Bryan Clark: Raindrop & Jetpack

The other day I did a quick hack using Raindrop & Jetpack to get new mail notifications from Raindrop.  In total it took me less than an hour.  It’s no Joe Shaw hack, so I don’t expect to get in the paper for this but I figured I’d share anyway.

This Jetpack checks Raindrop to see if there are new messages and bubbles them up as notifications if there are.  Here’s the source code:

var messages = ; 

function checkMail() {
 var api="http://localhost:5984/raindrop/_api/inflow/conversations/home?limit=10";
 jQuery.getJSON(api,
               function(data, textStatus){
                 jQuery.each(data, function(i,item){
                   if (item.unread) {
                     if (!messages[item.id] || messages[item.id] != item.messages.length) {
                       var n={title: item.subject,
                              body : item.messages[0].schemas["rd.msg.body"]["body_preview"],
                              icon : 'http://localhost:5984/raindrop/inflow/i/logo.png'};
                       jetpack.notifications.show(n);
                     }
                     messages[item.id] = item.messages.length;
                   }
               });
 });
}
setInterval(checkMail, 10000);

To try this out you’ll need Raindrop installed and running and Jetpack installed in Firefox.

Go to about:jetpack and copy the above code into the Develop tab, then click the try out this code link just below the Bespin editor.

If you don’t want to do all that you can just watch the video below (no sound, so you might want to play some music)

Mary Colvig: Ready for your close up?

Are you a Firefox fan?  Or even better, a Personas fan?  If so, we’d like you to star in a video we’re creating to showcase Personas.  Here are the details:

• Date:  Monday, November 23, 2009
• Time:  12:00 p.m
• Location:  Mozilla HQ, 650 Castro Street, Suite 300, Mountain View, CA 94041
• Sign up sheet (create an account to add your name to the wiki or comment below to sign up)

Come as yourself – no fancy costumes needed – and meet other Firefox fans.  We’ll treat you to lunch and make it worth your while!  And, we promise none of these antics…

Jump up and Dance by Gary Pauck (Firefox Flicks)

Taras Glek: Dehydra Testsuite Passes on GCC 4.5

I spent couple of days fixing the remaining test-suite failures on GCC 4.5 trunk for Dehydra. Since the last time I looked into this, GCC went from crashing all over the place to only crashing if I did something bad. It was nice to discover that as a result of switching to 4.5 Dehydra users will get saner .isExplicit behavior and more precise location info.

Treehydra will take more work due to me misunderstanding GTY annotations.

By the way, I am really grateful for all of the people who contributed GCC 4.5 fixes so far. You guys have been a big help in getting Dehydra testsuite to 100% on 4.5. Looks like I will meet my goals to finish De+Treehydra by the end of the year in time for GCC 4.5 release and my “Introducing Dehydra to the Developer World”-type talk at LinuxConf.au.nz 2010.

Startup
I reduced my focus on startup speed at the moment to catch up on Dehydra. I plan to work on reducing xpconnect overhead during startup next, ie more of this bug.

Dietrich Ayala: Firefox Startup Performance Weekly Summary

Current numbers are available on the Performance Snapshot page.

Summary, relative to Firefox 3.5:

• Warm startup: For Mac, 36% better on 3.6 and 35% better on 3.7. For Windows, 5% and 5%. Flat on Linux. Also, Warm startup for Mac on 3.6 is a whopping 13% better than last week, due to the landing of bug 517804.
• Cold startup:  For Mac, 20% better on both 3.6 and 3.7. For Windows, not measuring yet. For Linux, we’re seeing a regression of ~9% across branch and trunk in the snapshot but not on the graphs, so I need to figure out where the discrepancy is.

