Now that I'm stressing out gdb a lot more working on the Firefox JIT, it turns out that even if you do upgrade your CPUs to DD2.3 (as I did for my dual-8 Talos II system, or what Raptor sells as "v2"), you don't automatically get access to the DAWR even on a fixed POWER9 (Fedora 34). Although you'll no longer be YOLOing it on such a system, still remember to echo Y > /sys/kernel/debug/powerpc/dawr_enable_dangerous as root and restart your debugger to pick up hardware watchpoint support.

Incidentally, I'm about two-thirds of the way through the wasm test cases. The MVP is little-endian POWER9 Baseline Interpreter and Wasm support, so we're getting closer and closer. You can help.

https://www.talospace.com/2021/09/dawr-yolo-even-with-dd23.html

https://www.otsukare.info/2021/09/27/ios-browsers-non-webkit

http://mcomella.xyz/blog/2021/w3d-renderer.html

The report claims the proof of concept works on all prior versions of macOS, but it doesn't seem to work (even with corrected path) on Tiger. Unfortunately due to packing I don't have a Leopard or Snow Leopard system running right now, so I can't test those, but the 10.4 Finder (which would launch these files) correctly complains they are malformed. As a safety measure in case there is something exploitable, the October SPR build of TenFourFox will treat both .webloc and .inetloc files that you might download as executable. (These files use similar pathways, so if one is exploitable after all, then the other probably is too.) I can't think of anyone who would depend on the prior behaviour, but in our unique userbase I'm sure someone does, so I'm publicizing this now ahead of the October 5 release. Meanwhile, if someone's able to make the exploit work on a Power Mac, I'd be interested to hear how you did it.

http://tenfourfox.blogspot.com/2021/09/questionable-rce-with-weblocinetloc.html

https://this-week-in-rust.org/blog/2021/09/22/this-week-in-rust-409/

In real estate, the age old mantra is “location, location, location,” meaning that location drives value. That’s true even when it comes to data collection in the online world, too — your location history is valuable, authentic information. In all likelihood, you’re leaving a breadcrumb trail of location data every day, but there are a few things you can do to clean that up and keep more of your goings-on to yourself. 

What is location history?

When your location is tracked and stored over time, it becomes a body of data called your location history. This is rich personal data that shows when you have been at specific locations, and can include things like frequency and duration of visits and stops along the way. Connecting all of that location history, companies can create a detailed picture and make inferences about who you are, where you live and work, your interests, habits, activities, and even some very private things you might not want to share at all.

How is location data used?

For some apps, location helps them function better, like navigating with a GPS or following a map. Location history can also be useful for retracing your steps to past places, like finding your way back to that tiny shop in Florence where you picked up beautiful stationery two years ago.

On the other hand, marketing companies use location data for marketing and advertising purposes. They can also use location to conduct “geomarketing,” which is targeting you with promotions based on where you are. Near a certain restaurant while you’re out doing errands at midday? You might see an ad for it on your phone just as you’re thinking about lunch.

Location can also be used to grant or deny access to certain content. In some parts of the world, content on the internet is “geo-blocked” or geographically-restricted based on your IP address, which is kind of like a mailing address, associated with your online activity. Geo-blocking can happen due to things like copyright restrictions, limited licensing rights or even government control. 

Who can view your location data?

Any app that you grant permission to see your location has access to it. Unless you carefully read each data policy or privacy policy, you won’t know how your location data — or any personal data — collected by your apps is used. 

Websites can also detect your general location through your IP address or by asking directly what your location is, and some sites will take it a step further by requesting more specifics like your zip code to show you different site content or search results based on your locale.

How to disable location request prompts

Tired of websites asking for your location? Here’s how to disable those requests:

Firefox: Type “about:preferences#privacy” in the URL bar. Go to Permissions > Location > Settings. Select “Block new requests asking to access your location”. Get more details about location sharing in Firefox.

Safari: Go to Settings > Websites > Location. Select “When visiting other websites: Deny.”

Chrome: Go to Settings > Privacy and security > Site Settings. Then click on Location and select “Don’t allow sites to see your location”

Edge: Go to Settings and more > Settings > Site permissions > Location. Select “Ask before accessing”

Limit, protect and delete your location data

Most devices have the option to turn location tracking off for the entire device or for select apps. Here’s how to view and change your location privacy settings:

• Mac: Go to your Security & Privacy settings > Location Services.
• Windows: Visit Settings > Privacy > Location.
• iPhone and iPads: How to disable location tracking and select which apps have access to your location
• Android: How to disable location on Android devices and how to select which apps have access to your location.
• Google account: How to manage your Google Location History.

How to delete your Google Location History
Ready to delete your Google Location History in one fell swoop? There’s a button for that.

It’s also a good idea to review all of the apps on your devices. Check to see if you’re sharing your location with some that don’t need it all or even all the time. Some of them might be set up just to get your location, and give you little benefit in return while sharing it with a network of third parties. Consider deleting apps that you don’t use or whose service you could just as easily get through a mobile browser where you might have better location protection.

Blur your device’s location for next-level privacy

Learn more about Mozilla VPN

The post Location history: How your location is tracked and how you can limit sharing it appeared first on The Mozilla Blog.

https://blog.mozilla.org/en/internet-culture/mozilla-explains/location-history/

https://blog.nightly.mozilla.org/2021/09/21/these-weeks-in-firefox-issue-100/

Great news readers, my self-imposed 6 month cooldown on writing amazing blog posts has expired.

