Planet MozillaPretending port zero is a normal one

Speaking the TCP protocol, we communicate between “ports” in the local and remote ends. Each of these port fields are 16 bits in the protocol header so they can hold values between 0 – 65535. (IPv4 or IPv6 are the same here.) We usually do HTTP on port 80 and we do HTTPS on port 443 and so on. We can even play around and use them on various other custom ports when we feel like it.

But what about port 0 (zero) ? Sure, IANA lists the port as “reserved” for TCP and UDP but that’s just a rule in a list of ports, not actually a filter implemented by anyone.

In the actual TCP protocol port 0 is nothing special but just another number. Several people have told me “it is not supposed to be used” or that it is otherwise somehow considered bad to use this port over the internet. I don’t really know where this notion comes from more than that IANA listing.

Frank Gevaerts helped me perform some experiments with TCP port zero on Linux.

In the Berkeley sockets API widely used for doing TCP communications, port zero has a bit of a harder situation. Most of the functions and structs treat zero as just another number so there’s virtually no problem as a client to connect to this port using for example curl. See below for a printout from a test shot.

Running a TCP server on port 0 however, is tricky since the bind() function uses a zero in the port number to mean “pick a random one” (I can only assume this was a mistake done eons ago that can’t be changed). For this test, a little iptables trickery was run so that incoming traffic on TCP port 0 would be redirected to port 80 on the server machine, so that we didn’t have to patch any server code.

Entering a URL with port number zero to Firefox gets this message displayed:

This address uses a network port which is normally used for purposes other than Web browsing. Firefox has canceled the request for your protection.

… but Chrome accepts it and tries to use it as given.

The only little nit that remains when using curl against port 0 is that it seems glibc’s getpeername() assumes this is an illegal port number and refuses to work. I marked that line in curl’s output in red below just to highlight it for you. The actual source code with this check is here. This failure is not lethal for libcurl, it will just have slightly less info but will still continue to work. I claim this is a glibc bug.

$ curl -v -H "Host:"
* Rebuilt URL to:
* Hostname was NOT found in DNS cache
* Trying
* getpeername() failed with errno 107: Transport endpoint is not connected
* Connected to () port 0 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.38.1-DEV
> Accept: */*
> Host:
< HTTP/1.1 200 OK
< Date: Fri, 24 Oct 2014 09:08:02 GMT
< Server: Apache/2.4.10 (Debian)
< Last-Modified: Fri, 24 Oct 2014 08:48:34 GMT
< Content-Length: 22
< Content-Type: text/html


Why doing this experiment? Just for fun to to see if it worked.

Planet MozillaThe things browsers can do – SAE Alumni Conference, Berlin 2014

Two days ago I was in Berlin for a day to present at the SAE alumni Conference in Berlin, Germany. I knew nothing about SAE before I went there except for the ads I see on the Tube in London. I was pretty amazed to see just how big a community the alumni and chapters of this school are. And how proud they are.

SAE Afterparty

My presentation The things browsers can do – go play with the web was a trial-run of a talk I will re-hash a bit at a few more conferences to come.

In essence, the thing I wanted to bring across is that HTML5 has now matured and is soon a recommendation.

And along the way we seem to have lost the excitement for it. One too many shiny HTML5 demo telling us we need a certain browser to enjoy the web. One more polyfill and library telling us without this extra overhead HTML5 isn’t ready. One more article telling us just how broken this one week old experimental implementation of the standard is. All of this left us tainted. We didn’t believe in HTML5 as a viable solution but something that is a compilation target instead.

Techno nightmare by @elektrojunge

In this talk I wanted to remind people just how much better browser support for the basic parts of HTML5 and friends is right now. And what you can do with it beyond impressive demos. No whizzbang examples here, but things you can use now. With a bit of effort you can even use them without pestering browsers that don’t support what you want to achieve. It is not about bringing modern functionality to all – browsers; it is about giving people things that work.

I recorded a screencast and put it on YouTube

The slides are on Slideshare.

All in all I enjoyed the convention and want to thank the organizers for having me and looking after me in an excellent fashion. It was refreshing to meet students who don’t have time to agonize which of the three task runners released this week to use. Instead who have to deliver something right now and in a working fashion. This makes a difference

Planet MozillaFirefox OS App Days STPI

For Firefox Student Ambassadors at Sekolah Tinggi Perpajakan Indonesia let’s make application together.   Event Information : Speaker : Rizky Ariestiyansyah (RAL) Target audience : 35 Student There will be free Wifi and please...

The post Firefox OS App Days STPI appeared first on oonlab.

Planet MozillaGo vs. Python

tl;dr; It's not a competition! I'm just comparing Go and Python. So I can learn Go.

So recently I've been trying to learn Go. It's a modern programming language that started at Google but has very little to do with Google except that some of its core contributors are staff at Google.

The true strength of Go is that it's succinct and minimalistic and fast. It's not a scripting language like Python or Ruby but lots of people write scripts with it. It's growing in popularity with systems people but web developers like me have started to pay attention too.

The best way to learn a language is to do something with it. Build something. However, I don't disagree with that but I just felt I needed to cover the basics first and instead of taking notes I decided to learn by comparing it to something I know well, Python. I did this a zillion years ago when I tried to learn ZPT by comparing it DTML which I already knew well.

My free time is very limited so I'm taking things by small careful baby steps. I read through An Introduction to Programming in Go by Caleb Doxey in a couple of afternoons and then I decided to spend a couple of minutes every day with each chapter and implement something from that book and compare it to how you'd do it in Python.

I also added some slightly more full examples, Markdownserver which was fun because it showed that a simple Go HTTP server that does something can be 10 times faster than the Python equivalent.

What I've learned

  • Go is very unforgiving but I kinda like it. It's like Python but with pyflakes switched on all the time.

  • Go is much more verbose than Python. It just takes so much more lines to say the same thing.

  • Goroutines are awesome. They're a million times easier to grok than Python's myriad of similar solutions.

  • In Python, the ability to write to a list and it automatically expanding at will is awesome.

  • Go doesn't have the concept of "truthy" which I already miss. I.e. in Python you can convert a list type to boolean and the language does this automatically by checking if the length of the list is 0.

  • Go gives you very few choices (e.g. there's only one type of loop and it's the for loop) but you often have a choice to pass a copy of an object or to pass a pointer. Those are different things but sometimes I feel like the computer could/should figure it out for me.

  • I love the little defer thing which means I can put "things to do when you're done" right underneath the thing I'm doing. In Python you get these try: ...20 lines... finally: it's over... things.

  • The coding style rules are very different but in Go it's a no brainer because you basically don't have any choices. I like that. You just have to remember to use gofmt.

  • Everything about Go and Go tools follow the strict UNIX pattern to not output anything unless things go bad. I like that.

  • is awesome. If you ever wonder how a built in package works you can just type it in after like this for example.

  • You don't have to compile your Go code to run it. You can simply type go run mycode.go it automatically compiles it and then runs it. And it's super fast.

  • go get can take a url like and just install it. No PyPI equivalent. But it scares me to depend on peoples master branches in GitHub. What if master is very different when I go get something locally compared to when I run go get weeks/months later on the server?

Internet Explorer blogAnnouncing the Enterprise Site Discovery Toolkit for Internet Explorer 11

Today, we’re announcing a new capability in Internet Explorer 11 that allows IT Pros to discover which of their Enterprise line of business applications are truly critical and used by their users. Together with Enterprise Mode IE, this toolkit helps simplify Enterprise upgrades. Download the Enterprise Site Discovery Toolkit for IE11 today and learn more about it on Technet.

Upgrading to the latest version of Windows typically requires Enterprises to do full line of business app compatibility testing with the latest version of Internet Explorer. What makes this a difficult task for most Enterprises is that they often do not know which of their catalog of internal line of business applications are critical and used by their employees. Often times this leads IT Pros to test all of their internal apps, even ones that may not be used, which can be a costly and time consuming process. In addition to testing, it can be difficult to mitigate compatibility issues without knowing more about how the application is built.

The Enterprise Site Discovery Toolkit provides a way for an IT Pro to better understand how their users are browsing with Internet Explorer 11. This toolkit enables collecting information from Internet Explorer 11 about all sites that are visited by Enterprise users to build an inventory of sites used in the Enterprise. This information will help IT Pros prioritize which applications they should focus their app compatibility testing with Internet Explorer. This toolkit also provides additional information on how the site is designed and used by Internet Explorer and that information can then be used to populate the Enterprise Mode site list, mitigating compatibility issues of critical sites.

What information is collected?

By default, the data collection is turned off. When collection is enabled, data will be collected from all sites visited by users with Internet Explorer 11. Data is collected during each browsing event and is associated to the browsed URL, shown here. This data collection has a negligible impact on Internet Explorer performance.

Data collected during each browsing event

Data point Description
URL URL of the browsed site, including any parameters embedded in the URL.
Domain Top-level domain of the browsed site.
ActiveX Control GUID The GUID of the ActiveX controls loaded by the site.
Number of visits The number of times a URL has been visited.
Doc mode Doc mode used by Internet Explorer for a site, based on page characteristics.
Doc mode reason The reason why a Doc mode was set by Internet Explorer.
Browser state reason Additional information on why the browser is in the current state. That may be also referred to as Browser Mode.
Hang count Number of visits to the URL when the browser hung.
Crash count Number of visits to the URL when the browser crashed.
Most recent navigation failure (and count) Description of the most recent navigation failure (like, a 404 bad request or 500 internal server error) and the number of times it happened.
Zone Zone used by Internet Explorer to browse sites, based on browser settings.

By default, Internet Explorer will not collect this data; you have to enable collection if you want to use it. Once enabled, data will collected on all sites visited by Internet Explorer 11 except while browsing in an InPrivate browsing session. Additionally, this data collection is silent and there is no end user notification that information is being collected. You must make sure that you ask the necessary consent and comply with all applicable local laws and regulatory requirements before enabling this in your deployment of Internet Explorer 11.

How does the data collection work?

As users browse the Web, the above information is collected locally in a WMI class. Once the data is present in the WMI class it can then be queried by System Center Configuration Manager or other tools and aggregated with data from multiple users to form a data driven picture of Internet Explorer usage.

What can I do with this data?

The Discovery Toolkit provides IT Pros with clear picture about how IE is being used in their deployment based on actual user data. With this many questions can be answered. Some are:

  • What sites are users going to the most?
  • What document mode does the page load in, and how was that document mode chosen?
  • On what sites are ActiveX controls being used and how often?
  • Which sites are crashing or hanging when users visit them?
  • Are there any sites in the Trusted Sites list that should be moved off?
  • Are there any sites that should be added or removed from the Enterprise Mode site list?

How can IT Pros get started using this site Discovery Toolkit?

We’re excited about this toolkit and encourage to take the toolkit for a spin, try out the data collection functionality and put it through its paces! Let us know your feedback via @IEDevChat or on Connect.

— Deen King-Smith, Program Manager, Internet Explorer

Internet Explorer blogAnnouncing the Enterprise Site Discovery Toolkit for IE11

Today, we’re announcing a new capability in Internet Explorer 11 that allows IT Pros to discover which of their Enterprise line of business applications are truly critical and used by their users. Together with Enterprise Mode IE, this toolkit helps simplify Enterprise upgrades. Download the Enterprise Site Discovery Toolkit for IE11 today and learn more about it on Technet.

Upgrading to the latest version of Windows typically requires Enterprises to do full line of business app compatibility testing with the latest version of Internet Explorer. What makes this a difficult task for most Enterprises is that they often do not know which of their catalog of internal line of business applications are critical and used by their employees. Often times this leads IT Pros to test all of their internal apps, even ones that may not be used, which can be a costly and time consuming process. In addition to testing, it can be difficult to mitigate compatibility issues without knowing more about how the application is built.

The Enterprise Site Discovery Toolkit provides a way for an IT Pro to better understand how their users are browsing with Internet Explorer 11. This toolkit enables collecting information from Internet Explorer 11 about all sites that are visited by Enterprise users to build an inventory of sites used in the Enterprise. This information will help IT Pros prioritize which applications they should focus their app compatibility testing with Internet Explorer. This toolkit also provides additional information on how the site is designed and used by Internet Explorer and that information can then be used to populate the Enterprise Mode site list, mitigating compatibility issues of critical sites.

What information is collected?

By default, the data collection is turned off. When collection is enabled, data will be collected from all sites visited by users with Internet Explorer 11. Data is collected during each browsing event and is associated to the browsed URL, shown here. This data collection has a negligible impact on Internet Explorer performance.

Data collected during each browsing event

Data point Description
URL URL of the browsed site, including any parameters embedded in the URL.
Domain Top-level domain of the browsed site.
ActiveX Control GUID The GUID of the ActiveX controls loaded by the site.
Number of visits The number of times a URL has been visited.
Doc mode Doc mode used by Internet Explorer for a site, based on page characteristics.
Doc mode reason The reason why a Doc mode was set by Internet Explorer.
Browser state reason Additional information on why the browser is in the current state. That may be also referred to as Browser Mode.
Hang count Number of visits to the URL when the browser hung.
Crash count Number of visits to the URL when the browser crashed.
Most recent navigation failure (and count) Description of the most recent navigation failure (like, a 404 bad request or 500 internal server error) and the number of times it happened.
Zone Zone used by Internet Explorer to browse sites, based on browser settings.

By default, Internet Explorer will not collect this data; you have to enable collection if you want to use it. Once enabled, data will collected on all sites visited by Internet Explorer 11 except while browsing in an InPrivate browsing session. Additionally, this data collection is silent and there is no end user notification that information is being collected. You must make sure that you ask the necessary consent and comply with all applicable local laws and regulatory requirements before enabling this in your deployment of Internet Explorer 11.

How does the data collection work?

As users browse the Web, the above information is collected locally in a WMI class. Once the data is present in the WMI class it can then be queried by System Center Configuration Manager or other tools and aggregated with data from multiple users to form a data driven picture of Internet Explorer usage.

What can I do with this data?

The Discovery Toolkit provides IT Pros with clear picture about how IE is being used in their deployment based on actual user data. With this many questions can be answered. Some are:

  • What sites are users going to the most?
  • What document mode does the page load in, and how was that document mode chosen?
  • On what sites are ActiveX controls being used and how often?
  • Which sites are crashing or hanging when users visit them?
  • Are there any sites in the Trusted Sites list that should be moved off?
  • Are there any sites that should be added or removed from the Enterprise Mode site list?

How can IT Pros get started using this site Discovery Toolkit?

We’re excited about this toolkit and encourage to take the toolkit for a spin, try out the data collection functionality and put it through its paces! Let us know your feedback via @IEDevChat or on Connect.

— Deen King-Smith, Program Manager, Internet Explorer

Planet MozillaWhat's your daily focus practice?

I have a daily and weekly practice to support and nuture myself - one of my core values is discipline and doing what I say. This for me is how I show up with integrity both for myself and the commitments I make to others. So, I enjoy evolving and living my practice

Each day I meditate, as close to waking and certainly before my first meeting. I get clear on what is coming up that day and how I want to show up for myself and the people I’m spending time with. I decide how I want to be, for example, is being joyful and listening to my intuition the most important way for today, or curiosity, humour?


I use mindful breathing many times in a day - particularly when I’m feeling strong emotions, maybe because I’ve just come from a fierce conversation or a situation that warrants some deep empathy - simply breath gets me grounded and clear before my next meeting or activity.


