Language Selection

English French German Italian Portuguese Spanish

Web

Mozilla: Rust, Socorro, and 'Healthier' Internet (Openwashing)

Filed under
Development
Moz/FF
Web
  • Another Rust-y OS: Theseus joins Redox in pursuit of safer, more resilient systems

    Rust, a modern system programming language focused on performance, safety and concurrency, seems an ideal choice for creating a new operating system, and several such projects already exist. Now there is a new one, Theseus, described by creator Kevin Boos as "an Experiment in Operating System Structure and State Management."

    The key thinking behind Theseus is to avoid what Boos and three other contributors from Rice and Yale universities call "state spill".

  • This Week In Rust: This Week in Rust 373
  • Socorro Engineering: Half in Review 2020 h2 and 2020 retrospective

    2020h1 was rough. 2020h2 was also rough: more layoffs, 2 re-orgs, Covid-19.

    I (and Socorro and Tecken) got re-orged into the Data Org. Data Org manages the Telemetry ingestion pipeline as well as all the things related to it. There's a lot of overlap between Socorro and Telemetry and being in the Data Org might help reduce that overlap and ease maintenance.

    [...]

    2020 sucked. At the end, I was feeling completely demoralized and deflated.

  • Reimagine Open: Building a Healthier Internet

    Does the “openness” that made the [Internet] so successful also inevitably lead to harms online? Is an open [Internet] inherently a haven for illegal speech, for eroding privacy and security, or for inequitable access? Is “open” still a useful concept as we chart a future path for the [Internet]?

    A new paper from Mozilla seeks to answer these questions. Reimagine Open: Building Better Internet Experiences explores the evolution of the open [Internet] and the challenges it faces today. The report catalogs findings from a year-long project of outreach led by Mozilla’s Chairwoman and CEO, Mitchell Baker. Its conclusion: We need not break faith with the values embedded in the open [Internet]. But we do need to return to the original conceptions of openness, now eroded online. And we do need to reimagine the open [Internet], to address today’s need for accountability and online health.

TabFS Makes Your Browser A File System

Filed under
Software
Web

Like Unix, old-fashioned Linux has the philosophy that everything should look like a file. That paradigm works well and most of the operating system’s core features follow that pattern. However, many modern additions don’t really treat things as files or, at least, not files you can easily manipulate with the other tools. [Omar Rizwan] has a handy Chrome extension, though, that will make your browser tabs look like part of your file system. Not only is it a novel idea, but it is also surprisingly handy.

The extension feels like a bit of a proof of concept, so installation is a bit rough, but it does work and it allows you to do things that you would otherwise have to write an extension or a sophisticated program to screen scrape which is always less than desirable.

Read more

9 Decentralized, P2P and Open Source Alternatives to Mainstream Social Media Platforms Like Twitter, Facebook, YouTube and Reddit

Filed under
Web

Tired of Big Tech prying on your data and invading your privacy? Here are some open source, decentralized alternate social platforms.
Read more

GNU Wget 1.21 and GNU Wget 1.21.1 Released

Filed under
GNU
Web
  • GNU Wget 1.21 Released

    Noteworthy changes in this release:

    Improve the number of translated strings
    Remove all uses of alloca. In some places the length of untrusted strings has been used, e.g. strings from the command line or from remote.
    Fix buffer overflows in progress bar code in some locales
    Fix two null pointer accesses
    Amend cookie file header to be recognized by the 'file' command
    Post Handshake Authentication for OpenSSL
    Require gettext version 0.19.3+
    Add configure flags --enable-fsanitize-ubsan, --enable-fsanitize-asan and --enable-fsanitize-msan for gcc and clang
    Make several smaller fixes, enhance fuzzing, enhance building

  • GNU Wget 1.21.1 Released

    Noteworthy changes in this release:

    Fix compilation on MacOS and Solaris 9
    Remove bashism from configure.ac
    Fix a compilation warning on 32-bit systems

Mozilla Firefox Flips On AVIF Image Decoding By Default

Filed under
Moz/FF
Web

As noted before the holidays that Mozilla Firefox was ready to enable AVIF image decoding by default, now that the holidays have passed and developers back to their keyboards, Firefox today has re-enabled AVIF by default.

