Event Telemetry is the means by which we can send ordered interaction data from Firefox users back to Mozilla where we can use it to make product decisions.

For example, we know from a histogram that the most popular way of opening the Developer Tools in Firefox Beta 62 is by the shortcut key (Ctrl+Shift+I). And it’s nice to see that the number of times the Javascript Debugger was opened was roughly 1/10th of the number of times the shortcut key was used.

…but are these connected? If so, how?

And the Javascript Profiler is opened only half as often as the Debugger. Why? Isn’t it easy to find that panel from the Debugger? Are users going there directly from the DOM view or is it easier to find from the Debugger?

To determine what parts of Firefox our users are having trouble finding or using, we often need to know the order things happen. That’s where Event Telemetry comes into play: we timestamp things that happen all over the browser so we can see what happens and in what order (and a little bit of how long it took to happen).

Event Telemetry isn’t new: it’s been around for about 2 years now. And for those two years it has been piggy-backing on the workhorse of the Firefox Telemetry system: the “main” ping.

The “main” ping carries a lot of information and is usually sent once per time you close your Firefox (or once per day, whichever is shorter). As such, Event Telemetry was constrained in how it was able to report this ordered data. It takes two whole days to get 95% of it (because that’s how long it takes us to get “main” pings), and it isn’t allowed to send more than one thousand events per process (lest it balloon the size of the “main” ping, causing problems).

This makes the data slow, and possibly incomplete.

With the landing of bug 1460595 in Firefox Nightly 63 last week, Event Telemetry now has its own ping: the “event” ping.

The “event” ping maintains the same 1000-events-per-process-per-ping limit as the “main” ping, but can send pings as frequently as one ping every ten minutes. Typically, though, it waits the full hour before sending as there isn’t any rush. A maximum delay of an hour still makes for low-latency data, and a minimum delay of ten minutes is unlikely to be overrun by event recordings which means we should get all of the events.

This means it takes less time to receive data that is more likely to be complete. This in turn means we can use less of it to get our answers. And it means more efficiency in our decision-making process, which is important when you’re competing against giants.

If you use Event Telemetry to answer your questions with data, now you can look forward to being able to do so faster and with less worry about losing data along the way.

And if you don’t use Event Telemetry to answer your questions, maybe now would be a good time to start.

The “event” ping landed in Firefox Nightly 63 (build id 20180627100027) and I hope to have it uplifted to Firefox Beta 62 in the coming days.

Thanks to :sunahsuh for her excellent work reviewing the proposal and in getting the data into the derived datasets so they can be easily queried, and further thanks to the Data Team for their support.

:chutten

https://chuttenblog.wordpress.com/2018/07/04/faster-event-telemetry-with-event-pings/

Hello, present and future Mozillians!

Last time we had a closer look at a metrics-based report analysis from the Analysen & Tal agency that took a deep dive into support.mozilla.org’s historical data.

Today, we are going to continue sharing external insights into our community and support model with a summary of the comparative study conducted for us by a team of the Copenhagen Institute of Interaction Design from Denmark. While we were not exactly looking for the essence of hygge, we found quite a few interesting nuggets of wisdom and inspiration that we’d like to share with you below. You can find the presentation here.

(Please note: this content has already been shared with the Support contributors on our forums, but now we are making it more public through this post).

The study’s goals were to help the Support team and community understand how Mozilla’s approach to helping users compares to other similar organizations, and what possible future approaches could help meeting the increasing demand for high quality help.

The methodology for the study was a mix of a series of interviews, case studies, and design explorations. The people interviewed came from external organizations and groups, as well as from Mozilla’s support community. The three entities chosen for the comparative study were the user communities around WordPress.org, Arduino, and Kaggle.

WordPress.org

In general, when compared to our Support community, WordPress.org’s is more centralized and controlled, even if on average among the three case studies it resembles our own structures the most.

The contribution forums and Slack channels are used to discuss and escalate important issues. Similarly to /r/firefox, there is also an active subreddit for WordPress that’s self-moderated and open to non-support content, if necessary. Slack seems to be a place for fruitful conversations, so we may be exploring this idea in the near future for more engaged contributors.

Another interesting aspect is that the support site, apart from community-owned-and-driven support, offers full time employees of Automattic/Wordpress.com a chance to do rotations in the open source community. This, while tried by us in the past, has not been something we have considered as a long-standing project, but it could drive more engagement and knowledge share on all levels.

The primary incentives for contribution seem to be status and connecting with others, which we understand to be also present in our own community. However, we still need to get better at identifying the incentives for joining and staying as a long-term Support contributors to continue delivering community-driven support at scale.

Arduino

Arduino’s support community, focusing on a plethora of open source software and hardware uses “in the wild”, is definitely way more decentralized and ad hoc in its practices than Mozilla’s Support.

The nature of the environment in which the community operates makes a concentrated and concerted support effort much harder, but the main activity happens across the official community forum, a StackExchange Q&A forum, and Arduino’s main Project Hub.

At the time of the study, the community forum show little conscious effort in organization from Arduino’s staff, serving a more social function with its open nature. On the other hand, the StackExchange based support forum has a well developed peer-driven reputation system, with the community moderators being voted in and gaining access and privileges based on their long-standing contributions. The StackExchange model is by far more successful and useful for support in Arduino’s case.

Finally, the Project Hub is a content creation and maintenance space that centers support-related content (for example documentation and instructables) around specific projects. Quality content is encouraged by official contests and rewards for contributors. Additionally, language and interactions presented on the site encourage a positive and inclusive community approach. As a result and thanks to the self-learning and guided aspect of using Arduino products, quality content is easier to find and produce.

Kaggle

Kaggle’s community model is an unusual hybrid of competitiveness and collaboration, fueled by commercially supported projects. With the community being the core and the product of Kaggle’s business model, the platform it lives on is highly sophisticated and the interactions within it appear to be meticulously engineered.

To this end, gamification of competing and collaborating is one of the main driving forces behind, encouraging high quality contributions and teamwork. The design of the community environment shows sharp focus on its key functions. The community is not directed to activities not considered core. That said, a large part of community engagement and motivation is happening outside of official forums, within self-created and user-governing communities. What’s interesting, many returning contributors consider their voluntary involvement a stepping stone towards their own professional careers.

Insights and Observations

The CIID researchers, based on their study of external support models listed above and .interviews with various members of different communities, gathered a set of recommendations or paths to explore for our community’s consideration.

