Cameron Kaiser: TenFourFox 45 is a thing |
http://tenfourfox.blogspot.com/2016/07/tenfourfox-45-is-thing.html
|
|
Armen Zambrano: Mozci and pulse actions contributions opportunities |
|
|
Support.Mozilla.Org: What’s Up with SUMO – 21st July |
Hello, SUMO Nation!
Chances are you have noticed that we had some weird temporal issues, possibly caused by a glitch in the spacetime continuum. I don’t think we can pin the blame on the latest incarnation of Dr Who, but you never know… Let’s see what the past of the future brings then, shall we?
If you just joined us, don’t hesitate – come over and say “hi” in the forums!
We salute you!
Now that we’re safely out of the dangerous vortex of a spacetime continuum loop, I can only wish you a great weekend. Take it easy and keep rocking the helpful web!
https://blog.mozilla.org/sumo/2016/07/21/whats-up-with-sumo-21st-july/
|
|
Air Mozilla: Metrics, Metrics, Metr.. wait what do you do? |
2016 Intern presentation - Sharon Mui
https://air.mozilla.org/metrics-metrics-metr-wait-what-do-you-do/
|
|
Mozilla Addons Blog: New WebExtensions Guides and How-tos on MDN |
The official launch of WebExtensions is happening in Firefox 48, but much of what you need is already supported in Firefox and AMO (addons.mozilla.org). The best place to get started with WebExtensions is MDN, where you can find a trove of helpful information. I’d like to highlight a couple of recent additions that you might find useful:
Thank you to Will Bamberg for doing the bulk of this work. Remember that MDN is a community wiki, so anyone can help!
https://blog.mozilla.org/addons/2016/07/21/new-webextensions-guides-and-how-tos-on-mdn/
|
|
Air Mozilla: Web QA Team Meeting, 21 Jul 2016 |
They say a Mozilla Web QA team member is the most fearless creature in the world. They say their jaws are powerful enough to crush...
|
|
Air Mozilla: Reps weekly, 21 Jul 2016 |
This is a weekly call with some of the Reps to discuss all matters about/affecting Reps and invite Reps to share their work with everyone.
|
|
Mozilla Reps Community: Rep of the Month – June 2016 |
Please join us in congratulating Alex Lakatos as Reps of the Month for June 2016!
Alex is a Mozilla Rep based in London, Great Britain, originally from Romania. He is also a Mozilla TechSpeaker, giving talks all around Europe.
In the last 2 months Alex held several technical talks all over Europe (CodeCamp Cluj, OSCAL in Albania, DevTalks in Bucharest and DevSum in Sweden just to name a few) to promote Mozilla’s mission and the Open Web. With his enthusiasm in tech he is a crucial force to promote our mission and educate developers all around Europe about new Web technologies. He covered both the transition we are doing shifting from Firefox OS to a more innovative area with Connected Devices but also changes in Firefox and why you should consider the improvements made on the DevTools side.
Please don’t forget to congratulate him on Discourse!
https://blog.mozilla.org/mozillareps/2016/07/21/rep-of-the-month-june-2016/
|
|
Adam Stevenson: Compatibility Screenshots |
I’ve been trying to learn more about how screenshots can help us identify compatibility issues in Firefox. It started with the question:
How does Firefox compare to Chrome in the top 100 websites?
Pretty good it turns out, on the front pages at least, you can view them yourself [Some images are offensive and NSFW]. You can also check out the same list of sites but comparing Firefox to Firefox with tracking protection. I made some scripts to capture the screens in OSX. They make use of the screencapture utility and this other cool little utility called GetWindowID. GetWindowID determines which Window ID is associated to a program on the screen, Firefox or Chrome in this case.
Let’s look at how these utilities work together.
Running the GetWindowID command requires that we specify which program we are looking for and which tab is active as well. I’ve made sure that my version of Firefox starts up with the Mozilla Firefox Start Page. If we execute this command:
./GetWindowID "Firefox" "Mozilla Firefox Start Page";
It returns a numeric value like:
1072
This is great because the screencapture utility needs to know which window ID to look at.
