gcp-ingestion
serenity
gcp-ingestion | serenity | |
---|---|---|
2 | 240 | |
73 | 28,888 | |
- | 2.0% | |
8.7 | 10.0 | |
10 days ago | 3 days ago | |
Java | C++ | |
Mozilla Public License 2.0 | BSD 2-clause "Simplified" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
gcp-ingestion
-
Each Firefox download has a unique identifier
I don't know how many folks will see this, and of those that do I don't expect many will necessarily be moved by what I say here. I'm going to say it anyways, however, and then I may never look at this thread again. I'm the person who designed the download token scheme that is discussed in this article, and, while I understand all of the concerns and suspicions, I believe that the way we designed this and the way we handle our telemetry data means that this is not the privacy violation some of you are claiming it is. Also, to be clear, I am speaking for myself here, these are my own thoughts and opinions, and I am not representing Mozilla in any official capacity.
So, a download token is a UUID associated with a unique download event. It gets generated when you click the 'download' link, added to the installer, and then passed through to the installed browser. It is returned to us in the telemetry pings that the browser sends back to our telemetry ingestion endpoints. When the download happens, on the server side we capture the download token and the GA session ID and store those in a table. There is nothing else stored in this table.
Having access to this table means that you can correlate the user's activity on the Mozilla website that GA provides with the telemetry data that Firefox sends us. The website activity contains URLs that the user visited, so we consider this "category 3" data (see https://wiki.mozilla.org/Data_Collection#Data_Collection_Cat...), quite sensitive. For that reason this table has highly restricted access, only a small number of individuals are able to get to it.
Access restrictions offer no protection against subpoenas, of course. But I believe you can safely maintain your anonymity by opting out of our telemetry gathering, because when you opt out of telemetry we delete all of the historical telemetry data we have collected for your Firefox profile. Everything, including all of the records that contain the download token.
If this happens, all we are left with is that original record with the download token and a GA session. The download token can no longer be correlated with your telemetry data, and we have no way of associating your Firefox installation with your GA session, not even under subpoena. And this is all assuming that you haven't blocked GA, or that you haven't specified 'Do Not Track' before visiting our website. If you've done either of those things, we won't have a GA session ID for you to begin with.
Oh, incidentally, we never store any IP addresses or other PII in our telemetry data. That all gets scrubbed during ingestion.
Again, I don't expect this to have much impact, but I'm sharing what I know to counter some of the more extreme claims that this removes the ability for Firefox users to remain anonymous.
Finally, we have the obvious question: Why we would even do this? Believe it or not, understanding your user base does actually have some value in serving that user base. For most of Firefox's existence, there has been no trustable feedback loop. Sure, folks out there in the world have opinions, and share them, but opinions differ, and anecdotes are not data. If one person thinks most users will like a particular change, and someone else thinks they won't, nobody can prove their point in any meaningful way. The folks making decisions about Firefox have been flying blind. And, as many of you in this thread have pointed out, it hasn't necessarily been going that well.
In Firefox's early years, there was lots of low hanging fruit, and the competition was a poorly maintained Internet Explorer, so it was easy to win a bunch of market share. Then Chrome came on the scene with their effectively limitless budget and famously data driven product process. We'll never match their budget, but we can try to make choices based on data instead of just letting whoever has the most organizational power decide. My team has spent the last few years building out a data infrastructure that we hope will support better decision making going forward while still trying to honor user privacy and choice. This is a tough balance to strike, and we're far from perfect, but we do our best.
You can learn about or data collection infrastructure and policies in great detail on our docs site (https://docs.telemetry.mozilla.org/index.html), and you can see nearly all of the code that handles our data ingestion and processing in our public repositories (https://github.com/mozilla/gcp-ingestion and https://github.com/mozilla/bigquery-etl).
-
Firefox Is the Only Alternative
I used to work on Mozilla's data platform. That stuff is all open source. See e.g. https://github.com/mozilla/gcp-ingestion/ for the ingestion pipeline, https://github.com/mozilla/bigquery-etl for queries/ETL, and https://github.com/mozilla/looker-spoke-default/ for looker model definitions for that data.
