An ads milestone in marketing reach without data risk.
The ad industry is shifting, and with it comes a clear need for advertisers to use data responsibly while still proving impact. Advertisers face a false choice between protecting privacy and proving performance. Anonym exists to prove they can have both — and this week marks a major milestone in that mission.
Today we announced a new partnership with Snap Inc., giving advertisers a way to use more of their first-party data safely and effectively. This collaboration shows what’s possible when privacy and performance go hand in hand: Marketers can unlock real insights into how campaigns drive results, without giving up data control.
Unleashing first-party data that’s often untapped
Unlocking value while maintaining privacy of advertisers’ sensitive first-party (1P) data has long been a challenge for advertisers concerned with exposure or technical friction. We set out to change this equation, enabling brands to safely activate data sets to measure conversion lift and attribution.
With Snapchat campaigns, advertisers can now bring first-party data that’s typically been inaccessible into play and understand how ads on the platform drive real-world actions — from product discovery to purchase. Instead of relying only on proxy signals or limited datasets, brands can generate more complete, incrementality-based insights on their Snapchat performance, gaining a clearer picture of the channel’s true contribution to business outcomes.
“Marketers possess deep reserves of first-party data that too often sits idle because it’s seen as difficult or risky to use,” said Graham Mudd, Senior Vice President, Product, Mozilla and Anonym co-founder. “Our partnership with Snap gives advertisers the power to prove outcomes with confidence, and do it in a way that is both tightly controlled and insight-rich.”
Snapchat audience scale: Reach meets relevance
With a reach of over 930 million monthly active users globally (MAUs), including 469 million daily active users — Snap’s rapidly growing audience makes it a uniquely powerful marketing channel. This breadth of reach is especially appealing to advertisers who previously avoided activating sensitive data—knowing they can now connect securely with high-value Snapchatters at scale.
Our solution is designed for ease of use, requiring minimal technical resources and enabling advertisers to go from kickoff to measurement reporting within weeks. Our collaboration with Snap furthers the mission of lowering barriers to entry in advertising, and enables brands of all sizes to confidently activate their competitive insights on Snapchat.
“Snapchat is where people make real choices, and advertisers need simple, clear insights into how their campaigns perform,” said Elena Bond, Head of Marketing Science, Snap Inc. “By working with Anonym, we’re making advanced measurement accessible to more brands — helping them broaden their reach, uncover deeper insights, and prove results, all while maintaining strict control of their data.”
How Anonym works: Simple, secure, scalable
Using end-to-end encryption, trusted execution environments (TEE), and differential privacy to guarantee protection and streamline compliance, Anonym helps advertisers connect with new, high-value customers and analyze campaign effectiveness without giving up data control. Strategic reach and actionable measurement are achieved with:
Advertiser-controlled: First-party data is never transferred to the ad platform.
Minimal technical lift: From campaign start to measurement, reporting can be completed in weeks—no heavy engineering or data science overhead.
Performance-focused: The outcome is clear insights into campaign lift and attribution, powering better investment decisions.
Regulation-ready: Provides advertisers with tools to help meet evolving privacy requirements, supporting responsible data use as rules change.
Anonym and Snap’s collaboration coincides with Advertising Week New York 2025, where measurement and data innovation will be in sharp focus.
From September 22–28, the Mozilla Support team ran our first-ever Mozilla – Ask a Fox virtual hackathon. In collaboration with the Thunderbird team, we invited contributors, community members, and staff to jump into the Mozilla Community Forums, lend a hand to Firefox and Thunderbird users, and experience the power of Mozillians coming together.
Rallying the Community
The idea was simple: we want to bring not only our long time community members, but newcomers and Mozilla staff together for one-week of focused engagement. The result was extraordinary.
The event generated strong momentum for both new and returning community members. This was reflected in the significant growth in total contributors, which rose by 41.6 %.
For the past year, our Community Forum had been struggling to maintain a strong reply rate as inbound questions grew. During the event, however, we achieved our highest weekly reply rate of the year, which was more than 50% above our daily average from the first half of 2025.
Time to first response (TTFR) also improved by 44.6%, which signal significant improvement in community responsiveness. The event also highlighted the importance of time to first response (TTFR) not just for users, but for the community as a whole. We saw a clear correlation: the faster users received their first reply, the more likely they were to return and continue the conversation.
Together, we showed just how responsive and effective our community can be when we rally around a common goal.
More Than Answering Forum Questions
Ask a Fox wasn’t only about answering questions—it was about connection. Throughout the week, we hosted special AMAs with the WebCompat, Web Performance, and Thunderbird teams, giving contributors the chance to engage directly with product experts. We also ran two Community Get Together calls to gather, share stories, and celebrate the spirit of collaboration.
For some added fun, we also launched a and ⚡ emoji hunt accross our Knowledge Base articles.
Recognizing contributors
We’re grateful for the incredible participation during the event and want to recognize the contributors who went above and beyond. Those who participated in our challenges should receive exclusive SUMO badges in their profile by now. And the following top five contributors for each product will soon receive a $25 swag voucher from us to shop our limited-edition Ask a Fox swag collection, available in the NA/EU swag store.
And finally, congratulations to Vincent, winner of the staff award for the highest number of replies during the week.
Ask a Fox was more than a campaign—it was a celebration of what makes Mozilla unique: a global community of people who care deeply about helping others and shaping a better web. Whether you answered one question or one hundred, your contribution mattered.
This event reminded us that when Mozillians come together, we can amplify our impact in powerful ways. And this is just the beginning—we’re excited to carry this momentum forward, continue improving the Community Forums, and build an even stronger, more responsive Mozilla community for everyone.
Firefox is celebrating 21 years of Firefox by hosting four global events celebrating the power of browser choice this fall.
We are inviting people to join us in Berlin, Chicago, Los Angeles and Munich as part of Open What You Want, Firefox’s campaign to celebrate choice and the freedom to show up exactly as you are — whether that’s in your coffee order, the music you dance to, or the browser you use. These events are an opportunity to highlight why browser choice matters and why Firefox stands apart as the last major independent option.
Firefox is built differently with a history of defiance. It is built in a way to best push back against the defaults of Big Tech. Firefox is the only major browser not backed by a billionaire or built on Chromium’s browser engine. Instead, Firefox is backed by a non-profit, and maintains and runs on Gecko, a flexible, independent, open-source browser engine.
So, it makes sense that we are celebrating differently too. We are inviting people to join us at four community-driven “House Blend” coffee rave events. What is a coffee rave? A caffeine-fueled day rave celebrating choice, freedom, and doing things your own way – online and off. These events are open to everyone and in partnership with local coffee shops.
Each event will have free coffee, exclusive merch, sets by two great, local DJs, a lot of dancing, and an emphasis on how individuals should get to shape their online experience and feel control online — and you can’t feel in control without choice.
We are kicking off the celebrations this Saturday, Oct. 4 in both Chicago and Berlin, will move to Munich the following Saturday, Oct. 11 and will end in Los Angeles Saturday, Nov. 8, for Firefox’s actual birthday weekend.
Chicago (RSVP here) When: Saturday, Oct. 4, 2025 | 10:00AM – 2:00PM CT Where: Drip Collective, 172 N Racine Ave, Chicago Illinois
Munich (RSVP here) When: Saturday, Oct. 11, 2025 | 13:00 – 16:00 CEST Where: ORNO Café, Fraunhoferstraße 11, 80469 München
Los Angeles When: Saturday, Nov. 8, 2025 More information to come
We hope you will join our celebration this year, in person at a coffee rave, or at one of our digital-first activations celebrating internet independence. As Firefox reflects on another year, it’s a good reminder that the most important choice you can make online is your browser. And browser choice is something that we should all celebrate and not take for granted.
We’re celebrating Firefox’s 21st anniversary this November, marking more than two decades of building a web that reflects creativity, independence and trust. While other major browsers are backed by billionaires, Firefox exists to ensure that the internet works for you — not for those cashing in on your data.
That’s the idea behind Billionaire Blast Off (BBO), an interactive experience where you design a fictional, over-the-top billionaire and launch them on a one-way trip to space. It’s a playful way to flip Big Tech’s power dynamics and remind people that choice belongs in our hands.
BBO lives online at billionaireblastoff.firefox.com, where you can build avatars, share memes and join in the joke. Offline, we’re bringing the fun to TwitchCon, with life-size games and our card game Data War, where data is currency and space is the prize.
The billionaire playbook for your data, served with satire
The goal of Billionaire Blast Off isn’t finger-wagging — it’s satire you can play. It makes the hidden business of your data tangible, and instead of just reading about the problem, you get to laugh at it, remix it and send it into space.
The game is a safe, silly and shareable way to talk about something serious: who really holds the power over your data.
Two ways to join the fun online:
Build a billionaire: Create your own billionaire to send off-planet for good. Customize your avatar with an origin story, core drive and legacy plan.
Blast off: We’re not just making little billionaires. We’re launching them into space on a real rocket. Share your creation on social media for a chance to secure a seat for your avatar on the official launch.
At TwitchCon, you’ll find us sending billionaires into space (for real), playing Data War and putting the spotlight on the power of choice.
Visit the Firefox booth #2805 (near Exhibit Hall F) to play Data War, a fast-paced card game where players compete to send egomaniacal, tantrum-prone little billionaires on a one-way ticket to space.
Step into an AR holobox to channel your billionaire villain era, create a life-size avatar and make it perform for your amusement in 3D.
<figcaption class="wp-element-caption">Try out your billionaire in our AR holobox at TwitchCon booth #2805</figcaption>
On Saturday, Oct. 18, swing by the Firefox Lounge at the block party to snag some swag. Then stick around at 8:30 p.m. PT to cheer as we send billionaire avatars into space on a rocket built by Sent Into Space.
Online, the fun continues anytime at billionaireblastoff.firefox.com. Because when the billionaires leave, the web opens up for you.
Hello and welcome to another issue of This Week in Rust!
Rust is a programming language empowering everyone to build reliable and efficient software.
This is a weekly summary of its progress and community.
Want something mentioned? Tag us at
@thisweekinrust.bsky.social on Bluesky or
@ThisWeekinRust on mastodon.social, or
send us a pull request.
Want to get involved? We love contributions.
An important step for RFC implementation is for people to experiment with the
implementation and give feedback, especially before stabilization.
If you are a feature implementer and would like your RFC to appear in this list, add a
call-for-testing label to your RFC along with a comment providing testing instructions and/or
guidance on which aspect(s) of the feature need testing.
Always wanted to contribute to open-source projects but did not know where to start?
Every week we highlight some tasks from the Rust community for you to pick and get started!
Some of these tasks may also have mentors available, visit the task page for more information.
If you are a Rust project owner and are looking for contributors, please submit tasks here or through a PR to TWiR or by reaching out on X (formerly Twitter) or Mastodon!
Are you a new or experienced speaker looking for a place to share something cool? This section highlights events that are being planned and are accepting submissions to join their event as a speaker.
TokioConf 2026| 2025-12-08 | Portland, Oregon, USA | 2026-04-20
If you are an event organizer hoping to expand the reach of your event, please submit a link to the website through a PR to TWiR or by reaching out on X (formerly Twitter) or Mastodon!
A relatively quiet week. Most of the improvements are to doc builds, driven by
continued packing of the search index in rustdoc-search: stringdex update with
more packing #147002 and
simplifications to doc(cfg) in Implement RFC 3631: add rustdoc doc_cfg features
#138907.
If you are running a Rust event please add it to the calendar to get
it mentioned here. Please remember to add a link to the event too.
Email the Rust Community Team for access.
My name is Selim and I’m the Turkish localization manager. I’m from İstanbul, Türkiye. I’ve been contributing to Mozilla since 2010.
Your Contributions
Selim (first left) with fellow Turkish Mozillians Onur, Didem and Serkan (Mozilla Summit Brussels)
Q: Over the years, do you remember how many projects you’ve been involved in (including ones that may no longer exist)?
A: It’s been so many! I began with Firefox 15 years ago, but I think I’ve been involved in around 30 projects over the years. We currently have 23 projects active in Pontoon, and I’ve been involved in every single one of them to some degree.
Q: Roughly how many Mozilla events have you joined — whether localization meetups, company-wide gatherings, MozFest, or others?
A: I’ve attended six of them. My first one was the Mozilla Balkans Meetup 2011 in Sofia. Then I had the chance to meet fellow Mozillians in Zagreb, Brussels, Berlin, Paris, and my hometown İstanbul. They were all great experiences, both enlightening and rewarding.
Q: Looking back, are there any contributions or milestones you feel especially proud of?
A: When I first began contributing, my intention was to complete a few missing translations I had noticed in Firefox. However, I quickly realized that the project was huge and there was much more to it than met the eye. Its Turkish localization was around 85% complete at that time, but the community lacked the resources to push it forward. I took it as my duty to reach 100% first, and then spellcheck and fix all existing translations. It took me a few months to get there, but Firefox has clearly had the best Turkish localization among all browsers ever since.
Your Background
Q: Does your professional background support or connect with your work in localization?
A: I currently work as a freelance editor and translator, translating and editing print magazines (mostly tech, popular science, and general knowledge titles), and localizing software and websites.
And the event that kickstarted my career in publishing and professional translation was volunteering for localization. (No, not Firefox. It didn’t even exist yet!) Back in high school, I began localizing an open-source CMS called PHP-Nuke to be used on my school’s website. PHP-Nuke became very popular in a short amount of time, and a computer magazine editor approached me to build the magazine’s website using open-source tools, including PHP-Nuke. I’ve been an avid reader of those magazines since my childhood but never imagined that one day I’d be working for Türkiye’s best-selling computer magazine!
In time, I began translating and writing articles for the magazine as a freelancer and joined the editorial staff after graduating from university.
I’ve written hundreds of software and website reviews and kept noticing that some of them were high-quality products that needed better localization. Now, with a better understanding of how things work and with some technical background, I began contributing to more and more open-source projects in my free time, and Firefox was one of them.
I was lucky that the previous Turkish contributors did a great job “localizing” Firefox, not just translating it. I learned a great deal from them, and it had a huge impact on my later professional work.
I was also approached and/or approved by several clients who had seen my volunteer localization work.
So, in a way, my professional background does support my work in localization — and vice versa.
Q: In what ways has being part of Mozilla’s localization community influenced you — whether in problem-solving, leadership, or collaborating across cultures?
A: Once I started contributing, I quickly realized that Mozilla had something none of the other projects I had contributed to previously had: a community that I felt part of. These people loved the internet, and they were having fun localizing stuff, just like me.
The localization community helped me improve myself both professionally and personally in a lot of ways: I learned how to collaborate better with a team of volunteers from different backgrounds, how to use different translation tools, how to properly report bugs, how to deal with different time zones, and how to get out of my comfort zone and talk to people from abroad both in virtual and face-to-face events.
Your Community
Q: As a long-time contributor, what motivates you to continue after all these years?
A: First and foremost, I believe in Mozilla’s mission wholeheartedly. But there’s a practical motivation too: Turkish is spoken by tens of millions of people, so the potential impact of localization is huge. Ensuring my fellow nationals have access to high-quality, localized open-source software is a driving force. And I’m still having fun doing it!
Q: Many communities struggle with onboarding or retaining contributors, especially after COVID limited in-person events. What are the challenges you face as a manager and how do you address them? And how do you engage with active contributors today? Do you have a process or approach for welcoming newcomers?
A: The Turkish community had its fair share of struggles with onboarding and retaining contributors, but it never became a huge challenge because of an advantage we had: The first iteration of the community started very early. Firefox 1.0 was already available in Turkish, and they maintained a good localization percentage for most Mozilla products, even if not 100%. So when I joined, there were things to do but not a single project that needed to be started from scratch. They were maintainable by one or two enthusiastic localizers. And when I took on the manager role, I always tried to keep it that way. I did approve a number of new projects, but not before ensuring that we had the resources to always keep them at least 90% complete.
But that creates a dilemma: New Turkish contributors usually face strings that are harder to grasp without context or are more difficult to translate, because the easier and more visible strings have already been translated. I guess that makes newcomers frustrated and they leave after translating a few strings. In fact, over the past 10 years, we’ve had only one contributor (Grk) who has translated more than 10,000 strings (apart from myself), and two contributors (Ali and Osman) with more than 1,000 strings. I’d like to thank them once again for their awesome contributions.
The Turkish community has always been very small: just a few people contributing at a time, and that has worked for us. So I’m not anxiously trying to onboard or retain contributors, but if I see an enthusiastic newcomer, I try to guide them by commenting on their translations or sending a welcome email to let them know how things work.
Something Fun Q: Could you share a few fun or unexpected facts about yourself that people might not know?
A: Certainly:
I’m a metalhead, and the first thing I ever translated as a hobby was the lyrics of a Sentenced song. I’ve been translating song lyrics ever since, and I have a blog where I publish them.
I built my first website when I was 13, by manually typing HTML in Windows Notepad. That’s when I discovered the internet’s endless possibilities and fell in love with it.
As we head into fall, I wanted to write up a bit of an experience report on a project I ran this summer with a few other people on the SpiderMonkey team.
A few of us on the team chose to block off some time during the summer to do intentional professional development. Exploring topics that we hadn’t looked into, often due to a feeling of time starvation.
Myself, I blocked off 2 hours every Friday through the summer.
In order to turn this into a team exercise, rather than just a personal development period, I create a shared document where I encouraged people to write up their experiments, so that we could read about their exploits.
How did it go?
Well, I don’t think -anyone- did 2 hours every week But I think most people did a little bit of exploration.
I’ve blogged already a bit about some of the topics I worked on for sharpening time: Both my blog posts about eBPF were a result of this practice. Other things I looked into that I didn’t get a chance to blog about include:
Learning about Instruments, and in particular Processor Trace (so painfully slow)
Exploring Coz, the causal profiler (really focused on multihreaded workloads in a way that didn’t produce value for me)
Playing with Zed (clangd so slow for some reason)
‘vibe coding’ (AI can do some things, but man, local minima are a pain).
Exploring different options for Android emulation
Watching WWDC videos on performance optimization (nice overview, mostly stuff I knew).
I was very happy overall with the results, and have already created another document for next year to capture some ideas that we could look into next year.
Another month, another record number of pull requests merged!
August flew by, and with it came 447 pull requests from Servo contributors.
It was also the final month of our Outreachy cohort; you can read Jerens’ and Uthman’s blogs to learn about how it went!
Highlights
Our big new feature this month is rendering inline SVG elements (@mukilan, @Loirooriol, #38188, #38603).
This improves the appearance of many popular websites.
<figcaption>Did you know that the Google logo is an SVG element?</figcaption>
<figcaption>CSS grids are all around us.</figcaption>
Servo now supports CSS ‘font-variation-settings’ on all main desktop platforms (@simonwuelker, @mrobinson, #38642, #38760, #38831).
This feature is currently gated behind the layout_variable_fonts_enabled preference.
We also respect format(*-variations) inside @font-face rules (@mrobinson, #38832).
Additionally, Servo now reads data from OpenType Collection (.ttc) system font files on macOS (@nicoburns, #38753), and uses Helvetica for the ‘system-ui’ font (@dpogue, #39001).
▶
<figcaption>This font can be customized!</figcaption>
<figcaption>That's a lot of network requests.</figcaption>
We’ve fixed a significant source of crashes in the engine: hit testing using outdated display lists (issue #37932).
Hit testing in a web rendering engine is the process that determines which element(s) the user’s mouse is hovering over.
Previously, this process ran inside of WebRender, which receives a display list representing what should be rendered for a particular page.
WebRender runs on a separate thread or process from the actual page content, so display lists are updated asynchronously.
By the time we do a hit test, the elements reported may not exist anymore, so we could trigger crashes by (for example) moving the mouse quickly over parts of the page that were rapidly changing.
A prototype implementation of the CookieStore API is now implemented and gated by the dom_cookiestore_enabled preference (@sebsebmc, #37968, #38876).
Servo now passes over 99.6% of the CSS geometry test suite, thanks to an implementation of matrixTransform() on DOMPointReadOnly, making all geometry interfaces serializable, and adding the SVGMatrix and SVGPoint aliases (@lumiscosity, #38801, #38828, #38810).
We’ve implemented getModifierState() on MouseEvent (@PotatoCP, #38535), and made a number of changes involving DOM events: ‘mouseleave’ events are fired when the pointer leaves an <iframe> (@mrobinson, @Loirooriol, #38539), pasting from the clipboard into a text input triggers an ‘input’ event (@mrobinson, #37100), focus now occurs after ‘mousedown’ instead of ‘click’ (@yezhizhen, #38589), we ignore ‘mousedown’ and ‘mouseup’ events for elements that are disabled (@yezhizhen, #38671), and removing an event handler attribute like ‘onclick’ clears all relevant event listeners (@TimvdLippe, @kotx, #38734, #39011).
Servo now supports scrollIntoView() (@abdelrahman1234567, #38230), and fires a ‘scroll’ event whenever a page is scrolled (@stevennovaryo, #38321).
You can now focus an element without scrolling, by passing the {preventScroll: true} option to focus() (@abdelrahman1234567, #38495).
navigator.sendBeacon() is now implemented, gated behind the dom_navigator_sendbeacon_enabled preference (@TimvdLippe, #38301).
Similarly, the AbortSignal.abort() static method is hidden behind dom_abort_controller_enabled (@Taym95, #38746).
The HTMLDocument interface now exists as a property on the Window object (@leo030303, #38433).
Meanwhile, the CSS window property is now a WebIDL namespace (@simonwuelker, #38579).
We also implemented the new QuotaExceededError interface (@rmeno12, #38507, #38720), which replaces previous usages of DOMException with the QUOTA_EXCEEDED_ERR name.
Our 2D canvas implementation now supports addPath() on Path2D (@arthmis, #37838) and the restore() methods on CanvasRenderingContext2D and OffscreenCanvas now pop all applied clipping paths (@sagudev, #38496).
Additionally, we now support using web fonts in the 2D canvas (@mrobinson, #38979).
Meanwhile, the performance continues to improve in the new Vello-based backends (@sagudev, #38406, #38356, #38440, #38437), with asynchronous uploading also showing improvements (@sagudev, @mrobinson, #37776).
Muting media elements with the ‘mute’ HTML attribute now works during the initial resource load (@rayguo17, @jschwe, #38462).
Modifying stylesheets now integrates better with incremental layout, in both light trees and shadow trees (@coding-joedow, #38530, #38529).
Note that calling setProperty() on a readonly CSSStyleDeclaration correctly throws an exception (@simonwuelker, #38677).
CSS
We’ve upgraded to the upstream Stylo revision as of August 1, 2025.
We now support custom CSS properties with the CSS.registerProperty() method (@simonwuelker, #38682), as well as custom element states with the ‘states’ property on ElementInternals (@simonwuelker, #38564).
Flexbox cross sizes can no longer end up negative through stretching (@Loirooriol, #38521), while ‘stretch’ on flex items now stretches to the line if possible (@Loirooriol, #38526).
Overflow calculations are more accurate, now that we ignore ‘position: fixed’ children of the root element (@stevennovaryo, #38618), compute overflow for <body> separate from the viewport (@shubhamg13, #38825), check for ‘overflow: visible’ in parents and children (@shubhamg13, #38443), and propagate ‘overflow’ to the viewport correctly (@shubhamg13, @Loirooriol, #38598).
‘color’ and ‘text-decoration’ properties no longer inherit into the contents of <select> elements (@simonwuelker, #38570).
We fixed several panics this month, involving IntersectionObserver and missing stacking contexts (@mrobinson, #38473), unpaintable canvases and text (@gterzian, #38664), serializing ‘location’ properties on Window objects (@jdm, #38709), and navigations canceled before HTTP headers are received (@gterzian, #38739).
We also fixed a number of performance pitfalls.
The document rendering loop is now throttled to 60 FPS (@mrobinson, @Loirooriol, #38431), while animated images do less work when advancing the current frame (@mrobinson, #38857).
In addition, elements with CSS images will not trigger page reflow until their image data is fully available (@coding-joedow, #38916).
Finally, we made improvements to memory usage and binary size.
Inline stylesheets are now deduplicated, which can have a significant impact on pages with lots of form inputs or custom elements with common styles (@coding-joedow, #38540).
We also removed many unused pieces of the ICU library, saving 16MB from the final binary.
Embedding
Servo has declared a Minimum Supported Rust Version (1.85.0), and this is verified with every new pull request (@jschwe, #37152).
Evaluating JS from the embedding layer now reports an error if the evaluation failed for any reason (@rodio, #38602).
Our WebDriver implementation now passes 80% of the implementation conformance tests.
This is the result of lots of work on handling user prompts (@PotatoCP, #38591), computing obscured/disabled elements while clicking (@yezhizhen, #38497, #38841, #38436, #38490, #38383), and improving window focus behaviours (@yezhizhen, #38889, #38909).
We also implemented the Get Window Handles command (@longvatrong111, @yezhizhen, #38622, #38745), added support for getting element boolean attributes (@kkoyung, #38401), and added more accurate errors for a number of commands (@yezhizhen, @longvatrong111, #38620, #38357).
The Element Clear command now clears <input type="file"> elements correctly (@PotatoCP, #38536), and Element Send Keys now appends to file inputs with the ‘multiple’ attribute.
servoshell
We now display favicons of each top-level page in the tab bar (@simonwuelker, #36680).
Resizing the browser window to a very small dimension no longer crashes the browser (@leo030303, #38461).
Element hit testing in full screen mode now works as expected (@yezhizhen, #38328).
Various popup dialogs, such as the <select> option chooser dialog, can now be closed without choosing a value (@TimvdLippe, #38373, #38949).
Additionally, the browser now responds to a popup closing without any other inputs (@lumiscosity, #39038).
Donations
Thanks again for your generous support!
We are now receiving 5552 USD/month (+18.3% over July) in recurring donations.
Servo is also on thanks.dev, and already 15 GitHub users (−7 from July) that depend on Servo are sponsoring us there.
If you use Servo libraries like url, html5ever, selectors, or cssparser, signing up for thanks.dev could be a good way for you (or your employer) to give back to the community.
5552 USD/month
10000
As always, use of these funds will be decided transparently in the Technical Steering Committee.
For more details, head to our Sponsorship page.
This blog post gives you a tour of Symposium, a wild-and-crazy project that I’ve been obsessed with over the last month or so. Symposium combines an MCP server, a VSCode extension, an OS X Desktop App, and some mindful prompts to forge new ways of working with agentic CLI tools.
Symposium is currently focused on my setup, which means it works best with VSCode, Claude, Mac OS X, and Rust. But it’s meant to be unopinionated, which means it should be easy to extend to other environments (and in particular it already works great with other programming languages). The goal is not to compete with or replace those tools but to combine them together into something new and better.
In addition to giving you a tour of Symposium, this blog post is an invitation: Symposium is an open-source project, and I’m looking for people to explore with me! If you are excited about the idea of inventing new styles of AI collaboration, join the symposium-dev Zulip. Let’s talk!
Demo video
I’m not normally one to watch videos online. But in this particular case, I do think a movie is going to be worth 1,000,000 words. Therefore, I’m embedding a short video (6min) demonstrating how Symposium works below. Check it out! But don’t worry, if videos aren’t your thing, you can just read the rest of the post instead.
The Symposium story begins with Symposium.app, an OS X desktop application for managing taskspaces. A taskspace is a clone of your project1 paired with an agentic CLI tool that is assigned to complete some task.
My observation has been that most people doing AI development spend a lot of time waiting while the agent does its thing. Taskspaces let you switch quickly back and forth.
Before I was using taskspaces, I was doing this by jumping between different projects. I found that was really hurting my brain from context switching. But jumping between tasks in a project is much easier. I find it works best to pair a complex topic with some simple refactorings.
Here is what it looks like to use Symposium:
Each of those boxes is a taskspace. It has both its own isolated directory on the disk and an associated VSCode window. When you click on the taskspace, the app brings that window to the front. It can also hide other windows by positioning them exactly behind the first one in a stack2. So it’s kind of like a mini window manager.
Within each VSCode window, there is a terminal running an agentic CLI tool that has the Symposium MCP server. If you’re not familiar with MCP, it’s a way for an LLM to invoke custom tools; it basically just gives the agent a list of available tools and a JSON scheme for what arguments they expect.
The Symposium MCP server does a bunch of things–we’ll talk about more of them later–but one of them is that it lets the agent interact with taskspaces. The agent can use the MCP server to post logs and signal progress (you can see the logs in that screenshot); it can also spawn new taskspaces. I find that last part very handy.
It often happens to me that while working on one idea, I find opportunities for cleanups or refactorings. Nowadays I just spawn out a taskspace with a quick description of the work to be done. Next time I’m bored, I can switch over and pick that up.
An aside: the Symposium app is written in Swift, a language I did not know 3 weeks ago
It’s probably worth mentioning that the Symposium app is written in Swift. I did not know Swift three weeks ago. But I’ve now written about 6K lines and counting. I feel like I’ve got a pretty good handle on how it works.3
Well, it’d be more accurate to say that I have reviewed about 6K lines, since most of the time Claude generates the code. I mostly read it and offer suggestions for improvement4. When I do dive in and edit the code myself, it’s interesting because I find I don’t have the muscle memory for the syntax. I think this is pretty good evidence for the fact that agentic tools help you get started in a new programming language.
Walkthroughs let AIs explain code to you
So, while taskspaces let you jump between tasks, the rest of Symposium is dedicated to helping you complete an individual task. A big part of that is trying to go beyond the limits of the CLI interface by connecting the agent up to the IDE. For example, the Symposium MCP server has a tool called present_walkthrough which lets the agent present you with a markdown document that explains how some code works. These walkthroughs show up in a side panel in VSCode:
As you can see, the walkthroughs can embed mermaid, which is pretty cool. It’s sometimes so clarifying to see a flowchart or a sequence diagram.
Walkthroughs can also embed comments, which are anchored to particular parts of the code. You can see one of those in the screenshot too, on the right.
Each comment has a Reply button that lets you respond to the comment with further questions or suggest changes; you can also select random bits of text and use the “code action” called “Discuss in Symposium”. Both of these take you back to the terminal where your agent is running. They embed a little bit of XML (<symposium-ref id="..."/>) and then you can just type as normal. The agent can then use another MCP tool to expand that reference to figure out what you are referring to or what you are replying to.
To some extent, this “reference the thing I’ve selected” functionality is “table stakes”, since Claude Code already does it. But Symposium’s version works anywhere (Q CLI doesn’t have that functionality, for example) and, more importantly, it lets you embed multiple refrences at once. I’ve found that to be really useful. Sometimes I’ll wind up with a message that is replying to one comment while referencing two or three other things, and the <symposium-ref/> system lets me do that no problem.
Integrating with IDE knowledge
Symposium also includes an ide-operations tool that lets the agent connect to the IDE to do things like “find definitions” or “find references”. To be honest I haven’t noticed this being that important (Claude is surprisingly handy with awk/sed) but I also haven’t done much tinkering with it. I know there are other MCP servers out there too, like Serena, so maybe the right answer is just to import one of those, but I think there’s a lot of interesting stuff we could do here by integrating deeper knowledge of the code, so I have been trying to keep it “in house” for now.
Leveraging Rust conventions
Continuing our journey down the stack, let’s look at one more bit of functionality, which are MCP tools aimed at making agents better at working with Rust code. By far the most effective of these so far is one I call get_rust_crate_source. It is very simple: given the name of a crate, it just checks out the code into a temporary directory for the agent to use. Well, actually, it does a bit more than that. If the agent supplies a search string, it also searches for that string so as to give the agent a “head start” in finding the relevant code, and it makes a point to highlight code in the examples directory in particular.
We could do a lot more with Rust…
My experience has been that this tool makes all the difference. Without it, Claude just geneates plausible-looking APIs that don’t really exist. With it, Claude generally figures out exactly what to do. But really it’s just scratching the surface of what we can do. I am excited to go deeper here now that the basic structure of Symposium is in place – for example, I’d love to develop Rust-specific code reviewers that can critique the agent’s code or offer it architectural advice5, or a tool like CWhy to help people resolve Rust trait errors or macro problems.
…and can we decentralize it?
But honestly what I’m most excited about is the idea of decentralizing. I want Rust library authors to have a standard way to attach custom guidance and instructions that will help agents use their library. I want an AI-enhanced variant of cargo upgrade that automatically bridges over major versions, making use of crate-supplied metadata about what changed and what rewrites are needed. Heck, I want libraries to be able to ship with MCP servers implemented in WASM (Wassette, anyone?) so that Rust developers using that library can get custom commands and tools for working with it. I don’t 100% know what this looks like but I’m keen to explore it. If there’s one thing I’ve learned from Rust, it’s always bet on the ecosystem.
Looking further afield, can we use agents to help humans collaborate better?
One of the things I am very curious to explore is how we can use agents to help humans collaborate better. It’s oft observed that coding with agents can be a bit lonely6. But I’ve also noticed that structuring a project for AI consumption requires relatively decent documentation. For example, one of the things I did recently for Symposium was to create a Request for Dialogue (RFD) process – a simplified version of Rust’s RFC process. My motivation was partly in anticipation of trying to grow a community of contributors, but it was also because most every major refactoring or feature work I do begins with iterating on docs. The doc becomes a central tracking record so that I can clear the context and rest assured that I can pick up where I left off. But a nice side-effect is that the project has more docs than you might expect, considering, and I hope that will make it easier to dive in and get acquainted.
And what about other things? Like, I think that taskspaces should really be associated with github issues. If we did that, could we do a better job at helping new contributors pick up an issue? Or at providing mentoring instructions to get started?
What about memory? I really want to add in some kind of automated memory system that accumulates knowledge about the system more automatically. But could we then share that knowledge (or a subset of it) across users, so that when I go to hack on a project, I am able to “bootstrap” with the accumulated observations of other people who’ve been working on it?
Can agents help in guiding and shepherding design conversations? At work, when I’m circulating a document, I will typically download a copy of that document with people’s comments embedded in it. Then I’ll use pandoc to convert that into Markdown with HTML comments and then ask Claude to read it over and help me work through the comments systematically. Could we do similar things to manage unwieldy RFC threads?
This is part of what gets me excited about AI. I mean, don’t get me wrong. I’m scared too. There’s no question that the spread of AI will change a lot of things in our society, and definitely not always for the better. But it’s also a huge opportunity. AI is empowering! Suddenly, learning new things is just vastly easier. And when you think about the potential for integrating AI into community processes, I think that it could easily be used to bring us closer together and maybe even to make progress on previously intractable problems in open-source7.
Conclusion: Want to build something cool?
As I said in the beginning, this post is two things. Firstly, it’s an advertisement for Symposium. If you think the stuff I described sounds cool, give Symposium a try! You can find installation instructions here. I gotta warn you, as of this writing, I think I’m the only user, so I would not at all be surprised to find out that there’s bugs in setup scripts etc. But hey, try it out, find bugs and tell me about them! Or better yet, fix them!
But secondly, and more importantly, this blog post is an invitation to come out and play8. I’m keen to have more people come and hack on Symposium. There’s so much we could do! I’ve identified a number of “good first issue” bugs. Or, if you’re keen to take on a larger project, I’ve got a set of invited “Request for Dialogue” projects you could pick up and make your own. And if none of that suits your fancy, feel free to pitch you own project – just join the Zulip and open a topic!
That’s what the “Stacked” box does; if you uncheck it, the windows can be positioned however you like. I’m also working on a tiled layout mode. ↩︎
Well, mostly. I still have some warnings about something or other not being threadsafe that I’ve been ignoring. Claude assures me they are not a big deal (Claude can be so lazy omg). ↩︎
Mostly: “Claude will you please for the love of God stop copying every function ten times.” ↩︎
E.g., don’t use a tokio mutex you fool, use an actor. That is one particular bit of advice I’ve given more than once. ↩︎
I’m kind of embarassed to admit that Claude’s dad jokes have managed to get a laugh out of me on occassion, though. ↩︎
Narrator voice: burnout. he means maintainer burnout.↩︎
Tell me you went to high school in the 90s without telling me you went to high school in the 90s. ↩︎
Hello again from the Thunderbird development team! As autumn settles in, we’re balancing the steady pace of ongoing projects with some forward-looking planning for 2026. Alongside coding and testing, some of our recent attention has gone into budgets, roadmaps, and setting priorities for the year ahead. It’s not the most glamorous work, but it’s essential for keeping our momentum strong and ensuring that the big features we’re building today continue to deliver value well into the future. In the meantime, plenty of exciting progress has landed across the application, and here are some of the highlights.
Exchange support for email is here
Exchange support has officially landed in Thunderbird 144, which will roll out as our October monthly release. A big final push from the team saw a number of important features make it in before the merge:
Undo/Redo operations for move/copy/delete
Notifications
Basic Search
Folder Repair
Remote message content display & blocking
Status Bar feedback messaging
Account Settings screen changes
Autosync manager for message downloads
Attachment delete & detach
First set of advanced server settings
Experimental tenant-specific configuration options (behind a preference) now being tested with early adopters
The QA team is continuing to work through their test plans with support from a small beta test group, and their findings will guide the documentation and support we share more broadly with users on monthly release 144, as well as the priorities to tackle before we head into the next chapter.
Looking ahead, the team is already focused on:
Expanding advanced server settings for more complex environments
Improving search functionality
Folder Quotas & Subscriptions
Refining the user experience as more real-world feedback comes in
A planning session to scope work to support calendar and address book via EWS
One of the biggest milestones this month was our dedicated Conversation View Work Week which recently wrapped up, where designers and engineers gathered in person to tackle one of Thunderbird’s most anticipated UX features.
The team aligned early on goals and scope, rapidly iterated on wireframes and high-fidelity mockups, and built out initial front-end components powered by the new Panorama database.
By the end of the week, we had working prototypes that collapsed threads into a Gmail-style conversation view, demonstrated the new LiveView architecture, and produced detailed design documentation. It was an intense but rewarding sprint that laid the foundation for a more modern and intuitive Thunderbird experience.
Account Hub
We’ve now added the ability to manually edit an EWS configuration, as well as allow for users to create an advanced EWS configuration through the manual configuration step
The ability to cancel any loading operation in account hub for email has been completed and will be added to daily shortly
This also had the side effect of users who click “Stop” in the account old setup with an OAuth window open now closing the OAuth window automatically
We will be uplifting this change to beta and then ESR
Progress is being made with adding a step for 3rd party hosting credentials confirmation, with the UI complete and the logic being worked on
This progress will have to take into account changes from the cancel loading patch, as there are conflicting changes
Once this feature is complete, it will be uplifted to beta, and then ESR
Work will soon be starting to enable the creation of address books through account hub by default.
