Navigation

Language Selection

Search

Mozilla: Tor Browser, CAs and Rust Shuffling on Microsoft's Servers

Submitted by Roy Schestowitz on Saturday 14th of November 2020 09:26:45 PM Filed under

Moz/FF

New Release: Tor Browser 10.5a3

Tor Browser 10.5a3 for Desktop platforms is now available from the Tor Browser Alpha download page and also from our distribution directory.

Note: This is an alpha release, an experimental version for users who want to help us test new features. For everyone else, we recommend downloading the latest stable release instead.
Preloading Intermediate CA Certificates into Firefox - Mozilla Security Blog

Throughout 2020, Firefox users have been seeing fewer secure connection errors while browsing the Web. We’ve been improving connection errors overall for some time, and a new feature called Intermediate Certificate Authority (CA) Preloading is our latest innovation. This technique reduces connection errors that users encounter when web servers forget to properly configure their TLS security.

In essence, Firefox pre-downloads all trusted Web Public Key Infrastructure (PKI) intermediate CA certificates into Firefox via Mozilla’s Remote Settings infrastructure. This way, Firefox users avoid seeing an error page for one of the most common server configuration problems: not specifying proper intermediate CA certificates.

For Intermediate CA Preloading to work, we need to be able to enumerate every intermediate CA certificate that is part of the trusted Web PKI. As a result of Mozilla’s leadership in the CA community, each CA in Mozilla’s Root Store Policy is required to disclose these intermediate CA certificates to the multi-browser Common CA Database (CCADB). Consequently, all of the relevant intermediate CA certificates are available via the CCADB reporting mechanisms. Given this information, we periodically synthesize a list of these intermediate CA certificates and place them into Remote Settings. Currently the list contains over two thousand entries.

When Firefox receives the list for the first time (or later receives updates to the list), it enumerates the entries in batches and downloads the corresponding intermediate CA certificates in the background. The list changes slowly, so once a copy of Firefox has completed the initial downloads, it’s easy to keep it up-to-date. The list can be examined directly using your favorite JSON tooling at this URL: https://firefox.settings.services.mozilla.com/v1/buckets/security-state/collections/intermediates/records

For details on processing the records, see the Kinto Attachment plugin for Kinto, used by Firefox Remote Settings.

Certificates provided via Intermediate CA Preloading are added to a local cache and are not imbued with trust. Trust is still derived from the standard Web PKI algorithms.
Robert O'Callahan: rr Repository Moved To Independent Organisation

There have been no changes in intellectual property ownership. rr contributions made by Mozilla employees and contractors remain copyrighted by Mozilla. I will always be extremely grateful for the investment Mozilla made to create rr!

Login or register to post comments
Printer-friendly version
3641 reads
PDF version

More in Tux Machines

Games: Lutris, Critters, Scarlet Hood and the Wicked Wood, Bittersweet Birthday, Arcane Fortune, Rising World

Lutris game manager v0.5.8.3 out, requires contributors to agree to a CLA

For regular Linux gamers, Lutris is pretty much a household name by now. For those that aren't - Lutris is a game manager allowing you to sort through all your games from various stores. Not only that it also allows you to manage emulators for your favourite classics, Windows games using the Wine compatibility layer and quite a lot more. It's very useful and they continue polishing up the overall experience after a huge update went out late last year.
Critters for Sale is super weird, first episode out free and the rest this year | GamingOnLinux

Love you wild adventures? Critters for Sale is one you should take a look at because this is the second time I've played it and I still have no idea what the hell is going on. Originally released on itch.io back in 2019 which I mentioned here, and a contributor also took a look later, it's now seen a first episode release on Steam with Critters for Sale: SNAKE. It's so bizarre! A point and click visual novel adventure, one that's black and white with a bunch of animated scenes in the middle of the screen.
Scarlet Hood and the Wicked Wood from The Coma devs launches February 10

Scarlet Hood and the Wicked Wood is going to take you on an adventure that loops over with twists and turns, featuring a narrative time-loop like some kind of Groundhog Day. Developed by Devespresso (The Coma & The Coma 2) and published by Headup, it sounds pretty Oz-esque and amusing with the recognizable Devespresso Games manhwa-style. Initially starting off in Early Access, they've now announced it will begin on February 10. The roadmap to release suggests the final version will be live in March with one third of the story chapters already available. They're using Early Access mainly to ensure the full release is nice and smooth.
Try the demo for Bittersweet Birthday, a creepy action game with you being hunted

