DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

LastPass Bugs Allow Malicious Websites To Steal Passwords ( 126

Earlier this month, a Slashdot reader asked fellow Slashdotters what they recommended regarding the use of password managers. In their post, they voiced their uncertainty with password managers as they have been hacked in the past, citing an incident in early 2016 where LastPass was hacked due to a bug that allowed users to extract passwords stored in the autofill feature. Flash forward to present time and we now have news that three separate bugs "would have allowed a third-party to extract passwords from users visiting a malicious website." An anonymous Slashdot reader writes via BleepingComputer: LastPass patched three bugs that affected the Chrome and Firefox browser extensions, which if exploited, would have allowed a third-party to extract passwords from users visiting a malicious website. All bugs were reported by Google security researcher Tavis Ormandy, and all allowed the theft of user credentials, one bug affecting the LastPass Chrome extension, while two impacted the LastPass Firefox extension [1, 2]. The exploitation vector was malicious JavaScript code that could be very well hidden in any online website, owned by the attacker or via a compromised legitimate site.

Firefox for Linux is Now Netflix Compatible ( 70

Brian Fagioli, writing for BetaNews: For a while, Netflix was not available for traditional Linux-based operating systems, meaning users were unable to enjoy the popular streaming service without booting into Windows. This was due to the company's reliance on Microsoft Silverlight. Since then, Netflix adopted HTML5, and it made Google Chrome and Chromium for Linux capable of playing the videos. Unfortunately, Firefox -- the open source browser choice for many Linux users -- was not compatible. Today this changes, however, as Mozilla's offering is now compatible with Netflix!

Firefox Goes PulseAudio Only, Leaves ALSA Users With No Sound ( 322

An anonymous reader shares a report: If you're a Linux user who upgraded to Firefox 52 only to find that the browser no longer plays sound, you're not alone. Firefox 52 saw release last week and it makes PulseAudio a hard dependency -- meaning ALSA only desktops are no longer supported. Ubuntu uses PulseAudio by default (as most modern Linux distributions do) so the switch won't affect most -- but some Linux users and distros do prefer, for various reasons, to use ALSA, which is part of the Linux kernel. Lubuntu 16.04 LTS is one of the distros that use ALSA by default. Lubuntu users who upgraded to Firefox 52 through the regular update channel were, without warning, left with a web browser that plays no sound. Lubuntu 16.10 users are not affected as the distro switched to PulseAudio.

Will WebAssembly Replace JavaScript? ( 235

On Tuesday Firefox 52 became the first browser to support WebAssembly, a new standard "to enable near-native performance for web applications" without a plug-in by pre-compiling code into low-level, machine-ready instructions. Mozilla engineer Lin Clark sees this as an inflection point where the speed of browser-based applications increases dramatically. An anonymous reader quotes David Bryant, the head of platform engineering at Mozilla. This new standard will enable amazing video games and high-performance web apps for things like computer-aided design, video and image editing, and scientific visualization... Over time, many existing productivity apps (e.g. email, social networks, word processing) and JavaScript frameworks will likely use WebAssembly to significantly reduce load times while simultaneously improving performance while running... developers can integrate WebAssembly libraries for CPU-intensive calculations (e.g. compression, face detection, physics) into existing web apps that use JavaScript for less intensive work... In some ways, WebAssembly changes what it means to be a web developer, as well as the fundamental abilities of the web.
Mozilla celebrated with a demo video of the high-resolution graphics of Zen Garden, and while right now WebAssembly supports compilation from C and C++ (plus some preliminary support for Rust), "We expect that, as WebAssembly continues to evolve, you'll also be able to use it with programming languages often used for mobile apps, like Java, Swift, and C#."

Firefox 52 Is The Last Version of Firefox For Windows XP and Vista ( 119

Mozilla has confirmed that Firefox 52, the new version of its browser it made available earlier this week, will be the last major version to support two legacy operating systems - Windows XP and Windows Vista. The company said future versions will require Windows users to be on a machine that has at a minimum Windows 7 running on it.

