The Things Gateway from Mozilla lets you directly monitor and control your home over the web, without a middleman.

Today the Mozilla IoT team is excited to announce the 0.5 release of the Things Gateway, which is packed full of new features including customisable devices, a more powerful rules engine, an interactive floorplan and an experimental smart assistant you can talk to.

Customisable Things

Custom Capabilities

A powerful new “capabilities” system means that devices are no longer restricted to a predefined set of Web Thing Types, but can be assembled from an extensible schema-based system of “capabilities” through our new schema repository.

This means that developers have much more flexibility to create weird and wacky devices, and users have more control over how the device is used. So if you have a door sensor which also happens to be a temperature sensor, a smart plug which also has a multi-colour LED ring, or a whole bunch of sensors all in one device, you’re not limited by restrictive device types.

This also provides more flexibility to developers who want to build their own web things using the Things Framework, which now also has support for Rust, MicroPython and Arduino.

Custom Icons

When a user adds a device to the gateway they can now choose what main function they want to use it for and what icon is used to represent it.

You can even upload your own custom icon if you want to.

Custom Web Interface

In addition to the built-in UI the gateway generates for devices, web things can now provide a link to a custom web interface designed specifically for any given device. This is useful for complex or unusual devices like a robot or a “pixel wall” where a custom designed UI can be much more user friendly.

Actions & Events

In addition to properties (like “on/off”, “level” and “color”), the gateway UI can now represent actions like “fade” which are triggered with a button and can accept input via a form.

The UI can also display an event log for a device.

Powerful Rules Engine

The rules engine now supports rules with multiple inputs and multiple outputs. Simple rules are still just as easy to create, but more advanced rules can make use of “if”, “while”, “and”, “or” and “equals” operators to create more sophisticated automations through an intuitive drag and drop interface.

happy bmo push day! This release is rather bigger than typical.

release tag

the following changes have been pushed to bugzilla.mozilla.org:

• [1476288] Replace moz_nick with (new, revised) nick and also attempt to disallow duplicate nicks
• [1472954] Implement one-click component watching on bug modal and component description pages
• [1136271] Make user profile page visible to anyone for easier sharing
• [1475593] Bugzilla Emails received when patches are attached…

View On WordPress

https://mozilla-bteam.tumblr.com/post/176536354858

Pick of the Month: Privacy Possum

by cowlicks
Protect yourself against some of the sneakiest trackers out there.

“Perfect complement for your privacy.”

Featured: Textmarker

by underflyingbirches
If you do a lot of text highlighting on webpages, this is a highly customizable tool with loads of fancy features like bookmarking, shortcut commands, save options, and more.

“This is the best text marker add-on under the new Firefox platform! It’s simple but also powerful, very flexible.”

Featured: Worldwide Radio

by Oleksandr
Enjoy live radio from more 30,000 local stations around the globe.

“Love it! Works as intended and I can listen to my favorite radio station in Australia!”

Featured: Transparent Standalone Images

by Jared W
For a clearer view of digital images, this simple but unique extension renders standalone images on transparent backgrounds.

“Oh my god, thank you. I was getting so tired of the white backgrounds around standalone transparent images. Bless you, works perfectly.”

Featured: ReloadMatic: Automatic Tab Refresh

by pylo
More than just another time-controlled tab reloader, ReloadMatic offers cache control, protection against reloading a page you may be in the midst of interacting with, and other nuanced features.

“I really appreciate the time you’ve spent developing this extension because it has far more functionality than the other reloading extensions I’ve tried since moving to [Firefox] Quantum.”

If you’d like to nominate an extension for featuring, please send it to amo-featured [at] mozilla [dot] org for the board’s consideration. We welcome you to submit your own add-on!

The post August’s Featured Extensions appeared first on Mozilla Add-ons Blog.

https://blog.mozilla.org/addons/2018/08/01/augusts-featured-extensions-2/

The Rust team is happy to announce a new version of Rust, 1.28.0. Rust is a systems programming language focused on safety, speed, and concurrency.

If you have a previous version of Rust installed via rustup, getting Rust 1.28.0 is as easy as:

$ rustup update stable

If you don’t have it already, you can get rustup from the appropriate page on our website, and check out the detailed release notes for 1.28.0 on GitHub.

What’s in 1.28.0 stable

Global Allocators

Allocators are the way that programs in Rust obtain memory from the system at runtime. Previously, Rust did not allow changing the way memory is obtained, which prevented some use cases. On some platforms, this meant using jemalloc, on others, the system allocator, but there was no way for users to control this key component. With 1.28.0, the #[global_allocator] attribute is now stable, which allows Rust programs to set their allocator to the system allocator, as well as define new allocators by implementing the GlobalAlloc trait.

