Мобильный LiveInternet

Hacks.Mozilla.Org: Twitter Direct Message Caching and Firefox rss_planet_mozilla 04-04-2020 00:55

Editor’s Note: April 6, 7:00pm pt – After some more investigation into this problem, it appears that the initial analysis pointing to the Content-Disposition was based on bad information. The reason that some browsers were not caching direct messages was that Twitter includes the non-standard Pragma: no-cache header in responses. Using Pragma is invalid as it is defined to be equivalent to Cache-Control: no-cache only for requests. Though it is counter-intuitive, ‘no-cache’ does not prevent a cache from storing content; ‘no-cache’ only means that the cache needs to check with the server before reusing that response. That doesn’t change the conclusion: limited observations of behavior are no substitute for building to standards.

Twitter is telling its users that their personal direct messages might be stored in Firefox’s web cache.

This problem affects anyone who uses Twitter on Firefox from a shared computer account. Those users should clear their cache.

This post explains how this problem occurred, what the implications are for those people who might be affected, and how problems of this nature might be avoided in future. To get there, we need to dig a little into how web caching works.

Over on The Mozilla Blog, Eric Rescorla, the CTO of Firefox, shares insights on What you need to know about Twitter on Firefox, with this important reminder:

The web is complicated and it’s hard to know everything about it. However, it’s also a good reminder of how important it is to have web standards rather than just relying on whatever one particular browser happens to do.

Web Caching Privacy Basics

Caching is critical to performance on the web. Browsers cache content so that it can be reused without talking to servers, which can be slow. However, the way that web content is cached can be quite confusing.

The Internet Engineering Task Force published RFC 7234, which defines how web caching works. A key mechanism is the Cache-Control header, which allows web servers to say how they want caches to treat content.

Sites can to use Cache-Control to let browsers know what is safe to store in caches. Some content needs to be fetched every time; other content is only valid for a short time. Cache-Control tells the browser what can be cached and for how long. Or, as is relevant to this case, Cache-Control can tell the browser that content is sensitive and that it should not be stored.

Separately, in the absence of Cache-Control instructions from sites, browsers often make guesses about what can be cached. Sites often do not provide any caching information for content. But caching content makes the web faster. So browsers cache most content unless they are told not to. This is referred to as “heuristic caching”, and differs from browser to browser.

Heuristic caching involves the browsing guessing which content is cached, and for how long. Firefox heuristic caching stores most content without explicit caching information for 7 days.

There are a bunch of controls that Cache-Control provides, but most relevant to this case is a directive called ‘no-store’. When a site says ‘no-store’, that tells the browser never to save a copy of the content in its cache. Using ‘no-store’ is the only way to guarantee that information is never cached.

The Case with Twitter

In this case, Twitter did not include a ‘no-store’ directive for direct messages. The content of direct messages is sensitive and so should not have been stored in the browser cache. Without Cache-Control or Expires, however, browsers used heuristic caching logic.

Testing from Twitter showed that the request was not being cached in other browsers. This is because some

https://blog.mozilla.org/blog/2020/04/03/what-you-need-to-know-about-twitter-on-firefox/

The Mozilla Blog: What you need to know about Twitter on Firefox rss_planet_mozilla 04-04-2020 00:54

Yesterday Twitter announced that for Firefox users data such as direct messages (DMs) might be left sitting on their computers even if they logged out. In this post I’ll try to help sort out what’s going on here.

First, it’s important to understand the risk: what we’re talking about is “cached” data. All web browsers store local copies of data they get from servers so that they can avoid downloading the same data over the internet repeatedly. This makes a huge performance difference because websites are full of large files that change infrequently. Ordinarily this is what you want, but if you share a computer with other people, then they might be able to see that cached data, even if you have logged out of Twitter. It’s important to know that this data is just stored locally, so if you don’t share a computer this isn’t a problem for you. If you do share a computer, you can make sure all of your Twitter data is deleted by following the instructions here. If you do nothing, the data will be automatically deleted after 7 days the next time you run Firefox.

Second, why is this just Firefox? The technical details are complicated but the high level is pretty simple: caching is complicated and each browser behaves somewhat differently; with the particular way that Twitter had their site set up, Chrome, Safari, and Edge don’t cache this data but Firefox will. It’s not that we’re right and they’re wrong. It’s just a normal difference in browser behavior. There is a standard way to ensure that data isn’t cached, but until recently Twitter didn’t use it, so they were just dependent on non-standard behavior on some browsers.

