Add-on Compatibility for Firefox 37

Jorge Villalobos

6

Firefox 37 will be released on March 31st. Here’s the list of changes that went into this version that can affect add-on compatibility. There is more information available in Firefox 37 for Developers, so you should also give it a look.

General

XPCOM

New!

Please let me know in the comments if there’s anything missing or incorrect on these lists. If your add-on breaks on Firefox 37, I’d like to know.

The automatic compatibility validation and upgrade for add-ons on AMO will probably happen in mid-March, so keep an eye on your email if you have an add-on listed on our site with its compatibility set to Firefox 36.

Changes in Active User Counts on AMO

Jorge Villalobos

5

Add-on developers might have noticed a recent reduction in their active daily users counts on AMO. This was due to large gaps in the daily stats where the daily user count for various days was 0. It’s a problem we encounter with some frequency, so this time around the AMO devs did some deeper investigation into the matter.

Some malformed update pings were causing the log parsing to fail, leading to the empty stats days. The agreed solution was to perform stricter validation on the data before it is processed. This means that some daily usage stats will be slightly lower than before. We’re only filtering out data that we believe is malformed, so it should be a negligible amount for all add-on stats.

The fix was pushed live yesterday, and the missing data has already been backfilled. So, all stats should be back to normal now. Please check your add-on stats on AMO and let us know if you notice anything strange.

Introducing Extension Signing: A Safer Add-on Experience

Jorge Villalobos

364

This year will bring big changes for add-on development, changes that we believe are essential to safety and performance, but will require most add-ons to be updated to support them. I’ll start with extension signing, which will ship earlier, and cover other changes in an upcoming post.

The Mozilla add-ons platform has traditionally been very open to developers. Not only are extensions capable of changing Firefox in radical and innovative ways, but developers are entirely free to distribute them on their own sites, not necessarily through AMO, Mozilla’s add-ons site. This gives developers great power and flexibility, but it also gives bad actors too much freedom to take advantage of our users.

Extensions that change the homepage and search settings without user consent have become very common, just like extensions that inject advertisements into Web pages or even inject malicious scripts into social media sites. To combat this, we created a set of add-on guidelines all add-on makers must follow, and we have been enforcing them via blocklisting (remote disabling of misbehaving extensions). However, extensions that violate these guidelines are distributed almost exclusively outside of AMO and tracking them all down has become increasingly impractical. Furthermore, malicious developers have devised ways to make their extensions harder to discover and harder to blocklist, making our jobs more difficult.

We’re responsible for our add-ons ecosystem and we can’t sit idle as our users suffer due to bad add-ons. An easy solution would be to force all developers to distribute their extensions through AMO, like what Google does for Chrome extensions. However, we believe that forcing all installs through our distribution channel is an unnecessary constraint. To keep this balance, we have come up with extension signing, which will give us better oversight on the add-ons ecosystem while not forcing AMO to be the only add-on distribution channel.

Here’s how it will work:

  • Extensions that are submitted for hosting on AMO and pass review will be automatically signed. We will also automatically sign the latest reviewed version of all currently listed extensions.
  • Extension files that aren’t hosted on AMO will have to be submitted to AMO for signing. Developers will need to create accounts and a listing for their extension, which will not be public. These files will go through an automated review process and sent back signed if all checks pass. If an add-on doesn’t pass the automated tests, the developer will have the option to request the add-on to be manually checked by our review team. A full review option will also be available for non-AMO add-ons, explained further ahead.
  • For extensions that will never be publicly distributed and will never leave an internal network, there will be a third option. We’ll have more details available on this in the near future.
  • There will be a transition period of two release cycles (12 weeks total) during which unsigned extensions will only generate a warning in Firefox.
  • After the transition period, it will not be possible to install unsigned extensions in Release or Beta versions of Firefox. There won’t be any preferences or command line options to disable this.
  • Installation of unsigned extensions will still be possible on Nightly and Developer Edition, as well as special, unbranded builds of Release and Beta that will be available mainly for developers testing their extensions.

All Firefox extensions are affected by this change, including extensions built with the Add-ons SDK. Other add-on types like themes and dictionaries will not require signing and continue to install and work normally. Signature verification will be limited to Firefox, and there are no plans to implement this in Thunderbird or SeaMonkey at the moment.

What this means for developers

For developers hosting their add-ons on AMO, this means that they will have to either test on Developer Edition, Nightly, or one of the unbranded builds. The rest of the submission and review process will remain unchanged, except that extensions will be automatically signed once they pass review.

For other developers, this is a larger change. For testing development versions, they’ll have the same options available as AMO add-on developers. For release versions, however, we’re introducing the required step of uploading the extension file to AMO for signing. For most cases, this step will be automatic, but in cases where the extension doesn’t pass these tests, there will be the option to request a manual code review.