My pal Ali just added a flag to Chromium to allow you to test sites while sending a User-Agent string that claims to be version 100 (should be in version 96+, that’s in the latest Canary if you download or update today):

I’ll be lazy and let Karl Dubost do the explaining of the why, in his post “Get Ready For Three Digits User Agent Strings”.

So turn it on and report all kinds of bugs, either at crbug.com/new or webcompat.com/issues/new.

https://miketaylr.com/posts/2021/09/chrome-version-100-testing.html

Spyware has been in the news recently with stories like the Apple security vulnerability that allowed devices to be infected without the owner knowing it, and a former editor of The New York Observer being charged with a felony for unlawfully spying on his spouse with spyware. Spyware is a sub-category of malware that’s aimed at surveilling the behavior of human target(s) using a given device where the spyware is running. This surveillance could include but is not limited to logging keystrokes, capturing what websites you are visiting, looking at your locally stored files/passwords, and capturing audio or video within proximity to the device.

How does spyware work?

Spyware, much like any other malware, doesn’t just appear on a device. It often needs to first be installed or initiated. Depending on what type of device, this could manifest in a variety of ways, but here are a few specific examples:

• You could visit a website with your web browser and a pop-up prompts you to install a browser extension or addon.
• You could visit a website and be asked to download and install some software you weren’t there to get.
• You could visit a website that prompts you to access your camera or audio devices, even though the website doesn’t legitimately have that need.
• You could leave your laptop unlocked and unattended in a public place, and someone could install spyware on your computer.
• You could share a computer or your password with someone, and they secretly install the spyware on your computer.
• You could be prompted to install a new and unknown app on your phone.
• You install pirated software on your computer, but this software additionally contains spyware functionality.

With all the above examples, the bottom line is that there could be software running with a surveillance intent on your device. Once installed, it’s often difficult for a lay person to have 100% confidence that their device can be trusted again, but for many the hard part is first detecting that surveillance software is running on your device.

How to detect spyware on your computer and phone

As mentioned above, spyware, like any malware, can be elusive and hard to spot, especially for a layperson. However, there are some ways by which you might be able to detect spyware on your computer or phone that aren’t overly complicated to check for.

Cameras

On many types of video camera devices, you get a visual indication that the video camera is recording. These are often a hardware controlled light of some kind that indicates the device is active. If you are not actively using your camera and these camera indicator lights are on, this could be a signal that you have software on your device that is actively recording you, and it could be some form of spyware. 

Here’s an example of what camera indicator lights look like on some Apple devices, but active camera indicators come in all kinds of colors and formats, so be sure to understand how your device works. A good way to test is to turn on your camera and find out exactly where these indicator lights are on your devices.

Additionally, you could make use of a webcam cover. These are small mechanical devices that allow users to manually open and shut cameras only when in use. These are generally a very cheap and low-tech way to protect snooping via cameras.

Applications

One pretty basic means to detect malicious spyware on systems is simply reviewing installed applications, and only keeping applications you actively use installed.

On Apple devices, you can review your applications folder and the app store to see what applications are installed. If you notice something is installed that you don’t recognize, you can attempt to uninstall it. For Windows computers, you’ll want to check the Apps folder in your Settings. 

Web extensions

Many browsers, like Firefox or Chrome, have extensive web extension ecosystems that allow users to customize their browsing experience. However, it’s not uncommon for malware authors to utilize web extensions as a medium to conduct surveillance activities of a user’s browsing activity.

On Firefox, you can visit about:addons and view all your installed web extensions. On Chrome, you can visit chrome://extensions and view all your installed web extensions. You are basically looking for any web extensions that you didn’t actively install on your own. If you don’t recognize a given extension, you can attempt to uninstall it or disable it.

Add features to Firefox to make browsing faster, safer or just plain fun.

Get quality extensions, recommended by Firefox.

How do you remove spyware from your device?

If you recall an odd link, attachment, download or website you interacted with around the time you started noticing issues, that could be a great place to start when trying to clean your system. There are various free online tools you can leverage to help get a signal on what caused the issues you are experiencing. VirusTotal, UrlVoid and HybridAnalysis are just a few examples. These tools can help you determine when the compromise of your system occurred. How they can do this varies, but the general idea is that you give it the file or url you are suspicious of, and it will return a report to you showing what various computer security companies know about the file or url. A point of infection combined with your browser’s search history would give you a starting point of various accounts you will need to double check for signs of fraudulent or malicious activity after you have cleaned your system. This isn’t entirely necessary in order to clean your system, but it helps jumpstart your recovery from a compromise.

There are a couple of paths that can be followed in order to make sure any spyware is entirely removed from your system and give you peace of mind:

Install an antivirus (AV) software from a well-known company and run scans on your system

• If you have a Windows device, Windows Defender comes pre-installed, and you should double-check that you have it turned on.
• If you currently have an AV software installed, make sure it’s turned on and that it’s up to date. Should it fail to identify and remove the spyware from your system, then it’s on to one of the following options.

