Air Mozilla: The Joy of Coding - Episode 66 |
mconley livehacks on real Firefox bugs while thinking aloud.
|
|
Air Mozilla: Weekly SUMO Community Meeting August 3, 2016 |
This is the sumo weekly call
https://air.mozilla.org/weekly-sumo-community-meeting-august-3-2016/
|
|
Christian Heilmann: AMPed up |
With yesterday’s coverage of more rumours that Google search on mobile will rank AMP versions higher than normal HTML ones (The Verge and Nieman Lab reported) I thought it high time to take a closer look at AMP.
I will follow up with more in-detailed information about this and I’m chatting to the team in Google about the project, but here is the simple news: this blog is now also AMP enabled and you can get the AMP version of any post by adding a “/amp” to the URL.
The great thing about this? I had nothing else to do but to use the WordPress plugin (the source of which is also available on GitHub).
With AMP being an alternative representation of HTML content and a subset of it, this was easy enough. And frankly, I like the way it looks even on Desktop :).
|
|
Honza Bambas: Moz logging (former NSPR logging) file now has a size limit option |
There are lot of cases of mainly networking issues rare enough to reproduce making users have their Firefox run for long hours to hit the problem. Logging is great in bringing the information to us when finally reproduced, but after few hours the log file can be – well – huge. Easily even gigabytes.
But now we have a size limit, all you need to do:
Adding rotate module to the list of modules will engage log file size limit:
MOZ_LOG=rotate:200,log modules...
The argument is the limit in megabytes.
This will produce up to 4 files with names appended a numbering extension, .0, .1, .2, .3. The logging back end cycles the files it writes to while sum of these files’ sizes will never go over the specified limit.
The patch just landed on mozilla-central (version 51), bug 1244306.
Note 1: the file with the largest number is not guarantied to be the last file written. We don’t move the files, we only cycle. Using the rotate module automatically adds timestamps to the log, so it’s always easy to recognize which file keeps the most recent data.
Note 2: rotate doesn’t support append. When you specify rotate, on every start all the files (including any previous non-rotated log file) are deleted to avoid any mixture of information. The append module specified is then ignored.
The post Moz logging (former NSPR logging) file now has a size limit option appeared first on mayhemer's blog.
http://www.janbambas.cz/moz-logging-nspr-logging-file-now-has-a-size-limit-option/
|
|
Mozilla Addons Blog: Multi-process Firefox and Add-ons: A Call to Action for Extension Developers |
As we mentioned previously, Mozilla will be introducing multiprocess Firefox (e10s) to selected users with the release of Firefox 48. Installations of Firefox that do not have add-ons installed or accessibility features enabled will have multi-process support enabled by default over the next six weeks. We’ll be testing multiprocess Firefox with add-ons in the release channel starting in Firefox 49, with the intent to make it the default for all installations of Firefox in early 2017.
While a number of existing add-ons will work with multiprocess Firefox, some will not work, or will not work well. We’d like add-ons to “just work”, so users will be able to use all their favorite extensions while experiencing the benefits of e10s as it’s rolled out to them. To this end, we have an urgent request for developers of add-ons who have not tested their add-ons for e10s compatibility or switched to WebExtensions already:
Then, take one of the following paths:
Additional information on e10s, add-ons, and WebExtensions are available on a Mozilla Wiki and MDN, and we’re also here to help you make the transition. While it seems far away, 2017 is just a few months away, and we’d ask that you test—and update, if necessary—your add-ons as soon as possible.
https://blog.mozilla.org/addons/2016/08/02/multi-process-firefox-and-add-ons-a-call-to-action/
|
|
The Mozilla Blog: Exciting Improvements Delivered Today in Firefox for Desktop and Android |
Today we’re proud to announce the initial rollout of multi-process Firefox for Desktop to our general audience. With this, we’re taking a major step forward in improving Firefox for Desktop. Users should experience a Firefox that is less susceptible to freezing and is generally more responsive to input, while retaining the experience and features that users love.
In Firefox 48, we aim to slowly enable multi-process Firefox (also known as Electrolysis or e10s) for release users, starting with one percent and ramping up to nearly half the Firefox Release if things go as expected. e10s promises to offer a major improvement to your browsing experience by separating Web content and Firefox UI processes. This means when a web page is consuming a large part of your computer’s processing power, your tabs, buttons and menus won’t lock up. Wondering if your Firefox instance has enabled e10s? Type “about:support” into the URL bar. If e10s is active, you’ll see “1/1 (Enabled by default)” under the Multiprocess Windows line item.
In addition to making fundamental changes to how Firefox for Desktop will work in the future, today’s update also brings improvements to the browser design that make discovery even easier. First, we’re making the awesome bar even more awesome. Now when you enter a new query, you’ll see more suggestions than ever before and a wider view of your suggestions across the screen. This makes suggestions easier to read. You may also notice icons when a suggestion is recommending a site that is already in your bookmarks or open tabs.
We have redesigned the Discovery Pane at about:addons to help you personalize your browsing experience. The new design simplifies installation for featured add-ons to just one click and uses clean images and text to quickly orient you as you explore Firefox.