Developer Proclaims Death of Cyberfox Web Browser ( 52

In a forum entitled "Cyberfox and its future direction," the lead developer of Cyberfox proclaimed the death of their web browser. The lead developer, Toady, writes: "Over the years the Cyberfox project has grown immensely and its thanks to all the amazing support of our users and has been an amazing couple of years this however has demanded far more of my time causing me to drop allot of projects and passions id like to pursue, the time factor this project has demanded has also take a toll lifestyle wise as have the changes made by Mozilla requiring more and more time to maintain so its come to a point where i recently had to assess the direction of this project and the direction i wish to head for the future. This has being no easy choice and the last few months allot of thinking about the direction of this project has taken place." He continues, "This project has been amazing no one could ask for a better project or community sadly as much as i love this project my heart is no longer fully in it, dreams of pursuing game development were pushed aside and lifestyle steadily declined ultimately slowly coming to this point where changes and choices have to be made ones that will affect this project and the future of what i have spent all these years building." Ghacks Technology News reports: The death of Cyberfox, or more precisely, the announcement of end of life for the web browser may come as a shock to users who run it. It should not be too much of a surprise though for users who keep an eye on the browser world and especially Mozilla and Firefox. Mozilla announced major changes to Firefox, some of which landed already, some are in process, and others are announced for 2017. [Some of the critical changes:] Multi-process Firefox is almost done, plugins are out except for Flash and Firefox ESR, Windows XP and Vista users are switched to Firefox ESR so that the operating systems are supported for eight additional releases, and WebExtensions will replace all other add-on systems of the browser. That's a lot of change, especially for projects that are maintained by a small but dedicated group of developers such as Cyberfox. The author of Cyberfox made the decision to switch the browser's release channel to Firefox 52.0 ESR. This means that Cyberfox will be supported with security updates for the next eight release cycles, but new features that Mozilla introduces in Firefox Stable won't find their way into the browser anymore. UPDATE 3/07/17: We have updated the headline to clarify that Cyberfox, specifically, is the browser that will be coming to an end. We have also added an excerpt from the developer's post. Toady clarified at the end of his post: "The largest factor was lifestyle a nicer way of saying health issues without making it to personalized."

Mozilla Firefox 52 Released As ESR Branch, Will Receive Security Updates Until 2018 ( 91

prisoninmate quotes a report from Softpedia: Back in January, we told you that the development of the Mozilla Firefox 52.0 kicked off with the first Beta release and promised to let users send and open tabs from one device to another, among numerous other improvements and new features. Nine beta builds later, Mozilla has pushed today, March 7, the final binary and source packages of the Mozilla Firefox 52.0 web browser for all supported platforms, including GNU/Linux, macOS, and Windows. The good news is that Firefox 52.0 is an ESR (Extended Support Release) branch that will be supported until March-April 2018. Prominent features of the Mozilla Firefox 52.0 ESR release include support for the emerging WebAssembly standard to boost the performance of Web-based games and apps without relying on plugins, the ability to send and open tabs from one device to another, as well as multi-process for Windows users with touchscreens. With each new Firefox release, Mozilla's developers attempt to offer new ways to improve the security of the widely-used web browser across all supported platforms. Firefox 52.0 ESR implements a "This connection is not secure" warning for non-secure pages that require user logins, along with a new Strict Secure Cookies specification.

Microsoft Browser Usage Drops 50% As Chrome Soars ( 205

An anonymous reader quotes Network World's report about new statistics from analytics vendor Net Applications: From March 2015 to February 2017, the use of Microsoft's IE and Edge on Windows personal computers plummeted. Two years ago, the browsers were run by 62% of Windows PC owners; last month, the figure had fallen by more than half, to just 27%. Simultaneous with the decline of IE has been the rise of Chrome. The user share of Google's browser -- its share of all browsers on all operating systems -- more than doubled in the last two years, jumping from 25% in March 2015 to 59.5% last month. Along the way, Chrome supplanted IE to become the world's most-used browser...

In the last 24 months, Mozilla's Firefox -- the other major browser alternative to Chrome for macOS users -- has barely budged, losing just two-tenths of a percentage point in user share. [And] in March 2015, an estimated 69% of all Mac owners used Safari to go online. But by last month, that number had dropped to 56%, a drop of 13 percentage points -- representing a decline of nearly a fifth of the share of two years prior.


