Shing Lyu: Beginner's guide to git rebasing and squashing |
I wrote this post on the Servo wiki to help beginners getting started with rebasing and squashing, two of the most terrifying operations you’ll face if you are not familiar with git. I’m cross posting this here for people working on other projects.
Big thanks to Wafflespeanut who proofread the post, any error you found here is my own.
Suppose you’ve created a pull request following the checklist, but the reviewer ask you to fix something, do a rebase or squash your commits, how exactly do you do that? If you have some experience with git, you might want to check the GitHub workflow for a quick overview. But if you are not familiar with git enough, we’ll teach you how to do these common operations in detail.
Suppose you’ve created a pull request following the checklist, but the reviewer asks you to fix something, do a rebase or squash your commits, how exactly do you do that? If you have some experience with git, you might want to check the GitHub workflow for a quick overview. But if you are not familiar with git enough, we’ll teach you how to do these common operations in detail.
Once you reviewer reviewed your patch, he/she might leave some comments asking you to fix something. So you edit the source code, then you will probably do something like this.
git add then git commit, write a commit message telling people what you’ve fixed. (You might also check out the --fixup option for git commit in the workflow doc.)git push to the same remote branch which you’ve created the PR with. The GitHub pull request page will pick up your changes, and hide those review comments you’ve fixed.If your fix is trivial, and you have a single commit ready for merge, then you can consider using git commit --amend to add the change directly to your last commit. Then, all you need to do is git push -f to force push to the branch at your fork.
Sometimes, if someone merged new code while your patch is still in review, git might not be able to figure out how to apply your patch on top of the new code. In this case, our bors-servo bot will notify you with a helpful message:
https://shinglyu.github.io/web/2016/11/08/servo-rebase-and-squash-guide.html
|
|
This Week In Rust: This Week in Rust 155 |
Hello and welcome to another issue of This Week in Rust! Rust is a systems language pursuing the trifecta: safety, concurrency, and speed. This is a weekly summary of its progress and community. Want something mentioned? Tweet us at @ThisWeekInRust or send us a pull request. Want to get involved? We love contributions.
This Week in Rust is openly developed on GitHub. If you find any errors in this week's issue, please submit a PR.
No crate was selected for CotW.
Always wanted to contribute to open-source projects but didn't know where to start? Every week we highlight some tasks from the Rust community for you to pick and get started!
Some of these tasks may also have mentors available, visit the task page for more information.
If you are a Rust project owner and are looking for contributors, please submit tasks here.
140 pull requests were merged in the last week.
panic configuration for test/bench profiles.-Z hir-stats for collecting statistics on HIR and AST.hir::Expr slightly..wrapping_offset() methods.&Wrapping. Also Sum, Product impls for both Wrapping and &Wrapping.unwrap_or_default method to Result.RefUnwindSafe for atomic types.io:ErrorKind to io::Error.Changes to Rust follow the Rust RFC (request for comments) process. These are the RFCs that were approved for implementation this week:
No RFCs were approved this week!
Every week the team announces the 'final comment period' for RFCs and key PRs which are reaching a decision. Express your opinions now. This week's FCPs are:
Style RFCs are part of the process for deciding on style guidelines for the Rust community and defaults for Rustfmt. The process is similar to the RFC process, but we try to reach rough consensus on issues (including a final comment period) before progressing to PRs. Just like the RFC process, all users are welcome to comment and submit RFCs. If you want to help decide what Rust code should look like, come get involved!
PRs:
Ready for PR:
Final comment period:
If you are running a Rust event please add it to the calendar to get it mentioned here. Email the Rust Community Team for access.
Tweet us at @ThisWeekInRust to get your job offers listed here!
I want to paint you a picture of a utopia in which Rust has expanded to become the fabric of the entire classical computing world, where the possibilities of what we can achieve are not shackled to the decaying dreams of computer science past. In this perfect utopia you have invented the perfect model for managing your computer's sci-fi hardware, perfectly free from the legacy of Unix and Windows. And you need the perfect language to write it in. Everywhere you look is legacy: C, C++, Java; the stacks get bigger and bigger, cruft all the way down.
