I Use This!
Very High Activity

News

Analyzed 9 days ago. based on code collected 9 days ago.
Posted 7 days ago by mkohler
As we did in the past few quarters, we have decided on the Reps Program Objectives for this quarter. Again we have worked with the Community Development Team to align our goals to the broader scope of their goals. These are highly relevant for the ... [More] Reps program and the Reps’ goals are tightly coupled with these. In the following graphic you can see how all these goals play together. Objective 1 – RepsNext is successfully completed paving the way for our next improvement program KR 1 – The Coaching plan is implemented and we are able to scale KR 2 – Budget requests submitted after June, 1st go through the trained Resource Reps KR 3 – Reps can get initial resources to improve their Leadership skills KR 4 – Core community sentiment NPS >11.5 (Konstantina as in Q1) KR 5 – Mobilizer sentiment NPS >15 (Konstantina as in Q1) KR 6 – We have a GitHub issue to plan for the future of Reps with an exclusive focus on functional contributions KR 7 – The Facebook experiment is analyzed and being continued if successful KR 8 – 2 communication improvements are identified KR 9 – It takes a maximum of 2 weeks for new applicants to have their first task assigned Objective 2 – MozActivate focuses mobilizers on impactful areas KR 1 – General feedback form is used by 100% of MozActivate activities KR 2 – We have implemented metrics and measurements for the existing MozActivate and to-be-launched activities as well as for the website itself KR 3 – 70 Reps have organized one or more MozActivate activity KR 4 – Activate is actively engaging 70 new technical contributors KR 5 – 2 new activities are launched Objective 3 – The Reps program demonstrates operational excellence in the Mozilla Project KR 1 – Goals for Q3 have been set KR 2 – We were involved and gave feedback about the Community Development Team OKRs for Q3 as well as the broader Open Innovation ones KR 3 – The budget allocation for Q3 is finalized and communicated to all Reps KR 4 – We have on average maximum one open action item from last week before every Council Meeting that is not tracked on GitHub and next steps/blockers are identified KR 5 – We have planned 2 brainstorm sessions for the next improvement program KR 6 – We have given feedback for Open Innovation’s “Strategy” project and are a valuable source for future consultation for strategy related questions We will work closely with the Community Development Team to achieve our goals. You can follow the progress of these tasks in the Reps Issue Tracker. We also have a new Dashboard1 to track the status of each objective. Which of the above objectives are you most interested in? What key result would you like to hear more about? What do you find intriguing? Which thoughts cross your mind upon reading this? Where would you like to help out? Let’s keep the conversation going! Join the discussion on Discourse.   [Less]
Posted 7 days ago by Mozilla
Mozilla supports the March for Science. And we’re leading projects to make scientific research more open and accessible, from extraterrestrial hackathons to in-depth fellowships   We believe openness is a core component not just of a healthy ... [More] Internet, but also a healthy society. Much like open practices can unlock innovation in the realm of technology, open practices can also invigorate fields like civics, journalism — and science. In laboratories and at academic institutions, open source code, data and methodology foster collaboration between researchers; spark scientific progress; increase transparency and encourage reproducibility; and better serve the public interest. Open data has been shown to speed up the study process and vaccine development for viruses, like Zika, at global scale. And open practices have allowed scientific societies from around the globe to pool their expertise and explore environments beyond Earth. This April, Mozilla is elevating its commitment to open science. Mozilla Science Lab, alongside a broader network of scientists, developers and activists, is leading a series of programs and events to support open practices in science. Our work aligns with the April 22 March for Science, a series of nonpartisan gatherings around the world that celebrate science in the public interest. We’re proud to say Teon Brooks, PhD — neuroscientist, open science advocate and Mozilla Science Fellow — is serving as a March for Science Partnership Outreach Co-Lead. From science fellowships to NASA-fueled hackathons, here’s what’s happening at Mozilla this April: Signage for Science Marchers We want to equip March for Science participants — from the neuroscientist to the megalosaurus-obsessed third grader — with signs that spotlight their passion and reverence for science. So Mozilla is asking you for your most clever, impassioned science-march slogans. With them, our designers will craft handy posters you can download, print and heft high. Learn more here. Seeking Open Science Fellows This month, Mozilla began accepting applications for Mozilla Fellowships for Science. For the third consecutive year, we are providing paid fellowships to scientists around the world who are passionate about collaborative, iterative and open research practices. Mozilla Science Fellows spend 