Run a fresh install of your system’s operating system

• While it might be tempting to backup files you have on your system, be careful and remember that your device was compromised and the file causing the issue could end up back on your system and again compromising it.
• The best way to do this would be to wipe the hard drive of your system entirely, and then reinstall from an external device.

How can you protect yourself from getting spyware?

There are a lot of ways to help keep your devices safe from spyware, and in the end it can all be boiled down to employing a little healthy skepticism and practicing good basic digital hygiene. These tips will help you stay on the right track:

Be wary. Don’t click on links, open/download attachments from unknown senders. This applies to both messaging apps as well as emails. 

Stay updated. Take the time to install updates/patches. This helps make sure your devices and apps are protected against known issues.

Check legitimacy. If you aren’t sure if a website or email is giving legitimate information, take the time to use your favorite search engine to find the legitimate website. This helps avoid issues with typos potentially leading you to a bad website

Use strong passwords. Ensure all your devices have solid passwords that are not shared. It’s easier to break into a house that isn’t locked.

Delete extras. Remove applications you don’t use anymore. This reduces the total attack surface you are exposing, and has the added bonus of saving space for things you care about.

Use security settings. Enable built in browser security features. By default, Firefox is on the lookout for malware and will alert you to Deceptive Content and Dangerous Software.

The post Did you hear about Apple’s security vulnerability? Here’s how to find and remove spyware. appeared first on The Mozilla Blog.

https://blog.mozilla.org/en/internet-culture/mozilla-explains/find-and-remove-spyware/

bugbug started as a project to automatically assign a type to bugs (defect vs enhancement vs task, back when we introduced the “type” we needed a way to fill it for already existing bugs), and then evolved to be a platform to build ML models on bug reports: we now have many models, some of which are being used on Bugzilla, e.g. to assign a type, to assign a component, to close bugs detected as spam, to detect “regression” bugs, and so on.

Then, it evolved to be a platform to build ML models for generic software engineering purposes: we now no longer only have models that operate on bug reports, but also on test data, patches/commits (e.g. to choose which tests to run for a given patch and to evaluate the regression riskiness associated to a patch), and so on.

Its infrastructure also evolved over time and slowly became more complex. This post attempts to clarify its overall infrastructure, composed of multiple pipelines and multi-stage deployments.

The nice aspect of the continuous integration, deployment and production services of bugbug is that almost all of them are running completely on Taskcluster, with a common language to define tasks, resources, and so on.

In bugbug’s case, I consider a release as a code artifact (source code at a given tag in our repo) plus the ML models that were trained with that code artifact and the data that was used to train them. This is because the results of a given model are influenced by all these aspects, not just the code as in other kinds of software. Thus, in the remainder of this post, I will refer to “code artifact” or “code release” when talking about a new version of the source code, and to “release” when talking about a set of artifacts that were built with a specific snapshot (version) of the source code and with a specific snapshot of the data.

The overall infrastructure can be seen in this flowchart, where the nodes represent artifacts and the subgraphs represent the set of operations performed on them. The following sections of the blog post will then describe the components of the flowchart in more detail.

Continuous Integration and First Stage (Training Pipeline) Deployment

Every pull request and push to the repository triggers a pipeline of Taskcluster tasks to:

• run tests for the library and its linked HTTP service;
• run static analysis and linting;
• build Python packages;
• build the frontend;
• build Docker images.

Code releases are represented by tags. A push of a tag triggers additional tasks that perform:

• integration tests;
• push of Docker images to DockerHub;
• release of a new version of the Python package on PyPI;
• update of the training pipeline definition.

After a code release, the training pipeline which performs ML training is updated, but the HTTP service, the frontend and all the production pipelines that depend on the trained ML models (the actual release) are still on the previous version of the code (since they can’t be updated until the new models are trained).

Continuous Training and Second Stage (ML Model Services) Deployment

The training pipeline runs on Taskcluster as a hook that is either triggered manually or on a cron.

The training pipeline consists of many tasks that:

• retrieve data from multiple sources (version control system, bug tracking systems, Firefox CI, etc.);
• generation of intermediate artifacts that are used by later stages of the pipeline or by other pipelines or other services;
• training of ML models using the above (there are also training tasks that depend on other models to be trained and run first to generate intermediate artifacts);
• check training metrics to ensure there are no short term or long term regressions;
• run integration tests with the trained models;
• build Docker images with the trained models;
• push Docker images with the trained models;
• update the production pipelines definition.

After a run of the training pipeline, the HTTP service and all the production pipelines are updated to the latest version of the code (if they weren’t already) and to the last version of the trained models.

Production pipelines

There are multiple production pipelines (here’s an example), that serve different objectives, all running on Taskcluster and triggered either on cron or by pulse messages from other services.

Frontend

The bugbug UI lives at https://changes.moz.tools/, and it is simply a static frontend built in one of the production pipelines defined in Taskcluster.

The production pipeline performs a build and uploads the artifact to S3 via Taskcluster, which is then exposed at the URL mentioned earlier.

HTTP Service

The HTTP service is the only piece of the infrastructure that is not running on Taskcluster, but currently on Heroku.

The Docker images for the service are built as part of the training pipeline in Taskcluster, the trained ML models are included in the Docker images themselves. This way, it is possible to rollback to an earlier version of the code and models, should a new one present a regression.

