mozilla

Mozilla Nederland LogoDe Nederlandse
Mozilla-gemeenschap

Jan-Erik Rediger: This Week in Glean: Glean & GeckoView

Mozilla planet - vr, 17/09/2021 - 13:00

(“This Week in Glean” is a series of blog posts that the Glean Team at Mozilla is using to try to communicate better about our work. They could be release notes, documentation, hopes, dreams, or whatever: so long as it is inspired by Glean.) All "This Week in Glean" blog posts are listed in the TWiG index (and on the Mozilla Data blog). This article is cross-posted on the Mozilla Data blog.

This is a followup post to Shipping Glean with GeckoView.

It landed!

It took us several more weeks to put everything into place, but we're finally shipping the Rust parts of the Glean Android SDK with GeckoView and consume that in Android Components and Fenix. And it still all works, collects data and is sending pings! Additionally this results in a slightly smaller APK as well.

This unblocks further work now. Currently Gecko simply stubs out all calls to Glean when compiled for Android, but we will enable recording Glean metrics within Gecko and exposing them in pings sent from Fenix. We will also start work on moving other Rust components into mozilla-central in order for them to use the Rust API of Glean directly. Changing how we deliver the Rust code also made testing Glean changes across these different components a bit more challenging, so I want to invest some time to make that easier again.

Categorieën: Mozilla-nl planet

The Great Resignation: New gig? Here are 7 tips to ensure success

Mozilla Blog - do, 16/09/2021 - 22:20

If recent surveys and polls ring true, over 46% of the global workforce is considering leaving their employer this year. Despite COVID-19 causing initial turnover due to the related economic downturn, the current phenomenon coined “The Great Resignation” is attributed to the many job seekers choosing to leave their current employment voluntarily. Mass vaccinations and mask mandates have allowed offices to re-open just as job seekers are reassessing work-life balance, making bold moves to take control of where they choose to live and work. 

The “New Normal”

Millions of workers have adjusted to remote-flexible work arrangements, finding success and a greater sense of work-life balance. The question is whether or not employers will permanently allow this benefit post-pandemic.

Jerry Lee, COO/Founder of the career development consultancy, Wonsulting, sees changes coming to the workplace power dynamic.

“In the future of work, employers will have to be much more employee-first beyond monetary compensation,” he said. “There is a shift of negotiating power moving from the employers to the employees, which calls for company benefits and work-life balance to improve.” 

Abbie Duckham, Talent Operations Program Manager at Mozilla, believes the days of companies choosing people are long over. 

“From a hiring lens, it’s no longer about companies choosing people, it’s about people choosing companies,” Duckham said. “People are choosing to work at companies that, yes, value productivity and revenue – but more-so companies that value mental health and understand that every single person on their staff has a different home life or work-life balance.”

Drop the mic and cue the job switch

So, how can recent job switchers or job seekers better prepare for their next big move? The following tips and advice from career and talent sourcing experts can help anyone perform their best while adapting to our current pandemic reality.

Take a vacation *seriously*

When starting a new role many are keen to jump into work right away; however, it’s always important to take a mental break between your different roles before you start another onboarding process,” advises Jonathan Javier, CEO/Founder at Wonsulting. “One way to do this is to plan your vacations ahead of your switch: that trip to Hawaii you always wanted? Plan it right after you end your job. That time you wanted to spend with your significant other? Enjoy that time off.” 

It also never hurts to negotiate a start date that prioritizes your mental preparedness and well-being.

Out with the old and in with that new-new

When Duckham started at Mozilla, she made it her mission to absorb every bit of the manifesto to better understand Mozilla’s culture. “From there I looked into what we actually do as a company. Setting up a Firefox account was pretty crucial since we are all about dog-fooding here (or as we call it, foxfooding), and then downloading Firefox Nightly, the latest beta-snapshot of the browser as our developers are actively working on it.”

Duckham also implores job-switchers to rebrand themselves. 

“You have a chance to take everything you wanted your last company to know about you and restart,” she said. “Take everything you had imposter syndrome about and flip the switch.”

Network early

“When you join a new company, it’s important to identify the subject matter experts for different functions of your company so you know who you can reach out to if you have any questions or need insights,” Javier said.

Javier also recommends networking with people who have also switched jobs. 

“You can search for and find people who switched from non-tech roles to an in-tech role by simply searching for ‘Past Company’ at a non-tech company and then putting ‘Current Company’ at a tech company on LinkedIn,” he said.

Brain-breaks 

Duckham went as far as giving her digital workspace a refreshing overhaul when she started at Mozilla. 

“I cleaned off my desktop, made folders for storing files, and essentially crafted a blank working space to start fresh from my previous company – effectively tabula rasa-ing my digital workspace did the same for my mental state as I prepared to absorb tons of new processes and practices.”

In that same vein, when you need a bit of a brain-break throughout the work day and that break leads you to social media, Duckham advises downloading Facebook Container, a browser extension that makes it harder for Facebook to track you on the web outside of Facebook.

“Speaking of brain-breaks, if socials aren’t your thing and you’d rather catch up on written curated content from around the web, Pocket is an excellent way to let your mind wander and breathe during the work day so you’re able return to work a little more refreshed,” Duckham added.

Making remote friends and drawing boundary lines

56% of Mozilla employees signed in to work from remote locations all over the world, even before the pandemic. Working asynchronously across so many time zones can be unusual for new teammates. Duckham’s biggest tip for new Mozillians? 

“Be open and a little vulnerable. Do you need to take your kid to school every day, does your dog require a mid-day walk? Chances are your schedule is just as unique as the person in the Zoom window next to you. Be open about the personal time you need to take throughout the day and then build your work schedule around it.” 

But what about building comradery and remote-friendships

“In a traditional work environment, you might run into your colleagues in the break room and have a quick chat. As roles continue to become more remote or hybrid-first, it is important to create opportunities for you to mingle with your colleagues,” Jerry Lee of Wonsulting said. “These small interactions are what builds long-lasting friendships, which in turn allows you to feel more comfortable and productive at work.”

How to leverage pay, flexibility and other benefits even if you aren’t job searching

“The best leverage you can find in this job market – is clearly defining what is important for you and making sure you have that option in your role,” Lee said. 

He’s not wrong. Make sure to consider your current growth opportunities, autonomy, location, work-life flexibility and compensation, of course. For example, if you are looking for a flexible-remote arrangement, Lee suggests clearly articulating what it is you want to your manager using the following talk-track as a guide:

Hey Manager!

I’m looking for ways to better incorporate my work into my personal life, and I’ve realized one important factor for me is location flexibility. I’m looking to move around a bit in the next few years but would love to continue the work I have here.

What can we do to make this happen?

Once you make your request, you’ll need to work with your manager to ensure your productivity and impact improves or at least remains the same.

Finally, it’s always helpful to remind yourself that every ‘big’ career move is the result of several smaller moves. If you’re looking to make a switch or simply reassessing your current work-life balance, Javier recommends practicing vision boarding. “I do this by drawing my current state and what I want my future state to look like,” said Javier. “Even if your drawings are subpar, you’ll be able to visualize what you want to accomplish in the future and make it into reality.”

As the Great Resignation continues, it is important to keep in mind that getting a new job is just the start of the journey. There are important steps that you can do, and Firefox and Pocket can help, to make sure that you feel ready for your next career adventure.

Firefox browser logo Get Firefox Get the browser that protects what’s important About our experts

Jonathan Javier is the CEO/Founder of Wonsulting, whose mission is to “turn underdogs into winners”. He’s also worked in Operations at Snap, Google, and Cisco coming from a non-target school/non-traditional background. He works on many initiatives, providing advice and words of wisdom on LinkedIn and through speaking engagements. In total, he has led 210+ workshops in 9 different countries including the Mena ICT Forum in Jordan, Resume/Personal Branding at Cisco, LinkedIn Strategy & Operations Offsite, Great Place To Work, Talks at Google, TEDx, and more. He’s been featured on Forbes, Fox News, Business Insider, The Times, LinkedIn News, Yahoo! News, Jobscan, and Brainz Magazine as a top job search expert and amassed 1M+ followers on LinkedIn, Instagram, TikTok as well as 30+ million impressions monthly on his content.