10 months as community catalysts at their institutions, and receive training and support from Mozilla to hone their skills around open source, data sharing, open science policy and licensing. Fellows also craft code, curriculum and other learning resources. Fellowship alums hail from institutions like Stanford University and University of Cambridge, and have developed open source tools to teach and study issues like bioinformatics, climate science and neuroscience. Apply for a fellowship here. And read what open science means to Mozillian Abigail Cabunoc Mayes: My Grandmother, My Work, and My Open Science Story Calling for Open Data In the United States, federal taxes help fund billions of dollars in scientific research each year. But the results of that research are frequently housed behind pricey paywalls, or within complex, confounding systems. Citizens should have access to the research they help fund. Further, open access can spark even more innovation — it allows entrepreneurs, researchers and consumers to leverage and expand upon research. Just one example: Thanks to publicly-funded research made openly available, farmers in Colorado have access to weather data to predict irrigation costs and market cycles for crops. Add your name to the petition: https://iheartopendata.org. Calling for Open Citations Earlier this month, Mozilla announced support for the Initiative for Open Citations (I4OC), a project to make citations in scientific research open and freely accessible. I4OC is a collaboration between Wikimedia, Bill & Melinda Gates Foundation, a slate of scholarly publishers and several other organizations. Presently, citations in many scholarly publications are inaccessible, subject to restrictive and confusing licenses. Further, citation data is often not machine readable — meaning we can’t use computer programs to parse the data. I4OC envisions a global, public web of citation data — one that empowers teaching, learning, innovation and progress. Learn more about I4OC. Extraterrestrial Hackathon (in Brooklyn) Each year, the Space Apps hackathon allows scientists, coders and makers around the world to leverage NASA’s open data sets. In 2016, 5,000 people across six continents contributed. Participants built apps to measure air quality, to remotely explore gelid glaciers and to monitor astronauts’ vitals. For the 2017 Space Apps Hackathon — slated for April 28-30 — participants will use NASA data to study Earth’s hydrosphere and ecological systems. Mozilla Science is hosting a Brooklyn-based Space Apps event, which will include a data bootcamp. Learn more at http://spaceappsbrooklyn.com/ The post This April, Mozilla is Standing Up for Science appeared first on The Mozilla Blog. [Less]
Posted 7 days ago by Mozilla
Mozilla supports the March for Science. And we’re leading projects to make scientific research more open and accessible, from extraterrestrial hackathons to in-depth fellowships   We believe openness is a core component not just of a healthy ... [More] Internet, but also a healthy society. Much like open practices can unlock innovation in the realm of technology, open practices can also invigorate fields like civics, journalism — and science. In laboratories and at academic institutions, open source code, data and methodology foster collaboration between researchers; spark scientific progress; increase transparency and encourage reproducibility; and better serve the public interest. Open data has been shown to speed up the study process and vaccine development for viruses, like Zika, at global scale. And open practices have allowed scientific societies from around the globe to pool their expertise and explore environments beyond Earth. This April, Mozilla is elevating its commitment to open science. Mozilla Science Lab, alongside a broader network of scientists, developers and activists, is leading a series of programs and events to support open practices in science. Our work aligns with the April 22 March for Science, a series of nonpartisan gatherings around the world that celebrate science in the public interest. We’re proud to say Teon Brooks, PhD — neuroscientist, open science advocate and Mozilla Science Fellow — is serving as a March for Science Partnership Outreach Co-Lead. From science fellowships to NASA-fueled hackathons, here’s what’s happening at Mozilla this April: Signage for Science Marchers We want to equip March for Science participants — from the neuroscientist to the megalosaurus-obsessed third grader — with signs that spotlight their passion and reverence for science. So Mozilla is asking you for your most clever, impassioned science-march slogans. With them, our designers will craft handy posters you can download, print and heft high. Learn more here. Seeking Open Science Fellows This month, Mozilla began accepting applications for Mozilla Fellowships for Science. For the third consecutive year, we are providing paid fellowships to scientists around the world who are passionate about collaborative, iterative and open research practices. Mozilla Science Fellows spend 10 months as community catalysts at their institutions, and receive training and support from Mozilla to hone their skills around open source, data sharing, open science policy and licensing. Fellows also craft code, curriculum and other learning