Planet MozillaThis Week In Servo 26

This week, we merged 50 pull requests

Notable additions

New contributors



Planet MozillaQuality Team (QA) Public Meeting

Quality Team (QA) Public Meeting This is the meeting where all the Mozilla quality teams meet, swap ideas, exchange notes on what is upcoming, and strategize around community building and...

Planet MozillaAn update on the Teach site + some thoughts on iterative development

It’s been a minute! We’ve just started a new heartbeat, and now we have a giant team working on the Teach site. Our stand-up today looked like The Brady Bunch.

We’re now entering a stage where we have three strands of work running in parallel:

  1. Engineers are setting up the technical framework for the new site, and are beginning to build out the pages that have been designed
  2. Designers are polishing up the work they’ve done so far (accommodating some last minute requests from me!), and starting on a few new pages and workflows
  3. Members of the Learning Networks team are finalizing copy and content for the various pages

If every strand can keep moving, we’ll be in good shape for the release at the end of the next heartbeat. Ideally, we’ll get into a rhythm where copy is finalized in the heartbeat *before* the design work, which is done in the heartbeat *before* development, but right now things are overlapping a bit.

Iterative Dev {It’s been so long since I’ve done an anagram! Here we go: Tea Revived It}

I’ve been thinking about how to build out this site in a way that reflects the evolving nature of the Learning Networks team work, and specifically the Clubs program. The answer is (always) to be agile.

It’s often difficult to agree on what should be included in a v1. I think the term “MVP” is one of the most abused terms in software. It is sometimes used to mean “do as little work as possible,” but the definition I like best is, “do as much as is needed to prove or disprove a hypothesis.”

This definition provides a great framework for determining what to include in a v1. If you can agree on a hypothesis, then every decision can be made by answering the question, “Do we need this to prove the hypothesis?”

For the Teach site, the hypothesis we’re testing is: “People will use the site to find teaching activities and add their Clubs to the map.”

So the v1 will seek to prove that. The priority items are a couple static pages that point to our high-quality curriculum modules, a Clubs page with an “Add Your Club” workflow, and some additional static content to flesh out the site.

Beyond Version One {Anagram: Sobered Onion Envy}

While  v1 is being created, we also need to start gearing up for the next iteration, which will be focused on building out more advanced tooling for the curriculum (so that we can add to those pages without developer involvement, and incorporate feedback and remix ideas from the community). This is essentially adding a fourth strand to the list above—a kind of “requirements gathering and brainstorming” strand.

(Side note: I like that the “build, measure, learn” cycle we’ll use to iterate on the site echoes the process we’re using to develop the curriculum with our community. Agile methods all around!)

Of course, even while using iterative development practices, we still need to keep the big picture in mind. To see the current thinking about future iterations, you can always check out the roadmap. I’m updating it regularly as our needs change, or as they become clearer to me.

Planet Mozilla“We are ALL Remoties” (Feb2015 edition)

Since my last blog post on “remoties”, I’ve worked with ProCore, and Haas, UCBerkeley (again!) as well as smaller private discussions with some other companies. Every single time, I continue to find people eager for passionate conversations, and clear “ah-ha!” moments, which I find very encouraging. There’s also plenty of volunteering stories/ideas of what did/didnt work for them in their past. All this helps me continue to hone and refine these slides, which I hope makes them even more helpful to others.

You can get the latest version of these slides, in handout PDF format, by clicking on the thumbnail image.

Remoties are clearly something that people care deeply about. Geo-distributed teams are becoming more common in the workplace, and yet the challenges continue to be very real and potentially disruptive. Given how this topic impacts people’s jobs, and their lives, I’m not surprised by the passionate responses, and each time, the lively discussions encourage me to keep working on this even more.

As always, if you have any questions, suggestions or good/bad stories about working in a remote or geo-distributed teams, please let me know – I’d love to hear them.


Planet MozillaThis Week In Servo 26

This week, we merged 50 pull requests

Notable additions

New contributors



Planet MozillaProduct Coordination Meeting

Product Coordination Meeting Weekly coordination meeting for Firefox Desktop & Android product planning between Marketing/PR, Engineering, Release Scheduling, and Support.

Planet MozillaThe Joy of Coding (mconley livehacks on Firefox) - Episode 4

The Joy of Coding (mconley livehacks on Firefox) - Episode 4 Watch mconley livehack on Firefox Desktop bugs!

Planet MozillaStatus update – In-content Preferences, part 5


Firefox 38 has now merged to Aurora (Firefox Developer Edition) and we are a couple weeks into development of Firefox 39 on mozilla-central. At this point, bugs that are fixed on mozilla-central will need to be uplifted to mozilla-aurora to continue to ride the 38 train.

These are some of the 21 bugs that were fixed since the last update (1/31/2015):

  • Bug 1008171 No focus for elements except textboxes (and buttons, on Windows and Linux) inside in-content preferences
  • Bug 1025719 – openPreferences(panelName) doesn’t open the requested pane if about:preferences is in a yet-to-be-loaded tab
  • Bug 1034296 – Action dropdown in Application pane does not open when session restored
  • Bug 1037225 – Consider keeping browser.preferences.instantApply = false on Windows
  • Bug 1044597 – in-content preferences: resized dialogs should not push buttons into overflow
  • Bug 1047586 – Unable to interact with in-content preferences after changing minimum font size to a very large value
  • Bug 1108302 – Menulists in the in-content preferences have too much padding at the start of their contents
  • Bug 1111353 – No longer displayed check mark in in-content preferences if Text : white, Background : Black and Select “Never” in “Content” > “Colors…” > “Allow pages to choose their own colors, instead of my selections above”

Since the last update all of the P1-tracked bugs have been fixed. We are tracking the following P2 bugs:
top_2Bug 1043612 – Persist the size of resizable in-content subdialogs
top_2Bug 1136645 – InContent prefs – Make focusrings match the spec on Windows and Linux
top_2Bug 1044600 – in-content preferences: empty dialogs after pressing backspace or the Back button

Bug 1044600 in the above list should be very close to getting fixed. It has landed and been backed out a couple times due to intermittent failures and leaks, but is making steady progress towards being fixed.

Gijs and I will be meeting up in less than two weeks in San Francisco to have a “hack week” focusing on the in-content preferences. We’ve gone through the list of bugs in the in-content preferences and put together a subset of 10 bugs that we’ll tackle during the week if they’re not fixed beforehand.

Big thanks go out to Ian Moody [:Kwan], Gijs, Yash Mehrotra, Richard Marti [:Paenglab], and Tim Nguyen [:ntim] for their help in fixing the 21 bugs.

Tagged: firefox, in-content-preferences, mozilla, planet-mozilla

Planet MozillaWeekly review 2015-03-04

This week, using my new AMQP and HTTP taskcluster go client api library (see recent posts), I’ve written a service, running in heroku, to capture metrics for task cluster.

Five task cluster pulse queues are monitored to watch for completed tasks and completed task graphs. Then the taskcluster queue API is queried to get task data, such as worker payloads, in order to build up a view of durations taken for the tasks to progress through states until completion. This data is then collected, for pushing to influxdb for real-time query analysis. InfluxDB is similar to graphite.

In parallel, the hg pushlogs are monitored to get push times for hg changesets, so that we have a view in the end of how long it took from a change being received on the hg server, until a task graph is build, then until it is executed, and then until it completes.

The publish to InfluxDB is not quite done yet, hope to finish that off shortly.

The data is persisted using BoltDB during data collection and denormalisation.

I plan to wrap that up shortly, and then start work on …. the generic worker!

See bug 1136537 for more details.

Code lives here:

It is auto-deployed to heroku using the buildpack after a push to github.

Planet MozillaDebugging Gecko With Reverse Execution

Over the last month or so I've added reverse-execution support to rr's gdb interface. This enables gdb commands such as reverse-continue, reverse-next, reverse-finish and reverse-step. These work with breakpoints and watchpoints, so you can do things like

Breakpoint 1, nsCanvasFrame::BuildDisplayList (this=0x2aaadd7dbeb0, aBuilder=0x7fffffffaaa0, aDirtyRect=..., aLists=...)
at /home/roc/mozilla-inbound/layout/generic/nsCanvasFrame.cpp:460
460 if (GetPrevInFlow()) {
(gdb) watch -l mRect.width
Hardware watchpoint 2: -location mRect.width
(gdb) reverse-cont
Hardware watchpoint 2: -location mRect.width

Old value = 12000
New value = 11220
0x00002aaab100c0fd in nsIFrame::SetRect (this=0x2aaadd7dbeb0, aRect=...)
at /home/roc/mozilla-inbound/layout/base/../generic/nsIFrame.h:718
718 mRect = aRect;
(Here the "New value" is actually the value before this statement was executed, since we just executed backwards past it.)

Since debugging is about tracing effects to causes, and effects happen after their causes, reverse execution is a big deal. I've just started using it to debug Gecko, and I'm enjoying it immensely! I find myself having to unlearn a lot of my usual debugging tactics; much of what I've learned about debugging up until now is really just workarounds for not having had reverse execution.

An example from today: working on bug 1082249, I was in a function nsDisplayTableItem::ComputeInvalidationRegion with a geometry variable pointing to an nsDisplayBackgroundGeometry when it should have been a nsDisplayTableItemGeometry. At first I considered various indirect ways to figure out where the nsDisplayBackgroundGeometry came from, but now there's an easy direct way: set a breakpoint on the nsDisplayBackgroundGeometry, make it conditional on this == the current value of geometry, and reverse-continue to see exactly where that specific object was created (in a subclass of nsDisplayTableItem that I hadn't thought of).

This work is checked into rr master. It's not well tested yet, so a new official rr release is not imminent, but I'd appreciate people trying it out and reporting issues. At least I have been able to use it to get work done today :-).

Planet MozillaFirefox 37 beta1 to beta2

Instead of the classical 6 weeks, the 37 cycle is going to be only 5 weeks.

In this beta 2, we continued the work started during the 36 cycle. We landed fixes for MSE or image processing. We also took most of the stability fixes which will ship with 36.0.1.

  • 82 changesets
  • 130 files changed
  • 2459 insertions
  • 1610 deletions



List of changesets:

Margaret LeibovicBug 1073775 - Pass default engine from JS to Java, instead of making assumptions based on engine list order. r=liuche a=sylvestre - 21ec3b2d3da5
Jean-Yves AvenardBug 1132796: Revert incorrect change unfixing Bug 1132825. r=jya a=lmandel - 82ef773ccb71
Mark BannerBug 1114713 - Fix intermittent test failures by removing a event-cycling setTimeout call. r=mikedeboer, a=test-only - 153da3594a3e
Seth FowlerBug 1130707 - Make decode-on-draw-only image notifications more robust. r=tn, a=lmandel - b5f695706683
Michael ComellaBug 1133770 - Display the selected tab in the tab strip on device rotation. r=mhaigh, a=lizzard - eb261fd50770
Michael ComellaBug 1133770 - Use Refreshable interface instead of TabStrip in BrowserApp to allow builds on API 9. r=mhaigh, a=lizzard - e7319d343f20
Michael ComellaBug 1134192 - Add ActivityUtils.isFullScreen. r=mfinkle, a=lizzard - f18e2aecea6d
Michael ComellaBug 1134192 - Prevent the options menu from opening in fullscreen mode. r=mfinkle, a=lizzard - b23a690fa325
Mike ConleyBug 1136855 - Send a message from the content script when printing has finished so the parent can save print settings. r=Mossop, a=sledru. - 4a73e4bc3ee5
Mark BannerBug 1137469 - If an uncaught exception occurs whilst processing an action, the dispatcher can fail, rendering parts of Loop inactive. r=mikedeboer,a=sledru - c0698821db6c
Joel MaherBug 1134824 - Update talos on trunk to gain fixes for e10s, mainthreadio, etc. r=wlach, a=test-only - 193fb1410c0d
Ben TurnerBug 1121519 - Fix racy test. r=jgraham, a=test-only - 6454e62689f1
Bob OwenBug 1129369 - Part 1: Turn on DEP_NO_ATL_THUNK process-level mitigation for the GMP sandbox. r=tabraldes, a=lmandel - 56d34ca3b983
Bob OwenBug 1129369 - Part 2: Turn on BOTTOM_UP_ASLR process-level mitigation for the GMP sandbox. r=tabraldes, a=lmandel - fa0645acfc44
Bob OwenBug 1129369 - Part 3: Turn on MITIGATION_STRICT_HANDLE_CHECKS process-level mitigation for the GMP sandbox. r=tabraldes, a=lmandel - 8fd533be98aa
Timothy NikkelBug 1132427 - Make sure that the first frame refresh area for an animated image gets updated based on the refresh area of all subsequent frames, not just the second. r=jrmuizel, a=lmandel - 0d4ecc5c742c
Timothy NikkelBug 1132427 - Add test. a=lmandel - 97f402db19a4
Henry HuBug 1132358 - Save and restore mIterGenCnt. Keep it consistent with mIter. r=mcmanus, a=lmandel - 386a573b4fc0
Sotaro IkedaBug 1133426 - Care about new CompositorChild and CompositorParent re-creation. r=jrmuizel, a=lmandel - 4564e0e22a37
Gijs KruitboschBug 1107695 - Make one-off buttons accessible. r=florian, f=MarcoZ, a=lsblakk - 4fc445cb5642
Jean-Yves AvenardBug 1136576 - Properly align source buffer starts with current decoder. r=cajbir, a=lsblakk - 5a0ed5076b4f
Richard NewmanBug 1137259 - Don't send Campaign:Set for distribution referrer intents. r=mfinkle, a=lsblakk - 432de8008403
Michael ComellaBug 1135796 - Update ActivityUtils to use proper API levels. r=rnewman, a=lsblakk - 7ede0abc5a1c
Matt WoodrowBug 1132757 - Don't crash if we call WMFVideoMFTManager after we've initiated shutdown. r=cpearce, a=lsblakk - 2aa1ca037446
Tim NguyenBug 1105704 - Fix UI issues with SSL error reporting. r=dao, a=lmandel - 4b6bec5f7ff7
Jean-Yves AvenardBug 1131433 - Show codec/container type in MSE logs. r=cajbir, a=lmandel - 963bd7dabda0
Jean-Yves AvenardBug 1134064 - Part 1: Don't hold on reader when we stop needing it. r=mattwoodrow, a=lsblakk - 2e539009f86e
Jean-Yves AvenardBug 1134064 - Part 2: Drop current reader when seeking outside range. r=mattwoodrow, a=lsblakk - 5f400332977d
Jean-Yves AvenardBug 1134064 - Part 4: Fix racing condition should data get evicted. r=mattwoodrow, a=lsblakk - c92f6beaa505
Jean-Yves AvenardBug 1134064 - Part 5: Evict from TrackBuffer's current decoder. r=cajbir, a=lsblakk - d461222b1a07
Jean-Yves AvenardBug 1096089 - Part 3: Add trimming support from beginning of source buffer. r=cajbir, a=lsblakk - 4c92b1dcb67f
Jean-Yves AvenardBug 1096089 - Make end argument an unrestricted double as per spec. r=cajbir, r=bholley, a=lsblakk - dd1511c04aad
Patrick McManusBug 1133177 - Network logging and cleanups (part 1). r=hurley, a=lmandel - f321e120f8e1
Patrick McManusBug 1133177 - https tunnel of h1 without pconn inside h2 session stall. r=hurley, a=lmandel - 1c270f40087a
Michael ComellaBug 1132720 - Hide the dialog on animation end to prevent flicker on Activity.finish(). r=margaret, a=lmandel - 9fb3cc1f7ff6
Alessio PlacitelliBug 1128500 - Put |HiddenFrame| from CustomizationTabPreloader.jsm in HiddenFrame.jsm. r=ttaubert, a=lmandel - 3d6eaf96ca69
Alessio PlacitelliBug 1128500 - Make CustomizationTabPreloader.jsm use HiddenFrame.jsm. r=ttaubert, a=lmandel - cae785163094
Robert StrongBug 1044443 - Release off main thread crash in nsXPCWrappedJS::Release() via nsUpdateProcessor::~nsUpdateProcessor(). r=bbondy, a=lmandel - 8ac02f8d22e5
Matthew NoorenbergheBug 1126756 - Listen for |message-manager-disconnect| instead of |TabClose| to teardown UITour. r=Unfocused, a=lmandel - 9ff796be0d67
Alessio PlacitelliBug 1128564 - Whitelist Self Repair ( origin for UITour. r=MattN, a=lmandel - de7488acda8a
Alessio PlacitelliBug 1111022 - Load self-support page in a hidden tab. r=ttaubert, a=lmandel - 41fd4a4df8ac
Alessio PlacitelliBug 1111022 - Tests for the SelfSupport backend. r=gfritzsche, a=lmandel - e7a0f9cd3482
Alessio PlacitelliBug 1111022 - Changes UITour.jsm to work with windowless browsers. r=MattN, a=lmandel - f8c1586998ef
Alessio PlacitelliBug 1111022 - Add a test to make sure UITour works with no tabs/windowless browsers. r=MattN, a=lmandel - 9b32fd0a9844
Alessio PlacitelliBug 1111022 - Fix the accessibility test_docload.html test failing with hidden windows. a=lmandel - 87d76aead804
Jordan SantellBug 1135752 - Add tracking params in the dev edition doorhanger promo URL. r=jwalker, a=lsblakk - abb350df1154
Michael ComellaBug 1056002 - Backout changeset c56275d516ec. r=mfinkle, a=lsblakk - e8a752491ccc
Jean-Yves AvenardBug 1133633 - Part 1: Add logging reporting if we are using HW accelerated decode. r=rillian, a=lmandel - 85e3bc280be6
Stephen PohlBug 1130682 - Add homepage URL for Adobe EME. r=dolske, a=lmandel - 1ba1e8df6e2f
Stephen PohlBug 1129721 - Add license URL for Adobe EME. r=dolske, a=lmandel - 7bbbe05d19d4
Ryan VanderMeulenBug 1131433 - Re-add accidentally-removed GetMediaSourceLog() declaration. a=bustage - 25ae310c7cfd
Ryan VanderMeulenBug 1131433 - Re-add another accidentally-removed GetMediaSourceLog() declaration. a=bustage - e32cd39a1917
Wes KocherBug 1131433 - Further fixes to SourceBufferDecoder.cpp a=bustage - 20ea789e69df
J. Ryan StinnettBug 1128027 - Clean up protocol.js pools after connection close. r=bgrins a=lsblakk - 021aac3d7804
J. Ryan StinnettBug 1128027 - Repair sourceeditor test after protocol.js cleanup change. r=bgrins a=lsblakk - 4c02cca13dbe
J. Ryan StinnettBug 1128027 - Inspector destroy error was holding document alive. r=bgrins a=lsblakk - 569e2110f0ff
J. Ryan StinnettBug 1128027 - Record protocol.js request headers for debugging. r=bgrins a=lsblakk - b82653e56ec9
J. Ryan StinnettBug 1128027 - Rework Console tests that click links. r=bgrins a=lsblakk - 012e92feffe6
Richard Newman# - cea5c7cdfa13
J. Ryan StinnettBackout 012e92feffe6 (Bug 1128027). r=bgrins a=lsblakk - eed281422403
J. Ryan StinnettBackout b82653e56ec9 (Bug 1128027). r=bgrins a=lsblakk - 85ca6f646762
J. Ryan StinnettBackout 569e2110f0ff (Bug 1128027). r=bgrins a=lsblakk - 21120474140d
J. Ryan StinnettBackout 4c02cca13dbe (Bug 1128027). r=bgrins a=lsblakk - 6f6ec57ce6b9
J. Ryan StinnettBackout 021aac3d7804 (Bug 1128027). r=bgrins a=lsblakk - e49cd895e078
Matt WoodrowBug 1136984 - Always call DrainComplete in response to Drain, even if it wasn't called on the active decoder. r=cpearce a=lmandel - 5a7e83327249
Matt WoodrowBug 1136984 - Use correct units for comparing timestamps in TrackBuffer::RangeRemoval. r=jya a=lmandel - 09b2c7fed10f
Andrea MarchesiniBug 1125940 - File should not unlink FileImpl. r=khuey, a=lmandel - c16968de534c
Matthew NoorenbergheBug 1124888 - Record the effect of the saved formSubmitURL on autofilling login forms. r=dolske, a=lmandel - 191548235ce3
Hannes VerschoreBug 1130679 - Disable optimization due to fuzzer failures. r=nbp, a=lmandel - ae07b3862c27
Andy PuschBug 1124884 - Clear search history in Firefox Search after using 'Clear Private Data' in Firefox. r=margaret, a=lmandel - 12b0612ba016
Timothy NikkelBug 1134293 - Report the bounds of a tree body as needing component alpha and support disable component alpha in the text it might draw if asked. r=roc, a=lmandel - a12ea2668d1c
Timothy NikkelBug 1102896 - Save and restore the subpixel AA settings of the draw target when drawing an inactive layer manager so they don't get clobbered. r=mattwoodrow, a=lmandel - bc3e9b98d90f
Steve FinkBug 1133909 - Fix hazards revealed by adding in new GCPointers. r=terrence, a=lmandel - 3a352baeeca4
Mike de BoerBug 1137141 - Fix for making the Loop contacts tab show and/ or hide when the user logs in or out of FxA. r=Standard8, a=sledru - d5def3938b6e
Mike de BoerBug 1137141 - Extend Loop toolbarbutton tests to check for correct panel states upon opening. r=Standard8, a=sledru - 824656d7ad0d
Seth FowlerBug 1128769 (Part 1) - Propagate the imgIContainer::Draw result through the nsLayoutUtils::PaintBackground* functions. r=tn a=lmandel - 759ad062242f
Seth FowlerBug 1128769 (Part 2) - Check if we invalidated for a sync decode and never painted before invalidating for sync decoding again. r=tn a=lmandel - 69da299d5e49
Seth FowlerBug 1128769 (Part 3) - Record the last draw result when drawing CSS backgrounds and use it to decide whether to sync decode. r=tn a=lmandel - d80f4050e348
Seth FowlerBug 1128769 (Part 4) - Record the last draw result when drawing CSS tables and use it to decide whether to sync decode. r=tn a=lmandel - 782bd163aeed
Seth FowlerBug 1128769 (Part 5) - Record the last draw result for various less common frame types and use it to decide whether to sync decode. r=tn a=lmandel - 498290d95f1c
Seth FowlerBug 1128769 (Part 6) - Remove imgIContainer::IsDecoded and all remaining callers. r=tn a=lmandel ba=lmandel - 7b3c7ba30dfe
Ben HearsumBug 1138924: fix win64's xulrunner mozconfig. r=rail, a=bustage - e8ec4e64fe84

