Mozilla Firefox

It's been another busy week in MR land for the team. We are getting really close to releasing some fun new features. Browsers We spent this week fixing more bugs and improving performance in Firefox Reality: Completed user studies, resulting in ... [More] many great recommendations for these products to address a wider base of users. Nightly version number is now visible to end users in the"About Firefox Reality" button, and is automatically submitted as part of bug report when user selects "Report an issue" from within FxR Focusing on bug fixes, primarily around performance and immersive mode Refactor strings.xml to provide better support for l10n More UI tweaks to FxR Focus Mode Check out this video Josh did demoing Firefox Reality and showing how to install it yourself. Social Lots of bug fixes to Hubs and prepping to launch some new features for it. Pen tool tested at meetup, working on adding drawing expirations, rate limiting, and bugfixes. Design pass in prep for user studies, focus on invitations and cleaner/brighter UX for room creation and entry. Visual design for scene landing pages. Interested in joining our public Friday stand ups? For more details, join our public WebVR Slack #social channel Content Ecosystem A-Frame support for the Oculus Go controller hasn't shipped yet, but you can test it out with these instructions. Stick around next week for more new features and improvements! [Less]

The Things Gateway from Mozilla lets you directly monitor and control your home over the web, without a middleman. Today the Mozilla IoT team is excited to announce the 0.5 release of the Things Gateway, which is packed full of new features including ... [More] customisable devices, a more powerful rules engine, an interactive floorplan and an experimental smart assistant you can talk to. Customisable Things Custom Capabilities A powerful new “capabilities” system means that devices are no longer restricted to a predefined set of Web Thing Types, but can be assembled from an extensible schema-based system of “capabilities” through our new schema repository. This means that developers have much more flexibility to create weird and wacky devices, and users have more control over how the device is used. So if you have a door sensor which also happens to be a temperature sensor, a smart plug which also has a multi-colour LED ring, or a whole bunch of sensors all in one device, you’re not limited by restrictive device types. This also provides more flexibility to developers who want to build their own web things using the Things Framework, which now also has support for Rust, MicroPython and Arduino. Custom Icons When a user adds a device to the gateway they can now choose what main function they want to use it for and what icon is used to represent it. You can even upload your own custom icon if you want to. Custom Web Interface In addition to the built-in UI the gateway generates for devices, web things can now provide a link to a custom web interface designed specifically for any given device. This is useful for complex or unusual devices like a robot or a “pixel wall” where a custom designed UI can be much more user friendly. Actions & Events In addition to properties (like “on/off”, “level” and “color”), the gateway UI can now represent actions like “fade” which are triggered with a button and can accept input via a form. The UI can also display an event log for a device. Powerful Rules Engine The rules engine now supports rules with multiple inputs and multiple outputs. Simple rules are still just as easy to create, but more advanced rules can make use of “if”, “while”, “and”, “or” and “equals” operators to create more sophisticated automations through an intuitive drag and drop interface. It’s also now possible to set colours and strings as outputs. Interactive Floorplan The floorplan view is even more useful now that you can view the status of devices and even control them from directly inside the floorplan. Simply tap things to turn them on and off, or long press to get to their detail view. This provides a helpful visual overview of the status of your whole smart home. Smart Assistant Experiment A feature we’re particularly excited about is a new smart assistant you can talk to via a chat style interface, either by typing or using your voice. You can give it commands like “Turn the kitchen light on” and it will respond to you to confirm the action. So far it can understand a basic set of commands to turn devices on and off, set levels, set colours and set colour temperatures. The smart assistant is still very experimental so it’s currently turned off by default, but you can enable it through Settings -> Smart Assistant UI. Other Changes Other new features include developer settings which allow you to view system logs and enable/disable the gateway’s SSH server so you can log in via the command line. It’s also now much easier to rename devices and you can now also add devices that require a pin number to be entered during pairing. How to Get Involved To try out the latest version of the gateway, download the software image from our website to use on a Raspberry Pi. If you already have a gateway set up, you should notice it automatically update itself to the 0.5 release. As always, we welcome your contributions to our open source project. You can provide feedback and ask questions on Discourse and file bugs and send pull requests on GitHub. Happy hacking! [Less]