This week’s activity:

• Dirty-cold-Ts went live this week, thanks to Alice and Lukas. Example: cold startup with a large places.sqlite on Mac.
• Joel is making progress on making a super-static Firefox in bug 525013.
• Ben is making progress on the fastload replacement in bug 520309.
• No updates on Windows cold-startup testing for Talos on bug 522807. I need to test on Vista, and turn off Pre/Superfetch.
• Taras has patches up for service caching (bug 516085) and super-fast-path-ing of Components.* (bug 512584), however the latter he’s hit a wall, passing on to Blake or someone else who knows that code.
• Ted landed rebasing on Windows in bug 484799.
• Jonathan Kew has a new patch in bug 519445 for further reductions in Mac startup time spent in font system initialization, just about there…

Projects in a holding pattern:

• JARification: David abandoned moving JS modules into a JAR file, since those files are fastloaded. However, since we want things like post-extension-install restarts to be fast, and those cause fastload cache invalidation, we might want to do things like this anyways. I filed a bug for the same treatment for components. These are lower priority, since they’re not the normal startup case. Follow along with all JAR-ification via the tracker bug.
• Startup Timeline: No updates, still not landed. Add [ft] in the whiteboard of your bug w/ the function names you want timed and David will generate it and update the bug.
• Static Analysis: No progress on bug 506128. David needs to file a bug with the final log of named-yet-uncalled functions.
• Dirty Profile Testing: No progress. Need to list scenarios, file bugs for each, generate Talos config patches and profile data, and then move it into Rel-Eng territory. Also, need to get a separate Tinderbox tree, since it’s going to cause a bazillion new columns.
• Joel Reymont noted in bug 513076 that there are serious drawbacks to getting our libraries in the dyld shared cache on Mac, so has deprioritized that work.
• No updates on Zack’s CSS parser changes in bug 513149.

As usual, more details and links are available on the project wiki, and we’re available to answer questions in #startup on irc.mozilla.org.

Caitlin Looney: Product Shots of Firefox on N900

CNET UK recently reviewed Firefox running on the Nokia N900 (see Firefox Mobile on Nokia N900 hands-on photos: Fire in your trousers).  I liked their  product shots of Firefox in action (who wouldn’t?) and wanted to share some of those shots with you all today.Nice pic of the Firefox start page.  We’ve incorporated a mini animation to help guide first-time users to navigate around the UI.

…A quick slide to the right reveals open tabs in thumbnail view so you can easily see what website you want to select. Tap on the corner of the thumbnail to delete the open tab, or tap on the button below to open a new one.

…A quick slide to the left shows the stowed away controls: bookmarking, back and forward, as well as preferences. Bookmark a page you like with one touch and edit the tag if you’d like.

Next to the new tab button is the WeaveSync button. Tap on that button and WeaveSync synchronizes and delivers your open tabs from your PC.  This is a great example of how you can work away at your desktop, get up and go, pull out your mobile, and have everything waiting for you (browsing history, saved passwords, bookmarks, as well as open tabs) just as you had left it.

By tapping on the Tools button and going to your preferences in Firefox, you can select the add-on button to search and install your favorite add-ons from your mobile device.  You can also manage your search engines here that appear at the bottom of the screen when you’re conducting a search with the Awesome Bar.

Ah yes, the glorious Awesome Bar in action. We know typing is hard so the Awesome Bar helps you get where you’re going in only a few keystrokes. With WeaveSync, the Awesome Bar gets that much more powerful as it recalls your browsing history from both your PC and mobile. See the search engines below so you can narrow your search further. Quick access to Wikipedia gets me one step closer to winning Bar Trivia Night.

Hope you enjoyed the photos…I know I did. I’ll continue to post the latest and greatest screenshots on my Flickr stream: http://www.flickr.com/photos/missylooney/

 

Sid Stamm: update on HTTPS security Version 2.0 of my Force-TLS add-on for Firefox was released by the AMO editors on Tuesday, and in incorporates a few important changes: It supports the Strict-Transport-Security header introduced by PayPal, and also has an improved UI that lets you add/remove sites from the forced list. For more information see my Force-TLS web site.

