, you could be a trade union leader and still be as cool as a rapper. It was none of that. So for me, that’s what gives me hope is that the young generation — it’s a gift and curse they have access to iPads because they get access to everything — but they’re much more conscious than we were. They’re much more smarter and advanced and I know that could be a little scary, because they do have access to a lot of things at a younger age, but these kids are so smart now that they’re able to make decisions at a younger age. The younger generation is paying attention to the major issues of the world right now. I think we’re in a time that we’ve never seen before and that’s what gives me hope is that the younger generation is going to lead the way instead of us passing the torch, they’re going to lead it.

Get Firefox

Get the browser that protects what’s important

The post Activist Chris Smalls reflects on taking on Amazon, forming worker unions and digital activism in 2024 appeared first on The Mozilla Blog.

The Mozilla Thunderbird BlogThunderbird for Android / K-9 Mail: January 2024 Progress Report

a dark background with Thunderbird and K-9 Mail logos centered, with the text "Thunderbird for Android, January 2024 dev digest"

A new year, a new progress report! Learn what we did in January on our journey to transform K-9 Mail into Thunderbird for Android. If you’re new here or you forgot where we left off last year, check out the previous progress report.

Account setup

In January most of our work went into polishing the user interface and user experience of the new and improved account setup. However, there was still one feature missing that we really wanted to get in there: the ability to configure special folders.

Special folders

K-9 Mail supports the following special folders:

  • Archive: When configured, an Archive action will be available that moves a message to the designated archive folder.
  • Drafts: When configured, the Save as draft action will be available in the compose screen.
  • Sent: Messages that have been successfully submitted to the outgoing server will be uploaded to this folder. If this special folder is set to None, the app won’t save a copy of sent messages.
    Note: There’s also the setting Upload sent messages that can be disabled to prevent sent messages from being uploaded, e.g. if your email provider automatically saves a copy of outgoing messages.
  • Spam: When configured, a Spam action will be available that moves a message to the designated spam folder. (Please note that K-9 Mail currently does not include spam detection. So besides moving the message, this doesn’t do anything on its own. However, moving a message to and from the spam folder often trains the server-side spam filter available at many email providers.)
  • Trash: When configured, deleting a message in the app will move it to the designated trash folder. If the special folder is set to None, emails are deleted permanently right away.

In the distant past, K-9 Mail was simply using common names for these folders and created them on the server if they didn’t exist yet. But some email clients were using different names. And so a user could end up with e.g. multiple folders for sent messages. Of course there was an option to manually change the special folder assignment. But usually people only noticed when it was too late and the new folder already contained a couple of messages. Manually cleaning this up and making sure all email clients are configured to use the same folders is not fun.

To solve this problem, RFC 6154 introduced the SPECIAL-USE IMAP extension. That’s a mechanism to save this special folder mapping on an IMAP server. Having this information on the server means all email clients can simply fetch that mapping and then there should be no disagreement on e.g. which folder is used for sent messages.

Unfortunately, there’s still some email providers that don’t support this extension. There’s also cases where the server supports the feature, but none of the special roles are assigned to any folder. When K-9 Mail added support for the SPECIAL-USE extension, it simply used the data from the server, even if it meant not using any special folders. Unfortunately, that could be even worse than creating new folders, because you might end up e.g. not having a copy of sent messages.

So now the app is displaying a screen to ask the user to assign special folders when setting up an account. 

This screen is skipped if the app receives a full mapping from the server, i.e. all special roles are assigned to a folder. Of course you’ll still be able to change the special folder assignment after the account has been created.

Splitting account options

We split what used to be the account options screen into two different screens: display options and sync options.

Improved server certificate error screen

The screen to display server certificate errors during account setup has received an overhaul.

Polishing the user experience

With the special folders screen done, we’re now feature complete. So we took a step back to look at the whole experience of setting up an account. And we’ve found several areas where we could improve the app. 

Here’s an (incomplete) list of things we’ve changed:

  • We reduced the font weight of the header text to be less distracting.
  • In some parts of the flow there’s enough content on the screen that a user has to scroll. The area between the header and the navigation buttons at the bottom can be very small depending on the device size. So we included the header in the scrollable area to improve the experience on devices with a small screen.
  • There are a couple of transient screens, e.g. when checking server settings. Previously the app first displayed a progress indicator when checking server settings, then a success message for 2 seconds, but allowed the user to skip this screen by pressing the Next button. This turned out to be annoying and confusing. Annoying because the user has to wait longer than necessary; and confusing because it looked like user input was required, but by the time the user realizes that, the app will have most likely switched to the next screen automatically.
    We updated these transient screens to always show a progress indicator and hide the Next button, so users know something is happening and there’s currently nothing for them to do.
  • We also fixed a couple of smaller issues, like the inbox not being synchronized during setup when an account was configured for manual synchronization.

Fixing bugs

Some of the more interesting bugs we fixed in January:

  • When rotating the screen while selecting a notification sound in settings, some of the notification settings were accidentally disabled (#7468). 
  • When importing settings a preview lines value of 0 was ignored and the default of 2 was used instead (#7493).
  • When viewing a message and long-pressing an image that is also a link, only menu items relevant for images were displayed, but not ones relevant for links (#7457).
  • Opening an attachment from K-9 Mail’s message view in an external app and then sharing the content to K-9 Mail opened the compose screen for a new message but didn’t add an attachment (#7557).

Community Contributions

new-sashok724 fixed a bug that prevented the use of IP addresses for incoming or outgoing servers (#7483).

Thank you ❤

Releases

If you want to help shape Thunderbird for Android, become a beta tester and provide feedback on new features while they are still in development.

The post Thunderbird for Android / K-9 Mail: January 2024 Progress Report appeared first on The Thunderbird Blog.

The Mozilla Thunderbird BlogFebruary 2024 Community Office Hours: All About Add-Ons!

A graphic with an icon representing community, set inside the Thunderbird logo, with the text "Thunderbird Community Office Hours for February 2024: Add-Ons"

The topic for this month’s Thunderbird Community Office Hours takes a short break from the core of Thunderbird and takes us into the world of extensions we call Add-ons. These allow our users to add features and options beyond the customization already available in Thunderbird by default.

February Office Hours Topic: Add-ons

<figcaption class="wp-element-caption">John Bieling: Sr. Software Engineer, Add-ons Ecosystem</figcaption>

We want it to be easy to make Thunderbird yours, and so does our community. The Thunderbird Add-on page shows the power of community-driven extensions. There are Add-ons for everything, from themes to integrations, that add even more customization to Thunderbird.

Our guest for this month’s Thunderbird Community Office Hours is John Bieling, who is the person responsible for Thunderbird’s add-on component. This includes the WebExtension APIs, add-on documentation, as well as community support. He hosts a frequent open call about Add-on development and is welcoming to any developers seeking help. Come join us to learn about Add-on development and meet a key developer in the space.

Catch Up On Last Month’s Thunderbird Community Office Hours

Before you join us on February 22 at 18:00 UTC, watch last month’s office hours with UX Engineer Elizabeth Mitchell. We had some great discussion around the Message Context Menu and testing beta and daily images. Watch the video and read more about our guest at last month’s blog post.

<figcaption class="wp-element-caption">Watch January’s Office Hours session, all about the message context menu</figcaption>

Join Us On Zoom

(Yes, we’re still on Zoom for now, but a Jitsi server for future office hours is in the works!)

When: February 22 at 18:00 UTC (10am PST / 1pm EST / 7pm CET)

Direct URL To Join: https://mozilla.zoom.us/j/97506306527
Meeting ID: 97506306527
Password: 319424

Dial by your location:

  • +1 646 518 9805 US (New York)
  • +1 669 219 2599 US (San Jose)
  • +1 647 558 0588 Canada
  • +33 1 7095 0103 France
  • +49 69 7104 9922 Germany
  • +44 330 088 5830 United Kingdom
  • Find your local number: https://mozilla.zoom.us/u/adkUNXc0FO

The call will be recorded and this post will be updated with a link to the recording afterwards.

The post February 2024 Community Office Hours: All About Add-Ons! appeared first on The Thunderbird Blog.

The Mozilla Thunderbird BlogThunderbird In 2023: The Milestones and The Lessons We Learned

A dark background with the old and new Thunderbird logos side by side, with the text "Thunderbird 2023 Recap"

The Thunderbird Project enjoyed a fantastic 2023. From my point of view – as someone who regularly engages with both the community and our team on a daily basis – the past year brought a renewed sense of purpose, sustainability, and excitement to Thunderbird. Let’s talk about a few of the awesome milestones Thunderbird achieved, but let’s also discuss where we stumbled and what lessons we learned along the way. 

Our 2023 Milestones

The biggest milestone of 2023 was Thunderbird 115 “Supernova.” This release marked the first step towards a more flexible, reliable, and customizable Thunderbird that will accommodate different needs and workflows. Work has been long underway to modernize huge amounts of old code, with the aim of modernizing Thunderbird to deliver new features even faster. The “Supernova” release represented the first fruits of those efforts, and there’s a lot more in the pipeline! 

Alongside Supernova came a brand new Thunderbird logo to signal the revitalization of the project. We finally (even a bit reluctantly) said goodbye to our beloved “wig on an envelope” and ushered in a new era of Thunderbird with a refreshed, redesigned logo. But it was important to honor our roots, which is why we hired Jon Hicks – the designer of the original Firefox and Thunderbird logos – to help us bring it to life. (Now that you’ve all been living with it for the last several months, has it grown on you? Let us know in the comments of this post!)

One 2023 milestone that deserves more attention is that we hired a dedicated User Support Specialist! Roland Tanglao has been working enthusiastically towards removing “documentation debt” and updating the 100s of Thunderbird support articles at support.mozilla.org (which you’ll see us refer to internally as “SUMO”). Beyond that, he keeps a watchful eye on our Matrix community support channel for emerging issues, and is in the forums answering as many help questions as humanly possible, alongside our amazing support volunteers. In a nutshell, Roland is doing everything he can to improve the experience of asking for and receiving support, modernize existing documentation, and create new guides and articles that make using Thunderbird easier.

These are some – not all – of our accomplishments from last year. But it’s time to shift focus to where we stumbled, and how we’ll do better. 

The Lessons We Learned In 2023

In 2023, we failed to finish some of the great features we wanted to bring to Thunderbird, including Sync and Account Hub (both of which, however, are still in development). We also missed our target release window for Thunderbird on Android, after deciding it was worth the extra development time to add the kind of functionality and flexibility you expect from Thunderbird software. 

Speaking of functionality you expect, we hear you loud and clear: you want Exchange support in Thunderbird. We’ve already done some exploratory work, and have enabled the usage of Rust in Thunderbird. This is a complex topic, but the short version is that this opens the doors for us to start implementing native support for the Exchange protocol. It’s officially on our roadmap!

We also believe our communication with you has fallen short of where it needs to be. There are times when we get so excited about things we’re working on that it seems like marketing hype. In other situations, we have over-promised and under-delivered because these projects haven’t been extensively scoped out.

We’re beginning to solve the latter issue with the recent hiring of Kelly McSweeney, Senior Technical PM. She joined our team late last year and brings 20 years of valuable experience to Thunderbird. In a nutshell, Kelly is building processes and tools to accurately gauge how long development time will realistically take, from extensive projects to the tiniest tasks. Basically, she’s getting us very organized and making things run much more efficiently! This not only means smoother operations across the organization, but also clearer communication with you going forward. 

And communication is our biggest area of opportunity right now, specifically with our global Thunderbird community. We haven’t been as transparent as an open source project should be, nor have we discussed our future plans frequently enough. We’ve had several meetings about this over the past few weeks, and we’re taking immediate steps to do better. 

To begin with, you’ll start seeing monthly Developer Digests like this one from Alex, aimed at giving you a closer look at the work currently being planned. We’re also increasing our activity on the Thunderbird mailing lists, where you can give us direct feedback about future improvements and features. 

In 2024 you can also look forward to monthly community Office Hours sessions. This is where you can get some face time (or just voice time) with our team, and watch presentations about upcoming features and improvements by the developer(s) working on them. 

One last thing: In 2023, Thunderbird’s Marketing & Communications team consisted of myself and Wayne Mery. This year Wayne and I are fortunate to be working alongside new team members Heather Ellsworth, Monica Ayhens-Madon, and Natalia Ivanova. Together, we’re going to work diligently to create more tutorials on the blog, more video guides, and more content to help you get the most out of Thunderbird – with a focus on productivity. 

How To Stay Updated

Thank you for being on this journey with us! If you want to get more involved and stay in touch, here are the best places to keep up with what’s happening at Thunderbird:

  • We will be more active right here on this blog, so come back once or twice per month to see what’s new.
  • If you enjoy the technical bits, want to help test Thunderbird, or you’re part of our contributor community, these mailing lists at Topicbox are ideal. 
  • Follow us on Mastodon or X/Twitter for more frequent – and fun – updates!
  • Join our Thunderbird Community Support room on Matrix if you need some help.

The post Thunderbird In 2023: The Milestones and The Lessons We Learned appeared first on The Thunderbird Blog.

The Mozilla BlogA New Chapter for Mozilla: Focused Execution and an Expanded Role in Charting the Internet’s Future

Today marks a significant moment in our journey, and I am thrilled to share some important news with you. After much thoughtful consideration, I have decided to transition from the role of CEO of Mozilla Corporation back to the position of Mozilla Corporation Executive Chairwoman, a role I held with great passion for many years. 

During my 25 years at Mozilla, I’ve worn many hats, and this move is driven by a desire to streamline our focus and leadership for the challenges ahead. I’ve been leading the Mozilla business through a transformative period, while also overseeing Mozilla’s broader mission. It’s become evident that both endeavors need dedicated full-time leadership. 

Enter Laura Chambers, a dynamic board member who will step into the CEO role for the remainder of this year. Laura brings a wealth of experience, having been an active and impactful member of the Mozilla board for three years. With an impressive background leading product organization at Airbnb, PayPal, eBay, and most recently as CEO of Willow Innovations, Laura is well-equipped to guide Mozilla through this transitional period. 

Her focus will be on delivering successful products that advance our mission and building platforms that accelerate momentum. Laura and I will be working closely together throughout February to ensure a seamless transition, and in my role as Exec Chair I’ll continue to provide advice and engage in areas that touch on our unique history and Mozilla characteristics. 

Laura’s focus will be on Mozilla Corporation with two key goals: 

1. Vision and Strategy for the Future: Refining the company’s vision and aligning the corporate and product strategy behind it. This will be grounded in our mission and unique strengths and shaped by our point of view on technology’s future and our role in it.

2. Outstanding Execution: Focus, Processes, Capabilities: Doubling down on our core products, like Firefox, and building out our capabilities and innovation pipeline to bring new compelling products to market. 

While Laura takes on the reins as CEO of Mozilla Corporation, I will return to supporting the CEO and leadership team as I have done previously as Exec Chair. In addition, I will expand my work in two critical areas: 

1. More consistently representing Mozilla in the public – With a focus on policy, open source, and community — through speaking and direct engagement with the community.

2. Representing Mozilla as a unified entity – bigger than the sum of our parts — as we continue to strengthen and refine how all the entities work together to advance our policy and community goals with greater urgency and speed. 

We’re at a critical juncture where public trust in institutions, governments, and the fabric of the internet has reached unprecedented lows. There’s a tectonic shift underway as everyone battles to own the future of AI. It is Mozilla’s opportunity and imperative to forge a better future. I’m excited about Laura’s day-to-day involvement and the chance for Mozilla to achieve more. Our power lies in the collective effort of people contributing to something better and I’m eager for Mozilla to meet the needs of this era more fully. 

Thank you to everyone who participates in Mozilla, supports us, cheers us on, and works towards similar goals. Your dedication is the driving force behind Mozilla’s impact and success. Here’s to a future filled with innovation, collaboration, and continued success! 

The post A New Chapter for Mozilla: Focused Execution and an Expanded Role in Charting the Internet’s Future appeared first on The Mozilla Blog.

Mozilla L10NA Deep Dive Into the Evolution of Pretranslation in Pontoon

Quite often, an imperfect translation is better than no translation. So why even publish untranslated content when high-quality machine translation systems are fast and affordable? Why not immediately machine-translate content and progressively ship enhancements as they are submitted by human translators?

At Mozilla, we call this process pretranslation. We began implementing it in Pontoon before COVID-19 hit, thanks to Vishal who landed the first patches. Then we caught some headwinds and didn’t make much progress until 2022 after receiving a significant development boost and finally launched it for the general audience in September 2023.

So far, 20 of our localization teams (locales) have opted to use pretranslation across 15 different localization projects. Over 20,000 pretranslations have been submitted and none of the teams have opted out of using it. These efforts have resulted in a higher translation completion rate, which was one of our main goals.

In this article, we’ll take a look at how we developed pretranslation in Pontoon. Let’s start by exploring how it actually works.

How does pretranslation work?

Pretranslation is enabled upon a team’s request (it’s off by default). When a new string is added to a project, it gets automatically pretranslated using a 100% match from translation memory (TM), which also includes translations of glossary entries. If a perfect match doesn’t exist, a locale-specific machine translation (MT) engine is used, trained on the locale’s translation memory.

Pretranslation opt-in form

Pretranslation opt-in form.

After pretranslations are retrieved and saved in Pontoon, they get synced to our primary localization storage (usually a GitHub repository) and hence immediately made available for shipping. Unless they fail our quality checks. In that case, they don’t propagate to repositories until errors or warnings are fixed during the review process.

Until reviewed, pretranslations are visually distinguishable from user-submitted suggestions and translations. This makes post-editing much easier and more efficient. Another key factor that influences pretranslation review time is, of course, the quality of pretranslations. So let’s see how we picked our machine translation provider.

Choosing a machine translation engine

We selected the machine translation provider based on two primary factors: quality of translations and the number of supported locales. To make translations match the required terminology and style as much as possible, we were also looking for the ability to fine-tune the MT engine by training it on our translation data.

In March 2022, we compared Bergamot, Google’s Cloud Translation API (generic), and Google’s AutoML Translation (with custom models). Using these services we translated a collection of 1,000 strings into 5 locales (it, de, es-ES, ru, pt-BR), and used automated scores (BLEU, chrF++) as well as manual evaluation to compare them with the actual translations.

Performance of tested MT engines for Italian (it).

Performance of tested MT engines for Italian (it).

Google’s AutoML Translation outperformed the other two candidates in virtually all tested scenarios and metrics, so it became the clear choice. It supports over 60 locales. Google’s Generic Translation API supports twice as many, but we currently don’t plan to use it for pretranslation in locales not supported by Google’s AutoML Translation.

Making machine translation actually work

Currently, around 50% of pretranslations generated by Google’s AutoML Translation get approved without any changes. For some locales, the rate is around 70%. Keep in mind however that machine translation is only used when a perfect translation memory match isn’t available. For pretranslations coming from translation memory, the approval rate is 90%.

Comparison of pretranslation approval rate between teams.

Comparison of pretranslation approval rate between teams.

To reach that approval rate, we had to make a series of adjustments to the way we use machine translation.

For example, we convert multiline messages to single-line messages before machine-translating them. Otherwise, each line is treated as a separate message and the resulting translation is of poor quality.

Multiline message:

Make this password unique and different from any others you use.
A good strategy to follow is to combine two or more unrelated
words to create an entire pass phrase, and include numbers and symbols.

Multiline message converted to a single-line message:

Make this password unique and different from any others you use. A good strategy to follow is to combine two or more unrelated words to create an entire pass phrase, and include numbers and symbols.

Let’s take a closer look at two of the more time-consuming changes.

The first one is specific to our machine translation provider (Google’s AutoML Translation). During initial testing, we noticed it would often take a long time for the MT engine to return results, up to a minute. Sometimes it even timed out! Such a long response time not only slows down pretranslation, it also makes machine translation suggestions in the translation editor less useful – by the time they appear, the localizer has already moved to translate the next string.

After further testing, we began to suspect that our custom engine shuts down after a period of inactivity, thus requiring a cold start for the next request. We contacted support and our assumption was confirmed. To overcome the problem, we were advised to send a dummy query to the service every 60 seconds just to keep the system alive.

Giphy: Oh No Wow GIF by Little Princess Ember

Image source: Giphy.

Of course, it’s reasonable to shut down inactive services to free up resources, but the way to keep them alive isn’t. We have to make (paid) requests to each locale’s machine translation engines every minute just to make sure they work when we need them. And sometimes even that doesn’t help – we still see about a dozen ServiceUnavailable errors every day. It would be so much easier if we could just customize the default inactivity period or pay extra for an always-on service.

The other issue we had to address is quite common in machine translation systems: they are not particularly good at preserving placeholders. In particular, extra space often gets added to variables or markup elements, resulting in broken translations.

Message with variables:

{ $partialSize } of { $totalSize }

Message with variables machine-translated to Slovenian (adding space after $ breaks the variable):

{$ partialSize} od {$ totalSize}

We tried to mitigate this issue by wrapping placeholders in <span translate=”no”>…</span>, which tells Google’s AutoML Translation to not translate the wrapped text. This approach requires the source text to be submitted as HTML (rather than plain text), which triggers a whole new set of issues — from adding spaces in other places to escaping quotes — and we couldn’t circumvent those either. So this was a dead-end.

The solution was to store every placeholder in the Glossary with the same value for both source string and translation. That approach worked much better and we still use it today. It’s not perfect, though, so we only use it to pretranslate strings for which the default (non-glossary) machine translation output fails our placeholder quality checks.

Making pretranslation work with Fluent messages

On top of the machine translation service improvements we also had to account for the complexity of Fluent messages, which are used by most of the projects we localize at Mozilla. Fluent is capable of expressing virtually any imaginable message, which means it is the localization system you want to use if you want your software translations to sound natural.

As a consequence, Fluent message format comes with a syntax that allows for expressing such complex messages. And since machine translation systems (as seen above) already have trouble with simple variables and markup elements, their struggles multiply with messages like this:

shared-photos =
 { $photoCount ->
    [one]
      { $userGender ->
        [male] { $userName } added a new photo to his stream.
        [female] { $userName } added a new photo to her stream.
       *[other] { $userName } added a new photo to their stream.
      }
   *[other]
      { $userGender ->
        [male] { $userName } added { $photoCount } new photos to his stream.
        [female] { $userName } added { $photoCount } new photos to her stream.
       *[other] { $userName } added { $photoCount } new photos to their stream.
      }
  }

That means Fluent messages need to be pre-processed before they are sent to the pretranslation systems. Only relevant parts of the message need to be pretranslated, while syntax elements need to remain untouched. In the example above, we extract the following message parts, pretranslate them, and replace them with pretranslations in the original message:

  • { $userName } added a new photo to his stream.
  • { $userName } added a new photo to her stream.
  • { $userName } added a new photo to their stream.
  • { $userName } added { $photoCount } new photos to his stream.
  • { $userName } added { $photoCount } new photos to her stream.
  • { $userName } added { $photoCount } new photos to their stream.

To be more accurate, this is what happens for languages like German, which uses the same CLDR plural forms as English. For locales without plurals, like Chinese, we drop plural forms completely and only pretranslate the remaining three parts. If the target language is Slovenian, two additional plural forms need to be added (two, few), which in this example results in a total of 12 messages needing pretranslation (four plural forms, with three gender forms each).

Finally, Pontoon translation editor uses custom UI for translating access keys. That means it’s capable of detecting which part of the message is an access key and which is a label the access key belongs to. The access key should ideally be one of the characters included in the label, so the editor generates a list of candidates that translators can choose from. In pretranslation, the first candidate is directly used as an access key, so no TM or MT is involved.

A screenshot of Notepad showing access keys in the menu.

Access keys (not to be confused with shortcut keys) are used for accessibility to interact with all controls or menu items using the keyboard. Windows indicates access keys by underlining the access key assignment when the Alt key is pressed. Source: Microsoft Learn.

Looking ahead

With every enhancement we shipped, the case for publishing untranslated text instead of pretranslations became weaker and weaker. And there’s still room for improvements in our pretranslation system.

Ayanaa has done extensive research on the impact of Large Language Models (LLMs) on translation efficiency. She’s now working on integrating LLM-assisted translations into Pontoon’s Machinery panel, from which localizers will be able to request alternative translations, including formal and informal options.

If the target locale could set the tone to formal or informal on the project level, we could benefit from this capability in pretranslation as well. We might also improve the quality of machine translation suggestions by providing existing translations into other locales as references in addition to the source string.

If you are interested in using pretranslation or already use it, we’d love to hear your thoughts! Please leave a comment, reach out to us on Matrix, or file an issue.

The Mozilla BlogEntrepreneur Trisha Prabhu dishes on technology’s evolution, AI and her early career success

At Mozilla, we know  we can’t create a better future alone, that is why each year we will be highlighting the work of 25 digital leaders using technology to amplify voices, effect change, and build new technologies globally through our Rise 25 Awards. These storytellers, innovators, activists, advocates. builders and artists are helping make the internet more diverse, ethical, responsible and inclusive.

This week, we chatted with winner Trisha Prabhu, an award-winning innovator, social entrepreneur, technologist and advocate that has combatted cyberbullying and online hate since the age of 13 to make the internet a better place for everyone. We talk with her about the evolution of her app to stop online hate, ReThink, her growth as a professional through college at Oxford and Harvard, her biggest inspirations and how she views the future of the internet.

How has ReThink evolved its technology from the early days in 2013 to adapt to an online climate in 2024, where the internet has flooded with more hate speech and bullying?

I think ReThink has evolved in two key ways. So first, I’ll say one of our biggest advantages is that we are platform-agnostic. So, because the technology is a keyboard, and it works at the keyboard level, we’re able to work across any platform, whether it’s social media, to email and text. That ended up being really handy for us because when I developed and designed the technologies and keyboard way back in 2013, I had no idea that the internet was going to play the role that it does today in our lives a decade later. 

<figcaption class="wp-element-caption">Trisha Prabhu at Mozilla’s Rise25 award ceremony in October 2023.</figcaption>

In terms of how things have changed and what we’ve had to kind of account for over the last decade, I think one big change has definitely been the type of cyberbullying that we see. When I first started this work, it was very text based — people using text to say mean things to each other. Certainly with the advent of AI (artificial intelligence) now in the last year, we’ve seen how image and video based harassment has become much more pervasive — people using memes, people using explicit images to bully, to harass, and to intimidate other people. One thing that we really had to adapt to and what we’re currently working on now is developing ReThink for detection of offensive images and videos, acknowledging that the way that people are harassing each other are changing. No doubt that work is going to continue. 

As we think about the metaverse, something that I’m really worried about is a world in which — and we’ve already had instances that this happened — users can be physically harassed right in the metaverse. It’s a completely different level of harm. As the harm itself evolves, we’ve been evolving. 

Another thing we’ve had to do is adapt the languages that we think are available and then the populations that it can serve. ReThink as it was developed 10 years ago was available in english. Today, on the Google Play Store, we’re available in nine languages. So, that’s been a huge evolution, to make the technology available for all those populations and think about the ways that cyberbullying is manifesting in these different contexts. 

What do you think is the biggest challenge we face online this year, and how do we combat that? 

I think the biggest issue that we face online this year would have to be the threat of AI to democracy and elections, just because there’s so much of the world that is voting in elections this year. Most recently, we had the Taiwanese elections in January. And, of course, here in the U.S., we’re going to have our election in November. I think that that is an issue that definitely stands out to me.

It’s not one that’s directly related to my work, but there are other issues that are constants. Child sexual exploitation, that’s an issue I do a lot of advocacy work on, and that’s an issue that remains constant and extremely important every year.

But if there’s one issue that I’d single out and say is very particular to this year specifically, it’s that it’s kind of the first year that we’re going to see our democratic institutions and these new (AI) technologies interact. I’m concerned, but I’m also hopeful in the sense that a lot of people are paying attention to this. So I think that this can be a really powerful year for learning and a chance to identify harms where they’re happening and hopefully take action. 

“I think the biggest issue that we face online this year would have to be the threat of AI to democracy and elections, just because there’s so much of the world that is voting in elections this year.”

Trisha Prabhu

You’ve achieved a lot of success at a very young age before you went to the University of Oxford and then Harvard. When you look back at that time in your life, what do you wish you wouldve known about entrepreneurship as a teenager? How did your college experience refine the work that you do now?

There are probably two things that I wish that I had known at that age that I definitely didn’t know. One was that, in entrepreneurship, failure is not a bad thing. It really is such an iterative process. For every success that I’ve had with ReThink, we’ve had so many moments of something not working, something not going through, us trying to figure something out. Certainly the work that we do, it’s so critical that we get it right. It’s so critical that we’re thinking about language in a really precise way, in a really nuanced way. It’s so critical that we’re thinking about what are the key concepts that we need to share with youth about anti hate and digital literacy? I figured, like a lot of young people — and a lot of people generally —  that if you fail at something, that means you must not be good at it or that it’s not working. And I think with entrepreneurship, there just needs to be a comfort with failure and a willingness to be open to learn from it. The best entrepreneurs are those that do that. I think some of the challenges we’ve seen on the internet today are not necessarily because of a discomfort or a failure, but an unwillingness to learn from it. I think that’s definitely something that I’ve learned since. 

Another thing that I didn’t know was that you don’t need to have a formal business education to be a great entrepreneur. I figured the best entrepreneurs were the ones who had gotten an MBA and had the fancy background. But the truth is, you can learn a lot on the job and you know your product and your mission, and you know the people that you’re trying to serve the best. Especially when you’re one of the people coming from the community that you’re trying to serve, and you have lived experience with the issue. That will take you so much further than an MBA ever will. I always felt a sense of insecurity of “I don’t have this formal training,” but I wish I could tell myself that what I did have, which was a knowledge of the ecosystem and the issues in a way that no adult in the room did, was tremendously more powerful. 

“My vision was, can I create an anti hate digital literacy resource that is written to youth in their voice that is actually something that as a 10-year-old, I would have wanted to read? That is fun, that is engaging, that is interesting. And so that was really what gave birth to ReThink The Internet.”

Trisha Prabhu

In terms of how college refined me, I think college was a time and an opportunity for me to start to get some of that formal education, and it was really, really powerful and helpful. But it also led me to say, “Hey, I actually did pretty good for not knowing all of this stuff.” It was the moment of realization that this is very powerful, and I’ve learned a lot. But also, “You can do a lot.” One of the biggest things I learned was that we are at the core of our education. So much of what I learned in school was not in the textbook. It was in conversation with other students or interrogating my own thoughts or perspectives. Recognizing your own source of power as an agent for change, as opposed to thinking that there is some prescribed way to make an impact, but that’s something that college affirmed for me that I didn’t really know as a young person that I would definitely tell myself now. You just have so much more capability and ability than you realize.

Obviously, you’ve won many different awards. You’ve received a lot of recognition. You’ve traveled to a lot of different places — Shark Tank, the White House, TED Talks. Is there one experience you’ve done that surprised you or felt really special to you?