happy bmo push day! This release is rather bigger than typical. release tag the following changes have been pushed to bugzilla.mozilla.org: [1476288] Replace moz_nick with (new, revised) nick and also attempt to disallow duplicate nicks [1472954] ... [More] Implement one-click component watching on bug modal and component description pages [1136271] Make user profile page visible to anyone for easier sharing [1475593] Bugzilla Emails received when patches are attached… View On WordPress [Less]

Pick of the Month: Privacy Possum by cowlicks Protect yourself against some of the sneakiest trackers out there. “Perfect complement for your privacy.” Featured: Textmarker by underflyingbirches If you do a lot of text highlighting on webpages ... [More] , this is a highly customizable tool with loads of fancy features like bookmarking, shortcut commands, save options, and more. “This is the best text marker add-on under the new Firefox platform! It’s simple but also powerful, very flexible.” Featured: Worldwide Radio by Oleksandr Enjoy live radio from more 30,000 local stations around the globe. “Love it! Works as intended and I can listen to my favorite radio station in Australia!” Featured: Transparent Standalone Images by Jared W For a clearer view of digital images, this simple but unique extension renders standalone images on transparent backgrounds. “Oh my god, thank you. I was getting so tired of the white backgrounds around standalone transparent images. Bless you, works perfectly.” Featured: ReloadMatic: Automatic Tab Refresh by pylo More than just another time-controlled tab reloader, ReloadMatic offers cache control, protection against reloading a page you may be in the midst of interacting with, and other nuanced features. “I really appreciate the time you’ve spent developing this extension because it has far more functionality than the other reloading extensions I’ve tried since moving to [Firefox] Quantum.” If you’d like to nominate an extension for featuring, please send it to amo-featured [at] mozilla [dot] org for the board’s consideration. We welcome you to submit your own add-on! The post August’s Featured Extensions appeared first on Mozilla Add-ons Blog. [Less]

The Rust team is happy to announce a new version of Rust, 1.28.0. Rust is a systems programming language focused on safety, speed, and concurrency. If you have a previous version of Rust installed via rustup, getting Rust 1.28.0 is as easy as: $ ... [More] rustup update stable If you don’t have it already, you can get rustup from the appropriate page on our website, and check out the detailed release notes for 1.28.0 on GitHub. What’s in 1.28.0 stable Global Allocators Allocators are the way that programs in Rust obtain memory from the system at runtime. Previously, Rust did not allow changing the way memory is obtained, which prevented some use cases. On some platforms, this meant using jemalloc, on others, the system allocator, but there was no way for users to control this key component. With 1.28.0, the #[global_allocator] attribute is now stable, which allows Rust programs to set their allocator to the system allocator, as well as define new allocators by implementing the GlobalAlloc trait. The default allocator for Rust programs on some platforms is jemalloc. The standard library now provides a handle to the system allocator, which can be used to switch to the system allocator when desired, by declaring a static and marking it with the #[global_allocator] attribute. use std::alloc::System; #[global_allocator] static GLOBAL: System = System; fn main() { let mut v = Vec::new(); // This will allocate memory using the system allocator. v.push(1); } However, sometimes you want to define a custom allocator for a given application domain. This is also relatively easy to do by implementing the GlobalAlloc trait. You can read more about how to do this in the documentation. Improved error message for formatting Work on diagnostics continues, this time with an emphasis on formatting: format!("{_foo}", _foo = 6usize); Previously, the error message emitted here was relatively poor: error: invalid format string: expected `'}'`, found `'_'` | 2 | format!("{_foo}", _foo = 6usize); | ^^^^^^^^ Now, we emit a diagnostic that tells you the specific reason the format string is invalid: error: invalid format string: invalid argument name `_foo` | 2 | let _ = format!