Structured communities always leak

Simple explanation: Whatever we define as “Mozilla Support” will always see activity or interest outside of what we think is the “main” place where it happens.

Regardless of the community setup at the core of the experience, there will always be engagement and involvement taking place outside of centrally defined features or tasks. There is an opportunity in allowing bottom-up organization of people, while keeping the support tasks clear and accessible for everyone willing to participate. The Support site should still be the main place where supporting Mozilla’s users happens, but it should not be rigorously the only one out there.

The main challenge here is distributing our knowledge and expertise in an accessible way to other places on the web where users look for support.

Gamed incentives are valves, not pipes

Simple explanation: Gamification is a tool to improve or guide working contribution mechanisms, not to create new contribution mechanisms.

Any attempts at gamification should be modelled to embrace and enhance existing behaviours and interactions – not to create completely new ones. It is also better when it focuses on quality rather than quantity. Rewarding expertise over volume drives engagement from or creates opportunities for subject matter experts.

Here, the main challenge is to encourage positive behaviours and interactions at scale and in real time, as much as possible. This may mean looking into “high touch automation” (like bots or scripts) or rolling out a focused education/certification offering to increase quality contributions.

Contributors have ownership without agency

Simple explanation: Support contributors have great impact on how users perceive Firefox (as a browser and brand), but this is not clearly shown in the way Firefox is improved or marketed to users.

While our community is at the front line in receiving feedback from the users (and acting upon it), we do not have comparable impact on what is going on in the product world, mostly through lack of a strong enough feedback loop into the product organization, but also a lack of connection and understanding of what it is that we do from the creators and promoters of Firefox.

It would be hard to prove the impact of continuous support efforts without transparent and meaningful metrics at hand, so finding a way to collate and present such data is key for this concept to work. With our community’s work validated and acknowledged, it should be much easier to incorporate our feedback into the development and marketing process of Firefox.

Contributors aren’t born – they’re made

Simple explanation: New contributors can be found in more places than just among Mozillians not already contributing to Support

Many people decide to contribute to Mozilla’s mission based on their own strong beliefs in the future of the web – but many others get on board because they have received support from our community and would like to give back to Mozilla and its other users through activities that they can easily participate in. Supporting others very often proves to be just that (when compared to coding or web development, for example).

Encouraging casual users or those looking for help to give a try to helping others (or get involved with Mozilla’s mission in other ways) could be key to growing our community over all upcoming releases and finding new core contributors among the many people who already chose to use Firefox on a daily basis.

Support the supporters

Simple explanation: Community members should have access to knowledge and tools that allow them to work together and support each other regardless of administrator presence and support.

As the admin team for Support is quite small and each of its members specializes in a different aspect of the site, sometimes contributor questions or emergency escalations may go unnoticed for a while. This increases community fragility and pressure on single points of failure.

In order to address that, our community could consider developing a simple (but complete) escalation and reaction system that is transparent for everyone involved in supporting users. This could increase the resilience and cohesiveness of the Support community, regardless of personal experience or community roles held by various community members involved in escalating or responding to support requests.

Leverage the properties of each channel

Simple explanation: Each tool or resource should have a clear and defined role and purpose. The community needs useful tools, rather than access to all tools used by everyone else for other reasons.

With several places that our community uses for communication and support purposes, it is important to keep the roles and methods of using these separate tools clear and focused. We sometimes tend to “hop on the bandwagon” and try to be everywhere and use everything to be more in line with other teams at Mozilla.

This may not be the best use of everyone’s energy and time, so reviewing the tools we have and the ways they are used is an important step towards empowering contributors and streamlining processes that at this moment may not be working as optimal as possible.

Workshop Outcomes

As part of the working session, we sat all together and invested a few hours into a collaborative synthesis workshop, based on the data and research presented by our external partners. The output of the workshop was a series of project ideas that could influence the future Support strategy. The goal of these ideas is to improve what’s out there already and make Support ready for Mozilla’s future needs.

After a ton of small team work, three projects emerged:

Support Propaganda

General goal: increase awareness and impact of Support across Mozilla.

Methods:

• Opening up participation in Support to all Mozillians (especially new hires for any position at Mozilla)
• Creating a deeper connection between Support, Product, and Marketing through highlighting what Support does to help Product and Marketing deliver quality to users (data driven insights)

Switchboard Operator

General goal: High-touch targetted support for Mozilla’s software users across the web

Methods:

• Gathering information and insights about all major locations where conversations are happening about Firefox (within the context of support)
• Reaching the users with the right support information wherever they are

Alchemist’s Journey

General goal: Quality self-directed learning resources and trainings for future generations of casual or core contributors

Methods:

• First wave trial resources developed in collaboration with existing core contributors
• Second wave researched resources developed based on experiences from the first wave and input from external online education experts

Next Steps

There are more updates to come that should show you how the above work is influencing what direction we think the future of Support at Mozilla should look like.

We will keep working together with Open Innovation (closely and directly) and CIID (for future research projects) and informing you of what is up with Support at Mozilla.

We will also keep you informed (and engaged) in the future of Support at Mozilla.

Thank you for being a vital part of Mozilla’s mission for an open and helpful web!

https://blog.mozilla.org/sumo/2018/07/04/state-of-mozilla-support-2018-mid-year-update-part-2/

Since this is the end of the first half-year, I think it is a good time to reflect and show some work I've been doing over the last few months, apart from the regular batch of random issues, security bugs, reviews and the fixing of 24 bugs found by our …

https://blog.benj.me/2018/07/04/mozilla-2018-faster-calls-and-anyref/

The Team

Project Dark Theme Darkening was part of Michigan State University’s Computer Science capstone experience. Twenty-four groups of five students were each assigned an industry sponsor based on preference and skill set. We had the privilege of working with Mozilla on Firefox Quantum’s Theming API. Our project increases a user’s ability to customize the appearance of the Firefox browser.

(left to right)
Vivek Dhingra: MSU Student Contributor
Zhengyi Lian: MSU Student Contributor
Connor Masani: MSU Student Contributor
Dylan Stokes: MSU Student Contributor
Bogdan Pozderca: MSU Student Contributor

Jared Wein: Mozilla Staff
Mike Conley: Mozilla Staff
Tim Nguyen: Volunteer Contributor

The Project

Our goal was to expand upon the existing “lightweight” Theming API in Quantum to allow for more areas of customization. Themes had the ability to alter the appearance of the default toolbars, but did not have the ability to style menus, or customize auto-complete popups. Our team also worked on adding a more fluid transition when dynamic themes changed to allow for a smoother user experience.