A lot of things come to mind, including Mozilla’s Rise 25 award. If I were to pick something, I’d probably say the TED Talk that I did in India back in 2017. I went back to Mumbai, and it was actually a talk that I delivered in Hindi, which is not my first language. So, it was an interesting offer because it was a chance to talk about an issue that in India is very stigmatized — cyberbullying and mental health — to an audience that wasn’t maybe necessarily ready to hear the message and from someone who is not from the country. It surprised me because it was a chance to challenge myself. It was a chance to push myself out of my comfort zone to deliver a talk not in my native language. And it was also a chance, I think, to push the folks that I was speaking to out of their comfort zone and to say, “Hey, these aren’t topics that we talk about that we need to.” In the end, through that partnership with TED, they actually worked with a local television program in India and were able to televise the talks to 650 million Indian viewers, which is incredible. It was part of changing narratives of how we see certain issues. That was really powerful to me because it was anti hate advocacy in its most impactful form. 

I think to be able to do that work in a space where so few people were talking about these issues and know that I was igniting conversations, that felt really gratifying and super important. And it was awesome for me personally to have to push my own boundaries and kinda step out of my comfort zone a little.

We wanted to ask you about your book, “ReThink the Internet: How to Make The Digital World a Lot Less Sucky.” What inspired you to do that in 2022 at that point in your career? What was the most challenging part of that book to write? 

The inspiration for the book came from my experience traveling globally and talking with youth about the anti hate educational experiences they had, and coming away with this common thread, which was that it’s just so boring. (They think that) internet education is not exciting, it’s not interesting. (Youth felt that) It’s not engaging to me, I don’t like the resources that I’m being presented with, it makes us tune out.

And so my vision was, can I create an anti hate digital literacy resource that is written to youth in their voice that is actually something that as a 10-year-old, I would have wanted to read? That is fun, that is engaging, that is interesting. And so that was really what gave birth to ReThink The Internet.

It’s structured less as an educational guide and more as a series of seven fun vignettes and stories that teach seven lessons about responsible digital citizenship, but also offer opportunities for actually putting those lessons into practice, reflecting critically. So it’s a really nice balance, and the biggest piece of feedback I’ve heard is, “Wow, I actually really enjoyed reading this, and I went to it.” That was my vision, I wanted to create something young people actually liked.

What was the hardest part? It was probably thinking about how to do that. It was thinking back to me at, like, 10, 11, 12, like, what got me into a book. And how do I take these really complex topics like distinguishing inaccurate or misleading information from true information on the internet. How do I take a really big topic like that and make it accessible to a young audience and make it fun? So it was a lot of talking with young people about their experiences, reflecting on my own and brainstorming in creative ways to share stories that young people could resonate with. 

Where do you draw inspiration from in continuing the work that you do today?  

I draw inspiration from the young people that I work with. That is the young people who I have a chance to serve through my work with ReThink, who I advocate with for better internet. There are still so many young people who are suffering online because of internet harms. We see it today — there was a Senate judiciary hearing with five big tech CEOs testifying about youth safety. But there are so many young people who are survivors of internet challenges, parents that are survivors of internet challenges. And they, to me, are my constant inspiration and reminder that this work is not finished and that we have so much more to do and that we’ve got to press on and keep working for a better digital universe. 

“Way back when Web 2.0 was being launched, we didn’t have a diverse group of technologists creating our digital world. I think today, we’re starting to see that paradigm shift, where those voices are finally starting to be invited into the fold, and also we’re starting to demand our seat at the table.”

Trisha Prabhu

What is one action that you think everyone should take to be able to make the internet a little better?

I guess this is very consistent with my work, but I genuinely do think it’s a really small and yet super powerful thing that everyone can do: just to pause and think before you post and share. And that’s not just with respect to what you’re saying, but it’s even with respect to an article that you might be sharing. A lot of people don’t think of retweeting an article as a form of cyberbullying or hate, but depending on what you’re amplifying, especially if you haven’t taken the time to read that article, you might be inadvertently contributing to the spread of information that is less than the gold standard. If you’re composing a tweet or a message, you might say something in the heat of the moment looking at a phone instead of someone’s face that you regret later that you never say to someone in person. If everyone can just take a second to pause and think before they say something, I imagine our internet would look very different.

We started Rise 25 to celebrate Mozilla’s 25th anniversary. What do you hope people are celebrating in the next 25 years?  

I hope people are celebrating an internet that is more kind and an internet that celebrates difference and affirms people as they are. An internet that protects and safeguards our rights. And Mozilla has really been at the forefront of that fight, protecting people’s privacy, protecting people’s agency, protecting people’s right to have the digital experience that they want to have. I hope that the next 25 years are spent celebrating an internet where users are at the forefront of our digital experience and that it is one that is fundamentally safe, free and on.

What gives you hope about the future of the internet? 

I think what gives me hope about the future of the internet is the number of incredible young people, and members of historically underrepresented communities, that are stepping up and demanding a seat at the table when it comes to building a better internet and when it comes to building technologies of the future. I think that gap is one of the biggest reasons that we’ve seen so many internet harms today, being that we didn’t have young people that were a part of that process. Way back when Web 2.0 was being launched, we didn’t have a diverse group of technologists creating our digital world. I think today, we’re starting to see that paradigm shift, where those voices are finally starting to be invited into the fold, and also we’re starting to demand our seat at the table. And we’re starting to — as activists, as technologists, as builders, as creators, as visionaries — see the internet that we want and start putting it into place. I think that that gives me a lot of hope because with our perspectives and lived experiences at the forefront, I think we really can create an internet that belongs to everyone. 

Get Firefox

Get the browser that protects what’s important

The post Entrepreneur Trisha Prabhu dishes on technology’s evolution, AI and her early career success appeared first on The Mozilla Blog.

The Mozilla BlogIntroducing Mozilla Monitor Plus, a new tool to automatically remove your personal information from data broker sites

Today, Mozilla Monitor (previously called Firefox Monitor), a free service that notifies you when your email has been part of a breach, announced its new paid subscription service offering: automatic data removal and continuous monitoring of your exposed personal information. 

<figcaption class="wp-element-caption">Introducing Mozilla Monitor Plus</figcaption>

There’s a growing interest among 42% of young adults – aged 18-24 – who want to learn more about the types of information that companies have about them, according to a consumer privacy survey. Yet, taking the steps to request changes or delete personal data can be a bit overwhelming. At Mozilla, we’re always looking for ways to protect people’s privacy and give them greater control when they go online. Enter Monitor Plus.

“When we launched Monitor, our goal was to help people discover where their personal info may have been exposed. Now, with Monitor Plus, we’ll help people take back their exposed data from data broker sites that are trying to sell it,” said Tony Amaral-Cinotto, Product Manager of Mozilla Monitor at Mozilla. “Our long-standing commitment to put people’s needs first and our easy step-by-step process makes Monitor Plus unique. Additionally, we combine breach alerts and data broker removal to offer an all-in-one protection tool and make it easier for people to feel and be safe online.” 

First step: Find out where your personal information has been exposed

More than 10 million people have signed up with Mozilla Monitor so they can be notified when their personal data has been involved in a data breach. Today, we are rolling out a new feature with a free one-time scan, where people can take the next step to see where their personal information has been exposed on sites selling it for profit. This could include information like your name, current and previous home addresses, and phone numbers. It could also go another layer deeper with information like family member names, criminal history, your kids’ school district, and even your hobbies.

To get your complimentary scan, you will need to provide your first and last name, the current city and state that you live in, your date of birth, and your email address. This information will be encrypted and follows Mozilla’s privacy policy, which always puts people first. This is the least amount of information we need to get the most accurate search results for you. From there, you can see where your personal info is exposed, either through a data breach or through broker sites. We also include high risk data breaches – exposures that may include social security numbers, credit card information, your bank account and pin numbers – that you’ve been exposed to and show how you can fix and resolve it.

brief GIF showing the fields where you enter some personal data, then a screen showing "scanning for exposure", then the dashboard where you can fix.<figcaption class="wp-element-caption">Take the step to see where your personal info has been exposed</figcaption>

Second step: Take back your personal information with Monitor Plus

If you’re the type who wants to set it and forget it, because you know the work is happening behind the scenes, then we can automatically and continuously request to remove your personal information with an annual paid subscription of $8.99 per month ($107.88 a year). On your behalf, Mozilla Monitor will start with data removal requests, then scan every month to make sure your personal information stays off data broker sites. Monitor Plus will let you know once your personal information has been removed from more than 190+ data broker sites, twice the number of other competitors. 

<figcaption class="wp-element-caption">See the actual sites where your personal info has been exposed</figcaption>
<figcaption class="wp-element-caption">Mark as fixed in the dashboard</figcaption>

At launch, the Monitor Plus free scan and paid subscription service will be offered to people based in the United States. 

Privacy starts with a Mozilla Account

Mozilla has built a reputation of creating and delivering products – Firefox and Mozilla VPN – that put people’s privacy needs first so you can count on Mozilla Monitor as an ally in reclaiming your privacy. In order to get a free scan and sign up for the paid automated data removal, you’ll need to get a Mozilla Account (previously known as a Firefox Account). With a Mozilla Account, you’ll get security benefits such as two-factor authentication powered by Mozilla, as well as backed by Mozilla’s terms of service and privacy policy. To learn about the benefits of having a Mozilla Account, click here.

Find out where your private info is exposed – and take it back

Try a free scan today with Mozilla Monitor!

The post Introducing Mozilla Monitor Plus, a new tool to automatically remove your personal information from data broker sites  appeared first on The Mozilla Blog.

Mozilla L10NL10n Report: February 2024 Edition

Please note some of the information provided in this report may be subject to change as we are sometimes sharing information about projects that are still in early stages and are not final yet. 

New content and projects

What’s new or coming up in Firefox desktop

While the amount of content has been relatively small over the last few months in Firefox, there have been some UI changes and updates to privacy setting related text such as form autofill, Cookie Banner Blocker, passwords (about:logins), and cookie and site data*. One change happening here (and across all Mozilla products) is the move away from using the term “login” to describe the credentials for accessing websites and instead use “password(s).”

In addition, while the number of strings is low, Firefox’s PDF viewer will soon have the ability to highlight content. You can test this feature now in Nightly.

Most of these strings and translations can be previewed by checking a Nightly build. If you’re new to localizing Firefox or if you missed our deep dive, please check out our blog post from July to learn more about the Firefox release schedule.

*Recently in our L10N community matrix channel, someone from our community asked how the new strings for clearing browsing history and data (see screenshot below) from Cookie and Site Data could be shown in Nightly.

Pontoon screenshot showing the strings for clearing browsing history and data from Cookie and Site Data.In order to show the strings in Nightly, the privacy.sanitize.useOldClearHistoryDialog preference needs to be set to false. To set the preference, type about:config in your URL bar and press enter. A warning may pop up warning you to proceed with caution, click the button to continue. On the page that follows, paste privacy.sanitize.useOldClearHistoryDialog into the search field, then click the toggle button to change the value to false.

You can then trigger the new dialog by clicking “Clear Data…” from the Cookies and Site Data setting or “Clear History…” from the History. (You may need to quit Firefox and open it again for the change to take effect.).

In case of doubts about managing about:config, you can consult the Configuration Editor guide on SUMO.

What’s new or coming up in mobile

Much like desktop, mobile land has been pretty calm recently.

Having said that, we would like to call out the new Translation feature that is now available to test on the latest Firefox for Android v124 Nightly builds (this is possible only through the secret settings at the moment). It’s a built-in full page translation feature that allows you to seamlessly browse the web in your preferred language. As you navigate the site, Firefox continuously translates new content.

Check your Pontoon notifications for instructions on how to test it out. Note that the feature is not available on iOS at the moment.

In the past couple of months you may have also noticed strings mentioning a new shopping feature called “Review Checker” (that we mentioned for desktop in our November edition). The feature is still a bit tricky to test on Android, but there are instructions you can follow – these can also be found in your Pontoon notification archive.

For testing on iOS, you just need to have the latest Beta version installed and navigate to the product pages on the US sites of amazon.com, bestbuy.com, and walmart.com. A logo in the URL bar will appear with a notification, to launch and test the feature.

Finally, another notable change that has been called out under the Firefox desktop section above: we are moving away from using the term “login” to describe the credentials for accessing websites and instead use “password(s).”

What’s new or coming up in Foundation projects

New languages have been added to Common Voice in 2023: Tibetan, Chichewa, Ossetian, Emakhuwa, Laz, Pular Guinée, Sindhi. Welcome!

What’s new or coming up in Pontoon

Improved support for mobile devices

Pontoon translation workspace is now responsive, which means you can finally use Pontoon on your mobile device to translate and review strings! We developed a single-column layout for mobile phones and 2-column layout for tablets.

Screenshot of Pontoon UI on a smartphone running Firefox for Android

Screenshot of Pontoon UI on a smartphone running Firefox for Android

2024 Pontoon survey

Thanks again to everyone who has participated in the 2024 Pontoon survey. The 3 top-voted features we commit to implement are:

  1. Add ability to edit Translation Memory entries (611 votes).
  2. Improve performance of Pontoon translation workspace and dashboards (603 votes).
  3. Add ability to propose new Terminology entries (595 votes).

Friends of the Lion

We started a series called “Localizer Spotlight” and have published two already. Do you know someone who should be featured there? Let us know here!

Also, do someone in your l10n community who’s been doing a great job and should appear in this section? Contact us and we’ll make sure they get a shout-out!

Useful Links

Questions? Want to get involved?

If you want to get involved, or have any question about l10n, reach out to:

Did you enjoy reading this report? Let us know how we can improve it.

hacks.mozilla.orgAnnouncing Interop 2024

The Interop Project has become one of the key ways that browser vendors come together to improve the web platform. By working to identify and improve key areas where differences between browser engines are impacting users and web developers, Interop is a critical tool in ensuring the long-term health of the open web.

The web platform is built on interoperability based on common standards. This offers users a degree of choice and control that sets the web apart from proprietary platforms defined by a single implementation. A commitment to ensuring that the web remains open and interoperable forms a fundamental part of Mozilla’s manifesto and web vision, and is why we’re so committed to shipping Firefox with our own Gecko engine.

However interoperability requires care and attention to maintain. When implementations ship with differences between the standard and each other, this creates a pain point for web authors; they have to choose between avoiding the problematic feature entirely and coding to specific implementation quirks. Over time if enough authors produce implementation-specific content then interoperability is lost, and along with it user agency.

This is the problem that the Interop Project is designed to address. By bringing browser vendors together to focus on interoperability, the project allows identifying areas where interoperability issues are causing problems, or may do in the near future. Tracking progress on those issues with a public metric provides accountability to the broader web community on addressing the problems.

The project works by identifying a set of high-priority focus areas: parts of the web platform where everyone agrees that making interoperability improvements will be of high value. These can be existing features where we know browsers have slightly different behaviors that are causing problems for authors, or they can be new features which web developer feedback shows is in high demand and which we want to launch across multiple implementations with high interoperability from the start. For each focus area a set of web-platform-tests is selected to cover that area, and the score is computed from the pass rate of these tests.

Interop 2023

The Interop 2023 project covered high profile features like the new :has() selector, and web-codecs, as well as areas of historically poor interoperability such as pointer events.

The results of the project speak for themselves: every browser ended the year with scores in excess of 97% for the prerelease versions of their browsers. Moreover, the overall Interoperability score — that is the fraction of focus area tests that pass in all participating browser engines — increased from 59% at the start of the year to 95% now. This result represents a huge improvement in the consistency and reliability of the web platform. For users this will result in a more seamless experience, with sites behaving reliably in whichever browser they prefer.

For the :has() selector — which we know from author feedback has been one of the most in-demand CSS features for a long time — every implementation is now passing 100% of the web-platform-tests selected for the focus area. Launching a major new platform feature with this level of interoperability demonstrates the power of the Interop project to progress the platform without compromising on implementation diversity, developer experience, or user choice.

As well as focus areas, the Interop project also has “investigations”. These are areas where we know that we need to improve interoperability, but aren’t at the stage of having specific tests which can be used to measure that improvement. In 2023 we had two investigations. The first was for accessibility, which covered writing many more tests for ARIA computed role and accessible name, and ensuring they could be run in different browsers. The second was for mobile testing, which has resulted in both Mobile Firefox and Chrome for Android having their initial results in wpt.fyi.

Interop 2024

Following the success of Interop 2023, we are pleased to confirm that the project will continue in 2024 with a new selection of focus areas, representing areas of the web platform where we think we can have the biggest positive impact on users and web developers.

New Focus Areas

New focus areas for 2024 include, among other things:

  • Popover API – This provides a declarative mechanism to create content that always renders in the topmost-layer, so that it overlays other web page content. This can be useful for building features like tooltips and notifications. Support for popover was the #1 author request in the recent State of HTML survey.
  • CSS Nesting – This is a feature that’s already shipping, which allows writing more compact and readable CSS files, without the need for external tooling such as preprocessors. However different browsers shipped slightly different behavior based on different revisions of the spec, and Interop will help ensure that everyone aligns on a single, reliable, syntax for this popular feature.
  • Accessibility – Ensuring that the web is accessible to all users is a critical part of Mozilla’s manifesto. Our ability to include Accessibility testing in Interop 2024 is a direct result of the success of the Interop 2023 Accessibility Investigation in increasing the test coverage of key accessibility features.

The full list of focus areas is available in the project README.

Carryover

In addition to the new focus areas, we will carry over some of the 2023 focus areas where there’s still more work to be done. Of particular interest is the Layout focus area, which will combine the previous Flexbox, Grid and Subgrid focus area into one area covering all the most important layout primitives for the modern web. On top of that the Custom Properties, URL and Mouse and Pointer Events focus areas will be carried over. These represent cases where, even though we’ve already seen large improvements in Interoperability, we believe that users and web authors will benefit from even greater convergence between implementations.

Investigations

As well as focus areas, Interop 2024 will also feature a new investigation into improving the integration of WebAssembly testing into web-platform-tests. This will open up the possibility of including WASM features in future Interop projects. In addition we will extend the Accessibility and Mobile Testing investigations, as there is more work to be done to make those aspects of the platform fully testable across different implementations.

Partner Announcements

The post Announcing Interop 2024 appeared first on Mozilla Hacks - the Web developer blog.

The Mozilla BlogMozilla’s Biggest AI Moments

Just over a year ago Mozilla launched two big investments in AI — a $35 million investment in a responsible tech fund, Mozilla Ventures and a $30 million investment in a R+D Lab developing trustworthy AI, Mozilla.AI. Since those initial investments, Mozilla has accelerated our efforts to build and deploy AI that adheres to our mission of 25 years — putting people first, while being truly trustworthy and open.

While AI was the story of 2023, the emphasis on AI is not going anywhere. Today’s complex ethical tech landscape is shaped by the rise of AI and its profound impact on society, just as the browser battles shaped the tech landscape of the 90s. Mozilla is focused on using philanthropy, community and collective power, to help create a new status quo where public good instead of profit defines the next wave of AI. The many possibilities of AI, both wondrous and harmful, cannot be ignored, so instead Mozilla has been doing our best to shape the future of AI to be responsible, trustworthy, inclusive and centered around human dignity.

Mozilla is uniquely set up to do this because of our structure as both a nonprofit research hub and a mission-driven, for -profit product organization. Mozilla’s distinct advantage in this moment is the ability to bring together advocacy and product, connecting cause to code and tackling issues in AI from every angle.

This is work we won’t stop doing.

Explore Mozilla’s latest advancements in more detail below :

November 2022 Mozilla launched $35M responsible tech fund Investment portfolio includes AI companies Fiddler, Lelapa and Themis

Mozilla launched a venture capital fund for early-stage (seed or series A) startups whose products or technologies protect privacy, decentralize digital power and build more trustworthy AI — advancing privacy, inclusion, transparency, human dignity and other values in the Mozilla Manifesto

March 2023 Invested $30M in Mozilla.ai Launched R+D lab developing trustworthy and open-source AI models

After speaking to thousands of founders, engineers. Scientists, artists, designers and activists who are taking a new approach to AI — one founded in human agency and transparency, but not feeling that new approach from the big tech and cloud companies with the most power, Mozilla announced Mozilla.ai. It is a start-up and community dedicated to building a trustworthy and independent open-source AI ecosystem. 

April 2023 Mozilla co-writes AI regulation policy brief guiding EU’s AI Act Garnering 50+ individual expert and institutional signatories

Mozilla, among a larger group of more than 50 notable artificial intelligence researchers, urged European politicians to adopt broader AI regulation and not exclude generative AI from the European Union’s AI Act as co-authors of the brief.

May 2023 Acquired Fakespot Expanded AI efforts with product that utilizes AI to discern deceptive customer reviews

For close to thirty years, commerce has been core to how people use the internet. The global ecommerce scale-up has brought convenience to people’s lives, but also new challenges and bad actors. Enter: Fakespot. Mozilla acquired Fakespot to continue to invest and enhance their sophisticated AI and machine learning (ML) systems to flag deceptive reviews and help people trust and enjoy their online shopping experience more. 

May 2023 Hosted inaugural Responsible AI Challenge Challenged builders to design trustworthy AI solutions

Mozilla brought together some of the brightest thinkers, technologists, ethicists and business leaders who believe in trustworthy AI for a day of talks, workshops and working sessions to help them get their ideas off the ground through Mozilla’s Responsible AI Challenge. The goal was to inspire, support and invest in a community of builders working on responsible AI products and solutions. Mozilla invested $50,000 into the top applicant and projects presented.

June 2023 Open-Source Research & Investigations AI Team Launched Focusing on platform integrity amid elections

Funding gaps and aggressive actions by big platforms are hampering the important work of independent public interest research scrutinizing the technology industry’s impact on society. In order to fill this gap, produce more independent investigations and help inform better public policy, Mozilla launched The Open Source Research and Investigations (OSRI) team. OSRI’s work is largely community-driven, leveraging crowdsourced data donations with their first project focused on TikTok. 

July 2023 Introduced AI Help (Beta) on MDN Creating rapid access to extensive database and coding best practices

MDN launched AI Help as an assistant for web developers. The tool enhances search efficiency by distilling MDN articles into relevant answers. Users can ask questions, receive streamlined responses with sources, and directly test code in the MDN playground. AI Help boosts productivity, making navigation on MDN faster and more intuitive for developers.

September 2023 MozFest Debuted in Kenya Mobilizing East African AI community on critical issues

Mozilla Festival’s House debuted in Kenya embodying Africa Innovation Mradi work through confronting pressing realities at the intersection of emergency technology and the African continent, including digital extractivism and AI governance. MozFest House Kenya featured over 20 sessions aligned under the theme “Mobilizing African Communities for Trustworthy AI.”

September 2023 Mozilla AI Researchers featured in TIME 100 in AI Two researchers celebrated for their work

Mozilla Trustworthy AI researchers, Inioluwa Deborah Raji (Mozilla Fellow) and Abeba Birhane (Senior Adviser in AI Accountability at the Mozilla Foundation) were named to the TIME100 Most Influential People in AI. 

October 2023 AI Guide Launched Introduces online hub for builders to access resources on responsible AI development

Mozilla announced the availability of its AI Guide, a collaborative and interactive web resource that serves as the starting point for developers diving into the world of AI, especially large language models (LLMs). Not only do developers get access to learning modules and curated tools, they can also contribute through Github, making this a community-powered learning tool.

October 2023 Mozilla attended AI Safety Summit AI Leaders convened in London for a summit focused on AI safety

AI Leaders from around the world, including Mozilla convened near London for the AI Safety Summit organized by the UK government. In a joint declaration, the countries attending the summit pledged to collaborate on AI safety just as Parliament announced the formation of an AI Safety Institute

October 2023 Called for more Openness in AI Released statement on AI safety garnering 1,800+ signatories

Ahead of the Summit, Mozilla published a joint statement on the importance of openness for AI safety with collaborators in the open source community. The statement included 1,800+ signatories, including Nobel Peace Prize winner, Maria Ressa, and several government ministers.

October 2023 Co-signed Open Letter to UK Prime Minister Raised flags on lack of civil society representation prior to AI Safety Summit

Mozilla co-signed an open letter to Prime Minister Rishi Sunak emphasizing the lack of civil society representation at the Summit.

November 2023 Commented on Biden’s AI Executive Order Welcoming the order but pointing out gaps regarding open-source AI

The White House released a sweeping executive order on AI. The executive order covers a wide range of issues, from safety and security to privacy to civil rights and consumer protection. Mozilla President, Mark Surman spoke with numerous policy media including Gizmodo and Fedscoop to advocate for the importance of AI governance to advance privacy and open-source development in AI.

November 2023 Unveiled $200M AI Fund Collaborated on collective commitment from U.S. VP Harris and nine other foundations

Mozilla joined a coalition of 10 leading philanthropies, with leadership from US Vice President Kamala Harris, to invest $200 million in a more trustworthy AI ecosystem. In the coming years, the 10 philanthropies will focus their grantmaking on five key areas identified by Vice President Harris including the intersection of AI with democracy, international rules, and workers’ rights. 

November 2023 AI-Powered Fakespot Chat Launches Mozilla’s first large-language model and AI agent to help online shoppers

Fakespot Chat is a new AI agent that Mozilla started testing as Mozilla’s first LLM. Fakespot Chat, currently available to 100% of Fakespot.com users, serves as a shopping guide, answers your product questions, suggests questions, and recommends alternatives so you can buy with confidence. It serves as an online shopping guide, creating an experience similar to talking to a customer service person while in a physical store. Fakespot Chat uses AI and machine learning to find the answers from product reviews, filtering out fake reviews to help shoppers not only save time, but also trust their purchasing decisions.

November 2023 Mozilla Joined ‘AI Insight Forum’ in U.S. Senate Discussed privacy and liability in AI with U.S. Senators

Mozilla Foundation President, Mark Surman, spoke with members of the US Senate, including Senator Leader Schumer, Senator Rounds, Senator Heinrich and Senator Young about two of what Mozilla believes are the most critical questions we must ask if we’re to chart a better path forward with AI: Howe can we protect people’s privacy in the AI era? And how can we ensure that those who cause harm through AI can be held both accountable and liable?

November 2023 Director of Mozilla.ai Presents to UK’s House of Lords Shared position on open-source AI and technical liability concerns

Moez Draief, Director of Mozilla.ai presented Mozilla’s stance on open source AI and addressed issues around technical liability before the UK’s House of Lords’ Communications and Digital Committee during a formal inquiry into LLMs.

November 2023 Mozilla Meetups in D.C., London and Brussels Featured AI experts from senate, parliament, academia and nonprofits with 200 guests in attendance across markets

At our ‘Mozilla Meetup’ event in Washington, D.C. Our SVP of Innovation Ecosystems, Imo Udom, engaged in a fireside chat with the White House Deputy CTO  — focusing on the intersection between AI, open source, and privacy — followed by a panel discussion featuring experts from the Senate, civil society, and academia. Over 80 people attended the event.

Mozilla hosted a Policy Talks panel in Westminster, London where our VP, Global Policy, Linda Griffin discussed the nuances of open source AI and how to balance innovation with safety. Panelists included various AI policy experts and featured Alex Davies-Jones, Member of Parliament, and an associate director from the Ada Lovelace Institute, an independent research institute with a mission to ensure data and AI benefit society. 

Mozilla also reintroduced ‘Mozilla Mornings’ in Brussels. The event highlighted the interplay of AI with open markets and competition, and included a keynote by a Member of the European Parliament.

November 2023 Mozilla CEO Joined French Prime Minister’s Generative AI Committee Defended open-source values and discussed AI’s societal impacts in Paris

Mozilla CEO, Mitchell Baker defended open source values and discussed AI’s societal impacts with the Generative AI Committee set up by the French Prime Minister in Paris.

December 2023 Mozilla Innovation Week Celebrated and announced multiple AI-based innovation projects

Mozilla announced several AI-based innovation projects we are working on that explore the vast AI opportunities that exist, and invited the Mozilla community to join us in collaborative conversations on our AI Discord

December 2023 Mozilla Announced Three Mozilla AI-based Innovation Projects Introducing Solo, MemoryCache, and llamafile

Mozilla shared with the public three new experimental, prototype tools — an AI website builder for solopreneurs, Solo, an innovation project that augments an on-device, personal model with local files saved from the browser to reflect a more personalized and tailored experience through the lens of privacy and agency, MemoryCache, and llamafile, an open-source initiative that collapses a full-stack LLM chatbot down to a single file that runs on six operations systems.

The post Mozilla’s Biggest AI Moments appeared first on The Mozilla Blog.

The Mozilla Thunderbird BlogThunderbird Monthly Development Digest: January 2024

Hello Thunderbird Community! I’m very happy to kick off a new monthly Thunderbird development recap in order to bring a deeper look and understanding of what we’re working on, and the status of these efforts. (We also publish monthly progress reports on Thunderbird for Android.)

These monthly digests will be in a very short format, focusing primarily on the work that is currently being planned or initiated that is not yet fully captured in BugZilla. Nonetheless, we’re putting it out there to cherish and fully embrace the open nature of Thunderbird.

Without further ado, let’s get into it!

2024 Thunderbird Development Roadmaps Published

Over at DTN, we’ve published initial 2024 roadmaps for the work we have planned on Thunderbird for desktop, and Thunderbird for Android. These will be updated periodically as we continue to scope out each project.

Global Message Database

Our database is currently based on Mork, which is a very old paradigm that creates a lot of limitations, blocking us from doing anything remotely modern or expected (a real threaded conversation view is a classic example). Removing and reworking this implementation, which is at the very core of every message and folder interaction, is not an easy lift and requires a lot of careful planning and exploration, but the work is underway.

You can follow the general effort in Bug 1572000.

The first clean up effort is targeted at removing the old and bad paradigm of the “non-unique unique ID” (kudos to our very own Ben Campbell for coining this term), which causes all sorts of problems. You can follow the work in Bug 1806770.

Cards view final sprint

If you’re using Daily or Beta you might have already seen a lot of drastic differences from 115 for Cards View.

Currently, we’re shaping up the final sprint to polish what we’ve implemented and add extra needed features. We’re in the process of opening all the needed bugs and assigning resources for this final sprint. You can follow the progress by tracking this meta bug and all its child bugs.

As usual, we will continue sharing plans and mock-ups in the UX mailing list, so make sure to follow that if you’re interested in seeing early visual prototypes before any code is touched.

Rust Implementation and Exchange Support

This is a very large topic and exploration that requires dedicated posts and extensive recaps. The short story is that we were able to enable the usage of Rust in Thunderbird, therefore opening the doors for us to start implementing native support for the Exchange protocol by building and vendoring a Rust crate.

Once we have a stable and safe implementation, we will share that crate publicly on a GitHub repo so everyone will be able to vendor it and improve it.

Make sure to follow tb-planning and tb-developers mailing lists to soon get more detailed and very in depth info on Rust and Exchange in Thunderbird.

As usual, if you want to see things as they land you can always check the pushlog and try running daily, which would be immensely helpful for catching bugs early.