On a similar topic, I've been working to actually implement Strict-Transport-Security in Firefox. The core functionality is in there, and if you want to play with some demo builds, grab a custom built Firefox and play. These builds don't yet enforce certificate integrity as the spec requires, but aside from that, they implement STS properly.

Unlike any add-ons that implement this, the built-in version performs an internal redirect to upgrade channels -- before any request hits the wire. This is an improvement over the way the HTTP protocol handler was hacked up by version 1 of Force-TLS, and doesn't suffer from any subtle bugs that may pop up due to mutating a channel's URI through an nsIContentPolicy. It's not that add-ons that do STS are poorly written, but rather there is no way to trigger the proper internal redirect from an add-on, so the only way to 100% correctly implement STS in Firefox without obscure side-effects is through a patch.

Giorgio Maone: IE’s XSS Filter Creates XSS Vulnerabilities

Internet Explorer 8’s famous XSS filter can be exploited to perform successful XSS attacks against web sites which would be otherwise safe. In other words, XSS “protection” is helping XSS attackers, oh the irony.

Well, this is not exactly news among security researchers, but those aware of the details (including Microsoft of course, Eduardo “Sirdarckcat” Vela and myself) have kept a low profile so far. Check, for instance, slide #17 in my OWASP presentation, given two weeks ago.

However, after Microsoft left it unfixed for many months, someone apparently decided to whisper this dirty little secret in Dan Goodin (The Register)’s ear.

To Microsoft’s credit, this problem has no quick fix: in fact, it’s way worse than a simple implementation bug. Its root is a flawed design choice: when a potential XSS attack is detected, IE 8 modifies the response (the content of the target page) in order to neuter the malicious code. This is, incidentally, the only significant departure from NoScript’s approach, which modifies the request (the data sent by the client) instead, and is therefore immune.

Anyway, here’s the juice: IE 8’s response-changing mechanism can be easily exploited to turn a normally innocuous fragment of the victim page into a XSS injection. The attacker just needs a certain degree of control on the content of the web site to be injected: social networks, forums, wikis and even Google Apps are good prey. To be fair, Google Apps are not vulnerable anymore, since Google’s properties wisely choose to deploy the X-XSS-Protection: 0 header, which is the “safety switch” disabling IE 8’s XSS protection.

So, web site owners’ dilemma is, opt out or not opt out?
For browser users, there should be no dilemma at all ;-)

Robert Strong: App update status – week of 11/20

It has been a good couple of weeks. There are several bugs I am relieved that are now fixed for Firefox 3.6… especially that we now check if Firefox is in use prior to updating and prevent launching Firefox during an update. Also, checking for updates for users that aren’t able to apply updates. Beltzner did his usual beltzner thing by catching what I see as a major usability flaw in that the original patch notified users repeatedly for the same release until Firefox was upgraded which I was able to fix. I’m still kicking myself for not catching that myself.

Progress:

• WOOT! Landed on trunk and 1.9.2 branch – Bug 407875 [Toolkit] – “Unprivileged users are not notified of security updates [All]“. The next bugs to fix that are similar are the dependent bugs of Bug 318855 [Toolkit] – “App update should provide method to update when the user doesn’t have privileges [All]“.
• Landed on trunk and 1.9.2 branch – Bug 510501 [Toolkit] – “not granting UAC permission to updater.exe causes full update to be downloaded [Windows]“. The next bug to fix that is similar is Bug 336267 [Toolkit] – “If software update is disabled or “ask” after an update has been downloaded, the update should be disabled or asked [All]“.
• Created a wiki page for the work on Bug 410639 [Toolkit] – “Provide ability to change update channel within the application [All]” and emailed dev-apps-firefox / dev-platform (followups to dev-apps-firefox) for this proposal.

