Language Selection

English French German Italian Portuguese Spanish

Moz/FF

Mozilla's new DNS resolution is dangerous

Filed under
Moz/FF

With their next patch Mozilla will introduce two new features to their Firefox browser they call "DNS over HTTPs" (DoH) and Trusted Recursive Resolver (TRR). In this article we want to talk especially about the TRR. They advertise it as an additional feature which enables security. We think quite the opposite: we think it's dangerous, and here's why.

Read more

Thunderbird 60 Released

Filed under
Moz/FF
Web
  • Thunderbird Release Notes

    Thunderbird version 60 is currently only offered as direct download from thunderbird.net and not as upgrade from Thunderbird version 52 or earlier. If you have installed Lightning, Mozilla's Calendar add-on, it will automatically be updated to match the new version of Thunderbird. Refer to this troubleshooting article in case of problems.

  • Thunderbird 60.0 Released With WebExtension Themes, Attachment Improvements

    For those of you that have been waiting for a big update to the Thunderbird mail/RSS client, Thunderbird 60.0 is now available with plenty of changes.

  • What’s New in Thunderbird 60

    Thunderbird 60, the newest stable release of everyone’s favorite desktop Email client, has been released. This version of Thunderbird is packed full of great new features, fixes, and changes that improve the user experience and make for a worthwhile upgrade. I’ll highlight three of the biggest changes in Thunderbird 60 in this post, check out the full release notes over on our website.

Mozilla: Address Bar and More

Filed under
Moz/FF
  • How to add the share menu to the Firefox address bar

    While working on my previous blog post, I came across another great feature you may not know about. Let’s say you use the Share menu, but opening the Page Actions menu requires too much navigation. You need quicker access!

    To add an item to the address Bar, right-click on it and select Add to Address Bar.
    To remove it, right-click on the item and select Remove from Address Bar.

  • New backend for storage.local API

    To help improve Firefox performance, the backend for the storage.local API is migrating from JSON to IndexedDB. These changes will soon be enabled on Firefox Nightly and will stabilize when Firefox 63 lands in the Beta channel. If your users switch between Firefox channels using the same profile during this time, they may experience data regression in the extensions they have previously installed.

    We recommend that users do not change Firefox channels between now and September 5, 2018. However, if they do and they contact you with questions about why their extensions are not behaving normally (such as losing saved options or other local data), please point them to this post for instructions on how to retrieve and re-import their extension data.

  • Happy BMO Push Day!
  • This Week in Mixed Reality: Issue 14

    It's been another busy week in MR land for the team. We are getting really close to releasing some fun new features.

Ctrl-Q issue or “are Firefox developers using Linux at all?”

Filed under
GNU
Linux
Moz/FF

When I started using Linux on my desktop there was only Mozilla based browsers which were usable. They had different names: Galeon, Firebird, Phoenix, Mozilla Suite and finally Firefox.

It worked better or worse but did. There were moments when on 2GB ram machine browser was using 6 gigabytes (which resulted in killing it). Then were moments when it started to be slower and slower so I moved to Google Chrome instead.

But still — Firefox had all those extensions which could do insane amount of things with how browser looks, how it works etc. But then Quantum came and changed that. Good bye all nice addons. Hope we meet in other life.

But what it has with question from post title? Simple, little, annoying thing: “Ctrl-Q” shortcut. Lovely one which everyone is using to close application they work with. Not that it does not work — it does. Perfectly. And this is a problem…

Read more

Things Gateway 0.5

Filed under
Moz/FF
  • Things Gateway 0.5 packed full of new features, including experimental smart assistant

    The Things Gateway from Mozilla lets you directly monitor and control your home over the web, without a middleman.

    Today the Mozilla IoT team is excited to announce the 0.5 release of the Things Gateway, which is packed full of new features including customisable devices, a more powerful rules engine, an interactive floorplan and an experimental smart assistant you can talk to.

    [...]

    How to Get Involved

    To try out the latest version of the gateway, download the software image from our website to use on a Raspberry Pi. If you already have a gateway set up, you should notice it automatically update itself to the 0.5 release.