Lastly, in the latest update, we are also shipping security improvements that enhance download protection in Firefox, which you can learn more about here.
We also have some new features available in the latest version of Firefox for Android. Earlier this year, we experimented with rebooting bookmarks. Today, we’re rolling out these improvements by merging your Reading Lists into Bookmarks and your Synced tabs into the History Panel. This change means your reading list items will now be available across devices alongside your bookmarks, giving you easier access to your content no matter what device you’re using, which is a major upgrade for those of you using Firefox across devices.
Today, more people are watching web video than ever before. So we set out to improve the audio and video playback experience in Android. Now when you are playing a video within Firefox on an Android device and receive a call, your device will pause the video automatically, so you can focus on the call. We’ve also added a toolbar so you can quickly manage your audio controls within the app and streamlined the touch controls on all video content so it’s easier to use.
We’ll keep you updated as we continue to roll out Electrolysis over the next several months. In the meantime, download the latest Firefox for desktop and Android and let us know what you think.
https://blog.mozilla.org/blog/2016/08/02/exciting-improvements-in-firefox-for-desktop-and-android/
|
|
Myk Melez: Continuous Integration of Positron with TaskCluster |
I recently enabled continuous integration of Positron using TaskCluster’s support for GitHub repositories. I’ve used Travis CI to integrate other GitHub projects, but Positron is too large for Travis to build without timing out, since it builds all of Gecko. So I needed an alternative.
Caveat: TaskCluster only supports GitHub repositories in the mozilla organization or another org that is explicitly configured for it, as described by Setting up Taskcluster with a Github Organization. So it won’t work with your personal fork.
Also, while the Positron repository is based on gecko-dev, I didn’t use GitHub’s “fork” feature to create it, since GitHub won’t let you fork a repo to another repo in the same organization. Instead, I created a new repository and then copied gecko-dev’s commits to it, as described in Copy/fork a git repo on github into same organization.
(I also had to push the copied commits to GitHub in batches, as described in Github remote push pack size exceeded. And I had to push the first batch via special syntax, per Pushing a large github repo fails with “unable to push to unqualified destination: master”.)
To enable CI, I first created this Docker image, based on Ubuntu 14.04 (Trusty), that includes the Mozilla build toolchain and dependencies installed by Gecko’s bootstrap.py script. The image also includes the taskcluster-vcs utility, which caches gecko-dev and clones from the cache so that TaskCluster pulls from GitHub are lighter-weight.
Here’s the Dockerfile for that image:
FROM ubuntu:trusty
RUN apt-get update -y && \
apt-get install -y \
curl \
git \
nodejs \
nodejs-legacy \
npm \
python \
wget
RUN npm install -g taskcluster-vcs
RUN wget -O bootstrap.py https://raw.githubusercontent.com/mozilla/positron/master/python/mozboot/bin/bootstrap.py && \
python bootstrap.py --no-interactive --application-choice=browser
Then I replaced the upstream .taskcluster.yml file with one that clones and builds Positron when a developer submits a pull request or lands a change. .taskcluster.yml is like .travis.yml, but for TaskCluster. Here’s that file:
version: 0
metadata:
name: "Positron"
description: "continuous integration for Positron"
owner: "{{ event.head.user.email }}"
source: "{{ event.head.repo.url }}"
tasks:
- provisionerId: "{{ taskcluster.docker.provisionerId }}"
workerType: "{{ taskcluster.docker.workerType }}"
extra:
github:
env: true
events:
- pull_request.opened
- pull_request.synchronize
- pull_request.reopened
- push
payload:
maxRunTime: 7200 # seconds (i.e. two hours)
image: "mykmelez/docker-build-positron:latest"
command:
- "/bin/bash"
- "--login"
- "-c"
- "tc-vcs checkout repo https://github.com/mozilla/gecko-dev $GITHUB_HEAD_REPO_URL $GITHUB_HEAD_BRANCH &&
cd repo/ && SHELL=/bin/bash ./mach build"
metadata:
name: "checkoutandbuild"
description: "check out and build the repository"
owner: "{{ event.head.user.email }}"
source: "{{ event.head.repo.url }}"
Finally, I added TaskClusterRobot to the list of collaborators in the repo’s Settings > Collaborators & teams list, giving it Write permissions, so it can annotate pull requests with icons representing the state of the job, just like Travis does:
Et voil`a, continuous integration for Positron!
(Once Positron starts running Node and Electron tests, I’ll add tasks to run those tests and report their results.)
https://mykzilla.org/2016/08/02/continuous-integration-of-positron-with-taskcluster/
|
|
Anjana Vakil: Outreachy halftime(ish) update |
It feels like yesterday that I started my Outreachy internship, but it was actually over 2 months ago! For the last couple of weeks I’ve been on Outreachy hiatus because of EuroPython, moving from Saarbr"ucken to Berlin, and my mentor being on vacation. Now I’m back, with 6 weeks left in my internship! So it seems like a good moment to check in and reflect on how things have been going so far, and what’s in store for the left of my time as an Outreachyee.