Exercise - feeling my body, connecting to my physical being and what’s going on for me. Maybe I’m relying too much on a coffee buzz and wanting an energy boost - listening to my cues and taking care throughout the day. How much water have I had? etc As well as honouring my value around fitness and health.

I also write - my daily journal and always moving a blog post or article forward. And most importantly - mindfulness, being fully present in each activity. Several years ago I broke my right foot and ‘lost’ my ability to multi-task in the healing process. It was a huge gift ultimately - choosing to only do one thing at a time. To have all of my mind and body focused on the thing I am doing or person i am talking with and nothing else. What a beautiful way to be, to honour those around me and the purpose or agenda of the company I’m working for. Weekly, I enjoy a mindful Friday night dinner with my family and turn off all technology to Saturday night and on Sunday's I reflect on my past week and prepare for my next - what worked, what didn't, what's important, what's not. etc.

Joy to you in finding a practice that works :)

Planet MozillaWeb Application Firewall

Web Application Firewall (WAF) applied to HTTP web services is an interesting concept.

It basically consists of extracting from a web app a set of rules that describes how the endpoints should be used. Then a Firewall proxy can enforce those rules on incoming requests.

Le't say you have a search api where you want to validate that:

  • there's a optional before field that has to be a datetime
  • you want to limit the number of calls per user per minute to 10
  • you want to reject with a 405 any call that uses another HTTP method than GET

Such a rule could look like this:

"/search": {
    "GET": {
        "parameters": {
            "before": {
                "required": false
        "limits": {
            "rates": [
                    "seconds": 60,
                    "hits": 10,
                    "match": "header:Authorization AND header:User-Agent or remote_addr"

Where the rate limiter will use the Authorization and the User-Agent header to uniquely identify a user, or the remote IP address if those fields are not present.


We've played a little bit around request validation with Cornice, where you can programmatically describe schemas to validate incoming requests, and the ultimate goal is to make Cornice generate those rules in a spec file independantly from the code.

I've started a new project around this with two colleagues at Mozilla (Julien & Benson), called Videur. We're defining a very basic JSON spec to describe rules on incoming requests:

What makes it a very exciting project is that our reference implementation for the proxy is based on NGinx and Lua.

I've written a couple of Lua scripts that get loaded in Nginx, and our Nginx configuration roughly looks like this for any project that has this API spec file:

http {
    server {
        listen 80;
        set $spec_url "";
        access_by_lua_file "videur.lua";

Instead of manually defining all the proxy rules to point to our app, we're simply pointing the spec file that contains the description of the endpoints and use the lua script to dynamically build all the proxying.

Videur will then make sure incoming requests comply with the rules before passing them to the backend server.

One extra benefit is that Videur will reject any request that's not described in the spec file. This implicit white listing is in itself a good way to avoid improper calls on our stacks.

Last but not least, Lua in Nginx is freaking robust and fast. I am still amazed by the power of this combo. Kudos to Yichun Zhang for the amazing work he's done there.

Videur is being deployed on one project at Mozilla to see how it goes, and if that works well, we'll move forward to more projects and add more features.

And thanks to NginxTest our Lua script are fully tested.

Planet MozillaHive Labs at the Mozilla Festival: Building an Ecosystem for Innovation


This weekend marks the fifth year anniversary of the Mozilla Festival - and Hive Labs has a ton of fun design - oriented, hands-on activities to get messy with in person or remotely. We are using the event to explore design questions that are relevant to local communities and Hives and to dabble in building out a community-driven ecosystem for innovation. Here's a few highlights:

Challenges to Enacting and Scaling Connected Learning

This year, the Hive track at MozFest ( is bringing together Hive and "Hive curious" travelers from around the world to incubate solutions to shared challenges in enacting and scaling connected learning. We're working together over the course of the MozFest weekend to collaboratively answer questions that come up again and again in our networks across the globe. One question that Hive Labs is focusing on is: How do we build a community that supports innovation in the education space? 

Action Incubator

We will be hosting a series of activities embedded within the Hive track to think through problems in your Hives and local communities and brainstorming solutions collectively. We will be leveraging three teaching kit's that were made specifically to facilitate this kind of design thinking activity:

  • Firestarter: In this activity, participants will identify opportunities and then brainstorm potential design solutions.
  • User Testing at an Event: Events are a great time to leverage all of the different kinds of voices in a room to get feedback on an in-progress project or half-baked idea. This activity will help you to test ideas and projects and get constructive and actionable feedback.
  • Giving + Getting Actionable Feedback: Getting effective and actionable feedback on your half - baked ideas and projects can be challenging. This activity explores some ways to structure your feedback session.

Art of the Web 

This entire track is dedicated to showcasing and making art using the Web as your medium. Follow the #artoftheweb hashtag on twitter. 

in response to the #mozfest remotee challenge

MozFest Remotee Challenge

Want to join in on all of the Mozilla Festival action even though you aren't physically at the event? This challenge is for you! We have compiled a handful of activities focused on Web Literacy, supporting community - based learning and making so that you can take part in the conversation and brainstorming at the Mozilla Festival. Go here to start the challenge.

You can follow along all weekend using the #mozfest or #hivebuzz hashtags on Twitter.

Planet MozillaFirefox incorpora OpenH.264 y más seguridad

Sin darnos cuenta ya está con nosotros una nueva versión de tu navegador favorito. En esta ocasión disfrutarás de interesantes características como la implementación de código abierto del códec H.264, más seguridad y en el caso de los usuarios de Windows, gozarán de un mejor rendimiento.

La misión de Mozilla plantea apoyar y defender la web abierta, cosa que es muy difícil debido al reclamo de los usuarios en reproducir contenido en formatos cerrados, por lo que Mozilla debe pagar a sus propietarios la inclusión del código en Firefox. Poco a poco se fueron dando pasos de avance, primero con la posibilidad de usar los códecs instalados (Windows) y después si teníamos instalado el adecuado plugin de Gstreamer (Linux). Ahora se añade el soporte a OpenH264 y proporciona seguridad al navegador pues se ejecuta en sandbox.

La experiencia de búsqueda desde la barra de direcciones ha recibido mejoras. Si intentas ir a un sitio que no es real, Firefox verifica si existe y alerta si deseas ir allí o realizar una búsqueda con el motor elegido por ti. También desde la página de inicio (about:home) y nueva pestaña (about:newtab) se mostrarán sugerencias de búsqueda mientras escribes en los campos de búsqueda.

Una nueva Política de Seguridad sobre el Contendio (CSP) hará más seguro al navegador y protegerá mejor tu información almacenada en tu computadora. Además, se ha dado soporte para conectarse a servidores proxy HTTP a través de HTTPS.

Mientras tanto, los usuarios de Windows recibirán nuevos cambios en la arquitectura de Firefox que propician un mejor rendimiento pues ahora varias tareas se separan del proceso principal. Más adelante veremos muchos más radicales con respecto a la arquitectura.

Firefox ahora habla azerbaiyano, se mejoró la seguridad al restaurar una sesión y se han añadido muchos cambios para desarrolladores.

Para Android

  • Posibilidad de enviar videos a dispositivos Chromecast y Roku.
  • Restaurar la última pestaña cerrada.
  • Lista de las pestañas cerradas recientemente.
  • Cerrar todas las pestañas de una sola vez.
  • Añadida la opción de borrar los datos claros al salir.
  • Los elementos del formularios han sido actualizados a una vista más moderna.
  • Añadido los idiomas Aragonés [an], Frisón [fy-NL], Kazajo [kk] y Khmer [km]

Si deseas conocer más, puedes leer las notas de lanzamiento.

Puedes obtener esta versión desde nuestra zona de Descargas en español e inglés para Linux, Mac, Windows y Android. Recuerda que para navegar a través de servidores proxy debes modificar la preferencia network.negotiate-auth.allow-insecure-ntlm-v1 a true desde about:config.

Planet MozillaReps Weekly Call – October 23th 2014

Last Thursday we had our regular weekly call about the Reps program, where we talk about what’s going on in the program and what Reps have been doing during the last week.



  • The Open Standard.
  • Firefox 10th anniversary.
  • New council members.
  • Mozfest.
  • New reporting activities.

Detailed notes

AirMozilla video

Don’t forget to comment about this call on Discourse and we hope to see you next week!

Planet MozillaA quick note for Mozillians regarding MathML on Wikipedia

As mentioned some time ago and as recently announced on the MathML and MediaWiki mailing lists, a MathML mode with SVG/PNG fallback is now available on Wikipedia. In order to test it, you need to log in with a Wikipedia account and select the mode in the "Math" section of your preferences.


Some quick notes for Mozillians:

  • Although Mozilla intern Jonathan Wei has done some work on MathML accessibility and that there are reports about work in progress to make Firefox work with NVDA / Orca / VoiceOver, we unfortunately still don't have something ready for Gecko browsers. You can instead try the existing solutions for Safari or Internet Explorer (ChromeVox and JAWS 16 beta are supposed to be MathML-aware but fail to read the MathML on Wikipedia at the moment).

  • By default, the following MATH fonts are tried: Cambria Math, Latin Modern Math, STIX Math, Latin Modern Math (Web font). In my opinion, our support for Cambria Math (installed by default on Windows) is still not very good, so I'd recommend to use Latin Modern Math instead, which has the same "Computer Modern" style as the current PNG mode. To do that, go to the "Skin" section of your preferences and just add the rule math { font-family: Latin Modern Math; } to your "Custom CSS". Latin Modern Math is installed with most LaTeX distributions, available from the GUST website and provided by the MathML font add-on.

  • You can actually install various fonts and try to make the size and style of the math font consistent with the surrounding text. Here are some examples:

    /* Asana Math (Palatino style) */
    .mw-body, mtext {
        font-family: Palatino Linotype, URW Palladio L, Asana Math;
    math {
        font-family: Asana Math;
    /* Cambria (Microsoft Office style) */
    .mw-body, mtext {
        font-family: Cambria;
    math {
        font-family: Cambria Math;
    /* Latin Modern (Computer Modern style) */
    .mw-body, mtext {
        font-family: Latin Modern Roman;
    math {
        font-family: Latin Modern Math;
    /* STIX/XITS (Times New Roman style) */
    .mw-body, mtext {
        font-family: XITS, STIX;
    math {
        font-family: XITS Math, STIX Math;
    /* TeX Gyre Bonum (Bookman style) */
    .mw-body, mtext {
        font-family: TeX Gyre Bonum;
    math {
        font-family: TeX Gyre Bonum Math;
    /* TeX Gyre Pagella (Palatino style) */
    .mw-body, mtext {
        font-family: TeX Gyre Pagella;
    math {
        font-family: TeX Gyre Pagella Math;
    /* TeX Gyre Schola (Century Schoolbook style) */
    .mw-body, mtext {
        font-family: TeX Gyre Schola;
    math {
        font-family: TeX Gyre Schola Math;
    /* TeX Gyre Termes (Times New Roman style) */
    .mw-body, mtext {
        font-family: TeX Gyre Termes;
    math {
        font-family: TeX Gyre Termes Math;
  • We still have bugs with missing fonts and font inflation on mobile devices. If you are affected by these bugs, you can force the SVG fallback instead:

    span.mwe-math-mathml-inline, div.mwe-math-mathml-display {
      display: none !important;
    span.mwe-math-mathml-inline + .mwe-math-fallback-image-inline {
      display: inline !important;
    div.mwe-math-mathml-display + .mwe-math-fallback-image-display {
      display: block !important;
  • You might want to install some Firefox add-ons for copying MathML/LaTeX, zooming formulas or configuring the math font.

  • Finally, don't forget to report bugs to Bugzilla so that volunteers can continue to improve our MathML support. Thank you!

Planet MozillaTIL Debugging Gaia with B2G Desktop and WebIDE.

TIL Debugging Gaia with B2G Desktop and WebIDE.

24 Oct 2014 - Toronto, ON

With some great help from Rob Wood from Mozilla Firefox OS Automation team, I finally managed to get Gaia up and running and ready for debugging with B2G Desktop Nightly build and WebIDE.

It is currently impossible to develop / debug Gaia using Firefox for Desktop. Thus, it's a pretty big barrier for new contributors who are just starting out with Gaia. Turns out, it is fairly easy to run Gaia codebase with B2G Desktop build. Here are the instructions:



  • In your Gaia repository build a Gaia user profile from scratch: make

  • Run the following command to start the B2G Nightly build with Gaia profile that you just built: /path/to/your/B2G/b2g-bin -profile /path/to/your/gaia/profile -start-debugger-server [PORT_NUMBER] For example: /Applications/ -profile /Users/me/gaia/profile -start-debugger-server 7000

  • Start Firefox for Desktop Nightly build

  • Open WebIDE (Tools -> Web Developer -> WebIDE)

  • Press Select Runtime -> Remote Runtime

  • Replace the port with the one used in step 2 (7000) and click OK

  • A dialog should pop up within the B2G emulator asking to permit remote debugging. Press OK

  • At this point you should have access to all apps bundled with the profile as well as the Main Process via WebIDE

  • When you make changes to Gaia code base, you can run make again to rebuild your profile. Hint: if you are working on a single app, just run APP=my_app make to only rebuild the app.


Planet MozillaUnity corona a Firefox como el mejor navegador para utilizar contenido Unity WebGL

La tecnología multiplataforma de Unity se está erigiendo como la mejor alternativa para todos los que quieren disfrutar de los cada vez más populares juegos para navegadores web. De hecho, la compañía está actualmente trabajando para integrar la tecnología WebGL por la que cada vez más navegadores están apostando.

Con la intención de facilitar su labor a la hora de integrar WebGL, Unity ha desarrollado un benchmark para medir el rendimiento de los diferentes navegadores y sistemas operativos a la hora de usar su tecnología. Para realizar la serie de test a la que han sometido a los navegadores, el equipo de Unity ha comparado el rendimiento nativo con el de los navegadores Firefox 32, Chrome 37 y Safari 8 instalados en un MacBook Pro con procesador i7 a 2,6 GHz y sistema operativo OS X 10.10.

En la imagen se puede observar como en ocasiones Firefox obtiene mejor puntuación ejecutando las pruebas que el propio código nativo de Unity.


Pruebas realizadas

Según los resultados completos de los tests que pueden ver, y en los que se compara el rendimiento de los tres navegadores usando WebGL con el código nativo de Unity, de entre los tres participantes es Firefox el que ha resultado el ganador en prácticamente la totalidad de factores analizados por el benchmark, por lo que es sin duda el mejor para usar la tecnología Unity WebGL.


Suma total de las puntuaciones obtenidas

Podrán encontrar más información sobre este tema en

Fuente: Genbeta

Planet MozillaThanks, Mozilla

random access memoryThis’ll be my last post to

After 8 years and thousands of airmiles, I’ve decided to leave Mozilla. It’s been an incredible ride and I’ve met a lot of great people. I am incredibly grateful for the adventure.

Thanks for the memories.

Planet MozillaGPU Profiling has landed

A quick remainder that one of the biggest benefit to having our own built-in profiler is that individual teams and project can add their own performance reporting features. The graphics team just landed a feature to measure how much GPU time is consumed when compositing.

I already started using this in bug 1087530 where I used it to measure the improvement from recycling our temporary intermediate surfaces.

Screenshot 2014-10-23 14.35.29Here we can see that the frame had two rendering phases (group opacity test case) totaling 7.42ms of GPU time. After applying the patch from the bug and measuring again I get:

Screenshot 2014-10-23 14.38.15Now with retaining the surface the rendering GPU time drops to 5.7ms of GPU time. Measuring the GPU time is important because timing things on the CPU time is not accurate.