Jerry Lee is the COO/Founder of Wonsulting and an ex-Senior Strategy & Operations Manager at Google & used to lead Product Strategy at Lucid. He is from Torrance, California and graduated summa cum laude from Babson College. After graduating, Jerry was hired as the youngest analyst in his organization by being promoted multiple times in 2 years to his current position. After he left Google, he was the youngest person to lead a strategy team at Lucid. Jerry partners with universities & organizations (220+ to date) to help others land into their dream careers. He has 250K+ followers across LinkedIn, TikTok & Instagram and has reached 40M+ professionals. In addition, his work is featured on Forbes, Newsweek, Business Insider, Yahoo! News, LinkedIn & elected as the 2020 LinkedIn Top Voice for Tech. 

Abbie Duckham is the current Talent Operations Program Manager at Mozilla. She has been with the company since 2016, working out of the San Francisco Office, and now her home office in Oakland.

The post The Great Resignation: New gig? Here are 7 tips to ensure success appeared first on The Mozilla Blog.

Categorieën: Mozilla-nl planet

Niko Matsakis: Rustacean Principles, continued

Mozilla planet - do, 16/09/2021 - 15:42

RustConf is always a good time for reflecting on the project. For me, the last week has been particularly “reflective”. Since announcing the Rustacean Principles, I’ve been having a number of conversations with members of the community about how they can be improved. I wanted to write a post summarizing some of the feedback I’ve gotten.

The principles are a work-in-progress

Sparking conversation about the principles was exactly what I was hoping for when I posted the previous blog post. The principles have mostly been the product of Josh and I iterating, and hence reflect our experiences. While the two of us have been involved in quite a few parts of the project, for the document to truly serve its purpose, it needs input from the community as a whole.

Unfortunately, for many people, the way I presented the principles made it seem like I was trying to unveil a fait accompli, rather than seeking input on a work-in-progress. I hope this post makes the intention more clear!

The principles as a continuation of Rust’s traditions

Rust has a long tradition of articulating its values. This is why we have a Code of Conduct. This is why we wrote blog posts like Fearless Concurrency, Stability as a Deliverable and Rust Once, Run Anywhere. Looking past the “engineering side” of Rust, aturon’s classic blog posts on listening and trust (part 1, part 2, part 3) did a great job of talking about what it is like to be on a Rust team. And who could forget the whole “fireflowers” debate?1

My goal with the Rustacean Principles is to help coalesce the existing wisdom found in those classic Rust blog posts into a more concise form. To that end, I took initial inspiration from how AWS uses tenets, although by this point the principles have evolved into a somewhat different form. I like the way tenets use short, crisp statements that identify important concepts, and I like the way assigning a priority ordering helps establish which should have priority. (That said, one of Rust’s oldest values is synthesis: we try to find ways to resolve constraints that are in tension by having our cake and eating it too.)

Given all of this backdrop, I was pretty enthused by a suggestion that I heard from Jacob Finkelman. He suggested adapting the principles to incorporate more of the “classic Rust catchphrases”, such as the “no new rationale” rule described in the first blog post from aturon’s series. A similar idea is to incorporate the lessons from RFCs, both successful and unsuccessful (this is what I was going for in the case studies section, but that clearly needs to be expanded).

The overall goal: Empowerment

My original intention was to structure the principles as a cascading series of ideas:

  • Rust’s top-level goal: Empowerment
    • Principles: Dissecting empowerment into its constituent pieces – reliable, performant, etc – and analyzing the importance of those pieces relative to one another.
      • Mechanisms: Specific rules that we use, like type safety, that engender the principles (reliability, performance, etc.). These mechanisms often work in favor of one principle, but can work against others.

wycats suggested that the site could do a better job of clarifying that empowerment is the top-level, overriding goal, and I agree. I’m going to try and tweak the site to make it clearer.

A goal, not a minimum bar

The principles in “How to Rustacean” were meant to be aspirational: a target to be reaching for. We’re all human: nobody does everything right all the time. But, as Matklad describes, the principles could be understood as setting up a kind of minimum bar – to be a team member, one has to show up, follow through, trust and delegate, all while bringing joy? This could be really stressful for people.

The goal for the “How to Rustacean” section is to be a way to lift people up by giving them clear guidance for how to succeed; it helps us to answer people when they ask “what should I do to get onto the lang/compiler/whatever team”. The internals thread had a number of good ideas for how to help it serve this intended purpose without stressing people out, such as cuviper’s suggestion to use fictional characters like Ferris in examples, passcod’s suggestion of discussing inclusion, or Matklad’s proposal to add something to the effect of “You don’t have to be perfect” to the list. Iteration needed!

Scope of the principles

Some people have wondered why the principles are framed in a rather general way, one that applies to all of Rust, instead of being specific to the lang team. It’s a fair question! In fact, they didn’t start this way. They started their life as a rather narrow set of “design tenets for async” that appeared in the async vision doc. But as those evolved, I found that they were starting to sound like design goals for Rust as a whole, not specifically for async.

Trying to describe Rust as a “coherent whole” makes a lot of sense to me. After all, the experience of using Rust is shaped by all of its facets: the language, the libraries, the tooling, the community, even its internal infrastructure (which contributes to that feeling of reliability by ensuring that the releases are available and high quality). Every part has its own role to play, but they are all working towards the same goal of empowering Rust’s users.2

There is an interesting question about the long-term trajectory for this work. In my mind, the principles remain something of an experiment. Presuming that they prove to be useful, I think that they would make a nice RFC.

What about “easy”?

One final bit of feedback I heard from Carl Lerche is surprise that the principles don’t include the word “easy”. This not an accident. I felt that “easy to use” was too subjective to be actionable, and that the goals of productive and supportive were more precise. However, I do think that for people to feel empowered, it’s important for them not feel mentally overloaded, and Rust can definitely have the problem of carrying a high mental load sometimes.

I’m not sure the best way to tweak the “Rust empowers by being…” section to reflect this, but the answer may lie with the Cognitive Dimensions of Notation. I was introduced to these from Felienne Herman’s excellent book The Programmer’s Brain; I quite enjoyed this journal article as well.

The idea of the CDN is to try and elaborate on the ways that tools can be easier or harder to use for a particular task. For example, Rust would likely do well on the “error prone” dimension, in that when you make changes, the compiler generally helps ensure they are correct. But Rust does tend to have a high “viscosity”, because making local changes tends to be difficult: adding a lifetime, for example, can require updating data structures all over the code in an annoying cascade.

It’s important though to keep in mind that the CDN will vary from task to task. There are many kinds of changes one can make in Rust with very low viscosity, such as adding a new dependency. On the other hand, there are also cases where Rust can be error prone, such as mixing async runtimes.

Conclusion

In retrospect, I wish I had introduced the concept of the Rustacean Principles in a different way. But the subsequent conversations have been really great, and I’m pretty excited by all the ideas on how to improve them. I want to encourage folks again to come over to the internals thread with their thoughts and suggestions.

  1. Love that web page, brson

  2. One interesting question: I do think that some tools may vary the prioritization of different aspects of Rust. For example, a tool for formal verification is obviously aimed at users that particularly value reliability, but other tools may have different audiences. I’m not sure yet the best way to capture that, it may well be that each tool can have its own take on the way that it particularly empowers. 

Categorieën: Mozilla-nl planet

Mozilla VPN adds advanced privacy features: Custom DNS servers and Multi-hop

Mozilla Blog - do, 16/09/2021 - 00:43

Your online privacy remains our top priority, and we know that one of the first things to secure your privacy when you go online is to get on a Virtual Private Network (VPN), an encrypted connection that serves as a tunnel between your computer and VPN server. Today, we’re launching the latest release of our Mozilla VPN, our fast and easy-to-use VPN service, with two new advanced privacy features that offer additional layers of privacy. This includes your choice of Domain Name System (DNS) servers whether it’s the default we’ve provided, our suggested ad blocking, tracker blocking or ad plus tracker blocking DNS server, or an alternative one, plus the multi-hop feature which allows you to add two different servers to give you twice the amount of encryption. Today’s Mozilla VPN release is available on Windows, Mac, Linux and Android platforms (it will soon be available on iOS later this week).

