Mozilla

Firefox Marketing Head Expresses Concerns Over Google's Apparent 'Only Be On Chrome' Push (medium.com) 130

Eric Petitt, head up Firefox marketing, writing in a blog: I use Chrome every day. Works fine. Easy to use. There are multiple things that bug me about the Chrome product, for sure, but I'm OK with Chrome. I just don't like only being on Chrome. And that's what Chrome wants. It wants you to only use Chrome. Chrome is not evil, it's just too big for its britches. Its influence on the internet economy and individuals is out of balance. Chrome, with 4 times the market share of its nearest competitor (Firefox), is an eight-lane highway to the largest advertising company in the world. Google built it to maximize revenue from your searches and deliver display ads on millions of websites. To monetize every... single... click. And today, there exists no meaningful safety valve on its market dominance. Beyond Google, the web looks more and more like a feudal system, where the geography of the web has been partitioned off by the Frightful Five. Google, Facebook, Microsoft, Apple and Amazon are our lord and protectors, exacting a royal sum for our online behaviors. We're the serfs and tenants, providing homage inside their walled fortresses. Noble upstarts are erased or subsumed under their existing order. (Footnote: Petitt has made it clear that the aforementioned views are his own, and not those of Mozilla.)
United States

Aftermath From The Net Neutrality Vote: A Mass Movement To Protect The Open Internet? (mashable.com) 132

After Thursday's net neutrality vote, two security guards pinned a reporter against a wall until FCC Commissioner Michael O'Rielly had left the room, the Los Angeles Times reports. The Writers Guild of America calls the FCC's 2-to-1 vote to initiate a repeal of net neutrality rules a "war on the open internet," according to The Guardian. But the newspaper now predicts that online activists will continue their massive campaign "as the month's long process of reviewing the rules begins." The Hill points out that Mozilla is already hiring a high-profile tech lobbyist to press for both cybersecurity and an open internet, and in a blog post earlier this week the Mozilla Foundation's executive director sees a larger movement emerging from the engagement of millions of internet users. Today's support for net neutrality isn't the start of the Internet health movement. People have been standing up for an open web since its inception -- by advocating for browser choice, for open source practices, for mass surveillance reform. But net neutrality is an opportunity to propel this movement into the mainstream... If we make Internet health a mainstream issue, we can cement the web as a public resource. If we don't, mass surveillance, exclusion and insecurity can creep into every aspect of society. Hospitals held hostage by rogue hackers can become the status quo.
Meanwhile, The Guardian reports that it's not till the end of the FCC's review process that "a final FCC vote will decide the future of internet regulation," adding that however they vote, "court challenges are inevitable."
Firefox

Firefox 55: Flash Will Become 'Ask To Activate' For Everyone (bleepingcomputer.com) 114

An anonymous reader quotes a report from BleepingComputer: Starting with the release of Firefox 55, the Adobe Flash plugin for Firefox will be set to "Ask to Activate" by default for all users. This move was announced in August 2016, as part of Mozilla's plan to move away from plugins built around the NPAPI technology. Flash is currently the only NPAPI plugin still supported in Firefox, and moving its default setting from "Always Activate" to "Ask to Activate" is just another step towards the final step of stop supporting Flash altogether. This new Flash default setting is already live in Firefox's Nightly Edition and will move through the Alpha and Beta versions as Firefox nears its v55 Stable release. By moving Flash to a click-to-play setting, Firefox will indirectly start to favor HTML5 content over Flash for all multimedia content. Other browsers like Google Chrome, Brave, or Opera already run Flash on a click-to-play setting, or disabled by default. Firefox is scheduled to be released on August 8, 2017.
Television

HBO's 'Silicon Valley' Joins The Push For A Decentralized Web (ieee.org) 115

Tekla Perry writes: HBO's fictional Silicon Valley character Richard Hendricks sets out to reinvent the Internet into something decentralized. ["What if we used all those phones to build a massive network...we could build a completely decentralized version of our current Internet with no firewalls, no tolls, no government regulation, no spying. Information would be totally free in every sense of the word."] That sound a lot like what Brewster Kahle, Tim Berners-Lee, and Vint Cerf have been calling the decentralized web. Kahle tells IEEE Spectrum about how closely HBO's vision matches his own, and why he's happy to have this light shined on the movement.
In 2015 Kahle pointed out the current web isn't private. "People, corporations, countries can spy on what you are reading. And they do." But in a decentralized web, "the bits will be distributed -- across the net -- so no one can track the readers of a site from a single point or connection."