Alessandro Castellani (he, him)
Director of Product Engineering

If you’re interested in joining the discussion around Thunderbird development, consider joining one or several of our mailing list groups here.

The post Thunderbird Monthly Development Digest: January 2024 appeared first on The Thunderbird Blog.

hacks.mozilla.orgOption Soup: the subtle pitfalls of combining compiler flags

Firefox development uncovers many cross-platform differences and unique features of its combination of dependencies. Engineers working on Firefox regularly overcome these challenges and while we can’t detail all of them, we think you’ll enjoy hearing about some so here’s a sample of a recent technical investigation.

During the Firefox 120 beta cycle, a new crash signature appeared on our radars with significant volume.

At that time, the distribution across operating systems revealed that more than 50% of the crash volume originates from Ubuntu 18.04 LTS users.

The main process crashes in a CanvasRenderer thread, with the following call stack:

0  firefox  std::locale::operator=  
1  firefox  std::ios_base::imbue  
2  firefox  std::basic_ios<char, std::char_traits<char> >::imbue  
3  libxul.so  sh::InitializeStream<std::__cxx11::basic_ostringstream<char, std::char_traits<char>, std::allocator<char> > >  /build/firefox-ZwAdKm/firefox-120.0~b2+build1/gfx/angle/checkout/src/compiler/translator/Common.h:238
3  libxul.so  sh::TCompiler::setResourceString  /build/firefox-ZwAdKm/firefox-120.0~b2+build1/gfx/angle/checkout/src/compiler/translator/Compiler.cpp:1294
4  libxul.so  sh::TCompiler::Init  /build/firefox-ZwAdKm/firefox-120.0~b2+build1/gfx/angle/checkout/src/compiler/translator/Compiler.cpp:407
5  libxul.so  sh::ConstructCompiler  /build/firefox-ZwAdKm/firefox-120.0~b2+build1/gfx/angle/checkout/src/compiler/translator/ShaderLang.cpp:368
6  libxul.so  mozilla::webgl::ShaderValidator::Create  /build/firefox-ZwAdKm/firefox-120.0~b2+build1/dom/canvas/WebGLShaderValidator.cpp:215
6  libxul.so  mozilla::WebGLContext::CreateShaderValidator const  /build/firefox-ZwAdKm/firefox-120.0~b2+build1/dom/canvas/WebGLShaderValidator.cpp:196
7  libxul.so  mozilla::WebGLShader::CompileShader  /build/firefox-ZwAdKm/firefox-120.0~b2+build1/dom/canvas/WebGLShader.cpp:98

At first glance, we want to blame WebGL. The C++ standard library functions cannot be at fault, right?

But when looking at the WebGL code, the crash occurs in the perfectly valid lines of C++ summarized below:

std::ostringstream stream;
stream.imbue(std::locale::classic());

This code should never crash, and yet it does. In fact, taking a closer look at the stack gives a first lead for investigation:
Although we crash into functions that belong to the C++ standard library, these functions appear to live in the firefox binary.

This is an unusual situation that never occurs with official builds of Firefox.
It is however very common for distribution to change the configuration settings and apply downstream patches to an upstream source, no worries about that.
Moreover, there is only a single build of Firefox Beta that is causing this crash.

We know this thanks to a unique identifier associated with any ELF binary.
Here, if we choose any specific version of Firefox 120 Beta (such as 120b9), the crashes all embed the same unique identifier for firefox.

Now, how can we guess what build produces this weird binary?

A useful user comment mentions that they regularly experience this crash since updating to 120.0~b2+build1-0ubuntu0.18.04.1.
And by looking for this build identifier, we quickly reach the Firefox Beta PPA.
Then indeed, we are able to reproduce the crash by installing it in a Ubuntu 18.04 LTS virtual machine: it occurs when loading any WebGL page!
With the binary now at hand, running nm -D ./firefox confirms the presence of several symbols related to libstdc++ that live in the text section (T marker).

Templated and inline symbols from libstdc++ usually appear as weak (W marker), so there is only one explanation for this situation: firefox has been statically linked with libstdc++, probably through -static-libstdc++.

Fortunately, the build logs are available for all Ubuntu packages.
After some digging, we find the logs for the 120b9 build, which indeed contain references to -static-libstdc++.

But why?

Again, everything is well documented, and thanks to well trained digging skills we reach a bug report that provides interesting insights.
Firefox requires a modern C++ compiler, and hence a modern libstdc++, which is unavailable on old systems like Ubuntu 18.04 LTS.
The build uses -static-libstdc++ to close this gap.
This just explains the weird setup though.

What about the crash?

Since we can now reproduce it, we can launch Firefox in a debugger and continue our investigation.
When inspecting the crash site, we seem to crash because std::locale::classic() is not properly initialized.
Let’s take a peek at the implementation.

const locale& locale::classic()
{
  _S_initialize();
  return *(const locale*)c_locale;
}

_S_initialize() is in charge of making sure that c_locale will be properly initialized before we return a reference to it.
To achieve this, _S_initialize() calls another function, _S_initialize_once().

void locale::_S_initialize()
{
#ifdef __GTHREADS
  if (!__gnu_cxx::__is_single_threaded())
    __gthread_once(&_S_once, _S_initialize_once);
#endif

  if (__builtin_expect(!_S_classic, 0))
    _S_initialize_once();
}

In _S_initialize(), we first go through a wrapper for pthread_once(): the first thread that reaches this code consumes _S_once and calls _S_initialize_once(), whereas other threads (if any) are stuck waiting for _S_initialize_once() to complete.

This looks rather fail-proof, right?

There is even an extra direct call to _S_initialize_once() if _S_classic is still uninitialized after that.
Now, _S_initialize_once() itself is rather straightforward: it allocates _S_classic and puts it within c_locale.

void
locale::_S_initialize_once() throw()
{
  // Need to check this because we could get called once from _S_initialize()
  // when the program is single-threaded, and then again (via __gthread_once)
  // when it's multi-threaded.
  if (_S_classic)
    return;

  // 2 references.
  // One reference for _S_classic, one for _S_global
  _S_classic = new (&c_locale_impl) _Impl(2);
  _S_global = _S_classic;
  new (&c_locale) locale(_S_classic);
}

The crash looks as if we never went through _S_initialize_once(), so let’s put a breakpoint there and see what happens.
And just by doing this, we already notice something suspicious.
We do reach _S_initialize_once(), but not within the firefox binary: instead, we only ever reach the version exported by liblgpllibs.so.
In fact, liblgpllibs.so is also statically linked with libstdc++, such that firefox and liblgpllibs.so both embed and export their own _S_initialize_once() function.

By default, symbol interposition applies, and _S_initialize_once() should always be called through the procedure linkage table (PLT), so that every module ends up calling the same version of the function.
If symbol interposition were happening here, we would expect that liblgpllibs.so would reach the version of _S_initialize_once() exported by firefox rather than its own, because firefox was loaded first.

So maybe there is no symbol interposition.

This can occur when using -fno-semantic-interposition.

Each version of the standard library would live on its own, independent from the other versions.
But neither the Firefox build system nor the Ubuntu maintainer seem to pass this flag to the compiler.
However, by looking at the disassembly for _S_initialize() and _S_initialize_once(), we can see that the exported global variables (_S_once, _S_classic, _S_global) are subject to symbol interposition:

These accesses all go through the global offset table (GOT), so that every module ends up accessing the same version of the variable.
This seems strange given what we said earlier about _S_initialize_once().
Non-exported global variables (c_locale, c_locale_impl), however, are accessed directly without symbol interposition, as expected.

We now have enough information to explain the crash.

When we reach _S_initialize() in liblgpllibs.so, we actually consume the _S_once that lives in firefox, and initialize the _S_classic and _S_global that live in firefox.
But we initialize them with pointers to well initialized variables c_locale_impl and c_locale that live in liblgpllibs.so!
The variables c_locale_impl and c_locale that live in firefox, however, remain uninitialized.

So if we later reach _S_initialize() in firefox, everything looks as if initialization has happened.
But then we return a reference to the version of c_locale that lives in firefox, and this version has never been initialized.

Boom!

Now the main question is: why do we see interposition occur for _S_once but not for _S_initialize_once()?
If we step back for a minute, there is a fundamental distinction between these symbols: one is a function symbol, the other is a variable symbol.
And indeed, the Firefox build system uses the -Bsymbolic-function flag!

The ld man page describes it as follows:

-Bsymbolic-functions

When creating a shared library, bind references to global function symbols to the definition within the shared library, if any.  This option is only meaningful on ELF platforms which support shared libraries.

As opposed to:

-Bsymbolic

When creating a shared library, bind references to global symbols to the definition within the shared library, if any.  Normally, it is possible for a program linked against a shared library to override the definition within the shared library. This option is only meaningful on ELF platforms which support shared libraries.

Nailed it!

The crash occurs because this flag makes us use a weird variant of symbol interposition, where symbol interposition happens for variable symbols like _S_once and _S_classic but not for function symbols like _S_initialize_once().

This results in a mismatch regarding how we access global variables: exported global variables are unique thanks to interposition, whereas every non-interposed function will access its own version of any non-exported global variable.

With all the knowledge that we have now gathered, it is easy to write a reproducer that does not involve any Firefox code:

/* main.cc */
#include <iostream>
extern void pain();
int main() {
pain();
   std::cout << "[main] " << std::locale::classic().name() <<"\n";
   return 0;
}

/* pain.cc */

#include <iostream>
void pain() {
std::cout << "[pain] " << std::locale::classic().name() <<"\n";
}

# Makefile
all:
   $(CXX) pain.cc -fPIC -shared -o libpain.so -static-libstdc++ -Wl,-Bsymbolic-functions
   $(CXX) main.cc -fPIC -c -o main.o
   $(CC) main.o -fPIC -o main /usr/lib/gcc/x86_64-redhat-linux/13/libstdc++.a -L. -Wl,-rpath=. -lpain -Wl,-Bsymbolic-functions
   ./main

clean:
   $(RM) libpain.so main

Understanding the bug is one step, and solving it is yet another story.
Should it be considered a libstdc++ bug that the code for locales is not compatible with -static-stdlibc++ -Bsymbolic-functions?

It feels like combining these flags is a very nice way to dig our own grave, and that seems to be the opinion of the libstdc++ maintainers indeed.

Overall, perhaps the strangest part of this story is that this combination did not cause any trouble up until now.
Therefore, we suggested to the maintainer of the package to stop using -static-libstdc++.

There are other ways to use a different libstdc++ than available on the system, such as using dynamic linking and setting an RPATH to link with a bundled version.

Doing that allowed them to successfully deploy a fixed version of the package.
A few days after that, with the official release of Firefox 120, we noticed a very significant bump in volume for the same crash signature. Not again!

This time the volume was coming exclusively from users of NixOS 23.05, and it was huge!

After we shared the conclusions from our beta investigation with them, the maintainers of NixOS were able to quickly associate the crash with an issue that had not yet been backported for 23.05 and was causing the compiler to behave like -static-libstdc++.

To avoid such mess in the future, we added detection for this particular setup in Firefox’s configure.

We are grateful to the people who have helped fix this issue, in particular:

  • Rico Tzschichholz (ricotz) who quickly fixed the Ubuntu 18.04 LTS package, and Amin Bandali (bandali) who provided help on the way;
  • Martin Weinelt (hexa) and Artturin for their prompt fixes for the NixOS 23.05 package;
  • Nicolas B. Pierron (nbp) for helping us get started with NixOS, which allowed us to quickly share useful information with the NixOS package maintainers.

 

The post Option Soup: the subtle pitfalls of combining compiler flags appeared first on Mozilla Hacks - the Web developer blog.

The Mozilla BlogGot a new device? Don’t skip this small step to make it safer

If you just scored a new phone, tablet or computer over the holidays or from an end-of-year sale, congratulations! Starting the new year with a new device is always exciting, and we know you’re eager to get it set up ASAP. 

But whether you received a new phone or laptop, one of the best first steps to personalizing your device is setting your preferred or default browser — debating which screensaver you should go with isn’t going anywhere, we promise. While many of these devices have pre-installed browsers, such as Apple’s Safari, best believe you’re actually not stuck with them. You should take a moment to consider the alternatives to the default that can lead to a more customized and efficient browsing experience.

In this article, we’ll dive into the easy steps you can take to make Firefox your default browser and why it might be the perfect fit for your browsing needs across the new devices you received last month during the holidays. 

1. First off, why Firefox?

Before we get into the nitty-gritty about how to add Firefox to your devices, let’s lay out why you should do this. 

While there are multiple browser options to choose from when setting up your new technology, keep in mind that Firefox is a browser backed by a non-profit whose sole mission is to ensure that the Internet is a global public resource, open and accessible to all. It’s a fast browser that puts reliability and security/privacy ahead of profits, with a focus on the needs of people, not shareholders. Firefox also has a wide range of extensions, too, that take your browsing experience to the next level — it’s one of the few browsers that supports extensions on Android devices, by the way. It can also sync all of your devices to take your favorite bookmarks, saved logins, passwords and browsing history wherever you go. Plus, send open tabs between your phone and laptop or computer to pick up where you left off.

2. Where to download and install Firefox

OK, let’s get right to it. The first step in making Firefox the default browser on your new devices is by, well, downloading and installing it. Visit our Mozilla Firefox page, scroll down and select your preferred operating system. 

Once Firefox is downloaded on your computer or device, take a second and bask in it, exploring and getting familiar with the layout/features. Don’t get lost in it for too long, though.

3. How to set Firefox as your default browser

Now that Firefox is downloaded on your new device, let’s make it the default browser. Depending on which operating system you are using, the setup is different. Here’s what they look like for each platform:

Windows:

  • Open the Windows Settings menu.
  • Select “Apps” and then click on “Default apps.”
  • Scroll down to the “Web browser” section and choose Mozilla Firefox from the list.

Mac: 

  • Open the Apple menu and select “System Settings.”
  • Click on “Desktop & Dock” and scroll to find the “Default web browser” option.
  • Choose Firefox from the dropdown menu.

Android:

  • Open the Settings app on your device.
  • Scroll down and select “Apps.”
  • Find and tap on “Default apps” or “Browser app,” then choose Firefox.

iOS:

  • Go to the Settings app on your iOS device.
  • Scroll down and select “Firefox” from the list of installed apps.
  • Toggle the “Default Browser App” option to enable Firefox.

4. How to customize your Firefox experience 

With Firefox now set as your default browser, it’s time to customize your experience a bit. If you’re on an Android phone or a laptop or computer, take advantage of the browser themes and collection of extensions it offers — for blocking ads, fixing sound issues and more.

For phone and tablets, play around and tweak the settings to suit your preferences. Tab management, for example, is a great starting point to make browsing safer.

**

As you start your new journey with your new devices, making Firefox the default browser is a simple and easy way to making your online experience more personalized and secure to begin 2024! Enjoy the flexibility, speed and security Firefox brings.

Get Firefox

Get the browser that protects what’s important

The post Got a new device? Don’t skip this small step to make it safer appeared first on The Mozilla Blog.

The Mozilla Blog4 reasons to try Mozilla’s new Firefox Linux package for Ubuntu and Debian derivatives

Great news for Linux users, after months of testing, Mozilla released today a new package for Firefox on Linux (specifically on Ubuntu, Debian, and any Debian-based distribution). If you’ve heard about Linux, which is known for its open-source software and an alternative to traditional operating systems (OS), and are curious to learn more, here are four reasons why you should give our new Firefox on Linux package a try.

1. Adaptable to fit your needs

Browsers are complex applications that support many scenarios in people’s daily lives and we’ve been working on improving sandbox implementations. This is why, while Firefox gets fully compatible with Snap and Flatpak, we want to offer a native package too.

Firefox is available in several official formats on Linux including the Mozilla .tar.bz2 builds and sandboxed packages like Snap and Flatpak.

2. 100% built by Mozilla

We are grateful for those who choose Firefox on Linux, making it a popular option and for many, their default browser. Previously, Firefox .deb packages needed the help of people and organizations (depending on the linux distribution) outside of Mozilla. With this new package, we offer Firefox assembled from its source code, without any modifications, built and supported by Mozilla. 💪

3. Better performance 

For more than 25 years, Mozilla has built a reputation for building free and open-source web browsers. Because the Firefox browser is open-source, we know Firefox inside and out, including how to get the best from it. For example, we built Firefox with advanced compiler-based optimizations for better performance. Note: If you are using another .deb package, you may or may not get all the optimizations we intended – it depends on the package’s maintainers

4. Faster updates 

Getting the latest version with features and security fixes is key to having a good experience whenever you use Firefox. Now, our new APT repository is directly connected to the Firefox release process, so you will receive the latest updates whenever we make them available. Tip: you will still need to restart Firefox for the latest version. 😁

Good news: many Linux distributions come with Firefox pre-installed through their package manager and it’s already set as the default browser. 🙌

Can’t find it, here’s a direct link to try our .deb new Firefox on Linux package, plus, our how to install Firefox on Linux guide.

Try our Firefox on Linux package today!

The Firefox on Linux package now available for Ubuntu and Debian derivatives
Try the latest Firefox on Linux package

The post 4 reasons to try Mozilla’s new Firefox Linux package for Ubuntu and Debian derivatives appeared first on The Mozilla Blog.

The Mozilla Thunderbird BlogJanuary 2024 Community Office Hours: Context Menu Updates

The blue Thunderbird is circled around a heart created by clasped hands, in the featured image for the Thunderbird Community Office Hours blog post.

UPDATE: Our January Office Hours was fantastic! Here’s the full video replay.

A New Year of New Office Hours

We’re back from our end of year break, breaking in our new calendars, and ready to start 2024 with our renewed, refreshed, and refocused community office hours. Thank you to everyone who joined us for our November session! If you missed out on our chat about the new Cards View and the Thunderbird design process, you can find the video (which also describes the new format) in this blog post.

We’re excited for another year of bringing you expert insights from the Thunderbird Team and our broader community. To kick off 2024, and to build on November’s excellent discussion, we’ll be continuing our dive into another important aspect of the Thunderbird design process.

January Office Hours Topic: Message Context Menu

The image shows a mock-up of a nested Thunderbird context menu, with the Organize menu option opening to a menu that lists, from top to bottom, Tag, Archive, Move To, Copy To, Convert To. Tag has been chosen in this mock up, and from top to bottom, this menu lists New Tag, Manage Tags, Remove All Tags, Important, Work, Personal, To Do, Later. The tags all have a color-coded tag icon to their left.<figcaption class="wp-element-caption">Mock-up: designs shown are not final and subject to change. </figcaption>

We’ve been working on some significant (and what we think are pretty fantastic) UI changes to Thunderbird. Besides the new Cards View, we have some exciting overhauls to the Message Context Menu (aka the right-click menu) planned. UX Engineer Elizabeth Mitchell will discuss these changes, and most importantly, why we’re making them. Additionally, Elizabeth is one of the leaders on making Thunderbird accessible for all! We’re excited to hear how the new Message Context Menu will make your email experience easier and more effective.

If you’d like a sneak peak of the Context Menu plans, you can find them here.

And as always, if you have any questions you’d like to ask during the January office hours, you can e-mail them to officehours@thunderbird.net.

Join Us On Zoom

(Yes, we’re still on Zoom for now, but a Jitsi server for future office hours is in the works!)

When: January 25 at 18:00 UTC

Direct URL To Join: https://mozilla.zoom.us/j/92739888755
Meeting ID: 92739888755
Password: 365021

Dial by your location:

  • +1 646 518 9805 US (New York)
  • +1 669 219 2599 US (San Jose)
  • +1 647 558 0588 Canada
  • +33 1 7095 0103 France
  • +49 69 7104 9922 Germany
  • +44 330 088 5830 United Kingdom
  • Find your local number: https://mozilla.zoom.us/u/adkUNXc0FO

The call will be recorded and this post updated with a link to the recording afterwards.

Stay Informed About Future Thunderbird Releases and Events

Want to be notified about upcoming releases AND Community Office Hours? Subscribe to the Thunderbird Release and Events Calendar!

The post January 2024 Community Office Hours: Context Menu Updates appeared first on The Thunderbird Blog.

Open Policy & AdvocacyPlatform Tilt: Documenting the Uneven Playing Field for an Independent Browser Like Firefox

Browsers are the principal gateway connecting people to the open Internet, acting as their agent and shaping their experience. The central role of browsers has long motivated us to build and improve Firefox in order to offer people an independent choice. However, this centrality also creates a strong incentive for dominant players to control the browser that people use. The right way to win users is to build a better product, but shortcuts can be irresistible — and there’s a long history of companies leveraging their control of devices and operating systems to tilt the playing field in favor of their own browser.

This tilt manifests in a variety of ways. For example: making it harder for a user to download and use a different browser, ignoring or resetting a user’s default browser preference, restricting capabilities to the first-party browser, or requiring the use of the first-party browser engine for third-party browsers.

For years, Mozilla has engaged in dialog with platform vendors in an effort to address these issues. With renewed public attention and an evolving regulatory environment, we think it’s time to publish these concerns using the same transparent process and tools we use to develop positions on emerging technical standards. So today we’re publishing a new issue tracker where we intend to document the ways in which platforms put Firefox at a disadvantage and engage with the vendors of those platforms to resolve them.

This tracker captures the issues we experience developing Firefox, but we believe in an even playing field for everyone, not just us. We encourage other browser vendors to publish their concerns in a similar fashion, and welcome the engagement and contributions of other non-browser groups interested in these issues. We’re particularly appreciative of the efforts of Open Web Advocacy in articulating the case for a level playing field and for documenting self-preferencing.

People deserve choice, and choice requires the existence of viable alternatives. Alternatives and competition are good for everyone, but they can only flourish if the playing field is fair. It’s not today, but it’s also not hard to fix if the platform vendors wish to do so.

We call on Apple, Google, and Microsoft to engage with us in this new forum to speedily resolve these concerns.

The post Platform Tilt: Documenting the Uneven Playing Field for an Independent Browser Like Firefox appeared first on Open Policy & Advocacy.

Mozilla L10NAdvancing Mozilla’s mission through our work on localization standards

After the previous post highlighting what the Mozilla community and Localization Team achieved in 2023, it’s time to dive deeper on the work the team does in the area of localization technologies and standards.

A significant part of our work on localization at Mozilla happens within the space of Internet standards. We take seriously our commitments that stem from the Mozilla Manifesto:

We are committed to an internet that includes all the peoples of the earth — where a person’s demographic characteristics do not determine their online access, opportunities, or quality of experience.

To us, this means that it’s not enough to strive to improve the localization of our products, but that we need to improve the localizability of the Internet as a whole. We need to take the lessons we are learning from our work on Firefox, Thunderbird, websites, and all our other projects, and make them available to everyone, everywhere.

That’s a pretty lofty goal we’ve set ourselves, but to be fair it’s not just about altruism. With our work on Fluent and DOM Localization, we’re in a position where it would be far too easy to rest on our laurels, and to consider what we have “good enough”. To keep going forward and to keep improving the experiences of our developers and localizers, we need input from the outside that questions our premises and challenges us. One way for us to do that is to work on Internet standards, presenting our case to other experts in the field.

In 2023, a large part of our work on localization standards has been focused on Unicode MessageFormat 2 (aka “MF2”), an upcoming message formatting specification, as well as other specifications building on top of it. Work on this has been ongoing since late 2019, and Mozilla has been one of the core participants from the start. The base MF2 spec is now slated for an initial “technology preview” release as a part of the 2024 Spring’s Unicode CLDR release.

Compared to Fluent, MF2 corresponds to the syntax and formatting of a single message pattern. Separately, we’ve also been working on the syntax and representation of a resource format for messages (corresponding to Fluent’s FTL files), as well as championing JavaScript language proposals for formatting messages and parsing resources. Work on standardizing DOM localization (as in, being able to use just HTML to localize a website) is also getting started in W3C/WHATWG, but its development is contingent on all the preceding specifications reaching a more stable stage.

So, besides the long term goal of improving localization everywhere, what are the practical results of these efforts? The nature of this work is exploratory, so predicting results has not and will not be completely possible. One tangible benefit that we’ve been able to already identify and deploy is a reconsideration of how Fluent messages with internal selectors — like plurals — are presented to localizers: Rather than showing a message in pieces, we’ve adopted the MF2 approach of presenting a message with its selectors (possibly more than one) applying to the whole message. This duplicates some parts of the message, but it also makes it easier to read and to translate via machine translation, as well as ensuring that it is internally consistent across all languages.

Another byproduct of this work is MF2’s message data model: Unlike anything before it, it is capable of representing all messages in all languages in all formats. We are currently refactoring our tools and internal systems around this data model, allowing us to deduplicate file format-specific tooling, making it easier to add new features and support new syntaxes. In Pontoon, this approach already made it easier to introduce syntax highlighting and improve the editing experience for right-to-left scripts. To hear more, you can join us at FOSDEM next month, where we’ll be presenting on this in more detail!

At Mozilla, we do not presume to have all the answers, or to always be right. Instead, we try to share what we have, and to learn from others. With many points of view, we gain greater insights – and we help make the world a better place for all peoples of all demographic characteristics.

SeaMonkeyTeething problems with archives

Hi All,

I am currently fixing a mess with the archives for 2.53.18.1.

There are a lot of extraneous artifacts that were stored there and now I’m cleaning them up.

Thankfully, this will be the last time I’m using this way of pushing to release.

My apologies for the mess.

:ewong

SeaMonkeySeaMonkey 2.53.18.1 updates

Hi All,

Just want to mention that the updates will be available soon.

Thank you for your patience.

:ewong

SeaMonkeySeaMonkey 2.53.18.1 is out!

Hi All,

Happy New Year, everyone!

The SeaMonkey Project is pleased to announce the very first release the year: SeaMonkey 2.53.18.1!  As it is a security fix, please check out [1] and/or [2] for release notes.

Best regards,

:ewong

[1] – https://www.seamonkey-project.org/releases/seamonkey2.53.18.1

[2] – https://www.seamonkey-project.org/releases/2.53.18.1

 

Mozilla L10NMozilla Localization in 2023

A Year in Data

The Mozilla localization community had a busy and productive 2023. Let’s look at some numbers that defined our year:

  • 32 projects and 258 locales set up in Pontoon
  • 3,685 new user registrations
  • 1,254 active users, submitting at least one translation (on average 235 users per month)
  • 432,228 submitted translations
  • 371,644 approved translations
  • 23,866 new strings to translate

Slide summarizing the activity in Pontoon over 2023. It includes the Mozilla Localization team logo (a red and black lion head) and an image of a cartoonish lion cub holding a thank you sign. Data in the slide: * 32 projects and 258 locales set up in Pontoon * 3,685 new user registrations * 1,254 active users, submitting at least one translation (on average 235 users per month) * 432,228 submitted translations * 371,644 approved translations * 23,866 new strings to translateThank you to all the volunteers who contributed to Mozilla’s localization efforts over the last 12 months!

In case you’re curious about the lion theme: localization is often referred to as l10n, a numeronym which looks like the word lion. That’s why our team’s logo is a lion head, stylized as the original Mozilla logo by artist Shepard Fairey.

Pontoon Development

A core area of focus in 2023 was pretranslation. From the start, our goal with this feature was to support the community by making it easier to leverage existing translations and provide a way to bootstrap translation of new content.

When pretranslation is enabled, any new string added in Pontoon will be pretranslated using a 100% match from translation memory or — if no match exists —  we’ll leverage Google AutoML Translation engine with a model custom trained on the existing locale’s translation memory. Translations are stored in Pontoon with a special “pretranslated” status so that localizers can easily find and review them. Pretranslated strings are also saved to repositories (e.g. GitHub), and eventually ship in the product.

You can find more details on how we approached testing and involved the community in this blog post from July. Over the course of 2023 we pretranslated 14,033 strings for 16 locales across 15 projects.

Towards the end of the year, we also worked on two features that have been long requested by users: 1) it’s now possible to use Pontoon with a light theme; and 2) we improved the translation experience on mobile, with the original 3-column layout adapting to smaller screen sizes.

Screenshot of Pontoon's UI with the light theme selected.

Screenshot of Pontoon’s UI with the light theme selected.

Screenshot of Pontoon UI on a smartphone running Firefox for Android

Screenshot of Pontoon UI on a smartphone running Firefox for Android

Listening to user feedback remains our priority: in case you missed it, we have just published the results of a new survey, where we asked localizers which features they would like to see implemented in Pontoon. We look forward to implementing some of your fantastic ideas in 2024!

Community

Community is at the core of Mozilla’s localization model, so it’s crucial to identify sustainability issues as early as possible. Only relying on completion levels, or how quickly a locale can respond to urgent localization requests, are not sufficient inputs to really understand the health of a community. Indeed, an extremely dedicated volunteer can mask deeper problems and these issues only become visible — and urgent — when such a person leaves a project, potentially without a clear succession plan.

To prevent these situations, we’ve been researching ways to measure the health of each locale by analyzing multiple data points — for example, the number of new sign-ups actively contributing to localization and getting reviews from translators and managers — and we’ve started reaching out to specific communities to trial test interventions. With the help of existing locale managers, this resulted in several promotions to translator (Arabic, Czech, German) or even manager (Czech, Russian, Simplified Chinese).

During these conversations with various local communities, we heard loud and clear how important in-person meetings are to understanding what Mozilla is working on, and how interacting with other volunteers and building personal connections is extremely valuable. Over the past few years, some unique external factors — COVID and an economic recession chief among them — made the organization of large scale events challenging. We investigated the feasibility of small-scale, local events organized directly by community members, but this initiative wasn’t successful since it required a significant investment of time and energy by localizers on top of the work they were already doing to support Mozilla with product localization.

To counterbalance the lack of in-person events and keep volunteers in the loop, we organized two virtual fireside chats for localizers in May and November (links to recordings).

What’s coming in 2024

In order to strengthen our connection with existing and potential volunteers, we’re planning to organize regular online events this year. We intend to experiment with different formats and audiences for these events, while also improving our presence on social networks (did you know we’re on Mastodon?). Keep an eye out on this blog and Matrix for more information in the coming months.

As many of you have asked in the past, we also want to integrate email functionalities in Pontoon; users should be able to opt in to receive specific communications via email on top of in-app notifications. We also plan to experiment with automated emails to re-engage inactive users with elevated permissions (translators, managers).

It’s clear that a community can only be sustainable if there are active managers and translators to support new contributors. On one side, we will work to create onboarding material for new volunteers so that existing managers and translators can focus on the linguistic aspects. On the other, we’ll engage the community to discuss a refined set of policies that foster a more inclusive and transparent environment. For example, what should the process be when a locale doesn’t have a manager or active translator, yet there are contributors not receiving reviews? How long should an account retain elevated permissions if it’s apparently gone silent? What are the criteria for promotions to translator or manager roles?

For both initiatives, we will reach out to the community for feedback in the coming months.

As for Pontoon, you can expect some changes under the hood to improve performances and overall reliability, but also new user-facing features (e.g. fine-grained search, better translation memory management).

Thank you!