Which Linux Browser Is The Fastest? ( 160

ZDNet's Networking blog calls Firefox "the default web browser for most Linux distributions" and "easily the most popular Linux web browser" (with 51.7% of the vote in a recent survey by LinuxQuestions, followed by Chrome with 15.67%). But is it the fastest? An anonymous reader writes: ZDNet's Networking blog just ran speed tests on seven modern browsers -- Firefox, Chrome, Chromium, Opera (which is also built on Chromium), GNOME Web (formerly Epiphany), and Vivaldi (an open-source fork of the old Opera code for power-users). They subjected each browser to the JavaScript test suites JetStream, Kraken, and Octane, as well as reaction speed-testing by Speedometer and scenarios from WebXPRT, adding one final test for compliance with the HTML5 standard.

The results? Firefox emerged "far above" the other browsers for the everyday tasks measured by WebXPRT, but ranked near the bottom in all of the other tests. "Taken all-in-all, I think Linux users should look to Chrome for their web browser use," concludes ZDNet's contributing editor. "When it's not the fastest, it's close to being the speediest. Firefox, more often than not, really isn't that fast. Of the rest, Opera does reasonably well. Then, Chromium and Vivaldi are still worth looking at. Gnome Web, however, especially with its dreadful HTML 5 compatibility, doesn't merit much attention."

The article also reports some formerly popular Linux browsers are no longer being maintained, linking to a KDE forum discussion that concludes that Konqueror and Rekonq "are both more or less dead."

Mozilla Acquires Pocket and Its More Than 10 Million Users ( 82

An anonymous reader quotes a report from Recode: Mozilla, the company behind the Firefox web browser, is buying Pocket, the read-it-later service, for an undisclosed amount. Pocket, which is described by Mozilla as its first strategic acquisition, will continue to operate as a Mozilla subsidiary. Founder Nate Weiner will continue to run Pocket, along with his team of about 25 people. Pocket, previously known as Read It Later, lets users bookmark articles, videos and other content to read or view later on the web or a mobile device. It's great for things like saving offline copies of web articles to read on plane rides or subway commutes, especially where internet access is sparse. Pocket, which was founded in 2007, has more than 10 million monthly active users, according to a rep. That's not bad, but suggests it's still a fairly niche service, especially as big firms like Facebook and Apple build simple "reading list" features into their platforms.

Mozilla Thunderbird Finally Makes Its Way Back Into Debian's Repos ( 47

prisoninmate quotes a report from Softpedia: A year ago, we told you that, after ten long years, the Debian Project finally found a way to switch their rebranded Iceweasel web browser back to Mozilla Firefox, both the ESR (Extended Support Release) and normal versions, but one question remained: what about the Mozilla Thunderbird email, news, and calendar client? Well, that question has an official answer today, as the Mozilla Thunderbird packages appear to have landed in the Debian repositories as a replacement for Icedove, the rebranded version that Debian Project was forced to use for more than ten years due to trademark issues. "Thunderbird is back in Debian! We also renamed other related packages to use official names, e.g. iceowl-extension -> lightning. For now, we need testers to catch existing issues and things we haven't seen until now," said Christoph Goehre in the mailing list announcement. You can find out how to migrate your Icedove profiles to Thunderbird via Softpedia's report.

Mozilla Will Deprecate XUL Add-ons Before the End of 2017 225

Artem Tashkinov writes: Mozilla has published a plan of add-ons deprecation in future Firefox releases. Firefox 53 will run in multi process mode by default for all users with some exceptions. Most add ons will continue to function, however certain add ons have already ceased to function because they don't expect multi user mode under the hood. Firefox 54-56 will introduce even more changes which will ultimately break even more addons. Firefox 57, which will be preliminarily released on the 28th of Novermber, 2017, will only run WebExtensions: which means no XUL (overlay) add ons, no bootstrapped extensions, no SDK extensions and no Embedded WebExtensions. In other words by this date the chromification of Firefox will have been completed. If you depend on XUL add ons your only choice past this date will be Pale Moon.
Open Source