Also go read the docs at https://docs.telemetry.mozilla.org/. Those will give you insights into every way they use data.
I've never seen a company that's more open about their data usage.
serenity
-
Why does part of the Windows 98 Setup program look older than the rest?
SerenityOS replicates that look and feel. It is also implemented in a dialect of C++ that adheres to some of the good parts of C++98: https://serenityos.org
- SerenityOS
-
XZ: A Microcosm of the interactions in Open Source projects
One example of a useful technique
https://serenityos.org/ apparently only makes source code available. There are no binary images of the OS to install
I think Andreas said this functions like a little test -- if you're not willing to build it from source, then you probably wouldn't be a good contributor anyway.
---
Likewise, my shell project provides source tarballs only, right now - https://www.oilshell.org/release/0.21.0/
It is packaged in a number of places, which I appreciate. That means some other people are willing to do some work.
And they provide good feedback.
I would like it to be more widely available, but yeah I definitely see that you need to "gate" peanut gallery feedback a bit, because it takes up a lot of time.
Of course, it's a tricky balance, because you also want feedback from casual users, to make the project better.
-
Fuzzing Ladybird with tools from Google Project Zero
Indeed, given the existence of `JS::NonnullGCPtr`, `JS::GcPtr` intentionally corresponds to a nullable pointer, so it seems dangerous to convert one to a reference without a null-check.
That said, a naive code search finds what *may* be more cases of this pattern:
https://github.com/search?q=repo%3ASerenityOS%2Fserenity+%2F...
Eg: https://github.com/SerenityOS/serenity/blob/a68b134e6dea5065... -> https://github.com/SerenityOS/serenity/blob/a68b134e6dea5065...
In some of those search results, it is fine because there is a preceding null-check, and obviously I know nothing about this code other than this naive search result, but perhaps it would be prudent to vet all of them.
-
The Ladybird Browser Project
It is a SerenityOS project. You can find the answer to that question in their primary project's FAQ[1].
1. https://github.com/SerenityOS/serenity/blob/master/Documenta...
-
Sane C++ Libraries
https://github.com/SerenityOS/serenity
The best way to write proper exception free C++ is not to use the C++ Standard Library.
-
Serenum: OS from scratch to save computers [video]
I initially confused it with Serenity OS prior to watching the video: https://github.com/SerenityOS/serenity
-
Ask HN: What side projects landed you a job?
My contributions to SerenityOS[0] helped me get my current job. My team lead (who was also my interviewer) was interested in what I did since I listed some of it in my CV, and I showed him some PRs I made and explained what went into each of them. It was really exciting because I didn't have professional experience with low-level development, and basically got the job due to hobby programming.
[0]: https://github.com/SerenityOS/serenity/pulls?q=is%3Apr+autho...
- SerenityOS – a love letter to '90s user interfaces with a custom Unix-like core
-
Bring garbage collected programming languages efficiently to WebAssembly
Definitely not "literally impossible", just a great deal of work. https://github.com/SerenityOS/serenity/tree/master/Ladybird
What are some alternatives?
gecko-dev - Read-only Git mirror of the Mercurial gecko repositories at https://hg.mozilla.org. How to contribute: https://firefox-source-docs.mozilla.org/contributing/contribution_quickref.html
Chicago95 - A rendition of everyone's favorite 1995 Microsoft operating system for Linux.
brave-browser - Brave browser for Android, iOS, Linux, macOS, Windows.
rust-raspberrypi-OS-tutorials - :books: Learn to write an embedded OS in Rust :crab:
go-bouncer - A Go version of the redirector portion of bouncer.
haiku - The Haiku operating system. (Pull requests will be ignored; patches may be sent to https://review.haiku-os.org).
bigquery-etl - Bigquery ETL
linux - Linux kernel source tree
browser
reactos - A free Windows-compatible Operating System
positron - a experimental, Electron-compatible runtime on top of Gecko
redox - Mirror of https://gitlab.redox-os.org/redox-os/redox