There is one web worker that answers to requests from users, and multiple background workers that perform ML model evaluations. These must be done in the background because of performance reasons (the web worker must answer quickly). The ML evaluations themselves are quick, and so could be directly done in the web worker, but the input data preparation can be slow as it requires interaction with external services such as Bugzilla or a remote Mercurial server.

https://marco-c.github.io/2021/09/20/bugbug-infrastructure.html

ac_add_options --enable-debug
ac_add_options --enable-debug-symbols
ac_add_options --enable-optimize
ac_add_options --enable-profiling

export MOZ_PROFILER_STARTUP=1
export MOZ_PROFILER_SHUTDOWN=awsy-profile.json
export MOZ_PROFILER_STARTUP_FEATURES="nostacksampling"
./mach awsy-test --tp6 --headless --iterations 1 --entities 10

export MOZ_PROFILER_STARTUP_ENTRIES=$((200*1024*1024))

export MOZ_PROFILER_STARTUP=1
export MOZ_PROFILER_SHUTDOWN=awsy-profile.json
export MOZ_PROFILER_STARTUP_FEATURES=""
export MOZ_PROFILER_STARTUP_ENTRIES=$((200*1024*1024))
./mach awsy-test --tp6 --headless --iterations 1 --entities 10

https://paul.bone.id.au/blog/2021/09/18/how-to-profile-awsy/

(“This Week in Glean” is a series of blog posts that the Glean Team at Mozilla is using to try to communicate better about our work. They could be release notes, documentation, hopes, dreams, or whatever: so long as it is inspired by Glean.) All “This Week in Glean” blog posts are listed in the TWiG index.

This is a followup post to Shipping Glean with GeckoView.

It took us several more weeks to put everything into place, but we’re finally shipping the Rust parts of the Glean Android SDK with GeckoView and consume that in Android Components and Fenix. And it still all works, collects data and is sending pings! Additionally this results in a slightly smaller APK as well.

This unblocks further work now. Currently Gecko simply stubs out all calls to Glean when compiled for Android, but we will enable recording Glean metrics within Gecko and exposing them in pings sent from Fenix. We will also start work on moving other Rust components into mozilla-central in order for them to use the Rust API of Glean directly. Changing how we deliver the Rust code also made testing Glean changes across these different components a bit more challenging, so I want to invest some time to make that easier again.

https://blog.mozilla.org/data/2021/09/17/this-week-in-glean-glean-geckoview/

(“This Week in Glean” is a series of blog posts that the Glean Team at Mozilla is using to try to communicate better about our work. They could be release notes, documentation, hopes, dreams, or whatever: so long as it is inspired by Glean.) All "This Week in Glean" blog posts are listed in the TWiG index (and on the Mozilla Data blog). This article is cross-posted on the Mozilla Data blog.

This is a followup post to Shipping Glean with GeckoView.

It took us several more weeks to put everything into place, but we're finally shipping the Rust parts of the Glean Android SDK with GeckoView and consume that in Android Components and Fenix. And it still all works, collects data and is sending pings! Additionally this results in a slightly smaller APK as well.

This unblocks further work now. Currently Gecko simply stubs out all calls to Glean when compiled for Android, but we will enable recording Glean metrics within Gecko and exposing them in pings sent from Fenix. We will also start work on moving other Rust components into mozilla-central in order for them to use the Rust API of Glean directly. Changing how we deliver the Rust code also made testing Glean changes across these different components a bit more challenging, so I want to invest some time to make that easier again.

https://fnordig.de/2021/09/17/glean-geckoview

If recent surveys and polls ring true, over 46% of the global workforce is considering leaving their employer this year. Despite COVID-19 causing initial turnover due to the related economic downturn, the current phenomenon coined “The Great Resignation” is attributed to the many job seekers choosing to leave their current employment voluntarily. Mass vaccinations and mask mandates have allowed offices to re-open just as job seekers are reassessing work-life balance, making bold moves to take control of where they choose to live and work. 

The “New Normal”

Millions of workers have adjusted to remote-flexible work arrangements, finding success and a greater sense of work-life balance. The question is whether or not employers will permanently allow this benefit post-pandemic.

Jerry Lee, COO/Founder of the career development consultancy, Wonsulting, sees changes coming to the workplace power dynamic.

“In the future of work, employers will have to be much more employee-first beyond monetary compensation,” he said. “There is a shift of negotiating power moving from the employers to the employees, which calls for company benefits and work-life balance to improve.” 

Abbie Duckham, Talent Operations Program Manager at Mozilla, believes the days of companies choosing people are long over. 

“From a hiring lens, it’s no longer about companies choosing people, it’s about people choosing companies,” Duckham said. “People are choosing to work at companies that, yes, value productivity and revenue – but more-so companies that value mental health and understand that every single person on their staff has a different home life or work-life balance.”

Drop the mic and cue the job switch

So, how can recent job switchers or job seekers better prepare for their next big move? The following tips and advice from career and talent sourcing experts can help anyone perform their best while adapting to our current pandemic reality.

Take a vacation *seriously*

“When starting a new role many are keen to jump into work right away; however, it’s always important to take a mental break between your different roles before you start another onboarding process,” advises Jonathan Javier, CEO/Founder at Wonsulting. “One way to do this is to plan your vacations ahead of your switch: that trip to Hawaii you always wanted? Plan it right after you end your job. That time you wanted to spend with your significant other? Enjoy that time off.” 