Planet MozillaHive Toronto privacy badges

Hive Toronto privacy badges

I really like these badges, part of work carried out by Hive Toronto and funded by the Office of the Privacy Commissioner of Canada.

I’m an advisor to the project, but most of the hard work is being done by Karen Smith. The badges are informed (of course!) by the Privacy competency of Mozilla’s Web Literacy Map.

Each of the badges links to activities that help learners get to grips with the various aspects of privacy. As these have been created using Webmaker’s Thimble tool it’s straightforward to remix them for your own use!

Planet MozillaWhat Is The Endgame Of Weak Computer Security?

Could we reach a state where most hardware and software is compromised by third parties at its creation, because the hardware and software you need to develop more hardware and software has already been compromised by those third parties? I think we could. Apart from all the challenges we already face, the "Internet Of Things" may make it extremely difficult to isolate potentially vulnerable systems from the Internet. Imagine an environment saturated with poorly secured devices capable of monitoring RF side channels, for a start.

So far I've seen little evidence of systematic attempts to compromise software at source. Perhaps the organizations with the capability do it undetectably, but you would expect some less-competent actors to try it and be exposed. The best explanation I've heard is that people aren't trying to do this because currently it's cheaper to find vulnerabilities in other ways. Hopefully that won't always be true.

If we get into that everything-compromised state, would we know? Would there be a single winner, able to use its unlimited reach to undermine and outflank its competitors? Or would there be multiple winners, with every system containing an entire ecosystem of backdoors and subversion? How could we get out of that state? Would the bugginess of computer systems turn out to be a blessing or a curse?

Planet MozillaAttached Input Queues on Firefox for Windows

I’ve previously blogged indirectly about attached input queues, but today I want to address the issue directly. What once was a nuisance in the realm of plugin hangs has grown into a more serious problem in the land of OMTC and e10s.

As a brief recap for those who are not very familiar with this problem: imagine two windows, each on their own separate threads, forming a parent-child relationship with each other. When this situation arises, Windows implicitly attaches together and synchronizes their input queues, putting each thread at the mercy of the other attached threads’ ability to pump messages. If one thread does something bad in its message pump, any other threads that are attached to it are likely to be affected as well.

One of the biggest annoyances when it comes to knowledge about which threads are affected, is that we are essentially flying blind. There is no way to query Windows for information about attached input queues. This is unfortunate, as it would be really nice to obtain some specific knowledge to allow us to analyze the state of Firefox threads’ input queues so that we can mitigate the problem.

I had previously been working on a personal side project to make this possible, but in light of recent developments (and a tweet from bsmedberg), I decided to bring this investigation under the umbrella of my full-time job. I’m pleased to announce that I’ve finished the first cut of a utility that I call the Input Queue Visualizer, or iqvis.

iqvis consists of two components, one of which is a kernel-mode driver. This driver exposes input queue attachment data to user mode. The iqvis user-mode executable is the client that queries the driver and outputs the results. In the next section I’m going to discuss the inner workings of iqvis. Following that, I’ll discuss the results of running iqvis on an instance of Firefox.

Input Queue Visualizer Internals

First of all, let’s start off with this caveat: Nearly everything that this driver does involves undocumented APIs and data structures. Because of this, iqvis does some things that you should never do in production software.

One of the big consequences of using undocumented information is that iqvis requires pointers to very specific locations in kernel memory to accomplish things. These pointers will change every time that Windows is updated. To mitigate this, I kind of cheated: it turns out that debugging symbols exist for all of the locations that iqvis needs to access! I wrote the iqvis client to invoke the dbghelp engine to extract the pointers that I need from Windows symbols and send those values as the input to the DeviceIoControl call that triggers the data collection. Passing pointers from user mode to be accessed in kernel mode is a very dangerous thing to do (and again, I would never do it in production software), but it is damn convenient for iqvis!

Another issue is that these undocumented details change between Windows versions. The initial version of iqvis works on 64-bit Windows 8.1, but different code is required for other major releases, such as Windows 7. The iqvis driver theoretically will work on Windows 7 but I need to make a few bug fixes for that case.

So, getting those details out of the way, we can address the crux of the problem: we need to query input queue attachment information from win32k.sys, which is the driver that implements USER and GDI system calls on Windows NT systems.

In particular, the window manager maintains a linked list that describes thread attachment info as a triple that points to the “from” thread, the “to” thread, and a count. The count is necessary because the same two threads may be attached to each other multiple times. The iqvis driver walks this linked list in a thread-safe way to obtain the attachment data, and then copies it to the output buffer for the DeviceIoControl request.

Since iqvis involves a device driver, and since I have not digitally signed that device driver, one can’t just run iqvis and call it a day. This program won’t work unless the computer was either booted with kernel debugging enabled, or it was booted with driver signing temporarily disabled.

Running iqvis against Firefox

Today I ran iqvis using today’s Nightly 39 as well as the lastest release of Flash. I also tried it with Flash Protected Mode both disabled and enabled. (Note that these examples used an older version of iqvis that outputs thread IDs in hexadecimal. The current version uses decimal for its output.)

Protected Mode Disabled

FromTID ToTID Count
ac8 df4 1

Looking up the thread IDs:

  • df4 is the Firefox main thread;
  • ac8 is the plugin-container main thread.

I think that the output from this case is pretty much what I was expecting to see. The protected mode case, however, is more interesting.

Protected Mode Enabled

FromTID ToTID Count
f8c dbc 1
794 f8c 3

Looking up the thread IDs:

  • dbc is the Firefox main thread;
  • f8c is the plugin-container main thread;
  • 794 is the Flash sandbox main thread.

Notice how Flash is attached to plugin-container, which is then attached to Firefox. Notice that transitively the Flash sandbox is effectively attached to Firefox, confirming previous hypotheses that I’ve discussed with colleagues in the past.

Also notice how the Flash sandbox attachment to plugin-container has a count of 3!

In Conclusion

In my opinion, my Input Queue Visualizer has already yielded some very interesting data. Hopefully this will help us to troubleshoot our issues in the future. Oh, and the code is up on GitHub! It’s poorly documented at the moment, but just remember to only try running it on 64-bit Windows 8.1 for the time being!

Planet MozillaSuperFREAK! SuperFREAK! Temptations, sing!

Remember those heady days back when people spelled out W-W-W and H-T-T-P in all their links, and we had to contend with "export only" versions of cryptography because if you let those 1024-bit crypto keys fall into the wrong hands, the terrorists would win? My favourite remnant of those days is this incredibly snide Apple ad where tanks surround the new Power Mac G4, the first personal computer classified by the Pentagon as a munition ("As for Pentium PCs, well ... they're harmless").

Unfortunately, a less amusing remnant of that bygone era has also surfaced in the form of the FREAK attack (see also POODLE, CRIME and BEAST). The idea with export-grade ciphers is that, at the time, those naughty foreign governments would have to make do with encrypting their network traffic using short keylengths that the heroic, not-at-all-dystopian denizens of the NSA could trivially break (which you can translate to mean they're basically broken by design). As a result, virtually no browser today will advertise its support for export-grade ciphers because we're not supposed to be using them anymore after the Feds realized the obvious policy flaw in this approach.

But that doesn't mean they can't use them. And to prove it, the researchers behind FREAK came up with a fuzzing tool that gets in the middle of the secure connection negotiation (which must happen in the clear, in order to negotiate the secure link) and forces the connection to downgrade. Ordinarily you'd realize that something was in the middle because completing the handshaking to get the shared secret between server and client requires a private key, which the malicious intruder doesn't have. But now it has another option: the defective client will accept the downgraded connection with only a 512-bit export-compliant RSA key from the server, trivial to break down with sufficient hardware in this day and age, which the intruder in the middle can also see. The intruder can factor the RSA modulus to recover the decryption key, uses that to decrypt the pre-master secret the client sends back, and, now in possession of the shared secret, can snoop on the connection all it wants (or decrypt stored data it already has). Worse, if the intruder has encrypted data from before and the server never regenerated the RSA key, they can decrypt the previous data as well!

There are two faults here: the server for allowing such a request to downgrade the connection, and the client for accepting deficient keys. One would think that most current servers would not allow this to occur, stopping the attack in practice, and one would be wrong. On the FREAK Attack site (which doubles as a test page), it looks like over a quarter of sites across the IPv4 address space are vulnerable ... including!

What about the client side? Well, that's even worse: currently every Android phone (except if you use Firefox for Android, which I recently switched to because I got tired of Android Chrome crashing all the damn time), every iOS device, and every Mac running Safari or Chrome is vulnerable, along with anything else that ships with a vulnerable version of OpenSSL. Guess what's not? Firefox. Guess what's also not? TenFourFox. NSS does not advertise nor accept export-only keys or ciphers. TenFourFox is not vulnerable to FREAK, nor any current version of Firefox on any platform. Test it yourself.

Classilla is vulnerable in its current configuration. If you go into the settings for security, however, you can disable export-only support and I suggest you do that immediately if you're using Classilla on secure sites. I already intended to disable this for 9.3.4 and now it is guaranteed I will do so.

What about Safari or OmniWeb on Power Macs? I would be interested to hear from 10.5 users, but the test site doesn't work correctly in either browser on 10.4. Unfortunately, because all Macs (including 10.6 through 10.10) are known to be vulnerable, I must assume that both Tiger and Leopard are also vulnerable because they ship a known-defective version of OpenSSL. Installing Leopard WebKit fixes many issues and security problems but does not fix this problem, because it deals with site display and not secure connections: the browser still relies on NSURL and other components which use the compromised SSL library. I would strongly recommend against using a non-Mozilla browser on 10.7 and earlier for secure sites in the future for this reason. If you use Android as I do, it's a great time to move to Firefox for Android. Choice isn't just a "nice thing to have" sometimes.

Planet Mozillamozci 0.2.5 released - major bug fixes + many improvements

Big thanks again to vaibhav1994adusca and valeriat for their many contributions in this release.

Release notes

Major bug fixes:
  • Bug fix: Sort pushid_range numerically rather than alphabetically
  • Calculation of hours_ago would not take days into consideration
  • Added coveralls/coverage support
  • Added "make livehtml" for live documentation changes
  • Improved FAQ
  • Updated roadmap
  • Large documentation refactoring
  • Automatically document scripts
  • Added partial testing of mozci.mozci
  • Streamed fetching of allthethings.json and verify integrity
  • Clickable treeherder links
  • Added support for zest.releaser
    Release notes:
    PyPi package:

    Creative Commons License
    This work by Zambrano Gasparnian, Armen is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

    Planet MozillaTrust in an Increasingly Connected World

    This year at Mobile World Congress, I participated in two formal discussions. I spoke alongside a panel of experts thinking about mobile and data which was hosted by the GSMA. I was also invited to a Fireside Chat hosted by … Continue reading

    Planet MozillaNew Beginnings

    …or trying to adapt to the inevitability of change.

    Change is a reality of life common to all things; we all must adapt to change or risk obsolescence. I try to look at change as a defining moment, an opportunity to reflect, to learn, and to make an impact. It is in these moments that I reflect on the road I’ve traveled and attempt to gain clarity of the road ahead. This is where I find myself today.

    How Did I Get Here?

    In my younger days I wasted years in college jumping from program to program before eventually dropping out. I obviously did not know what I wanted to do with my life and I wasn’t going to spend thousands of dollars while I figured it out. This led to a frank and difficult discussion with my parents about my future which resulted in me enlisting in the Canadian military. As it happens, this provided me the space I needed to think about what I wanted to do going forward, who I wanted to be.

    I served for three years before moving back to Ontario to pursue a degree in software development at the college I left previously. I had chosen a path toward working in the software industry. I had come to terms with a reality that I would likely end up working on some proprietary code that I didn’t entirely care for, but that would pay the bills and I would be happier than I was as a soldier.