So let’s take that same GetWindowID command from earlier and store the result into a variable called ‘gcwindow’.
gcwindow=$(./GetWindowID "Firefox" "Mozilla Firefox Start Page");
Now gcwindow has the value 1072 from before. Let’s feed that into the screencapture utility:
screencapture -t jpg -T 40 -l $gcwindow -x ~/Desktop/screens/firefoxtest/$site.jpg;
When this runs the program will wait 40 seconds from the "-T 40” parameter then take a screenshot of Window ID 1072, which is our Firefox instance. The JPG file will be stored in a folder on my desktop under screens/firefoxtest. The rest of the script is looping through each website name that we’ve entered, opening a new browser window, opening the website we want to capture, killing the browser process after each screenshot and some sleep commands in between that give the computer time to execute each step.
There are some browser preferences and considerations that you will want to be aware of before running these scripts.
Why do all this in OSX? Cause I like to work on a mac, I guess. OK I don’t have a good reason but if you want to make it work on a Linux docker or something cool that’d be super sweet. The other thing to keep in mind is I’m looking at viewport screenshots right now, full page would be nice, but we’ll get there.
So the side by side comparison of popular sites is pretty useful but looking at things is a lot of work. It would be cool if we could automate some or all of that looking, right? Luckily there are image comparison tools that can help with this. I decided to try out Yahoo’s blink-diff tool which is built using node.js.
First off only PNG’s are supported with this tool, but that’s easy to change using the screencapture command line tool.
So we use 'screencapture -t png’ instead of 'screencapture -t jpg’.
Let’s go through setting this up for a single test. You’ll need to have node.js installed first.
We need to create a new folder, the name isn’t important.
mkdir onetime-diff
Then download this javascript file from Github and put it in that folder. Now let’s initialize our project:
npm init
And just accept all the defaults. Next let’s install the dependancies:
npm install blink-diff
npm install pngjs-image
Great, it’s ready to run now. The index.js file we downloaded looks for two files in the same folder called firefox.png and chrome.png and will generate a file called output.png. If you need a couple files to test with:
Note that if you provide your own PNG files, you may need to adjust the cropping parameters. I’ve configured the script to work best for Firefox and Chrome screenshots captured on a retina display, if you aren’t using a retina display divide those numbers by 2. You can see here y:160 and y:144, this is cropping out the top portion of the screenshot where the browser's “chrome” is.
cropImageA: { x:0, y:160, width:0, height:0 }, // Firefox
cropImageB: { x:0, y:144, width:0, height:0 }, // Chrome
Once you’re ready to run the test, execute:
node index.js
After a minute, it should generate an output.png file that looks like this and the script will return a result to the command prompt:
Passed
Found 1116908 differences.
So this is a good start, we have an image comparison program and an automated screenshot utility. To make it more useful I created another script that combines these together. On a high level it works like this:
First site > Screenshot Firefox > Screenshot Chrome > Compare images in background process > Next Site...
It has the same dependancies as before, but now we run it like this:
./start.sh
After giving this is a few runs and playing with the settings, I started to see some issues.
We want each site to have a decent amount of time to load, I normally use between 30-40 seconds. But that adds up over 1000 or more sites. I decided to hack something basic together to allow multiple computers in my house to split the load. It helps but it would be much better to have this running on Linux virtual machines or dockers.
So what’s next?
If any of this interests you and want to get involved, I’d love to hear from you. Or if you have advice on how to make this better, please reach out as well.
http://bornawesome.com/adam/index.php?id=compatibility-screenshots
|
|
Matjaz Horvat: Improving in-page localization in Pontoon |
We’re improving the way in-page localization works in Pontoon by droping a feature instead of introducing a new one. Translating text on the web page itself using the contentEditable attribute has been turned off.
That means the actual translation (typing) always takes place in the translation editor, which gives you access to all the relevant information you need for the translation.
The sidebar is always visible, allowing you to select strings from the list and then translate them. Additionally, you can still use the Inspector-like tool to select any localizable string on the page, which will then open in the translation editor in the sidebar to be translated.