Since Google's Chrome 85 there has been AVIF support enabled by default while the Firefox support has been disabled by default for now. But as of today in their nightly code the functionality is there out-of-the-box.

Read more

Also: We need more than deplatforming

19 Free open-source self-hosted Invoicing and billing solutions

Filed under
Server
OSS
Web

In a dynamic business environment invoices are created regularly and require custom workflow according to the enterprise business process.

Invoice and order management solutions are built to manage billing and invoicing documents generally. Some of them manage orders and post-sale subscription billing.

Most of ERP (Enterprise Resources Planning) solutions include invoice, billing and order management features.

Read more

Beginner's Guide To Get Email Account At Disroot

Filed under
Web
HowTos

This tutorial explains to you how to have a free email account on the internet. Your email address will look like yourname@disroot.org and people will send you emails using it. This tutorial covers the step by step registration process, how to access your inbox, how to send your first email, and how to integrate your computer with it using a program called email client, all with pictures. This includes the reason why Disroot is chosen here. Now let's go and happy emailing!

Read more

Daniel Stenberg: The curl year 2020

Filed under
Development
Software
Web

As we’re approaching the end of the year, I just want to sum up the curl year with a few words.

2020 has been another glorious year in the curl project. We’ve seen a series of accomplishments and introductions of new things during this the year of the plague.

[...]

139 authors wrote commits that were merged (so far).

We did nine curl releases, out of which two unfortunately were quicker “panic releases” that patched up problems in the previous release.

Read more

Mozilla Leftovers

Filed under
Moz/FF
Web
  • Scammers use Chrome, Firefox extensions in widespread ad fraud campaign

    The scammers are using malicious browser extensions— a tried and tested fraud tactic — to inject bogus advertisements into the results displayed on a search engine page. The more users who visit the fraudulent ad pages, the more money the perpetrators earn via a traffic-driven advertising program. Microsoft did not identify who was responsible for the attacks, or how much money they had netted.

  • Firefox Browser updated to 84.0.1 [in] PCLinuxOS

    The Mozilla Firefox browser has been updated to 84.0.1 and is a minor bug fix update. This update will appear in your Synaptic Package Manager if you are using Firefox.

  • David Humphrey: SnowyOwls.ca

    But as the snow begins to fall each December, my attention turns to another owl: the Snowy Owl. Normally at this time of year I'm seeing Snowy Owls on my long commutes to and from work. With COVID, I'm not out driving anymore, and as such, I'm not having as easy a time finding them.

    I decided that this year's marking-side-project would be a tool to help people find Snowy Owls near where they live. I've long wanted to play with eBird and the eBird API, and hoped that I could get recent sighting data this way. To use the eBird API, you have to create an account and then request an API key. After that you can do all sorts of interesting queries to get current or historical data about sightings by species, region, or location.

    [...]

    As we enter our tenth month of the pandemic, I wanted to make something for the current moment. Christmas won't be the same this year: we won't be able to celebrate or visit our parents, siblings, or their families; I can't get together with any friends for a meal; and many of the usual traditions our family has are off the table. I'm sad at all of it.

    I can't fix any of this, but I wanted to do something to give some small bit of joy over the holidays. While the pandemic forces us to avoid each other, we're still allowed to go outside, to drive in the country, to walk in the park or along the shoreline, and to look for Snowy Owls.

    As I was finishing up the app's code, I noticed that a new owl had been spotted 15 minutes from our house. My wife and I drove off into the falling snow in search of it, creeping along an old fence line stretched across a farmer's field. It was really beautiful to be out, to be hopeful, and to be focused on what is yet to come.

Web Browsers: Brave, Web Surveillance and Mozilla

Filed under
Moz/FF
Web
  • What is Brave browser’s market share [Ed: Those are not legitimate measures.

    How large is the Brave browser’s market share in the browser wars? A slew of technical hurdles make it difficult to count Brave’s user base, so no one has shared any market share analysis numbers that include Brave. Until now.

    [...]

    Brave blocks the tracking scripts from these two companies by default, so its users are excluded from these datasets.