The only shining light is Rust. Those Rustaceans have been chipping away the cruft, distilling their platform to only the essence of bits and bytes, while also expanding its expressive power toward legendary elegance. Rust doesn't want to tell you how to build your system. Rust wants to serve you, to fulfill your dreams, on your terms. For your ambitions, Rust is the only reasonable choice in a world filled with compromises.
— brson on Refactoring std for ultimate portability.
Thanks to Japaric for the suggestion.
Submit your quotes for next week!
This Week in Rust is edited by: nasa42, llogiq, and brson.
https://this-week-in-rust.org/blog/2016/11/08/this-week-in-rust-155/
|
|
Hub Figui`ere: Rust and GNOME |
For the record, in case it was unclear, I'm 100% interested in pushing the use of Rust in GNOME. It is all held down by the amount of free time I have.
https://www.figuiere.net/hub/blog/?2016/11/07/864-rust-and-gnome
|
|
Air Mozilla: Mozilla Weekly Project Meeting, 07 Nov 2016 |
The Monday Project Meeting
https://air.mozilla.org:443/mozilla-weekly-project-meeting-20161107/
|
|
Air Mozilla: Webinar: Innovation Challenge Mechanics - Nov. 7th, 2016 |
The webinar will answer questions around the Equal Rating Innovation Challenge including what we are looking for as well as how to submit. To ask...
https://air.mozilla.org:443/webinar-innovation-challenge-mechanics-2016-11-07/
|
|
Gervase Markham: Killing SHA-1 Properly |
Currently, Mozilla’s ban on using the old and insecure SHA-1 hash algorithm as part of the construction of digital certificates is implemented via the ban in the CAB Forum Baseline Requirements, which we require all CAs to adhere to. However, implementing the ban via the BRs is problematic for a number of reasons:
Therefore, I’ve started a discussion on updating Mozilla’s CA policy to implement a “proper” SHA-1 ban, which we would implement via a CA Communication, and
then later in an updated version of our policy. See mozilla.dev.security.policy if you want to contribute to the discussion.
http://feedproxy.google.com/~r/HackingForChrist/~3/O1Q6JsxwwCw/
|
|
Firefox Nightly: Simulate slow connections with the network throttling tool |
Firefox DevTools has now a network throttling tool to simulate slow connections, so you can get a rough idea of the user experience under different connection types (bug #1283453).
This is extremely important when building responsive sites, which are meant to perform well on many different devices and scenarios.
To access this tool, make sure you’re running an updated version of Nightly, then open the Responsive Design Mode tool via Tools -> Web Developer -> Responsive Design Mode. You can then select the desired simulated speed with the dropdown menu to the right of “Responsive Design Mode”, and reload the page to see the effect of the changes.
And if you want to find out what is being loaded, use this tool in combination with the Network inspector:
|
|
Hub Figui`ere: Introducing GPS Ami |
Once upon a time, I started geotagging my photos. For that I bought a GPS logger, an Holux M-1200E. The device works great with gpsbabel, and since my photography workflow was stuck on MacOS, I used Houdah GPS (which uses gpsbabel behind the scene, BTW). Also I have been working for too long on moving that workflow to Linux and GNOME. At one point I even started to write an app I called "Magellan" to do what that MacOS tool did, as a part of my other project, Niepce. I didn't really get motivated so it went nowhere. It was written in C++ like the rest of Niepce. The technology isn't the problem here.
Fast forward, my photography machine got upgraded to a more recent version of its operating system after the one I was using was abandonned by browser vendors, and it happens that in that upgrade, the GPS logger stopped working because MacOS 10.11 stopped providing the USB->Serial driver needed. I could install some random driver, but given how much trust I have, I decided to pass. On Linux, it still works.
I had already started rewriting Magellan in Rust using gtk-rs ; I did that as just another Rust learning project. This breakage came right as a good motivator to actually push the development of that application and make it work. And it does.
The name "Magellan" was already used for some GPS related product (not surprising), so my app became GPS Ami ("Ami" means "friend" in French).
The design
I basically reimplemented Houdah GPS, UI and such. It works OK, but I think it will act as a transitionary state. I have bigger plans.
Notably, I want to allow a better control of the device, like what bt747 can do - my logger is based on that chipset, and other automation feature so I can use GPS Ami from Niepce to download the tracks. I currently only tested with the device I have.