resources. Fellowship alums hail from institutions like Stanford University and University of Cambridge, and have developed open source tools to teach and study issues like bioinformatics, climate science and neuroscience. Apply for a fellowship here. And read what open science means to Mozillian Abigail Cabunoc Mayes: My Grandmother, My Work, and My Open Science Story Calling for Open Data In the United States, federal taxes help fund billions of dollars in scientific research each year. But the results of that research are frequently housed behind pricey paywalls, or within complex, confounding systems. Citizens should have access to the research they help fund. Further, open access can spark even more innovation — it allows entrepreneurs, researchers and consumers to leverage and expand upon research. Just one example: Thanks to publicly-funded research made openly available, farmers in Colorado have access to weather data to predict irrigation costs and market cycles for crops. Add your name to the petition: https://iheartopendata.org. Calling for Open Citations Earlier this month, Mozilla announced support for the Initiative for Open Citations (I4OC), a project to make citations in scientific research open and freely accessible. I4OC is a collaboration between Wikimedia, Bill & Melinda Gates Foundation, a slate of scholarly publishers and several other organizations. Presently, citations in many scholarly publications are inaccessible, subject to restrictive and confusing licenses. Further, citation data is often not machine readable — meaning we can’t use computer programs to parse the data. I4OC envisions a global, public web of citation data — one that empowers teaching, learning, innovation and progress. Learn more about I4OC. Extraterrestrial Hackathon (in Brooklyn) Each year, the Space Apps hackathon allows scientists, coders and makers around the world to leverage NASA’s open data sets. In 2016, 5,000 people across six continents contributed. Participants built apps to measure air quality, to remotely explore gelid glaciers and to monitor astronauts’ vitals. For the 2017 Space Apps Hackathon — slated for April 28-30 — participants will use NASA data to study Earth’s hydrosphere and ecological systems. Mozilla Science is hosting a Brooklyn-based Space Apps event, which will include a data bootcamp. Learn more at http://spaceappsbrooklyn.com/ The post This April, Mozilla is Standing Up for Science appeared first on The Mozilla Blog. [Less]
Posted 8 days ago by Imanol Fernandez
Want to try this now? Download this three.js Rollercoaster Demo (Android APK)! We are happy to announce that Google Daydream VR headset and Gamepad support are landing in Servo. The current implementation is WebVR 1.1 spec-compliant and ... [More] supports asynchronous reprojection to achieve low-latency rendering. If you are eager to explore, you can download an experimental three.js Rollercoaster Demo (Android APK) compatible with Daydream-ready Android phones. Put on the headset, switch on your controller, and run the app from Daydream Home or from a direct launch. We have contributed to many parts in the Servo browser codebase in order to allow polished WebVR experiences on Android. It’s nice that our WebVR support goals has allowed to push forward some improvements that are also useful for other areas of the Android version of Servo. VR Application life cycle Daydream VR applications have to gracefully handle several VR Entry flows such as transitions between the foreground and background, showing and hiding the Daydream pairing screen, and adding the GvrLayout Android View on top of the view hierarchy. To manage the different scenarios we worked on proper implementations of native EGL context lost and restore, animation loop pause/resume, immersive full-screen mode, and support for surface-size and orientation changes. Servo uses a NativeActivity, in combination with android-rs-glue and glutin, as an entry point for the application. We realized that NativeActivity ignores the Android view hierarchy because it’s designed to take over the surface from the window to directly draw to it. The Daydream SDK requires a GvrLayout view in the Activity’s view hierarchy in order to show the VR Scene, so things didn’t work out. A research about this issue shows that most people decide to get rid of NativeActivity or bypass this limitation using hacky PopupWindow modal views. The PopupWindow hack may work for simple views like an Google AdMob banner but causes complications with a complex VR view. We found a more elegant solution by releasing the seized window and injecting a custom SurfaceView with its render callbacks redirected to the abstract implementation in NativeActivity: This approach works great, and we can reuse the existing code for native rendering. We do, however, intend to remove NativeActivity in the future. We’d like to create a WebView API-based Servo component that will allow developers to embed their content from Android standalone apps or using WebView-based engine ecosystems such as Cordova. This will involve modifications to various Servo layers coupled with NativeActivity callbacks. Build System Thanks to the amazing job of both the Rustlang and Servo teams, the browser can be compiled with very few steps, even on Windows now. This is true for Android