  • Mozilla Announces Things Gateway 0.5, Reddit Security Incident, Docker Moving to a New Release Cycle, Artifact Coming in November and LibreOffice 6.0.6 Now Available

    The Mozilla IoT team announced the 0.5 release of the Things Gateway this morning, which is "packed full of new features including customisable devices, a more powerful rules engine, an interactive floorplan and an experimental smart assistant you can talk to." If you want to try out this new version of the gateway, you can download it from here and use it on your Raspberry Pi. According to the press release, "A powerful new 'capabilities' system means that devices are no longer restricted to a predefined set of Web Thing Types, but can be assembled from an extensible schema-based system of 'capabilities' through our new schema repository. This means that developers have much more flexibility to create weird and wacky devices, and users have more control over how the device is used."

  • Mozilla’s Things Gateway 0.5 offers Interactive Floorplan View and a Smart Assistant

    Mozilla’s Things Gateway software just received a new update today in its version 0.5 and it offers several interesting features. These new features include support for custom devices and new protocols, safe authorisation of third party applications for accessing gateway, strengthened rules engine, an interactive floor plan view which lets the user lay out devices on the home map and most importantly, an ‘experimental’ smart assistant which can directly be spoken to.

    Things Gateway is a Project Things’ component which aims at providing everyone with the services and software required for bridging communication among connected devices. This software is an operating system which is Raspberry Pi-compatible and lets the user control and monitor their home over the internet. The latest update to the software has further expanded the controls for its users. According to Ben Francis at Mozilla Hacks, this software allows for the management of all devices being used in the house through ‘a single secure web interface’. He further wrote, “Today I’m excited to tell you about the latest version of the Things Gateway and how you can use it to directly monitor and control your home over the web, without a middleman. Instead of installing a different mobile app for every smart home device you buy, you can manage all your devices through a single secure web interface.”

Firefox 63: Linux out-of-process extensions

Filed under
Moz/FF

Mozilla plans to enable out-of-process extensions for Firefox running on GNU/Linux systems in Firefox 63. The organization plans to release Firefox 63 on October 23, 2018 for all supported desktop and mobile operating systems.

Mozilla added multi-process capabilities to Firefox 49 and improved the functionality in future releases. Multi-process separates different parts of the web browser, for instance browser tabs and the core browser, to improve security and stability.

Work on Firefox's security sandbox continues, and so does work on moving additional elements to their own process. Mozilla added supported for out-of-process extensions in Firefox 56 on Windows, and added the functionality in Firefox 61 to installations of the web browser running on Mac OS X.

Read more

Programming: ProjectQ and Rust

Filed under
Development
Moz/FF
Sci/Tech
  • Open-Source Software Framework Makes Quantum Computing More Accessible

    To help further this field, Häner and a team at ETH Zurich created ProjectQ, a free, open-source software framework for quantum computing that allows users to implement their quantum programs in the high-level programming language Python using a powerful and intuitive syntax. ProjectQ can then translate these programs to any type of back-end, either a simulator run on a classical computer or an actual quantum chip.

  • This Week in Rust 245

    Always wanted to contribute to open-source projects but didn't know where to start? Every week we highlight some tasks from the Rust community for you to pick and get started!

Mozilla Development/News/Policy

Filed under
Moz/FF
  • G20 digital process: Trust requires more transparency and inclusion

    We commend the Argentine G20 Presidency for continuing to build momentum around the G20 digital process and look forward to seeing the Declaration and the progress made to that end following the Digital Ministerial on August 24.

    However, we can’t ignore the lack of transparency and the step back from multistakeholder engagement that was championed under last year’s G20 Presidency by Germany. Mozilla appreciated the invitation to attend the G20-B20 workshops on July 30, which allowed for providing input into the Digital Declaration. But inviting pre-selected organisations to an unofficial side event on comparatively short notice is not sufficient for a meaningfully transparent and inclusive process.