Project Video

This video showcases a majority of the improvements we added to the Theming API and gives a good explanation of what our project was about. Enjoy — and then read on for the rest of the details:

Experience

Prior to this project, none of us had experience with Firefox development. After downloading the mozilla-central repository and exploring through the 40+ million lines of source, it was a bit daunting for all of us. Our mentors: Jared, Mike, Tim, and the Mozilla community on IRC all helped us through squashing our first bug.

Through the project, we learned to ask questions sooner rather than later. Being programmers, we were stubborn and wanted to figure out our issues ourselves but could have solved them a lot faster if we just simply asked in the Mozilla IRC. Everyone on there is extremely helpful and friendly!

All code written was in JavaScript and CSS. It was neat to see that the UI of Firefox is made in much the same way as other web pages. We got a great introduction to Mercurial by the end of the project and used some sweet tools to help our development process such as searchfox.org for indexed searching of mozilla-central, and janitor for web-based development.

Auto-complete Popups

We added the ability to customize the URL auto-complete popups. With this addition, we had to take in account the text color of the ac-url and ac-action tips associated with each result. For example, if the background of the auto-complete popup was dark, the text color of the tips are set to a light color so they can be seen.

We did this by calculating the luminance and comparing it to a threshold. The lwthemetextcolor attribute is set to either dark or bright based on this luminance threshold:

["--lwt-text-color", {
     lwtProperty: "textcolor",
     processColor(rgbaChannels, element) {
          if (!rgbaChannels) {
               element.removeAttribute("lwthemetextcolor");
               element.removeAttribute("lwtheme");
               return null;
          }
          const {r, g, b, a} = rgbaChannels;
          const luminance = 0.2125 * r + 0.7154 * g + 0.0721 * b;
          element.setAttribute("lwthemetextcolor", luminance <= 110 ? "dark" : "bright");
          element.setAttribute("lwtheme", "true");
          return `rgba(${r}, ${g}, ${b}, ${a})` || "black";
     }
}]

The top image shows the auto-complete popup with the native default theme while the bottom image shows the auto-complete popup with the Dark theme enabled. Notice that the ac-action (“Switch To Tab”) text color and ac-url are changed so they can be more easily seen on the Dark background.

Theme Properties Added

We added many new theme properties that developers like you can use to customize more of the browser. These properties include:

• icons – The color of toolbar icons.
• icons_attention – The color of toolbar icons in attention state such as the starred bookmark icon or finished download icon.
• frame_inactive – color of the accent color when the window is not in the foreground
• tab_loading – The color of the tab loading indicator and the tab loading burst.
• tab_selected – The background color of the selected tab.
• popup – The background color of popups (such as the url bar dropdown and the arrow panels).
• popup_text – The text color of popups.
• popup_border – The border color of popups.
• popup_highlight – The background color of items highlighted using the keyboard inside popups (such as the selected URL bar dropdown item)
• popup_highlight_text – The text color of items highlighted using the keyboard inside popups.
• toolbar_field_focus – The focused background color for fields in the toolbar, such as the URL bar.
• toolbar_field_text_focus – The color of text in focused fields in the toolbar, such as the URL bar.
• toolbar_field_border_focus – The focused border color for fields in the toolbar.
• button_background_active – The color of the background of the pressed toolbar buttons.
• button_background_hover – The color of the background of the toolbar buttons on hover.

The toolbar_field, and toolbar_field_border properties now apply to the “Find” toolbar.
Additionally, these new properties now apply to the the native Dark theme.

colors: {
    accentcolor: 'black',
    textcolor: 'white',
    toolbar: 'rgb(32,11,50)',
    toolbar_text: 'white',
    popup: "rgb(32,11,50)",
    popup_border: "rgb(32,11,50)",
    popup_text: "#FFFFFF",
    popup_highlight: "rgb(55,36,71)",
    icons: "white",
    icons_attention: "rgb(255,0,255)",
    frame_inactive: "rgb(32,11,50)",
    tab_loading: "#0000FF",
    tab_selected: "rgb(32,11,50)",
}

Above shows an example of some of the added properties being set in a theme manifest file and what it looks like in the browser below:

Conclusion

Our team learned a lot about web browser development over the semester of our project, and we had the opportunity to write and ship real production-level code. All of the code we wrote shipped with the recent releases of Firefox Quantum 60 and 61 and will impact millions of users, which is an awesome feeling. We want to thank everyone at Mozilla and the Mozilla community for giving us this opportunity and mentoring us through the process. We are looking forward to seeing what developers and Firefox enthusiasts create using the improved Theming API!

https://hacks.mozilla.org/2018/07/dark-theme-darkening-better-theming-for-firefox-quantum/

Towards the end of last year, I got a new laptop: the Purism Librem 13. It replaced the Lenovo ThinkPad X250 that I was using previously, which maxed out at 8 GB RAM and was beginning to be unusable for Firefox builds.

This is my first professional laptop that isn’t a ThinkPad; as I’ve now been using it for over half a year, I thought I’d write some brief notes on what my experience with it has been like.

Why Purism?

My main requirement from a work point of view was having at least 16 GB RAM while staying in the same weight category as the X250. There were options meeting those criteria in the ThinkPad line (like the X270 or newer generations of X1 Carbon), so why did I choose Purism?

Purism is a social benefit corporation that aims to make laptops that respect your privacy and freedom — at the hardware and firmware levels in addition to software — while remaining competitive with other productivity laptops in terms of price and specifications.

The freedom-respecting features of the Librem 13 that you don’t typically find in other laptops include:

• Hardware kill switches for WiFi/Bluetooth and the microphone/camera
• A open-source bootloader (coreboot)
• A disabled Intel Management Engine, a component of Intel CPUs that runs proprietary software at (very) elevated privilege levels, which Intel makes very hard to disable or replace
• An attempt to ship hardware components with open-source firmware, though this is very much a work in progress
• Tamper evidence via Heads, though this is a newer feature and was not available at the time I purchased my Librem 13.

These are features I’ve long wanted in my computing devices, and it was exciting to see someone producing competitively priced laptops with all the relevant configuration, sourcing of parts, compatibility testing etc. done for you.