In the case of developers who want their extensions to be side loaded (installed via an application installer rather than using the usual Web install method) the review bar will be higher, equal to fully reviewed add-ons on AMO (with the exception of AMO content restrictions). This is a convenient installation avenue for software that comes bundled with an extension, for example an antivirus application that includes a Firefox extension that interacts with it.

One important improvement that signing brings about is that the extension install experience will be renewed and improved. Extensions that meet the full review standard will have a smoother and friendlier install experience, regardless of where they’re hosted. Here’s an early mockup of how this will work:

Installation flowThe plan is to have this system working, at least in the transition stage, in Q2 this year. So, we will probably introduce extension signing warnings on Firefox 39.

Discussion

We welcome comments on this post, but if you want to debate the merits of this plan, please do so in the add-ons user experience list. That’s where the people driving the project will read and respond to your concerns.

Add-ons Update – Week of 2015/02/04

Jorge Villalobos

3

I post these updates every 3 weeks to inform add-on developers about the status of the review queues, add-on compatibility, and other happenings in the add-ons world.

The Review Queues

  • Most nominations for full review are taking less than 6 weeks to review.
  • 46 nominations in the queue awaiting review.
  • Most updates are being reviewed within 2 weeks.
  • 22 updates in the queue awaiting review.
  • Most preliminary reviews are being reviewed within 6 weeks.
  • 44 preliminary review submissions in the queue awaiting review.

Thanks to our volunteer reviewers, most new submissions are being handled within a day or so (the measurements above are based on the state of the queue and not the actual waiting times). We still have a large backlog of complex add-ons that require admin review, but we’re making progress in decreasing it.

If you’re an add-on developer and would like to see add-ons reviewed faster, please consider joining us. Add-on reviewers get invited to Mozilla events and earn cool gear with their work. Visit our wiki page for more information.

Firefox 36 Compatibility

The Firefox 36 compatibility blog post is up. The automatic AMO validation will be run next week.

As always, we recommend that you test your add-ons on Beta and Firefox Developer Edition (formerly known as Aurora) to make sure that they continue to work correctly. End users can install the Add-on Compatibility Reporter to identify and report any add-ons that aren’t working anymore.

Electrolysis

Electrolysis, also known as e10s, is the next major compatibility change coming to Firefox. In a nutshell, Firefox will run on multiple processes now, running each content tab in a different one. This should improve responsiveness and overall stability, but it also means many add-ons will need to be updated to support this.

We will be talking more about these changes in this blog in the near future. For now we recommend you start looking at the available documentation. If you want to help us test add-ons on e10s, please visit http://arewee10syet.com/.

February Featured Add-ons

Amy Tsay

6

Pick of the Month: ZenMate Security & Privacy VPN

by ZenMate

Unblock the web and change your IP with 5 locations across the globe. ZenMate secures your browsing with encryption—protecting you from hackers, snoopers and data thieves who prey on unsecure connections.

“ZenMate is the best in its category. One click and the user is on/off the VPN channel, another click or two and the user chooses the country. Fast, reliable, easy to use.”

Also Featured

Self-Destructing Cookies by Ove

Fix the web. Gets rid of a site’s cookies and LocalStorage as soon as you close its tabs. Protects against trackers and zombie-cookies. Trustworthy services can be whitelisted.

YouTube Control Center by InBasic

YouTube Control Center is an open-source project that aims to enhance the overall YouTube experience by providing the end user with more control in what the playback process is concerned.

Torrent Tornado by Oleksandr

A Torrent Client for Firefox and SeaMonkey, runs everywhere, created in pure JavaScript without binary software.

AutoProxy by lovelywcm

Are you concerned about your privacy? Or, are you blocked from some websites by a firewall? And, are you arming yourself with a proxy? In that case, AutoProxy is designed for you! A tool to help you use your proxy automatically & efficiently.

Nominate your favorite add-ons

Featured add-ons are selected by a community board made up of add-on developers, users, and fans. Board members change every six months, so there’s always an opportunity to participate. Please follow this blog to find out when we are selecting a new board.

If you’d like to nominate an add-on for featuring, please send it to amo-featured@mozilla.org for the board’s consideration. We welcome you to submit your own add-on.

Friend of Marketplace & AMO: Swarnava Sengupta

Amy Tsay

Screenshot 2015-02-02 14.05.41Congratulations to our newest Friend of Marketplace, Swarnava Sengupta! Swarnava has been a Mozillian for three years, contributing to SUMO, QA, Marketing, Webmaker, as well as serving his fourth stint on the Featured Add-ons Board.

