I’ll be celebrating my 10th FOSDEM when I travel down to Brussels again in early February 2019. That’s ten years in a row. It’ll also be the 6th year I present something there, as I’ve done these seven talks in the past:

My past FOSDEM appearances

2010. I talked Rockbox in the embedded room.

2011. libcurl, seven SSL libs and one SSH lib in the security room.

2015. Internet all the things – using curl in your device. In the embedded room.

2015. HTTP/2 right now. In the Mozilla room.

2016. an HTTP/2 update. In the Mozilla room.

2017. curl. On the main track.

2017. So that was HTTP/2, what’s next? In the Mozilla room.

DNS over HTTPS – the good, the bad and the ugly

On the main track, in Janson at 15:00 on Saturday 2nd of February.

DNS over HTTPS (aka “DoH”, RFC 8484) introduces a new transport protocol to do secure and private DNS messaging. Why was it made, how does it work and how users are free (to resolve names).

The presentation will discuss reasons why DoH was deemed necessary and interesting to ship and deploy and how it compares to alternative technologies that offer similar properties. It will discuss how this protocol “liberates” users and offers stronger privacy (than the typical status quo).

How to enable and start using DoH today.

It will also discuss some downsides with DoH and what you should consider before you decide to use a random DoH server on the Internet.

HTTP/3

In the Mozilla room, at 11:30 on Saturday 2nd of February.

HTTP/3 is the next coming HTTP version.

This time TCP is replaced by the new transport protocol QUIC and things are different yet again! This is a presentation about HTTP/3 and QUIC with a following Q&A about everything HTTP. Join us at Goto 10.

HTTP/3 is the designated name for the coming next version of the protocol that is currently under development within the QUIC working group in the IETF.

HTTP/3 is designed to improve in areas where HTTP/2 still has some shortcomings, primarily by changing the transport layer. HTTP/3 is the first major protocol to step away from TCP and instead it uses QUIC. I’ll talk about HTTP/3 and QUIC. Why the new protocols are deemed necessary, how they work, how they change how things are sent over the network and what some of the coming deployment challenges will be.

DNS Privacy panel

In the DNS room, at 11:55 on Sunday 3rd of February.

This isn’t strictly a prepared talk or presentation but I’ll still be there and participate in the panel discussion on DNS privacy. I hope to get most of my finer points expressed in the DoH talk mentioned above, but I’m fully prepared to elaborate on some of them in this session.

https://daniel.haxx.se/blog/2019/01/04/my-talks-at-fosdem-2019/

Mozilla was born out of, and remains a part of, the open-source and free software movement. Through the Mozilla Open Source Support (MOSS) program, we recognize, celebrate, and support open source projects that contribute to our work and to the health of the internet.

2018 was a year of change and growth for the MOSS program. We worked to streamline the application process, undertook efforts to increase the diversity and inclusion of the program, and processed a record number of MOSS applications. The results? In total, MOSS provided over $970,000 in funding to over 40 open-source projects over the course of 2018. For the first time since the beginning of the program, we also received the majority of our applications from outside of the United States.

2018 highlights

While all MOSS projects advance the values of the Mozilla Manifesto, we’ve selected a few that stood out to us this year:

• • Secure Drop — $250,000 USD
    • SecureDrop is an open-source whistleblower submission system that media organizations can install to securely accept documents from anonymous sources. It was originally built by the late Aaron Swartz and is used by newsrooms all over the world, including those at The Guardian and the Associated Press. In 2018, MOSS gave its second award to Secure Drop; to date, the MOSS program has supported Secure Drop with $500,000 USD in funding.

• • The Tor Project — $150,000 USD
    • Tor is free software and an open network that helps defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security. In 2018, MOSS gave its second award to help modularize key aspects of the Tor codebase; to date, the MOSS program has supported this work with $300,000 USD in funding.

• • The Processing Foundation — $69,700 USD
    • The Processing Foundation maintains p5.js, an open-source JavaScript framework that makes creating visual media with code on the web accessible to anyone, especially those without traditional computer science backgrounds. p5.js enables users to quickly prototype interactive applications, data visualizations, and narrative experiences, and share them easily on the web.

