Language Selection

English French German Italian Portuguese Spanish

Mozilla: Copyright Alternative in Small Claims Enforcement (CASE), VR, Security and Privacy

Filed under
Moz/FF
  • Mozilla Open Policy & Advocacy Blog: CASE Act Threatens User Rights in the United States

    This week, the House Judiciary Committee is expected to mark up the Copyright Alternative in Small Claims Enforcement (CASE) Act of 2019 (H.R. 2426). While the bill is designed to streamline the litigation process, it will impose severe costs upon users and the broader internet ecosystem. More specifically, the legislation would create a new administrative tribunal for claims with limited legal recourse for users, incentivizing copyright trolling and violating constitutional principles. Mozilla has always worked for copyright reform that supports businesses and internet users, and we believe that the CASE Act will stunt innovation and chill free expression online. With this in mind, we urge members to oppose passage of H.R. 2426.

    First, the tribunal created by the legislation conflicts with well-established separation of powers principles and limits due process for potential defendants. Under the CASE Act, a new administrative board would be created within the Copyright Office to review claims of infringement. However, as Professor Pamela Samuelson and Kathryn Hashimoto of Berkeley Law point out, it is not clear that Congress has the authority under Article I of the Constitution to create this tribunal. Although Congress can create tribunals that adjudicate “public rights” matters between the government and others, the creation of a board to decide infringement disputes between two private parties would represent an overextension of its authority into an area traditionally governed by independent Article III courts.

  • Mozilla VR Blog: WebXR emulator extension

    We are happy to announce the release of our WebXR emulator browser extension which helps WebXR content creation.

  • Firefox security tips: Understand how hackers work

    Forget about those hackers in movies trying to crack the code on someone’s computer to get their top secret files. The hackers responsible for data breaches usually start by targeting companies, rather than specific individuals. They want to get data from as many people as possible so they can use, resell or leverage it to make money.

  • Firefox’s Test Pilot Program Returns with Firefox Private Network Beta

    Like a cat, the Test Pilot program has had many lives. It originally started as an Add-on before we relaunched it three years ago. Then in January, we announced that we were evolving our culture of experimentation, and as a result we closed the Test Pilot program to give us time to further explore what was next.

    We learned a lot from the Test Pilot program. First, we had a loyal group of users who provided us feedback on projects that weren’t polished or ready for general consumption. Based on that input we refined and revamped various features and services, and in some cases shelved projects altogether because they didn’t meet the needs of our users. The feedback we received helped us evaluate a variety of potential Firefox features, some of which are in the Firefox browser today.

    If you haven’t heard, third time’s the charm. We’re turning to our loyal and faithful users, specifically the ones who signed up for a Firefox account and opted-in to be in the know about new products testing, and are giving them a first crack to test-drive new, privacy-centric products as part of the relaunched Test Pilot program. The difference with the newly relaunched Test Pilot program is that these products and services may be outside the Firefox browser, and we will be far more polished, and just one step shy of general public release.

  • In the US? You Can Try Firefox’s New VPN Feature

    Not only has Mozilla suddenly revived its (much missed) Test Pilot program, but it’s using it to check the tyres on a really interesting new feature: a VPN.

    The new Test Pilot site is currently home to ‘Firefox Private Network’, a beta product that, the company says, is near release.

More in Tux Machines

Apache Rya matures open source triple store database

The open source Apache Rya database effort is continuing to move forward as it reaches a new level of project maturity and acceptance. Rya (pronounced "ree-uh") is an RDF (resource description framework) triple store database. The project started at the U.S. government's Laboratory for Telecommunication Sciences with an initial research paper published in 2012. The project joined the Apache Software Foundation (ASF) in 2015 as an incubated project, and in September 2019 achieved what is known as Top-Level Project status. The Top-Level status is an indication and validation of the project's maturity, code quality and community. The ASF is home to Hadoop, Spark and other widely used database and data management programs. Read more Also: Yahoo Groups is being prepared for shutdown, with all stored archives to be deleted on Dec 14