Hardware

Material

The Librem’s aluminum chassis looks nicer and feels sturdier than the X250’s plastic one.

Screen

At 13.3'', the Librem’s screen size is a small but noticeable and welcome improvement over the X250’s 12.5''.

The X250 traded off screen size for battery life. It’s the same weight as the 14'' ThinkPad X1 Carbon; the weight savings from a smaller screen size go into extra thickness, which allows for a second battery. I was pleased to see that the Librem, which is the same thickness as the X1 Carbon and only has one battery, has comparable battery life to the X250 (5-6 hours on an average workload).

The Librem’s screen is not a touchscreen. I noticed this because I used the X250’s touchscreen to test touch event support in Firefox, but I don’t think the average user has much use of a touchscreen in a conventional laptop (it’s more useful in 2-in-1 laptops, which Purism also offers, and that does have a touchscreen), so I don’t hold this against Purism.

The maximum swivel angle between the Librem’s keyboard and its screen is 130 degrees, compared to the X250’s almost 180 degrees. I did occasionally use the X250’s greater swivel angle (e.g. when lying on a couch), but I didn’t find its absence in the Librem to be a significant issue.

Touchpad

The one feature of ThinkPad laptops that I miss the most in the Librem, is the TrackPoint, the red button in the middle of the keyboard that allows you to move the cursor without having to move your hand down to the touchpad. I didn’t realize how much I relied on this until I didn’t have it, though I’ve been getting by without it. (I view it as additional motivation for me to use the keyboard more and the cursor less.)

Also missing in the Librem are the buttons above the touchpad for left-, right-, and middle-clicking; you instead have to click by tapping the touchpad with one, two, or three fingers (respectively), which I find more awkward and prone to accidental taps.

Finally, while I haven’t noticed this very much myself (but I tend not to be very discerning in this area), several people who have briefly used my Librem commented that the sensitivity of its touchpad is significantly reduced compared to other touchpads they’re used to.

Keyboard

The Librem’s keys feel better to the press than the X250’s. However, I’ve found you have to hit the keys fairly close to their centre for the press to register; the X250’s keys were more sensitive in this respect (hitting the side of the key would still trigger it), so this took some getting used to.

The keyboard can be backlit (at two different levels of intensity, though I don’t think I’ve ever used the second one). However, the shortcut to activate the backlight (Fn + F10) is significantly harder to find in the dark than the X250’s (Fn + Space).

I’ve also found the Librem’s keys get sweaty more easily, I’m guessing due to different materials.

Layout

The Librem’s keyboard layout differs from the X250’s in several small but important ways. Some of the changes are welcome; others, less so.

Here is a picture of the keyboard to illustrate:

• One thing that I think the Librem’s keyboard gets right that the X250 got wrong, is that the key in the bottom left corner is Ctrl, with Fn being next to it, rather than the other way around. I find this significantly aids muscle memory when moving between the Librem’s keyboard and external / desktop keyboards (which invariably have Ctrl in the bottom left corner). (I know that issues like this can technically be worked around by remapping keys, but it’s nice not to have to.)
• On the other hand, the biggest deficiency in the Librem’s keyboard is the lack of PageUp, PageDown, Home, and End keys. The X250 had all of these: PageUp and PageDown above the right and left arrow keys, Home and End in the top row. With the Librem, you have to use the arrow keys with the Fn modifier to invoke these operations. My typing style is such that I use these operations fairly heavily, and as such I’ve missed the separate keys a lot.
• A related minor annoyance is the fact that the rightmost key in the second row from the bottom is not Shift as it usually is, but a second Fn key; that’s also an impedient to muscle memory across different keyboards.
• Lastly, the key in the top right corner is the power key, not Delete which is what I was used to from the X250.

None of these are necessarily dealbreakers, but they did take some getting used to.

Microphone

Every time I’ve tried the Librem’s microphone so far, the recording quality has been terrible, with large amounts of static obscuring the signal. I haven’t yet had a chance to investigate whether this is a hardware or software issue.

Software

The Librem 13 comes with Purism’s own Linux distribution, PureOS. PureOS is basically a light repack of Debian and GNOME 3, with some common software pre-installed and, in some cases, re-branded.

I got the impression that PureOS and its software doesn’t get much in the way of maintenance. For example, for the re-branded browser that came with PureOS, “PureBrowser”, the latest version available in the PureOS repository at the time I got my Librem was based on Firefox 45 ESR, which had been out of support for some 6 months by that time!

I’m also not a huge fan of GNOME 3. I tolerated this setup for all of about two weeks, and then decided to wipe the PureOS installation and replace it with a plain Debian stable installation, with KDE, my preferred desktop environment. This went without a hitch, indicating that — as far as I can tell — there isn’t anything in the PureOS patches that’s necessary for running on this hardware.

Generally, running Linux on the Librem 13 has been a smooth experience; I haven’t seen much in the way of glitches or compatibility issues. Occasionally, I get something like a crashed power management daemon (shortcuts to increase/decrease brightness stop working), but nothing too serious.

Conclusion

The Purism Librem 13 has largely lived up to my goal of having a lightweight productivity laptop with a decent amount of memory (though I’m sad to say that the Firefox build has continued to get larger and slower over time, and linking is sometimes a struggle even with 16 GB of RAM…) while also going the extra mile to protect my privacy and freedoms. The Librem 13 has a few deficiencies in comparison to the ThinkPad line, but they’re mostly in the category of papercuts. At the end of the day it boils down to whether living with a few small annoyances to benefit from the additional privacy features is the right tradeoff for you. For me, so far, it has been, although I certainly hope the Purism folks take feedback like this into account and improve future iterations of the Librem line.

https://botondballo.wordpress.com/2018/07/03/review-of-the-purism-librem-13/

Today, I found this email from Google in my inbox:

We routinely review items in the Chrome Web Store for compliance with our Program policies to ensure a safe and trusted experience for our users. We recently found that your item, “Google search link fix,” with ID: cekfddagaicikmgoheekchngpadahmlf, did not comply with our Developer Program Policies. Your item did not comply with the following section of our policy:

We may remove your item if it has a blank description field, or missing icons or screenshots, and appears to be suspicious. Your item is still published, but is at risk of being removed from the Web Store.

Please make the above changes within 7 days in order to avoid removal.