He tells IEEE Spectrum that though the idea is hard to execute, a lot of people are already working on it. "I recently talked to a couple of engineers working for Mozilla, and brought up the idea of decentralizing the web. They said, 'Oh, we have a group working on that, are you thinking about that as well?'"
Mozilla

Email Client Thunderbird To Stay With The Mozilla Foundation, Sort Of (mozilla.org) 100

Philipp Kewisch, writing for Mozilla: The investigations on Thunderbird's future home have concluded. The Mozilla Foundation has agreed to serve as the legal and fiscal home for the Thunderbird project, but Thunderbird will migrate off Mozilla Corporation infrastructure, separating the operational aspects of the project. [...] The Mozilla Foundation has agreed to continue as Thunderbird's legal, fiscal and cultural home, with the following provisos:
1. The Thunderbird Council (see footnote) and the Mozilla Foundation executive team maintain a good working relationship and make decisions in a timely manner.
2. The Thunderbird Council and the team make meaningful progress in short order on operational and technical independence from Mozilla Corporation.
3. Either side may give the other six months notice if they wish to discontinue the Mozilla Foundation's role as the legal and fiscal host of the Thunderbird project.
In a conversation with Slashdot, a spokesperson of Mozilla acknowledged that the general sentiment is "Thunderbird code needs to be modernized and the dependencies on the Mozilla code framework need to be reduced. This may include re-implementing or migrating features to make better use of web technologies."

(Footnote: Back in 2012, Mozilla announced that it would reallocate most of the paid project members to other projects, handing off the responsibility for the project to the volunteer community that had formed around Thunderbird. This group met in Toronto in 2014 to discuss the future of Thunderbird and formed the Thunderbird Council, a group of individuals that has the power to make business decisions going forward.)
Communications

John Oliver Gets Fired Up Over Net Neutrality, Causes FCC's Site To Temporarily Crash (fortune.com) 153

Three years ago, late night comedian John Oliver propelled an arcane telecom topic into the national debate by spurring millions of ordinary Americans to file comments with the Federal Communications Commission in favor of "net neutrality." Among other things, that effort caused the FCC website to crash, which couldn't handle the "overwhelming" traffic. Now Oliver is back at it, and he is already causing the site some troubles. From a report on Fortune: On Sunday night, Oliver devoted a chunk of his Last Week Tonight show to condemning a plan by the FCC's new Chairman, Ajit Pai, to tear up current net neutrality rules, which forbid Internet providers from delivering some websites faster than others. In the clip, Oliver urges viewers to visit a website called "GoFCCYourself," which redirects users to a section of the FCC site where people can comment on the net neutrality proceeding, known as "Restoring Internet Freedom" in Pai's parlance. Viewers took up Oliver's offer in spades -- so much so that the FCC's servers appeared to be overwhelmed by the flood of traffic. The comment page is currently loading with delays and, according to reports from several outlets, the site went down altogether for a while. On Monday, Ashley Boyd, VP of Advocacy for Mozilla, also published a blog post to remind people that the next 10 days are critical for the internet's future. Much like Oliver, Mozilla is also making it easier for people to voice their opinion. The post adds: Add your name to our letter, and we'll deliver your message straight to the FCC. You can also record an impassioned voicemail using Mozilla's call tool. So far, Internet users have recorded more than 50 hours of audio for the FCC's ears.
Security

Ambient Light Sensors Can Be Used To Steal Browser Data (bleepingcomputer.com) 37

An anonymous reader writes: "Over the past decade, ambient light sensors have become quite common in smartphones, tablets, and laptops, where they are used to detect the level of surrounding light and automatically adjust a screen's intensity to optimize battery consumption... and other stuff," reports Bleeping Computer. "The sensors have become so prevalent, that the World Wide Web Consortium (W3C) has developed a special API that allows websites (through a browser) to interact with a device's ambient light sensors. Browsers such as Chrome and Firefox have already shipped versions of this API with their products." According to two privacy and security experts, Lukasz Olejnik and Artur Janc, malicious web pages can launch attacks using this new API and collect data on users, such as URLs they visited in the past and extract QR codes displayed on the screen. This is possible because the light coming from the screen is picked up by these sensors. Mitigating such attacks is quite easy, as it only requires browser makers and the W3C to adjust the default frequency at which the sensors report their readings. Furthermore, the researcher also recommends that browser makers quantize the result by limiting the precision of the sensor output to only a few values in a preset range. The two researchers filed bug reports with both Chrome and Firefox in the hopes their recommendations will be followed.
The Internet