• • Dat Project — $34,000 USD
    • Dat is a nonprofit-backed data sharing protocol for applications of the future. With software built for researchers and data management, Dat empowers people with decentralized data tools. MOSS provided $34,000 USD in funding to Dat for community-building, documentation, and tooling.

Seed Awards

With an eye toward broadening participation in the MOSS program and reaching new audiences, the MOSS team decided to try something new at this year’s Mozilla Festival in London: we invited Festival attendees who work on open-source projects to join us for an event we called “MOSS Speed Dating.” For the event, we established a special MOSS committee, comprised of existing committee members, Mozilla staff, and leaders in the open-source world. Attendees were invited to “pitch” their project to three different committee members for 10 minutes each. Following the event, the committee met to discuss which projects best exemplified the qualities we look for in all MOSS projects (openness, impact, alignment with the Mozilla mission) and provided each of the most promising projects with a $5,000 seed grant to help support future development. While many of these projects are less mature than the projects we’d support with a larger, traditional MOSS award, we hope that these seed awards will assist them in growing their codebases and communities.

The 14 projects that the committee selected were:

• autoEdit2
• Jandig
• Open Data for Outbreak Science
• Psych-DS
• VRStoryGram

https://bluesock.org/~willkg/blog/mozilla/socorro_2018.html

Happy new year! I’ll introduce WebRender’s 34th newsletter with a rather technical overview of a neat trick we call primitive segmentation. In previous posts I wrote about how we deal with batching and how we use the depth buffer both as a culling mechanism and as a way to save memory bandwidth. As a result, pixels rendered in the opaque pass are much cheaper than pixels rendered in the blend pass. This works great with rectangular opaque primitives that are axis-aligned so they don’t need anti-aliasing. Anti-aliasing, however, requires us to do some blending to smoothen the edges and rounded corners have some transparent pixels. We could tessellate a mesh that covers exactly the rounded primitive but we’d still need blending for the anti-aliasing of the border. What a shame, rounded corners are so common on the web, and they are often quite big.

Well, we don’t really need to render whole primitives at a time. for a transformed primitive we can always extract out the opaque part of the primitive and render the anti-aliased edges separately. Likewise, we can break rounded rectangles up into smaller opaque rectangles and the rectangles that contain the corners. We call this primitive segmentation and it helps at several levels: opaque segments can move to the opaque pass which means we get good memory bandwidth savings and better batching since batching complexity is mostly affected by the amount of work to perform during the blend pass. This also opens the door to interesting optimizations. For example we can break a primitive into segments, not only depending on the shapes of the primitive itself, but also on the shape of masks that are applied to it. This lets us create large rounded rectangle masks where only the rounded parts of the masks occupy significant amounts of space in the mask. More generally, there are a lot of complicated elements that can be reduced to simpler or more compact segments by applying the same family of tricks and render them as nine-patches or some more elaborate patchwork of segments (for example the box-shadow of a rectangle).

The way we represent this on the GPU is to pack all of the primitive descriptions in a large float texture. For each primitive we first pack the per-primitive data followed by the per-segment data. We dispatch instanced draw calls where each instance corresponds to a segment’s quad. The vertex shader finds all of the information it needs from the primitive offset and segment id of the quad it is working on.

The idea of breaking complicated primitives up into simpler segments isn’t new nor ground breaking, but I think that it is worth mentioning in the context of WebRender because of how well it integrates with the rest of our rendering architecture.

Notable WebRender and Gecko changes

• Jeff fixed some issues with blob image recoordination.
• Dan improved the primitive interning mechanism in WebRender.
• Kats fixed a bug with position:sticky.
• Kats fixed a memory leak.
• Kats improved the CI.
• Kvark fixed a crash caused by empty regions in the texture cache allocator.
• Kvark fixed a division by zero in a shader.
• Matt improved to the frame scheduling logic.
• Matt fixed a hit-testing issue with opacity:0 divs.
• Matt fixed a blob image validation issue.
• Matt improved the performance of text DrawTargets.
• Matt prevented opacity:0 animation from generating lots of CPU work.
• Matt fixed a pixel snapping issue.
• Matt reduced the number of YUV shader permutations.
• Lee fixed a bug in the FreeType font backend that caused all sub-pixel AA text to be shifted by a pixel.
• Lee implemented font variation on Linux.
• Emilio fixed a clipping issue allowing web content to draw over the tab bar.
• Emilio fixed a

Pick of the Month: Auto Tab Discard

by Richard Neomy
Save memory usage by automatically hibernating inactive tabs.