Here are today’s Mozilla VPN Features: Uplevel your privacy with Mozilla VPN’s Custom DNS server feature

Traditionally when you go online your traffic is routed through your Internet Service Provider’s (ISP) DNS servers who may be keeping records of your online activities. DNS, which stands for Domain Name System, is like a phone book for domains, which are the websites that you visit. One of the advantages to using a VPN is shielding your online activity from your ISP by using your trusted VPN service provider’s DNS servers. There are a variety of DNS servers, from ones that offer additional features like tracker blocking, ad blocking or a combination of both tracker and ad blocking, or local DNS servers that have those benefits along with speed. 

Now, with today’s Custom DNS server, we put you in control of choosing your DNS server that fits your needs. You can find this feature in your Network Settings under Advanced DNS Settings. From there, you can choose from the default DNS server, enter your local DNS server, or choose from the recommended list of DNS servers available to you. 

Choose from the recommended list of DNS servers available to you Double up your VPN service with Mozilla’s VPN Multi-hop feature

We’re introducing our Multi-hop feature which is also known as doubling up your VPN because instead of using one VPN server you can use two VPN servers. Here’s how it works, first your online activity is routed through one VPN server. Then, by selecting the Multi-Hop feature, your online activity will get routed a second time through an extra VPN server which is known as your exit server. Essentially, you will have two VPN servers which are known as the entry VPN server and exit VPN server. This new powerful privacy feature appeals to those who think twice about their privacy, like political activists, journalists writing sensitive topics, or anyone who’s using a public wi-fi and wants that added peace of mind by doubling-up their VPN servers.

To turn on this new feature, go to your Location, then choose Multi-hop. From there, you can choose your entry server location and your exit server location. The exit server location will be your main VPN server. We will also list your two recent Multi-hop connections so you can reuse them in the future. 

Choose your entry server location and your exit server location Your two recent Multi-hop connections will also be listed and available to reuse in the future How we innovate and build features for you with Mozilla VPN

Developed by Mozilla, a mission-driven company with a 20-year track record of fighting for online privacy and a healthier internet, we are committed to innovate and bring new features to the Mozilla VPN. Mozilla periodically works with third-party organizations to complement our internal security programs and help improve the overall security of our products. Mozilla recently published an independent security audit of its Mozilla VPN from Cure53, an unbiased cybersecurity firm based in Berlin with more than 15 years of running software testing and code auditing. Here is a link to the blog post and the security audit for more details. 

We know that it’s more important than ever for you to be safe, and for you to know that what you do online is your own business. By subscribing to Mozilla VPN, users support both Mozilla’s product development and our mission to build a better web for all. Check out the Mozilla VPN and subscribe today from our website.

For more on Mozilla VPN:

Mozilla VPN Completes Independent Security Audit by Cure53

Celebrating Mozilla VPN: How we’re keeping your data safe for you

Latest Mozilla VPN features keep your data safe

Mozilla Puts Its Trusted Stamp on VPN

The post Mozilla VPN adds advanced privacy features: Custom DNS servers and Multi-hop appeared first on The Mozilla Blog.

Categorieën: Mozilla-nl planet

Get where you’re going faster, with Firefox Suggest

Mozilla Blog - wo, 15/09/2021 - 18:16

Today, people have to work too hard to find what they want online, sifting through and steering clear of content, clutter and click-bait not worthy of their time. Over time, navigation on the internet has become increasingly centralized and optimized for clicks and scrolling, not for getting people to where they want to go or what they are looking for quickly. 

We’d like to help change this, and we think Firefox is a good place to start.

Today we’re announcing our first step towards doing that with a new feature called Firefox Suggest.

Firefox Suggest is a new discovery feature that is built directly into the browser. Firefox Suggest acts as a trustworthy guide to the better web, surfacing relevant information and sites to help people accomplish their goals. Check it out here:

Relevant, reliable answers: 

Firefox already helps people search their browsing history and tabs and use their preferred search engine directly from Firefox’s Awesome Bar. 

Firefox Suggest will enhance this by including other sources of information such as Wikipedia, Pocket articles, reviews and credible content from sponsored, vetted partners and trusted organizations. 

For instance, suppose someone types “Costa Rica” into the Awesome Bar, they might see a result from Wikipedia:

Firefox users can find suggestions from Wikipedia

Firefox Suggest also contains sponsored suggestions from vetted partners. For instance, if someone types in “vans”, we might show a sponsored result for Vans shoes on eBay:

Firefox users can find sponsored suggestions from vetted partners

We are also developing contextual suggestions. These aim to enhance and speed up your searching experience. To deliver contextual suggestions, Firefox will need to send Mozilla new data, specifically, what you type into the search bar, city-level location data to know what’s nearby and relevant, as well as whether you click on a suggestion and which suggestion you click on.

In your control:

As always, we believe people should be in control of their web experience, so Firefox Suggest will be a customizable feature. 

We’ll begin offering contextual suggestions to a percentage of people in the U.S. as an opt-in experience. 

Opt-in prompt for smarter, contextual suggestions

Find out more about the ways you can customize this experience here.

Unmatched privacy: 

We believe online ads can work without advertisers needing to know everything about you. So when people choose to enable smarter suggestions, we will collect only the data that we need to operate, update and improve the functionality of Firefox Suggest and the overall user experience based on our Lean Data and Data Privacy Principles. We will also continue to be transparent about our data and data collection practices as we develop this new feature.

A better web. 

The internet has so much to offer, and we want to help people get the best out of it faster and easier than ever before.

Firefox is the choice for people who want to experience the web as a purpose driven and independent company envisions it. We create software for people that provides real privacy, transparency and valuable help with navigating today’s internet. This is another step in our journey to build a better internet.

The post Get where you’re going faster, with Firefox Suggest appeared first on The Mozilla Blog.

Categorieën: Mozilla-nl planet

Support.Mozilla.Org: What’s up with SUMO – September 2021

Mozilla planet - wo, 15/09/2021 - 16:16

Hey SUMO folks,

September is going to be the last month for Q3, so let’s see what we’ve been up to for the past quarter.

Welcome on board!
  1. Welcome to SUMO family for Bithiah, mokich1one, handisutrian, and Pomarańczarz. Bithiah has been pretty active on contributing to the support forum for a while now, while Mokich1one, Handi, and Pomarańczarz are emerging localization contributors respectively for Japanese, Bahasa Indonesia, and Polish.
Community news
  • Read our post about the advanced customization in the forum and KB here and let us know if you still have any questions!
  • Please join me to welcome Abby into the Customer Experience Team. Abby is our new Content Manager who will be in charge of our Knowledge Base as well as Localization effort. You can learn more about Abby soon.
  • Learn more about Firefox 92 here.
  • Can you imagine what’s gonna happen when we reach version 100? Learn more about the experiment we’re running in Firefox Nightly here and see how you can help!
  • Are you a fan of Firefox Focus? Join our foxfooding campaign for focus that is coming. You can learn more about the campaign here.
  • No Kitsune update for this month. Check out SUMO Engineering Board instead to see what the team is currently doing.
Community call
  • Watch the monthly community call if you haven’t. Learn more about what’s new in August!
  • Reminder: Don’t hesitate to join the call in person if you can. We try our best to provide a safe space for everyone to contribute. You’re more than welcome to lurk in the call if you don’t feel comfortable turning on your video or speaking up. If you feel shy to ask questions during the meeting, feel free to add your questions on the contributor forum in advance, or put them in our Matrix channel, so we can address them during the meeting.
Community stats KB

KB pageviews (*)

* KB pageviews number is a total of KB pageviews for /en-US/ only Month Page views Vs previous month Aug 2021 8,462,165 +2.47%

Top 5 KB contributors in the last 90 days: 

  1. AliceWyman
  2. Thomas8
  3. Michele Rodaro
  4. K_alex
  5. Pierre Mozinet
KB Localization

Top 10 locale based on total page views

Locale Aug 2021 pageviews (*) Localization progress (per Sep, 7)(**) de 8.57% 99% zh-CN 6.69% 100% pt-BR 6.62% 63% es 5.95% 44% fr 5.43% 91% ja 3.93% 57% ru 3.70% 100% pl 1.98% 100% it 1.81% 86% zh-TW 1.45% 6% * Locale pageviews is an overall pageviews from the given locale (KB and other pages) ** Localization progress is the percentage of localized article from all KB articles per locale

Top 5 localization contributors in the last 90 days: 

  1. Milupo
  2. Michele Rodaro
  3. Jim Spentzos
  4. Soucet
  5. Artist
Forum Support

Forum stats

Month Total questions Answer rate within 72 hrs Solved rate within 72 hrs Forum helpfulness Aug 2021 3523 75.59% 17.40% 66.67%

Top 5 forum contributors in the last 90 days: 

  1. FredMcD
  2. Cor-el
  3. Jscher2000
  4. Seburo
  5. Sfhowes
Social Support Channel Aug 2021 Total conv Conv interacted @firefox 2967 341 @FirefoxSupport 386 270

Top contributors in Aug 2021

  1. Christophe Villeneuve
  2. Andrew Truong
  3. Pravin
Play Store Support

We don’t have enough data for the Play Store Support yet. However, you can check out the overall Respond Tool metrics here.