("{_foo}", _foo = 6usize); | ^^^^ invalid argument name in format string | = note: argument names cannot start with an underscore See the detailed release notes for more. Library stabilizations We’ve already mentioned the stabilization of the GlobalAlloc trait, but another important stabilization is the NonZero number types. These are wrappers around the standard unsigned integer types: NonZeroU8, NonZeroU16, NonZeroU32, NonZeroU64, NonZeroU128, and NonZeroUsize. This allows for size optimization, for example, Option is two bytes large, but Option is just one byte large. Note that this optimization remains even when NonZeroU8 is wrapped inside another struct; the example below illustrates that Door is still 1 byte large despite being placed inside an Option. This optimization applies to user-defined enums as well: Option is not special. use std::mem; use std::num::NonZeroU8; struct Key(NonZeroU8); struct Door { key: Key, } fn main() { assert_eq!(mem::size_of::<Door>(), 1); assert_eq!(mem::size_of::<Option<Door>>(), 1); } A number of other libraries have also been stabilized: you can see the more detailed release notes for full details. Cargo features Cargo will now no longer allow you to publish crates with build scripts that modify the src directory. The src directory in a crate should be considered to be immutable. Contributors to 1.28.0 Many people came together to create Rust 1.28. We couldn’t have done it without all of you. Thanks! [Less]

Mozilla established one of the first modern security bug bounty programs back in 2004. Since that time, much of the technology industry has followed our lead and bounty programs have become a critical tool for finding security flaws in the software ... [More] we all use. But even while these programs have reached broader acceptance, the legal protections afforded to bounty program participants have failed to evolve, putting security researchers at risk and possibly stifling that research. That is why we are announcing changes to our bounty program policies to better protect security researchers working to improve Firefox and to codify the best practices that we’ve been using. We often hear of researchers who are concerned that companies or governments may take legal actions against them for their legitimate security research. For example, the Computer Fraud and Abuse Act (CFAA) – essentially the US anti-hacking law that criminalizes unauthorized access to computer systems – could be used to punish bounty participants testing the security of systems and software. Just the potential for legal liability might discourage important security research. Mozilla has criticized the CFAA for being overly broad and for potentially criminalizing activity intended to improve the security of the web. The policy changes we are making today are intended to create greater clarity for our own bounty program and to remove this legal risk for researchers participating in good faith. There are two important policy changes we are making. First, we have clarified what is in scope for our bounty program and specifically have called out that bounty participants should not access, modify, delete, or store our users’ data. This is critical because, to protect participants in our bug bounty program, we first have to define the boundaries for bug bounty eligibility. Second, we are stating explicitly that we will not threaten or bring any legal action against anyone who makes a good faith effort to comply with our bug bounty program. That means we promise not to sue researchers under any law (including the DMCA and CFAA) or under our applicable Terms of Service and Acceptable Use Policy for their research through the bug bounty program, and we consider that security research to be “authorized” under the CFAA. You can see the full changes we’ve made to our policies in the General Eligibility and Safe Harbor sections of our main bounty page. These changes will help researchers know what to expect from Mozilla and represent an important next step for a program we started more than a decade ago. We want to thank Amit Elazari, who brought this safe harbor issue to our attention and is working to drive change in this space, and Dropbox for the leadership it has shown through recent changes to its vulnerability disclosure policy. We hope that other bounty programs will adopt similar policies. The post Safe Harbor for Security Bug Bounty Participants appeared first on Mozilla Security Blog. [Less]

We commend the Argentine G20 Presidency for continuing to build momentum around the G20 digital process and look forward to seeing the Declaration and the progress made to that end following the Digital Ministerial on August 24. However, we can’t ... [More] ignore the lack of transparency and the step back from multistakeholder engagement that was championed under last year’s G20 Presidency by Germany. Mozilla appreciated the invitation to attend the G20-B20 workshops on July 30, which allowed for providing input into the Digital Declaration. But inviting pre-selected organisations to an unofficial side event on comparatively short notice is not sufficient for a meaningfully transparent and inclusive process. Assuming responsibility in the digital age also means that governments have to cater to the complexities of existing and upcoming challenges by including different stakeholders for their expertise and various experiences. We cannot reinstate trust in the development of our digital societies