Language Selection

English French German Italian Portuguese Spanish

Moz/FF

Chromium/Mozilla Firefox: Chrome 78 Beta, Keygen Setback and iframes

Filed under
Google
Moz/FF
Web
  • Chrome 78 Beta: a new Houdini API, native file system access and more

    Unless otherwise noted, changes described below apply to the newest Chrome Beta channel release for Android, Chrome OS, Linux, macOS, and Windows. Find more information about the features listed here through the provided links or from the list on ChromeStatus.com. Chrome 78 is beta as of September 19, 2019.

  • Chrome 78 Hits Beta With Native File System API, Much Faster WebSockets

    Google on Friday released the Chrome 78 web-browser beta following last week's release of Chrome 77.

    Chrome 78 Beta is coming with a new Houdini API or more formally known as the CSS Properties and Values API Level 1, which lets developers register variables as fully custom CSS properties and can better handle animations and other use-cases.

  • Firefox 69 dropped support for <keygen>

    With version 69, firefox removed the support for the <keygen> feature to easily deploy TLS client certificates.
    It's kind of sad how used I've become to firefox giving me less and less reasons to use it...

  • [Mozilla] Restricting third-party iframe widgets using the sandbox attribute, referrer policy and feature policy

    Adding third-party embedded widgets on a website is a common but potentially dangerous practice. Thankfully, the web platform offers a few controls that can help mitigate the risks. While this post uses the example of an embedded SurveyMonkey survey, the principles can be used for all kinds of other widgets.

    Note that this is by no means an endorsement of SurveyMonkey's proprietary service. If you are looking for a survey product, you should consider a free and open source alternative like LimeSurvey.

Mozilla Leftovers

Filed under
Moz/FF
  • Mozilla Localization (L10N): L10n Report: September Edition

    Please note some of the information provided in this report may be subject to change as we are sometimes sharing information about projects that are still in early stages and are not final yet.

  • Will Kahn-Greene: Markus v2.0.0 released! Better metrics API for Python projects.

    Markus is a Python library for generating metrics.

  • This Week In Rust: This Week in Rust 304

    Hello and welcome to another issue of This Week in Rust! Rust is a systems language pursuing the trifecta: safety, concurrency, and speed. This is a weekly summary of its progress and community. Want something mentioned? Tweet us at @ThisWeekInRust or send us a pull request. Want to get involved? We love contributions.

  • Mozilla VR Blog: Virtual identities in Hubs

    Identity is a complicated concept—who are we really? Most of us have government IDs that define part of our identity, but that’s just a starting point. We present ourselves differently depending on context—who we are with our loved ones might not be the same as who we are at work, but both are legitimate representations of ourselves.

    Virtual spaces make this even harder. We might maintain many virtual identities with different degrees of overlap. Having control over our representation and identity online is a critical component of safety and privacy, and platforms should prioritize user agency.

    More importantly, autonomy and privacy are intrinsically intertwined. If everyone saw my google searches, I would probably change what I search for. If I knew my employer could monitor my interactions when I’m not at work, I would behave differently. Privacy isn’t just about protecting information about myself, it’s about allowing me to express myself.

Mozilla: The Rust Programming Language and Firefox Releases

Filed under
Moz/FF
  • The Rust Programming Language Blog: Upcoming docs.rs changes

    On September 30th breaking changes will be deployed to the docs.rs build environment. docs.rs is a free service building and hosting documentation for all the crates published on crates.io. It's open source, maintained by the Rustdoc team and operated by the Infrastructure team.

  • Flatulence, Crystals, and Happy Little Accidents

    The recording of my Rust Conf talk on algorithmic art and pen plotters is up on YouTube!

    [...]

    I really enjoyed giving this talk, and I think it went well. I want more creative coding, joy, surprise, and silliness in the Rust community. This talk is a small attempt at contributing to that, and I hope folks left inspired.

  • You'll get a new Firefox each month in 2020 as Mozilla speeds up releases

    Mozilla will turn the Firefox crank faster in 2020, releasing a new version of its web browser every four weeks instead of every six. If you're using the browser, the change should deliver new features to you faster since there will be less waiting between when developers build them and when they arrive.