LinuxQuestions Users Choose Their Favorite Distro: Slackware ( 145

ZDNet summarizes some of the surprises in this year's poll on LinuxQuestions, "one of the largest Linux groups with 550,000 member". An anonymous reader quotes their report: The winner for the most popular desktop distribution? Slackware...! Yes, one of the oldest of Linux distributions won with just over 16% of the vote. If that sounds a little odd, it is. On DistroWatch, a site that covers Linux distributions like paint, the top Linux desktop distros are Mint, Debian, Ubuntu, openSUSE, and Manjaro. Slackware comes in 28th place... With more than double the votes for any category, it appears there was vote-stuffing by Slackware fans... The mobile operating system race was a runaway for Android, with over 68% of the vote. Second place went to CyanogenMod, an Android clone, which recently went out of business...

Linux users love to debate about desktop environments. KDE Plasma Desktop took first by a hair's breadth over the popular lightweight Xfce desktop. Other well-regarded desktop environments, such as Cinnamon and MATE, got surprisingly few votes. The once popular GNOME still hasn't recovered from the blowback from its disliked design change from GNOME 2 to GNOME 3.

Firefox may struggle as a web browser in the larger world, but on Linux it's still popular. Firefox took first place with 51.7 percent of the vote. Chrome came in a distant second place, with the rest of the vote being divided between a multitude of obscure browsers.

LibreOffice won a whopping 89.6% of the vote for "best office suite" -- and Vim beat Emacs.

Most of the Web Really Sucks If You Have a Slow Connection ( 325

Dan Luu, hardware/software engineer at Microsoft, writes in a blog post: While it's easy to blame page authors because there's a lot of low-hanging fruit on the page side, there's just as much low-hanging fruit on the browser side. Why does my browser open up 6 TCP connections to try to download six images at once when I'm on a slow satellite connection? That just guarantees that all six images will time out! I can sometimes get some images to load by refreshing the page a few times (and waiting ten minutes each time), but why shouldn't the browser handle retries for me? If you think about it for a few minutes, there are a lot of optimizations that browsers could do for people on slow connections, but because they don't, the best current solution for users appears to be: use w3m when you can, and then switch to a browser with ad-blocking when that doesn't work. But why should users have to use two entirely different programs, one of which has a text-based interface only computer nerds will find palatable?

Mozilla To Drop Support For All NPAPI Plugins In Firefox 52 Except Flash ( 163

The Netscape Plugins API is "an ancient plugins infrastructure inherited from the old Netscape browser on which Mozilla built Firefox," according to Bleeping Computer. But now an anonymous reader writes: Starting March 7, when Mozilla is scheduled to release Firefox 52, all plugins built on the old NPAPI technology will stop working in Firefox, except for Flash, which Mozilla plans to support for a few more versions. This means technologies such as Java, Silverlight, and various audio and video codecs won't work on Firefox.

These plugins once helped the web move forward, but as time advanced, the Internet's standards groups developed standalone Web APIs and alternative technologies to support most of these features without the need of special plugins. The old NPAPI plugins will continue to work in the Firefox ESR (Extended Support Release) 52, but will eventually be deprecated in ESR 53. A series of hacks are available that will allow Firefox users to continue using old NPAPI plugins past Firefox 52, by switching the update channel from Firefox Stable to Firefox ESR.


Mozilla Binds Firefox's Fate To The Rust Language ( 236

An anonymous reader quotes InfoWorld: After version 53, Firefox will require Rust to compile successfully, due to the presence of Firefox components built with the language. But this decision may restrict the number of platforms that Firefox can be ported to -- for now... Rust depends on LLVM, which has dependencies of its own -- and all of them would need to be supported on the target platform. A discussion on the Bugzilla tracker for Firefox raises many of these points...

What about proper support for Linux distributions with long-term support, where the tools available on the distro are often frozen, and where newer Rust features might not be available? What about support for Firefox on "non-tier-1" platforms, which make up a smaller share of Firefox users? Mozilla's stance is that in the long run, the pain of transition will be worth it. "The advantage of using Rust is too great," according to maintainer Ted Mielczarek. "We normally don't go out of our way to make life harder for people maintaining Firefox ports, but in this case we can't let lesser-used platforms restrict us from using Rust in Firefox."