Currently we still haven’t completed the D3D implementation or hooked it up to WebGL, we will do that as the need arises. To implement this, when profiling, we insert a query object into the GPU pipeline for each rendering phase (framebuffer switches).

Planet WebKitFuzzinator reloaded

It's been a while since I last (and actually first) posted about Fuzzinator. Now I think that I have enough new experiences worth sharing.

More than a year ago, when I started fuzzing, I was mostly focusing on mutation-based fuzzer technologies since they were easy to build and pretty effective. Having a nice error-prone test suite (e.g. LayoutTests) was the warrant for fresh new bugs. At least for a while.

read more

Planet Mozillar=gfritzsche

I’m happy to announce that Georg Fritzsche is now officially a Firefox reviewer.

Georg has been contributing to Firefox for a while now – his contributions started with done some great work on Firefox’s Telemetry system, as well as investigating stability issues in plugins and Firefox itself. He played a crucial role in building the telemetry experiments system, and more recently has become familiar with a few key parts of the Firefox front-end code, including our click to play plugin UI and the upcoming “FHR self support” feature. He’s a thorough reviewer with lots of experience with Mozilla code, so don’t hesitate to ask Georg for review if you’re patching Firefox!

Thanks Georg!

Planet MozillaA little randomness for Hacker News

In systems that rely heavily on “most popular” lists, like Reddit or Hacker News, the rich get richer while the poor stay poor. Since most people only look at the top of the charts, anything that’s not already listed has a much harder time being seen. You need visibility to get ratings, and you need ratings to get visibility.

Aggregators try to address this problem by promoting the items as well as popular ones. But this is hard to do effectively. For example, the “new” page at Hacker News gets only a fraction of the front page’s traffic. Most users want to see the best content, not wade through an unfiltered stream of links. Thus, very little input is available to decide which links get promoted to the front page.

As an experiment, I wrote a userscript that uses the Hacker News API to search for new or low-ranked links and randomly insert just one or two of them into the front page. It’s also available as a bookmarklet for those who can’t or don’t want to install the user script.

Install user script (may require a browser extension)

Randomize HN (drag to bookmark bar, or right-click to bookmark)

This gives readers a chance to see and vote on links that they otherwise wouldn’t, without altering their habits or wading through a ton of unfiltered content. Each user will see just one or two links per visit, but thanks to randomness a much larger number of links will be seen by the overall user population. My belief, though I can’t prove it, is that widespread use of this feature would improve the quality of the selection process.

The script isn’t perfect (search for FIXME in the source code for some known issues), but it works well enough to try out the idea. Unfortunately, the HN API doesn’t give access to all the data I’d like, and sometimes the script won’t find any suitable links to insert. (You can look at your browser’s console to see which which items were randomly inserted.) Ideally, this feature would be built in to Hacker News—and any other service that recommends “popular” items.

Planet MozillalocalForage vs. XHR

tl;dr; Fetching from IndexedDB is about 5-15 times faster than fetching from AJAX.

localForage is a wrapper for the browser that makes it easy to work with any local storage in the browser. Different browsers have different implementations. By default, when you use localForage in Firefox is that it used IndexedDB which is asynchronous by default meaning your script don't get blocked whilst waiting for data to be retrieved.

A good pattern for a "fat client" (lots of javascript, server primarly speaks JSON) is to download some data, by AJAX using JSON and then store that in the browser. Next time you load the page, you first read from the local storage in the browser whilst you wait for a fresh new JSON from the server. That way you can present data to the screen sooner. (This is how Buggy works, blogged about it here)

Another similar pattern is that you load everything by AJAX from the server, present it and store it in the local storage. Then you perdiocally (or just on onload) you send the most recent timestamp from the data you've received and the server gives you back everything new and everything that has changed by that timestamp. The advantage of this is that the payload is continuously small but the server has to make a custom response for each client whereas a big fat blob of JSON can be better cached and such. However, oftentimes the data is dependent on your credentials/cookie anyway so most possibly you can't do much caching.

Anyway, whichever pattern you attempt I thought it'd be interesting to get a feel for how much faster it is to retrieve from the browsers memory compared to doing a plain old AJAX GET request. After all, browsers have seriously optimized for AJAX requests these days so basically the only thing standing in your way is network latency.

So I wrote a little comparison script that tests this. It's here:

It retrieves a 225Kb JSON blob from the server and measures how long that took to become an object. Equally it does the same with localforage.getItem and then it runs this 10 times and compares the times. It's obviously not a surprise the local storage retrieval is faster, what's interesting is the difference in general.

What do you think? I'm sure both sides can be optimized but at this level it feels quite realistic scenarios.

Planet MozillaInterim results of the Web Literacy Map 2.0 community survey

Thanks to my colleague Adam Lofting, I’ve been able to crunch some of the numbers from the Web Literacy Map v2.0 community survey. This will remain open until the end of the month, but I thought I’d share some of the results.

Web Literacy Map v2.0 community survey: overview

This is the high-level overview. Respondents are able to indicate the extent to which they agree or disagree with each proposal on a five-point scale. The image above shows the average score as well as the standard deviation. Basically, for the top row the higher the number the better. For the bottom row, low is good.

Web Literacy Map v2.0 community survey: by location

Breaking it down a bit further, there’s some interesting things you can pull out of this. Note that the top-most row represents people who completed the survey, but chose not to disclose their location. All of the questions are optional.

Things that stand out:

  • There’s strong support for Proposal 4: I believe that concepts such as ‘Mobile’, 'Identity’, and 'Protecting’ should be represented as cross-cutting themes in the Web Literacy Map.
  • There’s also support for Proposal 1: I believe the Web Literacy Map should explicitly reference the Mozilla manifesto and Proposal 5: I believe a 'remix’ button should allow me to remix the Web Literacy Map for my community and context.
  • People aren’t so keen on Proposal 2: I believe the three strands should be renamed 'Reading’, 'Writing’ and 'Participating’. (although, interestingly, in the comments people say they like the term 'Participating’, just not 'Reading’ and 'Writing’ which many said reminded them too much of school!)

This leaves Proposal 3: I believe the Web Literacy Map should look more like a 'map’. This could have been better phrased, as the assumption in the comments seems to be that we can present it either as a grid or as a map. In fact, here’s no reason why we can’t do both. In fact, I’d like to see us produce:

Finally, a word on Proposal 5 and remixing. In the comments there’s support for this - but also a hesitation lest it 'dilutes’ the impact of the Web Literacy Map. A number of people suggested using a GitHub-like model where people can 'fork’ the map if necessary. In fact, this is already possible as v1.1 is listed as a repository under the Mozilla account.

I’m looking forward to doing some more analysis of the community survey after it closes!

Comments? Questions? Send them this way: @dajbelshaw or

Planet MozillaHow I Do Code Reviews at Mozilla

Since I received some good feedback about my prior post, How I Hire at Mozilla, I thought I’d try to continue this is a mini-series about how I do other things at Mozilla. Next up is code review.

Even though I have found new module owners for some of the code I own, I still end up doing 8-12 review/feedback cycles per week. Reviews are only as good as the time you spend on them: I approach reviews in a fairly systematic way.

When I load a patch for review, I don’t read it top-to-bottom. I also try to avoid reading the bug report: a code change should be able to explain itself either directly in the code or in the code commit message which is part of the patch. If bugzilla comments are required to understand a patch, those comments should probably be part of the commit message itself. Instead, I try to understand the patch by unwrapping it from the big picture into the small details:

The Commit Message

  • Does the commit message describe accurately what the patch does?
  • Am I the right person to make a decision about this change?
  • Is this the right change to be making?
  • Are there any external specifications for this change? This could include a UX design, or a DOM/HTML specification, or something else.
  • Should there be an external specification for this change?
  • Are there other experts who should be involved in this change? Does this change require a UX design/review, or a security, privacy, legal, localization, accessibility, or addon-compatibility review or notification?

Read the Specification

If there is an external specification that this change should conform to, I will read it or the appropriate sections of it. In the following steps of the review, I try to relate the changes to the specification.


If there is in-tree documentation for a feature, it should be kept up to date by patches. Some changes, such as Firefox data collection, must be documented. I encourage anyone writing Mozilla-specific features and APIs to document them primarily with in-tree docs, and not on In-tree docs are much more likely to remain correct and be updated over time.

API Review

APIs define the interaction between units of Mozilla code. A well-designed API that strikes the right balance between simplicity and power is a key component of software engineering.

In Mozilla code, APIs can come in many forms: IDL, IPDL, .webidl, C++ headers, XBL bindings, and JS can all contain APIs. Sometimes even C++ files can contain an API; for example Mozilla has an mostly-unfortunate pattern of using the global observer service as an API surface between disconnected code.

In the first pass I try to avoid reviewing the implementation of an API. I’m focused on the API itself and its associated doccomments. The design of the system and the interaction between systems should be clear from the API docs. Error handling should be clear. If it’s not perfectly obvious, the threading, asynchronous behavior, or other state-machine aspects of an API should be carefully documented.

During this phase, it is often necessary to read the surrounding code to understand the system. None of our existing tools are very good at this, so I often have several MXR tabs open while reading a patch. Hopefully future review-board integration will make this better!

Brainstorm Design Issues

In my experience, the design review is the hardest phase of a review, the part which requires the most experience and creativity, and provides the most value.

  • How will this change interact with other code in the tree?
  • Are there edge cases or failure cases that need to be addressed in the design?
  • Is it likely that this change will affect performance or security in unexpected ways?

Testing Review

I try to review the tests before I review the implementation.

  • Are there automated unit tests?
  • Are there automated performance tests?
  • Is there appropriate telemetry/field measurement, especially for error conditions?
  • Do the tests cover the specification, if there is one?
  • Do the tests cover error conditions?
  • Do the tests strike the right balance between “unit” testing of small pieces of code versus “integration” tests that ensure a feature works properly end-to-end?

Code Review

The code review is the least interesting part of the review. At this point I’m going through the patch line by line.

  • Make sure that the code uses standard Mozilla coding style. I really desperately want somebody to automated lots of this as part of the patch-submission process. It’s tedious both for me and for the patch author if there are style issues that delay a patch and require another review cycle.
  • Make sure that the number of comments is appropriate for the code in question. New coders/contributors sometimes have a tendency to over-comment things that are obvious just by reading the code. Experienced contributors sometimes make assumptions that are correct based on experience but should be called out more explicitly in the code.
  • Look for appropriate assertions. Assertions are a great form of documentation and runtime checking.
  • Look for appropriate logging. In Mozilla we tend to under-log, and I’d like to push especially new code toward more aggressive logging.
  • Mostly this is scanning the implementation. If there is complexity (such as threading!), I’ll have to slow down a lot and make sure that each access and state change is properly synchronized.

Re-read the Specification

If there is a specification, I’ll briefly re-read it to make sure that it was covered by the code I just finished reading.


Currently, I primarily do reviews in the bugzilla “edit” interface, with the “edit attachment as comment” option. Splinter is confusing and useless to me, and review-board doesn’t seem to be ready for prime-time.

For long or complex reviews, I will sometimes copy and quote the patch in emacs and paste or attach it to bugzilla when I’m finished.

In some cases I will cut off a review after one of the earlier phases: if I have questions about the general approach, the design, or the API surface, I will often try to clarify those questions before proceeding with the rest of the review.

There’s an interesting thread in about whether it is discouraging to new contributors to mark “review-” on a patch, and whether there are less-painful ways of indicating that a patch needs work without making them feel discouraged. My current practice is to mark r- in all cases where a patch needs to be revised, but to thank contributors for their effort so that they are still appreciated and to be as specific as possible about required changes while avoiding any words that could be perceived as an insult.

If I haven’t worked with a coder (paid or volunteer) in the past, I will typically always ask them to submit an updated patch with any changes for re-review. This allows me to make sure that the changes were completed properly and didn’t introduce any new problems. After I gain some experience, I will often trust people to make necessary changes and simply mark “r+ with review comments fixed”.

Planet MozillaDisabling Buttons In Preferences

I get asked a lot how to disable certain buttons in preferences like Make Firefox the default browser or the various buttons in the Startup groupbox. Firefox does have a way to disable these buttons, but it's not very obvious. This post will attempt to remedy that.

These buttons are controlled through preferences that have the text "disable_button" in them. Just changing the preference to true isn't enough, though. The preference has to be locked, either via the CCK2 or AutoConfig. What follows is a mapping of all the preferences to their corresponding buttons.

Advanced->General->Make Firefox the default browser
General->Use Current Pages
General->Use Bookmark
General->Restore to Default
Advanced->Certificates->View Certificates
Advanced->Certificates->Security Devices
Advanced->Update->Show Update History
Privacy->History->Show Cookies
Security->Passwords->Saved Paswords

As a bonus, there's one more preference you can set and lock - pref.downloads.disable_button.edit_actions. It prevents the changing of any actions on the Applications page in preferences.

Planet MozillaFirefox 34 beta1 to beta2

  • 60 changesets
  • 135 files changed
  • 2926 insertions
  • 673 deletions



List of changesets:

Justin DolskeBug 1068290 - UI Tour: Add ability to highlight New Private Window icon in chrome. r=MattN a=dolske - aa77bc7b59e3
Justin DolskeBug 1072036 - UI Tour: Add ability to highlight new privacy button. r=mattn a=dolske - d37b92959827
Justin DolskeBug 1071238 - UI Tour: add ability to put a widget in the toolbar. r=mattn a=dolske - 1c96180e6a5b
Blair McBrideBug 1068284 - UI Tour: Add ability to highlight search provider in search menu. r=MattN a=dolske - 9d4b08eecd9a
Joel MaherBug 1083369 - update talos.json to include fixes for mainthreadio whitelist and other goodness. r=dminor a=test-only - 184bc1bea651
Bas SchoutenBug 1074272 - Use exception mode 0 for our D3D11 devices. r=jrmuizel, a=sledru - 46d2991042df
Gijs KruitboschBug 1079869 - Fix closing forget panel by adding a closemenu=none attribute. r=jaws, a=sledru - e6441f98f159
Patrick BrossetBug 1020038 - Disable test browser/devtools/layoutview/test/browser_layoutview_update-in-iframes.js. a=test-only - da7c401c5aa7
Jeff GilbertBug 1079848 - Large allocs should be infallible and handled. r=kamidphish, a=sledru - 03d4ab96c271
Mike HommeyBug 1081031 - Unbust xulrunner mac builds by not exporting all JS symbols (Bug 920731). r=bsmedberg, a=npotb - 5967c4a96835
Mark BannerBug 1081906 - Fix unable to start Firefox due to 'Couldn't load XPCOM'. r=bsmedberg, a=sledru - c212fd07fd32
Georg FritzscheBug 1079312 - Fix invalid log.warning() to log.warn(). r=irving, a=sledru - ae6317e02f72
Mike de BoerBug 1081130 - Fix importing contacts with only a phone number and fetch the correct format. r=abr, a=sledru - 1f7f807b6362
Simon MontaguTest for Bug 1067268. r=jfkthame, a=lmandel - 4f904d9bcff2
Simon MontaguBug 1067268 - Don't mix physical and logical coordinates when calculating width to clear past floats. r=jfkthame, a=lmandel - 29dd7b8ee41f
JW WangBug 1069289 - Take |mAudioEndTime| into account when updating playback position at the end of playback. r=kinetik, a=lmandel - 31fc68be9136
David KeelerBug 1058812 - mozilla::pkix: Add SignatureAlgorithm::unsupported_algorithm to better handle e.g. roots signed with RSA/MD5. r=briansmith, a=lmandel - 2535e75ff9c6
David KeelerBug 1058812 - mozilla::pkix: Test handling unsupported signature algorithms. r=briansmith, a=lmandel - a7b8a4567262
Jonathan KewBug 1074223 - Update OTS to pick up fixes for upstream issues 35, 37. Current rev: c24a839b1c66c4de09e58fabaacb82bf3bd692a4. r=jdaggett, a=lmandel - 6524ec11ce53
Gijs KruitboschBug 1050638 - Should be able to close tab with onbeforeunload warning if clicking close a second time. r=ttaubert, a=lmandel - 98fc091c4706
JW WangBug 760770 - Allow 'progress' and 'suspend' events after 'ended'. r=roc, a=test-only - 915073abfd8b
Benjamin ChenBug 1041362 - Modify testcases because during the oncanplaythrough callback function, the element might not ended but the mediastream is ended. r=roc, a=test-only - c3fa7201e034
Jean-Yves AvenardBug 1079621 - Return error instead of asserting. r=kinetik, a=lmandel - 9be2b1620955
Andrei OpreaBug 1020449 Loop should show caller information on incoming calls. Patch originally by Andrei, updated and polished by Standard8. r=nperriault a=lmandel - 742beda04394
Mark BannerBug 1020449: Fix typo in addressing review comments in Bug 1020449 that caused broken jsx. rs=NiKo a=lmandel - 0033bca3ce22
Mark BannerBug 1029433 When in a Loop call, the title bar should display the remote party's information. r=nperriault a=lmandel - 530ec559a14c
Simone BrunoBug 1058286 - Add in-tree manifests needed for tests. DONTBUILD a=NPOTB - 0b7106ef79d2
Jonathan KewBug 1074809 - For OTS warning (rather than failure) messages, only log the first occurrence of any given message per font. r=jdaggett, a=lmandel - 1875f4aff106
Ed LeeBug 1081157 - "What is this page" link appears on "blank" version of about:newtab. r=ttaubert, a=sledru - c00a4cfe83e9
Matthew GreganBug 1080986 - Check list chunk is large enough to read list ID before reading. r=giles, a=sledru - bb851de524c2
Matthew GreganBug 1079747 - Follow WhatWG's MIMESniff spec for MP4 more closely. r=cpearce, a=sledru - f752e25f4c42
Steven MichaudBug 1084589 - Fix a Yosemite topcrasher. r=gijskruitbosch a=gavin - 3a24d0c65745
Mike de BoerBug 1081061: switch to a different database if a userProfile is active during the first mozLoop.contacts access to always be in sync with the correct state. r=MattN. a=lmandel - 6b4c22bfe385
Mark BannerBug 1081066 Incoming call window stays open forever if the caller closes the window/tab or crashes. r=nperriault a=lmandel - 8c329499cf7d
Matthew NoorenbergheBug 1079656 - Make the Loop Account menu item work after a restart. r=jaws a=lmandel - ada526904539
Mike de BoerBug 1076967: fix Error object data propagation to Loop content pages. r=bholley a=lmandel - 880cfb4ef6f8
Mark BannerBug 1078226 Unexpected Audio Level indicator on audio-only calls for Loop, also disable broken low-quality video warning indicator. r=nperriault a=lmandel - 5ad9f4e96214
Nicolas PerriaultBug 1048162 Part 1 - Add an 'Email Link' button to Loop desktop failed call view. r=Standard8 a=lmandel - f705ffd06218
Mark BannerBug 1081154 - Loop direct calls should attempt to call phone numbers as well as email addresses. r=mikedeboer a=lmandel - 191b3ce44bea
Nicolas PerriaultBug 1048162 Part 2 - Display an error message if fetching an email link fails r=standard8,darrin a=lmandel - 3fc523fcc7da
Mike de BoerBug 1013989: change the label of the Loop button to Hello. r=MattN a=lmandel - 2edc9ed56fa4
Romain GauthierBug 1079811 - A new call won't start if the outgoing call window is opened (showing feedback or retry/cancel). r=Standard8 a=lmandel - a4e22c4da890
Mike de BoerBug 1079941: implement to allow searching for contacts by query and use that to find out if a contact who's trying to call you is blocked. r=abr a=lmandel - bda95894a692
Randell JesupBug 1084384: support importing contacts with phone numbers in a different format r=abr a=lmandel - 8c42ccaf8aa1
Mike de BoerBug 1084097: make sure that the Loop button only shows up in the palette when unthrottled. r=Unfocused a=lmandel - 5840764c4312
Randell JesupBug 1070457: downgrade assertion about cubeb audiostreams to a warning r=roc a=lmandel - 9e420243b962
Randell JesupBug 1075640: Don't return 0-length frames for decoding; add comments about loss handling r=ehugg a=lmandel - bb26f4854630
Ethan HuggBug 1075640 - Check for zero length frames in GMP H264 decode r=jesup a=lmandel - 452bc7db811e
Luke WagnerBug 1064668 - OdinMonkey: Only add AsmJSActivation to profiling stack after it is fully initialized. r=djvj, a=lmandel - eb43a2c05eb3
Bas SchoutenBug 1060588 - Use PushClipRect when possible in ClipToRegionInternal. r=jrmuizel, a=lmandel - 6609fd74488b
Gijs KruitboschBug 1077404 - subviewradio elements in panic button panel are elliptical and labels get borders. r=jaws, a=lmandel - 2418d9e17dd0
Markus StangeBug 1081160 - Update window shadows for Yosemite. r=smichaud, a=lmandel - fc032520a26e
Chenxia LiuBug 1079761 - Add 'stop tab mirroring' one level higher in the menu. r=rbarker, a=lmandel - 4018d170ab06
Mike HommeyBug 1082323 - Reject pymake in r=mshal, a=sledru - f19a52b7e6ec
Tomasz KołodziejskiBug 1074817 - Allow downgrade of content-prefs.sqlite. r=MattN, a=lmandel - 2235079fe205
Gijs KruitboschBug 1083895 - Favicon should not change if link element isn't in DOM. r=bz, a=lmandel - 73bc0bc9343b
Dragana DamjanovicBug 1081794 - Fixing a test for dns request cancel. On e10s, the dns resolver is sometimes faster than a cancel request. Use a random string to be resolved instead of a fix one. r=sworkman, a=test-only - 6d2e5afd8b75
Nicolas SilvaBug 1083071 - Add some old intel drivers to the blocklist. r=Bas, a=sledru - 53b97e435f10
Nicolas SilvaBug 1083071 - Blacklist device family IntelGMAX4500HD drivers older than 7-19-2011 because of OMTC issues on Windows. r=Bas, a=sledru - b5d97c1c71b7
Ryan VanderMeulenBug 1083071 - Change accidentally-used periods to commas. rs=nical, a=bustage - 8cc403ad710b

Planet MozillaThe editors I’ve been using – which one is your favorite?

The other day when I wrote about Vim and how to get started with it, I got a bit nostalgic with the editors I’ve been using over the years.

Therefore, I thought I’d list the editors I’ve been using over the years. I remember dabbling around with a few and trying to understand them, but this list is made up of editors that I’ve been using extensively:

    Allaire HomeSite
    Ah, good ol’ HomeSite. You never forget your first real editor that you used for your creations. It was later bought by MacroMedia and then, in 2009, it was retired. Its creator, Nick Bradbury, wrote a bit about that in HomeSite Discontinued. I also sometimes used TopStyle, also created by Nick, as a complement to HomeSite – and that one is actually still alive!
    Visual Studio.NET
    I was young and I needed the money.
    After my switch to Mac OS X, I quickly started using TextMate and it was my main editor for a good number of years.
    When I had used TextMate for a long time, a number of developers told me I should really get into Vim, where MacVim seemed like the most suitable alternative. I tried, really hard, with it for about 6 months; learned a lot, but eventually went back to TextMate.
    Sublime Text
    Later, along came Sublime Text and seemed to have a lot of nice features and active development, while TextMate had been pretty stale for a long time.
    MacVim (again)
    And now, as explained in my recent blog post on Vim, I’m back there again. :-)

I also do like to dabble around with various editors, to see what I like, get another perspective on workflow and general inspiration. One thing I’m toying around with there is Atom from GitHub, and I look forward to testing it more as well.

Which editor are you using?

It would be very interesting and great if you’d like to share in the comments which editor you are using, and why you prefer it! Or with which editor you started your developer career!

Planet MozillaThoughts on numeric types

Rust has fixed width integer and floating point types (`u8`, `i32`, `f64`, etc.). It also has pointer width types (`int` and `uint` for signed and unsigned integers, respectively). I want to talk a bit about when to use which type, and comment a little on the ongoing debate around the naming and use of these types.

Choosing a type

Hopefully you know whether you want an integer or a floating point number. From here on in I'll assume you want an integer, since they are the more interesting case. Hopefully you know if you need your integer to be signed or not. Then it gets interesting.

All other things being equal, you want to use the smallest integer you can for performance reasons. Programs run as fast or faster on smaller integers (especially if the larger integer has to be emulated in software, e.g., `u64` on a 32 bit machine). Furthermore, smaller integers will give smaller code.

At this point you need to think about overflow. If you pick a type which is too small for your data, then you will get overflow and usually bugs. You very rarely want overflow. Sometimes you do - if you want arithmetic modulo 2^n where n is 8, 16, 32, or 64, you can use the fixed width type and rely on overflow behaviour. Sometimes you might also want signed overflow for some bit twiddling tricks. But usually you don't want overflow.

If your data could grow to any size, you should use a type which will never overflow, such as Rust's `num::bigint::BigInt`. You might be able to do better performance-wise if you can prove that values might only overflow in certain places and/or you can cope with overflow without 'upgrading' to a wider integer type.

If, on the other hand, you choose a fixed width integer, you are asserting that the value will never exceed that size. For example, if you have an ascii character, you know it won't exceed 8 bits, so you can use `u8` (assuming you're not going to do any arithmetic which might cause overflow).

So far, so obvious. But, what are `int` and `uint` for? These types are pointer width, that means they are the same size as a pointer on the system you are compiling for. When using these types, you are asserting that a value will never grow larger than a pointer (taking into account details about the sign, etc.). This is actually quite a rare situation, the usual case is when indexing into an array, which is itself quite rare in Rust (since we prefer using an iterator).

What you should never do is think "this number is an integer, I'll use `int`". You must always consider the maximum size of the integer and thus the width of the type you'll use.

Language design issues

There are a few questions that keep coming up around numeric types - how to name the types? Which type to use as a default? What should `int`/`uint` mean?

It should be clear from the above that there are only very few situations when using `int`/`uint` is the right choice. So, it is a terrible choice for any kind of default. But what is a good choice? Well first of all, there are two meanings for 'default': the 'go to' type to represent an integer when programming (especially in tutorials and documentation), and the default when a numeric literal does not have a suffix and type inference can't infer a type. The first is a matter of recommendation and style, and the second is built-in to the compiler and language.

In general programming, you should use the right width type, as discussed above. For tutorials and documentation, it is often less clear which width is needed. We have had an unfortunate tendency to reach for `int` here because it is the most familiar and the least scary looking. I think this is wrong. We should probably use a variety of sized types so that newcomers to Rust get aquainted with the fixed width integer types and don't perpetuate the habit of using `int`.

For a long time, Rust had `int` as the default type when the compiler couldn't decide on something better. Then we got rid of the default entirely and made it a type error if no precise numeric type could be inferred. Now we have decided we should have a default again. The problem is that there is no good default. If you aren't being explicit about the width of the value, you are basically waving your hands about overflow and taking a "it'll be fine, whatever" approach, which is bad programming. There is no default choice of integer which is appropriate for that situation (except a growable integer like BigInt, but that is not an appropriate default for a systems langauge). We could go with `i64` since that is the least worst option we have in terms of overflow (and thus safety). Or we could go with `i32` since that is probably the most performant on current processors, but neither of these options are future-proof. We could use `int`, but this is wrong since it is so rare to be able to reason that you won't overflow when you have an essentially unknown width. Also, on processors with less than 32 bit pointers, it is far to easy to overflow. I suspect there is no good answer. Perhaps the best thing is to pick `i64` because "safety first".

Which brings us to naming. Perhaps `int`/`uint` are nor the best names since they suggest they should be the default types to use when they are not. Names such as `index`/`uindex`, `int_ptr`/`u_ptr`, and `size`/`usize` have been suggested. All of these are better in that they suggest the proper use for these types. They are not such nice names though, but perhaps that is OK, since we should (mostly) discourage their use. I'm not really sure where I stand on this, again I don't really like any of the options, and at the end of the day, naming is hard.

Planet MozillaThe Status of Math in Open Access

The Status of Math in Open Access

This week, October 20–26, 2014, held the Open Access Week (see the announcement) and will end with Mozilla Festival that has a awesome science track. This post has some thoughts about math and open access and this two events.

Leia mais...

Planet MozillaThanks for all the Fish

I’ve always loved that book or in fact any of Douglas Adams books as they made me laugh while reading for the first time. And like the ending of that series it always seemed a good way to start a ending. This is only the 3rd real job I’ve ever had and they’ve all ended with that as the subject line, so by now you all know where this is going.

The last 3 years 9 months and 21 days have been the best of my adult working life. Mozilla has been more than a job, more than a career. It was a home. The opportunity to apply ones talent in conjunction with values and mission is a gift. It’s a dream state, even on bad days, that I gladly would have remained a slumberer in. The Community of Mozilla is a powerful and wonderful uniqueness that embodies the core of what it means to be Open, and if we ever lose that we’ve lost a precious gem.

I hope to work with many of you again at some future time. If we cross paths somewhere I’d happily lift a libation in remembrance.

With that I shall end with one of my favorite bits of poetry:

Two roads diverged in a yellow wood,
And sorry I could not travel both
And be one traveler, long I stood
And looked down one as far as I could
To where it bent in the undergrowth;

Then took the other, as just as fair,
And having perhaps the better claim
Because it was grassy and wanted wear,
Though as for that the passing there
Had worn them really about the same,

And both that morning equally lay
In leaves no step had trodden black.
Oh, I kept the first for another day!
Yet knowing how way leads on to way
I doubted if I should ever come back.

I shall be telling this with a sigh
Somewhere ages and ages hence:
Two roads diverged in a wood, and I,
I took the one less traveled by,
And that has made all the difference.



Planet MozillaMissoula visit, day 1

NOTE: This is a personal post, so if these sort of things do not interest you please feel free to disregard.

Yesterday I drove from Seattle to Missoula to visit my mother and help her sort out her health issues. I left later than usual, but with the drive time reduced by an hour compared to Portland combined with the relatively straight and boring I-90 I made it to Missoula with energy to spare (which also might have been why I was up far later than my arrival time).

The purpose of my visit is to visit my mother, show that I still care about my family, and help her sort out her medical issues (she’s currently going through her third round of cancer). When I arrived last night around 2300 I didn’t get a very good look at her. She had stayed awake past her normal 2000 time to await my arrival and greet me. Last night was relatively uneventful besides my restful sleep. She showed me to the apartment’s single bedroom. Each surface was meticulously cleaned, although none of the multitude of tchotchkes or personal accessories were organized or put away. While using the bathroom I noticed there was a small mop and bucket. Normally I wouldn’t think much of it, but in previous weeks my sister told me that my mother had given herself a panic attack making sure the apartment was spotless for my arrival. Unfortunately my trip over was waylaid for a few weeks, so I hope that she hasn’t been in such a state the whole time.