Not sure why Google chose the wrong email address to contact me about this (the account is associated with another email address) but luckily this email found me. I opened the extension listing and the description is there, as is the icon. What’s missing is a screenshot, simply because creating one for an extension without a user interface isn’t trivial. No problem, spent a bit of time making something that will do to illustrate the principle.

And then I got another mail from Google, exactly 2 hours 30 minutes after the first one:

We have not received an update from you on your Google Chrome item, “Google search link fix,” with ID: cekfddagaicikmgoheekchngpadahmlf, item before the expiry of the warning period specified in our earlier email. Because your item continues to not comply with our policies stated in the previous email, it has now been removed from the Google Chrome Web Store.

I guess, Mountain View must be moving at extreme speeds, which is why time goes by way faster over there — relativity theory in action. Unfortunately, communication at near-light speeds is also problematic, which is likely why there is no way to ask questions about their reasoning. The only option is resubmitting, but:

Important Note: Repeated or egregious policy violations in the Chrome Web Store may result in your developer account being suspended or could lead to a ban from using the Chrome Web Store platform.

In other words: if I don’t understand what’s wrong with my extension, then I better stay away from the resubmission button. Or maybe my update with the new screenshot simply didn’t reach them yet and all I have to do is wait?

Anyway, dear users of my Google search link fix extension. If you happen to use Google Chrome, I sincerely recommend switching to Mozilla Firefox. No, not only because of this simple extension of course. But Addons.Mozilla.Org policies happen to be enforced in a transparent way, and appealing is always possible. Mozilla also has a good track record of keeping out malicious extensions, something that cannot be said about Chrome Web Store (a recent example).

Update (2018-07-04): The Hacker News thread lists a bunch of other cases where extensions were removed for unclear reasons without a possibility to appeal. It seems that having a contact within Google is the only way of resolving this.

Update 2 (2018-07-04): The extension is back, albeit without the screenshot I added (it’s visible in the Developer Dashboard but not on the public extension page). Given that I didn’t get any notification whatsoever, I don’t know who to thank for this and whether it’s a permanent state or whether the extension is still due for removal in a week.

Update 3 (2018-07-04): Now I got an email from somebody at Google, thanks to a Google employee seeing my blog post here. So supposedly this was an internal miscommunication, which resulted in my screenshot update being rejected. All should be good again now and all I have to do is resubmit that screenshot.

https://palant.de/2018/07/03/google-to-developers-we-take-down-your-extension-because-we-can

Late last week we quietly landed a Nightly-only addon that spoofs the Chrome Mobile user agent string for Google Search (well, Facebook too, but that's another blog post).

Why?

Bug 975444 is one of the most-duped web compat bugs, which documents the fact that the version of Google Search that Firefox for Android users receive is a less rich version than the one served to Chrome Mobile. And people notice (hence all the dupes).

In order to turn this situation around, we've been working on a number of platform interop bugs (in collaboration with some friendly members of the Blink team) and have hopes in making progress towards receiving Tier 1 search by default.

Part of the plan is to sniff out bugs we don't know about (or new bugs, as the site changes very quickly) by exposing the Nightly population to the spoofed Tier 1 version for 4 weeks (which should be July 27, 2018). If things get too bad, we can back out the addon earlier.

If you've found a bug, please report it at https://webcompat.com/issues/new.

And in the meantime, if the bugs are too annoying to deal with, you can disable it by going to about:config and setting extensions.gws-and-facebook-chrome-spoof.enabled to false (just search for gws).

Note: don't hit reset; instead, tap the true/false value and then hit toggle when that appears.

(yeah, yeah, I'll go charge my phone now.)

https://miketaylr.com/posts/2018/07/google-search-in-firefox-for-android-nightly.html

OSenado Brasileiro poder'a votar esta semana o Projeto de Lei de Protec~ao de Dados Pessoais (PLC 53/2018), aprovado pela C^amara dos Deputados em 29 de maio, ap'os quase uma d'ecada de debate em torno de v'arias proposic~oes sobre o tema. Embora alguns aspectos do Projeto ainda sejam pass'iveis de aprimoramentos, a Mozilla acredita que o texto representa uma estrutura b'asica de protec~ao de dados para o Brasil e instamos os reguladores brasileiros `a sua urgente aprovac~ao.

Especificamente, o PLC 53/2018:

1. 'E o resultado de um processo de consultas inclusivo e aberto `a sociedade brasileira, seguindo o exemplo do Marco Civil da Internet (Lei n. 12.965/2014). O processo de discuss~ao do PLC 53/2018 envolveu v'arias partes interessadas do governo, setor privado, sociedade civil e academia. O projeto tamb'em recebeu apoio p'ublico de v'arias organizac~oes do setor privado e da sociedade civil.
2. N~ao faz distinc~oes entre o setor privado e ao governo e aplica suas disposic~oes isonomicamente. A criac~ao de excec~oes amplas para o Poder P'ublico, conforme disposto em outros Projetos de Lei alternativos acabaria por diluir a efic'acia da lei com relac~ao `a salvaguarda dos direitos do usu'ario. O Governo Federal 'e, indiscutivelmente, o maior coletor de dados pessoais no Brasil e a coleta de dados 'e requisito obrigat'orio para o acesso aos servicos. A proximidade das eleic~oes de 2018 e a aus^encia de uma lei de protec~ao de dados despertam preocupac~oes relativas `a eventual utilizac~ao de dados pessoais para influenciar o processo eleitoral. Esse ponto faz-se especialmente importante a luz dos recentes debates e revelac~oes em torno da Cambridge Analytica.
3. Introduz uma entidade reguladora nacional auto-suficiente, independente e robusta. A efic'acia de um marco legal de protec~ao de dados pessoais reside na exist^encia de mecanismos de garantia das obrigac~oes e direitos, indispensavelmente. Isso inclui um alto grau de independ^encia do governo, uma vez que o regulador deve ter jurisdic~ao sobre as atividades de protec~ao de dados do Governo tamb'em. Parabenizamos tamb'em a introduc~ao de um 'org~ao participativo e multissetorial respons'avel por emitir diretrizes, garantir a transpar^encia e avaliar a implementac~ao da lei.
4. Institui um conjunto de direitos para os indiv'iduos robusto, ressaltando a import^ancia da obtenc~ao de consentimento do usu'ario e exigindo que os respons'aveis por atividades de tratamento de dados respeitem os princ'ipios de minimizac~ao de dados, limitac~ao das atividades de uso e coleta de dados, bem como seguranca de bases de dados. Ao qualificar o consentimento como livre, informado e inequ'ivoco o PLC 53/2018 n~ao s'o estipula um alto padr~ao de consentimento como coloca os usu'arios no controle de seus dados e experi^encias on-line. Por fim, o projeto tamb'em reforca os mecanismos de responsabilizac~ao, ao passo que (a) coloca sobre o agente o ^onus para demonstrar a adoc~ao e efic'acia das medidas de protec~ao de dados, e (b) permite aos usu'arios a possibilidade de acessar e retificar dados sobre si mesmos, bem como a possibilidade de oposic~ao ao tratamento de dados.
5. Define categorias de dados pessoais sens'iveis; a respeito deste ponto, 'e bom ver dados biom'etricos inclu'idos nesta lista. Acreditamos que um regime mais rigoroso dados sens'iveis 'e 'util para sinalizar aos respons'aveis pelo tratamento de dados que um n'ivel mais alto de protec~ao e seguranca ser'a necess'ario ante a sensibilidade das informac~oes.