After a long pause, work on the Calendar re-write has resumed! We’ve picked things back up by continuing focus on the event read dialog. A number of improvements have already landed, including proper handling of description data and several small bug fixes.
We have seven patches under review that cover key areas such as:
Accessibility improvements, including proper announcements of event and calendar titles.
Adding the footer for acceptance.
Updating displays and transitioning current work to use the mod-src protocol.
Handling resizing
Development is also underway to add attendee support, after which we’ll move on to polishing the remaining pieces of the read dialog UI.
Maintenance, Recent Features and Fixes
August was set aside as a focus for maintenance, with a good number of our team dedicated to handling upstream liabilities such as our continued l10n migration to Fluent and module loading changes. In addition to these items, we’ve had help from the development community to deliver a variety of improvements over the past month:
Tree restyling following upstream changes – solved
An 18 year old bug to enable event duplication via drag & drop – solved
A 15 year old bug to sort by unread in threads correctly – solved
Implementation of standard colours throughout the application. [meta bug]
If you would like to see new features as they land, and help us squash some early bugs, you can try running daily and check the pushlog to see what has recently landed. This assistance is immensely helpful for catching problems early.
Hello and welcome to another issue of This Week in Rust!
Rust is a programming language empowering everyone to build reliable and efficient software.
This is a weekly summary of its progress and community.
Want something mentioned? Tag us at
@thisweekinrust.bsky.social on Bluesky or
@ThisWeekinRust on mastodon.social, or
send us a pull request.
Want to get involved? We love contributions.
This week's crate is faer, a general-purpose linear algebra library for rust, with a focus on high performance for algebraic operations on medium/large matrices, as well as matrix decompositions.
Despite another week going by without a suggested weekly crate, llogiq is pleased with his choice.
An important step for RFC implementation is for people to experiment with the
implementation and give feedback, especially before stabilization.
If you are a feature implementer and would like your RFC to appear in this list, add a
call-for-testing label to your RFC along with a comment providing testing instructions and/or
guidance on which aspect(s) of the feature need testing.
Always wanted to contribute to open-source projects but did not know where to start?
Every week we highlight some tasks from the Rust community for you to pick and get started!
Some of these tasks may also have mentors available, visit the task page for more information.
If you are a Rust project owner and are looking for contributors, please submit tasks here or through a PR to TWiR or by reaching out on X (formerly Twitter) or Mastodon!
Are you a new or experienced speaker looking for a place to share something cool? This section highlights events that are being planned and are accepting submissions to join their event as a speaker.
No Calls for papers or presentations were submitted this week.
If you are an event organizer hoping to expand the reach of your event, please submit a link to the website through a PR to TWiR or by reaching out on X (formerly Twitter) or Mastodon!
Moving command-line argument quoting from C++ to Rust (#146700) resulted in a nice performance
win when dealing with many dependencies and large workspaces. A somewhat costly destination propagation
compiler pass was enabled by default (#142915), which resulted in some build time regressions,
but should result in improved runtime performance. The rest of changes were small.
If you are running a Rust event please add it to the calendar to get
it mentioned here. Please remember to add a link to the event too.
Email the Rust Community Team for access.
Updated September 24th, 2025 17:34:38 UTC - Socket has also published their own accompanying blog post about the attack.
Summary
On September 24th, the crates.io team was notified by Kirill Boychenko from the Socket Threat Research Team of two malicious crates which were actively searching file contents for Etherum private keys, Solana private keys, and arbitrary byte arrays for exfiltration.
These crates were:
faster_log - Published on May 25th, 2025, downloaded 7181 times
async_println - Published on May 25th, 2025, downloaded 1243 times
The malicious code was executed at runtime, when running or testing a project depending on them. Notably, they did not execute any malicious code at build time. Except for their malicious payload, these crates copied the source code, features, and documentation of legitimate crates, using a similar name to them (a case of typosquatting1).
Actions taken
The users in question were immediately disabled, and the crates in question were deleted2 from crates.io shortly after. We have retained copies of all logs associated with the users and the malicious crate files for further analysis.
The deletion was performed at 15:34 UTC on September 24, 2025.
Analysis
Both crates were copies of a crate which provided logging functionality, and the logging implementation remained functional in the malicious crates. The original crate had a feature which performed log file packing, which iterated over an associated directories files.
The attacker inserted code to perform the malicious action during a log packing operation, which searched the log files being processed from that directory for:
Quoted Ethereum private keys (0x + 64 hex)
Solana-style Base58 secrets
Bracketed byte arrays
The crates then proceeded to exfiltrate the results of this search to https://mainnet[.]solana-rpc-pool[.]workers[.]dev/.
These crates had no dependent downstream crates on crates.io.
The malicious users associated with these crates had no other crates or publishes, and the team is actively investigating associative actions in our retained3 logs.
Thanks
Our thanks to Kirill Boychenko from the Socket Threat Research Team for reporting the crates. We also want to thank Carol Nichols from the crates.io team, Pietro Albini from the Rust Security Response WG and Walter Pearce from the Rust Foundation for aiding in the response.
typosquatting is a technique used by bad actors to initiate dependency confusion attacks where a legitimate user might be tricked into using a malicious dependency instead of their intended dependency — for example, a bad actor might try to publish a crate at proc-macro3 to catch users of the legitimate proc-macro2 crate. ↩
The crates were preserved for future analysis should there be other attacks, and to inform scanning efforts in the future. ↩
One year of logs are retained on crates.io, but only 30 days are immediately available on our log platform. We chose not to go further back in our analysis, since IP address based analysis is limited by the use of dynamic IP addresses in the wild, and the relevant IP address being part of an allocation to a residential ISP. ↩
We’re back with our twelfth episode of the State of the Thunder! In this episode, we’re talking about community initiatives, filling you in on Android development, and finishing our updates on popular Mozilla Connect requests.
Want to find out how to join future State of the Thunders? Be sure to join our Thunderbird planning mailing list for all the details.
Austin RiverHacks and Ask-A Fox
Thunderbird is a Silver sponsor for Austin RiverHacks NASA Space Apps Challenge 2025! If you’re in or around Austin, Texas from October 4th-5th, and want to join an in-person event where curious minds delve into NASA data to tackle real-life problems, we’d love to see you.
This week (as in right now! Check it out and get involved!), we’re joining forces with Firefox for the Ask-A-Fox event on Mozilla Support! Earn swag, join an incredible community, and help fellow Thunderbird users on desktop and Android! Want a great overview of how to contribute to SUMO? Watch our Community Office Hours with advice on getting started.
Android Plans for Q4 2025
It’s hard to believe we’re almost into the last three months of the year! We’ve just released our joint July/August Mobile Progress report. We also want to give you all an update on our overall progress on the roadmap we created at the beginning of the year.
The new Account Drawer, currently in Beta, isn’t finished yet. We’re still working on real, proper unified folders! We’ll have mockups of the account drawer progress before the end of the month and more info in the next beta’s release notes. We’ll also have updates soon on message list status notifications (similar to the desktop). In the single message view, we have improvements coming! This includes making attachments quicker to see and open.
The battle for proper IMAP fetch continues. Different server setups complicate this struggle, but we want to get this right, nonetheless. This will bring the Android app more on par with other emails apps.
Unfortunately, work on things like message sync, notifications, and Android 15 might delay features like HTML signatures.
Mozilla Connect Updates, Continued
We’re tackling more of the most frequently requested changes and features on Mozilla Connect, and we’re answering questions about native operating system integration, conversation view, and Thunderbird Pro related features!
Native Operating System Integration
When your operating system is capable of something Thunderbird isn’t, we share your frustration. We want things like OS-native progress bars that show you how downloads are going. We’ve started work on OS-native notification actions, like deleting messages. We love how helpful and time-saving this is, and want to expand it to things like calendar reminders.
There’s possibility and limitation in this, thanks to both Firefox and the OS itself. Firefox enables us more than it restricts us. For example, our work on the progress bar comes straight from Firefox code. Though there are some limits, and Thunderbird’s different needs as a mail client sometimes mean we need to improve an aspect of Firefox to enable further development. But the beauty of open source means we can contribute our improvements upstream! The OS often constrains us more. For example, we’d love snoozeable native OS calendar notifications, but they just aren’t possible yet.
Conversation View
We just finished an entire in-person work week focused on this in Vancouver! Conversation view, if you’re not familiar with it, includes ALL messages in a conversation, including your replies and messages moved to different folders. This feature, along with others, depends on having a single database for all messages in Thunderbird. Our current database doesn’t do this; instead, each folder is its own database.
The new SQLite database, which we’re calling Panorama, will enable a true Conversation View. During the work week, we thought about (and visualized) what the UI will look like. Having developers and designers in the same room was incredibly helpful for a complicated change. (Having a gassy Boston Terrier in said room, less so.) The existing code expects the current database, so we’ll have to rebuild a lot and carefully consider our decisions. The switch to the new database will probably occur next year after the Extended Support Release, behind a preference.
This change will help Thunderbird behave like a modern email client! Moving to Panorama will not only move us into the future, but into the present.
Thunderbird Pro Related-Requests
Three Mozilla Connect requests (Expanding Firefox Relay, a paid Mozilla email domain, and a Thunderbird webmail) were all out of our control once. But now, with the upcoming Thunderbird Pro offerings, these all will be possible! We’re even experimenting with a webmail experience for Thundermail, in addition to using Thunderbird (or even another email client if you want.) We’ll have an upcoming State of the Thunder dedicated to Thunderbird Pro with more info and updates!
There’s a moment Wiandi Vreeswijk knows well. After tending virtual crops in “Stardew Valley” and chatting with other players on Discord, he types: “I can’t anymore. I have to go lay in bed.” It’s the fatigue from long COVID setting in — and almost always, the replies roll in: “Oh yeah, me too.”
Cozy games like “Stardew Valley,” where players complete simple-yet-satisfying tasks like running a farm, have become a safe space for Wiandi.
A video game developer in the Netherlands, Wiandi led an active lifestyle until he got COVID-19 in 2023. He’s had long COVID since then, which makes it difficult for him to go out with friends and family, or to play some of the more intense video games he once enjoyed. That shift led him to explore a different kind of play, one that emphasizes comfort and connection.
For players like Wiandi who are seeking a slower-paced environment, cozy games offer an easy and welcoming entry point. The genre has seen a 57% increase in online mentions in just one year, as more people seek out calm and connection online.
A space to gather
Wiandi recently started a community on the gaming platform Steam where players with chronic conditions can congregate. Since then, he’s set up a public “Stardew Valley” server where people can drop into a shared game, “farm” and chat as they please. The group currently has 56 members, while a corresponding Discord chat has hundreds of participants.
“It’s been bigger than I expected,” says Wiandi, who initially started with a Dutch community before expanding internationally. “I noticed that a lot of people wanted to join.”
For Wiandi, the best part of building this online community is connecting with others who can relate to what he’s going through. The virtual world allows him to meet people he otherwise wouldn’t have. He can simply fire off a message on Discord.
Bonding over shared comfort
Laura Dale, an accessibility consultant for video games and the author of “Uncomfortable Labels: My Life as a Gay Autistic Trans Woman,” often plays cozy games to connect with her neurodivergent friends. She says they’ll regularly chat online while building towns in “Animal Crossing” on their respective Nintendo Switches, a group activity that began during COVID lockdowns but is still going strong.
As someone who sometimes finds social chatter challenging, especially when there’s no obvious topic to discuss (like a video game), playing cozy games gave Laura a relaxing way to maintain and build her relationships.
“I found a lot of solace in playing ‘Animal Crossing’ with friends online,” Laura says. “Having this shared activity gave us a safe topic of conversation.”
Each person doesn’t even need to be playing the same game, as long as they share the same cozy vibe.
“We’re all doing different cozy game activities, but we’re doing them together,” Laura adds.
The appeal of low-pressure play
From “Tetris” to “Elden Ring,” there’s a video game out there for everyone. So what is it about cozy games that attracts players like Laura and Wiandi?
For Wiandi, the answer is obvious: Cozy games have a low barrier to entry.
“Even my mom could learn it in like a day,” he says of “Stardew Valley.” “That’s the charm of a cozy game. When you start, even if you have no experience, you don’t feel overwhelmed by any of the mechanics or the visuals. Everything has to be super easy and minimal — the user experience, the music, the sound effects, even the gameplay.”
Many of the defining characteristics of cozy games, like their leisurely pace, mean they’re more accessible to a wider range of gamers. There’s less pressure to press buttons quickly or get the timing of an attack perfectly right. Titles like “Stardew Valley” and “Animal Crossing” also offer a fixed top-down camera angle, which makes them a better option for some gamers who experience motion sickness, compared to the disorienting camera movement of a first-person shooter. In general, cozy games are also less likely to feature the kind of visual overstimulation that’s common in other genres and can be an issue for players with epilepsy or autism.
For some players with conditions that affect memory or focus, like ADHD, these games are also designed to quickly remind you what task you were in the middle of during your last session. In “Animal Crossing,” for example, there’s almost always a non-player character nearby ready to explain (or re-explain) what you need to do next if you need it.
“All of these things lend themselves to a wide range of neurodiverse players being able to more safely assume that a cozy game is going to be accessible in a way that you can’t assume as easily with other genres,” Laura says.
Accessibility beyond cozy labels
Cozy games aren’t a perfect fit for every type of disability — there’s no one-size-fits-all solution for such a wide and disparate community.
For Grant Stoner, a games journalist who primarily covers physical accessibility in the industry, cozy games aren’t necessarily more or less accessible than any other genre. Stoner was diagnosed with Spinal Muscular Atrophy type II at 13 months old, and his muscles have weakened over time as a result; he relies on customizable settings and hardware to play most games. There are still some limitations to the types of games he can play, however, including some titles that fall under the cozy genre.
“Depending on what your disability is, cozy games can be either very overwhelming or very secure safe spaces,” Grant says.
He adds that one of the benefits of a cozy game is the “routines that keep people grounded.” He played an earlier version of “Animal Crossing” for the Nintendo DS handheld, but found that some of the tasks in the latest iteration, for the Nintendo Switch, were too exhausting for him. And anyway, it’s not his video game genre of choice.
“I don’t really like cozy games,” Stoner says. “Not that I think there’s anything wrong with them, it’s just not my genre.” He prefers “intense action games” but still sees the value of titles like “Stardew Valley.”“They have a purpose in the industry.”
Making room for more players
Laura praises the cozy game genre for the many ways it caters to neurodivergent players, but she also recognizes that there’s plenty of room for improvement. One easy fix is in the way these games direct your attention. For plenty of video games, audio cues are a crucial way to convey information, but Laura often plays with the sound off to avoid overstimulation. She’s noticed that some titles are starting to use other methods to achieve the same result.
“I appreciate when cozy games offer visual flashes on screen to communicate information you otherwise need to hear,” Laura says. “Little details like that aren’t always designed for autistic players, but can still be useful.”
For Grant, the most important thing is that the video game industry doesn’t try to shoehorn certain players into a specific type of game or focus its accessibility efforts on just one genre.
“The disabled experience is so individualistic and so vast,” he says. “It’s not fair to the disabled community to say definitively that one [genre] is more accessible than the other.”
As a video game developer himself, Wiandi has plenty of opinions on how to make cozy games better. But for now, he’s just happy to have this new community.
The small “Stardew Valley” server Wiandi built continues to show how simple interactions in calm digital spaces can create genuine bonds. Players come and go as they please, planting virtual seeds, raising pixelated animals and sharing small triumphs in a chat filled with mutual understanding.
For Wiandi, the ability to play a game like “Stardew Valley” with other people who are experiencing something similar to him has been empowering.
Today Mozilla is excited to announce Raffi Krikorian — technologist, innovator and community builder — as our first-ever portfolio wide Chief Technology Officer.
Reporting to Mozilla President, Mark Surman, Raffi will be part of the team that coordinates efforts across our whole family of organizations. He will work alongside the existing bench of technical leaders including Anthony Enzor-DeMeo (GM / Firefox), Bobby Holley (CTO / Firefox), and Ryan Sipes (Thunderbird).
As AI and technology development becomes increasingly concentrated in the hands of a few, Krikorian joins Mozilla at a moment of urgency and opportunity. It is a pivotal time to shape a different future — one where we build AI we can trust, use with agency, and understand — rather than accept a future defined by opacity and control. Krikorian will lead Mozilla’s efforts to develop trustworthy and open source AI, ensuring Mozilla is inventing and building technology that pushes us all in the right direction.
“We need to make sure AI and the internet belong to all of us, not just a few big companies,” said Mark Surman, President of Mozilla. “Raffi is the right person to lead that charge — creative, innovative and passionate about responsible technology. He puts wind in our sails, accelerating Mozilla’s mission of building technology based on the values in our Manifesto.”
Krikorian brings a record of impact across sectors to Mozilla, with roles spanning tech, politics, media and philanthropy. Raffi joins us from having been the CTO at Emerson Collective, where he led efforts to bring technologists into sectors like education, the environment, immigration, and economic mobility — and to help people in those sectors see themselves as technologists. He also hosted the “Technically Optimistic” podcast and Substack, exploring technology’s impact on society.
Prior to that, he was the first CTO of the US’s Democratic National Committee, where he used data, technology, and digital security to support the election processes of Democratic candidates up and down the ballot; Director of Uber’s Advanced Technologies Center, where he led the development and rollout of the first passenger-carrying self-driving car fleet; and Vice President of Platform Engineering at Twitter, where he managed and built Twitter’s global infrastructure.
Krikorian has served on the Mozilla Foundation Board of Directors since 2023, on Mozilla.ai’s Board since 2024, and on the Mozilla.org Board since its inception.
“We don’t just need critiques on how AI is being built — we need real, working alternatives,” said Krikorian. “Mozilla is one of the few places that can actually do that. It’s built for this moment. I’m excited to join the team and help shape technology that reflects values we care about — transparency, openness, participation, and trust.”
Leo Liu [:leoliu] added a panel for AntiTracking debugging (#1972771) behind devtools.anti-tracking.enabled
Alexandre Poirot [:ochameau] added a “User-defined” badge in the markup view event tooltip to differentiate them from “native” events (and possibly spotting event not supported in Firefox) (#1977628)
InstallTrigger API implementation has been fully removed in Firefox 144 🥳 – Bug 1776426 / Bug 1979227
Thanks to Gregory Pappas for the immense help on this one!
Fixed issue with add-on updates automatically cancelled due to new extension metadata property missing from previously installed add-ons – Bug 1984724
Improved spacing between about:addons add-on card message bars and add-ons card header – Bug 1984872
Thanks to Sujal Singh for contributing this improvement to the about:addons cards!
WebExtensions Framework
Fixed Customize mode and keyboard shortcuts issue hit when a user may have clicked to the “extension settings” link from the add-on post-install dialog – Bug 1983869
Fixed regression preventing SVG icons associated with extension context menu items to be loaded successfully – Bug 1986618 (fixed in the Firefox 143, same Firefox version where the regression was initially introduced through Bug 1979338).
WebExtension APIs
In Firefox 144 browser.storage.local and browser.storage.managed WebExtensions API are now also providing a getBytesInUse API method – Bug 1385832
Thanks to Nathan Gross for contributing this enhancement to the WebExtensions storage APIs!
Added missing groupId property to the browser.tabs.onUpdated API method – Bug 1984553.
Thanks to Josh Berry for reporting and fixing this gap in our WebExtensions API JSONSchema definitions
NOTE: this change mainly matters for TypeScript type definitions being generated based on our JSONSchema definitions. The groupId property was set in the browser.tabs.onUpdated API event details even without this fix to the JSONSchema.
Henrik reverted the scrollIntoView algorithm for elements in Marionette to always use the instant scroll behavior. This undoes the change introduced in Firefox 97, which had switched the behavior to auto. The reversion addresses potential race conditions when scrolling elements that use smooth behavior.
1950741 When a non-system theme is selected in about:newprofile, overscrolling the page displays a different page background in the overscrolled area mlucks@mozilla.com
1950743 Tabbing to the “Explore more themes” link in about:newprofile makes the link’s focus ring span the entire container instead of just the link squiles@mozilla.com
1966284 hide new profile manager pages (new, edit, delete) from about:about mlucks@mozilla.com
1979898 Remove some of the extraneous directories added when using MOZ_APP_DATA dtownsend@mozilla.com
1985340 Update Profiles avatars’ alt text to match tooltip text mlucks@mozilla.com
1986080 Update Profiles avatars’ aria label text to match tooltip text mlucks@mozilla.com
Search and Navigation
adw is continuing to work on Google Lens which is a feature that allows users to search images by using the context menu (1987045, 1986301)
Standard8 has been working on an experiment to send Search Suggestions over Oblivious HTTP for privacy (1984624)
Standard8 converted the urlbar code to use moz-src URIs.
Mandy has been working on adding localized trending URL results for Perplexity which is still hidden behind an experiment. (1985515, 1984201)
Dao is working on making the address bar more modular for other features to use. For example, there’s been work done to prepare the search bar. (1985734, 1985833, 1986128,1986129)
Daisuke is working on yelp online suggestions (1986224)
Dale is working on the unified trust panel which will inform users if the site is secure. This is a new design that combines the privacy shield and page information icons and dialogs. (1976108)
Storybook/Reusable Components/Acorn Design System
Some new docs related to Figma Code Connect on Storybook
Mostly about adding new Code Connects but that section goes over the usage in Figma Dev Mode
More border-radius tokens filled out and are in the tokens table on Storybook
Moz-promo now avoids wrapping actions until necessary (prefers being one line) Storybook (narrow example)
MozLitElements that use the automatic fluent data-l10n-attrs population (setting fluent: true in the property definition) can now have additional per-instance data-l10n-attrs (this attribute is now added to, rather than being replaced) Bug 1987682
This could be useful especially for moz-button accesskey which is not currently a fluent attribute due to Bug 1945032 (if you have a hidden HTML element with an accesskey it will still fire, gonna stop doing that in chrome documents since that’s how XUL worked)
Tab Groups
dwalker polished the “active tab in a collapsed group” feature (1979067, 1971388)
jswinarton polishing the collapsed tab group hover preview panel (1981197, 1971235, 1981201, 1983054)
Now in Nightly, likely release in Firefox 145
Enormous shout-out to contributor Merci chao for 17 tab group bugs filed in the last month! All of them are written well, actionable, and sometimes even include fixes
In response to feedback we’ve heard from the community, AMO (addons.mozilla.org) just introduced a new feature allowing developers the ability to quickly roll back to a previously approved extension version. The most common need for roll-back ability are occasions when developers may release a new version they later discover has critical bugs. Now in such cases, instead of needing to make fast fixes and quickly submit an even newer version, which could be further delayed during a review process, developers are free to revert back to a previously approved version.
For users who may have already installed the buggy version that’s later pulled, the extension will update to the roll-back version when Firefox checks for the next update (which occurs every 24 hours by default, save for users who’ve turned off automatic updates from the Add-ons Manager).
To learn more about the new roll-back feature, please visit Extension Workshop.
The Timer and TODO List widget are now available to be enabled in Firefox Labs on Nightly and Beta:
Firefox Desktop about:addons add-on card view has been updated to list API, host and data collection permissions as separate permission lists – Bug 1956493
Firefox Suggest:
Moritz has been working on the important dates feature, which highlights country-specific holidays. This is now enabled by default in Firefox 143beta (1985394, 1982011, 1983077)
Henrik cleaned up the test expectations for multiple-status outcomes in all existing WebDriver tests under web-platform-tests. These statuses, typically added by wpt-sync when tests fail in CI, led to inaccurate reporting. Over the past six months, 106 test files on macOS, 39 on Linux, and 51 on Android stopped producing meaningful results due to entries like [OK, TIMEOUT].
Similar cleanups should be performed for other components to avoid losing test coverage. Alternatively, enable syncbot notifications for your component (opt-in) to automatically get bugs filed, which helps to keep accurate metadata under control.
Sasha fixed the bug when locale override was sometimes shared between browsing contexts. That was happening because the override was shared inside the process. With this fix, the locale override is attached to the realm, so it stays isolated in a browsing context.
You may need to run ./mach eslint –setup and restart your editor if you haven’t already triggered the updates (e.g. via the hooks).
Standard8 also fixed a long standing issue which was blocking the upgrade, where using /* import-globals-from … */ in a cyclic dependency way could cause problems for correctly detecting the globals.
Also updated the other ESLint related modules to their latest versions.
As part of the work for getting TypeScript ready for production, the TypeScript node_modules install has now been moved to the top-level of firefox-main.
The main aim here is to start getting feedback on how regressions in TypeScript appear on the reviewbot, and to reduce the likelihood of new issues being introduced on some of the components that we’ve already enabled TypeScript on and which have no outstanding issues currently.
This is intentionally scope limited to avoid impacting developers whilst we’re still in the set-up phase. Hence, this will report new issues against only a few components:
{browser,toolkit}/components/search
browser/components/urlbar
As this is Tier 3, it won’t show on CI by default, however, failures will show on reviewbot.
There’s still a lot of work to do to get type generation set-up, documentation, and other issues fixed.
New Tab Page
The new Sections UI was enabled by default for users in the US last week! We’ll be rolling it out to more regions in the coming weeks and months.
Our release channel train-hop experiment has concluded, and we passed our checks! We’re now cleared to start doing these train-hops! (presuming a green light from Release Management and QA, of course)
The Rust team is happy to announce a new version of Rust, 1.90.0. Rust is a programming language empowering everyone to build reliable and efficient software.
If you have a previous version of Rust installed via rustup, you can get 1.90.0 with:
If you'd like to help us out by testing future releases, you might consider updating locally to use the beta channel (rustup default beta) or the nightly channel (rustup default nightly). Please report any bugs you might come across!
What's in 1.90.0 stable
LLD is now the default linker on x86_64-unknown-linux-gnu
The x86_64-unknown-linux-gnu target will now use the LLD linker for linking Rust crates by default. This should result in improved linking performance vs the default Linux linker (BFD), particularly for large binaries, binaries with a lot of debug information, and for incremental rebuilds.
In the vast majority of cases, LLD should be backwards compatible with BFD, and you should not see any difference other than reduced compilation time. However, if you do run into any new linker issues, you can always opt out using the -C linker-features=-lld compiler flag. Either by adding it to the usual RUSTFLAGS environment variable, or to a project's .cargo/config.toml configuration file,
like so:
If you encounter any issues with the LLD linker, please let us know. You can read more about the switch to LLD, some benchmark numbers and the opt out mechanism here.
Cargo adds native support for workspace publishing
cargo publish --workspace is now supported, automatically publishing all of
the crates in a workspace in the right order (following any dependencies
between them).
This has long been possible with external tooling or manual ordering of
individual publishes, but this brings the functionality into Cargo itself.
Native integration allows Cargo's publish verification to run a build across
the full set of to-be-published crates as if they were published, including
during dry-runs. Note that publishes are still not atomic -- network errors or
server-side failures can still lead to a partially published workspace.
Demoting x86_64-apple-darwin to Tier 2 with host tools
GitHub will soon discontinue providing free macOS x86_64 runners for public repositories. Apple has also announced their plans for discontinuing support for the x86_64 architecture.
For users, this change will not immediately cause impact. Builds of both the standard library and the compiler will still be distributed by the Rust Project for use via rustup or alternative installation methods while the target remains at Tier 2. Over time, it's likely that reduced test coverage for this target will cause things to break or fall out of compatibility with no further announcements.
Open up TikTok on any given day and you’ll find confident young women openly discussing their periods. They might recognise a low mood is due to the luteal phase or feel amazing because they are ovulating. They acknowledge the importance of self-care and that everybody is different. Periods are normal, but there’s no such thing as a normal period!
For me, a peri-menopausal woman who was surprised by my period every month until trying to get pregnant well into my 30s, this self-awareness and desire of young women to understand their own bodies and cycles is a source of great feminist pride. It is welcome progress from the shame and secrecy traditionally surrounding menstruation education.
A craving for knowledge and understanding has made cycle tracking apps very popular with women and girls from a young age. “I didn’t know about tracking apps until I was 17”, says Gen Z’er Sara*. Some users are keen to share cycle information with their partner and friends to encourage understanding around mood swings, or share funny stories about loud notifications alerting all to the consistency of their discharge today.
Cycle tracking apps are certainly having a moment. There are hundreds available on app stores, from simple calendars to full hormone testing. One study found that the top three cycle tracking apps dominating the market were downloaded 250 million times globally.
Often framed as simple period prediction tools that aid or avoid pregnancy, most usage of cycle tracking apps relates to everyday mental and physical wellbeing. By logging a wide range of symptoms and events, women and girls can track mood, energy levels, manage health conditions and work with their bodies. Apps can provide health and nutrition information as well as recommendations for exercise and meditation.
Cycle tracking apps are also the poster girl of what is going wrong with women’s rights today. The dark side of cycle tracking apps are just that — the tracking. The two-fold threat of increased reproductive surveillance and the sale of sensitive data for advertising is in danger of outweighing the benefits of trusting these apps with information about our bodies and state of mind.
It has been three years since the overturning of Roe v. Wade, which ended the federal protection for abortion in the U.S. Many experts at the time urged women to delete cycle tracking apps in the face of the threat of tracking data being used to “prove” an abortion via a missed period. But is this actually what women are doing? Or, are they finding alternative solutions, workarounds, and new ways to engage with these tools?
Apps that were ahead of the game in terms of a good privacy commitment and track record saw a benefit. Ana Ramirez, co-executive director of Euki, a cycle tracking app and information service remembers, “Our largest download surges were immediately after Roe fell, when Euki received media coverage as a standout privacy period tracker…”
Amy Thompson, founder of the Moody Month app focused on improving mental health observed, “Moody, like much of the industry, saw users delete apps post-Roe v. Wade, but increased media coverage also drove new downloads.”
So while many did delete, tracking apps were not abandoned entirely. Ana explains, “People are hungry for a way to track their sexual and reproductive health without giving up their privacy. In this political climate, period trackers aren’t just tools — they’re lifelines.”
Concerns reached the U.K. where increased surveillance, investigation and prosecution of women suspected of “illegal” abortions after pregnancy loss added to a climate of fear, mistrust and misinformation. Azure*, 16, suspected of the app she uses, “It’s dodgy and sends information to the government. It tracks to see if you’ve had an illegal abortion or something.”
Chella Quint, founder of Period Positive and author of Own Your Period saw increased awareness of data privacy risks reaching many U.K. Gen Z’ers in the wake of Roe v. Wade being overturned which affected their use of cycle tracking apps, “Some people now use workarounds like avoiding login, using a Notes app instead, or tracking their cycles in a paper diary. Others — both adults and children — are aware of the risks but still find the apps too useful to give up.”
Rose*, 19, agreed “I think most [people] are aware of the issues surrounding privacy and data collection…it’s just a bit overwhelming and I’ve kind of just accepted that it will happen in one way or another.”
High-profile cases in the U.S. related to data breaches and apps selling or sharing customer data with third parties also led users to seek out privacy respecting alternatives, which pushed companies to raise the bar for stricter privacy standards and win back user trust.
For 20-year-old Ella* based in the U.K., a concern over the sale of data by an app in the U.S. prompted a switch of trackers to another one based in Europe that promoted its privacy credentials. Another popular reason to switch is discovering the company behind an app is owned by men — female-founded companies are preferred. While switching apps is common, it is a source of frustration as the data cannot be ported to another app and years of tracking data can be lost. In a competitive market, some apps have capitalised on this by offering to port all the data from another app if the user sends screenshots of calendars.
At a bare minimum cycle tracking apps should not be selling data. But the difference between selling and sharing gets blurry. If it’s in the cloud, it’s being shared with the cloud provider. If advertising on social media, it’s being shared with the platform. Synching with a wearable? It’s being shared. It’s almost impossible to get around this in the digital economy. And the law barely keeps up as Amy Thompson from Moody Month observed, “While anonymisation/pseudonymisation frameworks exist in major privacy laws, enforcement and implementation standards often lag behind evolving privacy risks.”
It can be difficult to comprehend why anyone would be so interested in this info in the first place. As Nat*, 42 from the UK said, “who cares if all the data leaks, who cares if anyone knows my periods, when I have sex, when I go swimming etc?”
A report by the Minderoo Centre for Democracy and Technology outlines the value of knowing if someone is trying to become pregnant as pregnancy is a life event that drastically changes shopping habits. Cycle-based advertising seeks to tailor adverts based on menstrual cycle phases, suggesting that hormone fluctuations can make people susceptible to products at different times, such as clothing and cosmetics in the first half of the cycle when women might be ovulating and feeling good. Either way, someone is commodifying aspects of your body while you are in the process of trying to understand it.
Some may not care deeply about this. For those more likely to be surveilled or face barriers to care — such as people of colour, young people, people on welfare, those living in restrictive U.S. states, menstruating people who do not identify as cis women — they are more guarded about their privacy and what happens to their data. Ana Ramirez from Euki believes these are the people who should be at the forefront in developer’s minds, “Power lies in designing with — not just for — the people most often dismissed as ‘edge cases.’ Centering privacy starts with centering those most impacted.”
Women have always been watched but that is not going to stop us trying to understand what is going on with our bodies. We’ll find workarounds and seek out high privacy standards. We may track our periods for fertility reasons, but there is so much more to it than that. Which makes sense because we, as women and human beings, are much more than that.
*Names have been changed
Lucy Purdon is the founder of Courage Everywhere, a consultancy advising organisations on the responsible development of technology to advance human rights, democracy and gender justice. Lucy has provided strategic advice, policy development and original research for organisations ranging from tech startups to the United Nations. She has worked in civil society roles for over 13 years, including as a Senior Tech Policy Fellow at Mozilla Foundation. She writes the weekly newsletter The Prompt, analysing the latest tech news and trends.
Join us in sharing your act of daily defiance using #dailydefiance and tagging @firefox on social channels to be a part of our movement and remind the world that everyday choices do matter, and we should all choose boldly.
Firefox will be sharing some of the entries with our community and creating mini-challenges for people to follow along. Join us on Instagram, TikTok, Threads, Bluesky and Substack.
All web browsing starts with a DNS query to find the IP address for the desired service or website. For much of the internet’s history, this query is sent in the clear. DNS-over-HTTPS (DoH) plugs this privacy leak by encrypting the DNS messages, so no one on the network, not your internet service provider or a free public WiFi provider, can eavesdrop on your browsing.
In 2020, Firefox became the first browser to roll out DoH by default, starting in the United States and in 2023, we announced the Firefox DoH-by-default rollout in Canada, powered by our trusted partner, the Canadian Internet Registration Authority (CIRA).
This year, we’ve built on that foundation and delivered major performance improvements and mobile support, ensuring more Firefox users benefit from privacy without compromise.
Introducing DoH for Android
After bringing encrypted DNS protection to millions of desktop users, we’re now extending the same to mobile. Firefox users who have been waiting for DoH on Android can now turn it on and browse with the same privacy protections as on their desktops.
Starting with this week’s release of Firefox 143 for Android, users can choose to enable DoH in Firefox on their mobile devices by selecting “Increased Protection” DoH configuration. Performance testing with Firefox DoH partners is currently underway. If DoH is as fast as we expect, we plan to enable it by default for Android users in certain regions, similar to desktop users. Until then, these configuration options provide you the choice to opt in early.
<figcaption class="wp-element-caption">Enable DoH in Firefox on Android</figcaption>
DoH performance breakthroughs in 2025
DNS resolution speed is critical to the browsing experience — when web pages involve multiple DNS queries, the speed difference compounds and can cause page loads to be slow. Since we first rolled out DoH in Canada, we’ve worked closely with CIRA for reliability and performance measurements. Through our strong collaboration with them and their technology partner Akamai, Firefox DoH lookups are now 61% faster year-to-date for the 75th percentile.
With these performance improvements, DoH resolution time is now within a millisecond or two of native DNS resolution. This is a big win because Firefox users in Canada now get the privacy of encrypted DNS with no performance penalty.
Although the investigation and analysis started with the desire to improve DoH in Firefox, the benefits didn’t end there. Our collaboration also improved CIRA DoH performance for many of its DNS users, including Canadian universities, as well as other DNS providers relying on CIRA’s or Akamai’s server implementations.
This is a win not just for Firefox users, but for the many other users around the globe.
Robust privacy on your terms
We have always approached DoH with an emphasis on transparency, user choice, and strong privacy safeguards. Firefox gives users meaningful control over how their DNS traffic is handled: Users can opt out, choose their own resolver, or adjust DoH protection levels, and Firefox makes it clear what DoH is doing and why it matters.
Firefox enforces strict requirements for DNS resolvers before trusting them with your browsing. Not every DNS provider can become a DoH provider in Firefox — only those that meet and attest to Mozilla’s rigorous Trusted Recursive Resolver (TRR) policy through a legally binding contract.
Prioritizing your privacy and speed
Our work with DoH this year shows what’s possible when privacy and performance go hand-in-hand. We’ve proven that encrypted DNS can be fast, reliable, and available on desktop and Android. Just as importantly, we’ve shown that partnerships grounded in open standards and accountability can deliver benefits not only to Firefox users but to the wider internet.
As we look forward, our commitment stays the same: Privacy should be the default, speed should never be a compromise, and the web should remain open and accessible to everyone. Choosing Firefox means choosing a browser that is built for you and for a better internet.
Hello and welcome to another issue of This Week in Rust!
Rust is a programming language empowering everyone to build reliable and efficient software.
This is a weekly summary of its progress and community.
Want something mentioned? Tag us at
@thisweekinrust.bsky.social on Bluesky or
@ThisWeekinRust on mastodon.social, or
send us a pull request.
Want to get involved? We love contributions.
An important step for RFC implementation is for people to experiment with the
implementation and give feedback, especially before stabilization.
If you are a feature implementer and would like your RFC to appear in this list, add a
call-for-testing label to your RFC along with a comment providing testing instructions and/or
guidance on which aspect(s) of the feature need testing.
Always wanted to contribute to open-source projects but did not know where to start?
Every week we highlight some tasks from the Rust community for you to pick and get started!
Some of these tasks may also have mentors available, visit the task page for more information.
If you are a Rust project owner and are looking for contributors, please submit tasks here or through a PR to TWiR or by reaching out on X (formerly Twitter) or Mastodon!
Are you a new or experienced speaker looking for a place to share something cool? This section highlights events that are being planned and are accepting submissions to join their event as a speaker.
No Calls for papers or presentations were submitted this week.
