Language Selection

English French German Italian Portuguese Spanish

Moz/FF

Chromium/Mozilla Firefox: Chrome 78 Beta, Keygen Setback and iframes

Filed under
Google
Moz/FF
Web
  • Chrome 78 Beta: a new Houdini API, native file system access and more

    Unless otherwise noted, changes described below apply to the newest Chrome Beta channel release for Android, Chrome OS, Linux, macOS, and Windows. Find more information about the features listed here through the provided links or from the list on ChromeStatus.com. Chrome 78 is beta as of September 19, 2019.

  • Chrome 78 Hits Beta With Native File System API, Much Faster WebSockets

    Google on Friday released the Chrome 78 web-browser beta following last week's release of Chrome 77.

    Chrome 78 Beta is coming with a new Houdini API or more formally known as the CSS Properties and Values API Level 1, which lets developers register variables as fully custom CSS properties and can better handle animations and other use-cases.

  • Firefox 69 dropped support for <keygen>

    With version 69, firefox removed the support for the <keygen> feature to easily deploy TLS client certificates.
    It's kind of sad how used I've become to firefox giving me less and less reasons to use it...

  • [Mozilla] Restricting third-party iframe widgets using the sandbox attribute, referrer policy and feature policy

    Adding third-party embedded widgets on a website is a common but potentially dangerous practice. Thankfully, the web platform offers a few controls that can help mitigate the risks. While this post uses the example of an embedded SurveyMonkey survey, the principles can be used for all kinds of other widgets.

    Note that this is by no means an endorsement of SurveyMonkey's proprietary service. If you are looking for a survey product, you should consider a free and open source alternative like LimeSurvey.

Mozilla Leftovers

Filed under
Moz/FF
  • Mozilla Localization (L10N): L10n Report: September Edition

    Please note some of the information provided in this report may be subject to change as we are sometimes sharing information about projects that are still in early stages and are not final yet.

  • Will Kahn-Greene: Markus v2.0.0 released! Better metrics API for Python projects.

    Markus is a Python library for generating metrics.

  • This Week In Rust: This Week in Rust 304

    Hello and welcome to another issue of This Week in Rust! Rust is a systems language pursuing the trifecta: safety, concurrency, and speed. This is a weekly summary of its progress and community. Want something mentioned? Tweet us at @ThisWeekInRust or send us a pull request. Want to get involved? We love contributions.

  • Mozilla VR Blog: Virtual identities in Hubs

    Identity is a complicated concept—who are we really? Most of us have government IDs that define part of our identity, but that’s just a starting point. We present ourselves differently depending on context—who we are with our loved ones might not be the same as who we are at work, but both are legitimate representations of ourselves.

    Virtual spaces make this even harder. We might maintain many virtual identities with different degrees of overlap. Having control over our representation and identity online is a critical component of safety and privacy, and platforms should prioritize user agency.

    More importantly, autonomy and privacy are intrinsically intertwined. If everyone saw my google searches, I would probably change what I search for. If I knew my employer could monitor my interactions when I’m not at work, I would behave differently. Privacy isn’t just about protecting information about myself, it’s about allowing me to express myself.

Mozilla: The Rust Programming Language and Firefox Releases

Filed under
Moz/FF
  • The Rust Programming Language Blog: Upcoming docs.rs changes

    On September 30th breaking changes will be deployed to the docs.rs build environment. docs.rs is a free service building and hosting documentation for all the crates published on crates.io. It's open source, maintained by the Rustdoc team and operated by the Infrastructure team.

  • Flatulence, Crystals, and Happy Little Accidents

    The recording of my Rust Conf talk on algorithmic art and pen plotters is up on YouTube!

    [...]

    I really enjoyed giving this talk, and I think it went well. I want more creative coding, joy, surprise, and silliness in the Rust community. This talk is a small attempt at contributing to that, and I hope folks left inspired.

  • You'll get a new Firefox each month in 2020 as Mozilla speeds up releases

    Mozilla will turn the Firefox crank faster in 2020, releasing a new version of its web browser every four weeks instead of every six. If you're using the browser, the change should deliver new features to you faster since there will be less waiting between when developers build them and when they arrive.