It also never hurts to negotiate a start date that does not prioritize your mental preparedness and well-being.

Out with the old and in with that new-new

When Duckham started at Mozilla, she made it her mission to absorb every bit of the manifesto to better understand Mozilla’s culture. “From there I looked into what we actually do as a company. Setting up a Firefox account was pretty crucial since we are all about dog-fooding here (or as we call it, foxfooding), and then downloading Firefox Nightly, the latest beta-snapshot of the browser as our developers are actively working on it.”

Duckham also implores job-switchers to rebrand themselves. 

“You have a chance to take everything you wanted your last company to know about you and restart,” she said. “Take everything you had imposter syndrome about and flip the switch.”

Network early

“When you join a new company, it’s important to identify the subject matter experts for different functions of your company so you know who you can reach out to if you have any questions or need insights,” Javier said.

Javier also recommends networking with people who have also switched jobs. 

“You can search for and find people who switched from non-tech roles to an in-tech role by simply searching for ‘Past Company’ at a non-tech company and then putting ‘Current Company’ at a tech company on LinkedIn,” he said.

Brain-breaks 

Duckham went as far as giving her digital workspace a refreshing overhaul when she started at Mozilla. 

“I cleaned off my desktop, made folders for storing files, and essentially crafted a blank working space to start fresh from my previous company – effectively tabula rasa-ing my digital workspace did the same for my mental state as I prepared to absorb tons of new processes and practices.”

In that same vein, when you need a bit of a brain-break throughout the work day and that break leads you to social media, Duckham advises downloading Facebook Container, a browser extension that makes it harder for Facebook to track you on the web outside of Facebook.

“Speaking of brain-breaks, if socials aren’t your thing and you’d rather catch up on written curated content from around the web, Pocket is an excellent way to let your mind wander and breathe during the work day so you’re able return to work a little more refreshed,” Duckham added.

Making remote friends and drawing boundary lines

56% of Mozilla employees signed in to work from remote locations all over the world, even before the pandemic. Working asynchronously across so many time zones can be unusual for new teammates. Duckham’s biggest tip for new Mozillians? 

“Be open and a little vulnerable. Do you need to take your kid to school every day, does your dog require a mid-day walk? Chances are your schedule is just as unique as the person in the Zoom window next to you. Be open about the personal time you need to take throughout the day and then build your work schedule around it.” 

But what about building comradery and remote-friendships? 

“In a traditional work environment, you might run into your colleagues in the break room and have a quick chat. As roles continue to become more remote or hybrid-first, it is important to create opportunities for you to mingle with your colleagues,” Jerry Lee of Wonsulting said. “These small interactions are what builds long-lasting friendships, which in turn allows you to feel more comfortable and productive at work.”

How to leverage pay, flexibility and other benefits even if you aren’t job searching

“The best leverage you can find in this job market – is clearly defining what is important for you and making sure you have that option in your role,” Lee said. 

He’s not wrong. Make sure to consider your current growth opportunities, autonomy, location, work-life flexibility and compensation, of course. For example, if you are looking for a flexible-remote arrangement, Lee suggests clearly articulating what it is you want to your manager using the following talk-track as a guide:

Hey Manager!

I’m looking for ways to better incorporate my work into my personal life, and I’ve realized one important factor for me is location flexibility. I’m looking to move around a bit in the next few years but would love to continue the work I have here.

What can we do to make this happen?

Once you make your request, you’ll need to work with your manager to ensure your productivity and impact improves or at least remains the same.

Finally, it’s always helpful to remind yourself that every ‘big’ career move is the result of several smaller moves. If you’re looking to make a switch or simply reaccessing your current work-life balance, Javier recommends practicing vision boarding. “I do this by drawing my current state and what I want my future state to look like,” said Javier. “Even if your drawings are not subpar, you’ll be able to visualize what you want to accomplish in the future and make it into reality.”

As the Great Resignation continues, it is important to keep in mind that getting a new job is just the start of the journey. There are important steps that you can do, and Firefox and Pocket can help, to make sure that you feel ready for your next career adventure.

Get Firefox

Get the browser that protects what’s important

About our experts

Jonathan Javier is the CEO/Founder of Wonsulting, whose mission is to “turn underdogs into winners”. He’s also worked in Operations at Snap, Google, and Cisco coming from a non-target school/non-traditional background. He works on many initiatives, providing advice and words of wisdom on LinkedIn and through speaking engagements. In total, he has led 210+ workshops in 9 different countries including the Mena ICT Forum in Jordan, Resume/Personal Branding at Cisco, LinkedIn Strategy & Operations Offsite, Great Place To Work, Talks at Google, TEDx, and more. He’s been featured on Forbes, Fox News, Business Insider, The Times, LinkedIn News, Yahoo! News, Jobscan, and Brainz Magazine as a top job search expert and amassed 1M+ followers on LinkedIn, Instagram, TikTok as well as 30+ million impressions monthly on his content.