In the rather involved application process for Outreachy, I already had to spend quite a bit of time figuring out the process for making even the tiniest contribution to the Mozilla codebase. But obviously one can’t learn everything there is to know about a project within a couple of weeks, so a good chunk of my Outreachy time so far was spent on getting better acquainted with:
The tools
I’ve already written about my learning experiences with Mercurial, but there were a lot of other components of the Mozilla development process that I had to learn about (and am still learning about), such as Bugzilla, MozReview, Treeherder, Try, Mach… Then, since the project I’m working focuses on testing, I had to grok things like Pytest and Mock. Since most everything I’m doing is in Python, I’ve also been picking up useful Python tidbits here and there.
The project
My internship project, “Test-driven refactoring of Marionette’s Python test runner”, relates to a component of the Marionette project, which encompasses a lot of moving parts. Even figuring out what Marionette is, what components it comprises, how these interrelate, and which of them I need to know about, was a non-trivial task. That’s why I’m writing a couple of posts about the project itself - one down, one to go - to crystallize what I’ve learned and hopefully make it a little easier for other people to get through the what-even-is-it steps that I’ve been going through. This post is a sort of “intermission”, so stay tuned for my upcoming post on the Marionette test runner and harness!
Of course, there’s a reason I’ve been trying to wrap my head around all the stuff I just mentioned: so that I can actually do this project! So what is the actual work I’ve been doing, i.e. my overall contribution to Mozilla as an Outreachy intern?
Well, to quote the project description:
we’re testing the thing that runs Firefox tests
The “thing” is the Marionette test runner, a tool written in Python that allows us to run tests that make use of Marionette to automate the browser. It’s responsible for things like discovering which tests we need to run, setting up all the necessary prerequisites, running the tests one by one, and logging all of the results.
Since the test runner is essentially a program like any other, it can be broken just like any other! And since it’s used in automation to run the tests that let Firefox developers know if some new change they’ve introduced breaks something, if the test runner itself breaks, that could cause a lot of problems. So what do we do? We test it!
That’s where I come in. My mentor, Maja, had started writing some unit tests for the test runner before the internship began. My job is basically to add more tests. This involves:
Aside from the testing side of things, another aspect of the project (which I particularly enjoy) involves improving how the runner relates to the rest of the world. For example, improving the command line interface to the runner, or making sure the unit tests for the runner are producing logs that play nicely with the rest of the Mozilla ecosystem.
As you can see, I’ve also been spending a fair bit of time writing blog posts about what I’ve been learning and encountering over the course of my internship. Hopefully these have been or will be useful to others who might also be wrapping their heads around these things for the first time. But regardless, writing them has certainly been useful for me!
While working with a new system or technology can often be frustrating, especially when you’re used to something similar-but-not-quite-the-same (ahem, git and hg), I’ve found that the frustration does subside (or at least lessen) eventually, and in its place you find not only the newfound ease of working with the new thing, but also the gratification that comes with the realization: “Hey! I learned the thing!” This makes the overall experience of grappling with the learning curve fun, in my experience.
This internship has been my first experience with a lifestyle that always attracted me: working remotely. I love the freedom of being able to work from home if I have things to take care of around the house, or at a cafe if I just really need to sip on a Chocolate Chai Soy Latte right now, or from the public library if I want some peace & quiet. I also loved being able to escape Germany for 2 weeks to visit my boyfriend’s family in Italy, or to work a day out of the Berlin office if I’m there for a long weekend looking at apartments. Now that I’ve moved to Berlin, I love the option of working out of the office here if I want to, or working from home or a cafe if I have things I need to take care of on the other side of the city. And because the team I’m working on is also completely distributed, there’s a great infrastructure already in place (IRC, video conferences, collaborative documents) to enable us to work in completely different countries/time zones and still feel connected.
A couple of weeks ago I got to mentor my first bug on Bugzilla, and help someone else get started contributing to the thing that I had gotten started contributing to a few months ago for my Outreachy internship. Although it was a pretty simple & trivial thing, it felt great to help someone else get involved, and to realize I knew the answers to a couple of their questions, meaning that I’m actually already involved! That’s the kind of thing that really makes me want to continue working with FOSS projects after my internship ends, and makes me so appreciative of initiatives like Outreachy that help bring newcomers like me into this community.
The flip side of the learning-stuff fun is that, especially at the beginning, ye olde Impostor Syndrome gets to run amok. When I started my internship, I had the feeling that I had Absolutely No Idea what I was doing – over the past couple of months it has gotten gradually better, but I still have the feeling that I have a Shaky and Vague Idea of what I’m doing. From my communications with other current/former Outreachy interns, this seems to be par for the course, and I suppose it’s par for the course for anyone joining a new project or team for the first time. But even if it’s normal, it’s still there, and it’s still hard.