    "In recent quarters, we've had many requests to take features to market sooner. Feature teams are increasingly working in sprints that align better with shorter release cycles. Considering these factors, it is time we changed our release cadence," Firefox team members Ritu Kothari and Yan Or said in a blog post Tuesday. "Shorter release cycles provide greater flexibility to support product planning and priority changes due to business or market requirements."

Moving Firefox to a faster 4-week release cycle

Filed under
Moz/FF

We typically ship a major Firefox browser (Desktop and Android) release every 6 to 8 weeks. Building and releasing a browser is complicated and involves many players. To optimize the process, and make it more reliable for all users, over the years we’ve developed a phased release strategy that includes ‘pre-release’ channels: Firefox Nightly, Beta, and Developer Edition. With this approach, we can test and stabilize new features before delivering them to the majority of Firefox users via general release.

And today we’re excited to announce that we’re moving to a four-week release cycle! We’re adjusting our cadence to increase our agility, and bring you new features more quickly. In recent quarters, we’ve had many requests to take features to market sooner. Feature teams are increasingly working in sprints that align better with shorter release cycles. Considering these factors, it is time we changed our release cadence.

Starting Q1 2020, we plan to ship a major Firefox release every 4 weeks. Firefox ESR release cadence (Extended Support Release for the enterprise) will remain the same. In the years to come, we anticipate a major ESR release every 12 months with 3 months support overlap between new ESR and end-of-life of previous ESR. The next two major ESR releases will be ~June 2020 and ~June 2021.

Read more

Mozilla: Media and Truth, Security and More

Filed under
Moz/FF
  • Examining AI’s Effect on Media and Truth

    Today, one of the biggest issues facing the internet — and society — is misinformation.

    It’s a complicated issue, but this much is certain: The artificial intelligence (AI) powering the internet is complicit. Platforms like YouTube and Facebook recommend and amplify content that will keep us clicking, even if it’s radical or flat out wrong.

    Earlier this year, Mozilla called for art and advocacy projects that illuminate the role AI plays in spreading misinformation. And today, we’re announcing the winners: Eight projects that highlight how AI like machine learning impacts our understanding of the truth.

  • Mozilla Open Policy & Advocacy Blog: Governments should work to strengthen online security, not undermine it

    On Friday, Mozilla filed comments in a case brought by Privacy International in the European Court of Human Rights involving government “computer network exploitation” (“CNE”)—or, as it is more colloquially known, government hacking.

    While the case focuses on the direct privacy and freedom of expression implications of UK government hacking, Mozilla intervened in order to showcase the further, downstream risks to users and internet security inherent in state CNE. Our submission highlights the security and related privacy threats from government stockpiling and use of technology vulnerabilities and exploits.

    Government CNE relies on the secret discovery or introduction of vulnerabilities—i.e., bugs in software, computers, networks, or other systems that create security weaknesses. “Exploits” are then built on top of the vulnerabilities. These exploits are essentially tools that take advantage of vulnerabilities in order to overcome the security of the software, hardware, or system for purposes of information gathering or disruption.

    When such vulnerabilities are kept secret, they can’t be patched by companies, and the products containing the vulnerabilities continue to be distributed, leaving people at risk. The problem arises because no one—including government—can perfectly secure information about a vulnerability. Vulnerabilities can be and are independently discovered by third parties and inadvertently leaked or stolen from government.

  • Time for some project updates

    I’m going to begin with some of the less-loved things I’ve been working on, partially in an attempt to motivate some forward-motion on things that I believe are rather important to Mozilla.

Mozilla's Privacy Words/Promises

Filed under
Moz/FF
  • Creating privacy-centric virtual spaces

    We now live in a world with instantaneous communication unrestrained by geography. While a generation ago, we would be limited by the speed of the post, now we’re limited by the speed of information on the Internet. This has changed how we connect with other people.