if we close the doors to meaningful engagement and inclusive participatory processes. Faro Digital, ITS Rio, and Mozilla reiterate as part of a much broader coalition of 80 stakeholders from across the world that a positive, forward-looking digital agenda must support a healthy web ecosystem and put people and their individual rights first, by providing meaningful access, strong privacy and data protection rights, freedom of expression, collaborative cybersecurity, and increased competition. Read more: https://g20openletter.org   Mitchell Baker, Executive Chairwoman, Mozilla Ronaldo Lemos, Director, ITS Rio Ezequiel Passeron, Executive Director, Faro Digital The post G20 digital process: Trust requires more transparency and inclusion appeared first on The Mozilla Blog. [Less]

Phabricator supports multi-commit patch series, but it's not yet obvious how to do it using Mercurial. So this the "hg" equivalent of this blog post for git users. Note that other people have written tools and plugins to do the same thing and that ... [More] an official client is coming soon. Initial setup I'm going to assume that you've setup arcanist and gotten an account on the Mozilla Phabricator instance. If you haven't, follow this video introduction or the excellent documentation for it (Bryce also wrote additionnal instructions for Windows users). Make a list of commits to submit First of all, use hg histedit to make a list of the commits that are needed: pick ee4d9e9fcbad 477986 Bug 1461515 - Split tracking annotations from tracki... pick 5509b5db01a4 477987 Bug 1461515 - Fix and expand tracking annotation tes... pick e40312debf76 477988 Bug 1461515 - Make TP test fail if it uses the wrong... Create Phabricator revisions Now, create a Phabricator revision for each commit (in order, from earliest to latest): ~/devel/mozilla-unified (annotation-list-1461515)$ hg up ee4d9e9fcbad 5 files updated, 0 files merged, 0 files removed, 0 files unresolved (leaving bookmark annotation-list-1461515) ~/devel/mozilla-unified (ee4d9e9)$ arc diff --no-amend Linting... No lint engine configured for this project. Running unit tests... No unit test engine is configured for this project. SKIP STAGING Phabricator does not support staging areas for this repository. Created a new Differential revision: Revision URI: https://phabricator.services.mozilla.com/D2484 Included changes: M modules/libpref/init/all.js M netwerk/base/nsChannelClassifier.cpp M netwerk/base/nsChannelClassifier.h M toolkit/components/url-classifier/Classifier.cpp M toolkit/components/url-classifier/SafeBrowsing.jsm M toolkit/components/url-classifier/nsUrlClassifierDBService.cpp M toolkit/components/url-classifier/tests/UrlClassifierTestUtils.jsm M toolkit/components/url-classifier/tests/mochitest/test_trackingprotection_bug1312515.html M xpcom/base/ErrorList.py ~/devel/mozilla-unified (ee4d9e9)$ hg up 5509b5db01a4 3 files updated, 0 files merged, 0 files removed, 0 files unresolved ~/devel/mozilla-unified (5509b5d)$ arc diff --no-amend Linting... No lint engine configured for this project. Running unit tests... No unit test engine is configured for this project. SKIP STAGING Phabricator does not support staging areas for this repository. Created a new Differential revision: Revision URI: https://phabricator.services.mozilla.com/D2485 Included changes: M toolkit/components/url-classifier/tests/UrlClassifierTestUtils.jsm M toolkit/components/url-classifier/tests/mochitest/test_trackingprotection_bug1312515.html M toolkit/components/url-classifier/tests/mochitest/trackingRequest.html ~/devel/mozilla-unified (5509b5d)$ hg up e40312debf76 2 files updated, 0 files merged, 0 files removed, 0 files unresolved ~/devel/mozilla-unified (e40312d)$ arc diff --no-amend Linting... No lint engine configured for this project. Running unit tests... No unit test engine is configured for this project. SKIP STAGING Phabricator does not support staging areas for this repository. Created a new Differential revision: Revision URI: https://phabricator.services.mozilla.com/D2486 Included changes: M toolkit/components/url-classifier/tests/mochitest/classifiedAnnotatedPBFrame.html M toolkit/components/url-classifier/tests/mochitest/test_privatebrowsing_trackingprotection.html Link all revisions together In order to ensure that these commits depend on one another, click on that last phabricator.services.mozilla.com link, then click "Related Revisions" then "Edit Parent Revisions" in the right-hand side bar and then add the previous commit (D2485 in this example). Then go to that parent revision and repeat the same steps to set D2484 as its parent. Amend one of the commits As it turns out my first patch wasn't perfect and I needed to amend the middle commit to fix some test failures that came up after pushing to Try. I ended up with the following commits (as viewed in hg histedit): pick ee4d9e9fcbad 477986 Bug 1461515 - Split tracking annotations from tracki... pick c24f4d9e75b9 477992 Bug 1461515 - Fix and expand tracking annotation tes... pick 1840f68978a7 477993 Bug 1461515 - Make TP test fail if it uses the wrong... which