As I mentioned, overall I’ve been really enjoying the remote-work lifestyle, but it does have its drawbacks. When working from home, I find it incredibly difficult to separate my working time from my not-working time, which is most often manifested in my complete inability to stop working at the end of the day. Because I don’t have to physically walk away from my computer, at the end of the day I think “Oh, I’ll just do that one last thing,” and the next thing I know the Last Thing has led to 10 other Last Things and now it’s 11:00pm and I’ve been working for 13 hours straight. Not healthy, not fun. Also, while the flexibility and freedom of not having a fixed place of work is great, moving around (e.g. from Germany to Italy to other side of Germany) can also be chaotic and stressful, and can make working (productively) more difficult – especially if you’re not sure where your next internet is going to come from. So the remote work thing is really a double-edged sword, and doing in a way that preserves both flexibility and stability is clearly a balancing act that takes some practice. I’m working on it.
Speaking of working productively, how do you know when you’re doing it? Is spending a whole day reading about mock objects, or writing a blog post, or banging your head against a build failure, or [insert activity that is not writing 1000 lines of code] productive? The nature of the Outreachy system is that every project is different, and the target outcomes (or lack thereof) are determined by the project mentor, and whether or not your work is satisfactory is entirely a matter of their judgment. Luckily, my mentor is extremely fair, open, clear, and realistic about her goals for the project. She’s also been very reassuring when I’ve expressed uncertainty about productivity, and forthcoming about her satisfaction with my progress. But I feel like this is just my good luck having a mentor who a) is awesome and b) was an Outreachy intern herself once, and can thus empathize. I do wonder how my experience would be different, especially from the standpoint of knowing whether I’m measuring up to expectations, if I were on a different project with a different mentor. Which brings me to…
As I’ve just said, I feel really lucky to be working with my mentor, Maja. She’s been an incredible support throughout the internship, and has just made it a great experience. I’m really thankful for her for being so detailed & thorough in her initial conception of the project and instructions to me, and for being so consistently responsive and helpful with any of my questions or concerns. I can’t imagine a better mentor.
“It takes a village,” or whatever they say, and my village is the Automation crew (who hang out in #automation on IRC) within the slightly-larger village of the Engineering Productivity team (A-Team) (#ateam). Just like my mentor, the rest of the crew and the team have also been really friendly and helpful to me so far. If Maja’s not there, if I’m working on some adjacent component, or if I have some general question, they’ve been there for me. And while having a fantastic mentor is fantastic, having a fantastic mentor within a fantastic team is double-fantastic, because it helps with the hard things like learning new tools or working remotely (especially when your mentor is in a different time zone, but other team members are in yours). So I’m also really grateful to the whole team for taking me in and treating me as one of their own.
Apparently, at some point in the last couple of years, someone at Mozilla decided to start including Outreachy interns in the semi-annual All Hands meetings. Whoever made that decision: please accept my heartfelt thanks. Being included in the London All Hands made a real difference - not only because I understood a lot about various components of the Mozilla infrastructure that had previously been confusing or unclear to me, but also because the chance to meet and socialize with team members and other Outreachy interns face-to-face was a huge help in dealing with e.g. Impostor Syndrome and the challenges of working on a distributed team. I’m so glad I was able to join that meeting, because it really helped me feel more bonded to both Mozilla as a whole and to my specific team/project, and I hope for the sake of both Mozilla and Outreachy that Outreachyees continue to be invited to such gatherings.
Early on in the internship, one of the other Mozilla Outreachy interns started a channel just for us on Mozilla’s IRC. Having a “safe space” to check in with the other interns, ask “dumb” questions, express insecurities/frustrations, and just generally support each other is immensely helpful. On top of that, several of us got to hang out in person at the London All Hands meeting, which was fantastic. Having contact with a group of other people going through more or less the same exciting/bewildering/overwelming/interesting experience you are is invaluable, especially if you suffer from Impostor Syndrome as so many of us do. So I’m so grateful to the other interns for their support and solidarity.
In the remaining weeks of my internship, I’m going to be continuing the work I mentioned, but instead of from a library in a small German town or a random internet connection in a small Italian town, I’ll be working mainly out of the Berlin office, and hopefully getting to know more Mozillians here. I’ll also be participating in the TechSpeakers program, a training program from the Mozilla Reps to improve your public speaking skills so that you can go forth and spread the word about Mozilla’s awesome technologies. Finally, in the last week or two, I’ll be figuring out how to pass the baton, i.e. tie up loose ends, document what I’ve done and where I’m leaving off, and make it possible for someone else – whether existing team or community members, or perhaps the next intern – to continue making the Marionette test runner and its unit tests Super Awesome. And blogging all the while, of course. :) Looking forward to it!
|
|
The Mozilla Blog: Announcing the Second Cohort of Ford-Mozilla Open Web Fellows |
The internet is a global public resource. It has the ability to empower, educate, connect and uplift.
But like any other public resource, the internet faces serious threats. From tech monopolies and mass surveillance to policy that undermines net neutrality, openness and freedom online are in danger. With these threats also comes opportunity for more conversation and change. We can help shift more people from consuming the web to participating in it.