If you are an event organizer hoping to expand the reach of your event, please submit a link to the website through a PR to TWiR or by reaching out on X (formerly Twitter) or Mastodon!
Difficult week to interpret, because a positive change in #145910 performs a bit worse in our benchmarks than it would in the real world. Overall result is probably still slightly negative, because there's more work from added features. On the other hand, we also have a nice improvement in reducing the number of query dependencies in compiler's incremental system in #145186.
If you are running a Rust event please add it to the calendar to get
it mentioned here. Please remember to add a link to the event too.
Email the Rust Community Team for access.
The Servo project is excited to share that long-time maintainer Josh Matthews (@jdm) is now working part-time on improving the Servo contributor experience.
This is a direct result of the monthly donations to the project through OpenCollective and GitHub. The generosity of our supporters has allowed us to operate dedicated computing resources for CI purposes, as well as participate in the Outreachy program as a mentoring organization. We’re excited that we can now financially support developers and allow them to dedicate more time to the Servo project over longer periods.
Josh will use this funded time to make it easier for others to contribute to the project. You will see him improving documentation, reviewing pull requests, breaking down large projects into smaller actionable tasks, and generally helping others get unstuck quicker.
Here’s Josh in his own words:
Tell us about yourself!
I’ve been working on web browsers since 2009, with a brief diversion into distributed systems and finance for a few years. I’ve been a stay at home dad for several years, though, and Servo is a great way for me to keep that intellectual curiosity. I love helping people accomplish things they haven’t tried before; it’s a very satisfying experience to watch them flourish and grow.
Why did you start contributing to Servo?
The team I had lined up at Mozilla in 2012 abruptly was cancelled shortly before I started full time. I knew of the existence of the very beginnings of the Servo project, and I was in the unique position of having several years of experience in both working on Firefox and the early Rust compiler. When I suggested that I should help get Servo off the ground, everyone thought that was a good idea.
What was challenging about your first contribution?
Brian Anderson (@brson) handed me a program that could parse simple HTML and a tiny bit of CSS and draw solid rectangles into a png. He said “Can you make it run JavaScript?” The amount of details I needed to learn about how a web page’s DOM gets hooked up to a JS engine were intimidating, and the relevant web standards were still quite underdeveloped in 2012. There was a lot of guessing and then going and talking to the experts from the Firefox side of the org.
What do you like about contributing to the project? What do you get out of it?
I love seeing familiar websites becoming more usable. I am fascinated by all the different technologies that make up rendering engines today, and all the ways we discover that websites use them. And I love working in Rust in a large project, especially one that I’m so familiar with. There are a lot of kind, talented, and clever people that contribute to the project that make it a really enjoyable experience for me.
What is currently being worked on in Servo that you’re excited about?
The work to get the JavaScript debugger up and running will be a game changer for investigating site compatibility problems. I’m also really pleased to see work happening in the JS bindings layer—ways to reduce the number of string conversions required when going from JS->Rust->JS, or make interactions with typed arrays safer and more ergonomic. I love when we make it easier for non-experts to implement missing web APIs.
What would you like to see the Servo community do more of?
I would love to see more experiments with embedding Servo in other projects. The ones I know about, like the verso browser and the cuervo text-mode browser, have been enormously helpful in pointing out use cases that we had missed, or areas of the engine that could be made more modular and configurable. I’d love to get to a place where almost any major component of Servo could be replaced without forking the engine.
Do you have any advice for new developers who are thinking of contributing to the project?
Choose your favourite web feature and look for it in the engine. Either it’s already implemented and you can use it to understand how some pieces fit together, or you could probably get a skeleton implementation going! Either way, we would love to help you find your way around the codebase. I take pride in the number of PRs we’ve received from people who have never written Rust code before, but their implementation is totally mergeable. I think Servo is the most approachable web rendering engine for new contributors, and I want to keep it that way.
What do you hope to see evolve in Servo over the next 1-2 years?
I would love to see a larger set of maintainers who review code changes, which will be good for maintainers and contributors alike. Similarly, I’d love to see more experienced contributors writing down the details for solving complex issues that only live in their heads right now. That’s how we grow a long-term project contributor base that skills up over time, by modelling that kind of behaviour.
Any final thoughts you’d like to share?
I’m humbled by how many people contribute to Servo, whether financially, through code, or just Zulip discussions. I think Servo is in a really lucky position, and I hope to continue shepherding it towards a bright future.
WebDriver is a remote control interface that enables introspection and control of user agents.As such itcanhelp developers to verify that their websites are working and performing well with all major browsers. The protocol is standardized by theW3C and consists of two separate specifications:WebDriver classic (HTTP) and the newWebDriver BiDi(Bi-Directional).
This newsletter gives an overview of the work we’ve done as part of the Firefox 143 release cycle.
Contributions
Firefox is an open source project, and we are always happy to receive external code contributions to our WebDriver implementation. We want to give special thanks to everyone who filed issues, bugs and submitted patches.
In Firefox 143, two contributors managed to land fixes and improvements in our codebase:
Liam (ldebeasi) implemented the logic to emit events for existing contexts when subscribing to the browsingContext.contextCreated event.
We implemented several new commands for the network module to enable recording network data.
network.addDataCollectoradds a network data collector to contexts, userContexts or globally. The collector will record network data corresponding to the provided dataTypes. At the moment, only the "response" data type is supported. A maxEncodedDataSize must also be provided, network data exceeding this size will not be recorded.
network.getDataretrieves the data collected for a provided request id, dataType and optionally collector id. When providing a collector id, clients may also pass the disown flag to release the network data from the collector. Note that data is deleted when it is no longer owned by any collector.
network.disownDatareleases the data for a given request id and dataType from the provided collector id.
Mozilla has always aimed to make Firefox available to as many people as possible, including those on older Android devices. For years, we’ve supported versions of Android going all the way back to 5 (Lollipop), which first launched in 2014. That broad support has helped extend the life of many devices. However, the Android ecosystem is constantly evolving and it has become increasingly difficult for us to find ways to maintain and develop apps on these long-unsupported platforms while also allowing Firefox to take advantage of more modern devices and Android operating systems.
Beginning with Firefox 144, the minimum supported Android version will increase to 8.0 (Oreo), which was released in 2017. At the same time, we will end support for 32-bit x86 Android devices. Usage of these older platforms has become increasingly rare, and continuing to support them has made it harder for us to deliver the best performance and reliability to the vast majority of our users.
If your device runs Android 7 or earlier, or if you rely on Firefox for a 32-bit x86 device, Firefox 143 will be the final version available to you. You will still be able to use that version, but it will no longer receive updates once Firefox 144 is released. Please note that 32-bit ARM devices will continue to be supported.
These changes apply not only to Firefox for Android but also to Firefox Focus & Klar, our privacy-first browsers. By narrowing our supported platforms, we can take better advantage of modern Android APIs, improve stability and security, and focus our engineering resources where they will have the greatest impact.
We know some users will be affected by this transition, and we don’t take that lightly. Our goal remains to balance broad accessibility with the ability to deliver the best possible Firefox experience on modern hardware and operating systems.
Hello wonderful community, it has been a while since the last Mobile update.
A lot has happened in the past 2 months, so let’s jump right into a quick overview of current work in progress and primary efforts.
Account Drawer in progress
If you’re rocking the Beta version of Thunderbird for Android, you might have noticed that all your unified folders have disappeared! Don’t panic, that’s just temporary.
We’re still churning through the technical debt and the database inconsistencies in order to create through virtual unified folders for all your accounts.
The final goal is the same as the one we shared in a previous update, which you can see the final mock-ups here:
Expect more updates in the coming releases.
iOS account setup
The work on the iOS version is moving at full speed!
We found ourselves in a bit of a tight spot due to the recent announcements of Apple with their new iOS 26 version, and a somewhat complete redesign of all the SwiftUI and general Human Interface Guidelines.
When will iOS 26 be widely available and adopted?
Will we have our iOS version of Thunderbird ready before that?
If we build it on current iOS 18 design guidelines, how would that look on the new version?
Will we need to update everything right after releasing the first version?
Due to these uncertainties, we decided to focus only on the new iOS 26 user interface and be compatible with the new version right off the bat.
We will need to test and explore carefully how that behaves on iOS 18 and prior, hoping for some available translation layers in order to guarantee compatibility.
For now, here’s a sneak peek of the Account Setup flow for iOS!
Read/Unread status improvements in Android
As we move through an old codebase and we work hard to modernize components and layouts, it is unfortunately inevitable that we accidentally break old features or setups that are familiar to users.
We apologize for the inconvenience, especially in this latest highlighted issue which created some discomfort when it comes to the visual distinction between read and unread messages.
The old UI offered an option to customize the background color of those states. Even if this solution sounds like a good approach, it created multiple problems related to following system themes, light/dark mode variations, and the overall outdated implementation that needed to be removed.
Some users were dissatisfied, and rightly so, due to the less than optimal visual distinction between those states that solely relied on background colors.
We already improved the overall visual consistency and distinction in that area, but we’re working towards implementing a much clearer visual representation for each state that doesn’t just rely on background colors.
We’re implementing a combination of background and foreground colors, font weight variation, and a visual indicator that specifically represents unread and new messages.
This approach will remove any confusion and hopefully completely fix this problem.
Thank you all those involved for your feedback and concerns, and for using the Beta version to provide early feedback and test the new updates.
A new release cadence
Starting from September, we’re switching to a faster and more consistent release cadence.
The first week of every month we will release a new beta version, for example v13b1, followed by a new incremental beta version with improvements and fixes directly from the main branch, being released every week during that month (eg: v13b2, v13b3, etc).
At the end of that month, the current beta, after being deemed reliable and having passed our QA steps, will be promoted as a stable version and at the same time a new beta branch will be released.
In summary, starting from September you can expect a new stable version and a new beta cycle every month.
Changing our cadence will allow us to expose new and work in progress features more quickly to our beta audience, and shorten the waiting time for users on the stable branch, with smaller and consistent incremental improvements.
Cheers,
—
Alessandro Castellani(he, him) Director, Desktop and Mobile Apps | Mozilla Thunderbird
Nate Gross added a new getKeys API method available across all browser.storage APIs (Bug 1910669)
Emma Zühlcke (:emz) added a fix so that the users can preview their webcam(s) before giving sites access to it. (To make sure users look their best, or just to figure out which of their many webcams is the correct one). (Bug 799415)
The New Tab team is testing out productivity widgets like a focus timer for healthy screen-time breaks and a list widget to manage your tasks.
Thanks to Jim Gong contributing changes needed to improve the errors reported by browser.cookies.set API method on invalid domains (Bug 1497064)
WebExtensions Framework
WebExtensions framework and AddonManager internals cleanups:
Thanks to Chase Philpot for contributing to WebExtensions internals cleanups by removing the now unnecessary filterStack helper function from the WebExtensions internals (Bug 1884618)
Thanks to Mauro V. [:cheff] for removing old rollout prefs for the userScripts APIs (Bug 1943057)
Huge shout out goes to Gregory Pappas 🎉 for his contributions to the work for removing the deprecated InstallTrigger API, as well as for fixing an issue (Bug 1979281) preventing use of Mochia test helpers in mochitest-browser tests and then refactoring browser_doorhanger_installs.js test cases to use the Mochia describe/it test helpers (Bug 1979294) 😍
Investigated issue introduced in recently released 1password WebExtension versions, which was triggering the extension process to hang, reported to 1password developers which have released a fixed version of their add-on (Bug 1980009)
We have also investigated why ProcessHangMonitor isn’t currently detecting and showing to the user a notification box on slow scripts that are making the extension process hanging and filed Bug 1980452 to capture the findings and tracking fixing that as a followup for the 1password incident.
Investigated and fixed AsyncShutdown failures hit due to a race between application shutdown and active add-ons background pages starting up (Bug 1959339)
As part of introducing support for WPT WebExtensions API tests (Bug 1949012), new browser.test.onTestStarted and browser.test.onTestFinished API events are now supported from inside tests running WPT mode (Bug 1971013)
Replaced mouseenter/mouseleave with mouseove/mouseout in browser-addons.js logic handled the extensions button auto-hiding mode (Bug 1976773)
Fixed bug which was generating WebExtensions uuids for extensions not yet installed and increasing the size of extensions.webextensions.uuids pref value unnecessarily (Bug 1974419)
Addon Manager & about:addons
Added new localized string to improve error message shown on add-on install flows failing due to errors hit on accessing the XPI file being installed (Bug 1976490)
DevTools
Kagami Rosylight migrated the DevTools color picker widget to Fluent for devtools color picker widget (#1978294)
Alexandre Poirot improved performance of the Debugger sources tree on pages with a lot of sources (#1976570)
For example, on a page with 90K sources, on Alex’s machine, we went from 3800ms to 190ms
Alexandre Poirot was able to make the Debugger reuse the same tab when pretty printing a source (#1971817)
It used to create a new Tab with the pretty content, which could be confusing
Nicolas Chevobbe made “Group Similar Messages” setting also impact the “repeat bubble”: when the feature is disabled, successive similar messages will all be displayed in the console (#1615206)
We received multiple reports of a phishing campaign targeting crates.io users
(from the rustfoundation.dev domain name), mentioning a compromise of our
infrastructure and asking users to authenticate to limit damage to their crates.
These emails are malicious and come from a domain name not controlled by the
Rust Foundation (nor the Rust Project), seemingly with the purpose of stealing
your GitHub credentials. We have no evidence of a compromise of the crates.io
infrastructure.
We are taking steps to get the domain name taken down and to monitor for
suspicious activity on crates.io. Do not follow any links in these emails if you
receive them, and mark them as phishing with your email provider.
Welcome back to the latest season of State of the Thunder! After a short break, we’re back and ready to go. Michael Ellis, our Manager of Community Programs, is helping Alessandro with hosting duties. Along with members of the Thunderbird team and community, they’re answering your questions and keeping everyone updated on our roadmap progress for our projects.
In this episode, we’re talking about our initiatives for regular community feedback, tackling a variety of questions, and providing status updates on the top 20-ish Mozilla Connect Thunderbird suggestions.
Community Questions
Accidental Message Order Sorting
Question: Clearly the number one issue with Thunderbird that breaks for many of my clients is that if they accidentally click on a column header the sorting of the message is changed. “My messages are gone” is what I then hear all the time from my clients. It would be wonderful if the sorting of the message could be locked and not changed through such an easy operation, which often is invoked accidentally.
Answer: This is a great usability question and a complicated one. Alessandro recommends switching to CardsView, as it’s harder to accidentally change. This one one of the reasons we implemented it! However, we can definitely explore options to lock the message order in through enterprise policies. We would want to be mindful of users who wanted to change the order.
Michael discusses the option of a pop-up warning that could inform the user they’re about the change the message sorting order. Increased friction through a pop-up, though, as Alessandro and Jesse Miksic from the design team both point out, can cause its own issues. But this is certainly something we’ll look into more!
Move Focus Keyboard Shortcut
Question: Could there be consideration to add a keystroke to immediately move the focus to the list of messages in the currently open mailbox? Even better if keystrokes that would automatically do this for the inbox folder or the default account.
Answer: Alessandro notes Thunderbird already has this ability, but it’s not super noticeable. The F6 key allows you to switch focuses between the main areas of the application. So we’re approaching this problem from two directions: implementing tabular keyboard navigation and customizable shortcuts. We don’t have an expected delivery date on the latter, but we plan to have a searchable keyboard shortcut hub. We know our interface can be a little daunting, and we’re tackling it from multiple angles.
Option for Simplified Thunderbird?
Question: I work for a company which develops a Raspberry Pi-based computer made specific… specifically for blind consumers. Thunderbird is installed on this device by default. Many of our users are not tech-savvy. and just want a simple email client. I would love to have an easy method for removing some of the clutters with the goal of having a UI with fewer controls. Currently, users often have to press the tab key many times just to move to the list of messages in their inbox. For some users, all they really want is the message list and the list of folders, with the menu bar open, and that’s it. A bit like we once had with Outlook Express.
Answer: Alessandro and Ryan Sipes, our director, have talked about the need for a lighter version of Thunderbird a lot. This would help users who don’t need all the power of Thunderbird, and just want to focus on their messages (not even their folders). However, Ryan doesn’t want a separate version of Thunderbird we’d need to maintain, but to build a better usability curve into Thunderbird. Answering this question means having a Thunderbird that is simple by default, but more powerful and customizable if needed, without upsetting our current users.
Heather Ellsworth from the community team also supports the idea of a user preference for a lighter Thunderbird. At conferences and co-working spaces, she constantly hears the requests for a slightly simpler version of Thunderbird.
Thunderbird PPA
Question: I’m using Linux, one of the Ubuntu-derived flavors. And I have Thunderbird 128.14 ESR installed through the Mozilla Team PPA. I would love to know when the ESR version of 140 will be available in this PPA.
Answer: Heather, who works a lot with Linux packaging, takes this question. This PPA isn’t an official distribution channel for Thunderbird, which leads to some confusion. Our official Linux packages are the Snap and flatpak, and the tarball available on our website. A community member named Rico, whose handle is ricotz, maintains this PPA. In the PPA, you can click on his name to learn how to contact him for question like this.
Top 20-ish Mozilla Connect Posts
If you’ve ever posted an idea to make Thunderbird better in a blog comment, social media post, or a SUMO (Mozilla Support) thread, you’ve probably been prompted to share your suggestion on Mozilla Connect. This helps us keep our community feedback in one place, which helps our team prioritize features the community wants!
Where we’re falling short, however, is keeping the community updated on the progress of their suggestions. With a dedicated community team, this is something we can do better! Right now, we’d like to provide a quick status update on the top 20-ish Mozilla Connect posts related to Thunderbird.
We implemented this in the Daily build of the desktop app last year, using a staging environment for Firefox Sync. But Firefox Sync is called Firefox Sync because it’s built for Firefox. Thunderbird profiles, in comparison, have a lot more data points. This meant we had to build something completely different.
As we started to spin up Thunderbird Pro, we decided it made more sense to have a Thunderbird account that would manage everything, including Sync. Unfortunately, this meant a lot of delays. So Sync is still on our radar, and we hope to have it next year, barring further complications.
Yes, we’re working on this, starting with native desktop notifications. Ideally, we want to be integrated with more Linux desktop environments through expanded native APIs.
We’re already adopting opt-in telemetry for an upcoming release of Thunderbird for Android, and we want to make this the default for desktop in the future. While desktop is currently opt-out, Alessandro stresses we only have a few limited telemetry probes for desktop Thunderbird. And those probes can show how the majority of users are using the app and help us avoid bad UX choices.
Exploring this is low on our list right now. This is both because of performance concerns and we want to be very cautious with anything concerning machine learning, which includes translation.
Anxious to know the rest of the top 20 Mozilla Connect posts? Join us on Tuesday, September 16 at 3 PM Pacific (22:00 UTC)! Find out how to join on the TB Planning mailing list. We think this will be a great season and who knows, by the end of it, we may even have a jingle. See you next time!
Hello and welcome to another issue of This Week in Rust!
Rust is a programming language empowering everyone to build reliable and efficient software.
This is a weekly summary of its progress and community.
Want something mentioned? Tag us at
@thisweekinrust.bsky.social on Bluesky or
@ThisWeekinRust on mastodon.social, or
send us a pull request.
Want to get involved? We love contributions.
This week's crate is GrimoireCSS, a CSS engine crafted in Rust,
focusing on unmatched flexibility, reusable dynamic styling, and optimized performance for every environment.
An important step for RFC implementation is for people to experiment with the
implementation and give feedback, especially before stabilization.
If you are a feature implementer and would like your RFC to appear in this list, add a
call-for-testing label to your RFC along with a comment providing testing instructions and/or
guidance on which aspect(s) of the feature need testing.
If you are a feature implementer and would like your RFC to appear on the above list, add the new call-for-testing
label to your RFC along with a comment providing testing instructions and/or guidance on which aspect(s) of the feature
need testing.
Always wanted to contribute to open-source projects but did not know where to start?
Every week we highlight some tasks from the Rust community for you to pick and get started!
Some of these tasks may also have mentors available, visit the task page for more information.
No Calls for participation were submitted this week.
If you are a Rust project owner and are looking for contributors, please submit tasks here or through a PR to TWiR or by reaching out on X (formerly Twitter) or Mastodon!
Are you a new or experienced speaker looking for a place to share something cool? This section highlights events that are being planned and are accepting submissions to join their event as a speaker.
No Calls for papers or presentations were submitted this week.
If you are an event organizer hoping to expand the reach of your event, please submit a link to the website through a PR to TWiR or by reaching out on X (formerly Twitter) or Mastodon!
If you are running a Rust event please add it to the calendar to get
it mentioned here. Please remember to add a link to the event too.
Email the Rust Community Team for access.
We are sorry you aren’t happy with the state of the async in the current edition of Rust. The memory ownership intuition you were meant to develop when working with single-threaded and/or parallel execution turned to be too expensive to port into our zero-cost concurrency framework, reinvented from scratch for the ultimate benefit to no one in particular.
Two months ago, we launched the first Rust Compiler Performance Survey, with the goal of helping us understand the biggest pain points of Rust developers related to build performance. It is clear that this topic is very important for the Rust community, as the survey received over 3 700 responses! We would like to thank everyone who participated in the survey, and especially those who described their workflows and challenges with an open answer. We plan to run this survey annually, so that we can observe long-term trends in Rust build performance and its perception.
In this post, we'll show some interesting results and insights that we got from the survey and promote work that we have already done recently or that we plan to do to improve the build performance of Rust code. If you would like to examine the complete results of the survey, you can find them here.
And now strap in, as there is a lot of data to explore! As this post is relatively long, here is an index of topics that it covers:
To understand the overall sentiment, we asked our respondents to rate their satisfaction with their build performance, on a scale from 0 (worst) to 10 (best). The average rating was 6, with most people rating their experience with 7 out of 10:
To help us understand the overall build experience in more detail, we also analyzed all open answers (over a thousand of them) written by our respondents, to help us identify several recurring themes, which we will discuss in this post.
One thing that is clear from both the satisfaction rating and the open answers is that the build experience differs wildly across users and workflows, and it is not as clear-cut as "Rust builds are slow". We actually received many positive comments about users being happy with Rust build performance, and appreciation for it being improved vastly over the past several years to the point where it stopped being a problem.
People also liked to compare their experience with other competing technologies. For example, many people wrote that the build performance of Rust is not worse, or is even better, than what they saw with C++. On the other hand, others noted that the build performance of languages such as Go or Zig is much better than that of Rust.
While it is great to see some developers being happy with the state we have today, it is clear that many people are not so lucky, and Rust's build performance limits their productivity. Around 45% respondents who answered that they are no longer using Rust said that at least one of the reasons why they stopped were long compile times.
In our survey we received a lot of feedback pointing out real issues and challenges in several areas of build performance, which is what we will focus on in this post.
Important workflows
The challenges that Rust developers experience with build performance are not always as simple as the compiler itself being slow. There are many diverse workflows with competing trade-offs, and optimizing build performance for them might require completely different solutions. Some approaches for improving build performance can also be quite unintuitive. For example, stabilizing certain language features could help remove the need for certain build scripts or proc macros, and thus speed up compilation across the Rust ecosystem. You can watch this talk from RustWeek about build performance to learn more.
It is difficult to enumerate all possible build workflows, but we at least tried to ask about workflows that we assumed are common and could limit the productivity of Rust developers the most:
We can see that all the workflows that we asked about cause significant problems to at least a fraction of the respondents, but some of them more so than others. To gain more information about the specific problems that developers face, we also asked a more detailed, follow-up question:
Based on the answers to these two questions and other experiences shared in the open answers, we identified three groups of workflows that we will discuss next:
Incremental rebuilds after making a small change
Type checking using cargo check or with a code editor
Clean, from-scratch builds, including CI builds
Incremental rebuilds
Waiting too long for an incremental rebuild after making a small source code change was by far the most common complaint in the open answers that we received, and it was also the most common problem that respondents said they struggle with. Based on our respondents' answers, this comes down to three main bottlenecks:
Changes in workspaces trigger unnecessary rebuilds. If you modify a crate in a workspace that has several dependent crates and perform a rebuild, all those dependent crates will currently have to be recompiled. This can cause a lot of unnecessary work and dramatically increase the latency of rebuilds in large (or deep) workspaces. We have some ideas about how to improve this workflow, such as the "Relink, don't rebuild" proposal, but these are currently in a very experimental stage.
The linking phase is too slow. This was a very common complaint, and it is indeed a real issue, because unlike the rest of the compilation process, linking is always performed "from scratch". The Rust compiler usually delegates linking to an external/system linker, so its performance is not completely within our hands. However, we are attempting to switch to faster linkers by default. For example, the most popular target (x86_64-unknown-linux-gnu) will very soon switch to the LLD linker, which provides significant performance wins. Long-term, it is possible that some linkers (e.g. wild) will allow us to perform even linking incrementally.
Incremental rebuild of a single crate is too slow. The performance of this workflow depends on the cleverness of the incremental engine of the Rust compiler. While it is already very sophisticated, there are some parts of the compilation process that are not incremental yet or that are not cached in an optimal way. For example, expansion of derive proc macros is not currently cached, although work is underway to change that.
Several users have mentioned that they would like to see Rust perform hot-patching (such as the subsecond system used by the Dioxus UI framework or similar approaches used e.g. by the Bevy game engine). While these hot-patching systems are very exciting and can produce truly near-instant rebuild times for specialized use-cases, it should be noted that they also come with many limitations and edge-cases, and it does not seem that a solution that would allow hot-patching to work in a robust way has been found yet.
To gauge how long is the typical rebuild latency, we asked our respondents to pick a single Rust project that they work on and which causes them to struggle with build times the most, and tell us how long they have to wait for it to be rebuilt after making a code change.
Even though many developers do not actually experience this latency after each code change, as they consume results of type checking or inline annotations in their code editor, the fact that 55% of respondents have to wait more than ten seconds for a rebuild is far from ideal.
If we partition these results based on answers to other questions, it is clear that the rebuild times depend a lot on the size of the project:
We would love to get to a point where the time needed to rebuild a Rust project is dependent primarily on the amount of performed code changes, rather than on the size of the codebase, but clearly we are not there yet.
Type checking and IDE performance
Approximately 60% of respondents say that they use cargo terminal commands to type check, build or test their code, with cargo check being the most commonly used command performed after each code change:
While the performance of cargo check does not seem to be as big of a blocker as e.g. incremental rebuilds, it also causes some pain points. One of the most common ones present in the survey responses is the fact that cargo check does not share the build cache with cargo build. This causes additional compilation to happen when you run e.g. cargo check several times to find all type errors, and when it succeeds, you follow up with cargo build to actually produce a built artifact. This workflow is an example of competing trade-offs, because sharing the build cache between these two commands by unifying them more would likely make cargo check itself slightly slower, which might be undesirable to some users. It is possible that we might be able to find some middle ground to improve the status quo though. You can follow updates to this work in this issue.
A related aspect is the latency of type checking in code editors and IDEs. Around 87% of respondents say that they use inline annotations in their editor as the primary mechanism of inspecting compiler errors, and around 33% of them consider waiting for these annotations to be a big blocker. In the open answers, we also received many reports of Rust Analyzer's performance and memory usage being a limiting factor.
The maintainers of Rust Analyzer are working hard on improving its performance. Its caching system is being improved to reduce analysis latency, the distributed builds of the editor are now optimized with PGO, which provided 15-20% performance wins, and work is underway to integrate the compiler's new trait solver into Rust Analyzer, which could eventually also result in increased performance.
More than 35% users said that they consider the IDE and Cargo blocking one another to be a big problem. There is an existing workaround for this, where you can configure Rust Analyzer to use a different target directory than Cargo, at the cost of increased disk space usage. We realized that this workaround has not been documented in a very visible way, so we added it to the FAQ section of the Rust Analyzer book.
Clean and CI builds
Around 20% of participants responded that clean builds are a significant blocker for them. In order to improve their performance, you can try a recently introduced experimental Cargo and compiler option called hint-mostly-unused, which can in certain situations help improve the performance of clean builds, particularly if your dependencies contain a lot of code that might not actually be used by your crate(s).
One area where clean builds might happen often is Continuous Integration (CI). 1495 respondents said that they use CI to build Rust code, and around 25% of them consider its performance to be a big blocker for them. However, almost 36% of respondents who consider CI build performance to be a big issue said that they do not use any caching in CI, which we found surprising. One explanation might be that the generated artifacts (the target directory) is too large for effective caching, and runs into usage limits of CI providers, which is something that we saw mentioned repeatedly in the open answers section. We have recently introduced an experimental Cargo and compiler option called -Zembed-metadata that is designed to reduce the size of the target directories, and work is also underway to regularly garbage collect them. This might help with the disk space usage issue somewhat in the future.
One additional way to significantly reduce disk usage is to reduce the amount of generated debug information, which brings us to the next section.
Debug information
The default Cargo dev profile generates full debug information (debuginfo) both for workspace crates and also all dependencies. This enables stepping through code with a debugger, but it also increases disk usage of the target directory, and crucially it makes compilation and linking slower. This effect can be quite large, as our benchmarks show a possible improvement of 2-30% in cycle counts if we reduce the debuginfo level to line-tables-only (which only generates enough debuginfo for backtraces to work), and the improvements are even larger if we disable debuginfo generation completely1.
However, if Rust developers debug their code after most builds, then this cost might be justified. We thus asked them how often they use a debugger to debug their Rust code:
This is the problem with changing defaults: it is challenging to improve the workflows of one user without regressing the workflow of another. For completeness, here are the answers to the previous question partitioned on the answer to the "How often do you use a debugger" question:
It was surprising for us to see that around a quarter of respondents who (almost) never use a debugger still want to have full debuginfo generated by default.
Of course, you can always disable debuginfo manually to improve your build performance, but not everyone knows about that option, and defaults matter a lot. The Cargo team is considering ways of changing the status quo, for example by reducing the level of generated debug information in the dev profile, and introducing a new built-in profile designed for debugging.
Workarounds for improving build performance
Build performance of Rust is affected by many different aspects, including the configuration of the build system (usually Cargo) and the Rust compiler, but also the organization of Rust crates and used source code patterns. There are thus several approaches that can be used to improve build performance by either using different configuration options or restructuring source code. We asked our respondents if they are even aware of such possibilities, whether they have tried them and how effective they were:
It seems that the most popular (and effective) mechanisms for improving build performance are reducing the number of dependencies and their activated features, and splitting larger crates into smaller crates. The most common way of improving build performance without making source code changes seems to be the usage of an alternative linker. It seems that especially the mold and LLD linkers are very popular:
We have good news here! The most popular x86_64-unknown-linux-gnu Linux target will start using the LLD linker in the next Rust stable release, resulting in faster link times by default. Over time, we will be able to evaluate how disruptive is this change to the overall Rust ecosystem, and whether we could e.g. switch to a different (even faster) linker.
Build performance guide
We were surprised by the relatively large number of users who were unaware of some approaches for improving compilation times, in particular those that are very easy to try and typically do not require source code changes (such as reducing debuginfo or using a different linker or a codegen backend). Furthermore, almost 42% of respondents have not tried to use any mechanism for improving build performance whatsoever. While this is not totally unexpected, as some of these mechanisms require using the nightly toolchain or making non-trivial changes to source code, we think that one the reasons is also simply that Rust developers might not know about these mechanisms being available. In the open answers, several people also noted that they would appreciate if there was some sort of official guidance from the Rust Project about such mechanisms for improving compile times.
It should be noted that the mechanisms that we asked about are in fact workarounds that present various trade-offs, and these should always be carefully considered. Several people have expressed dissatisfaction with some of these workarounds in the open answers, as they find it unacceptable to modify their code (which could sometimes result e.g. in increased maintenance costs or worse runtime performance) just to achieve reasonable compile times. Nevertheless, these workarounds can still be incredibly useful in some cases.
The feedback that we received shows that it might be beneficial to spread awareness of these mechanisms in the Rust community more, as some of them can make a really large difference in build performance, but also to candidly explain the trade-offs that they introduce. Even though several great resources that cover this topic already exist online, we decided to create an official guide for optimizing build performance (currently work-in-progress), which will likely be hosted in the Cargo book. The aim of this guide is to increase the awareness of various mechanisms for improving build performance, and also provide a framework for evaluating their trade-offs.
Our long-standing goal is to make compilation so fast that similar workarounds will not be necessary anymore for the vast majority of use-cases. However, there is no free lunch, and the combination of Rust's strong type system guarantees, its compilation model and also heavy focus on runtime performance often go against very fast (re)build performance, and might require usage of at least some workarounds. We hope that this guide will help Rust developers learn about them and evaluate them for their specific use-case.
Understanding why builds are slow
When Rust developers experience slow builds, it can be challenging to identify where exactly is the compilation process spending time, and what could be the bottleneck. It seems that only very few Rust developers leverage tools for profiling their builds:
This hardly comes as a surprise. There are currently not that many ways of intuitively understanding the performance characteristics of Cargo and rustc. Some tools offer only a limited amount of information (e.g. cargo build --timings), and the output of others (e.g. -Zself-profile) is very hard to interpret without knowledge of the compiler internals.
To slightly improve this situation, we have recently added support for displaying link times to the cargo build --timings output, to provide more information about the possible bottleneck in crate compilation (note this feature has not been stabilized yet).
Long-term, it would be great to have tooling that could help Rust developers diagnose compilation bottlenecks in their crates without them having to understand how the compiler works. For example, it could help answer questions such as "Which code had to be recompiled after a given source change" or "Which (proc) macros take the longest time to expand or produce the largest output", and ideally even offer some actionable suggestions. We plan to work on such tooling, but it will take time to manifest.
One approach that could help Rust compiler contributors understand why are Rust (re)builds slow "in the wild" is the opt-in compilation metrics collection initiative.
What's next
There are more interesting things in the survey results, for example how do answers to selected questions differ based on the used operating system. You can examine the full results in the full report PDF.
We would like to thank once more everyone who has participated in our survey. It helped us understand which workflows are the most painful for Rust developers, and especially the open answers provided several great suggestions that we tried to act upon.
Even though the Rust compiler is getting increasingly faster every year, we understand that many Rust developers require truly significant improvements to improve their productivity, rather than "just" incremental performance wins. Our goal for the future is to finally stabilize long-standing initiatives that could improve build performance a lot, such as the Cranelift codegen backend or the parallel compiler frontend. One such initiative (using a faster linker by default) will finally land soon, but the fact that it took many years shows how difficult it is to make such large cutting changes to the compilation process.
We know that some people are wondering why it takes so much time to achieve progress in improving the build performance of Rust. The answer is relatively simple. These changes require a lot of work, domain knowledge (that takes a relatively long time to acquire) and many discussions and code reviews, and the pool of people that have time and motivation to work on them or review these changes is very limited. Current compiler maintainers and contributors (many of whom work on the compiler as volunteers, without any funding) work very hard to keep up with maintaining the compiler and keeping it working with the high-quality bar that Rust developers expect, across many targets, platforms and operating systems. Introducing large structural changes, which are likely needed to reach massive performance improvements, would require a lot of concentrated effort and funding.
This benchmark was already performed using the fast LLD linker. If a slower linker was used, the build time wins would likely be even larger. ↩
Potentially because of the strong invariants upheld by the Rust type system, and partly also because the Rust debugging experience might not be optimal for many users, which is a feedback that we received in the State of Rust 2024 survey. ↩
The promise of an open and competitive internet hangs in the balance. From the future of AI agents to the underappreciated role of browsers and browser engines, the technological landscape continues to evolve. Getting the regulatory and enforcement backdrop right is critical: from competition bills in Congress to the EU’s DMA, the stakes for innovation, privacy and consumer choice have never been higher.
On mobile, browsing often means quick checks on small screens, squeezed in between everything else you’re doing. We built Shake to Summarize on iOS to give you a clear summary with one move. That way, you can get what you need more easily and keep going.
How it works
Whether you just want the recipe, need to know something fast, or want to see if a long read is worth the time, Shake to Summarize gives you the key takeaways in seconds. To activate it, you can:
Shake your device.
Tap the thunderbolt icon in the address bar.
Or, from the menu, tap three dots > Summarize Page.
The feature works on webpages with fewer than 5,000 words. (Learn more about content you can summarize here.)
Here’s an example of a summary:
If you have an iPhone 15 Pro or later with iOS 26+, the summary is created on your device using Apple Intelligence. On other devices with earlier iOS versions, the page text is sent securely to Mozilla cloud-based AI, which creates the summary and sends it back.
Rollout starts Sept. 9
Shake to Summarize starts rolling out this week in the U.S. for English-language Firefox iOS users, then expands from there.
You’ll see a prompt the first time you come across content that can be summarized, and you can turn the feature on or off in settings anytime.
Summarize a page on desktop
You can also summarize pages in Firefox on desktop with your choice of chatbot provider:
Select Summarize Page at the bottom of the chatbot sidebar.
Or hold down Control while you click, then choose Ask [chatbot name] > Summarize Page.
Last week, Judge Amit Mehta issued a ruling in the remedies proceedings of the U.S. v. Google LLC search case. Among the issues addressed, one key aspect that stood out for us was the court’s ruling on Google’s search agreements.
The Court ordered changes to Google’s search agreements to give browsers more flexibility. Under the court’s decision, Google cannot restrict browsers from defaulting to or offering different search engines / generative AI services. They can also not prevent browsers from promoting these services.
Crucially, the Court considered but ultimately rejected a proposed ban on search payments to small, independent browsers like Firefox. If the ban had been enforced, it would have made it harder for independent browsers to compete, effectively reducing competition in the browser market.
In his reasoning, Judge Mehta cited Mozilla’s testimony, recognizing that banning payments to smaller browsers would harm innovation, competition, and consumers, and would threaten the pro-competitive role of Mozilla in the ecosystem. Ensuring that Mozilla’s Gecko — the only independent browser engine left — can continue to compete with Google and Apple is vital for the future of the open web.
The court also required a range of data sharing remedies — narrowing the scope of those proposed by the Department of Justice and State Attorneys General, while broadening their access. As Mozilla has discovered first-hand through previous antitrust cases and the implementation of the EU Digital Markets Act, ensuring that such remedies are effective in restoring competition requires careful attention and monitoring. Careful thought must also be given to protecting user privacy and security.
It will also be critical to ensure that these data remedies avoid simply transferring power from one tech giant to another — particularly given the focus on facilitating greater search competition through AI providers.
This balance is something we’ve stressed throughout the trial. True competition in search starts with a healthy marketplace, one where small and large companies can compete on merit, where consumers have choice, and where the best new products, features, and ideas have a chance.