The default allocator for Rust programs on some platforms is jemalloc. The standard library now provides a handle to the system allocator, which can be used to switch to the system allocator when desired, by declaring a static and marking it with the #[global_allocator] attribute.

use std::alloc::System;

#[global_allocator]
static GLOBAL: System = System;

fn main() {
    let mut v = Vec::new();
    // This will allocate memory using the system allocator.
    v.push(1);
}

However, sometimes you want to define a custom allocator for a given application domain. This is also relatively easy to do by implementing the GlobalAlloc trait. You can read more about how to do this in the documentation.

Improved error message for formatting

Work on diagnostics continues, this time with an emphasis on formatting:

format!("{_foo}", _foo = 6usize);

Previously, the error message emitted here was relatively poor:

error: invalid format string: expected `'}'`, found `'_'`
  |
2 |     format!("{_foo}", _foo = 6usize);
  |             ^^^^^^^^

Now, we emit a diagnostic that tells you the specific reason the format string is invalid:

error: invalid format string: invalid argument name `_foo`
  |
2 |     let _ = format!("{_foo}", _foo = 6usize);
  |                       ^^^^ invalid argument name in format string
  |
  = note: argument names cannot start with an underscore

See the detailed release notes for more.

Library stabilizations

We’ve already mentioned the stabilization of the GlobalAlloc trait, but another important stabilization is the NonZero number types. These are wrappers around the standard unsigned integer types: NonZeroU8, NonZeroU16, NonZeroU32, NonZeroU64, NonZeroU128, and NonZeroUsize.

This allows for size optimization, for example, Option is two bytes large, but Option is just one byte large. Note that this optimization remains even when NonZeroU8 is wrapped inside another struct; the example below illustrates that Door is still 1 byte large despite being placed inside an Option. This optimization applies to user-defined enums as well: Option is not special.

use 

Mozilla established one of the first modern security bug bounty programs back in 2004. Since that time, much of the technology industry has followed our lead and bounty programs have become a critical tool for finding security flaws in the software we all use. But even while these programs have reached broader acceptance, the legal protections afforded to bounty program participants have failed to evolve, putting security researchers at risk and possibly stifling that research.

That is why we are announcing changes to our bounty program policies to better protect security researchers working to improve Firefox and to codify the best practices that we’ve been using.

We often hear of researchers who are concerned that companies or governments may take legal actions against them for their legitimate security research. For example, the Computer Fraud and Abuse Act (CFAA) – essentially the US anti-hacking law that criminalizes unauthorized access to computer systems – could be used to punish bounty participants testing the security of systems and software. Just the potential for legal liability might discourage important security research.

Mozilla has criticized the CFAA for being overly broad and for potentially criminalizing activity intended to improve the security of the web. The policy changes we are making today are intended to create greater clarity for our own bounty program and to remove this legal risk for researchers participating in good faith.

There are two important policy changes we are making. First, we have clarified what is in scope for our bounty program and specifically have called out that bounty participants should not access, modify, delete, or store our users’ data. This is critical because, to protect participants in our bug bounty program, we first have to define the boundaries for bug bounty eligibility.

Second, we are stating explicitly that we will not threaten or bring any legal action against anyone who makes a good faith effort to comply with our bug bounty program. That means we promise not to sue researchers under any law (including the DMCA and CFAA) or under our applicable Terms of Service and Acceptable Use Policy for their research through the bug bounty program, and we consider that security research to be “authorized” under the CFAA.

You can see the full changes we’ve made to our policies in the General Eligibility and Safe Harbor sections of our main bounty page. These changes will help researchers know what to expect from Mozilla and represent an important next step for a program we started more than a decade ago. We want to thank Amit Elazari, who brought this safe harbor issue to our attention and is working to drive change in this space, and Dropbox for the leadership it has shown through recent changes to its vulnerability disclosure policy. We hope that other bounty programs will adopt similar policies.

The post Safe Harbor for Security Bug Bounty Participants appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2018/08/01/safe-harbor-for-security-bug-bounty-participants/

We commend the Argentine G20 Presidency for continuing to build momentum around the G20 digital process and look forward to seeing the Declaration and the progress made to that end following the Digital Ministerial on August 24.

However, we can’t ignore the lack of transparency and the step back from multistakeholder engagement that was championed under last year’s G20 Presidency by Germany. Mozilla appreciated the invitation to attend the G20-B20 workshops on July 30, which allowed for providing input into the Digital Declaration. But inviting pre-selected organisations to an unofficial side event on comparatively short notice is not sufficient for a meaningfully transparent and inclusive process.

Assuming responsibility in the digital age also means that governments have to cater to the complexities of existing and upcoming challenges by including different stakeholders for their expertise and various experiences.

We cannot reinstate trust in the development of our digital societies if we close the doors to meaningful engagement and inclusive participatory processes.