We want to thank all the volunteers who have dedicated their time and skills to localizing Mozilla products. Your tireless efforts are essential in advancing the Mozilla mission of fostering an open and accessible internet for everyone.

Looking ahead, we are excited about the opportunities that 2024 brings. We look forward to working alongside our community to expand the impact of localization and continue breaking down language barriers. Your support is invaluable, and together, we will continue shaping a more inclusive digital world. Thank you for being an integral part of this journey.

Open Policy & AdvocacyMozilla Weighs in on State Comprehensive Privacy Proposals

[Read our letters to legislators in Massachusetts and Maine.]

Today, Mozilla is calling for the passage of strong state privacy protections, such as those modeled off of the American Data Privacy and Protection Act at the federal level. Today’s action came in the form of letters to relevant committee leadership in the Massachusetts and Maine legislatures encouraging them to consider and pass proposals that have been introduced in their respective states.

At Mozilla, we believe that individuals’ security and privacy on the internet are fundamental and must not be treated as optional. In the best of worlds, this “privacy for all” mindset would mean a law at the federal level that protects all Americans from abuse and misuse of their data, which is why we have advocated for decisive action to pass a comprehensive Federal privacy law.

Recently, however, even more states are considering enacting privacy protections. These protections, if crafted incorrectly, could create a false facade of privacy for users and risk enshrining harmful data practices in the marketplace. If crafted correctly, they could provide vital privacy protections and drive further conversation of federal legislation.

The proposals we weighed in on today meet the Mozilla standard for privacy because they: require data minimization; create strong security requirements; prohibit deceptive design that impairs individual autonomy; prohibit algorithmic discrimination; and more.

Mozilla has previously supported legislative and regulatory action in California, and we hope to see more state legislatures introduce and pass strong privacy legislation.

The post Mozilla Weighs in on State Comprehensive Privacy Proposals appeared first on Open Policy & Advocacy.

SUMO BlogIntroducing Mandy and Donna

Hey everybody,

I’m so thrilled to start 2024 with good news for you all. Mandy Cacciapaglia and Donna Kelly are joining our Customer Experience team as a Product Support Manager for Firefox and a Content Strategist. Here’s a bit from them both:

Hi there! Mandy here — I am Mozilla’s new Product Support Manager for Firefox. I’m so excited to collaborate with this awesome group, and dive into Firefox reporting, customer advocacy and feedback, and product support so we can keep elevating our amazing browser. I’m based in NYC, and outside of work you will find me watercolor painting, backpacking, or reading mysteries.

Hi everyone! I’m Donna, and I am very happy to be here as your new Content Strategist on the Customer Experience team. I will be working on content strategy to improve our knowledge base, documentation, localization, and overall user experience!In my free time, I love hanging out with my dog (a rescue tri-pawd named Sundae), hiking, reading (big Stephen King fan), playing video games, and anything involving food. Looking forward to getting to know everyone!

You’ll hear more from them in our next community call (which will be on January 17). In the meantime, please join me to congratulate and welcome both of them into the team!

SUMO Blog2023 in a nutshell

Hey SUMO nation,

As we’re inching closer towards 2024, I’d like to take a step back to reflect on what we’ve accomplished in 2023. It’s a lot, so let’s dive in! 

  • Overall pageviews

From Jan 1st to the end of November, we’ve got a total of 255+ million pageviews on SUMO. We’ve been in a consistent pageview number drop since 2018, and this time around, we’re down 7% from last year. This is far from bad, though, as this is our lowest yearly drop since 2018.

  • Forum

In the forum, we’ve seen an average of 2.8k questions per month this year. This is a 6.67% down turn from last year. We also see a downturn in our answer rate within 72 hours, 71% compared to 75% last year. We also see a drop in our solved rate, 10% this year compared to 14% last year. On a typical month, our average contributors on the forum excluding OP is around 200 (compared to 240 last year).

*See Support glossary
  • KB

We see an increase over different metrics on KB contribution this year, though. In total, we’ve got a total of 1990 revisions (14% increase from last year) from 136 non staff members. Our review rate this year is 80%, while our approval rate is 96%, compared to 73% and 95% in 2022). In total, we’ve got 29 non-staff reviewers this year.

  • Localization

On the localization side, the number is overall pretty normal. Total revision is around 13K (same as last year) from 400 non-staff members, with 93% review rate and 99% approval rate (compared to 90% and 99% last year) from a total of 118 non-staff reviewers.

  • Social Support

From year to date, the Social Support contributors have sent a total of 850 responses (compared to 908 last year) and interacted with 1645 conversations. Our resolved rate has dropped to 40.74%, compared to 70% last year. We have made major improvements on other metrics, though. For example, this year, our contributors were responsible for more replies from our total responses (75% in total compared to 39.6% last year). Our conversion rate is also improving from 20% in 2022 to 52% this year. It means, our contributors have taken more role in answering the overall inbounds and have replied more consistently than last year.

  • Mobile Store Support

On the Mobile Store Support side, our contributors this year have contributed to 1260 replies and interacted with 3149 conversations in total. That makes our conversion rate at 36% this year, compared to 46% last year. And those are mostly contributions to non-English reviews.


In addition to the regular contribution, here are some of the community highlights from 2023:

  • We did some internal assessment and external benchmarking in Q1, which informed our experiments in Q2. Learn the results of those experiments from this call.
  • We also updated our contributor guidelines, including article review guidelines and created a new policy around the use of generative AI.
  • By the end of the year, the Spanish community has done something really amazing. They have managed to translate and update 70% of in-product desktop articles (as opposed to 11% when we started the call for help.

We’d also like to take this opportunity to highlight some Customer Experience team’s projects that we’ve tackled this year (some with close involvement and help from the community).

We split this one into two concurrent projects:

  • Phase 1 Navigation Improvements — initial phase aims to:
    • Surface the community forums in a clearer way
    • Streamline the Ask a Question user flow
    • Improve link text and calls-to-action to better match what users might expect when navigating on the site
    • Updates to the main navigation and small changes to additional site UI (like sidebar menus, page headers, etc.) can be expected
  • Cross-system content structure and hierarchy — the goal of this project is to:
    • Improve our ability to gather data metrics across functional areas of SUMO (KB, ticketing, and forums)
    • Improve recommended “next steps” by linking related content across KB and Forums
    • Create opportunities for grouping and presenting content on SUMO by alternate categories and not just by product

Project Background:

    • This research was conducted between August 2023 and November 2023. The goal of this project is to provide actionable insights on how to improve the customer experience of SUMO.
    • Research approach:
      • Stakeholder engagement process
      • Surveyed 786 Mozilla Support users
      • Conducted three rounds of interviews recruited from survey respondents:
        • Sprint 1: Evaluated content and article structure
        • Sprint 2: Evaluated the overall SUMO customer experience
        • Sprint 3: Co-design of an improved SUMO experience
      • This research was conducted by PH1 Research, who have conducted similar research for Mozilla in 2022.
  • Please consider: Participants for this study were recruited via a banner ad in SUMO. As a result, these findings only reflect the experiences and needs of users who actively use SUMO. It does not reflect users who may not be aware of SUMO or have decided not to use it. 

Executive Summary:

  • Users consider SUMO a trustworthy and content-rich resource. SUMO offers resources that can appropriately help users of different technical levels. The most common user flow is via Google search. Very few are logging in to SUMO directly.
  • The goal of SUMO should be to assist Mozilla users to improve their product experience. Content should be consolidated and optimized to show fewer, high quality results on Google search and SUMO search. The article experience should aim to boost relevance and task success. The SUMO website should aid users to diagnose systems, understand problems, find solutions, and discover additional resources when needed.

Recommendations:

  • Our recommendation is that SUMO’s strategy should be to provide a self-service experience that makes users feel that Mozilla cares about their problems and offers a range of solutions appealing to various persona types (technical/non-technical).
  • The pillars for making SUMO valuable to users should be:
    • Confidence: As a user, I need to be confident that the resource provided will resolve my problem.
    • Guidance: As a user, I need to feel guided through the experience of finding a solution, even when I don’t understand the problem or solutions available.
    • Trust: As a user, I need to trust that the resources have been provided by a trustworthy authority on the subject (SUMO scores well here because of Mozilla).
      • Modernizing our CMS can provide significant benefits in terms of user experience, performance, security, flexibility, collaboration, and analytics.
      • This resulted in a decision to move forward with the plan to migrate our CMS to Wagtail — a modern, open-source content management system focused on flexibility and user experience.
      • We are currently in the process of planning the next phases for implementation.
    • Pocket migration to SUMO
      • We successfully migrated and published 100% of previously identified Pocket help center content from HelpScout’s CMS to SUMO’s CMS, with proper redirects in place to ensure a seamless transition for the user.
      • The localization community began efforts to help us localize the content, which had previously only been available in en-US.
    • Firefox account to Mozilla account rebrand in early November.
    • Officially supporting account users and login less support flow (read more about that here).
    • This was a very challenging project, not only because we had to migrate our large codebase and very large data set from MySQL, but also because of the challenge of performing the actual data migration within a reasonable period of time, on the order of a few hours at most, so that we could minimize the disruption to users and contributors. In the end, it was a multi-month project comprising coordinated research, planning and effort between our engineering team and our SRE (Site Reliability Engineering) team. We’re now on a much better database foundation for the future, because:
      • Postgres is better suited for enterprise-level applications like ours, with very large datasets, frequent write operations and complex queries.
      • We can also take advantage of connection pooling via PgBouncer, which will improve our resilience under huge and often malicious traffic spikes (which have been occurring much more frequently during the past year).
      • Last but not least, our database now supports the full unicode character set, which means it can fully handle all characters, including emoji’s , in all languages. Our MySQL database had only limited unicode support, due to its initial configuration, and rather than invest in resolving that, which would have meant a significant chunk of work, we decided to invest instead in Postgres.

This year, you all continue to impress us with the persistence and dedication that you show to Mozilla by contributing to our platform, despite the current state of our world right now. To every single one of you who contributed in one way or another to SUMO, I’d like to express my sincere gratitude because without you all, our platform is just an empty shell. To celebrate this, we’ve prepared this simple dashboard with contribution data that you can filter based on username so you can see how much you’ve accomplished this year (we talked about this in our last community call this year).

Let’s be proud of what we’ve accomplished to keep the internet as a global & public resource for everybody, and let’s keep on rocking the helpful web through 2024 and beyond!

If you’re a looker and interested in contributing to Mozilla Support, please head over to our Contribute page to learn more about our programs!

Open Policy & AdvocacyMozilla’s Comments to FCC: Net Neutrality Essential for Competition, Innovation, Privacy

[Read our full submission here]

Net neutrality – the concept that your internet provider should not be able to block, throttle, or prioritize elements of your internet service, such as to favor their own products or business partners – is on the docket again in the United States. With the FCC putting out a notice of proposed rulemaking (NPRM) to reinstate net neutrality, Mozilla weighed in last week with a clear message: the FCC should reestablish these common sense rules as soon as possible.

We have been fighting for net neutrality around the world for the better part of a decade and a half. Most notably, this included Mozilla’s challenge to the Trump FCC’s dismantling of net neutrality in 2018.

American internet users are on the cusp of renewed protections for the open internet. Our recently submitted comment to the FCC’s NPRM took a step back to remind the FCC and the public of the real benefits of net neutrality: Competition, Grassroots Innovation, Privacy, and Transparency and Accountability.

Simply put, if the FCC moves forward with reclassification of broadband as a Title II service, it will protect innovation in edge services; unlock vital privacy safeguards; and prevent ISPs from leveraging their market power to control people’s experiences online. With vast increases in our dependence on the internet since the COVID-19 pandemic, these protections are more important than ever.

We encourage others who are passionate about the open internet to file reply comments on the proceeding, which are due January 17, 2024.

You can read our full comment here.

The post Mozilla’s Comments to FCC: Net Neutrality Essential for Competition, Innovation, Privacy appeared first on Open Policy & Advocacy.

The Mozilla BlogCAPTCHA successor Privacy Pass has no easy answers for online abuse

As much as the Web continues to inspire us, we know that sites put up with an awful lot of abuse in order to stay online. Denial of service attacks, fraud and other flavors of abusive behavior are a constant pressure on website operators.

One way that sites protect themselves is to find some way to sort “good” visitors from “bad.” CAPTCHAs are a widely loathed and unreliable means of distinguishing human visitors from automated solvers. Even worse, beneath this sometimes infuriating facade is a system that depends extensively on invasive tracking and profiling.

(You can find a fun overview of the current state of CAPTCHA here.)

Finding a technical solution to this problem that does not involve such privacy violations is an appealing challenge, but a difficult one. Well-meaning attempts can easily fail without giving due consideration to other factors. For instance, Google’s Web Environment Integrity proposal fell flat because of its potential to be used to unduly constrain personal choice in how to engage online (see our position for details).

Privacy Pass is a framework published by the IETF that is seen as having the potential to help address this difficult problem. It is a generalization of a system originally developed by Cloudflare to reduce their dependence on CAPTCHAs and tracking. For the Web, the central idea is that Privacy Pass might provide websites with a clean indication that a visitor is OK, separate from the details of their browsing history.

The way Privacy Pass works is that one website hands out special tokens to people the site thinks are OK. Other sites can ask people to give them a token. The second site then knows that a visitor with a token is considered OK by the first site, but they don’t learn anything else. If the second site trusts the first, they might treat people with tokens more favorably than those without.

The cryptography that backs Privacy Pass provides two interlocked guarantees: 

  • authenticity: the recipient of a token can guarantee that it came from the issuer
  • privacy: the recipient of the token cannot trace the token to its issuance, which prevents them from learning who was issued each token

The central promise of Privacy Pass is that the privacy guarantee would allow the exchange of tokens to be largely automated, with your browser forwarding tokens between sites that trust you to sites that are uncertain. This would happen without your participation. Sites could use these tokens to reduce their dependence on annoying and ineffective CAPTCHAs.

Our analysis of Privacy Pass shows that while the technology is sound, applying that technology to an open system like the Web comes with a host of non-technical hazards.

We examine the privacy properties of Privacy Pass, how useful it might be, whether it could improve equity of access, and whether it might bias toward centralization. We find problems that aren’t technical in nature and hard to reconcile. 

In considering how Privacy Pass might be deployed, there is a direct tension between privacy and open participation. The system requires token providers to be widely trusted to respect privacy, but our vision of an open Web means that restrictions on participation cannot be imposed lightly. Resolving this tension is necessary when deciding who can provide tokens.

The analysis concludes that the problem of abuse is not one that will yield to a technical solution like Privacy Pass. For a problem this challenging, technical options might not provide a comprehensive solution, but they need to do more than shift problems around. Technical solutions need to complement other measures. Privacy Pass does allow us to focus on the central problem of identifying abusive visitors, but there is a need to have safeguards in place that prevent a number of serious secondary problems.

Our analysis does not ultimately identify a path to building the non-technical safeguards necessary for a successful deployment of Privacy Pass on the Web.

Finally, we look at the deployments of Privacy Pass in Safari and Chrome browsers. We conclude that these deployments have inadequate safeguards for the problems we identify.

The post CAPTCHA successor Privacy Pass has no easy answers for online abuse appeared first on The Mozilla Blog.

The Mozilla BlogYour Rich BFF, Vivian Tu, On Creating Her Own Personal Finance Community

Here at Mozilla, we are the first to admit the internet isn’t perfect, but we know the internet is pretty darn magical. The internet opens up doors and opportunities, allows for human connection, and lets everyone find where they belong — their corners of the internet. We all have an internet story worth sharing. In My Corner Of The Internet, we talk with people about the online spaces they can’t get enough of, the sites and forums that shaped them, and what reclaiming the internet really looks like.

This month we chat with Vivian Tu, also known as Your Rich BFF, a former Wall Street trader-turned-expert, personal finance educator, and entrepreneur about her her new book (available everywhere now), the internet’s worst DJ, the personal finance corner of the internet, and her own community, the BFFs.

What is your favorite corner of the internet? (wherever you love on the internet and feel accepted/comfortable/inspired)?
Robert Irwin interacting with wild animals at the Australia Zoo! I grew up watching his dad on the Animal Planet channel and now it’s so fun to watch him continue his family’s legacy of love for animals. The content is soothing and many of the animals are so cute!

What is an internet deep dive that you can’t wait to jump back into?
Whatever we’re calling the Taylor Swift & Travis Kelce romance, it’s a topic that I can’t seem to escape.

What is the one tab you always regret closing?
This never happens because I don’t close tabs. I wish I was kidding. I’m always running ~40 tabs open at once— to the point where you can barely see each tab and my laptop sounds like a rocket ship about to take off. The BFFs always give me a hard time about this any time I show my computer screen on camera.

What can you not stop talking about on the internet right now?
DJ Mandy, the internet’s worst DJ! While most DJs that go viral on the internet are known for their incredible mashups or amazing sets, DJ Mandy is specifically known for intentionally DJing awfully. She’ll blend Hallelujah by Leonard Cohen and Act Up by City Girls and any time I watch her content I am laughing out loud within 45 seconds. I’ve sent her mixes to all of my friends. She makes me laugh and I have no idea how she does it with a straight face.

What was the first online community you engaged with?
The Personal Finance community! I create content around budgeting, saving, investing, etc. myself —  one of the first communities I engaged with online were other folks on their personal finance journeys. It’s been so fun getting to know other finance creators, as well as the BFFs on their personal finance journeys.

What articles and videos are in your Pocket waiting to be read/watched right now?
There are so many!

https://www.washingtonpost.com/wellness/2023/10/14/grief-healing-families-joy/
https://fortune.com/2023/10/11/return-to-office-costs-commuting-lunch/
https://www.bonappetit.com/gallery/cheap-recipes

If you could create your corner of the internet, what would it look like?
I’m lucky because I feel like I have! Most of my audience, who I call the BFFs, come to my corner to learn more about financial tips and tricks! We cover everything from lowering your rent to buying luxury goods to saving on your tax bill, and so much more. That said, if I wasn’t a personal finance creator —  I would 100% be a Slime creator. I am weirdly drawn to watching people make different types of slime and the ASMR of listening to them squish it around!

Why do you think younger generations are more comfortable talking about money among their peers and online?
Since we’re able to often hide behind usernames & profile pictures of memes, there’s a level of anonymity! You can have a more candid conversation with an internet stranger than you might with someone in your day-to-day IRL life. Also, I will say social media has created an unprecedented level of transparency with influencers telling us everything from how much they paid for their nose job, to how to travel hack a $ 2k-a-night hotel room, to how much student debt regular people have. This has made conversations around money more common, more comfortable, and more democratized. I, for one, LOVE this new level of financial honesty.

Former Wall Street trader-turned-expert, personal finance educator, public speaker, entrepreneur, and newly minted author, Vivian Tu AKA Your Rich BFF is on a global mission to make the financial industry less “male, pale, and stale.”  She is the founder and CEO of the financial equity phenomenon, “Your Rich BFF,” which she developed as a passion project to destigmatize and make the rules of personal finance accessible and digestible to non-experts and marginalized communities.  Her dedication to promoting financial literacy has earned her cross-platform fame and notoriety, having garnered 6 million followers and counting, as well as honors on both the Forbes’ ‘30 Under 30 – Social Media’ (2023) and inaugural ‘Top Creators’ (2022 + 2023) lists.  In addition to her breakout digital content, Vivian continues to spread her wealth of knowledge on her top-charting podcast, “Networth and Chill” (Audioboom Studios), a first-of-its-kind podcast offering accessible advice and lessons in finance, featuring Vivian alongside notable experts, professionals, and famous faces to break down the economics of our lives. She is also the author to the book Rich AF: The Winning Money Mindset That Will Change Your Life available everywhere now.

The post Your Rich BFF, Vivian Tu, On Creating Her Own Personal Finance Community appeared first on The Mozilla Blog.

Mozilla L10N2024 Pontoon survey results

The results from the 2024 Pontoon survey are in and the 3 top-voted features we commit to implement are:

  1. Add ability to edit Translation Memory entries (611 votes).
  2. Improve performance of Pontoon translation workspace and dashboards (603 votes).
  3. Add ability to propose new Terminology entries (595 votes).

The remaining features ranked as follows:

  1. Add ability to preview Fluent strings in the editor (572 votes).
  2. Link project names in Concordance search results to corresponding strings (540 votes).
  3. Add “Copy translation from another locale as suggestion” batch action (523 votes).
  4. Add ability to receive automated notifications via email (521 votes).
  5. Add Timeline tab with activity to Project, Locale, ProjectLocale dashboards (501 votes).
  6. Add ability to read notifications one by one, or mark notifications as unread (495 votes).
  7. Add virtual keyboard with special characters to the editor (469 votes).

We thank everyone who dedicated their time to share valuable responses and suggest potential features for us to consider implementing!

A total of 365 Pontoon users participated in the survey, 169 of which voted on all features. Each user could give each feature 1 to 5 votes. Check out the full report.

We look forward to implementing these new features and working towards a more seamless and efficient translation experience with Pontoon. Stay tuned for updates!

The Mozilla Thunderbird BlogWhen Will Thunderbird For Android Be Released?

When will Thunderbird for Android be released? This is a question that comes up quite a lot, and we appreciate that you’re all excited to finally put Thunderbird in your pocket. It’s not a simple answer, but we’ll do our best to explain why things are taking longer than expected.

We have always been a bit vague on when we were going to release Thunderbird for Android. At first this was because we still had to figure out what features we wanted to add to K-9 Mail before we were comfortable calling it Thunderbird. Once we had a list, we estimated how long it would take to add those features to the app. Then something happened that always happens in software projects – things took longer than expected. So we cut down on features and aimed for a release at the end of 2023. As we got closer to the end of the year, it became clear that even with the reduced set of features, the release date would have almost certainly slipped into early 2024.

We then sat together and reevaluated the situation. In the end we decided that there’s no rush. We’ll work on the features we wanted in the app in the first place, because you deserve the best mobile experience we can give you. Once those features have been added, we’ll release the app as Thunderbird for Android.

Why Wait? Try K-9 Mail Now

But of course you don’t have to wait until then. All our development happens out in the open. The stable version of K-9 Mail contains all of the features we have already completed. The beta version of K-9 Mail contains the feature(s) we’re currently working on.

Both stable and beta versions can be installed via F-Droid or Google Play.

K-9 Mail’s Future

Side note: Quite a few people seem to love K-9 Mail and have asked us to keep the robot dog around. We believe it should be relatively little effort to build two apps from one code base. The apps would be virtually identical and only differ in app name, app icon, and the color scheme. So our current plan is to keep K-9 Mail around.

Whether you prefer metal dogs or mythical birds, we’ve got you covered.

The post When Will Thunderbird For Android Be Released? appeared first on The Thunderbird Blog.

The Mozilla Thunderbird BlogThunderbird for Android / K-9 Mail: November/December 2023 Progress Report

a dark background with thunderbird and k-9 mail logos centered, with the text "Thunderbird for Android, November 2023 progress report"

In February 2023 we started publishing monthly reports on the progress of transforming K-9 Mail into Thunderbird for Android. Somewhat to my surprise, we managed to keep this up throughout the entire year. 

But since the end of the year company shutdown is coming up and both Wolf and I have some vacation days left, this will be the last progress report of the year, covering both November and December. If you need a refresher on where we left off previously, know that the progress report for October is only one click away.

New Home On Google Play

If you’ve recently visited K-9 Mail’s page on Google Play you might have noticed that the developer name changed from “K-9 Dog Walkers” to “Mozilla Thunderbird”. That’s because we finally got around to moving the app to a developer account owned by Thunderbird.

I’d like to use this opportunity to thank Jesse Vincent, who not only founded the K-9 Mail project, but also managed the Google Play developer account for all these years. Thank you ♥

Asking For Android permissions

Previously, the app asked the user to grant the permission to access contacts when the message list or compose screens were displayed. 

The app asked for the contacts permission every time one of these screens was opened. That’s not as bad as it sounds. Android automatically ignores such a request after the user has selected the “deny” option twice. Unfortunately, dismissing the dialog e.g. by using the back button, doesn’t count as denying the permission request. So users who chose that option to get rid of the dialog were asked again and again. Clearly not a great experience.

So we changed it. Now, the app no longer asks for the contacts permission in those screens. Instead, asking the user to grant permissions is now part of the onboarding flow. After adding the first account, users will see the following screen:

The keen observer will have noticed that the app is now also asking for the permission to create notifications. Since the introduction of notification categories in Android 8, users have always had the option to disable some or all notifications created by an app. But starting with Android 13, users now have to explicitly grant the permission to create notifications.

While the app will work without the notification permission, you should still grant it to the app, at least for now. Currently, some errors (e.g. when sending an email has failed) are only communicated via a notification. 

And don’t worry, granting the permission doesn’t mean you’ll be bombarded with notifications. You can still configure whether you want to get notifications for new messages on a per account basis.

Improved Account Setup

This section has been a fixture in the last couple of progress reports. The new account setup code has been a lot of work. And we’re still not quite done yet. However, it already is in a state where it’s a vast improvement over what we had previously.

Bug fixes

Thanks to feedback from beta testers, we identified and fixed a couple of bugs.

  • The app was crashing when trying to display an error message after the user had entered an invalid or unsupported email address.
  • While fixing the bug above, we also noticed that some placeholder code to validate email addresses was still used. We replaced that code and improved error messages, e.g. when encountering a syntactically valid, but deliberately unsupported email address like test@[127.0.0.1].
  • A user reported a crash when trying to set up an account with a particular email domain. We tracked this down to an MX DNS record containing an underscore. That’s not a valid character for a hostname. The app already checked for that, but the error wasn’t caught and so crashed the app.

User experience improvements

Thanks to feedback from people who went through the manual setup flow multiple times, we identified a couple of usability issues. We made some changes like disabling auto-correct in the server name text field and copying the password entered in the incoming server settings screen to the outgoing server settings screen.

Hopefully, automatic account setup will just work for you. But if you have to use the manual setup route, at least now it should be a tiny bit less annoying.

Edit server settings

Editing incoming or outgoing server settings is not strictly part of setting up an account. However, the same screens used in the manual account setup flow are also used when editing server settings of an existing account (e.g. by going to Settings → [Account] → Fetching mail → Incoming server). 

The screens don’t behave exactly the same in both instances, so some changes were necessary. In November we finally got around to adapting the screens. And now the new UI is also used when editing server settings.

Targeting Android 13

Every year Google requires Android developers to change their apps to support the new (security) features and restrictions of the Android version that was released the prior year. This is automatically enforced by only allowing developers to publish app updates on Google Play when they “target” the required Android version. This year’s deadline was August 31.

There was only one change in Android 13 that affected K-9 Mail. Once an app targets this Android version, it has to ask the user for permission before being able to create notifications. Since our plans already included adding a new screen to ask for permissions during onboarding, we didn’t spend too much time worrying about the deadline.

But due to us being busy working on other features, we only got around to adding the permission screen in November. We requested an extension to the deadline, which (to my surprise) seems to have been granted automatically. Still, there was a brief period of time where we weren’t able to publish new beta versions because we missed the extended deadline by a couple of days.

We’ll prioritize updating the app to target the latest Android version in the future.

Push Not Working On Android 14

When Push is enabled, K-9 Mail uses what the developer documentation calls “exact alarms” to periodically refresh its Push connection to the server. Starting with Android 12, apps need to request a separate permission to use exact alarms. But the permission itself was granted automatically.

In Android 14 (released in October 2023) Google changed the behavior and Android no longer pre-grants this permission to newly installed apps. However, instead of limiting this to apps targeting Android 14, for some reason they decided to extend this behavior change to apps targeting Android 13.

This unfortunate choice by the creator of Android means that Push is currently not working for users who perform a fresh install of K-9 Mail 6.712 or newer on Android 14. Upgrading from a previous version of K-9 Mail should be fine since the permission was then granted automatically in the past.

At the beginning of next year we’ll be working on adding a screen to guide the user to grant the necessary permission when enabling Push on Android 14. Until then, you can manually grant the permission by opening Android’s App info screen for the app, then enable Allow setting alarms and reminders under Alarms & reminders.

Community Contributions

In November and December the following contributions by community members were merged into K-9 Mail:

Thanks for the contributions! ❤

Releases

If you want to help shape future versions of the app, become a beta tester and provide feedback on new features while they are still in development.

The post Thunderbird for Android / K-9 Mail: November/December 2023 Progress Report appeared first on The Thunderbird Blog.

Mozilla Add-ons BlogA new world of open extensions on Firefox for Android has arrived

Woo-hoo you did it! Hundreds of add-on developers heeded the call to make their desktop extensions compatible for today’s debut of a new open ecosystem of Firefox for Android extensions. More than 450 Firefox for Android extensions are now discoverable on the addons.mozilla.org (AMO) Android homepage. It’s a strong start to an exciting new frontier of mobile browser customization. Let’s see where this goes.

Are you a developer who hasn’t migrated your desktop extension to Firefox for Android yet? Here’s a good starting point for developing extensions for Firefox for Android.

If you’ve already embarked on the mobile extension journey and have questions/insights/feedback to offer as we continue to optimize the mobile development experience, we invite you to join the discussion about top APIs missing on Firefox for Android.

Have you found any Firefox for Android bugs? Do tell!

The post A new world of open extensions on Firefox for Android has arrived appeared first on Mozilla Add-ons Community Blog.

SeaMonkeyUpdates fixed

Hi All,

The updates have been fixed as well well as a lot of the missing files.

Seems like as if I simply cannot handle multiple changes at the same time.

My apologies for the inconveniences caused.

:ewong

 

SeaMonkeyUpdates… erm.. update.

Hi all,

I have taken a look at what’s going on and am a bit puzzled.

  • Linux-i686 locales:
    • Missing: el, en-US, es-AR, es-ES, fi, fr, ka, nb-NO, nl, pl, pt-PT, ru, sk, sv-SE
    • Existing: cs, de, en-GB, hu, it, ja, pt-BR, zh-CN, zh-TW
  • Linux x86-64 locales:
    • Missing: de, el, en-US, es-ES, hu, it, ka, nb-NO, ru, sk, sv-SE, zh-TW
    • Existing: cs, en-GB, es-AR, fi, fr, ja, nl, pl, pt-BR, pt-PT, zh-CN
  • Mac locales:
    • Missing: cs, en-US, es-AR, fr, pt-BR, sk, zh-CN
    • Existing: de, el, en-GB, es-ES, fi, hu, it, ja-JP-mac, ka, nb-NO, nl, pl, pt-PT, ru, sv-SE, zh-TW
  • Win32 Locales:
    • Missing: cs, de, fi, nl, pl, pt-PT, ru, sv-SE
    • Existing: el, en-GB, en-US, es-AR, es-ES, fr, hu, it, ja, ka, nb-NO, pt-BR, sk, zh-CN, zh-TW
  • Win64 locales:
    • Missing: cs, de, en-GB, en-US, fr, it, ja, pl, pt-BR
    • Existing: el, es-AR, es-ES, fi, hu, ka, nb-NO, nl, pt-PT, ru, sk, sv-SE, zh-CN, zh-TW

No, I have no understand of the pattern of missing files.