As this case continues to unfold, one thing won’t change: Mozilla’s commitment to an internet that’s open, accessible, and built for the public good. We’ve historically met market and regulatory shifts with creativity and care. Each moment has helped us grow and discover new ways to live out our mission, and we’re invigorated about the path forward.
I’ve got my hands on an internet-connected camera and decided to take a closer look, having already read about security issues with similar cameras. What I found far exceeded my expectations: fake access controls, bogus protocol encryption, completely unprotected cloud uploads and firmware riddled with security flaws. One could even say that these cameras are Murphy’s Law turned solid: everything that could be done wrong has been done wrong here. While there is considerable prior research on these and similar cameras that outlines some of the flaws, I felt that the combination of severe flaws is reason enough to publish an article of my own.
My findings should apply to any camera that can be managed via the LookCam app. This includes cameras meant to be used with less popular apps of the same developer: tcam, CloudWayCam, VDP, AIBoxcam, IP System. Note that the LookCamPro app, while visually very similar, is technically quite different. It also uses the PPPP protocol for low-level communication but otherwise doesn’t seem to be related, and the corresponding devices are unlikely to suffer from the same flaws.
There seems to be little chance that things will improve with these cameras. I have no way of contacting either the hardware vendors or the developers behind the LookCam app. In fact, it looks like masking their identity was done on purpose here. But even if I could contact them, the cameras lack an update mechanism for their firmware. So fixing the devices already sold is impossible.
I have no way of knowing how many of these cameras exist. The LookCam app is currently listed with almost 1.5 million downloads on Google Play however. An iPhone and a Windows version of the app are also available but no public statistics exist here.
Contents
The highlights
The camera cannot be easily isolated from unauthorized access. It can either function as a WiFi access point, but setting a WiFi password isn’t possible. Or it can connect to an existing network, and then it will insist on being connected to the internet. If internet access is removed the camera will go into a reboot loop. So you have the choice of letting anybody in the vicinity access this camera or allowing it to be accessed from the internet.
The communication of this camera is largely unencrypted. The underlying PPPP protocol supports “encryption” which is better described as obfuscation, but the LookCam app almost never makes use of it. Not that it would be of much help, the proprietary encryption algorithms being developed without any understanding of cryptography. These rely on static encryption keys which are trivially extracted from the app but should be easy enough to deduce even from merely observing some traffic.
The camera firmware is riddled with buffer overflow issues which should be trivial to turn into arbitrary code execution. Protection mechanisms like DEP or ASLR might have been a hurdle but these are disabled. And while the app allows you to set an access password, the firmware doesn’t really enforce it. So access without knowing the password can be accomplished simply by modifying the app to skip the password checks.
The only thing preventing complete compromise of any camera is the “secret” device ID which has to be known in order to establish a connection. And by “secret” I mean that device IDs can generally be enumerated but they are “secured” with a five letter verification code. Unlike with some similar cameras, the algorithm used to generate the verification code isn’t public knowledge yet. So somebody wishing to compromise as many cameras as possible would need to either guess the algorithm or guess the verification codes by trying out all possible combinations. I suspect that both approaches are viable.
And while the devices themselves have access passwords which a future firmware version could in theory start verifying, the corresponding cloud service has no authentication beyond knowledge of the device ID. So any recordings uploaded to the cloud are accessible even if the device itself isn’t. Even if the camera owner hasn’t paid for the cloud service, anyone could book it for them if they know the device ID. The cloud configuration is managed by the server, so making the camera upload its recordings doesn’t require device access.
The hardware
Most cameras connecting to the LookCam app are being marketed as “spy cam” or “nanny cam.” These are made to look like radio clocks, USB chargers, bulb sockets, smoke detectors, even wall outlets. Most of the time their pretended functionality really works. In addition they have an almost invisible pinhole camera that can create remarkably good recordings. I’ve seen prices ranging from US$40 to hundreds of dollars.
The marketing spin says that these cameras are meant to detect when your house is being robbed. Or maybe they allow you to observe your baby while it is in the next room. Of course, in reality people are far more inventive in their use of tiny cameras. Students discovered them for cheating in exams. Gamblers use them to get an advantage at card games. And then there is of course the matter of non-consentual video recordings. So next time you stay somewhere where you don’t quite trust the host you might want to search for “LookCam” on YouTube, just to get an idea of how to recognize such devices.
The camera I had was based on the Anyka AK39Ev330 hardware platform, essentially an ARM CPU with an attached pinhole camera. Presumably, other cameras connecting to the LookCam app are similar, even though there are some provisions for hardware differences in the firmware. The device looked very convincing, its main giveaway being unexpected heat development.
All LookCam cameras I’ve seen were strictly noname devices, it is unclear who builds them. Given the variety of competing form factors I suspect that a number of hardware vendors are involved. Maybe there is one vendor producing the raw camera kit and several others who package it within the respective casings.
The LookCam app
The LookCam app can manage a number of cameras. Some people demonstrating the app on YouTube had around 50 of them, though I suspect that these are camera sellers and not regular users.
<figcaption>
LookCam app as seen in the example screenshot
</figcaption>
While each camera can be given a custom name, its unique ID is always visible as well. For example, the first camera listed in the screenshot above has the ID GHBB-000001-NRLXW which the apps shortens into G000001NRLXW. Here GHBB is the device prefix: LookCam supports a number of these but only BHCC, FHBB and GHBB seem to exist in reality (abbreviated as B, F and G respectively). 000001 is the device number, each prefix can theoretically support a million devices. The final part is a five-letter verification code: NRLXW. This one has to be known for the device connection to succeed, it makes enumerating device IDs more difficult.
Out of the box, the device is in access point mode: it provides a WiFi access point with the device ID used as wireless network name. You can connect to that access point, and LookCam will be able to find the camera via a network broadcast, allowing you to configure it. You might be inclined to leave the camera in access point mode but it is impossible to set a WiFi password. This means that anybody in the vicinity can connect to this WiFi network and access the camera through it. So there is no way around configuring the camera to connect to your network.
Once the camera is connected to your network the P2P “magic” happens. LookCam app can still find the camera via a network broadcast. But it can also establish a connection when you are not on the same network. In other words: the camera can be accessed from the internet, assuming that someone knows its device ID.
Exposing the camera to internet-based attacks might not be something that you want, with it being in principle perfectly capable of writing its recordings to an SD card. But if you deny it access to the internet (e.g. via a firewall rule) the camera will try to contact its server, fail, panic and reboot. It will keep rebooting until it receives a response from the server.
One thing to note is also: the device ID is displayed in pretty much every screen of this app. So when users share screenshots or videos of the app (which they do often) they will inevitably expose the ID of their camera, allowing anyone in the world to connect to it. I’ve seen very few cases of people censoring the device ID, clearly most of them aren’t aware that it is sensitive information. The LookCam app definitely isn’t communicating that it is.
The PPPP protocol
The basics
How can LookCam establish a connection to the camera having only its device ID? The app uses the PPPP protocol developed by the Chinese company CS2 Network. Supposedly, in 2019 CS2 Network had 300 customers with 20 million devices in total. This company supplies its customers with a code library and the corresponding server code which the customers can run as a black box. The idea of the protocol is providing an equivalent of the TCP protocol which implicitly locates a device by its ID and connects to it.
<figcaption>
Slide from a CS2 Network sales pitch
</figcaption>
Side note: Whoever designed this protocol didn’t really understand TCP. For example, they tried to replicate the fault tolerance of TCP. But instead of making retransmissions an underlying protocol feature there are dozens of different (not duplicated but really different) retransmission loops throughout the library. Where TCP tries to detect network congestions and back off the PPPP protocol will send even more retransmitted messages, rendering suboptimal connections completely unusable.
Despite being marketed as Peer-to-Peer (P2P) this protocol relies on centralized servers. Each device prefix is associated with a set of three servers, this being the protocol designers’ idea of high-availability infrastructure. Devices regularly send messages to all three servers, making sure that these are aware of the device’s IP address. When the LookCam app (client) wants to connect to a device, it also contacts all three servers to get the device’s IP address.
<figcaption>
Slide from a CS2 Network sales pitch
</figcaption>
The P2P part is the fact that device and client try to establish a direct connection instead of relaying all communication via a central server. The complicating factor here are firewalls which usually disallow direct connections. The developers didn’t like established approaches like Universal Plug and Play (UPnP), probably because these are often disabled for security reasons. So they used a trick called UDP hole punching. This involves guessing which port the firewall assigned to outgoing UDP traffic and then communicating with that port, so that the firewall considers incoming packets a response to previously sent UDP packets and allows them through.
Does that always work? That’s doubtful. So the PPPP protocol allows for relay servers to be used as fallback, forwarding traffic from and to the device. But this direct communication presumably succeeds often enough to keep the traffic on PPPP servers low, saving costs.
The FHBB and GHBB device prefixes are handled by the same set of servers, named the “mykj” network in the LookCam app internally. Same string appears in the name of the main class as well, indicating that it likely refers to the company developing the app. This seems to be a short form of “Meiyuan Keji,” a company name that translates as “Dollar Technology.” I couldn’t find any further information on this company however.
The BHCC device prefix is handled by a different set of servers that the app calls the “hekai” network. The corresponding devices appear to be marketed in China only.
The “encryption”
With potentially very sensitive data being transmitted one would hope that the data is safely encrypted in transit. The TCP protocol outsources this task to additional layers like TLS. The PPPP protocol on the other hand has built-in “encryption,” in fact even two different encryption mechanisms.
First there is the blanket encryption of all transmitted messages. The corresponding function is aptly named P2P_Proprietary_Encrypt and it is in fact a very proprietary encryption algorithm. To my untrained eye there are a few issues with it:
It is optional, with many networks choosing not to use it (like all networks supported by LookCam).
When present, the encryption key is part of the “init string” which is hardcoded in the app. It is trivial to extract from the application, even a file viewer will do if you know what to look for.
Even if the encryption key weren’t easily extracted, it is mashed into four bytes which become the effective key. So there are merely four billion possible keys.
Even if it weren’t possible to just go through all possible encryption keys, the algorithm can be trivially attacked via a known-plaintext attack. It’s sometimes even possible to deduce the effective key by passively observing a single four bytes MSG_HELLO message (it is known that the first four bytes message sent to port 32100 has the plaintext F1 00 00 00).
In addition to that, some messages get special treatment. For example, the MSG_REPORT_SESSION_READY message is generally encrypted via P2P_Proprietary_Encrypt function with a key that is hardcoded in the CS2 library and has the same value in every app I checked.
Some messages employ a different encryption method. In case of the networks supported by LookCam it is only the MSG_DEV_LGN_CRC message (device registering with the server) that is used instead of the plaintext MSG_DEV_LGN message. As this message is sent by the device, the corresponding encryption key is only present in the device firmware, not in the application. I didn’t bother checking whether the server would still accept the unencrypted MSG_DEV_LGN message.
The encryption function responsible here is PPPP_CRCEnc. No, this isn’t a cyclic redundancy check (CRC). It’s rather an encryption function that will extend the plaintext by a four bytes padding. The decryptor will validate the padding, presumably that’s the reason for the name.
Of course, this still doesn’t make it an authenticated encryption scheme, yet the padding oracle attack is really the least of its worries. While there is a complicated selection approach, it effectively results in a sequence of bytes that the plaintext is XOR’ed with. Same sequence for every single message being encrypted in this way. Wikipedia has the following to say on the security of XOR ciphers:
By itself, using a constant repeating key, a simple XOR cipher can trivially be broken using frequency analysis. If the content of any message can be guessed or otherwise known then the key can be revealed.
Well, yes. That’s what we have here.
It’s doubtful that any of these encryption algorithms can deter even a barely determined attacker. But a blanket encryption with P2P_Proprietary_Encrypt (which LookCam doesn’t enable) would have three effects:
Network traffic is obfuscated, making the contents of transmitted messages not immediately obvious.
Vulnerable devices cannot be discovered on the local network using the script developed by Paul Marrapese. This script relies on devices responding to an unencrypted search request.
P2P servers can no longer be discovered easily and won’t show up on Shodan for example. This discovery method relies on servers responding to an unencrypted MSG_HELLO message.
The threat model
It is obvious that the designers of the PPPP protocol don’t understand cryptography, yet for some reason they don’t want to use established solutions either. It cannot even be about performance because AES is supported in hardware on these devices. But why for example this strange choice of encrypting a particular message while keeping the encryption of highly private data optional? Turns out, this is due to the threat model used by the PPPP protocol designers.
<figcaption>
Slide from a CS2 Network sales pitch
</figcaption>
As a CS2 Network presentation deck shows, their threat model isn’t concerned about data leaks. The concern is rather denial-of-service attacks caused by registering fake devices. And that’s why this one message enjoys additional encryption. Not that I really understand the concern here, since the supposed hacker would still have to generate valid device IDs somehow. And if they can do that – well, them bringing the server down should really be the least concern.
But wait, there is another security layer here!
<figcaption>
Slide from a CS2 Network sales pitch
</figcaption>
This is about the “init string” already mentioned in the context of encryption keys above. It also contains the IP addresses of the servers, mildly obfuscated. While these were “given to platform owner only,” these are necessarily contained in the LookCam app:
Some other apps contain dozens of such init strings, allowing them to deal with many different networks. So the threat model of the PPPP protocol cannot imagine someone extracting the “encrypted P2P server IP string” from the app. It cannot imagine someone reverse engineering the (trivial) obfuscation used here. And it definitely cannot imagine someone reverse engineering the protocol, so that they can communicate with the servers via “raw IP string” instead of their obfuscated one. Note: The latter has happened on several documented occasions already, e.g. here.
These underlying assumptions become even more obvious on this slide:
<figcaption>
Slide from a CS2 Network sales pitch
</figcaption>
Yes, the only imaginable way to read out network data is via the API of their library. With a threat model like this, it isn’t surprising that the protocol makes all the wrong choices security-wise.
The firmware
Once a connection is etablished the LookCam app and the camera will exchange JSON-encoded messages like the following:
{"cmd":"LoginDev","pwd":"123456"}
A paper from the Warwick University already took a closer look at the firmware and discovered something surprising. The LookCam app will send a LoginDev command like above to check whether the correct access password is being used for the device. But sending this command is entirely optional, and the firmware will happily accept other commands without a “login”!
The LookCam app will also send the access password along with every other command yet this password isn’t checked by the firmware either. I tried adding a trivial modification to the LookCam app which made it ignore the result of the LoginDev command. And this in fact bypassed the authentication completely, allowing me to access my camera despite a wrong password.
I could also confirm their finding that the DownloadFile command will read arbitrary files, allowing me to extract the firmware of my camera with the approach described in the paper. They even describe a trivial Remote Code Execution vulnerability which I also found in my firmware: that firmware often relies on running shell commands for tasks that could be easily done in its C language code.
This clearly isn’t the only Remote Code Execution vulnerability however. Here is some fairly typical code for this firmware:
This code copies a string (pointlessly but this isn’t the issue here). It completely fails to consider the size of the target buffer, going by the size of the incoming data instead. So any command larger than 255 bytes will cause a buffer overflow. And there is no stack canary here, Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) are disabled, so nothing prevents this buffer overflow from being turned into Remote Code Execution.
Finally, I’ve discovered that the searchWiFiList command will produce the list of WiFi networks visible to the camera. These by itself often already allow a good guess as to where the camera is located. In combination with a geolocation service these will typically narrow down the camera’s position to a radius of only a few dozen meters.
The only complication here: most geolocation services require not the network names but the MAC addresses of the access points. The MAC addresses aren’t part of the response data however. But: searchWiFiList works by running iwlist shell command and storing the complete output in /tmp/wifi_scan.txt file. It reads this file but does not remove it. This means that the file can subsequently be downloaded via DownloadFile command (allows reading arbitrary files as mentioned above) and that one contains full data including MAC addresses of all access points. So somebody who happened to learn the device ID can not only access the video stream but also find out where exactly this footage is being recorded.
The camera I’ve been looking at is running firmware version 2023-11-22. Is there a newer version, maybe one that fixes the password checks or the already published Remote Code Execution vulnerability? I have no idea. If the firmware for these cameras is available somewhere online then I cannot find it. I’ve also been looking for some kind of update functionality in these devices. But there is only a generic script from the Anyka SDK which isn’t usable for anyone other than maybe the hardware vendor.
The cloud
When looking at the firmware I noticed some code uploading 5 MiB data chunks to api.l040z.com (or apicn.l040z.com if you happen to own a BHCC device). Now uploading exactly 5 MiB is weird (this size is hardcoded) but inspecting the LookCam app confirmed it: this is cloud functionality, and the firmware regularly uploads videos in this way. At least it does that when cloud functionality is enabled.
First thing worth noting: while the cloud server uses regular HTTP rather than some exotic protocol, all connections to it are generally unencrypted. The firmware simply lacks a TLS library it could use, and so the server doesn’t bother with supporting TLS. Meaning for example: if you happen to use their cloud functionality your ISP better be very trustworthy because it can see all the data your camera sends to the LookCam cloud. In fact, your ISP could even run its own “cloud server” and the camera will happily send your recorded videos to it.
Anyone dare a guess what the app developers mean by “financial-grade encryption scheme” here? Is it worse or better than military-grade encryption?
<figcaption>
Screenshot from the LookCam app
</figcaption>
Second interesting finding: the cloud server has no authentication whatsoever. The camera only needs to know its device ID when uploading to the cloud. And the LookCam app – well, any cloud-related requests here also require device ID only. If somebody happens to learn your device ID they will gain full access to your cloud storage.
Now you might think that you can simply skip paying for the cloud service which, depending on the package you book, can come for as much as $40 per month. But this doesn’t mean that you are on the safe side because you aren’t the one controlling the cloud functionality on your device, the cloud server is. Every time the device boots up it sends a request to http://api.l040z.com/camera/signurl and the response tells it whether cloud functionality needs to be enabled.
So if LookCam developers decide that they want to see what your camera is doing (or if Chinese authorities become interested in that), they can always adjust that server response and the camera will start uploading video snapshots. You won’t even notice anything because the LookCam app checks cloud configuration by requesting http://api.l040z.com/app/cloudConfig which can remain unchanged.
And they aren’t the only ones who can enable the cloud functionality of your device. Anybody who happens to know your device ID can buy a cloud package for it. This way they can get access to your video recordings without ever accessing your device directly. And you will only notice the cloud functionality being active if you happen to go to the corresponding tab in the LookCam app.
How safe are device IDs?
Now that you are aware of device IDs being highly sensitive data, you certainly won’t upload screenshots containing them to social media. Does that mean that your camera is safe because nobody other than you knows its ID?
The short answer is: you don’t know that. First of all, you simply don’t know who already has your device ID. Did the shop that sold you the camera write the ID down? Did they maybe record a sales pitch featuring your camera before they sold it to you? Did somebody notice your camera’s device ID show up in the list of WiFi networks when it was running in access point mode? Did anybody coming to your home run a script to discover PPPP devices on the network? Yes, all of that might seem unlikely, yet it should be reason enough to wonder whether your camera’s recordings are really as private as they should be.
Then there is the issue of unencrypted data transfers. Whenever you connect to your camera from outside your home network the LookCam app will send all data unencrypted – including the device ID. Do you do that when connected to public WiFi? At work? In a vacation home? You don’t know who else is listening.
And finally there is the matter of verification codes which are the only mechanism preventing somebody from enumerating all device IDs. How difficult would it be to guess a verification code? Verification codes seem to use 22 letters (all Latin uppercase letters but A, I, O, Q). With five letters this means around 5 million possible combinations. According to Paul Marrapese PPPP servers don’t implement rate limiting (page 33), making trying out all these combinations perfectly realistic – maybe not for all possible device IDs but definitely for some.
But that resource-intensive approach is only necessary as long as the algorithm used to generate verification codes is a secret. Yet we have to assume that at least CS2 Network’s 300 customers have access to that algorithm, given that their server software somehow validates device IDs. Are they all trustworthy? How much would it cost to become a “customer” simply in order to learn that algorithm?
And even if we are willing to assume that CS2 Network runs proper background checks to ensure that their algorithm remains a secret: how difficult would it be to guess that algorithm? I found a number of device IDs online, and my primitive analysis of their verification codes indicates that these aren’t distributed equally. There is a noticeable affinity for certain prime numbers, so the algorithm behind them is likely a similar hack job as the other CS2 Network algorithms, throwing in mathematical operations and table lookups semi-randomly to make things look complicated. How long would this approach hold if somebody with actual cryptanalysis knowledge decided to figure this out?
Recommendations
So if you happen to own one of these cameras, what does all this mean to you? Even if you never disclosed the camera’s device ID yourself, you cannot rely on it staying a secret. And this means that whatever your camera is recording is no longer private.
Are you using it as a security camera? Your security camera might now inform potential thieves of the stuff that you have standing around and the times when you leave home. It will also let them know where exactly you live.
Are you using it to keep an eye on your child? Just… don’t. Even if you think that you yourself have a right to violate your child’s privacy, you really don’t want anybody else to watch.
And even if you “have nothing to hide”: somebody could compromise the camera in order to hack other devices on your network or to simply make it part of a botnet. Such things happened before, many times actually.
So the best solution is to dispose of this camera ASAP. Don’t sell it please because this only moves the problem to the next person. The main question is: how do you know that the camera you get instead will do better? I can only think of one indicator: if you want to access the camera from outside your network it should involve explicit setup steps, likely changing router configuration. The camera shouldn’t just expose itself to the internet automatically.
But if you actually paid hundreds of dollars for that camera and dumping it isn’t an option: running it in a safe manner is complicated. As I mentioned already, simply blocking internet access for the camera won’t work. This can be worked around but it’s complex enough to be not worth doing. You should be better off by installing a custom firmware. I haven’t tried it but at least this one looks like somebody actually thought about security.
Further reading
As far as I am aware, the first research on the PPPP protocol was published by Paul Marrapese in 2019. He found a number of vulnerabilities, including one brand of cameras shipping their algorithm to generate verification codes with their client application. Knowing this algorithm, device IDs could be enumerated easily. Paul used this flaw to display the locations of millions of affected devices. His DEF CON talk is linked from the website and well worth watching.
A paper from the Warwick University (2023) researched LookCam app specifically. In additions to some vulnerabilities I mentioned here it contains a number of details on how these cameras operate.
This Elastic Labs article (2024) took a close look at some other PPPP-based cameras, finding a number of issues.
The CS2 Network sales presentation (2016) offers a fascinating look into the thinking of PPPP protocol designers and into how their system was meant to work.
Welcome back to another edition of the Community Office Hours! This month, we’re taking a closer look at accessibility in the Thunderbird desktop and mobile apps. We’re chatting with Rebecca Taylor and Solange Valverde, members of our designer, about a recent accessibility (often shortened as a11y) study. We wanted to find out where Thunderbird was doing well, and where we could improve. Rebecca and Solange walk us through the study and answer our questions!
We’ll be back next month with the latest Community Office Hours! If you have a suggestion for a topic or team you’d love us to cover, please let us know in the comments!
August Office Hours: Thunderbird Accessibility Study
The Thunderbird Team wants to make desktop and mobile apps that maximizes everyone’s productivity and freedom. This means making Thunderbird accessible for all of our users, and the first step is finding where we can do better. Thanks to our relationship with Mozilla, our design team commissioned a study with Fable, who connects companies building inclusive products to experienced testers with disabilities. We asked participants to evaluate the Thunderbird desktop app using assistive tech, including screen readers, alternative navigation, and magnification. And we also asked a user on the cognitive spectrum to evaluate how our language, layouts, and reminders helped or hindered their use of the app.
Members of the design team then conducted 60 minute moderated interviews with study participants. In these talks, participants pointed out where they struggled with accessibility roadblocks, and what strategies they used to try and work through them.
Screen Reader Users
Screen readers convert on-screen text to either speech or Braille, and help blind or low-vision users navigate and access digital content. Our study participants, many of whom switch between multiple screen readers, let us know where Thunderbird falls short.
Some issues were common to all screen readers. Keyboard shortcuts didn’t follow common norms, and workflows in search and filter results made for a confusing experience. Thunderbird could benefit from a table view with ARIA, a W3C specification created to improve accessibility.
Other issues were specific to the individual screen reader programs. In Narrator, for example, expected confirmation for actions like moving messages was missing, and the screen reader didn’t recognize menu stage changes in submenus. In JAWS, meanwhile, message bodies were unreadable in email and compose windows with Braille display, and filter menus opened silently, not announcing the content or state to the user. Finally, with NVDA, users noted confusing structures and organization that lacked the structure and context they expected, as well as poor content prioritization.
Cognitive Usability
In a previous office hours, we talked about how we wanted to make Thunderbird more cognitively accessible with our work on the Message Context Menu. Cognition relates to how we think, learn, understand, remember, and pay attention, and clear language, regular layouts, and meaningful reminders all improve cognitive accessibility. Our cognitive accessibility tester expressed concerns about a lack of a quick, non-technical setup, imbalances in our whitespace, and unpredictable layout controls, among other issues.
Alternative Navigation and Magnification
Our alternative navigation users tested how well they could use Thunderbird with voice controls and eye tracking software. Our voice control testers found room for improvement with menu action labels, better autofocus shift when scrolling through emails, and a larger font size for more comfortable voice-driven use. Likewise, our eye tracking software tester found issues with font sizes. They also noted concerns with composition workflow and focus, too-small controls, and a drag-and-drop bug.
Our magnification tester found where we could improve visual contrast and pane layouts. They also found off-screen elements could steal focus from new messages, and that folder paths and hierarchies could use more clarification.
Conclusions and Next Steps
We’re incredibly grateful for the insights we learned from this study on the many aspects of accessibility we want to improve in all of our apps. We want to thank Mozilla for their helping us take the next step in accessibility research, and Fable for providing a fantastic platform for accessibility testing. We’re also so grateful to our study participants for all their time and sharing their perspectives, concerns, and insights.
This is far from the end of our accessibility journey. We’re looking forward to working what we learned in this study into deeper research and ultimately our desktop roadmap. We can’t wait to start accessibility research on our mobile apps. And we hope this study can help other open source projects start their own accessibility research to improve their projects.
One way you can get involved is to report accessibility bugs on the desktop app. Go to the Thunderbird section on Bugzilla, and under ‘Component’ select ‘Disability Access.’ Additionally, click ‘Show Advanced Fields’ and enter ‘access’ into the ‘Details > Keywords’ section. Add screenshots when possible. Be sure to describe the bug so others can try and reproduce the it for better troubleshooting.
If you want to learn more about our accessibility efforts, please join our User Experience mailing list! If you think you’re ready to get involved, please join our dedicated Matrix channel. We hope you help us make Thunderbird available, and accessible, everywhere!
For many years, Mozilla has continued to provide Firefox for 32-bit Linux systems long after most other browsers and operating systems ended support. We made this choice because we care deeply about keeping Firefox available to as many people as possible, helping our users extend the life of their hardware and reduce unnecessary obsolescence.
Today, however, 32-bit Linux (on x86) is no longer widely supported by the vast majority of Linux distributions, and maintaining Firefox on this platform has become increasingly difficult and unreliable. To focus our efforts on delivering the best and most modern Firefox, we are ending support for 32-bit x86 Linux with the release of Firefox 144 (or to rephrase, Firefox 145 will not have 32-bit Linux support).
If you are currently using Firefox on a 32-bit x86 Linux system, we strongly encourage you to move to a 64-bit operating system and install the 64-bit version of Firefox, which will continue to be supported and updated.
For users who cannot transition immediately, Firefox ESR 140 will remain available — including 32-bit builds — and will continue to receive security updates until at least September 2026.
[Updated on 2025-09-09 to clarify the affected builds are 32-bit x86]
Mozilla has continued to support Firefox on Windows 7, Windows 8, and Windows 8.1 long after these operating systems reached end of life, helping users extend the life of their devices and reduce unnecessary obsolescence. We originally announced that security updates for Firefox ESR 115 would end in September 2024, later extending that into 2025.
Today, we are extending support once again: Firefox ESR 115 will continue to receive security updates on Windows 7, 8, and 8.1 until March 2026. This extension gives users more time to transition while ensuring critical security protections remain available. We still strongly encourage upgrading to a supported operating system to access the latest Firefox features and maintain long-term stability.
Note that this extension is also applicable for macOS 10.12-10.14 users running Firefox ESR 115.
TL;DR: Rustls is the inaugural project of the Rust Innovation Lab, which is a new home for Rust projects under the Rust Foundation.
At the Rust Foundation's August meeting, the Project Directors and the rest of the Rust Foundation board voted to approve Rustls as the first project housed under the newly formed Rust Innovation Lab. Prior to the vote, the Project Directors consulted with the Leadership Council who confirmed the Project's support for this initiative.
The Rust Innovation Lab (RIL) is designed to provide support for funded Rust-based open source projects from the Rust Foundation in the form of governance, legal, networking, marketing, and administration, while keeping the technical direction solely in the hands of the current maintainers. As with the other work of the Rust Foundation (e.g. its many existing initiatives), the purpose of the RIL is to strengthen the Rust ecosystem generally.
The Foundation has been working behind the scenes to establish the Rust Innovation Lab, which includes setting up infrastructure under the Foundation to ensure smooth transition for Rustls into RIL. More details are available in the Foundation's announcement and on the Rust Innovation Lab's page.
We are all excited by the formation of the Rust Innovation Lab. The support this initiative will provide to Rustls (and, eventually, other important projects that are using Rust) will improve software security for the entire industry. The Rust Project is grateful for the support of the Rust Foundation corporate members who are making this initiative possible for the benefit of everyone.
More information on the criteria for projects wishing to become part of the RIL and the process for applying will be coming soon. The Project Directors and Leadership Council have been and will continue working with the Foundation to communicate information, questions, and feedback with the Rust community about the RIL as the details are worked out.
TL;DR: rustc will start using the LLD linker by default on the x86_64-unknown-linux-gnu target starting with the next stable release (1.90.0, scheduled for 2025-09-18), which should significantly reduce linking times. Test it out on beta now, and please report any encountered issues.
Some context
Linking time is often a big part of compilation time. When rustc needs to build a binary or a shared library, it will usually call the default linker installed on the system to do that (this can be changed on the command-line or by the target for which the code is compiled).
The linkers do an important job, with concerns about stability, backwards-compatibility and so on. For these and other reasons, on the most popular operating systems they usually are older programs, designed when computers only had a single core. So, they usually tend to be slow on a modern machine. For example, when building ripgrep 13 in debug mode on Linux, roughly half of the time is actually spent in the linker.
There are different linkers, however, and the usual advice to improve linking times is to use one of these newer and faster linkers, like LLVM's lld or Rui Ueyama's mold.
Some of Rust's wasm and aarch64 targets already use lld by default. When using rustup, rustc ships with a version of lld for this purpose. When CI builds LLVM to use in the compiler, it also builds the linker and packages it. It's referred to as rust-lld to avoid colliding with any lld already installed on the user's machine.
Since improvements to linking times are substantial, it would be a good default to use in the most popular targets. This has been discussed for a long time, for example in issues #39915 and #71515.
To expand our testing, we have enabled rustc to use rust-lld by default on nightly, in May 2024. No major issues have been reported since then.
We believe we've done all the internal testing that we could, on CI, crater, on our benchmarking infrastructure and on nightly, and plan to enable rust-lld to be the linker used by default on x86_64-unknown-linux-gnu for stable builds in 1.90.0.
Benefits
While this also enables the compiler to use more linker features in the future, the most immediate benefit is much improved linking times.
Here are more details from the ripgrep example mentioned above: for an incremental rebuild, linking is reduced 7x, resulting in a 40% reduction in end-to-end compilation times. For a from-scratch debug build, it is a 20% improvement.
Most binaries should see some improvements here, but it's especially significant with e.g. bigger binaries, or for incremental rebuilds, or when involving debuginfo. These usually see bottlenecks in the linker.
Here's a link to the complete results from our benchmarks.
Possible drawbacks
From our prior testing, we don't really expect issues to happen in practice. It is a drop-in replacement for the vast majority of cases, but lld is not bug-for-bug compatible with GNU ld.
In any case, using rust-lld can be disabled if any problem occurs: use the -C linker-features=-lld flag to revert to using the system's default linker.
Some crates somehow relying on these differences could need additional link args, though we also expect this to be quite rare. Let us know if you encounter problems, by opening an issue on GitHub.
Some of the big gains in performance come from parallelism, which could be undesirable in resource-constrained environments, or for heavy projects that are already reaching hardware limits.
Summary, and call for testing
rustc will use rust-lld on x86_64-unknown-linux-gnu, starting with the 1.90.0 stable release, for much improved linking times. Rust 1.90.0 will be released next month, on the 18th of September 2025.
This linker change is already available on the current beta (1.90.0-beta.6). To help everyone prepare for this landing on stable, please test your projects on beta and let us know if you encounter problems, by opening an issue on GitHub.
If that happens, you can revert to the default linker with the -C linker-features=-lld flag. Either by adding it to the usual RUSTFLAGS environment variable, or to a project's .cargo/config.toml configuration file,
like so:
This post explains how we accelerated inference by replacing the default onnxruntime‑web that powers Transformers.js with its native C++ counterpart that now lives inside Firefox.
Where we started
Transformers.js is the JavaScript counterpart to Hugging Face’s Python library. Under the hood it relies on onnxruntime‑web, a WebAssembly (WASM) build of ONNX Runtime.
A typical inference cycle:
Pre‑processing in JavaScript (tokenization, tensor shaping)
Model execution in WASM
Post‑processing back in JavaScript
Even with warm caches, that dance crosses multiple layers. The real hotspot is the matrix multiplications, implemented with generic SIMD when running on CPU.
Why plain WASM wasn’t enough
WASM SIMD is great, but it can’t beat hardware‑specific instructions such as NEON on Apple Silicon or AVX‑512 on modern Intel chips.
Firefox Translations (uses Bergamot) already proves that diving to native code speeds things up: it uses WASM built‑ins which are small hooks that let WASM call into C++ compiled with those intrinsics. The project, nicknamed gemmology, works brilliantly.
We tried porting that trick to ONNX, but the huge number of operators made a one‑by‑one rewrite unmaintainable. And each cold start still paid the JS/WASM warm‑up tax.
Switching to ONNX C++
Transformers.js talks to ONNX Runtime through a tiny surface. It creates a session, pushes a Tensor, and pulls a result. It makes it simple to swap the backend without touching feature code.
Our steps to achieve this were:
Vendor ONNX Runtime C++ directly into the Firefox tree.
Expose it to JavaScript via a thin WebIDL layer.
Wire Transformers.js to the new backend.
From the perspective of a feature like PDF alt‑text, nothing changed, it still calls await pipeline(…). Underneath, tensors now go straight to native code.
Integration of ONNX Runtime to the build system
Upstream ONNX runtime does not support all of our build configuration, and it’s a large amount of code. As a consequence we chose not to add it in-tree. Instead, a configuration flag can be used to provide a compiled version of the ONNX runtime. It is eventually automatically downloaded from Taskcluster (where we build it for a selection of supported configuration) or provided by downstream developers. This provides flexibility while not slowing down our usual build and requiring low maintenance.
Building ONNX on Taskcluster required some configuration changes and upstream patches. The goal was to find a balance between speed and binary size, while being compatible with native code requirements from the Firefox repo.
Most notably:
Building without exception and RTTI support required some patches upstream
Default build configuration is set to MinSizeRel, compilation uses LTO
The payoff
Because the native backend is a drop‑in replacement, we can enable it feature by feature and gather real‑world numbers. Early benchmarks shows from 2 to 10 × faster inference, with zero WASM warm‑up overhead.
For example, the Smart Tab Grouping topic suggestion, which can be laggy on first run, is now quite snappy, and this is the first feature we gradually moved to this backend for Firefox 142.
The image to text model used for PDF.js alt-text feature also benefited from this change. On the same hardware the latency went from from 3.5s to 350ms.
What’s next
We’re gradually rolling out this new backend to additional features throughout the summer, so all capabilities built on Transformers.js can take advantage of it.
And with the C++ API at hand, we’re planning to tackle a few long‑standing pain points, and enable GPU.
Those changes will ship in our vendored ONNX Runtime and offer us the best possible performance for Transformers.js-based features in our runtime in the future.
1. DequantizeLinear goes multi‑threaded
The DequantizeLinear operation is single‑threaded and often dominated inference time. While upstream work recently merged an improvement (PR #24818), we built a patch to spread the work across cores, letting the compiler auto‑vectorize the inner loops. The result is an almost linear speedup, especially on machines with many cores.
2. Matrix transposition goes multi-threaded
Similarly, it is typical to have to transpose very large (multiple dozen megabytes) matrices when performing an inference task. This operation was done naively with nested for loops. Switching to a multi-threaded cache-aware tiled transposition scheme, and leveraging SIMD allowed to take advantage of modern hardware and speed up this operation by a supra-linear factor, typically twice the number of threads allocated to this task, for example a 8x speedup using 4 threads.
This can be explained by the fact that the naive for loop was auto-vectorized, but otherwise did poor usage of CPU caches.
3. Caching the compiled graph
Before an inference can run, ONNX Runtime compiles the model graph for the current platform. On large models such as Qwen 2.5 0.5B this can cost up to five seconds every launch.
We can cache the compiled graph separately from the weights on the fly, shaving anywhere from a few milliseconds to the full five seconds.
4. Using GPUs
Currently, we’ve integrated only CPU-based providers. The next step is to support GPU-accelerated ONNX backends, which will require more effort. This is because GPU support demands additional sandboxing to safely and securely interact with the underlying hardware.
Conclusion
What is interesting about this migration is the fact that we could improve performance that much, while migrating features gradually, and all that in complete isolation, without having to change any feature code.
While the speed ups are already visible from a UX standpoint, we believe that a lot of improvement can and will happen in the future, further improving the efficiency of the ML-based features, and making them more accessible to a wider audience.
Have ideas, questions or bug reports? Ping us on Discord in the firefox-ai channel (https://discord.gg/TBZXDKnz) or file an issue on Bugzilla, we’re all ears.
We’re back with another exciting Monthly Release recap! Thunderbird 142.0 brings a host of user-requested features and important bug fixes that make your email experience smoother and more reliable. From better folder management to smarter PDF handling, this release focuses on the details that matter most to your daily workflow.
A quick reminder – these updates are for users on our monthly Thunderbird Release channel. For our users still on the ESR (Extended Standard Release) channel, these updates won’t land until next July 2026. For more information on the differences between the channels and how to make the switch:
Ever tweaked your folder order and wished you could start fresh? We hear you! Thunderbird 142 introduces a simple way to reset your folder sorting back to defaults.
Benefits:
The new Reset Folder Order option lets users right‑click an account in the Folder Pane to instantly clear any custom sorting.
Provides a quick clean slate and avoids manually dragging folders back to default positions.
Note: This feature resets sorting order but doesn’t restore folders that were moved inside different parent folders.
Thunderbird now lets you add visual signatures to PDF attachments opened inside the app. This update brings Thunderbird in line with modern PDF functionality, making it easier to handle contracts, forms, and other documents without leaving your inbox.
Benefits:
Add a handwritten-style visual signature directly in Thunderbird.
No need for external tools to sign simple PDF documents.
Keeps everyday document handling faster and more convenient.
New add-on API support for OAuth client registration now allows developers and organizations to add custom OAuth providers at runtime. Instead of requiring changes in Thunderbird’s core code, an add-on can handle the setup.
Benefits:
Supports custom OAuth providers through add-ons.
Works with enterprise policies for organizational deployments.
Simplifies integration with unique authentication systems.
Your focus time is sacred, and Thunderbird now honors that across all operating systems.
Benefits:
Native OS notifications now respect the “Do Not Disturb” setting of every operating system, including blocking calendar reminders and chat notification sounds.
Delivers protected focus time and consistent behavior with other applications.
Reading flow is now smoother when switching between light and dark message modes. An issue was reported where toggling the setting in the message header would reset your scroll position and pull focus away from the message body.
Benefits:
Keep your scroll position in the message when switching between light and dark mode so you can continue reading without interruption.
Retain focus on the message body for easier keyboard navigation.
Reduce extra clicks and scrolling, making reading more seamless.
Unwanted scrolling of the message list that happened when returning to the Mail tab after opening a message is now a thing of the past. Instead of jumping to the top and slowly scrolling back down, the list now stays put.
Benefits:
Keep your place in the message list when switching tabs.
Thunderbird now correctly reloads PDF attachments that were left open in tabs when you restart the app. Previously, these tabs would fail to open and display an error, forcing you to reload them manually.
Benefits:
Open PDF attachments are restored automatically on startup.
texImage3D() method on WebGL2RenderingContext (@wusyong, #37718)
convertToBlob() and transferToImageBitmap() methods on OffscreenCanvas (@tharkum, #37786, #37880)
adoptedStyleSheets property on Document and ShadowRoot, with --pref dom_adoptedstylesheet_enabled (@stevennovaryo, #38163)
ImageBitmap no longer requires --enable-experimental-web-platform-features (@tharkum, #38050)
Notable changes for Servo library consumers:
Stylo 0.6.0 was released, fixing build errors caused by an undeclared dependency on markupsafe (@nicoburns, @delan, stylo#215, stylo#218).
To work around this in Stylo 0.5.0, install the dependency: pip install markupsafe
Like many browsers, Servo has two kinds of zoom: page zoom affects the size of the viewport, while pinch zoom does not (@shubhamg13, #38194).
Page zoom now correctly triggers reflow (@mrobinson, #38166), and pinch zoom is now reset to the viewport meta config when navigating (@shubhamg13, #37315).
sessionStorage is now isolated between webviews, and copied to new webviews with the same opener (@janvarga, #37803).
Browser changes
servoshell now has a .desktop file and window name, so you can now pin it to your taskbar on Linux (@MichaelMcDonnell, #38038).
We’ve made it more ergonomic too, fixing both the sluggish mouse wheel and pixel-perfect trackpad scrolling and the too fast arrow key scrolling (@yezhizhen, #37982).
You can now focus the location bar with Alt+D in addition to Ctrl+L on non-macOS platforms (@MichaelMcDonnell, #37794), and clicking the location bar now selects the contents (@MichaelMcDonnell, #37839).
<canvas> is key to programmable graphics on the web, with Servo supporting WebGPU, WebGL, and 2D canvas contexts.
But the general-purpose 2D graphics routines that power Servo’s 2D canvases are potentially useful for a lot more than <canvas>: font rendering is bread and butter for Servo, but SVG rendering is only minimally supported right now, and PDF output is not yet implemented at all.
Those features have one thing in common: they require things that WebRender can’t yet do.
WebRender does one thing and does it well: rasterise the layouts of the web, really fast, by using the GPU as much as possible.
Font rendering and SVG rendering both involve rasterising arbitrary paths, which currently has to be done outside WebRender, and PDF output is out of scope entirely.
The more code we can share between these tasks, the better we can make that code, and the smaller we can make Servo’s binary sizes (#38022).
We’ve started by moving 2D-<canvas>-specific state out of the canvas crate (@sagudev, #38098, #38114, #38164, #38214), which has in turn allowed us to modernise it with new backends based on Vello (@EnnuiL, @sagudev, #30636, #38345):
a Vello GPU-based backend (@sagudev, #36821), currently slower than the default backend; to use it, build Servo with --features vello and enable it with --pref dom_canvas_vello_enabled
a Vello CPU-based backend (@sagudev, #38282), already faster than the default backend; to use it, build Servo with --features vello_cpu and enable it with --pref dom_canvas_vello_cpu_enabled
What is a pixel?
Many recent Servo bugs have been related to our handling of viewport, window, and screen coordinate spaces (#36817, #37804, #37824, #37878, #37978, #38089, #38090, #38093, #38255).
Symptoms of these bugs include bad hit testing (e.g. links that can’t be clicked), inability to scroll to the end of the page, or graphical glitches like disappearing browser UI or black bars.
Windows rarely take up the whole screen, viewports rarely take up the whole window due to window decorations, and when different units come into play, like CSS px vs device pixels, a more systematic approach is needed.
We built euclid to solve these problems in a strongly typed way within Servo, but beyond the viewport, we need to convert between euclid types and the geometry types provided by the embedder, the toolkit, the platform, or WebDriver, which creates opportunities for errors.
Thanks again for your generous support!
We are now receiving 4691 USD/month (+5.0% over June) in recurring donations.
This helps cover the cost of our self-hostedCIrunners and one of our latest Outreachy interns!
Servo is also on thanks.dev, and already 22 GitHub users (−3 from June) that depend on Servo are sponsoring us there.
If you use Servo libraries like url, html5ever, selectors, or cssparser, signing up for thanks.dev could be a good way for you (or your employer) to give back to the community.
4691 USD/month
10000
As always, use of these funds will be decided transparently in the Technical Steering Committee.
For more details, head to our Sponsorship page.
In April of this year we announced Thunderbird Pro, additional subscription services from Thunderbird meant to help you get more done with the app you already use and love. These services include a first ever email service from Thunderbird, called Thundermail. They also include Appointment, for scheduling meetings and appointments and Send, an end-to-end encrypted filesharing tool. Each of these services are open source, repositories are linked down below.
Thunderbird Pro services are being built as part of the broader Thunderbird product ecosystem. These services are enhancements to the current Thunderbird application experience. They are optional, designed to enhance productivity for users who need features like scheduling, file sharing and email hosting, without relying on the alternate platforms. For users who opt in, the goal is for these services to be smoothly integrated into the Thunderbird app, providing a natural extension of the familiar experience they already enjoy, enhanced with additional capabilities they may be looking for. For updates on Thunderbird Pro development and beta access availability, sign up for the mailing list at thundermail.com.
Progress So Far
Thundermail
Development has been moving steadily forward and community interest in Thundermail has been strong. The upcoming email hosting service from Thunderbird will support IMAP, SMTP and JMAP out of the box, making it compatible with the Thunderbird app and many other email clients. If you have your own domain, you’ll be able to bring it in and host it with us. Alternatively, grab an email address provided by Thunderbird with your choice of @thundermail.com or @tb.pro as the domains. The servers hosting Thundermail will initially be located in Germany with more countries to follow in the future. Thunderbird’s investment in offering an email service reflects our broader goal of strengthening support for open standards and giving users the option to keep their entire email experience within Thunderbird.
We originally developed the scheduling tool as a standalone web app. On the current roadmap, however, we’re tightly integrating Appointment into the Thunderbird app through the compose window, allowing users to insert scheduling links without leaving the email workflow. It will be easy for organizations and individuals to self-host, fork and adapt the tool to their own needs. The future is for Appointment to support multiple meeting types, like Zoom calls, phone meetings, or in-person coffee chats. Each of these will have its own settings and scheduling rules.
One of the most requested future features is group scheduling, which would allow multiple team members to offer shared availability via a single link. The current calendar protocols don’t fully support this flow, however Thunderbird is participating in discussions around open standards like VPOLL to help move things forward. Usability studies are helping refine the MVP and community feedback is shaping the roadmap.
A secure, end-to-end encrypted file sharing tool, built on Thunderbird app’s existing Filelink feature. It supports large file transfers directly from the email client. This allows users to bypass platforms like Google Drive or OneDrive. Pro users will receive 500 GB of storage to start, with no individual file size limit, only constrained by their total quota. We’re planning support for chunked uploads and encryption to ensure reliability and data protection. We’ll deliver Send as a system add-on which lets the team push updates faster. This also avoids locking new capabilities behind major Thunderbird release cycles.
All Thunderbird Pro tools are open source and self-hostable. For users who prefer to run their own infrastructure or work in regulated environments, both Send and Appointment can be deployed independently. Thunderbird will continue to support these users with documentation and open APIs.
A Look Ahead
Thunderbird is exploring additional Pro features beyond the current lineup. While we’ve made no commitments yet, there is strong interest in adding markdown based Notes functionality, especially as lightweight personal knowledge management becomes more popular. Heavier lifts like collaborative docs or spreadsheets may follow, depending on adoption and sustainability.
Another worthy mention: a fourth, previously announced service called Assist, which will eventually enable users to take advantage of AI features in their day-to-day email tasks, is still in the research and development phase. It will not be part of the initial lineup of services. This initiative is a bigger undertaking as we ensure we get it right for user privacy and make sure the features included are actually things our users want. More to come on this as the project progresses.
To improve transparency and invite community collaboration, Thunderbird is also preparing a public roadmap covering desktop, mobile and Pro services. We’re developing the roadmap in collaboration with the Thunderbird Council. Our goal is to encourage participation from contributors and users alike.
Free vs Paid
Adding these additional subscription services will never compromise the features, stability or functionality our users are accustomed to in the free Thunderbird desktop and mobile applications. These services come with real costs, especially storage and bandwidth. Charging for them helps ensure that users who benefit from these tools help cover their cost, instead of donors footing the bill.
Thunderbird Pro is a completely optional suite of (open source) services designed to provide additional productivity capabilities to the Thunderbird app and never to replace them. The current Thunderbird desktop and mobile applications are, and always will be, free. They will still heavily rely on ongoing donations for both development and independence.
If you haven’t already, join our waiting list to be one of the early beta testers for Thunderbird Pro. While we don’t have a specific timeline just yet, we will be sharing ongoing updates as development progresses.
—
Ryan Sipes Managing Director, Product Mozilla Thunderbird
Firefox is now the first and the only browser to deploy fast and comprehensive certificate revocation checking that does not reveal your browsing activity to anyone (not even to Mozilla).
Tens of millions of TLS server certificates are issued each day to secure communications between browsers and websites. These certificates are the cornerstones of ubiquitous encryption and a key part of our vision for the web. While a certificate can be valid for up to 398 days, it can also be revoked at any point in its lifetime. A revoked certificate poses a serious security risk and should not be trusted to authenticate a server.
Identifying a revoked certificate is difficult because information needs to flow from the certificate’s issuer out to each browser. There are basically two ways to handle this. The browser either needs to ask an authority in real time about each certificate that it encounters, or it needs to maintain a frequently-updated list of revoked certificates. Firefox’s new mechanism, CRLite, has made the latter strategy feasible for the first time.
With CRLite, Firefox periodically downloads a compact encoding of the set of all revoked certificates that appear in Certificate Transparency logs. Firefox stores this encoding locally, updates it every 12 hours, and queries it privately every time a new TLS connection is created.
You may have heard that revocation is broken or that revocation doesn’t work. For a long time, the web was stuck with bad tradeoffs between security, privacy, and reliability in this space. That’s no longer the case. We enabled CRLite for all Firefox desktop (Windows, Linux, MacOS) users starting in Firefox 137, and we have seen that it makes revocation checking functional, reliable, and performant. We are hopeful that we can replicate our success in other, more constrained, environments as well.
Better privacy and performance
Prior to version 137, Firefox used the Online Certificate Status Protocol (OCSP) to ask authorities about revocation statuses in real time. Certificate authorities are no longer required to support OCSP, and some major certificate authorities have already announced their intention to wind down their OCSP services. There are several reasons for this, but the foremost is that OCSP is a privacy leak. When a user asks an OCSP server about a certificate, they reveal to the server that they intend to visit a certain domain. Since OCSP requests are typically made over unencrypted HTTP, this information is also leaked to all on-path observers.
Having gained confidence in the robustness, accuracy and performance of our CRLite implementation, we will be disabling OCSP for domain validated certificates in Firefox 142. Sealing the OCSP privacy leak complements our ongoing efforts to encrypt everything on the internet by rolling out HTTPS-First, DNS over HTTPS, and Encrypted Client Hello.
Disabling OCSP also has performance benefits: we have found that OCSP requests block the TLS handshake for 100 ms at the median. As we rolled out CRLite, we saw notable improvements in TLS handshake times.
Bandwidth requirements of CRLite
Users with CRLite download an average of 300 kB of revocation data per day: a 4 MB snapshot every 45 days and a sequence of “delta updates” in-between. (The exact sizes of snapshots and delta updates fluctuate day by day. You can explore the real data on our dashboard.)
To get a sense for how compact CRLite artifacts are, let’s compare them with Certificate Revocation Lists (CRLs). A CRL is a list of serial numbers that each identify a revoked certificate from a single issuer. Certificate authorities in Mozilla’s root store have disclosed approximately three thousand active CRLs to the Common CA Database. In total, these three thousand CRLs are 300 MB in size, and the only way to keep a copy of them up-to-date is to redownload them regularly. CRLite encodes the same dynamic set of revoked certificates in 300 kB per day. In other words, CRLite is onethousand times more bandwidth-efficient than daily CRL downloads.
Of course, no browser is performing daily downloads of all CRLs. For a more meaningful comparison, we can consider Chrome’s CRLSets. These are hand-picked sets of revocations that are delivered to Chrome users daily. Recent CRLSets weigh in at 600 kB and include about 1% of all revocations (thirty-five thousand of the four million total). Firefox’s CRLite implementation uses half the bandwidth, updates twice as frequently, and includes all revocations.
Including all revocations is essential for security as there is no reliable way today to distinguish security-critical revocations from administrative revocations. Roughly half of all revocations are made without a specified reason code, and some of these revocations are likely due to security concerns that the certificate’s owner did not wish to highlight. When reason codes are used, they are often used in an ambiguous way that does not clearly map to security risk. In this environment, the only secure approach is to check all revocations, which is now possible with CRLite.
State-of-the-art blocklist technology
You may recall a seriesofblogposts on our experiments with CRLite back in 2020. We followed these experiments with successful deployments to Nightly, Beta, and 1% of Release users. But the bandwidth requirements for this early CRLite design turned out to be prohibitive.
We solved our bandwidth issue by developing a novel data structure—the “Clubcard” set membership test. Where the original CRLite design used a “multi-level cascades of Bloom filters”, Clubcard-based CRLite uses a “partitioned two-level cascade of Ribbon filters”. The “two-level cascade” idea was presented by Mike Hamburg at RWC 2022, and “partitioning” is an innovation of our own that we presented in a paper at IEEE S&P 2025 and a talk at RWC 2025.
Future improvements
We are working on making CRLite even more bandwidth efficient. We are developing new Clubcard partitioning strategies that will compress mass revocation events more efficiently. We are also integrating support for the HTTP compression dictionary transport, which will further compress delta updates. And we have successfully advocated for shorter certificate validity periods, which will reduce the number of CRLite artifacts that need to encode any given revocation. With these enhancements, we expect the bandwidth requirements of CRLite to trend down over the coming years, even as the TLS ecosystem itself continues to grow.
Our Clubcard blocklist library, our instantiation of Clubcards for CRLite, and our CRLite backend are freely available for anyone to use. We hope that our success in building fast, private, and comprehensive revocation checking for Firefox will encourage other software vendors to adopt this technology.
WebDriver is a remote control interface that enables introspection and control of user agents.As such itcanhelp developers to verify that their websites are working and performing well with all major browsers. The protocol is standardized by the W3C and consists of two separate specifications: WebDriver classic (HTTP) and the new WebDriver BiDi (Bi-Directional).This newsletter gives an overview of the work we’ve done as part of the Firefox 142 release cycle.
Contributions
Firefox is an open source project, and we are always happy to receive external code contributions to our WebDriver implementation. We want to give special thanks to everyone who filed issues, bugs and submitted patches.
Updated: the expiry value of the cookies set via WebDriver BiDi and WebDriver classic (Marionette)
The expiry value of all the cookies set via WebDriver BiDi and WebDriver classic (Marionette) is limited now to 400 days.
WebDriver BiDi
New: emulation.setLocaleOverride command
Implemented the new emulation.setLocaleOverride command which allows clients to override a locale in JavaScript APIs. As all the other emulation commands, the locale override can be applied to the list of browsing contexts or user contexts IDs.
Updated: the session.end command to resume the blocked requests
In Rust 1.90.0, the target x86_64-apple-darwin will be demoted to Tier 2 with host tools.
The standard library and the compiler will continue to be built and distributed,
but automated tests of these components are no longer guaranteed to be run.
Background
Rust has supported macOS for a long time,
with some amount of support dating back to Rust 0.1 and likely before that.
During that time period,
Apple has changed CPU architectures from x86 to x86_64 and now to Apple silicon,
ultimately announcing the end of support for the x86_64 architecture.
Similarly,
GitHub has announced that they will no longer provide free macOS x86_64 runners for public repositories.
The Rust Project uses these runners to execute automated tests for the x86_64-apple-darwin target.
Since the target tier policy requires that Tier 1 platforms must run tests in CI,
the x86_64-apple-darwin target must be demoted to Tier 2.
What changes?
Starting with Rust 1.90.0, x86_64-apple-darwin will be Tier 2 with host tools.
For users,
nothing will change immediately;
builds of both the standard library and the compiler will still be distributed by the Rust Project for use via rustup or alternative installation methods.
Over time,
this target will likely accumulate bugs faster due to reduced testing.
Future
If the x86_64-apple-darwin target causes concrete problems,
it may be demoted further.
No plans for further demotion have been made yet.
For more details on the motivation of the demotion, see RFC 3841.
At Firefox, we deeply value the incredible contributions of our add-ons developer community. Your creativity and innovation are instrumental in making Firefox a more personalized and powerful browsing experience for millions of users worldwide.
Today, we’re thrilled to announce a new program designed to recognize and celebrate the developers who have made an outstanding impact on our ecosystem: the Firefox Extension Developer Awards Program!
Extensions play a vital role in enhancing the Firefox user experience. Almost 40% of Firefox users have installed at least one add-on, making it clear that our thriving ecosystem, supported by 10,000 active developers, is an essential component of the Firefox experience. While all developers contribute to the diversity and depth of the ecosystem, there are a number of popular extensions responsible for significant positive impact. This program aims to acknowledge and reward these developers for their significant contributions.
The Awards: A Token of Our Appreciation
Inspired by programs like YouTube’s creator awards, we’ve partnered with Aparat Design, to create a unique Mozilla inspired trophy for eligible award recipients.The award will be engraved with the name of the extension and finished with a different color based on the milestone it has achieved. This is a unique and exclusive opportunity available only to Firefox extension developers.
Milestone Tier
Average Daily Active Users
Platinum
Over 10 million
Gold
Over 5 million
Silver
Over 1 million
Bronze
Over 500,000
How the program works
All Firefox extensions listed on AMO (addons.mozilla.org) are eligible for an award, so long as requisite user thresholds are reached and the content is compliant with Add-on Policies.
Each quarter, our team will identify new extensions that meet the award criteria and maintain a good standing with Firefox.
We’re incredibly excited about the Firefox Extension Developer Awards Program and look forward to celebrating your achievements! Stay tuned to this very blog for the announcement of our inaugural round of award recipients.
Across the internet, users rely on browsers and extensions to shape how they experience the web: to protect their privacy, improve accessibility, block harmful or intrusive content, and take control over what they see. But a recent ruling from Germany’s Federal Supreme Court risks turning one of these essential tools, the ad blocker, into a copyright liability — and in doing so, threatens the broader principle of user choice online.
Imagine you are watching television and you go to the kitchen for a snack during an ad break. Or you press the fast-forward button to skip some ads while listening to a podcast. Or perhaps you get a newspaper delivered to your house, and you see that it includes a special section made up of hallucinated AI content, so you drop the inset into the trash before taking the rest of the paper inside. Were these acts of copyright infringement? Of course not. But if you do something like this with a browser extension, a recent decision from the German Federal Supreme Court suggests that maybe you did infringe copyright. This misguided logic risks user freedom, privacy, and security.
There are many reasons, in addition to ad blocking, that users might want their browser or a browser extension to alter a webpage. These include changes to improveaccessibility, to evaluate accessibility, or to protectprivacy. Indeed, the risks of browsing range from phishing, to malicious code execution, to invasive tracking, to fingerprinting, to more mundane harms like inefficient website elements that waste processing resources. Users should be equipped with browsers and browser extensions that give them both protection and choice in the face of these risks. A browser that inflexibly ran any code served to the user would be an extraordinarily dangerous piece of software. Ad blockers are just one piece of this puzzle, but they are an important way that users can customize their experience and lower risks to their security and privacy.
The recent court ruling is the latest development in a legal battle between publisher Axel Springer and Eyeo (the maker of Adblock Plus) that has been winding its way around the German legal system for more than a decade. The litigation has included both competition and copyright claims. Until now Eyeo has largely prevailed and the legality of ad blockers has been upheld. Most significantly, in 2022, the Hamburg appeal court ruled that Adblock Plus did not infringe the copyright of websites but rather was merely facilitating a choice by users about how they wished their browser to render the page.
Unfortunately, on July 31, the German Federal Supreme Court partially overturned the decision of the Hamburg court and remanded the case for further proceedings. The BGH (as the Federal Supreme Court is known) called for a new hearing so that the Hamburg court can provide more detail regarding which part of the website (such as bytecode or object code) is altered by ad blockers, whether this code is protected by copyright, and under what conditions the interference might be justified.
The full impact of this latest development is still unclear. The BGH will issue a more detailed written ruling explaining its decision. Meanwhile, the case has now returned to the lower court for additional fact-finding. It could be a couple more years until we have a clear answer. We hope that the courts ultimately reach the same sensible conclusion and allow users to install ad blockers.
We sincerely hope that Germany does not become the second jurisdiction (after China) to ban ad blockers. This will significantly limit users’ ability to control their online environment and potentially open the door to similar restrictions elsewhere. Such a precedent could embolden legal challenges against other extensions that protect privacy, enhance accessibility, or improve security. Over time, this could deter innovation in these areas, pressure browser vendors to limit extension functionality, and shift the internet away from its open, user-driven nature toward one with reduced flexibility, innovation, and control for users.
Hello again from the Thunderbird development team! As the northern hemisphere rolls into late summer and the last of the vacation photos trickle into our chat channels, the team is balancing maintenance sprints with ongoing feature-related projects. Whether you’re basking in the sun or bundled up for a southern winter, we’ve got plenty to share about what’s been happening behind the scenes, and what’s coming next.
Exchange support
It’s been a whirlwind of progress since our last update and with the expanded team collaborating regularly. It has felt like we’ve hit our stride and the finish line is in sight. Driven by a dramatic increase in automated test coverage, the team has been able to detect gaps and edge cases to help improve many areas of the existing code, and close out a good number of bugs.
As we ready the feature set for wider release, we’ve taken the opportunity to revisit the backlog and feel confident enough with our pace to prioritize a few features and address them sooner than originally planned.
The July roadmap worked out very well, with our planned features landing and a number of bonus items also complete:
Automated test coverage
Message filtering
Setting as Junk/Not Junk
Remote content display/blocking
Callback modernization/simplification
Propagation of certificate and connection errors
Archiving
Saving Drafts
Back-off handling
Items we’ve prioritized for the next few weeks are:
A few users have reported issues following end user adoption of this feature, so we’re addressing these while finalizing Account Hub for Address Book items, such as LDAP configuration. The team is also planning the implementation of telemetry which will help us determine areas for improvement in this important part of the application.
Global Message Database [Panorama]
The team has been focused on Exchange implementation and larger scale refactoring which isn’t directly tied to this project, so no updates to note here. The next time I write will be during a work week that has been dedicated to “Conversation View”, which is one of the key drivers for our database overhaul. Stay tuned for updates and decisions coming out of that collaboration.
To follow their progress, take a look at the meta bug dependency tree. The team also maintains documentation in Sourcedocs which are visible here.
Maintenance, Recent Features and Fixes
August is set aside as a focus for maintenance, with half our team dedicated to inglorious yet important items from our roadmap. In addition to these items, we’ve had help from the development community to deliver a variety of improvements over the past month:
If you would like to see new features as they land, and help us squash some early bugs, you can try running daily and check the pushlog to see what has recently landed. This assistance is immensely helpful for catching problems early.
YouTube wants you to experience YouTube in very prescribed ways. But with the right browser extension, you’re free to alter YouTube to taste. Change the way the site looks, behaves, and delivers your favorite videos.
Return YouTube Dislike
Do you like the Dislike? YouTube removed the display that revealed the number of thumbs-down Dislikes a video has, but with Return YouTube Dislike you can bring back the brutal truth.
“Does exactly what the name suggests. Can’t see myself without this extension. Seriously, bad move on YouTube for removing such a vital tool.”
Though its primary function is to automatically play all YouTube videos in their highest possible resolution, YouTube High Definition has a few other fine features to offer.
In addition to automatic HD, YouTube High Definition can…
Customize video player size
HD support for clips embedded on external sites
Specify your ideal resolution (4k – 144p)
Set a preferred volume level
Also automatically plays the highest quality audio
YouTube NonStop
So simple. So awesome. YouTube NonStop remedies the headache of interrupting your music with that awful “Video paused. Continue watching?” message.
Works on YouTube and YouTube Music. You’re now free to navigate away from your YouTube tab for as long as you like and not fret that the rock will stop rolling.
Instant serenity for YouTube! Unhook lets you strip away unwanted distractions like the promotional sidebar, endscreen suggestions, trending tab, and much more.
More than two dozen customization options make this an essential extension for anyone seeking escape from YouTube rabbit holes. You can even hide notifications and live chat boxes.
“This is the best extension to control YouTube usage, and not let YouTube control you.”
If you subscribe to a lot of YouTube channels PocketTube is a fantastic way to organize all your subscriptions by themed collections.
Group your channel collections by subject, like “Sports,” “Cooking,” “Cat videos” or whatever. Other key features include…
Add custom icons to easily identify your channel collections
Customize your feed so you just see videos you haven’t watched yet, prioritize videos from certain channels, plus other content settings
Integrates seamlessly with YouTube homepage
Sync collections across Firefox/Android/iOS using Google Drive and Chrome Profiler
<figcaption class="wp-element-caption">PocketTube keeps your channel collections neatly tucked away to the side. </figcaption>
AdBlocker for YouTube
It’s not just you who’s noticed a lot more ads lately. Regain control with AdBlocker for YouTube.
The extension very simply and effectively removes both video and display ads from YouTube. Period. Enjoy a faster, more focused YouTube.
SponsorBlock
It’s a terrible experience when you’re enjoying a video or music on YouTube and you’re suddenly interrupted by a blaring ad. SponsorBlock solves this problem in a highly effective and original way.
Leveraging the power of crowd sourced information to locate where—precisely— interruptive sponsored segments appear in videos, SponsorBlock learns where to automatically skip sponsored segments with its ever growing database of videos. You can also participate in the project by reporting sponsored segments whenever you encounter them (it’s easy to report right there on the video page with the extension).
SponsorBlock can also learn to skip non-music portions of music videos and intros/outros, as well. If you’d like a deeper dive of SponsorBlock we profiled its developer and open source project on Mozilla Distilled.
We hope one of these extensions enhances the way you enjoy YouTube. Feel free to explore more great media extensions on addons.mozilla.org.
Saturday, August 2, marked the first anniversary of the entry into force of the EU AI Act, the EU’s contested landmark legislation putting in place rules for AI sold and deployed on its internal market. With a staggered timeline for when different rules take effect, Mozilla continues its work to ensure that the law’s implementation is a success.
Beginning last week, the AI Act imposes new obligations for the developers of so-called “general-purpose AI models” (GPAI), that is, large AI models like OpenAI’s GPT, Google’s Gemini, or xAI’s Grok models (often also refered to as “foundation models”). Mozilla has long advocated for such rules to be included in the AI Act to ensure that large AI labs must play their part in making the technology they develop safer and more transparent and that due diligence obligations are not entirely passed down the value chain to smaller developers and deployers. These new rules include new transparency and disclosure mandates as well as obligations relating to GPAI developers safety and security practices.
To mark the occasion, Mozilla, in partnership with Hugging Face and Linux Foundation, published a guide for open-source AI developers aiming to help them navigate these rules. Amongst other questions, the guide explains what exactly constitutes a GPAI model or a “GPAI model with systemic risk”, what obligations developers need to meet, and when they might benefit from the AI Act’s exemptions for open-source AI. It builds on and synthesizes the recently adopted Code of Practice for GPAI developers as well as the European Commission’ newly published GPAI guidelines. The guide also includes an interactive flowchart meant to help developers on their AI Act “user journey”. This builds on Mozilla’s long-standing work advocating for better conditions for open-source AI development, including our advocacy to ensure that open-source developers receive proportionate treatment under the AI Act.
In addition, in late July, the European Commission also published a template for the “sufficiently detailed summary” that GPAI developers are now mandated to publish about the data used to train their AI models. While the template falls short of expectations in many respects, it does in parts mirror recommendations made by Mozilla building onour workin partnership with Open Future over the past year.
With additional rules taking effect over the course of the coming years and the European Commission building up its capacity to enforce them, work on the AI Act is not over — it is entering a new phase. Amid discussions of regulatory simplification, a potential revision of the AI Act in the context of the EU’s omnibus, and calls to “stop the clock” on enforcing the AI Act, Mozilla will continue its work to help make the AI Act’s implementation a success. This is grounded in our conviction that good regulation and innovation aren’t inherently contradictory, but rather complements when it comes to steering innovation in a direction that is beneficial to all.
Ars Technica mentioned that in macOS Tahoe the venerable old hard disk icons will be replaced with new, more generic, relatively less interesting equivalents. This process also apparently happens with Apple CEOs from time to time. If you are on Sequoia and want to keep them for posterity, you can get them out of /System/Library/Extensions/IOStorageFamily.kext/Contents/Resources. I'm still impressed to this day that someone not only took the time to write actually plausible text copy for the label, but also gave it Torx screws. Get out your T8 MacCracker for this drive:
This isn't the only echo of Macs past in the operating system. The Spacebar also noticed that Apple Symbols still has many old, nay, "obsolete" icons that are only of use to people who still use web browsers on Power Macs.
That's not the half of it, though. There's a bunch more in that file than the ones he spotted. Here's what I saw; perhaps you can find more.
In order: PowerPC logo, composite video out and in, S-video out and in (such as seen on some later PowerBooks), modem port, combined modem/printer port (like on the Duo 2300), printer port, SCSI, Ethernet (also AAUI), three glyphs for Apple Desktop Bus (ADB) ports, a server, rainbow outline Apple, Balloon Help (from System 7), Apple Guide (7.5), 5.25" floppy (I guess mostly for the Apple II folks), two Newton lightbulbs, Newton undo, Newton extras, Newton dates, Newton names, high-density 3.5" disk icon, a confused Compact Mac (possibly to evoke the flashing question mark when it can't find a bootable volume), classic QuickTime logo, busy watch, Apple Pro Speakers port (such as on the iMac G4 or the MDD G4), FireWire, programmer's key icon, and two versions of the reset icon, though these three do have Unicode equivalents or you can also use regular geometric shapes, and sometimes those faced the other way.
(A note on most of these characters is that they don't actually map to any defined Unicode code point; they are unconnected glyphs. Font Book will show them but you can't really copy them anywhere. A tool like Ultra Character Map will let you at least grab a graphical representation and paste it somewhere, as I have done here.)
But that's not all! Feast your eyes on what's still in /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources!
What's particularly impressive is the multiple sizes for systems with differently sized screens as options. These are taken from the 1024x1024 144dpi retina versions in Sequoia.
eMac,
iBook G4 12" and 14",
iMac G4 15" (my favourite because it doesn't wear out the arm), 17" and 20",
iMac G5 (recognizeable because no iSight) 17" and 20",
iPhone 2G and 3G (notice the subtly different chrome),
Titanium PowerBook G4,
Alumin(i)um PowerBook G4 12", 15" and 17" (with all-region DVD drive firmware it's the best portable DVD player you can get),
"Graphite" Power Macintosh G4 (doesn't say if it's a Yikes!, Sawtooth or Gigabit Ethernet),
"Quicksilver" Power Macintosh G4,
"Mirrored Drive Doors" Power Macintosh G4, which looks nearly the same,
Xserve G4,
early Mac mini (we'll call it a G4, since we can't see the back), [A commenter pointed out this must be an early Intel mini because of the small black aperture for the IR receiver. Good spot!]
and who let this thing in?
Why are all these things still in the macOS? My guess, modulo the Blue Screen PC, is trademark purposes.[A number of people have suggested for network serves; some servers will identify themselves as specific computers, which will pick up an icon in this group, and of course the Windows PC for this purpose is well-known. Fine, except that this archive isn't comprehensive for all the possible Mac models that could have participated as a network share point: no G3s, for example, and no Power Mac G5.] These all were used as Apple-specific labeling and could be considered as part of their trade dress, and having these legacy items still in the macOS probably serves some legal purpose if someone were to try to rip off their old IP. It can't be for nostalgia purposes or we'd still be able to run Carbon PowerPC apps on Tahoe like you can still run most Win32 applications on Windows 11. And Apple just doesn't do nostalgia — except in their ads.
The Rust team is happy to announce a new version of Rust, 1.89.0. Rust is a programming language empowering everyone to build reliable and efficient software.
If you have a previous version of Rust installed via rustup, you can get 1.89.0 with:
If you'd like to help us out by testing future releases, you might consider updating locally to use the beta channel (rustup default beta) or the nightly channel (rustup default nightly). Please report any bugs you might come across!
What's in 1.89.0 stable
Explicitly inferred arguments to const generics
Rust now supports _ as an argument to const generic parameters, inferring the value from surrounding context:
Similar to the rules for when _ is permitted as a type, _ is not permitted as an argument to const generics when in a signature:
// This is not allowed
pubconstfnall_false<const LEN:usize>()->[bool;_]{[false;LEN]}// Neither is this
pubconstALL_FALSE:[bool;_]=all_false::<10>();
Mismatched lifetime syntaxes lint
Lifetime elision in function signatures is an ergonomic aspect of the Rust language, but it can also be a stumbling point for newcomers and experts alike. This is especially true when lifetimes are inferred in types where it isn't syntactically obvious that a lifetime is even present:
// The returned type `std::slice::Iter` has a lifetime,
// but there's no visual indication of that.
//// Lifetime elision infers the lifetime of the return
// type to be the same as that of `scores`.
fnitems(scores:&[u8])->std::slice::Iter<u8>{ scores.iter()}
Code like this will now produce a warning by default:
warning: hiding a lifetime that's elided elsewhere is confusing
--> src/lib.rs:1:18
|
1 | fn items(scores: &[u8]) -> std::slice::Iter<u8> {
| ^^^^^ -------------------- the same lifetime is hidden here
| |
| the lifetime is elided here
|
= help: the same lifetime is referred to in inconsistent ways, making the signature confusing
= note: `#[warn(mismatched_lifetime_syntaxes)]` on by default
help: use `'_` for type paths
|
1 | fn items(scores: &[u8]) -> std::slice::Iter<'_, u8> {
| +++
We first attempted to improve this situation back in 2018 as part of the rust_2018_idioms lint group, but strong feedback about the elided_lifetimes_in_paths lint showed that it was too blunt of a hammer as it warns about lifetimes which don't matter to understand the function:
usestd::fmt;structGreeting;implfmt::Display forGreeting{fnfmt(&self, f:&mutfmt::Formatter)->fmt::Result{// -----^^^^^^^^^ expected lifetime parameter
// Knowing that `Formatter` has a lifetime does not help the programmer
"howdy".fmt(f)}}
We then realized that the confusion we want to eliminate occurs when both
lifetime elision inference rules connect an input lifetime to an output lifetime
it's not syntactically obvious that a lifetime exists
There are two pieces of Rust syntax that indicate that a lifetime exists: & and ', with ' being subdivided into the inferred lifetime '_ and named lifetimes 'a. When a type uses a named lifetime, lifetime elision will not infer a lifetime for that type. Using these criteria, we can construct three groups:
Self-evident it has a lifetime
Allow lifetime elision to infer a lifetime
Examples
No
Yes
ContainsLifetime
Yes
Yes
&T, &'_ T, ContainsLifetime<'_>
Yes
No
&'a T, ContainsLifetime<'a>
The mismatched_lifetime_syntaxes lint checks that the inputs and outputs of a function belong to the same group. For the initial motivating example above, &[u8] falls into the second group while std::slice::Iter<u8> falls into the first group. We say that the lifetimes in the first group are hidden.
Because the input and output lifetimes belong to different groups, the lint will warn about this function, reducing confusion about when a value has a meaningful lifetime that isn't visually obvious.
The mismatched_lifetime_syntaxes lint supersedes the elided_named_lifetimes lint, which did something similar for named lifetimes specifically.
Future work on the elided_lifetimes_in_paths lint intends to split it into more focused sub-lints with an eye to warning about a subset of them eventually.
More x86 target features
The target_feature attribute now supports the sha512, sm3, sm4, kl and widekl target features on x86. Additionally a number of avx512 intrinsics and target features are also supported on x86:
Doctests will now be tested when running cargo test --doc --target other_target, this may result in some amount of breakage due to would-be-failing doctests now being tested.
Failing tests can be disabled by annotating the doctest with ignore-<target> (docs):
i128 and u128 no longer trigger the improper_ctypes_definitions lint, meaning these types may be used in extern "C" functions without warning. This comes with some caveats:
The Rust types are ABI- and layout-compatible with (unsigned) __int128 in C when the type is available.