“Wow! This add-on works like a charm. My browsing experience has improved greatly.”

Featured: Malwarebytes Browser Extension

by Malwarebytes Inc.
Enhance the safety and speed of your browsing experience by blocking malicious websites like fake tech support scams and hidden cryptocurrency miners.

“Malwarebytes is the best I have used to stop ‘Microsoft alerts’ and ‘Windows warnings’.”

If you’d like to nominate an extension for featuring, please send it to amo-featured [at] mozilla [dot] org for the board’s consideration. We welcome you to submit your own add-on!

The post January’s featured extensions appeared first on Mozilla Add-ons Blog.

https://blog.mozilla.org/addons/2019/01/02/januarys-featured-extensions-2/

Last week, the Indian government proposed sweeping changes to the legal protections for “intermediaries”, which affect every internet company today. Intermediary liability protections have been fundamental to the growth of the internet as an open and secure medium of communication and commerce. Whether Section 79 of the Information Technology Act in India (under which these new rules are proposed), the EU’s E-Commerce Directive, or Section 230 of the US’ Communications Decency Act, these legal provisions ensure that companies generally have no obligations to actively censor and limited liability for illegal activities and postings of their users until they know about it. In India, the landmark Shreya Singhal judgment had clarified in 2015 that companies would only be expected to remove content when directed by a court order to do so.

The new rules proposed by the Ministry of Electronics and Information Technology (MEITY) turn this logic on its head. They propose that all “intermediaries”, ranging from social media and e-commerce platforms to internet service providers, be required to proactively remove “unlawful” user content, or else face liability for content on their platform. They also propose a sharp blow to end-to-end encryption technologies, used to secure most popular messaging, banking, and e-commerce apps today, by requiring services to make available information about the creators or senders of content to government agencies for surveillance purposes.

The government has justified this move based on “instances of misuse of social media by criminals and anti-national elements”, citing lynching incidents spurred on by misinformation campaigns. We recognize that harmful content online – from hate speech and misinformation to terrorist content – undermines the overall health of the internet and stifles its empowering potential. However, the regulation of speech online necessarily calls into play numerous fundamental rights and freedoms guaranteed by the Indian constitution (freedom of speech, right to privacy, due process, etc), as well as crucial technical considerations (‘does the architecture of the internet render this type of measure possible or not’, etc). This is a delicate and critical balance, and not one that should be approached with such maladroit policy proposals.

Our five main concerns are summarised here, and we will build on these for our filing to MEITY:

1. The proactive obligation on services to remove “unlawful” content will inevitably lead to over-censorship and chill free expression.
2. Automated and machine-learning solutions should not be encouraged as a silver bullet to fight against harmful content on the internet.
3. One-size-fits-all obligations for all types of online services and all types of unlawful content is arbitrary and disproportionately harms smaller players.
4. Requiring services to decrypt encrypted data, weakens overall security and contradicts the principles of data minimisation, endorsed in MEITYs draft data protection bill.
5. Disproportionate operational obligations, like mandatorily incorporating in India, are likely to spur market exit and deter market entry for SMEs.

We do need to find ways to hold social media platforms to higher standards of responsibility, and acknowledge that building rights-protective frameworks for tackling illegal content on the internet is a challenging task. However, whittling down intermediary liability protections and undermining end-to-end encryption are blunt and disproportionate tools that fail to strike the right balance. We stress that any regulatory intervention on this complex issue must be preceded by a wide ranging and participatory dialogue. We look forward to continue constructive engagement with MEITY and other stakeholders on this issue.