highlights that the last two commits changed and that I would have two revisions (D2485 and D2486) to update in Phabricator. However, since the only reason why the third patch has a different commit hash is because its parent changed, theres's no need to upload it again to Phabricator. Lando doesn't care about the parent hash and relies instead on the parent revision ID. It essentially applies diffs one at a time. The trick was to pass the --update DXXXX argument to arc diff: ~/devel/mozilla-unified (annotation-list-1461515)$ hg up c24f4d9e75b9 2 files updated, 0 files merged, 0 files removed, 0 files unresolved (leaving bookmark annotation-list-1461515) ~/devel/mozilla-unified (c24f4d9)$ arc diff --no-amend --update D2485 Linting... No lint engine configured for this project. Running unit tests... No unit test engine is configured for this project. SKIP STAGING Phabricator does not support staging areas for this repository. Updated an existing Differential revision: Revision URI: https://phabricator.services.mozilla.com/D2485 Included changes: M browser/base/content/test/general/trackingPage.html M netwerk/test/unit/test_trackingProtection_annotateChannels.js M toolkit/components/antitracking/test/browser/browser_imageCache.js M toolkit/components/antitracking/test/browser/browser_subResources.js M toolkit/components/antitracking/test/browser/head.js M toolkit/components/antitracking/test/browser/popup.html M toolkit/components/antitracking/test/browser/tracker.js M toolkit/components/url-classifier/tests/UrlClassifierTestUtils.jsm M toolkit/components/url-classifier/tests/mochitest/test_trackingprotection_bug1312515.html M toolkit/components/url-classifier/tests/mochitest/trackingRequest.html Note that changing the commit message will not automatically update the revision details in Phabricator. This has to be done manually in the Web UI if required. [Less]

Introducing the Dweb The web is the most successful programming platform in history, resulting in the largest open and accessible collection of human knowledge ever created. So yeah, it’s pretty great. But there are a set of common problems that the ... [More] web is not able to address. Have you ever… Had a website or app you love get updated to a new version, and you wished to go back to the old version? Tried to share a file between your phone and laptop or tv or other device while not connected to the internet? And without using a cloud service? Gone to a website or service that you depend on, only to find it’s been shut down? Whether it got bought and enveloped by some internet giant, or has gone out of business, or whatever, it was critical for you and now it’s gone. Additionally, the web is facing critical internet health issues, seemingly intractable due to the centralization of power in the hands of a few large companies who have economic interests in not solving these problems: Hate speech, harassment and other attacks on social networks Repeated attacks on Net Neutrality by governments and corporations Mass human communications compromised and manipulated for profit or political gain Censorship and whole internet shutdowns by governments These are some of the problems and use-cases addressed by a new wave of projects, products and platforms building on or with web technologies but with a twist: They’re using decentralized or distributed network architectures instead of the centralized networks we use now, in order to let the users control their online experience without intermediaries, whether government or corporate. This new structural approach gives rise to the idea of a ‘decentralized web’, often conveniently shortened to ‘dweb’. You can read a number of perspectives on centralization, and why it’s an important issue for us to tackle, in Mozilla’s Internet Health Report, released earlier this year. What’s the “D” in Dweb?! The “d” in “dweb” usually stands for either decentralized or distributed. What is the difference between distributed vs decentralized architectures? Here’s a visual illustration: (Image credit: Openclipart.org, your best source for technical clip art with animals) In centralized systems, one entity has control over the participation of all other entities. In decentralized systems, power over participation is divided between more than one entity. In distributed systems, no one entity has control over the participation of any other entity. Examples of centralization on the web today are the domain name system (DNS), servers run by a single company, and social networks designed for controlled communication. A few examples of decentralized or distributed projects that became household names are Napster, BitTorrent and Bitcoin. Some of these new dweb projects are decentralizing identity and social networking. Some are building distributed services in or on top of the existing centralized web, and others are distributed application protocols or platforms that run the web stack (HTML, JavaScript and CSS) on something other than HTTP. Also, there are blockchain-based platforms that run anything as long as it can be compiled into WebAssembly. Here We