In January, Swarnava was our boots on the ground in India, helping to troubleshoot hard-to-duplicate issues with our most popular app, ConnectA2. This was a huge help not only to the developer, but to the many users of the app.

“I’m passionate about technology, I like the idea behind open source software and I was thinking about starting contributing to an open source project. Mozilla was the obvious choice, I knew it was one of the biggest open-source software projects and that it was very community-driven. I’m very excited about it especially having the chance to work with the various teams.”

Thanks to Swarnava for all his contributions!

We also wanted to recognize the top app reviewer last month, Viswaprasath, and top add-on reviewer, Teo. Together, they performed over 1,000 reviews!

The new contribution wiki for February is now available. Please be sure to report your contributions there, or even do it for another awesome contributor. There is a new guided project for the month, so feel free to work on it or add a project you’d like help on.

Recent AMO Milestones

Amy Tsay

7

Screenshot 2015-01-28 11.14.23

4 Billion Add-ons Downloaded

AMO recently surpassed 4 billion add-on downloads (4,068,542,664 as of this writing), a huge milestone and a big win for customization.

There are 18,000 add-ons available, the most popular of which has over 20 million users. To give your Firefox a fresh look, you can choose from a library of over 369,000 themes. MaDonna, the most prolific theme designer, has created over 11,000 themes!

10 Years of the AMO Reviewer Community

The AMO reviewers community turned 10 years old a couple of months ago, and we haven’t had a chance to show you the special-edition t-shirts we’re making to celebrate the milestone.

FFx10th_AMO_Tshirt_1

Current AMO reviewers were invited to reserve one for themselves, and we expect them to be ready for shipping in a week or two. If you’re an add-on developer interested in joining this community of volunteers, please visit https://wiki.mozilla.org/Marketplace/Reviewers/Addons

Whether you’re a developer, designer, reviewer, or user, thank you for keeping Firefox the most extensible browser available!

Add-ons Update – Week of 2015/01/14

Jorge Villalobos

6

I post these updates every 3 weeks to inform add-on developers about the status of the review queues, add-on compatibility, and other happenings in the add-ons world.

The Review Queues

  • Most nominations for full review are taking less than 9 weeks to review.
  • 34 nominations in the queue awaiting review.
  • Most updates are being reviewed within 6 weeks.
  • 18 updates in the queue awaiting review.
  • Most preliminary reviews are being reviewed within 6 weeks.
  • 24 preliminary review submissions in the queue awaiting review.

Thanks to our volunteer reviewers, most new submissions are being handled within a day or so (the measurements above are based on the state of the queue and not the actual waiting times). We still have a large backlog of complex add-ons that require admin review, but we’re making progress in decreasing it.

If you’re an add-on developer and would like to see add-ons reviewed faster, please consider joining us. Add-on reviewers get invited to Mozilla events and earn cool gear with their work. Visit our wiki page for more information.

Firefox 36 Compatibility

The Firefox 36 compatibility blog post is up. The automatic AMO validation will be run in the coming weeks.

As always, we recommend that you test your add-ons on Beta and Firefox Developer Edition (formerly known as Aurora) to make sure that they continue to work correctly. End users can install the Add-on Compatibility Reporter to identify and report any add-ons that aren’t working anymore.

Electrolysis

Electrolysis, also known as e10s, is the next major compatibility change coming to Firefox. In a nutshell, Firefox will run on multiple processes now, running each content tab in a different one. This should improve responsiveness and overall stability, but it also means many add-ons will need to be updated to support this.

We will be talking more about these changes in this blog in the near future. For now we recommend you start looking at the available documentation.

Add-on Compatibility for Firefox 36

Jorge Villalobos

8

Firefox 36 will be released on February 24th. Here’s the list of changes that went into this version that can affect add-on compatibility. There is more information available in Firefox 36 for Developers, so you should also give it a look.

General

XPCOM

 Wrappers

There are a number of wrappers that are applied whenever chrome JS objects interact with content JS objects. They are meant to protect privileged code from malicious or otherwise misbehaving content code. The following bugs removed some features in wrappers that could lead to unexpected problems in your chrome/content code. However, you should keep in mind that Multiprocess Firefox is coming, and that means you should be changing your code anyway (some wrappers are still involved, but they should be rare).

Please let me know in the comments if there’s anything missing or incorrect on these lists. If your add-on breaks on Firefox 36, I’d like to know.

The automatic compatibility validation and upgrade for add-ons on AMO will happen within a week or two, so keep an eye on your email if you have an add-on listed on our site with its compatibility set to Firefox 35.

Jetpack in 2014

Jeff Griffiths

2

It has been a while since there has been a Jetpack-related post on this blog; 2014 has been a pretty busy year with several major Jetpack-related milestones completed in the last year or so and we wanted to post a summary of everything we’ve shipped this year.