That’s why Ford Foundation and Mozilla launched the Open Web Fellows program two years ago: To empower a network of leaders capable of defending the open web. The Open Web Fellows program places bright technologists and activists on the front lines of the open internet movement. Last year, Ford and Mozilla placed six fellows at leading NGOs like Amnesty International and the ACLU, where they used their tech savvy to fight for issues like freedom of expression and gender equality online.
Today, Ford and Mozilla are proud to announce our second class of fellows: eight talented makers and doers hailing from five continents. Our fellows will bring their expertise in data visualization, design, development, storytelling, research and policy analysis — and a shared zeal for an open internet — to eight international NGOs. Below, meet our fellows and their host organizations:
Steffania Paola Costa di Albanez
@stepaola | Derechos Digitales
Steffania is a feminist, self-taught developer, multidisciplinary designer, and visual artist. She also works as a digital security and coding trainer. Steffania has collaborated with civil society organizations and independent groups in Brazil that engage with issues like solidarity economy, intersectional feminism, privacy, and free speech. Steffania uses her skills to help these organizations increase the impact of advocacy efforts, build websites, applications and data visualizations, and plan workshops and toolkits. As an Open Web Fellow, Steffania will be collaborating with Derechos Digitales to help the civil society sector in Latin America better promote human rights in the digital environment.
'Eireann Leverett
@blackswanburst |'Eireann’s website | Privacy International
'Eireann is an academic, a red teamer, and an entrepreneur, and has deep experience working with computer emergency response teams to protect critical infrastructures. 'Eireann is fascinated by malware, vulnerabilities, cryptography, networks, information theory, and economics — and he believes hacking can win victories for humanity. Currently, 'Eireann is Founder and CEO of Concinnity Risks and Senior Risk Researcher at Cambridge Centre for Risk Studies. As an Open Web Fellow, 'Eireann will be working with Privacy International’s Tech Team to analyze surveillance documentation and data, identify and analyze new technologies, and help develop briefings and educational programming with a technical understanding.
Jennifer Helsby
@redshiftzero | Jennifer’s GitHub | Freedom of the Press Foundation
Jennifer is a data scientist and researcher passionate about using data and technology to catalyze social change. Previously, she was a postdoctoral researcher at the Center for Data Science and Public Policy at the University of Chicago, where she worked on applying machine learning methods to problems in public policy. Currently, Jennifer is a co-founder and CTO of Lucy Parsons Labs, a Chicago-based nonprofit that focuses on police accountability and surveillance oversight. She is also a co-organizer for Cryptoparty Chicago, which teaches everyday people about digital security. As an Open Web Fellow, Jennifer will be working with the Freedom of the Press Foundation to improve SecureDrop, an anonymous whistleblowing platform.
Berhan Taye
@btayeg | Berhan’s blog | Center for Intellectual Property and Information Technology (CIPIT)
Berhan is a social justice activist, a peace studies practitioner, and an avid advocate for open data and the open web. Berhan previously worked at a Conflict Early Warning and Early Response Center mitigating violence in East Africa. She has also conducted research on transitional justice and criminal violence at the University of Notre Dame, consulted for intergovernmental bodies in Addis Ababa and Nairobi, and engaged legislative processes related to land rights in Cape Town. As an Open Web Fellow, Berhan will be based at the Center for Intellectual Property and Information Technology (CIPIT) at the Strathmore Law School in Nairobi, Kenya, focusing on internet freedom in Eastern Africa.
Etienne Maynier
Etienne is a security engineer passionate about issues related to security and digital surveillance. He has worked on penetration testing and incident response for several years, and is now honing his focus on analyzing and better understanding how technologies are used to spy on citizens. Etienne believes in creating and fostering a robust public debate on privacy and surveillance issues. Etienne is a volunteer with Toulouse Hackerspace Factory. As an Open Web Fellow, Etienne will be based at Citizen Lab, an interdisciplinary laboratory based at the Munk School of Global Affairs, University of Toronto, focusing on projects like measuring Internet filtering and network interference and investigating malware attacks.
Siddharth (Sid) Rao
@sidnext2none | Sid’s website | European Digital Rights (EDRi)
Sid is a Free and Open Source Software (FOSS) enthusiast and a privacy fanatic who specializes in the security analysis of communication protocols. He is also passionate about internet services and infrastructure in developing nations. Sid co-founded the social venture ThirdEye, which builds affordable e-readers for visually-challenged people. He is a past Erasmus Mundus fellow and holds double master’s degrees from Aalto University, Finland (Information and Network Security) and University of Tartu, Estonia (Cryptography). As an Open Web Fellow, Sid will be based at European Digital Rights (EDRi), where he will help define policies related to data protection, surveillance, copyright, and network neutrality.
Matt Mitchell
@geminiimatt | Matt’s website | ColorofChange
Matt is a security researcher, operational security trainer, and data journalist who leads CryptoHarlem, impromptu workshops teaching basic cryptography tools to the predominately African American community in upper Manhattan. Previously, he worked as a data journalist for The New York Times and as a developer for CNN, Aol/Huffington Post, and other news organizations. Matt currently trains activists and journalists in digital security, with a special focus on marginalized populations who are often aggressively monitored, over-policed, and disenfranchised. As an Open Web Fellow, Matt will be based at ColorOfChange pioneering tools and discovering compelling user engagement strategies.