Last year I sent her an air purifier to remove all the pet danger from the air, and although she couldn’t figure out what it was or its purpose, thankfully she had finally figured it out and was using it. As a result the air was much cleaner and her phlegm-laden smoker’s cough was slightly better than last time I visited.

This morning I woke up later because I also fell asleep quite late into the morning combined with the timezone change. She has a few friends here in Missoula who (as far as I can tell) provide her with some company and source of gossip and usefulness. when I emerged from my room this morning I found her on the phone with one such friend. I didn’t get much from the conversation, but apparently the daily phone calls are a routine for her. That’s good.

What I really didn’t like though was the television. During the day it was a large part of her unchanging environment. Equipped with a “digital cable” box, this tube never showed anything besides Informative Murder Porn. Likewise, the bookshelves were chocked full of James Patterson books, promising more tripe romance and novelized informative murder porn. Although I fear that it’s rotting her brain I refrained from commenting about it.

After my emergence this morning we finally got a good look at each other. She finally noticed my attempt at growing a beard and I finally noticed her emaciation. Her weight is below 100lb now, and she looks positively skeletal. It’s not a pretty sight. It appears she attempted to dye her hair recently, but even with that effort it’s resisted, instead opting for a grey and wispy appearance. I offered to pick her up a meal with my lunch, but she refused saying that she already had breakfast.

We talked for a while about how she’s been. Besides the new medical situation nothing ever seems to change with her. She remains cloistered in her dark, smoke-smelling apartment with nothing to keep her company save her pets, her informative murder porn, and trashy novels. She hasn’t expressed any dissatisfaction with the situation, so perhaps she enjoys it. I haven’t asked, and haven’t decided if it’s appropriate to ask yet. Perhaps it’s imposing my values on her to think that she would be unhappy with this bountiful life she’s living.

This morning we talked about her medical situation. The gist of the situation is that she believes that she’s been caught up in a catch-22 with a set of doctors, each waiting to hear from another before proceeding to make a diagnosis and start a treatment. I asked her about what she knows (red blood cell count is down), and what kind of treatment she was currently undergoing. The answer was no treatment, so I continued by asking which doctor’s she’s seen and what their next steps would be (or what they’re waiting on). I got quite a few answers about quite a few doctors, and was unfortunately unable to follow most of it. I asked her to write a list of doctors down, along with what she thinks they’re waiting on and the last time they’ve been in contact. Hopefully when I get home this evening I can help untangle this and get her the treatment she needs. She didn’t seem particularly worried about things, which frustrated me. The scenario in front of me was her off-the-cuff attitude about it combined with the television showing an emotionally charged lady with a bloody knife crumpled into a heap on the ground, the police intervening to save the day and arrest the paedophile, had caused me to want to ragequit and give her some time to compile the list of doctors. I do not have much hope of returning home this evening to any list.

This afternoon, as usual for my Missoula visits, I’ve holed up at The Break coffee shop. It’s an old standby for spending uninterrupted time on my laptop to get a little work done. It’s also conveniently located far away from that apartment, and near the other goodness of downtown Missoula. The espresso might have been burnt, but the well worn tables, music reminiscent of my high school days in Missoula, and mixed clientèle lead to a very pleasing atmosphere. As I sit at my stained and worn coffee table typing away at my laptop I can see a young man in a cowboy hat and vest conversing with a friend in a denim jacket over a cup of joe, a dreadlocked young lady enjoying an iced coffee alone, equipped with Macbook and textbooks. Various others including a suited businessman, and a few white collar workers taking a lunch break are around. The bright but persistently drizzling conditions outside add to the hearth-like atmosphere of the shop. This place is going to get sick of me before the week is out.

This afternoon I’m going to attempt to do a bit do a bit of work and get in contact with my father and sister for their obligatory visits. I hope that I can return to my mother’s place and provide some sort of assistance besides moral support.

I’ll be in Missoula until Thursday evening.

Planet MozillaWhat Does Your Life Design Look Like?

I would guess many people would react to this title like what on earth is she talking about? Design my life - what does that even mean? Many people I coach and work with have not thought about their life’s design - meaning the focused work you do, is it in support of your values and vision? the people you surround yourself with - do they inspire and motivate you? the physical space you live in - does it give you energy?  


Your life design includes more than your career. I invite my clients to think beyond what's on paper. Your career is your role, salary, title, industry company. I’m asking you also think of -  who you will be surrounded with, where it might take you beyond the role right now, how it will honour or not honour your values and how it will fit with your vision for your life.


If we jump mindlessly from one opportunity to the next - even if they are great opportunities on the surface eg more money, bigger title etc it can cost us in our personal lives in ways we may not consider. Arianna Huffington recently wrote about this in her book Thrive, “Our relentless pursuit of the two traditional metrics of success - money and power - has led to an epidemic of burnout and stress-related illnesses, and an erosion in the quality of our relationships, family life, and, ironically, our careers”. In addition to this sentiment, everyone’s heard repeated stories of those on their deathbed who never regret not having worked more or harder - what they always say is they wished they'd spent more time with people they loved or doing things that inspire and nurture. These are our regrets. So how do you want to design your life with no regrets in mind?


Here are my 3 tips on designing which I hope inspires you to re-create your designed life:

  1. Know your values and how you want to honour them

  2. Define your vision if not for 5 years at least for the next year - what are the big impressions you want to leave

  3. Who are your stakeholders (the people that matter to you) and how will you honour them

Planet MozillaHow are you discerning who and what influences you?

Being discerning about my influences and experiences - I choose the people, experiences and beauty to influence my life. I find people aren’t always choosy about who or what they allow in their lives - they tend to revert to a default based on who they’ve known forever or do so without thought. I am more discerning now - and decide who I will give my time to, when I might read email, pay attention to my phone, and certainly who I will listen to, take advice from and experiences I want.

On Friday nights I’ve begun turning my phone off from dinner until Saturday night and sometimes Sunday morning - it gives me the opportunity to not be distracted by anyone and fully present in how I design my weekend to maximize rejuvenation and reflection.

I have found several friends that are smarter than me in key areas I love to learn about and so I soak up their thoughts, we share our challenges and learn from each other, we push each other to be even better and stronger than we know and acknowledge where we’re at or how we’re feeling without judgement.

For a complete shift in perspective and experience, I love growing our organic market-garden farm, it’s a venture that gives me solace, grounding, joy on a spiritual and physical plane that is entirely unique - to grow my own food and share this bounty with those that appreciate what it takes is beyond joyful. Particularly when I also then learn what can be done with e.g. ground cherry tomato’s and chocolate or wild leeks and miso :)

And I choose to include some element of beauty in my daily life and surroundings. That might mean picking a simple bouquet of wild flowers to infuse a team meeting room in the fresh scent of lilac’s. Or it could be appreciating fine art in painting or sculpture and the profound and thought-provoking impact the artist intends.

Planet MozillaA 10-point #MozFest survival guide

It’s the Mozilla Festival in London this weekend. It’s sold out, so you’ll have to beg, borrow or steal a ticket! This will will be my fourth, and third as a paid contributor (i.e. Mozilla employee).

Here’s my tips for getting the most of it.

1. Attend the whole thing

There’s always the temptation with multi-day events not to go to each of the days. It’s easy to slip off into the city – especially if it’s one you haven’t been to before. However, that would a real shame as there’s so much to do and see at MozFest. Plus, you really should have booked a few days either side to chill out.

2. Sample everything

Some tracks will grab you more than others. However, with nine floors and multiple sessions happening at the same time, there’s always going to be something to keep you entertained. Feel free to vote with your feet if you’re not getting maximum value from a session – and drop into something you don’t necessarily know a lot about!

3. Drink lots

Not alcohol or coffee – although there’ll be plenty of that on offer! I mean fluids that will rehydrate you. At the Mozilla Summit at the end of last year we were all given rehydration powder along with a Camelbak refillable bottle. This was the perfect combination and I urge you to bring something similar. Pro tip: if you can’t find the powder (it’s harder to come by in the UK) just put a slice of lemon in the bottom of the bottle to keep it tasting fresh all day!

4. Introduce yourself to people

The chances are that you don’t know all 1,600 people who have tickets for MozFest. I know I don’t! You should feel encouraged to go up and introduce yourself to people who look lost, bewildered, or at a loose end. Sample phrases that seem to work well:

  • “Wow, it’s pretty crazy, eh?”
  • “Hi! Which session have you just been to?”
  • “Is this your first MozFest?”

5. Take time out

It’s easy to feel overwhelmed, so feel free to find a corner, put your headphones on and zone out for a while. You’ll see plenty of people doing this – on all floors! Pace yourself – it’s a marathon, not a sprint.

6. Wear comfortable shoes/clothing

There are lifts at the venue but, as you can imagine, with so many people there they get full quickly. As a result there’ll be plenty of walking up and down stairs. Wear your most comfortable pair of shoes and clothing that’ll still look good when you’re a sticky mess. ;-)

7. Expect tech fails

I’ve been to a lot of events and at every single one, whether because of a technical problem or human error, there’s been a tech fail. Expect it! Embrace it. The wifi is pretty good, but mobile phone coverage is poor. Plan accordingly and have a backup option.

8. Ask questions

With so many people coming from so many backgrounds and disciplines, it’s difficult to know the terminology involved. If someone ‘drops a jargon bomb’ then you should call them out on it. If you don’t know what they mean, then the chances are others won’t know either. And if you’re the one doing the explaining, be aware that others may not share your context.

9. Come equipped

Your mileage may vary, but I’d suggest the following:

  • Bag
  • Laptop
  • Mobile phone and/or tablet
  • Pen
  • Notepad
  • Multi-gang extension lead
  • Charging cables
  • Headphones
  • Snacks (e.g. granola bars)
  • Refillable water bottle

I’d suggest a backpack as something over one shoulder might eventually cause pain. You might also want to put a cloth bag inside the bag you’re carrying in case you pick up extra stuff.

10. Build (and network!)

MozFest is a huge opportunity to meet and co-create stuff with exceptionally talented and enthusiastic people. So get involved! Bring your skills and lend a hand in whatever’s being built. If nothing else, you can take photos and help document the festival.

The strapline of MozFest is ‘arrive with an idea, leave with a community’. Unlike some conferences that have subtitles that, frankly, bear no relation to what actually happens, this one is dead on. You’ll want to keep in touch with people, so in addition to the stuff listed above you might want to bring business cards. Far from being a 20th century thing, I’ve found them much more useful than just writing on a scrap of paper or exchanging Twitter usernames.

This isn’t meant to be comprehensive, just my top tips. But I’d be very interested to hear your advice to newbies if you’re a MozFest veteran! Leave a comment below. :-)

Image CC BY-SA Alan Levine

Update: my colleague Kay Thaney has a great list of blighty sights that you should check out too!

Planet MozillaWhat do you want for you life? knowing oneself

There are many wiser than me that have offered knowing yourself as a valuable pursuit that brings great rewards.


Here are a few of my favourite quotes on why to do this:


This is how I invest in knowing myself - I hope it inspires you to create your own practice

  1. I spend time understanding my motivations, values in action or inaction, and my triggers. I leverage my coach to deconstruct situations that were particularly difficult or rewarding, where I’m overwhelmed by emotion and don’t feel I can think rationally - I check in to get crystal clear on what is going on, how am I feeling, what was the trigger(s) and how will I be at choice in action going forward.
  2. I challenge myself in areas I want to understand more about myself by reading, going to lectures, sharing honestly with leanred or experienced friends.
  3. I keep a daily journal - particularly around areas in my life I want to change or improve like being on time and creating sufficient time in my day for reflection. I’ve long run my calendar to ‘maximize time and service’ i.e. every available minute is in meetings, working on a project, etc. This is not only un-sustainable for me, it doesn’t leave me any room for the unexpected and more importantly an opportunity to reflect on what may have just happened or prepare for what or who I may be seeing next. This is not fair to me nor to the people I work with.

Planet MozillaHow are you taking care of yourself?

The leaders I coach drive themselves and their teams to great achievements, are engaged in what they do, love their work and have passion and compassion in how they work for their teams and customers. They face tough situations - impossible-seeming deadlines or goals, difficult conversations, constant re-balancing of work-life priorities, and crazy business scenarios we’ve never faced before.

Their days can be both energizing and completely draining. And each day they face those choices and predicaments at times with full grace and others with total foolishness.

Along the way I hear and offer the questions - how are you taking care of yourself? how will you rejuvenate? how will you maintain balance? so you I ask these questions of the leaders I work with so that they can keep driving their goals, over-achieving each day and showing up for the important people in your life :)


I focus on three ways to do this myself.

  • Knowing myself - spending time to understand and check in with my values, triggers, and motivations.

  • Doing a daily practice - i’ve created a daily and weekly practice that touches on my mind, body and spirit. this discipline and evolving practice keeps me learning, present and ‘in balance’

  • Being discerning about my influences - choose the people, experiences and beauty that influence my life and what’s important about that today, this week or month or year.

Planet MozillaDistribute everything

I've been thinking about how our online communication and interactions have cost our personal relationships and helped others profit.

Planet MozillaMozilla and WeTech Women's Maker Party, Delhi

Well, I love the name Larissa came up with for today's event. It is kind of a little long but defines the event best - "Mozilla and WeTech Woman’s Maker Party".

We had landed in Delhi on the 22nd of July 2014 and as Larissa defines it, Delhi was indeed a 'steam sauna'. We did spend most of that day going around and visiting a few famous places like the Red Fort, the India Gate, Parliament house etc. In the evening, we did meet the local Mozillians in Delhi. Well, it was an informal meeting of all Mozillians, talking all 'sh!t mozillians say' ;)

23rd morning began with all excitement. It was a small crowd, but a really awesome crowd in that conference room. Right from the introduction session, we could feel the high intellectual capabilities these young ladies were filled with. After a small game of spectrogram, we immediately moved to introduce Mozilla as an organization as well as all the Mozilla projects. To my surprise, most of the participants already knew about Open Source and had a fair idea about Mozilla. To my greater surprise, all of our participants had used Firefox at some point of time (even if it was not their default/regular browser). It was thus easy to introduce the different Mozilla projects and contribution pathways to them.

Serious hacking in progress...
The confidence these dynamic ladies did showcase was beyond appreciation.
One thing each person in the room agreed to was - "being a woman in technology is indeed tough". But these girls were ready to face the tough world and fight it out for themselves!

Post lunch, we got to some webmaking. So much hacking, so much was tough to believe that many of these people were "not from a technical background".
Some of the awesome makes can be found listed on this spreadsheet.

Well, it goes beyond saying that these superstarts definitely deserved some awards for their awesomeness and thus, we did give them some webmaker badges.

Very few events have given me the happiness of being able to convert almost all participants into Mozillians and this was one of those rare ones.

The awesome woman Webmakers of Delhi :)

Planet MozillaMaker Party Bhubaneshwar

Last weekend I had a blast in Bhubaneshwar. Over two days, I was there at two different colleges for two Maker parties.

Saturday (23rd August 2014), we were at the Center of IT & Management Education (CIME) where we were asked to address a crowd of 100 participants whom we were supposed to teach webmaking. Trust me, very rarely do we get such crowd in events where we get the opportunity to be less of a teacher and more of a learner. We taught them Webmaking, true, but in return we learnt a lot from them.

Maker Party at Center of IT & Management Education (CIME)

On Sunday, things were even more fabulous at Institute of Technical Education & Research(ITER), Siksha 'O' Anusandhan University college, where we were welcomed by around 400 participants, all filled with energy, enthusiasm and the willingness to learn.