Bittersweet Birthday is an upcoming action game set inside a mysterious building. You wake up dazed and confused, there's people after you but someone is trying to help you escape. An interesting setting full of intrigue, with each fight being a unique combat encounter. "Bittersweet Birthday is an action game where every combat encounter is a challenging and unique fight. You can also explore different areas and help many of the NPC populating them with their everyday struggles while learning more about the world and its history."
Empire building terminal game Arcane Fortune adds trade, nobility, assassination | GamingOnLinux

Inspired by the likes of Dwarf Fortress, Civilization, SimCity and more we have the free and open source Arcane Fortune which continues to expanding in features. Played in your favourite command-line terminal application, or just use the pre-made launch script it comes with that sorts out everything for you. Seems like it has some genuinely great ideas, and considering how ridiculously popular Dwarf Fortress is, we know that shiny graphics are not a key to success. Perhaps Arcane Fortune will be able to carve out a nice niche.
Open-world voxel sandbox game Rising World is going through a rewrite | GamingOnLinux

After entering Early Access in 2014, JIW-Games have been rewriting their open world sandbox game Rising World to move away from Java and instead use the Unity game engine. They actually announced this back in 2019, as part of a post mentioning how changes to the Valve algorithm for showing games had dropped off their store page traffic dramatically. They said about wanting to rework a lot of it and Unity would help them achieve this. Back in December they finally showed off the result of their efforts, with a massive overhaul available in Beta that's now using Unity and they're continuing to support Linux.

Pikasso, a simple drawing application in QtQuick with Rust

Following my last blog post about using Rust and Lyon to create custom shapes. I’m happy to announce the creation of Pikasso, a very simple drawing program intended to be used on Plasma Mobile. Pikasso is very basic and only supports drawing with the mouse/finger and adding rectangles and circles to the scene. An undo feature is also available as well as the possibility to export your beautiful artworks to SVGs. As you can see, Pikasso is not intended to be replacements for Krita. If you want a powerful drawing application just use Krita, it’s awesome. The scope of Pikasso is more similar to Kolourpaint or Paint.exe and intended for children to play a bit with it on Plasma Mobile.

Free and open source modern level editor LDtk has a huge new release

LDtk (prev called LEd) is an in-development free and open source level editor, one that's modern and designed to be as user-friendly as possible designed by a former dev on Dead Cells. A big release just went out out with the 0.7.0 version, which the developer explained has "many important changes to make LDtk production ready and future proof. These changes will allow better support for large projects, better API creation and maintenance, and smoother user adoption".

What does “open source” mean in 2021?

The licensing discourse in the last few weeks has highlighted a difference between what “open source” means and what we’re talking about when we use the term. Strictly speaking, open source software is software released under a license approved by the Open Source Initiative. In most practical usage, we’re talking about software developed in a particular way. When we talk about open source, we talk about the communities of users and developers, (generally) not the license. “Open source” has come to define an ethos that was all have our own definition of.

Latest News

Audiocasts/Shows: Linux in the Ham Shack, Full Circle Weekly News and More

LHS Episode #389: Jailbird Jamboree

Welcome to Episode 389 of Linux in the Ham Shack. In this episode, the hosts discuss illegal activity on the air, the purpose of amateur radio, a remote head unit for the Icom IC-7100, Linux on the Apple M1 chip, a new frontier for Red Hat Enterprise Linux, ethical open-source licenses and much more. Thank you for tuning in and have a great week!
Full Circle Magazine: Full Circle Weekly News #197