As a software developer myself, I know that this kind of thing is easy to do: the web is complicated and it’s hard to know everything about it. However, it’s also a good reminder of how important it is to have web standards rather than just relying on whatever one particular browser happens to do.

The post What you need to know about Twitter on Firefox appeared first on The Mozilla Blog.

https://blog.humphd.org/observations-from-online-week-2/

David Humphrey: On Teaching Online, Week 2 rss_planet_mozilla 04-04-2020 00:40

https://daniel.haxx.se/blog/2020/04/03/google-open-source-peer-bonus-award-2020/

Daniel Stenberg: Google Open Source Peer Bonus award 2020 rss_planet_mozilla 03-04-2020 09:22

I’m honored to – once again – be a recipient of this award Google hands out to open source contributors, annually. I was previously awarded this in 2011.

I don’t get a lot of awards. Getting this token of appreciation feels awesome and I’m humbled and grateful I was not only nominated but also actually selected as recipient. Thank you, Google!

Nine years ago I got 350 USD credits in the Google store and I got my family a set of jackets using them – my kids have grown significantly since then, so to them those black beauties are now just a distant memory, but I still actually wear mine from time to time!

This time, the reward comes with a 250 USD “payout” (that’s the gift mentioned in the mail above), as a real money transfer that can be spent on other things than just Google merchandise!

I’ve decided to accept the reward and the money and I intend to spend it on beer and curl stickers for my friends and fans. As I prefer to view it:

The Google Open Source Beer Bonus.

Thank you Google and thank you Gaspar!

https://daniel.haxx.se/blog/2020/04/02/the-curl-roadmap-2020-video/

Daniel Stenberg: The curl roadmap 2020 video rss_planet_mozilla 02-04-2020 15:30

On March 26th 2020, I did a live webinar where I talked about my roadmap visions of what to work on in curl during 2020.

Below you can see the youtube recording of the event.

You can also browse the slides separately.

https://blog.mozilla.org/addons/2020/04/01/extensions-in-firefox-75/

Mozilla Addons Blog: Extensions in Firefox 75 rss_planet_mozilla 01-04-2020 19:00

Extensions in Firefox 75

In Firefox 75 we have a good mix of new features and bugfixes. Quite a few volunteer contributors landed patches for this release please join me in cheering for them!

Myeongjun Go made sure that oldValue is passed in the storage.onChanged listener when the previous value was falsey.
Thanks to Atique Ahmed Ziad, userScripts.register now correctly requires the js parameter. This was already documented correctly, but not enforced in our code.
Manvel Saroyan ensured that using permission.request also works in WebExtension popup windows.
Tom Schuster fixed an issue with find.highlightResults if rangeIndex is not passed.
Shane Caraveo made it easier to move permissions from required to optional. Doing so now no longer re-prompts the user for permission. He also allowed making the privacy permission optional.
Dave added the toFileName property to the tabs.saveAsPDF API, to provide a filename suggestion to the user.
Dave also exposed two new browserSettings: zoomFullPage to control zooming only the text on a page and and zoomSiteSpecific to control if zoom applies to only the active tab or all tabs of the same site.
For security reasons it is no longer possible to pass a custom redirect URL to identity.launchWebAuthFlow. You must use the redirect URL provided by identity.getRedirectURL. We’ve reached out to affected developers separately.

Thank you everyone for continuing to make Firefox WebExtensions amazing. I’m glad to see some new additions this time around and am eager to discover what the community is up to for Firefox 76. Interested in taking part? Get involved!

The post Extensions in Firefox 75 appeared first on Mozilla Add-ons Blog.

From js13kGames to MozFest Arcade: A game dev Web Monetization story

Hacks.Mozilla.Org: Innovating on Web Monetization: Coil and Firefox Reality rss_planet_mozilla 31-03-2020 21:56

Introducing Coil

In the coming weeks, Mozilla will roll out a Web Monetization experiment using Coil to support payments to creators in the Firefox Reality ecosystem. Web Monetization is an alternative approach to payments that doesn’t rely on advertising or stealing your data and attention. We wrote about Web Monetization for game developers back in the autumn, and now we’re excited to invite more of you to participate, first as creators and soon as consumers of all kinds of digital and virtual content.