Future targets (short work week so no way this will all get done):

• Bug 336267 [Toolkit] – “If software update is disabled or “ask” after an update has been downloaded, the update should be disabled or asked [All]“
• Investigate Bug 526441 [Toolkit] – “Unable to use FileUtils.jsm in nsExtensionManager.js.in on 1.9.2 due to reftest failures”.
• Yes, I still need to blog about the lessons I’ve learned while trying to improve startup time for app update but the Firefox 3.6 took precedence.
• Investigate Bug 529948 [Toolkit] – “Cannot check for updates on trunk when the download server is down” along with its friends

I’m taking Wednesday off so next week is a two day work week for me since Thursday and Friday are holidays.

Armen Zambrano Gasparnian: hy-AM (Armenian) moving forward Robert Sargsyan has been localizing Firefox into Armenian for a really long time through Narro.
He recently has contacted me to get things rolling since he has translated 98-99% (94% according to compare-locales) of the strings.

It is now my turn to get into the technical details and move it to mercurial. These are the steps that we have taken:

• Robert ported the strings from 3.5 to 3.6 (Narro allows you to do this)
• Through Narro's interface I exported the project and downloaded the zip file that it generates
• I checked out my clone of the Armenian 1.9.2 tree
  
• I overwrote my tree with the contents of the zip file
• I run compare-locales like this:
  compare-locales /Users/armenzg/moz/repos/mozilla-1.9.2/browser/locales/l10n.ini .. hy-AM-1.9.2
• I removed the files that were indicated to be removed
• I pushed my changes to my repository

• generate a langpack
• submit it to AMO (submit page)
  
• promote the add-on
• get people's review
• convince drivers to give us commit access
• push the changes to the official Mozilla hy-AM repositories
  

Armen Zambrano Gasparnian: libconic package needed for Maemo builds has been deployed Thanks to puppet we were once again able to fix this easily.

All that puppet told the slaves to do is to run this command:

1. Check that a staging slave does not have that package "pkg-config conic --libs"
2. Check that the file "targets/CHINOOK-ARMEL-2007/usr/include/conic/conic.h" does not exist
3. Install it using a similar command that was used in a previous bug
4. Check that "pkg-config conic --libs" returns what is expected "-lconic -ldbus-1 -lgobject-2.0 -lglib-2.0"
5. Check that the conic.h exists where expected
6. At this point we have a clear command to run by puppet and a "creates" argument.
7. Deploy the patch in the staging-puppet server
8. Login to another staging slave as root and run "puppetd --test --server staging-puppet.build.mozilla.org"
9. Do checks 4 and 5 to see that the puppet changes took place
10. Ask for review
11. Commit and deploy to production-puppet
12. Check a production like in step 8 and 9
13. Check an hour later if a random slave has the change as well
    

Gervase Markham: Commit Access Policy Draft

Currently, Mozilla has a large number of code trees in various source code management systems, many of which have differing requirements for access. This is confusing and difficult for both developers and administrators. This document is the first draft of a vision for what a unified commit access policy might look like. Having a clear commit access policy makes the lives of developers and administrators alike easier. ...

This new unified Commit Policy is likely to need careful review and improvement; I've been working on this for a while now but I'm still sure I haven't got it right first time. Comments welcome in mozilla.governance.

David Ascher: Dear ISPs

Dear ISPs,

By far the largest set of support requests that we end up seeing for Thunderbird have to do with being unable to receive or send mail. By far the largest single cause of these failures is some unilateral change by the ISP which cause previously working configurations to stop working. In other words, people come to us for help solving problems we can’t solve. It makes us feel bad, it makes you look uncaring, and it certainly doesn’t help your customers (except for those cases when we go beyond the call of duty and help them as neighbors would, guiding them through the diagnostic & fix).

In our next revisions of Thunderbird, we’ll probably work on making our error dialogs better, so that we transmit whatever wisdom we can to your users to give them a fighting chance. But we can do better for your customers, if you get involved.