Product updates Firefox desktop Firefox mobile Other products / Experiments
  • Mozilla VPN V2.5 Expected to release 09/15
  • Fx Search experiment:
    • From Sept 6, 2021 1% of the Desktop user base will be experimenting with Bing as the default search engine. The study will last into early 2022, likely wrapping up by the end of January.
    • Common response:
      • Forum: Search study – September 2021
      • Conversocial clipboard: “Mozilla – Search study sept 2021”
      • Twitter: Hi, we are currently running a study that may cause some users to notice that their default search engine has changed. To revert back to your search engine of choice, please follow the steps in the following article → https://mzl.la/3l5UCLr
  • Firefox Suggest + Data policy update (Sept 16 + Oct 5)
    • September 16th, the Mozilla Privacy Policy will be updated to supplement the roll out of FX Suggest online mode. Currently, FX Suggest is utilizing offline mode which limits the data collected. Online mode will collect additional anonymized information after users opt-in to this feature. Users can opt-out of this experience by following the instructions here.
Shout-outs!
  • Kudos for Julie for her work in the Knowledge Base lately. She’s definitely adding a new color in our KB world with her video and article improvement.
  • Thanks to those who contributed to the FX Desktop Topics Discussion
    • If you have input or questions please post them to the thread above

If you know anyone that we should feature here, please contact Kiki and we’ll make sure to   add them in our next edition.

Useful links:
Categorieën: Mozilla-nl planet

Niko Matsakis: CTCFT 2021-09-20 Agenda

Mozilla planet - wo, 15/09/2021 - 15:45

The next “Cross Team Collaboration Fun Times” (CTCFT) meeting will take place next Monday, on 2021-09-20 (in your time zone)! This post covers the agenda. You’ll find the full details (along with a calendar event, zoom details, etc) on the CTCFT website.

Agenda
  • Announcements
  • Interest group panel discussion

We’re going to try something a bit different this time! The agenda is going to focus on Rust interest groups and domain working groups, those brave explorers who are trying to put Rust to use on all kinds of interesting domains. Rather than having fixed presentations, we’re going to have a panel discussion with representatives from a number of Rust interest groups and domain groups, led by AngelOnFira. The idea is to open a channel for communication about how to have more active communication and feedback between interest groups and the Rust teams (in both directions).

Afterwards: Social hour

After the CTCFT this week, we are going to try an experimental social hour. The hour will be coordinated in the #ctcft stream of the rust-lang Zulip. The idea is to create breakout rooms where people can gather to talk, hack together, or just chill.

Categorieën: Mozilla-nl planet

Data@Mozilla: Data and Firefox Suggest

Mozilla planet - wo, 15/09/2021 - 11:00
Introduction

Firefox Suggest is a new feature that displays direct links to content on the web based on what users type into the Firefox address bar. Some of the content that appears in these suggestions is provided by partners, and some of the content is sponsored.

In building Firefox Suggest, we have followed our long-standing Lean Data Practices and Data Privacy Principles. Practically, this means that we take care to limit what we collect, and to limit what we pass on to our partners. The behavior of the feature is straightforward–suggestions are shown as you type, and are directly relevant to what you type.

We take the security of the datasets needed to provide this feature very seriously. We pursue multi-layered security controls and practices, and strive to make as much of our work as possible publicly verifiable.

In this post, we wanted to give more detail about what data is needed to provide this feature, and about how we handle it.

Changes with Firefox Suggest

The address bar experience in Firefox has long been a blend of results provided by partners (such as the user’s default search provider) and information local to the client (such as recently visited pages). For the first time, Firefox Suggest augments these data sources with search completions from Mozilla.

Firefox Suggest data flow diagram

In its current form, Firefox Suggest compares searches against a list of allowed terms that is local to the client. When the search text matches a term on the allowed list, a completion suggestion may be shown alongside the local and default search engine suggestions.

Data Collected by Mozilla for smarter contextual suggestions

We are in the process of rolling out a new offering in the Firefox Suggest experience — “Firefox Suggest with smarter contextual suggestions.” This feature requires access to new data and is only available to a small number of users via an opt-in prompt. Mozilla collects the following information to power Firefox Suggest when users have opted in to smarter contextual suggestions.

  • Search queries and suggest impressions: Firefox Suggest sends Mozilla search terms and information about engagement with Firefox Suggest, some of which may be shared with partners to provide and improve the suggested content.
  • Clicks on suggestions: When a user clicks on a suggestion, Mozilla receives notice that suggested links were clicked.
  • Location: Mozilla collects city-level location data along with searches, in order to properly serve location-sensitive queries.
How Data is Handled and Shared

Mozilla approaches handling this data conservatively. We take care to remove data from our systems as soon as it’s no longer needed. When passing data on to our partners, we are careful to only provide the partner with the minimum information required to serve the feature.

A specific example of this principle in action is the search’s location. The location of a search is derived from the Firefox client’s IP address. However, the IP address can identify a person far more precisely than is necessary for our purposes. We therefore convert the IP address to a more general location immediately after we receive it, and we remove the IP address from all datasets and reports downstream. Access to machines and (temporary, short-lived) datasets that might include the IP address is highly restricted, and limited only to a small number of administrators. We don’t enable or allow analysis on data that includes IP addresses.

We’re excited to be bringing Firefox Suggest to you. See the product announcement to learn more!

EDIT: 2021-10-20: Updated to clarify the purpose and scope of the new data collection.

Categorieën: Mozilla-nl planet

The Talospace Project: Firefox 92 on POWER

Mozilla planet - di, 14/09/2021 - 04:31
Firefox 92 is out. Alongside some solid DOM and CSS improvements, the most interesting bug fix I noticed was a patch for open alerts slowing down other tabs in the same process. In the absence of a JIT we rely heavily on Firefox's multiprocessor capabilities to make the most of our multicore beasts, and this apparently benefits (among others, but in particular) the Google sites we unfortunately have to use in these less-free times. I should note for the record that on this dual-8 Talos II (64 hardware threads) I have dom.ipc.processCount modestly increased to 12 from the default of 8 to take a little more advantage of the system when idle, which also takes down fewer tabs in the rare cases when a content process bombs out. The delay in posting this was waiting for the firefox-appmenu patches, but I decided to just build it now and add those in later. The .mozconfigs and LTO-PGO patches are unchanged from Firefox 90/91.

Meanwhile, in OpenPOWER JIT progress, I'm about halfway through getting the Wasm tests to pass, though I'm currently hung up on a memory corruption bug while testing Wasm garbage collection. It's our bug; it doesn't happen with the C++ interpreter, but unfortunately like most GC bugs it requires hitting it "just right" to find the faulty code. When it all passes, we'll pull everything up to 91ESR for the MVP, and you can try building it. If you want this to happen faster, please pitch in and help.

Categorieën: Mozilla-nl planet

Matrix 4, Blue’s Clues, #StarTrekDay and More — Everything That’s Old is New Again in This Week’s Top Shelf

Mozilla Blog - vr, 10/09/2021 - 23:29

At Mozilla, we believe part of making the internet we want is celebrating the best of the internet, and that can be as simple as sharing a tweet that made us pause in our feed. Twitter isn’t perfect, but there are individual tweets that come pretty close.

Each week in Top Shelf, we will be sharing the tweets that made us laugh, think, Pocket them for later, text our friends, and want to continue the internet revolution each week.

Here’s what made it to the Top Shelf for the week of September 6, 2021, in no particular order.

{Nostalgia has entered the chat} This week saw people online reacting to pop-culture references that are making a comeback. As one person put it: “It’s the 90s again, baby!” And while 1990 was NOT, in fact, 10 years ago, it looks like our childhood is back in full force!