Problem: Now more than ever, digital content creators need new options for earning money from their work in a fast-changing world. Solution: Mozilla is testing Coil as an alternative to credit card or Paypal payments for authors and independent content creators.

If you’ve developed a 3D experience, a game, a 360 video, or if you’re thinking of building something new, you’re invited to participate in this experiment. I encourage you as well to contact us directly at creator_payments at mozilla dot com to showcase your work in the Firefox Reality content feed.

You’ll find details on how to participate below. I will also share answers and observations, from my own perspective as an implementer and investigator on the Mixed Reality team.

A note about timing

Tangentially, the COVID-19 pandemic is dominating our attention. Just to be clear: This project is not a promise to create revenue for you during a planetary crisis. We support people where they are emotionally in their lives at this time and we do feel that real-world concerns are far more important. Also, we send thanks to everybody at Coil and Mozilla and all of you who are supporting this work when we’re all juggling family, chores, and our own lives.

In closing

We know that many of you are looking for solutions to make money from your creative work online. We are here for you and we want you to create, share, and thrive on the net. Take a look the details on how to participate below. I will also share answers to other questions and observations from my own perspective as an implementer and investigator on the Mixed Reality team. Please let us know how this works for you!

FAQ: How to participate

How do I participate as a Creator?

Do you have a piece of content—a blog post, an interactive experience, a 360 video, a WebXR game—that you want to share with people in Firefox Reality? Here’s how you can web monetize this content:

The first step is to add a meta tag to the top of your site which will define a payment pointer (an email address for money). This article walks you through the process in detail:

Alternatively, this article is also good:
Web Monetization: Quick Start Guide

If you have a WordPress blog here’s another way to add a payment pointer.

The second step is to simply please let us know! You can message us at creator_payments@mozilla.com and we’ll make sure that your work is showcased in the Firefox Reality Content feed.

What is this Coil thing anyway?

Coil is a for-profit membership service that charges users $5.00 a month and streams micropayments to creators based on member attention. Coil uses the Interledger network to move money, allowing creators to work in any currency they like.

Effectively you get paid for user attention—assuming those users are set up with web monetization. Web Monetization consists of an HTML tag, a JavaScript API, and uses the Interledger protocol for actually moving the money and enabling payments in many

https://blog.mozvr.com/announcing-the-mozilla-mixed-reality-merch-store/

Mozilla VR Blog: Announcing the Mozilla Mixed Reality Merch Store! rss_planet_mozilla 31-03-2020 20:55

Ever wanted to up your wardrobe game with some stylish Mixed Reality threads, while at the same time supporting Mozilla's work? Dream no more! The Mozilla Mixed Reality team is pleased to announce that you can now wear your support for our efforts on your literal sleeve!

The store (powered by Spreadshirt) is available worldwide and has a variety of items including clothing tailored for women, men, kids and babies, and accessories such as bag, caps, mugs, and more. All with a variety of designs to choose from, including our “low poly” Firefox Reality logo, our adorable new mascot, Foxr, and more.

We hope that you find something that strikes your fancy!

https://blog.mozilla.org/blog/2020/03/31/moss-launches-covid-19-solutions-fund/

The Mozilla Blog: MOSS launches COVID-19 Solutions Fund rss_planet_mozilla 31-03-2020 19:15

Mozilla is announcing today the creation of a COVID-19 Solutions Fund as part of the Mozilla Open Source Support Program (MOSS). Through this fund, we will provide awards of up to $50,000 each to open source technology projects which are responding to the COVID-19 pandemic in some way.

The MOSS Program, created in 2015, broadens access, increases security, and empowers users by providing catalytic funding to open source technologists. We have already seen inspiring examples of open source technology being used to increase the capacity of the world’s healthcare systems to cope with this crisis. For example, just a few days ago, the University of Florida Center for Safety, Simulation, and Advanced Learning Technologies released an open source ventilator. We believe there are many more life-saving open source technologies in the world.

As part of the COVID-19 Solutions Fund, we will accept applications that are hardware (e.g., an open source ventilator), software (e.g., a platform that connects hospitals with people who have 3D printers who can print parts for that open source ventilator), as well as software that solves for secondary effects of COVID-19 (e.g., a browser plugin that combats COVID related misinformation).