A falta de uma lei abrangente de protec~ao de dados exp~oe os cidad~aos brasileiros a riscos decorrentes do uso indevido de seus dados pessoais tanto pelo Governo quanto pelos servicos privados. Este 'e um momento oportuno e hist'orico, onde o Brasil tem a oportunidade de finalmente aprovar uma lei geral de protec~ao de dados que ir'a salvaguardar os direitos dos brasileiros por gerac~oes a vir.

Este post foi publicado originalmente em ingl^es.

The post `A frente da votac~ao no Senado Federal, Mozilla endossa a aprovac~ao de Lei Brasileira de Protec~ao de Dados (PLC 53/ 2018) appeared first on Open Policy & Advocacy.

https://blog.mozilla.org/netpolicy/2018/07/02/lei-brasileira-de-protecao-de-dados/

On July 2, 2013, I was hired by Mozilla on the Web Compatibility team. It has been 5 years. I didn't count the emails, the commits, the bugs opened and resolved. We do not necessary strive by what we accomplished, specifically when expressed in raw numbers. But there was a couple of transformations and skills that I have acquired during these last five years which are little gems for taking the next step.

Working is also a lot of failures, drawbacks, painful learning experiences. A working space is humanity. The material we work with (at least in computing) is mostly ideas conveyed by humans. Not the right word at the right moment, a wrong mood, a desire for a different outcome, we do fail. Then we try to rebuild, to protect ourselves. This delicate balance is though a risk worth taking on the long term.

I'm looking forward the next step, I really mean the next footstep. The one in the path, the one of the hikers, just the next one, which brings you closer from the next flower, the next grass, which transforms the landscape in an undetectable way. Breathing, discovering, learning, with t^ete-`a-t^ete or alone.

Thanks to Mozilla and its community to allow me to share some of my values with some of yours. I'm very much looking forward the next day to continue this journey with you.

Otsukare!

http://www.otsukare.info/2018/07/02/mozilla-five-years

As soon as this week, the Brazilian Senate may vote on Brazilian Data Protection Bill (PLC 53/2018), which was approved by the Chamber of Deputies on May 29th following nearly a decade of debate on various draft bills. While aspects of the bill will no doubt need to be refined and evolve with time, overall, Mozilla believes this bill represents a strong baseline data protection framework for Brazil, and we urge Brazilian policymakers to pass it quickly.

Specifically, this bill:

1. Is the outcome of an inclusive and open consultation process, following the example of the landmark Brazilian Civil Rights Framework for the Internet (‘Marco Civil’). The consultation has involved multiple stakeholders from government, private sector, civil society, and academia. The bill has also received public support from various organizations in the private sector and civil society.
2. Applies with equal strength to private sector and the government. Creating broad exceptions for government use of data, as proposed in alternative bills, would dilute the effectiveness of the data protection law to safeguard user rights. The government is arguably the largest data collector in Brazil, and government data collection is often mandatory for access to services. As the Brazilian general election approaches, some are concerned that in the absence of a data protection law, personal data could be used to influence the election. This is especially salient given the recent debates and revelations around Cambridge Analytica.
3. Introduces a well-resourced, independent, and empowered national regulator. A strong enforcement mechanism is critical for any data protection framework to be effective. This includes a high degree of independence from the government, since the regulator should have jurisdiction over claims against the government as well. We also welcome the introduction of a participatory multi-stakeholder body to issue guidelines, ensure transparency, and evaluate the implementation of the law.
4. Puts in place a robust framework of user rights with meaningful user consent at its core, requiring data controllers and processors to abide by the principles of data minimisation, purpose limitation, collection limitation, and data security. In particular, it includes a high standard of free, informed, and unequivocal consent, putting users in control of their data and online experiences. It also emphasizes mechanisms for accountability, putting the onus on the agent to demonstrate both the adoption and effectiveness of data protection measures, and allows for the user to access and rectify data about themselves as well as withdraw consent for any reason.
5. Defines categories of sensitive personal data; in particular, it’s good to see biometric data included in this list. A stricter regime for certain categories of sensitive data is useful in order to signal to data controllers that a higher level of protection and security will be required given the sensitivity of the information.

The lack of a comprehensive data protection law exposes Brazilian citizens to risks of misuse of their personal data by both government and private services. This is a timely and historic moment where Brazil has the opportunity to finally pass a baseline data protection law that will safeguard the rights of Brazilians for generations to come.

Click here for a Portuguese translation of this post.

The post Ahead of Senate vote, Mozilla endorses Brazilian Data Protection Bill (PLC 53/2018) appeared first on Open Policy & Advocacy.

https://blog.mozilla.org/netpolicy/2018/07/02/brazilian-data-protection-bill/

Pick of the Month: Midnight Lizard

by Pavel Agarkov
More than just dark mode, Midnight Lizard lets you customize the readability of the web in granular detail—adjust everything from color schemes to lighting contrast.

“This has got to be the best dark mode add-on out there, how is this not more popular? 10/10”

Featured: Black Menu for Google

by Carlos Jeurissen
Enjoy easy access to Google services like Search, Translate, Google+, and more without leaving the webpage you’re on.

“Awesome! Makes doing quick tasks with any Google app faster and simpler!”

Featured: Authenticator

by mymindstorm
Add an extra layer of security by generating two-step verification codes in Firefox.