So I’ll be changing the updates to using the ‘old’ place while I fix the ‘new’ place. (*wink*)

:ewong

SeaMonkeyMigration away from archive.mozilla.org addendum

Hi All,

In my previous blog post on the SeaMonkey Project migrating away from archive.mozilla.org, it seems as there is some misunderstanding in the wording(I’ve just changed it on the request of Mozilla).

When I stated “We need to stop using archive.mozilla.org” and “They will most likely be left as is until Mozilla blows it away (or I do).”,  I literally meant “We” as in “the SeaMonkey Project”.

So in essence, what I *was* trying to state (and failing miserably) is that “The SeaMonkey Project needs to migrate away from archive.mozilla.org.”   After 2023, when you go to https://archive.mozilla.org/pub/”, you will not see seamonkey there.

End of an era.

:ewong

 

 

 

SeaMonkeyUpdates issue

Hi All,

It seems like as if there are some missing updates and I’m currently working on it.

Sorry for the inconvenience.

:ewong

 

hacks.mozilla.orgPuppeteer Support for the Cross-Browser WebDriver BiDi Standard

We are pleased to share that Puppeteer now supports the next-generation, cross-browser WebDriver BiDi standard. This new protocol makes it easy for web developers to write automated tests that work across multiple browser engines.

How Do I Use Puppeteer With Firefox?

The WebDriver BiDi protocol is supported starting with Puppeteer v21.6.0. When calling puppeteer.launch pass in "firefox" as the product option, and "webDriverBiDi" as the protocol option:

const browser = await puppeteer.launch({
  product: 'firefox',
  protocol: 'webDriverBiDi',
})

You can also use the "webDriverBiDi" protocol when testing in Chrome, reflecting the fact that WebDriver BiDi offers a single standard for modern cross-browser automation.

In the future we expect "webDriverBiDi" to become the default protocol when using Firefox in Puppeteer.

Doesn’t Puppeteer Already Support Firefox?

Puppeteer has had experimental support for Firefox based on a partial re-implementation of the proprietary Chrome DevTools Protocol (CDP). This approach had the advantage that it worked without significant changes to the existing Puppeteer code. However the CDP implementation in Firefox is incomplete and has significant technical limitations. In addition, the CDP protocol itself is not designed to be cross browser, and undergoes frequent breaking changes, making it unsuitable as a long-term solution for cross-browser automation.

To overcome these problems, we’ve worked with the WebDriver Working Group at the W3C to create a standard automation protocol that meets the needs of modern browser automation clients: this is WebDriver BiDi. For more details on the protocol design and how it compares to the classic HTTP-based WebDriver protocol, see our earlier posts.

As the standardization process has progressed, the Puppeteer team has added a WebDriver BiDi backend in Puppeteer, and provided feedback on the specification to ensure that it meets the needs of Puppeteer users, and that the protocol design enables existing CDP-based tooling to easily transition to WebDriver BiDi. The result is a single protocol based on open standards that can drive both Chrome and Firefox in Puppeteer.

Are All Puppeteer Features Supported?

Not yet; WebDriver BiDi is still a work in progress, and doesn’t yet cover the full feature set of Puppeteer.

Compared to the Chrome+CDP implementation, there are some feature gaps, including support for accessing the cookie store, network request interception, some emulation features, and permissions. These features are actively being standardized and will be integrated as soon as they become available. For Firefox, the only missing feature compared to the Firefox+CDP implementation is cookie access. In addition, WebDriver BiDi already offers improvements, including better support for multi-process Firefox, which is essential for testing some websites. More information on the complete set of supported APIs can be found in the Puppeteer documentation, and as new WebDriver-BiDi features are enabled in Gecko we’ll publish details on the Firefox Developer Experience blog.

Nevertheless, we believe that the WebDriver-based Firefox support in Puppeteer has reached a level of quality which makes it suitable for many real automation scenarios. For example at Mozilla we have successfully ported our Puppeteer tests for pdf.js from Firefox+CDP to Firefox+WebDriver BiDi.

Is Firefox’s CDP Support Going Away?

We currently don’t have a specific timeline for removing CDP support. However, maintaining multiple protocols is not a good use of our resources, and we expect WebDriver BiDi to be the future of remote automation in Firefox. If you are using the CDP support outside of the context of Puppeteer, we’d love to hear from you (see below), so that we can understand your use cases, and help transition to WebDriver BiDi.

Where Can I Provide Feedback?

For any issues you experience when porting Puppeteer tests to BiDi, please open issues in the Puppeteer issue tracker, unless you can verify the bug is in the Firefox implementation, in which case please file a bug on Bugzilla.

If you are currently using CDP with Firefox, please join the #webdriver matrix channel so that we can discuss your use case and requirements, and help you solve any problems you encounter porting your code to WebDriver BiDi.

Update: The Puppeteer team have published “Harness the Power of WebDriver BiDi: Chrome and Firefox Automation with Puppeteer“.

The post Puppeteer Support for the Cross-Browser WebDriver BiDi Standard appeared first on Mozilla Hacks - the Web developer blog.

SeaMonkeySeaMonkey 2.53.18 is now out!

Hi All,

The SeaMonkey project is pleased to announce the immediate release of 2.53.18 version of this long standing Internet Suite.

Please check out [1] and/or [2].  Also note, the updates should be up now.

:ewong

[1] – https://www.seamonkey-project.org/releases/seamonkey2.53.18

[2] – https://www.seamonkey-project.org/releases/2.53.18

Open Policy & AdvocacyMozilla and Allies Say No to Surveillance Blank Check in NDAA, Yes to Strong Surveillance Protections

Today Mozilla, along with a group of builders and supporters of innovation, sent a letter calling on the US House of Representatives to pass strong surveillance reform proposals such as the Government Surveillance Reform Act (GSRA) and the Protect Liberty and End Warrantless Surveillance Act (PLEWSA).

In line with our previous call for reform, our letter also highlighted the need for codification of the scope of surveillance proposed in the Administration’s own Executive Order on “Enhancing Safeguards for United States Signals Intelligence Activities” and opposed a months-long reauthorization of Section 702 that would effectively greenlight surveillance abuses.

Both GSRA and PLEWSA take critical steps forward in protecting Americans from overbroad surveillance, such as imposing warrant requirements for queries of US person data and banning warrantless purchases of sensitive information on Americans from data brokers. We do, however, encourage Congress to examine how it can further strengthen PLEWSA.

Unfortunately, House and Senate Intelligence Committees are also considering proposals of their own, proposals that would entrench the surveillance status quo.

Those wishing to get involved can add their names to our letter and do their part to engage Congress on this important issue.

You can find the letter HERE.

The post Mozilla and Allies Say No to Surveillance Blank Check in NDAA, Yes to Strong Surveillance Protections appeared first on Open Policy & Advocacy.

SUMO BlogWhat’s up with SUMO – Q4 2023

Hi everybody,

The last part of our quarterly update in 2023 come early with this post. That means, we won’t get the data from December just yet (but we’ll make sure to update the post later). Lots of updates after the last quarter so let’s just dive in!

Welcome note and shout-outs from Q4

If you know anyone that we should feature here, please contact Kiki and we’ll make sure to add them in our next edition.

Community news

  • Kiki back from maternity leave and Sarto bid her farewell, all happened in this quarter.
  • We have a new contributor policy around the use of generative AI tools. This was one of the things that Sarto initiated back then so I’d like to give the credit to her. Please take some time to read and familiarize yourself with the policy.
  • Spanish contributors are pushing really hard to help localize the in-product and top articles for the Firefox Desktop. I’m so proud that at the moment, 57.65% of Firefox Desktop in-product articles have been translated & updated to Spanish (compared to 11.8% when we started) and 80% of top 50 articles are localized and updated to Spanish. Huge props to those who I mentioned in the shout-outs section above.
  • We’ve got new locale leaders for Catalan and Indonesian (as I mentioned above). Please join me to congratulate Handi S & Carlos Tomás for their new role!
  • The Customer Experience team is officially moved out from the Marketing org to the Strategy and Operations org led by Suba Vasudevan (more about that in our community meeting in Dec).
  • We’ve migrated Pocket support platform (used to be under Help Scout) to SUMO. That means, Pocket help articles are now available on Mozilla Support, and people looking for Pocket premium support can also ask a question through SUMO.
  • Firefox account is transitioned to Mozilla account in early November this year. Read this article to learn more about the background for this transition.
  • We did a SUMO sprint for the Review checker feature with the release of Firefox 119, even though we couldn’t find lots of chatter about it.
  • Please check out this thread to learn more about recent platform fixes and improvements (including the use of emoji! )
  • We’ve also updated and moved Kitsune documentation to GitHub page recently. Check out this thread to learn more.

Catch up

  • Watch the monthly community call if you haven’t. Learn more about what’s new in October, November, and December! Reminder: Don’t hesitate to join the call in person if you can. We try our best to provide a safe space for everyone to contribute. You’re more than welcome to lurk in the call if you don’t feel comfortable turning on your video or speaking up. If you feel shy to ask questions during the meeting, feel free to add your questions on the contributor forum in advance, or put them in our Matrix channel, so we can answer them during the meeting. First time joining the call? Check out this article to get to know how to join. 
  • If you’re an NDA’ed contributor, you can watch the recording of the Customer Experience weekly scrum meeting from AirMozilla to catch up with the latest product updates.
  • Consider subscribe to Firefox Daily Digest to get daily updates about Firefox from across different platforms.

Check out SUMO Engineering Board to see what the platform team is currently doing and submit a report through Bugzilla if you want to report a bug/request for improvement.

Community stats

KB

KB pageviews (*)

* KB pageviews number is a total of KB pageviews for /en-US/ only
Month Page views Vs previous month
Oct 2023 7,061,331 9.36%
Nov 2023 6,502,248 -7.92%
Dec 2023 TBD TBD

Top 5 KB contributors in the last 90 days: 

KB Localization

Top 10 locales based on total page views

Locale Oct 2023 

pageviews (*)

Nov 2023 pageviews (*) Dec 2023 

pageviews (*)

Localization progress (per Dec, 7)(**)
de 10.66% 10.97% TBD 93%
fr 7.10% 7.23% TBD 80%
zh-CN 6.84% 6.81% TBD 92%
es 5.59% 5.49% TBD 27%
ja 5.10% 4.72% TBD 33%
ru 3.67% 3.8% TBD 88%
pt-BR 3.30% 3.11% TBD 43%
It 2.52% 2.48% TBD 96%
zh-TW 2.42% 2.61% TBD 2%
pl 2.13% 2.11% TBD 83%
* Locale pageviews is an overall pageviews from the given locale (KB and other pages)

** Localization progress is the percentage of localized article from all KB articles per locale

Top 5 localization contributors in the last 90 days: 

Forum Support

Forum stats

Month Total questions Answer rate within 72 hrs Solved rate within 72 hrs Forum helpfulness
Oct 2023 3,897 66.33% 10.01% 59.68%
Nov 2023 2,660 64.77% 9.81% 65.74%
Dec 2023 TBD TBD TBD TBD

Top 5 forum contributors in the last 90 days: 

Social Support

Channel Total tweets Total moderation by contributors Total reply by contributors Respond conversion rate
Oct 2023 311 209 132 63.16%
Nov 2023 245 137 87 63.50%
Dec 2023 TBD TBD TBD TBD

Top 5 Social Support contributors in the past 3 months: 

  1. Tim Maks 
  2. Wim Benes
  3. Daniel B
  4. Philipp T
  5. Pierre Mozinet

Play Store Support

Firefox for Android only

Channel Total reviews Total conv interacted by contributors Total conv replied by contributors
Oct 2023 6,334 45 18
Nov 2023 6,231 281 75
Dec 2023

Top 5 Play Store contributors in the past 3 months: 

Product updates

To catch up on product releases update, please watch the recording of the Customer Experience scrum meeting from AirMozilla. You can also subscribe to the AirMozilla folder by clickling on the Subscribe button at the top right corner of the page to get notifications each time we add a new recording.

Useful links:

 

Web Application SecurityMozilla VPN Security Audit 2023

To provide transparency into our ongoing efforts to protect your privacy and security on the Internet, we are releasing a security audit of Mozilla VPN that Cure53 conducted earlier this year.

The scope of this security audit included the following products:

  • Mozilla VPN Qt6 App for macOS
  • Mozilla VPN Qt6 App for Linux
  • Mozilla VPN Qt6 App for Windows
  • Mozilla VPN Qt6 App for iOS
  • Mozilla VPN Qt6 App for Android

Here’s a summary of the items discovered within this security audit that the auditors rated as medium or higher severity:

  • FVP-03-003: DoS via serialized intent 
      • Data received via intents within the affected activity should be validated to prevent the Android app from exposing certain activities to third-party apps.
      • There was a risk that a malicious application could leverage this weakness to crash the app at any time.
      • This risk was addressed by Mozilla and confirmed by Cure53.
  • FVP-03-008: Keychain access level leaks WG private key to iCloud 
      • Cure53 confirmed that this risk has been addressed due to an extra layer of encryption, which protects the Keychain specifically with a key from the device’s secure enclave.
  • FVP-03-009: Lack of access controls on daemon socket
      • Access controls to guarantee that the user sending commands to the daemon was permitted to initiate the intended action needs to be implemented.
      • This risk has been addressed by Mozilla and confirmed by Cure53.
  • FVP-03-010: VPN leak via captive portal detection 
      • Cure53 advised that the captive portal detection feature be turned off by default to prevent an opportunity for IP leakage when using maliciously set up WiFi hotspots.
      • Mozilla addressed the risk by no longer pinging for a captive portal outside of the VPN tunnel.
  • FVP-03-011: Lack of local TCP server access controls
      • The VPN client exposes a local TCP interface running on port 8754, which is bound to localhost. Users on localhost can issue a request to the port and disable the VPN.
      • Mozilla addressed this risk as recommended by Cure53.
  • FVP-03-012: Rogue extension can disable VPN using mozillavpnnp (High)
      • mozillavpnnp does not sufficiently restrict the application caller.
      • Mozilla addressed this risk as recommended by Cure53.

If you’d like to read the detailed report from Cure53, including all low and informational items, you can find it here.

 

The post Mozilla VPN Security Audit 2023 appeared first on Mozilla Security Blog.

Open Policy & AdvocacyMozilla Asks US Supreme Court to Support Responsible Content Moderation

Today Mozilla Corporation joined an amicus brief in a pair of important Supreme Court cases. The cases consider Texas and Florida laws that prohibit social media platforms from removing hateful and abusive content. If upheld, these laws would make content moderation impossible and would make the internet a much less safe place for all of us. Mozilla urges the Supreme Court to find them unconstitutional.

The Texas law, known as H.B. 20, would prohibit large social media sites from blocking, removing, or demonetizing content based on the viewpoint. While it provides an exception for illegal speech, this still means that platforms would be forced to host a huge range of legal but harmful content, such as outright racism or Holocaust denial. It would mandate, for example, that a page devoted to South African history must tolerate pro-Apartheid comments, or that an online community devoted to religious practice allow comments mocking religion. It would condemn all social media to rampant trolling and abuse.

Mozilla has joined a brief filed by Internet Works and other companies including Tumblr and Pinterest. The brief sets out how content moderation works in practice, and how it can vary widely depending on the goals and community of each platform. It explains how content moderation can promote speech and free association by allowing people to choose and build online communities. In Mozilla’s own social media products, our goal is to moderate in favor of a healthy community. This goal is central to our mission, which underscores our commitment to “an internet that promotes civil discourse, human dignity, and individual expression” and “that elevates critical thinking, reasoned argument, shared knowledge, and verifiable facts.”

The laws under consideration by the Court do not serve speech, but would instead destroy online communities that rely on healthy moderation. Mozilla is standing with the community and allies to call for a better future online.

The post Mozilla Asks US Supreme Court to Support Responsible Content Moderation appeared first on Open Policy & Advocacy.

hacks.mozilla.orgFirefox Developer Edition and Beta: Try out Mozilla’s .deb package!

A month ago, we introduced our Nightly package for Debian-based Linux distributions. Today, we are proud to announce we made our .deb package available for Developer Edition and Beta!

We’ve set up a new APT repository for you to install Firefox as a .deb package. These packages are compatible with the same Debian and Ubuntu versions as our traditional binaries.

Your feedback is invaluable, so don’t hesitate to report any issues you encounter to help us improve the overall experience.

Adopting Mozilla’s Firefox .deb package offers multiple benefits:

  • you will get better performance thanks to our advanced compiler-based optimizations,
  • you will receive the latest updates as fast as possible because the .deb is integrated into Firefox’s release process,
  • you will get hardened binaries with all security flags enabled during compilation,
  • you can continue browsing after upgrading the package, meaning you can restart Firefox at your convenience to get the latest version.
To set up the APT repository and install the Firefox .deb package, simply follow these steps:
<code># Create a directory to store APT repository keys if it doesn't exist:
sudo install -d -m 0755 /etc/apt/keyrings

# Import the Mozilla APT repository signing key:
wget -q <a class="c-link" href="https://packages.mozilla.org/apt/repo-signing-key.gpg" target="_blank" rel="noopener noreferrer" data-stringify-link="https://packages.mozilla.org/apt/repo-signing-key.gpg" data-sk="tooltip_parent">https://packages.mozilla.org/apt/repo-signing-key.gpg</a> -O- | sudo tee /etc/apt/keyrings/packages.mozilla.org.asc > /dev/null

# The fingerprint should be 35BAA0B33E9EB396F59CA838C0BA5CE6DC6315A3
gpg -n -q --import --import-options import-show /etc/apt/keyrings/packages.mozilla.org.asc | awk '/pub/{getline; gsub(/^ +| +$/,""); print "\n"$0"\n"}'

# Next, add the Mozilla APT repository to your sources list:
echo "deb [signed-by=/etc/apt/keyrings/packages.mozilla.org.asc] <a class="c-link" href="https://packages.mozilla.org/apt" target="_blank" rel="noopener noreferrer" data-stringify-link="https://packages.mozilla.org/apt" data-sk="tooltip_parent">https://packages.mozilla.org/apt</a> mozilla main" | sudo tee -a /etc/apt/sources.list.d/mozilla.list > /dev/null

# Update your package list and install the Firefox .deb package:
sudo apt-get update && sudo apt-get install firefox-beta  # Replace "beta" by "devedition" for Developer Edition
And that’s it! You have now installed the latest Firefox Beta/Developer Edition .deb package on your Linux.
Firefox supports more than a hundred different locales. The packages mentioned above are in American English, but we have also created .deb packages containing the Firefox language packs. To install a specific language pack, replace fr in the example below with the desired language code:
sudo apt-get install firefox-beta-l10n-fr
To list all the available language packs, you can use this command after adding the Mozilla APT repository and running sudo apt-get update:
apt-cache search firefox-beta-l10n

The post Firefox Developer Edition and Beta: Try out Mozilla’s .deb package! appeared first on Mozilla Hacks - the Web developer blog.

Mozilla L10NVote for new Pontoon features

It’s been a while since we have asked Pontoon users what new features should we develop, which is why we have decided to run another survey now.

But first, let’s take a look at the top-voted features from the last round that are all live now:

  1. Provide new contributors with guidelines before adding their first suggestion (details).
  2. Notify suggestion authors when their suggestions get reviewed (details).
  3. Pre-fill editor with 100% Translation Memory matches when available (details).

In addition to those, we also implemented a couple of features that didn’t make it into top 3:

  • Expose managers on team dashboards to help users get in touch with them easily (details).
  • Add a light theme (details).

You asked, we listened! 🙂

2024 Survey

It’s now time to vote again! We’re working on Pontoon Roadmap for 2024 and we commit to implement at least 3 top-voted features by Pontoon users.

Please let us know by December 11 how important for you are the features listed below in this quick 5-minute survey:

  • Add virtual keyboard with special characters to the editor, customizable per locale (details).
  • Add “Copy translation from another locale as suggestion” batch action (details).
  • Link project names in Concordance search results to their corresponding strings (details).
  • Add ability to edit Translation Memory entries (details).
  • Add ability to propose new Terminology entries (details).
  • Improve overall performance of Pontoon translation workspace and dashboards (details).
  • Add ability to preview Fluent strings in the editor (details).
  • Add ability to receive automated notifications via email (details).
  • Add ability to read notifications one by one, or mark notifications as unread (details).
  • Add Timeline tab with activity to Project, Locale, ProjectLocale dashboards (details).

Note that at the end of the survey you will be able to add your own ideas, which you are always welcome to submit on GitHub.

The Mozilla Thunderbird BlogThunderbird for Android / K-9 Mail: October 2023 Progress Report

a dark background with thunderbird and k-9 mail logos centered, with the text "Thunderbird for Android, October 2023 progress report"

Welcome to the progress report for October! If you missed the one for September, you’re in luck, because we always try to include a link to the progress report of the previous month in the introduction.

Translations

All the translations of the app are provided by volunteers from the community. This work is mostly independent from software development and design work. So sometimes it’s easy for us to forget that a lot more people regularly spend time working on the app.

Dear translators, thank you for all the work you’re putting into making the app more accessible by translating it to so many languages ❤

Move to Weblate

In October we switched to Weblate to manage translations of the app. This has a couple of reasons:

  • Some of the volunteers providing translations have expressed a strong preference for Weblate. It’s also not uncommon for volunteers to also translate other open source apps. Weblate has become a popular option for that.
  • Weblate has good tools to allow us to better integrate it into our development process.
  • Unlike the previous translation service we used, Weblate itself is open source software. And you all know we love open source.

Call for translators 

Currently K-9 Mail ships with support for the following 49 languages:

Albanian, Arabic, Basque, Belarusian, Breton, Bulgarian, Catalan, Chinese (Simplified), Chinese (Traditional), Croatian, Czech, Danish, Dutch, English, English (GB), Esperanto, Estonian, Finnish, French, Frisian, Gaelic, Galician, German, Greek, Hebrew, Hungarian, Icelandic, Indonesian, Italian, Japanese, Korean, Latvian, Lithuanian, Malayalam, Norwegian Bokmål, Persian, Polish, Portuguese (Brazil), Portuguese (Portugal), Romanian, Russian, Serbian, Slovak, Slovenian, Spanish, Swedish, Turkish, Ukrainian, Welsh.

There’s an additional 7 languages where partial translations exist, but are currently not included in the app:

Armenian (36% translated), Azerbaijani (6%), Georgian (51%), Hindi (23%), Norwegian Nynorsk (43%), Tamil (16%), Vietnamese (63%).

However, some of the included translations haven’t been updated in a while. And so in addition to the 7 languages above, there’s quite a few languages that could use the help of new translators. Here’s the list of languages where less than 97% of strings have been translated:

Arabic (88%), Belarusian (89%), Breton (74%), Bulgarian (87%), Croatian (75%), Danish (92%), English (GB) (1%), Esperanto (82%), Gaelic (73%), Galician (82%), Greek (89%), Hebrew (49%), Indonesian (79%), Korean (69%), Latvian (89%), Lithuanian (87%), Malayalam (81%), Norwegian Bokmål (93%), Persian (89%), Portuguese (Portugal) (88%), Russian (88%), Serbian (79%), Slovak (71%), Slovenian (90%), Ukrainian (89%), Welsh (86%).

If you want to help out with translations for any of these, please head over to our Weblate project.

GitHub organization renamed

On October 31 our GitHub organization was renamed from thundernest to thunderbird. We also used this opportunity to rename the repository from k-9 to thunderbird-android.

Old links should redirect to the new location. But if you’re maintaining a website that links to our GitHub organization or repository, please update those links.

Improved account setup

The new account setup is still our main focus. In October most of our work went on behind the scenes. The only user-visible changes were fixing a crash when entering an unsupported email address and respecting the app theme and app language settings in the account setup UI.

We also worked on replacing the screens to edit incoming and outgoing server settings. However, that work is still ongoing and not available in beta releases yet.

Architecture decision records

We’re trying to get better at documenting decisions we made about the architecture of the app. Wolf started us off by creating the following architecture decision records (ADR):

“Make Better Email” meeting

At the end of October cketti attended Make Better Email, a meeting to bring together email client authors, email server authors, and email service providers to talk about how to improve the ecosystem through the better use of open standards.

Some of the topics we talked about:

  • Modern Authentication – What mechanism do we need to be able to support interoperable modern authentication for clients of open protocols, such as IMAP, JMAP, SMTP, CalDAV, and CardDAV.
  • Scheduled Send – How can this feature be implemented in an interoperable way.
  • IMAP Extensions – We came up with a recommendation for which existing standards should be targeted by living IMAP code.

In the upcoming months this should result in new RFC drafts and a best current practice (BCP) document at the IETF.

Community contributions

  • fishchimp made a change that hopefully makes it harder to accidentally trigger swipe actions in the message list (see #7280).
  • Marcel M. fixed a bug that lead to notifications always being silent on Android Wear devices (see #7284).

Many thanks to both of you! ❤

Releases

In October 2023 we published the following stable releases:

… and the following beta versions:

If you want to help shape future versions of the app, become a beta tester and provide feedback on new features while they are still in development.

The post Thunderbird for Android / K-9 Mail: October 2023 Progress Report appeared first on The Thunderbird Blog.

hacks.mozilla.orgIntroducing llamafile

A special thanks to Justine Tunney of the Mozilla Internet Ecosystem (MIECO), who co-authored this blog post.

Today we’re announcing the first release of llamafile and inviting the open source community to participate in this new project.

llamafile lets you turn large language model (LLM) weights into executables.

Say you have a set of LLM weights in the form of a 4GB file (in the commonly-used GGUF format). With llamafile you can transform that 4GB file into a binary that runs on six OSes without needing to be installed.

This makes it dramatically easier to distribute and run LLMs. It also means that as models and their weights formats continue to evolve over time, llamafile gives you a way to ensure that a given set of weights will remain usable and perform consistently and reproducibly, forever.

We achieved all this by combining two projects that we love: llama.cpp (a leading open source LLM chatbot framework) with Cosmopolitan Libc (an open source project that enables C programs to be compiled and run on a large number of platforms and architectures). It also required solving several interesting and juicy problems along the way, such as adding GPU and dlopen() support to Cosmopolitan; you can read more about it in the project’s README.

This first release of llamafile is a product of Mozilla’s innovation group and developed by Justine Tunney, the creator of Cosmopolitan. Justine has recently been collaborating with Mozilla via MIECO, and through that program Mozilla funded her work on the 3.0 release  (Hacker News discussion) of Cosmopolitan. With llamafile, Justine is excited to be contributing more directly to Mozilla projects, and we’re happy to have her involved.

llamafile is licensed Apache 2.0, and we encourage contributions. Our changes to llama.cpp itself are licensed MIT (the same license used by llama.cpp itself) so as to facilitate any potential future upstreaming. We’re all big fans of llama.cpp around here; llamafile wouldn’t have been possible without it and Cosmopolitan.

We hope llamafile is useful to you and look forward to your feedback.

 

 

The post Introducing llamafile appeared first on Mozilla Hacks - the Web developer blog.

Mozilla Add-ons BlogOpen extensions on Firefox for Android debut December 14 (but you can get a sneak peek today)

Starting December 14, 2023, extensions marked as Android compatible on addons.mozilla.org (AMO) will be openly available to Firefox for Android users.

“We’ve been so impressed with developer enthusiasm and preparation,” said Giorgio Natili, Firefox Director of Engineering. “Just a few weeks ago it looked like we might have a couple hundred Android extensions for launch, but now we can safely say AMO will have 400+ new Firefox for Android extensions available on December 14. We couldn’t be more thankful to our developer community for embracing this exciting moment.”

In anticipation of the launch of open extensions on Android, we just added a link to “Explore all Android extensions” on AMO’s Android page to make it easy to discover new content. And just for fun and to offer a taste of what’s to come, we also released a couple dozen new open extensions for Android. You can find them listed beneath the Recommended Extensions collection on that AMO Android page. Try a few out!

Get your Firefox desktop extension ready for Android

There’s still time to make your desktop extension compatible with Firefox for Android if you want to be part of the December 14 launch. Senior Developer Relations Engineer Simeon Vincent recently hosted two webinars to help developers work through common migration hurdles. Here are recorded webinars from October (an introduction to mobile extension migration) and November (setup, testing, debugging).

Simeon also hosts open “office hours” every Monday and Tuesday for anyone interested in signing up to receive 1:1 guidance on Firefox for Android extension development. Office hours run through December, so be sure to tap Simeon’s expertise while time remains.

“Early Add-opter” t-shirts still available!

Are you a developer planning to make your desktop extension work with Firefox for Android by December 14? Do you like cool free t-shirts? Great! Then email us at firefox-android-addon-support [at] mozilla.com with a link to your extension’s AMO listing page and we’ll follow up with t-shirt order details. Better act fast though, we’ve only got 200 tees total and just a few remain.

The post Open extensions on Firefox for Android debut December 14 (but you can get a sneak peek today) appeared first on Mozilla Add-ons Community Blog.

Open Policy & AdvocacyGlobal Privacy Control Empowers Individuals to Limit Privacy-Invasive Tracking

Global Privacy Control (GPC) is a proposed standard by PrivacyCG that aims to make privacy more accessible to everyone. Available now in Firefox version 120 and soon to be featured in Firefox for Android version 122, a new setting (in Preferences → Privacy & Security) has been introduced that allows users to enable GPC. With this opt-in feature, Firefox, on behalf of our users, can signal to websites to not sell or share user data with third parties.

Mozilla has long invested in technologies to protect the privacy of Firefox users and is a founding member of the GPC standards effort. In 2021, Mozilla took initiative to begin experimenting with implementing Global Privacy Control in Firefox Nightly. Since then, we’ve made a commitment to provide Firefox users with the means to refuse targeted advertising by providing a simpler and more accessible means of signaling privacy preferences to businesses or websites.

Firefox users can now easily enable GPC preferences directly within the privacy & security section in their Firefox settings – expressing user privacy preferences to websites is now as simple as checking off a box! In addition, we’ve also ensured that GPC is enabled in private browsing mode by default.

Enable Global Privacy Control on Firefox with three easy steps:

  1. In the Menu bar at the top of the screen, click Firefox and select Preferences.
  2. In the Privacy & Security panel, scroll down to ‘Website Privacy Preferences’ and click the ‘Tell websites not to sell or share my data option.’
  3. Close the Settings page. Any changes you’ve made will automatically be saved.

Global Privacy Control is considered legally enforceable in some jurisdictions, such as California via the California Consumer Protection Act (CCPA), and can indicate an opt-out of targeted advertising or elicit a general request to limit the sale or sharing of user personal data in that jurisdiction. We have previously advocated for legislation that would require websites in more jurisdictions to recognize universal opt-out signals as a valid objection to data collection or sharing.

Without GPC, users are forced to repeatedly re-communicate their objection to tracking, leading to consent fatigue even in jurisdictions where users do have basic rights around their data.  Once collected, most people have no idea how data is stored, shared, or even sold. GPC aims to make it easier for people to express their privacy preferences and exercise their rights.