A few key details of the program:

We are generally looking to fund reasonably mature projects that can immediately deploy our funding, early stage ideas are unlikely to receive funding.
We generally expect awardees to use all funds within three months of receiving the award.
We will accept applications from anywhere in the world to the extent legally permitted.
We will accept applications from any type of legal entity, including NGOs, for profit hospitals, or a team of developers with strong ties to an affected community.
Applications will be accepted and reviewed on a rolling basis.
The MOSS committee will only consider projects which are released publicly under a license that is either a free software license according to the FSF or an open source license according to the OSI. Projects which are not licensed for use under an open source license are not eligible for MOSS funding.

To apply, please visit: https://mozilla.fluxx.io/apply/MOSS

For more information about the MOSS program, please visit: Mozilla.org/moss.

ABOUT MOSS

The Mozilla Open Source Support (MOSS) awards program, created in 2015, broadens access, increases security, and empowers users by providing catalytic funding to open source technologists. In addition to the COVID-19 Solutions Fund, MOSS has three tracks:

Track I – Foundational Technology: supports open source projects that Mozilla relies on, either as an embedded part of our products or as part of our everyday work.
Track II – Mission Partners: supports open source projects that significantly advance Mozilla’s mission.
Track III – The Secure Open Source Fund: supports security audits for widely used open source software projects as well as any work needed to fix the problems that are found.

Tracks I and II and this new COVID-19 Solutions Fund accept applications on a rolling basis. For more information about the MOSS program, please visit: Mozilla.org/moss.

The post MOSS launches COVID-19 Solutions Fund appeared first on The Mozilla Blog.

https://blog.mozilla.org/blog/2020/03/30/were-fixing-the-internet-join-us/

The Mozilla Blog: We’re Fixing the Internet. Join Us. rss_planet_mozilla 30-03-2020 22:02

For over two decades, Mozilla has worked to build the internet into a global public resource that is open and accessible to all. As the internet has grown, it has brought wonder and utility to our lives, connecting people in times of joy and crisis like the one being faced today.

But that growth hasn’t come without challenges. In order for the internet and Mozilla to well serve people into the future, we need to keep innovating and making improvements that put the interests of people back at the center of online life.

To help achieve this, Mozilla is launching the Fix-the-Internet Spring MVP Lab and inviting coders, creators and technologists from around the world to join us in developing the distributed Web 3.0.

“The health of the internet and online life is why we exist, and this is a first step toward ensuring that Mozilla and the web are here to benefit society for generations to come,” said Mozilla Co-Founder and Interim CEO Mitchell Baker.

Mozilla’s Fix-the-Internet Spring MVP Lab is a day one, start from scratch program to build and test new products quickly. By energizing a community of creators who bring a hacker’s approach to vibrant experimentation, Mozilla aims to help find sustainable solutions and startup ideas around several key themes designed to fix the internet:

Collaboration & Society: particularly in view of the current global crisis: (i) Foster better collaboration online, (ii) Grassroots collaboration around issues & emergencies, (iii) Local & neighborhood support networks, (iv) Supporting small businesses, (v) Social money-pooling for issues, people & businesses.
Decentralized Web: build a new, decentralized architecture for the internet from infrastructure, communications, media & money, using the blockchain and peer-to-peer technologies.
Messaging & Social Networking: can we build a new way to communicate online that favors privacy, people, and users’ interests? What needs to evolve?
Misinformation & Content: ideas for services that help us get beyond polarization, filter bubbles and fake news.
Surveillance Capitalism: whether it’s big tech or governments, everyone’s collecting your data. How do we put the user back in control of their data?
Artificial Intelligence that works to benefit communities and citizens.

Participants in the Fix-the-Internet Spring MVP Lab will:

Work in teams of two-to-four people
Have access to mentorship through virtual weekly collaboration with product and engineering professionals
Receive a $2500 stipend per participant. If you are applying as a team, each team member will receive $2500.
Be eligible for cash prizes: $25k (1st), $10K (2nd) and $5K (3rd)
Benefit from Mozilla’s promotion of finished projects to gain users and awareness
Retain ownership of their projects and intellectual property

Visit http://www.mozilla.org/builders for additional details and information on how to apply by the April 6, 2020 deadline.