    As immersive devices become more affordable, social spaces in virtual reality (VR) will become more integrated into our daily lives and interactions with friends, family, and strangers. Social media has enabled rapid pseudonymous communication, which can be directed at both a single person and large groups. If social VR is the next evolution of this, what approaches will result in spaces that respect user identities, autonomy, and safety?

    We need spaces that reflect how we interact with others on a daily basis.

  • Mozilla previews Firefox VPN, will charge for service at some point

    Mozilla has not hidden its desire to branch into new revenue territories to divest from the more-or-less-single-source of search engine royalties. In June, CEO Chris Beard and other Mozilla officials said that paid service subscriptions would roll out this fall, but assured users that the browser itself would remain free of charge. The VPN could be the first of several paid services pitched to Firefox users, or part of a larger all-in-one package; Mozilla hasn't been clear about the form(s) this new revenue stream may take.

    Nor did Wood say how long her team will test Firefox Private Network. However, she did position this iteration of Test Pilot differently than before. "The difference with the newly relaunched Test Pilot program is that these products and services may be outside the Firefox browser, and will be far more polished, and just one step shy of general public release," she said.

  • Encrypted DNS could help close the biggest privacy gap on the Internet. Why are some groups fighting against it?

    Thanks to the success of projects like Let’s Encrypt and recent UX changes in the browsers, most page-loads are now encrypted with TLS. But DNS, the system that looks up a site’s IP address when you type the site’s name into your browser, remains unprotected by encryption.

    Because of this, anyone along the path from your network to your DNS resolver (where domain names are converted to IP addresses) can collect information about which sites you visit. This means that certain eavesdroppers can still profile your online activity by making a list of sites you visited, or a list of who visits a particular site. Malicious DNS resolvers or on-path routers can also tamper with your DNS request, blocking you from accessing sites or even routing you to fake versions of the sites you requested.

Mozilla: Firefox Sending DNS Traffic to Cloudflare, Shepherds 3.0

Filed under
Moz/FF
    Turn off DoH, Firefox. Now.

    DoH means that Firefox will concentrate all DNS traffic on Cloudflare, and they send traffic from all their users to one entity. So what does that mean? It means people outside the US can now be fully tracked by US government: now some of you might wonder if this is actually in line with GDPR (The EU General Data Protection Regulation). It is indeed very questionable if DoH is rolled out as default, since users do NOT opt in, but have to opt out.

  • DoH disabled by default in Firefox

    Disable DoH by default. While encrypting DNS might be a good thing, sending all DNS traffic to Cloudflare by default is not a good idea. Applications should respect OS configured settings. The DoH settings still can be overriden if needed. ok landry@ job@

  • Niko Matsakis: AiC: Shepherds 3.0

    What I’m proposing, at its heart, is very simple. I want to better document the “agenda” of the lang-team. Specifically, if we are going to be moving a feature forward1, then it should have a shepherd (or multiple) who is in charge of doing that.

    In order to avoid unbounded queues, the number of things that any individual can shepherd should be limited. Ideally, each person should only shepherd one thing at a time, though I don’t think we need to make a firm rule about it.

    Becoming a shepherd is a commitment on the part of the shepherd. The first part of the lang team meeting should be to review the items that are being actively shepherded and get any updates. If we haven’t seen any movement in a while, we should consider changing the shepherd, or officially acknowleding that something is stalled and removing the shepherd altogether.

    Assigning a shepherd is a commitment on the part of the rest of the lang-team as well. Before assigning a shepherd, we should discuss if this agenda item is a priority. In particular, if someone is shepherding something, that means we all agree to help that item move towards some kind of completion. This means giving feedback, when feedback is requested. It means doing the work to resolve concerns and conflicts. And, sometimes, it will mean giving way. I’ll talk more about this in a bit.

Firefox Reality 1.4

Filed under
Moz/FF

With this release, we’re excited to announce that users can enjoy browsing in multiple windows side-by-side. Each window can be set to the size and position of your choice, for a super customizable experience.