The post Global Privacy Control Empowers Individuals to Limit Privacy-Invasive Tracking appeared first on Open Policy & Advocacy.

The Mozilla Thunderbird BlogNovember 2023 Community Office Hours: Cards View Updates

The thunderbird logo (a blue elemental bird curled up and protecting an inner icon shaped like a heart, formed from two hands clasping together)


Please join us for our upcoming Thunderbird community office hours all about Cards View on November 29, 2023 at 18:00 UTC! (Keep reading for joining information.)

A New Era

We are trying out a new format in this edition of the office hours. Previously, we had several sessions with no agenda. This was intended to provide an open forum for anyone to come and ask any questions, during a few different times. Since we have seen low engagement, we’re trying something new.

The new office hours format will feature a key Thunderbird guest to talk about the area they specialize in. Going forward, we’ll hold just one monthly session at a time we hope is convenient for the majority of our users around the globe. The session will be recorded and shared with the community afterwards. On air, we will do our best to answer any questions you have. Everyone is welcome to attend and ask questions live. If you cannot make it in person, we encourage you to submit any questions you have in advance by sending them to

officehours@thunderbird.net

Topic: Cards View 

With the substantial UI changes that the new cards view in Thunderbird 115 “Supernova” offers, we thought we would bring an expert on cards view, Micah Ilbery to discuss the improvements with you. Micah has been a designer on the Thunderbird team and played a major role in the beautiful cards view we have today. So if you have questions or helpful feedback you would like to share face-to-face with Micah, this is your opportunity! If you can’t make it, please submit any questions you have to the above email address and we will ask them on air for you.

(You can see where Cards View is headed next by looking here.)

Zoom Information

Direct URL To Join: https://mzla.link/tb-officehours-nov23
Meeting ID: 939 2505 4689
Password: 993267

Dial by your location:

  • +1 646 518 9805 US (New York)
  • +1 669 219 2599 US (San Jose)
  • +1 647 558 0588 Canada
  • +33 1 7095 0103 France
  • +49 69 7104 9922 Germany
  • +44 330 088 5830 United Kingdom
  • Find your local number: https://mozilla.zoom.us/u/adkUNXc0FO

Update: You can watch the video on AirMozilla!

The post November 2023 Community Office Hours: Cards View Updates appeared first on The Thunderbird Blog.

hacks.mozilla.orgMozilla AI Guide Launch with Summarization Code Example

The Mozilla AI Guide has launched and we welcome you to read through and get acquainted with it. You can access it here

Our vision is for the AI Guide to be the starting point for every new developer to the space and a place to revisit for clarity and inspiration, ensuring that AI innovations enrich everyday life. The AI Guide’s initial focus begins with language models and the aim is to become a collaborative community-driven resource covering other types of models.

To start the first few sections in the Mozilla AI Guide go in-depth on the most asked questions about Large Language Models (LLMs). AI Basics covers the concepts of AI, ML, LLMs, what these concepts mean and how they are related. This section also breaks down the pros and cons of using an LLM. Language Models 101 continues to build on the shared knowledge of AI basics and dives deeper into the next level with language models. It will answer questions such as “What does ‘training’ an ML model mean” or “What is ‘human in the loop’ approach?”

We will jump to the last section on Choosing ML Models and demonstrate in code below what can be done using open source models to summarize certain text. You can access the Colab Notebook here or continue reading:

First Steps with Language Models

Unlike other guides, this one is designed to help pick the right model for whatever it is you’re trying to do, by:

  • teaching you how to always remain on the bleeding edge of published AI research
  • broadening your perspective on current open options for any given task
  • not be tied to a closed-source / closed-data large language model (ex OpenAI, Anthropic)
  • creating a data-led system for always identifying and using the state-of-the-art (SOTA) model for any particular task.

We’re going to hone in on “text summarization” as our first task.

So… why are we not using one of the popular large language models?

Great question. Most available LLMs worth their salt can do many tasks, including summarization, but not all of them may be good at what specifically you want them to do. We should figure out how to evaluate whether they actually can or not.

Also, many of the current popular LLMs are not open, are trained on undisclosed data and exhibit biases. Responsible AI use requires careful choices, and we’re here to help you make them.

Finally, most large LLMs require powerful GPU compute to use. While there are many models that you can use as a service, most of them cost money per API call. Unnecessary when some of the more common tasks can be done at good quality with already available open models and off-the-shelf hardware.

Why do using open models matter?

Over the last few decades, engineers have been blessed with being able to onboard by starting with open source projects, and eventually shipping open source to production. This default state is now at risk.

Yes, there are many open models available that do a great job. However, most guides don’t discuss how to get started with them using simple steps and instead bias towards existing closed APIs.

Funding is flowing to commercial AI projects, who have larger budgets than open source contributors to market their work, which inevitably leads to engineers starting with closed source projects and shipping expensive closed projects to production.

Our First Project – Summarization

We’re going to:

  • Find text to summarize.
  • Figure out how to summarize them using the current state-of-the-art open source models.
  • Write some code to do so.
  • Evaluate quality of results using relevant metrics

For simplicity’s sake, let’s grab Mozilla’s Trustworthy AI Guidelines in string form

Note that in the real world, you will likely have to use other libraries to extract content for any particular file type.

import textwrap

content = """Mozilla's "Trustworthy AI" Thinking Points:

PRIVACY: How is data collected, stored, and shared? Our personal data powers everything from traffic maps to targeted advertising. Trustworthy AI should enable people to decide how their data is used and what decisions are made with it.

FAIRNESS: We’ve seen time and again how bias shows up in computational models, data, and frameworks behind automated decision making. The values and goals of a system should be power aware and seek to minimize harm. Further, AI systems that depend on human workers should protect people from exploitation and overwork.

TRUST: People should have agency and control over their data and algorithmic outputs, especially considering the high stakes for individuals and societies. For instance, when online recommendation systems push people towards extreme, misleading content, potentially misinforming or radicalizing them.

SAFETY: AI systems can carry high risk for exploitation by bad actors. Developers need to implement strong measures to protect our data and personal security. Further, excessive energy consumption and extraction of natural resources for computing and machine learning accelerates the climate crisis.

TRANSPARENCY: Automated decisions can have huge personal impacts, yet the reasons for decisions are often opaque. We need to mandate transparency so that we can fully understand these systems and their potential for harm."""

Great. Now we’re ready to start summarizing.

A brief pause for context

The AI space is moving so fast that it requires a tremendous amount of catching up on scientific papers each week to understand the lay of the land and the state of the art.

It’s some effort for an engineer who is brand new to AI to:

  • discover which open models are even out there
  • which models are appropriate for any particular task
  • which benchmarks are used to evaluate those models
  • which models are performing well based on evaluations
  • which models can actually run on available hardware

For the working engineer on a deadline, this is problematic. There’s not much centralized discourse on working with open source AI models. Instead there are fragmented X (formerly Twitter) threads, random private groups and lots of word-of-mouth transfer.

However, once we have a workflow to address all of the above, you will have the means to forever be on the bleeding age of published AI research

How do I get a list of available open summarization models?

For now, we recommend Huggingface and their large directory of open models broken down by task. This is a great starting point. Note that larger LLMs are also included in these lists, so we will have to filter.

In this huge list of summarization models, which ones do we choose?

We don’t know what any of these models are trained on. For example, a summarizer trained on news articles vs Reddit posts will perform better on news articles.

What we need is a set of metrics and benchmarks that we can use to do apples-to-apples comparisons of these models.

How do I evaluate summarization models?

The steps below can be used to evaluate any available model for any task. It requires hopping between a few sources of data for now, but we will be making this a lot easier moving forward.

Steps:

  1. Find the most common datasets used to train models for summarization.
  2. Find the most common metrics used to evaluate models for summarization across those datasets.
  3. Do a quick audit on training data provenance, quality and any exhibited biases, to keep in line with Responsible AI usage.

Finding datasets

The easiest way to do this is using Papers With Code, an excellent resource for finding the latest scientific papers by task that also have code repositories attached.

First, filter Papers With Code’s “Text Summarization” datasets by most cited text-based English datasets.

Let’s pick (as of this writing) the most cited dataset — the “CNN/DailyMail” dataset. Usually most cited is one marker of popularity.

Now, you don’t need to download this dataset. But we’re going to review the info Papers With Code have provided to learn more about it for the next step. This dataset is also available on Huggingface.

You want to check 3 things:

  • license
  • recent papers
  • whether the data is traceable and the methods are transparent

First, check the license. In this case, it’s MIT licensed, which means it can be used for both commercial and personal projects.

Next, see if the papers using this dataset are recent. You can do this by sorting Papers in descending order. This particular dataset has many papers from 2023 – great!

Finally, let’s check whether the data is from a credible source. In this case, the dataset was generated by IBM in partnership with the University of Montréal. Great.

Now, let’s dig into how we can evaluate models that use this dataset.

Evaluating models

Next, we look for measured metrics that are common across datasets for the summarization task. BUT, if you’re not familiar with the literature on summarization, you have no idea what those are.

To find out, pick a “Subtask” that’s close to what you’d like to see. We’d like to summarize the CNN article we pulled down above, so let’s choose “Abstractive Text Summarization”.

Now we’re in business! This page contains a significant amount of new information.

There are mentions of three new terms: ROUGE-1, ROUGE-2 and ROUGE-L. These are the metrics that are used to measure summarization performance.

There is also a list of models and their scores on these three metrics – this is exactly what we’re looking for.

Assuming we’re looking at ROUGE-1 as our metric, we now have the top 3 models that we can evaluate in more detail. All 3 are close to 50, which is a promising ROUGE score (read up on ROUGE).

Testing out a model

OK, we have a few candidates, so let’s pick a model that will run on our local machines. Many models get their best performance when running on GPUs, but there are many that also generate summaries fast on CPUs. Let’s pick one of those to start – Google’s Pegasus.

# first we install huggingface's transformers library
%pip install transformers sentencepiece

Then we find Pegasus on Huggingface. Note that part of the datasets Pegasus was trained on includes CNN/DailyMail which bodes well for our article summarization. Interestingly, there’s a variant of Pegasus from google that’s only trained on our dataset of choice, we should use that.

from transformers import PegasusForConditionalGeneration, PegasusTokenizer 
import torch 

# Set the seed, this will help reproduce results. Changing the seed will 
# generate new results 
from transformers import set_seed 
set_seed(248602) 

# We're using the version of Pegasus specifically trained for summarization 
# using the CNN/DailyMail dataset 
model_name = "google/pegasus-cnn_dailymail"

# If you're following along in Colab, switch your runtime to a
# T4 GPU or other CUDA-compliant device for a speedup
device = "cuda" if torch.cuda.is_available() else "cpu" 

# Load the tokenizer
tokenizer = PegasusTokenizer.from_pretrained(model_name) 

# Load the model 
model = PegasusForConditionalGeneration.from_pretrained(model_name).to(device)

# Tokenize the entire content
batch = tokenizer(content, padding="longest", return_tensors="pt").to(device)

# Generate the summary as tokens
summarized = model.generate(**batch)

# Decode the tokens back into text
summarized_decoded = tokenizer.batch_decode(summarized, skip_special_tokens=True)
summarized_text = summarized_decoded[0]

# Compare
def compare(original, summarized_text):
  print(f"Article text length: {len(original)}\n")
  print(textwrap.fill(summarized_text, 100))
  print()
  print(f"Summarized length: {len(summarized_text)}")

compare(content, summarized_text)
Article text length: 1427

Trustworthy AI should enable people to decide how their data is used.<n>values and goals of a system
should be power aware and seek to minimize harm.<n>People should have agency and control over their
data and algorithmic outputs.<n>Developers need to implement strong measures to protect our data and
personal security.

Summarized length: 320

Alright, we got something! Kind of short though. Let’s see if we can make the summary longer…


set_seed(860912)

# Generate the summary as tokens, with a max_new_tokens
summarized = model.generate(**batch, max_new_tokens=800)
summarized_decoded = tokenizer.batch_decode(summarized, skip_special_tokens=True)
summarized_text = summarized_decoded[0]

compare(content, summarized_text)
Article text length: 1427

Trustworthy AI should enable people to decide how their data is used.<n>values and goals of a system
should be power aware and seek to minimize harm.<n>People should have agency and control over their
data and algorithmic outputs.<n>Developers need to implement strong measures to protect our data and
personal security.

Summarized length: 320

Well, that didn’t really work. Let’s try a different approach called ‘sampling’. This allows the model to pick the next word according to its conditional probability distribution (specifically, the probability that said word follows the word before).

We’ll also be setting the ‘temperature’. This variable works to control the levels of randomness and creativity in the generated output.

set_seed(118511)
summarized = model.generate(**batch, do_sample=True, temperature=0.8, top_k=0)
summarized_decoded = tokenizer.batch_decode(summarized, skip_special_tokens=True)
summarized_text = summarized_decoded[0]
compare(content, summarized_text)
Article text length: 1427

Mozilla's "Trustworthy AI" Thinking Points:.<n>People should have agency and control over their data
and algorithmic outputs.<n>Developers need to implement strong measures to protect our data.

Summarized length: 193

Shorter, but the quality is higher. Adjusting the temperature up will likely help.

set_seed(108814)
summarized = model.generate(**batch, do_sample=True, temperature=1.0, top_k=0)
summarized_decoded = tokenizer.batch_decode(summarized, skip_special_tokens=True)
summarized_text = summarized_decoded[0]
compare(content, summarized_text)
Article text length: 1427

Mozilla's "Trustworthy AI" Thinking Points:.<n>People should have agency and control over their data
and algorithmic outputs.<n>Developers need to implement strong measures to protect our data and
personal security.<n>We need to mandate transparency so that we can fully understand these systems
and their potential for harm.

Summarized length: 325

Now let’s play with one other generation approach called top_k sampling — instead of considering all possible next words in the vocabulary, the model only considers the top ‘k’ most probable next words.

This technique helps to focus the model on likely continuations and reduces the chances of generating irrelevant or nonsensical text.

It strikes a balance between creativity and coherence by limiting the pool of next-word choices, but not so much that the output becomes deterministic.

set_seed(226012)
summarized = model.generate(**batch, do_sample=True, top_k=50)
summarized_decoded = tokenizer.batch_decode(summarized, skip_special_tokens=True)
summarized_text = summarized_decoded[0]
compare(content, summarized_text)
Article text length: 1427

Mozilla's "Trustworthy AI" Thinking Points look at ethical issues surrounding automated decision
making.<n>values and goals of a system should be power aware and seek to minimize harm.People
should have agency and control over their data and algorithmic outputs.<n>Developers need to
implement strong measures to protect our data and personal security.

Summarized length: 355

Finally, let’s try top_p sampling — also known as nucleus sampling, is a strategy where the model considers only the smallest set of top words whose cumulative probability exceeds a threshold ‘p’.

Unlike top_k which considers a fixed number of words, top_p adapts based on the distribution of probabilities for the next word. This makes it more dynamic and flexible. It helps create diverse and sensible text by allowing less probable words to be selected when the most probable ones don’t add up to ‘p’.

set_seed(21420041)
summarized = model.generate(**batch, do_sample=True, top_p=0.9, top_k=50)
summarized_decoded = tokenizer.batch_decode(summarized, skip_special_tokens=True)
summarized_text = summarized_decoded[0]
compare(content, summarized_text)

# saving this for later.
pegasus_summarized_text = summarized_text
Article text length: 1427

Mozilla's "Trustworthy AI" Thinking Points:.<n>People should have agency and control over their data
and algorithmic outputs.<n>Developers need to implement strong measures to protect our data and
personal security.<n>We need to mandate transparency so that we can fully understand these systems
and their potential for harm.

Summarized length: 325

To continue with the code example and see a test with another model, and to learn how to evaluate ML model results (a whole another section), click here to view the Python Notebook and click “Open in Colab” to experiment with your own custom code.

Note this guide will be constantly updated and new sections on Data Retrieval, Image Generation, and Fine Tuning will be coming next.

Developer Contributions Are Vital

Shortly after today’s launch of the Mozilla AI Guide, we will be publishing our community contribution guidelines. It will provide guidance on the type of content developers can contribute and how it can be shared. Get ready to share any great open source AI projects, implementations, video and audio models.

Together, we can bring together a cohesive, collaborative and responsible AI community.

A special thanks to Kevin Li and Pradeep Elankumaran who pulled this great blog post together.

The post Mozilla AI Guide Launch with Summarization Code Example appeared first on Mozilla Hacks - the Web developer blog.

SeaMonkeyMigrating off archive.mozilla.org

Hi all,

This is a heads up to all.  The SeaMonkey project needs to stop using archive.mozilla.org by year end.

So, we are migrating our files from archive.mozilla.org to a storage system on Azure.  However, I want to note that there are files there that I will not be moving.  They will most likely be left as is until Mozilla blows it away (or I do).

The only folders that are being migrated are the “releases” and nightly folder.  [I’m currently copying the files from releases to the new storage area, so nightly will need to take a back seat.]  The rest will be “decommissioned” as they are relics of a past that we can no longer go back to.  Tinderbox is dead.   Comm-* builds are no longer feasible/relevant.  Candidates are also no longer relevant.

I’m hoping to setup the new storage system as a ‘static’ page so that one can just go to (for example, https://archive.seamonkey-project.org/) and you can see both the nightly and releases directory.   At this point in time, I’m working on it.   The copying is taking the longest.

As the person who’ve worked on and around archive.mozilla.org, I feel sad to see all those files go poof. I guess it’s a feeling of nostalgia(makes me think of those years working with Callek to get the releases out on Buildbot) rather than actual utility.  Once Jan 1 comes around, it will be the end of an era and of course, the beginning of a new one.

Anyway, *if* you are interested in keeping those files, I’d suggest you download them as soon as possible.

Best regards,

:ewong

 

SeaMonkeySeaMonkey 2.53.18 Beta 1 is out!

Hi All,

The SeaMonkey Project team is pleased to announce the immediate release of SeaMonkey 2.53.18 Beta 1.

Please check out [1] and/or [2].

Updates forthcoming.

:ewong

[1] – https://www.seamonkey-project.org/releases/seamonkey2.53.18/

[2] – https://www.seamonkey-project.org/releases/2.53.18b1

The Mozilla Thunderbird BlogAn Untold History of Thunderbird

The History of Thunderbird -- graphics that depicts the evolution of the Thunderbird logo throughout the last 20 years.


Selfie of Ryan Sipes in front of trees with yellow and orange leaves. <figcaption class="wp-element-caption">Ryan Sipes, Product and Business Development Manager</figcaption>

Hi, my name is Ryan Sipes and I run product and business development at MZLA Technologies Corporation, the subsidiary of the Mozilla Foundation that develops Thunderbird. I have been working on Thunderbird for my day job since November of 2017. It doesn’t seem like that long ago, but looking at the calendar I see that it has been six years this month. A lot has happened in that time and Thunderbird is in a much different place than it was when I started. I’ve seen multiple people online share accounts of “the Thunderbird story,” and each time I’ve thought “that’s really great, but they missed some important parts.” It’s not their fault, we’ve simply never shared the whole story. So today, I thought I’d sit down and write that.

To tell the story correctly, we must go back to 2012. That’s when Thunderbird began to transition from a project that was funded and developed by the Mozilla Corporation, to a community run project. The reasons behind that move were sound and made sense given the state of the project at the time.

One of the biggest issues for Thunderbird throughout its life is that, while it was a well-loved product with over 20 million users, it never had any substantial revenue that could adequately cover its development. So, whomever managed the incredibly large project had to simply eat the cost of developing, maintaining, fixing, and distributing the software. A few attempts were made to make the project sustainable (Mozilla Messaging, for example) but they ultimately didn’t work.

Surviving With A Skeleton Crew

By the time I joined in 2017, Thunderbird lived in the nonprofit Mozilla Foundation and was governed by the Thunderbird Council, an elected group of contributors to the project. At some point, a Thunderbird donation form was set up and donations were high enough to hire 3 people. A developer was hired, someone else to keep the infrastructure running, and a Community Manager (me). The team was way too small for the task at hand (by contrast, we now have 29 people working on Thunderbird). Shortly after being hired, I joined the Thunderbird Council and acted as its Treasurer for many years.

To say that this period was challenging would be an understatement. Thunderbird was being maintained by a skeleton crew. There were long stretches where we couldn’t even get the software to build. On top of that, there was no real organization or guiding vision for where we were trying to go. In fact, there were competing ideas within the community, and a consensus looked difficult to reach.

Throughout the first couple of years that I was around, I was acting as the Treasurer for the project and kept thinking, “we’ve got 20,000,000 users who rely on Thunderbird every day – is an application with that many users really going to just die? We really need to tell our users that we need their support.” 

The project simply wasn’t on a sustainable path, and a few of us suspected it was only a matter of a few years until Thunderbird would be unmaintainable.

Asking For Help

So we defined a vision, made a roadmap, and focused our work. It was still kind of chaotic, but it was more organized chaos. At the same time, I worked with the team on how best to convey the message that we needed the support of our users. It started with updates to the familiar Start Page that shows inside Thunderbird. Then we tried letting folks know when they downloaded the software that “Thunderbird is supported by donations from our users. Please consider giving to keep Thunderbird alive” (not the exact wording, but that was the spirit of the message). 

Eventually, we showed an in-app donation appeal to all our users explaining that we truly need their support if Thunderbird is going to stay around. Each time we tried to be honest about our need, and tasteful about how and when we asked.

Thunderbird's current Start Page, displayed when opening the software. It shows various links to donate, get support, report bugs, and contribute

And… It actually worked! Our users donated to help Thunderbird and we continued to get more organized. Eventually our team grew large enough that it made sense to move to our own organization, the aforementioned MZLA Technologies Corporation. The team working on Thunderbird got way more organized, and we put out many of the fires that made developing Thunderbird so hard. 

I could probably write a book on this part, but trust me: it was really, really tough to solve all these problems. Fortunately, it has all paid off in allowing us to do more in a faster and more efficient way.

Thunderbird Adopts A Puppy

Then we were able to do bigger things. As noted in another blog post, I’d been talking to cketti who ran the K-9 Mail open source email client project. K-9 Mail was exactly what I thought Thunderbird on Android would be if it existed. Talking to Cketti for a couple of years showed me that the K-9 Mail project also faced a sustainability challenge.

After many Thunderbird Council discussions, we concluded that K-9 Mail and Thunderbird shared common values and that we could better serve our users by adopting the project. K-9 Mail is amazing software, with a long legacy like Thunderbird and I’m excited that soon we will ship Thunderbird for Android based on the awesome foundation the K-9 Mail team has built and continues to improve. 

At the same time, there was a dreaded task to take on. Parts of the Thunderbird codebase are 20 years old. In software time, that’s ancient, like the pyramids are ancient. That old code made fixing long standing bugs or adding a feature extraordinarily difficult. Often a small change would break something random in a totally different part of the application and it would take a lot of time to figure out why. We had to fix this in the areas that were most affecting our work. 

Enter the “Supernova” project.

But WHY The Name “Supernova?” 

I named the 115 release Thunderbird “Supernova” after a cosmic explosion because I knew we were going to have to blow some things up and rebuild them. But I also knew the result was going to be beautiful and more powerful for our users. (Quick aside: a supernova often results in a beautiful nebula – search “Crab Nebula” to see what I mean). We rebuilt some really core parts of Thunderbird (a ton of the front-end, the message list, and message display areas to name a few). And in the process, we began a journey of future-proofing Thunderbird so that it can live for another 20 years. 

A photo of the Crab Nebula, courtesy of NASA<figcaption class="wp-element-caption">This view of the Crab Nebula in visible light comes from the Hubble Space Telescope and spans 12 light-years. The supernova remnant, located 6,500 light-years away in the constellation Taurus, is among the best-studied objects in the sky. Credits: NASA/ESA/ASU/J. Hester</figcaption>

And to celebrate, we gave Thunderbird a new logo.

Now, we look forward to the future, but email as a standard is under threat. It is becoming less of an open ecosystem and one of large fiefdoms with high walls.

The biggest providers are making features and tools that only work within their walled garden. They espouse “privacy” while maintaining access to all your messages in their privacy policies. They make it increasingly harder to use clients like Thunderbird because they want you to live in their apps in order to monetize you and your data. 

Next: Thunderbird for Android and iOS

But Thunderbird has an important story to tell. A story of decentralized, privacy-respecting email based on open standards. We’ve always created open source software that anyone can use, contribute to, and extend to their specific needs. 

By the time Q1 2024 rolls around, we’ll have opened the aperture a bit and given folks a new choice on Android. Next year we’re also going to start working on Thunderbird for iOS. In addition, we’re going to develop the tools that give people choices other than the big three. Thunderbird has come a long way these past few years, but we’re not done yet – come and join us as we get ready to do so much more!

The post An Untold History of Thunderbird appeared first on The Thunderbird Blog.

SUMO BlogWhat’s up with SUMO – Q3 2023

Hi everybody,

Sarto here! It’s been a great 4 months! The time really flew by. First and foremost I would like to thank the community here at Mozilla for for giving me grace and also showing me how passionate you guys truly are. I’ve worked in a handful of communities in the past but, by far, Mozilla has the most engaged community I’ve come across. The work that you guys put into Mozilla is commendable and valuable. For the community members and contributors that I was able to meet and interact with during my time here, thank you for sharing that passion with me. I’m handing the baton back over to Kiki. Till next time, keep on rocking the helpful web!

Cheers!

Welcome note and shout-outs from Q3

  • Big thanks to Paul who helped investigate 3 different incidents for Firefox in the last 2 weeks. There has been a huge amount of work going on for the CX team this quarter and you being involved in these incidents to help provide forum examples, follow up with users, and help herd some community folks to investigate has been very helpful.
  • Thanks to Jscher2000, Danny Colin, Paul, jonzn4SUSE, Dan, TyDraniu, and Zulqarnainjabbar99 for your input in the thread about UX Pain points leading to users leaving Firefox in the first 30 days.
  • Thank you to everyone who contributed to the release of Firefox 117 for Desktop, as well as all of the contributors who participated in the release thread.
  • Shout out to Paul for his work updating the Browsing history in Firefox – View the websites you have visited article for FireFox v118.
  • Shout out to Mark Heijl for his amazing job getting dutch article translations (incl. all the pocket ones) to a 100%!. And thank you Tim for bringing this to our attention!

If you know anyone that we should feature here, please contact Kiki and we’ll make sure to add them in our next edition.

Community news

Catch up

  • Watch the monthly community call if you haven’t. Learn more about what’s new in July, August, and September! Reminder: Don’t hesitate to join the call in person if you can. We try our best to provide a safe space for everyone to contribute. You’re more than welcome to lurk in the call if you don’t feel comfortable turning on your video or speaking up. If you feel shy to ask questions during the meeting, feel free to add your questions on the contributor forum in advance, or put them in our Matrix channel, so we can answer them during the meeting. First time joining the call? Check out this article to get to know how to join. 
  • If you’re an NDA’ed contributor, you can watch the recording of the Customer Experience weekly scrum meeting from AirMozilla to catch up with the latest product updates.
  • Consider subscribe to Firefox Daily Digest to get daily updates about Firefox from across different platforms.
  • Check out SUMO Engineering Board to see what the platform team is currently doing and submit a report through Bugzilla if you want to report a bug/request for improvement.

Community stats

KB

KB pageviews (*)

* KB pageviews number is a total of KB pageviews for /en-US/ only

Month Page views Vs previous month
Jul 2023 6,512,758 3.87%
Aug 2023 7,164,666 10.01%
Sep 2023 6,456,716 -9.88%

Top 5 KB contributors in the last 90 days: 

KB Localization

Top 10 locales based on total page views

Locale Jul 2023 

pageviews (*)

Aug 2023 pageviews (*) Sep 2023 

pageviews (*)

Localization progress (per Oct, 30)(**)
de 11.09% 11.41% 11.12% 87%
zh-CN 6.98% 7.03% 6.67% 88%
fr 6.16% 5.95% 7.49% 80%
es 5.71% 5.50% 5.84% 23%
ja 4.81% 4.62% 4.84% 35%
ru 3.47% 3.48% 3.55% 84%
pt-BR 3.39% 3.66% 3.39% 43%
It 2.35% 1.98% 2.42% 91%
pl 2.06% 2.05% 1.99% 78%
zh-TW 1.91% 0.92% 2.16% 2%
* Locale pageviews is an overall pageviews from the given locale (KB and other pages)

** Localization progress is the percentage of localized article from all KB articles per locale

Top 5 localization contributors in the last 90 days: 

Forum Support

Forum stats

Month Total questions Answer rate within 72 hrs Solved rate within 72 hrs Forum helpfulness
Jul 2023 2,664 76.28% 11.71% 59.24%
Aug 2023 2,853 79.36% 12.72% 49.59%
Sep 2023 2,977 72.93% 11.89% 67.89%

Top 5 forum contributors in the last 90 days: 

Social Support

Channel Total tweets Total moderation by contributors Total reply by contributors Respond conversion rate
Jul 2023 317 157 83 52.87%
Aug 2023 237 47 33 70.21%
Sep 2023 192 47 22 46.81%

Top 5 Social Support contributors in the past 3 months: 

  1. Daniel B.
  2. Théo Cannillo
  3. Wim Benes
  4. Ifeoma
  5. Peter Gallwas

Play Store Support*

Channel Total reviews Total conv interacted by contributors Total conv replied by contributors
Jul 2023 6,072 191 40
Aug 2023 6,135 185 55
Sep 2023 6,111 75 23
* Firefox for Android only

Top 5 Play Store contributors in the past 3 months: 

  1. Wim Benes
  2. Tim Maks
  3. Damian Szabat
  4. Christophe Villeneuve
  5. Selim Şumlu

Product updates

To catch up on product releases update, please watch the recording of the Customer Experience scrum meeting from AirMozilla. You can also subscribe to the AirMozilla folder by clickling on the Subscribe button at the top right corner of the page to get notifications each time we add a new recording.

Useful links:

Mozilla L10NL10n Report: November 2023 Edition

Please note some of the information provided in this report may be subject to change as we are sometimes sharing information about projects that are still in early stages and are not final yet. 

New content and projects

What’s new or coming up in Firefox desktop

On October 24 we shipped Firefox 119 with a brand new locale: Santali (sat). This brings the overall number of locales supported in Firefox release to 102. Congratulations to Prasanta and the other Santali contributors for this huge accomplishment.

In terms of new content to translate, a couple of new features were responsible for most of the new strings over the last months: a new shopping feature (Review Checker), and a redesigned Firefox View page, which now includes more information to support the user (recent browsing, recently closed tabs, tabs from other devices, etc.).

Check your Pontoon notifications for instructions on how to test your localization for the Review Checker in Nightly.

In the current Nightly (121) we also migrated the integrated PDF Viewer to Fluent, finally replacing the unmaintained legacy l10n system (webl10n.js) used in this feature.

What’s new or coming up in mobile

We officially launched yesterday the brand update from “Firefox Accounts” to a more general “Mozilla accounts” – a change you have probably noticed in recent string updates. Please make sure to address these strings so you keep products up to date with the rebranding.