    "In recent quarters, we've had many requests to take features to market sooner. Feature teams are increasingly working in sprints that align better with shorter release cycles. Considering these factors, it is time we changed our release cadence," Firefox team members Ritu Kothari and Yan Or said in a blog post Tuesday. "Shorter release cycles provide greater flexibility to support product planning and priority changes due to business or market requirements."

Moving Firefox to a faster 4-week release cycle

Filed under
Moz/FF

We typically ship a major Firefox browser (Desktop and Android) release every 6 to 8 weeks. Building and releasing a browser is complicated and involves many players. To optimize the process, and make it more reliable for all users, over the years we’ve developed a phased release strategy that includes ‘pre-release’ channels: Firefox Nightly, Beta, and Developer Edition. With this approach, we can test and stabilize new features before delivering them to the majority of Firefox users via general release.

And today we’re excited to announce that we’re moving to a four-week release cycle! We’re adjusting our cadence to increase our agility, and bring you new features more quickly. In recent quarters, we’ve had many requests to take features to market sooner. Feature teams are increasingly working in sprints that align better with shorter release cycles. Considering these factors, it is time we changed our release cadence.

Starting Q1 2020, we plan to ship a major Firefox release every 4 weeks. Firefox ESR release cadence (Extended Support Release for the enterprise) will remain the same. In the years to come, we anticipate a major ESR release every 12 months with 3 months support overlap between new ESR and end-of-life of previous ESR. The next two major ESR releases will be ~June 2020 and ~June 2021.

Read more

Mozilla: Media and Truth, Security and More

Filed under
Moz/FF
  • Examining AI’s Effect on Media and Truth

    Today, one of the biggest issues facing the internet — and society — is misinformation.

    It’s a complicated issue, but this much is certain: The artificial intelligence (AI) powering the internet is complicit. Platforms like YouTube and Facebook recommend and amplify content that will keep us clicking, even if it’s radical or flat out wrong.

    Earlier this year, Mozilla called for art and advocacy projects that illuminate the role AI plays in spreading misinformation. And today, we’re announcing the winners: Eight projects that highlight how AI like machine learning impacts our understanding of the truth.

  • Mozilla Open Policy & Advocacy Blog: Governments should work to strengthen online security, not undermine it

    On Friday, Mozilla filed comments in a case brought by Privacy International in the European Court of Human Rights involving government “computer network exploitation” (“CNE”)—or, as it is more colloquially known, government hacking.

    While the case focuses on the direct privacy and freedom of expression implications of UK government hacking, Mozilla intervened in order to showcase the further, downstream risks to users and internet security inherent in state CNE. Our submission highlights the security and related privacy threats from government stockpiling and use of technology vulnerabilities and exploits.

    Government CNE relies on the secret discovery or introduction of vulnerabilities—i.e., bugs in software, computers, networks, or other systems that create security weaknesses. “Exploits” are then built on top of the vulnerabilities. These exploits are essentially tools that take advantage of vulnerabilities in order to overcome the security of the software, hardware, or system for purposes of information gathering or disruption.

    When such vulnerabilities are kept secret, they can’t be patched by companies, and the products containing the vulnerabilities continue to be distributed, leaving people at risk. The problem arises because no one—including government—can perfectly secure information about a vulnerability. Vulnerabilities can be and are independently discovered by third parties and inadvertently leaked or stolen from government.

  • Time for some project updates

    I’m going to begin with some of the less-loved things I’ve been working on, partially in an attempt to motivate some forward-motion on things that I believe are rather important to Mozilla.

Mozilla's Privacy Words/Promises

Filed under
Moz/FF
  • Creating privacy-centric virtual spaces

    We now live in a world with instantaneous communication unrestrained by geography. While a generation ago, we would be limited by the speed of the post, now we’re limited by the speed of information on the Internet. This has changed how we connect with other people.