Maker Party at Institute of Technical Education & Research(ITER)

Our agenda for both days were have loads and loads of fun! We kept the tracks interactive and very open ended. On both days, we did cover the following topics:
  • Introduction to Mozilla
  • Mozilla Products and projects
  • Ways of contributing to Mozilla
  • Intro to Webmaker tools
  • Hands-on session on Thimble, Popcorn and X-ray goggles and Appmaker
Both days, we concluded our sessions by giving away some small tokens of appreciation like e T-shirts, badges, stickers etc, to the people who had been extra awesome among the group. We concluded the awesomeness of the two days by cutting a very delicious cake and fighting over it till its last pieces.
Bading goodbye after two days was tough, but after witnessing the enthusiasm of everyone we met during these two events, I am very sure we are going to return soon to Bhubaneshwar for even more awesomeness.
A few people who are two be thanked for making these events sucessful and very memorable are:
  1. Sayak Sarkar, the co-organizer for this event.
  2. Sumantro, Umesh and Sukanta from travelling all the way from Kolkata and helping us out with the sessions.
  3. Rish and Prasanna for organizing these events.
  4. Most importantly, the entire team of volunteers from both colleges without whom we wouldn't havebeen able to even move a desk.
 p.s - Not to forget, we did manage to grab media's attention as well. The event was covered by a local newspaper.
The article in the newspaper next morning

Planet MozillaRemoving private metadata (geolocation, time, date) from photos the simple way:

When you take photos with your smartphone or camera it adds much more to the image than meets the eye. This EXIF data contains all kind of interesting information: type of device, flash on or off, time, date and most worrying – geographical location. Services like Flickr or Google Plus use this data to show your photos on a map, which is nice, but you may find yourself in situations where you share images without wanting to tell the recipient in detail where and when they were taken.

For example the photo of me here:

christian heilmann, not sure about the shirt

Doesn’t only tell you that I am not sure about this shirt, but also the following information:

  • GPSInfoIFDPointer: 462
  • Model: Nexus 5
  • ExifIFDPointer: 134
  • YCbCrPositioning: 1
  • YResolution: 72
  • ResolutionUnit: 2
  • XResolution: 72
  • Make: LGE
  • ApertureValue: 3.07
  • InteroperabilityIFDPointer: 432
  • DateTimeDigitized: 2014:10:19 16:06:20
  • ShutterSpeedValue: 5.321
  • ColorSpace: 1
  • DateTimeOriginal: 2014:10:19 16:06:20
  • FlashpixVersion: 0100
  • ExposureBias: 0
  • PixelYDimension: 960
  • ExifVersion: 0220
  • PixelXDimension: 1280
  • FocalLength: 1.23
  • Flash: Flash did not fire
  • ExposureTime: 0.025
  • ISOSpeedRatings: 102
  • ComponentsConfiguration: YCbCr
  • FNumber: 2.9
  • GPSImgDirection: 105
  • GPSImgDirectionRef: M
  • GPSLatitudeRef: N
  • GPSLatitude: 59,19,6.7941
  • GPSLongitudeRef: E
  • GPSLongitude: 18,3,35.5311
  • GPSAltitudeRef: 0
  • GPSAltitude: 0
  • GPSTimeStamp: 14,6,10
  • GPSProcessingMethod: ASCIIFUSED
  • GPSDateStamp: 2014:10:19

I explained that this might be an issue in the case of nude photos people put online in my TEDx talk on making social media social again and showed that there is a command line tools called EXIFtool that allows for stripping out this extra data. This article describes other tools that do the same. EXIFtool is the 800 pound gorilla of this task as it allows you to edit EXIF data.

As a lot of people asked me for a tool to do this, I wanted to make it easier for you without having to resort to an installable tool. Enter

Remove photo data in action

This is a simple web page that allows you to pick an image from your hard drive, see the data and save an image with all the data stripped by clicking a button. You can see it in action in this screencast

Under the hood, all I do is use Jacob Seidelin’s EXIF.js and copy the photo onto a CANVAS element to read out the raw pixel data without any of the extra information. The source code is on GitHub.

The tool does not store any image data and all the calculations and information gathering happens on your computer. Nothing gets into the cloud or onto my server.

So go and drag and drop your images there before uploading them. Be safe® out there.

Planet MozillaMonitoring Web page differences on a long term with screenshots

Hallvord has created a very nice system for testing regressions automatically. The results are displayed on Are We Compatible Yet?. I had explained in a blog post how to add or fix tests there.

I was reading yesterday another type of large scale testing for link rot on the UK Web. They share some of the challenges we meet in terms of guessing if the Web page has changed or not meaningfully. It's a very interesting read. They try at a point to determine if something is similar or dissimilar. Here what they say.

The easy case is when the content is exactly the same – we can just record that the resources are identical at the binary level. If not, we extract whatever text we can from the archived and live URLs, and compare them to see how much the text has changed. To do this, we compute a fingerprint from the text contained in each resource, and then compare those to determine how similar the resources are. This technique has been used for many years in computer forensics applications, such as helping to identify ‘bad’ software, and here we adapt the approach in order to find similar web pages.

Specifically, we generate ssdeep ‘fuzzy hash’ fingerprints, and compare them in order to determine the degree of overlap in the textual content of the items. If the algorithm is able to find any similarity at all, we record the result as ‘SIMILAR’. Otherwise, we record that the items are ‘DISSIMILAR’.

I remember in the past for a talk I had given about quality on how to use selenium to take screenshots at different stages of the development and check if the rendering was the same. One way to evaluate the differences is to create a comparison of the images by first taking a screenshot

from selenium import webdriver
browser = webdriver.Firefox()

And then, if you get multiple screenshots of the same page, to compare two images. Such as the reference image and the new screenshot:

def diff_ratio(screen_ref, screen_new):
    s = difflib.SequenceMatcher(None, s1, s2)
    return s.quick_ratio()

SequenceMatcher is a tool for comparing pairs of sequences of any type and quick_ratio return an upper bound on .ratio() relatively quickly, which is a measure of the sequences' similarity (float in [0,1]). Just to give an example of the type of results.

import difflib
a = 'Life is a long slow river.'
b = 'Life is among slow rivers.'
s = difflib.SequenceMatcher(None, a, b)
# returns 0.9230769230769231
s2 = difflib.SequenceMatcher(None, a, a)
# returns 1.0

So if the images are quite similar it will return a number close to 1.

And For Web Compatibility Issues?

Most of our use cases are Web sites not sending the right version of the Web site, such as desktop content instead of the mobile version. So I was wondering if we could have a very quick check which would involve less human checking during our surveys of sites for certain countries.

One possible challenge (among maybe many) is Website relying heavily on advertisements and sending different images. In this case, the site would be different even if sending the same version.

Another one is press Web sites, changing the content of the home page quite often.

Maybe it's worth testing. Maybe we would get an acceptable ratio.


I had forgotten but Hallvord did that already for quickly selecting the screenshots which were worth testing. He added:

I suppose we could explore stuff like hashing all the CSS code included in a page and compare hashes to find different styling. Although my next project is going to be using Compatipede 2, finding all the elements in a DOM that are styled with -webkit- properties or values, then generate XPath identifiers or JS to locate the same element and see if it has equivalent styles when the page loads in a different rendering engine.


Planet MozillaFirefox OS phones on sale in Australia

Firefox OS phones are now on sale in Australia! You can buy a ZTE Open C with Firefox OS 1.3 installed for $99 (AUD) at JB Hi-Fi. (For non-Australian readers: JB Hi-Fi is probably the biggest electronics and home entertainment retailer in Australia.)

Australia’s not the ideal market for the current versions of Firefox OS, being a  country where a large fraction of people already use high-end phones. But it’s nice that they’re easily available :)

Planet MozillaNew council members – Fall 2014

We are happy to announce that four new members of the Council have been elected.

Welcome San James, Ankit, Luis and Bob! They bring with them skills they have picked up as Reps mentors, and as community builders both inside Mozilla and in other fields. A HUGE thank you to the outgoing council members – Guillermo Movia, Sayak Sarkar, Nikos Roussos and Majda Nafissa. We are hoping you continue to use your talents and experience to continue in a leadership role in Reps and Mozilla.

The Mozilla Reps Council is the governing body of the Mozilla Reps Program. It provides the general vision of the program and oversees day-to-day operations globally. Currently, 7 volunteers and 2 paid staff sit on the council. Find out more on the ReMo wiki.


Congratulate new Council members on this Discourse topic!

Planet MozillaAndroid MediaCodec use in Firefox for Android

James 'snorp' Willcox has landed support for hardware decoding via the public MediaCodec Java class in Nightly for Android for devices running Android 4.1+ (Jellybean). This is replacing OMXCodec & the Stagefright library which was introduced as a replacement for OpenCore for media decoding. This relatively new public Java class is used for decoding H.264/AAC in MP4 for playback in the browser with the benefit of allowing for direct access to the media codecs on the device through a "raw" interface.

This should correct a number of playback issues which have been reported to us regarding problems on Android 4.1+ devices.


How to Help

  • Install Nightly (available on 10/21/2014's build)
  • Test video playback on your Android 4.1+ device (e.g, test page)
  • Talk to us on IRC about your experience or problems

Planet MozillaCurtis Report 2014-10-17

This week was a real grab bag of stuff starting and stopping and interruption that kept me all over the place.

I’m particularly happy to see the python learning group starting the week of 2014010-20 and I feel like the work for my local Mozillians and KitHerder is getting closer to done. I spent all day Fri working out install issues with KitHerder with the developer (thanks WiredCrow for all the help).

  • local Mozillians working
  • Announced Python learning group
  • Working on more details and bits for next weeks launch
  • SecChamps Report
  • vendor review
  • SeaSponge video feedback
  • EME research
  • EME PTR setup
  • KitHerder wrangling / install



  • Weekly meeting


  • SecAutomation
  • Cloud Security Team Meeting


  • MWoS team meeting
  • Web Bug Triage


  • Sec Open Mic
  • Community Building Team
  • 1:1

Planet MozillaThe Graphical Web (conference video)

I occasionally accept invitations to speak at conferences and events. Here’s the video from my recent talk at The Graphical Web in Winchester, England. I discuss how and why I now work on Web Platform Rendering, and how disruptive innovations are enabled by seemingly mundane key technologies that bridge gaps for developers and audiences.

Planet MozillaA VERY BELATED Mozilla Festival 2013 post

Note: I started writing this past year after the festival finished, and then I went heads down into an spiral of web audio hacking and conferencing and what not, so I didn’t finish it.

But with the festival starting this Friday, it’s NOW OR NEVER!

Ahead with the PUBLISH button!


(AKA #MozFest everywhere else)

MozFest finished a week almost a year ago already, but I’m still feeling its effects on my brain: tons of new ideas, and a pervasive feeling of not having enough time to develop them all. I guess it’s good (if I manage it properly).

I came to the Festival without knowing what it would be about. The Mozilla London office had been pretty much taken over by the Mozilla Foundation people from all over the world who were doing their last preparations in there. Meeting rooms were a scarce resource, and one of them was even renamed as “MF WAR ROOM”, until someone came next day and re-renamed it as “MW PEACE ROOM”. So, it was all “a madhouse”, in Potch’s words, but amicable, friendly chaos after all. Hard to gather what the festival would consist of, though. So I just waited until Friday…


Well, saying that I waited wouldn’t be true. I wasn’t sitting, arms crossed. I was furiously stealing sleep hours to finish a hack that Dethe Elza (from Mozilla Vancouver, and curator for the Make the web physical track) had asked me to bring and present at the Science Fair on Friday.

My hack, HUMACCHINA, briefly consisted on using my QuNeo to control an instrument running on the browser, with Web Audio. I will talk about more technicalities in a future post, but what interests me here is the experience of presenting my creation to people on a fair. It was quite enlightening to observe how people react to the unknown and how they interpret what is in front of them according to their existing knowledge. Granted, my experiment was a little bit cryptic, specially if you were not a musician already (which would give you some hints), and it was hard to even listen to the music because of the noise in the environment, but still most people seemed to have fun and spent a while playing with the pads, others were puzzled by it (“but… why did you do this?”) and finally others were able to take the QuNeo out of its current preset and into another (wrong) one by just pressing all the buttons randomly at the right times (!!!). I’m glad I noticed, and I’m even gladder than I had programmed a test pattern to ensure everything was properly setup, so I could reset it and ensure all was OK before the next person came to the booth.

The sad part of this is that… I couldn’t get to see any other of the booths, so I missed a great lot. You can’t have it all, I guess.

At some point I was super tired, first because it was the end of a long day (and week!) and second because explaining the same thing over and over again to different people is not something I do every day, so I was exhausted. I decided to call it a day and we went for dinner to a nearby place… where we happened to find a sizeable amount of Mozillians having dinner there too. So we all gathered together for a final drink and then quickly rushed before the last tube left.


I couldn’t be on time for the opening, but as soon as I arrived to Ravensbourne College I dashed through to the “Pass the App” session that Bobby Richter was running and had asked me to join. I, again, had not much of a clue of how it would develop. He paired me with a startup who’s trying to crowdsource custom built prosthetic parts for children in need, and we set up to prototype ideas for an app that could help them get to their goal. I think I should have drank a couple litres of coffee before joining this session, but although I wasn’t in my best shape, I think we did good enough. We came up with a mockup for an app that would use a futuristic hypothetical AppMaker to start with some sort of template app that parents could customise to describe their children’s needs, and then generate an app that they could then upload to a Marketplace and use that Marketplace payment features to fund the goal. It was fun to draw the mockup at giant scale and just discuss ideas without going technical for a change!

Some people stayed to try to build a demo for Sunday, but I was honest with myself and declined building any hack during the event. I know that after a few hours of hacking while many other activities were happening, I would be hating myself, at the end of the week-end I would hate everyone else, and on Monday I would hate the whole universe. Or worse.

I ended up chatting with Kumar, who’s actually worked on the payments system in the Firefox Marketplace, and then Piotr (of JSFiddle fame) showed up. He had brought his daughter–she had been translating WebMaker into Polish first, and now she was happily designing a voxel based pig using Voxel painter under the careful supervision of Max Ogden. Behind us, a whole group of tables were covered with the most varied stuff: plasticine, a water-colour machine, lots of Arduinos, sensors and wires, Makey makey pseudo joysticks, and whatnot.

It was also time for lunch, so we grabbed some sandwiches carefully arranged in a nearby table. They also were yummy! But I was totally yearning for a coffee, and a social break, so I popped out of the building and into the O2 for some sugary coffee based ice cream. Back into the College, I got a tweet suggesting me I visit the Makers Academy booth, which I did. It was interesting to know about their existence, because I get many questions about where to learn programming in a practical way, and I never know what to answer. Now I think I’d recommend Makers Academy as their approach seems quite sensible!

Then I decided that since I was on the ground floor, I could just as well try to visit all booths starting from that floor and work my way upwards. So I went to the Mozilla Japan booth, where I had quite a lot of fun playing with their Parapara animation tool. Basically you draw some frame-based animation in a tablet, which gets saved into an SVG image. This is then played in several devices, moving along a certain path, and it seemed as if the character I drawn was travelling around the world. Here it went crossing Tower Bridge, then on the next device he would be crossing Westminster Bridge… all the way until it reached Mount Fuji. (Here’s a better explanation of how Parapara works, with pictures)

I was also really honoured to spend some time speaking with Satoko Takita, better known as “Chibi”. She worked for Netscape before, of all places! She’s a survivor! But today, she humbly insisted, “she’s mostly retired”. She was also super kind and helped me de-Mac-ify my laptop with a couple of vinyl stickers in vivid orange. Now when the lid is open, an orange dinosaur glows inside the apple. Gecko inside!