Faro Digital, ITS Rio, and Mozilla reiterate as part of a much broader coalition of 80 stakeholders from across the world that a positive, forward-looking digital agenda must support a healthy web ecosystem and put people and their individual rights first, by providing meaningful access, strong privacy and data protection rights, freedom of expression, collaborative cybersecurity, and increased competition.

Read more: https://g20openletter.org

Mitchell Baker, Executive Chairwoman, Mozilla

Ronaldo Lemos, Director, ITS Rio

Ezequiel Passeron, Executive Director, Faro Digital

The post G20 digital process: Trust requires more transparency and inclusion appeared first on The Mozilla Blog.

https://blog.mozilla.org/blog/2018/08/01/g20-digital-process-trust-requires-more-transparency-and-inclusion/

Phabricator supports multi-commit patch series, but it's not yet obvious how to do it using Mercurial. So this the "hg" equivalent of this blog post for git users.

Note that other people have written tools and plugins to do the same thing and that an official client is coming soon.

Initial setup

I'm going to assume that you've setup arcanist and gotten an account on the Mozilla Phabricator instance. If you haven't, follow this video introduction or the excellent documentation for it (Bryce also wrote additionnal instructions for Windows users).

Make a list of commits to submit

First of all, use hg histedit to make a list of the commits that are needed:

pick ee4d9e9fcbad 477986 Bug 1461515 - Split tracking annotations from tracki...
pick 5509b5db01a4 477987 Bug 1461515 - Fix and expand tracking annotation tes...
pick e40312debf76 477988 Bug 1461515 - Make TP test fail if it uses the wrong...

Create Phabricator revisions

Now, create a Phabricator revision for each commit (in order, from earliest to latest):

~/devel/mozilla-unified (annotation-list-1461515)$ hg up ee4d9e9fcbad
5 files updated, 0 files merged, 0 files removed, 0 files unresolved
(leaving bookmark annotation-list-1461515)

~/devel/mozilla-unified (ee4d9e9)$ arc diff --no-amend
Linting...
No lint engine configured for this project.
Running unit tests...
No unit test engine is configured for this project.
 SKIP STAGING  Phabricator does not support staging areas for this repository.
Created a new Differential revision:
        Revision URI: https://phabricator.services.mozilla.com/D2484

Included changes:
  M       modules/libpref/init/all.js
  M       netwerk/base/nsChannelClassifier.cpp
  M       netwerk/base/nsChannelClassifier.h
  M       toolkit/components/url-classifier/Classifier.cpp
  M       toolkit/components/url-classifier/SafeBrowsing.jsm
  M       toolkit/components/url-classifier/nsUrlClassifierDBService.cpp
  M       toolkit/components/url-classifier/tests/UrlClassifierTestUtils.jsm
  M       toolkit/components/url-classifier/tests/mochitest/test_trackingprotection_bug1312515.html
  M       xpcom/base/ErrorList.py

~/devel/mozilla-unified (ee4d9e9)$ hg up 5509b5db01a4
3 files updated, 0 files merged, 0 files removed, 0 files unresolved

~/devel/mozilla-unified (5509b5d)$ arc diff --no-amend
Linting...
No lint engine configured for this project.
Running unit tests...
No unit test engine is configured for this project.
 SKIP STAGING  Phabricator does not support staging areas for this repository.
Created a new Differential revision:
        Revision URI: https://phabricator.services.mozilla.com/D2485

Included changes:
  M       toolkit/components/url-classifier/tests/UrlClassifierTestUtils.jsm
  M       toolkit/components/url-classifier/tests/mochitest/test_trackingprotection_bug1312515.html
  M       toolkit/components/url-classifier/tests/mochitest/trackingRequest.html

~/devel/mozilla-unified (5509b5d)$ hg up e40312debf76
2 files updated, 0 files merged, 0 files removed, 0 files unresolved

~/devel/mozilla-unified (e40312d)$ arc diff --no-amend
Linting...
No lint engine configured for this project.
Running unit tests...
No unit test engine is configured for this project.
 SKIP STAGING  Phabricator does not support staging areas for this repository.
Created a new Differential revision:
        Revision URI: https://phabricator.services.mozilla.com/D2486

Included changes:
  M       toolkit/components/url-classifier/tests/mochitest/classifiedAnnotatedPBFrame.html
  M       toolkit/components/url-classifier/tests/mochitest/test_privatebrowsing_trackingprotection.html

Link all revisions together

In order to ensure that these commits depend on one another, click on that last phabricator.services.mozilla.com link, then click "Related Revisions" then "Edit Parent Revisions" in the right-hand side bar and then add the previous commit (D2485 in this example).