Newest Firefox Browser Bashes Crashes (cnet.com) 134

Nobody likes it when a web browser bombs instead of opening up a website. Mozilla is addressing that in the newly released v53 of its Firefox browser, which it claims crashes 10 percent fewer times. CNET adds: The improvement comes through the first big debut of a part of Project Quantum, an effort launched in 2016 to beef up and speed up Firefox. To improve stability, Firefox 53 on Windows machines isolates software called a compositor that's in charge of painting elements of a website onto your screen. That isolation into a separate computing process cuts down on trouble spots that can occur when Firefox employs computers' graphics chips, Mozilla said.
Firefox

Mozilla Kills Firefox Aurora Channel, Builds Will Move Directly From Nightly To Beta (venturebeat.com) 49

Mozilla said today it is killing the Firefox Aurora channel, six years after it was first introduced in April 2011. The move comes as, Aurora failed to live up to the company's expectations as a "first stabilization channel." Moving forward, the absence of Aurora will help the company streamline its browser's release process and bring stable new features to users and developers faster. From a report: The Firefox Aurora channel sat between the Nightly and Beta channels. Until now, Firefox development started with Nightly, which consists of the latest Firefox code packaged up every night for bleeding-edge testers, and was then followed by Aurora, which includes everything that is labeled as "experimental," then Beta, and then finally the release channel for the broader public. Going forward, builds will move from Nightly to Beta to Release. The Firefox Developer Edition, which the company calls "the first browser created specifically for developers," will be based on the Beta channel instead of Aurora. Developer Edition users should keep their existing profile, themes, tools, preferences, and "should not experience any disruption," Mozilla promises.
Google

Chrome 59 To Address Punycode Phishing Attack 69

Google says it will be rolling out a patch to Chrome in v59 to address a decade-old unicode vulnerability called Punycode that allowed attackers to fool people into clicking on compromised links. Engadget adds: Thanks to something called Punycode, phishers are able to register bogus domains that look identical to a real website. Take this proof-of-concept from software engineer Xudong Zheng, where apple.com won't take you to a store selling Macs, iPhones and iPads. The real website is actually https://www.xn--80ak6aa92e [dot] com. The xn-- prefix tells browsers like Chrome that the domain uses ASCII compatible encoding. It allows companies and individuals from countries with non-traditional alphabets to register a domain that contains A-Z characters but renders in their local language. The issue was first reported to Google and Mozilla on January 20th and Google has issued a fix in Chrome 59. It's currently live in the Canary (advance beta release) but the search giant will likely make it available to all Chrome users soon.
Firefox

Firefox To Let Users Control Memory Usage (bleepingcomputer.com) 213

An anonymous reader quotes a report from BleepingComputer: Mozilla engineers are working on a new section in the browser's preferences that will let users control the browser's performance. Work on this new section started last Friday when an issue was opened in the Firefox bug tracker. Right now, the Firefox UI team has proposed a basic sketch of the settings section and its controls. Firefox developers are now working to isolate or implement the code needed to control those settings [1, 2, 3]. According to the current version of the planned Performance settings section UI, users will be able to control if they use UI animations (to be added in a future Firefox version), if they use page prefetching (feature to preload links listed on a page), and how many "content" processes Firefox uses (Firefox currently supports two processes [one for the Firefox core and one for content], but this will expand to more starting v54).
Microsoft

Microsoft Acquires Container Platform Deis From Engine Yard (techcrunch.com) 31

According to an announcement made earlier today, Microsoft has acquired Deis, "the company behind some of the most popular tools for building and managing applications on top of the Google-incubated Kubernetes container orchestration service," writes Frederic Lardinois via TechCrunch. From the report: "At Microsoft, we've seen explosive growth in both interest and deployment of containerized workloads on Azure, and we're committed to ensuring Azure is the best place to run them," Microsoft's executive VP for its cloud and enterprise group Scott Guthrie writes today. "To support this vision, we're pleased to announce that Microsoft has signed an agreement to acquire Deis -- a company that has been at the center of the container transformation." Deis provides three core open-source tools for managing Kubernetes deployments: Workflow, a platform for developers and operations teams to easily deploy and manage containerized apps; the Kubernetes package manager Helm; and Steward, a Kubernetes-native service broker (which basically allows applications to talk to each other). Like similar companies, its business model relies on providing paid support and training for these applications. The team will continue to work on these open-source tools, which are currently in use by the likes of Mozilla, CloudMine and SocialRadar.
Mozilla