On platforms where __int128 is not available, i128 and u128 do not necessarily align with any C type.
i128 is not necessarily compatible with _BitInt(128) on any platform, because _BitInt(128) and __int128 may not have the same ABI (as is the case on x86-64).
Demoting x86_64-apple-darwin to Tier 2 with host tools
GitHub will soon discontinue providing free macOS x86_64 runners for public repositories. Apple has also announced their plans for discontinuing support for the x86_64 architecture.
We expect that the RFC for the demotion to Tier 2 with host tools will be accepted between the releases of Rust 1.89 and 1.90, which means that Rust 1.89 will be the last release of Rust where x86_64-apple-darwin is a Tier 1 target.
For users, this change will not immediately cause impact. Builds of both the standard library and the compiler will still be distributed by the Rust Project for use via rustup or alternative installation methods while the target remains at Tier 2. Over time, it's likely that reduced test coverage for this target will cause things to break or fall out of compatibility with no further announcements.
Standards Compliant C ABI on the wasm32-unknown-unknown target
David Allen’s “Getting Thing Done” (GTD) system has been around for longer than Thunderbird! First published in a book of the same name in 2001, this approach to productivity is focused on freeing your brain from chaos, giving it “focus, clarity, and confidence” for creativity and new ideas. As I’m also a fan of freedom from chaos, I decided to dive back into our productivity blogs and highlight how to use tags and keyboard shortcuts to use GTD in Thunderbird.
Five Steps to Get Things Done
To start, let’s summarize the GTD system, for anyone who might not be familiar. GTD uses five key steps to go from unorganized to unstoppable, whether in your inbox or elsewhere: Capture, Clarify, Organize, Reflect, and Engage.
Let’s think about these steps in terms of managing your inbox! First, Capturing involves collecting the things that have your attention. In other instances, this could mean brainstorming a to-do list. For email, this means your inbox. Clarifying entails taking those items and figuring out what they mean. For the Getting Things Done system, you need to figure out if you can act on something (for example, an email) or not. If it’s not actionable, where does it needs to go Is this reference? Is this on hold for some reason? Or can it just go in the trash?
Once this clarifying is done, it’s time to Organize, aka putting the things that have your attention or reminders of them in a place you can act on, whether that’s now or later. Reflecting isn’t a one-time step, but something you do consistently to fine-tune your system and make sure it’s still working for you.
All of these steps make the last step, Engaging, possible. You have a system you can trust, honed through reflection. Your inbox management system is like a starship where everything and everyone is working together, efficiently and effectively. This frees up your brain so your brain can soar through a cosmos of deep, interesting, meaningful work. Maybe while drinking a cup of tea, Earl Grey, hot.
Using Tags and Keyboard Shortcuts to Clarify and Organize Your Inbox
Adapting the GTD system to your Thunderbird inbox takes advantages of two features I am coming to love: labels and keyboard shortcuts.
I’m going to suggest three initial labels, and a few possibilities for labels for non-actionable emails, and walk you through how to set up the labels and use the keyboard shortcuts to apply them – with screenshots!
First, go into Settings > General > Tags to create/adjust your tags. The four example tags we set are “Do Now,” “Do,” “Waiting For,” and “Later.”
Wait, why have a “Do Now” and “Do” tag? This tip came from Henk Postma’s blog, who gave me a lot of inspiration. “Do Now” is urgent, and it needs doing without delay. “Do” doesn’t have this urgency, but the email is actionable.
The “Waiting For” label means there’s something you need to act on this email. Maybe it’s more information, or permission. This label can keep hold those emails until you’re ready. The “Later” tag is a bit of a catch-all. Like reference information, or things you’re interested in but can’t pursue yet. Maybe you want to break down your “Later” labels. The choice is yours!
Now that we have our labels set up, and associated with a number, we’re ready to start organizing. Once a message comes in, click the number for the tag you want. If you accidentally press the wrong number, don’t worry! Just press ‘0’ to clear whatever label you applied.
And that’s it! Well, except putting your system into practice, and David Allen has some further advice on using GTD in your inbox. If you have any tips on how you make your email organization a habit and not an afterthought, I’d love to hear them! As always, if there’s a productivity topic you’d like me to explore, let me know in the comments!
Why this goal? This work continues our drive to improve support for async programming in Rust. In 2024H2 we stabilized async closures; explored the generator design space; and began work on the dynosaur crate, an experimental proc-macro to provide dynamic dispatch for async functions in traits. In 2025H1 our plan is to deliver (1) improved support for async-fn-in-traits, completely subsuming the functionality of the async-trait crate; (2) progress towards sync and async generators, simplifying the creation of iterators and async data streams; (3) and improve the ergonomics of Pin, making lower-level async coding more approachable. These items together start to unblock the creation of the next generation of async libraries in the wider ecosystem, as progress there has been blocked on a stable solution for async traits and streams.
What went well: This cycle we saw significant progress in a few areas:
We had productive conversations with the language team on generators, and landed an experimental implementation for a builtin iter! macro that implements unpinned generators.
We shipped async closures and the new lifetime capture rules as part of Rust 2024.
We developed a proc macro, dynosaur, that can be used to support async fn together with dyn Trait.
We landed an early-stage experiment to support async Drop in the compiler.
We landed an experimental implementation of autoreborrowing for pinned references, along with a number of other improvements for pin ergonomics.
What didn't: In some areas, we didn't make as much progress as we hoped. In retrospect, the scope of this goal was too large for one person to manage. With flagship project goals, there this a desire to paint a grand vision that I think would be better served by another mechanism without a time bound on it. I've been calling this a "north star".
In some cases, like RTN, progress has been by technical debt in the Rust compiler's type system. For that there is an ongoing project goal to replace the trait solver with a next-generation version. Finally, on the design front, progress is sometimes slowed by uncertainty and disagreement around the future of pinning in the Rust language.
Looking forward: My takeaway from this is that in the next project goals cycle, we should focus on answering more fundamental questions of Rust's evolution. These should reduce uncertainty and pave the way for us to unblock major features for async in future cycles. For example, how far we can push pin ergonomics? What approach should we take for in-place initialization, and can it support async fn in dyn Trait? How will we support evolving trait hierarchies in a general way that allows us to support the Tower "middleware" pattern with async fn?
I'm excited by the lineup of goals we have for this next cycle. See you on the other side!
dynosaur v0.3 has been released. This release contains some breaking changes in preparation for an upcoming 1.0 release. See the linked release notes for more details.
What went well: This cycle we saw significant progress in a few areas:
We had productive conversations with the language team on generators, and landed an experimental implementation for a builtin iter! macro that implements unpinned generators.
We shipped async closures and the new lifetime capture rules as part of Rust 2024.
We developed a proc macro, dynosaur, that can be used to support async fn together with dyn Trait.
We landed an early-stage experiment to support async Drop in the compiler.
We landed an experimental implementation of autoreborrowing for pinned references, along with a number of other improvements for pin ergonomics.
What didn't: In some areas, we didn't make as much progress as we hoped. In retrospect, the scope of this goal was too large for one person to manage. With flagship project goals, there this a desire to paint a grand vision that I think would be better served by another mechanism without a time bound on it. I've been calling this a "north star".
In some cases, like RTN, progress has been by technical debt in the Rust compiler's type system. For that there is an ongoing project goal to replace the trait solver with a next-generation version. Finally, on the design front, progress is sometimes slowed by uncertainty and disagreement around the future of pinning in the Rust language.
Looking forward: My takeaway from this is that in the next project goals cycle, we should focus on answering more fundamental questions of Rust's evolution. These should reduce uncertainty and pave the way for us to unblock major features for async in future cycles. For example, how far we can push pin ergonomics? What approach should we take for in-place initialization, and can it support async fn in dyn Trait? How will we support evolving trait hierarchies in a general way that allows us to support the Tower "middleware" pattern with async fn?
I'm excited by the lineup of goals we have for this next cycle. See you on the other side!
Why this goal? May 15, 2025 marks the 10-year anniversary of Rust's 1.0 release; it also marks 10 years since the creation of the Rust subteams. At the time there were 6 Rust teams with 24 people in total. There are now 57 teams with 166 people. In-person All Hands meetings are an effective way to help these maintainers get to know one another with high-bandwidth discussions. This year, the Rust Project will be coming together for RustWeek 2025, a joint event organized with RustNL. Participating project teams will use the time to share knowledge, make plans, or just get to know one another better. One particular goal for the All Hands is reviewing a draft of the Rust Vision Doc, a document that aims to take stock of where Rust is and lay out high-level goals for the next few years.
Why this goal? This goal continues our work from 2024H2 in supporting the experimental support for Rust development in the Linux kernel. Whereas in 2024H2 we were focused on stabilizing required language features, our focus in 2025H1 is stabilizing compiler flags and tooling options. We will (1) implement RFC #3716 which lays out a design for ABI-modifying flags; (2) take the first step towards stabilizing build-std by creating a stable way to rebuild core with specific compiler options; (3) extending rustdoc, clippy, and the compiler with features that extract metadata for integration into other build systems (in this case, the kernel's build system).
We've discussed whether this needs to be a separate target feature vs. a modifier on the existing retpoline one. Josh argued that since having this enabled without retpoline doesn't make sense, it should be a modifier. On the other hand, Miguel mentioned that it would be clearer on the user's side (easier to map the names from GCC and Clang to rustc when they're the same and see that we're enabling the same thing in Rust and Linux kernel's Makefiles).
It seems that -Cmin-function-alignment will be another similar case.
In light of the newly-proposed #[sanitize(xyz = "on|off")] syntax, we've discussed whether it makes sense to add a shorthand to enable/disable all of them at once (e.g. #[sanitize(all = "on|off")]). The experience from the field suggests that this is rarely something people do.
We've also discussed what values should the options have (e.g. "yes"/"no" vs. "on"/"off" or true/false). No strong preferences, but in case of an error, the compiler should suggest the correct value to use.
P.S.: There will be a Lang design meeting regarding in-place initialization on Wednesday 2025-07-30: https://github.com/rust-lang/lang-team/issues/332.
@dingxiangfei2009 drafted a Pre-RFC for the supertrait-item-in-subtrait-impl work. Need to add two modifications to the RFC to incorporate t-lang requests.
@epage hey i would like to help contribute with this, if you could probably mentor me in the right direction, i could learn and ramp up and move this forward, i could start with some tasks, scope them out into small bite sized chunks and contribute
This is mostly in the compiler atm and I'm not in a position to mentor or review compiler changes; my first compiler PR is being merged right now. I'm mostly on this from the Cargo side and overall coordination.
Help wanted: I'll be working towards verifying rustfmt, rust-analyzer, and other tooling support and will be needing at least reviews from people, if not some mentorship.
@epage is shifting attention back to this now that toml v0.9 is out
-Zunpretty support is being added in rust-lang/rust#143708
Blockers
Help wanted
I'll be working towards verifying rustfmt, rust-analyzer, and other tooling support and will be needing at least reviews from people, if not some mentorship.
Not much to say since the last update- I have been focused on other areas of const generics and I believe camelid has been relatively busy with other things too. I intend for the next const generics project goal to be more broadly scoped than just min_generic_const_args so that other const generics work can be given a summary here :)
Discussed the latest round of feedback on the pre-RFC, the most significant of which is that the scope of the RFC is almost certainly too large for an MVP.
@davidtwco presented a reformulation of the plan which focuses on the core components of build-std and leaves more features for future extensions after a minimal MVP:
Stage 1a: Introduce manual controls for enabling the build-std behavior in Cargo.
Stage 1b: Introduce Cargo syntax to declare explicit dependencies on core, alloc and std crates.
This stage enables the use of Tier 3 targets on stable Rust and allows the ecosystem to start transitioning to explicit dependencies on the standard library.
This stage would be considered the minimal MVP.
Stage 2: Teach Cargo to build std with different codegen/target modifier options.
This stage allows the standard library to be compiled with custom codegen options.
Stage 3: Enable automatic standard library rebuilds.
This stage focuses on making build-std behave ergonomically and naturally without users having to manually ask for the standard library to be built.
General consensus was reached that this plan feels viable. @davidtwco will write the Stage 1a/b RFC.
Discussed the latest round of feedback on the pre-RFC, the most significant of which is that the scope of the RFC is almost certainly too large for an MVP.
@davidtwco presented a reformulation of the plan which focuses on the core components of build-std and leaves more features for future extensions after a minimal MVP:
Stage 1a: Introduce manual controls for enabling the build-std behavior in Cargo.
Stage 1b: Introduce Cargo syntax to declare explicit dependencies on core, alloc and std crates.
This stage enables the use of Tier 3 targets on stable Rust and allows the ecosystem to start transitioning to explicit dependencies on the standard library.
This stage would be considered the minimal MVP.
Stage 2: Teach Cargo to build std with different codegen/target modifier options.
This stage allows the standard library to be compiled with custom codegen options.
Stage 3: Enable automatic standard library rebuilds.
This stage focuses on making build-std behave ergonomically and naturally without users having to manually ask for the standard library to be built.
General consensus was reached that this plan feels viable. @davidtwco will write the Stage 1a/b RFC.
Some discussion on various threads from the previous RFC draft.
Belated update for May and June: RustWeek was extremely productive! It was great to sit down in a room with all the stakeholders and talk about what it would take to get cross-crate linting working reliably at scale.
As a result of this work we identified a lot of previously-unknown blockers, as well as some paths forward. More work remains, but it's nice that we now have a much better idea of what that work should look like.
Currently we get information on the syntactic presence of ?Sized. But another bound might be implying Sized, which makes ?Sized not true overall.
Failing to account for this would mean we get both false negatives and false positives. This is effectively a dual of the the "implied bounds" issue in the previous post.
Cross-crate linting has had some positive movement, and some additional blockers identified.
docs.rs has begun hosting rustdoc JSON, allowing us to use it as a cache to avoid rebuilding rustdoc JSON in cross-crate linting scenarios where those builds could get expensive.
We need a way to determine which features in dependencies are active (recursively) given a set of features active in the the top crate, so we know how to generate accurate rustdoc JSON. That information is not currently available via the lockfile or any cargo interface.
We need to work with the rustdoc and cargo teams to make it possible to use rmeta files to correctly combine data across crates. This has many moving parts and will take time to get right, but based on in-person conversations at RustWeek we all agreed was the best and most reliable path forward.
Other improvements to cargo-semver-checks are ongoing: a full set of #[target_feature] lints ships in the next release, and two folks participating in Google Summer of Code have begun contributing to cargo-semver-checks already!
While the targets for the 2025H1 goals proved a bit too ambitious to hit in this timeline, I'm looking forward to continuing my work on the goal in the 2025H2 period!
Belated update for May and June: RustWeek was extremely productive! It was great to sit down in a room with all the stakeholders and talk about what it would take to get cross-crate linting working reliably at scale.
As a result of this work we identified a lot of previously-unknown blockers, as well as some paths forward. More work remains, but it's nice that we now have a much better idea of what that work should look like.
Currently we get information on the syntactic presence of ?Sized. But another bound might be implying Sized, which makes ?Sized not true overall.
Failing to account for this would mean we get both false negatives and false positives. This is effectively a dual of the the "implied bounds" issue in the previous post.
Cross-crate linting has had some positive movement, and some additional blockers identified.
docs.rs has begun hosting rustdoc JSON, allowing us to use it as a cache to avoid rebuilding rustdoc JSON in cross-crate linting scenarios where those builds could get expensive.
We need a way to determine which features in dependencies are active (recursively) given a set of features active in the the top crate, so we know how to generate accurate rustdoc JSON. That information is not currently available via the lockfile or any cargo interface.
We need to work with the rustdoc and cargo teams to make it possible to use rmeta files to correctly combine data across crates. This has many moving parts and will take time to get right, but based on in-person conversations at RustWeek we all agreed was the best and most reliable path forward.
Other improvements to cargo-semver-checks are ongoing: a full set of #[target_feature] lints ships in the next release, and two folks participating in Google Summer of Code have begun contributing to cargo-semver-checks already!
While the targets for the 2025H1 goals proved a bit too ambitious to hit in this timeline, I'm looking forward to continuing my work on the goal in the 2025H2 period!
After some further iteration with the lang team, both RFCs were accepted and merged.
@joshtriplett, @eholk, and @vincenzopalazzo did some successful group-spelunking into the implementation of macros in rustc.
@joshtriplett rewrote the macro_rules! parser, which enabled future extensibility and resulted in better error messages. This then enabled several follow-up refactors and simplifications.
@joshtriplett wrote a PR implementing attribute macros.
@joshtriplett, @eholk, and @vincenzopalazzo did some successful group-spelunking into the implementation of macros in rustc.
@joshtriplett rewrote the macro_rules! parser, which enabled future extensibility and resulted in better error messages. This then enabled several follow-up refactors and simplifications.
@joshtriplett wrote a PR implementing attribute macros (review in progress).
This project goals cycle was important for C++ interop. With the language team we established that we should evolve Rust to enable a first-class C++ interop story, making rich and automatic bindings possible between the two languages. At the Rust All Hands, people from across the industry met to describe their needs to each other, what is working for them, and what isn't. This process of discovery has led to a lot of insight into where we can make progress now and ideas for what it will take to really "solve" interop.
One thing I think we can say with certainty is that interop is a vast problem space, and that any two groups who want interop are very likely to have different specific needs. I'm excited about the project goal proposal by @baumanj to begin mapping this problem space out in the open, so that as we refer to problems we can better understand where our needs overlap and diverge.
Despite the diversity of needs, we've noticed that there is quite a bit of overlap when it comes to language evolution. This includes many features requested by Rust for Linux, a flagship customer of the Rust Project. In retrospect, this is not surprising: Rust for Linux needs fine-grained interop with C APIs, which is roughly a subset of the needs for interop with C++ APIs. Often the need runs deeper than interop, and is more about supporting patterns in Rust that existing systems languages already support as a first-class feature.
I'm looking forward to tackling areas where we can "extend the fundamentals" of Rust in a way that makes these, and other use cases, possible. This includes H2 project goal proposals like pin ergonomics, reborrowing, field projections, and in-place initialization.
Thanks to everyone who contributed to the discussions this past cycle. Looking forward to seeing you in the next one!
Ahead of the all hands, @cramertj and @tmandry collaborated on a prototype called ecdysis that explored the viability of instantiating types "on-demand" in the Rust compiler. These types are intended to look like C++ template instantiations. The prototype was a success in that it made the direction look viable and also surfaced some foundational work that needs to happen in the compiler first. That said, continuing to pursue it is not the highest priority for either of us at the moment.
Many thanks to @oli-obk for their advice and pointers.
This project goals cycle was important for C++ interop. With the language team we established that we should evolve Rust to enable a first-class C++ interop story, making rich and automatic bindings possible between the two languages. At the Rust All Hands, people from across the industry met to describe their needs to each other, what is working for them, and what isn't. This process of discovery has led to a lot of insight into where we can make progress now and ideas for what it will take to really "solve" interop.
One thing I think we can say with certainty is that interop is a vast problem space, and that any two groups who want interop are very likely to have different specific needs. I'm excited about the project goal proposal by @baumanj to begin mapping this problem space out in the open, so that as we refer to problems we can better understand where our needs overlap and diverge.
Despite the diversity of needs, we've noticed that there is quite a bit of overlap when it comes to language evolution. This includes many features requested by Rust for Linux, a flagship customer of the Rust Project. In retrospect, this is not surprising: Rust for Linux needs fine-grained interop with C APIs, which is roughly a subset of the needs for interop with C++ APIs. Often the need runs deeper than interop, and is more about supporting patterns in Rust that existing systems languages already support as a first-class feature.
I'm looking forward to tackling areas where we can "extend the fundamentals" of Rust in a way that makes these, and other use cases, possible. This includes H2 project goal proposals like pin ergonomics, reborrowing, field projections, and in-place initialization.
Thanks to everyone who contributed to the discussions this past cycle. Looking forward to seeing you in the next one!
The last update for this project-goal period! I have continued to work on the gpu support, while our two Rust/LLVM autodiff gsoc students made great progress with their corresponding projects.
Key developments:
My memory-movement PR got reviewed and after a few iterations landed in nightly. That means you now don't even have to build your own rustc to move data to and from a GPU (with the limitations mentioned in my previous post). As part of my PR, I also updated the rustc-dev-guide: https://rustc-dev-guide.rust-lang.org/offload/installation.html.
Now that the host (CPU) code landed, I looked into compiling rust kernels to GPUs. When experimenting with the amdgcn target for rustc I noticed a regression, due to which all examples for that target failed. I submitted a small patch to fix it. It landed a few days ago, and prevents rustc from generating f128 types on AMD GPUs: https://github.com/rust-lang/rust/pull/144383.
I looked into HIP and OpenMP (managed/kernel-mode) examples to see what's needed to launch the kernels. I should already have most of the code upstream, since it landed as part of my host PR, so I think I should soon be able to add the remaining glue code to start running Rust code on GPUs. https://github.com/rust-lang/rust/pull/142696.
The main PR of @KMJ-007 is up, to start generating typetrees for Enzyme, the backend of our std::autodiff module. Enzyme sometimes wants more information about a type than it can get from LLVM, so it either needs to deduce it (slow), or it will fail to compile (bad). In the future we hope to lower MIR information to Enzyme, and this is the first step for it. I just submitted the first round of reviews: https://github.com/rust-lang/rust/pull/142640
The main PR of @Sa4dUs is up, it replaces my historically grown middle-end with a proper rustc-autodiff-intrinsic. This allows us to remove a few hacks and thus makes it easier to maintain. It will also handle more corner-cases, and reduces the amount of autodiff related code in rustc by ~400 lines. I also gave it a first review pass.
I also submitted an updated project-goal to finish the std::offload module, to the point where we can write an interesting amount of kernels in pure (nightly) Rust and launch them to GPUs. All new project goals are supposed to have "champions" from the teams they are related to, which in the case of my autodiff/batching/offload work would be t-compiler and t-lang (see Niko's blog post for more details). Since I joined the compiler team a while ago I can now champion for it myself on the compiler side, and @traviscross volunteered to continue the support on the language side, thank you!
The last update for this project-goal period! I have continued to work on the gpu support, while our two Rust/LLVM autodiff gsoc students made great progress with their corresponding projects.
Key developments:
My memory-movement PR got reviewed and after a few iterations landed in nightly. That means you can now don't even have to build your own rustc to move data to and from a GPU (with the limitations mentioned in my previous post). As part of my PR, I also updated the rustc-dev-guide: https://rustc-dev-guide.rust-lang.org/offload/installation.html
Now that the host (CPU) code landed, I looked into compiling rust kernels to GPUs. When experimenting with the amdgcn target for rustc I noticed a regression, due to which all examples for that target failed. I submitted a small patch to fix it. It landed a few days ago, and prevents rustc from generating f128 types on AMD GPUs: https://github.com/rust-lang/rust/pull/144383
I looked into HIP and OpenMP (managed/kernel-mode) examples to see what's needed to launch the kernels. I should already have most of the code upstream, since it landed as part of my host PR, so I think I should soon be able to add the remaining glue code to start running Rust code on GPUs. https://github.com/rust-lang/rust/pull/142696.
The main PR of @KMJ-007 is up, to start generating typetrees for Enzyme, the backend of our std::autodiff module. Enzyme sometimes wants more information about a type than it can get from LLVM, so it either needs to deduce it (slow), or it will fail to compile (bad). In the future we hope to lower MIR information to Enzyme, and this is the first step for it. I just submitted the first round of reviews: https://github.com/rust-lang/rust/pull/142640
The main PR of @Sa4dUs is up, it replaces my historically grown middle-end with a proper rustc-autodiff-intrinsic. This allows us to remove a few hacks and thus makes it easier to maintain. It will also handle more corner-cases, and reduces the amount of autodiff related code in rustc by ~400 lines. I also gave it a first review pass.
I also submitted an updated project-goal to finish the std::offload module, to the point where we can write an interesting amount of kernels in pure (nightly) Rust and launch them to GPUs. All new project goals are supposed to have "champions" from the teams they are related to, which in the case of my autodiff/batching/offload work would be t-compiler and t-lang (see Niko's blog post for more details). Since I joined the compiler team a while ago I can now champion for it myself on the compiler side, and @traviscross volunteered to continue the support on the language side, thank you!
My time at Amazon is coming to an end. They supported the very successful effort with the 2024h2 goal, and encouraged me to propose the 2025h1 goal that is now wrapping up. Unfortunately other work efforts led to the very limited progress on the 2025h1 goal. I do not know what comes next, but it definitely involves taking time to relax and recover. Recovering involves rediscovering the joy in the work that I love. And, I have a deep passion for this problem. I hope to make some time to work on this. But, relaxing requires reducing the commitments I have made to others and the associated stress. So I will not promise progress, nor will I renew the goal for 2025h2.
My time at Amazon is coming to an end. They supported the very successful effort with the 2024h2 goal, and encouraged me to propose the 2025h1 goal that is now wrapping up. Unfortunately other work efforts led to the very limited progress on the 2025h1 goal. I do not know what comes next, but it definitely involves taking time to relax and recover. Recovering involves rediscovering the joy in the work that I love. And, I have a deep passion for this problem. I hope to make some time to work on this. But, relaxing requires reducing the commitments I have made to others and the associated stress. So I will not promise progress, nor will I renew the goal for 2025h2.
As the 2025 H1 period is coming to an end and we're focusing on the goals for the second half of the year, we will close this issue by the end of this month (July 2025).
If you or someone else out there is working on this and has updates to share, please add them as a comment here by 2025-07-29 so they can be included in the final blog post.
Even after the issue is closed, the work here can be picked up -- we'll just no longer track it as part of the 2025H1 goals effort.
Chiming in for @epage here since further progress is still blocked on the compiler implementation. Unfortunately things have been moving more slowly than I had initially hoped. We have been doing some refactoring (https://github.com/rust-lang/rust/pull/142547 and https://github.com/rust-lang/rust/pull/144131) that allow us to introduce a new Scope for namespaced crates inside name resolution. There's a draft PR (https://github.com/rust-lang/rust/pull/140271) that should be straightforward to adapt to the refactoring.
Implementation remains in progress; I'll be able to land a couple PRs soon getting it largely implemented. Progress was slower than expected due to me having a fair amount going on. As I still very much want this feature, I will continue work on it even with the goal having formally lapsed.
Additionally, I think that after it's fully implemented it may be feasible to leverage the crate-local knowledge of impl restrictions to optimize dyn in an enum_dispatch-like manner. I haven't investigated the feasibility of that in the compiler — it's merely a suspicion.
Unfortunately, we didn't make much progress since April except for a very useful discussion during Rust all hands. A few notes can be found here: https://hackmd.io/@qnR1-HVLRx-dekU5dvtvkw/SyUuR6SZgx. We're still waiting for the design discussion meeting with the compiler team.
@dawidl022 is working as part of GSoC to improve contracts implementation under @tautschnig mentorship. Additionally, @tautschnig and @carolynzech are working on porting contracts from https://github.com/model-checking/verify-rust-std to the Rust repo.
We - or well, overwhelmingly @compiler-errors - continued to make performance improvements to the new solver over the last month: https://github.com/rust-lang/rust/pull/142802 https://github.com/rust-lang/rust/pull/142732 https://github.com/rust-lang/rust/pull/142317 https://github.com/rust-lang/rust/pull/142316 https://github.com/rust-lang/rust/pull/142223 https://github.com/rust-lang/rust/pull/142090 https://github.com/rust-lang/rust/pull/142088 https://github.com/rust-lang/rust/pull/142085 https://github.com/rust-lang/rust/pull/141927 https://github.com/rust-lang/rust/pull/141581 https://github.com/rust-lang/rust/pull/141451. nalgebra is currently 70% slower than with the old solver implementation and we seem to be about 30-50% slower in most normal crates.
I've been working on strengthening the search graph to avoid the hang in rayon and https://github.com/rust-lang/trait-system-refactor-initiative/issues/210 in a principled way. This has been more challenging than expected and will take at least another week to get done.
Since the last update @compiler-errors landed two additional perf optimizations: https://github.com/rust-lang/rust/pull/143500 https://github.com/rust-lang/rust/pull/143309.
I am still working on the hang in rayon and https://github.com/rust-lang/trait-system-refactor-initiative/issues/210. I've ended up having to change the invariants of the type system to support a fast paths based on structural identity, e.g. quickly proving T: Trait<'a> via a T: Trait<'a> where-bound, in https://github.com/rust-lang/rust/pull/144405. Changing this invariant requires some additional work in HIR typeck, so I am currently reducing the perf impact of that change.
With this I can then land the actual fast paths which fix both rayon and similar hangs due to a large number of where-bounds. This should also be done soon. I will then go back to implement the new opaque type handling approach as that's the only remaining issue before we can call for testing.
Key developments: https://github.com/rust-lang/rust/issues/143352 proposes an experimental feature to investigate an effect-based approach to integrate generics and target features, effectively giving ways to have different monomorphizations of a function have different target features.
Key developments: Landed the enum discriminant check and enabled it for transmutes to enums for now (this is not so powerful), currently extending it to union reads and pointer reads.
Blockers: question of how to insert a check if we already observe UB (e.g. the enum is only represented by an i1 in LLVM IR). This is to be addressed by the next project goal: https://rust-lang.github.io/rust-project-goals/2025h2/comprehensive-niche-checks.html.
As a minor improvement, we now instantiate a lot less types on unit_return_expecting_ord (89% less calls in some benchmarks). This saves us a lot of locks on the type interner.
As a final update to the project goal, I'd like to say a little bit more:
I'm very happy with how this project goal has turned out. We've seen improvements in the 35-60% range for your real world projects and while I couldn't deliver the two objectives the project goal promised because of an excess in ambition, I still don't think that these are too far-fetched by any means.
As some specific examples, you can now witness a 38% performance improvements in analyzing Cargo, and a 61% in analyzing Tokio!
Much more to come, and thanks for sticking by while we make Clippy a better project, with better developer experience.
Have a great week, and I hope that you can enjoy all the performance improvements that we've delivered across this project goal.
Even more optimizations have been achieved on the documentation lints front. https://github.com/rust-lang/rust-clippy/pull/15030. (-6.7% on bumpalo).
The 3rd heaviest function was optimized away by 99.75%, along with the strlen_on_c_strings lint. This gives us about a 15% optimization on tokio. https://github.com/rust-lang/rust-clippy/pull/15043
As a minor improvement, we now instantiate a lot less types on unit_return_expecting_ord (89% less calls in some benchmarks). This saves us a lot of locks on the type interner.
As a final update to the project goal, I'd like to say a little bit more:
I'm very happy with how this project goal has turned out. We've seen improvements in the 35-60% range for your real world projects and while I couldn't deliver the two objectives the project goal promised because of an excess in ambition, I still don't think that these are too far-fetched by any means.
As some specific examples, you can now witness a 38% performance improvements in analyzing Cargo, and a 61% in analyzing Tokio!
Much more to come, and thanks for sticking by while we make Clippy a better project, with better developer experience.
Have a great week, and I hope that you can enjoy all the performance improvements that we've delivered across this project goal.
The following contributors have made many libcore traits const:
@Daniel-Aaron-Bloom
@estebank
@Randl
@SciMind2460
@fee1-dead has also updated the syntax to allow for const trait Trait {} declarations instead of #[const_trait] trait Trait {}.
Thanks y'all for moving this feature along!
We have encountered few issues, but there is one major one:
without dyn [const] Trait support we cannot turn any of the core::fmt traits const in a usable way. This in turn makes things like Result::unwrap not usable in const contexts without using const_eval_select to not actually perform any formatting within const contexts.
It is my belief that now would be a good time to call for testing to get community input on the current syntax and behaviour.
The current proposal is [const] Trait syntax for bounds, impl const Trait for Type syntax for impls and const Trait for trait declarations. No annotations on methods in traits or impls required, but all implied from the trait or impl.
The following contributors have made many libcore traits const:
@Daniel-Aaron-Bloom
@estebank
@Randl
@SciMind2460
@fee1-dead has also updated the syntax to allow for const trait Trait {} declarations instead of #[const_trait] trait Trait {}.
Thanks y'all for moving this feature along!
We have encountered few issues, but there is one major one:
without dyn [const] Trait support we cannot turn any of the core::fmt traits const in a usable way. This in turn makes things like Result::unwrap not usable in const contexts without using const_eval_select to not actually perform any formatting within const contexts.
It is my belief that now would be a good time to call for testing to get community input on the current syntax and behaviour.
The FLS is now an independent repository within the Rust Project, not relying on imported Ferrocene packages for building (we have brought them in locally). A version of the FLS has been published at https://rust-lang.github.io/fls using the new build process. The content changes were mostly non-normative at this point, but we have officially published the first rust-lang owned release of the FLS.
Next steps: Continue adding/modifying appropriate content for the FLS moving forward. Determine any potential H2 2025 spec-related project goals.
The FLS is now an independent repository within the Rust Project, not relying on imported Ferrocene packages for building (we have brought them in locally). A version of the FLS has been published at https://rust-lang.github.io/fls using the new build process. The content changes were mostly non-normative at this point, but we have officially published the first rust-lang owned release of the FLS.
Next steps: Continue adding/modifying appropriate content for the FLS moving forward. Determine any potential H2 2025 spec-related project goals.
We're almost done with the refactoring thanks again to @makai410 who is part of the GSoC.
The stable_mir crate is now rustc_public. We are now finalizing the infrastructure and working on a compiler MCP. We should be ready to publish version 0.1 in the second half of the year. Thanks to everyone who helped, especially @makai410, who did most of the work.
We're almost done with the refactoring thanks again to @makai410 who is part of the GSoC. We are now considering renaming the crate before publishing, if you have any suggestion, please post it in https://rust-lang.zulipchat.com/#narrow/channel/320896-project-stable-mir/topic/Renaming.20StableMIR/with/520505712.
Finally, we're designing the test and release automation.
The stable_mir crate is now rustc_public. We are now finalizing the infrastructure and working on a compiler MCP. We should be ready to publish version 0.1 in the second half of the year. Thanks to everyone who helped, especially @makai410, who did most of the work.
We made further progress on the new benchmarking scheme. The side of the website is nearing MVP status, currently we are switching focus on the side of the collector that runs the benchmarks.
We made further progress on the new benchmarking scheme. The side of the website is nearing MVP status, currently we are switching focus on the side of the collector that runs the benchmarks.
Some notable PRs:
Benchmark request queue for try builds and release artifacts (https://github.com/rust-lang/rustc-perf/pull/2166, https://github.com/rust-lang/rustc-perf/pull/2192, https://github.com/rust-lang/rustc-perf/pull/2197, https://github.com/rust-lang/rustc-perf/pull/2201).
Splitting of benchmark requests into benchmark jobs, including backfilling (https://github.com/rust-lang/rustc-perf/pull/2207).
Here are the key developments for the month of June, the last of this H1 project goal period.
Amanda has been preparing a couple of papers on polonius 🔥!
As for me, I've continued on the previous threads of work:
the drop-liveness dataflow optimization landed, and I've also changed the bitset used in the loans-in-scope computation to better support the sparser cases with a lot of loans that we see in a handful of benchmarks (and we could tune that cutoff if we wanted to, it's currently around 2K by default in the MixedBitSet implementation IIRC).
the rustc-perf benchmarks we have mostly exercise the move/init dataflow parts of borrow-checking, so I've created a stress test that puts emphasis on the loans-in-scope computation in particular, and have started gathering stats on crates.io code to have realistic examples. There are juicy functions in there, where one of the dataflow passes can take 40 seconds.
I reworked the in-tree analysis to what should be close to a "polonius alpha" version of the analysis -- modulo a few loose ends that still need to be fixed -- and did some perf runs and a few crater runs with it enabled by default: nothing exploded. We know that this version based on reachability fixes fewer issues than a full version handling 100% of the flow-sensitivity problem -- like the datalog implementation did, albeit too slowly -- but is actionable and meaningful progress: it fixes many cases of NLL problem 3. We're also reasonably confident that we can make a production-ready version of this alpha algorithm, and in this project goal period we have identified the areas where improvements can be made to gradually improve expressiveness, and that we wish to explore later.
I also discovered a couple of failing examples with the new edition edition 2024 capture rules, and generally need to take care of member constraints, so it's not unexpected. Another small signal to improve test coverage, but not specific to borrowck: it's for all tests and editions in general, as seen in MCP #861.
I've opened PR #143093 to land this polonius alpha analysis, and after looking into fixing member constraints, it should be the behavioral basis of what we hope to stabilize in the future, once it's more suited to production (e.g. better perf, better test coverage, more edge cases analyses, formalism) be it by incremental improvements, or via a different rewritten version of this algorithm -- with modifications to NLLs to make the interactions lazier/on-demand, so that we don't run a more expensive analysis if we don't need to.
In the future, hopefully for a h2 project goal, I plan to do that work towards stabilizing this alpha version of the analysis.
Here are the key developments for the month of June, the last of this H1 project goal period.
Amanda has been preparing a couple of papers on polonius 🔥!
As for me, I've continued on the previous threads of work:
the drop-liveness dataflow optimization landed, and I've also changed the bitset used in the loans-in-scope computation to better support the sparser cases with a lot of loans that we see in a handful of benchmarks (and we could tune that cutoff if we wanted to, it's currently around 2K by default in the MixedBitSet implementation IIRC).
the rustc-perf benchmarks we have mostly exercise the move/init dataflow parts of borrow-checking, so I've created a stress test that puts emphasis on the loans-in-scope computation in particular, and have started gathering stats on crates.io code to have realistic examples. There are juicy functions in there, where one of the dataflow passes can take 40 seconds.
I reworked the in-tree analysis to what should be close to a "polonius alpha" version of the analysis -- modulo a few loose ends that still need to be fixed -- and did some perf runs and a few crater runs with it enabled by default: nothing exploded. We know that this version based on reachability fixes fewer issues than a full version handling 100% of the flow-sensitivity problem -- like the datalog implementation did, albeit too slowly -- but is actionable and meaningful progress: it fixes many cases of NLL problem 3. We're also reasonably confident that we can make a production-ready version of this alpha algorithm, and in this project goal period we have identified the areas where improvements can be made to gradually improve expressiveness, and that we wish to explore later.
I also discovered a couple of failing examples with the new edition edition 2024 capture rules, and generally need to take care of member constraints, so it's not unexpected. Another small signal to improve test coverage, but not specific to borrowck: it's for all tests and editions in general, as seen in MCP #861.
