訂閱

上次更新

July 12, 2020 10:00 AM

所有時間皆為協調世界時(UTC)。

Powered By

Planet

摩茲星球 | MozTW Planet

這邊是工作人員碎碎念的地方,您可獲得最新出爐的資訊以及最不成形的想法 :P

July 09, 2020

Mozilla 外電聯播

工作又想要追劇?

Firefox 子母畫面讓你同時一起看!

教學影片、烹飪示範、新聞直播⋯⋯最新的 Firefox「子母畫面」功能(Picture-in-Picture mode),讓你可以從網頁中「彈出」任何影片。在瀏覽網頁或用其他程式時,都可以邊看影片邊做事了。看詳細說明

詳細說明:

Firefox Picture-in-Picture - The Firefox Frontier

立刻下載最新版 Firefox:

MozTW, Mozilla 台灣社群 | Firefox / Thunderbird 正體中文版


工作又想要追劇? was originally published in moznewszh on Medium, where people are continuing the conversation by highlighting and responding to this story.

by Irvin Chen at July 09, 2020 02:23 PM

June 22, 2020

Mozilla 外電聯播

經過 Mozilla 與多個組織的聯合請願,Zoom 承諾於七月開始,開放點對點加密給所有使用者

最強的隱私與資安,應該是消費型科技的根基,而非付費者才能享有的尊榮功能

Zoom Makes the Right Call on Encryption


經過 Mozilla 與多個組織的聯合請願,Zoom 承諾於七月開始,開放點對點加密給所有使用者 was originally published in moznewszh on Medium, where people are continuing the conversation by highlighting and responding to this story.

by Irvin Chen at June 22, 2020 09:52 AM

May 13, 2020

Irvin

5/14 台權會「數位身分證」記者會 發言內容

photo credit: TAHR.org.tw

講稿

Mozilla 在去年甫發布〈數位身份白皮書〉(Digital ID White Paper),針對數位身份系統連結資料庫的大規模監控風險提出警示,認為如欲建構國家級數位身份系統,政府應秉持以下五種開放態度 – —

  • 開放多重選擇
  • 去中心化機制
  • 公開課責制度
  • 確保多元包容
  • 透明與公開參與

▷在數位身份系統的設計階段時,政府應就技術與政策抉擇廣為諮詢大眾。

▷ 單一的身分證字號,可被用於描繪使用者行為,運用於跨資料庫連結,可大幅增進公私部門追蹤個人的能力。

▷ 應避免數位身份成為政府與私部門的監控工具,備妥限制存取、保留與共享身份認證資料的法規。

▷ 制定強立且獨立的個人資料保護監管機制、設立符合國際標準的個資保護機構。

▷ 數位身份系統設計,應符合多元包容的原則,不因任何原因而對任何人造成歧視,且必須考慮大眾的數位能力。

▷ 應提供身份辨識方式的多重選擇,避免強制實行單一且多重目的的身份識別系統。保留個人「不共享資料」、與「非數位身份」的選擇。

▷ 確保任何關鍵服務,都不應因缺少數位身份識別而無法使用。

▷ 國家級的身份系統應接受獨立外部單位驗證,確認其可信、安全與包容。並開放原始碼,以增進其透明度,並確保成品可被公眾檢驗。

從印度、肯亞、馬來西亞、奈及利亞等多國的經驗來看,未立法先發證,後續總會產生巨大的憲政與法律爭議。希望政府能回應民間疑慮、多方諮詢意見,完善法規架構,讓台灣的數位身分系統,成為能被他國參考的成功模式,而非負面案例。

新聞稿

《數位身分白皮書》提供國際標準,政府應採納建議。

Mozilla 台灣社群志工聯絡人陳心一(Irvin Chen)則依據 Mozilla 今年甫發布的〈數位身分白皮書〉(Digital ID White Paper,)說明,Mozilla 針對數位身份系統連結資料庫產生的大規模監控風險提出警示,認為如欲建構國家級數位身份系統,政府應秉持以下五種開放態度:(1) 開放多重選擇(2)去中心化機制(3)公開課責制度(4)確保多元包容(5)透明與公開參與。

陳心一指出,Mozilla 在白皮書中建議,在設計數位身分系統時,政府應就技術與政策決策廣為諮詢大眾,更應提供身份辨識的多重方式選擇,避免強制實行單一且多目的的身份識別系統。為了避免數位身份證成為政府與私部門的監控工具,應備妥限制存取、留存與共享身份資料的相關法規。目前國內法規尚未完善,也未設立符合國際標準的個資保護機構;從印度、肯亞、馬來西亞、奈及利亞等多國的經驗來看,未立法先發證,後續總會產生巨大的憲政與法律爭議。

陳心一也強調,單一的身分證字號易被用於描繪使用者行為,運用於跨資料庫連結時,可明顯增進公私部門追蹤個人的能力,應受法律限制。遺憾的是,台灣一人一號的身分證號制度不僅早已實施多年,更打算進一步深入到數位世界。在發言最後,陳心一則建議,數位身份系統的技術,必須接受獨立外部單位驗證,確認其可信、安全與包容多元,符合法規對個資的規管。他也建議國家級身份系統應開放原始碼(open source),以增進其透明度,並確保機制可被公眾驗證。

台權會完整新聞稿

【新聞稿】強迫換發eID惹民怨,行政立法踹共回訴求 | 台灣人權促進會

Photo credit: TAHR.org.tw

5/14 台權會「數位身分證」記者會 發言內容 was originally published in Mozilla related on Medium, where people are continuing the conversation by highlighting and responding to this story.

by Irvin Chen at May 13, 2020 06:54 PM

May 06, 2020

Mozilla 外電聯播

Mozilla 基金會的〈*沒隱私購物指南〉公布了「通訊軟體」評鑑報告

Mozilla 基金會的〈*沒隱私購物指南〉公布「通訊軟體」評鑑報告

接受評比的服務中,只有兩個沒有達到以下最基本的資安要求*:

- 網路傳輸有加密
- 產品有提供自動的安全性更新
- 設限存取資料的密碼強度,且避免使用共通的預設密碼
- 提供資安回報機制
- 產品有專屬的隱私原則

* https://mzl.la/2SFW2Pi

都有做到,不代表一定是安全好棒棒的產品,但是如果連最基本的要求都沒有滿足,就真的需要好好思考要不要使用嘍!🤔

*Privacy Not Included: A Buyer's Guide for Connected Products


Mozilla 基金會的〈*沒隱私購物指南〉公布了「通訊軟體」評鑑報告 was originally published in moznewszh on Medium, where people are continuing the conversation by highlighting and responding to this story.

by Irvin Chen at May 06, 2020 08:33 AM

April 29, 2020

Irvin

全面換發晶片身分證,Z>B?

全面換發晶片身分證 Z>B?

Mozilla 〈數位身份白皮書〉警示大規模監控風險

內政部原定今年 (2020) 全面換發晶片身分證。

Mozilla 在今年一月甫發布〈數位身份白皮書 Digital ID White Paper〉,針對數位身份系統帶來的大規模監控風險提出警示,並認為如欲建構相關系統,政府應秉持以下開放態度 — —

- 開放個人選擇
- 去中心化機制
- 公開課責機制
- 確保多元包容
- 透明與公開參與

What could an "Open" ID system look like?: Recommendations and Guardrails for National Biometric ID Projects - Open Policy & Advocacy

Mozilla Digital ID White Paper

目前,台灣的公民社會,由 OCF 開放文化基金會與 台灣人權促進會(Taiwan Association for Human Rights) 提出兩個連署進行中,包含以下與 Mozilla 研究報告相符的意見:

共同訴求

1. 不應強迫全面換發晶片身分證,保留選擇非晶片卡的自由
2. 成立個資保護與監督機關,保障人民隱私權益(接軌 GDPR)

開放文化基金會 訴求

3. 不強迫隨身攜帶,以避(NFC)任意/惡意讀取風險
4. 開放存取系統之原始碼,公眾監督取信於民

台灣人權促進會 Taiwan Association for Human Rights 訴求

5. 政府應暫停既有的換發作業,先就資安及隱私風險,進行立法或修法(先立法再換證)

敬請各位摩茲人一同思考「數位身份系統」對個人隱私與數位人權的風險,並且加入個人連署:

台灣人權促進會「反對全面換發晶片身分證」連署

【連署】反對全面換發晶片身分證

開放文化基金會「修法與公開 eID 資訊」連署

連署|修法與公開 eID 資訊


全面換發晶片身分證,Z>B? was originally published in Mozilla related on Medium, where people are continuing the conversation by highlighting and responding to this story.

by Irvin Chen at April 29, 2020 04:18 AM

April 04, 2020

Mozilla 外電聯播

Twitter 漏了設定 Cache-Control 表頭,導致傳送私訊的檔案在 Firefox 上會被快取七天

如何甩鍋自己的資安 Bug 🤧

Twitter 過去漏了設定 Cache-Control 標準表頭,導致傳送私訊的檔案會被 Firefox 快取七天,登出也不會被清掉。

然後為什麼只在 Firefox 上出包?因為在 Chrome 中,如果你有設定無關的 Content-Disposition header (提示下載檔案並建議檔名),就剛好不會進行 cache。

Mozilla 公告:https://mzl.la/2JE6GBm

What you need to know about Twitter on Firefox - The Mozilla Blog

技術細節:https://mzl.la/2X7DB9i

Twitter Direct Message Caching and Firefox - Mozilla Hacks - the Web developer blog

Twitter 的隱私問題揭露:

Twitter Data Cache on Mozilla Firefox


Twitter 漏了設定 Cache-Control 表頭,導致傳送私訊的檔案在 Firefox 上會被快取七天 was originally published in moznewszh on Medium, where people are continuing the conversation by highlighting and responding to this story.

by Irvin Chen at April 04, 2020 04:03 AM

April 03, 2020

Irvin

防疫期間公共聚會空間簽到單

防疫期間聚會空間簽到單

武漢肺炎防疫期間,摩茲工寮新增了這份聯絡資料表,要求所有活動參加者與訪客簽到,以防指揮中心需要進行疫情調查時,追溯接觸者之用。

在此以 CC0 授權公開,提供大家修改使用:PDF & Pages 原始檔iCloud


防疫期間公共聚會空間簽到單 was originally published in Mozilla related on Medium, where people are continuing the conversation by highlighting and responding to this story.

by Irvin Chen at April 03, 2020 12:48 PM

March 31, 2020

Mozilla 外電聯播

Mozilla 設立「COVID-19 解方」開源基金

Mozilla 在 MOSS 開源支持基金下,設立特別的 COVID-19 專案,資助與新冠肺炎(武漢病毒)相關的開源專案。每件的金額是 50000 美金,範圍包含硬體(例如:開源的呼吸器)、軟體(例如:用以媒合 hacker space 與醫院以列印前述呼吸器的平台)與其他病毒相關專案(例如:特別針對武漢病毒假消息闢謠的瀏覽器套件)。

條件是 1. 須在三個月內執行完畢、2.必須可即時部署(早期發展的概念不太可能會獲得)3.不限申請的組織型態(如:非營利組織醫院、營利醫院、社群開發團隊皆可)4. 必須使用開源授釋出。


Mozilla 設立「COVID-19 解方」開源基金 was originally published in moznewszh on Medium, where people are continuing the conversation by highlighting and responding to this story.

by Irvin Chen at March 31, 2020 05:06 PM

March 15, 2020

Irvin

Firefox Voice intents workshop

Volunteer help to add new voice-control commands for Firefox

https://medium.com/media/3bc7d397fc18c3df569c86a31512d2a4/href

Firefox Voice is an experimental add-on adding voice-control for Firefox. You can play with it now by installing the add-on on the desktop version of Firefox from the below page.

Test Firefox Voice - Mozilla Community Portal

During the Mozilla Berlin All-Hands, we had some discussion with the engineers about if a community volunteer can help to build intents (voice commands) for Firefox Voice. We were wondering if this topic will be interesting for volunteers to work on, and decided to run a pilot workshop at Taipei Community Space.

As a branch event of our regular browser add-on workshop, on Feb 29, five people joined the very first Firefox Voice intents workshop with us from 2 to 6 pm.