    After a couple of years following this path I met David Humphrey, a man who would change my life by introducing me to the world of open source software development. On a whim, I attended his crash-course, sacrificing my mid-semester week off. It was here that discovered a passion for contributing to an open source project.

    Up until this point I was pretty ignorant about open source. I had been using Linux for a couple years but I didn’t identify it as “open source”; it was merely a free as in beer alternative to Windows. At this point I hadn’t even heard of Mozilla Firefox. It was David who opened my eyes to this world; a world of continuous learning and collaboration, contributing to a freer and more open web. I quickly realized that choosing this path was about more than a job opportunity, more than a career; I was committing myself to world view and my part to play in shaping it.

    Over the last eight years I have continued to follow this path, from volunteering nights at school, through internships, a contract position, and finally full-time employment in 2010.

    Change is a way of life at Mozilla

    Since I began my days at Mozilla I have always been part of the same team. Over the years I have seen my team change dramatically but it has always felt like home.

    We started as a small team of specialists working as a cohesive unit on a single product. Over time Mozilla’s product offering grew and so did the team, eventually leading to multiple sub-teams being formed. As time moved on and demands grew, we were segmented into specialized teams embedded on different products. We were becoming more siloed but it still felt like we were all part of the QA machine.

    This carried on for a couple of years but I began to feel my connection to people I no longer worked with weaken. As this feeling of disconnectedness grew, my passion for what I was working on decreased. Eventually I felt like I was just going through the motions. I was demoralized and drifting.

    This all changed for me again last year when Clint Talbert, our newly appointed Director and a mentor of mine since the beginning, developed a vision for tearing down those silos. It appeared as though we were going to get back to what made us great: a connected group of specialists. I felt nostalgic for a brief moment. Unfortunately this would not come to pass.

    Moving into 2015 our team began to change again. After “losing” the B2G QA folks to the B2G team in 2014, we “lost” the Web and Services QA folks to the Cloud Services team. Sure the people were still here but it felt like my connection to those people was severed. It then became a waiting game, an inevitability that this trend would continue, as it did this week.

    The Road Ahead

    Recently I’ve had to come to terms with the reality of some departures from Mozilla.  People I’ve held dear for, and sought mentorship from, for many years have decided to move on as they open new chapters in their lives. I have seen many people come and go over the years but those more recently have been difficult to swallow. I know they are moving on to do great things and I’m extremely happy for them, but I’ll also miss them intensely.

    Over the years I’ve gone from reviewing add-ons to testing features to driving releases to leading the quality program for the launch of Firefox Hello. I’ve grown a lot over the years and the close relationships I’ve held with my peers are the reason for my success.

    Starting this week I am no longer a part of a centralized QA team, I am now the sole QA member of the DOM engineering team. While this is likely one of the more disruptive and challenging changes I’ve ever experienced, it’s also exciting to me.

    Overcoming the Challenge

    As I reflect on this entire experience I become more aware of my growth and the opportunity that has been presented. It is an opportunity to learn, to develop new bonds, to impact Mozilla’s mission in new and exciting ways. I will remain passionate and engaged as long as this opportunity exists. However, this change does not come without risk.

    The greatest risk to Mozilla is if we are unable to maintain our comradery, to share our experiences, to openly discuss our challenges, to engage participation, and to visualize the broader quality picture. We need to strengthen our bonds, even as we go our separate ways. The QA team meeting will become ever more important as we become more decentralized and I hope that it continues.

    Looking Back, Looking Forward

    I’ve experienced a lot of change in my life and it never gets any less scary. I can’t help but fear reaching another “drifting point”. However, I’ve also learned that change is inevitable and that I reach my greatest potential by adapting to it, not fighting it.

    I’m entering a new chapter in my life as a Mozillian and I’m excited for the road ahead.

    Planet MozillaThe State of - February 2015

    Hello all! It's already been a month since last we spoke and much has happened! Let's get to it.

    Note: It appears that monthly will be a better schedule for these than every 2 weeks, at least for me. I'll try to keep to that. Please call me out if I fail.

    Theme for February: ZOMG BUSY!

    February is always a busy month for we developers in the Engagement team, at least since Mozilla broke into the mobile world with Fennec and Firefox OS. This is because the first of March is Mobile World Congress (MWC) time, and it's always a scramble to get things done in time. I concentrate mostly on the server side of the Web, but my colleagues in Web Prod who deal in HTML, CSS, and JS were more than a little busy. They launched a new page for MWC, a new Firefox OS main page, a new consolidated nav for all of that, and updates to various other FxOS related pages to support announcements. It was a herculean effort, the results are amazing, and I'm more than a little proud to work with them all. Special thanks to our new staff-member teammate Schalk Neethling for going way above and beyond to get it all done.

    Also, long time friend of Craig Cook knocked out a refresh of the Mozilla Leadership page. Nice work Craig!

    Not only all of that, but February saw a major overhaul of how bedrock handles static assets (CSS, LESS, JS, Fonts, Images, etc.). It's all part of the plan. There's more to come.

    1. We have finally moved into the modern world (speaking in Django terms) and are using the staticfiles system. We are now free to do things like handle user-uploaded media, use new and cool tools, and not feel bad about ourselves.
    2. We've switched from jingo-minify to django-pipeline. Pipeline hooks into Django's static media system and is therefore easier to integrate with other parts of the Django ecosystem as well as more customizable. It is also a much more active project and supports a lot of fun new things (e.g. Babel-JS for sweet sweet ES6 goodness in our ES5 world).
    3. Good Olde Apache™ used to be how we served our static assets, but we're now doing that from bedrock itself using Whitenoise. Since we have a CDN the traffic for these files on the server is quite low so getting cache headers, CORS, and gzipping right is the most important thing. Whitenoise handles all of this efficiently and automatically. I highly recommend it.

    With these new toys came the ability to generate what are called "Immutable Files". This means that the system will now copy all static files to new filenames that include the md5 hash of the file contents. This means that the file name (e.g. site.4d72c30b1a11.js) will always necessarily refer to the same contents. The advantage of this is that we can set the cache headers to basically never expire. Any time the file content changes, the generated file name will be different and cached separately.

    We're also generating gzipped versions of all files at deploy time. Whitenoise will see that these files exist (e.g. site.4d72c30b1a11.js.gz) and serve up the compressed version when the browser says it can handle it (and nearly all can these days). This is good because this is no longer happening at request time in Apache, thus reducing load, and we can use better and slower compression since it's happening outside of the request process.

    Much more happened, but I'm loath to make this much longer. Skim the git log below for the full list.


    Even more new contributors! HOORAY!

    • blisman started contributing to bedrock this month and has already fixed 3 bugs!
    • The aforementioned Schalk Neethling is new to the team, but not Mozilla nor FLOSS contribution, nor even bedrock as he's maintained the Plugin Check page for quite some time. He did a wonderful job on the new Firefox OS page.
    • Kohei Yoshino continues dominating all the things and even got yet another Friend of The Tree (Friends of Mozilla) mention.
    • Stephanie Hobson (on loan from MDN) stepped up to help us with some changes in preparation for the new Firefox for iOS (coming soon to an iDevice near you).

    Thank you all for your contributions to bedrock and the Open Web \o/

    Git Log for February

    • 8547262 (Pascal Chevrel) Bug 1128957 - Fix block parsing errors in jinja templates
    • bb8aa7a (Kohei Yoshino) Fix Bug 1129130 - Hyperlinking bios to Steering Committee page
    • f67af74 (Kohei Yoshino) Fix Bug 1129214 - Please add Rust and Cargo to our trademark list
    • 80c4b28 (Kohei Yoshino) Fix Bug 1128885 - Plugincheck-site considers 31.4.0ESR out of date
    • 7664dc5 (Alex Gibson) Update UITour documentation
    • d0c20a4 (Tim) updated sumo link to be locale-neutral
    • f588ff8 (Craig Cook) Fix bug 1124826 - Net Neutrality home promo
    • 5475a14 (Paul McLanahan) Add new contributors to humans.txt
    • 68a927c (Kohei Yoshino) Fix Bug 1124724 - Tiles product page update copy
    • 64c4f17 (Paul McLanahan) Fix bug 1130285: Treat hsb/dsb locales as de for number formatting.
    • ea43c4e (Kohei Yoshino) Fix Bug 1129911 - Text error in
    • e5496d6 (Francesco Lodolo (:flod)) Bug 1115066 - Add 'si' to Thunderbird start page redirect
    • 776cff3 (Alex Gibson) Add test suite for browser-tour.js
    • 73295a6 (Tin Aung Lin) Updated with new Facebook Page Link
    • 43909f2 (Kohei Yoshino) Fix Bug 1131142 - Update Firefox Refresh SUMO article link on /firefox/new/
    • 9a4de71 (Alex Gibson) [fix bug 1131680] Stop redirecting Firefox Geolocation page to Mozilla Taiwan website
    • a502fe1 (Kohei Yoshino) Fix Bug 1130160 - Extra '#' in section headers for roll up pages
    • 6aaee9f (Paul McLanahan) Fix bug 1131738: Mark advisory reporter as safe.
    • 90aabcb (Paul McLanahan) Bug 906176: Move to using Django staticfiles for media.
    • 66541a9 (Paul McLanahan) Bug 906176: Enable caching static storage and remove cachebusts.
    • 63da90f (Paul McLanahan) Update references to "media()" in docs.
    • 286c35c (Paul McLanahan) Bug 906176: Move to django-pipeline from jingo-minify.
    • 6fdbc53 (Paul McLanahan) Add futures, a dependency of pipeline.
    • 3a200c0 (Paul McLanahan) Add node dependencies less and yuglify.
    • a3b0895 (Paul McLanahan) Reorder deployment to keep the git repo clean.
    • 56b89a1 (Paul McLanahan) Serve static files with Whitenoise.
    • c96ba80 (Paul McLanahan) No longer test Python 2.6 in Travis.
    • ae040d4 (Paul McLanahan) Fix unicode issue with image helpers.
    • f9849c7 (Kohei Yoshino) Fix Bug 1131111 - PN Changes (Snippets/SMS Campaign, default Search provider, and SSL Error reporting)
    • a61fd11 (Paul McLanahan) Disable locale sync from crons temporarily.
    • c5cbfd7 (Paul McLanahan) Enable locale update cron jobs; they are now fixed.
    • f8ced59 (Paul McLanahan) Fix missing image referenced in thunderbird base template.
    • 1592de3 (Paul McLanahan) Fix bug 1132317: Fix gigabit pages errors.
    • b8e2afd (Paul McLanahan) Remove remaining date-based cache busting query params.
    • 6eb5107 (Logan Rosen) fix Bug 1132323: change Tabzilla heading ID
    • cdadc8a (Logan Rosen) fix Bug 1108278: congstar link is incorrect
    • 453ae78 (Paul McLanahan) Encourage use of humans.txt
    • d3c553d (Alex Gibson) [fix bug 1132289] Plugin check minify JS error
    • 375b3b3 (schalkneethling) Syncing content with Google doc, part of the l10n hand-over
    • b4c217e (Jon Petto) Bug 1128726. Add 2 new firstrun tests, each with 2 variants.
    • 8ccad60 (Alex Gibson) [fix bug 1132313] Venezuela community page references missing images
    • f74b2a7 (Paul McLanahan) Fix bug 1132454: Update platform_img helper for new static files.
    • fd4215b (Alex Gibson) [bug 1132454] Add missing high-res ios platform image to firefox/new
    • 5184b79 (Alex Gibson) Update Mozilla.ImageHelper JS tests
    • 03d7b14 (Kohei Yoshino) Fix Bug 1132835 - 404 linking to /contribute/local from /about/governance/organizations
    • ec262fe (Paul McLanahan) Fix bug 1132961: Add cache to twitter feeds.
    • a420c03 (Kohei Yoshino) Fix Bug 1132956 - Legal-docs pages for hu and hr throwing errors.
    • 61dea65 (Kohei Yoshino) Fix pep8 errors: W503 line break before binary operator
    • ad3f3c8 (Francesco Lodolo (:flod)) Bug 1124894 - Add Swahili (sw) to PROD_LOCALES
    • 6193a4f (Jon Petto) Bug 1130565. Add more localized videos to Hello page.
    • e41a55f (blisman) fix bug 1132942, removed url for missing html template (/bedrock/mozorg/about/governance/policies/commit/faq.html)
    • 89ad7c1 (blisman) Bug 1134492 - move assets from to
    • 43ac8cd (Alex Gibson) [fix bug 1053214] Missing Mozilla Estonia from Contact Pages
    • a3cb7e5 (Stephanie Hobson) Fix Bug 1134058: Show .form-details when form has focus
    • 0307a5b (Paul McLanahan) Only build master in Travis.
    • 4990787 (Cory Price) [fix bug 1130198] Update Hello FTU for GA36 * Send Custom Variable to GA containing the referral * Add referral to localStorage on copy/email link * Retreve referral from localStorage on tour connect and send to GA * Hide info panels when Contacts tab is clicked (it's okay that they don't see it if they switch back to Rooms) * Update docs * Add Test
    • 4f7a542 (Paul McLanahan) Add author link tag to base templates for humans.txt
    • c452ac0 (Kohei Yoshino) Fix Bug 1134936 - Firefox download pages: filter localized builds as you type
    • d681e78 (Josh Mize) Add backend for fxos feed links: bug 1128587
    • 4a81001 (Josh Mize) Restore dev update crons: fix bug 1133942
    • f0ab7b5 (Steven Garrity) Bug 1120689 MWC Preview page for 2015
    • e6d9ada (blisman) fix bug 1129961: reps ical feed update fail silently
    • 54b27ed (Paul McLanahan) Remove accidentially committed print statement.
    • d406fb0 (Steven Garrity) Bug 1120689 Update MWC map reference
    • 2592f4f (Alex Gibson) [fix bug 1135496] Missing Firefox OS wordmark on devices page
    • 259f1d2 (Alex Gibson) [fix bug 1099471 1084200] Implement Firefox Hello tours GA 36
    • eb6471a (Jon Petto) Add firstrun and whatsnew pages. Bug 1099471.
    • e797b42 (Alex Gibson) Update Hello fx36 tour logic and add tests
    • 93a6f2e (Alex Gibson) Add Fx36 Hello tour GA tracking events
    • 2500616 (Jon Petto) Hello tour updates:
    • 7b7329e (Steven Garrity) Bug 1120689 Last minute MWC preview text tweaks
    • 8859e9c (Alex Gibson) Fx36 Hello tour template updates
    • 5dde0d1 (Kohei Yoshino) Improve the Share widget, part of Bug 1131309
    • d6d4ab6 (Kohei Yoshino) Fix Bug 1131309 - Add share buttons to 'Check your plugins' page
    • 0a3dea6d (Steven Garrity) Bug 1120689 Update map for MWC 2015 Removed the link to the PDF and used a single PNG for mobile/desktop
    • b0eced3 (Paul McLanahan) Bug 1116511: Add script to sync data from Tableau.
    • acca704 (Paul McLanahan) Bug 1116511: Add view for serving JSON contributor data.
    • b807b1a (Paul McLanahan) Bug 1116511: Add cron jobs for stage and prod tableau data.
    • e27fa38 (Kohei Yoshino) Fix Bug 1128579 - Finish moving certs/included and certs/pending web pages to wiki pages
    • 34f032d (Paul McLanahan) Fix a potential error in the TwitterCacheManager.
    • 5fa4fb3 (Steven Garrity) Bug 1120667 Remove "over" from MWC preview page
    • d627564 (Francesco Lodolo (:flod)) Bug 1111597 - Set up Santali (sat) for production
    • 20afbf3 (Craig Cook) Update home page promos
    • f727d1a (Cory Price) [fix bug 1130194] Add FTU tracking to Hello product page
    • 3ec1f54 (Kohei Yoshino) Fix Bug 1136224 - firefox hello privacy policy link to tokbox privacy policy broken
    • 59b7b09 (Paul McLanahan) Fix bug 1136307: Catch all errors and report exceptions for MFSA import.
    • c4d1534 (schalkneethling) Fix Bug 1132298 Moves mustache script above the share script
    • 41c8b12 (Craig Cook) Bug 1132231 - fix copy for Webmaker and Hello promos
    • 0963b2a (Kohei Yoshino) Standardize the header share button
    • 4fdd9f0 (Kohei Yoshino) Fix Bug 1131304 - Add share buttons to 'Download Firefox in your language' page
    • f53b05f (Kohei Yoshino) Fix Bug 1131299 - Add share buttons to Firefox Developer Edition page
    • 2c8a27f (Steven Garrity) Bug 1120689 Update title on MWC preview for 2015
    • 9ab3132 (Paul McLanahan) Fix bug 1136559: Add dev deploy cron scripts to repo.
    • 4b36ba5 (Stephanie Hobson) Fix Bug 1126578: iOS CTA updates and newsletter
    • c8b7a5f (Stephanie Hobson) Bug 1126578: iOS CTA updates and newsletter
    • d53c578 (Kohei Yoshino) Fix Bug 1126837 - Make Fx38 Win64 build of Dev Edition Available on
    • acf34be (Kohei Yoshino) Fix Bug 1137213 - Sky theme is not applied to Firefox channel page if Developer Edition is selected first
    • 934fe4c (Jon Petto) Bug 1135092. Fx family nav V1.
    • 5e8d55d (Paul McLanahan) Get current hash from local file and run dev autodeploy every 20min.
    • 6984385 (Paul McLanahan) No output for dev autoupdate unless deploying.
    • f6a6fad (Kohei Yoshino) Fix Bug 1137061 - Firefox Release Notes list shows unsorted sub-versions
    • f8a5358 (Kohei Yoshino) Fix Bug 1137604 - /security/advisories: abbreviation mismatch: MSFA vs. MFSA
    • d8572fe (Jon Petto) Bug 1135092. Add small IE fixes to fx family nav v1.
    • 8847d9f (Jon Petto) Bug 1137260. Add GA to fx family nav.
    • 4f16a2b (Josh Mize) Update firefox os feeds on dev deploy
    • 05bc712 (Craig Cook) Fix bug 1134522 - New leadership page
    • b966d62 (Paul McLanahan) Remove locale update from deployment.
    • 9ed05bc (Steven Garrity) Bug 1120686 Update Fx Partners page for MWC 2015
    • d0bf649 (Jon Petto) Bug 1137904. Add headlines to MWC page.
    • 97685f5 (Steven Garrity) Bug 1137347 Add temporary links to static logos
    • b03989e (Steven Garrity) Add All press link
    • b0440e9 (schalkneethling) Fix Bug 1120700, implement new design for firefox/os
    • 5ac9fe3 (Steven Garrity) Bug 1120686 Fix overlaping menus Mobile partners nav was overlapping family nav submneu due to excessive z-index
    • 1de1bfc (Steven Garrity) Bug 1137347 Use https for static images
    • 431aea6 (Paul McLanahan) Update static files, product-details, and external files in SRC dir.
    • ebfd67a (Craig Cook) Bug 1120700 - Misc tweaks and fixes for new FxOS page
    • b6225ee (Paul McLanahan) Update revision.txt before collectstatic.
    • e8c9f28 (Craig Cook) Bug 1124734 - remove Net Neutrality promo after Feb 26
    • c0066c1 (Craig Cook) Fix bug 1138169 - MWC partner logo updates
    • 90bec7a (Francesco Lodolo (:flod)) Bug 1120700 - Fx OS consumer page: restore page title on old template
    • c0dfdee (Steven Garrity) Bug 1137347 Replace temporary MWC logos

    Planet MozillaWebdev Extravaganza: March 2015

    Webdev Extravaganza: March 2015 Web developers across the Mozilla community get together (in person and virtually) to share what cool stuff we've been working on.