Then go to

Introducing the Dweb

The web is the most successful programming platform in history, resulting in the largest open and accessible collection of human knowledge ever created. So yeah, it’s pretty great. But there are a set of common problems that the web is not able to address.

Have you ever…

• Had a website or app you love get updated to a new version, and you wished to go back to the old version?
• Tried to share a file between your phone and laptop or tv or other device while not connected to the internet? And without using a cloud service?
• Gone to a website or service that you depend on, only to find it’s been shut down? Whether it got bought and enveloped by some internet giant, or has gone out of business, or whatever, it was critical for you and now it’s gone.

Additionally, the web is facing critical internet health issues, seemingly intractable due to the centralization of power in the hands of a few large companies who have economic interests in not solving these problems:

• Hate speech, harassment and other attacks on social networks
• Repeated attacks on Net Neutrality by governments and corporations
• Mass human communications compromised and manipulated for profit or political gain
• Censorship and whole internet shutdowns by governments

These are some of the problems and use-cases addressed by a new wave of projects, products and platforms building on or with web technologies but with a twist: They’re using decentralized or distributed network architectures instead of the centralized networks we use now, in order to let the users control their online experience without intermediaries, whether government or corporate. This new structural approach gives rise to the idea of a ‘decentralized web’, often conveniently shortened to ‘dweb’.

You can read a number of perspectives on centralization, and why it’s an important issue for us to tackle, in Mozilla’s Internet Health Report, released earlier this year.

What’s the “D” in Dweb?!

The “d” in “dweb” usually stands for either decentralized or distributed.
What is the difference between distributed vs decentralized architectures? Here’s a visual illustration:

(Image credit: Openclipart.org, your best source for technical clip art with animals)

In centralized systems, one entity has control over the participation of all other entities. In decentralized systems, power over participation is divided between more than one entity. In distributed systems, no one entity has control over the participation of any other entity.

Examples of centralization on the web today are the domain name system (DNS), servers run by a single company, and social networks designed for controlled communication.

A few examples of decentralized or distributed projects that became household names are Napster, BitTorrent and Bitcoin.

Some of these new dweb projects are decentralizing identity and social networking. Some are building distributed services in or on top of the existing centralized web, and others are distributed application protocols or platforms that run the web stack (HTML, JavaScript and CSS) on something other than HTTP. Also, there are blockchain-based platforms that run anything as long as it can be compiled into WebAssembly.

Here We Go

Mozilla’s mission is to put users in control of their experiences online. While some of these projects and technologies turn the familiar on its head (no servers! no DNS! no HTTP(S)!), it’s important for us to explore their potential for empowerment.

This is the first post in a series. We’ll introduce projects that cover social communication, online identity, file sharing, new economic models, as well as high-level application platforms. All of this work is either decentralized or distributed, minimizing or entirely removing centralized control.

You’ll meet the people behind these projects, and learn about their values and goals, the technical architectures used, and see basic code examples of using the project or platform.

So leave your

Firefox 60 (the current release) displays an “untrusted connection” error for any website using a TLS/SSL certificate issued before June 1, 2016 that chains up to a Symantec root certificate. This is part of the consensus proposal for removing trust in Symantec TLS certificates that Mozilla adopted in 2017. This proposal was also adopted by the Google Chrome team, and more recently Apple announced their plan to distrust Symantec TLS certificates. As previously stated, DigiCert’s acquisition of Symantec’s Certification Authority has not changed these plans.

In early March when we last blogged on this topic, roughly 1% of websites were broken in Firefox 60 due to the change described above. Just before the release of Firefox 60 on May 9, 2018, less than 0.15% of websites were impacted – a major improvement in just a few months’ time.

The next phase of the consensus plan is to distrust any TLS certificate that chains up to a Symantec root, regardless of when it was issued (note that there is a small exception for TLS certificates issued by a few intermediate certificates that are managed by certain companies, and this phase does not affect S/MIME certificates). This change is scheduled for Firefox 63, with the following planned release dates:

• Beta – September 5
• Release – October 23

We have begun to assess the impact of the upcoming change to Firefox 63. We found that 3.5% of the top 1 million websites are still using Symantec certificates that will be distrusted in September and October (sooner in Firefox Nightly)! This number represents a very significant impact to Firefox users, but it has declined by over 20% in the past two months, and as the Firefox 63 release approaches, we expect the same rapid pace of improvement that we observed with the Firefox 60 release.

We strongly encourage website operators to replace any remaining Symantec TLS certificates immediately to avoid impacting their users as these certificates become distrusted in Firefox Nightly and Beta over the next few months. This upcoming change can already be tested in Firefox Nightly by setting the security.pki.distrust_ca_policy preference to “2” via the Configuration Editor.