Suchana Seth
Suchana is a physicist-turned-data scientist from India. She has built scalable data science solutions and patent-pending applications in text mining and natural language processing for startups and industry research labs. Suchana believes in the power of data to drive positive change, and volunteers with DataKind to mentor data-for-good projects. She is also passionate about closing the gender gap in data science, and leads data science workshops with organizations like Women Who Code. As an Open Web Fellow, Suchana will be based at Data & Society, where she will enable data scientists and technology teams to better use anonymized data.
|
|
Air Mozilla: Mozilla Weekly Project Meeting, 01 Aug 2016 |
The Monday Project Meeting
https://air.mozilla.org/mozilla-weekly-project-meeting-20160801/
|
|
The Mozilla Blog: Working for Women’s Economic Empowerment with the United Nations High Level Panel |
Mozilla Foundation Webmaker Program, Indonesia (photo credit: Laura de Reynal)
It is critical to ensure that women are active participants in digital life. Without this we won’t reach full economic empowerment. An explicit focus on women and digital life is necessary for economic empowerment because the statistics are striking: over 1.7 billion women in low- and middle-income countries do not own mobile phones. Women in South Asia are 38 percent less likely to own a phone than men; in Africa, they are 50 percent less likely to use the internet.
This is the perspective and focus I bring to the UN High Level Panel for Women’s Economic Empowerment, an initiative of the United Nations that aims at unlocking the power of women to work and achieve their financial independence. You can read here about my participation to the Panel.
I joined fellow Panel members in Costa Rica a few weeks ago for a meeting hosted by Costa Rica President, Luis Guillermo Solis. Many thanks to President Solis for leading the meeting with both commitment and authenticity!
Here he shows his prowess with selfie-taking:
Members of the High Level Panel – From Left to Right: Tina Fordham, Citi Research; Laura Tyson, UC Berkeley; Alejandra Mora, Government of Costa Rica; Ahmadou Ba, AllAfrica Global Media; Renana Jhabvala, WIEGO; Elizabeth Vazquez, WeConnect; Jeni Klugman, Harvard Business School; Mitchell Baker, Mozilla; Gwen Hines, DFID-UK; Phumzile Mlambo, UN Women; Jos'e Manuel Salazar Xirinachs, International Labour Organization; Simona Scarpaleggia, Ikea; Winnie Byanyima, Oxfam; Fiza Farhan, Buksh Foundation; Karen Grown, World Bank; Margo Thomas, HLP Secretariat.
(photo credit: Luis Guillermo Solis, President, Costa Rica)
The meeting was an opportunity for all to learn about actions the Panel members have initiated, are piloting or are already scaling.
We also provided feedback and guidelines on the first draft of the HLP report that is due later this year. The report will describe actions towards women’s economic empowerment that have shown positive results. The goal of the report is to tell these stories to others interested in fostering women’s empowerment and enable them to adopt these successful practices. An initial version of the report will be released in September, with the final report in 2017.
As Phumzile Mlambo-Ngcuka, the Executive Director of UN Women often says, the best report will be one that points to projects that are known to work. One such example is a set of new initiatives, interventions and commitments to be undertaken in the Punjab, announced by the Panel Member Fiza Farhan and her Deputy Mahwish Javaid, from Pakistan.
Mozilla, too, is engaged in a set of new initiatives. We’ve been tuning our Mozilla Clubs program, which are on-going events to teach Web Literacy, to be interesting and more accessible to women and girls. We’ve entered into a partnership with UN Women to deepen this work and the pilots are underway. If you’d like to participate, consider applying your organizational, educational, or web skills to start a Mozilla Club for women and girls in your area. Here are examples of existing clubs for women in Nairobi and Cape Town.
Digital inclusion, a cross-cutting, overarching theme of the HLP report, is also a crucial topic for Mozilla. This is where Anar Simpson, my official Deputy for the Panel, focuses her work. We are liaising with companies in Silicon Valley who are working in the fields of connectivity and distribution of access to explore if, when and how their projects can empower women economically. We’re looking to gather everything they have learned about what has been effective. In addition to this information gathering task, Mozilla is working with the Panel to advocate and publicize the efforts of the report.