“Thank you so much for making this. I would not be able to use many websites without it now days, literally, since I don’t use a smartphone. Thank you thank you thank you. Works wonderfully.”

Featured: Turbo Download Manager

by InBasic
A download manager with multi-threading support.

“One of the best.”

Featured: IP Address and Domain Information

by webdev7
Know the web you travel! See detailed information about every IP address, domain, and provider you encounter in the digital wild.

“The site provides valuable information and is a tool well worth having.”

If you’d like to nominate an extension for featuring, please send it to amo-featured [at] mozilla [dot] org for the board’s consideration. We welcome you to submit your own add-on!

The post July’s Featured Extensions appeared first on Mozilla Add-ons Blog.

https://blog.mozilla.org/addons/2018/07/02/julys-featured-extensions-2/

Last week, we pushed an update that enables add-on developers to use larger image sizes on their add-on listings.

We hadn’t updated our size limits for many years, so the images on listing pages are fairly small. The image viewer on the new website design scales the screenshots to fit the viewport, which makes these limitations even more obvious.

For example, look at this old listing of mine.

The image below better reflects how the magnified screenshot looks like on my browser tab.

After this fix, developers can upload images as large as they prefer. The maximum image display size on the site is 1280x800 pixels, which is what we recommend they upload. For other image sizes we recommend using the 1.6:1 ratio. If you want to update your listings to take advantage of larger image sizes, you might want to consider using these tips to give your listing a makeover to attract more users.

We look forward to beautiful, crisper images on add-on listing pages.

The post Larger image support on addons.mozilla.org appeared first on Mozilla Add-ons Blog.

https://blog.mozilla.org/addons/2018/07/02/larger-image-support/

After several months of discussion on the mozilla.dev.security.policy mailing list, our Root Store Policy governing Certification Authorities (CAs) that are trusted in Mozilla products has been updated. Version 2.6 has an effective date of July 1st, 2018.

More than one dozen issues were addressed in this update, including the following changes:

• Section 2.2 “Validation Practices” now requires CAs with the email trust bit to clearly disclose their email address validation methods in their CP/CPS.
• The use of IP Address validation methods defined by the CA has been banned in certain circumstances.
• Methods used for IP Address validation must now be clearly specified in the CA’s CP/CPS.
• Section 3.1 “Audits” increases the WebTrust EV minimum version to 1.6.0 and removes ETSI TS 102 042 and 101 456 from the list of acceptable audit schemes in favor of EN 319 411.
• Section 3.1.4 “Public Audit Information” formalizes the requirement for an English language version of the audit statement supplied by the Auditor.
• Section 5.2 “Forbidden and Required Practices” moves the existing ban on CA key pair generation for SSL certificates into our policy.
• After January 1, 2019, CAs will be required to create separate intermediate certificates for issuing SSL and S/MIME certificates. Newly issued Intermediate certificates will need to be restricted with an EKU extension that doesn’t contain anyPolicy, or both serverAuth and emailProtection. Intermediate certificates issued prior to 2019 that do not comply with this requirement may continue to be used to issue new end-entity certificates.
• Section 5.3.2 “Publicly Disclosed and Audited” clarifies that Mozilla expects newly issued intermediate certificates to be included on the CA’s next periodic audit report. As long as the CA has current audits, no special audit is required when issuing a new intermediate. This matches the requirements in the CA/Browser Forum’s Baseline Requirements (BR) section 8.1.
• Section 7.1 “Inclusions” adds a requirement that roots being added to Mozilla’s program must have complied with Mozilla’s Root Store Policy from the time that they were created. This effectively means that roots in existence prior to 2014 that did not receive BR audits after 2013 are not eligible for inclusion in Mozilla’s program. Roots with documented BR violations may also be excluded from Mozilla’s root store under this policy.
• Section 8 “CA Operational Changes” now requires notification when an intermediate CA certificate is transferred to a third party.

A comparison of all the policy changes is available here.

The post Root Store Policy Updated appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2018/07/02/root-store-policy-updated/

https://www.marcozehe.de/2018/07/01/rediscovering-blindness-products/

I guess I just really like graphs that step downwards:

Earlier this week :mreid noticed that our Nightly population suddenly started sending us, on average, 150 fewer kilobytes (uncompressed) of data per ping. And they started doing this in the middle of the previous week.

Step 1 was to panic that we were missing information. However, no one had complained yet and we can usually count on things that break to break loudly, so we cautiously-optimistically put our panic away.

Step 2 was to see if the number of pings changed. It could be we were being flooded with twice as many pings at half the size, for the same volume. This was not the case:

Step 3 was to do some code archaeology to try and determine the “culprit” change that was checked into Firefox and resulted in us sending so much less data. We quickly hit upon the removal of BrowserUITelemetry and that was that.

…except… when I went to thank :Standard8 for removing BrowserUITelemetry and saving us and our users so much bandwidth, he was confused. To the best of his knowledge, BrowserUITelemetry was already not being sent. And then I remembered that, indeed, back in March :janerik had been responsible for stopping many things like BrowserUITelemetry from being sent (since they were unmaintained and unused).

So I fired up an analysis notebook and started poking to see if I could find out what parts of the payload had suddenly decreased in size. Eventually, I generated a plot that showed quite clearly that it was the keyedHistograms section that had decreased so radically.

Around the same time :janerik found the culprit in the list of changes that went into the build: we are no longer sending a couple of incredibly-verbose keyed histograms because their information is now much more readily available in profiles.

The power of cleaning up old code: removing 150kb from the average “main” ping sent multiple times per day by each and every Firefox Nightly user.

Very satisfying.

:chutten

https://chuttenblog.wordpress.com/2018/06/29/some-more-very-satisfying-graphs/

It may be the wrong day to slam the local newspapers, but this was what greeted me trying to click through to a linked newspaper article this morning on Firefox Android. The link I was sent was from the Riverside Press-Enterprise, but this appears to be throughout the entire network of the P-E's owners, the Southern California News Group (which includes the Orange County Register, San Bernardino Sun and Los Angeles Daily News):

That's obnoxious. SCNG is particularly notorious for not being very selective about ads and they tend to be colossally heavy and sometimes invasive; there's no way on this periodically green earth that I'm turning the adblocker off. I click "no thanks." The popover disappears, but what it was covering was this:

That's not me greeking the article so you can't see what article I was reading. The ad-blocker-blocker did it so that a clever user or add-on can't just set the ad-blocker-blocker's popover to display:none or something. The article is now incomprehensible text.