The post Update on the Distrust of Symantec TLS Certificates appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2018/07/30/update-on-the-distrust-of-symantec-tls-certificates/

Say “Firefox” and most people think of a web browser on their laptop or phone, period. TL;DR, there’s more to the story now, and our branding needs to evolve.

With the rapid evolution of the internet, people need new tools to make the most of it. So Firefox is creating new types of browsers and a range of new apps and services with the internet as the platform. From easy screen-shotting and file sharing to innovative ways to access the internet using voice and virtual reality, these tools will help people be more efficient, safer, and in control of their time online. Firefox is where purpose meets performance.

[287x296]

Firefox Quantum Browser Icon

As an icon, that fast fox with a flaming tail doesn’t offer enough design tools to represent this entire product family. Recoloring that logo or dissecting the fox could only take us so far. We needed to start from a new place.

A team made up of product and brand designers at Mozilla has begun imagining a new system to embrace all of the Firefox products in the pipeline and those still in the minds of our Emerging Technologies group. Working across traditional silos, we’re designing a system that can guide people smoothly from our marketing to our in-product experiences.

Today, we’re sharing our two design system approaches to ask for your feedback.

[736x547]

How this works.

For those who recall the Open Design process we used to craft our Mozilla brand identity, our approach here will feel familiar:

• We are not crowdsourcing the answer.
• There’ll be no voting.
• No one is being asked to design anything for free.

Living by our open-source values of transparency and participation, we’re reaching out to our community to learn what people think. You can make your views known by commenting on this blog post below.

Extreme caveat: Although the products and projects are real, these design systems are still a work of fiction. Icons are not final. Each individual icon will undergo several rounds of refinement, or may change entirely, between now and their respective product launches. Our focus at this point is on the system.

We’ll be using these criteria to evaluate the work:

• Do these two systems still feel like Firefox?
• How visually cohesive is each of them? Does each hold together?
• Can the design logic of these systems stretch to embrace new products in the future?
• Do these systems reinforce the speed, safety, reliability, wit, and innovation that Firefox stands for?
• Do these systems suggest our position as a tech company that puts people over profit?

All the details.

The brand architecture for both systems is made up of four levels.

Each system leads with a new Firefox masterbrand icon — an umbrella under which our product lines will live.

[689x302]

The masterbrand icon will show up in our marketing, at events, in co-branding with partners, and in places like the Google Play store where our products can be found. Who knows? Someday this icon may be what people think of when they hear the word “Firefox.”

[500x239]

[500x167]

At the general-purpose browser level, we’re proposing to update our Firefox Quantum desktop icon. We continue to simplify and modernize this icon, and people who use Firefox tell us they love it. Firefox Developer Edition and Firefox Nightly are rendered as color variants of the Quantum icon.

[500x236] [500x200]
Browsers with a singular focus, such as our Firefox Reality browser for VR applications and our privacy-driven Firefox Focus mobile browser, share a common design approach for their icons. These are meant to relate most directly to the master brand as peers to the Firefox Quantum browser icon.

[500x453]

As part of our Screenshots release on July 26, 2018, we thought we’d update you on a few new features that we think you’ll find especially useful.

We shipped a simple image editor a few months ago to enable users to annotate and crop their shots. Now we are expanding the editor with three more features: undo, redo, and text.

Undo and Redo

Drawing anything freehand with a mouse can be difficult, and while the editor previously provided an undo via the reset feature, that wiped out everything since the beginning of the editing session. With the new undo feature, users now can undo a single edit action at a time. The accompanying redo feature is there when users change their minds and want to undo their undos.

Text Tool

Writing text freehand with a mouse is difficult. The ability to add text to an image, however, is a very useful annotation feature. In the latest update to the Screenshots editor, users can insert text with the new text tool. To keep things simple, it is currently limited to one line of text per edit.

Users can drag to move text to their desired location by clicking and holding their left mouse button on the outside edge of the inserted text. You can also choose the font size and font color! With the new text tool, you can create and share your own meme in just few minutes! And isn’t that why the internet exists?

What’s next?

We welcome your contributions and would like Screenshots to provide best user experience. If you come across any issues or have new feature requests, you can log them on Github or Bugzilla.

Screenshots was originally an experiment from the Firefox Test Pilot team. Have a look at our current experiments, and let us know what you think!

New Features in Screenshots was originally published in Firefox Test Pilot on Medium, where people are continuing the conversation by highlighting and responding to this story.

https://medium.com/firefox-test-pilot/new-features-in-screenshots-38580f24a0e3?source=rss----46b1a2ddb811---4

When you’re in the zone, be it creative or analytical, anything you can do to stay there is an asset. It’s part of why we build and design Firefox to … Read more

The post Free your mind and move your biggest files with the WeTransfer extension for Firefox appeared first on The Firefox Frontier.

https://blog.mozilla.org/firefox/wetransfer-extension-firefox/

Hi there, WebRender’s newsletter is here, delayed again by some vacation time sprinkled with a fair amount of the traditional “I’m busy” excuse. It’s been a while so there is a lot below (without counting the items I probably missed in the overwhelming amount of stuff that went into WebRender and Gecko since the last newsletter.