The implementation
As explained before GPS Ami is written in Rust and uses gtk-rs for the UI. I have to be honest, gtk-rs is not ready for prime-time, but it looks very promising and I'm very happy to be able to contribute as needed. Not surprising, but you should be ready to have to put your hands in it if you want to use it. I did just that: provided more APIs, filed some bugs, sometime fixing them. I also had to implement gudev-rs to be able to have gudev functionnality for device hotplug — to plug into the mainloop. This was a learning experience.
Rust tooling is a lot about generating a monolithic binary, without
data files. This is not bad per see, but when you need data files like
.ui from glade to load the UI in Gtk (albeit this not required on Gtk
side, it is more convenient), you are a bit stuck. Fortunately there
is the includestr!() macro in Rust which mean "load this file at
compile time and put it in this string".
Another problem I had was installing the rest of the files, like the .desktop or icons, problem I solved by wrapping cargo into an automake build system.
On overall, I'm just calling gpsbabel from a UI to download file.
The future
So what should come into the future?
Help wanted
https://www.figuiere.net/hub/blog/?2016/11/06/863-introducting-gps-ami
|
|
Daniel Stenberg: On between screens |
I talked with Ed Hoover on the between screens podcast a while ago and that episode has now been published. It is a dense 12 minutes as the good Ed edited it massively.
|
|
Mozilla Reps Community: Reps Program Objectives – Q4 2016 |
With “RepsNext” we increased alignment between the Reps program and the Participation team. The main outcome is setting quarterly Objectives and Key Results together. This enables all Reps to see which contributions have a direct link to the Participation team . Of course, Reps are welcome to keep doing amazing work in other areas.
| Objective 1 | A focus set of relevant training and learning opportunities for Reps are systematized and they regularly access these opportunities to be more effective in their contributions and as a result providing more impact to Mozilla’s main initiatives. |
| KR1 | Core mobilizers who took the leadership training report being more effective to support Mozilla by actively using their new skills. |
| KR2 | Mobilizers from at least 90% of our (10) regions are interested in the training |
| KR3 | 80% of the people who took coaching training report having used these new skills in their volunteer work and report being more effective |
| KR4 | Gatherings toolkit quality is enough for volunteers to drive impactful gatherings on their own. |
| Objective 2 | Reps is the program for most core volunteers where many communities feel their voice represented and influencing the organization, and where mozillians join to be more aligned, grow their skills and be more impactful in mobilizing others. |
| KR1 | Communities are making Activate Mozilla successful by running 100 activities. |
| KR2 | 30% more effectiveness (time and positive sentiment) on budget process |
| KR3 | Initial material for Reps Resources track foundation is created. |
| KR4 | Plan for integrating all efforts (Leadership, Coaching, Regional, Resources) into Reps structure delivered. |
| KR5 | There is an implementation plan in place to decrease the time between an application and the onboarding by at least 50% compared to H1 2016. |
| KR6 | We have at least 3 different solid ideas around Recognition in place and started at least one experiment. |
Which of the above objectives are you most interested in? What key result would you like to hear more about? What do you find intriguing? Which thoughts cross your mind upon reading this?
Let’s keep the conversation going! Please provide your comments in Discourse.
https://blog.mozilla.org/mozillareps/2016/11/04/reps-program-objectives-q4-2016/
|
|
Yunier Jos'e Sosa V'azquez: Nueva versi'on de Firefox llega con mejoras en la reproducci'on de videos y mucho m'as |
El pasado martes 19 de septiembre Mozilla liber'o una nueva versi'on de su navegador e inmediatamente compartimos con ustedes sus novedades y su descarga. Pedimos disculpa a todas las personas por las molestias que esto pudo causar.
El administrador de contrase~nas ha sido actualizado para permitir a las p'aginas HTTPS emplear las credenciales HTTP almacenadas. Esta es una forma m'as para soportar Let’s Encrypt y ayudar a los usuarios en la transici'on hacia una web m'as segura.
El modo de lectura ha recibido varias funcionalidades que mejoran nuestra lectura y escucha mediante la adici'on de controles para ajustar el ancho y el espacio entre l'ineas del texto, y la inclusi'on de narraci'on donde el navegador lee en voz alta el contenido de la p'agina; sin dudas caracter'isticas que mejorar'an la experiencia de uso en personas con discapacidad visual.