And, by popular demand, we’ve enabled local browsing history, so you can get back to sites you've visited before without typing. Sites in your history will also appear as you type in the search bar, so you can complete the address quickly and easily. You can clear your history or turn it off anytime from within Settings.

The Content Feed also has a new and improved menu of hand-curated “Best of WebVR” content for you to explore. You can look forward to monthly updates featuring a selection of new content across different categories including Animation, Extreme (sports/adrenaline/adventure), Music, Art & Experimental and our personal favorite way to wind down a day, 360 Chill.

Read more

Internet: New Curl, Chrome and Firefox Features

Filed under
Google
Moz/FF
Web
  • Daniel Stenberg: curl 7.66.0 – the parallel HTTP/3 future is here

    I personally have not done this many commits to curl in a single month (August 2019) for over three years. This increased activity is of course primarily due to the merge of and work with the HTTP/3 code. And yet, that is still only in its infancy…

  • Chrome 77 Released With Serial API, WebVR 1.1 & Any Element Can Provide Form Data

    Google has rolled out Chrome 77 into their stable channel as the newest version of their lightning fast web browser for Linux.

    Chrome 77 now supports any HTML element providing form data via the "formdata" event, various security improvements, a Serial API for interacting with devices connected to physical or virtual serial ports, WebVR 1.1 support, tab sharing between devices, and a variety of other improvements.

  • Chrome for Android Update

    Hi, everyone! We've just released Chrome 77 (77.0.3865.73) for Android: it'll become available on Google Play over the next few weeks.

  • Chrome 77 for Mac, Windows rolling out: ‘Send this page’ sharing, new favicon animation, more

    Google is rolling out the latest version of Chrome for Mac, Windows, and Linux. Chrome 77 more widely introduces the “Send this page” cross-device sharing...

  • Google Chrome 77 Is Out for Linux, Android, Windows & Mac with 52 Security Fixes

    Google has promoted the Chrome 77 web browser to the stable channel for all supported platforms, including Linux, Android, Windows, and Mac.
    Google Chrome 77 introduces several performance enhancements to speed up your browsing experience, including new performance metrics that helps web developers measure how fast the content of a web page loads so you can access it faster than ever, as well as new form capabilities to support custom form controls.

    "It has not always been easy for developers to measure how quickly the main content of a web page loads and is visible to users. The usefulness of existing metrics varies. Some metrics are only measurable in a lab, while others tell nothing about content that users care about. Consider the example below, taken from a DevTools performance audit," said Google.

    Additionally, Google Chrome 77 introduces new origin trials that lets you to try new Chrome features before they are released and give feedback to the web standards community on their usability, effectiveness, and practicality. Users will be able to register for the origin trials here.

  • Google Unveils DNS-over-HTTPS (DoH) Plan, Mozilla's Faces Criticism

    Google has announced that they would soon be performing a trial of utilizing DNS-over-HTTPS (DoH) in the Google Chrome browser. This experiment will be conducted in Chrome 78 and will attempt to upgrade a user's DNS server to a corresponding DoH server, and if available, use that for DNS resolution.

    For those unfamiliar with DoH, it allows DNS resolution to be conducted over encrypted HTTPS connections rather than through the normal plain text DNS lookups.

  • Mozilla Reps Community: Rep of the Month – July 2019

    Please join us in congratulating Bhuvana Meenakshi Koteeswaran, Rep of the Month for July 2019!

    Bhuvana is from Salem, India. She joined the Reps program at the end of 2017 and since then she has been involved with Virtual and Augmented Reality projects.

Mozilla: Copyright Alternative in Small Claims Enforcement (CASE), VR, Security and Privacy

Filed under
Moz/FF
  • Mozilla Open Policy & Advocacy Blog: CASE Act Threatens User Rights in the United States

    This week, the House Judiciary Committee is expected to mark up the Copyright Alternative in Small Claims Enforcement (CASE) Act of 2019 (H.R. 2426). While the bill is designed to streamline the litigation process, it will impose severe costs upon users and the broader internet ecosystem. More specifically, the legislation would create a new administrative tribunal for claims with limited legal recourse for users, incentivizing copyright trolling and violating constitutional principles. Mozilla has always worked for copyright reform that supports businesses and internet users, and we believe that the CASE Act will stunt innovation and chill free expression online. With this in mind, we urge members to oppose passage of H.R. 2426.