One of the highlights this time is something I have been focusing on for a while, building on the async scene building infrastructure to move blob image rasterization off of the render backend thread. Instead of lazily rasterizing blob images in the critical path we now eager rasterize a subset of the blobs asynchronously during scene building. This makes sure expensive blob rasterization never prevent us from producing 60 frames per second during scrolling.
The other highlight is that we started gathering telemetry numbers on the nightly population that opted into WebRender, and these numbers are very positive, even in areas that we haven’t spent any time optimizing yet.

Notable WebRender changes

• Kvark prevented segmentation of tiled images.
• Glenn reduced the size of scroll nodes in memory and introduced transform palettes.
• Lee added configurable angles for synthetic italics.
• Martin added vertical scrolling in wrench.
• Glenn refactored the clip scroll tree to reduce the amount of transforms sent to teh GPU.
• Andrew fixed a panic in the texture cache.
• Andrew fixed the tiling and dirty rect information for external images.
• Martin implemented nine-patch support for border gradients.
• Nical moved the rasterization of blob images off of the critical path.
• Glenn reduced the size of the per-instance data in GPU memory.
• Glenn cached the font instance in text runs primitives to avoid querying it during batching.
• Zakor Gyula moved the device module into a folder in preparation for supporting more backends and fixed various issues with the portability of the shaders.
• Kvark fixed an issue with forced texture uploads and dirty rects.
• Nical fixed the scene building debug indicator to work with async scene building.
• Lee snapped text run offsets and glyph offsets separately.
• Glenn changed the data structure used to store clip sources.
• Kvark improved the chasing infrastructure to debug batches.
• Glenn avoided building frames when not necessary, improving CPU and power usage.
• Jeff fixed a bug causing blob images to be transferred to the GPU every frame.
• Nical avoided a crash if the debug shaders fail to build.
• Kvark improved the way we handle non-inertible transforms in some cases.
• s-panferov fixed the framebuffer size of the examples on hidpi screens.
• Glenn decoupled batching from the clip-scroll-tree.
• Glenn removed a redundant matrix transformation per primitive per frame.
• Glenn decoupled some of the primitive code from spacial nodes.
• Martin

http://mozillamarciaknous.wixsite.com/mozcommunity/single-post/2018/07/30/Farewell-Gerv

Also, for those of you who may be unaware, long-time Mozillian Gervase Markham passed away, surrounded by his family. He was ever a professional to the end. I didn't know him as well as some, but I'll always remember him, not least of which for his unwavering faith in the face of adversity and leaving us far too soon. Go with God.

TenFourFox Feature Parity Release 9 beta 1 is now available (downloads, hashes, release notes). There are several new features and many bug fixes in this version. FPR9 is also the first TenFourFox release to pull from the new extended support release, Firefox 60ESR, and we have updated the extended validation certificate roots and our certs'n'pins import script to pull from that source instead of the shortly-to-be-decommissioned 52ESR. All relevant security and stability patches on 60ESR so far have also been backported.

On the bug fix side, there is a crash fix for media tracks from Raphael, updates to the ATSUI font blacklist (mostly for certain Japanese fonts) that can now block incompatible fonts through the CSS Font Loading API as well, updated timezone data for the ICU internationalization library, ICU security fixes, fixes for button sensing in events which should get around some weird glitchy things where the mouse buttons get ignored, and a dumb old bug with WiFi scanning. I also added a layout fix for button subelements that keep getting split apart, fixing problems on sites like Twitch and GoDaddy.

There are also a number of performance related changes. First, the idle observer minimal interval has been increased to be a better fit for our old machines, since doing this every second (potentially) robs CPU time and possibly instruction cache space away from user interaction. Do note, however, that while this reduces work being run while you use the browser the work is only delayed and not eliminated, meaning improvements in responsiveness and animation will be at the cost of memory being occasionally held longer and taking longer to release, and possibly longer GC pauses (though less often), so advise if you don't think the tradeoff is worth it (this is adjustable, though it's hardcoded within TenFourFox and is not a pref). This release also has some tuning to Cocoa events handling to slightly reduce scroll wheel latency and reduce some overhead with custom events, and additional code in JavaScript to make it more nimble about cancelling and recompiling since most of our systems are uniprocessor.

The other big change is to array handling. I backported a number of changes that landed in Firefox 55 which increase the performance of certain array operations such as splices and shifts by anywhere from 35 to 80 times. This does not translate into as dramatic a boost as you might think because in small numbers these types of operations were already reasonably swift, nor are they typically executed in large numbers or in tight loops back to back, but for those sites that do, they will run quite a bit quicker.