Steve from Blues Clues is going to save 2021.

— Stacey Grant (@Stacey_Grant91) September 7, 2021

steve from blues clues hitting us right in the chest

2021 just keeps on rolling https://t.co/9xzmZy5Iw3

— Matt Adams (@themattadams) September 7, 2021

Given that “Star Trek” is turning 55, it’s actually impressive fans can stay up late enough to watch this Trek day thing. Beam up, tune in, clap off.

— Brian Lowry (@blowryontv) September 9, 2021

someone from the audience at star trek day just yelled "spoil it!" at the strange new worlds panel's hesitancy to say anything about the show, and they are my new hero

— kayti burt (@kaytiburt) September 9, 2021

The Matrix is back. The Sopranos is back. Self-aware slasher movies are back. Princess Diana is back (sort of). It's the '90s again, baby.

— Chris Evangelista @ TIFF (@cevangelista413) September 9, 2021

Sure there are lots of amazing shots in the new MATRIX trailer but we all know there’s one iconic image. pic.twitter.com/QNz18g92P4

— Josh Horowitz (@joshuahorowitz) September 9, 2021

…matrix 4 might be enough to get the pod out of hiatus…

— Jenna Wortham (@jennydeluxe) September 10, 2021 And now, for the Top Shelf Best of — :

Best “Response to Big Tech” Tweet

I love NFTs, but a bouncy house to let the kids tire themselves out while I have a beer is a close second.

— KΞvin R◎se (@kevinrose) September 6, 2021 Best “Keeping it Real About Journalism” Tweet

these are truly insane amounts of money to pay for a journalism degree https://t.co/BG6KaZyY7z pic.twitter.com/ZFndxWBCFL

— Wesley (@WesleyLowery) September 10, 2021

Best “Right in the Feels” Tweet

"Considered correctly, the daily dog walks are a regimen of escape and pause. They enlarge our sympathies and sweeten our disposition. They pry open the day when it balls up into a little fist." https://t.co/5K9fasshyR

— Josh Dawsey (@jdawsey1) September 9, 2021

The post Matrix 4, Blue’s Clues, #StarTrekDay and More — Everything That’s Old is New Again in This Week’s Top Shelf appeared first on The Mozilla Blog.

Categorieën: Mozilla-nl planet

The Rust Programming Language Blog: Announcing Rust 1.55.0

Mozilla planet - do, 09/09/2021 - 02:00

The Rust team is happy to announce a new version of Rust, 1.55.0. Rust is a programming language empowering everyone to build reliable and efficient software.

If you have a previous version of Rust installed via rustup, getting Rust 1.55.0 is as easy as:

rustup update stable

If you don't have it already, you can get rustup from the appropriate page on our website, and check out the detailed release notes for 1.55.0 on GitHub.

What's in 1.55.0 stable Cargo deduplicates compiler errors

In past releases, when running cargo test, cargo check --all-targets, or similar commands which built the same Rust crate in multiple configurations, errors and warnings could show up duplicated as the rustc's were run in parallel and both showed the same warning.

For example, in 1.54.0, output like this was common:

$ cargo +1.54.0 check --all-targets Checking foo v0.1.0 warning: function is never used: `foo` --> src/lib.rs:9:4 | 9 | fn foo() {} | ^^^ | = note: `#[warn(dead_code)]` on by default warning: 1 warning emitted warning: function is never used: `foo` --> src/lib.rs:9:4 | 9 | fn foo() {} | ^^^ | = note: `#[warn(dead_code)]` on by default warning: 1 warning emitted Finished dev [unoptimized + debuginfo] target(s) in 0.10s

In 1.55, this behavior has been adjusted to deduplicate and print a report at the end of compilation:

$ cargo +1.55.0 check --all-targets Checking foo v0.1.0 warning: function is never used: `foo` --> src/lib.rs:9:4 | 9 | fn foo() {} | ^^^ | = note: `#[warn(dead_code)]` on by default warning: `foo` (lib) generated 1 warning warning: `foo` (lib test) generated 1 warning (1 duplicate) Finished dev [unoptimized + debuginfo] target(s) in 0.84s Faster, more correct float parsing

The standard library's implementation of float parsing has been updated to use the Eisel-Lemire algorithm, which brings both speed improvements and improved correctness. In the past, certain edge cases failed to parse, and this has now been fixed.

You can read more details on the new implementation in the pull request description.

std::io::ErrorKind variants updated

std::io::ErrorKind is a #[non_exhaustive] enum that classifies errors into portable categories, such as NotFound or WouldBlock. Rust code that has a std::io::Error can call the kind method to obtain a std::io::ErrorKind and match on that to handle a specific error.

Not all errors are categorized into ErrorKind values; some are left uncategorized and placed in a catch-all variant. In previous versions of Rust, uncategorized errors used ErrorKind::Other; however, user-created std::io::Error values also commonly used ErrorKind::Other. In 1.55, uncategorized errors now use the internal variant ErrorKind::Uncategorized, which we intend to leave hidden and never available for stable Rust code to name explicitly; this leaves ErrorKind::Other exclusively for constructing std::io::Error values that don't come from the standard library. This enforces the #[non_exhaustive] nature of ErrorKind.

Rust code should never match ErrorKind::Other and expect any particular underlying error code; only match ErrorKind::Other if you're catching a constructed std::io::Error that uses that error kind. Rust code matching on std::io::Error should always use _ for any error kinds it doesn't know about, in which case it can match the underlying error code, or report the error, or bubble it up to calling code.

We're making this change to smooth the way for introducing new ErrorKind variants in the future; those new variants will start out nightly-only, and only become stable later. This change ensures that code matching variants it doesn't know about must use a catch-all _ pattern, which will work both with ErrorKind::Uncategorized and with future nightly-only variants.

Open range patterns added

Rust 1.55 stabilized using open ranges in patterns:

match x as u32 { 0 => println!("zero!"), 1.. => println!("positive number!"), }

Read more details here.

Stabilized APIs

The following methods and trait implementations were stabilized.

The following previously stable functions are now const.

Other changes

There are other changes in the Rust 1.55.0 release: check out what changed in Rust, Cargo, and Clippy.

Contributors to 1.55.0

Many people came together to create Rust 1.55.0. We couldn't have done it without all of you. Thanks!

Dedication

Anna Harren was a member of the community and contributor to Rust known for coining the term "Turbofish" to describe ::<> syntax. Anna recently passed away after living with cancer. Her contribution will forever be remembered and be part of the language, and we dedicate this release to her memory.

Categorieën: Mozilla-nl planet

Hacks.Mozilla.Org: Time for a review of Firefox 92

Mozilla planet - wo, 08/09/2021 - 17:17

Release time comes around so quickly! This month we have quite a few CSS updates, along with the new Object.hasOwn() static method for JavaScript.

This blog post provides merely a set of highlights; for all the details, check out the following:

CSS Updates

A couple of CSS features have moved from behind a preference and are now available by default: accent-color and size-adjust.

accent-color

The accent-color CSS property sets the color of an element’s accent. Accents appear in elements such as a checkbox or radio input. It’s default value is auto which represents a UA-chosen color, which should match the accent color of the platform. You can also specify a color value. Read more about the accent-color property here.

size-adjust

The size-adjust descriptor for @font-face takes a percentage value which acts as a multiplier for glyph outlines and metrics. Another tool in the CSS box for controlling fonts, it can help to harmonize the designs of various fonts when rendered at the same font size. Check out some examples on the size-adjust descriptor page on MDN.

And more…

Along with both of those, the break-inside property now has support for values avoid-page and avoid-column, the font-size-adjust property accepts two values and if that wasn’t enough system-ui as a generic font family name for the font-family property is now supported.

break-inside property on MDN

font-size-adjust property on MDN

font-family property on MDN

Object.hasOwn arrives

A nice addition to JavaScript is the Object.hasOwn() static method. This returns true if the specified property is a direct property of the object (even if that property’s value is null or undefined). false is returned if the specified property is inherited or not declared. Unlike the in operator, this method does not check for the specified property in the object’s prototype chain.

Object.hasOwn() is recommended over Object.hasOwnProperty() as it works for objects created using Object.create(null) and with objects that have overridden the inherited hasOwnProperty() method.