  • Safe Harbor for Security Bug Bounty Participants

    Mozilla established one of the first modern security bug bounty programs back in 2004. Since that time, much of the technology industry has followed our lead and bounty programs have become a critical tool for finding security flaws in the software we all use. But even while these programs have reached broader acceptance, the legal protections afforded to bounty program participants have failed to evolve, putting security researchers at risk and possibly stifling that research.

    That is why we are announcing changes to our bounty program policies to better protect security researchers working to improve Firefox and to codify the best practices that we’ve been using.

    We often hear of researchers who are concerned that companies or governments may take legal actions against them for their legitimate security research. For example, the Computer Fraud and Abuse Act (CFAA) – essentially the US anti-hacking law that criminalizes unauthorized access to computer systems – could be used to punish bounty participants testing the security of systems and software. Just the potential for legal liability might discourage important security research.

  • August’s Featured Extensions
  • Mozilla B-Team: happy bmo push day!

Mozilla: Dweb, Ruby on Rails and More

Filed under
Moz/FF
  • Introducing the Dweb

    The web is the most successful programming platform in history, resulting in the largest open and accessible collection of human knowledge ever created. So yeah, it’s pretty great. But there are a set of common problems that the web is not able to address.

  • Firefox needs some more RAM to run your Rails system tests

    A quick fix for an annoying (and not very descriptive) error Browsing context has been discarded when setting up Ruby on Rails system tests with Firefox headless.

  • Cameron McCormack: Back

    Since coming back, I’ve been serving as technical lead for the Firefox Layout team, which really just means being a bit more involved, along with Maire and our new Layout team manager Sean, in the team’s planning work. We’ve got a lot going on! It also means getting back into standards work, and I had a great time meeting old friends and colleagues at the CSS Working Group’s meeting last month in Sydney.

  • Checking minidumps for memory corruption

    Recently I was investigating some Firefox crashes that were occurring in the style system, somewhere in Rust code. These were persistent, low frequency crashes, being reported around 25 times per day. Our crash report database, crash-stats, indexes crashes by signature, which is the top one or more stack frames. From the bug report, I could see that these crashes were all in the same function, although the exact stack trace that led to calling this function varied across crashes.

    On a good day, looking at a crash report will reveal the bug without too much effort. For example, it’s usually easy to see when a null pointer has been dereferenced (the address being read or written will be somewhere around 0x0), and hopefully it’s obvious from looking at the surrounding code whether a null pointer should have been guarded against. On a bad day, you can spend hours working backwards from the crash, trying to work out how the program ended up where it did.

Mozilla is Evolving the Firefox Brand (New Logo/s)

Filed under
Moz/FF
  • Evolving the Firefox Brand

    Say “Firefox” and most people think of a web browser on their laptop or phone, period. TL;DR, there’s more to the story now, and our branding needs to evolve.

    With the rapid evolution of the internet, people need new tools to make the most of it. So Firefox is creating new types of browsers and a range of new apps and services with the internet as the platform. From easy screen-shotting and file sharing to innovative ways to access the internet using voice and virtual reality, these tools will help people be more efficient, safer, and in control of their time online. Firefox is where purpose meets performance.

  • Jim Hall: What an icon says about you

    Once upon a time, the Netscape "N" was instantly recognizable as the web browser's brand icon. Later, the organization spun off into Mozilla, represented by a less memorable big red dragon head. Finally, we have Firefox, represented by a stylized fox wrapped around a small globe. The fox icon has represented the Firefox brand for years, although now the Firefox organization wants to change the brand icon.

    From an article in Venture Beat: "For most people, Firefox refers to a browser, but the company wants the brand to encompass all the various apps and services that the Firefox family of internet products cover," and "The fox with a flaming tail 'doesn't offer enough design tools to represent this entire product family'." The Firefox name will remain, but the branding will change.

  • Mozilla Is Changing Firefox Logo After Years, Wants Your Feedback

    When we think of the Firefox browser, the image of the red panda logo immediately comes to our mind. Mozilla is about to change that, and a redesigned logo will represent the versatility of products the company has started making.

