today we updated the windows 10 tests machines to version 1803

[jmaher]

I wanted to give everyone a chance to be aware of an upgrade we made today for 
our windows 10 testers.  For the last 1.5 years they have been running on 
version 1703 and as of today we have updated them to be on 1803.  If you are 
curious about what tests had issues, you can see the bugs that depend on:
https://bugzilla.mozilla.org/show_bug.cgi?id=1522900

As a note, this change is for virtual machines only, not hardware workers that 
run performance tests.

If you push to try with an older base revision, there is a chance that many wpt 
and a few reftest/xpcshell/browser-chrome tests will fail.
___
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform

Re: W3C Proposed Recommendation: Web Authentication

[Chris Mills]

As a side note, I will soon start work on updating the Cred Man[0] and Web 
Authn[1] docs on MDN, to tidy them up and make sure they are high quality.

Adam Powers originally did a huge amount of work contributing these docs 
(thanks Adam!), but we really ought to give them a good review.

I may well be in touch with questions soon ;-)

---

Chris Mills
MDN content lead & writers' team manager
MDN Web Docs
Mozilla
@chrisdavidmills

[0] https://developer.mozilla.org/en-US/docs/Web/API/Credential_Management_API 

[1] https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API 
 

> On Feb 8, 2019, at 9:08 PM, J.C. Jones  wrote:
> 
> Out of all multi-factor authentication solutions I know of, Web
> Authentication is our best technical response to the scourge of phishing.
> Tying public-key cryptography into web logins, it dramatically raises the
> bar for phishing: From a simple confusable website and replay attack, to an
> HTTPS network man-in-the-middle. In practice, Web Authentication forces
> adversaries to move to attack account recovery methods, which often have
> stronger controls than a standard login.
> 
> The specification is large
> , with many backward
> compatibility pieces that Firefox is likely to never need to implement. The
> compatibility pieces are useful for providing the installed base of
> existing FIDO or TCG devices a path forward. The core website functions
> aren't so complex; Duo's explainer is very good, at https://webauthn.guide/
> . There's also forward-extensibility, leading toward a password-less future
> built on digital signatures rather than disclosing shared secrets.
> 
> Web Authentication is now supported by Edge, Firefox, and Chrome. Safari
> support is experimental.
> 
> Websites have been slower to pick it up. Major sites I now of: For the
> United States, https://login.gov/ uses it -- so as an example applying for
> the Global Entry traveler program will exercise a Web Authentication
> security key, if you choose. Dropbox
> 
> has also supported Web Authentication since Firefox 60 shipped.
> 
> Most other major properties have indicated they'll support Web
> Authentication sooner or later. Try it out at at https://webauthn.io/,
> https://webauthndemo.appspot.com/, https://demo.yubico.com/webauthn/, or
> even the lowly https://webauthn.bin.coffee/.
> 
> I encourage Mozilla to support advancement of Web Authentication to a
> Recommendation, and its end-goal of a phishing-free future. (Or at least, a
> much-reduced prevalence.  Really, I just wanted to write and imagine
> 'phishing-free.' Can you blame me?)
> 
> Cheers,
> J.C.
> [n.b., I'm an editor on this spec...]
> 
> 
> 
> On Thu, Jan 31, 2019 at 5:58 PM L. David Baron  wrote:
> 
>> A W3C Proposed Recommendation is available for the membership of
>> W3C (including Mozilla) to vote on, before it proceeds to the final
>> stage of being a W3C Recomendation:
>> 
>>  Web Authentication
>>  https://www.w3.org/TR/webauthn/
>>  Deadline for responses: Thursday, February 14, 2019
>> 
>> If there are comments you think Mozilla should send as part of the
>> review, please say so in this thread.  Ideally, such comments should
>> link to github issues filed against the specification.  (I'd note,
>> however, that there have been previous opportunities to make
>> comments, so it's somewhat bad form to bring up fundamental issues
>> for the first time at this stage.)
>> 
>> Given that we implement this specification, one of the editors works
>> for us, and have been supporting this work for a while, I'm assuming
>> we should support this advancement as well...
>> 
>> -David
>> 
>> --
>> 턞   L. David Baron http://dbaron.org/   턂
>> 턢   Mozilla  https://www.mozilla.org/   턂
>> Before I built a wall I'd ask to know
>> What I was walling in or walling out,
>> And to whom I was like to give offense.
>>   - Robert Frost, Mending Wall (1914)
>> ___
>> dev-platform mailing list
>> dev-platform@lists.mozilla.org
>> https://lists.mozilla.org/listinfo/dev-platform
>> 
> ___
> dev-platform mailing list
> dev-platform@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-platform

___
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform

[desktop] Bugs logged by Desktop Release QA in the last 7 days

[Mihai Boldan]

Hello,

Here's the list of new issues found and filed by the Desktop Release QA 
team last two weeks.
Additional details on the team's priorities last week, as well as the 
plans for the current week are available at: http://tinyurl.com/y4lwvgpw

Bugs logged by Desktop Release QA in the last 7 days:

Firefox: Preferences
RESOLVED FIXED - https://bugzil.la/1524995 - Several custom settings for 
browser history remains checked and grayed out after selecting the 
“Always use private browsing mode” option


Firefox: PDF Viewer
NEW - https://bugzil.la/1525944 - PDF - rotated elements selection is 
offset when not in focus


Firefox: Toolbars and Customization
NEW - https://bugzil.la/1526224 - The menu bar options are not aligned 
with the added customize buttons


Firefox: Untriaged
NEW    - https://bugzil.la/1526334 - Avast Online Security extension is 
not added to Firefox during its standard installation


Firefox: General
REOPENED - https://bugzil.la/1526355 - Block autoplay icon disappears 
when changing tabs from the arcticmonkeys website


Core: Localization
NEW - https://bugzil.la/1525231 - [Ubuntu] Dock/Taskbar - The Firefox 
label is displayed in some strange characters for arabic locale


Core: Widget: Gtk
NEW - https://bugzil.la/1525850 - [Ubuntu] Inconsistent hover state 
inside the Tab bar when Title bar is enabled


Core: Panning and Zooming
NEW - https://bugzil.la/1526229 - Bad repainting while scrolling on 
gaming.youtube.com (intermittent)


Toolkit: Downloads API
NEW - https://bugzil.la/1525243 - A paused download starts from the 
beginning when it's resumed


Toolkit: Crash Reporting
NEW - https://bugzil.la/1525293 - The Crash Reporter window is not 
displayed in the dock section or the 'cmd-tab' app list


Toolkit: Add-ons Manager
RESOLVED FIXED - https://bugzil.la/1525569 - The about:addons navigation 
menu is not keyboard navigable


Toolkit: Add-ons Manager
NEW - https://bugzil.la/1525584 - Unnecessary scrollbar is available in 
Themes section from about:addons


Toolkit: Video/Audio Controls
NEW - https://bugzil.la/1526271 - CNN - Video seekbar shows visual glitches

This is available as a Bugzilla bug list as well: 
http://tinyurl.com/y39gjwyh


Regards,
Mihai Boldan
QC Engineer
Softvision

The content of this communication is classified as Softvision 
Confidential and Proprietary Information.


___
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform