Emilio Cobos Álvarez:

So this week I landed a few patches that completely removed XUL layout from the Firefox codebase.

This means that (modulo a few exceptions documented below) all the Firefox UI is using regular web technology to render (mostly CSS flexbox).

This was a rather big effort (first filed 9 years ago in bug 1033225), and I wanted to document some of the things that I learned during the process, some of the things and decisions that made it possible, and some of the things that I would’ve maybe done differently.

Creator Tyler Deitz says:

StreetPass is a browser extension that helps you find your people on Mastodon. It piggybacks off the way Mastodon handles decentralized identity verification and turns it into a simple discovery tool that recommends users based on the websites you visit! Available for Chrome and Firefox (soon Safari).

Discovery is one of the more challenging facets of federated social networking. It gets even more challenging now that Twitter’s API is getting paywall’d, so most of the free tools to port your Twitter social graph over to Mastodon will quit working. I expect more tools like StreetPass to pop up in the coming days as the Fediverse seems to be capturing that hacker spirit Twitter once embraced.

Total Cookie Protection is Firefox’s strongest privacy protection to date, confining cookies to the site where they were created, thus preventing tracking companies from using these cookies to track your browsing from site to site.

In Firefox 95, we’re shipping a novel sandboxing technology called RLBox that makes it easy and efficient to isolate subcomponents to make the browser more secure. This technology opens up new opportunities beyond what’s been possible with traditional process-based sandboxing…

Turns out using WebAssembly to isolate potentially-buggy code is a pretty big win:

Going forward, we can treat these modules as untrusted code, and — assuming we did it right — even a zero-day vulnerability in any of them should pose no threat to Firefox.

ICYMI. (I miss it. Do you miss it?)

Bozhidar Batsov on the sad state of Chrome’s web rendering hegemony:

We’ve gotten to the point that Chrome-based browsers are so common that developers just stopped to bother supporting other browsers… Soon Google are going to be in complete control of web standards, unless something drastically changes. Do you want the future of browsing to lie solely in the hands of the biggest advertising business on Earth? I’m pretty sure that I don’t.

Yulia Startsev from Mozilla’s SpiderMonkey team joins Jerod & Feross to talk compilers, going back to get your Master’s, making decisions as a group, process of shepherding a feature through TC39, how Firefox actually works, and LavaMoats. Yes, LavaMoats.

If you updated your Firefox to version 89 and were not-so-pleasantly surprised by the brand new Proton interface, this Lepton project may be of interest to you. Lepton doesn’t throw Proton out with the bath water, but aims to improve some key aspects the author didn’t appreciate.

ClearURLs is an add-on based on the new WebExtensions technology and is optimized for Firefox and Chrome based browsers.

This extension will automatically remove tracking elements from URLs to help protect your privacy when browse through the Internet, which is regularly updated by us and can be found here.

Marcel Klehr:

Remember Xmarks? It was great. Floccus does the same thing and even allows you to sync with whatever server you want: any Google Drive, any Nextcloud, any WebDAV server. With more backends in the works.

Floccus has extensions for Chrome (and its derivatives), Firefox, and Edge browsers.

Today we are pleased to announce Total Cookie Protection, a major privacy advance in Firefox built into ETP Strict Mode. Total Cookie Protection confines cookies to the site where they were created, which prevents tracking companies from using these cookies to track your browsing from site to site.

You gotta love to see it. 👏

supercookies can be used in place of ordinary cookies to store user identifiers, but they are much more difficult to delete and block. This makes it nearly impossible for users to protect their privacy as they browse the web. Over the years, trackers have been found storing user identifiers as supercookies in increasingly obscure parts of the browser, including in Flash storage, ETags, and HSTS flags.

To hell with these trackers and the tech they rode in on.

In Firefox 85, we’re introducing a fundamental change in the browser’s network architecture to make all of our users safer: we now partition network connections and caches by the website being visited. Trackers can abuse caches to create supercookies and can use connection identifiers to track users. But by isolating caches and network connections to the website they were created on, we make them useless for cross-site tracking.

You gotta love it 🍻

A Chrome and Firefox extension that mounts your browser tabs as a filesystem on your computer.