El modo de lectura ahora incluye controles adicionales y lectura en alta voz
El reproductor de audio y video HTML5 ahora posibilita la reproducci'on de archivos a diferentes velocidades (0.5x, Normal, 1.25x, 1.5x, 2x) y repetirlos indefinidamente. En este sentido, se mejor'o el rendimiento al reproducir videos para usuarios con sistemas que soportan instrucciones SSSE3 sin aceleraci'on por hardware.
Firefox Hello, el sistema de comunicaci'on mediante videollamadas y chat ha sido eliminado por su bajo empleo. No obstante, Mozilla seguir'a desarrollando y mejorando WebRTC.
Fin del soporte para sistemas OS X 10.6, 10.7 y 10.8, y Windows que soportan procesadores SSE.
Si prefieres ver la lista completa de novedades, puedes llegarte hasta las notas de lanzamiento (en ingl'es).
Puedes obtener esta versi'on desde nuestra zona de Descargas en espa~nol e ingl'es para Android, Linux, Mac y Windows. Si te ha gustado, por favor comparte con tus amigos esta noticia en las redes sociales. No dudes en dejarnos un comentario.
|
|
Gervase Markham: Security Updates Not Needed |
As Brian Krebs is discovering, a large number of internet-connected devices with bad security can really ruin your day. Therefore, a lot of energy is being spent thinking about how to solve the security problems of the Internet of Things. Most of it is focussed on how we can make sure that these devices get regular security updates, and how to align the incentives to achieve that. And it’s difficult, because cheap IoT devices are cheap, and manufacturers make more money building the next thing than fixing the previous one.
Perhaps, instead, of trying to make water flow uphill, we should be taking a different approach. How can we design these devices such that they don’t need any security updates for their lifetime?
One option would be to make them perfect first time. Yeah, right.
Another option would be the one from my blog post, An IoT Vision. In that post, I outlined a world where IoT devices’ access to the Internet is always mediated through a hub. This has several advantages, including the ability to inspect all traffic and the ability to write open source drivers to control the hardware. But one additional outworking of this design decision is that the devices are not Internet-addressable, and cannot send packets directly to the Internet on their own account. If that’s so, it’s much harder to compromise them and much harder to do anything evil with them if you do. At least, evil things affecting the rest of the net. And if that’s not sufficient, the hub itself can be patched to forbid patterns of access necessary for attacks.
Can we fix IoT security not by making devices secure, but by hiding them from attacks?
http://feedproxy.google.com/~r/HackingForChrist/~3/FNdZrZ-877Y/
|
|
Gervase Markham: WoSign and StartCom |
One of my roles at Mozilla is that I’m part of the Root Program team, which manages the list of trusted Certificate Authorities (CAs) in Firefox and Thunderbird. And, because we run our program in an open and transparent manner, other entities often adopt our trusted list.
In that connection, I’ve recently been the lead investigator into the activities of a Certificate Authority (CA) called WoSign, and a connected CA called StartCom, who have been acting in ways contrary to those expected of a trusted CA. The whole experience has been really interesting, but I’ve not seen a good moment to blog about it. Now that a decision has been taken on how to move forward, it seems like a good time.
The story started in late August, when Google notified Mozilla about some issues with how WoSign was conducting its operations, including various forms of what seemed to be certificate misissuance. We wrote up the three most serious of those for public discussion. WoSign issued a response to that document.
Further issues were pointed out in discussion, and via the private investigations of various people. That led to a longer, curated issues list and much more public discussion. WoSign, in turn produced a more comprehensive response document, and a “final statement” later.
One or two of the issues on the list turned out to be not their fault, a few more were minor, but several were major – and their attempts to explain them often only led to more issues, or to a clearer understanding of quite how wrong things had gone. On at least one particular issue, the question of whether they were deliberately back-dating certificates using an obsolete cryptographic algorithm (called “SHA-1”) to get around browser blocks on it, we were pretty sure that WoSign was lying.
Around that time, we privately discovered a couple of certificates which had been mis-issued by the CA StartCom but with WoSign fingerprints all over the “style”. Up to this point, the focus has been on WoSign, and StartCom was only involved because WoSign bought them and didn’t disclose it as they should have done. I started putting together the narrative. The result of those further investigations was a 13-page report which conclusively proved that WoSign had been intentionally back-dating certificates to avoid browser-based restrictions on SHA-1 cert issuance.