Jerry Lee is the COO/Founder of Wonsulting and an ex-Senior Strategy & Operations Manager at Google & used to lead Product Strategy at Lucid. He is from Torrance, California and graduated summa cum laude from Babson College. After graduating, Jerry was hired as the youngest analyst in his organization by being promoted multiple times in 2 years to his current position. After he left Google, he was the youngest person to lead a strategy team at Lucid. Jerry partners with universities & organizations (220+ to date) to help others land into their dream careers. He has 250K+ followers across LinkedIn, TikTok & Instagram and has reached 40M+ professionals. In addition, his work is featured on Forbes, Newsweek, Business Insider, Yahoo! News, LinkedIn & elected as the 2020 LinkedIn Top Voice for Tech. 

Abbie Duckham is the current Talent Operations Program Manager at Mozilla. She has been with the company since 2016, working out of the San Francisco Office, and now her home office in Oakland.

The post The Great Resignation: New gig? Here are 7 tips to ensure success appeared first on The Mozilla Blog.

https://blog.mozilla.org/en/products/firefox/the-great-resignation-new-job-tips/

http://smallcultfollowing.com/babysteps/blog/2021/09/16/rustacean-principles-continued/

Your online privacy remains our top priority, and we know that one of the first things to secure your privacy when you go online is to get on a Virtual Private Network (VPN), an encrypted connection that serves as a tunnel between your computer and VPN server. Today, we’re launching the latest release of our Mozilla VPN, our fast and easy-to-use VPN service, with two new advanced privacy features that offer additional layers of privacy. This includes your choice of Domain Name System (DNS) servers whether it’s the default we’ve provided, our suggested ad blocking, tracker blocking or ad plus tracker blocking DNS server, or an alternative one, plus the multi-hop feature which allows you to add two different servers to give you twice the amount of encryption. Today’s Mozilla VPN release is available on Windows, Mac, Linux and Android platforms (it will soon be available on iOS later this week).

Here are today’s Mozilla VPN Features:

Uplevel your privacy with Mozilla VPN’s Custom DNS server feature

Traditionally when you go online your traffic is routed through your Internet Service Provider’s (ISP) DNS servers who may be keeping records of your online activities. DNS, which stands for Domain Name System, is like a phone book for domains, which are the websites that you visit. One of the advantages to using a VPN is shielding your online activity from your ISP by using your trusted VPN service provider’s DNS servers. There are a variety of DNS servers, from ones that offer additional features like tracker blocking, ad blocking or a combination of both tracker and ad blocking, or local DNS servers that have those benefits along with speed. 

Now, with today’s Custom DNS server, we put you in control of choosing your DNS server that fits your needs. You can find this feature in your Network Settings under Advanced DNS Settings. From there, you can choose from the default DNS server, enter your local DNS server, or choose from the recommended list of DNS servers available to you. 

Double up your VPN service with Mozilla’s VPN Multi-hop feature

We’re introducing our Multi-hop feature which is also known as doubling up your VPN because instead of using one VPN server you can use two VPN servers. Here’s how it works, first your online activity is routed through one VPN server. Then, by selecting the Multi-Hop feature, your online activity will get routed a second time through an extra VPN server which is known as your exit server. Essentially, you will have two VPN servers which are known as the entry VPN server and exit VPN server. This new powerful privacy feature appeals to those who think twice about their privacy, like political activists, journalists writing sensitive topics, or anyone who’s using a public wi-fi and wants that added peace of mind by doubling-up their VPN servers.

To turn on this new feature, go to your Location, then choose Multi-hop. From there, you can choose your entry server location and your exit server location. The exit server location will be your main VPN server. We will also list your two recent Multi-hop connections so you can reuse them in the future. 

How we innovate and build features for you with Mozilla VPN

Developed by Mozilla, a mission-driven company with a 20-year track record of fighting for online privacy and a healthier internet, we are committed to innovate and bring new features to the Mozilla VPN. Mozilla periodically works with third-party organizations to complement our internal security programs and help improve the overall security of our products. Mozilla recently published an independent security audit of its Mozilla VPN from Cure53, an unbiased cybersecurity firm based in Berlin with more than 15 years of running software testing and code auditing. Here is a link to the blog post and the security audit for more details. 

We know that it’s more important than ever for you to be safe, and for you to know that what you do online is your own business. By subscribing to Mozilla VPN, users support both Mozilla’s product development and our mission to build a better web for all. Check out the Mozilla VPN and subscribe today from our website.

For more on Mozilla VPN:

Mozilla VPN Completes Independent Security Audit by Cure53

Celebrating Mozilla VPN: How we’re keeping your data safe for you

Latest Mozilla VPN features keep your data safe

Mozilla Puts Its Trusted Stamp on VPN

The post Mozilla VPN adds advanced privacy features: Custom DNS servers and Multi-hop appeared first on The Mozilla Blog.

https://blog.mozilla.org/en/mozilla/mozilla-vpn-adds-advanced-privacy-features-custom-dns-servers-and-multi-hop/

Today, people have to work too hard to find what they want online, sifting through and steering clear of content, clutter and click-bait not worthy of their time. Over time, navigation on the internet has become increasingly centralized and optimized for clicks and scrolling, not for getting people to where they want to go or what they are looking for quickly. 

We’d like to help change this, and we think Firefox is a good place to start.

Today we’re announcing our first step towards doing that with a new feature called Firefox Suggest.