    First, the tribunal created by the legislation conflicts with well-established separation of powers principles and limits due process for potential defendants. Under the CASE Act, a new administrative board would be created within the Copyright Office to review claims of infringement. However, as Professor Pamela Samuelson and Kathryn Hashimoto of Berkeley Law point out, it is not clear that Congress has the authority under Article I of the Constitution to create this tribunal. Although Congress can create tribunals that adjudicate “public rights” matters between the government and others, the creation of a board to decide infringement disputes between two private parties would represent an overextension of its authority into an area traditionally governed by independent Article III courts.

  • Mozilla VR Blog: WebXR emulator extension

    We are happy to announce the release of our WebXR emulator browser extension which helps WebXR content creation.

  • Firefox security tips: Understand how hackers work

    Forget about those hackers in movies trying to crack the code on someone’s computer to get their top secret files. The hackers responsible for data breaches usually start by targeting companies, rather than specific individuals. They want to get data from as many people as possible so they can use, resell or leverage it to make money.

  • Firefox’s Test Pilot Program Returns with Firefox Private Network Beta

    Like a cat, the Test Pilot program has had many lives. It originally started as an Add-on before we relaunched it three years ago. Then in January, we announced that we were evolving our culture of experimentation, and as a result we closed the Test Pilot program to give us time to further explore what was next.

    We learned a lot from the Test Pilot program. First, we had a loyal group of users who provided us feedback on projects that weren’t polished or ready for general consumption. Based on that input we refined and revamped various features and services, and in some cases shelved projects altogether because they didn’t meet the needs of our users. The feedback we received helped us evaluate a variety of potential Firefox features, some of which are in the Firefox browser today.

    If you haven’t heard, third time’s the charm. We’re turning to our loyal and faithful users, specifically the ones who signed up for a Firefox account and opted-in to be in the know about new products testing, and are giving them a first crack to test-drive new, privacy-centric products as part of the relaunched Test Pilot program. The difference with the newly relaunched Test Pilot program is that these products and services may be outside the Firefox browser, and we will be far more polished, and just one step shy of general public release.

  • In the US? You Can Try Firefox’s New VPN Feature

    Not only has Mozilla suddenly revived its (much missed) Test Pilot program, but it’s using it to check the tyres on a really interesting new feature: a VPN.

    The new Test Pilot site is currently home to ‘Firefox Private Network’, a beta product that, the company says, is near release.

Syndicate content

More in Tux Machines

Why we shouldn’t blame ourselves for the Linux desktop’s microscopic marketshare

Well, that was three interesting articles on the same topic on the same day, namely, billionaires. And read in turn they explain exactly why the Linux Desktop is still at such a marginal market share, and why that’s not because we, who work hard on it, are failures who have been doing the wrong thing all the time. It is in the first place policies, bought with money, that allowed people to build monopolies, taxing individuals and so becoming even more rich and powerful. However, what it is about, is the question: why is Bill Gates not in jail for life with all his wealth stripped off? He’s a criminal, and his crime has directly harmed us, the people working on free software, on the Linux Desktop. So, to make things painfully clear: Bill Gates made it so that his company would tax every computer sold no matter whether it ran Windows or not. If a manufacturer wanted to sell computers running Windows, all the computers it sold were taxed by Microsoft. He would get paid for the work a Linux distribution was doing, and the Linux distribution would not get that money. Read more

Software: Gscan2PD, GIMP and LibreOffice

  • Gscan2PDF 2.6.0 Released with import-all Option

    The official Gscan2PDF PPA has made the new release packages for all current Ubuntu releases, and their derivatives, including Ubuntu 16.04, Ubuntu 18.04, Ubuntu 19.04, Ubuntu 19.10, Linux Mint 18.x and 19.x

  • 5 Tools That Allow You to Make a Free Logo

    2. Gimp Unlike Tailor Brands, GIMP is more of a photo editor which means that it comes with way more tools and features. If you want to do more than logo designing, then GIMP is your right choice. It comes with a customizable interface that not only covers cosmetics, but also the behavior of the various tools that it has. There are photo enhancement tools that help you to get rid of image distortions, colors, and other imperfections. Another benefit is support for multiple file formats viz. JPEG, PSD, PNG, and GIF.