After saying “arigato” many times (the only word I can say in Japanese… but probably a very useful one), I tried to continue my building tour. I tried to enter the first huge room which resembled a coffee place but it was so thriving with activity that it was impossible to get past the first meters. Also, I found Kate Hudson too, which I hadn’t had time to speak to during the Science Fair. She had to buy a SIM card, so we ventured out to the O2 shop. Something funny happened there. She was wearing a “Firefox” hoodie, and the guy in the shop asked her if she worked for Firefox. I was looking at the whole scene, partly amused because of my anonymous condition (I wasn’t wearing any branded apparel), and partly intrigued as to how the thing would end.

She started explaining that she actually worked for Mozilla… but then the guy interrupted her, and said that Internet Explorer was the best browser. He was a real-life troll! But Kate wouldn’t shut up–oh no! Actually it was good that she was the one wearing the hoodie, because she was taller and way more imposing than the troll (and than me! ha!). So she entered Evangelist Mode™ and calmly explained the facts while the other guy lost steam and… he finally left.

After the incident, we went back to the college, and up to the Plenary area, where the keynotes would be held. But it was still early, so I used that time to make a few commits (I have a goal of making at least one small fix every day), since I hadn’t made anything productive yet.

The keynote speakers were sort of walking/rocking back and fro behind the stage, rehearsing their lines, which was a curious insight since that is not something you get to see normally. It was also quite humanising–made them approachable. In the meantime, we logged into and said “hi” to my team mate and former MozToronto office resident, Jen Fong (she’s now in Portland!).

Finally the keynotes started, live broadcasted by Air Mozilla. Mitchell Baker’s keynote was quite similar to her summit’s keynote. Camille’s speech had a few memorable quotes, including the “some people have never done homework without the web”, and “people often say that democracies are like plumbing, because you only care about plumbing when there are really bad smells… We are the plumbers of the Information Society”.

After her, Dethe himself got up on stage to show Lightbeam, a project that displays in a graphical way the huge amount of information that is “leaked” when you visit any given website. There was a most unsettling moment, when somebody sitting behind me said “Oh wow I never realised this was happening while I browsed!”. That was a moment of tension, and of revelation–people really need to understand how the web works; hopefully Lightbeam and similar tools will help them.

The co-founder from Technologywillsaveus gave us a tour about their products, and what they had learnt while building and marketing them, and although it seemed interesting, my brain was just refusing to accept any more information :-(

After that–MozParty! We went to a pub in (guess where…) the O2, where the party would happen. Somebody was livecoding visuals and music with livecodelab, but I couldn’t see who or where he was. At some point we went for dinner, and although the initial intention was to go back, we ended up retreating home as the first day had been quite exhausting!


I think my brain was still fried when I woke up. Also, I was super hungry, almost to the point of being “hangry” (an invented word I had learnt about on Saturday), so –unsurprisingly– my feet brought me to the usual breakfast place. After a flat white and an unfinished “French Savoury Toast” (because it was massive) I was so high on sugar that I could say I was even levitating some centimeters over the floor. I took the tube in Victoria–gross error. The platform was crowded with people dressed as comic characters and tourists dressed as English souvenirs (basically: Union Jack-themed apparel), and I mildly cursed myself for taking the tube in Victoria instead of walking to any of the other nearby stations. Only mildly, because I was under the effects of a sugar kick, and couldn’t really get angry. At least, not for a few more hours.

When I arrived, the opening keynote was finishing. Way to start the day! I had decided to “go analogic” and left my computer home, so I wanted to attend sessions where computers were not required.

I finally attended the “Games on the urban space” session by Sebastian Quack, which was quite funny (and definitely didn’t require us using computers!). This got me thinking about the urban environment and the activities that can take place in it–can everything be converted into a game? when’s the best moment to play a game, or to involve passing pedestrians in your “gamified” activity? and do you tell them, or do you involve them without letting them know they are part of a game?

I had lunch with a few participants of that session –it was funny that Myrian Schwitzner from Apps4Good was there too. We had met already at a ladieswhocode meetup in February, but I couldn’t quite pinpoint it. We were like: “your face… looks familiar!” And this was something that happened frequently during the week-end: there was plenty of acquaintances to say hi to! It certainly slowed down the movement from one place to another, because you couldn’t be rude and ignore people.

Downstairs on the first floor, some people from the Webmaker team were hacking on something-something-audio for Appmaker. Meanwhile, Kumar was learning how to program his QuNeo. Turns out the star (*) “trick” I found out of pure chance can be extended to more uses, so we tried finding the limits of the trick, sending different combinations to the device and seeing what would happen. I also explained how the LED control for the sliders worked (you control the brightness of each LED in the slider separately).

After we ran out of ideas to send to the QuNeo, I browsed nearby tables. There was a woman with a bunch of planets modelled with plasticine (quite convincingly, I must say). She invited me to build something but I was fearing I would miss another session I was interested in–the “debate” with some journalists that had unveiled the NSA scandal. Still, I asked if I could smell the plasticine. If you ever used plasticine in the 80s/90s know what it smelled like, right? Well, it doesn’t smell like that anymore. I wouldn’t get hooked to it nowadays…

A quick escape for some coffee and back from the stormy, inclement weather outside, I was all set for the session. It ended up feeling a bit too long, and at times quite hard to follow because they weren’t using any microphone and relied entirely on their lungs to get the message across. I’m glad we all were super quiet, but the noise around the area and the speaker announcements coming from the Plenary were quite disruptive. Staying so focused for so long left me quite tired and I’m afraid to confess–I don’t remember anything about the closing keynote. I know it happened, but that’s it.

After it, the “Demo Fest” was set up, and similarly to the Science Fest people set up booths and tables to show what they had been working on during the week-end. For once, I didn’t have anything to show… which meant I could wander around looking at other people’s work!

I stayed for a little more, then we asked some people whether they’d like to join us in a quest to find a French steak restaurant in Marylebone, but they wouldn’t, so we went there anyway. It was pouring with rain and that was the day in which I decided to wear canvas shoes. My feet stayed wet until 1 AM. Awful.

We then went back to the official Moz-Hotel, where the Mozilla people were staying. There was no sign of after party first, then some people showed up with bags from the offlicense (too telling), and the hotel people weren’t happy about that, so they asked them to consume whatever was in the bags in their rooms. I decided to discreetly head back home before St. Jude’s storm got stronger. It was certainly an “atmospheric walk”, with rain and wind blasting either way, which made quite difficult to hold the umbrella still. I ended up running as much as I could, to shorten the misery. My recent running exercises proved its worth!

A few minutes after arriving home, Rehan told me that everyone had gone downstairs again and they were partying. But I had already changed into dry clothes and wasn’t venturing out into the wild again, so that was it for me.

In short: quite a good event. It was refreshing to do something not purely technical for a change, although I have this cunning feeling that I missed many sessions because there were so many of them. It was also good that kids were not only allowed but indeed encouraged into the festival, as they got to be involved in “grown up” activities such as translating, or for example designing things. I like how they question things and assumptions we take for granted—makes for refreshing points of view!


And written in October 2014: MozFest 2014 is coming! Here are some details of what I’ll be doing there. See you!

flattr this!

Planet Mozilladjango-html-validator

In action
A couple of weeks ago we had accidentally broken our production server (for a particular report) because of broken HTML. It was an unclosed tag which rendered everything after that tag to just plain white. Our comprehensive test suite failed to notice it because it didn't look at details like that. And when it was tested manually we simply missed the conditional situation when it was caused. Neither good excuses. So it got me thinking how can we incorporate HTML (html5 in particular) validation into our test suite.

So I wrote a little gist and used it a bit on a couple of projects and was quite pleased with the results. But I thought this might be something worthwhile to keep around for future projects or for other people who can't just copy-n-paste a gist.

With that in mind I put together a little package with a README and a and now you can use it too.

There are however some caveats. Especially if you intend to run it as part of your test suite.

Caveat number 1

You can't flood Well, you can I guess. It would be really evil of you and kittens will die. If you have a test suite that does things like response = self.client.get(reverse('myapp:myview')) and there are many tests you might be causing an obscene amount of HTTP traffic to them. Which brings us on to...

Caveat number 2

The site is written in Java and it's open source. You can basically download their validator and point django-html-validator to it locally. Basically the way it works is java -jar vnu.jar myfile.html. However, it's slow. Like really slow. It takes about 2 seconds to run just one modest HTML file. So, you need to be patient.

Planet MozillaBack to idiotism and a few other changes…

This blog has been quiet for a while now. I do hope to start writing soon (although I think I’ll do most of my next writing in Catalan – and the focus will not be only in technology).
A few people asked me what I’m doing now, since I’m not so active in projects I used to contribute (e.g. Mozilla) or doing things I used to do locally (e.g. participating in tech. events and open source groups).

Well, part of the answer is that during the last year I tried to find some time for myself. I started to feel kind of overwhelmed by the amount and quality of the information around me (yes, yes, I mean that kind of BuzzMachine that most of Open Source/Tech. “community” seems to be nowadays).

And what is it better than becoming an idiot? Experimenting that state of being useless to the world, of being less intelligent than most of the “smart citizens”, and start questioning again why and how things happen.

Professor Han, a contemporary essayist and cultural theorist from Germany, puts it very well:

It’s a function of philosophy to represent the role of the idiot. From the beginning, the philosophy goes along with the idiotism. Any philosopher that generates a new language, a new style, a new thinking, needs to be an idiot before.

The history of philosophy is a history of idiotisms.
Socrates, who only knows that he doesn’t know anything, is an idiot. An idiot is also Descartes, because he doubts of everything. Cogito ergo sum is an idiotism.
An internal contraction of thinking makes possible a new beginning. Descartes thinks about the thinking. The thinking recovers its virginal state when it connects with itself. Deluze opposes to the Cartesian idiot an another idiot [...]

Today, it looks like the somewhat marginalised, the crazy and the idiot basically disappeared from society. The whole network connectedness and the digital communications increase considerably the coercion over conformity. The violence of consensus repress the idiotisms.

(from the book “Psychopolitik: Neoliberalismus und die neuen Machttechniken”)

Yes, part of my time right now is devoted to studying philosophy at the University (offline and back to the system!). And I really like it very much. Only because you are there with a group of people who disagrees with you, who appreciates your critique, your skepticism and negativity… makes me feel much more being part of a community.

However, I’m not out of the technology world, as the other part of my time is devoted to work, which means applications development, deployments and even trainings.
But indeed, I’m feeling that I have to step back from the BuzzMachine that OpenSource/OpenWeb/OpenWathever has became. I’ve also developed more of a critical view on what is “connectedness or a connected society”, including the “sharing economy” – a deviation of open source concept (which on its turn is a mutation of Free Software social movement).

Planet MozillaThis week… and beyond

  • Monday: shyly open my inbox after a week of holidays, and probably duck to avoid the rolling ball of stale mail coming my way.
  • Wednesday: maybe meet Karolina who’s in London for a conference!
  • Thursday: my talk is closing a conference O_O — when the organiser mentioned “closing” the day I thought he meant closing the first day, not the second. NO PRESSURE. Although the conf is held at Shoreditch Village Hall, which is a venue where I feel like at home, so I’ll probably be OK. There’s a meatspace meatup afterwards, and I’m glad it’s around Shoreditch too or I’ll be dropping on that.
  • Friday: MozFest facilitators meeting, and also the Science Fair during the evening (if it is still called Science Fair)
  • Saturday and Sunday: MozFest, MozFest, MozFest! Paul Rouget asked me to show WebIDE there, and then Bobby (aka SecretRobotron and your best friend) came up with this idea of a MEGABOOTH where people can go and learn something about app-making in sessions of 5-20 minutes. Of course I can’t be all week-end there or I’ll basically die of social extenuation, so I asked some friends and together we’ll be helping spread the word about Firefox OS development in its various facets: Gaia/Gonk/the operating system itself, Gaia apps, DevTools and WebIDE. Come to the MEGABOOTH and hang with Nicola, Wilson, Francisco, Potch and me! (linking to myself and wondering if the Internet will break with so much recursion, teehee)

That’ll be for this week. Beyond, there’s a few more conferences—some I can announce and some I can’t:

  • dotJS — Paris, France 17th November, which is pretty exciting to be in because the venue and the looks of everything are so sophisticated…!
  • OSOM — Cluj-Napoca, Romania 22th November, which I’m moderately nervous about because I’m keynoting (!!!), but I’m also excited because it’s in TRANSYLVANIA!!! :-[

We’ll also be hosting a Firefox OS Bug Squash Party at the Mozilla London office the week-end after Halloween. Expect weirdnesses. There are only 5 spots left!

Add to this the new thing I’m working on (details to be revealed as soon as there’s something to show) and it makes for a very busy Autumn!

I’m glad I took those holidays past week. I went to Tenerife, which makes it the furthest South I’ve ever been, and then the highest even in Spain since I climbed to el Teide! Also, my hotel was an hour away from the airport so I rented a car and drove myself around the island. After many years of not driving, that was mega-awesome, and a tad terrifying as well (I’ll detail in a future post).

This is going down the hill, with the cable car:

The whole scenery in the National Park is super incredible–it definitely looks like out of this world. Since the rocks are of volcanic origin they have very interesting textures, and are super lightweight, so it was funny to go picking random stones up and realising how little they weighted.

Also the vegetation and fauna were unlike most of what I’d seen before. In particular, the lizards were ENORMOUS. I would be walking and hearing huge noises on the dry leaves, turn around expecting to find a dog or a cat, only to find a huge lizard looking at me. What do they feed them? Maybe it’s better not to know… I’ll leave you with this not-so-little fella:

flattr this!

Planet MozillaReps Weekly Call – October 16th 2014

Last Thursday we had our regular weekly call about the Reps program, this time we moved one hour later to avoid some conflicts and allow Reps on the West Coast to join us in the very morning.



  • Council elections this weekend.
  • Tech 4 Africa.
  • AdaCamp – Post event.
  • Mozfest – updates.
  • Firefox OS Bus.
  • Get Involved Re-design.

Detailed notes

AirMozilla video

Don’t forget to comment about this call on Discourse and we hope to see you next week!

Planet MozillaWhy Microsoft matters more than we think

I’m guilty of it myself, and I see it a lot: making fun of Microsoft in a presentation. Sure, it is easy to do, gets a laugh every time but it is also a cheap shot and – maybe – more destructive to our goals than we think.

is it HTML5? if it doesn't work in IE, it is joke

Let’s recap a bit. Traditionally Microsoft has not played nice. It destroyed other companies, it kept things closed that open source could have benefited from and it tried to force a monoculture onto something that was born open and free: the web.

As standard conscious web developers, IE with its much slower adaption rate of newer versions was always the bane of our existence. It just is not a simple thing to upgrade a browser when it is an integral part of the operating system. This is exacerbated by the fact that newer versions of Windows just weren’t exciting or meant that a company would have to spend a lot of money buying new software and hardware and re-educate a lot of people. A massive investment for a company that wasn’t worth it just to stop the web design department from whining.

Let’s replace IE then!

Replacing IE also turned out to be less easy than we thought as the “this browser is better” just didn’t work when the internal tools you use are broken in them. Chrome Frame was an incredible feat of engineering and – despite being possible to roll out on server level even – had the adoption rate of Halal Kebabs at a Vegan festival.