The post India attempts to turn online companies into censors and undermines security – Mozilla responds appeared first on Open Policy & Advocacy.

https://blog.mozilla.org/netpolicy/2019/01/02/india-attempts-to-turn-online-companies-into-censors-and-undermines-security-mozilla-responds/

https://bluesock.org/~willkg/blog/mozilla/socorro_2018_12.html

From the Thunderbird team we wish you a Happy New Year! Welcome to 2019, and in this blog post we’ll look at what we got accomplished in 2018 and look forward to what we’re going to be working on this year.

Looking Back on 2018

More Eggs in the Nest

Our team grew considerably in 2018, to eight staff working full-time on Thunderbird. At the beginning of this year we are going to be adding as many as six new members to our team. Most of these people with the exception of this author (Ryan Sipes, Community Manager) are engineers who will be focused on making Thunderbird more stable, faster, and easier to use (more on this below).

The primary reason we’ve been able to do this is an increase in donors to the project. We hope that anyone reading this will consider giving to Thunderbird as well. Donations from individual contributors are our primary source of funding, and we greatly appreciate all our supporters who made this year so successful!

Thunderbird 60

We released the latest ESR, Thunderbird 60 – which saw many improvements in security, stability, and the app’s interface. Beyond big upgrades to core Thunderbird, Thunderbird’s calendar saw many improvements as well.

For the team this was also a big learning opportunity. We heard from users who upgraded and loved the improvements, and we heard from users who encountered issues with legacy add-ons or other changes that they hurt their workflow.

We listened, and will continue to listen. We’re going to build upon what made Thunderbird 60 a success, and work to address the concerns of those users who experienced issues with the update. Hiring more staff (as mentioned above) will go a long way to having the manpower needed to build even better releases going forward.

A Growing Community

Early in the year, a couple of members of the Thunderbird team visited FOSDEM – from then on we worked hard to ensure our users and contributors that Thunderbird was spreading its wings and flying high again.

That work was rewarded when folks came to help us out. The folks at Ura Design worked on us on a few initiatives, including a style guide and user testing. They’ve also joined us in working on a new UX team, which we very much expect to grow with a dedicated UX designer/developer on staff in the new year. If you are interested in contributing or following along, you can join the UX team mailing list here.

We heard from many users who were excited at the new energy that’s been injected into Thunderbird. I received many Emails detailing what our userbase loved about Thunderbird 60 and what they’d like to see in future releases. Some even said they’d like to get involved, so we made a page with information on how to do that.

We still have some areas to improve on this year, with one of them being onboarding core contributors. Thunderbird is a big, complex project that isn’t easy to jump into. So, as we closed out the year I opened a bug where we can detail what documentation needs to be created or updated for new members of the community – to ensure they can dive into the project.

Plans for 2019

So here we are, in 2019. Looking into the future, this year looks bright for the Thunderbird project. As I pointed out earlier in this post, we start the new year with the hiring of some new staff to the Thunderbird team. Which will put us at as many as 14 full-time members on our staff. This opens up a world of possibilities for what we are able to accomplish, some of those goals I will detail now.

Making Thunderbird Fly Faster

Our hires are already addressing technical debt and doing a fair bit of plumbing when it comes to Thunderbird’s codebase. Our new hires will also be addressing UI-slowness and general performance issues across the application.

This is an area where I think we will see some of the best improvements in Thunderbird for 2019, as we look into methods for testing and measuring slowness – and then put our engineers on architecting solutions to these pain points. Beyond that, we will be looking into leveraging new, faster technologies in rewriting parts of Thunderbird as well as working toward a multi-process Thunderbird.

A More Beautiful (and Useable) Thunderbird

We have received considerable feedback

Hello and welcome to another issue of This Week in Rust! Rust is a systems language pursuing the trifecta: safety, concurrency, and speed. This is a weekly summary of its progress and community. Want something mentioned? Tweet us at @ThisWeekInRust or send us a pull request. Want to get involved? We love contributions.

This Week in Rust is openly developed on GitHub. If you find any errors in this week's issue, please submit a PR.

