Language Selection

English French German Italian Portuguese Spanish

Mozilla: Thunderbird Rebuts EFF, Debugging Modern Web Applications, Firefox Performance, Rust Turning 3

Filed under
Moz/FF
  • Mozilla Thunderbird: EFail and Thunderbird, What You Need To Know

    DO NOT DISABLE ENCRYPTION. We’ve seen recommendations from some outlets to stop using encrypted Email altogether. If you are sending sensitive data via Email, Thunderbird still recommends using encryption to keep those messages safe. You should, however, check the configuration of the applications you use to view encrypted EMail. For Thunderbird, follow our guidelines below to protect yourself.

  • Debugging Modern Web Applications

    Building and debugging modern JavaScript applications in Firefox DevTools just took a quantum leap forward. In collaboration with Logan Smyth, Tech Lead for Babel, we leveled up the debugger’s source map support to let you inspect the code that you actually wrote. Combined with the ongoing initiative to offer first-class JS framework support across all our devtools, this will boost productivity for modern web app developers.

    Modern JS frameworks and build tools play a critical role today. Frameworks like React, Angular, and Ember let developers build declarative user interfaces with JSX, directives, and templates. Tools like Webpack, Babel, and PostCSS let developers use new JS and CSS features before they are supported by browser vendors. These tools help developers write simpler code, but generate more complicated code to debug.

  • Firefox Performance Update #8

    Talos is a framework that we use to measure various aspects of Firefox performance as part of our continuous integration pipeline.

    There are a number of Talos “suites”, where each suite contains some number of tests. These tests, in turn, report some set of numbers that are then stored and graphable via our graph viewer here.

    Here’s a full list of the Talos tests, including their purpose, the sorts of measurements they take, and who’s currently a good person to ask about them if you have questions.

    A lot of work has been done to reduce the amount of noise in our Talos tests, but they’re still quite sensitive and noisy. This is why it’s often necessary to do 5-10 retriggers of Talos test runs in order to do meaningful comparisons.

    Sometimes Talos detects regressions that aren’t actually real regressions1, and that can be a pain. However, for the times where real regressions are caught, Talos usually lets us know much faster than Telemetry or user reports.

    Did you know that you can get profiles from Try for Talos runs? This makes it much simpler to diagnose Talos regressions. Also, we now have Talos profiles being generated on our Nightly builds for added convenience!

  • This Week in Rust 234
  • Thoughts on retiring from a team

    The Rust Community Team has recently been having a conversation about what a team member’s “retirement” can or should look like. I used to be quite active on the team but now find myself without the time to contribute much, so I’m helping pioneer the “retirement” process. I’ve been talking with our subteam lead extensively about how to best do this, in a way that sets the right expectations and keeps the team membership experience great for everyone.

  • Rust turns three

    Three years ago today, the Rust community released Rust 1.0 to the world, with our initial vision of fearless systems programming. As per tradition, we’ll celebrate Rust’s birthday by taking stock of the people and the product, and especially of what’s happened in the last year.

    [...]

    Finally, the Rust community continues to work on inclusivity, through outreach programs like Rust Reach and RustBridge, as well as structured mentoring and investments in documentation to ease contribution. For 2018, a major goal is to connect and empower Rust’s global community, which we’re doing both through conference launches in multiple new continents, as well as work toward internationalization throughout the project.

More in Tux Machines

Qt/KDE: Qt for Python, Inkscape Dark Theme on KDE Plasma, Atelier at Maker Faire and QtCon 2018!

  • Python and Qt: 3,000 hours of developer insight
    With Qt for Python released, it’s time to look at the powerful capabilities of these two technologies. This article details one solopreneur’s experiences. [...] The big problem with Electron is performance. In particular, the startup time was too high for a file manager: On an admittedly old machine from 2010, simply launching Electron took five seconds. I admit that my personal distaste for JavaScript also made it easier to discount Electron. Before I go off on a rant, let me give you just one detail that I find symptomatic: Do you know how JavaScript sorts numbers? Alphabetically. ’nuff said. After considering a few technologies, I settled on Qt. It’s cross-platform, has great performance and supports custom styles. What’s more, you can use it from Python. This makes at least me orders of magnitude more productive than the default C++.
  • Inkscape Dark Theme on KDE Plasma
    On KDE Plasma, it's very easy to setup Inkscape Dark Theme. To do so, go to System Settings > Application Style > GNOME/GTK+ Style > under GTK+ Style: switch all themes to Dark ones and give check mark to Prefer Dark Theme > Apply. Now your Inkscape should turned into dark mode. To revert back, just revert the theme selections. This trick works on Kubuntu or any other GNU/Linux system as long as it uses Plasma as its desktop environment.
  • Atelier at Maker Faire and QtCon 2018!
    On the weekend of November 3 and 4, it happened on Rio de Janeiro the first Maker Faire of Latin America. And I was able to do a talk about Atelier and the current status of our project. The event hold more than 1.500 people on the first day, that saw a lot of talks and the exposition of makers of all over the country that came to Rio to participate in this edition of the Maker Faire.