Translation within the web page has turned out to be suboptimal for various reasons:
http://horv.at/blog/improving-in-page-localization-in-pontoon/
|
|
Mozilla Addons Blog: Completing Firefox Accounts on AMO |
In Feburary we rolled out Firefox Accounts on addons.mozilla.org (AMO). That first phase created a migration flow from old AMO accounts over to Firefox Accounts. Since then, 84% of developers who have logged in have transitioned over to a Firefox Account.
The next step is to remove the ability to log in using an old AMO account. Once this is complete, the only way to log in to AMO is by using Firefox Accounts.
If you have an old account on AMO and have not gone through the migration flow, you can still access your account if the email you use to log in through Firefox Accounts is the same as the one previously registered on AMO.
We expect that the removal of old logins will be completed in a couple of weeks, unless any unforeseen problems occur.
All the add-ons are accessible to the new Firefox Account.
Firefox Accounts is the identity system that is used to synchronize Firefox across multiple devices. Many Firefox products and services will soon begin migrating over, simplifying your sign-in process and making it easier for you to manage all your accounts.
Once you have a Firefox Account, you can go to accounts.firefox.com, sign in, and click on Password.
If you have forgotten your current password:
https://blog.mozilla.org/addons/2016/07/21/completing-firefox-accounts-on-amo/
|
|
QMO: Firefox 49.0 Aurora Testday, July 22nd |
Hello Mozillians,
Good news! We are having another testday for you
https://quality.mozilla.org/2016/07/firefox-49-0-aurora-testday-july-22nd/
|
|
Dustin J. Mitchell: Recovering from TaskWarrior Corruption |
I use TaskWarrior along with TaskWarrior for Android to organize my life. I use FreeCinc to synchronize all of my desktops, VPS, and phone, using a crontask. Most of the time, it works pretty well.
However, yesterday, all of FreeCinc’s keys expired. There’s a big red warning on the home page instructing users to download new keys.; Since my sync’s operate on a crontask, I didn’t notice this until I discovered tasks I remembered modifying in one place did not appear in another. By that time, I had modifed tasks everywhere – a few things to buy on my phone, some work stuff on the laptop, some more work stuff on the VPS, and some personal stuff on the desktop.
So, downloading new keys is easy. However, TaskWarrior doesn’t magically take four different sets of tasks and combine them into a single coherent set of tasks, just by syncing to a server. No, in fact, since there are no changes to sync, it does nothing. Just leaves the different sets of tasks in place on different machines. So basically everything I modified in 24 hours, across four machines, was now unsynchronized. And I use this to run my life, so it was probably 100 or so changes.
Here’s how I fixed this:
I copied pending.data and completed.data from all four hosts onto a single host.
These files are in a pretty simple one-task-per-line format, with a uuid and modification timestamp embedded in each line.
The rough approach was to take all of the tasks in all of these files, and select most recent instance for each uuid.
There’s a little bit of extra complication to handle whether a task is completed or not.
I used the following script to do this calculation:
import re
uuid_re = re.compile(r'uuid:"([^"]*)"')
modified_re = re.compile(r'modified:"([0-9]*)"')
def read(filename):
with open(filename) as f:
for l in f:
uuid = uuid_re.search(l).group(1)
try:
modified = modified_re.search(l).group(1)
except AttributeError:
modified = 0
yield uuid, int(modified), l
def add_to(uuid, modified, completed, line, coll):
if uuid in coll:
ex_modified, ex_completed, _ = coll[uuid]
if ex_modified >= modified:
return
if ex_completed and not completed:
return
coll[uuid] = (modified, completed, line)
by_uuid = {}
for c, fn in [
(True, "rama-completed.data"),
(True, "hopper-completed.data"),
(True, "dorp-completed.data"),
(True, "android-completed.data"),
(False, "rama-pending.data"),
(False, "hopper-pending.data"),
(False, "android-pending.data"),
]:
for uuid, modified, line in read(fn):
add_to(uuid, modified, c, line, by_uuid)
with open("completed-result.data", "w") as f:
for _, completed, line in by_uuid.itervalues():
if completed:
f.write(line)
with open("pending-result.data", "w") as f:
for _, completed, line in by_uuid.itervalues():
if not completed:
f.write(line)
As it turns out, I might have simplified this a little by looking at the status field: completed and deleted are in completed.data, and the rest are in pending.data.