If you can write an enthralling page-turner about f**king certificate authorities doing scuzzy nerd sh*t, damn, I couldn't pull that off.
— SwiftOnSecurity (@SwiftOnSecurity) September 28, 2016
The report proposed a course of action including a year’s dis-trust for both CAs. At that point, Qihoo 360 (the Chinese megacorporation which is the parent of WoSign and StartCom) requested a meeting with Mozilla, which was held in Mozilla’s London office, and attended by two representatives of Qihoo, and one each from StartCom and WoSign. At that meeting, WoSign’s CEO admitted to intentionally back-dating SHA-1 certificates, as our investigation had discovered. The representatives of Qihoo 360 wanted to know whether it would be possible to disentangle StartCom from WoSign and then treat it separately. Mozilla representatives gave advice on the route which might most likely achieve this, but said that any plan would be subject to public discussion.
WoSign then produced another updated report which included their admissions, and which outlined a plan to split StartCom out from under WoSign and change the management, which was then repeated by StartCom in their remediation plan. However, based on the public discussion, the Mozilla CA Certificates module owner Kathleen Wilson decided that it was appropriate to mostly treat StartCom and WoSign together, although StartCom has an opportunity for quicker restitution than WoSign.
And that’s where we are now :-) StartCom and WoSign will no longer be trusted in Mozilla’s root store for certs issued after 21st October (although it may take some time to implement that decision).
http://feedproxy.google.com/~r/HackingForChrist/~3/Pit2XjzixN8/
|
|
Christian Heilmann: Decoded Chats – first edition live on the Decoded Blog |
Over the last few weeks I was busy recording interviews with different exciting people of the web. Now I am happy to announce that the first edition of Decoded Chats is live on the new Decoded Blog.
In this first edition, I’m interviewing Rob Conery about his “Imposter Handbook“. We cover the issues of teaching development, how to deal with a constantly changing work environment and how to tackle diversity and integration.
We’ve got eight more interviews ready and more lined up. Amongst the people I talked to are Sarah Drasner, Monica Dinculescu, Ada-Rose Edwards, Una Kravets and Chris Wilson. The format of Decoded Chats is pretty open: interviews ranging from 15 minutes to 50 minutes about current topics on the web, trends and ideas with the people who came up with them.
Some are recorded in a studio (when I am in Seattle), others are Skype calls and yet others are off-the-cuff recordings at conferences.
Do you know anyone you’d like me to interview? Drop me a line on Twitter @codepo8 and I see what I can do :)
https://www.christianheilmann.com/2016/10/18/decoded-chats-first-edition-live-on-the-decoded-blog/
|
|
Aki Sasaki: scriptworker 0.8.1 and 0.7.1 |
Tl;dr: I just shipped
scriptworker 0.8.1 (changelog) (github) (pypi)
and
scriptworker 0.7.1 (changelog) (github) (pypi)
These are patch releases, and are currently the only versions of scriptworker that work.
The json, embedded in the Azure XML, now contains a new property, hintId. Ideally this wouldn't have broken anything, but I was using that json dict as kwargs, rather than explicitly passing taskId and runId. This means that older versions of scriptworker no longer successfully poll for tasks.
This is now fixed in scriptworker 0.8.1.
Scriptworker 0.8.0 made some non-backwards-compatible changes to its config format, and there may be more such changes in the near future. To simplify things for other people working on scriptworker, I suggested they stay on 0.7.0 for the time being if they wanted to avoid the churn.
To allow for this, I created a 0.7.x branch and released 0.7.1 off of it. Currently, 0.8.1 and 0.7.1 are the only two versions of scriptworker that will successfully poll Azure for tasks.
|
|
Mike Ratcliffe: Running ESLint in Atom for Mozilla Development |
Due to some recent changes in the way that we use eslint to check that our coding style linting Mozilla source code in Atom has been broken for a month or two.
I have recently spent some time working on Atom's linter-eslint plugin making it possible to bring all of that linting goodness back to life!