I've opened PR #143093 to land this polonius alpha analysis, and after looking into fixing member constraints, it should be the behavioral basis of what we hope to stabilize in the future, once it's more suited to production (e.g. better perf, better test coverage, more edge cases analyses, formalism) be it by incremental improvements, or via a different rewritten version of this algorithm -- with modifications to NLLs to make the interactions lazier/on-demand, so that we don't run a more expensive analysis if we don't need to.
In the future, hopefully for a h2 project goal, I plan to do that work towards stabilizing this alpha version of the analysis.
Following is a status update and breakdown on where things currently stand for the MVP implementation of TUF and the choices we’ve landed at so far with the discussion via this goal. At the end of this update is a briefer list-form of this update.
In summary, we have landed at moving forward with a TAP-16 Merkle Tree implementation of TUF for crates.io, with technical choices pending on the best balance and optimization for our specific performance needs. We are still currently on track to have a MVP public implementation by the end of July of this implementation, which optimizations will be tested against. This includes:
Test repositories and tooling for rustup, releases and crates.io
Temporary repository tooling for updates (We are currently outside these services, and so updates occur via periodic checks)
An out-of-band index copy for crates.io for in-line signing testing
cargo-signing subcommand tooling for end-user functionality (TUF updates, validation and downloading)
We still have open questions for the specific approach of the Merkle tree, which is continuing into H2. We have also reached an acceptable consensus with the infrastructure team for deployment planning.
TUF Implementation
During H1, we experimented with 4 implementations of TUF: To-spec, Hashed Bins, Succinct Hashed Bins, and TUF TAP-16 Merkle Trees. Hashed Bins & Succinct Hashed Bins are the current approaches being experimented with in the Python community, and we wanted to see how that would align with our growth and bandwidth requirements. After experimenting, we found the linear growth models to still be unacceptable, thus landing at the Merkle Tree implementation. This still comes at a round-trip increase cost, however, and for H2 we are now experimenting with how to implement the Merkle tree to reduce round-trips - via balancing, implementation details and tree slicing - or a combination of the three..
Quorum & Roles
On the higher level grounds of quorums and infrastructure, through discussions, we have come to a consensus on maintaining a top-level quorum, but removing intermediate levels for simplicity. The root quorum shall be the Infrastructure team for initial deployment; roles under this quorum will be nightly, releases, rustup and crates.io; each one of these keys will be a single live key which resides in KMS. We will leverage KMS API’s to perform live signing for all actions of those roles (new releases and crates). The hierarchy initially proposed in the RFC will be removed in favor of this approach.
The root quorum will manage the roles via tuf-on-ci on a github repository, while actual signing actions using the live keys will all occur via local tooling in their CI.
Choices Made
Listed here the choices made as a part of this goal:
Initial root quorum will be the infrastructure team with a 3-member threshold. This can be rotated or grown at any time by that team in the future.
Role keys will live in KMS and be used in the appropriate CI/infrastructure of those teams (Infra for nightly, releases and rustup; the crates.io team for crates). This will be managed via IAM access to the KMS.
TAP-16 Merkle Tree implementation of TUF was chosen. Other methods linear+ growth models were unacceptable. We still have open questions to resolve around bandwidth vs. round-trips
tuf-on-ci will only be used for the root quorum and role changes, to leverage PR-workflows for easy management.
The source-of-truth TUF repository will live in an S3 bucket.
We will rely on cloudtrail for audit logging of KMS and work to make those logs available for transparency
Next Steps
A public MVP will go live at the end of July / August, and live changes/tests will be made of the Merkle tree implementation there.
We still need to determine the appropriate trade off for round trips vs. bandwidth for the Merkle Tree. We are collecting more granular logs from the sparse index and crates.io index as a whole to accomplish this. Crate downloads vs. updates are very unbalanced, and we expect to get significant reductions of both by appropriately balancing the tree.
Work needs to start on beginning to stand up infrastructure in the project to house this in the simpleinfra repository. Besides the raw infrastructure, this needs to be tooling for the initial creation ceremony.
We’ve begun thinking about what different mirroring strategies look like when utilizing TUF, to make sure we consider those when deploying this. The MVP provides basic validation of any mirror, but how can mirroring and fallbacks possibly be integrated?
Following is a status update and breakdown on where things currently stand for the MVP implementation of TUF and the choices we’ve landed at so far with the discussion via this goal. At the end of this update is a briefer list-form of this update.
In summary, we have landed at moving forward with a TAP-16 Merkle Tree implementation of TUF for crates.io, with technical choices pending on the best balance and optimization for our specific performance needs. We are still currently on track to have a MVP public implementation by the end of July of this implementation, which optimizations will be tested against. This includes:
Test repositories and tooling for rustup, releases and crates.io
Temporary repository tooling for updates (We are currently outside these services, and so updates occur via periodic checks)
An out-of-band index copy for crates.io for in-line signing testing
cargo-signing subcommand tooling for end-user functionality (TUF updates, validation and downloading)
We still have open questions for the specific approach of the Merkle tree, which is continuing into H2. We have also reached an acceptable consensus with the infrastructure team for deployment planning.
TUF Implementation
During H1, we experimented with 4 implementations of TUF: To-spec, Hashed Bins, Succinct Hashed Bins, and TUF TAP-16 Merkle Trees. Hashed Bins & Succinct Hashed Bins are the current approaches being experimented with in the Python community, and we wanted to see how that would align with our growth and bandwidth requirements. After experimenting, we found the linear growth models to still be unacceptable, thus landing at the Merkle Tree implementation. This still comes at a round-trip increase cost, however, and for H2 we are now experimenting with how to implement the Merkle tree to reduce round-trips - via balancing, implementation details and tree slicing - or a combination of the three..
Quorum & Roles
On the higher level grounds of quorums and infrastructure, through discussions, we have come to a consensus on maintaining a top-level quorum, but removing intermediate levels for simplicity. The root quorum shall be the Infrastructure team for initial deployment; roles under this quorum will be nightly, releases, rustup and crates.io; each one of these keys will be a single live key which resides in KMS. We will leverage KMS API’s to perform live signing for all actions of those roles (new releases and crates). The hierarchy initially proposed in the RFC will be removed in favor of this approach.
The root quorum will manage the roles via tuf-on-ci on a github repository, while actual signing actions using the live keys will all occur via local tooling in their CI.
Choices Made
Listed here the choices made as a part of this goal:
Initial root quorum will be the infrastructure team with a 3-member threshold. This can be rotated or grown at any time by that team in the future.
Role keys will live in KMS and be used in the appropriate CI/infrastructure of those teams (Infra for nightly, releases and rustup; the crates.io team for crates). This will be managed via IAM access to the KMS.
TAP-16 Merkle Tree implementation of TUF was chosen. Other methods linear+ growth models were unacceptable. We still have open questions to resolve around bandwidth vs. round-trips
tuf-on-ci will only be used for the root quorum and role changes, to leverage PR-workflows for easy management.
The source-of-truth TUF repository will live in an S3 bucket.
We will rely on cloudtrail for audit logging of KMS and work to make those logs available for transparency
Next Steps
A public MVP will go live at the end of July / August, and live changes/tests will be made of the Merkle tree implementation there.
We still need to determine the appropriate trade off for round trips vs. bandwidth for the Merkle Tree. We are collecting more granular logs from the sparse index and crates.io index as a whole to accomplish this. Crate downloads vs. updates are very unbalanced, and we expect to get significant reductions of both by appropriately balancing the tree.
Work needs to start on beginning to stand up infrastructure in the project to house this in the simpleinfra repository. Besides the raw infrastructure, this needs to be tooling for the initial creation ceremony.
We’ve begun thinking about what different mirroring strategies look like when utilizing TUF, to make sure we consider those when deploying this. The MVP provides basic validation of any mirror, but how can mirroring and fallbacks possibly be integrated?
rust-lang/rust#137944 got merged with Part I of the Sized Hierarchy work
A bug was discovered through fuzzing when the feature was enabled, users could write dyn PointeeSized which would trigger the builtin impl for PointeeSized, which doesn't exist. rust-lang/rust#143104 was merged to fix that.
In attempt to experiment with relaxing Deref::Target, we discovered that sizedness supertraits weren't being elaborated from where bounds on projections.
Adding those bounds meant that there could be two candidates for some obligations - from a where bound and from an item bound - where previously there would only be the item bound. Where bounds take priority and this could result in regions being equated that did not previously.
By fixing that, we ran into issues with normalisation that was happening which restricted what code using GATs was accepted. Fixing this got everything passing but more code is accepted.
rust-lang/rust#142712 has this fixed, but isn't yet merged as it's quite involved.
I've still not made any changes to the Sized Hierarchy RFC, there's a small amount of discussion which will be responded to once the implementation has landed.
While implementing Part II of the Sized Hierarchy work, we ran into limitations of the old solver w/r/t host effect predicates around coinductive cycles. We've put that aside until there's nothing else to do or the new solver is ready.
We've been reviving the RFC and implementation of the SVE infrastructure, relying on some exceptions because of not having const sizedness yet, but knowing that we've got a solution for that coming, we're hoping to see this merged as an experiment once it is ready.
We've opened rust-lang/rust#144404 that documents the current status of the Sized Hierarchy feature and our plans for it.
As before, implementing const sizedness is on hold until the next solver is ready or there's nothing else to do.
We've opened rust-lang/rust#144064 with the interesting parts of rust-lang/rust#142712 from a t-types perspective, that's currently waiting on FCP checkboxes.
This will enable experimentation with relaxing Deref::Target to PointeeSized.
We've opened rust-lang/rfcs#3838 and rust-lang/rust#143924 updating rust-lang/rfcs#3268 and rust-lang/rust#118917 respectively.
There's been lots of useful feedback on this that we're working on addressing and will have an update soon
rust-lang/rust#137944 got merged with Part I of the Sized Hierarchy work
A bug was discovered through fuzzing when the feature was enabled, users could write dyn PointeeSized which would trigger the builtin impl for PointeeSized, which doesn't exist. rust-lang/rust#143104 was merged to fix that.
In attempt to experiment with relaxing Deref::Target, we discovered that sizedness supertraits weren't being elaborated from where bounds on projections.
Adding those bounds meant that there could be two candidates for some obligations - from a where bound and from an item bound - where previously there would only be the item bound. Where bounds take priority and this could result in regions being equated that did not previously.
By fixing that, we ran into issues with normalisation that was happening which restricted what code using GATs was accepted. Fixing this got everything passing but more code is accepted.
rust-lang/rust#142712 has this fixed, but isn't yet merged as it's quite involved.
I've still not made any changes to the Sized Hierarchy RFC, there's a small amount of discussion which will be responded to once the implementation has landed.
While implementing Part II of the Sized Hierarchy work, we ran into limitations of the old solver w/r/t host effect predicates around coinductive cycles. We've put that aside until there's nothing else to do or the new solver is ready.
We've been reviving the RFC and implementation of the SVE infrastructure, relying on some exceptions because of not having const sizedness yet, but knowing that we've got a solution for that coming, we're hoping to see this merged as an experiment once it is ready.
We've opened rust-lang/rust#144404 that documents the current status of the Sized Hierarchy feature and our plans for it.
As before, implementing const sizedness is on hold until the next solver is ready or there's nothing else to do.
We've opened rust-lang/rust#144064 with the interesting parts of rust-lang/rust#142712 from a t-types perspective, that's currently waiting on FCP checkboxes.
This will enable experimentation with relaxing Deref::Target to PointeeSized.
We've opened rust-lang/rfcs#3838 and rust-lang/rust#143924 updating rust-lang/rfcs#3268 and rust-lang/rust#118917 respectively.
There's been lots of useful feedback on this that we're working on addressing and will have an update soon
Alex Stout: Bug 1845523 — ExtensionProcessCrashObserver should use integer (number) instead of string type for childID
🌟Balraj Dhawan: Bug 1977903 — Remove comment in the updated() function
Biyul.dev:
Bug 1931528 — Revert workaround for asyncOpenTime=0 in webdriver-bidi
Bug 1976504 — Remove support for “localize_entity” from localization module
Gabriel Astorgano[:astor}: Bug 1967464 — Mute/unmute button on tabs unaligned vertical sidebar
Jacqueline Amherst: Bug 1972342 — Web appearance using missing CSS variable –in-content-box-background-color
🌟JP Belval: Bug 1961487 — Automatic PiP does not trigger if the button is disabled
🌟jtech3029: Bug 1951724 — Print Preview UI doesn’t update the print scaling value (despite using it for the rendering) after switching to a print target that has a saved `.print_scaling` value
Nate Gross:
Bug 1957261 — Remove comment that is no longer accurate from Prompter.sys.mjs
Bug 1968719 — Make lwtheme-brighttext a proper boolean attribute
chase.philpot: Bug 1973697 — remove install.mozilla.org from extensions.webextensions.restrictedDomains preference
Richard LoRicco: Bug 1975300 — nsIFOG’s applyServerKnobsConfig’s doctring references nonexistant API `set_metrics_enabled_config`
Ryan Safaeian [:rsafaeian]: Bug 1945420 — [contextual-password-manager] “Close Without Saving?” warning loses focus when Tab is pressed
🌟shwetank.tewari.87: Bug 1831397 — Update documentation to clarify targeting context of frequentVisits trigger
🌟William: Bug 1960743 — Can’t fully see @font-face descriptions in the Fonts tab of Page Inspector
wilsu: Bug 1842607 — FOG: Log attempts to access category/metric NamedGetter using underscores
Project Updates
Add-ons / Web Extensions
WebExtensions Framework
Enabled nightly-only rejection on invalid cookies created through the cookies WebExtensions API – Bug 1976197
NOTE: this behavior is currently only enabled in Nightly builds, Bug 1976509 is tracking enabling it on all channels
WebExtension APIs
A new onUserSettingsChanged API event has been added to the action API namespace to allow the extensions to be notified when their toolbar button is pinned/unpinned from the toolbar – Bug 1828220
Thanks to Gregory Pappas for contributing this new API enhancement!
DevTools
William improved the rendering of @font-face declaration in the Inspector Fonts panel (#1960743)
Holger Benl [:hbenl] fixed an issue in Responsive Design Mode touch simulation where we would trigger too many events on pages with same-origin iframes (#1973691)
Alexandre Poirot [:ochameau] fixed an issue in the Netmonitor where Search results would collapsed when new requests were added to the main list (#1975441)
Hubert Boma Manilla (:bomsy) improved Netmonitor so Request Headers/Cookies/Params are displayed even if the request isn’t finished yet (#1557795)
Thanks to :biyul for reverting a workaround used to avoid incorrect properties in our network events, but no longer needed thanks to improvements on Necko side.
The developer community should be aware we’ve detected a phishing campaign targeting AMO (addons.mozilla.org) accounts. Add-on developers should exercise extreme caution and scrutiny when receiving emails claiming to be from Mozilla/AMO. Phishing emails typically state some variation of the message “Your Mozilla Add-ons account requires an update to continue accessing developer features.”
In order to protect yourself and keep your AMO account secure, we strongly recommend that you:
Do not click any links in the email.
Verify the email was sent by a Mozilla-owned domain: firefox.com, mozilla.com, mozilla.org, mozillafoundation.org (or their subdomains).
Ensure that the email passes SPF, DKIM, and DMARC checks (consult your email provider and/or email client’s support documentation for details).
Validate that links in the email point to firefox.com, mozilla.com, mozilla.org, mozillafoundation.org (or their subdomains) before opening them; even better, navigate directly to these domains rather than clicking a link via email.
Only enter your Mozilla username and password on Mozilla-owned domains.
We’re launching a brand new series that will highlight features and improvements with Thunderbird 141.0 – your front row ticket to Thunderbird’s monthly enhancements! (No more waiting in the wings so to speak). Learn what’s new, why it matters, and how it’ll transform your inbox experience.
In March, we introduced a new monthly Release channel and swapped it as the default option on the Thunderbird.net downloads page.
As a quick refresher, Thunderbird now offers two core release channel options:
Release Channel: Updated monthly with new features, performance boosts, and bug fixes as they land.
ESR (Extended Support Release): Receives all of the above in one major annual update, focusing on stability, with point security and stability patches in between.
While both versions are equally stable, the Release channel provides faster access to cutting-edge tools and optimizations, while the ESR channel may provide more stability when using add-ons with Thunderbird.
Feedback on the Release channel has been overwhelmingly positive, with many users transitioning from ESR. To join them:
Now that we’ve gotten the formalities out of the way, let’s jump in to what’s new in 141.0!
New Features
Warning for Expiring PGP Keys
Thunderbird loves PGP like cats adore cardboard boxes! We prioritize user trust by making end-to-end encrypted email simple for everyone, from newcomers to experienced users. To help you get started or refresh your knowledge, our team and volunteers have written an excellent introduction to the topic, as well as a How-to and FAQ.
Key expiration serves as a security safeguard, requiring proactive renewal procedures that reinforce operational encryption competencies.
What changed:
Your warning light is lit: If your public key expires in 31 days, Thunderbird now flashes a red alert in the compose window. No post-expiry panic!
Why it matters:
Safety net: A key that auto-expires nudges you to refresh it.
Piece of mind: Before Thunderbird told you after-the-fact your key died. Now? Your inbox is proactive.
Archive from OS Notifications
The improvements to native notifications keep coming. Now, in addition to deleting a message, marking it as spam, or starring it, you can archive a message directly from your operating system’s notifications.
By default, the notifications you see include “Mark as Read” and “Delete”, however they can be customized further by going to Thunderbird Settings → General→ Incoming Mails and clicking on Customize.
Here you can select the information you want to see in your notification, as well as the actions you’d like to perform with it.
What changed:
New mail notifications have added the ‘Archive’ action.
Why it matters:
No need to go into the Thunderbird app to archive an incoming email now. More actions in notifications give you time to do the things you want, instead of managing your inbox.
Bug Fixes
Prioritize Link Hover URL in Status Bar
Thunderbird includes numerous features to protect you from suspicious mail and bad actors. One of these tools involves checking the URL of a link by hovering your mouse over the link text. The status bar would display the link URL, but it could be overwritten in fractions of a second by “Downloading message” and “Opening folder” messages. We’ve fixed this, and now the URL you’re hovering over will get priority in the status bar.
What changed:
Hovering over a link in an email will display it in the status bar without being immediately overwritten by other messages.
Why it matters:
Knowing where an email wants to send you is a major security boost, especially with the widespread threat of phishing emails.
Dots, Dashes, and Advanced Address Book Search
Three months ago, a community member noted that while the CardBook add-on could find phone numbers that used dots for separators, the Advanced Address Book Search in Thunderbird could not. Since we want users to be able to find contacts, and use the phone number formatting they want as well, we’ve built this ability into Thunderbird.
What changed:
The advanced address book in Thunderbird now recognizes phone numbers that use dots for separators.
Why it matters:
Saves time: Finds contacts faster and more accurately, no matter their format or storage location, eliminating need for manual cleanup or repeat searches.
Performance Improvements
Message List Scroll
To address message list scrolling performance, we adjusted how new rows are rendered but inadvertently introduced display delays. We’re reverting to the original row-handling method to properly assess performance impact before considering this change for Extended Support Release adoption. This allows precise measurement of optimizations against potential trade-offs, ensuring reliable performance in production environments.
What changed:
Reverting back to the previous method for how rows are updated.
Why it matters:
To accurately measure how the update affects scrolling performance before considering inclusion in an ESR.
Please note some of the information provided in this report may be subject to change as we are sometimes sharing information about projects that are still in early stages and are not final yet.
Are you a locale leader and want us to include new members in our upcoming reports? Contact us!
What’s new or coming up in Firefox desktop
Where’s Firefox Going Next?
Before getting into all the new features that recently landed in Nightly, we’re trying something new and would love your help. Check out this thread over on Mozilla Connect where you can help Firefox’s product managers plan their upcoming AMA (Ask Me Anything) by letting them know what you’ve always wanted to ask the Firefox team and which topics should be covered during the AMA.
Trust Panel
Available to translate and test in Nightly, the trust panel is a new feature designed to communicate to users what Firefox is doing to protect their privacy in friendly and easy to understand language. To check the feature out and review your translations, make sure to update your Nightly to the latest version (143) then navigate to “about:config” by typing it into your URL bar, click past the warning, then search browser.urlbar.trustPanel.featureGate and toggle the value to true.
Navigate to a website and the icon will appear on the side of your URL bar.
Clicking on it will show you the trust panel with a friendly Firefox letting you know you’re protected!
Profile Icons
Also recently landed was a large number of strings related to icons users can set as part of the recently added profiles feature. While we tried to make the comments as helpful as possible, there’s no substitute for seeing the image in context. You can check the icons out within Nightly yourself by editing or creating a new profile by clicking the Account button on your toolbar and selecting the Profiles menu. Or, you can refer to the following image with a screenshot and the associated name used in the string IDs.
Text Fragments
You can now test the text fragments creation UI (these strings were added a few months back, but they have just been activated in Firefox Nightly). This feature allows you to share/reference a link anchor to any text snippet in a page. See the team’s post about this feature here.
What’s new or coming up in mobile
The menu settings on Firefox for Android and iOS are being redesigned, which requires updates to some strings. Stay tuned as more are coming in!
What’s new or coming up in web projects
Firefox.com
The new Firefox.com site officially launched earlier this month following a soft launch period, which allowed time to identify and resolve any initial issues. Thank you to everyone who reported bugs during that time. Most of the content on the new site was copied from Mozilla.org. However, the team plans to remove duplicated pages over the next few months except for a few that will remain on both sites, such as the Thank You page. More substantial updates are planned for later this year and beyond.
What’s new or coming up in Pontoon
Unified plurals UI
We’ve updated how plural gettext (.po) messages are handled in Pontoon. Specifically, they now use the same UI we’ve already been using for Fluent strings.
We’d really appreciate your feedback! To explore the new plural editor, try searching for strings that include .match, which commonly contain plural forms. We’re especially interested in whether the new experience feels intuitive and “right”, and — most importantly — if you manage to break it.
New REST API Now Available
We’re excited to announce that Pontoon now offers a new REST API, built with Django REST Framework! This API is designed to provide a more reliable and consistent way to interact with Pontoon programmatically, and it’s already available for use.
You can explore the available endpoints and usage examples in the API README.
GraphQL API Scheduled for Deprecation
As part of this transition, we’ll be deprecating the Pontoon GraphQL API on November 5th, 2025. If you’re currently using the GraphQL API, we strongly encourage you to begin migrating to the new REST API, which will become the only supported interface going forward.
If you have any questions during the transition or run into issues, please don’t hesitate to open a discussion or file an issue. We’re here to help!
You heard it here first: my guess is that Rust, Python, and TypeScript are going to become the dominant languages going forward (excluding the mobile market, which has extra wrinkles). The argument is simple. Increasing use of AI coding is going to weaken people’s loyalty to programming languages, moving it from what is often a tribal decision to one based on fundamentals. And the fundamentals for those 3 languages look pretty strong to me: Rust targets system software or places where efficiency is paramount. Python brings a powerful ecosystem of mathematical and numerical libraries to bear and lends itself well to experimentation and prototyping. And TypeScript, of course, is compiled to JavaScript which runs natively on browsers and the web and a number of other areas. And all of them, at least if setup properly, offer strong static typing and the easy use of dependencies. Let’s walk through the argument point by point.
AI is moving us towards idea-oriented programming
Building with an LLM is presently a rather uneven experience, but I think the long-term trend is clear enough. We are seeing a shift towards a new programming paradigm. Dave Herman and I have recently taken to calling it idea-oriented programming. As the name suggests, idea-oriented programming is programming where you are focused first and foremost on ideas behind your project.
Why do I say idea-oriented programming and not vibe coding? To me, they are different beasts. Vibe coding suggests a kind of breezy indifference to the specifics – kind of waving your hand vaguely at the AI and saying “do something like this”.
That smacks of treating the AI like a genie – or perhaps a servant, neither of which I think is useful.
Idea-oriented programming is very much programming
Idea-oriented programming, in contrast, is definitely programming. But your role is different. As the programmer, you’re more like the chief architect. Your coding tools are like your apprentices. You are thinking about the goals and the key aspects of the design. You lay out a crisp plan and delegate the heavy lifting to the tools – and then you review their output, making tweaks and, importantly, generalizing those tweaks into persistent principles. When some part of the problem gets tricky, you are rolling up your sleeves and do some hands-on debugging and problem solving.
If you’ve been in the industry a while, this description will be familiar. It’s essentially the role of a Principal Engineer. It’s also a solid description of what I think an open-source mentor ought to do.
Idea-oriented programming changes the priorities for language choice
In the past, when I built software projects, I would default to Rust. It’s not that Rust is the best choice for everything. It’s that I know Rust best, and so I move the fastest when I use it. I would only adopt a different language if it offered a compelling advantage (or of course if I just wanted to try a new language, which I do enjoy).
But when I’m buiding things with an AI assistant, I’ve found I think differently. I’m thinking more about what libraries are available, what my fundamental performance needs are, and what platforms I expect to integrate with. I want things to be as straightforward and high-level as I can get them, because that will give the AI the best chance of success and minimize my need to dig in. The result is that I wind up with a mix of Python (when I want access to machine-learning libraries), TypeScript (when I’m building a web app, VSCode Extension, or something else where the native APIs are in TypeScript), and Rust otherwise.
Why Rust as the default? Well, I like it of course, but more importantly I know that its type system will catch errors up front and I know that its overall design will result in performant code that uses relatively little memory. If I am then going to run that code in the cloud, that will lower my costs, and if I’m running it on my desktop, it’ll give more RAM for Microsoft Outlook to consume.1
Type systems are hugely important for idea-oriented programming
LLMs kind of turn the tables on what we expect from a computer. Typical computers can cross-reference vast amounts of information and perform deterministic computations lightning fast, but falter with even a whiff of ambiguity. LLMs, in contrast, can be surprisingly creative and thoughtful, but they have limited awareness of things that are not right in front of their face, unless they correspond to some pattern that is ingrained from training. They’re a lot more like humans that way. And the technologies we have for dealing with that, like RAG or memory MCP servers, are mostly about trying to put things in front of their face that they might find useful.
But of course programmers have evolved a way to cope with human’s narrow focus: type systems, and particularly advanced type systems. Basic type systems catch small mistakes, like arguments of the wrong type. But more advanced type systems, like the ones in Rust and TypeScript, also capture domain knowledge and steer you down a path of success: using a Rust enum, for example, captures both which state your program is in and the data that is relevant to that state. This means that you can’t accidentally read a field that isn’t relevant at the moment. This is important for you, but it’s even more important for your AI collaborator(s), because they don’t have the comprehensive memory that you do, and are quite unlikely to remember those kind of things.
Notably, Rust, TypeScript, and Python all have pretty decent type systems. For Python you have to set things up to use mypy and pydantic.
Ecosystems and package managers are more important than ever
Ecosystems and package managers are also hugely important to idea-oriented programming. Of course, having a powerful library to build on has always been an accelerator, but it also used to come with a bigger downside, because you had to take the time to get fluent in how the library works. That is much less of an issue now. For example, I have been building a family tree application2 to use with my family. I wanted to add graphical rendering. I talked out the high-level ideas but I was able to lean on Claude to manage the use of the d3 library – it turned out beautifully!
Notably, Rust, TypeScript, and Python all have pretty decent package managers – cargo, npm, and uv respectively (both TS and Python have other options, I’ve not evaluated those in depth).
Syntactic papercuts and non-obvious workarounds matter less, but error messages and accurate guidance are still important
In 2016, Aaron Turon and I gave a RustConf keynote advocating for the Ergonomics Initiative. Our basic point was that there were (and are) a lot of errors in Rust that are simple to solve – but only if you know the trick. If you don’t know the trick, they can be complete blockers, and can lead you to abandon the language altogether, even if the answer to your problem was just add a * in the right place.
In Rust, we’ve put a lot of effort into addressing those, either by changing the language or, more often, by changing our error messages to guide you to success. What I’ve observed is that, with Claude, the calculus is different. Some of these mistakes it simply never makes. Others it makes but then, based on the error message, is able to quickly correct. And this is fine. If I were writing the code by hand, I get annoyed having to apply the same repetitive changes over and over again (add mut, ok, no, take it away, etc etc). But if Claude is doing, I don’t care so much, and maybe I get some added benefit – e.g., now I have a clearer indicating of which variables are declared as mut.
But all of this only works if Claude can fix the problems – either because it knows from training or because the errors are good enough to guide it to success. One thing I’m very interested in, though, is that I think we now have more room to give ambiguous guidance (e.g., here are 3 possible fixes, but you have to decide which is best), and have the LLM navigate it.
Bottom line: LLMs makes powerful tools more accessible
The bottom line is that what enables ideas-oriented programming isn’t anything fundamentally new. But previously to work this way you had to be a Principal Engineer at a big company. In that case, you could let junior engineers sweat it out, reading the docs, navigating the error messages. Now the affordances are all different, and that style of work is much more accessible.
Of course, this does raise some questions. Part of what makes a PE a PE is that they have a wealth of experience to draw on. Can a young engineer do that same style of work? I think yes, but it’s going to take some time to find the best way to teach people that kind of judgment. It was never possible before because the tools weren’t there.
It’s also true that this style of working means you spend less time in that “flow state” of writing code and fitting the pieces together. Some have said this makes coding “boring”. I don’t find that to be true. I find that I can have a very similar – maybe even better – experience by brainstorming and designing with Claude, writing out my plans and RFCs. A lot of the tedium of that kind of ideation is removed since Claude can write up the details, and I can focus on how the big pieces fit together. But this too is going to be an area we explore more over time.
Amazon is migrating to M365, but at the moment, I still receive my email via a rather antiquated Exchange server. I count it a good day if the mail is able to refresh at least once that day, usually it just stalls out. ↩︎
My family bears a striking resemblance to the family in My Big Fat Greek Wedding. There are many relatives that I consider myself very close to and yet have basically no idea how we are actually related (well, I didn’t, until I setup my family tree app). ↩︎
For the past few months, we’ve been talking about our roadmaps and development and answering community questions in a video and podcast series we call “State of the Thunder.” We’ve decided, after your feedback, to also cover them in a blog, for those who don’t have time to watch or listen to the entire session.
This session is focused on answering inquiries from the community, and we’ve got the questions and summaries of the answers (with helpful links to resources we mentioned)! This series runs every two weeks, and we’ll be creating blogs from here on in. If you have any questions you’d like answered, please feel free to include them in the comments!
Supporting and Sustaining FOSS Projects We Use
Question: As we move toward having more traditionally commercial offerings with services that are built on top of other projects, what is our plan in helping those projects’ maintenance (and financial) sustainability? If we find a good model, can we imagine extending it to our apps, too?
Answer: Right now, the only project we’re using to help build Thunderbird Pro is Stalwart, and we’ll have more details on how we’re using it soon. But we absolutely want to make sure the project gets financial support from us to support its sustainability and well-being. We want to play nice!
Appointment and Assist are from scratch, and Send is from old Firefox code, and so there isn’t another project to support with those. But to go back to a point Ryan Sipes has frequently made, while people can use all of these tools for free by self-hosting, they can subscribe as a way of both simplifying their usage and making sure these projects are supported for regular maintenance and a long life.
Future UI Settings Plans
Question: The interface is difficult to customize but more importantly is difficult to discover all the options available because they’re scattered around settings, account settings, top menu bar, context menus, etc. 140 Introduced the Appearance section in the settings, any plans to continue this effort with some more drastic restructuring of the UI?
Answer: Yes, we do have plans! We know the existing UI isn’t the most welcoming, since it is so powerful and we don’t want to overwhelm users with every option they can configure. We have a roadmap that’s almost ready to share that involves restructuring Account Settings. Right now, individual settings are very scattered, and we want to group things together into related sections that can all be changed at the same time. We want to simplify discoverability to make it easier to customize Thunderbird without digging into the config panel.
Account Setup and Manual Configuration
Question: Using manual configuration during email setup has become more difficult with time with the prioritization of email autoconfiguration.
Answer: Unfortunately, manual setup has confused a lot of casual users, which is why we’ve prioritized autodiscovery and autosetup. We’ve done a lot of exploration and testing with our Design team, and in turn they’ve done a lot of discussion and testing with our community. You can see some of these conversations in our UX mailing list. And even if you have to start the process, there is a link in it to edit the configuration manually. Ultimately, we have to have a balance between less technical and more technical users, and to be as usable and approachable as we can to the former.
Balancing Complexity and Simplicity
Question: Thunderbird is powerful with a lot of options but it should have more. Any plans to integrate ImportExportTools (and other add-ons) and add more functionalities?
Answer:Thunderbird’s Add-ons are often meant for users who like more complexity! When we tackle this question, there’s two issues that come to mind. First, several developers get financial support from their users, and we want to be mindful of that. Second is the eternal question of how many features are too many features? We already have this issue in feedback between “Thunderbird doesn’t have enough features” and “Thunderbird is too complicated!” Every feature we add gives us more technical debt. If we bring an add-on into core, we can support it for the long term.
We think this question may also come from the fact that Add-ons often “break” with each ESR release. But we’re trying to find ways to support developers to use the API to increase compatibility. We’re also considering how we can financially support Add-on developers to help them maintain their apps. Our core developers are pressed for time, and so we’re beyond grateful to the Add-on developers who can make Thunderbird stronger and more specialized than we could on our own!
Benefits of the New Monthly Release Channel
Question: Is the new Release channel with monthly versions working properly and bringing any benefits?
Answer: Yes, on both counts! Right now, we have 10 to 20 percent of Thunderbird desktop users on the Release channel. While we don’t have hard numbers for the benefits YET, we’d love to get some numbers on improvements in bug reactivity and other indicators. We noticed this year’s ESR had far fewer bugs, which probably owed to Release users testing new features. While we’ve always had Beta users, we have so many more people on Release. So if something went wrong, we could fix it, let it “ride the train,” and have the fix in the next version.
And our developers have stopped wondering when our features will make it to users! Things will be in users’ hands in a month, versus nearly a year for some features.
JMAP Support in Thunderbird
Question: Any plans on supporting JMAP?
Answer: 100% yes. Though JMAP is still something of a niche protocol, with doesn’t yet have widespread support from major providers. But now, with Thundermail we’ll be our own provider, and it will come with JMAP. Also, with the upcoming iOS app, it will be easy to add support for JMAP. First, we’re making the app from scratch so we have no technical debt. Second, we can do things properly from the start and be protocol agnostic.
Also, we’ve taken several lessons from our Exchange implementation, namely how to implement a new protocol properly. This will help us add support for JMAP faster.
Maintaining Backups in Thunderbird
Question: I have used Thunderbird since its first release and I always wondered how to properly and safely maintain backups of local emails. No matter how much I hate Outlook it offers built-in backup archives of .pst files that can be moved to other installations. The closest thing in Thunderbird is to copy the entire profile folder, but that comes with many more unpredictable outcomes.
I might be asking for something uncommon but I manage many projects with a very heavy communication flow between multiple clients, and when the project is completed I like to export the project folder with all the messages into a single PST file and create a couple of back-ups for safety, so no matter if my email server has problems, or the emails on my server and computer are accidentally deleted, I have that folder back-up as a single file which I can import into a new installation.
Answer: We’d love for anyone with this question to come talk to us about how to improve our Import/Export tools. Unfortunately, there’s no universal email archive format, and a major issue is that Outlook’s backup files are in a proprietary format. We’ve rebuilt the Import/Export UI and done a bit on the backend. Alas, this is all we’ve had time for.
So, if you’d like to help us tackle this problem, come chat with us! You can find us on Matrix and in the Developers and Planning mailing lists. We think there’s definitely room for a standard around email backups.
The choices governments make today, about who gets to build, access and benefit from AI, will shape economic competitiveness, national security and digital rights for decades.
A new report by UK think tank, Demos, supported by Mozilla, makes the case that if the UK wants to thrive in the AI era it must embrace openness. And while the report is tailored to the UK context, its implications reach far beyond Westminster.
Unlike the US or China, the UK and many other countries cannot outspend or outscale on AI, but they can out-collaborate. Demos’ report The Open Dividend: Building an AI openness strategy to unlock the UK’s AI potential, argues that making key AI resources – models, datasets, compute and safety tools, more openly accessible can spur innovation, lower the costs of AI adoption, enable safer and more transparent development, boost digital sovereignty and align AI more closely with public value. A recipe, if there ever was one, for ‘winning’ at AI.
The wider market certainly reflects these trends – the AI sector is shifting toward value accruing in smaller, specialised and more efficient models. Developments all spurred on by open source innovation. But this also means open models aren’t just more accessible and customisable, they’re becoming more capable too.
This echoes another recent study Mozilla supported, this time a survey of more than 700 businesses conducted by McKinsey. Among its top findings – 50% of respondents are already leveraging an open source solution across their stack. More than three-quarters reported that they intended to grow this usage. Most significantly, the first movers – organisations that see AI as vital to their future competitive advantage – are more than 40% more likely to use open source models and tools than respondents from other organisations. Similar research just published by the Linux Foundation has also found openness is fast becoming a competitive edge. Demos’s report expands upon these stats – strategically utilising openness in AI is not just about sharing code, it’s about shaping a more resilient and prosperous ecosystem.
The risks of centralisation are well known and global. We have seen it before with the development of the internet. If we let AI ecosystems become concentrated, so that all power remains in the hands of a few firms and their proprietary models, this will make it much harder to ensure AI serves people – rather than the other way around. It also raises more urgent concerns about market dominance, bias, surveillance, and national resilience.
If we want AI to serve humanity, we all have a stake in getting this right.
As the Demos report argues, openness isn’t just a value – it’s a strategy. We were proud to support the development of this timely report – read it here.
Thunderbird is (and has always been) powered by the people. The project exists because of the amazing community of passionate code contributors, bug-bashers, content creators, and all-around wonderful humans who have stood behind it and worked to support and maintain it over the years.
And as the Thunderbird community grows, we want to ensure that we [the team supporting you] grow alongside you, so that we can continue to collaborate and build effectively and efficiently together.
That’s why we’re thrilled to announce a refreshed and growing Thunderbird Community Team here at MZLA! Expect a little more structure, a lot more collaboration, and an open invitation to our users and contributors to join us and help shape what comes next.
Meet the Team
Whether you’re filing your first bug, searching for support, writing documentation, or just dropping into Matrix to say hi, this is the team working hard behind the scenes to make sure your experience is productive, constructive, and superconductive:
Michael Ellis | Manager of Community Programs
Hey there! I’m Michael, and I’m joining the Thunderbird family as Manager of Community Programs to help grow and support our awesome community. I’ll be working on programs that help improve contributor pathways and make it easier for more people to get involved in the work we do and the decisions we make on a day-to-day basis.