Tor Browser Will Feature More Rust Code (bleepingcomputer.com) 149

An anonymous reader writes: "The Tor Browser, a heavily modified version of the Firefox browser with many privacy-enhancing features, will include more code written in the Rust programming language," reports BleepingComputer. In a meeting held last week in Amsterdam, Tor developers decided to slowly start using Rust to replace the C++ code. The decision comes after Mozilla started shipping Rust components with Firefox in 2016. Furthermore, Rust is a memory-safe(r) language than C++, the language used for Firefox and the customized Tor code, which means less memory corruption errors. Less of these errors means better privacy for all.
"Part of our interest in using safer languages like Rust in Tor is because a tiny mistake in C could have real consequences for real people," Tor developer Isis Agora Lovecruft posted on Twitter, adding "Also the barrier to entry for contributing to large OSS projects written in C is insanely high."
Software

FedEx Will Pay You $5 To Install Flash (theregister.co.uk) 90

FedEx's Office Print department is offering customers $5 to enable Adobe Flash in their browsers. Why would they do such a thing you may ask? It's because they want customers to design posters, signs, manuals, banners and promotional agents using their "web-based config-o-tronic widgets," which requires Adobe Flash. The Register reports: But the web-based config-o-tronic widgets that let you whip and order those masterpieces requires Adobe Flash, the enemy of anyone interested in security and browser stability. And by anyone we mean Google, which with Chrome 56 will only load Flash if users say they want to use it, and Microsoft which will stop supporting Flash in its Edge browser when the Windows 10 Creators Update debuts. Mozilla's Firefox will still run Flash, but not for long. The impact of all that Flash hate is clearly that people are showing up at FedEx Office Print without the putrid plug-in. But seeing as they can't use the service without it, FedEx has to make the offer depicted above or visible online here. That page offers a link to download Flash, which is both a good and a bad idea. The good is that the link goes to the latest version of Flash, which includes years' worth of bug fixes. The bad is that Flash has needed bug fixes for years and a steady drip of newly-detected problems means there's no guarantee the software's woes have ended. Scoring yourself a $5 discount could therefore cost you plenty in future.
Firefox

Firefox for Linux is Now Netflix Compatible (betanews.com) 71

Brian Fagioli, writing for BetaNews: For a while, Netflix was not available for traditional Linux-based operating systems, meaning users were unable to enjoy the popular streaming service without booting into Windows. This was due to the company's reliance on Microsoft Silverlight. Since then, Netflix adopted HTML5, and it made Google Chrome and Chromium for Linux capable of playing the videos. Unfortunately, Firefox -- the open source browser choice for many Linux users -- was not compatible. Today this changes, however, as Mozilla's offering is now compatible with Netflix!
Microsoft

WikiLeaks Won't Tell Tech Companies How To Patch CIA Zero-Days Until Demands Are Met (fortune.com) 228

"WikiLeaks has made initial contact with us via secure@microsoft.com," a Microsoft spokesperson told Motherboard -- but then things apparently stalled. An anonymous reader quotes Fortune: Wikileaks this week contacted major tech companies including Apple and Google, and required them to assent to a set of conditions before receiving leaked information about security "zero days" and other surveillance methods in the possession of the Central Intelligence Agency... Wikileaks' demands remain largely unknown, but may include a 90-day deadline for fixing any disclosed security vulnerabilities. According to Motherboard's sources, at least some of the involved companies are still in the process of evaluating the legal ramifications of the conditions.
Julian Assange announced Friday that Mozilla had already received information after agreeing to their "industry standard responsible disclosure plan," then added that "most of these lagging companies have conflicts of interest due to their classified work for U.S. government agencies... such associations limit industry staff with U.S. security clearances from fixing security holes based on leaked information from the CIA." Assange suggested users "may prefer organizations such as Mozilla or European companies that prioritize their users over government contracts. Should these companies continue to drag their feet we will create a league table comparing company responsiveness and government entanglements so users can decided for themselves."
Firefox