The combination of attendees were one experienced add-on developer and evangelism to lead the workshop, one people who come to the add-on workshop often, and two new people who is able to write JS without any add-on dev experience.

In the end, we have came up with two PRs (1128 & 1129), and here are the problems we had, during the workshop:

Set-up the extension developing environment

It took us 2 hrs for everyone to fully set up their web extension developing environment (on Two Mac, one Windows and one Linux). The problems we bumped-in includes:

  1. Need to install node/npm.
  2. A broken git on Win laptop.
  3. Need to download and install Firefox nightly.
  4. Windows laptop unable to use npm run start to pack the source and run with nightly (resolved by download the pre-packed xpi file, extracted and replaced the files in the repo, and run with web-ext run.
  5. npm run start is unable to find Nightly on Linux, because it’s named firefox-trunk instead of firefox-nightly, resolved by run web-ext run --firefox=firefox-trunk.
  6. On Mac, the mic privilege requesting dialog (for iTerm) showed up pretty late, cause some privilege problem.

Problems people had when working on the intents

While working on intents, these are the problems we had:

  1. The voice command panel is not working properly on the current master branch.
  2. Intent matching is quite tricky. It’s hard to know if the command is handled by the new intent we’re working on, or get caught by the current intents. Eg., the intent (about tab) I tried to implement was always caught by find.find, whatever the different words I try to use.
  3. The good-new-bugs the mentor had prepared to use as the examples had been patched before the workshop took place.
  4. The biggest problem — the current STT doesn’t recognize our tones. We will need to retry like more than ten times before the STT can output the sentences we would like to say.

We eventually use another laptop’s TTS, to vocalize the sentences we like to test. After the workshop, one of us eventually found we can, in fact, typing the sentences instead of trying to say it again and again.

https://medium.com/media/a78047988caafa559c0bc19e5cb193a9/href

People did have lots of fun and positive feedback for the workshop. If you want to find an interesting topic to hack with the community member together, check some good-first-bugs for Firefox Voice now.


Firefox Voice intents workshop was originally published in Mozilla related on Medium, where people are continuing the conversation by highlighting and responding to this story.

by Irvin Chen at March 15, 2020 09:04 AM

Virtual community meetup at the Mozilla Hubs

It’s may be a good time to run your first virtual gathering

It seems that @ettoolong duplicate a website during our group photo

We host a virtual version of community meetup at Mozilla Hubs last Friday night. It turned out to be a funny alternative to the meetup host in the physical space.

(BobChao: Come to the hub to play around at 9pm if you are interesting. Online community space, a good alternative during the disease???)

Po-chiang Chao suggested that we try hubs during the regular weekly meetup time, and shared the link on Telegram earlier. We connected to the room during our event at Taipei Community Space, and some community members joined from their homes.

oops, there are some Tofus on the HTML slide deck

We all gather at the “Hubs Commons” room. People play with all the features, summit items, move things around, share webcams and screens, open YouTube, and add the browser window to the AirMozilla website (and not knowing how to surf with it).

With a small monitor in front, I’m in the full confidence of the current slide. Now I just don’t know how to flip to the next page.

One of the main goals for us is to evaluate if we can use Hubs for online meetups, give remote talks, and perhaps hosting virtual conferences.

It turned out to be feasible — if people can prepare some time to get familiar with the control, find a suitable scene, and with lovely audiences who don’t summon a yellow duck during your talk.

https://medium.com/media/de2d910571cd7d007b051da0c9e10b67/href

One of the suggestions raised by the community member is quite interesting — we should provide a “beginning stage” for people to learn the basics of hubs. How to walk, turn around, add/remove & interact with the objects, share camera and screen, open and control the website, sit down, and the hardest one, stand-up after you sit (I still don’t find the way).

It’s a good time to try it with your community. Let’s stay home and going together to the Mozilla Hubs for some fun.

Hubs by Mozilla

Inception.

Virtual community meetup at the Mozilla Hubs was originally published in Mozilla related on Medium, where people are continuing the conversation by highlighting and responding to this story.

by Irvin Chen at March 15, 2020 07:44 AM