    As per its blog post, Mozilla is going through possible design considerations and has invited users to post their comments. It wants to know whether the new design system still feels like Firefox, reinforces Firefox’s speed, reliability, wit and at the same time represents Mozilla’s position as a people over profit company.

Syndicate content

More in Tux Machines

GNOME: NVMe Firmware and GSConnect

  • Richard Hughes: NVMe Firmware: I Need Your Data
    In a recent Google Plus post I asked what kind of hardware was most interesting to be focusing on next. UEFI updating is now working well with a large number of vendors, and the LVFS “onboarding” process is well established now. On that topic we’ll hopefully have some more announcements soon. Anyway, back to the topic in hand: The overwhelming result from the poll was that people wanted NVMe hardware supported, so that you can trivially update the firmware of your SSD. Firmware updates for SSDs are important, as most either address data consistency issues or provide nice performance fixes.
  • Gnome Shell Android Integration Extension GSConnect V12 Released
    GSConnect v12 was released yesterday with changes like more resilient sshfs connections (which should make browsing your Android device from the desktop more reliable), fixed extension icon alignment, along with other improvements. GSConnect is a Gnome Shell extension that integrates your Android device(s) with the desktop. The tool makes use of the KDE Connect protocol but without using any KDE dependencies, keeping your desktop clean of unwanted packages.
  • Linux Release Roundup: Communitheme, Cantata & VS Code
    GSconnect is a magical GNOME extension that lets your Android phone integrate with your Linux desktop. So good, in fact, that Ubuntu devs want to ship it as part of the upcoming Ubuntu 18.10 release (though last I heard it probably just end up in the repos instead). Anyway, a new version of GSconnect popped out this week. GSconnect v12 adds a nifty new features or two, as well as a few fixes here, and a few UI tweaks there.

Red Hat Leftovers

  • Red Hat Advances Container Storage
    Red Hat has moved to make storage a standard element of a container platform with the release of version 3.1 of Red Hat OpenShift Container Storage (OCS), previously known as Red Hat Container Native Storage. Irshad Raihan, senior manager for product marketing for Red Hat Storage, says Red Hat decided to rebrand its container storage offering to better reflect its tight integration with the Red Hat OpenShift platform. In addition, the term “container native” continues to lose relevance given all the different flavors of container storage that now exist, adds Raihan. The latest version of the container storage software from Red Hat adds arbiter volume support to enable high availability with efficient storage utilization and better performance, enhanced storage monitoring and configuration via the Red Hat implementation of the Prometheus container monitoring framework, and block-backed persistent volumes (PVs) that can be applied to both general application workloads and Red Hat OpenShift Container Platform (OCP) infrastructure workloads. Support for PVs is especially critical because to in the case of Red Hat OCS organizations can deploy more than 1,000 PVs per cluster, which helps to reduce cluster sprawl within the IT environment, says Raihan.
  • Is Red Hat Inc’s (NYSE:RHT) ROE Of 20.72% Sustainable?
  • FPgM report: 2018-33