InfoWorld points out most Firefox users won't be affected, adding that those who are should "marshal efforts to build out whatever platforms need Rust support." Since most users just want Mozilla to deliver a fast and feature-competitive browser, the article concludes that "The pressure's on not only to move to Rust, but to prove the move was worth it."

Firefox Fail: Layoffs Kill Mozilla's Push Beyond the Browser ( 319

So much for Mozilla's quest to bring Firefox to new and different places. From a report on CNET: The nonprofit organization told employees Thursday that it is eliminating the team tasked with bringing Firefox to connected devices. The cuts affect about 50 people. Ari Jaaksi, the senior vice president in charge of the effort, is leaving, and Bertrand Neveux, director of the group's software, has told coworkers he will depart too. Mozilla had about 1,000 employees at the end of 2016. The layoffs greatly curtail the nonprofit organization's ability to make Firefox relevant again. Once a dominant choice for internet browsing, it has long been overshadowed by Google's Chrome. Mozilla tried to take the web technology powering Firefox to other devices, but struggled to get acceptance. Its shrinking influence comes at a time when more people are browsing the internet on their phones -- an area where Firefox is particularly weak.

Google Chrome Engineer Says Windows Defender 'the Only Well Behaved Antivirus', Cites 'Tons of Empirical Data' ( 231

Days after former Firefox developer Robert O'Callahan said that antivirus security suites are not necessary, and AV vendors are of little help. A Google Chrome engineer has echoed the same message, reaffirming that Microsoft's built-in software is indeed the most well-behaved security suite. From a report: Apparently the disdain for 3rd party AV solutions runs deep amongst browser developers, as in response to the threads a Google engineer, Justin Schuh, had this to say: "Browser makers don't complain about Microsoft Defender because we have tons of empirical data showing that it's the only well behaved AV."

You Don't Need an Antivirus (Except Microsoft's Built-in on Windows), Says Former Firefox Developer ( 352

Former Firefox developer Robert O'Callahan believes that antivirus software is not necessary, AV vendors are of little help, and that you should uninstall your antivirus software immediately. From a blog post: Users have been fooled into associating AV vendors with security and you don't want AV vendors bad-mouthing your product. AV software is broadly installed and when it breaks your product, you need the cooperation of AV vendors to fix it. (You can't tell users to turn off AV software because if anything bad were to happen that the AV software might have prevented, you'll catch the blame.) When your product crashes on startup due to AV interference, users blame your product, not AV. Worse still, if they make your product incredibly slow and bloated, users just think that's how your product is.

Wine 2.0 Released ( 202

An anonymous reader quotes a report from Softpedia: It's finally here! After so many months of development and hard work, during which over 6,600 bugs have been patched, the Wine project is happy to announce today, January 24, 2017, the general availability of Wine 2.0. Wine 2.0 is the biggest and most complete version of the open-source software project that allows Linux and macOS users to run applications and games designed only for Microsoft Windows operating systems. As expected, it's a massive release that includes dozens of improvements and new features, starting with support for Microsoft Office 2013 and 64-bit application support on macOS. Highlights of Wine 2.0 include the implementation of more DirectWrite features, such as drawing of underlines, font fallback support, and improvements to font metrics resolution, font embedding in PDF files, Unicode 9.0.0 support, Retina rendering mode for the macOS graphics driver, and support for gradients in GDI enhanced metafiles. Additional Shader Model 4 and 5 shader instructions have been added to Direct3D 10 and Direct3D 11 implementation, along with support for more graphics cards, support for Direct3D 11 feature levels, full support for the D3DX (Direct3D Extension) 9 effect framework, as well as support for the GStreamer 1.0 multimedia framework. The Gecko engine was updated to Firefox 47, IDN name resolutions are now supported out-of-the-box, and Wine can correctly handle long URLs. The included Mono engine now offers 64-bit support, as well as the debug registers. Other than that, the winebrowser, winhlp32, wineconsole, and reg components received improvements. You can read the full list of features and download Wine 2.0 from WineHQ's websiteS.

Slashdot Top Deals