Once I was happy with the results (approximately the right number of pending tasks, basically), I copied them into ~/.task on one machine, and ran some task queries to check everything looked good (looking for tasks I recalled adding on various machines).
Satisfied with this, I downloaded yet another set of keys from FreeCinc and installed them on that same machine.
I deleted ~/.task/backlog.data on that machine (just in case) and ran task sync init which appeared to upload all pending tasks.
Great!
Next, I deleted ~/.task/*.data on all of the other machines, installed the new FreeCinc keys, and ran task sync.
On these machines, it happily downloaded the pending tasks.
And we’re back in business!
I chose not to just copy ~/.task/*.data between systems because I run slightly different versions of TaskWarrior on different systems, so the data format might be different.
I might have used task export and task import with some success, but I didn’t think of it in time.
http://code.v.igoro.us/posts/2016/07/taskwarrior-corruption.html
|
|
Julia Vallera: Mozilla Clubs end of year goals |
Mozilla Clubs are excited to share our goals for the rest of 2016. We’ve come a long way since the program’s launch in 2015. What lies ahead for us is exciting and challenging. Below is what we will be working on and information about how you can join in the fun.
Curious to learn more about Mozilla Clubs? Check out our website, facebook page, event gallery, and discussion forum.
Mozilla Club leaders came together in June 2016 at Mozilla all-hands. Photo by Randy Macdonald
In June 2016, eight Mozilla Club leaders came together in London, UK for Mozilla’s bi-annual All Hands gathering. They participated in many conversations, one of which was a 90 minute deep dive session to identify objectives for clubs over the next six months. During the session we brainstormed topics, ideated in pairs and had a group share out. In addition to informing our goals for the rest of 2016, this session gave club leaders the opportunity to learn more about each other’s work and regional challenges.
In July, we shared the results of our deep dive session more broadly during our monthly call for club leaders and internal clubs info session. This allowed us to gather more feedback and ultimately votes on what goals we should focus on for Mozilla Clubs between now and January 2017.
Here is the list of goals that resulted, why they are important to our work how we plan to approach them.
Here are some ways you can contribute to our work over the next six months and beyond.
http://www.juliavallera.com/blog/mozilla-clubs-end-of-year-goals/
|
|
Jen Kagan: draggable min-vid, part 1 |
since merging john and i’s css PR, i’ve been digging into min-vid again. lots has changed! dave rewrote min-vid in react.js to make it easier for contributors to plug in.
why react.js? because we won’t have to write a thousand different platform checks anymore. for example, we’d have to trigger one set of behaviors if the platform was youtube.com and another set of behaviors if the platform was vimeo.com. this wasn’t scalable and it wasn’t very contributor-friendly. now, to add support for additional video-streaming platforms, contributors will just have to construct the URL to access the platform’s video files (hopefully via a well-documented API) and add the new URL constructing code to min-vid’s /lib folder in file called get-[platform]-url.js.
so that’s awesome!
right now, i’m working on how to make the video panel draggable within the browser window so you’re not just limited to watching yr vids in the lower left-hand corner:
john came up with a hacky idea for draggability where, on mouseDown, we’ll:
the idea is to make dragging less glitchy by changing our dragging process so we’re no longer sending data back and forth between react, the add-on, and the window.
how to get started? jared broke down the task into smaller pieces for me. here’s the first piece:
the function for setting up the panel size is in the index.js file. we determine how and when to panel.show() and panel.hide() based on the block of code below. the code tells the panel to listen for
// require the Panel element from the Mozilla SDK
var panel = require('sdk/panel').Panel({
// set the panel content using the /default.html file
contentURL: './default.html',
// set the panel functionality using the /controls.js file
contentScriptFile: './controls.js',
// set the panel dimensions and position
width: 320,
height: 180,
position: {
bottom: 10,
left: 10
}
});then, do different stuff based on what the message said.