Of the new features, CSS column properties are now unprefixed and tested, which will help improve site compatibility. Unfortunately one big new feature that I planned for FPR9 won't make this release: deferred idle callbacks. The requestIdleCallback DOM API was enabled in Firefox in Fx55 and allows browsers to schedule work in the idle time between animation frames. Rarely do any of our old systems have such idle time available, and the 50ms or less usually granted (and actually checked for by the W3C test suite) isn't much time to do much work anyway. However, we can also infer from the timeout that is (optionally) passed that the website is able to tolerate the work being deferred up to that long, so deferred idle callbacks deferred the work up to that long. For example, on YouTube this would delay comments and other pieces of the UI so that the CPU could concentrate more on decoding and blitting frames. My initial thought was to try to run the callback when the system was not under load, but it turned out

I'm sad that Gerv is no longer with us, but I'm also glad because I'm confident he is in the presence of Jesus, awaiting the final resurrection.

I never spent very much time with him, but I really appreciated getting together at Mozilla events with Gerv and a small group of other Mozilla Christians to pray every morning. That tradition continues, and long may it do so!

I have always been inspired by the way Gerv and his family lived their lives to the full, to the glory of God, in the face of his long illness. I've had a sheltered life of little contact with sickness and death, but that will probably not last, and I expect in times to come I will treasure Gerv's example.

http://robert.ocallahan.org/2018/07/gerv.html

[221x300]

Gerv Markham, a friend and mentor to many in the Mozilla community, passed away last night surrounded by his family.

Gerv worked at Mozilla for many years working in a variety of capacities including being a lead developer of Bugzilla and most recently working on special projects under the Mozilla Chairwoman.

I had the pleasure of working with Gerv in the Thunderbird community and most recently on the MOSS Grants Committee as one of the inaugural members. Between these two areas, I often sought Gerv’s mentoring and advice, as he always had wisdom to share.

Anyone who has been intimately involved with the Mozilla project likely engaged Gerv from time to time, although much of his work was behind the scenes but nonetheless important work.

I think it goes without saying Gerv had a significant impact on the open web through his contributions to Bugzilla and various projects that moved the open web forward and he championed the values of the Mozilla manifesto. All of us who knew him and got the opportunity to collaborate were rewarded with a good friend and valuable wisdom that will be missed.

Thanks Gerv for being a friend of Mozilla and the open web and you will be surely missed.

http://feedproxy.google.com/~r/BenjaminKerensaDotComMozilla/~3/hYXsx_tt2AM/remembering-gerv-markham

 your case is still going through administrative processing and we don't know when that process will be completed.

Last year I was denied to go to the US when I was about to travel to San Francisco. Me and my employer's legal team never got answers as to why this happened so I've personally tried to convince myself it was all because of some human screw-up. Because why would they suddenly block me? I've traveled to the US almost a dozen times over the years.

The fact that there was no reason or explanation given makes any theory as likely as the next. Whatever we think or guess might have happened can be true. Or not. We will probably never know. And I've been told a lot of different theories.

Denied again

In early April 2018 I applied for ESTA again to go to San Francisco in mid June for another Mozilla All Hands conference and... got denied. The craziness continues. This also ruled out some of the theories from last year that it was just some human error by the airline or similar...

As seen on the screenshot, this decision has no expire date... While they don't provide any motivation for not accepting me, this result makes it perfectly clear that it wasn't just a mistake last year. It makes me view last year with different eyes.

Put in this situation, I activated plan B.

Plan B

I then applied for a "real" non-immigrant visa - even though it feels that having been denied ESTA probably puts me in a disadvantage for that as well. Applying for this visa means filling in a 10-something-page "DS-160" form online on a site that sometimes takes minutes just to display the next page in the form where they ask for a lot of personal details. After finally having conquered that obstacle, I paid the 160 USD fee and scheduled an appointment to appear physically at the US embassy in Sweden.

I acquired an "extraction of the population register" ("personbevis" in Swedish) from the Swedish tax authorities - as required (including personal details of my parents and siblings), I got myself a new mugshot printed on photo paper and was lucky enough to find a date for an appointment not too far into the future.

Appointment

I spent the better part of a fine Tuesday morning in different waiting lines at my local US embassy where I eventually was called up to a man at a counter behind a window. I was fingerprinted, handed over my papers and told the clerk I have no idea why I was denied ESTA when asked, and no, I have not been on vacation in Iraq, Iran or Sudan. The clerk game me the impression that's the sort of thing that is the common reason for not getting ESTA.

When I answered the interviewer's question that I work for Mozilla, he responded "Aha, Firefox?" - which brightened up my moment a little.