Ubuntu Making Home Folders Private in 21.04 https://discourse.ubuntu.com/t/private-home-directories-for-ubuntu-21-04-onwards/19533/2 Ubuntu 21.04 Makes Phased Updates a Reality https://discourse.ubuntu.com/t/phased-updates-in-apt-in-21-04/20345/3 Tails Has a Focus in 2021 https://tails.boum.org/news/plans_for_2021/index.en.html Project Lenix from CloudLinux Gets a Name https://almalinux.org/ Valve Will Continue Their Linux Investment https://store.steampowered.com/news/group/4145017/view/2961646623386540826 Fedora Kinoite, a New Immutable OS https://fedoramagazine.org/discover-fedora-kinoite/ Microsoft Defender for Linux Servers Now Generally Available https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/edr-for-linux-is-now-generally-available/ba-p/2048539 Alpine Linux 3.13.0 Out https://www.alpinelinux.org/posts/Alpine-3.13.0-released.html KaOS 2021.01 Out https://kaosx.us/news/2021/kaos01/ Raspberry Pi OS 2011-01-11 Out https://downloads.raspberrypi.org/raspios_full_armhf/release_notes.txt Flatpak 1.10.0 Out https://github.com/flatpak/flatpak/releases/tag/1.10.0 Wine 6.0 Out https://www.winehq.org/announce/6.0 https://www.gamingonlinux.com/2021/01/wine-compatibility-layer-version-6-released Proton 5.13-5 Out https://github.com/ValveSoftware/Proton/releases/tag/proton-5.13-5 Mobian Community Edition PinePhone Out https://blog.mobian-project.org/posts/2021/01/15/mobian-community-edition/
The MUDDY ethics of Free Software

today's howtos

How to Install Xrdp on Ubuntu 20.04

Xrdp is an open-source equivalent of Microsoft’s Remote Desktop Protocol (RDP). With xrdp installed on a Linux system, users can remotely access the Linux desktop using an RDP client as we shall demonstrate later in this article. It’s completely free to download and use. Without much further ado, let’s see how you can install Xrdp on Ubuntu Desktop 20.04 and 18.04.
How to Symlink a File in Linux

A symbolic link, also known as ‘Symlink‘ is a special type of file in Linux, which is used for the purpose of pointing to another file. The symlink does not contain any other data apart from the disk address of the file to which the symlink is pointing to. Symlinks are particularly useful as shortcut files; where you can have the symlink of a program/application on your desktop/home folder, instead of the program file and its dependencies.
How to Install Wine 5.0 on Debian, Ubuntu and Linux Mint

Wine is an open-source, free and easy-to-use program that enables Linux users to run Windows-based applications on Unix-like operating systems. Wine is a compatibility layer for installing almost all versions of Windows programs. Wine 6.0 is finally released and it comes with an array of numerous enhancements and a total of 40 bug fixes. You can find out all the new features and changelog of this new release on the Wine announcement project page.
How to Install Wine 6.0 in Ubuntu

Wine is a nifty utility that allows users to run Windows applications inside a Linux environment. Wine 6.0 is finally out, and it ships with an array of numerous improvements and a total of 40 bug fixes.
How to Change Open File Limit in Linux

In Linux, there are limits defined by the system for anything that consumes resources. For example, there are limits on how many arguments can be passed to a certain command, how many threads can run at the same time, etc. Similarly, there is a limit on the number of open files. As you might know, an open file is actively being used in some of the other programs and hence consumes memory. You can view and modify the open file limit with the command ‘ulimit‘.
How to Install GVM Vulnerability Scanner on Ubuntu 20.04

GVM (Greenbone Vulnerability Management) is an open-source solution for vulnerability scanning and vulnerability management. GVM was previously known as OpenVAS. Greenbone Vulnerability Manager and OpenVAS are widely used by a number of people in the World including security experts and common users alike who used this all in one suite of tools that works together to run the tests against client computers using its own database of known weaknesses and exploits. In this article, we will show How to install and setup GVM on Ubuntu 20.04 to make sure that your servers are protected against attacks.
How To Install Wine on Debian 10 - idroot

In this tutorial, we will show you how to install Wine on Debian 10. For those of you who didn’t know, Wine is a free and open-source use that allows users to run Microsoft Windows applications in a Linux environment. In the present day, Wine is a must-have tool to get Linux users who don’t want to be able to let go of Windows native software especially gamers. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step by step installation of Wine on a Debian 10 (Buster).
How to boot multiple ISO images from one USB drive on Linux