The post We’re Fixing the Internet. Join Us. appeared first on The Mozilla Blog.

https://blog.mozilla.org/addons/2020/03/30/add-developer-comments-to-your-extensions-listing-page-on-addons-mozilla-org/

Mozilla Addons Blog: Add developer comments to your extension’s listing page on addons.mozilla.org rss_planet_mozilla 30-03-2020 18:13

In November 2017, addons.mozilla.org (AMO) underwent a major refresh. In addition to updating the site’s visual style, we separated the code for frontend and backend features and re-architected the frontend to use the popular combination of React and Redux.

With a small team, finite budget, and other competing priorities, we weren’t able to migrate all features to the new frontend. Some features were added to our project backlog with the hope that one day a staff or community member would have the interest and bandwidth to implement it.

One of these features, a dedicated section for developer comments on extension listing pages, has recently been re-enabled thanks to a contribution by community member Lisa Chan. Extension developers can use this section to inform users about any known issues or other transient announcements.

This section can be found below the “About this extension” area on an extension listing page. Here’s an example from NoScript:

Extension developers can add comments to this section by signing into the Developer Hub and clicking the “Edit Product Page” link under the name of the extension. On the next page, scroll down to the Technical Details section and click the Edit button to add or change the content of this section.

If you are an extension developer and you had used this section before the 2017 AMO refresh, please take a few minutes to review and update any comments in this field. Any text in that section will be visible on your extension’s listing page.

We’d like to extend a special thanks to Lisa for re-enabling this feature. If you’re interested in contributing code to addons.mozilla.org, please visit our onboarding wiki for information about getting started.

The post Add developer comments to your extension’s listing page on addons.mozilla.org appeared first on Mozilla Add-ons Blog.

Previous command line options of the week.

Daniel Stenberg: curl ootw: –proxy-basic rss_planet_mozilla 30-03-2020 17:37

--proxy-basic has no short option. This option is closely related to the option --proxy-user, which has as separate blog post.

This option has been provided and supported since curl 7.12.0, released in June 2004.

Proxy

In curl terms, a proxy is an explicit middle man that is used to go through when doing a transfer to or from a server:

curl <=> proxy <=> server

curl supports several different kinds of proxies. This option is for HTTP(S) proxies.

HTTP proxy authentication

Authentication: the process or action of proving or showing something to be true, genuine, or valid.

When it comes to proxies and curl, you typically provide name and password to be allowed to use the service. If the client provides the wrong user or password, the proxy will simply deny the client access with a 407 HTTP response code.

curl supports several different HTTP proxy authentication methods, and the proxy can itself reply and inform the client which methods it supports. With the option of this week, --proxy-basic, you ask curl to do the authentication using the Basic method. “Basic” is indeed very basic but is the actual name of the method. Defined in RFC 7616.

Security

The Basic method sends the user and password in the clear in the HTTP headers – they’re just base64 encoded. This is notoriously insecure.

If the proxy is a HTTP proxy (as compared to a HTTPS proxy), users on your network or on the path between you and your HTTP proxy can see your credentials fly by!

If the proxy is a HTTPS proxy however, the connection to it is protected by TLS and everything is encrypted over the wire and then the credentials that is sent in HTTP are protected from snoopers.

Also note that if you pass in credentials to curl on the command line, they might be readable in the script where you do this from. Or if you do it interactively in a shell prompt, they might be viewable in process listings on the machine – even if curl tries to hide them it isn’t supported everywhere.

Example

Use a proxy with your name and password and ask for the Basic method specifically. Basic is also the default unless anything else is asked for.

curl --proxy-user daniel:password123 --proxy-basic --proxy http://myproxy.example https://example.com

With --proxy you specify the proxy to use, and with --proxy-user you provide the credentials.

Also note that you can of course set and use entirely different credentials and HTTP authentication methods with the remote server even while using Basic with the HTTP(S) proxy.

There are also other authentication methods to selected, with --proxy-anyauth being a very practical one to know about.

https://daniel.haxx.se/blog/2020/03/30/curl-ootw-proxy-basic/

Francois Marier: How to get a direct WebRTC connections between two computers rss_planet_mozilla 29-03-2020 03:03

WebRTC is a standard real-time communication protocol built directly into modern web browsers. It enables the creation of video conferencing services which do not require participants to download additional software. Many services make use of it and it almost always works out of the box.

The reason it just works is that it uses a protocol called ICE to establish a connection regardless of the network environment. What that means however is that in some cases, your video/audio connection will need to be relayed (using end-to-end encryption) to the other person via third-party TURN server. In addition to adding extra network latency to your call that relay server might overloaded at some point and drop or delay packets coming through.