Apparently the process is then supposed to take "several weeks" until I get to know anything more. I explained that I needed my passport in three weeks (for another trip) and he said he didn't expect them to be done that quickly.  Therefore I got the passport back while they process my application and I'm expected to mail it to them when they ask for it.

The next form

When I got back home again, I got an email from "the visa unit" asking me to fill in another form (in the shape of a Word document). And what a form it is! It might be called "OMB 1405-0226" and has this fancy title:

"SUPPLEMENTAL QUESTIONS FOR VISA APPLICANTS"

Among other things it requires me to provide info about all trips abroad (with dates and duration) I've done over the last 15 years. What aliases I use on social media sites (hello mr US visa agent, how do you like this post so far?), every physical address I've lived at in the last 15 years, information about all my employers the last 15 years and every email address I've used during the last 5 years.

It took me many hours digging through old calendars, archives and memories and asking around in order to fill this in properly. ("hey that company trip we did to Germany back in 2005, can you remember the dates?") As a side-note: it turns out I've been in the US no less than nine times the last fifteen years. In total I managed to list sixty-five different trips abroad for this period.

[показать]

http://www.glazman.org/weblog/dotclear/index.php?post/2018/07/28/Gerv%2C-oh-Gerv-%3A-%28

Yesterday, on July 27th, 2018, the Justice Srikrishna Committee of Experts, set up by the Government of India, made public its final report and the draft of India’s first comprehensive data protection law. We have long argued that the enactment of a baseline data protection law should be a national policy priority for India, and we’re pleased to see India take an important step forward towards enacting real privacy protections.

The legislation is groundbreaking in several respects, codifying principles and enforcement mechanisms that Mozilla has advocated are foundational to a robust data protection framework. But the law is not without loopholes, many of which threaten to dislodge these strong foundations.

Mozilla Chairwoman Mitchell Baker observed: “India’s data protection law will shape the relationship between users and the companies and government entities they entrust with their data. This draft bill is a strong start, but to truly protect the privacy of all Indians, we can’t afford loopholes such as the bill’s broad exceptions for government use of data and data localization requirements. Mozilla will continue to advocate for changes; with this bill, India has the opportunity to be a model to the world.”

As this bill makes its way to law, an open and consultative process is essential. We will continue to advocate to the Government to make necessary changes in the bill.

Top level highlights from the bill include:

1. Obligations – Strong obligations that apply to both private companies and the government, including purpose limitation, collection limitation, data security, documentation, and a general duty to process data in a way that’s “fair and reasonable” and “respects the privacy” of the person. This law applies to Indian residents’ data wherever it may be processed.
2. The Data Protection Authority – Creation of an independent Data Protection Authority with expansive powers including investigatory, adjudicatory, and punitive powers, as well as a separate Adjudicating Officer to take complaints, impose penalties, and mete out compensation to individuals. However, the independence of the adjudicatory authority and appellate tribunal responsible for legal proceedings related to data protection violations is severely lacking. The qualifications and nominations of those serving in these bodies are entirely prescribed by the government, as are the procedures of the bodies themselves. The system as it currently stands has far too much delegated authority to the Central Government. The power of setting qualifications and procedures and nominating individuals to serve in the adjudicatory authority and appellate tribunal should be reserved for the DPA, which operates independently of the government.
3. High standard for consent – For consent to be valid it must be free, informed, specific, clear, and capable of being withdrawn. This sets a high bar for companies seeking to validate their actions on the basis of consent. “Explicit consent” is required for processing of sensitive data.
4. Grounds for Processing – The bill allows for data processing for “reasonable purposes”. While similar in intent to the GDPR’s “legitimate interest” ground, the bill limits the potential for abuse by providing conditions on the basis of which data may be processed, as well as an illustrative list of categories that fulfil these conditions. We think this is an improvement on the GDPR standard, which as we noted in our submission, can “easily be abused by companies” who may argue that “innovation” itself is always a reasonable pursuit, even where it may put the privacy of users at risk.
5. Biometric Data – Biometric data and the Aadhaar identification number are included in the definition of sensitive personal data which comes with stricter obligations. The bill includes a generally inclusive and progressive list of sensitive personal data including data related to religious or political belief, sexuality, transgender, and intersex status. Section 106 bars processing certain forms of biometric data as determined by the Central Government, unless the processing is explicitly permitted by law. This provision could be used to curtail the lax limitations on the handling of Aadhaar data.
6. Individual Rights – Individuals are provided comprehensive rights of correction, updation, and data portability. However, rights to deletion and to object to processing, which are guaranteed by other data protection laws around the world including the EU’s GDPR, are notably missing. Users may have to pay for certain rights, which could entrench existing inequalities and create haves and have-nots for privacy.
7. Data Processing for Security – Data processing for security,