OSS Leftovers

  • Infineon enables open source TSS ESAPI layer
    This is the first open source TPM middleware that complies with the Software Stack (TSS) Enhanced System API (ESAPI) specification of the Trusted Computing Group . “The ease of integration on Linux and other embedded platforms that comes with the release of the TPM 2.0 ESAPI stack speeds up the adoption of TPM 2.0 in embedded systems such as network equipment and industrial systems,” says Gordon Muehl, Global CTO Security at Huawei.
  • Open source RDBMS uses spurred by lower costs, cloud options
    As the volumes of data generated by organizations get larger and larger, data professionals face a dilemma: Must database bills get bigger in the process? And, increasingly, IT shops with an eye on costs are looking to open source RDBMS platforms as a potential alternative to proprietary relational database technologies.
  • Progress open sources ABL code in Spark Toolkit
    New England headquartered application development company Progress is flexing its programmer credentials this month. The Massachusetts-HQ’d firm has now come forward with its Progress Spark Toolkit… but what is it? The Progress Spark Toolkit is a set of open source ABL code combined with some recommended best-practices.
  • Mixing software development roles produces great results
    Most open source communities don’t have a lot of formal roles. There are certainly people who help with sysadmin tasks, testing, writing documentation, and translating or developing code. But people in open source communities typically move among different roles, often fulfilling several at once. In contrast, team members at most traditional companies have defined roles, working on documentation, support, QA, and in other areas. Why do open source communities take a shared-role approach, and more importantly, how does this way of collaborating affect products and customers? Nextcloud has adopted this community-style practice of mixing roles, and we see large benefits for our customers and our users.
  • FOSS Project Spotlight: SIT (Serverless Information Tracker)
    In the past decade or so, we've learned to equate the ability to collaborate with the need to be online. The advent of SaaS clearly marked the departure from a decentralized collaboration model to a heavily centralized one. While on the surface this is a very convenient delivery model, it simply doesn't fit a number of scenarios well. As somebody once said, "you can't FTP to Mars", but we don't need to go as far. There are plenty of use cases here on Earth that are less than perfectly suited for this "online world". Lower power chips and sensors, vessel/offshore collaboration, disaster recovery, remote areas, sporadically reshaping groups—all these make use of central online services a challenge. Another challenge with centralization is somewhat less thought of—building software that can handle a lot of concurrent users and that stores and processes a lot of information and never goes down is challenging and expensive, and we, as consumers, pay dearly for that effort. And not least important, software in the cloud removes our ability to adapt it perfectly for use cases beyond its owner's vision, scope and profitability considerations. Convenience isn't free, and this goes way beyond the price tag.
  • ProtonMail's open source encryption library, OpenPGPjs, passes independent audit
    ProtonMail, the secure email provider, has just had its credentials re-affirmed after its encryption library, OpenPGPjs, passed an independent security audit. The audit was carried out by the respected security firm, Cure53, after the developer community commissioned a review following the release of OpenPGPjs 3.0 back in March.
  • Uber Announces Open Source Fusion.js Framework
    Uber Announces Fusion.js, an open source "Plugin-based Universal Web Framework." In the announcement, Uber senior software engineer Leo Horie explains that Uber builds hundreds of web-based applications, and with web technologies changing quickly and best practices continually evolving, it is a challenge to have hundreds of web engineers leverage modern language features while staying current with the dynamic nature of the web platform. Fusion.js is Uber's solution to this problem.
  •  
  • ASAN And LSAN Work In rr
    AddressSanitizer has worked in rr for a while. I just found that LeakSanitizer wasn't working and landed a fix for that. This means you can record an ASAN build and if there's an ASAN error, or LSAN finds a leak, you can replay it in rr knowing the exact addresses of the data that leaked — along with the usual rr goodness of reverse execution, watchpoints, etc. Well, hopefully. Report an issue if you find more problems.
  • Oracle Open-Sources GraphPipe to Support ML Development
    Oracle on Wednesday announced that it has open-sourced GraphPipe to enhance machine learning applications. The project's goal is to improve deployment results for machine learning models, noted Project Leader Vish Abrams. That process includes creating an open standard. The company has a questionable relationship with open source developers, so its decision to open-source GraphPipe might not receive a flood of interest. Oracle hopes developers will rally behind the project to simplify and standardize the deployment of machine learning models. GraphPipe consists of a set of libraries and tools for following a deployment standard.
  • OERu makes a college education affordable
    Open, higher education courses are a boon to adults who don’t have the time, money, or confidence to enroll in traditional college courses but want to further their education for work or personal satisfaction. OERu is a great option for these learners. It allows people to take courses assembled by accredited colleges and universities for free, using open textbooks, and pay for assessment only when (and if) they want to apply for formal academic credit. I spoke with Dave Lane, open source technologist at the Open Education Resource Foundation, which is OERu’s parent organization, to learn more about the program. The OER Foundation is a nonprofit organization hosted by Otago Polytechnic in Dunedin, New Zealand. It partners with organizations around the globe to provide leadership, networking, and support to help advance open education principles.
  • Tomu Is A Tiny, Open Source Computer That Easily Fits In Your USB Port
    There are a number of USB stick computers available in the market at varying prices. One of them that really stands out is Tomu — a teeny weeny ARM processor that can entirely fit inside your computer’s USB port. Tomu is based on Silicon Labs Happy Gecko EFM32HG309 Arm Cortex-M0+ microcontroller that runs at 25 MHz. It sports 8 kb of RAM and 60 kb of flash onboard. In spite of the small size, it supports two LEDs and two capacitance touch buttons.
  • RcppArmadillo 0.9.100.5.0
    A new RcppArmadillo release 0.9.100.5.0, based on the new Armadillo release 9.100.5 from earlier today, is now on CRAN and in Debian. It once again follows our (and Conrad's) bi-monthly release schedule. Conrad started with a new 9.100.* series a few days ago. I ran reverse-depends checks and found an issue which he promptly addressed; CRAN found another which he also very promptly addressed. It remains a true pleasure to work with such experienced professionals as Conrad (with whom I finally had a beer around the recent useR! in his home town) and of course the CRAN team whose superb package repository truly is the bedrock of the R community.
  • PHP version 7.1.21 and 7.2.9
    RPM of PHP version 7.2.9 are available in remi repository for Fedora 28 and in remi-php72 repository for Fedora 25-27 and Enterprise Linux ≥ 6 (RHEL, CentOS). RPM of PHP version 7.1.21 are available in remi repository for Fedora 26-27 and in remi-php71 repository for Fedora 25 and Enterprise Linux (RHEL, CentOS).