Here's how to tell whether or not your WebRTC calls are being relayed, and how to ensure you get a direct connection to the other host.

Testing basic WebRTC functionality

Before you place a real call, I suggest using the official test page which will test your camera, microphone and network connectivity.

Note that this test page makes use of a Google TURN server which is locked to particular HTTP referrers and so you'll need to disable privacy features that might interfere with this:

Brave: Disable Shields entirely for that page (Simple view) or allow all cookies for that page (Advanced view).

Firefox: Ensure that http.network.referer.spoofSource is set to false in about:config, which it is by default.
uMatrix: The "Spoof Referer header" option needs to be turned off for that site.

Checking the type of peer connection you have

Once you know that WebRTC is working in your browser, it's time to establish a connection and look at the network configuration that the two peers agreed on.

My favorite service at the moment is Whereby (formerly Appear.in), so I'm going to use that to connect from two different computers:

canada is a laptop behind a regular home router without any port forwarding.
siberia is a desktop computer in a remote location that is also behind a home router, but in this case its internal IP address (192.168.1.2) is set as the DMZ host.

Chromium

For all Chromium-based browsers, such as Brave, Chrome, Edge, Opera and Vivaldi, the debugging page you'll need to open is called chrome://webrtc-internals.

Look for RTCIceCandidatePair lines and expand them one at a time until you find the one which says:

state: succeeded (or state: in-progress)
nominated: true
writable: true

Then from the name of that pair (N6cxxnrr_OEpeash in the above example) find the two matching RTCIceCandidate lines (one local-candidate and one remote-candidate) and expand them.

In the case of a direct connection, I saw the following on the remote-candidate:

ip shows the external IP address of siberia
port shows a random number between 1024 and 65535
candidateType: srflx

and the following on local-candidate:

ip shows the external IP address of canada
port shows a random number between 1024 and 65535
candidateType: prflx

These

Karl Dubost: Week notes - 2020 w13 - worklog - everything is broken rss_planet_mozilla 29-03-2020 02:42

next Mozilla Toronto All Hands is canceled. That's a good thing.
Coronavirus had no impact on my working life for now. The same as usual.
1. Mozilla is working well in a distributed team.
2. Webcompat team is already a very distributed team. None of our team members are in the same location. So this is business as usual for us.
3. And as long as the economic impact is not affecting Mozilla, we will continue to work as normal. That will be a different story, if/when the economic crisis reaches us. We are for now a very privileged tribe.
4. In Japan, we do not have yet a lockdown. (This is silly, I think. People are having non responsible behaviors.)
  - Updates 2020-03-26: and here we are. Tokyo, Kanagawa, Chiba and Saitama provinces have asked people to stay home this coming week-end, because the numbers of cases are accelerating.
5. The school has already stopped for 2 weeks, but is supposed to restart beginning in April for the new year. (yeah Japan has a different schedule). But we had already removed our child the last 10 days of schools.
published my work notes left out for a while. I need to refocus my energy here to keep track of what I'm doing
One thing which is obvious with regards to Web compatibility and websites these last couple of days. If there are websites not working in one of your favorite browsers when working or in your daily activities to follow the impact of coronavirus on our daily lives, please report it on webcompat.com. Ksenia and I will try our best to diagnose it.
- Be as descriptive as possible of all the steps you did to encounter the issue.
- Try to reproduce it a couple of times.
- Try to reproduce it in a different browsers.
Ksenia has started an amazing work on refactoring the webcompat.com multi-steps form
FIXED! Latest version of Firefox no longer accepts MacOS text clippings in the google search field. Thanks to Masayuki.
FIXED! document.createEvent("KeyEvents"). This is now forbidden in Firefox. A site was failing they fixed it! Thanks.
I wished today (tuesday) I could type leadfoot commands directly into the browser console to prototype my tests. Maybe it's possible in some ways.
- intermediate solution proposed by Vlad is intern Recorder. I need to try this.
When someone is asking a Pull Request review on github, you receive an email with review_requested@noreply.github.com as one of the recipients. Easy to discover with a dynamic mailbox. I usually set my filtering on Mail.app with plenty of dynamic mailboxes. I have a couple of criteria but one which is always very useful to improve the performance is to add a "Received date" criteria with something around a couple of days I usually set around 14 days to 21 days.
I wish there was an annotation mode in git or github. Update 2020-03-30: Check my week notes of week 2020-14.
- It would be even fun if you could share these annotations with people.
- I could imagine that locally you could do something like. git annotate --lines 34-35 -m 'blablababalabla' module/verydope.py
- Then you could later on see them again, extract again, share with someone. git readnotes hash_ref --from kdubost@mozilla.com
When inheriting a code from another, the first part is to read the code and comment it to try to piece things together.
Today, Friday, is diagnosis day.