too, but the packaging step was still using ant combined with Python scripts. We replaced it with a new Gradle build system for the packaging step, which offers some nice benefits: A scalable dependency system that allows to include Gradle/aar-based dependencies such as the GoogleVR SDK. Relative paths for all project libraries and assets instead of multiple copies of the same files. Product flavors for different versions of Servo (e.g. Default, VR Browser, WebView) Android Studio and GPU debugger support. The new Gradle integration paves the way for packaging Servo APKs with the Android AArch64 architecture. This is important to get optimal performance on VR-ready phone CPUs. Most of the Rust package crates that Servo uses can be compiled for AArch64 using the aarch64-linux-android Rust compilation target. We still, however, need to fix some compilation issues with some C/C++ dependencies that use cmake, autotools or pure Makefiles. Other necessary improvements to support WebVR There’s a plethora of rough edges we have to polish as we make progress with the WebVR implementation. This is a very useful exercise that improves Servo Android support as a compelling platform for delivering not only WebVR content, but graphics-intensive experiences. To reach this milestone, these are some of the areas we had to improve: Discover and fix a buffer overflow bug in unsafe code in Angle’s Rust binding. Fix eglGetProcAddress for loading core OpenGL entry points. Add support for packed depth-stencil attachments. Address Android clipping issues on some WebRender GPU shaders. Improve EGLContextLost detection on Android. Fix renderbuffer/texture storage formats used on Android. Research long startup times caused by the libfontconfig dependency. Daydream support on Rust WebVR These notable Android improvements, combined with the existing cross-platform WebVR architecture, provide a solid base for Daydream integration into Servo. We started by integrating Daydream support in the browser dependency-free rust-webvr library. The Google VR NDK for Android provides a C/C++ API for both Daydream and Cardboard headsets. As our codebase is written in Rust, we used rust-bindgen to generate the required bindings. We also published the gvr-sys crate, so from now on anyone can easily use the GVR SDK in Rust for other use cases. The GoogleVRService class offers the entry point to access GVR SDK and handles life-cycle operations such as initialization, shutdown, and VR Device discovery. The integration with the headset is implemented in GoogleVRDisplay. Daydream lacks positional tracking, but by using the neck model provided in the SDK, we expose a basic position vector simulating how the human head naturally rotates relative to the base of the neck. A Java GvrLayout view is required in order get a handle to the gvr_context, apply lens distortion, and enable asynchronous-reprojection-based rendering. This adds some complexity to the implementation because it involves adding both the Java Native Interface (JNI) and Java code to the modular rust-webvr library. We created a Gradle module to handle the GvrLayout-related tasks and a helper JNIUtils class to communicate between Rust and Java. One of the complexities about this interoperation is that JNI FindClass function fails to find our custom Java classes. This happens because when attaching native Rust threads to a JavaVM, the JNI AttachCurrentThread call is unaware of the current Java application context and it uses the system Classloader instead of the one associated with the application. We fixed the issue by retrieving the Classloader from the NativeActivity’s jobject instance and performing loadClass calls directly to it. I’m waiting for variadic templates to land in Rustlang to extend and move these JNI Utils into it’s own crate providing a similar API like the one I implemented for the C++11 SafeJNI library. In order to present the WebGL canvas into the headset we tried to use a shared texture_id as we did in the OpenVR implementation. Unfortunately, the GVR SDK allows attaching only external textures that originate from the Android MediaCodec or Camera streams. We opted for a BlitFramebuffer-based solution, instead of rendering a quad, to avoid implementing the required OpenGL state-change safeguards or context switching: Once the Daydream integration was tested using the pure Rust room-scale demo, we integrated it pretty quickly into Servo. It fit perfectly into the existing WebVR architecture. WebVR tests ran well except that VRDisplay.requestPresent() failed in some random launches. This was caused because of a deadlock possibility during the very specific frame when the requestAnimationFrame is moved from window to VRDisplay. Fortunately, this was fixed with this PR. In order to reduce battery usage, when a JavaScript thread starts presenting to the Daydream headset, the swap_buffers call of the NativeActivity’s EGLContext is avoided. The optimized VR render path draws into only the texture framebuffer attached to the WebGL Canvas. This texture is sent to the GVRLayout presentation view when VRDisplay.submitFrame() is called and lens distortion is then applied. Gamepad Integration Gamepad support is a necessity for complete WebVR experiences. Similarly to the VRDisplay implementation, integration with the vendor-specific SDK