You may have also noticed that a few Android strings have landed for add-ons, specifically to call out that we have hundreds of new extensions. If you would like to have this experiment available in your locale, make sure you go into the Firefox for Android project in Pontoon, and choose the Fenix file. Then search for these string IDs:

  • addon_ga_message_title
  • addon_ga_message_body
  • Addon_ga_message_button

You can find these from the search bar, once you are in the Fenix file in Pontoon.

What’s new or coming up in web projects

Mozilla Accounts

In early October Mozilla announced a name change for Firefox accounts, and as of November 1 Firefox accounts is now officially Mozilla accounts. Even before this, starting in September a significant number of new strings and changes related to this name change started making its way to you. Thank you for ensuring that your locales were updated and ready. The majority of locales shipping to production launched with all translations complete and ready for people around the world to use their Mozilla accounts in their own language. This is truly a result of your contributions! Now that these changes are live, please do reach out if you notice anything strange as you go about using your Mozilla account.

Mozilla.org

Since the last report, a few changes have landed in this project. In addition to the global change from Firefox account(s) to Mozilla account(s), the team also began to simplify the references to third party brand names. The names are no longer inside a placeholder. This change will make it easier to translate long strings with many brand names, all  too common in this project. Only Mozilla brands and product names will be coded in the placeholder. During this transition period, you will see a mixture of both. As we update a page or add a new page, the new approach will be applied.

A few new pages were added too. These are pages with file names ending in “-2023” or “-2”, replacing the older versions which will soon be removed from Pontoon. If you are working on these pages, make sure you are working on the new versions, not the old ones.

Relay Website

In the last report, we shared with you the news of migrating a few relay.firefox.com pages to mozilla.org. The migration was complete which resulted in opening up Relay specific pages to more locales. However, an internal decision has been made that these pages should remain on the current Relay product site and not move to mozilla.org.

We regret that the reversal of this decision came soon after the migration. We are having internal discussions around how we can better communicate changes in the future so that we can minimize the impact to our community volunteers.

The Mozilla.org and Relay teams will work closely with the l10n team to migrate the content back to the existing product site. All the work you have done will be stored in Pontoon. The l10n team will make its best effort to preserve the history of each of the translated strings. For the locales that didn’t opt in to the Relay Website project but participated in the localization of the pages on mozilla.org, we encourage you to consider opting in on the Relay project if the community is interested and has the bandwidth.

What’s new or coming up in SUMO

Firefox Review Checker Sprint is happening as we launched Firefox 119. Please check out the sprint wiki to get know more about the detail.

Firefox Account transition to Mozilla account. What you need to know as a SUMO contributor?

The content team at SUMO is utilizing Bugzilla to collect content requests from other teams. If you’re contributing to content at SUMO, please check out this best practices for Bugzilla tickets.

What’s new or coming up in Pontoon

Light Theme

We are excited to announce that we have incorporated a light theme into Pontoon. The theme selector is available in two places:

  • Settings Page: Directly select the light theme.
  • User Profile Menu: Click on the profile icon (top right) and choose the light theme.

Newly published localizer facing documentation

We have added documentation on how to use the theme selector feature to access the light theme in the settings page and user profile menu.

Events

We are hosting an L10n Fireside chat mid-November (date and time TBD). It will be live and recorded here. We are interested in your questions and topics! Please submit them in this form, or reach out directly to delphine at mozilla dot com if you prefer.

Want to showcase an event coming up that your community is participating in? Contact us and we’ll include it.

Friends of the Lion

We started a series called “Localizer Spotlight” and have published two already. Do you know someone who should be featured there? Let us know here!

Also, do someone in your l10n community who’s been doing a great job and should appear in this section? Contact us and we’ll make sure they get a shout-out!

Useful Links

Questions? Want to get involved?

If you want to get involved, or have any question about l10n, reach out to:

Did you enjoy reading this report? Let us know how we can improve it.

Open Policy & AdvocacyMozilla Mornings: Big tech, big AI? Why keeping markets open matters

Mozilla Mornings in Brussels is back, debating AI competition and open systems

AI dominates global policy discussions, but there’s no consensus on how to act. A topic gaining prominence is how to maintain a competitive market where new players, small businesses, non-profits, and others can access innovative tools.

The significant costs of building advanced AI models can eventually lead to market consolidation. Alternatively, open-source advocates see open-source AI as a means to challenge the existing (or future) concentration of power to a small number of tech companies and a way to reduce the barriers to developing AI models.

Is this duality the only way forward, or the reality lie somewhere in the middle? Can policy intervention ensure markets remain open and competitive while allowing AI to reach its full potential?

To discuss these issues, we are delighted to announce that the following speakers will be participating in our panel discussion, moderated by Mark Scott, POLITICO’s Chief Technology Correspondent:

  • Cornelia Kutterer, Senior Researcher, MIAI, University of Grenoble Alpes
  • Max von Thun, Europe Director at Open Markets Institute
  • Connor Dunlop, Europe Policy Lead at Ada Lovelace Institute
  • Gabriele Mazzini, Team Leader for AI Act at European Commission (TBC)

MEP Marcel Kolaja (CZ, Greens/EFA) will be the keynote speaker, with opening remarks by Linda Griffin, VP Global Public Policy at Mozilla.

  • Date: Tuesday 28 November
  • Time: 08:30-10:30 CET
  • Location: Sofitel, Place Jourdan 1, Brussels, 1040

To register, click here.

The post Mozilla Mornings: Big tech, big AI? Why keeping markets open matters appeared first on Open Policy & Advocacy.

SUMO BlogMozilla account rename – Changes on the support flows

If you’ve been contributing to the support forum on the Mozilla Support platform, you might’ve been aware of the difficulties of supporting users with Firefox account problems. The lack of safety measures to deal with PII (Personal Identifiable Information) in the forum, the ambiguity on some security terminologies (recovery codes vs. recovery key) or, ultimately, the lack of infrastructure to support users with account’s recovery issues without having them losing their data.

With the momentum of Firefox account rebrands to Mozilla account, the Customer Experience team has prepared a new flow to support this transition as well as building the foundation for a better support experience for account’s holders in the long run.

The new support flows

If you’re contributing to Mozilla Support, here’s what you need to know about the new support flow:

  • Mozilla account specific contact form

Users with Mozilla account issues can now submit their questions to the Mozilla account contact form that can be accessed from the Get Help fly-out menu. Questions submitted to Mozilla account contact form will be handled by dedicated support agents who are better equipped to deal with PII as well as have access to the infrastructure to solve a more complex case.

Screenshot of the new fly-out menu in the Mozilla Support platform

  • Login-less support

We also introduced login-less support for account holders who lose access to their account. This type of support can be accessed from the login prompt. Users who submit a question from this contact form will also be handled by dedicated support agents.

Screenshot of the new login prompt in the Mozilla Support platform

Implication for the Forum & Social Support contributors

If you’re a forum contributor or you have access to Verint, please help us direct any questions related to Mozilla account to the Mozilla account contact form. We have a forum common response for this called ‘Mozilla account contact form‘ and a clipping in Verint called ‘Mozilla account contact form‘ that you can use at your convenience.

Mozilla account as a product in SUMO

Technically, we have created a new product for Mozilla account in SUMO, which means that we’ll host future articles related to Mozilla account in this category. However, it won’t be visible as a tile in our product selections page. If you see Firefox account is still mentioned in a KB article, or if you see an article that should be moved to the Mozilla account category, please notify the content team. You can also check out this article to learn more about editorial guidelines for Mozilla account in our Knowledge Base.

Implication for the locale teams

You should expect to see many translated articles become outdated due to the update that we’re doing with the English KB articles. Please check the Recent Revisions page to see the articles that we’ve updated as part of this launch.

Frequently asked questions

What to do when encountering users with Mozilla account problems?

Please direct any questions related to Mozilla account to the Mozilla account contact form, unless it can be solved with KB articles.

Does this also include users with Firefox Sync issue?

The login-less contact form is intended for users with login issues, while the signed-in contact form is intended for account-related issues. In short, Firefox Sync is out of scope for now.

Do we support account recovery now?

Account recovery is a complicated process, and we don’t have the infrastructure yet to handle every case. However, that’s part of the scope of this new support infra, and you should direct users with this issue to file a ticket.


If you have other questions about this change, please join our discussion in this forum thread!

Mozilla Add-ons BlogIs your extension ready for Firefox for Android? Be part of the launch of a new open mobile ecosystem

During the release cycle of Firefox 120, we’ll begin to see the emergence of dozens of new, openly available extensions on Firefox for Android on addons.mozilla.org (AMO). We’re taking a steady approach to opening up the mobile extension ecosystem to ensure Firefox for Android maintains strong performance standards while a vast new array of extensions are utilized for the first time in a mobile environment. If testing continues to progress well, we anticipate unveiling a fully open Firefox for Android extension ecosystem sometime in December. Stay tuned for details.

For developers interested in optimizing desktop extensions for Firefox for Android usage, now’s the perfect time to assess your extension and take necessary steps to make your extension part of the coming first wave of openly available extensions on Firefox for Android.

We anticipate strong interest from users excited to explore all the new ways they can customize Firefox for Android. Current trends indicate we’ll have at least 200+ new Firefox for Android extensions on AMO when open availability debuts in December. And while a couple hundred extensions is more variety than you’ll find on any other mobile browser, it is significantly fewer than the nearly 40,000 desktop Firefox extensions on AMO. So the opportunity for heightened discoverability with new users may be intriguing to some developers.

It’s also a great time for developers who are intrigued at the prospect of creating new ways Firefox for Android users will fundamentally experience the mobile web. Are there browsing problems unique to the mobile environment that web extensions can solve? How can we enhance mobile web experiences with extensions? How can extensions empower mobile users? It’s an open invitation to innovation.

For developers keen to learn more about making their desktop extensions compatible on Firefox for Android, here are some timely resources (in addition to Firefox Add-ons Discourse where you can hit us up anytime with questions)…

Webinar: Setup, testing, debugging 

Time: Wednesday, November 15 at 11am EDT

Senior Developer Relations Engineer Simeon Vincent will host his second webinar dedicated to Firefox for Android extension development and desktop migration. The November 15 session will focus on Firefox for Android development setup steps like getting started with Android Studio, creating a virtual device for QA and getting Firefox Nightly readied for remote debugging.

Register for the livestream!

Check out our first Firefox for Android webinar from October.

Open office hours 

Time: Every Monday, Tuesday

Simeon also hosts weekly open “office hours” for anyone interested in signing up to receive 1:1 guidance on Firefox for Android extension development. These open office hours are only scheduled to run through December, so don’t be shy to tap Simeon’s expertise as you prepare your extension for mobile release.

First 200 Firefox for Android extension developers (to email us) get a free t-shirt!

Sorry to bury the lede, but we’re also giving away this one of a kind “Early Add-opter” t-shirt to the first 200 developers who… 1) make their extension functional on Android; and 2) email us at firefox-android-addon-support [at] mozilla.com with a link to your extension’s AMO listing page. If your extension works as expected on Firefox for Android and you’re one of the first 200 to reach out we’ll be in touch with the t-shirt ordering details.

Can you imagine yourself wearing this t-shirt, just chilling after you’ve made your desktop extension compatible on Firefox for Android? 

The post Is your extension ready for Firefox for Android? Be part of the launch of a new open mobile ecosystem appeared first on Mozilla Add-ons Community Blog.

The Mozilla Thunderbird BlogFix Font Scaling and Density Issue on Thunderbird 115 Upgrade

The Thunderbird Community Support logo

If you have recently upgraded to Thunderbird 115 “Supernova” and noticed a smaller font size or a presentation that feels too compact, there might be an easy solution. You should be able to simply change the font from the app menu to achieve your ideal font setting by clicking the +/- to change the font size globally (see below).

As the GIF above illustrates, here’s how to do it:

  • Change the density to suit your taste: Click ≡ > Density. Then click “Relaxed” to increase the size of UI elements in Thunderbird or click “Compact” to decrease the size.
  • Change the font size to suit your needs: Click ≡ > Font Size. Click + to increase the size of the fonts or click to decrease the size of the fonts.

If for some reason that does not fix your font resizing problem, then you may have hit a known issue about the font size going back to a smaller size due to some unsupported properties being adjusted either directly or via an add-on.

You can find more detailed info on fixing these technical issues in our support article.

The post Fix Font Scaling and Density Issue on Thunderbird 115 Upgrade appeared first on The Thunderbird Blog.

hacks.mozilla.orgDown and to the Right: Firefox Got Faster for Real Users in 2023

One of the biggest challenges for any software is to determine how changes impact user experience in the real world. Whether it’s the processing speed of video editing software or the smoothness of a browsing experience, there’s only so much you can tell from testing in a controlled lab environment. While local experiments can provide plenty of metrics, improvements to those metrics may not translate to a better user experience.

This can be especially challenging with complex client software running third-party code like Firefox, and it’s a big reason why we’ve undertaken the Speedometer 3 effort alongside other web browsers. Our goal is to build performance tests that simulate real-world user experiences so that browsers have better tools to drive improvements for real users on real webpages. While it’s easy to see that benchmarks have improved in Firefox throughout the year as a result of this work, what we really care about is how much those wins are being felt by our users.

In order to measure the user experience, Firefox collects a wide range of anonymized timing metrics related to page load, responsiveness, startup and other aspects of browser performance. Collecting data while holding ourselves to the highest standards of privacy can be challenging. For example, because we rely on aggregated metrics, we lack the ability to pinpoint data from any particular website. But perhaps even more challenging is analyzing the data once collected and drawing actionable conclusions. In the future we’ll talk more about these challenges and how we’re addressing them, but in this post we’d like to share how some of the metrics that are fundamental to how our users experience the browser have improved throughout the year.

Let’s start with page load. First Contentful Paint (FCP) is a better metric for felt performance than the `onload` event. We’re tracking the time it takes between receiving the first byte from the network to FCP. This tells us how much faster we are giving feedback to the user that the page is successfully loading, so it’s a critical metric for understanding the user experience. While much of this is up to web pages themselves, if the browser improves performance across the board, we expect this number to go down.

Graph of the median time between response start and first contentful paint, going from ~250 to ~215. Three distinct areas with a more pronounced slope are visible in mid february, late April and the largest in late July.

Image 1 – Median time from Response Start to First Contentful Paint in milliseconds

We can see that this time improved from roughly 250ms at the start of the year to 215ms in October. This means that a user receives feedback on page loads almost 15% faster than they did at the start of the year. And it’s important to note that this is all the result of optimization work that didn’t even explicitly target pageload.

In order to understand where this improvement is coming from, let’s look at another piece of timing data: the amount of time that was spent executing JavaScript code during a pageload. Here we are going to look at the 95th percentile, representing the most JS heavy pages and highlighting a big opportunity for us to remove friction for users.

A graph of the 95th percentile of JS execution time during pageload. It runs from ~1560 in January 2023 to ~1260 by October 2023. In general it's a steady downward slope with a small downward jump in April and a large downward jump during August.

Image 2 – 95th Percentile of JS execution time during pageload in milliseconds

This shows the 95th percentile improving from ~1560ms at the beginning of the year, to ~1260ms in October. This represents a considerable improvement of 300ms, or almost 20%, and is likely responsible for a significant portion of the reduced FCP times. This makes sense, since Speedometer 3 work has led to significant optimizations to the SpiderMonkey JavaScript engine (a story for another post).

We’d also like to know how responsive pages are after they are loaded. For example, how smooth is the response when typing on the keyboard as I write this blogpost! The primary metric we collect here is the “keypress present latency”; the time between a key being pressed on the keyboard and its result being presented onto the screen. Rendering some text to the screen may sound simple, but there’s a lot going on to make that happen – especially when web pages run main thread JavaScript to respond to the keypress event. Most typing is snappy and primarily limited by hardware (e.g. the refresh rate of the monitor), but it’s extremely disruptive when it’s not. This means it’s important to mitigate the worst cases, so we’ll again look at the 95th percentile.

A graph of the 95th percentile of the keypress present latency. Ranging from January 2023 to October 2023. It hovers fairly steady around 65ms, even seemingly going up a bit between March and May. Before dropping down to about 58-59ms over the course of August and September 2023.

Image 3 – 95th Percentile of the keypress present latency

Once again we see a measurable improvement. The 95th percentile hovered around 65ms for most of the year and dropped to under 59ms after the Firefox 116 and 117 releases in August. A 10% improvement to the slowest keypresses means users are experiencing more instantaneous feedback and fewer disruptions while typing.

We’ve been motivated by the improvements we’re seeing in our telemetry data, and we’re convinced that our efforts this year are having a positive effect on Firefox users. We have many more optimizations in the pipeline and will share more details about those and our overall progress in future posts.

The post Down and to the Right: Firefox Got Faster for Real Users in 2023 appeared first on Mozilla Hacks - the Web developer blog.

The Mozilla Thunderbird BlogThunderbird 115 and Signatures Using The Obsolete SHA-1 Algorithm

Several red keys on a light blue background.

As part of our continuing efforts to strengthen the security of Thunderbird, a change was made in version 115.0 that rejects the use of the SHA-1 algorithm in digital signatures of S/MIME emails.

The SHA-1 algorithm is nowadays considered insecure in most contexts, which includes digital signatures, as explained in the related Wikipedia article.

Because of the change in Thunderbird 115,  when an affected message is displayed, an invalid signature will be reported.

You can spot such messages by looking at the message source, and search for the text micalg= in the message headers. If it is followed by the text sha-1 or sha1, you should contact your correspondent and ask them to upgrade.

Most modern email software that supports S/MIME should already be able to use another hash algorithm, for example SHA-256 is a more modern alternative. It might be necessary to change a setting to enable its use.

The Thunderbird team was recently made aware that the use of SHA-1 is still required in some environments, as some government agencies continue to send out messages based on SHA-1. Recipients of such messages asked for a way to confirm the validity of such signatures, despite the risk that the signature could have been forged.

To accommodate those Thunderbird users, starting with version 115.4.1 a new configuration mechanism will be made available. It can be used to accept S/MIME signatures based on SHA-1. To enable it, use Thunderbird’s settings, access the advanced config editor, search for the setting mail.smime.accept_insecure_sha1_message_signatures and set it to the value true.

Note that changing this setting is not recommended, and if you decide to set it, you should work with your correspondents to get them to change to SHA-256 or newer as soon as possible. Once your correspondents have upgraded, you should revert the setting to false.

Changing the setting will have no effect on the messages that Thunderbird sends. Thunderbird uses SHA-256 when sending digitally signed S/MIME email messages, and has been doing so for several years already.

The Thunderbird team understands that it might seem early to demand the deprecation of insecure algorithms while other software is still using it, given the incompatibilities that some users experience. However, aligned with our mission to increase the security of users, we hope that our actions can raise awareness and motivate deployments to upgrade to more secure settings, which otherwise they might not have done.

The post Thunderbird 115 and Signatures Using The Obsolete SHA-1 Algorithm appeared first on The Thunderbird Blog.

Open Policy & AdvocacyGlobal Network Fee Proposals are Troubling. Here are Three Paths Forward.

Today we’re sharing our perspective on the EU’s network fee proposal (aka. “fair share”) that would mandate payments from large Content and Application Providers (“CAPs,” such as YouTube or Netflix) to telecommunications network operators. We believe that our position paper is particularly timely given this week’s EU informal ministerial meeting in León.

Regulators and legislators in the US, Brazil, and India are considering similar policy proposals, and our position on those initiatives is no different.

Our analysis? These proposals would violate network neutrality, a bedrock principle of good internet policy, while enriching billion-dollar-revenue telcos – and, most importantly, they would obscure the real goal of digital inclusion. Here’s our perspective:

  • Digital inclusion should be the focus and priority of policy-makers, rather than the profitability of European telcos. The European Telecommunications Network Operators’ Association (ETNO) has attempted to turn the spotlight on their members with their network fee proposal. Yet any direct payments from CAPs to telcos would be no guarantee of more equitable, inclusive, affordable access for all.
    .
  • Evidence should be transparent and verifiable, whether for or against the network fee proposal. The underlying methodology and sources of evidence supplied by ETNO in support of the network fee proposal are not transparent in terms of either source or methodology. This is amply illustrated by the fact that some of ETNO’s claims are contradicted by the annual reports of their member operators.
    .
  • Third, ETNO claims that their proposal would not violate net neutrality have been rejected by regulators and are not supported by historical or economic evidence. Such mandated payments would effectively grant network operators a termination monopoly, giving them gatekeeper control over content and reaching their customers. There is increasing evidence that the biggest telecom operators are already attempting to extract such payments for sufficient connectivity in their network.
    .
  • Finally, many of the concerns raised by network operators are best addressed via competition tools, not network fee payments.

For each of these buckets, we highlight a path forward that stresses public benefit over the “clash of giants” inherent to the network fee debate.

Recently, both the EU and Brazil released the results of their respective network fee consultations. We are heartened to see widespread opposition to the network fee concept. The results of the EU Commission’s consultation in particular, watched by regulators around the world, presents a clear catalyst for policymakers to shift their attention to policy proposals which will more clearly benefit the public interest.

Read our full position paper here.

The post Global Network Fee Proposals are Troubling. Here are Three Paths Forward. appeared first on Open Policy & Advocacy.

Open Policy & AdvocacyThe Revival We Need: The FCC Takes On Net Neutrality

Today, the US Federal Communications Commission (FCC) took an important step towards restoring net neutrality protections.

At Mozilla, we’ve long defended people’s access to the internet across the globe. Supporting the principle of net neutrality in the US has been a vital piece of this effort, from our lawsuit against the FCC to the call for FCC Chairwoman Rosenworcel to reinstate net neutrality at the federal level, and our support for state level net neutrality laws.

Net neutrality prevents internet service providers (ISPs) from leveraging their market power to slow, block, or prioritize content, ensuring that people online can freely access ideas and services. At the heart of Mozilla’s work on this issue is our belief that the Internet should be a global public resource, open and accessible to all. People everywhere, not just in states or countries that have passed their own net neutrality laws, deserve to have the same control over their online experiences. This openness also enables competition on the web, innovation, and equal opportunity.

Today, the FCC kicked off a renewed effort by voting to begin a rulemaking process on “Safeguarding and Securing the Open Internet.” Next, the public will have an opportunity to weigh in the proposed rules.

Mozilla, alongside a large community of allies, applauds Chairwoman Rosenworcel and the FCC for taking this vital step, and asking some important questions in the NPRM. We’re eager to see the FCC’s effort advance. Restoring net neutrality is a key part of building a healthier internet that puts people first.

The post The Revival We Need: The FCC Takes On Net Neutrality appeared first on Open Policy & Advocacy.

Open Policy & AdvocacyMozilla Meetups – Code to Conduct in AI: Open Source, Privacy, and More

Register Below!

The AI wave has generated excitement but also debate, as policymakers across the globe grapple with tough policy questions. We’re collectively wondering: How do we approach regulation in the US?  How do we get the right safeguards in place when it comes to privacy and other harms?  How do we treat open source?  How do we create policies that enable a diverse AI landscape that works for everyone?

The event will feature a fireside chat, followed by an expert panel discussion. A happy hour with drinks and light fare will follow.

Date and time: Wednesday, November 15th – event starts @ 4:00PM promptly (doors @ 3:45pm)

Location: The Eaton Hotel, Wild Days – Rooftop, 1201 K St NW, Washington, DC



The post Mozilla Meetups – Code to Conduct in AI: Open Source, Privacy, and More appeared first on Open Policy & Advocacy.

hacks.mozilla.orgBuilt for Privacy: Partnering to Deploy Oblivious HTTP and Prio in Firefox

Protecting user privacy is a core element of Mozilla’s vision for the web and the internet at large. In pursuit of this vision, we’re pleased to announce new partnerships with Fastly and Divvi Up to deploy privacy-preserving technology in Firefox.

Mozilla builds a number of tools that help people defend their privacy online, but the need for these tools reflects a world where companies view invasive data collection as necessary for building good products and making money. A zero-sum game between privacy and business interests is not a healthy state of affairs. Therefore, we dedicate considerable effort to developing and advancing new technologies that enable businesses to achieve their goals without compromising peoples’ privacy. This is a focus of our work on web standards, as well as in how we build Firefox itself.

Building an excellent browser while maintaining a high standard for privacy sometimes requires this kind of new technology. For example: we put a lot of effort into keeping Firefox fast. This involves extensive automated testing, but also monitoring how it’s performing for real users. Firefox currently reports generic performance metrics like page-load time but does not associate those metrics with specific sites, because doing so would reveal peoples’ browsing history. These internet-wide averages are somewhat informative but not particularly actionable. Sites are constantly deploying code changes and occasionally those changes can trigger performance bugs in browsers. If we knew that a specific site got much slower overnight, we could likely isolate the cause and fix it. Unfortunately, we lack that visibility today, which hinders our ability to make Firefox great.

This is a classic problem in data collection: We want aggregate data, but the naive way to get it involves collecting sensitive information about individual people. The solution is to develop technology that delivers the same insights while keeping information about any individual person verifiably private.

In recent years, Mozilla has worked with others to advance two such technologies — Oblivious HTTP and the Prio-based Distributed Aggregation Protocol (DAP) — towards being proper internet standards that are practical to deploy in production. Oblivious HTTP works by routing encrypted data through an intermediary to conceal its source, whereas DAP/Prio splits the data into two shares and sends each share to a different server [1]. Despite their different shapes, both technologies rely on a similar principle: By processing the data jointly across two independent parties, they ensure neither party holds the information required to reveal sensitive information about someone.

We therefore need to partner with another independent and trustworthy organization to deploy each technology in Firefox. Having worked for some time to develop and validate both technologies in staging environments, we’ve now taken the next step to engage Fastly to operate an OHTTP relay and Divvi Up to operate a DAP aggregator. Both Fastly and ISRG (the nonprofit behind Divvi Up and Let’s Encrypt) have excellent reputations for acting with integrity, and they have staked those reputations on the faithful operation of these services. So even in a mirror universe where we tried to persuade them to cheat, they have a strong incentive to hold the line.

Our objective at Mozilla is to develop viable alternatives to the things that are wrong with the internet today and move the entire industry by demonstrating that it’s possible to do better. In the short term, these technologies will help us keep Firefox competitive while adhering to our longstanding principles around sensitive data. Over the long term, we want to see these kinds of strong privacy guarantees become the norm, and we will continue to work towards such a future.


Footnotes:

[1] Each approach is best-suited to different scenarios, which is why we’re investing in both. Oblivious HTTP is more flexible and can be used in interactive contexts, whereas DAP/Prio can be used in situations where the payload itself might be identifying.

 

The post Built for Privacy: Partnering to Deploy Oblivious HTTP and Prio in Firefox appeared first on Mozilla Hacks - the Web developer blog.

Mozilla Add-ons BlogChanges to Android extension signing

We recently identified a bug in the addons.mozilla.org (AMO) external API that caused all signing requests to mark extension submissions as being Android compatible. A fix for this bug will be pushed on Thursday, October 12th.

When the fix lands, the signing endpoint will stop marking extensions as being Android compatible by default, and instead check the extension’s manifest.json for a property in "browser_specific_settings" named “gecko_android”. If present, that object’s "strict_min_version" and "strict_max_version" properties will be used to set the Firefox for Android minimum and maximum values on AMO.

This change also affects community tools that send signing requests to AMO using the web API. This includes, but is not limited to:

What do I need to do?

To continue marking your extension as Android compatible on AMO, ensure that your manifest.json file includes a "browser_specific_settings.gecko_android" object. You can declare the minimum browser version supported using the "strict_min_version" properties of this object.

To stop marking your extension as Android compatible on AMO, ensure that your manifest.json file does not include a "browser_specific_settings.gecko_android" object.

For example, to signal that your extension works in Firefox for Android, you would include the following snippet in your extension’s manifest.

  "browser_specific_settings": {
    "gecko_android": {}
  }

You may also want to check the version compatibility settings for your extension on AMO.

The post Changes to Android extension signing appeared first on Mozilla Add-ons Community Blog.

Mozilla L10NLocalizer Spotlight: Meet Reza (Persian locale)

Welcome to our second localizer spotlight, presenting this time Reza from our Persian community.

Q. What first drew you to want to volunteer with Mozilla’s localization program?

The growing community of Persian users highlighted the need for a browser created by the people for the people. Thus, I began assisting the community in translating Firefox into Persian. Subsequently, we expanded our efforts to include other products like Firefox for phones.

Q. What have been some of the most rewarding or impactful projects you’ve localized for Mozilla?

The entire endeavor with Mozilla was driven by volunteering and a strong motivation to provide safe and open-source tools to the community. Given the substantial Persian (Farsi) population of over 110 million people, ensuring their access to interactive and helpful tools became a significant priority. We also focused on addressing issues related to Mozilla extensions, particularly the text-reader (Readaloud), to assist individuals with visual disabilities.

We discovered that a substantial number of people with visual impairments were utilizing Mozilla’s text-reader because it was one of the few free and open tools that catered to their specific needs. One day, I received an email from a Persian user with visual impairment, in which she highlighted the widespread utility of such tools for her and her friends. This instance made me realize that we needed to broaden our perspective beyond ordinary users, especially concerning localization, and emphasize accessibility as a key aspect of our work.

Q. What are some of the biggest challenges you’ve faced in translating Mozilla projects? How did you overcome them?

Translating a product is often not sufficient, especially when dealing with Right-To-Left (RTL) languages. It’s imperative to consider usability, accessibility, and how people with diverse language backgrounds perceive the product. Therefore, addressing all the UI/UX challenges and ensuring the product is user-friendly for the end users proved to be quite challenging.

Q. What skills or background do you think helps most for becoming an effective Mozilla translator?

I’m a computer scientist with a passion for open-source software. Naturally, my technical knowledge was sufficient to embark on this journey. However, I found it crucial to put myself in the shoes of end users, understanding how they wish to perceive the product and how we can create a better experience for them.

Q. What advice would you give to someone new wanting to get involved in localizing for Mozilla?

Think about the broader impact that your work has on the community. Translating can be challenging and sometimes even tedious, but we must remember that these small pieces of work drive the community forward and present new opportunities for them.

Interested in featuring in these spotlights? Or know someone you think we should interview? Fill out this form, or reach out directly to delphine at mozilla dot com. Interested in contributing to localization? Head on over here for more details!

Useful Links

 

Mozilla Add-ons BlogTest Firefox Android extensions and help developers prepare for an open mobile ecosystem in December

In August we encouraged developers to start preparing their desktop extensions for Firefox Android open availability on addons.mozilla.org (AMO). The project is progressing well and we’re on track to launch the open mobile ecosystem on AMO in December. We have more infrastructure development and testing to complete in the coming weeks, but as we move toward release we’ll keep you informed of the project’s status right here on this blog, add-ons forums, and social channels.