// turn the panel port on to listen for a 'message' being emitted
panel.port.on('message', opts => {
// assign title to be whatever 'opts' were emitted
var title = opts.action;
if (title === 'send-to-tab') {
const pageUrl = getPageUrl(opts.domain, opts.id);
if (pageUrl) require('sdk/tabs').open(pageUrl);
else console.error('could not parse page url for ', opts); // eslint-disable-line no-console
panel.hide();
} else if (title === 'close') {
panel.hide();
} else if (title === 'minimize') {
panel.hide();
panel.show({
height: 40,
position: {
bottom: 0,
left: 10
}
});
} else if (title === 'maximize') {
panel.hide();
panel.show({
height: 180,
position: {
bottom: 10,
left: 10
}
});
}
});i added another little chunk in there which says: if the title is drag, hide the panel and then show it again with these new dimensions. the whole new block of code looks like this:
panel.port.on('message', opts => {
var title = opts.action;
if (title === 'send-to-tab') {
const pageUrl = getPageUrl(opts.domain, opts.id);
if (pageUrl) require('sdk/tabs').open(pageUrl);
else console.error('could not parse page url for ', opts); // eslint-disable-line no-console
panel.hide();
} else if (title === 'close') {
panel.hide();
} else if (title === 'minimize') {
panel.hide();
panel.show({
height: 40,
position: {
bottom: 0,
left: 10
}
});
} else if (title === 'maximize') {
panel.hide();
panel.show({
height: 180,
position: {
bottom: 10,
left: 10
}
});
}
else if (title === 'drag') {
panel.hide();
panel.show({
height: 360,
width: 640,
position: {
bottom: 0,
left: 0
}
});
}
});so we have some new instructions for the panel. but how do we trigger them? we trigger the instructions by creating the drag function within the PlayerView component and then rendering it. this code says: on whatever new custom event, send a message. the content of the message is an object with the format {detail: obj}—in this case, {action: 'drag'}. then, render the trigger in a
function sendToAddon(obj) {
window.dispatchEvent(new CustomEvent('message', {detail: obj}));
}
const PlayerView = React.createClass({
getInitialState: function() {
return {showVolume: false, hovered: false};
},
drag: function() {
sendToAddon({action: 'drag'});
},
...
render: function() {
return (
);
}
...and we style the class in our css file:
.drag {
background: red;
}so we get something like this, before clicking the red square:
and after clicking the red square:
next, i have to see if i can make the panel fill the page, then only drag the video element inside the panel, then snap the panel its position on the window and put it back to its original size, 320 x 180.
http://www.jkitppit.com/2016/07/20/draggable-min-vid-part-1/
|
|
Mozilla WebDev Community: Beer and Tell – July 2016 |
Once a month, web developers from across the Mozilla Project get together to talk about our side projects and drink, an occurrence we like to call “Beer and Tell”.
There’s a wiki page available with a list of the presenters, as well as links to their presentation materials. There’s also a recording available courtesy of Air Mozilla.
This week’s only presenter was mobyvb, who shared Jam Circle, a webapp that lets users play music together. Users who connect join a shared room and see each other as circles connected to a central node. Using the keyboard (or, in browsers that support it, any MIDI-capable device), users can play notes that all other users in the channel hear and see as colored lines on each circle’s connection to the center.
The webapp also includes the beginnings of an editor that will allow users to write chord progressions and play them alongside live playback.
A instance of the site is up and running at jam-circle.herokuapp.com. Check it out!
If you’re interested in attending the next Beer and Tell, sign up for the dev-webdev@lists.mozilla.org mailing list. An email is sent out a week beforehand with connection details. You could even add yourself to the wiki and show off your side-project!
See you next month!
https://blog.mozilla.org/webdev/2016/07/20/beer-and-tell-july-2016/
|
|
Daniel Pocock: How many mobile phone accounts will be hijacked this summer? |
Summer vacations have been getting tougher in recent years. Airlines cut into your precious vacation time with their online check-in procedures and a dozen reminder messages, there is growing concern about airport security and Brexit has already put one large travel firm into liquidation leaving holidaymakers in limbo.