I joined the Panel because I see it as a valuable mechanism for driving both visibility and action on this topic. Women’s economic empowerment combines social justice, economic growth benefits and the chance for more stability in a fragile world. I look forward to meeting with the UN Panel again in September and reporting back on practical and research-driven initiatives.
|
|
About:Community: Firefox 48 new contributors |
With the release of Firefox 48, we are pleased to welcome the 78 developers who contributed their first code change to Firefox in this release, 57 of whom were brand new volunteers! Please join us in thanking each of these diligent and enthusiastic individuals, and take a look at their contributions:
http://blog.mozilla.org/community/2016/08/01/firefox-48-new-contributors/
|
|
Mozilla Security Blog: Announcing the 2016 edition of Mozilla Winter of Security |
What security engineers do at Mozilla is critical — not for just Firefox users, but for the whole Web. If you’ve ever used the OWASP Zed Attack Proxy, read our security guidelines on SSH and TLS or evaluated your website using the HTTP Observatory, then you have benefitted from the work of Mozilla’s security teams. That’s why we make sure to recruit some of the world’s best talent in the field who want to have a real impact on the Web’s security.
Mozilla Winter of Security (MWoS) is an opportunity for us to do just that, inviting students to pair up with our engineers to contribute to some of Mozilla’s security projects. Today we are announcing that the third-ever MWoS is open for applications.
Every year, we select projects that present an interesting security challenge. For mentors, MWoS is an opportunity to open projects from the Mozilla ecosystem to external contributors, and receive help to make progress in areas they may not have time to focus on. For students, MWoS is a gateway to the open source security world and a chance to solve real-world problems. This mutually beneficial formula has led 33 students to write code for 16 security projects in the last two years. Several of these projects are now fully integrated in the work we do to keep Mozilla and the Internet safe. Take the TLS Observatory, a platform developed by Dimitris Bachtis from Greece (MWoS 2014) that helps operators configure HTTPS properly on their sites. Another example is the MIG Sandbox, a Go package implementing Linux seccomp to secure Mozilla Investigator, and written by Teodora Baluta, Vladimir Diaconescu and Constantin-Alexandru Tudorica from Romania (MWoS 2015).
This year, MWoS has expanded to include Mozilla’s Crypto team with five projects for NSS, the network security library of Firefox. Alongside cryptography, the 2016 edition of MWoS will feature twelve projects spread across various disciplines, including web and infrastructure security. The projects are:
A full list of projects with their details is available at https://wiki.mozilla.org/Security/Automation/Winter_Of_Security_2016.
To apply, teams must be engaged in a university program and their professor must agree to give the team credits for their MWoS project. Our experience tells us this requirement ensures students have the time and motivation to work on their project, and helps provide a better mentoring experience for everyone.
Applications open today and will close on September 15th. If you are a professor, we encourage you to tell your students about MWoS. If you are a student looking to have a real impact on the security of the Web, start assembling your team, and fill out the application form before September 15th. We will contact the teams and let them know if they have been selected within two weeks after the deadline.
If you have any questions about the MWoS program or the projects, please contact the mentors directly by email and on Mozilla’s #security IRC channel. We look forward to having you join us!
https://blog.mozilla.org/security/2016/08/01/announcing-mwos-2016/
|
|
Mozilla Security Blog: Enhancing Download Protection in Firefox |
Protection against malicious downloads was added in Firefox 31 on Windows and in Firefox 39 on Mac and Linux. Thanks to Google’s expansion of their Safe Browsing service, Firefox 48 now extends our existing protection to include two additional kinds of downloads: potentially unwanted software and uncommon downloads.
The first new category, potentially unwanted software, is meant to flag software that makes unexpected changes to your computer, as explained in the Google policy. It is usually best to avoid this kind of software since it could (for example) collect your personal information without your consent and use techniques to make it difficult to uninstall.
The second category, uncommon downloads, covers downloads which may not be malicious or unwanted but that are simply not commonly downloaded. The purpose of this warning is to draw users’ attention to the fact that this may not be the download they think it is. For example, if you are looking to download a new version of Firefox or a popular software package such as VLC and get this warning, it is possible that you have been tricked into downloading a malicious file from a phishing site which has not yet been identified as such by the Google Safe Browsing service. You may want to double-check the address of the site where you downloaded this file and proceed with caution.
In addition to the new categories described above, we have made improvements to the user interface to make it easier for users to notice and understand these warnings.
Here is what the download button now looks like when a download has been flagged by download protection:
 Potentially unwanted or uncommon downloads |
 Malicious downloads |
Depending on the category, the default action button will be either “open” or “remove”:
Potentially unwanted downloads
Uncommon downloads
Malicious downloads
and the following confirmation dialog was added to help users understand the risks involved:
Potentially unwanted downloads
Uncommon downloads
Malicious downloads
We have retained the ability for users to override all of these warnings via the contextual menu if they are convinced that the warning is erroneous:
Contextual menu
The security options in Firefox had remained the same since browsing protection was first introduced in Firefox 3. This is what they looked like in Firefox 47:
Security options prior to Firefox 48
and this is how they changed in Firefox 48 to give users more control around download and browsing protection:
Security options in Firefox 48
While we believe that the vast majority of our users will prefer to keep all of the protections that Safe Browsing offers, we understand that some users may choose to disable parts of the Safe Browsing service based on the privacy guarantees they offer. Our new options aim to give concerned users the necessary level of control and to enable them to retain as much of the Safe Browsing service as they are comfortable with.