  • Community Member Monday: Celia Palacios

    I am a Mexican old-guard user of Linux since 2001. I studied Electronic Engineering, and I have been working in that field since 1989. I learnt all sorts of Linux stuff because I love to learn by myself. In addition, I love to read historical detective novels, lots of science fiction, and go to the movies with my husband. I love philosophy, symbolism and many alternative ideas about everything. I also like to have long, friendly debates about everybody’s presumptions (or assumptions?). I try to be open-minded, specially in this times when everyone’s getting polarized Mexico about our President. I used to be an athletic gal, but now I am a total coach-potato! Thanks, Netflix!

SUSE Continues Working On Linux Core Scheduling For Better Security

SUSE and other companies like DigitalOcean have been working on Linux core scheduling to make virtualization safer particularly in light of security vulnerabilities like L1TF and MDS. The core scheduling work is about ensuring different VMs don't share a HT sibling but rather only the same VM / trusted applications run on siblings of a core. SUSE's Dario Faggioli presented at the KVM Forum 2019 at the end of October in Lyon, France. Dario's presentation covered the latest work on core-scheduling for virtualization. Read more Also: The Disappointing Direction Of Linux Performance From 4.16 To 5.4 Kernels

Security: Updates, Mozilla AMO and Reproducible Arch Linux Packages

  • Security updates for Monday

    Security updates have been issued by Debian (ampache, chromium, djvulibre, firefox-esr, gdal, and ruby-haml), Fedora (chromium, file, gd, hostapd, nspr, and rssh), openSUSE (bcm20702a1-firmware, firefox, gdal, libtomcrypt, php7, python-ecdsa, python3, samba, and thunderbird), SUSE (apache2-mod_auth_openidc, libssh2_org, and rsyslog), and Ubuntu (bash).

  • Security improvements in AMO upload tools

    We are making some changes to the submission flow for all add-ons (both AMO- and self-hosted) to improve our ability to detect malicious activity. These changes, which will go into effect later this month, will introduce a small delay in automatic approval for all submissions. The delay can be as short as a few minutes, but may take longer depending on the add-on file. If you use a version of web-ext older than 3.2.1, or a custom script that connects to AMO’s upload API, this new delay in automatic approval will likely cause a timeout error. This does not mean your upload failed; the submission will still go through and be approved shortly after the timeout notification. Your experience using these tools should remain the same otherwise.

  • Reproducible Arch Linux Packages

    Arch Linux has been involved with the reproducible builds efforts since 2016. The goal is to achieve deterministic building of software packages to enhance the security of the distribution. After almost 3 years of continued effort, along with the release of pacman 5.2 and contributions from a lot of people, we are finally able to reproduce packages distributed by Arch Linux! This enables users to build packages and compare them with the ones distributed by the Arch Linux team. Users can independently verify the work done by our packagers, and figure out if malicious code has been included in the pristine source during the build, which in turns enhances the overall supply chain security. We are one of the first binary distributions that has achieved this, and can provide tooling down to users. That was the TL;DR! The rest of the blog post will explain the reproducible builds efforts, and the technical work that has gone into achieving this.

  • Arch Linux Updates Its Kernel Installation Handling

    Arch Linux has updated the behavior when installing the linux, linux-lts, linux-zen, and linux-hardened kernel options on this popular distribution.  The actual kernel images for their official Linux, Linux LTS, Linux Zen, and Linux Hardened flavors will no longer be installed to /boot by default. By not having the actual kernel reside on /boot should help those with separate boot partitions that are quite small and avoid running out of space when keeping multiple kernels installed.