> Tails (secure-by-default live operating system): 77k
> Caddy (HTTP/2 web server that uses HTTPS automatically and by default via Let’s Encrypt): 50k
> Mio (asynchronous I/O library written in Rust): 30k
> DNSSEC/DANE Chain Stapling (standardizing and implementing a new TLS extension): 25k
> Godot Engine: (high-performance multi-platform game engine which can deploy to HTML5): 20k
> PeARS (lightweight, distributed web search engine): 15,5k
> NVDA (open source screen reader): 15k
I agree with the highlight given the open source screen reader. Accessibility is very important and unfortunately very neglected, mostly because (IMO) the tools to properly test can be very expensive or incompatible.
It's about software for people with accessibility problems. In NVDA's case (and for computer related accessibility in general), it means vision impaired/blind. From NVDA:
" It reads the text on the screen in a computerised voice. You can control what is read to you by moving the cursor to the relevant area of text with a mouse or the arrows on your keyboard.
NVDA can also convert the text into braille if the computer user owns a device called a “braille display”."
This is really important, although only to a very small set of users. I know someone who has to work with a braille display, and he's stuck on Windows XP since that's the only platform which has a screen reader that fulfils all of his requirements.
I am curious about the mechanics of how the projects will spend this money. I have had quite a bit of professional experience working as a developer within an open source project and I honestly don't know what we would have done had someone showed up with a one time payment of this size.
The dollar amounts are too low to hire a full-time dev. They presumably have insufficient volunteers or they wouldn't need this money. So I am guessing that they will be offering existing volunteers some money to devote more time to the project.
Another alternative would be hiring in some contractor who has no prior relationship with the project but having someone who doesn't know the project come in and implement something before vanishing and leaving everyone else to maintain their stuff is unappealing.
I am a member of one of the projects that got awarded. We desperately are in need of better infrastructure for our development and testing purposes. Also we plan on collaborating face-to-face the coming year and the award definitely takes care of the expense. One of our team members is going to work full time on the project and we will be able to support her for at least a couple of months. We are all so excited! :)
Btw, I am a part of the project PeARS.
Our github account is here: https://github.com/PeARSearch/
We are not yet release ready. We plan on making our first release later this year. Please feel free to hangout at our IRC channel: #pears on Freenode.
We are at a very early stage of development and we have got a lot of work to do. Any kind of contribution would be highly appreciated.
Thanks, very exciting project. I already made another post in this comments section before reading this (I was that excited :P). I see there's plans for a FF-plugin which is great news. My mind is a little blown as I have never really thought about P2P-search as a possibility. Less centralized power over search is a great and important cause (imo).
> The dollar amounts are too low to hire a full-time dev.
It depends. In Germany, I could easily live off a net salary of 800 € or something (where 1 € = 1 $ approximately), so the gross salary would be below 1500 €. Therefore a 20000 € award could keep me covered for at least a year.
Other countries are cheaper, still. Executive summary: Don't spend the money on Bay Area devs. ;)
While that is true, that salary is way inferior to market salaries of programmers in Germany (I don't live there but I assume junior programmers are pay 30k/year at least), so the project won't be able to attract good candidates - but it's good enough to pay intern or part time programmers so it's still something.
While I don't doubt that MoFo can handle this, it can be extremely difficult to productively give money to open source projects.
I've been doing this since the late 90s and I can tell you that the desire to give money almost always has to have a goal attached (More code? More coders? Infrastructure Support?) etc, or you're just going to mess everything up.
Yep, that's a huge problem with "sustainable" OSS: it's wonderful to get a one-time $50k grant but if you expect to spend the next 10 years maintaining a reasonably complex/sized project, that $5k/yr is still minimum wage.
It is a grant, not a salary. Generally grants are expected to be used for a year or two and you then look for another grant. At least, that's how it works in academia. Not many grants yet in open source so this is harder to make work :/
No, but "I donated $10 3 years ago and you guys are SLOW at responding to my queries!" is an incredibly common attitude. Open Source has shown that it's a far superior development methodology, but there is definitely some negativity associated with "expect stuff for free"
For a lot of OSS projects users who have donated feeling entitled would be a good problem to have. There are plenty of users who feel entitled and they don't donate time or money!
At present most of necessary software (OS, browser, office suites, social apps etc.) are free in one form or another, so users get in the habit not to pay for it and expecting additional features they want for free.
Yeah. It's a great library. I use it now, there are some things to clean up cross OS from my experience, but in general it's an excellent multi-os async library.
I'd never heard of PeARS. I was just discussing this very idea with a friend of mine. I'd love to see a decentralized web, but search seems like a really tricky problem in that space. This is a clever solution.
I hope this type of funding continues to grow. A significant number of people getting paid to contribute to public software sounds like some utopia to me.
More people could strive to create projects that actually make the world a better place, instead of another SaaS product to pay the bills. Some (many, all?) open source projects provide exponentially more to the world than was ever invested both monetarily and in donated time. There is not often an obvious gain for investors, though, so the practice of selfless funding remains a privilege to few.
That's awesome news, NVDA and Caddy awarded for contributors work. I hope, in future there will be more companies donating money to attractive open-software projects.