Will WebAssembly Replace JavaScript? (medium.com) 235

On Tuesday Firefox 52 became the first browser to support WebAssembly, a new standard "to enable near-native performance for web applications" without a plug-in by pre-compiling code into low-level, machine-ready instructions. Mozilla engineer Lin Clark sees this as an inflection point where the speed of browser-based applications increases dramatically. An anonymous reader quotes David Bryant, the head of platform engineering at Mozilla. This new standard will enable amazing video games and high-performance web apps for things like computer-aided design, video and image editing, and scientific visualization... Over time, many existing productivity apps (e.g. email, social networks, word processing) and JavaScript frameworks will likely use WebAssembly to significantly reduce load times while simultaneously improving performance while running... developers can integrate WebAssembly libraries for CPU-intensive calculations (e.g. compression, face detection, physics) into existing web apps that use JavaScript for less intensive work... In some ways, WebAssembly changes what it means to be a web developer, as well as the fundamental abilities of the web.
Mozilla celebrated with a demo video of the high-resolution graphics of Zen Garden, and while right now WebAssembly supports compilation from C and C++ (plus some preliminary support for Rust), "We expect that, as WebAssembly continues to evolve, you'll also be able to use it with programming languages often used for mobile apps, like Java, Swift, and C#."
Firefox

Firefox 52 Is The Last Version of Firefox For Windows XP and Vista (mspoweruser.com) 119

Mozilla has confirmed that Firefox 52, the new version of its browser it made available earlier this week, will be the last major version to support two legacy operating systems - Windows XP and Windows Vista. The company said future versions will require Windows users to be on a machine that has at a minimum Windows 7 running on it.
Firefox

Developer Proclaims Death of Cyberfox Web Browser (ghacks.net) 52

In a forum entitled "Cyberfox and its future direction," the lead developer of Cyberfox proclaimed the death of their web browser. The lead developer, Toady, writes: "Over the years the Cyberfox project has grown immensely and its thanks to all the amazing support of our users and has been an amazing couple of years this however has demanded far more of my time causing me to drop allot of projects and passions id like to pursue, the time factor this project has demanded has also take a toll lifestyle wise as have the changes made by Mozilla requiring more and more time to maintain so its come to a point where i recently had to assess the direction of this project and the direction i wish to head for the future. This has being no easy choice and the last few months allot of thinking about the direction of this project has taken place." He continues, "This project has been amazing no one could ask for a better project or community sadly as much as i love this project my heart is no longer fully in it, dreams of pursuing game development were pushed aside and lifestyle steadily declined ultimately slowly coming to this point where changes and choices have to be made ones that will affect this project and the future of what i have spent all these years building." Ghacks Technology News reports: The death of Cyberfox, or more precisely, the announcement of end of life for the web browser may come as a shock to users who run it. It should not be too much of a surprise though for users who keep an eye on the browser world and especially Mozilla and Firefox. Mozilla announced major changes to Firefox, some of which landed already, some are in process, and others are announced for 2017. [Some of the critical changes:] Multi-process Firefox is almost done, plugins are out except for Flash and Firefox ESR, Windows XP and Vista users are switched to Firefox ESR so that the operating systems are supported for eight additional releases, and WebExtensions will replace all other add-on systems of the browser. That's a lot of change, especially for projects that are maintained by a small but dedicated group of developers such as Cyberfox. The author of Cyberfox made the decision to switch the browser's release channel to Firefox 52.0 ESR. This means that Cyberfox will be supported with security updates for the next eight release cycles, but new features that Mozilla introduces in Firefox Stable won't find their way into the browser anymore. UPDATE 3/07/17: We have updated the headline to clarify that Cyberfox, specifically, is the browser that will be coming to an end. We have also added an excerpt from the developer's post. Toady clarified at the end of his post: "The largest factor was lifestyle a nicer way of saying health issues without making it to personalized."
Firefox

Mozilla Firefox 52 Released As ESR Branch, Will Receive Security Updates Until 2018 (softpedia.com) 91

prisoninmate quotes a report from Softpedia: Back in January, we told you that the development of the Mozilla Firefox 52.0 kicked off with the first Beta release and promised to let users send and open tabs from one device to another, among numerous other improvements and new features. Nine beta builds later, Mozilla has pushed today, March 7, the final binary and source packages of the Mozilla Firefox 52.0 web browser for all supported platforms, including GNU/Linux, macOS, and Windows. The good news is that Firefox 52.0 is an ESR (Extended Support Release) branch that will be supported until March-April 2018. Prominent features of the Mozilla Firefox 52.0 ESR release include support for the emerging WebAssembly standard to boost the performance of Web-based games and apps without relying on plugins, the ability to send and open tabs from one device to another, as well as multi-process for Windows users with touchscreens. With each new Firefox release, Mozilla's developers attempt to offer new ways to improve the security of the widely-used web browser across all supported platforms. Firefox 52.0 ESR implements a "This connection is not secure" warning for non-secure pages that require user logins, along with a new Strict Secure Cookies specification.

Slashdot Top Deals