Here are what the new options mean:
Expert users are always welcome to explore (at their own risk) the additional internal configuration settings which are not exposed through the user interface.
https://blog.mozilla.org/security/2016/08/01/enhancing-download-protection-in-firefox/
|
|
Mozilla Addons Blog: August 2016 “Pick of the Month” |
Beat it, LSO’s!
by IKRG
Remove or manage a new, trickier kind of cookie, better known as LSO’s or Flash cookies.
”I’m a non-techie and had never even heard of these spy gadgets. I was amazed at the number Better Privacy turned up.”
Featured add-ons are selected by a community board made up of add-on developers, users, and fans. Board members change every six months, so there’s always an opportunity to participate. Stayed tuned to this blog for the next call for applications. Here’s further information on AMO’s featured content policies.
If you’d like to nominate an add-on for featuring, please send it to amo-featured@mozilla.org for the board’s consideration. We welcome you to submit your own add-on!
https://blog.mozilla.org/addons/2016/08/01/august-2016-pick-of-the-month/
|
|
Cameron Kaiser: 38.10.0 available |
I'm still trying to investigate what's wrong with Amazon Music in TenFourFox 45, but everything else appears to be working. Watch for beta 1 later this week regardless.
Also, this makes me happy. Its name is Eric.
|
|
Daniel Stenberg: curl and h2 on mac |
$ curl
http2 https://daniel.haxx.se/
curl: (1) Unsupported protocol
cur
l has been shipped by default on Mac OS X since many years – I actually couldn’t even manage to figure out exactly how many. It is built and bundled with the operating system by Apple itself and on Apple’s own terms and even though I’m the main curl developer I’ve never discussed this with them or even been asked or told about their plans. I’m not complaining, our license allows this and I’m nothing but happy with them shipping curl to millions of Mac users.
Originally, curl on Mac was built against OpenSSL for the TLS and SSL support, but over time our friends at Apple have switched more and more of their software over to use their own TLS and crypto library Secure Transport instead of OpenSSL. A while ago Apple started bundling curl built to use the native mac TLS library instead of OpenSSL.
As you may know, when you build curl you can select from eleven different TLS libraries and one of them of course is Secure Transport. Support for this TLS back-end in curl was written by curl hackers, but it apparently got to a quality level good enough for Apple to decide to build curl with this back-end and ship it like that.
The Secure Transport back-end is rather capable and generally doesn’t cause many reasons for concern. There’s however one notable little glitch that people keep asking me about…
There are two obvious reasons why not, and they are:
Secure Transport doesn’t offer any public API to enable HTTP/2 with ALPN when speaking HTTPS. Sure, we know Apple supports HTTP/2 already in several other aspects in their ecosystem and we can check their open code so we know there’s support for HTTP/2 and ALPN. There’s just no official APIs for us to use to switch it on!
So, if you insist on building curl to use Secure Transport instead of one of the many alternatives that actually support ALPN just fine, then you can’t negotiate HTTP/2 over TLS!
Even without ALPN support, you could actually still negotiate HTTP/2 over plain text TCP connections if you have a server that supports it. But even then curl depends on the awesome nghttp2 library to provide the frame level protocol encoding/decoding and more. If Apple would decide to enable HTTP/2 support for curl on Mac OS, they need to build it against nghttp2. I really think they should.
Correct. You can still install your own separate curl binary (and libcurl library) from other sources, like for example Homebrew or Macports and they do offer versions built against other TLS back-ends and nghttp2 and then of course HTTP/2 works just fine with curl on mac.
No, but I know for certain that there has been a bug report filed by someone else. Unfortunately it isn’t public so I can’t link nor browse it.
|
|
Karl Dubost: [worklog] Edition 029. From the seventh floor |
Tune of the week: Rico Loop in One Shot because it's what we basically do on a daily basis on the Web. Remixing tools, code and knowledge when we encounter them along our way to create and solve issues. The last two weeks I have been staying at the seventh floor, it offers new perspectives on the work and the mind.
Progress this week:
Today: 2016-08-01T07:10:39.302548 294 open issues ---------------------- needsinfo 5 needsdiagnosis 70 needscontact 16 contactready 33 sitewait 165 ----------------------
You are welcome to participate
And you would think that there is no issue with the way create their scripts. function openBrowser(). They could have just simply named it: function openChromeMonoculture().
(a selection of some of the bugs worked on this week).
Link header for the comment, we bail out all the JSON body. We need to reopen #1058Otsukare!
|
|
Kim Moir: Ottawa Python Authors Meetup: Artificial Intelligence with Python |
 |
| The venue was across the street from Confederation Park aka land of Pokemon. |
 |
| The venue had the Canada Council for the Arts as a tenant, thus the quintessentially Canadian art. |
http://relengofthenerds.blogspot.com/2016/07/ottawa-python-authors-meetup-artificial.html
|
|
Kim Moir: Eclipse Committer Emeritus |
 |
| My IBM friends made this neat Eclipse poster when I left. The Mozilla dino displays my IRC handle. |
http://relengofthenerds.blogspot.com/2016/07/eclipse-committer-emeritus.html
|
|