What do security folks think of the DNSSEC/DANE award? This isn't substantiated, but my understanding was that those technologies were considering kind of a joke by the security community.
DNSSEC is considered a joke by a pretty broad chunk of the software security field. It's supported by people involved with the standard and by people who operate DNS infrastructure. Very few other people really understand it. It gets ambient support from a lot of netsec people who assume anything+SEC must be better than anything-SEC.
It's "apply more of the same" compared to the CA system. Cert pinning is different, that part is controlled by the actual cert owner, but only starting on second connection.
Qbix sounds interesting. (I've starred your github repo.)
Perhaps I'm missing something, but how could the Qbix platform help to re-decentralize the web (genuinely asking 'cause I'm curious, not trying to be smart-ass)? Is this a platform that could be used - for one example - to build other platforms such as Gnu Social, etc.?
Exactly. Caddy's the first HTTP server I've felt was truly easy to configure with all the "hosting best practices", and HTTP/2 future-proofing is the cherry on top.
PeARS looks very interesting I had never heard of it before not had I considered P2P web-search to be honest. That is a pretty exciting idea and I'll follow them closely :)
TOR and MOSS are both extremely deserving recipients, but I'd say Mozilla is borderline unethical with their spending.
Of the millions (yes millions) of dollars they've received, little seems to have gone toward Firefox development.
Mozilla received over $121 million in 2010 from corporate sponsors. This is the same Mozilla that placed ADS in their new tab views. Really, they placed Paid Ads on the new tab screen. What were those for again?
I do understand that Mozilla's mission is to improve the web. Donating to these causes certainly helps with that. But I'm still troubled that they put ads (with aggregate user tracking) into their core product.
It's funny how Mozilla is held to such high and dare I say impossible standards, whereas all other popular corporations are not. Apparently developing an open source browser that made history and giving it away for free is not enough.
It's as if developers, hardware and location costs a lot of money and Mozilla is looking for ways to find a reliable revenue stream, because you really can't survive for long on donations at their scale.
Out of curiosity, have you ever donated money to Mozilla and if so how much?
Yes, I saw those ads. Nothing terrible and they were not sending my browsing history to some server or whatever. I don't get why you're so upset about it. Like, you're so upset that you created a new account to say it. Now that says something.
No, we've reached a point where the browser developer placing ads is called unethical. It's a very, very strong signal that 1) you don't own this piece of your computer 2) our interests do not align with yours.
And that is a scary proposition for auto-updated remote software. At least with websites theres the illusion of separation.
It was very, very, easy to turn the ads off -- there was an explicit option for it. Given that you didn't have to go out of your way to do that, (1) is false.
Ads evolve and their fitness function is the effect they have on people. An inconspicuous ad is an ineffective ad (unless you count subliminal advertising which is both ineffective and illegal)
Developing high-quality software, which runs on as many devices and is compatible with as much content as Firefox is is a hell of a lot of work. And Mozilla isn't just working on Firefox; there's Thunderbird, though that's in the process of being spun off, Firefox OS (also in the process of pivoting), Mozilla Research (Rust, Servo, Emscripten, asm.js, and more). There are continuous integration systems to test all of this against dozens of combinations of platforms and versions, and huge numbers of tests on each (https://treeherder.mozilla.org/, http://buildbot.rust-lang.org/waterfall, http://build.servo.org/console), all of which needs to be maintained and triaged. There's standards work, to negotiate new standards in standards bodies with users, other browser vendors, and the like. There's advocacy work, of times when you find bugs that are simply due to broken websites that happen to be relying on other browser's bugs, to reach out to developers and try to get them to change in a more compatible or standards compliant manner.
$385,000 is, what, the yearly salary, benefits, and overhead of maybe two full time engineers in SFO? Complaining about $385,000 given to deserving projects, given the amount of investment and energy Mozilla is actually putting into Firefox and other substantial, valuable projects, is a bit of a stretch.
Are there really around 600 people all working on Firefox? If so, why in bloody hell has it taken them so long to make it multi-process? There wasn't even a 64 bit [Windows] version until relatively recently... what the fuck are they doing?
Building a modern browser takes a large team. For example, there is a team on each of the following:
* Layout (HTML, CSS)
* JavaScript
* Graphics: HTML, 2D canvas, 3D WebGL
* Platform integration (windows, os x, gtk, etc.)
* Audio
* New web APIs
* Security
* QA
* Release engineering
* Testing
* Optimization / low-level tooling
* And others I can't think of right now.
All major browsers have teams of hundreds of people or more. The other browsers than Firefox probably have larger ones, in fact, since their budgets are much larger (for example, just Chrome's ad budget was larger than Firefox's entire budget for everything).
As for why multi-process took a while, it was working several years ago already and shipped in mobile firefox, but the hard part for desktop specifically was addons. That took several years, since it's both a technical issue and an ecosystem issue.
e10s (multiprocess) is currently rolling out. It's probably the biggest single architectural change in the browser's history and requires coordination with huge numbers of extension authors. Lots of people have put a lot of work into this project; it's not like you can just flick a magic multiprocess switch on a giant application like Firefox.