From the root of the project type:
./mach eslint --setup
Install the linter-eslint package v.8.00 or above. Then go to the package settings and enable the following options:
Once done, you should see errors and warnings as shown in the screenshot below:
http://flailingmonkey.com/running-eslint-in-atom-for-mozilla-development/
|
|
Air Mozilla: MozFest 2016 Brown Bag |
MozFest 2016 Brown Bag - October 18th, 2016 - 16:00 London
|
|
Mozilla Security Blog: Phasing Out SHA-1 on the Public Web |
An algorithm we’ve depended on for most of the life of the Internet — SHA-1 — is aging, due to both mathematical and technological advances. Digital signatures incorporating the SHA-1 algorithm may soon be forgeable by sufficiently-motivated and resourceful entities.
Via our and others’ work in the CA/Browser Forum, following our deprecation plan announced last year and per recommendations by NIST, issuance of SHA-1 certificates mostly halted for the web last January, with new certificates moving to more secure algorithms. Since May 2016, the use of SHA-1 on the web fell from 3.5% to 0.8% as measured by Firefox Telemetry.
In early 2017, Firefox will show an overridable “Untrusted Connection” error whenever a SHA-1 certificate is encountered that chains up to a root certificate included in Mozilla’s CA Certificate Program. SHA-1 certificates that chain up to a manually-imported root certificate, as specified by the user, will continue to be supported by default; this will continue allowing certain enterprise root use cases, though we strongly encourage everyone to migrate away from SHA-1 as quickly as possible.
This policy has been included as an option in Firefox 51, and we plan to gradually ramp up its usage. Firefox 51 is currently in Developer Edition, and is currently scheduled for release in January 2017. We intend to enable this deprecation of SHA-1 SSL certificates for a subset of Beta users during the beta phase for 51 (beginning November 7) to evaluate the impact of the policy on real-world usage. As we gain confidence, we’ll increase the number of participating Beta users. Once Firefox 51 is released in January, we plan to proceed the same way, starting with a subset of users and eventually disabling support for SHA-1 certificates from publicly-trusted certificate authorities in early 2017.
Questions about SHA-1 based certificates should be directed to the mozilla.dev.security.policy forum.
https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/
|
|
Christian Heilmann: crossfit.js |
Also on Medium, in case you want to comment.
When I first heard about Crossfit, I thought it to be an excellent idea. I still do, to be fair:
In essence, it sounded like the counterpoint to overly complex and expensive workouts we did before. You didn’t need expensive equipment. Some bars, ropes and tyres will do. There was also no need for a personal trainer, tailor-made outfits and queuing up for machines to be ready for you at the gym.
Fast forward a few years and you’ll see that we made Crossfit almost a running joke. You have overly loud Crossfit bros crashing weights in the gym, grunting and shouting and telling each other to “feel the burn” and “when you haven’t thrown up you haven’t worked out hard enough”. You have all kind of products branded Crossfit and even special food to aid your Crossfit workouts.
Thanks, commercialism and marketing. You made something simple and easy annoying and elitist again. There was no need for that.
One thing about Crossfit is that it can be dangerous. Without good supervision by friends it is pretty easy to seriously injure yourself. It is about moderation, not about competition.
I feel the same thing happened to JavaScript and it annoys me. JavaScript used to be an add-on to what we did on the web. It gave extra functionality and made it easier for our end users to finish the tasks they came for. It was a language to learn, not a lifestyle to subscribe to.
Nowadays JavaScript is everything. Client side use is only a small part of it. We use it to power servers, run tasks, define build processes and create fat client software. And everybody has an opinionated way to use it and is quick to tell others off for “not being professional” if they don’t subscribe to it. The brogrammer way of life rears its ugly head.
Let’s think of JavaScript like Crossfit was meant to be. Lean, healthy exercise going back to what’s good for you:
JavaScript is much bigger these days than a language to learn in a day. That doesn’t mean, however, that every new developer needs to know the whole stack to be a useful contributor. Let’s keep it simple and fun.
|
|
QMO: Firefox 50 Beta 7 Testday Results |
Hello Mozillians!
As you may already know, last Friday – October 14th – we held a new Testday event, for Firefox 50 Beta 7.
Thank you all for helping us making Mozilla a better place – Onek Jude, Sadamu Samuel, Moin Shaikh, Suramya,ss22ever22 and Ilse Mac'ias.
A big thank you goes out to all our active moderators too!
Results:
Keep an eye on QMO for upcoming events!
https://quality.mozilla.org/2016/10/firefox-50-beta-7-testday-results/
|
|