Read more about Object.hasOwn() on MDN

The post Time for a review of Firefox 92 appeared first on Mozilla Hacks - the Web developer blog.

Categorieën: Mozilla-nl planet

Will Kahn-Greene: Mozilla: 10 years

Mozilla planet - wo, 08/09/2021 - 16:28

It's been a long while since I wrote Mozilla: 1 year review. I hit my 10-year "Moziversary" as an employee on September 6th. I was hired in a "doubling" period of Mozilla, so there are a fair number of people who are hitting 10 year anniversaries right now. It's interesting to see that even though we're all at the same company, we had different journeys here.

I started out as a Software Engineer or something like that. Then I was promoted to Senior Software Engineer and then Staff Software Engineer. Then last week, I was promoted to Senior Staff Software Engineer. My role at work over time has changed significantly. It was a weird path to get to where I am now, but that's probably a topic for another post.

I've worked on dozens of projects in a variety of capacities. Here's a handful of the ones that were interesting experiences in one way or another:

  • SUMO (support.mozilla.org): Mozilla's support site

  • Input: Mozilla's feedback site, user sentiment analysis, and Mozilla's initial experiments with Heartbeat and experiments platforms

  • MDN Web Docs: documentation, tutorials, and such for web standards

  • Mozilla Location Service: Mozilla's device location query system

  • Buildhub and Buildhub2: index for build information

  • Socorro: Mozilla's crash ingestion pipeline for collecting, processing, and analyzing crash reports for Mozilla products

  • Tecken: Mozilla's symbols server for uploading and downloading symbols and also symbolicating stacks

  • Standup: system for reporting and viewing status

  • FirefoxOS: Mozilla's mobile operating system

I also worked on a bunch of libraries and tools:

  • siggen: library for generating crash signatures using the same algorithm that Socorro uses (Python)

  • Everett: configuration library (Python)

  • Markus: metrics client library (Python)

  • Bleach: sanitizer for user-provided text for use in an HTML context (Python)

  • ElasticUtils: Elasticsearch query DSL library (Python)

  • mozilla-django-oidc: OIDC authentication for Django (Python)

  • Puente: convenience library for using gettext strings in Django (Python)

  • crashstats-tools: command line tools for accessing Socorro APIs (Python)

  • rob-bugson: Firefox addon that adds Bugzilla links to GitHub PR pages (JS)

  • paul-mclendahand: tool for combining GitHub PRs into a single branch (Python)

  • Dennis: gettext translated strings linter (Python)

I was a part of things:

I've given a few presentations 1:

1

I thought there were more, but I can't recall what they might have been.

I've left lots of FIXME notes everywhere.

I made some stickers:

/images/soloist_2017_handdrawn.thumbnail.png

"Soloists" sticker (2017)

/images/ted_sticker.thumbnail.png

"Ted maintained this" sticker (2019)

I've worked with a lot of people and created some really warm, wonderful friendships. Some have left Mozilla, but we keep in touch.

I've been to many work weeks, conferences, summits, and all hands trips.

I've gone through a few profile pictures:

/images/profile_2011.thumbnail.jpg

Me in 2011

/images/profile_2013.thumbnail.jpg

Me in 2013

/images/profile_2016.thumbnail.jpg

Me in 2016 (taken by Erik Rose in London)

/images/profile_2021.thumbnail.jpg

Me in 2021

I've built a few desks, though my pictures are pretty meagre:

/images/standing_desk_rough_sketch.thumbnail.jpg

Rough sketch of a standing desk

/images/standing_desk_1.thumbnail.jpg

Standing desk and a stool I built

/images/desk_2021.thumbnail.jpg

My current chaos of a desk

I've written lots of blog posts on status, project retrospectives, releases, initiatives, and such. Some of them are fun reads still.

It's been a long 10 years. I wonder if I'll be here for 10 more. It's possible!

Categorieën: Mozilla-nl planet

Data@Mozilla: This Week in Glean: Data Reviews are Important, Glean Parser makes them Easy

Mozilla planet - di, 07/09/2021 - 17:27

(“This Week in Glean” is a series of blog posts that the Glean Team at Mozilla is using to try to communicate better about our work. They could be release notes, documentation, hopes, dreams, or whatever: so long as it is inspired by Glean.) All “This Week in Glean” blog posts are listed in the TWiG index).

At Mozilla we put a lot of stock in Openness. Source? Open. Bug tracker? Open. Discussion Forums (Fora?)? Open (synchronous and asynchronous).

We also have an open process for determining if a new or expanded data collection in a Mozilla project is in line with our Privacy Principles and Policies: Data Review.

Basically, when a new piece of instrumentation is put up for code review (or before, or after), the instrumentor fills out a form and asks a volunteer Data Steward to review it. If the instrumentation (as explained in the filled-in form) is obviously in line with our privacy commitments to our users, the Data Steward gives it the go-ahead to ship.

(If it isn’t _obviously_ okay then we kick it up to our Trust Team to make the decision. They sit next to Legal, in case you need to find them.)

The Data Review Process and its forms are very generic. They’re designed to work for any instrumentation (tab count, bytes transferred, theme colour) being added to any project (Firefox Desktop, mozilla.org, Focus) and being collected by any data collection system (Firefox Telemetry, Crash Reporter, Glean). This is great for the process as it means we can use it and rely on it anywhere.

It isn’t so great for users _of_ the process. If you only ever write Data Reviews for one system, you’ll find yourself answering the same questions with the same answers every time.

And Glean makes this worse (better?) by including in its metrics definitions almost every piece of information you need in order to answer the review. So now you get to write the answers first in YAML and then in English during Data Review.

But no more! Introducing glean_parser data-review and mach data-review: command-line tools that will generate for you a Data Review Request skeleton with all the easy parts filled in. It works like this:

  1. Write your instrumentation, providing full information in the metrics definition.
  2. Call python -m glean_parser data-review <bug_number> <list of metrics.yaml files> (or mach data-review <bug_number> if you’re adding the instrumentation to Firefox Desktop).
  3. glean_parser will parse the metrics definitions files, pull out only the definitions that were added or changed in <bug_number>, and then output a partially-filled-out form for you.

Here’s an example. Say I’m working on bug 1664461 and add a new piece of instrumentation to Firefox Desktop:

fog.ipc: replay_failures: type: counter description: | The number of times the ipc buffer failed to be replayed in the parent process. bugs: - https://bugzilla.mozilla.org/show_bug.cgi?id=1664461 data_reviews: - https://bugzilla.mozilla.org/show_bug.cgi?id=1664461 data_sensitivity: - technical notification_emails: - chutten@mozilla.com - glean-team@mozilla.com expires: never

I’m sure to fill in the `bugs` field correctly (because that’s important on its own _and_ it’s what glean_parser data-review uses to find which data I added), and have categorized the data_sensitivity. I also included a helpful description. (The data_reviews field currently points at the bug I’ll attach the Data Review Request for. I’d better remember to come back before I land this code and update it to point at the specific comment…)

Then I can simply use mach data-review 1664461 and it spits out:

!! Reminder: it is your responsibility to complete and check the correctness of !! this automatically-generated request skeleton before requesting Data !! Collection Review. See https://wiki.mozilla.org/Data_Collection for details. DATA REVIEW REQUEST 1. What questions will you answer with this data? TODO: Fill this in. 2. Why does Mozilla need to answer these questions? Are there benefits for users? Do we need this information to address product or business requirements? TODO: Fill this in. 3. What alternative methods did you consider to answer these questions? Why were they not sufficient? TODO: Fill this in. 4. Can current instrumentation answer these questions? TODO: Fill this in. 5. List all proposed measurements and indicate the category of data collection for each measurement, using the Firefox data collection categories found on the Mozilla wiki. Measurement Name | Measurement Description | Data Collection Category | Tracking Bug ---------------- | ----------------------- | ------------------------ | ------------ fog_ipc.replay_failures | The number of times the ipc buffer failed to be replayed in the parent process. | technical | https://bugzilla.mozilla.org/show_bug.cgi?id=1664461 6. Please provide a link to the documentation for this data collection which describes the ultimate data set in a public, complete, and accurate way. This collection is Glean so is documented [in the Glean Dictionary](https://dictionary.telemetry.mozilla.org). 7. How long will this data be collected? This collection will be collected permanently. **TODO: identify at least one individual here** will be responsible for the permanent collections. 8. What populations will you measure? All channels, countries, and locales. No filters. 9. If this data collection is default on, what is the opt-out mechanism for users? These collections are Glean. The opt-out can be found in the product's preferences. 10. Please provide a general description of how you will analyze this data. TODO: Fill this in. 11. Where do you intend to share the results of your analysis? TODO: Fill this in. 12. Is there a third-party tool (i.e. not Telemetry) that you are proposing to use for this data collection? No.