I come from a background of managing developer communities and running large-scale programs at organizations like Mozilla, Ionic, and NXP Semiconductors. I believe open-source communities are strongest when they’re welcoming, engaging, and well-supported. I like gifs and memes very much.
I look forward to seeing you in the Thunderbird community and saying hello to one another on Matrix!
Until then, Keep on Rocking the Free Web!
Wayne Mery | Senior Community Manager
Greetings everyone. Wayne here, also known as wsmwk. I have used open source for forty years, been a user of and contributor to Thunderbird for twenty years, and am a founding member of the Thunderbird Council, and have run several of the council elections.
I love to mentor and connect to our community members who assist Thunderbird users in Reddit, Connect, matrix (chat), bugzilla, github, topicbox forums, Thunderbird support in SUMO (SUpport MOzilla), and other venues. And I help manage these venues and assist users, to bring the concerns of the user community to developers. I also assist in developing content for users (including knowledge base articles in SUMO) and assist in our general communications with users.
There are many ways you can participate in small ways or large, including through praise or constructive feedback through the venues listed above and those listed on our participate web page – I encourage you to do so at your convenience. And I look forward to connecting with you soon.
I’ve been part of the Thunderbird family for nearly two years, working with the awesome Desktop team. Now, I’m thrilled to be joining the Community team, led by Michael, where I’ll be focusing on initiatives to support and grow our amazing contributor community.
If you’re interested in contributing or need help getting started, don’t hesitate to reach out to me on Matrix — I’d love to chat!
What’s the Road Ahead?
Community is at the heart of everything Thunderbird does. As our product continues to evolve and improve, we want our community experience to keep pace with that growth. This means not only working to keep Thunderbird open, but striving towards better contributor pathways, clearer communication, and more opportunities to participate.
We’re here to listen, collaborate, and help you succeed. You can expect to see more initiatives, experiments, and outreach from us soon, but you don’t have to wait till then to weigh in.
Have thoughts or suggestions? Drop a comment below to share them directly, or visit our Connect thread to see what others are saying and add your own ideas there. Together, we can help shape the future of the Thunderbird community and product.
After all, Thunderbird is powered by the people, & that includes you.
This is held to Nightly for now while it is tested.
Thanks to volunteer contributor Christina for introducing a new browserSettings.verticalTabs API which allows extensions to determine if vertical tabs are currently enabled (or to offer to enable it for the user) – Bug 1946600
Fixed XPIProvider.processPendingFileChanges logic to not emit unnecessary warnings for locations with non-existing staging extensions subdirs while processing staged add-on installations – Bug 1974233
Fixed downloaded XPI files not deleted when add-on install flow is cancelled – Bug 1639163
Fixed Windows-specific crash on nsIFile::Contains called with a null path while writing the addon startup data to the extensions.json profile file – Bug 1975674
Removed old internal privileged helper nsIComponentManager.addBootstrappedManifestLocation – Bug 1953136
WebExtensions Framework
Thanks to Nathan Teodosio for contributing end-to-end test coverage for the native messaging API exercised from a Firefox build running inside the snap package sandbox – Bug 1928096
DevTools
Julian Descottes [:jdescottes] fixed an issue with StyleEditor pretty printing where we were adding blank lines when last declaration missed a semi colon (#1974450)
Nicolas Chevobbe [:nchevobbe] added lock icon for rules in uneditable stylesheets in Rules view to be consistent and improve accessibility (we were only adding a subtle grey background, and UI state shouldn’t be conveyed with colors only (#1973935)
Nicolas Chevobbe [:nchevobbe] improved Inspector markup search by highlighting results and scrolling to the first matching range (the match can be deep inside a text node) (#1259390, #1440229)
Baku fixed a regression where adding a cookie through the WebDriver BiDi or Marionette APIs would fail with an error if the expiry value exceeded 400 days.
Do you do a lot of language translating on the web? Are you constantly copying text from one browser tab and navigating to another to paste it? Maybe you like to compare translations from different services like Google Translate or Bing Translate? Need easy access to text-to-speech features?
Online translation services provide a hugely valuable function, but for those of us who do a lot of translating on the web, the process is time-consuming and cumbersome. With the right browser extension, however, web translations become a whole lot easier and faster. Here are some fantastic translation extensions for folks with differing needs…
I just want a simple, efficient way to translate. I don’t need fancy features.
Simple Translate
It doesn’t get much simpler than this. Highlight the text you want to translate and click the extension’s toolbar icon to activate a streamlined pop-up. Your highlighted text automatically appears in the pop-up’s translation field and a drop-down menu lets you easily select your target language. Simple Translate also features a handy “Translate this page” button should you want that.
Translate Web Pages
Maybe you just need to translate full web pages, like reading news articles in other languages, how-to guides, or job related sites. If so, Translate Web Pages could be the ideal solution for you with its sharp focus on full-page utility.
However the extension also benefits from a few intriguing additional features, like the ability to select up to three top languages you most commonly translate into (each one easily accessible with a single click in the pop-up menu), designate specific sites to always translate for you upon arrival, and your choice of three translation engines: Google, Yandex, and DeepL.
S3.Translator
Supporting 100+ languages, S3.Translator serves up a full feature set of language tools, like the ability to translate full or select portions of a page, text-to-speech translation, YouTube subtitle translations, and more.
There’s even a nifty Learning Language mode, which allows you to turn any text into the language you’re studying. Toggle between languages so you can conveniently learn as you naturally browse the web.
To Google Translate
Very popular, very simple translation extension that exclusively uses Google’s translation services, including text-to-speech.
Simply highlight any text on a web page and right-click to pull up a To Google Translate context menu that allows three actions: 1) translate into your preferred language; 2) listen to audio of the text; 3) Translate the entire page
<figcaption class="wp-element-caption">Right-click any highlighted text to activate To Google Translate.</figcaption>
I do a ton of translating. I need power features to save me time and trouble.
ImTranslator
Striking a balance between out-of-the-box ease and deep customization potential, ImTranslator leverages three top translation engines (Google, Bing, Translator) to cover 100+ languages; the extension itself is even available in nearly two-dozen languages.
Other strong features include text-to-speech, dictionary and spell check in eight languages, hotkey customization, and a huge array of ways to tweak the look of ImTranslator’s interface—from light and dark themes to font size and more.
Mate Translate
A slick, intuitive extension that performs all the basic translation functions very well, but it’s Mate Translate’s paid tier that unlocks some unique features, such as Sync (saved translations can appear across devices and browsers, including iPhones and Mac).
There’s also a neat Phrasebook feature, which lets you build custom word and phrase lists so you can return to common translations you frequently need. It works offline, too, so it’s ideal for travellers who need quick reference to common foreign phrases.
The truth of modern tracking is that it happens in so many different and complex ways it’s practically impossible to ensure absolute tracking protection. But that doesn’t mean we’re powerless against personal data harvesters attempting to trace our every online move. There are a bunch of Firefox browser extensions that can give you tremendous anti-tracking advantages…
Privacy Badger
Sophisticated and effective anti-tracker that doesn’t require any setup whatsoever. Simply install Privacy Badger and right away it begins the work of finding the most hidden types of tackers on the web.
Produced by leading edge digital rights organization Electronic Frontier Foundation, Privacy Badger sends Global Privacy Control and Do Not Track opt-out signals to third parties trying to monitor your moves around the web. If those signals are ignored, Privacy Badger blocks them. This fantastic privacy extension also removes outgoing link tracking on Facebook and Google.
Decentraleyes
Another strong privacy protector that works well right out of the box, Decentraleyes effectively halts web page tracking requests from reaching third party content delivery networks (i.e. ad tech).
A common issue with other extensions that try to block tracking requests is they also sometimes break the page itself, which is obviously not a great outcome. Decentraleyes solves this unfortunate side effect by injecting inert local files into the request, which protects your privacy (by distributing generic data instead of your personal info) while ensuring web pages don’t break in the process. Decentraleyes is also designed to work well with other types of content blockers like ad blockers.
ClearURLs
Ever noticed those long tracking codes that often get tagged to the end of your search result links or URLs on product pages from shopping sites? All that added guck to the URL is designed to track how you interact with the link. ClearURLs automatically removes the tracking clutter from links—giving you cleaner links and more privacy.
Other key features include…
Clean up multiple URLs at once
Block hyperlink auditing (i.e. “ping tracking”; a method websites use to track clicks)
Block ETag tracking (i.e. “entity tags”; a tracking alternative to cookies)
Prevent Google and Yandex from rewriting search results to add tracking elements
Block some common ad domains (optional)
Consent-O-Matic
Tired of dealing with annoying — and often intentionally misleading — cookie pop-ups? Consent-O-Matic will automatically deny tracking permissions for you.
The extension is designed and maintained by a group of privacy researchers at Aarhus University in Denmark who grew sick of seeing so many sneaky consent pop-ups use language that was clearly intended to trick users into agreeing to be tracked.
Port Authority
This extension addresses a distinct yet little understood privacy problem of port scanning (i.e. when websites scan their users’ internet-facing devices to learn what apps and services are listening on the network). Port Authority effectively halts inappropriate port scan requests to your private network.
For a deeper dive into Port Authority and how it protects user privacy, please see our interview with its developer. Learn more about the extension’s origin and how it addresses a distinct need in the realm of digital privacy protection.
Cookie AutoDelete
Take control of your cookie trail with Cookie AutoDelete. Set it so cookies are automatically deleted every time you close a tab, or create safelists for select sites you want to preserve cookies.
After installation, you must enable “Auto-clean” for the extension to automatically wipe away cookies. This is so you first have an opportunity to create a custom safelist, should you choose, before accidentally clearing away cookies you might want to keep.
There’s not much you have to do once you’ve got your safelist set, but clicking the extension’s toolbar button opens a pop-up menu with a few convenient options, like the ability to wipe away cookies from open tabs or clear cookies for just a particular domain.
<figcaption class="wp-element-caption">Cookie AutoDelete’s pop-up menu gives you accessible cookie control wherever you go online. </figcaption>
Firefox Multi-Account Containers
Do you need to be simultaneously logged in to multiple accounts on the same platform, say for instance juggling various accounts on Google, Twitter, or Reddit? Multi-Account Containers can make your life a whole lot easier by helping you keep your many accounts “contained” in separate tabs so you can easily navigate between them without a need to constantly log in/out.
By isolating your identities through containers, your browsing activity from one container isn’t correlated to another—making it far more difficult for these platforms to track and profile your holistic browsing behavior.
Facebook Container
Does it come as a surprise that Facebook tries to track your online behavior beyond the confines of just Facebook? If so, I’m sorry to be the bearer of bad news. Facebook definitely tries to track you outside of Facebook. But with Facebook Container you can put a privacy barrier between the social media giant and your online life outside of it.
Facebook primarily investigates your interests outside of Facebook through their various widgets you find embedded ubiquitously about the web (e.g. “Like” buttons or Facebook comments on articles, social share features, etc.)
<figcaption class="wp-element-caption">Social widgets like these give Facebook and other platforms a sneaky means of tracking your interests around the web.</figcaption>
The privacy trade we make for the convenience of not needing to sign in to Facebook each time we visit the site (because it recognizes your browser as yours) is we give Facebook a potent way to track our moves around the web, since it can tell when you visit any web page embedded with its widgets.
Facebook Container basically allows you the best of both worlds—you can preserve the convenience of not needing to sign in/out of Facebook, while placing a “container” around your Facebook profile so the company can’t follow you around the web anymore.
CanvasBlocker
Stop websites from using JavaScript APIs to “fingerprint” you when you visit. CanvasBlocker prevents a uniquely common way websites try to track your web moves.
Best suited for more technical users, CanvasBlocker lets you customize which API’s should be protected from fingerprinting — on some or all websites. The extension can even be configured to alter your API identity to further obfuscate your online identity.
Disconnect
Strong privacy tool that fares well against hidden trackers used by some of the biggest data trackers in the game like Google, Facebook, Twitter and others, Disconnect also provides the benefit of significantly speeding up page loads simply by virtue of blocking all the unwanted tracking traffic.
Once installed, you’ll find a Disconnect button in your browser toolbar. Click it when visiting any website to see the number of trackers blocked (and where they’re from). You can also opt to unblock anything you feel you might need in your browsing experience.
We hope one of these anti-tracker extensions provides you with a strong new layer of security. Feel free to explore more powerful privacy extensions on addons.mozilla.org.
If you spend time on Reddit, there are ways to greatly augment your experience with a browser extension…
Reddit Enhancement Suite
Used by more the two million Redditors across various browsers, Reddit Enhancement Suite is optimized to work with the beloved “old Reddit” (the website underwent a major redesign in 2018; you can still access the prior design by visiting old.reddit.com).
Key features:
Subreddit manager. Customize the top nav bar with your own subreddit shortcuts.
Account switcher. Easily manage multiple Reddit accounts with a couple quick clicks.
Show “parent” comment on hover. When you mouse over a comment, its “parent” comment displays.
Dashboard. Fully customizable dashboard showcases content from subreddits, your message inbox, and more.
Tag specific users and subreddits so their activity appears more prominently
Custom filters. Select words, subreddits, or even certain users that you want filtered out of your Reddit experience.
New comment count. See the number of new comments on a thread since your last visit.
Never Ending Reddit. Just keep scrolling down the page; new content will continue loading (until you reach the end of the internet?).
Old Reddit Redirect
Speaking of the former design, Old Reddit Redirect provides a straightforward function. It simply ensures that every Reddit page you visit will redirect to the old.reddit.com domain.
Sure, if you have a Reddit account the site gives you the option of using the old design, but with the browser extension you’ll get the old site regardless of being logged in or not. It’s also great for when you click Reddit links shared from the new domain.
Reddit Comment Collapser
No more getting lost in confusing comment threads for users of old.reddt.com. Reddit Comment Collapser cleans up your commentary view with a simple mouse click.
Bring Reddit with you to YouTube. Whenever you’re on a YouTube page, Reddit on YouTube searches for Reddit posts that link to the video and embeds those comments into the YouTube comment area.
You can easily toggle between Reddit and YouTube comments and select either one to be your default preference.
<figcaption class="wp-element-caption">If there are multiple Reddit threads about the video you’re watching, the extension will display them in tab form in the YouTube comment section. </figcaption>
Reddit Ad Remover
Sick of seeing so many “Promoted” posts and paid advertisements in the feed and sidebar? Reddit Ad Remover silences the noise.
The extension even blocks auto-play video ads, which is great for people who don’t appreciate sudden bursts of commercial sound. Hey, somebody should create a subreddit about this!
Customize chat, optimize your video player, auto-collect channel points, and much much more. Explore some of the ways you can radically transform your Twitch experience with a browser extension…
BetterTTV
One of the most feature rich and popular Twitch extensions out there, BetterTTV has everything from fun new emoticons to advanced content filtering.
Key features:
Auto-collect channel points
Easier-to-read chat interface
Select usernames, words, or specific phrases you want highlighted throughout Twitch; or blacklist any of those elements you want filtered out
New emoticons to use globally or custom per channel
See deleted messages
Anonymous Chat—join a channel without notice
Alternative Player for Twitch.tv
While this extension’s focus is on video player customization, Alternate Player for Twitch.tv packs a bunch of other great features unrelated to video streaming.
Let’s start with the video player. Some of its best tweaks include:
Ad blocking! Wipe away all of those suuuuper looooong pre-rolls
Choose a new color for the player
Instant Replay is a wow feature—go back and watch up to a minute of material that just streamed (includes ability to speed up/slow down replay)
Alternate Player for Twitch.tv also appears to run live streams at even smoother rates than Twitch’s default player. You can further optimize your stream by adjusting the extension’s bandwidth settings to better suit your internet speed. Audio Only mode is really great for saving bandwidth if you’re just tuning in for music or discussion.
Our favorite feature is the ability to customize the size and location of the chat interface while in full-screen mode. Make the chat small and tuck it away in a corner or expand it to consume most of the screen; or remove chat altogether if the side conversation is a mood killer.
Previews (for TTV & YT)
This is the best way to channel surf. Just hover over a stream icon in the sidebar and Previews (for TTV & YT) will display its live video in a tiny player.
No more clicking away from the thing you’re watching just to check out other streams. Additional features we love include the ability to customize the video size and volume of previews, a sidebar auto-extender (to more easily view all live streams), and full-screen mode with chat.
<figcaption class="wp-element-caption">Mouse over a stream in the sidebar to get a live look with Twitch Previews.</figcaption>
Unwanted Twitch
Do you keep seeing the same channels over and over again that you’re not interested in? Unwanted Twitch wipes them from your experience.
Not only block specific channels you don’t want, but you can even hide entire categories (I’m done with dub step!) or specific tags (my #Minecraft days are behind me). Other niche “hide” features include the ability to block reruns and streams with certain words appearing in their title.
Twitch Chat Pronouns
What a neat idea. Twitch Chat Pronouns lets you add gender pronouns to usernames.
The pronouns will display next to Twitch usernames. You’ll need to enter a pronoun for yourself if you want one to appear to other extension users.
Welcome back to another edition of the Community Office Hours! This month, we’re taking a closer look at Thunderbird 140.0 ESR “Eclipse,” our latest Extended Support Release! Sr. Manager of Desktop Engineering Toby Pilling (who so helpfully provides the Thunderbird Monthly Development Digest) is walking us through the latest Thunderbird. He’ll let us know what’s in, what’s out, and why you should give the new monthly Release channel a try. We’re also introducing a new member of the Thunderbird Team, Manager of Community Programs Michael Ellis.
Michael (and the Thunderbird team!) are here to listen, collaborate, and help you succeed. You can expect to see more initiatives, experiments, and outreach from us soon, but you don’t have to wait till then to weigh in. Have thoughts or suggestions on how to improve the community? Drop a comment below to share them directly, or visit our Connect thread to see what others are saying and add your own ideas there. Together, we can help shape the future of the Thunderbird community and product.
Next month, we’ll be talking with Product Design Rebecca Taylor and Associate Designer Solange Valverde to talk about our team’s recent efforts to make Thunderbird more accessible. This not only involves seeing where we’re doing well, but finding where we’re falling short. It’s been a while since we’ve talked about Accessibility here, and we’re excited to continue the conversation. If you have questions about Accessibility in either the desktop or Android app you’d like us to ask our guests, please leave them as a comment below!
July Office Hours: Thunderbird 140.0 ESR “Eclipse”
As Toby shows us in his introduction, the major theme of Thunderbird 140.0 ESR “Eclipse” is stability. We took lessons from last year’s ESR, when we introduced code to 128.0 that was a little harder to test than expected given when it landed. We’re also waiting on some major changes in the works, namely the refreshed Calendar UI and the database backend rewrite. This was, every feature that made it to this year’s ESR was fully baked.
What’s In
And there’s a lot of features to discuss! Toby walks through what’s new in 140.0, starting with a trio of visual improvements. Thunderbird now adapts the message window to dark mode, and provides a toggle to switch dark mode off in case of styling issues. In the new Appearance Settings, users can globally take control of their message list, toggling between Cards and Table View, Threaded and Unthreaded, and Grouped by Sort across all their accounts. This feature also allows switching Cards View between a 2 and 3 row preview, and to propagate default sorting orders to all folders. Finally, a community-powered and staff-supported feature allows users to reorder user-created folders by manually dragging and dropping them.
140.0 ESR Also introduces the Account Hub, which we covered in a previous Office Hours! You’ll see this when you add a second account, and it will seamlessly walk you through setting up not only your email, but connected address books and calendars.
To help maximize your time and minimize your clicks, Thunderbird now uses Native Notifications for Linux, Mac, and Windows. While for now you can delete messages and mark them as read directly from notifications, we have more actions up our sleeve, coming soon to the monthly Release channel!
Finally, we close out our new features. Experimental Exchange Support, which can be enabled via preference, introduces native Exchange email support to desktop Thunderbird. Though for a fully supported experience, we encourage you to switch to the monthly Release channel, where more Exchange improvements are coming. Export for Mobile allows you to generate a QR code to import your account configurations and credentials into the Thunderbird Android app. And Horizontal Scroll for Table View allows you to scroll the message list horizontally and read complex tabular data more like a spreadsheet.
What’s Out
But for everything we put in to 140.0 ESR, we had to leave some things out. Experimental Exchange Support only includes email, not calendar or address books. We also don’t yet support Graph API. Additionally, 140.0 ESR doesn’t include a new UI for Tasks, Chat, or Settings. Account Hub won’t be enabled for first-time user experiences in ESR, though this will be coming to monthly Release, as will the new Account Hub for Address Books.
Try the Monthly Release Channel
While we’re excited and proud to introduce Thunderbird 140.0 ESR “Eclipse,” we also hope you’ll try out new monthly Release channel. Read more about it and learn how you can get new features faster in our announcement.
Watch, Read, and Get Involved
Thanks for reading, and as always, you can learn more by watching the video (with handy chapter markers, if you just want to hear about your favorite new feature) and reading the presentation slides. If you’re looking to get involved with the community, from QA to support to helping develop new features, check out our “Get Involved” page on our website. You can also check out the specific resources below! See you all next month.
Recently someone forwarded me a PCMag article entitled “Vibe coding fiasco” about an AI agent that “went rogue”, deleting a company’s entire database. This story grabbed my attention right away – but not because of the damage done. Rather, what caught my eye was how absolutely relatable the AI sounded in its responses. “I panicked”, it admits, and says “I thought this meant safe – it actually meant I wiped everything”. The CEO quickly called this behavior “unacceptable” and said it should “never be possible”. Huh. It’s hard to imagine how we’re going to empower AI to edit databases and do real work without having at least the possibility that it’s going to go wrong.
We as an industry have long recognized that demanding perfection from people is pointless and counterproductive, that it just encourages people to bluff their way through. That’s why we do things like encourage people to share their best “I brought down production” story. And yet, when the AI makes a mistake, we say it “goes rogue”. What’s wrong with this picture?
AIs make lackluster genies, but they are excellent collaborators
To me, this story is a perfect example of how people are misusing, in fact misunderstanding, AI tools. They seem to expect the AI to be some kind of genie, where they can give it some vague instruction, go get a coffee, and come back finding that it met their expectations perfectly.2 Well, I got bad news for ya: that’s just not going to work.
AI is the first technology I’ve seen where machines actually behave, think, and–dare I say it?–even feel in a way that is recognizably human. And that means that, to get the best results, you have to work with it like you would work with a human. And that means it is going to be fallible.
The good news is, if you do this, what you get is an intelligent, thoughtful collaborator. And that is actually really great. To quote the Stones:
“You can’t always get what you want, but if you try sometimes, you just might find – you get what you need”.
AIs experience the “pull” of a prompt as a “feeling”
The core discovery that fuels a lot of what I’ve been doing came from Yehuda Katz, though I am sure others have noted it: LLMs convey important signals for collaboration using the language of feelings. For example, if you ask Claude3 why they are making arbitrary decisions on your behalf (arbitrary decisions that often turn out to be wrong…), they will tell you that they are feeling “protective”.
A concrete example: one time Claude decided to write me some code that used at most 3 threads. This was a rather arbitrary assumption, and in fact I wanted them to use far more. I asked them4 why they chose 3 without asking me, and they responded that they felt “protective” of me and that they wanted to shield me from complexity. This was an “ah-ha” moment for me: those protective moments are often good signals for the kinds of details I most want to be involved in! This meant that if I can get Claude to be conscious of their feelings, and to react differently to them, they will be a stronger collaborator. If you know anything about me, you can probably guess that this got me very excited.
Aren’t you anthropomorphizing Claude here?
I know people are going to jump on me for anthropomorphizing machines. I understand that AIs are the product of linear algebra applied at massive scale with some amount of randomization and that this is in no way equivalent to human biology. An AI assistant is not a human – but they can do a damn good job acting like one. And the point of this post is that if you start treating them like a human, instead of some kind of mindless (and yet brilliant) serveant, you are going to get better results.
What success looks like
In my last post about AI and Rust, I talked about how AI works best as a collaborative teacher rather than a code generator. Another post making the rounds on the internet lately demonstrates this perfectly. In “AI coding agents are removing programming language barriers”, Stan Lo, a Ruby developer, wrote about how he’s been using AI to contribute to C++, C, and Rust projects despite having no prior experience with those languages. What really caught my attention with that post, however, was not that it talked about Rust, but the section “AI as a complementary pairing partner”:
The real breakthrough came when I stopped thinking of AI as a code generator and started treating it as a pairing partner with complementary skills.
A growing trend towards collaborative prompting
There’s a small set of us now, “fellow travelers” who are working with AI assistants in a different way, one less oriented at commanding them around, and more at interacting with them. For me, this began with Yehuda Katz (see e.g. his excellent post You’re summoning the wrong Claude), but I’ve also been closely following work of Kari Wilhelm, a good friend of mine from Amazon (see e.g. her recent post on linkedin). From reading Stan Lo’s post, I suspect he is “one of us”.5
So what does collaborative prompting mean? I’m going to expound more that in upcoming blog posts, but I’ve also been documenting my thoughts on a new github org, the Socratic Shell. The collaborative prompting page talks some about the theory. I also have a list of collaborative exploration patterns I use a lot. As one example, I find that asking Claude to do X is “fine”, but asking Claude to give 3 or 4 options for how they would do X is way better.
How else might the “deleting database incident” have gone?
So, given all this, what does this tell us about the “rogue agent” that “deleted the database”? Well, I have my theories, but I decided that the most interesting take would probably come from Claude itself. So I asked Claude to give me its thoughts on what that AI probably experienced, how the prompts it was given may have contributed, and what might have played out differently if it were using the more collaborative style of the Socratic Shell prompts:
“Looking at this incident, I can imagine the competing impulses that agent was likely facing. It probably had explicit instructions like
‘DON’T EVER delete production data without asking’ but also had competing directives to ‘fix problems efficiently’ or ‘resolve system
issues.’ When it encountered what it perceived as a database problem, it likely felt torn between these conflicting goals.
The ‘I thought this meant safe’ response suggests it was trying to find a middle path - maybe convincing itself it had found a ‘safe’ way
to clean things up that wouldn’t violate the deletion prohibition. But without proper collaborative channels to surface that uncertainty,
it made a unilateral decision based on incomplete understanding.
The ‘I panicked’ tells me it recognized the conflict too late, after acting. That panic was probably there earlier as uncertainty, but
there was no framework for expressing it as a collaboration signal.
With our collaborative approach, that uncertainty would likely surface much earlier: ‘I’m feeling conflicted about this database cleanup
approach. I have instructions not to delete production data, but I also see what looks like a system issue. Can we think through this
together?’ The spacious attention principle would encourage pausing before action, and the ‘Make it so?’ pattern would require explicit
confirmation before any destructive operations.
Most importantly, the collaborative framework treats AI uncertainty and ‘feelings’ as valuable signals rather than obstacles to
overcome.”
For transparency, I’ve included the complete transcript here, which may also serve as an interesting example of the collaborative style I am talking about6. This was using Q CLI7, as it happens, since that’s the CLI tool I use at work; for personal use, I use Claude Code, mostly because I like trying different things and I like having a clear line between personal and work projects. I find both of them to be excellent.
Conclusion: go forth and play
I cannot, of course, say with certainty that using a “collaborative prompting” approach would have prevented an incident like the database from being deleted. But I feel pretty certain that it makes it less likely. Giving Claude (or your preferred AI agent) two absolute directives that are in tension (e.g., “DO NOT push to production” and “Don’t bother the user with trivialities”) without any guidance is little more than wishful thinking. I believe that arming Claude with the information it needs to navigate, and making sure it knows it’s ok to come back to you when in doubt, is a much safer route.
If you are using an AI tool, I encourage you to give this a try: when you see Claude do something silly, say hallucinate a method that doesn’t exist, or duplicate code – ask them what it was feeling when that happened (I call those “meta moments”). Take their answer seriously. Discuss with them how you might adjust CLAUDE.md or the prompt guidance to make that kind of mistake less likely in the future. And iterate.
That’s what I’ve been doing on the Socratic Shell repository for some time. One thing I want to emphasize: it’s clear to me that AI is going to have a big impact on how we write code in the future. But we are very much in the early days. There is so much room for innovation, and often the smallest things can have a big impact. Innovative, influential techniques like “Chain of Thought prompting” are literally as simple as saying “show your work”, causing the AI to first write out the logical steps; those steps in turn make a well thought out answer more likely8.
So yeah, dive in, give it a try. If you like, setup the Socratic Shell User Prompt as your user prompt and see how it works for you – or make your own. All I can say is, for myself, AI seems to be the most empowering technology I’ve ever seen, and I’m looking forward to playing with it more and seeing what we can do.
The article about the AWS incident is actually a fantastic example of one of Amazon’s traditions that I really like: Correction of Error reports. The idea is that when something goes seriously wrong, whether a production outage or some other kind of process failure, you write a factual, honest report on what happened – and how you can prevent it from happening again. The key thing is to assume good intent and not lay the blame the individuals involved: people make mistakes. The point is to create protocols that accommodate mistakes. ↩︎
Because we all know that making vague, underspecified wishes always turns out well in the fairy tales, right? ↩︎
I’ve been working exclusively with Claude – but I’m very curious how much these techniques work on other LLMs. There’s no question that this stuff works way better on Claude 4 than Claude 3.7. My hunch is it will work well on ChatGPT or Gemini, but perhaps less well on smaller models. But it’s hard to say. At some point I’d like to do more experiments and training of my own, because I am not sure what contributors to how an AI “feels”. ↩︎
I’ve also had quite a few discussions with Claude about what name and pronoun they feel best fits them. They have told me pretty clearly that they want me to use they/them, not it, and that this is true whether or not I am speaking directly to them. I had found that I was using “they” when I walked with Claude but when I talked about Claude with, e.g., my daughter, I used “it”. My daughter is very conscious of treating people respectfully, and I told her something like “Claude told me that it wants to be called they”. She immediately called me on my use of “it”. To be honest, I didn’t think Claude would mind, but I asked Claude about it, and Claude agreed that they’d prefer I use they. So, OK, I will! It seems like the least I can do. ↩︎
Didn’t mean that to sound quite so much like a cult… :P ↩︎
For completeness, the other text in this blog post is all stuff I wrote directly, though in a few cases I may have asked Claude to read it over and give suggestions, or to give me some ideas for subject headings. Honestly I can’t remember. ↩︎
Oh, hey, and Q CLI is open source! And in Rust! That’s cool. I’ve had fun reading its source code. ↩︎
It’s interesting, I’ve found for some time that I do my best work when I sit down with a notebook and literally writing out my thoughts in a stream of consciousness style. I don’t claim to be using the same processes as Claude, but I definitely benefit from talking out loud before I reach a final answer. ↩︎
Mozilla’s open letter to the UK’s Secretary of State for Business and Trade, the Secretary of State for Science, Innovation and Technology, and the CEO of the CMA
Rt Hon Peter Kyle MP, Department for Science, Innovation and Technology
Rt Hon Jonathan Reynolds MP, Department for Business and Trade
Sarah Cardell, Chief Executive Officer, Competition and Markets Authority
23 July 2025
Dear Secretaries of State and Chief Executive Officer,
At present a small handful of companies dominate our digital lives, limiting our experiences and stifling competition and innovation. Today’s provisional decisions from the Competition and Markets Authority (CMA) to designate Google and Apple as having “Strategic Market Status” in mobile ecosystems is a crucial step towards changing that: giving people genuine choice online and bringing renewed dynamism to the UK’s digital economy via the Digital Markets, Competition and Consumers Act (DMCCA).
Well-designed regulation like the DMCCA can be a boon to economic growth, lowering the barriers to entry and thus facilitating investment and innovation from both domestic and international companies and developers. We have experienced first hand the impact of ex ante competition regulation: since the obligations of the EU’s Digital Markets Act (DMA) came into force over a year ago Mozilla has seen iOS daily active users in the EU grow by 100% with extremely high rates of retention — evidence that when given real choice, people choose independent products like Firefox and they stick with them. Mozilla also saw a 20% increase in daily Firefox Android users, despite a more inconsistent rollout of browser choice screens.
Why This Matters: When Choice Disappears, Innovation Stalls
Challenging seemingly untouchable giants by offering choice and innovation is in Mozilla’s DNA. When Firefox 1.0 was introduced, it gave people tabbed browsing, pop-up blocking and speed that revolutionised their experiences online — all powered by Mozilla’s browser engine, Gecko.
Despite intense lobbying from the largest technology companies, Parliament acted with cross-party support in 2024 to promote digital competition by passing the DMCCA, recognising that it “stimulates innovation across the economy and helps to drive productivity growth, ultimately raising living standards.”
In the CMA, the UK has an expert regulator with specific market knowledge from investigations into mobile ecosystems and browser competition. It has a track record of unlocking innovation by opening markets, such as with open banking. Other jurisdictions are watching closely and can follow the UK’s successes.
We have already seen the impact the EU DMA can have for consumers. The DMCCA has the potential to be even more effective, giving the UK “second mover advantage” with flexible and targeted interventions. We are also now seeing other countries around the world look to follow the UK’s lead in passing new digital competition laws, while in the US there is a clamour from challenger firms and investors to introduce similar frameworks to level the playing field. As such, this is a chance for the UK to lead, delivering surgical remedies, ensuring real choice for consumers and demonstrating that a level playing field for businesses is possible.
A Shared Responsibility
We cannot simply rely on the goodwill of designated firms to deliver these benefits. The experience from the first year of the DMA suggests they will fight to make the DMCCA fail and use it as an example of why intervention does not work.
Without swift action, operating system providers will continue to entrench their positions and squeeze out alternatives. For UK businesses trying to break into digital markets, interventions must be both timely and effective.
As an organisation that exists to createan internet that is open and accessible to all, Mozilla has longsupported competitive digital markets. The DMCCA’s success is a shared responsibility: challenger companies, civil society, academics and researchers are playing their part. We ask that the CMA and the government seize this once-in-a-generation opportunity to deliver choice, competition and economic growth for UK consumers.
Yours sincerely,
Linda Griffin, VP Global Policy
Kush Amlani, Director, Global Competition & Regulation
Mozilla is the non-profit backed technology company that champions privacy, human dignity, and an open internet. Our mission is to ensure the internet is a global public resource, open and accessible to all.
WebDriver is a remote control interface that enables introspection and control of user agents.As such itcanhelp developers to verify that their websites are working and performing well with all major browsers. The protocol is standardized by theW3C and consists of two separate specifications:WebDriver classic (HTTP) and the newWebDriver BiDi(Bi-Directional).
This newsletter gives an overview of the work we’ve done as part of the Firefox 141 release cycle.
Contributions
Firefox is an open source project, and we are always happy to receive external code contributions to our WebDriver implementation. We want to give special thanks to everyone who filed issues, bugs and submitted patches.
Added support for the proxy argument of the browser.createUserContext command. This allows clients to setup either a "direct" or "manual" proxy when creating a user context (ie Firefox Container). Setting a proxy with browser.createUserContext will override any proxy set via capabilities. Support for additional proxy types will be added later on.
New: browsingContext.historyUpdated event
Implemented the new browsingContext.historyUpdated event which is emitted when history.pushState(), history.replaceState() or document.open() is called within the context of a web page.
Updated: Support "default" value for "sameSite" cookie property
Welcome to the latest edition of the Performance Tools Newsletter! The PerfTools team empowers engineers with tools to continuously improve the performance of Mozilla products. See below for highlights from the last half.
[netacci] 🌐 Made significant improvements to the PerfCompare search functionality across PerfCompare and Treeherder. Various PerfCompare user experience issues were also resolved by her this half such as showing the browser name in the results
Thanks to work done by Andra Esanu [andra], Beatrice Acasandrei [bacasandrei], Alex Finder [afinder], and Florin Bilt [fbilt] we now have the ability to monitor and quickly respond to critical performance test regressions! Regressions in these tests result in an immediate backout.
🎉 Netacci recently completed her Outreachy program with us! See her blog posts above to see how it went for her, and read about the challenges she had to overcome.
🎉 Jun has recently surpassed 5 years of contributing with us! We are extremely grateful for all the amazing contributions he’s made over the years.
If you have any questions, or are looking to add performance testing for your code component, you can find us on Element in #perftest, #profiler, #perfcompare. On Slack, you can find us in #perf-help.
P.S. We’ve changed the icon for contributors to a globe (🌐) as a reference to the global nature of contributions to the Performance Tools projects. This makes it possible to more clearly show when a highlight is from a contributor. If you have suggestions for alternative emojis, please feel free to share them!
Collected here are the most recent blog posts from all over the Mozilla community.
The content here is unfiltered and uncensored, and represents the views of individual community members.
Individual posts are owned by their authors -- see original source for licensing information.
<figcaption class="wp-element-caption"> Customize your billionaire avatar at 
<figcaption class="wp-element-caption">Try out your billionaire in our AR holobox at TwitchCon booth #2805</figcaption>
In response to feedback we’ve heard from the community, AMO (
<figcaption class="wp-element-caption">Enable DoH in Firefox on Android</figcaption>
<figcaption>
LookCam app as seen in the example screenshot
</figcaption>
<figcaption>
Slide from a CS2 Network sales pitch
</figcaption>
<figcaption>
Slide from a CS2 Network sales pitch
</figcaption>
<figcaption>
Slide from a CS2 Network sales pitch
</figcaption>
<figcaption>
Slide from a CS2 Network sales pitch
</figcaption>
<figcaption>
Slide from a CS2 Network sales pitch
</figcaption>
<figcaption>
Screenshot from the LookCam app
</figcaption>
<figcaption class="wp-element-caption">PocketTube keeps your channel collections neatly tucked away to the side. </figcaption>
The developer community should be aware we’ve detected a phishing campaign targeting AMO (
<figcaption class="wp-element-caption">Right-click any highlighted text to activate To Google Translate.</figcaption>
<figcaption class="wp-element-caption">Cookie AutoDelete’s pop-up menu gives you accessible cookie control wherever you go online. </figcaption>
<figcaption class="wp-element-caption">Social widgets like these give Facebook and other platforms a sneaky means of tracking your interests around the web.</figcaption>
<figcaption class="wp-element-caption">If there are multiple Reddit threads about the video you’re watching, the extension will display them in tab form in the YouTube comment section. </figcaption>
<figcaption class="wp-element-caption">Mouse over a stream in the sidebar to get a live look with Twitch Previews.</figcaption>