    Planet MozillaHow to generate allthethings.json

    It's this easy!
        hg clone
        cd braindump/community

    allthethings.json is generated based on data from buildbot-configs.
    It contains data about builders, schedulers, masters and slavepools.

    If you want to extract information from allthethings.json feel free to use mozci to help you!

    Creative Commons License
    This work by Zambrano Gasparnian, Armen is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

    Planet MozillaMartes mozilleros

    Martes mozilleros Reunión bi-semanal para hablar sobre el estado de Mozilla, la comunidad y sus proyectos.

    Planet MozillaUnity 5 Ships and Brings One Click WebGL Export to Legions of Game Developers

    Mozilla’s goal of high quality plugin-free gaming on the Web is taking a giant leap forward today with the release of Unity 5. This new version of the world’s most popular game development tool includes a preview of their amazing WebGL exporter. Unity 5 developers are one click away from publishing their games to the Web in a whole new way, by taking advantage of WebGL and asm.js. The result is native-like performance in desktop browsers without the need for plugins.

    Unity is a very popular game development tool. In fact the company says just under half of all developers report using this tool. The engine is highly suited for mobile development and as such has been used to produce a wealth of content which is particularly well suited for Web export. Small download size, low memory usage, and rendering pipeline similarities make this content straight forward to port to the Web. Unity has a long history of providing their developers the ability to ship online via a Web plugin. In recent years, browser vendors have moved to reduce their dependency on plugins for content delivery.

    A new cross browser approach was needed and it has arrived

    Mozilla and Unity worked together to find a way to bring content developed in Unity 5 to the Web using only standard compliant APIs and JavaScript. Unity’s new approach to Web delivery is made possible by using a combination of IL2CPP and a cross-compiler named Emscripten to port its content. IL2CPP was developed at Unity Technologies and converts all ingame scripts to C++. This approach has performance benefits when porting to multiple platforms, including the Web. Unity then uses Emscripten to convert the resulting C++ to asm.js, a subset of JavaScript that can be optimized to run at near native speeds in the browser. asm.js was pioneered by Mozilla. The code then executes in the browser as any other Web content. It accesses hardware via standard compliant APIs such as WebGL, IndexedDB, and Web Audio. The results of this collaboration have now reached the point where it’s time to get them into the hands of developers.

    “Unity has always been a strong supporter of Web gaming,” said Andreas Gal, CTO of Mozilla. “With the ability to do plugin-free WebGL export with Unity 5, Mozilla is excited to see Unity promoting the Web as a first-class platform for their developers. One-click export to WebGL will give Unity’s developers the ability to share their content with a new class of user.”

    Dead Trigger 2Angry BotsAaaaaAAaaaAAAaaAAAAaAAAAA for The Awesome!

    Clicking on the images above will take you to live examples of Unity 5 exports using WebGL 1.

    At GDC, Mozilla will also be providing a first look at WebGL 2. While the shipping Unity WebGL export targets WebGL 1, Unity and Mozilla have been working together to take advantage of WebGL 2, the next generation standard for 3D graphics on the Web. Unity has redeveloped their Teleporter demo to showcase the technology in action.

    Mozilla and Unity will be showing off a number of titles developed in Unity and exported to the Web, including Nival’s Prime World Defenders and AaaaaAAaaaAAAaaAAAAaAAAAA! for Awesome by Dejobaan Games, which can be played right on their website. You can also try Dead Trigger 2 and Angry Bots available via Unity Technologies’ website.

    For more information on Unity’s news please see their blog post.

    For more information on Mozilla’s news at GDC see this post.

    Edited March 4th to clarify that current Unity support is for WebGL 1 while WebGl 2 is an experimental technology being developed in conjunction with Mozilla.

    Planet MozillaBringing Native Games to the Web is About to get a Whole Lot Easier

    GDC 2015 is a major milestone in a long term collaboration between Mozilla and the world’s biggest game engine makers. We set out to bring high performance games to the Web without plugins, and that goal is now being realized. Unity Technologies is including the WebGL export preview as part of their Unity 5 release, available today. Epic Games has added a beta HTML5 exporter as part of their regular binary engine releases. This means plugin-free Web deployment is now in the hands of game developers working with these popular tools. They select the Web as their target platform and, with one click, they can build to it. Now developers can unlock the world’s biggest open distribution platform leveraging two Mozilla-pioneered technologies, asm.js and WebGL.

    What has changed?

    Browser vendors are moving to reduce their dependency on plugins for content delivery, with Chrome planning to drop support for NPAPI entirely. Developers such as King, Humble Bundle, Game Insider, and Zynga are using Emscripten to bring their C and C++ based games to the Web. Disney has shipped Where’s My Water on Firefox OS, which was ported using the same technology. Emscripten allows developers to cross-compile their native games to asm.js, a subset of JavaScript that can be optimized to run at near native speeds. However, this approach to Web delivery can be challenging to use, and most of these companies have been working with in-house engines to achieve their goals. This has put some of the most advanced Web deployment techniques out of reach of the majority of developers, until now.

    The technology is spreading

    Browser support for the underlying Web standards is growing. WebGL has now spread to all modern browsers, both desktop and mobile. We are seeing all browsers optimize for asm.js-style code, with Firefox and Internet Explorer committed to advanced optimizations.

    “With the ability to reach hundreds of millions of users with just a click, the Web is a fantastic place to publish games,” said Andreas Gal, CTO of Mozilla. “We’ve been working hard at making the platform ready for high performance games to rival what’s possible on other platforms, and the success of our partnerships with top-end engine and game developers shows that the industry is taking notice.”

    Handwritten JavaScript games: can you spot the difference?

    At GDC, Mozilla will be showcasing a few amazing examples of HTML5 using handwritten JavaScript. The Firefox booth will include a demonstration of a truly ubiquitous product called Tanx, developed by PlayCanvas. It runs on multiple desktop and mobile platforms. It can even be played inside an iOS WebView, launched within Twitter. Gamepad and multiplayer support are also part of the experience. Mozilla will in addition be featuring The Marvelous Miss Take by Wonderstruck and Turbulenz. This title is soon to ship on both Firefox Marketplace and is available on Steam today. For Steam distribution, the HTML5 application is packaged as a native application but you would be hard pressed to know it.

    Not done yet

    Mozilla is committed to advancing what is possible on the Web. While already capable of running great game experiences, there is plenty of potential still to be unlocked. This year’s booth showcase will include some bleeding edge technologies such as WebGL 2 and WebVR, as well as updated developer tools aimed at game and Web developers alike. These tools will be demonstrated in our recently released 64-bit version of Firefox Developer Edition. Mozilla will also be providing developers access to SIMD and experimental threading support. Developers are invited to start experimenting with these technologies, now available in Firefox Nightly Edition. Visit the booth to learn more about Firefox Marketplace, now available in our Desktop, Android, and Firefox OS offerings as a distribution opportunity for developers.

    To learn more about Mozilla’s presence at GDC, read articles from the developers on the latest topics, or learn how to get involved, visit or come see us at South Hall Booth #2110 till March 6th. For press inquiries please email

    Planet MozillaMozilla not accepted for Google Summer of Code 2015

    As you may have already seen, Mozilla is not in the list of organizations accepted for Google Summer of Code 2015.

    People who have observed the list carefully may have noticed that there are fewer accepted organizations this year: 137 (down from 190 in 2014 and 177 in 2013). Other organizations that have participated successfully several times are also not in the 2015 list (eg. Linux Foundation, Tor, ...).

    After a quick email exchange with Google last night, here is the additional information I have:
    • not accepting Mozilla was a difficult decision for them. It is not the result of a mistake on our part or an accident on their side.
    • there's an assumption that not participating for one year would not be as damaging for us as it would be for some other organizations, due to us having already participated many times.
    • this event doesn't affect negatively our chances of being selected next year, and we are encouraged to apply again.

    This news has been a surprise for me. I am disappointed, and I'm sure lots of people reading this are disappointed too. I would like to thank all the people who considered participating this year with Mozilla, and especially all the Mozillians who volunteered to mentor and contributed great project ideas. I would also like to remind students that while Summer of Code is a great opportunity to contribute to Mozilla, it's not the only one. Feel free to contact mentors if you would like to work on some of the suggested ideas anyway.

    Let's try again next year!

    Planet Mozillacurl: embracing github more

    Pull requests and issues filed on github are most welcome!

    The curl project has been around for a long time by now and we’ve been through several different version control systems. The most recent switch was when we switched to git from CVS back in 2010. We were late switchers but then we’re conservative in several regards.

    When we switched to git we also switched to github for the hosting, after having been self-hosted for many years before that. By using github we got a lot of services, goodies and reliable hosting at no cost. We’ve been enjoying that ever since.

    cURLHowever, as we have been a traditional mailing list driving project for a long time, I have previously not properly embraced and appreciated pull requests and issues filed at github since they don’t really follow the old model very good.

    Just very recently I decided to stop fighting those methods and instead go with them. A quick poll among my fellow team mates showed no strong opposition and we are now instead going full force ahead in a more github embracing style. I hope that this will lower the barrier and remove friction for newcomers and allow more people to contribute easier.

    As an effect of this, I would also like to encourage each and everyone who is interested in this project as a user of libcurl or as a contributor to and hacker of libcurl, to skip over to the curl github home and press the ‘watch’ button to get notified and future requests and issues that appear.

    We also offer this helpful guide on how to contribute to the curl project!

    Planet MozillaWAP Telemetry in Firefox Mobile browsers, Part 1

    Telemetry in Firefox is how we measure stuff in the browser—anything from how fast GIFS are decoded, to how many people opened the Dev Tools animation inspector. You can check out the collection of gathered results at or see what your browser is sending (or disable it, if that's your thing) in about:telemetry.

    One question the Web Compat team at Mozilla is interested in is whether Firefox for Android and Firefox OS users are being sent more than their fair share of WAP content (typically WML or XHTMLMP sites).

    (Personally, I missed out on WAP because I was too afraid to open the browser on my Nokia and have to pay for data in the early 2000s. (Also I didn't live in Japan.))

    Here's the kind of amazing content that Firefox Mobile users are served and are unable to see:

    image I stole (without permission) from

    Since Gecko doesn't know how to decode WAP, the browser calls it a day and treats it as application/octet-stream which results in a prompt for the user to download a page. Check out the dependencies of these bugs for some more of the gritty details.

    As to why we're sent WAP stuff in the first place, this is likely due to old UA detection libraries that don't recognize the User Agent header. The logical assumption therefore is that this unknown browser is some kind of ancient proto-HTML capable graphing calculator. Naturally you would want to serve that kind of user agent WAP, rather than a Plain-Old HTTP Site (POHS).

    So this seems like a pretty good opportunity to use Telemetry to measure how common happens. If it's happening all the time, we can push for some form of actual support in Gecko itself. But if it's exceedingly rare we can all move on with our lives, etc.

    To measure this we landed a histogram named HTTP_WAP_CONTENT_TYPE_RECEIVED. I made a not-very-useful and mostly buggy visualization of the data we've gathered so far (from Nightly 39 users) using the Telemetry.js API here: This updates every night and will need a few months of measuring before we can make any real decisions so I won't bother publishing any results just yet.

    I will note that these patches haven't been taken up yet by Mozilla China's version of Firefox for Android which is one region we suspect receives more WAP than the West.

    OK, so that's Part 1 of this exciting 2 part WAP Telemetry series. In Part 2 (which might get actually written tomorrow depending on a number of factors all of which are probably just laziness) I'll write out the more mundane technical details of landing a Telemetry patch in Gecko.

    Planet Mozillahappy bmo push day!

    the following changes have been pushed to

    • [1134392] Need edits to Recruiting Component
    • [1136222] Adding “Rank” to Product:Core Component: webRTC, webRTC: Audio/Video, webRTC: Signaling, webRTC: Networking
    • [1136687] form.reps.mentorship calls an invalid method (Can’t locate object method “realname” via package “Bugzilla::User”)
    • [1108823] removing the privacy review bug
    • [1136979] Minor Brand Initiation Form Updates
    • [880552] Add links to socorro from the crash signatures in show_bug.cgi

    discuss these changes on

    Filed under: bmo, mozilla

    Planet MozillaCall for MathML March Meeting

    Call for MathML March Meeting

    Last month we didn’t have our MathML month meeting but this month it will happen. Please reserve March 11th at 8pm UTC (check the time at your location here) and add topics in the PAD.

    Leia mais...

    Planet MozillaFirefox Media Source Extensions Update

    This is an update on some recent work on the Media Source Extensions API in Firefox. There has been a lot of work done on MSE and the underlying media framework by Gecko developers and this update just covers some of the telemetry and exposed debug data that I’ve been involved with implementing.


    Mozilla has a telemetry system to get data on how Firefox behaves in the real world. We’ve added some MSE video stats to telemetry to help identify usage patterns and possible issues.

    Bug 1119947 added information on what state an MSE video is in when the video is unloaded. The intent of this is to find out if users are exiting videos due to slow buffering or seeking. The data is available on under the VIDEO_MSE_UNLOAD_STATE category. This has five states:

    0 = ended, 1 = paused, 2 = stalled, 3 = seeking, 4 = other

    The data provides a count of the number of times a video was unloaded for each state. If a large number of users were exiting during the stalled state then we might have an issue with videos stalling too often. Looking at current stats on beta 37 we see about 3% unloading on stall with 14% on ended and 57% on other. The ‘other’ represents unloading during normal playback.

    Bug 1127646 will add additional data to get:

    • Join Latency - time between video load and video playback for autoplay videos
    • Mean Time Between Rebuffering - play time between rebuffering hiccups

    This will be useful for determining performance of MSE for sites like YouTube. The bug is going through the review/comment stage and when landed the data will be viewable at

    about:media plugin

    While developing the Media Source Extensions support in Firefox we found it useful to have a page displaying internal debug data about active MSE videos.

    In particular it was good to be able to get a view of what buffered data the MSE JavaSript API had and what our internal Media Source C++ code stored. This helped track down issues involving switching buffers, memory size of resources and other similar things.

    The internal data is displayed in an about:media page. Originally the page was hard coded in the browser but :gavin suggested moving it to an addon. The addon is now located at That repository includes the aboutmedia.xpi which can be installed directly in Firefox. Once installed you can go to about:media to view data on any MSE videos.