    As immersive devices become more affordable, social spaces in virtual reality (VR) will become more integrated into our daily lives and interactions with friends, family, and strangers. Social media has enabled rapid pseudonymous communication, which can be directed at both a single person and large groups. If social VR is the next evolution of this, what approaches will result in spaces that respect user identities, autonomy, and safety?

    We need spaces that reflect how we interact with others on a daily basis.

  • Mozilla previews Firefox VPN, will charge for service at some point

    Mozilla has not hidden its desire to branch into new revenue territories to divest from the more-or-less-single-source of search engine royalties. In June, CEO Chris Beard and other Mozilla officials said that paid service subscriptions would roll out this fall, but assured users that the browser itself would remain free of charge. The VPN could be the first of several paid services pitched to Firefox users, or part of a larger all-in-one package; Mozilla hasn't been clear about the form(s) this new revenue stream may take.

    Nor did Wood say how long her team will test Firefox Private Network. However, she did position this iteration of Test Pilot differently than before. "The difference with the newly relaunched Test Pilot program is that these products and services may be outside the Firefox browser, and will be far more polished, and just one step shy of general public release," she said.

  • Encrypted DNS could help close the biggest privacy gap on the Internet. Why are some groups fighting against it?

    Thanks to the success of projects like Let’s Encrypt and recent UX changes in the browsers, most page-loads are now encrypted with TLS. But DNS, the system that looks up a site’s IP address when you type the site’s name into your browser, remains unprotected by encryption.

    Because of this, anyone along the path from your network to your DNS resolver (where domain names are converted to IP addresses) can collect information about which sites you visit. This means that certain eavesdroppers can still profile your online activity by making a list of sites you visited, or a list of who visits a particular site. Malicious DNS resolvers or on-path routers can also tamper with your DNS request, blocking you from accessing sites or even routing you to fake versions of the sites you requested.

Mozilla: Firefox Sending DNS Traffic to Cloudflare, Shepherds 3.0

Filed under
Moz/FF
    Turn off DoH, Firefox. Now.

    DoH means that Firefox will concentrate all DNS traffic on Cloudflare, and they send traffic from all their users to one entity. So what does that mean? It means people outside the US can now be fully tracked by US government: now some of you might wonder if this is actually in line with GDPR (The EU General Data Protection Regulation). It is indeed very questionable if DoH is rolled out as default, since users do NOT opt in, but have to opt out.

  • DoH disabled by default in Firefox

    Disable DoH by default. While encrypting DNS might be a good thing, sending all DNS traffic to Cloudflare by default is not a good idea. Applications should respect OS configured settings. The DoH settings still can be overriden if needed. ok landry@ job@

  • Niko Matsakis: AiC: Shepherds 3.0

    What I’m proposing, at its heart, is very simple. I want to better document the “agenda” of the lang-team. Specifically, if we are going to be moving a feature forward1, then it should have a shepherd (or multiple) who is in charge of doing that.

    In order to avoid unbounded queues, the number of things that any individual can shepherd should be limited. Ideally, each person should only shepherd one thing at a time, though I don’t think we need to make a firm rule about it.

    Becoming a shepherd is a commitment on the part of the shepherd. The first part of the lang team meeting should be to review the items that are being actively shepherded and get any updates. If we haven’t seen any movement in a while, we should consider changing the shepherd, or officially acknowleding that something is stalled and removing the shepherd altogether.

    Assigning a shepherd is a commitment on the part of the rest of the lang-team as well. Before assigning a shepherd, we should discuss if this agenda item is a priority. In particular, if someone is shepherding something, that means we all agree to help that item move towards some kind of completion. This means giving feedback, when feedback is requested. It means doing the work to resolve concerns and conflicts. And, sometimes, it will mean giving way. I’ll talk more about this in a bit.

Firefox Reality 1.4

Filed under
Moz/FF

With this release, we’re excited to announce that users can enjoy browsing in multiple windows side-by-side. Each window can be set to the size and position of your choice, for a super customizable experience.

And, by popular demand, we’ve enabled local browsing history, so you can get back to sites you've visited before without typing. Sites in your history will also appear as you type in the search bar, so you can complete the address quickly and easily. You can clear your history or turn it off anytime from within Settings.