Let’s figure out how to work together to provide better experiences for your customers and our users. I’m quite sure that we can come up with solutions which would save you costs compared to having your customers tie up your tech support lines only to be rebuffed by your staff who often don’t understand how email systems work. It might also help you avoid commoditization…

Here are some ideas to start the conversation going:

• Let’s make sure that our configuration of ISP databases works for as many users as possible. We’ll likely need to evolve the format and protocol over time, but we can only do that with input (some ESPs have already joined the effort, which is great!).
• Consider making a useful add-on that would let you inform your customers of planned service downtime, configuration changes, etc. (no marketing messages, please, or your customers will not use it).
• If there are changes we could make in Thunderbird that would help you help your customers, let’s talk!.

Together, we can figure out how to get your customers setup with a Thunderbird that works for them, for us, and for you.

Looking forward to a productive conversation,

– David Ascher
(dascher at mozillamessaging)

Mark Surman: What’s up w/ MozFdn – November Update

Here is a brief status update that I shared with the Mozilla Foundation board last week. This report is based on team goals outlined here.

In addition to Drumbeat, the last two months have focused communications and community support as well as launching a new education initiative. Highlights include:

• Programs. Almost 100 students at 13 colleges participating in Mozilla Education this fall. JetPack for Learning challenge launched. Early Drumbeat plans in place.
• Communications. New ‘better internet‘ page plus Service Week and OneWebDay generate awareness and traffic for Mozilla mission.
• Community. Effort to recruit new contributors launched. Progress being made on Mozilla governance and ‘bugzilla innovation‘ work.
• Org Development. Significant progress on Drumbeat and MoFo 2010 planning.

November and December will continue to focus on early Drumbeat roll out and web development, as well new fundraising push built around the Namoroka park, which is the Firefox 3.6 namesake.

Program

2009 team goal: develop a small handful of programs that go beyond software as a way to promote Mozilla’s mission (e.g. education).

• Core Mozilla Education work with colleges and Mozilla community grew as expected in late summer and early fall.
  • Mozilla-related courses and activities now underway at 13 schools on five continents, with participation from ten professors and almost a hundred students. Students working on  Bespin, GCC optimization for Mozilla, Gecko, WebGL, Fennec, Firefox, Thunderbird.
  • Processing for the Web project particularly successful, energizing students to work on WebGL and Firefox. Ten students from Seneca College and Université d’Evry.
• Received grant from MacArthur to fund Jetpack for Learning, a mashup of Mozilla Education and a Mozilla Labs design challenge. Launched challenge in late October.
• Planning and early work on Drumbeat moving quickly, especially in late October. Web site mockups and year one plans have been posted, and first projects and events scheduled.

Communications

2009 team goal: dramatically increase awareness of Mozilla’s mission and public benefit nature amongst the broader public.

• Ran Mozilla Service Week and OneWebDay campaigns in September. Significant community contributions and enthusiasm, although not as much as hoped in some regards.
• Pointed one of five snippets on google search page to new ‘Better Internet’ page on mozilla.org, aiming to increase awareness of Mozilla’s mission.
• Initial version of new engagement and fundraising database delivered by vendor, almost operational.

Community

2009 team goal: improve the Foundation’s ability to support, strengthen and grow the Mozilla community.

• New Get Involved  page launched on mozilla.org and community-wide contribute group established to make it easier for new people to get contribute to Mozilla.
• Improvements made on a number of project governance fronts including: new Committer’s Agreement, commit access policy harmonization, dormant accounts.
• MoFo-led Bugzilla Innovation Project made first release of web-friendly API, second release almost ready. One client has already been written to use it.

Organizational Development

2009 team goal: consolidate and strengthen the Foundation team, and develop a long term vision that clarifies the Foundation’s role within Mozilla.

• Most organization development efforts in last two months focused on Drumbeat planning, and developing budget and goals for 2010.

Posted in mozilla

Daniel Glazman: Opera widgets without Opera... #3

YAY !!! Still a lot to do but it starts looking ok !

Deb Richardson: Last chance! Planet Mozilla Survey

I’m going to be closing the Planet Mozilla Survey this afternoon, so if you haven’t had a chance to respond to it yet, please do so ASAP! You can find the survey here:

Planet Mozilla survey.

Thanks!

More News