    To test this, visit a video that has MSE support in a nightly build with the about:config preferences media.mediasource.enabled and media.mediasource.mp4.enabled set to true. Let the video play for a short time then visit about:media in another tab. You should see something like:
        currentTime: 101.40625
        SourceBuffer 0
          start=0 end=14.93043
        SourceBuffer 1
          start=0 end=15
        Internal Data:
          Dumping data for reader 7f9d85ef1800:
            Dumping Audio Track Decoders: - mLastAudioTime: 7.732243
              Reader 1: 7f9d75cba800 ranges=[(10.007800, 14.930430)] active=false size=79880
              Reader 0: 7f9d85e88000 ranges=[(0.000000, 10.007800)] active=false size=160246
            Dumping Video Track Decoders - mLastVideoTime: 7.000000
              Reader 1: 7f9d75cbd800 ranges=[(10.000000, 15.000000)] active=false size=184613
              Reader 0: 7f9d85985000 ranges=[(0.000000, 10.000000)] active=false size=1281914

    The first portion of the displayed data shows the JS API video of the data buffered:

    currentTime: 101.40625
      SourceBuffer 0
        start=0 end=14.93043
      SourceBuffer 1
        start=0 end=15

    This shows two SourceBuffer objects. One containing data from 0-14.9 seconds and the other 0-15 seconds. One of these will be video data and the other audio. The currentTime attribute of the video is 101.4 seconds. Since there is no buffered data for this range the video is likely buffering. I captured this data just after seeking while it was waiting for data from the seeked point.

    The second portion of the displayed data shows information on the C++ objects implementing media source:

    Dumping data for reader 7f9d85ef1800:
      Dumping Audio Track Decoders: - mLastAudioTime: 7.732243
        Reader 1: 7f9d75cba800 ranges=[(10.007800, 14.930430)] active=false size=79880
        Reader 0: 7f9d85e88000 ranges=[(0.000000, 10.007800)] active=false size=160246
      Dumping Video Track Decoders - mLastVideoTime: 7.000000
        Reader 1: 7f9d75cbd800 ranges=[(10.000000, 15.000000)] active=false size=184613
        Reader 0: 7f9d85985000 ranges=[(0.000000, 10.000000)] active=false size=1281914

    A reader is an instance of the MediaSourceReader C++ class. That reader holds two SourceBufferDecoder C++ instances. One for audio and the other for video. Looking at the video decoder it has two readers associated with it. These readers are instances of a derived class of MediaDecoderReader which are tasked with the job of reading frames from a particular video format (WebM, MP4, etc).

    The two readers each have buffered data ranging from 0-10 seconds and 10-15 seconds. Neither are ‘active’. This means they are not currently the video stream used for playback. This will be because we just started a seek. You can view how buffer switching works by watching which of these become active as the video plays. The size is the amount of data in bytes that the reader is holding in memory. mLastVideoTime is the presentation time of the last processed video frame.

    MSE videos will have data evicted as they are played. This size threshold for eviction defaults to 75MB and can be changed with the media.mediasource.eviction_threshold variable in about:config. When data is appended via the appendBuffer method on a SourceBuffer an eviction routine is run. If data greater than the threshold is held then we start removing portions of data held in the readers. This will be noticed in about:media by the start and end ranges being trimmed or readers being removed entirely.

    This internal data is most useful for Firefox media developers. If you encounter stalls playing videos or unusual buffer switching behaviour then copy/pasting the data from about:media in a bug report can help with tracking the problem down. If you are developing an MSE player then the information may also be useful to find out why the Firefox implementation may not be behaving how you expect.

    The source of the addon is on github and relies on a chrome only debug method, mozDebugReaderData on MediaSource. Patches to improve the data and functionality are welcome.


    Media Source Extensions is still in progress in Firefox and can be tested on Nightly, Aurora and Beta builds. The current plan is to enable support limited to YouTube only in Firefox 37 on Windows and Mac OS X for MP4 videos. Other platforms, video formats and wider site usage will be enabled in future versions as the implementation improves.

    To track work on the API you can follow the MSE bug in Bugzilla.

    Planet MozillaInfographic: Contribution & Fundraising in 2014

    2013 was an amazing year. Which is why I’m especially proud of what we accomplished in 2014.

    We doubled our small dollar performance. We tripled our donor base. We met our target of 10,000 volunteer contributors. And we matched our exceptional grant performance.

    We also launched our first, large-scale advocacy campaign, playing a key role in the Net Neutrality victory.

    But best of all is that close to 100 Mozillians share the credit for pulling this off.

    Here’s to 2015 and to Mozilla continuing to find its voice and identity as a dynamic non-profit.

    A big thank you to everyone who volunteered, gave, and made it happen.



    Filed under: Mozilla

    Planet MozillaMarch Application Curation Board Task

    Have you visited Marketplace lately to app nominations in the spotlight? We just refreshed the ever-present “Mozillia Communites” apps collection. And a lot of apps populate the recent “Cats” and “Outer Space Collections” collections, this time we are move move and move to prepare next month featured application on Firefox Marketplace.

    Dev.OperaThe State of Web Type

    Typography has a long and rich history, but much has been lost in the transition to the web. While browser support for typography has advanced a lot in the last couple years, we still have a long way to go. Features print designers take for granted are either nonexistent on the web or have insufficient browser support in order to be useful. Challenges unique to web browsers such as responsive design and web font loading could use some improvement as well. Let’s take a look at some of the features we need for an optimal and beautiful reading experience.

    OpenType Features

    Typeface designers often put extra features in a font that can be used to customise text rendering. These are called OpenType features and include character spacing, alignment, ligatures, alternative characters, and so on. There are in fact more than 140 registered OpenType features. Many of these features are optional, but some are actually required to properly render text (e.g. kerning and required ligatures). OpenType features are reasonably well supported by modern web browsers, but still come with a lot of caveats that make them hard to use.

    <figure class="figure"> <figcaption class="figure__caption">From left to right: contextual alternates set in Caflisch Script Pro, ligatures set in Warnock Pro, and small caps set in Chaparral Pro.</figcaption> </figure>

    An important caveat is that not all fonts include all 140+ OpenType features. Most fonts only contain a small subset of features, such as kerning and ligatures. Others may include discretionary features, such as swashes and alternate characters. With the proliferation of web font and subsetting services we can’t always rely on information about OpenType features and character support provided by typeface designers. We need better tools to look inside our font files to see which features and characters are supported and which are not.

    If a font includes the features you wish to use, you still need to check if your target browsers support OpenType features. While most modern browsers support either the low-level font-feature-settings syntax or the high level font-variant-* syntax, there are still several browsers in common use that don’t support either syntax. Notable examples are Internet Explorer versions 6 to 9 and all versions of Android WebKit until 4.4. Luckily, the fallback behaviour for most OpenType features is graceful: text is still readable without them.

    Feature IE10 IE11 Chrome Firefox Safari Opera
    font-feature-settings Yes Yes Yes Yes No Yes
    Ligatures (liga) Yes Yes Yes Yes Yes Yes
    Swashes (swsh) Yes Yes Yes Yes No Yes
    Old style numerals (onum) Yes Yes Yes Yes No Yes
    Contextual alternates (calt) Yes Yes Yes Yes Yes Yes
    Small caps (smcp) Yes Yes Yes Yes No Yes

    The above table summarizes browser support for the font-feature-settings property and a select number of OpenType features. You can find more browser support data for common OpenType features on the State of Web Type.

    Unfortunately, even if a browser supports the OpenType feature syntax it is not always guaranteed that it will support all individual features. A good (or rather bad) example of this is Safari which technically supports the font-feature-settings syntax, but ignores any value. Instead it explicitly enables a select number of features which you have no way of turning off.

    Justification & Hyphenation

    Many web developers think of justification as a solved problem (or worse, one to avoid). Set text-align to justify and you’re done, right? Not quite. The algorithm used in all web browsers is actually a very ineffective justification implementation. Tools like TeX and InDesign use a more sophisticated line breaking algorithm that optimises break points over an entire paragraph, whereas browsers only look at a single line. This leads to suboptimal justification and large spaces between words.

    <figure class="figure"> <figcaption class="figure__caption">Left: a justified paragraph, middle: extraneous word spaces are highlighted, right: word spacing and justification is improved by enabling hyphenation.</figcaption> </figure>

    Browsers could implement the same line breaking algorithm as used in TeX, but have decided not to for performance reasons. This is an odd reason — TeX was developed and runs on computers much less powerful than those commonly used in mobile phones. Another way to improve poor line breaking is by hyphenating words. This introduces more potential line break points and reduces the chance of awkward line breaks. A common misunderstanding is that hyphenation is only useful for justified text. This is not true. Hyphenation is also a useful tool to control the raggedness of center, left, and right aligned text. The CSS hyphens property can be used to control hyphenation. Setting it to auto will enable hyphenation (provided the document or element specifies a language using the lang attribute), while setting it to none disables hyphenation.

    IE8 IE9 IE10 IE11 Chrome Firefox Safari Opera
    No No Yes Yes No Yes Yes No

    The hyphens property is supported by almost all modern browsers except those based on the Blink rendering engine. Chrome and Opera previously supported the hyphens syntax but neither browser shipped with hyphenation dictionaries. In a surprising move they recently dropped support for the hyphens syntax completely. The Blink developers decided to remove the hyphens property because it was never fully implemented and broke feature detection. While such regressions are not common, they are worrisome. A feature required for correct text layout should be supported everywhere. So, for now, you’ll need to rely on either server-side hyphenation or one of the two client-side hyphenation libraries: Hypher and Hyphenator.

    Font Loading

    Web font usage has increased significantly in the past couple years. This is great news. However, it also means that web fonts have become a critical part of web sites and, by extension, a performance bottleneck. You may have experienced the dreaded Flash Of Invisible Text (FOIT) while visiting a website on a slow network connection. The decision by some browsers to block rendering of text until web fonts have downloaded is opposite to the tenets of progressive enhancement. Content should come first and web fonts are an enhancement. After all, you can still read the text, even though it might not render in the intended font (well, unless your browser hides text while it is downloading fonts — better pray it uses a timeout).

    Not all browsers hide text while downloading web fonts. For example Internet Explorer always renders text in a fallback font while it is downloading fonts. This has been dubbed the Flash Of Unstyled Text (FOUT). This misnomer. FOUT is a feature and a condition everyone should anticipate and design for. Selecting and testing fallback fonts is an important task while designing and building a site.

      IE9 IE10 IE11 Chrome Firefox Safari Opera
    timeout n/a n/a n/a 3 sec. 3 sec. 3 sec.

    The above table shows the usage of the FOUT and FOIT across browsers. Note that Safari (and older Android WebKit versions) do not have a timeout. On these browsers, text won’t render until fonts have completely loaded.

    Browser vendors are working on a proposal for a new CSS property to control font loading and rendering. It is meant to give developers more control over the blocking and swapping behaviour of web fonts. The proposed font-rendering property accepts three parameters:

    • block: block rendering of the text while fonts are downloading with an optional timeout;
    • swap: use a fallback font and render the font when it becomes available with an optional timeout;
    • optional: use the font if it is cached and otherwise use the fallback font. Do not re-render the page, even if the web font becomes available at a later time.

    These parameters can also be used to develop custom font loading schemes. For example, for an important and fast loading font we can block text rendering for 1s. If the font doesn’t load within that time we can allow up to 10 seconds where it is acceptable to re-render the page.

    font-rendering: block 1s swap 10s;

    Browsers should standardize the default font loading behaviour once the font-rendering property is implemented. Ideally the default value should be block 0s swap infinite as used by Internet Explorer (i.e. the Flash of Unstyled Text). Blocking text rendering while loading fonts should be opt-in and not a default. Browser should treat web fonts as progressive enhancement by default and make content available as soon as possible. Opting out of that behaviour is the responsibility of a web developer and not the browser.

    Until the font-rendering property is implemented we can use the CSS Font Loading API to implement the same behaviour in JavaScript. The Font Loading API is supported by Chrome, Opera, and soon Firefox. There is also a Font Loading API polyfill for browsers that do not support it natively.

    Looking to the Future

    This is just the tip of the iceberg. To compete with and surpass the typographic quality of print publications we need support for drop caps, colour fonts, advanced layout (akin to shapes, exclusions and regions), sizing text to fit a container, widows and orphans, balanced text, math typesetting (though MathML is now an officially recommended standard, Chromium and Internet Explorer have no plans to support it), and so on. Clearly, we need to do better and push browser vendors for these features if we want to improve the web’s reading experience. You can help out by participating in the W3C mailing lists, building demos, implementing polyfills and drafting specifications for features you want to see. Don’t worry about getting it right the first time. Sometimes the best thing to come out of a specification is a new and better specification.

    <figure class="figure"> </figure>

    Another way to contribute is to draw attention to partially implemented specifications and bugs by keeping track of what works and what doesn’t. That’s why I recently launched a new project called the State of Web Type. Its goal is to contain up to date browser support data for all type and typography features on the web. The project is open source and contributions and corrections are more than welcome. Let’s work together to make the web a better platform for publishing and reading!

    Planet MozillaWebmaker Exploratory

    Two years ago I proposed a Webmaker Club at my daughter’s school, and it was turned down in an email:

     Because it involves students putting (possibly) personal info/images on-line we are not able to do the club at this time.  They did say that they may have to reconsider in the future because more and more of life is happening on-line.

    One year later, and because our principle is amazing, and sponsored it – I had a  ‘lunch time’ Webmaker Club at my daughter’s elementary school (grades 4 & 5) .  It was great fun, I learned a lot as always thanks to  challenges : handling the diversity of attendance, interests and limited time.   I never get tired of helping kids ‘make the thing they are imagining’.

    This year, I was excited to be invited to lead a Webmaker ‘Exploratory’ in our town’s middle school (grades 6-8).   Exciting on so many levels, but two primarily

    1) Teachers and schools are recognizing the need for web literacy (and its absence), and that it should be offered as part of primary education.

    2) Schools are putting faith in community partnerships to teach.  At least this is what it feels like to me – pairing a technically-strong teacher, with a community expert in coding/web (whatever) is a winning situation.

    My exploratory ran for 7 weeks – we started with 28 kids, and lost a few to other exploratories as they realized that HTML (for example) wasn’t something they wanted to learn.  Of those 28 kids, only 3 were girls, which made me sad. I really have to figure out better messaging.   We covered the basics of HTML, CSS and then JavaScript and slowly built a Memory Card game.  Each week I started the class off with a Thimble Template representing a stage in the ‘building’.

    Week3, Week4, Week5, Week6, Week7

    I wrote specific instructions for each week that we tracked on a wiki, we used Creative Commons Image Search and talked about our digital footprint.

    What worked

    Having an ‘example make’ of the milestone  for this class where each week kids could see, in advance what they were making.

    Having a ‘starting template‘ for the lesson helped those kids who missed a class, catch up quickly.

    Being flexible about that template, meant those kids who preferred to work on their own single ‘make’ could still challenge themselves a bit more.

    Baked-In Web Literacy  CC image search brought up conversations about ownership, sharing on the web and using a Wiki led to discussion about how Wikimedia editing and editors build content; about participating in open communities.

    Sending my teacher-helper the curriculum a few days before, so she could prepare as a mentor.

    Having some ‘other activities’ in my back pocket for kids who got bored, or finished early.  These were just things like check out this ‘hour of code tutorial’.

    What didn’t work

    We were sharing a space with the ‘year book’ team, who also used the internet, and sometimes  our internet was moving slower than a West Coast Banana Slug.  In our class ‘X Ray Goggles’ challenge, kids sat for long periods of time before being able to do much.   Some also had challenges saving/publishing their X Ray Goggles Make.

    Week 2, To get around slow internet –  I brought everyone USB sticks and taught them to work locally – this also was a bit of a fail, as I realized many in the group didn’t know simple terms like ‘directory and folder’.  I made a wrong assumption they had this basic knowledge.  Also I should have collected USB sticks after class, because most lost or damaged in the care of students.  We went back to slow internet – although, it was never as bad as that first day.

    Having only myself and one teacher with that many kids meant we were running between kids.  Also slightly unfair to the teacher who was learning along with the group. It also sometimes meant kids waited too long for help.

    Not all kids liked the game we were making


    So overall I think it went well, we had some wonderful kids, I was proud of all of them.  The final outcome/learning, the sponsoring teacher, and I realized was that many of the lessons (coding, wikipedia, CC) could easily fit into any class project –  rather than having Webmaking as it’s ‘own class’.

    So in future, that may be the next way I participate: as someone who comes into say – a social studies class, or history class and helps students put together a project on the web. Perhaps that’s how community can offer their help to teachers in schools, as a way to limit large commitments like running an entire program, but to have longer-lasting and embedding impact in schools.

    For the remainder of the year, and next –  my goal seems to be as a ‘Webmaker Plugin’ , helping integrate web literacy into existing class projects :)





    Planet MozillaAn update on my mentoring program

    Today is the start of the third week of the mentoring program.

    Since the start of the program, four bugs have been marked fixed:

    1. Bug 951695 – Consider renaming “Character Encoding” to “Text Encoding”
    2. Bug 782623 – Name field in Meta tags often empty
    3. Bug 1124271 – Clicking the reader mode button in an app tab opens reader mode in a new tab
    4. Bug 1113761 – Devtools rounds sizes up way too aggressively (and not reflecting actual layout). e.g. rounding 100.01px up to 101px

    Also, the following bugs are in progress and look like they should be ready for review soon:

    1. Bug 1054276 – In the “media” view, the “save as” button saves images with the wrong extension
    2. Bug 732688 – No Help button in the Page Info window

    The bugs currently being worked on are:

    1. Bug 1136526 – Move silhouetted versions of Firefox logo into browser/branding
    2. Bug 736572 – pageinfo columns should have arrows showing which column is sorted and sort direction
    3. Bug 418517 – Add “Select All” button to Page Info “Media” tab
    4. Bug 967319 – Show a nodesList result with natural order

    I was hoping to have 8-9 bugs fixed by this time, but I’m happy with four bugs fixed and two bugs being pretty close. Bug 967319 in the “being worked on” section is also close, but still needs work with tests before it can be ready for review.