This gives you a ton of power, because now you can apply all the existing tools on your computer that already know how to deal with files – terminal commands, scripting languages, point-and-click explorers, etc – and use them to control and communicate with your browser.

Now you don’t need to code up a browser extension from scratch every time you want to do anything. You can write a script that talks to your browser in, like, a melange of Python and bash, and you can save it as a single ordinary file that you can run whenever, and it’s no different from scripting any other part of your computer.

Command line tool to extract the main content from a webpage, as done by the “Reader View” feature of most modern browsers. It’s intended to be used with terminal RSS readers, to make the articles more readable on web browsers such as lynx. The code is closely adapted from the Firefox version and the output is expected to be mostly equivalent.

I could see this fitting in nicely in a pipeline between curl and, well, lots of other commands.

The fallout from Mozilla’s August shake-up is beginning to land and Firefox Send has been officially shuttered. The free file sharing service was already taken offline over the summer to fend off some spear phishing attacks, but any hopes of it coming back online are now dashed.

The project’s GitHub repo continues to trend in Changelog Nightly despite its now-archived status. Why all the posthumous starring? Maybe people are quietly paying their respects for the deceased… 🤔

Coil is a web monetization effort where you subscribe for $5 a month and get access to various exclusive content things on participating websites. I think of it like Brave meets Patreon.

Firefox Reality is “mixed reality” (AR/VR) games and experiences from around the web.

The news here is that Mozilla is adopting Coil to experiment with monetization on Firefox Reality. Coil is for-profit, which adds a wrinkle to things. It uses Interledger to move money, which means creators can work in whichever currency they like. Lots of details and explanations in the linked post from Mozilla’s blog.

Firefox is mostly written in C and C++. These languages are notoriously difficult to use safely, since any mistake can lead to complete compromise of the program.

The team has thus far had 2 strategies for securing the codebase, breaking code into multiple sandboxed processes with reduced privileges and rewriting code in a safe language like Rust.

today, we’re adding a third approach to our arsenal. RLBox, a new sandboxing technology developed by researchers at the University of California, San Diego, the University of Texas, Austin, and Stanford University, allows us to quickly and efficiently convert existing Firefox components to run inside a WebAssembly sandbox.

This strikes me as a bonkers idea and kinda brilliant.

The core implementation idea behind wasm sandboxing is that you can compile C/C++ into wasm code, and then you can compile that wasm code into native code for the machine your program actually runs on.

Click through to read more about how they’re pulling this off.

The main differences with existing extensions are: multiple selections, keyboard layout agnostic, SOV (subject–object–verb) constructs and simple interaction with external programs. It is also quite usable with the mouse.

Demo videos are (temporarily?) unavailable, but there’s a fun tutorial that achieves a bunch of tasks on pokemon.com. Inspired by Kakoune.

A fully private memory-boosting extension to eliminate time spent bookmarking, retracing steps to recall an old webpage, or copy-pasting notes into scattered documents. Its name and functionalities are heavily inspired by Vannevar Bush’s vision of a Memex.

“Memex” is thought by some to be a portmanteau of “memory” and “index”. Makes sense to me.

The WebSocket Inspector is part of the existing Network panel UI in DevTools. It’s already possible to filter the content for opened WS connections in this panel, but till now there was no chance to see the actual data transferred through WS frames.

This is rad. It’ll ship to all Firefox users in version 71, but it’s available in Firefox Developer Edition today.

This in-beta feature should be stolen by all browser DevTools teams. Such a great idea!

A collective effort by browser makers (Microsoft, Mozilla, and Google) to understand where the dev community would like them to invest their energy.

We started this project to collect your feedback about the current state of the web and to give you a voice to help shape what the future of web.

They’re taking this effort on the road to various conferences, but there’s also a non-geographically-constrained way of sounding off as well: you can fill out the form on the website. 😄

Those sneaky Mozillians are up to no good with their new tool to confound advertisers:

Let us open 100 tabs of pure madness to fool trackers into thinking you’re someone else.

Mozilla has officially released Firefox Monitor, which gives us a glossy front-end to review the many breaches out there.

I signed into my Firefox account, registered a few emails, and got the news (see image). Give it a try while I go delete some old accounts…

This is a fully-featured Firefox Send client. Max file size is 2GB and recipients can download the file via the same tool or their web browser.