I really wish they would have made parallel releases of GTK2 and GTK3 versions for Linux. I am basically stuck on ESR as getting GTK3 going is not an option, and ESR is unlikely to see e10s.
Note that this is with over 13 million lines of code, that in the long past used to be the Netscape browser. I can't imagine adding multiprocess support to such a codebase being very easy, even with significant modernisation of the code.
There's over 1000 employees working at Mozilla Corp. Bear in mind that, beyond the basic backoffice services of running a company, they have the following on their plate:
Do you have a source on that?
To my knowledge, the ads were specifically designed with all clients downloading all possible ad-tiles and then locally deciding what to show, so that no user tracking was possible, from neither Mozilla, nor the 3rd-party advertisers.
Feature with hundreds of requests gets shunned away. And things that people heavily opposes gets in just to be like chrome.
All the last features on firefox were corporate driven. Bookmark system by pocket. Video chat by Telefonica. Sync goals was probably to make their ad share revenue grow as now you are a logged in user. etc etc etc
Their most well paid dev is a javascript advocate!
Chrome gives you much less control of the web, but everyone uses not because it is fast, but because firefox is getting behind on everything. While the owners arguee about UI changes instead of doing what was successful in the past: put the patch someone already provided as an option and release!
the only interesting thing coming out mozilla nowadays that can change the world is fennec. the mobile version. But last builds on android cannot be completed without google proprietary apis anymore. and usability is crap now that they are trying to "fix" image viewing, which mind you, wasn't broken, it was just different than chrome.
> the only interesting thing coming out mozilla nowadays that can change the world is fennec.
A couple other interesting things they're working on: Servo[0] is a browser engine written from the ground up to take better advantage of multi-core computers. Rust[1] is a programming language that was originally created to help Servo achieve its goal of building a fast, concurrent, but secure browser, and has grown into a very interesting project in its own right.
> Sync goals was probably to make their ad share revenue grow as now you are a logged in user.
No, it was in response to user feedback. The portion of the userbase that wanted it to just work like a traditional account system was greater than the portion that wanted to mess around with syncing codes. I don't know where you got the idea that this change had anything to do with ads.
> Really, they placed Paid Ads on the new tab screen
You're also forgetting when they changed default search providers to Yahoo! for big money (even though practically nobody wants Yahoo! as a search engine anymore).
If it was really some noble cause to respect user's privacy, or to make a statement about such, they would have chosen DuckDuckGo or similar. Not Yahoo!...
Think of it whatever you want - I for example would have also preferred DuckDuckGo as the default - but presumably, Mozilla can utilize money to do good. Therefore, it's perfectly possible that they figured they could do more good with the money from the Yahoo!-deal than they would have done by instead making DuckDuckGo the default.
Can I ask why my previous comment was flagged, and therefore became invisible? It wasn't off topic -- it concerned a project from the previous round of Mozilla Awards.
Or why the fudge I got -5 votes for pointing out that they failed to remove the word "slave"?
As pointed out by OP, Mozilla gave thousands and thousands of dollars to a release engineering project `remove the term “slave” from all documentation` [1]
cool that they are awarding funds, but giving tor this kind of money, it being a spy/insurgent/criminal tool and after all the scandals it is involved in, is not great. tails is, of course, another such spy tool. it gives the impression mozilla is mostly concerned with undermining state/rule of law/formenting political instability. i think they might contribute more to projects that benefit everyday digital citizens rather than activists. I like Caddy, Pears, godot and NVDA though.
? Tor is freely available to any one. Tor browser is so simple my mother uses it. At this point I don't understand why people would do a websearch for something they would not discuss in public without using Tor.
Some sort of super private browsing mode would be nice. I'm not sure I trust Mozilla to get that right though. Their main priority is pushing the Web forward (and keeping up with chrome). Privacy is difficult and conflicts with functionality in some cases e.g. webrtc, javascript, window size etc. The current solution where Mozilla have an lts release that the tor project can use as a base seems quite a good compromise.
i was referring to tor. you probably know about the drug markets and more importantly the abuse case. If you read it again i'm merely saying Tails is another spy tool. i am not saying it is involved in any scandals.
Thanks though I don't know why none of the threads in the crash report have any stack traces. Unfortunately this doesn't look actionable. I'll have to ask someone to take another look.
To hazard a guess, because they use it quite a bit for their websites. But there's a million projects they could have donated to... Django is just one of many.
> Tor: 152k
> Tails (secure-by-default live operating system): 77k
> Caddy (HTTP/2 web server that uses HTTPS automatically and by default via Let’s Encrypt): 50k
> Mio (asynchronous I/O library written in Rust): 30k
> DNSSEC/DANE Chain Stapling (standardizing and implementing a new TLS extension): 25k
> Godot Engine: (high-performance multi-platform game engine which can deploy to HTML5): 20k
> PeARS (lightweight, distributed web search engine): 15,5k
> NVDA (open source screen reader): 15k
I agree with the highlight given the open source screen reader. Accessibility is very important and unfortunately very neglected, mostly because (IMO) the tools to properly test can be very expensive or incompatible.