    Tagged: firefox, mentoring, mozilla, planet-mozilla

    Planet MozillaMozilla Weekly Project Meeting

    Mozilla Weekly Project Meeting The Monday Project Meeting

    Planet MozillaImproving Recognition

    I’ve been hearing lately that Mozilla QA’s recognition story kind of sucks with some people going completely unrecognized for their efforts. Frankly, this is embarrassing!

    Some groups have had mild success attempting to rectify this problem but not all groups share in this success. Some of us are still struggling to retain contributors due to lack of recognition; a problem which becomes harder to solve as QA becomes more decentralized.

    As much as it pains me to admit it, the Testdays program is one of these areas. I’ve blogged, emailed, and tweeted about this but despite my complaining, things really haven’t improved. It’s time for me to take some meaningful action.

    We need to get a better understanding of our recognition story if we’re ever to improve it. We need to understand what we’re doing well (or not) and what people value so that we can try to bridge the gaps. I have some general ideas but I’d like to get feedback from as many voices as possible and not move forward based on personal assumptions.

    I want to hear from you. Whether you currently contribute or have in the past. Whether you’ve written code, ran some tests, filed some bugs, or if you’re still learning. I want to hear from everyone.

    Look, I’m here admitting we can do better but I can’t do that without your help. So please, help me.



    Internet Explorer blogMaking it easier for Enterprise customers to upgrade to Internet Explorer 11 — and Windows 10

    As we shared last year, a top priority for Microsoft is helping our Enterprise customers stay up-to-date with the latest version of Internet Explorer. This is particularly important for Windows 7 customers who are upgrading to Internet Explorer 11 by January 12, 2016 to continue receiving security updates and technical support. We understand many customers have Web apps and services that were designed specifically for older versions of Internet Explorer and we provide a set of tools, like Enterprise Mode, the Enterprise Mode Site List, and Enterprise Site Discovery, to help you run these applications in Internet Explorer 11 — and ease the upgrade to Windows 10.

    Enterprise Mode helps customers extend their investments in older Web apps through higher compatibility with the IE8 rendering engine in a more modern browser like Internet Explorer 11. In the ten months since we released Enterprise Mode, we’ve heard from our customers that it is very effective at improving legacy app compatibility and that the upgrade to Internet Explorer 11 was easier than ever before. To help us tell this story, Microsoft commissioned Forrester Consulting to interview and survey large customers in the US, UK, Germany, and Japan who have started their IE11 upgrades. Customers found that:

    • Upgrading from IE8 to IE11 was 1.8 times faster than expected, thanks to Enterprise Mode.
    • The effort to rewrite applications to modern browser standards was reduced by 75%.
    • Ongoing browser support and critical applications testing were significantly reduced.
    • Many business users saw improved productivity from using a single browser.

    Organizations save money, reduce risk, and experience higher productivity by upgrading to IE11. Best of all, upgrading to Internet Explorer 11 now can help ease your migration to Windows 10. Download The Total Economic Impact of Microsoft Internet Explorer 11.

    Better Backward Compatibility with the Enterprise Mode Site List

    Enterprise Mode can be very effective in providing backward compatibility for older Web apps. In January, for example, Microsoft held an Enterprise Customer Summit with about 100 large customers, and we found that every broken site brought by a customer to our IE App Compatibility Workshop was fixed by using Enterprise Mode. Depending on your environment, you may not need to use Enterprise Mode for better emulation of the IE8 engine, but may still benefit from using the Enterprise Mode Site List and its new <docMode> functionality.

    In November, we expanded the functionality of the Enterprise Mode Site List to include the ability to put any Web app in any document mode, without changing a single line of code on the Web site. This new functionality adds a <docMode> section to the Enterprise Mode XML file, separate from the <emie> section for Enterprise Mode sites. Using this new functionality, Microsoft’s own IT department saw our internal line of business application pass rate go from 93% to 100% with 24 document mode entries in our Enterprise Mode Site List and only a single Enterprise Mode entry.

    Web paths added to the Enterprise Mode Site List can now be rendered either in Enterprise Mode—which provides higher-fidelity emulation for IE8—or any of the document modes listed below:

    Enterprise Mode Site List diagram

    Enterprise Mode (in green above), with its higher-fidelity emulation for IE8, was added to Internet Explorer 11 in April, 2014. The blue capabilities were added to the Enterprise Mode Site List in November, 2014, and can particularly help IE9 or IE10 customers upgrade more easily. Enterprise Mode can be further improved by using it in combination with Compatibility View, a mode added in IE8 for better compatibility for sites designed for IE7, as indicated in orange.

    Compatibility View is basically a switch: If a web page has no DOCTYPE, the page will be rendered in IE5 mode. If there is a DOCTYPE, the page will be rendered in IE7 mode. You can effectively get Compatibility View by specifying IE7 in the <docMode> section—as this falls back to IE5 automatically if there’s no DOCTYPE—or you can use Enterprise Mode with Compatibility View for even better emulation. See below for details.

    Speaking with customers, we found that IT Pros aren’t always the ones doing the app remediation work. Much of this work is often done by IT Developers, who don’t always understand all of the IE backward compatibility offerings. In this post, we want to provide a clearer set of mitigations for IT Pros and IT Developers to help make your upgrade as easy as possible.

    Call to action for IT Pros

    We know that upgrading to a new browser can be a time-consuming and potentially costly venture. To help reduce these costs, we introduced the Enterprise Site Discovery toolkit to help you prioritize which sites you should be testing based on their usage in your enterprise. For example, if the data shows that no one is visiting a particular legacy Web app anymore, you may not need to test or fix it. This tool also gives you information on what document mode the page runs in your current browser, so you can better understand how to fix that site if it breaks in a newer version of the browser. This tool is currently only supported in IE11, but we are bringing Enterprise Site Discovery support to IE8, IE9, and IE10 very soon.

    Once you know which sites to test and fix, the following remediation methods may help fix your app compatibility issues in IE11 and Windows 10.

    If you're on IE8 and upgrading to IE11…

    • Use the Enterprise Mode Site List to add sites to IE5, IE7, and IE8 modes.
    • Sites with x-ua-compatible meta tag or HTTP header set to “IE=edge” may break in IE11 and need to be set to IE8 mode. This is because Edge in IE8 meant IE8 mode, but Edge in IE11 means IE11 mode.
    • Sites without a DOCTYPE in zones other than Intranet will default to QME (or “interoperable quirks) rather than IE5 Quirks and may need to be set to IE5 mode.
    • If you have enabled Turn on Internet Explorer Standards Mode for local intranet group policy setting, sites with a DOCTYPE in the Intranet zone will open in IE11 mode instead of IE7 mode, and may need to be set to IE7 mode. Sites without a DOCTYPE will open in QME and may need to be set to IE5 mode.
    • Some IE5, IE7, and IE8 sites may need to be added to Enterprise Mode to work.
    • Some sites may need to be added to both Enterprise Mode and Compatibility View to work. You can do this by adding the site both to the Enterprise Mode section of the Enterprise Mode Site List and to the Use Policy List of Internet Explorer 7 sites group policy.

    If you’re on IE9 and upgrading to IE11…

    • Use the Enterprise Mode Site List to add sites to IE5, IE7, and IE9 modes.
    • Sites with x-ua-compatible meta tag or HTTP header set to “IE=edge” may break in IE11 and need to be set to IE9 mode. This is because Edge in IE9 meant IE9 mode, but Edge in IE11 means IE11 mode.
    • Sites without a DOCTYPE in zones other than Intranet will default to QME rather than IE5 Quirks and may need to be set to IE5 mode.
    • If you have enabled Turn on Internet Explorer Standards Mode for local intranet group policy setting, sites with a DOCTYPE in the Intranet zone will open in IE11 mode instead of IE7 mode, and may need to be set to IE7 mode. Sites without a DOCTYPE will open in QME and may need to be set to IE5 mode.
    • If your sites worked in IE9, you won’t need Enterprise Mode but can still take advantage of the newer <docMode> section of the Enterprise Mode Site List.

    If you’re on IE10 and upgrading to IE11…

    • Use Enterprise Mode Site List to add sites to IE5, IE7, and IE10 modes.
    • Sites with x-ua-compatible meta tag or HTTP header set to “IE=edge” may break in IE11 and need to be set to IE10 mode. This is because Edge in IE10 meant IE10 mode, but Edge in IE11 means IE11 mode.
    • If you have enabled Turn on Internet Explorer Standards Mode for local intranet group policy setting, sites with a DOCTYPE in the Intranet zone will open in IE11 mode instead of IE7 mode, and may need to be set to IE7 mode. Sites without a DOCTYPE will open in QME and may need to be set to IE5 mode.
    • If your sites worked in IE10, you won’t need Enterprise Mode but can still take advantage of the newer <docMode> section of the Enterprise Mode Site List.

    If you’re on IE11 and upgrading to Windows 10…

    • Use Enterprise Mode Site List to add sites to IE5, IE7, IE8, IE9, IE10, and IE11 modes as needed.
    • The x-ua-compatible meta tag and HTTP header will be ignored for all sites not in the Intranet zone. If you enable Turn on Internet Explorer Standards Mode for local intranet group policy, all sites, including those in the Intranet zone, will ignore x-ua-compatible. Look at your Enterprise Site Discovery data to see which modes your sites loaded in IE11 and add those sites to the same modes using the Enterprise Mode Site List tool.

    We recommend that Enterprise customers focus their new development on established, modern Web standards for better performance and interoperability across devices, and avoid developing sites in older IE document modes. We often hear that due to the Intranet zone defaults to Compatibility View, IT Developers inadvertently create new sites in IE7 or IE5 modes in the Intranet zone, depending on whether they used a DOCTYPE. As you move your Web apps to modern standards, you can enable the Turn on Internet Explorer Standards Mode for local intranet group policy and add sites that need IE5 or IE7 modes to the Site List. Of course, testing is always a good idea to ensure these settings work for your environment.

    Call to action for IT Developers

    An IT Pro may ask you to update your site if it worked in an older IE version but no longer works in IE11. Here are the set of steps you should follow to find the right remediation:

    Try Document Modes

    Try to see if the site works in one of the following document modes: IE5, IE7, IE8, IE9, IE10, or IE11.

    • Open the site in IE11, load the F12 tools by pressing the ‘F12’ key or selecting ‘F12 Developer Tools’ from the ‘Tools’ menu, and select the ‘Emulation’ Tab.

    'Emulation' tab in the IE11 F12 Developer tools

    • Try running the site in each document mode until you find one in which it works. You will need to make sure the user agent string dropdown matches the same browser version as the document mode dropdown. For example, if you were testing if the site works in IE10, you should update the document mode dropdown to “10” and the user agent string drop down to “Internet Explorer 10.”
    • If you find a mode where your site works, inform your IT Pro to add the site domain, sub-domain, or URL to the Enterprise Mode Site List in the document mode where the site works. While you can add the x-ua-compatible meta tag or HTTP header, this approach will only work in Windows 10 for sites in the Intranet zone when the Turn on Internet Explorer Standards Mode for local intranet group policy is not enabled.

    Try Enterprise Mode

    If a document mode didn’t fix your site, try Enterprise Mode. Enterprise Mode only benefits sites written for IE5, IE7, and IE8 document modes.

    • Enable the Let users turn on and use Enterprise Mode from the Tools menu group policy setting locally on your machine. You can do this by searching and running gpedit.msc, going to ‘Computer Configuration’ ‘Administrative Template’ ‘Windows Components’ ‘Internet Explorer’, and enabling the Let users turn on and use Enterprise Mode from the Tools menu group policy setting. After making this change, run gpupdate.exe /force to make sure the setting is applied locally. Make sure to disable this setting once you’re done testing. Alternately, you can use a regkey; see Turn on Enterprise Mode and use a site list for more information.
    • Restart IE11 and open the site you’re testing, then go to Emulation Tab in F12 tools and select “Enterprise” from the Browser profile dropdown. If the site works, inform your IT Pro that the site needs to be added to the Enterprise Mode section.

    Try Compatibility View with Enterprise Mode

    If Enterprise Mode doesn’t work, setting Compatibility View with Enterprise Mode will give you the Compatibility View behavior that shipped with IE8.

    • While browsing in Enterprise Mode, go to the ‘Tools’ menu and select Compatibility View Settings, and add the site to the list.
    • If this works, inform your IT Pro to add the site to both the Enterprise Mode section and the Use Policy List of Internet Explorer 7 sites group policy setting. Please note that adding the same Web path to the Enterprise Mode and docMode sections of the Enterprise Mode Site List will not work, but we are addressing this in a future update.

    Update site for modern Web standards

    If you have the time and budget, you should update your site for established, modern Web standards, so you don’t need to use compatibility offerings to make your site continue to work.

    More Resources

    For more information on all of these tools, please see the following resources:

    As always, we suggest that consumers upgrade to the latest version and enable automatic updates for more secure browsing. If you use an older version of Internet Explorer at work, encourage your IT department to learn more the new backward-compatible features of Internet Explorer 11. Like many of our other customers, you may find that upgrading to the latest version of Internet Explorer is easier and less costly than previous upgrades. Best of all, the upgrade to Internet Explorer 11 can help ease your migration to Windows 10.

    – Jatinder Mann, Senior Program Manager Lead
    – Fred Pullen, Senior Product Marketing Manager

    Planet MozillaAdobe Edge Reflow anyone?

    Edge ReflowI received this morning a message from the Adobe Edge Reflow prerelease forum that triggered my interest. I must admit I did not really follow what happened there during the last twelve months for many various reasons... But this morning, it was different. In short, the author had questions about the fate of Edge Reflow, in particular because of the deep silence of that forum...

    Adobe announced Edge Reflow in Q3 2012 I think. It followed the announcement of Edge Code a while ago. Reflow was aimed at visual responsive design in a new, cool, interactive desktop application with mobile and photoshop links. The first public preview was announced in February 2013 and a small community of testers and contributors gathered around the Adobe prerelease fora. Between January 2013 and now, roughly 1300 messages were sent there.

    Reflow is a html5/JS app turned into a desktop application through the magic of CEF. It has a very cool and powerful UI, superior management of simple Media Queries, excellent management of colors, backgrounds, layers, magnetic grids and more. All in all, a very promising application for Web Authoring.

    But the last available build of Reflow, again through the prerelease web site, is only a 0.57.17154 and it is now 8 months old. After 2 years and a half, Reflow is still not here and there are reasons to worry.

    First, the team (the About dialog lists more than 20 names...) seems to have vanished and almost nothing new has been contributed/posted to Reflow in the last six to eight months.

    Second, the application still suffers from things I identified as rather severe issues early on: the whole box model of the application is based on CSS floats and is then not in line with what modern web designers are looking for. Eh, it's not even using absolute positioning... It also means it's going to be rather complicated to adapt it to grids and flexbox, not even mentioning Regions...

    Reflow also made the choice to generate Web pages instead of editing Web pages... It means projects are saved in a proprietary format and only exported to html and CSS. It's impossible to take an existing Web page and open it in Reflow to edit it. In a world of Web Design that sees authors use heterogeneous environments, I considered that as a fatal mistake. I know - trust me, I perfectly know - that making html the pivot format of Reflow would have implied some major love and a lot, really a lot of work. But not doing it meant that Edge Reflow had to be at the very beginning of the editorial chain, and that seemed to me an unbearable market restriction.

    Then there was the backwards compatibility issue. Simply put, how does one migrate Dreamweaver templates to Reflow? Short answer, you can't...

    I suspect Edge Reflow is now at least on hold, more probably stopped. More than 2 years and still no 1.0 on such an application that should have seen a 1.0beta after six to eight months is not a good sign anyway. After Edge Code that became Brackets in november 2014, that raises a lot of question on the Edge concept and product line. Edge Animate seems to be still maintained at Adobe (there's our old Netscape friend Kin Blas in the list of credits) but I would not be surprised if the name is changed in the future.

    Too bad. I was, in the beginning, really excited by Edge Reflow. I suspect we won't hear about it again.

    Planet MozillaFirefox Automation report – week 51/52 2014

    In this post you can find an overview about the work happened in the Firefox Automation team during week 51 and 52 of 2014. I’m sorry for this very late post but changes to our team, which I will get to in my next upcoming post, caught me up with lots of more work and didn’t give me the time for writing status reports.


    Henrik started work towards a Mozmill 2.1 release. Therefore he had to upgrade a couple of mozbase packages first to get latest Mozmill code on master working again. Once done the patch for handling parent sections in manifest files finally landed, which was originally written by Andrei Eftimie and was sitting around for a while. That addition allows us to use mozhttpd for serving test data via a local HTTP server. Last but not least another important feature went in, which let us better handle application disconnects. There are still some more bugs to fix before we can actually release version 2.1 of Mozmill.