  • Kartikaya Gupta: 9 years and change

    I should probably note here that November 20 was my last day as a Mozilla employee. In theory, that shouldn't really change much, given the open-source nature of Mozilla. In practice, of course, it does. I did successfully set up a non-staff account and migrate things to that, so I still retain some level of access. I intend to continue contributing; however, my contributions will likely be restricted to things that don't require paging in huge chunks of code, or require large chunks of time. In other words, mostly cleanup-type stuff, or smaller bugfixes/enhancements.

    [...]

    Working at Mozilla was in many ways a dream come true. It was truly an honour to work alongside so many world-class engineers, on so many different problems. I'm going to miss it, for sure, but I am also excited to see what the future holds.

  • Mozilla Firefox Appears Ready To Enable AVIF Image Handling Support By Default

    It looks like Mozilla Firefox very soon will be enabling support for AVIF as the image format based on AV1 video coding.

    Google added support for AVIF to Chrome/Chromium earlier this year and shipped with Chrome 85. There has been other industry adoption as well around AVIF images, even by the likes of Microsoft with Windows. Now in an upcoming Firefox release, AVIF image support will be present too.

Syndicate content

More in Tux Machines

Proprietary Software and Digital Restrictions (DRM)

  • GitHub still won’t explain if it fired someone for saying ‘Nazi,’ and employees are pissed

    The current conflict began the day of the riots in Washington, DC when a Jewish employee told co-workers: “stay safe homies, nazis are about.” Some colleagues took offense to the language, although neo-Nazi organizations were, in fact, present at the riots. One engineer responded: “This is untasteful conduct for workplace [in my opinion], people have the right to protest period.”

  • Amazon Web Services opens first office in Greece

    It said services covered areas from big data analytics and mobile, web and social media applications to enterprise business applications and the internet of things.

  • Critical Microsoft Defender Bug Actively Exploited; Patch Tuesday Offers 83 Fixes

    Researchers believe the vulnerability, tracked as CVE-2021-1647, has been exploited for the past three months and was leveraged by hackers as part of the massive SolarWinds attack. Last month, Microsoft said state-sponsored hackers had compromised its internal network and leveraged additional Microsoft products to conduct further attacks.

    Affected versions of Microsoft Malware Protection Engine range from 1.1.17600.5 to 1.1.17700.4 running on Windows 10, Windows 7 and 2004 Windows Server, according to the security bulletin.

  • Making Clouds Rain :: Remote Code Execution in Microsoft Office 365

    TL;DR; This post is a story on how I found and exploited CVE-2020-168751, a remote code execution vulnerability in Exchange Online and bypassed two different patches for the vulnerability. Exchange Online is part of the Office 365 suite that impacted multiple cloud servers operated by Microsoft that could have resulted in the access to millions of corporate email accounts.

  • Dropbox lays off 11% of its workforce as COO departs

    Dropbox in November provided revenue guidance of $497 million to $499 million for the fourth quarter. The company said at the time that it’s aiming to achieve margins of 28% to 30% in the long term.

  • Technical Error 'Saw 150,000 U.K. Police Records Wiped' From Databases

    Police have been asked to assess if there is a threat to public safety after it was revealed that thousands of police records were deleted in error, including data on fingerprints, DNA, and arrest histories.

    The error, first reported in the Times, saw 150,000 files lost, with fears it could mean offenders go free. A coding error is thought to have caused the earmarking of the files for deletion.

    The U.K. Home Office said the lost entries related to people who were arrested and then released without further action and no records of criminal or dangerous people had been deleted. Home secretary Priti Patel is now under pressure to explain the mistake, which the opposition Labour party said "presents huge dangers" for public safety.

  • January 2021 Linux Foundation Newsletter: Bootcamp Sale, SolarWinds Orion, New Kubernetes & WebAssembly Classes, LFX Webinar Series
  • How I hijacked the top-level domain of a sovereign state

    Note: This issue has been resolved and the .cd ccTLD no longer sends NS delegations to the compromised domain.