As you can see, this Data Review Request skeleton comes partially filled out. Everything you previously had to mechanically fill out has been done for you, leaving you more time to focus on only the interesting questions like “Why do we need this?” and “How are you going to use it?”.

Also, this saves you from having to remember the URL to the Data Review Request Form Template each time you need it. We’ve got you covered.

And since this is part of Glean, this means this is already available to every project you can see here. This isn’t just a Firefox Desktop thing.

Hope this saves you some time! If you can think of other time-saving improvements we could add once to Glean so every Mozilla project can take advantage of, please tell us on Matrix.

If you’re interested in how this is implemented, glean_parser’s part of this is over here, while the mach command part is here.

:chutten

(( This is a syndicated copy of the original post. ))

Categorieën: Mozilla-nl planet

Chris H-C: This Week in Glean: Data Reviews are Important, Glean Parser makes them Easy

Mozilla planet - di, 07/09/2021 - 17:26

(“This Week in Glean” is a series of blog posts that the Glean Team at Mozilla is using to try to communicate better about our work. They could be release notes, documentation, hopes, dreams, or whatever: so long as it is inspired by Glean.) All “This Week in Glean” blog posts are listed in the TWiG index).

At Mozilla we put a lot of stock in Openness. Source? Open. Bug tracker? Open. Discussion Forums (Fora?)? Open (synchronous and asynchronous).

We also have an open process for determining if a new or expanded data collection in a Mozilla project is in line with our Privacy Principles and Policies: Data Review.

Basically, when a new piece of instrumentation is put up for code review (or before, or after), the instrumentor fills out a form and asks a volunteer Data Steward to review it. If the instrumentation (as explained in the filled-in form) is obviously in line with our privacy commitments to our users, the Data Steward gives it the go-ahead to ship.

(If it isn’t _obviously_ okay then we kick it up to our Trust Team to make the decision. They sit next to Legal, in case you need to find them.)

The Data Review Process and its forms are very generic. They’re designed to work for any instrumentation (tab count, bytes transferred, theme colour) being added to any project (Firefox Desktop, mozilla.org, Focus) and being collected by any data collection system (Firefox Telemetry, Crash Reporter, Glean). This is great for the process as it means we can use it and rely on it anywhere.

It isn’t so great for users _of_ the process. If you only ever write Data Reviews for one system, you’ll find yourself answering the same questions with the same answers every time.

And Glean makes this worse (better?) by including in its metrics definitions almost every piece of information you need in order to answer the review. So now you get to write the answers first in YAML and then in English during Data Review.

But no more! Introducing glean_parser data-review and mach data-review: command-line tools that will generate for you a Data Review Request skeleton with all the easy parts filled in. It works like this:

  1. Write your instrumentation, providing full information in the metrics definition.
  2. Call python -m glean_parser data-review <bug_number> <list of metrics.yaml files> (or mach data-review <bug_number> if you’re adding the instrumentation to Firefox Desktop).
  3. glean_parser will parse the metrics definitions files, pull out only the definitions that were added or changed in <bug_number>, and then output a partially-filled-out form for you.

Here’s an example. Say I’m working on bug 1664461 and add a new piece of instrumentation to Firefox Desktop:

fog.ipc: replay_failures: type: counter description: | The number of times the ipc buffer failed to be replayed in the parent process. bugs: - https://bugzilla.mozilla.org/show_bug.cgi?id=1664461 data_reviews: - https://bugzilla.mozilla.org/show_bug.cgi?id=1664461 data_sensitivity: - technical notification_emails: - chutten@mozilla.com - glean-team@mozilla.com expires: never

I’m sure to fill in the `bugs` field correctly (because that’s important on its own _and_ it’s what glean_parser data-review uses to find which data I added), and have categorized the data_sensitivity. I also included a helpful description. (The data_reviews field currently points at the bug I’ll attach the Data Review Request for. I’d better remember to come back before I land this code and update it to point at the specific comment…)

Then I can simply use mach data-review 1664461 and it spits out:

!! Reminder: it is your responsibility to complete and check the correctness of !! this automatically-generated request skeleton before requesting Data !! Collection Review. See https://wiki.mozilla.org/Data_Collection for details. DATA REVIEW REQUEST 1. What questions will you answer with this data? TODO: Fill this in. 2. Why does Mozilla need to answer these questions? Are there benefits for users? Do we need this information to address product or business requirements? TODO: Fill this in. 3. What alternative methods did you consider to answer these questions? Why were they not sufficient? TODO: Fill this in. 4. Can current instrumentation answer these questions? TODO: Fill this in. 5. List all proposed measurements and indicate the category of data collection for each measurement, using the Firefox data collection categories found on the Mozilla wiki. Measurement Name | Measurement Description | Data Collection Category | Tracking Bug ---------------- | ----------------------- | ------------------------ | ------------ fog_ipc.replay_failures | The number of times the ipc buffer failed to be replayed in the parent process. | technical | https://bugzilla.mozilla.org/show_bug.cgi?id=1664461 6. Please provide a link to the documentation for this data collection which describes the ultimate data set in a public, complete, and accurate way. This collection is Glean so is documented [in the Glean Dictionary](https://dictionary.telemetry.mozilla.org). 7. How long will this data be collected? This collection will be collected permanently. **TODO: identify at least one individual here** will be responsible for the permanent collections. 8. What populations will you measure? All channels, countries, and locales. No filters. 9. If this data collection is default on, what is the opt-out mechanism for users? These collections are Glean. The opt-out can be found in the product's preferences. 10. Please provide a general description of how you will analyze this data. TODO: Fill this in. 11. Where do you intend to share the results of your analysis? TODO: Fill this in. 12. Is there a third-party tool (i.e. not Telemetry) that you are proposing to use for this data collection? No.

As you can see, this Data Review Request skeleton comes partially filled out. Everything you previously had to mechanically fill out has been done for you, leaving you more time to focus on only the interesting questions like “Why do we need this?” and “How are you going to use it?”.

Also, this saves you from having to remember the URL to the Data Review Request Form Template each time you need it. We’ve got you covered.

And since this is part of Glean, this means this is already available to every project you can see here. This isn’t just a Firefox Desktop thing. 

Hope this saves you some time! If you can think of other time-saving improvements we could add once to Glean so every Mozilla project can take advantage of, please tell us on Matrix.

If you’re interested in how this is implemented, glean_parser’s part of this is over here, while the mach command part is here.

:chutten

Categorieën: Mozilla-nl planet

Cameron Kaiser: TenFourFox FPR32 SPR4 available

Mozilla planet - zo, 05/09/2021 - 07:28
TenFourFox Feature Parity Release 32 Security Parity Release 4 "32.4" is available for testing (downloads, hashes). There are, as before, no changes to the release notes nor anything notable about the security patches in this release. Assuming no major problems, FPR32.4 will go live Monday evening Pacific time as usual. The final official build FPR32.5 remains scheduled for October 5, so we'll do a little look at your options should you wish to continue building from source after that point later this month.
Categorieën: Mozilla-nl planet

Firefox Add-on Reviews: uBlock Origin—everything you need to know about the ad blocker

Mozilla planet - vr, 03/09/2021 - 19:38

Rare is the browser extension that can satisfy both passive and power users. But that’s an essential part of uBlock Origin’s brilliance—it is an ad blocker you could recommend to your most tech forward friend as easily as you could to someone who’s just emerged from the jungle lost for the past 20 years. 

If you install uBlock Origin and do nothing else, right out of the box it will block nearly all types of internet advertising—everything from big blinking banners to search ads and video pre-rolls and all the rest. However if you want extremely granular levels of content control, uBlock Origin can accommodate via advanced settings. 

We’ll try to split the middle here and walk through a few of the extension’s most intriguing features and options…

Does using uBlock Origin actually speed up my web experience? 