for gamepads are implemented in rust-webvr, based on the following traits and structs: These traits are used in both the WebVR Thread and DOM Objects in the Gamepad API implementation in Servo. Vendor-specific SDKs don’t allow using the VR gamepads independently, so navigator.vr.getDisplays() must be called in order to spin up VR runtimes and make VR gamepads discoverable later in subsequent navigator.getGamepads() calls. The recommended way to get valid gamepad state on all browsers is calling navigator.getGamepads() within every frame in your requestAnimationFrame callback. We created a custom GamepadList container class with two main purposes: Provide a fast and Garbage Collection-friendly container to share the gamepad list between Rust and JavaScript, without creating or updating JS arrays every frame. Implement an indexed getter method which will be used to hide gamepads according to privacy rules. The Gamepad spec permits the browser to return inactive gamepads (e.g., [null, ]) when gamepads are available but in a different, hidden tab. The latest gamepads state is polled immediately in response to the navigator.getGamepads() API call. This is a different approach than the one implemented in Firefox, where the gamepads are vsync-aligned and have the data already polled when requestAnimationFrame is fired. Both options are equally valid, though the being able to immediately query for gamepads enables a bit more flexibility: Gamepad state can be sampled multiple times per frame, which can be very useful for motion-capture or drawing WebVR applications. Vsync-aligned polling can be simulated by just calling navigator.getGamepads at the start of the frame. Remember from the Servo WebVR architecture that requestAnimationFrame is fired in parallel and allows to get some JavaScript code executed ahead during the VR headset’s vsync time until VRDisplay#getFrameData is called. Conclusion We are very excited to see how far we’ve evolved the WebVR implementation on Servo. Now that Servo has a solid architecture on both desktop and mobile, our next steps will be to grow and tune up the WebGL implementation in order to create a first-class WebVR browser runtime. The Gear VR backend is coming too ;) Stay tuned! [Less]
Posted 8 days ago by Wladimir Palant
This announcement by the Princeton University is making its rounds in the media right now. What the media seems to be most interested in is their promise of ad blocking that websites cannot possibly detect, because the website can only access a fake ... [More] copy of the page structures where all ads appear to be visible. The browser on the other hand would work with the real page structures where ads are hidden. This isn’t something the Princeton researchers implemented yet, but they could have, right? First of all, please note how I am saying “hidden” rather than “blocked” here — in order to fake the presence of ads on the page you have to allow the ads to download. This means that this approach won’t protect you against any privacy or security threats. But it might potentially protect your eyes and your brain without letting the websites detect ad blocker usage. Can we know whether this approach is doable in practice? Is a blue pill for the website really possible? The Princeton researchers don’t seem to be aware of it but it has been tried before, probably on a number of occasions even. One such occasion was the history leak via the :visited CSS pseudo-class — this pseudo-class is normally used to make links the user visited before look differently from the ones they didn’t. The problem was, websites could detect such different-looking links and know which websites the user visited — there were proof-of-concept websites automatically querying a large number of links in order to extract user’s browsing history. One of the proposals back then was having getComputedStyle() JavaScript API return wrong values to the website, so that visited and unvisited links wouldn’t be distinguishable. And if you look into the discussion in the Firefox bug, even implementing this part turned out very complicated. But it doesn’t stop here, same kind of information would leak via a large number of other APIs. In fact, it has been demonstrated that this kind of attack could be performed without any JavaScript at all, by making visited links produce a server request and evaluating these requests on the server side. Hiding all these side-effects was deemed impossible from the very start, and the discussion instead focused on the minimal set of functionality to remove in order to prevent this kind of attack. There was a proposal allowing only same-origin links to be marked as visited. However, the final solution was to limit the CSS properties allowed in a :visited psedo-class to those merely changing colors and nothing else. Also, the conclusion was that APIs like canvas.drawWindow() which allowed websites to inspect the display of the page directly would always have to stay off limits for web content. The whole process from recognizing an issue to the fix being rolled out took 8 (eight!) years. And mind you, this was an issue being addressed at the source — directly in the browser core, not from an extension. Given this historical experience, it is naive to assume that an extension could present a fake page structure to a