https://blog.mozilla.org/firefox/stay-safe-in-your-online-life-too/

The Firefox Frontier: Stay safe in your online life, too rss_planet_mozilla 27-03-2020 00:58

During the COVID-19 pandemic, many of us are turning to the internet to connect, learn, work and entertain ourselves from home. We’re setting up new accounts, reading more news, watching … Read more

The post Stay safe in your online life, too appeared first on The Firefox Frontier.

Mozilla Localization (L10N): L10n Report: March Edition rss_planet_mozilla 26-03-2020 20:58

Please note some of the information provided in this report may be subject to change as we are sometimes sharing information about projects that are still in early stages and are not final yet.

Welcome!

New localizers

Hmxhmx of Croatian

Are you a locale leader and want us to include new members in our upcoming reports? Contact us!

L10n Community in Matrix

As you might have read in the past weeks, Mozilla turned off IRC and officially switched to a new system for synchronous communications (Matrix), available at: https://chat.mozilla.org/

We have a channel dedicated to l10n community conversations. You can also join the room, after creating an account in Matrix, by searching for the “l10n-community” room.

You can find detailed information on how to access Matrix via browser and mobile apps in this wiki page: https://wiki.mozilla.org/Matrix

Messages written in Matrix are also mirrored (“bridged”) to the “Mozilla L10n Community” Telegram channel.

New content and projects

What’s new or coming up in Firefox desktop

As explained in the last l10n report, Firefox is now following a fixed 4-weeks release cycle:

Firefox 75 is currently in beta and will be released on April 7. The deadline to update localization has just passed (March 24).
Firefox 76, currently in Nightly, will move to Beta when 75 is officially released. The deadline to update localizations for that version will be April 21 (4 weeks after the current deadline).

In terms of upcoming content to localize, in Firefox 76 there’s a new authentication dialog, prompting users to authenticate with the Operating System when performing operations like setting a master password, or interacting with saved passwords in about:logins. Localizing this content is particularly challenging on macOS, since only part of the dialog’s text comes from Firefox (highlighted in red in the image below).

Make sure to read the instructions on the dev-l10n mailing list for some advice on how to localize this dialog.

What’s new or coming up in web projects

Mozilla.org

A lot of pages were added in the last month. Many are content heavy. Make sure to prioritize the pages based on deadlines and the priority star rating, as well as against other projects.

New and highest priority:

firefox/whatsnew_75.lang (due on 27 March, 3pm UTC)
firefox/welcome/page6.lang
firefox/welcome/page7.lang

Updates and higher priority:

mozorg/404.lang
mozorg/500.lang

New and lower priority:

firefox/compare.lang
firefox/compare/chrome.lang
firefox/compare/edge.lang
firefox/compare/ie.lang
firefox/compare/opera.lang
firefox/compare/safari.lang
firefox/compare/shared.lang

Firefox Accounts:

New content will be ready for localization on a weekly basis, currently released on Fridays.

Web of Things

After the month of March, the team will cease active development. However, they will push translated content to production from time to time.

What’s new or coming up in Foundation projects

The localization of *Privacy Not Included has started! Privacy Not Included is Mozilla’s attempt, through technical research, to help people shop products that are safe, secure and private. The project has been enabled on Pontoon and a first batch of strings has been made available. You can test your work on the staging website, updated almost daily. For the locales that have access to the project, you can also opt-in to localize the About section. If you’re interested, reach out to Th'eo. Not all

Mozilla VR Blog: WebXR Emulator Extension AR support rss_planet_mozilla 26-03-2020 19:48

In September we released the WebXR Emulator Extension which enables testing WebXR VR applications in your desktop browser. Today we are happy to announce a new feature: AR support.

WebXR AR API

The WebXR Device API is an API which provides the interface to create immersive (VR and AR) applications on the web across a wide variety of XR devices. The WebXR 1.0 API for VR has shipped.