A bootable USB drive allows you to instantly run a full-fledged OS from the file system on the USB drive, rather than from the host computer's hard drive. Such capability is quite useful in various scenarios, for example, when you need to diagnose and repair a corrupted file system of a host computer, or when you want to test drive an alternative OS or the latest release of your favorite Linux distro before installing it. You can easily create a bootable USB by burning an ISO image on a USB drive with tools like Gparted or UNetbootin. There is nothing fancy. However, for people like me who would like to try out all sorts of Linux distros and different releases of each distro for testing purposes, as part of writing tutorials, what would be nice is the ability to boot multiple ISO images from a single USB drive. However, a typical bootable USB drive or memory stick can only boot from a single ISO file stored on the drive. It is not only inconvenient as I need to re-format the USB drive with a new ISO file every time I need to boot from a different ISO file, but also quite wasteful as a typical USB drive has much bigger space than a single ISO image. Although it's possible to boot ISO files using GRUB, it's rather cumbersome to modify GRUB configuration each time you want to add a new ISO file to try. Also, the GRUB-based approache does not provide the portability of a USB drive.
How to compress PDF files on Linux | FOSS Linux

PDFs offer us one of the most convenient ways of sharing images. However, by stuffing tons of data such as images and graphics, the PDF file size can get too big to share via emails. If you are also suffering from this issue, you have come to the right place. Here, we will show you how to compress a PDF file in Linux to reduce its size drastically. And don’t worry, we have included both GUI and Terminal methods in this tutorial.
How to fix error : Conda command not found

If you have already installed Miniconda and cannot run the commands in the terminal while using zsh, you may find the following helpful. In case you have already added the appropriate path environment variable to bashrc and bash_profile files, you would need to add the Miniconda folder directory to the PATH environment variable of zsh shell.
How to set up SSH dynamic port forwarding on Linux | Enable Sysadmin

Dynamic port forwarding allows for a great deal of flexibility and secure remote connections. See how to configure and use this SSH feature.
Introduction to ContainerJFR: JDK Flight Recorder for containers

OpenJDK has long been a top pick for real-world applications and workloads, chosen for its blend of performance, compatibility, reliability, and observability. For many years, JDK Flight Recorder (JFR) and JDK Mission Control (JMC) have contributed to OpenJDK’s success. Until recently, both were commercial features, however, available only for certain users and workloads. In 2018, JDK Mission Control and JDK Flight Recorder were open-sourced. JDK Flight Recorder is now built into the Java Virtual Machine (JVM) for later releases of OpenJDK 8 and all versions from OpenJDK 11 onward. Open-sourcing these tools brings their power—always-on, near-zero overhead production profiling and monitoring, application-specific custom events, and unified-core JDK analytical tooling—to all JDK users. On the downside, JDK Mission Control and JDK Flight Recorder have emerged into a world rapidly moving toward containerization, which is not the paradigm that they were designed for. The desktop-only JDK Mission Control application requires developers and administrators to access flight recordings on the local disk. Otherwise, one resorts to a complex and potentially insecure setup to connect directly to applications over Java Management Extensions (JMX) in the cloud. Similarly, the bare-metal-focused JDK Flight Recorder allows JVMs to dump recordings into the local filesystem, but not when the application runs inside a container. In that case, the filesystem is not easily accessible from the outside world, and it isn’t possible to retrieve and analyze recordings.

Android Leftovers

Syndication & Social Media

Follow the site via RSS/Twitter.

Full RSS:

RSS feeds for particular topics are also available

Twitter:

Content (where original) is available under CC-BY-SA, copyrighted by original author/s.

Support Tux Machines

Help Support TM
Wall of Appreciation

Gizmoz

LXer

UbuntuBuzz

SparkyLinux

Linux Journal

Linux Today

System 76

Kernel Planet

Purism

LinuxSecurity.com Advisories

Debian

It's FOSS

OMG! Ubuntu!

GamingOnLinux

Slashdot

DW Latest Releases

DistroWatch

More on Tux Machines: About ● Gallery ● Forum ● Blogs ● Search ● News ● RSS Feed

Part of Bytes Media ● Sister sites below.

FSF

Ubuntu Buzz

LinuxLinks

Content available under CC-BY-SA

Navigation

Language Selection

Search

Tux Machines Section/s

Authors Information

LWN

Active forum topics

Collabora

FOSS Post

Gnu Planet

FOSSLinux

Phoronix

OpenSource.com

Kde Planet

Fedora Magazine

Mozilla