    TL;DR: Imagine what could happen if the country-code top-level domain (ccTLD) of a sovereign state fell into the wrong hands. Here’s how I (@Almroot) bought the domain name used in the NS delegations for the ccTLD of the Democratic Republic of Congo (.cd) and temporarily took over 50% of all DNS traffic for the TLD that could have been exploited for MITM or other abuse.

  • Apple begins blocking M1 Mac users from side loading iPhone and iPad applications

    As a refresher, Apple Silicon Macs allow users to run iOS and iPad applications on their Mac, but developers can opt out of allowing their apps to be installed on the Mac. This is the path that many developers have taken, making the necessary change in App Store Connect to remove their app from the Mac App Store.

    But with that being said, until today, you could manually install iOS apps like Netflix, Instagram, and Facebook on an M1 Mac by using their respective IPA files downloaded under a valid Apple ID. Many people were using tools such as iMazing to complete this process.

    9to5Mac has now confirmed that, starting today, this is no longer possible unless the application is available on the Mac App Store. Apple has flipped the necessary sever-side switch to block iPhone and iPad applications from being installed on Apple Silicon Macs.

  • Apple is blocking Apple Silicon Mac users from sideloading iPhone apps

    Apple has turned off users’ ability to unofficially install iOS apps onto their M1 Macs (via 9to5Mac). While iOS apps are still available in the Mac App Store, many apps, such as Dark Sky and Netflix, don’t have their developer’s approval to be run on macOS. Up until now, there was a workaround that allowed the use of third-party software to install the apps without having to use the Mac App Store, but it seems like Apple has remotely disabled it.

    When we tried to install an unsupported app on an M1 Mac running macOS 11.1, we got an error message saying that we couldn’t install it and should “try again later”. You can see a screenshot at the top of this article.

  • Apple TV Plus Free Subscriptions Extended Again, This Time Through July 2021

    The tech giant is extending the free-access period for Apple TV Plus customers who have signed up through its 12-month free subscription offer through July 2021. That’s after it had previously pushed that gratis period to February. So if you were among the first to take the one-year-free deal back in November 2019, that’s turned into 21 months free of Apple TV Plus.

  • Spotify Enters Settlement Talks With PRO Music Rights Founder Jake P. Noch

    But a new legal filing, shared with DMN this afternoon, reveals that Spotify and Noch have officially entered settlement talks. The involved parties “jointly” moved for a 60-day stay, “including discovery and all deadlines,” so that they can “attempt to negotiate a resolution of this matter,” the three-page-long document (dated January 13th, 2021) indicates.

    Furthermore, the filing specifies that Sosa Entertainment, Jake P. Noch, and Spotify “have recently made progress towards a potential resolution of the litigation.” The joint motion doesn’t elaborate upon the terms of this possible agreement – though Noch said in a statement that he’s eager to begin working towards an “excellent resolution” in earnest.

  • The FSF fights for your right to repair

    It is this example of automated vehicles that served as inspiration for the FSF's animated video Fight to Repair.

    However, any technology we use could potentially be co-opted by the proprietary, DRM-controlled subscription model Tesla and the tractor manufacturers are proposing. Imagine your "smart home" having a broken lock, or worse, being broken into, and not having the control, or the simple right to repair the bug. Countless other examples can be found showing us that the key to a free future is the right to repair. We need to fight for a future in which the software used is free in order to maintain ownership and control not only over our technology, but over our lives.

Debian Developers: Christian Kastner, Junichi Uekawa, and Michael Prokop

  • Christian Kastner: Keeping your Workstation Silent

    I've tried numerous coolers in the past, some of monstrous proportions (always thinking that more mass must be better, and reputable brands are equally good), but I was never really satisfied; hence, I was doubtful that trying yet another cooler would make a difference. I'm glad I tried the Noctua NH-D15 anyway. With some tweaking to the fan profile in the BIOS, it's totally inaudible at normal to medium workloads, and just a very gentle hum at full load—subtle enough to disappear in the background. For the past decade, I've also regularly purchased sound-proofed cases, but this habit appears anachronistic now. Years ago, sound-proofed cases helped contain the noise of a few HDDs. However, all of my boxes now contain NVMe drives (which, to me, are the biggest improvement to computing since CPUs going multi-core). On the other hand, some of my boxes now contain powerful GPUs used for GPGPU computing, and with the recent higher-end Nvidia and AMD cards all pulling in over 300W, there is a lot of heat to manage. The best way to quickly dump heat is with good airflow. Sound-proofing works against that. Its insulation restricts airflow, which ultimately causes even more noise, as the GPU's fans need to spin at very high RPMs. This is, of course, totally obvious in hindsight.

