Firefox/Meeting/14-Jan-2020
Today’s meeting leader is: johannh
Contents
- 1 General Topics / Roundtable
- 2 Friends of the Firefox team
- 3 Project Updates
- 3.1 Accessibility
- 3.2 Add-ons / Web Extensions
- 3.3 Applications
- 3.4 Firefox Accounts
- 3.5 Sync and Storage
- 3.6 Push
- 3.7 Browser Architecture
- 3.8 Developer Tools
- 3.9 Fission
- 3.10 Lint
- 3.11 New Tab Page
- 3.12 NodeJS
- 3.13 Password Manager
- 3.14 Performance
- 3.15 Performance Tools
- 3.16 Picture-in-Picture
- 3.17 Privacy/Security
- 3.18 Remote Debugging (Chromium Protocol) (read-only)
- 3.19 Search and Navigation
- 3.20 User Journey
- 3.21 This week I learned
General Topics / Roundtable
- Next meeting is during All Hands. Cancel?
- Yes
Friends of the Firefox team
Introductions/Shout-Outs
Resolved bugs (excluding employees)
Fixed more than one bug
- Itiel
- Logan Smyth [:loganfsmyth]
- Michael Hoffmann
- Oriol Brufau [:Oriol]
- Tim Nguyen :ntim
New contributors (🌟 = first patch)
- <Will be filled out after the meeting>
Project Updates
Accessibility
- No updates
Add-ons / Web Extensions
WebExtensions Framework:
Shane introduced a new ExtensionPreferencesManager method to retrieve the list of the preferences controlled by extensions (Bug 1595860). This new method is meant to be used in follow ups for about:support, Bug 1461447, and about:config, Bug 1595865).
Some new in-tree docs related to the ExtensionSettingsStore and the ExtensionPreferencesManager internals has been recently landed (Bug 1599918):
- if you are developing Experiment APIs for a Mozilla Extensions you may want to take a look to this new docs (questions/feedback and/or suggested improvements are always welcome ;-)): https://firefox-source-docs.mozilla.org/toolkit/components/extensions/webextensions/other.html
As part of the Fission-related changes on the WebExtensions framework, Tomislav has added an explicit check to verify that the sender of the IPC messages exchanged internally are not being spoofed (Bug 1604058)
WebExtensions APIs
The `inspect(...)` method (available to the extension’s JS code executed using the `browser.devtools.inspectedWindow.eval` API method) is now able to select a function object passed to it in the DebuggerPanel (Bug 1605597)
- this feature is used by the React DevTools extensions and it is going to allow the React DevTools extension to re-enable this feature when running on Firefox \o/
Addon Manager and about:addons:
The “Recommendations” message bar (part of the about:addons Recommendations view) can now be dismissed by a user (Bug 1564518). Thanks to Trishul for contributing this change!
Applications
Firefox Accounts
Sync and Storage
Push
Browser Architecture
- Gjs and mconley are mentoring some MSU students working on porting more strings to Fluent
Developer Tools
PSA: Multiprocess Browsertoolbox is enabled by default in Nightly
Please file bugs for any old and new breakages
Service Worker Inspection and Debugging to be enabled this week
- Initial async stacks (aka async awaiters) will be enabled in Debugger
420x226px Link Console now previews expression and autocompletion results while typing (aka “Eager Evaluation”), to be enabled this week.
- Console now supports "-" exclusion operator in filtering.
Firefox & DevTools got features on SyntaxFM’s “Hasty Treat - A month On Firefox”
Started with this tweet, also referenced in the show
Fission
- Alex Surkov implemented autoscroll
- Neil implemented WebRTC
- There are plans for a Introduction to Fission Engineering presentation at the Berlin all hands. Stay tuned for more details.
- Alex wrote some notes he made while getting started with fission development that might be of interest.
Lint
We are working on a patch to have ESLint read ThirdPartyPaths.txt.
You will only need to add third-party libraries to tools/rewriting/ThirdPartyPaths.txt - they will no longer need to be added to .eslintignore.
Hoping to land it this week.
There's a follow-up to migrate more paths out of .eslintignore as well.
New Tab Page
- Doing some Q1 planning. Pocket side of newtab is moving to more of a user experience/user story first focus.
- Keeping moving on some personalization improvements for future features. (behind a pref)
- Looking at starting to enable content in other locales.
NodeJS
- Stuff is moving along slowly, more to announce soon
Password Manager
FYI: Master password encryption is much more modern now: The KDF iteration count for the master password was significantly increased and the algorithm was changed to AES256. To take advantage of this major security improvement, you must toggle or change the master password feature.
The iteration count change caused a major regression to the time to load about:logins but that was recently fixed on Nightly and will be uplifted, where possible.
Fixed
Accessibility and security fixed for about:logins.
Doorhanger fixes related to password generation as part of enabling it in private windows.
Support for importing from the Chromium based Microsoft Edge (Beta and soon Release).
In Progress
Show a dismissed login capture doorhanger when a user edits a password field (before submission)
Add a storage API to record login usage upon submission in order to support recording this data in Fenix
Investigating the use of OS authentication (including biometrics) for users without a master password.
Performance
This quarter, the team is focused on:
Shutdown performance
Egregious startup times
- dthayer is adding a new pref for experimenting with faster shutdown techniques
- emalysz improved our ability to insert or modify large sets of tabs at once, which is great for large sessions being restored!
- emalysz also has a patch up for unifying how we cache XUL fragments for our custom elements
- Gijs improved the performance of the addon blocklist for entries that have long regular expressions in them
- mconley found a bug in how we measure the time to about:home first paint in some cases, which might account for some of the egregious start times we’re recording
- mconley is finishing up an about:home performance audit, aiming to have it done in time to present to the about:home team by Berlin
Performance Tools
- No updates this week.
Picture-in-Picture
- Picture-in-Picture shipped enabled by default in Firefox 72 on macOS and Linux! \o/
- We’re aware of a bug on certain flavours of Linux where the player window starts to shrink down after opening. Martin Stransky from Red Hat is on the case, and has a patch.
- We landed a patch that lets us use the WebCompat add-on to reposition the toggle for specific sites. We haven’t tried deploying any of these repositions yet, but stay tuned.
Privacy/Security
- The team is converting the DoH Rollout Add-On to live in m-c rather than being shipped via Normandy
- We’re currently working on a bunch of additions and improvements to our Anti-Tracking systems, such as dFPI or periodically purging tracking cookies
- Since Firefox 72 we’re now shipping fingerprinting protections on by default.
- Read the CryptoEng team’s announcement of CRLite
- We’re further hardening the Firefox security landscape by preventing chrome code and about: pages to introduce new .innerHTML assignments.
- Also with Firefox 72 we introduced our new restrictions for notification permission prompts to release.
Remote Debugging (Chromium Protocol) (read-only)
Henrik implemented more of the CDP API:
Network.deleteCookies and parts of Network.getCookies
Network.setCacheDisabled to allow ignoring the cache for each network request.
- You can see a demo of our Puppeteer support during the Berlin All-Hands.
- Henrik started the work on making the Remote Agent Fission compatible.
Search:
Notable changes:
Fixed hiding of search engines with diacritics on new tab page - Bug 1403461
Search configuration modernization
No notable updates, work continues.
Address Bar:
-
openViewOnFocus is enabled, focusing the urlbar may reopen the results lists
The empty search results now consist of the Top Sites list from the New Tab Page
The address bar focus border has been unified across themes
-
Awaiting results.
- Search Interventions experiment
-
Last checks before launch.
User Journey
- Successful test experiment using FirstStartup to change behavior on first run
- Running a personalization experiment using machine learning to optimize when to show CFR
- AttributionCode now accepts “ua” for bedrock + stubatribution service to pass along the user agent for telemetry and messaging targeting
This week I learned
- [mconley] Are you using JSWindowActors? Are you cleaning up when the actor goes away? Use `didDestroy` and not `willDestroy`.
- [harald] `toLocaleTimeString` can allocate massive amounts of memory if used in hot code – reuse the same `DateTimeFormat` instance (bug 1603276)
- [Gijs] followlines in blame on hgweb to see when a range of lines what changed