GNU/Linux on Laptops and Desktops

  • Endless OS and Asus, Update on L1TF Exploit, Free Red Hat DevConf.US in Boston, Linux 4.19 Kernel Update
    Some of us may recall a time when ASUS used to ship a stripped down version of Xandros Linux with their line of Eee PC netbooks. Last week, the same company announced that Endless OS will be supporting non-OS offerings of their product. However it comes with a big disclaimer stating that ASUS will not officially support the operating system's compatibility issues.
  • The Chromebook Grows Up
    What started out as a project to provide a cheap, functional, secure and fast laptop experience has become so much more. Chromebooks in general have suffered from a lack of street-cred acceptance. Yes, they did a great job of doing the everyday basics—web browsing and...well, that was about it. Today, with the integration of Android apps, all new and recently built Chrome OS devices do much more offline—nearly as much as a conventional laptop or desktop, be it video editing, photo editing or a way to switch to a Linux desktop for developers or those who just like to do that sort of thing.
  • Windows 10 Linux Distribution Overload? We have just the thing [Ed: Microsoft is still striving to control and master GNU/Linux through malware, Vista 10]
  • What Dropbox dropping Linux support says
    You've probably already heard by now that Dropbox is nixing support for all Linux file systems but unencrypted ext4. When this was announced, much of the open source crowd was up in arms—and rightfully so. Dropbox has supported Linux for a long time, so this move came as a massive surprise.
  • Winds Beautifully Combines Feed Reader and Podcast Player in One Single App
    Billboard top 50 playlist is great for commuting. But I’m a nerd so I mostly prefer podcasts. Day after day, listening to podcasts on my phone has turned into a habit for the better and now, I crave my favorite podcasts even when I’m home, sitting in front of my computer. Thus began, my hunt for the perfect podcast app for Linux. Desktop Linux doesn’t have a huge selection of dedicated podcast applications. Of course, you can use Rhythmbox music player or VLC Media player to download podcasts (is there anything VLC can’t do?). There are even some great command line tools to download podcasts if you want to go down that road.
  • VirtualBox 5.2.18 Maintenance Update fixed VM process termination on RDP client disconnect
    Virtualbox developers released a maintenance update for virtualization solution on the 14th of August, 2018. The latest update raised the version of VirtualBox to 5.2.18. The improvements and additions have been welcomed by several users as it makes the virtualization product even more convenient to use.