The Content Feed also has a new and improved menu of hand-curated “Best of WebVR” content for you to explore. You can look forward to monthly updates featuring a selection of new content across different categories including Animation, Extreme (sports/adrenaline/adventure), Music, Art & Experimental and our personal favorite way to wind down a day, 360 Chill.

Read more

Internet: New Curl, Chrome and Firefox Features

Filed under
Google
Moz/FF
Web
  • Daniel Stenberg: curl 7.66.0 – the parallel HTTP/3 future is here

    I personally have not done this many commits to curl in a single month (August 2019) for over three years. This increased activity is of course primarily due to the merge of and work with the HTTP/3 code. And yet, that is still only in its infancy…

  • Chrome 77 Released With Serial API, WebVR 1.1 & Any Element Can Provide Form Data

    Google has rolled out Chrome 77 into their stable channel as the newest version of their lightning fast web browser for Linux.

    Chrome 77 now supports any HTML element providing form data via the "formdata" event, various security improvements, a Serial API for interacting with devices connected to physical or virtual serial ports, WebVR 1.1 support, tab sharing between devices, and a variety of other improvements.

  • Chrome for Android Update

    Hi, everyone! We've just released Chrome 77 (77.0.3865.73) for Android: it'll become available on Google Play over the next few weeks.

  • Chrome 77 for Mac, Windows rolling out: ‘Send this page’ sharing, new favicon animation, more

    Google is rolling out the latest version of Chrome for Mac, Windows, and Linux. Chrome 77 more widely introduces the “Send this page” cross-device sharing...

  • Google Chrome 77 Is Out for Linux, Android, Windows & Mac with 52 Security Fixes

    Google has promoted the Chrome 77 web browser to the stable channel for all supported platforms, including Linux, Android, Windows, and Mac.
    Google Chrome 77 introduces several performance enhancements to speed up your browsing experience, including new performance metrics that helps web developers measure how fast the content of a web page loads so you can access it faster than ever, as well as new form capabilities to support custom form controls.

    "It has not always been easy for developers to measure how quickly the main content of a web page loads and is visible to users. The usefulness of existing metrics varies. Some metrics are only measurable in a lab, while others tell nothing about content that users care about. Consider the example below, taken from a DevTools performance audit," said Google.

    Additionally, Google Chrome 77 introduces new origin trials that lets you to try new Chrome features before they are released and give feedback to the web standards community on their usability, effectiveness, and practicality. Users will be able to register for the origin trials here.

  • Google Unveils DNS-over-HTTPS (DoH) Plan, Mozilla's Faces Criticism

    Google has announced that they would soon be performing a trial of utilizing DNS-over-HTTPS (DoH) in the Google Chrome browser. This experiment will be conducted in Chrome 78 and will attempt to upgrade a user's DNS server to a corresponding DoH server, and if available, use that for DNS resolution.

    For those unfamiliar with DoH, it allows DNS resolution to be conducted over encrypted HTTPS connections rather than through the normal plain text DNS lookups.

  • Mozilla Reps Community: Rep of the Month – July 2019

    Please join us in congratulating Bhuvana Meenakshi Koteeswaran, Rep of the Month for July 2019!

    Bhuvana is from Salem, India. She joined the Reps program at the end of 2017 and since then she has been involved with Virtual and Augmented Reality projects.

Mozilla: Copyright Alternative in Small Claims Enforcement (CASE), VR, Security and Privacy

Filed under
Moz/FF
  • Mozilla Open Policy & Advocacy Blog: CASE Act Threatens User Rights in the United States

    This week, the House Judiciary Committee is expected to mark up the Copyright Alternative in Small Claims Enforcement (CASE) Act of 2019 (H.R. 2426). While the bill is designed to streamline the litigation process, it will impose severe costs upon users and the broader internet ecosystem. More specifically, the legislation would create a new administrative tribunal for claims with limited legal recourse for users, incentivizing copyright trolling and violating constitutional principles. Mozilla has always worked for copyright reform that supports businesses and internet users, and we believe that the CASE Act will stunt innovation and chill free expression online. With this in mind, we urge members to oppose passage of H.R. 2426.