My first reaction is that any possibility I had of actually paying $1 for the 4 week subscription to any SCNG paper just went up in the flames of my great furious wrath (after all, this is a blog s**tpost). The funny part is that TenFourFox's basic adblock actually isn't defeated by this, probably because we're selective about what actually gets blocked and so the ad-blocker-blocker thinks ads are getting through. But our old systems are precisely those that need adblockers because of all the JavaScript (particularly) that modern ad systems lard their impressions up with. Anyway, to read the article I actually ended up looking at it on the G5. There was no way I was going to pay them for engaging in this kind of behaviour.

The second thought I had was, how do you handle this? I'm certainly sympathetic to the view that we need stronger local papers for better local governance, but print ads are a much different beast than the dreck that online ads are. (Yes, this blog has ads. I don't care if you block them or not.) Sure, I could have subscriptions to all the regional papers, or at least the ones that haven't p*ssed me off yet, but then I have to juggle all the memberships and multiple charges and that won't help me read papers not normally in my catchment area. I just want to click and read the news, just like I can anonymously pick up a paper and read it at the bar.

One way to solve this might be to have revenue sharing arrangements between ISPs and papers. It could be a mom-and-pop ISP and the local paper, if any of those or those still exist, or it could be a large ISP and a major national media group. Users on that ISP get free access (as a benefit of membership even), the paper gets a piece. Everyone else can subscribe if they want. This kind of thing already exists on Apple TV devices, after all: if I buy the Spectrum cable plan, I get those channels free on Apple TV over my Spectrum Internet access, or I pay if I don't. Why couldn't newspapers work this way?

Does net neutrality prohibit this?

http://tenfourfox.blogspot.com/2018/06/ad-blocker-blockers-hit-new-low-whats.html

https://blog.mozvr.com/this-week-in-mixed-reality-issue-11/

I’m excited to announce that you can now run the Python unit tests for packages in the Firefox source code against Python 3! This will allow us to gradually build support for Python 3, whilst ensuring that we don’t later regress. Any tests not currently passing in Python 3 are skipped with the condition skip-if = python == 3 in the manifest files, so if you’d like to see how they fail (and maybe provide a patch to fix some!) then you will need to remove that condition locally. Once you’ve done this, use the mach python-test command with the new optional argument --python. This will accept a version number of Python or a path to the binary. You will need to make sure you have the appropriate version of Python installed.

Once you’re ready to enable tests to run in TaskCluster, you can simply update the python-version value in taskcluster/ci/source-test/python.yml to include the major version numbers of Python to execute the tests against. At the current time our build machines have Python 2.7 and Python 3.5 available.

To summarise:

1. Remove skip-if = python == 3 from manifest files. These are typically named manifest.ini or python.ini, and are usually found in the tests directory for the package.
2. Run mach python-test --python=3 with your target path or subsuite.
3. Fix the package(s) to support Python 3 and ensure the tests are passing
4. Add Python 3 to the python-version for the appropriate job in taskcluster/ci/source-test/python.yml.

At the time of writing, the pythonclock.org tells me that we have just over 18 months before Python 2.7 will be retired. What this actually means is still somewhat unknown, but it would be a good idea to check if your code is compatible with Python 3, and if it’s not, to do something about it. The Firefox build system at Mozilla uses Python, and it’s still some way from supporting Python 3. We have a lot of code, it’s going to be a long journey, and we could do with a bit of help!

Whilst we do plan to support Python 3 in the Firefox build system (see bug 1388447), my initial concern and focus has been the Python packages we distribute on the Python Package Index (PyPI). These are available to use outside of Mozilla’s build system, and therefore a lack of Python 3 support will prevent any users from adopting Python 3 in their projects. One such example is Treeherder, which uses mozlog for parsing log files. Treeherder is a django project, which recently dropped support for Python 2 (unless you’re using their long term support release, which will support Python 2 until 2020).

Updating these packages to support Python 3 isn’t necessary that hard to do, especially with tools such as six, which provides utilities for handling the differences between Python 2 and Python 3. The problem has been that we had no way to run the tests against Python 3 in TaskCluster. This is no longer the case, and Python unit tests can now be run against Python 3!

So far I have enabled Python 3 jobs for our mozbase unit tests (this includes the aforementioned mozlog), and our mozterm unit tests. There are still many tests in mozbase that are not passing in Python 3, so as mentioned above, these have been conditionally skipped in the manifest files. This will allow us to enable these tests as support is added, and this condition could even be used in the future if we have a package that doesn’t have full compatibility with Python 2.

Now that running the tests against multiple versions of Python is relatively easy, it’s a great time for me to encourage our community to help us with supporting Python 3. If you’d like to help, we have a tracking bug for all of our mozbase packages. Find a package you’d like to work on, read the comments to understand what you need and how to get set up, and let me know if you get stuck!

http://davehunt.co.uk/2018/06/29/python-unit-tests-now-running-with-python-3-at-mozilla.html

So often these days the debate is framed as "drivers vs cyclists" or "drivers vs pedestrians". Basically drivers vs everyone. Because if there's one thing we've learnt is that drivers think all the roads, parking spaces and infrastructure is all for them and absolutely no-one else.

But you need to walk to get into a car. You need to get out of a car to walk when you get to your destination. Everyone becomes a pedestrian at some point. In fact everyone in a car gets out of a car, eventually.

So you can have a world where people go into their garages at their houses, drive to work and go into their garages there ... and no-one ever interacts with anything other than cars in the real world. Or perhaps you can treat pedestrians with respect. And people on bicycles. And just about everyone else.

http://www.agmweb.ca/2018-06-29-pedestrians/

happy bmo push day! Huge shout out to @BugzillaUX for all the UX enhancements in this release!

release tag

the following changes have been pushed to bugzilla.mozilla.org:

• [1467297] variable masks earlier declaration in Feed.pm in Phabbugz extension
• [1467271] When making a revision public, make the revision editable only by the bmo-editbugs-team project (editbugs)
• [1456877] Add a wrapper around libcmark_gfm to Bugzilla
• [1468818] Re-introduce is_markdown to the longdescs table (schema-only)
• [

View On WordPress

https://mozilla-bteam.tumblr.com/post/175344753218