Updates from Rust Community

News & Blog Posts

• This year in gfx-rs: 2018.
• Comparing Pythagorean triples in C++, D, and Rust.
• My experience converting a Python library to Rust.

#Rust2019

Find all #Rust2019 posts at Read Rust.

Crate of the Week

This week's crate is Dose Response, an online-playable roguelike game with a probably bleak outcome. Thanks to Vikrant Chaudhary for the suggestion!

Submit your suggestions and votes for next week!

Call for Participation

Always wanted to contribute to open-source projects but didn't know where to start? Every week we highlight some tasks from the Rust community for you to pick and get started!

Some of these tasks may also have mentors available, visit the task page for more information.

• A call for Rust 2019 Roadmap blog posts.
• content-security-policy: Implement post-request check for fetch directives.

If you are a Rust project owner and are looking for contributors, please submit tasks here.

Updates from Rust Core

150 pull requests were merged in the last week

• add -Z instrument-mcount
• parallel query tweaks
• move jemalloc from rustc_driver to rustc
• uninline some debugging code and use unlikely! macro
• resolve: fix an ICE in import validation
• resolve: fix another ICE in import validation
• AST/HIR: introduce ExprKind::Err for better error recovery in the front-end
• fix new unused patch warning
• suggest .as_ref()? instead of ? in certain circumstances
• suggest .as_ref() when appropriate for Option and Result
• tweaks to format string diagnostics
• various changes to string format diagnostics
• point to cause of fn expected return type
• codegen: make zero-sized arrays

The front door of my condo has an unused mail slot in it (we have a mailbox on the front of the house to actually get mail). In order to avoid a draft during the winter, the previous owner had shoved some insulation in the mail slot and covered it …

https://patrick.cloke.us/posts/2018/12/28/patching-a-mail-slot/

https://hacks.mozilla.org/2018/12/mozilla-hacks-10-most-read-posts-of-2018/

Sometimes you may wonder, how many commits or lines of code did I contributed to a git repository? Here are some easy one liners to help you count that.

Number of commits

Let’s start with the easy one: counting the number of commits made by one user.

The easiest way is to run

git shortlog -s

This gives you a list of commit counts by user:

2  Grant Lindberg
9  Jonathan Hao
2  Matias Kinnunen
65  Shing Lyu
4  Shou Ya
1  wildsky
1  wildskyf

(The example comes from shinglyu/QuantumVim.)

If you only care about one user you can use

git rev-list HEAD --author="Shing Lyu" --count 

, which prints 65.

Let’s explain how this works:

• git rev-list HEAD will list the commit objects in HEAD
• --author="Shing Lyu" will filter out only the commits made by the author Shing Lyu
• --count counts the number of commits. You can pipe it to | wc -l instead.

Count the line of insertion and deletions by a user

Insertion and deletions are a little bit tricker. This is what I came up with:

git log --author=Shing --pretty=tformat: --numstat | grep -v '^-' | awk '{ add+=$1; remove+=$2 } END { print add, remove }' 

This might seem a little bit daunting, but we’ll break it up into steps:

• git log --author="Shing Lyu" list the commits by Shing Lyu, in the following format:

  commit 6966b2c969cbf62029792221bf124ed75ee2c640
  Author: Shing Lyu <shing.lyu@gmail.com>
  Date:   Sat Nov 18 17:01:25 2017 +0100
  
      Added Ctrl+z to close all system tabs
  
  commit f4710cc3a2efdc63c7caf3ec04d504912ad20a93
  Author: Shing Lyu <shing.lyu@gmail.com>
  Date:   Sat Nov 18 15:58:20 2017 +0100
  
      Bump version and diable jpm packaging
  

• --numstat will give us the line added and removed per file per commit:

  commit 6966b2c969cbf62029792221bf124ed75ee2c640
  Author: Shing Lyu <shing.lyu@gmail.com>
  Date:   Sat Nov 18 17:01:25 2017 +0100
  
      Added Ctrl+z to close all system tabs
  
      1       0       README.md
      10      0       manifest.json
      6       1       package.sh
      35      0       vim-background.js
      4       1       vim.js
  
  commit f4710cc3a2efdc63c7caf3ec04d504912ad20a93
  Author: Shing Lyu <shing.lyu@gmail.com>
  Date:   Sat Nov 18 15:58:20 2017 +0100
  