Marketing is marketing. Don’t try to understand it

It seems also fair to poke fun at Microsoft when you see that some of their marketing at times is painful. Bashing your competition is to me never a clever idea and neither is building shops that look almost exactly the same as your main competitor next to theirs. You either appear desperate or grumpy.

Other things they do

The thing though is that if you look closely and you admit to yourself that what we call our community is a tiny part of the overall market, then Microsoft has a massive part to play to do good in our world. And they are not cocky any longer, they are repentant. Not all departments, not all people, and it will be easy to find examples, but as a whole I get a good vibe from them, without being all marketing driven.

Take a look at the great tools provided at to allow you to test across browsers. Take a look at which – finally – gives you a clear insight as to what new technology IE is supporting or the team is working on. Notice especially that this is not only for Explorer – if you expand the sections you get an up-to-date cross-browser support chart linked to the bugs in their trackers.

status of different web technologies provided by Microsoft

This is a lot of effort, and together with makes it easier for people to make decisions whether looking into a technology is already worth-while or not.

Reaching inside corporations

And this to me is the main point why Microsoft matters. They are the only ones that really reach the “dark matter” developers they created in the past. The ones that don’t read hacker news every morning and jump on every new experimental technology. The ones that are afraid of using newer features of the web as it might break their products. The ones that have a job to do and don’t see the web as a passion and a place to discuss, discard, hype and promote and troll about new technologies. And also the ones who build the products millions of people use every day to do their non-technology related jobs. The booking systems, the CRM systems, the fiscal data tools, all the “boring” things that really run our lives.

We can moan and complain about all our great new innovations taking too long to be adopted. Or we could be open to feeding the people who talk to those who are afraid to try new things with the information they need.

Let’s send some love and data

I see Microsoft not as the evil empire any longer. I see them as a clearing house to graduate experimental cool web technology into something that is used in the whole market. Chances are that people who use Microsoft technologies are also audited and have to adhere to standard procedures. There is no space for wild technology goose chases there. Of course, you could see this as fundamentally broken – and I do to a degree as well – but you can’t deny that these practices exist. And that they are not going to go away any time soon.

With this in mind, I’d rather have Microsoft as a partner in crime with an open sympathetic ear than someone who doesn’t bother playing with experimental open technology of competitors because these don’t show any respect to begin with.

If we want IT to innovate and embrace new technologies and make them industrial strength we need an ally on the inside. That can be Microsoft.

Planet MozillaGoogle-free android usage

When I switched from using a BlackBerry to an Android phone a few years ago it really irked me that the only way to keep my contacts info on the phone was to also let Google sync them into their cloud. This may not be true universally (I think some samsung phones will let you store contacts to the SD card) but it was true for phone I was using then and is true on the Nexus 4 I'm using now. It took a lot of painful digging through Android source and googling, but I successfully ended up writing a bunch of code to get around this.

I've been meaning to put up the code and post this for a while, but kept procrastinating because the code wasn't generic/pretty enough to publish. It still isn't but it's better to post it anyway in case somebody finds it useful, so that's what I'm doing.

In a nutshell, what I wrote is an Android app that includes (a) an account authenticator, (b) a contacts sync adapter and (c) a calendar sync adapter. On a stock Android phone this will allow you to create an "account" on the device and add contacts/calendar entries to it.

Note that I wrote this to interface with the way I already have my data stored, so the account creation process actually tries to validate the entered credentials against a webhost, and the the contacts sync adapter is actually a working one-way sync adapter that will download contact info from a remote server in vcard format and update the local database. The calendar sync adapter, though, is just a dummy. You're encouraged to rip out the parts that you don't want and use the rest as you see fit. It's mostly meant to be a working example of how this can be accomplished.

The net effect is that you can store contacts and calendar entries on the device so they don't get synced to Google, but you can still use the built-in contacts and calendar apps to manipulate them. This benefits from much better integration with the rest of the OS than if you were to use a third-party contacts or calendar app.

Source code is on Github: staktrace/pimple-android.

Planet MozillaLight Level Meter | Firefox OS App

Light Level Meter [1], is a Firefox OS app developed by myself to demonstrate the use of Mozilla WebAPI [2]. The app measures the ambient light level in lux [3] and present in realtime. It records the max and min values and plots the variation of the light level over time.

I've made use of DeviceLightEvent [4] to get the current ambient light level from the light level detector in the device (I have tested it with Keon [5]). The real time chart is implemented using Smoothie Charts [6] which is a simple, easy to use javascript charting library for streaming data.

Measurement of ambient light level has many uses. One is that it could be used to adjust the light level of electronic visual displays that are there in many of the devices we use today such as mobile phones and tablets. By such adjustments based on the ambient light level, we could save energy while delivering a comfortable reading experience to the user.

Another use of measuring ambient light level is in electrical lighting design. For example, the light level recommended for reading is different from that is recommended for hand tailoring. Recommended light levels in building designing in Sri Lanka can be found in page 38 of "Code of Practice for Energy Efficient Buildings in Sri Lanka" [7].

Source code of Light Level Meter [8].


Planet MozillaJetpack Pro Tip - Using JPM on Travis CI

First, enable Travis on your repo.

Then, Add the following .travis.yml file to the repo:

This will download Firefox nightly, install jpm, and run jpm test -v on your JPM based Firefox add-on.



Third Party NPM Modules

Planet MozillaPrivate Browsing Coming Soon to Firefox OS

This week, the team landed code changes for Bug 832700 – Add private browsing to Firefox OS. This was the back end implementation in Gecko and we still have to determine how this will surface in the front end. That work is tracked at Bug 1081731 - Add private browsing to Firefox OS in Gaia.

We also got a couple of nice fixes to one of my favorite new features, the still experimental “app grouping” feature for the Firefox OS home screen. The fixes for Bug 1082627 and Bug 1082629 ensure that the groups align properly and have the right sizes. You can enable this experimental feature in settings -> developer -> homescreen -> app grouping.

There’s lots going on every day in Firefox OS development. I’ll be keeping y’all up to date here and on Twitter.



Planet MozillaI’m leaving Mozilla, looking for a new challenge

Copyright: Eva Blue

Copyright: Eva Blue

January 1st (or before if needed) will be my last day as a Senior Technical Evangelist at Mozilla. I truly believe in the Mozilla’s mission, and I’ll continue to share my passion for the open web, but this time, as a volunteer. From now on, I’ll be on the search for a new challenge.

I want to thank my rock star team for everything: Havi Hoffman, Jason Weathersby, Robert Nyman, and Christian Heilmann. I also want to thank Mark Coggins for his strong leadership as my manager. It was a real pleasure to work with you all! Last, but not least, thanks to all Mozillians, and continue the good work: let’s keep in touch!

What’s next

I’m now reflecting on what will be next for me, and open to discussing all opportunities. Having ten years as a software developer, and four years as a technical evangelist in my backpack, here are some ideas (I’m not limited to those), in no particular order, I have in mind:

  • Principal Technical Evangelist about a product/service/technology I believe in;
  • General manager of a startup accelerator program;
  • CTO of a startup.

I have no issue to travel extensively: I was on the road one-third of last year – speaking in more than twelves countries. I may not have an issue to move depending on the offer, and country. I like to share my passion on stage – more than 100 talks in the last three years. Also, my book on personal branding for developers will be published at Apress before the end of the year.

I like technology, but I’m not a developer anymore, and not looking to go back in a developer role. I may also be open to a non-technical role, but it need to target other of my passions like startups. For the last five years, I’ve been working at home, with no schedule, just end goals to reach. I can’t deal with micro-management, so I need some freedom to be effective. No matter what will be next, it need to be an interesting challenge as I have a serial entrepreneur profile: I like to take ideas, and make them a reality.

You can find more about my experience on my LinkedIn profile. If you want to grab a coffee or discuss any opportunities, send me an email.

P.S.: I see no values in highlighting the reasons of my departure, but I’m sad to leave, and keep in mind I’m not the only one in my team who resigned. If you have concerns, please send me an email.

I’m leaving Mozilla, looking for a new challenge is a post on Out of Comfort Zone from Frédéric Harper

Planet MozillaMozillians of the world, unite!

When i got involved with Mozilla in 1999, it was clear that something big was going on. The site had a distinctly “Workers of the world, unite!” feel to it. It caught my attention and made me interested to find out more.


The language on the site had the same revolutionary feel as the design. One of the pages talked about Why Mozilla Matters and it was an impassioned rallying cry for people to get involved with the audacious thing Mozilla was trying to do.

“The project is terribly important for the state of open-source software. [...] And it’s going to be an uphill battle. [...] A successful project could be the lever that moves a dozen previously immobile stones. [...] Maximize the opportunity here or you’ll be kicking yourself for years to come.”

With some minor tweaks, these words are still true today. One change: we call the project just Mozilla now instead of Our mission today is also broader than creating software, we also educate people about the web, advocate to keep the Internet open and more.

Another change is that our competition has adopted many of the tactics of working in the open that we pioneered. Google, Apple and Microsoft all have their own open source communities today. So how can we compete with companies that are bigger than us and are borrowing our playbook?

We do something radical and audicious. We build a new playbook. We become pioneers for 21st century participation. We tap into the passion, skills and expertise of people around the world better than anyone else. We build the community that will give Mozilla the long-term impact that Mitchell spoke about at the Summit.


Mozilla just launched the Open Standard site and one of the first articles posted is “Struggle For An Open Internet Grows“. This shows how the challenges of today are not the same challenges we faced 16 years ago, so we need to do new things in new ways to advance our mission.

If the open Internet is blocked or shut down in places, let’s build communities on the ground that turn it back on. If laws threaten the web, let’s make that a public conversation. If we need to innovate to be relevant in the coming Internet of Things, let’s do that.

Building the community that can do this is work we need to start on. What doesn’t serve our community any more? What do we need to do that we aren’t? What works that needs to get scaled up? Mozillians of the world, unite and help answer these questions.

Planet Mozillacurl is no POODLE

Once again the internet flooded over with reports and alerts about a vulnerability using a funny name: POODLE. If you have even the slightest interest in this sort of stuff you’ve already grown tired and bored about everything that’s been written about this so why on earth do I have to pile on and add to the pain?

This is my way of explaining how POODLE affects or doesn’t affect curl, libcurl and the huge amount of existing applications using libcurl.

Is my application using HTTPS with libcurl or curl vulnerable to POODLE?

No. POODLE really is a browser-attack.


The POODLE attack is a combination of several separate pieces that when combined allow attackers to exploit it. The individual pieces are not enough stand-alone.

SSLv3 is getting a lot of heat now since POODLE must be able to downgrade a connection to SSLv3 from TLS to work. Downgrade in a fairly crude way – in libcurl, only libcurl built to use NSS as its TLS backend supports this way of downgrading the protocol level.

Then, if an attacker manages to downgrade to SSLv3 (both the client and server must thus allow this) and get to use the sensitive block cipher of that protocol, it must maintain a connection to the server and then retry many similar requests to the server in order to try to work out details of the request – to figure out secrets it shouldn’t be able to. This would typically be made using javascript in a browser and really only HTTPS allows this so no other SSL-using protocol can be exploited like this.

For the typical curl user or a libcurl user, there’s A) no javascript and B) the application already knows the request it is doing and normally doesn’t inject random stuff from 3rd party sources that could be allowed to steal secrets. There’s really no room for any outsider here to steal secrets or cookies or whatever.

How will curl change

There’s no immediate need to do anything as curl and libcurl are not vulnerable to POODLE.

Still, SSLv3 is long overdue and is not really a modern protocol (TLS 1.0, the successor, had its RFC published 1999) so in order to really avoid the risk that it will be possible exploit this protocol one way or another now or later using curl/libcurl, we will disable SSLv3 by default in the next curl release. For all TLS backends.

Why? Just to be extra super cautious and because this attack helped us remember that SSLv3 is old and should be let down to die.

If possible, explicitly requesting SSLv3 should still be possible so that users can still work with their legacy systems in dire need of upgrade but placed in corners of the world that every sensible human has since long forgotten or just ignored.

In-depth explanations of POODLE

I especially like the ones provided by PolarSSL and GnuTLS, possibly due to their clear “distance” from browsers.

Planet Mozillacurl and POODLE

Once again the internet flooded over with reports and alerts about a vulnerability using a funny name.

Planet MozillaSans Flash

I upgraded to a new MacBook about a week ago, and thought I’d use the opportunity to try living without Flash for a while. I had previously done this two years ago (for my last laptop upgrade), and I lasted about a week before breaking down and installing it. In part because I ran into too many sites that needed Flash, but the main reason was that the adoption and experience of HTML5 video wasn’t great. In particular, the HTML5 mode on YouTube was awful — videos often stalled or froze. (I suspect that was an issue on YouTube’s end, but the exact cause didn’t really matter.) So now that the Web has had a few additional years to shift away from Flash, I wanted to see if the experience was any better.

The short answer is that I’m pleased (with a few caveats). The most common Flash usage for me had been the major video sites (YouTube and Vimeo), and they now have HTML5 video support that’s good. YouTube previously had issues where they still required the use of Flash for some popular videos (for ads?), but either they stopped or AdBlock avoids the problem.

I was previously using Flash in click-to-play mode, which I found tedious. On the whole, the experience is better now — instead of clicking a permission prompt, I find myself just happy to not be bothered at all. Most of the random Flash-only videos I encountered (generally news sites) were not worth the time anyway, and on the rare occasion I do want to see one it’s easy to find an equivalent on YouTube. I’m also pleased to have run across very few Flash-only sites this time around. I suspect we can thank the rise of mobile (thanks iPad!) for helping push that shift.

There are a few problem sites, though, which so far I’m just living with.

Ironically, the first site I needed Flash for was our own Air Mozilla. We originally tried HTML5, but streaming at scale is (was?) a hard problem, so we needed a solution that worked. Which meant Flash. It’s unfortunate, but that’s Mozilla pragmatism. In the meantime, I just cheat and use Chrome (!) which comes with a private copy of Flash. Facebook (and specifically the videos people post/share) were the next big thing I noticed, but… I can honestly live without that too. Sorry if I didn’t watch your recent funny video.

I will readily admit that my Web usage is probably atypical. I’ve rarely play online Flash games, which are probably close to video usage. And I’m willing to put up with at least a little bit of pain to avoid Flash, which isn’t something fair to expect of most users.

But so far, so good!

[Coincidental aside: Last month I removed the Plugin Finder Service from Firefox. So now Firefox won't even offer to install a plugin (like Flash) that you don't have installed.]

Planet MozillaFirefox OS 2.0 Pre-release for Flame

About 4,000 of y’all have a Flame Firefox OS reference phone. This is the developer phone for Firefox OS. If you’re writing apps or contributing directly to the open source Firefox OS project, Flame is the device you should have.

The Flame shipped with Firefox OS 1.3 and we’re getting close to the first major update for the device, Firefox OS 2.0. This will be a significant update with lots of new features and APIs for app developers and for Firefox OS developers. I don’t have a date to share with y’all yet, but it should be days and not weeks.

If you’re like me, you cannot wait to see the new stuff. With the Flame reference phone, you don’t have to wait. You can head over to MDN today and get a 2.0 pre-release base image, give that a whirl, and report any problems to Bugzilla. You can even flash the latest 2.1 and 2.2 nightly builds to see even further into the future.

If you don’t have a Flame yet, and you’re planning on contributing testing or coding to Firefox OS or to write apps for Firefox OS, I encourage you to get one soon. We’re going to be wrapping up sales in about 6 weeks.


Updated: .  Michael(tm) Smith <>