If that wasn't all bad enough, now there is a new threat: while you are relaxing in the sun, scammers fool your phone company into issuing a replacement SIM card or transferring your mobile number to a new provider and then proceed to use it to take over all your email, social media, Paypal and bank accounts. The same scam has been appearing around the globe, from Britain to Australia and everywhere in between. Many of these scams were predicted in my earlier blog SMS logins: an illusion of security (April 2014) but they are only starting to get publicity now as more aspects of our lives are at risk, scammers are ramping up their exploits and phone companies are floundering under the onslaught.
With the vast majority of Internet users struggling to keep their passwords out of the wrong hands, many organizations have started offering their customers the option of receiving two-factor authentication codes on their mobile phone during login. Rather than making people safer, this has simply given scammers an incentive to seize control of telephones, usually by tricking the phone company to issue a replacement SIM or port the number. It also provides a fresh incentive for criminals to steal phones while cybercriminals have been embedding code into many "free" apps to surreptitiously re-route the text messages and gather other data they need for an identity theft sting.
Sadly, telephone networks were never designed for secure transactions. Telecoms experts have made this clear numerous times. Some of the largest scams in the history of financial services exploited phone verification protocols as the weakest link in the chain, including a $150 million heist reminiscent of Ocean's 11.
For phone companies, SMS messaging came as a side-effect of digital communications for mobile handsets. It is less than one percent of their business. SMS authentication is less than one percent of that. Phone companies lose little or nothing when SMS messages are hijacked so there is little incentive for them to secure it. Nonetheless, like insects riding on an elephant, numerous companies have popped up with a business model that involves linking websites to the wholesale telephone network and dressing it up as a "security" solution. These companies are able to make eye-watering profits by "purchasing" text messages for $0.01 and selling them for $0.02 (one hundred percent gross profit), but they also have nothing to lose when SIM cards are hijacked and therefore minimal incentive to take any responsibility.
Companies like Google, Facebook and Twitter have thrown more fuel on the fire by encouraging and sometimes even demanding users provide mobile phone numbers to "prove they are human" or "protect" their accounts. Through these antics, these high profile companies have given a vast percentage of the population a false sense of confidence in codes delivered by mobile phone, yet the real motivation for these companies does not appear to be security at all: they have worked out that the mobile phone number is the holy grail in cross-referencing vast databases of users and customers from different sources for all sorts of creepy purposes. As most of their services don't involve any financial activity, they have little to lose if accounts are compromised and everything to gain by accurately gathering mobile phone numbers from as many users as possible.
Can you escape your mobile phone while on vacation?
Just how hard is it to get a replacement SIM card or transfer/port a user's phone number while they are on vacation? Many phone companies will accept instructions through a web form or a phone call. Scammers need little more than a user's full name, home address and date of birth: vast lists of these private details are circulating on the black market, sourced from social media, data breaches (99% of which are never detected or made public), marketing companies and even the web sites that encourage your friends to send you free online birthday cards.
Every time a company has asked me to use mobile phone authentication so far, I've opted out and I'll continue to do so. Even if somebody does hijack my phone account while I'm on vacation, the consequences for me are minimal as it will not give them access to any other account or service, can you and your family members say the same thing?
Previous blogs on SMS messaging, security and two factor authentication, including my earlier blog SMS Logins: an illusion of security.
https://danielpocock.com/how-many-mobile-phone-accounts-will-be-hijacked-this-summer
|
|
Air Mozilla: The Joy of Coding - Episode 64 |
mconley livehacks on real Firefox bugs while thinking aloud.
|
|
Air Mozilla: The Invention Cycle: Going From Inspiration to Implementation with Tina Seelig |
Bringing fresh ideas to life and ultimately to market is not a well charted course. In July, our guest Tina Seelig will share a new...
|
|
Air Mozilla: Weekly SUMO Community Meeting July 20, 2016 |
This is the sumo weekly call
https://air.mozilla.org/weekly-sumo-community-meeting-july-20-2016/
|
|