    First, the tribunal created by the legislation conflicts with well-established separation of powers principles and limits due process for potential defendants. Under the CASE Act, a new administrative board would be created within the Copyright Office to review claims of infringement. However, as Professor Pamela Samuelson and Kathryn Hashimoto of Berkeley Law point out, it is not clear that Congress has the authority under Article I of the Constitution to create this tribunal. Although Congress can create tribunals that adjudicate “public rights” matters between the government and others, the creation of a board to decide infringement disputes between two private parties would represent an overextension of its authority into an area traditionally governed by independent Article III courts.

  • Mozilla VR Blog: WebXR emulator extension

    We are happy to announce the release of our WebXR emulator browser extension which helps WebXR content creation.

  • Firefox security tips: Understand how hackers work

    Forget about those hackers in movies trying to crack the code on someone’s computer to get their top secret files. The hackers responsible for data breaches usually start by targeting companies, rather than specific individuals. They want to get data from as many people as possible so they can use, resell or leverage it to make money.

  • Firefox’s Test Pilot Program Returns with Firefox Private Network Beta

    Like a cat, the Test Pilot program has had many lives. It originally started as an Add-on before we relaunched it three years ago. Then in January, we announced that we were evolving our culture of experimentation, and as a result we closed the Test Pilot program to give us time to further explore what was next.

    We learned a lot from the Test Pilot program. First, we had a loyal group of users who provided us feedback on projects that weren’t polished or ready for general consumption. Based on that input we refined and revamped various features and services, and in some cases shelved projects altogether because they didn’t meet the needs of our users. The feedback we received helped us evaluate a variety of potential Firefox features, some of which are in the Firefox browser today.

    If you haven’t heard, third time’s the charm. We’re turning to our loyal and faithful users, specifically the ones who signed up for a Firefox account and opted-in to be in the know about new products testing, and are giving them a first crack to test-drive new, privacy-centric products as part of the relaunched Test Pilot program. The difference with the newly relaunched Test Pilot program is that these products and services may be outside the Firefox browser, and we will be far more polished, and just one step shy of general public release.

  • In the US? You Can Try Firefox’s New VPN Feature

    Not only has Mozilla suddenly revived its (much missed) Test Pilot program, but it’s using it to check the tyres on a really interesting new feature: a VPN.

    The new Test Pilot site is currently home to ‘Firefox Private Network’, a beta product that, the company says, is near release.

Syndicate content

More in Tux Machines

today's howtos

Best free Linux firewalls of 2019: go beyond Iptables for desktops and servers

Linux distros will often come with at least a basic firewall bundled with it. Often this won't be active by default so will need to be activated. Additionally this will likely be the standard Iptables supplied, even though less experienced users may struggle with it. UFW - Uncomplicated Firewall is also bundled with some distros, and aims to make the process simpler. However, there are distros and applications out there that can cater for the more advanced user and the less experienced one, making it easier to setup and configure a firewall that works for your needs. Some, like ClearOS build it directly into the operating system as part of its security focus, but most other options would be applications that aim to block rogue IPs, monitor ports, and prevent otherwise prevent bad packets from interfering with your machine. For most home users there are few actual settings that need to be customized, so simple apps can be popular, but for those looking to manage their machine as a server, additional controls and advanced command options will tend to be the more welcome. Read more

GNU Parallel 20190922 ('Stallman') released

GNU Parallel 20190922 ('Stallman') has been released. It is available for download at: http://ftpmirror.gnu.org/parallel/ GNU Parallel is 10 years old next year on 2020-04-22. You are here by invited to a reception on Friday 2020-04-17. Read more

Top 20 Best NodeJs Frameworks For Developers in 2019

Over the past few years, the use of web applications has increased to a vast extent. Developers have been looking for such a platform that is both advanced and provides flexibility to develop a variety of web applications. NodeJs Frameworks have earned the credit to be the top selection by the developers. You wanna know why? It is because of the capability to build smart, scalable server-side network-based applications. Read more