Firefox Suggest is a new discovery feature that is built directly into the browser. Firefox Suggest acts as a trustworthy guide to the better web, surfacing relevant information and sites to help people accomplish their goals. Check it out here:

Relevant, reliable answers: 

Firefox already helps people search their browsing history and tabs and use their preferred search engine directly from Firefox’s Awesome Bar. 

Firefox Suggest will enhance this by including other sources of information such as Wikipedia, Pocket articles, reviews and credible content from sponsored, vetted partners and trusted organizations. 

For instance, suppose someone types “Costa Rica” into the Awesome Bar, they might see a result from Wikipedia:

Firefox Suggest also contains sponsored suggestions from vetted partners. For instance, if someone types in “vans”, we might show a sponsored result for Vans shoes on eBay:

We are also developing contextual suggestions. These aim to enhance and speed up your searching experience. To deliver contextual suggestions, Firefox will need to send Mozilla new data, specifically, what you type into the search bar, city-level location data to know what’s nearby and relevant, as well as whether you click on a suggestion and which suggestion you click on.

In your control:

As always, we believe people should be in control of their web experience, so Firefox Suggest will be a customizable feature. 

We’ll begin offering contextual suggestions to a percentage of people in the U.S. as an opt-in experience. 

Find out more about the ways you can customize this experience here.

Unmatched privacy: 

We believe online ads can work without advertisers needing to know everything about you. So when people choose to enable smarter suggestions, we will collect only the data that we need to operate, update and improve the functionality of Firefox Suggest and the overall user experience based on our Lean Data and Data Privacy Principles. We will also continue to be transparent about our data and data collection practices as we develop this new feature.

A better web. 

The internet has so much to offer, and we want to help people get the best out of it faster and easier than ever before.

Firefox is the choice for people who want to experience the web as a purpose driven and independent company envisions it. We create software for people that provides real privacy, transparency and valuable help with navigating today’s internet. This is another step in our journey to build a better internet.

The post Get where you’re going faster, with Firefox Suggest appeared first on The Mozilla Blog.

https://blog.mozilla.org/en/products/firefox/firefox-news/firefox-suggest/

Hey SUMO folks,

September is going to be the last month for Q3, so let’s see what we’ve been up to for the past quarter.

Welcome on board!

1. Welcome to SUMO family for Bithiah, mokich1one, handisutrian, and Pomara'nczarz. Bithiah has been pretty active on contributing to the support forum for a while now, while Mokich1one, Handi, and Pomara'nczarz are emerging localization contributors respectively for Japanese, Bahasa Indonesia, and Polish.

Community news

• Read our post about the advanced customization in the forum and KB here and let us know if you still have any questions!
• Please join me to welcome Abby into the Customer Experience Team. Abby is our new Content Manager who will be in charge of our Knowledge Base as well as Localization effort. You can learn more about Abby soon.
• Learn more about Firefox 92 here.
• Can you imagine what’s gonna happen when we reach version 100? Learn more about the experiment we’re running in Firefox Nightly here and see how you can help!
• Are you a fan of Firefox Focus? Join our foxfooding campaign for focus that is coming. You can learn more about the campaign here.
• No Kitsune update for this month. Check out SUMO Engineering Board instead to see what the team is currently doing.

Community call

• Watch the monthly community call if you haven’t. Learn more about what’s new in August!
• Reminder: Don’t hesitate to join the call in person if you can. We try our best to provide a safe space for everyone to contribute. You’re more than welcome to lurk in the call if you don’t feel comfortable turning on your video or speaking up. If you feel shy to ask questions during the meeting, feel free to add your questions on the contributor forum in advance, or put them in our Matrix channel, so we can address them during the meeting.

Community stats

KB

KB pageviews (*)

* KB pageviews number is a total of KB pageviews for /en-US/ only

Top 5 KB contributors in the last 90 days: 

1. AliceWyman
2. Thomas8
3. Michele Rodaro
4. K_alex
5. Pierre Mozinet

KB Localization

Top 10 locale based on total page views

* Locale pageviews is an overall pageviews from the given locale (KB and other pages)

** Localization progress is the percentage of localized article from all KB articles per locale

Top 5 localization contributors in the last 90 days: 

1. Milupo
2. Michele Rodaro
3. Jim Spentzos
4. Soucet
5. Artist

Forum Support

Forum stats

Top 5 forum contributors in the last 90 days: 

1. FredMcD
2. Cor-el
3. Jscher2000
4. Seburo
5. Sfhowes

Social Support

Top contributors in Aug 2021

1. Christophe Villeneuve
2. Andrew Truong
3. Pravin

Play Store Support

We don’t have enough data for the Play Store Support yet. However, you can check out the overall Respond Tool metrics here.