AR (Augmented Reality) is becoming popular thanks to the new platforms, ARCore and ARKit. You may have seen online shops which let you view their items in your room. The AR market has the potential to be huge.

The Immersive Web Working Group has been working on the WebXR API for AR to introduce a more open AR platform on the web. Chrome 81 (which was going to release March 17th but is now postponed) enables WebXR API for AR and Hit Test by default. Support in other browsers is coming soon, too.

Once it lands you will be able to play around with AR applications on compatible devices without installing anything. These are some WebXR AR examples you can try.

If you want to try on your android device now, you can use Chrome Android Beta. Install ARCore and Chrome Beta, and then access the examples above.

What the extension enables

You need AR compatible devices to play WebXR AR applications. Unfortunately you can’t run them on your desktop, even though the API is enabled, because your desktop doesn’t have the required hardware.

The WebXR Emulator Extension enables running WebXR AR applications on your desktop browser by emulating AR devices. As the following animation shows, you can test the application as if you run it on an emulated AR device in a virtual room. It includes the WebXR API polyfill so that it even works on browsers which do not natively support WebXR API for AR yet.

How to use it

Install the WebXR Emulator Extension from extension store for your browser (Firefox, Chrome)
Open the WebXR tab in devtool panel and select “AR” device from the device list on top of the panel
Visit WebXR application, for example Three.js WebXR AR examples
You will notice that the application detects you have an AR device (emulated). Click a button or other UI to enter immersive mode
You are now in a virtual room and the application runs on the emulated device. You can move around and control the device as you want.

No change is needed on the WebXR AR application side.

Benefits

The extension resolves the difficulties of AR content creation. Similar to VR content creation, currently there are some difficulties to create AR content.

You first need to get an AR device. You

https://blog.mozilla.org/firefox/switch-from-microsoft-edge-to-firefox/

The Firefox Frontier: How to switch from Microsoft Edge to Firefox in just a few minutes rss_planet_mozilla 26-03-2020 00:39

You’ve heard that the Firefox browser is fast, private and secure, thanks to its built-in Enhanced Tracking Protection. You’ve also heard it’s made by people who want the web to … Read more

The post How to switch from Microsoft Edge to Firefox in just a few minutes appeared first on The Firefox Frontier.

Bring Bright Colors Into A Gray Day

Hacks.Mozilla.Org: Learn web technology at “sofa school” rss_planet_mozilla 25-03-2020 21:13

Lots of kids around the world are learning from home right now. In this post, I introduce free resources based on web technologies that will help them explore and learn from the safety of their living rooms. VR headsets and high-end graphics cards aren’t necessary. Really, all you need is a web browser!

Create a secret hideout

Hubs by Mozilla lets you share a virtual room with friends right in your browser. You can watch videos, play with 3D objects, or just hang out. Then, once you get the hang of Hubs, you can build almost anything imaginable with Spoke: a clubhouse, adventure island, or magic castle . . . . In Hubs, your little world becomes a place to spend time with friends (and show off your skills).

Try It Out

Play with the CSS Coloring Book

When kids (or adults) want to color, you have some options besides pulp paper booklets of princesses and sea creatures, thanks to Lubna, a front-end developer from the UK. Just click the “Edit On Codepen” button, and start playing. (The CSS color guide on MDN is a helpful reference). Young and old can learn by experimenting with this fun little toy.

Learn CSS Grid and Flexbox

The seasons are changing around the world—toward spring and toward fall. It feels like time to get into the garden and meet the frogs hopping from plant to plant. The Grid Garden that is, and Flexbox Froggy, to be precise. Educational software vendor Codepip created these attractive online learning experiences. They’re a great place for the young—and the young at heart—to get started with CSS.

Enter the Garden
Meet Flexbox Froggy

Fly to Jupiter

You don’t need a bus, car, submarine, or rocketship to go on a field trip. Educator Kai has created a variety of free VR experiences for kids and adults over at KaiXR. No headset is needed. Visit the planets of the solar system, Martin Luther King Memorial, the Mayan city of Chichen Itza, and the Taj Mahal in India. See dinosaurs, explore the human body, dive under the sea . . . and much, much more.

Go Exploring

It’s great to share resources!

Have other suggestions to share, or favorite learning resources? Tell us about them in the comments. They may be included in a future edition of our developer newsletter, where a portion of this content has already appeared.

The post Learn web technology at “sofa school” appeared first on