The Spectre Mitigation Impact For Intel Ice Lake With Core i7-1065G7

For those wondering if -- or how much -- of a performance impact mitigations still make regarding Spectre for Intel's long-awaited 10nm+ Ice Lake processors, here is the rundown on the mitigation state and the performance impact. One of the areas that Phoronix readers have requested testing on with the recent purchase of the Dell XPS 7390 with Core i7 1065G7 is regarding the mitigation state and performance. Ice Lake with its Sunny Cove microarchitecture -- similar to Cascade Lake -- is no longer affected by Meltdown, MDS, or L1TF / Foreshadow. Read more

Networking SBCs run Linux on quad -A53 and -A72 NXP LS chips

Forlinx’s sandwich-style OK1043A-C and OK1046A SBCs run Linux on NXP’s quad -A53 LS1043A and quad -A72 LS1046A SoCs, respectively, and offer a 10GbE port and up to 6x GbE ports with optional SFP. Forlinx has posted product pages for two similar COM Express modules and carrier boards that run Linux on NXP’s networking focused LS series processors. The FET1043A-C module taps the up to 1.6GHz, quad-core, Cortex-A53 LS1043A while the FET1046A-C uses the up to 1.8GHz, quad-core, Cortex-A72 LS1046A. All the processors are headless — without GPUs. Read more

Security: WireGuard, Birds and Updates

  • WireGuard Restored In Android's Google Play Store After Brief But Controversial Removal

    After Google dropped the open-source WireGuard app from their Play Store since it contained a donation link, the app has now been restored within Google's software store for Android users but without the donation option. The WireGuard app for Android makes it easy to setup the secure VPN tunnel software on mobile devices, similar to its port to iOS and other platforms. The WireGuard apps are free but have included a donation link to the WireGuard website should anyone wish to optionally make a donation to support the development of this very promising network tech.

  • Letting Birds scooters fly free

    At that point I had everything I need to write a simple app to unlock the scooters, and it worked! For about 2 minutes, at which point the network would notice that the scooter was unlocked when it should be locked and sent a lock command to force disable the scooter again. Ah well. So, what else could I do? The next thing I tried was just modifying some STM firmware and flashing it onto a board. It still booted, indicating that there was no sort of verified boot process. Remember what I mentioned about the throttle being hooked through the STM32's analogue to digital converters[3]? A bit of hacking later and I had a board that would appear to work normally, but about a minute after starting the ride would cut the throttle. Alternative options are left as an exercise for the reader. Finally, there was the component I hadn't really looked at yet. The Quectel modem actually contains its own application processor that runs Linux, making it significantly more powerful than any of the chips actually running the scooter application[4]. The STM communicates with the modem over serial, sending it an AT command asking it to make an SSL connection to a remote endpoint. It then uses further AT commands to send data over this SSL connection, allowing it to talk to the internet without having any sort of IP stack. Figuring out just what was going over this connection was made slightly difficult by virtue of all the debug functionality having been ripped out of the STM's firmware, so in the end I took a more brute force approach - I identified the address of the function that sends data to the modem, hooked up OpenOCD to the SWD pins on the STM, ran OpenOCD's gdb stub, attached gdb, set a breakpoint for that function and then dumped the arguments being passed to that function. A couple of minutes later and I had a full transaction between the scooter and the remote. The scooter authenticates against the remote endpoint by sending its serial number and IMEI. You need to send both, but the IMEI didn't seem to need to be associated with the serial number at all. New connections seemed to take precedence over existing connections, so it would be simple to just pretend to be every scooter and hijack all the connections, resulting in scooter unlock commands being sent to you rather than to the scooter or allowing someone to send fake GPS data and make it impossible for users to find scooters.

  • Security updates for Friday

    Security updates have been issued by Debian (poppler, sudo, and wordpress), Oracle (java-1.8.0-openjdk), Red Hat (java-1.8.0-openjdk), Scientific Linux (java-1.8.0-openjdk, java-11-openjdk, and kernel), and SUSE (kernel and postgresql10).