Product updates

Firefox desktop

• Fx Desktop 92 went live (09/07)
  • Closing Tabs
  • Block Multiple downloads
  • Certificate Error Pages
  • Polish Mac OS experience
• FX Desktop 93 Expected to land (10/05)

Firefox mobile

• Fenix 92 went live (09/07)
  • Android Studies
  • What’s New
• Fenix 93 expected to land (10/05)
• IOS v37 went live (09/07)
  • Enable autofill on your iphone or ipad
  • Manually add new credentials
  • Changes to tracking protection icon
  • What’s new on IOS V37
• IOS V38 expected to land (10/5)
• Firefox Focus expected to land (10/5)

Other products / Experiments

• Mozilla VPN V2.5 Expected to release 09/15
  • Getting help if you cannot sign in
  • Local DNS
  • Multi-Hop
• Fx Search experiment:
  • From Sept 6, 2021 1% of the Desktop user base will be experimenting with Bing as the default search engine. The study will last into early 2022, likely wrapping up by the end of January.
  • Common response:
    • Forum: Search study – September 2021
    • Conversocial clipboard: “Mozilla – Search study sept 2021”
    • Twitter: Hi, we are currently running a study that may cause some users to notice that their default search engine has changed. To revert back to your search engine of choice, please follow the steps in the following article -> https://mzl.la/3l5UCLr
• Firefox Suggest + Data policy update (Sept 16 + Oct 5)
  • September 16th, the Mozilla Privacy Policy will be updated to supplement the roll out of FX Suggest online mode. Currently, FX Suggest is utilizing offline mode which limits the data collected. Online mode will collect additional anonymized information after users opt-in to this feature. Users can opt-out of this experience by following the instructions here.

Shout-outs!

• Kudos for Julie for her work in the Knowledge Base lately. She’s definitely adding a new color in our KB world with her video and article improvement.
• Thanks to those who contributed to the FX Desktop Topics Discussion
  • If you have input or questions please post them to the thread above

If you know anyone that we should feature here, please contact Kiki and we’ll make sure to   add them in our next edition.

Useful links:

• #SUMO Matrix group
• SUMO Discourse
• Contributor forums
• Twitter @SUMO_mozilla and @FirefoxSupport
• SUMO Blog

https://blog.mozilla.org/sumo/2021/09/15/whats-up-with-sumo-september-2021/

The next “Cross Team Collaboration Fun Times” (CTCFT) meeting will take place next Monday, on 2021-09-20 (in your time zone)! This post covers the agenda. You’ll find the full details (along with a calendar event, zoom details, etc) on the CTCFT website.

Agenda

• Announcements
• Interest group panel discussion

We’re going to try something a bit different this time! The agenda is going to focus on Rust interest groups and domain working groups, those brave explorers who are trying to put Rust to use on all kinds of interesting domains. Rather than having fixed presentations, we’re going to have a panel discussion with representatives from a number of Rust interest groups and domain groups, led by AngelOnFira. The idea is to open a channel for communication about how to have more active communication and feedback between interest groups and the Rust teams (in both directions).

Afterwards: Social hour

After the CTCFT this week, we are going to try an experimental social hour. The hour will be coordinated in the #ctcft stream of the rust-lang Zulip. The idea is to create breakout rooms where people can gather to talk, hack together, or just chill.

http://smallcultfollowing.com/babysteps/blog/2021/09/15/ctcft-2021-09-20-agenda/

Introduction

Firefox Suggest is a new feature that displays direct links to content on the web based on what users type into the Firefox address bar. Some of the content that appears in these suggestions is provided by partners, and some of the content is sponsored.

In building Firefox Suggest, we have followed our long-standing Lean Data Practices and Data Privacy Principles. Practically, this means that we take care to limit what we collect, and to limit what we pass on to our partners. The behavior of the feature is straightforward–suggestions are shown as you type, and are directly relevant to what you type.

We take the security of the datasets needed to provide this feature very seriously. We pursue multi-layered security controls and practices, and strive to make as much of our work as possible publicly verifiable.

In this post, we wanted to give more detail about what data is needed to provide this feature, and about how we handle it.

Changes with Firefox Suggest

The address bar experience in Firefox has long been a blend of results provided by partners (such as the user’s default search provider) and information local to the client (such as recently visited pages). For the first time, Firefox Suggest augments these data sources with search completions from Mozilla.

In its current form, Firefox Suggest compares searches against a list of allowed terms that is local to the client. When the search text matches a term on the allowed list, a completion suggestion may be shown alongside the local and default search engine suggestions.

Data Collected by Mozilla

Mozilla collects the following information to power Firefox Suggest when users have opted in to contextual suggestions.

• Search queries and suggest impressions: Firefox Suggest sends Mozilla search terms and information about engagement with Firefox Suggest, some of which may be shared with partners to provide and improve the suggested content.
• Clicks on suggestions: When a user clicks on a suggestion, Mozilla receives notice that suggested links were clicked.
• Location: Mozilla collects city-level location data along with searches, in order to properly serve location-sensitive queries.

How Data is Handled and Shared

Mozilla approaches handling this data conservatively. We take care to remove data from our systems as soon as it’s no longer needed. When passing data on to our partners, we are careful to only provide the partner with the minimum information required to serve the feature.

A specific example of this principle in action is the search’s location. The location of a search is derived from the Firefox client’s IP address. However, the IP address can identify a person far more precisely than is necessary for our purposes. We therefore convert the IP address to a more general location immediately after we receive it, and we remove the IP address from all datasets and reports downstream. Access to machines and (temporary, short-lived) datasets that might include the IP address is highly restricted, and limited only to a small number of administrators. We don’t enable or allow analysis on data that includes IP addresses.

We’re excited to be bringing Firefox Suggest to you. See the product announcement to learn more!

https://blog.mozilla.org/data/2021/09/15/data-and-firefox-suggest/