  • Junichi Uekawa: It's been 20 years since I became a Debian Developer.

    It's been 20 years since I became a Debian Developer. Lots of fun things happened, and I think fondly of the team. I am no longer active for the past 10 years due to family reasons, and it's surprising that I have been inactive for that long. I still use Debian, and I still participate in the local Debian meetings.

  • Michael Prokop: Revisiting 2020

    Mainly to recall what happened last year and to give thoughts and plan for the upcoming year(s) I’m once again revisiting my previous year (previous editions: 2019, 2018, 2017, 2016, 2015, 2014, 2013 + 2012). Due to the Coronavirus disease (COVID-19) pandemic, 2020 was special™ for several reasons, but overall I consider myself and my family privileged and am very grateful for that. In terms of IT events, I planned to attend Grazer Linuxdays and DebConf in Haifa/Israel. Sadly Grazer Linuxdays didn’t take place at all, and DebConf took place online instead (which I didn’t really participate in for several reasons). I took part in the well organized DENOG12 + ATNOG 2020/1 online meetings. I still organize our monthly Security Treff Graz (STG) meetups, and for half of the year, those meetings took place online (which worked OK-ish overall IMO). Only at the beginning of 2020, I managed to play Badminton (still playing in the highest available training class (in german: “Kader”) at the University of Graz / Universitäts-Sportinstitut, USI). For the rest of the year – except for ~2 weeks in October or so – the sessions couldn’t occur. Plenty of concerts I planned to attend were cancelled for obvious reasons, including the ones I would have played myself. But I managed to attend Jazz Redoute 2020 – Dom im Berg, Martin Grubinger in Musikverein Graz and Emiliano Sampaio’s Mega Mereneu Project at WIST Moserhofgasse (all before the corona situation kicked in). The concert from Tonč Feinig & RTV Slovenia Big Band occurred under strict regulations in Summer. At the beginning of 2020, I also visited Literaturshow “Roboter mit Senf” at Literaturhaus Graz.

Games: Familiars.io, Valve and Godot

  • Familiars.io is a MMO monster catching game where the creatures have permadeath

    Well this is quite unusual. You've played monster catching games before but not like this. Familiars.io put a fresh spin on it all and it's quite ingenious. Developed as a pixel-art retro-looking browser game, it's super accessible since you can play it on pretty much anything that can run some simple graphics in a browser window. It's an MMO too, so you can join up with others and chill out. When you want to, go off and catch some monsters, engage is some PvP and perhaps find a new favourite game waiting for you.

  • What we expect to come from Valve to help Linux gaming in 2021 | GamingOnLinux

    By now you've probably heard either through us in our previous article or elsewhere that Valve are cooking something up to help Linux gaming even further. We have an idea on what one part of it is. Valve already do quite a lot. There's the Steam Play Proton compatibility layer, the new container runtime feature to have Linux games both natively supported and Windows games in Proton run through a contained system to ensure compatibility, their work on Mesa drivers and much more. In Valve's review of Steam in 2020 that we covered in the link above, one thing caught our eye and has been gaining attention. Valve mentioned for 2021 they will be "putting together new ways for prospective users to get into Linux gaming and experience these improvements" so what exactly does that mean? Well, a big part of that might have already been suggested directly.

  • Godot Engine - Dev snapshot: Godot 3.2.4 beta 6

    While our main focus stays on the 4.0 branch, the current stable 3.2 branch is receiving a lot of great improvements, and the upcoming 3.2.4 release is going to be packed with many new features.

Zeroshell 3.9.5 Released

Zeroshell 3.9.5 is ready. In this release TLS 1.0 has been disabled and TLS 1.2 enabled for HTTPS. This improves security and compatibility with new browser releases. Read more