    Given that we only have the capacity to fix the most important issues for the Mozmill test framework, Henrik started to mass close existing bugs for Mozmill. So only a hand-full of bugs will remain open. If there is something important you want to see fixed, we would encourage you to start working on the appropriate bug.

    For Mozmill CI we got the new Ubuntu 14.10 boxes up and running in our staging environment. Once we can be sure they are stable enough, they will also be enabled in production.

    Individual Updates

    For more granular updates of each individual team member please visit our weekly team etherpad for week 51 and week 52.

    Meeting Details

    If you are interested in further details and discussions you might also want to have a look at the meeting agenda, the video recording, and notes from the Firefox Automation meeting of week 51 and week 52.

    Planet MozillaCISA threatens Internet security and undermines user trust

    Protecting the privacy of users and the information collected about them online is crucial to maintaining and growing a healthy and open Web. Unfortunately, there have been massive threats that weaken our ability to create the Web that we want to see. The most notable and recent example of this is the expansive surveillance practices of the U.S. government that were revealed by Edward Snowden. Even though it has been nearly two years since these revelations began, the U.S. Congress has failed to pass any meaningful surveillance reform, and is about to consider creating new surveillance authorities in the form of the Cybersecurity Information Sharing Act of 2015.

    We opposed the Cyber Intelligence Sharing and Protection Act in 2012 – as did a chorus of privacy advocates, information security professionals, entrepreneurs, and leading academics, with the President ultimately issuing a veto threat. We believe the newest version of CISA is worse in many respects, and that the bill fundamentally undermines Internet security and user trust.

    CISA is promoted as facilitating the sharing of cyber threat information, but:

    • is overbroad in scope, allowing virtually any type information to be shared and to be used, retained, or further shared not just for cybersecurity purposes, but for a wide range of other offences including arson and carjacking;
    • allows information to be shared automatically between civilian and military agencies including the NSA regardless of the intended purpose of sharing, which limits the capacity of civilian agencies to conduct and oversee the exchange of cybersecurity information between the private sector and sector-specific Federal agencies;
    • authorizes dangerous countermeasures that could seriously damage the Internet; and
    • provides blanket immunity from liability with shockingly insufficient privacy safeguards.

    The lack of meaningful provisions requiring companies to strip out personal information before sharing with the government, problematic on its own, is made more egregious by the realtime sharing, data retention, lack of limitations, and sweeping permitted uses envisioned in the bill.

    Unnecessary and harmful sharing of personal information is a very real and avoidable consequence of this bill. Even in those instances where sharing information for cybersecurity purposes is necessary, there is no reason to include users’ personal information. Threat indicators rarely encompass such details. Furthermore, it’s not a difficult or onerous process to strip out personal information before sharing. In the exceptional cases where personal information is relevant to the threat indicator, those details would be so relevant to mitigating the threat at hand that blanket immunity from liability for sharing would not be necessary.

    We believe Congress should focus on reining in the NSA’s sweeping surveillance authority and practices. Concerns around information sharing are at best a small part of the problem that needs to be solved in order to secure the Internet and its users.

    Planet MozillaMore HTTP framing attempts

    Previously, in my exciting series “improving the HTTP framing checks in Firefox” we learned that I landed a patch, got it backed out, struggled to improve the checks and finally landed the fixed version only to eventually get that one backed out as well.

    And now I’ve landed my third version. The amendment I did this time:

    When receiving HTTP content that is content-encoded and compressed I learned that when receiving deflate compression there is basically no good way for us to know if the content gets prematurely cut off. They seem to lack the footer too often for it to make any sense in checking for that. gzip streams however end with a footer so they are easier to reliably detect when they are incomplete. (As was discovered before, the Content-Length: is far too often not updated by the server so it is instead wrongly showing the uncompressed size.)

    This (deflate vs gzip) knowledge is now used by the patch, meaning that deflate compressed downloads can be cut off without the browser noticing…

    Will this version of the fix actually stick? I don’t know. There’s lots of bad voodoo out there in the HTTP world and I’m putting my finger right in the middle of some of it with this change. I’m pretty sure I’ve not written my last blog post on this topic just yet… If it sticks this time, it should show up in Firefox 39.


    Planet MozillaThis Week in Rust 72

    Hello and welcome to another issue of This Week in Rust! Rust is a systems language pursuing the trifecta: safety, concurrency, and speed. This is a weekly summary of its progress and community. Want something mentioned? Send me an email! Want to get involved? We love contributions.

    This Week in Rust is openly developed on GitHub. If you find any errors or omissions in this week's issue, please submit a PR.

    What's cooking on master?

    135 pull requests were merged in the last week, and 1 RFC PR.

    Now you can follow breaking changes as they happen!

    Breaking Changes

    Other Changes

    New Contributors

    • defuz
    • FuGangqiang
    • JP-Ellis
    • lummax
    • Michał Krasnoborski
    • nwin
    • Raphael Nestler
    • Ryan Prichard
    • Scott Olson

    Approved RFCs

    Mysteriously, during the week of February 23 to March 1 there were no RFCs approved to The Rust Language.

    New RFCs

    Quote of the Week

    "I must kindly ask that you please not go around telling people to disregard the rules of our community. Violations of Rule #6 will absolutely not be tolerated."

    kibwen is serious about upholding community standards.

    Notable Links

    Project Updates

    Upcoming Events

    If you are running a Rust event please add it to the calendar to get it mentioned here. Email Erick Tryzelaar or Brian Anderson for access.

    Planet MozillaFirefox OS Proves Flexibility of Web: Ecosystem Expands with More Partners, Device Categories and Regions in 2015

    Orange to bring Firefox OS to 13 new markets in Africa and Middle East; Mozilla, KDDI, LG U+, Telefónica and Verizon collaborate on new category of phones based on Firefox OS

    Barcelona, Spain – Mobile World Congress – March 1st, 2015 – Mozilla, the mission-based organization dedicated to keeping the power of the Web in people’s hands, welcomed new partners and devices to the Firefox OS ecosystem at an event in Barcelona, leading into Mobile World Congress.

    Mozilla President Li Gong summarized the status of Firefox OS, which currently scales across devices ranging from the world’s most affordable smartphone to 4K Ultra HD TVs. “Two years ago Firefox OS was a promise. At MWC 2014, we were able to show that Firefox OS scales across price ranges and form factors. Today, at MWC 2015, we celebrate dozens of successful device launches across continents, adoption of Firefox OS beyond mobile, as well as growing interest and innovation around the only truly open mobile platform. Also, we are proud to report that three major chip vendors contribute to the Firefox OS ecosystem.”

    Firefox OS MWC 2015 News in Detail:

    •    Mozilla, KDDI, LG U+, Telefonica and Verizon Wireless collaborate to create a new category of intuitive and easy to use Firefox OS phones: The companies are collaborating to contribute to the Mozilla community and create a new range of Firefox OS phones for a 2016 launch in various form factors – flips, sliders and slates – that balance the simplicity of a basic phone (calls, texts) with the more advanced features of a smartphone such as fun applications, content, navigation, music players, camera, video, LTE, VoLTE, email and Web browsing. For more details and supporting quotes see

    •    Orange announces bringing Firefox OS to 13 markets as part of a new digital offer: Today, Orange puts the mobile Internet within reach of millions more people, otherwise not previously addressed, with the launch of a new breakthrough digital offer across its significant African and Middle Eastern footprint. The Orange Klif digital offer starts from under US$40 (€35), inclusive of data, voice and text bundle and sets a new benchmark in price that will act as a major catalyst for smartphone and data adoption across the region. The 3G Firefox OS smartphone is exclusive to Orange and will be available from Q2 in 13 of Orange’s markets in the region, including, but not limited to, Egypt, Senegal, Tunisia, Cameroon, Botswana, Madagascar, Mali, The Ivory Coast, Jordan, Niger, Kenya, Mauritius and Vanuatu.
    ALCATEL ONETOUCH collaborates with Orange and announced more details on the new phone today:

    Orange Klif 3G-Volcano-Black-_LO•    ALCATEL ONETOUCH expands mobile internet access with the newest Firefox OS phone, the Orange Klif. The Orange Klif offers connectivity speeds of up to 21 Mbps, is dual SIM, and includes a two-megapixel camera and micro-SD slot. The addition of the highly optimised Firefox OS meanwhile allows for truly seamless Web browsing experiences, creating a powerful Internet-ready package.
    The Orange Klif is the first Firefox OS phone powered by a MediaTek processor.

    •    Mozilla revealed further details about upcoming versions of Firefox OS, among them: Improved performance and support of multi-core processors, enhanced privacy features, additional support for WebRTC, right to left language support and an NFC payments infrastructure.

    Runcible by Monohm•    Earlier this week, KDDI Corporation announced an investment in Monohm, a US based provider of innovative IoT devices based on Firefox OS. Monohm’s first product “Runcible” will be showcased at the Mozilla booth at MWC 2015.

    Panasonic VIERA TX-CR730

    The Firefox OS ecosystem continues to expand with new partners and devices ranging from the line of Panasonic 4K Ultra HD TVs to the world’s most affordable smartphone:

    “Just months ago, Cherry Mobile introduced the ACE, the first Firefox OS smartphone in the Philippines, which is also the most affordable smartphone in the world. We are excited that the ACE, which keeps gaining positive feedback in the market, is helping lots of consumers move from feature phones to smartphones. Through the close partnership with Mozilla Firefox OS, we will continue to bring more affordable quality mobile devices to consumers,” said Maynard Ngu, Cherry Mobile CEO.

    With today’s announcements, Firefox OS will be available from leading operator partners in more than 40 markets in the next year on a total of 17 smartphones.

    Firefox OS unlocks the power of the Web as the platform and will continue to expand across markets and device categories as we move forward the Internet of Things (IOT), using open Web technology to enable operators, hardware manufacturers and developers to create innovative and customized applications and products for consumers to use across these connected devices.

    Creating Content for Mobile, on Mobile Devices
    Mozilla today unveiled the beta version of Webmaker, a free and open source mobile content creation app, which strips away the complexity of traditional Web creation. Webmaker will be available for Android, Firefox OS, and via a modern mobile browser on other devices in over 20 languages later this year. For more info, please visit

    Planet MozillaMozilla, KDDI, LG U+, Telefónica and Verizon Wireless Collaborate to Create New Category of Firefox OS Phones

    New range of intuitive and easy-to-use phones to be powered by Firefox OS

    Barcelona, Spain – Mobile World Congress – March 1, 2015
    Mozilla, the mission based organization dedicated to keeping the power of the Web in people’s hands, together with KDDI, LG U+, Telefónica and Verizon Wireless, today announced at Mobile World Congress a new initiative to create devices based on Firefox OS.

    The goal of this initiative is to create a more intuitive and easy-to-use experience (powered by Firefox OS) for consumers around the world. The companies are collaborating to contribute to the Mozilla community and create a new range of Firefox OS phones for a 2016 launch in various form factors – flips, sliders and slates – that balance the simplicity of a basic phone (calls, texts) with the more advanced features of a smartphone such as fun applications, content, navigation, music players, camera, video, LTE, VoLTE, email and Web browsing.

    Firefox OS was chosen as the platform for this initiative because it unlocks the mobile ecosystem and enables independence and innovation. This results in more flexibility for network operators and hardware manufacturers to provide a differentiated experience and explore new business ventures, while users get the performance, personalization and affordability they want packaged in a beautiful, clean and easy-to-use experience.

    “By leveraging Firefox OS and the power of the Web, we are re-imagining and providing a modern platform for entry-level phones, said Li Gong, President of Mozilla. “We’re excited to work with operator partners like KDDI, LG U+, Telefonica and Verizon Wireless to reach new audiences in both emerging and developed markets and offer customers differentiated services.”

    Yasuhide Yamamoto, Vice President, Product Sector at KDDI said “We have been gaining high attention from the market with Fx0, a high tier LTE based Firefox OS smartphone launched last December, and we have faith in the unlimited potential of Firefox OS. KDDI has been very competitive in the Japanese mature mobile phone market for decades, so we are confident that we can contribute to the Mozilla community in developing this new concept product.”

    “Telefónica is actively supporting Firefox OS, aligned with our strategy of bringing more options and more openness to our customers. Firefox OS smartphones are currently offered in 14 markets across our footprint and are helping to bring connectivity to more people who are looking for a reliable and simple user experience at affordable prices,” said Francisco Montalvo, Director, Telefónica Group Devices Unit.

    Rosemary McNally, Vice President, Device Technology at Verizon said “Verizon aims to deliver innovative new products to its customers, and this initiative is about creating a modern, simple and smart platform for basic phones. We’re looking forward to continuing to work with Mozilla and other service providers to leverage the power of Firefox OS and the Web community.”

    About Mozilla
    Mozilla has been a pioneer and advocate for the Web for more than 15 years. We create and promote open standards that enable innovation and advance the Web as a platform for all. Today, hundreds of millions of people worldwide use Mozilla Firefox to experience the Web on computers, tablets and mobile devices. With Firefox OS and Firefox Marketplace, Mozilla is driving a mobile ecosystem that is built entirely on open Web standards, freeing mobile providers, developers and end users from the limitations and restrictions imposed by proprietary platforms. For more information, visit

    About KDDI Corporation
    KDDI, a comprehensive communications company offering fixed-line and mobile communications services, strives to be a leading company for changing times. For individual customers, KDDI offers its mobile communications (mobile phone) and fixed-line communications (broadband Internet/telephone) services under the brand name au, helping to realize Fixed Mobile and Broadcasting Convergence (FMBC). For business clients, KDDI provides comprehensive Information and Communications services, from Fixed Mobile Convergence (FMC) networks to data centers, applications, and security strategies, which helps clients strengthen their businesses. For more information please visit

    About Telefónica
    Telefónica is one of the largest telecommunications companies in the world in terms of market capitalisation and number of customers. With its best in class mobile, fixed and broadband networks, and innovative portfolio of digital solutions, Telefónica is transforming itself into a ‘Digital Telco’, a company that will be even better placed to meet the needs of its customers and capture new revenue growth. The company has a significant presence in 21 countries and a customer base of 341 million accesses around the world. Telefónica has a strong presence in Spain, Europe and Latin America, where the company focuses an important part of its growth strategy. Telefónica is a 100% listed company, with more than 1.5 million direct shareholders. Its share capital currently comprises 4,657,204,330 ordinary shares traded on the Spanish Stock Market  and on those in London, New York, Lima, and Buenos Aires.

    About Verizon Wireless
    Verizon Wireless operates the nation’s largest and most reliable 4G LTE network.  As the largest wireless company in the U.S., Verizon Wireless serves 108.2 million retail customers, including 102.1 million retail postpaid customers.  Verizon Wireless is wholly owned by Verizon Communications Inc. (NYSE, Nasdaq: VZ).  For more information, visit  For the latest news and updates about Verizon Wireless, visit our News Center at or follow us on Twitter at

    Planet MozillaLink Pack (March 1st)

    What I was reading this week:

    Planet MozillaWebmaker App Takes Fresh Approach to Digital Literacy

    Tomorrow at Mobile World Congress in Barcelona, Mozilla will release an open beta of the Webmaker app: a free, independent web publishing tool. This is an important next step in Mozilla’s effort to dramatically increase digital literacy around the world.

    The Webmaker app emerged from a year of research in Bangladesh, India and Kenya. The research pointed to two things: new smartphone users face a steep learning curve, often limiting themselves to basic apps like Facebook and not even knowing they are on the Internet; and users yearn for — and can benefit greatly from — the ability to create local, relevant content.

    Webmaker app is designed to address these needs by making it possible for anyone to quickly publish a website or an app from the moment they turn on their first smartphone. Students can build a digital bulletin board for their peers, teachers can create and distribute lesson plans, and merchants can produce websites to promote their products.

    The idea is to get new smartphone users making things quickly when they get online — and then to help them do more sophisticated things over time. This ‘make first’ approach to digital literacy encourages people to see themselves as active creators rather than passive consumers. This mindset will be critical as billions people grapple with the question ‘how and why should I use the internet?’ for the first time over the next few years.

    Webmaker app is free, open source and available in over 20 languages. Users can share their creations using a simple URL via SMS, Facebook, WhatsApp and more. Content created in Webmaker will load in any mobile web browser. The current open beta version is available for Android, Firefox OS and modern mobile browsers. A full release is planned for later this year.

    Complementing the Webmaker app are Mozilla’s far-reaching, face-to-face learning programs. Our network of volunteer makers, mentors and educators operate in more than 80 countries. These volunteers — equipped with the app and other tools — run informal workshops in  schools, libraries and other public places to help people understand how the Web works and create content relevant to their everyday lives.  Last year alone, Mozilla volunteers ran 2,513 workshops across 450 cities.

    All of these digital literacy activities are driven by partnerships. Mozilla partners with NGOs, mobile carriers and other global organizations to ensure our digital literacy programs reach individuals who need it most. We’re joining forces with influential partners who share our passion for an open Web, local content creation and empowered users.

    When billions of first-time Web users come online, they will find a platform they can build, mold and use everyday to better their lives, businesses and education. It’s an ambitious order, but Mozilla is prepared. To participate, or learn more about our digital literacy initiatives, visit

    Planet MozillaTop 50 DOS Problems Solved: Doubling Disk Capacity

    Q: I have been told that it is possible to convert 720K 3.5-inch floppy disks into 1.44Mb versions by drilling a hole in the casing. Is this true? How is it done? Is it safe?