Yes. Not only do web pages load faster because the extension blocks unwanted ads from loading, but uBlock Origin utilizes a uniquely lightweight approach to content filtering so it imposes minimal impact on memory consumption. It is generally accepted that uBlock Origin offers the most performative speed boost among top ad blockers. 

But don’t ad blockers also break pages? 

Occasionally that can occur, where a page breaks if certain content is blocked or some websites will even detect the presence of an ad blocker and halt passage. 

Fortunately this doesn’t happen as frequently with uBlock Origin as it might with other ad blockers and the extension is also extremely effective at bypassing anti-ad blockers (yes, an ongoing battle rages between ad tech and content blocking software). But if uBlock Origin does happen to break a page you want to access it’s easy to turn off content blocking for specific pages you trust or perhaps even want to see their ads.

<figcaption>Hit the blue on/off button if you want to suspend content blocking on any page.</figcaption> Show us a few tips & tricks

Let’s take a look at some high level settings and what you can do with them. 

  • Lightning bolt button enables Element Zapper, which lets you temporarily remove page elements by simply mousing over them and clicking. For example, this is convenient for removing embedded gifs or for hiding disturbing images you may encounter in some news articles.
  • Eye dropper button enables Element Picker, which lets you permanently remove page elements. For example, if you find Facebook Stories a complete waste of time, just activate Element Picker, mouse over/click the Stories section of the page, select “Create” and presto—The End of Facebook Stories.    

The five buttons on this row will only affect the page you’re on.

  • Pop-up button blocks—you guessed it—pop-ups
  • Film button blocks large media elements like embedded video, audio, or images
  • Eye slash button disables cosmetic filtering, which is on by default and elegantly reformats your pages when ads are removed, but if you’d prefer to see pages laid out as they were intended (with just empty spaces instead of ads) then you have that option
  • “Aa” button blocks remote fonts from loading on the page
  • “</>” button disables JavaScript on the page
Does uBlock Origin protect against malware? 

In addition to using various advertising block lists, uBlock Origin also leverages potent lists of known malware sources, so it automatically blocks those for you as well. To be clear, there is no software that can offer 100% malware protection, but it doesn’t hurt to give yourself enhanced protections like this. 

All of the content block lists are actively maintained by volunteers who believe in the mission of providing users with more choice and control over the content they see online. “uBlock Origin stands uncompromisingly for all users’ best interests, it’s not monetized, and its development and maintenance is driven only by volunteers who share the same view,” says uBlock Origin founder and developer Raymond Hill. “As long as I am the maintainer of [uBlock Origin], this will not change.”

We could go into a lot more detail about uBlock Origin—how you can create your own custom filter lists, how you can set it to block only media of a certain size, cloud storage sync, and so on—but power users will discover these delights on their own. Hopefully we’ve provided enough insight here to help you make an informed choice about exploring uBlock Origin, whether it be your first ad blocker or just the latest. 

If you’d like to check out other amazing ad blocker options, please see What’s the best ad blocker for you?

Categorieën: Mozilla-nl planet

Mark Mayo: Celebrating 10k KryptoSign users with an on-chain lottery feature!

Mozilla planet - do, 02/09/2021 - 04:22

TL;DR: we’re adding 3 new features to KryptoSign today!

  • CSV downloads of a document’s signers
  • Document Locking (prevent further signing)
  • Document Lotteries (pick a winner from list of signers)

Why? Well, you folks keep abusing this simple Ethereum-native document signing tool to run contests for airdrops and pre-sales, so we thought we’d make your lives a bit easier! :)

up and to the right graph showing exponential growth of KS

We launched KryptoSign in May this year as tool for Kai, Bart, and I to do the lightest possible “contract signing” using our MetaMask wallets. Write down a simple scope of work with someone, both parties sign with their wallet to signal they agree. When the job is complete, their Ethereum address is right there to copy-n-paste into a wallet to send payment. Quick, easy, delightful. :)

But as often happens, users started showing up and using it for other things. Like guestbooks. And then guestbooks became a way to sign up users for NFT drops as part of contests and pre-sales, and so on. The organizer has everyone sign a KS doc, maybe link their Discord or Twitter, and then picks a winner and sends a NFT/token/etc. to their address in the signature block. Cool.

As these NFT drops started getting really hot the feature you all wanted was pretty obvious: have folks sign a KS document as part of a pre-sales window, and have KS pick the winner automatically. Because the stakes on things like hot NFT pre-sales are high, we decided to implement the random winner using Chainlink’s VRF — verifiable random functions — which means everyone involved in a KryptoSign lottery can independently confirm how the random winner was picked. Transparency is nice!

The UI for doing this is quite simple, as you’d hope and expect from KryptoSign. There’s an action icon on the document now:

screenshot of menu option to pick a winner from the signers of a document

When you’re ready to pick a winner, it’s pretty easy. Lock the document, and hit the button:

Of note, to pick a winner we’re collecting to 0.05 ETH from you to cover the cost of the 2 LINK required to invoke the VRF on mainnet. You don’t need your own LINK and all the gas-incurring swapping that would imply. Phew! The user approves a single transaction with their wallet (including gas to interact with the smart contract) and they’re done.

Our initial users really wanted the on-chain trust of a VRF, and are willing to pay for it so their communities can trust the draw, but for other use cases you have in mind, maybe it’s overkill? Let us know! We’ll continue to build upon KryptoSign as long as people find useful things to do with it.

Finally, big props to our team who worked through some rough patches with calling the Chainlink VRF contract. Blockchain is weird, yo! This release saw engineering contributions from Neo Cho, Ryan Ouyang, and Josh Peters. Thanks!

— Mark

Celebrating 10k KryptoSign users with an on-chain lottery feature! was originally published in Block::Block on Medium, where people are continuing the conversation by highlighting and responding to this story.

Categorieën: Mozilla-nl planet

Mozilla Security Blog: Mozilla VPN Security Audit

Mozilla planet - di, 31/08/2021 - 15:58

To provide transparency into our ongoing efforts to protect your privacy and security on the Internet, we are releasing a security audit of Mozilla VPN that Cure53 conducted earlier this year.

The scope of this security audit included the following products:

  • Mozilla VPN Qt5 App for macOS
  • Mozilla VPN Qt5 App for Linux
  • Mozilla VPN Qt5 App for Windows
  • Mozilla VPN Qt5 App for iOS
  • Mozilla VPN Qt5 App for Android

Here’s a summary of the items discovered within this security audit that were medium or higher severity:

  • FVP-02-014: Cross-site WebSocket hijacking (High)
    • Mozilla VPN client, when put in debug mode, exposes a WebSocket interface to localhost to trigger events and retrieve logs (most of the functional tests are written on top of this interface). As the WebSocket interface was used only in pre-release test builds, no customers were affected.  Cure53 has verified that this item has been properly fixed and the security risk no longer exists.
  • FVP-02-001: VPN leak via captive portal detection (Medium)
    • Mozilla VPN client allows sending unencrypted HTTP requests outside of the tunnel to specific IP addresses, if the captive portal detection mechanism has been activated through settings.  However, the captive portal detection algorithm requires a plain-text HTTP trusted endpoint to operate. Firefox, Chrome, the network manager of MacOS and many applications have a similar solution enabled by default. Mozilla VPN utilizes the Firefox endpoint.  Ultimately, we have accepted this finding as the user benefits of captive portal detection outweigh the security risk.
  • FVP-02-016: Auth code could be leaked by injecting port (Medium)
    • When a user wants to log into Mozilla VPN, the VPN client will make a request to https://vpn.mozilla.org/api/v2/vpn/login/windows to obtain an authorization URL. The endpoint takes a port parameter that will be reflected in a <img> element after the user signs into the web page. It was found that the port parameter could be of an arbitrary value. Further, it was possible to inject the @ sign, so that the request will go to an arbitrary host instead of localhost (the site’s strict Content Security Policy prevented such requests from being sent). We fixed this issue by improving the port number parsing in the REST API component. The fix includes several tests to prevent similar errors in the future.

If you’d like to read the detailed report from Cure53, including all low and informational items, you can find it here.

More information on the issues identified in this report can be found in our MFSA2021-31 Security Advisory published on July 14th, 2021.

The post Mozilla VPN Security Audit appeared first on Mozilla Security Blog.

Categorieën: Mozilla-nl planet

Pagina's