Moving the SDK docs to MDN

The MDN migration was actually started late in 2013 but it was an important move so I wanted to call it out. For a long time the SDK docs were maintained in Github as markdown files and then hosted on addons.mozilla.org. This system had some downsides that moving to MDN solved:

  1. we could not update the docs easily
  2. the path to contributing to the docs was a long and winding road: submit a pull request to Github, then wait for the next Firefox release for the static docs to be updated.

A little over a year ago Will Bamberg, Erik Vold and myself spent an entire day importing the bulk of the existing docs into MDN, with Will doing the lion’s share of the work and cleanup. Since then we’ve been able to update the SDK’s documentation easily, quickly and without having to bug Mozilla IT folks. We’ve gotten documentation contribution from the community as well – the SDK landing page alone has eleven contributors.

Australis UI

Firefox 29 shipped last April with an all-new visual design, and along with it came that single largest addition of new apis to the Add-on SDK. Working with Firefox design guru Stephen Shorlander, the Jetpack team created modern, sensible, easy to use apis for toolbar buttons, toolbars and sidebars. Thanks in particular to Matteo Feretti, Erik Vold and Irakli Gozalishvili for their hard work.

Add-on Debugger

The add-on debugger started out life as a project by Jetpack intern Mike Hordecki (presentation here) and eventually shipped in Firefox 31. Thanks to Mike and also additional help from Jordan Santell, Eddy Bruel, Dave Townsend amd Panos Astithas. The Add-on Debugger greatly simplifies Javascript debugging for anyone developing restartless add-ons whether they use the Add-on SDK or not, providing the same great experience as the regular devtools debugger.

Multiprocess ( ‘e10s’ ) support

In 2014 we were very fortunate to have Tomislav Jovanovic’s Google Summer of Code project approved. Tomislav ( aka ‘zombie’ ) did an amazing job of coordinating between the Jetpack and e10s teams to fix, well, basically all of our issues with this final multiprocess project. We could not have done it without him, I suspect.

JPM & ‘Native Jetpacks’

Or, ‘cfx is dead – long live jpm and npm!’

When the Jetpack team gathered as part of a Developer Tools team offsite in Paris in late 2013, we decided to tackle two key related issues:

  1. Third party modules should be as easy to publish and consume as they are with Node.js, leveraging npm.
  2. packaging and testing add-ons should be much simpler, borrowing from the workflow currently enjoyed by either node.js developers, or chrome extension developers.

The Python-based cfx tool created during the second age of Jetpack has long been the source of problems. It is complex in part because it was created in a time prior to the inclusion of the SDK in Firefox, and this complexity made it difficult to make changes to. As well, a persistent series of issues were reported against cfx due to problematic windows support.

We decided to start over and create a new tool for packaging and testing extensions from the command-line, as well as a new and more streamlined way of reloading and iterating on extensions in Firefox.

JPM & AMO compatibility

If you intend to publish your add-on on AMO and submit it for full review, we do not recommend using jpm until Firefox 37 hits the release channel – this is due to important changes in how jpm-based add-ons bootstrap themselves. In the meantime, we are prioritizing a few issues that cause problems for developers using the cfx tool provided with SDK 1.17 and jpm at the same time.

The Devtools SDK

The Devtools SDK project has been a major focus of work over the last 6-9 months, with lots of great work from Irakli Gozalishvili, Luca Greco and Jan Odvarko. With a mind to encouraging the kind of generativity we originally saw in the Firebug extension ecosystem, we’ve built new tool pane and theming apis that already form the basis for powerful extensions like Firebug 3 and Ember Inspector. Upcoming enhancements include a simple and devtools-friendly context menu api and an api called ‘Object Printers’ that allows developers to provide custom object representations in the tools.

Perhaps one of the biggest pieces of this effort is something we call ‘Director’ that will allow devtools extensions to transparently connect to any web pages or apps that the Firefox Developer Tools can connect to. This is a key capability – any tool that the community creates to support 3rd party web frameworks will automatically be a first class citizen, and will enjoy the same remote debugging capabilities the built-in tools do.

Deprecations

In 2014 we decided to deprecate three top-level modules:

  1. Widget has long been the source of many terrible bugs, and we found that usage was mainly limited to use cases now covered by the button apis introduced in Firefox 29. We’re removing the api in this bug.
  2. Addon Page’s main utility was to create a page like about:addons that had no top toolbar. This went away when we switched to Australis and the toolbar was made a requirement for any tab. This was removed for Firefox 35 in bug 1072081
  3. Context Menu barely survived the e10s project, thanks to the heroic efforts of Dave Townsend. It is however deprecated and once the new ‘context menu 2′ api rides the train into Firefox release channel we will set a definite timeline for removal.