      Bump version and diable jpm packaging
  
      1       1       manifest.json
      3       3       package.sh
  

• We don’t really need the commit, Author, Date and commit message fields, so we use an empty formatting string to get rid of them: --pretty=tformat:

  1       0       README.md
  10      0       manifest.json
  6       1       package.sh
  35      0       vim-background.js
  4       1       vim.js
  1       1       manifest.json
  3       3       package.sh
  

• If you add some non-text files, e.g. png image files, the insertion/deletion count might be represented as - - foo.png. Therefore we filter them out with grep -v '^-'. If you are not familiar with grep, -v means reverse match (i.e. find those lines that does NOT match the patter). The pattern ^- means lines staring with a -. (This part is optional if you pipe to awk, awk seems to ignore non-numeric character while doing the math.)

• Finally we pipe it to awk for summing. Even if you are not familiar with awk, this part is pretty self-explanatory:

  awk '{ add+=$1; remove+=$2 } END { print add, remove }'
  

  We add column one ($1) to the variable add, and column two ($2) to the variable remove, then we print them out. This gives us an output like so:

  936 260 
  

Other alternatives

There are many other off-the-shelf scrips that will help you calculate contribution statistics. Like git-quick-stats, git-fame

https://quality.mozilla.org/2018/12/firefox-65-beta-6-testday-results/

https://danielpocock.com/merry-christmas-balkans-2018

https://daniel.haxx.se/blog/2018/12/23/a-curl-2018-retrospective/

Here is the current list of extensions I have in my Firefox desktop nightly profile :

Firefox Multi-Account Containers

This let's me use Containers , in a smoother fashion, if forces some domains to be opened in type of container. For instance Facebook is forced to my shopping container (and that's the only thing going into that container).

Grammalecte && Grammarly for Firefox

because I'm so bad at spelling and grammar. These free tools help me with both french and English. I'd use druide's Antidote if I wasn't so cheap.

HTTPS everywhere

Less needed than a few years ago, it helps me secure my web exploration.

Mastodon Share

Because I use Mastodon as my preferred social network and that Mastodon button are not always present on websites. I hope that with the demise of G+, g+ share buttons will be replace with mastodon ones.

Pinboard

Because I liked sharing and saving my bookmarks (delicio.us was a very nice social experience).

Security Report Card

Cause I like to make the web more secure and , I can easily spot the rating when visiting a site. This let's me quickly decide that I will contact the site owner of not and let him know that his site could be configured better.

Universal Amazon Killer

So I don't have to search too much and can use amazon as a search engine and then shop locally

Wayback machine

so I don't stumble too much on 404 :)

First Party Isolation

because I was too lazy to flip a preference.

https://www.hirlimann.net/Ludovic/carnet/?post/2018/12/21/December-2018-what-extensions-do-I-use-in-Firefox-dsktop

HTTP/3 – the coming HTTP version

This time TCP is replaced by the new transport protocol QUIC and things are different yet again! This is a presentation by Daniel Stenberg about HTTP/3 and QUIC with a following Q&A about everything HTTP.

The presentation will be done in English. It will be recorded and possibly live-streamed. Organized by me, together with our friends at goto10. It is free of charge, but you need to register.

When

17:30 – 19:00
January 22, 2019
Goto 10: H"orsalen, Hammarby Kaj 10D plan 5

Register here!

Fancy map to goto 10

https://daniel.haxx.se/blog/2018/12/21/http-3-talk-in-stockholm-on-january-22/

How can businesses best implement privacy principles? On November 26th, Mozilla hosted its first “Privacy Matters” event in New Delhi, bringing together representatives from some of India’s leading and upcoming online businesses. The session was aimed at driving a practical conversation around how companies can better protect user data, and the multiple incentives to do so.

This conversation is timely. The European GDPR came into force this May and had ripple effects on many Indian companies. India itself is well on its way to having its first comprehensive data protection law. We’ve been vocal in our support for a strong law, see here and here for our submissions to the Indian government. Conducted with Mika Shah, Lead Product and Data Counsel at Mozilla Headquarters in Mountain View, the meeting saw participation from thirteen companies in India, ranging from SMEs to large conglomerates, including Zomato, Ibibo, Dunzo, Practo and Zeotap. There was a mix of representatives across engineering, c-level, and legal/policy teams of these companies. The discussions were divided into three segments as per Mozilla’s Lean Data framework, covering key topics: “Engage users”, “Stay Lean”, and “Build-in Security”.

Engage Users

The first segment of the discussion focussed on how companies can better engage different audiences on issues of privacy. This ranges from making privacy policies more accessible and explaining data collection through “just-in-time” notifications to users to better engaging investors and boards on privacy concerns to gain their support for implementing reforms. Many companies argued that providing more choices to the Indian user base throws up unique challenges, and that often users can be disinterested or careless about their making choices about their personal data. This only reinforces the importance of user-education and companies agreed they could do more to effectively communicate about data collection, use, and sharing.

Stay lean

The second section was on the importance of staying “lean” with personal data rather than collecting, storing, and sharing indiscriminately. Most companies agreed that collecting and storing less personal data mitigates the risk of potential privacy leaks, breaches, and vulnerability to broad law enforcement requests. Staying lean does come with its own challenges, given that deleting data trails often comes at a high cost, or may be technically challenging when data has changed hands across vendors. It was agreed that there is a need for more innovative techniques to help pseudonymize or anonymize such datasets to reduce the risk of identification of end-users while maintaining the value of service. Despite these challenges, responsible companies should do their best to adhere to the principle of deleting data within their control, when no longer required.

Build-in security

The final segment covered key security features that could be built in to the services. For many startups, their emphasis on security practices, especially relating to employee data access controls, have increased as they grew in size. Participants in the event also spoke to concerns around the security practices of their vendors; these corporate partners often resist scrutiny of their security and/or are unwilling to negotiate terms, making it hard for companies to meet their obligations to their users and under the law.

Following the event, all of the participants confirmed that they’re intending to make changes to their privacy practices. It’s great to see such enthusiasm and commitment to protecting user privacy and championing these issues within their respective companies. We look forward to hosting further iterations of this event in India. For more information about the Lean Data Practices, see: https://www.leandatapractices.com/

The post Privacy in practice: Mozilla talks “lean data” in India appeared first on Open Policy & Advocacy.

https://blog.mozilla.org/netpolicy/2018/12/21/privacy-in-practice-mozilla-talks-lean-data-in-india/

Perhaps my favorite feature in the Rust 2018 edition is procedural macros. Procedural macros have had a long and storied history in Rust (and will continue to have a storied future!), and now is perhaps one of the best times to get involved with them because the 2018 edition has so dramatically improved the experience both defining and using them.

Here I'd like to explore what procedural macros are, what they're capable of, notable new features, and some fun use cases of procedural macros. I might even convince you that this is Rust 2018's best feature as well!

What is a procedural macro?

First defined over two years ago in RFC 1566, procedural macros are, in layman's terms, a function that takes a piece of syntax at compile time and produces a new bit of syntax. Procedural macros in Rust 2018 come in one of three flavors:

• #[derive] mode macros have actually been stable since Rust 1.15 and bring all the goodness and ease of use of #[derive(Debug)] to user-defined traits as well, such as Serde's #[derive(Deserialize)].

• Function-like macros are newly stable to the 2018 edition and allow defining macros like env!("FOO") or format_args!("...") in a crates.io-based library. You can think of these as sort of "macro_rules! macros" on steroids.

• Attribute macros, my favorite, are also new in the 2018 edition and allow you to provide lightweight annotations on Rust functions which perform syntactical transformations over the code at compile time.

Each of these flavors of macros can be defined in a crate with proc-macro = true specified in its manifest. When used, a procedural macro is loaded by the Rust compiler and executed as the invocation is expanded. This means that Cargo is in control of versioning for procedural macros and you can use them with all same ease of use you'd expect from other Cargo dependencies!