Security: Updates, Systematic Evaluation of Transient Execution Attacks and Defenses, New IoT Security Regulations and GPU Side-Channel Attacks

  • Security updates for Thursday
  • A Systematic Evaluation of Transient Execution Attacks and Defenses

    [...] we present a sound and extensible systematization of transient execution attacks. Our systematization uncovers 7 (new) transient execution attacks that have been overlooked and not been investigated so far. This includes 2 new Meltdown variants: Meltdown-PK on Intel, and Meltdown-BR on Intel and AMD. It also includes 5 new Spectre mistraining strategies. We evaluate all 7 attacks in proof-of-concept implementations on 3 major processor vendors (Intel, AMD, ARM). Our systematization does not only yield a complete picture of the attack surface, but also allows a systematic evaluation of defenses. Through this systematic evaluation, we discover that we can still mount transient execution attacks that are supposed to be mitigated by rolled out patches.

  • New IoT Security Regulations
    Due to ever-evolving technological advances, manufacturers are connecting consumer goods­ -- from toys to light bulbs to major appliances­ -- to the Internet at breakneck speeds. This is the Internet of Things, and it's a security nightmare. The Internet of Things fuses products with communications technology to make daily life more effortless. Think Amazon's Alexa, which not only answers questions and plays music but allows you to control your home's lights and thermostat. Or the current generation of implanted pacemakers, which can both receive commands and send information to doctors over the Internet. But like nearly all innovation, there are risks involved. And for products born out of the Internet of Things, this means the risk of having personal information stolen or devices being overtaken and controlled remotely. For devices that affect the world in a direct physical manner -- ­cars, pacemakers, thermostats­ -- the risks include loss of life and property.
  • University Researchers Publish Paper On GPU Side-Channel Attacks
    University researchers out of University of California Riverside have published a paper this week detailing vulnerabilities in current GPU architectures making them vulnerable to side-channel attacks akin to Spectre and Meltdown. With their focus on NVIDIA GPUs, UCLA Riverside researchers demonstrated attacks both for graphics and compute by exploiting the GPU's performance counters. Demonstrated attacks included a browser-based attack, extracting passwords / keystroke logging, and even the possibility of exposing a CUDA neural network algorithm.

VirtualBox 6.0 Beta 2

  • Announcement: VirtualBox 6.0 Beta 2 released
    Please do NOT use this VirtualBox Beta release on production machines! A VirtualBox Beta release should be considered a bleeding-edge release meant for early evaluation and testing purposes. You can download the binaries here: http://download.virtualbox.org/virtualbox/6.0.0_BETA2 Please do NOT open bug reports at our public bugtracker but use our VirtualBox Beta Feedback forum at https://forums.virtualbox.org/viewforum.php?f=15 to report any problems with the Beta. Please concentrate on reporting regressions since VirtualBox 5.2! Version 6.0 will be a new major release. Please see the forum at https://forums.virtualbox.org/viewtopic.php?f=15&t=90315 for an incomplete list of changes. Thanks for your help! Michael
  • VirtualBox 6.0 Beta 2 Adds File Manager For Host/Guest File Copies, OS/2 Shared Folder
    Last month Oracle rolled out the public beta of VirtualBox 6.0 though didn't include many user-facing changes. They have now rolled out a second beta that does add in a few more features. VirtualBox 6.0 Beta 2 was released today and to its user-interface is a new file manager that allows the user to control the guest file-system with copying file objects between the host and guest. Also improved with VirtualBox 6.0 Beta 2 is better shared folder auto-mounting with the VBox Guest Additions. This beta even brings initial shared folder support to the guest additions for OS/2.

Thunderbird version 60.3.1 now Available, Includes Fixes for Cookie Removal and Encoding Issues

Thunderbird happens to be one of the most famous Email client. It is free and an open source one which was developed by the Mozilla Foundation back in 2003, fifteen years ago. From a very basic interface, it has come a long way to be what it is today in 2018. With these updates, a recent one into the 60.x series from the 52.x series was a significant one. While the 60.x (60.3.0) update started rolling out, Mozilla was keen to push out 60.3.1. This new version of Thunderbird had a few bugs and kinks here and there which needed to be addressed which Mozilla did, most of them at least. Read more