website without being detectable due to obvious inconsistencies. If at all, such a solution would have to be implemented deep in the browser core. I don’t think that anybody would be willing to limit functionality of the web platform for this scenario, but the solution search above was also constrained by performance considerations. If performance implications are ignored a blue pill for websites becomes doable. In fact, a fake page structure isn’t necessary and only makes things more complicated. What would be really needed is a separate layout calculation. Here is how it would work: Some built-in ad hiding mechanism would be able to mark page elements as “not for display.” When displaying the page, the browser would treat such page elements as if they had a “visibility:hidden” style applied — all requests and behaviors triggered by such page elements should still happen but they shouldn’t display. Whenever the page uses APIs that require access to positions (offsetTop, getBoundingClientRect etc), the browser uses a second page layout where the “not for display” flag is ignored. JavaScript APIs then produce their results based on that layout rather than the real one. That second layout is necessarily calculated at the same time as the “real” one, because calculating it on demand would lead to delays that the website could detect. E.g. if the page is already visible, yet the first offsetTop access takes unusually long the website can guess that the browser just calculated a fake layout for it. Altogether this means that the cost of the layout calculation will be doubled for every page, both in terms of CPU cycles and memory  — only because at some point the web page might try to detect ad blocking. Add to this significant complexity of the solution and considerable maintenance cost (the approach might have to be adjusted as new APIs are being added to the web platform). So I would be very surprised if any browser vendor would be interested in implementing it. And let’s not forget that all this is only about ad hiding. And that’s where we are with undetectable ad blocking: possible in theory but completely impractical. [Less]
Posted 8 days ago by Nick Nguyen
Today’s release of Firefox includes the first significant piece of Project Quantum, as well as various visible and the under-the-hood improvements. The Quantum Compositor speeds up Firefox and prevents graphics crashes on Windows In case you missed ... [More] our Project Quantum announcement, we’re building a next-generation browser engine that takes full advantage of modern hardware. Today we’re shipping one of the first important pieces of this effort – what we’ve referred to as the “Quantum Compositor”. Some technical details – we’ve now extracted a core part of our browser engine (the graphics compositor) to run in a process separate from the main Firefox process. The compositor determines what you see on your screen by flattening into one image all the layers of graphics that the browser computes, kind of like how Photoshop combines layers. Because the Quantum Compositor runs on the GPU instead of the CPU, it’s super fast. And, because of occasional bugs in underlying device drivers, the graphics compositor can sometimes crash. By running the Quantum Compositor in a separate process, if it crashes, it won’t bring down all of Firefox, or even your current tab. In testing, the Quantum Compositor reduced browser crashes by about 10%. You can learn more about our findings here. The Quantum Compositor will be enabled for about 70% of Firefox users – those on Windows 10, 8, and 7 with the Platform Update, on computers with graphics cards from Intel, NVidia, or AMD. And if you’re wondering about the Mac – graphics compositing is already so stable on MacOS that a separate process for the compositor is not necessary. Save screen real estate – and your eyes – with compact themes and tabs It’s a browser’s job to get you where you want to go, and then get out of the way. That’s why today’s release of Firefox for desktop ships with two new themes: Compact Light and Compact Dark. Compact Light shrinks the size of the browser’s user interface (the ‘chrome’) while maintaining Firefox’s default light color scheme. The Compact Dark theme inverts colors so it won’t strain your eyes, especially if you’re browsing in the dark. To turn on one of these themes, click the menu button and choose Add-ons. Then select the Appearance panel, and the theme you’d like to activate. Firefox for Android also ships with a new setting for compact tabs. When you switch tabs, this new setting displays your tabs in two columns, instead of one, so it’s easier to switch tabs when you have several open. To activate compact tabs, go to Settings > General. Easily control a website’s permission to access device sensors or send you notifications In order to fully function, many websites must first get your permission to access your hardware or alert you of information. For example, video conferencing apps need to use your camera and microphone, and maps request your location so you don’t have to type it in. Similarly, news sites and social networks often ask to send you notifications of breaking stories or messages. Today’s Firefox desktop release introduces a redesigned interface for granting and subsequently managing a website’s