Defining a procedural macro

Each of the three types of procedural macros are defined in a slightly different fashion, and here we'll single out attribute macros. First, we'll flag Cargo.toml:

[lib]
proc-macro = true

and then in src/lib.rs we can write our macro:

extern crate proc_macro;
use proc_macro::TokenStream;

#[proc_macro_attribute]
pub fn hello(attr: TokenStream, item: TokenStream) -> TokenStream {
    // ...
}

We can then write some unit tests in tests/smoke.rs:

#[my_crate::hello]
fn wrapped_function() {}

#[test]
fn works() {
    wrapped_function();
}

... and that's it! When we execute cargo test Cargo will compile our procedural macro. Afterwards it will compile our unit test which loads the macro at compile time, executing the hello function and compiling the resulting syntax.

Right off the bat we can see a few important properties of procedural macros:

• The input/output is this fancy TokenStream type we'll talk about more in a bit
• We're executing arbitrary code at compile time, which means we can do just about anything!
• Procedural macros are incorporated with the module system, meaning no more they can be imported just like any other name.

Before we take a look at implementing a procedural macro, let's first dive into some of these points.

Macros and the module system

First stabilized in Rust 1.30 (noticing a trend with 1.15?) macros are now integrated with the module system in Rust. This mainly means that you no longer need the clunky #[macro_use] attribute when importing macros! Instead of

In lieu of the normal, detailed review of WebExtensions API coming out in Firefox 65, I’d like to simply say thank you to everyone for choosing Firefox. Now, more than ever, the web needs people who consciously decide to support an open, private, and safe online ecosystem.

Two weeks ago, nearly every Mozilla employee gathered in Orlando, Florida for the semi-annual all-hands meeting.  It was an opportunity to connect with remote teammates, reflect on the past year and begin sharing ideas for the upcoming year. One of the highlights was the plenary talk by Mitchell Baker, Chairwoman of the Mozilla Foundation. If you have not seen it, it is well worth 15 minutes of your time.

Mitchell talks about Firefox continually adapting to a changing internet, shifting its engagement model over time to remain relevant while staying true to its original mission. Near the end, she notes that it is time, once again, for Mozilla and Firefox to evolve, to shift from being merely a gateway to the internet to being an advocate for users on the internet.

Extensions will need to be part of this movement. We started when Firefox migrated to the WebExtensions API (only a short year ago), ensuring that extensions operated with explicit user permissions within a well-defined sandbox. In 2018, we made a concerted effort to not just add new API, but to also highlight when an extension was using those API to control parts of the browser. In 2019, expect to see us sharpen our focus on user privacy, user security, and user agency.

Thank you again for choosing Firefox, you have our deepest gratitude and appreciation. As a famous Mozillian once said, keep on rockin’ the free web.

-Mike Conca

Highlights of new features and fixes in Firefox 65:

• Fixed the post install panel to no longer hide search opt-in panel
• Right/Middle-clicking on top-level menu item no longer triggers menus.onClicked callback
• Fixed proxy-API (proxy.settings) handling of a default port 80
• Protocol handler prompt is bypassed when unnecessary
• browser.downloads.search now returns 0 byte downloads
• “Manage Extension” and “Remove Extension” are reordered in browserAction context menu
• Custom theme scrollbars properly repaint when switching from a dark theme to a light theme
• Enhanced browser.tabs API to support assigning tab successors
• browser.omnibox supports special characters including forward slash (/), like Chrome
• tabs.onCreated is now called for a tab opened after the last tab is closed with “browser.tabs.closeWindowWithLastTab” = “false”
• documentUrlPatterns is always used to match the document URL in extension views
• moz-extension://URL images is supported on Android
• Using downloads.download() with saveAs=true now works properly
• Browser and page action default to extension icon rather than puzzle piece

A huge thank you to the community contributors in this release, including: Ben Armstrong, Oriol Brufau, Tim Nguyen, Ryan Hendrickson, Sean Burke, Yuki “Piro” Hiroshi, Diego Pino, Jan Henning, Arshad Kazmi, Nicklas Boman.

The post