    A: It is true for the majority of disks. A few fail immediately, but the only way to tell is to try it. The size and placement of the hole is, near enough, a duplicate of the write-protect hole.

    If the write-protect hole is in the bottom left of the disk, the extra hole goes in a similar position in the bottom right. Whatever you do, make sure that all traces of plastic swarf are cleared away. As to whether this technique is safe, it is a point of disagreement. In theory, you could find converted disks less reliable. My own experience over several years has been 100 per cent problem free other than those disks which have refused to format to 1.44Mb in the first place.

    You can perform a similar trick with 360K and 1.2Mb 5.25-inch disks.

    Hands up who remembers doing this. I certainly do…

    Planet MozillaWeeknotes 08/2015 and 09/2015

    Last week I was in Dubai on holiday with my family thanks to the generosity of my Dad. Here’s a couple of photos from that trip. Scroll down for this week’s updates!

    Dubai Marina

    Giraffes feeding at Al Ain Zoo


    This (four-day) work week I’ve been:


     Dynamic Skillset


    Digital Maker/Citizen badges

    Next week I’ll be at home working more on the Learning Pathways whitepaper and Web Literacy Map v1.5. I’ll also be helping out with the Clubs curriculum work where necessary.

    Finally, I’m considering doing more work I originally envisaged this year with Dynamic Skillset, so email if you think I can help you or your organisation!

    All images by me, except header image CC BY-NC NASA’s Marshall Space Flight Center

    Planet MozillaThe oldest computer running TenFourFox

    In the "this makes me happy" department, Miles Raymond posted his Power Macintosh 9500 (with a 700MHz G4 and 1.5GB of RAM) running TenFourFox in Tiger. I'm pretty sure there is no older system that can boot and run 10.4, but I'd be delighted to see if anyone can beat this. FWIW, the 9500 was released May 1995, making it 20 years old this year and our very own "Twentieth Anniversary" Macintosh.

    And Mozilla says you need an Intel Mac to run Firefox! Oh, those kidders! They're a laugh a minute!

    Planet MozillaFirefox 38 brindará soporte para Windows de 64 bits

    Firefox 38 -actualmente en el canal Developer Edition- será la primera versión de Firefox con soporte para Windows de 64 bits, con este lanzamiento Mozilla completará el soporte a dicha arquitectura pues ya se contaba con versiones en Linux y Mac.

    Anteriormente, solo de contaba con Firefox de 64 bits para Windows en el canal Nightly bajo etapa de pruebas y correcciones, ahora los usuarios de Windows podrán utilizar una versión optimizada de Firefox para dicha plataforma. Firefox 38 incorpora otras novedades interesantes y más adelante hablaremos sobre ello.

    La liberación de Firefox 38 final está planificada para el 12 de mayo y aún falta tiempo por definir si finalmente se contará con esta versión, esperamos que sí. Esta edición la pueden descargar desde la sección Aurora de nuestra zona de Descargas para Linux y Windows en español.

    Planet MozillaRep of the month: February 2015

    Stefania Ioana Chiorean is one of the most humble, inspiring and hard working contributor of the Reps community.

    She has always been an inspiration of enthusiasm for the Mozilla community worldwide. Her proactive nature of getting things done has motivated Reps throughout. Being the part of Mozilla Romania Community, Ioana helps out anyone and everyone who wants to learn and make the web better. Spreading around Mozillian News through Social Media accounts of Mozilla Romania Community she enjoys helping the SUMO community. An emboldening persona in Womoz, Ioana encourage women participation in tech.


    During the last few months, Ioana has been organizing and participating in several events to promote Mozilla like FOSDEM, OSOM, and also to involve more women into Free/Open Source communities and Mozilla through WoMoz initiative, highly involved in Mozilla QA helping to smash as many bugs as possible in several Mozilla products.

    Ioana is now driving the Buddy Up QA Pilot program, which aims to recruit and train community members to actively own testing of this project.

    Also we welcome Ioana as a Peer of the Reps Module and congratulate her for being the Rep of the Month!

    Thanks Ioana for all you do for the the Reps, Mozilla and the Open Web.

    Cheers little romanian vampire!

    Don’t forget to congratulate her on Discourse!

    Planet MozillaSpectateur, custom reports for crash-stats

    The users of Socorro at Mozilla, the Stability team, have very specific needs that vary over time. They need specific reports for the data we have, new aggregations or views with some special set of parameters. What we developers of Socorro used to do was to build those reports for them. It's a long process that usually requires adding something to our database's schema, adding a middleware endpoint and creating a new page in our webapp. All those steps take a long time, and sometimes we understand the needs incorrectly, so it takes even longer. Not the best way to invest our time.

    Nowadays, we have Super Search, a flexible interface to our data, that allows users to do a lot of those specific things they need. As it is highly configurable, it's easy to keep the pace of new additions to the crash reports and to evolve the capabilities of this tool. Couple that with our public API and we can say that our users have pretty good tools to solve most of their problems. If Super Search's UI is not good enough, they can write a script that they run locally, hitting our API, and they can do pretty much anything we can do.

    But that still has problems. Local scripts are not ideal: it's inconvenient to share them or to expose their results, it's hard to work on them collaboratively, it requires working on some rendering and querying the API where one could just focus on processing the data, and it doesn't integrate with our Web site. I think we can do better. And to demonstrate that, I built a prototype. Introducing...


    spectateur.jpg Spectateur is a service that takes care of querying the API and rendering the data for you. All you need to do is work on the data, make it what you want it to be, and share your custom report with the rest of the world. It uses a language commonly known, JavaScript, so that most people (at least at Mozilla) can understand and hack what you have done. It lets you easily save your report and gives you a URL to bookmark and to share. And that's about it, because it's just a prototype, but it's still pretty cool, isn't it?

    To explain it a little more: Spectateur contains three parts. The Model lets you choose what data you want. It uses Super Search and gives you about the same capabilities that Socorro's UI has. Once you have set your filters and chosen the aggregations you need, we move to the Controller. That's a simple JavaScript editor (using Ace) and you can type almost anything in there. Just keep the function transform, the callback and the last lines that set the interface, otherwise it won't work at all. There are also some limitations for security: the code is executed in a Web Worker in an iframe, so you have no access to the main page's scope. Network requests are blocked, among other things. I'm using a wonderful library called jailed, if you want to know more, please read its documentation.

    Once you are done writing your controller, and you have exposed your data, you can click the Run button to create the View. It will fetch the data, run your processor on that data and then render the results following the rules you have exposed. The data can currently be displayed as a table (using jsGrid) or as a chart (using Chart.js). For details, please read the documentation of Spectateur (there's a link at the top). When you are satisfied with your custom report, click the button Save. That will save the Model and the Controller and give you a URL (by updating the URL bar). Come back to that URL to reload your report. Note that if you make a change to your report and click Save again, a new URL will be generated, the previous report won't be overwritten.

    As an example, here is a report that shows, for our B2G product, a graph of the top versions, a chart of the top signatures and a list of crash reports, all of that based on data from the last 7 days:

    I hope this tool will be useful to our users. As usual, if you have comments, feedback, criticisms, if you feel this is a waste of time and we should not invest any more time in it, or on the contrary you think this is what you needed this whole time, please please please let us know!

    Planet MozillaGreat Barrier Island

    Last weekend a couple of Mozillians --- David Baron and Jean-Yves Avenard --- plus myself and my children flew to Great Barrier Island for the weekend. Great Barrier is in the outer Hauraki Gulf, not far from Auckland; it takes about 30 minutes to fly there from Auckland Airport in a very small plane. The kids and I camped on Friday night at "The Green" campsite at Whangaparapara, while David and Jean-Yves stayed at Great Barrier Lodge nearby. On Saturday we did the Aotea Track in clockwise direction, heading up the west side of the hills past Maungapiko, then turning east along the South Fork Track to Mt Heale Hut for the night. (The usual continuation past Kaiaraara Hut along the Kaiaraara track had been washed out by storms last year, and we saw evidence of storm damage in the form of slips almost everywhere we went.) Even the South Fork Track had been partially rerouted along the bed of the Kaiaraara Stream. We were the only people at Mt Heale Hut and had a good rest after a reasonably taxing walk. But inspired by Jean-Yves, we found the energy to do a side trip to Mt Hobson --- the highest point on the island --- before sunset.

    On Sunday we walked south out of the hills to the Kaitoke hot strings and had a dip in the hot, sulphurous water --- very soothing. Then along the road to Claris and a well-earned lunch at the "Claris, Texas" cafe. We still had lots of time to kill before our flight so we dropped our bags at the airport (I use the term loosely) and walked out to Kaitoke Beach. A few of us swam there, carefully, since the surf felt very treacherous.

    I'd never been tramping overnight at the Barrier before and really enjoyed this trip. There aren't many weekend-sized hut tramps near Auckland, so this is a great option if you don't mind paying to fly out there. The flight itself is a lot of fun.

    Planet MozillaMozKopDarJKT February 2015 Photo

    Gallery of #MozKopDarJKT

    Planet MozillaThunderbird Usage Continues to Grow

    We’re happy to report that Thunderbird usage continues to expand.

    Mozilla measures program usage by Active Daily Installations (ADI), which is the number of pings that Mozilla servers receive as installations do their daily plugin block-list update. This is not the same as the number of active users, since some users don’t access their program each day, and some installations are behind firewalls. An estimate of active monthly users is typically done by multiplying the ADI by a factor of 3.

    To plot changes in Thunderbird usage over time, I’ve picked the peak ADI for each month for the last few years. Here’s the result:

    Thunderbird Active Daily Installations, peak value per month.

    Germany has long been our #1 country for usage, but in 4th quarter 2014, Japan exceeded US as the #2 country. Here’s the top 10 countries, taken from the ADI count of February 24, 2015:

    Rank Country ADI 2015-02-24
    1 Germany 1,711,834
    2 Japan 1,002,877
    3 United States 927,477
    4 France 777,478
    5 Italy 514,771
    6 Russian Federation 494,645
    7 Poland 480,496
    8 Spain 282,008
    9 Brazil 265,820
    10 United Kingdom 254,381
    All Others 2,543,493
    Total 9,255,280

    Country Rankings for Thunderbird Usage, February 24, 2015

    The Thunderbird team is now working hard preparing our next major release, which will be Thunderbird 38 in May 2015. We’ll be blogging more about that release in the next few weeks, including reporting on the many new features that we have added.

    Planet MozillaA useful Bugzilla trick

    At the beginning of February I changed teams within Mozilla and am now working as a release manager. It follows naturally from a lot of the work I’ve already been doing at Mozilla and I’m excited to join the team working with Lukas, Lawrence, and Sylvestre!

    I just learned a cool trick for dealing with several bugs at once, on MacOS X.

    1) Install Bugzilla Services.

    2) Add a keyboard shortcut as Alex Keybl describes in the blog post above. (I am using Control-Command-B)

    3) Install the BugzillaJS (Tweaks for Bugzilla) addon.

    4) Install the Tree Style Tab addon.

    Now, from any text, whether in email, a desktop text file, or anywhere in the browser, I can highlight a bunch of text and bug number will be parsed out of the text. For example, from an email this morning:

    Bug 1137050 - Startup up Crash - patch should land soon, potentially risky
    David Major seems to think it is risky for the release.
    Besides that, we are going to take:
    Bug 1137469 - Loop exception - patch waiting for review
    Bug 1136855 - print preferences - patch approved
    Bug 1137141 - Fx account + hello - patch waiting for review
    Bug 1136300 - Hello + share buttons - Mike  De Boer will work on a patch today
    And maybe a fix for the ANY query (bug 1093983) if we have one...

    I highlighted the entire email and hit the “open in bugzilla” keystroke. This resulted in a Bugzilla list view for the 6 bugs mentioned in the email.

    Bugzilla list view example

    With BugzillaJS installed, I have an extra option at the bottom of the page, “Open All in Tabs”, so if I wanted to triage these bugs, I can open them all at once. The tabs show up in my sidebar, indented from their parent tab. This is handy if I want to collapse this group of tabs, or close the parent tab and all its children at once (The original list view of these 6 bugs, and each of its individual tabs.) Tree Style Tab is my new favorite thing!

    Tree style tabs bugzilla

    In this case, after I had read each bug from this morning and closed the tabs, my coworker Sylvestre asked me to make sure I cc-ed myself into all of them to keep an eye on them later today and over the weekend so that when fixes are checked in, I can approve them for release.

    Here I did not want to open up every bug in its own tab but instead went for “Change Several Bugs at Once” which is also at the bottom of the page.

    Bugzilla batch edit

    This batch edit view of bugs is a bit scarily powerful since it will result in bugmail to many people for each bug’s changes. When you need it, it’s a great feature. I added myself to the cc: field all in one swoop instead of having to click each tab open, click around several times in each bug to add myself and save and close the tab again.

    It was a busy day yesterday at work but I had a nice time working from the office rather than at home. Here is the view from the SF Mozilla office 7th floor deck where I was working and eating cake in the sun. Cannot complain about life, really.
    Mozilla bridge view

    Related posts:

    Planet MozillaDiving into python logging

    Python has a very rich logging system. It's very easy to add structured or unstructured log output to your python code, and have it written to a file, or output to the console, or sent to syslog, or to customize the output format.

    We're in the middle of re-examining how logging works in mozharness to make it easier to factor-out code and have fewer mixins.

    Here are a few tips and tricks that have really helped me with python logging:

    There can be only more than one

    Well, there can be only one logger with a given name. There is a special "root" logger with no name. Multiple getLogger(name) calls with the same name will return the same logger object. This is an important property because it means you don't need to explicitly pass logger objects around in your code. You can retrieve them by name if you wish. The logging module is maintaining a global registry of logging objects.

    You can have multiple loggers active, each specific to its own module or even class or instance.

    Each logger has a name, typically the name of the module it's being used from. A common pattern you see in python modules is this:

    # in module
    import logging
    log = logging.getLogger(__name__)

    This works because inside, __name__ is equal to "foo". So inside this module the log object is specific to this module.

    Loggers are hierarchical

    The names of the loggers form their own namespace, with "." separating levels. This means that if you have have loggers called, and foo.baz, you can do things on logger foo that will impact both of the children. In particular, you can set the logging level of foo to show or ignore debug messages for both submodules.

    # Let's enable all the debug logging for all the foo modules
    import logging

    Log messages are like events that flow up through the hierarchy

    Let's say we have a module

    import logging
    log = logging.getLogger(__name__)  # __name__ is "" here
    def make_widget():
        log.debug("made a widget!")

    When we call make_widget(), the code generates a debug log message. Each logger in the hierarchy has a chance to output something for the message, ignore it, or pass the message along to its parent.

    The default configuration for loggers is to have their levels unset (or set to NOTSET). This means the logger will just pass the message on up to its parent. Rinse & repeat until you get up to the root logger.

    So if the logger hasn't specified a level, the message will continue up to the foo logger. If the foo logger hasn't specified a level, the message will continue up to the root logger.

    This is why you typically configure the logging output on the root logger; it typically gets ALL THE MESSAGES!!! Because this is so common, there's a dedicated method for configuring the root logger: logging.basicConfig()

    This also allows us to use mixed levels of log output depending on where the message are coming from:

    import logging
    # Enable debug logging for all the foo modules
    # Configure the root logger to log only INFO calls, and output to the console
    # (the default)
    # This will output the debug message

    If you comment out the setLevel(logging.DEBUG) call, you won't see the message at all.

    exc_info is teh awesome

    All the built-in logging calls support a keyword called exc_info, which if isn't false, causes the current exception information to be logged in addition to the log message. e.g.:

    import logging
    log = logging.getLogger(__name__)
        assert False
    except AssertionError:"surprise! got an exception!", exc_info=True)

    There's a special case for this, log.exception(), which is equivalent to log.error(..., exc_info=True)

    Python 3.2 introduced a new keyword, stack_info, which will output the current stack to the current code. Very handy to figure out how you got to a certain point in the code, even if no exceptions have occurred!

    "No handlers found..."

    You've probably come across this message, especially when working with 3rd party modules. What this means is that you don't have any logging handlers configured, and something is trying to log a message. The message has gone all the way up the logging hierarchy and fallen off of the chain (maybe I need a better metaphor).

    import logging
    log = logging.getLogger()
    log.error("no log for you!")


    No handlers could be found for logger "root"

    There are two things that can be done here:

    1. Configure logging in your module with basicConfig() or similar

    2. Library authors should add a NullHandler at the root of their module to prevent this. See the cookbook and this blog for more details here.

    Want more?

    I really recommend that you read the logging documentation and cookbook which have a lot more great information (and are also very well written!) There's a lot more you can do, with custom log handlers, different output formats, outputting to many locations at once, etc. Have fun!

    Planet MozillaA long time ago, on a computer far far away…

    Six years ago, I started contributing to Mozilla.

    Read more… (3 min remaining to read)

    Planet MozillaWebmaker Demos February 27 2015

    Webmaker Demos February 27 2015 Webmaker Demos February 27 2015


    Updated: .  Michael(tm) Smith <>