Go Mozilla’s mission is to put users in control of their experiences online. While some of these projects and technologies turn the familiar on its head (no servers! no DNS! no HTTP(S)!), it’s important for us to explore their potential for empowerment. This is the first post in a series. We’ll introduce projects that cover social communication, online identity, file sharing, new economic models, as well as high-level application platforms. All of this work is either decentralized or distributed, minimizing or entirely removing centralized control. You’ll meet the people behind these projects, and learn about their values and goals, the technical architectures used, and see basic code examples of using the project or platform. So leave your assumptions at the door, and get ready to learn what a web more fully in users’ control could look like. [Less]

Introducing the Dweb The web is the most successful programming platform in history, resulting in the largest open and accessible collection of human knowledge ever created. So yeah, it’s pretty great. But there are a set of common problems that the ... [More] web is not able to address. Have you ever… Had a website or app you love get updated to a new version, and you wished to go back to the old version? Tried to share a file between your phone and laptop or tv or other device while not connected to the internet? And without using a cloud service? Gone to a website or service that you depend on, only to find it’s been shut down? Whether it got bought and enveloped by some internet giant, or has gone out of business, or whatever, it was critical for you and now it’s gone. Additionally, the web is facing critical internet health issues, seemingly intractable due to the centralization of power in the hands of a few large companies who have economic interests in not solving these problems: Hate speech, harassment and other attacks on social networks Repeated attacks on Net Neutrality by governments and corporations Mass human communications compromised and manipulated for profit or political gain Censorship and whole internet shutdowns by governments These are some of the problems and use-cases addressed by a new wave of projects, products and platforms building on or with web technologies but with a twist: They’re using decentralized or distributed network architectures instead of the centralized networks we use now, in order to let the users control their online experience without intermediaries, whether government or corporate. This new structural approach gives rise to the idea of a ‘decentralized web’, often conveniently shortened to ‘dweb’. You can read a number of perspectives on centralization, and why it’s an important issue for us to tackle, in Mozilla’s Internet Health Report, released earlier this year. What’s the “D” in Dweb?! The “d” in “dweb” usually stands for either decentralized or distributed. What is the difference between distributed vs decentralized architectures? Here’s a visual illustration: (Image credit: Openclipart.org, your best source for technical clip art with animals) In centralized systems, one entity has control over the participation of all other entities. In decentralized systems, power over participation is divided between more than one entity. In distributed systems, no one entity has control over the participation of any other entity. Examples of centralization on the web today are the domain name system (DNS), servers run by a single company, and social networks designed for controlled communication. A few examples of decentralized or distributed projects that became household names are Napster, BitTorrent and Bitcoin. Some of these new dweb projects are decentralizing identity and social networking. Some are building distributed services in or on top of the existing centralized web, and others are distributed application protocols or platforms that run the web stack (HTML, JavaScript and CSS) on something other than HTTP. Also, there are blockchain-based platforms that run anything as long as it can be compiled into WebAssembly. Here We Go Mozilla’s mission is to put users in control of their experiences online. While some of these projects and technologies turn the familiar on its head (no servers! no DNS! no HTTP(S)!), it’s important for us to explore their potential for empowerment. This is the first post in a series. We’ll introduce projects that cover social communication, online identity, file sharing, new economic models, as well as high-level application platforms. All of this work is either decentralized or distributed, minimizing or entirely removing centralized control. You’ll meet the people behind these projects, and learn about their values and goals, the technical architectures used, and see basic code examples of using the project or platform. So leave your assumptions at the door, and get ready to learn what a web more fully in users’ control could look like. Note: This post is the introduction. The following posts in the series are listed below. Social Feeds with Secure Scuttlebutt Building a Resilient Web with WebTorrent [Less]