To help our developer community prepare for Firefox Android open extension availability on AMO — and to ensure Firefox Android users have an exciting selection of extensions to choose from — we’ve compiled a list of popular desktop extensions (with mobile API compatibility) we’re inviting the add-ons community to help test on Firefox Android. If you’re intrigued to try some new extensions on your Firefox Android phone and offer feedback, we’d love to hear your thoughts.

How to test Firefox Android extensions (Beta, Nightly)

Test extensions are only currently discoverable on AMO via 119 Beta and 120 Nightly versions of Firefox Android. If you’re not already on Beta or Nightly, please follow these links for installing Firefox Android Beta and Nightly.

Once you’re ready to roll with Firefox Android (Beta/Nightly) on your phone, just follow these simple test steps:

  1. Check out this spreadsheet of test extensions. They were compiled because they possess a combination of Android API compatibility and relative popularity on Firefox desktop.
  2. Find a test extension that interests you and navigate to addons.mozilla.org on your Firefox Android (Beta/Nightly) phone and search for the extension you want to test, then install it.
  3. Follow the testing guide on this feedback form and play around with the extension.
  4. Report your impressions of the experience on the feedback form.

Then feel free to repeat testing with as many other test extensions as you like. Have fun with it! The feedback you provide will be extremely helpful to developers hoping to optimize their desktop extensions for Android usage.

Are you a developer hoping to make your extension available on Firefox Android?

If you have a desktop extension you want to prepare for Android availability on AMO, a good place to start is checking your desktop extension’s APIs against those supported for Android. It is also important that developers migrate to non-persistent background pages. In order to mark your extension as compatible with Firefox Android, add the gecko_android key inside browser_specific_settings (more info) in your manifest.json file (this is also a requirement when submitting your extension using the AMO API, e.g. with the web-ext tool). During this period you are welcome to update your extension on AMO to address issues while running in Firefox Android; and mark your extension as Android compatible to be ready for discoverability on AMO in December.

Please note — once you’re ready to test the mobile version of your extension, create a collection on AMO and test it on Firefox for Android Nightly (you’ll need to make a one-time change to Nightly’s advanced settings; please see the “Enable general extension support setting in Nightly” section of this post for details). If you’d prefer to polish your extension before publishing it on AMO, you can also debug and run the extension with web-ext.

It’s been exciting to see so many developers embrace this moment to make their desktop extensions available for a new mobile audience. When AMO opens the general availability of Android extensions in December, Firefox Android users will be thrilled at all of the innovative ways they’ll be able to customize their mobile browsing experience.

If you’re a developer with technical questions about mobile extension migration, please visit our support forum for Firefox Android extensions. You can also book office hours support every Monday and Tuesday.

The post Test Firefox Android extensions and help developers prepare for an open mobile ecosystem in December appeared first on Mozilla Add-ons Community Blog.

Web Application SecurityVersion 2.9 of the Mozilla Root Store Policy

Online security is constantly evolving, and thus we are excited to announce the publication of MRSP version 2.9, demonstrating that we are committed to keep up with the advancement of the web and further our commitment to a secure and trustworthy internet.

With each update to the Mozilla Root Store Policy (MRSP), we aim to address emerging challenges and enhance the integrity and reliability of our root store. Version 2.9 introduces several noteworthy changes and refinements, and within this blog post we provide an overview of key updates to the MRSP and their implications for the broader online community.

Managing the Effective Lifetimes of Root CA Certificates

One of the most crucial changes in this version of the MRSP is to limit the time that a root certificate may be in our root store. Often, a root certificate will be issued with a validity period of 25 or more years, but that is too long when one considers the rapid advances in computer processing strength. To address this concern and to make the web PKI more agile, we are implementing a schedule to remove trust bits and/or the root certificates themselves from our root store after they have been in use for more than a specified number of years.

Under the new section 7.4 of the MRSP, root certificates that are enabled with the website’s trust bit will have that bit removed when CA key material is 15 years old. Similarly, root certificates with the email trust bit will have a “Distrust for S/MIME After Date” set at 18 years from the CA’s key material generation date. A transition schedule has been established here, which phases this in for CA root certificates created before April 14, 2014. The transition schedule is subject to change if underlying algorithms become more susceptible to cryptanalytic attack or if other circumstances arise that make the schedule obsolete.

Compliance with CA/Browser Forum’s Baseline Requirements for S/MIME Certificates

The CA/Browser Forum released Baseline Requirements for S/MIME certificates (S/MIME BRs), with an effective date of September 1, 2023. Therefore, as of September 1, 2023, certificates issued for digitally signing or encrypting email messages must conform to the latest version of the S/MIME BRs, as stated in section 2.3 of the MRSP. Period-of-time audits to confirm compliance with the S/MIME BRs will be required for audit periods ending after October 30, 2023. Transition guidance is provided at the following wiki page: https://wiki.mozilla.org/CA/Transition_SMIME_BRs.

Security Incident and Vulnerability Disclosure

To enable swift response and resolution of security concerns impacting CAs, guidance for reporting security incidents and serious vulnerabilities has been added to section 2.4 of the MRSP. Additional guidance is provided in the following wiki page: https://wiki.mozilla.org/CA/Vulnerability_Disclosure.

CCADB Compliance Self-Assessment

Previously, CAs were required to perform an annual self-assessment of compliance with Mozilla’s policies and the CA/Browser Forum’s Baseline Requirements for TLS, but the MRSP did not specifically require that the annual self-assessment be submitted. Beginning in January 2024, CA operators with root certificates enabled with the website’s trust bit must perform and submit the CCADB Compliance Self-Assessment annually (within 92 calendar days from the close of their audit period). This will provide transparency into each CA’s ongoing compliance with Mozilla policies and the CA/Browser Forum’s Baseline Requirements for TLS.

Elimination of SHA-1

With the release of Firefox 52 in 2017, Mozilla removed support for SHA-1 in TLS certificates. Version 2.9 of the MRSP takes further steps to eliminate the use of SHA-1, allowing it only for end entity certificates that are completely outside the scope of the MRSP, and for specific, limited circumstances involving duplication of an existing SHA-1 intermediate CA certificate. These efforts align with industry best practices to phase out the usage of SHA-1.

Conclusion

Several of these changes will require that CAs revise their practices, so we have sent CAs a CA Communication and Survey to alert them about these changes and to inquire about their ability to comply with the new requirements by the effective dates.

These updates to the MRSP underscore Mozilla’s unwavering commitment to provide our users with a secure and trustworthy experience. We encourage your participation in the Mozilla community and the CCADB community to contribute to these efforts to provide a secure online experience for our users.

The post Version 2.9 of the Mozilla Root Store Policy appeared first on Mozilla Security Blog.

hacks.mozilla.orgFaster Vue.js Execution in Firefox

Speedometer 3 is a cross-industry effort to build a modern browser benchmark rooted in real-world user experiences. Its goal is to focus browser engineering effort towards making the Web more smooth for actual users on actual pages. This is hard to do and most browser benchmarks don’t do it well, but we see it as a unique opportunity to improve responsiveness broadly across the Web.

This requires a deliberate analysis of the ecosystem — starting with real user experiences and identifying the essential technical elements underlying them. We built several new tests from scratch, and also updated some existing tests from Speedometer 2 to use more modern versions of widely-used JavaScript frameworks.

When the Vue.js test was updated from Vue 2 to Vue 3, we noticed some performance issues in Firefox. The root of the problem was Proxy object usage that was introduced in Vue 3.

Proxies are hard to optimize because they’re generic by design and can behave in all sorts of surprising ways (e.g., modifying trap functions after initialization, or wrapping a Proxy with another Proxy). They also weren’t used much on the performance-critical path when they were introduced, so we focused primarily on correctness in the original implementation.

Speedometer 3 developed evidence that some Proxies today are well-behaved, critical-path, and widely-used. So we optimized these to execute completely in the JIT — specializing for the shapes of the Proxies encountered at the call-site and avoiding redundant work. This makes reactivity in Vue.js significantly faster, and we also anticipate improvements on other workloads.

This change landed in Firefox 118, so it’s currently on Beta and will ride along to Release by the end of September.

Over the course of the year Firefox has improved by around 40% on the Vue.js benchmark from work like this. More importantly, and as we hoped, we’re observing real user metric improvements across all page loads in Firefox as we optimize Speedometer 3. We’ll share more details about this in a subsequent post.

The post Faster Vue.js Execution in Firefox appeared first on Mozilla Hacks - the Web developer blog.

Mozilla L10NLocalizer Spotlight: Victor Ibragimov (Tajik locale)

Hello World!

My name is Victor Ibragimov, and I am from Dushanbe, Tajikistan (One of Five Central Asia Countries).

On September 3, 2023, I celebrate my third year as a member of the Mozilla community, starting from September 3, 2020!

Q. What first drew you to want to volunteer with Mozilla’s localization program?

I have been volunteering as a professional translator and coordinator of English to Tajik translations for over 20 years. Throughout my career, I have worked on numerous software localization projects, including Debian OS, Ubuntu OS, Fedora OS, openSuse OS, SailfishOS, KDE, Gnome Desktops, and many other fantastic software and platforms.

Around three years ago, I discovered that all these computer operating systems and desktops used Firefox web browser by default. However, I noticed that Firefox did not have Tajik language support. Determined to address this gap, I reached out to the maintainers of these projects. They informed me that Firefox is a separate project and advised me to contact the Mozilla team directly to initiate the localization of Tajik language.

With my extensive experience in translation and coordination, I was determined to contribute to the completion of a high-quality Tajik translation. This commitment was driven by my desire to enhance the usability of Mozilla products for Tajik-speaking users and to foster inclusion in the global tech community.

Q. What have been some of the most rewarding or impactful projects you’ve localized for Mozilla?

Some of the most rewarding and impactful projects I have localized for Mozilla include the translation of Firefox web browser into Tajik language.

Additionally, I have worked on localizing Mozilla’s mobile projects, such as Firefox for Android and Focus for Android. These projects have allowed Tajik-speaking users to have a seamless browsing experience on their mobile devices and maintain their privacy with the Focus app. This has had a positive impact on the accessibility of technology for Tajik-speaking individuals and has empowered them to fully utilize Mozilla’s mobile products.

Overall, these localization projects have been rewarding and impactful as they have contributed to breaking down language barriers, fostering inclusion, and empowering Tajik-speaking users to access and utilize Mozilla’s products effectively across various platforms.

Q. What advice would you give to someone new wanting to get involved in localizing for Mozilla?

1. Start by familiarizing yourself with the Mozilla community and the localization process. Visit the Mozilla website and explore the resources and documentation available for translators. Join relevant forums or mailing lists to connect with other translators and learn from their experiences.
2. Choose a project or software that you are passionate about and that aligns with your language expertise. It could be Firefox, Thunderbird, or any other Mozilla project. By working on something you are interested in, you will stay motivated and enjoy the process of localization.
3. Take advantage of the available tools and resources. Mozilla provides various tools and platforms to facilitate the localization process, such as Pontoon and Transvision. Familiarize yourself with these tools and use them to contribute effectively.
4. Collaborate and communicate with other translators. Localization is a collaborative effort, so it’s important to engage with other translators, ask questions, and seek feedback. Participate in discussions and share your knowledge and experiences with the community.
5. Be proactive and take initiative. Look for opportunities to contribute beyond just translating strings. Offer to review translations, suggest improvements, or help with testing and bug reporting. This will not only enhance your skills but also make you a valuable member of the localization team.
6. Stay updated with the latest developments in your language and the software you are localizing. Attend conferences, workshops, or webinars related to localization or technology to stay informed about new trends and best practices.
7. Seek feedback and continuously improve your translations. Localization is an ongoing process, and there is always room for improvement. Actively seek feedback from users, fellow translators, and project maintainers to refine your translations and ensure they are accurate, clear, and culturally appropriate. Embrace feedback as an opportunity for growth and strive to deliver high-quality localized content.
8. Stay connected with the Mozilla community and stay up to date with changes and updates. Join relevant mailing lists or forums to stay informed about new projects, updates, and announcements. Regularly check the Mozilla website and other official channels for any news or changes that may impact your localization work. By staying connected, you can actively contribute to the community and ensure your translations are up to date with the latest developments.
9. Be patient and persistent. Localization can be challenging at times, especially when dealing with technical terms or complex strings. Don’t get discouraged if you face difficulties initially. Keep practicing, learning, and improving your skills.
10. Lastly, enjoy the process and have fun! Localizing for Mozilla is not just about contributing to a global project, but also about preserving and promoting your language globally. Embrace the opportunity to make a positive impact and connect with your language community.

Remember, whether you are a newcomer or an experienced translator, your contribution to localizing Mozilla projects can have a significant impact. So, take the leap and start making a difference in your language community and beyond.

Q. How has your volunteering impacted users in your language community?

As a Mozilla volunteer, my contributions to Tajik translation have had a significant impact on Mozilla users in the Tajik language community. By ensuring that Firefox web browser is fully localized and accessible in Tajik, I have helped to make it easier for Tajik internet users to navigate and use the browser in their native language. This has not only improved their overall browsing experience but also promoted the importance of using Tajik as a language of technology and digital communication.

Furthermore, by incorporating the new Tajik language reforms into translations, I have played a role in making the Tajik language clearer and more beautiful. This has not only enhanced the user experience for Tajik-speaking Mozilla users but has also contributed to the development and preservation of the language itself.

In addition, my involvement in creating new Internet terminology for the Tajik language has been instrumental in bridging the linguistic gap between technology and the Tajik-speaking community. This has allowed for the development of e-government, e-commerce, and e-education platforms in Tajikistan, as well as empowering Tajik internet users to fully utilize the potential of the internet in their daily lives.

Moreover, the opportunity to create multilingual dictionaries with Tajik language has further enriched the linguistic resources available to Tajik speakers. This has not only facilitated effective communication but has also fostered a sense of pride and ownership over their language.

Interested in featuring in these spotlights? Or know someone you think we should interview? Fill out this form, or reach out directly to delphine at mozilla dot com. Interested in contributing to localization? Head on over here for more details!

Useful Links

The Bugzilla UpdateBugzilla Celebrates 25 Years With Special Announcements

Happy 25th Birthday to Bugzilla!

Today, August 26, marks the 25th anniversary of Bugzilla!

The first two paragraphs lifted from our Bugzilla history:

When mozilla.org first came online in 1998, one of the first products that was released was Bugzilla, a bug system implemented using freely available open source tools. Bugzilla was originally written in TCL by Terry Weissman for use at mozilla.org to replace the in-house system then in use at Netscape. The initial installation of Bugzilla was deployed to the public on a mozilla.org server on April 6, 1998.

After a few months of testing and fixing on a public deployment, Bugzilla was finally released as open source via anonymous CVS and available for others to use on August 26, 1998. At this point. Terry decided to port Bugzilla to Perl, with the hopes that more people would be able to contribute to it, since Perl seemed to be a more popular language. The completion of the port to Perl was announced on September 15, 1998, and committed to CVS later that night.

25 years is a long time in the software world, and it makes us happy that so many people still use Bugzilla to track bug reports and feature requests for their own products. We hope to continue to breath life into Bugzilla and continue to modernize it over the years to come!

New Legal Entity to Manage the Bugzilla Project

Back in December I made an enthusiastic post about getting Bugzilla back in motion after it kind of stalled for a while. And then after a month I kind of stopped posting about it. So what happened?

Well, response to that post was actually pretty enthusiastic in itself. I heard from several people who wanted to donate money to the project to get it going again. Which then led to a new problem: we didn’t actually have a legal way to accept donations at the time. So after asking around a bit, and a few conference calls between myself, my own company’s lawyer, and a couple of Mozilla’s lawyers, it was decided that Bugzilla needed a legal entity to manage it, similar to how Thunderbird has been operating recently. And, that’s where the little bit of time that I’ve had to spend on Bugzilla has gone the last 6 months. And as you can understand, with the legal work going on in the background, there wasn’t much I could actually talk about until all of the pieces were actually in place.

Which now brings us to today, when I’m happy to announce the formation of Zarro Boogs Corporation, which will now be overseeing the Bugzilla Project. This is a taxable non-profit non-charitable corporation – we have filed with the IRS our intent to operate under US Tax Code §501(c)(4) (still pending approval from the IRS) meaning the IRS would require us to spend money raised on project expenses and not make a profit, but money donated to us will not earn you a tax deduction because we aren’t a charity (software development is not considered a charitable cause in the US). Unlike Thunderbird, which is a subsidiary of the Mozilla Foundation, we are an independent entity not owned by or associated with the Mozilla Foundation, although they have licensed the use of the Bugzilla trademark to us.

The name Zarro Boogs Corporation is a shout-out to the phrase returned by Bugzilla when you run a search which returns no results, “Zarro Boogs found.” The buggy spelling of “Zero Bugs” being intentional because it’s generally believed that there’s no such thing as a project with zero bugs in it, only bugs that haven’t yet been reported, thus, saying “Zero Bugs” is, in itself, buggy. There’s a nice write-up of this on Wikipedia.

If you would like to contribute to the project, we have a donation page set up on GitHub Sponsors. We hope to have additional ways to donate that don’t require a GitHub account in the future.

Upcoming Releases

Those releases I talked about back in December are finally happening! Look for these (except for 5.9.1) this coming week! Right now we’re aiming for Wednesday, August 30th. We are aiming for September 15 for 5.9.1 (because it’s the 25th anniversary of the port from Tcl to Perl).

4.4.14 – The 4.4 branch has been on life support for a LONG time (it was initially released in 2013!!!). It supports outdated OSes that are hard to find or install, let alone test for these days, and we’ve been itching to drop it for a long time.  But our support policy says that we have to support it for 4 months after the following two major releases.  The next major release after 4.4 was 5.0, and there have been no major releases after that, which means that 4 month countdown hasn’t even started yet. I am intending this to be the final release of the 4.4 branch (barring any additional security issues being found in the next 4 months) as the 5.2 release below will start that 4 month countdown to End-of-Life this branch.

5.0.4.1 – Why 5.0.4.1 when there’s a 5.0.6 release?  Well, if you paid attention to the change logs, 5.0.5 and 5.0.6 contained a massive schema change, as well as reformatting almost all of the Perl code in the source, both of which are a violation of our support policy for a stable branch (a new-to-the-process release manager pushed the release out not realizing that, and by the time we caught it, it was too late). A lot of people noticed this and never upgraded to 5.0.5 or 5.0.6, since they didn’t contain any security fixes.  5.0.4.1 will give those people additional fixes for 5.0.4 without forcing them to pick up those schema and code reformatting changes. Additional updates to the 5.0 branch from now on will continue from 5.0.4.2 and onward.

5.2 – This will be the next major release, and will start the 4 month countdown for discontinuing the 4.4 branch. 5.2 is forked from the 5.0 branch after 5.0.6, and will contain those schema and code formatting changes from 5.0.5 and 5.0.6 in it. So if you did upgrade to 5.0.6, 5.2 will be equivalent to a point upgrade for you.  Those schema changes should have caused a major release to happen anyway, so this is just fixing the numbering problem with that release (i.e. 5.0.5 should have been called 5.2 to begin with). Note that if you are using the 5.1.x development releases, those did NOT feed into this, and 5.2 would actually be a downgrade for you.

5.1.3 – The 5.1 branch is basically dead, as we’ve put all of our resources into finishing off the Harmony release (see 5.9.1 below). We’re going to encourage people on 5.1.x to move to Harmony, but you’ll want to be mindful of the release blockers first before you make the jump. There are some features in 5.1.x that were implemented differently in Harmony, and the code to migrate the related data may or may not work yet (if the feature in question is listed on the release blockers and you use it, you’ll want to wait for now). Even though this branch is dead, we’re going to put out a release with the current batch of security fixes so you aren’t left high and dry before Harmony is ready for you.

5.9.1 – Coming September 15! This will be the first official release off the Harmony branch, and will be classified as a developer preview release, not for production use.  This is what will eventually be Bugzilla 6.  The code is mostly good enough to use right now, but there are still showstoppers to be able to fully release it as a production release. There are also a few gotchas when upgrading from older versions of Bugzilla. If you’re interested in helping make Bugzilla 6 happen, that list of showstoppers is here. We are hoping to have Bugzilla 6 in release candidate stage (or at least in beta) by the end of November. The security content for this branch that goes with the other branch releases will be committed to git at the same time the other releases get them, since anyone who has this already will only have it via git pull.

Immediate Help Wanted

  1. Documentation. Harmony (5.9.1) in particular needs a LOT of documentation help, as what’s there now is pretty specific to trying to produce a testing environment for bugzilla.mozilla.org, rather than a standalone Bugzilla.
  2. Section 508 Compliance Audit. There are a number of US government agencies who use Bugzilla internally (NASA is a publicly visible example).  New US government projects have to comply with the new accessibility guidelines in Section 508 of the Communications Act, so if we want them to be able to upgrade we need to comply (at least in our newer versions).  See https://section508.gov/. There is a template for a compliance statement at https://www.section508.gov/sell/vpat/.  I would love to get a volunteer (or a company who can sponsor someone?) who could audit the 5.2 and harmony branches for compliance, file bugs for things that are violations, and figure out how much of the VPAT we can actually provide at this point.  Even if we’re not compliant yet (I suspect we aren’t) I would love to be able to provide a statement with the 5.2 release saying how compliant we are, and listing what’s left to be fixed to make us compliant. See also Bug 1785941. Some work has been done on this (as you can see in the dependent bugs to that one) but it still needs help.

Ongoing Help Wanted

You can always find a list of ways to contribute to Bugzilla on our Contributing page. A few highlights with additional details:

  • Donate Money. Now that we have a legal entity capable of paying developers, we need money to pay them with (and also cover our server hosting expenses). You can donate via our GitHub Sponsors page. If you don’t have and can’t create a GitHub account, we hope to have other ways to donate in the future.
  • Bug Triage! As you probably noticed from the lack of updates around here in a while, the bug list hasn’t been getting paid much attention to, either. Part of getting this project moving again means re-triaging the existing bug reports. Some of them are really ancient and may not even apply to the current code-base anymore. I’m going to have another blog post coming in the next day or two (for real this time) with information on this topic (specifics for how to help with it), so keep an eye out for that post!
  • Code! Once we get the above triage moving, there will be bugs to fix! Bugzilla is an Open Source project, and anyone can contribute! We also have a relatively small user base compared to some of the big projects out there, so the amount of development we’ll be able to fund internally from our donations will still be limited. It will probably make better sense for us to use our internal developers (once we have money to pay some) to review patches and coach external contributors, instead of having them directly producing code.
  • Paid Developer Time. If you are a business that makes use of Bugzilla, and has a staff person responsible for maintaining your Bugzilla installation, and that person is willing, please consider officially sponsoring that person to help with upstream Bugzilla development for at least a few hours per week. Most of our lack of development lately has happened because the last few companies that used to do that stopped providing developer time during the economic downturn a few years back (either laid off said person or pulled them away to work on other things), and they haven’t returned. The developers we have currently (until we get money donated as listed above) are all volunteer, and most of them are struggling to find time to work on it.

In Conclusion

We have a lot of excitement ahead of us with the first developer preview of Bugzilla 6 coming later this week (I was hoping to have that for you all today as well, but we didn’t quite make it), and the new opportunities in store for us with a real business entity to support the project now. Come find us in any of our chat rooms (links are in the footer of our website alongside the social media links) or drop in on our developers mailing list if you’d like to help.

Mozilla Add-ons BlogPrepare your Firefox desktop extension for the upcoming Android release

In the coming months Mozilla will launch support for an open ecosystem of extensions on Firefox for Android on addons.mozilla.org (AMO). We’ll announce a definite launch date in early September, but it’s safe to expect a roll-out before the year’s end. Here’s everything developers need to know to get their Firefox desktop extensions ready for Android usage and discoverability on AMO…

Firefox will become the only major Android browser to support an open extension ecosystem

For the past few years Firefox for Android officially supported a small subset of extensions while we focused our efforts on strengthening core Firefox for Android functionality and understanding the unique needs of mobile browser users. Today, Mozilla has built the infrastructure necessary to support an open extension ecosystem on Firefox for Android. We anticipate considerable user demand for more extensions on Firefox for Android, so why not start optimizing your desktop extension for mobile-use right away?

“There is so much creative potential to unlock within the mobile browser space. Mozilla wants to provide developers with the best support we can so they’re equipped and empowered to build modern mobile WebExtensions.” — Giorgio Natili, Firefox Director of Engineering

To support our ecosystem of extension developers, we will create additional guides, resources and host community events to support your transition to a managed multi-process environment like Android.

Transition background scripts to non-persistent event pages

We recently introduced support for multi-process in Firefox for Android Nightly. This means extensions are no longer hosted in the main process as Firefox’s user interface. This is a key consideration since Android is prone to shutting down resource-intensive processes, such as extensions. To mitigate the risk of unexpected extension termination, we’ve introduced event page architecture to be non-persistent and more resilient to process termination. Thus we strongly encourage developers to transition from persistent backgrounds to non-persistent Event pages to improve their extension’s stability. In summary, this means:

  • Update your manifest.json background key and add “persistent”: false.
  • Ensure listeners are registered synchronously at the top-level.
  • Record global state in the storage API, for example storage.session.
  • Change timers to alarms.
  • Switch from using extension.getBackgroundPage for calling a function from the background page, to extension messaging or runtime.getBackgroundPage.

Once you’re ready to test the mobile version of your extension, create a collection on AMO and test it on Firefox for Android Nightly (note you’ll need to make a one-time change to Nightly’s advanced settings; please see the “Enable general extension support setting in Nightly” section of this post for details). If you’d prefer to polish your extension before publishing it on AMO, you can also debug and run the extension with web-ext.

This is an exciting time for developers seeking to expand the reach of their desktop extensions into the mobile Android space. For community support and input, you’re welcome to join the conversation on Firefox Add-ons Discourse.

The post Prepare your Firefox desktop extension for the upcoming Android release appeared first on Mozilla Add-ons Community Blog.

hacks.mozilla.orgAutogenerating Rust-JS bindings with UniFFI

I work on the Firefox sync team at Mozilla. Four years ago, we wrote a blog post describing our strategy to ship cross-platform Rust components for syncing and storage on all our platforms. The vision was to consolidate the separate implementations of features like history, logins, and syncing that existed on Firefox Desktop, Android, and iOS.

We would replace those implementations with a core written in Rust and a set of hand-written foreign language wrappers for each platform: JavaScript for Desktop, Kotlin for Android, and Swift for iOS.

Since then, we’ve learned some lessons and had to modify our strategy. It turns out that creating hand-written wrappers in multiple languages is a huge time-sink. The wrappers required a significant amount of time to write, but more importantly, they were responsible for many serious bugs.

These bugs were easy to miss, hard to debug, and often led to crashes. One of the largest benefits of Rust is memory safety, but these hand-written wrappers were negating much of that benefit.

To solve this problem, we developed UniFFI: a Rust library for auto-generating foreign language bindings. UniFFI allowed us to create wrappers quickly and safely, but there was one issue: UniFFI supported Kotlin and Swift, but not JavaScript, which powers the Firefox Desktop front-end. UniFFI helped us ship shared components for Firefox Android and iOS, but Desktop remained out of reach.

This changed with Firefox 105 when we added support for generating JavaScript bindings via UniFFI which enabled us to continue pushing forward on our single component vision. This project validated some core concepts that have been in UniFFI from the start but also required us to extend UniFFI in several ways. This blog post will walk through some of the issues that arose along the way and how we handled them.

Prior Art

This project has already been tried at least once before at Mozilla. The team was able to get some of the functionality supported, but some parts remained out of reach. One of the first things we realized was that the general approach the previous attempts took would probably not support the UniFFI features we were using in our components.

Does this mean the previous work was a failure? Absolutely not. The team left behind a wonderful trove of design documents, discussions, and code that we made sure to study and steal from. In particular, there was an ADR that discussed different approaches which we studied, as well as a working C++/WebIDL code that we repurposed for our project.

Calling the FFI functions

UniFFI bindings live on top of an FFI layer using the C ABI that we call “the scaffolding.” Then the user API is defined on top of the scaffolding layer, in the foreign language. This allows the user API to support features not directly expressible in C and also allows the generated API to feel idiomatic and natural. However, JavaScript complicates this picture because it doesn’t have support for calling C functions. Privileged code in Firefox can use the Mozilla js-ctypes library, but its use is deprecated.

The previous project solved this problem by using C++ to call into the scaffolding functions, then leveraged the Firefox WebIDL code generation tools to create the JavaScript API. That code generation tool is quite nice and allowed us to define the user API using a combination of WebIDL and C++ glue code. However, it was limited and did not support all UniFFI features.

Our team decided to use the same WebIDL code generation tool, but to generate just the scaffolding layer instead of the entire user API. Then we used JavaScript to define the user API on top of that, just like for other languages. We were fairly confident that the code generation tool would no longer be a limiting factor, since the scaffolding layer is designed to be minimalistic and expressible in C.

Async functions

The threading model for UniFFI interfaces is not very flexible: all function and method calls are blocking. It’s the caller’s responsibility to ensure that calls don’t block the wrong thread. Typically this means executing UniFFI calls in a thread pool.

The threading model for Firefox frontend JavaScript code is equally inflexible: you must never block the main thread. The main JavaScript thread is responsible for all UI updates and blocking it means an unresponsive browser. Furthermore, the only way to start another thread in JavaScript is using Web Workers, but those are not currently used by the frontend code.

To resolve the unstoppable force vs. immovable object situation we found ourselves in, we simply reversed the UniFFI model and made all calls asynchronous. This means that all functions return a promise rather than their return value directly.

The “all functions are async” model seems reasonable, at least for the first few projects we intend to use with UniFFI. However, not all functions really need to be async – some are quick enough that they aren’t blocking. Eventually, we plan to add a way for users to customize which functions are blocking and which are async. This will probably happen alongside some general work for async UniFFI, since we’ve found that async execution is an issue for many components using UniFFI.

How has it been working?

Since landing UniFFI support in Firefox 105, we’ve slowly started adding some UniFFI’ed Rust components to Firefox. In Firefox 108 we added the Rust remote tabs syncing engine, making it the first component shared by Firefox on all three of our platforms. The new tabs engine uses UniFFI to generate JS bindings on Desktop, Kotlin bindings on Android, and Swift bindings on iOS.

We’ve also been continuing to advance our shared component strategy on Mobile. Firefox iOS has historically lagged behind Android in terms of shared component adoption, but the Firefox iOS 116 release will use our shared sync manager component. This means that both mobile browsers will be using all of the shared components we’ve written so far.

We also use UniFFI to generate bindings for Glean, a Mozilla telemetry library, which was a bit of an unusual case. Glean doesn’t generate JS bindings; it only generates the scaffolding API, which ends up in the GeckoView library that powers Firefox Android. Firefox Android can then consume Glean via the generated Kotlin bindings which link to the scaffolding in Geckoview.

If you’re interested in this project or UniFFI in general, please join us in #uniffi on the Mozilla Matrix chat.

The post Autogenerating Rust-JS bindings with UniFFI appeared first on Mozilla Hacks - the Web developer blog.