permissions. Now, when you visit a website that wants to access sensitive hardware or send you a notification, you’ll be prompted with a dialog box that explicitly highlights the permissions that site is requesting. If later on you would like to change a site’s permissions, just click the ‘i’ icon in the Awesome Bar. You can learn more about the improvements to Firefox’s permissions in this post. Lots more new Check out the Firefox 53 release notes for a full list of what’s new, but here are a few more noteworthy items: Firefox for Android is now localized in Arabic, Hebrew, Persian, and Urdu Reader Mode now displays estimated reading times on both Android and desktop Send tabs between desktop and mobile Firefox by right-clicking the tab Firefox now uses TLS 1.3 to secure HTTPs connections Web developers should check out the Hacks blog for more information about what’s in today’s release. We hope you enjoy today’s release, and that you’re excited for the even bigger Quantum leaps still ahead. The post Firefox faster and more stable with the first big bytes of Project Quantum, simpler with compact themes and permissions redesign appeared first on The Mozilla Blog. [Less]
Posted 8 days ago by Air Mozilla
This is the sumo weekly call
Posted 8 days ago by Air Mozilla
This is the Sumo Weekly call for 4/19/17. PLEASE NOTE***( Known audio issue for the 2nd half of video)
Posted 8 days ago by Nathan Froyd
From United: Broken Culture, by Jean-Louis Gassée, writing on his time as the head of Apple France: Over time, a customer service theorem emerged. When a customer brings a complaint, there are two tokens on the table: It’s Nothing and It’s Awful. ... [More] Both tokens are always played, so whoever chooses first forces the other to grab the token that’s left. For example: Customer claims something’s wrong. I try to play down the damage: It’s Probably Nothing…are you sure you know what you’re doing? Customer, enraged at my lack of judgment and empathy, ups the ante: How are you boors still in business?? But if I take the other token first and commiserate with Customer’s complaint: This Is Awful! How could we have done something like this? Dear Customer is left with no choice, compelled to say Oh, it isn’t so bad…certainly not the end of the world.. It’s simple, it works…even in marriages, I’m told. There’s no downside to taking the It’s Awful position. If, on further and calm investigation, the customer is revealed to be seriously wrong, you can always move to the playbook’s Upon Further Review page. [Less]
Posted 8 days ago by Daniel Stenberg
The curl project is a project driven by volunteers with no financing at all except for a few sponsors who pay for the server hosting and for contributors to work on features and bug fixes on work hours. curl and libcurl are used widely by companies ... [More] and commercial software so a fair amount of work is done by people during paid work hours. This said, we don’t have any money in the project. Nada. Zilch. We can’t pay bug bounties or hire people to do specific things for us. We can only ask people or companies to volunteer things or services for us. This is not a complaint – far from it. It works really well and we have a good stream of contributions, bugs reports and more. We are fortunate enough to make widely used software which gives our project a certain impact in the world. Bug bounty! Hacker One coordinates a bug bounty program for flaws that affects “the Internet”, and based on previously paid out bounties, serious flaws in libcurl match that description and can be deemed worthy of bounties. For example, 3000 USD was paid for libcurl: URL request injection (the curl advisory for that flaw) and 1000 USD was paid for libcurl duphandle read out of bounds (the corresponding curl advisory). I think more flaws in libcurl could’ve met the criteria, but I suspect more people than me haven’t been aware of this possibility for bounties. I was glad to find out that this bounty program pays out money for libcurl issues and I hope it will motivate people to take an extra look into the inner workings of libcurl and help us improve. What qualifies? The bounty program is run and administered completely out of control or insight from the curl project itself and I must underscore that while libcurl issues can qualify, their emphasis is on fixing vulnerabilities in Internet software that have a potentially big impact. To qualify for this bounty, vulnerabilities must meet the following criteria: Be implementation agnostic: the vulnerability is present in implementations from multiple vendors or a vendor with dominant market share. Do not send vulnerabilities that only impact a single website, product, or project. Be open source: finding manifests itself in at least one popular open source project. In addition, vulnerabilities should meet most of the following criteria: Be widespread: vulnerability manifests itself across a wide range of products, or impacts a large number of end users. Have critical impact: vulnerability has extreme negative consequences for the general public. Be novel: vulnerability is new or unusual in an interesting way. If your libcurl security flaw matches this, go ahead and submit your request for a bounty. If you’re at a company using libcurl at scale, consider joining that program as a bounty sponsor! [Less]