Language Selection

English French German Italian Portuguese Spanish

Moz/FF

Review of Firefox “Fenix” for Android

Filed under
Android
Moz/FF
Reviews

Mozilla has begun a staged roll-out of its redesigned and rearchitected Firefox browser for Android (codename “Fenix”). So far, Fenix has only been released in 14 countries through the Google Play Store. Here’s my review of Mozilla’s new flagship mobile browser as a long-time user and as an extension developer.

Fenix’s user interface is minimal, but it represents a large amount of work under the hood. It’s built on GeckoView and Mozilla Android Components (MOZAC); a set of reusable components for mobile app developers that makes it easier to build a web browser based on Mozilla technology. These components are a modernization of the old codebase as well as a direct competitor to WebView — the web engine that’s built-in to Android, as well as Google’s ChromiumView.

Read more

Mozilla: SameSite, SUMO, Firefox and More

Filed under
Moz/FF

           

  • Changes to SameSite Cookie Behavior – A Call to Action for Web Developers

    We are changing the default value of the SameSite attribute for cookies from None to Lax, per new IETF guidelines. This will greatly improve security for users. However, some web sites may depend (even unknowingly) on the old default, potentially resulting in breakage for those sites. At Mozilla, we are slowly introducing this change. And we are strongly encouraging all web developers to test their sites with the new default.

    [...]

    Testing in the Firefox Nightly and Beta channels has shown that website breakage does occur. While we have reached out to those sites we’ve encountered and encouraged them to set the SameSite attribute on their web properties, the web is clearly too big to do this on a case-by-case basis.

    It is important that all web developers test their sites against this new default. This will prepare you for when both Firefox and Chrome browsers make the switch in their respective release channels.

  •         

  • New platform milestone completed: Python upgrade

    In 2020 a lot of the SUMO platform’s team work is focused on modernizing our support platform (Kitsune) and performing some foundational work that will allow us to grow and expand the platform. We have started this in H1 with the new Responsive and AAQ redesign. Last week we completed a new milestone: the Python/Django upgrade.

    Why was this necessary

    Support.mozilla.org was running on Python 2.7, meaning our core technology stack was running on a no longer supported version. We needed to upgrade to at least 3.7 and, at the same time, upgrade to the latest Django Long Term Support (LTS) version 2.2.

  •        

  • Firefox 79 includes protections against redirect tracking

    A little over a year ago we enabled Enhanced Tracking Protection (ETP) by default in Firefox. We did so because we recognize that tracking poses a threat to society, user safety, and the autonomy of individuals and we’re committed to protecting users against these threats by default. ETP was our first step in fulfilling that commitment, but the web provides many covert avenues trackers can use to continue their data collection.

    Today’s Firefox release introduces the next step in providing a safer and more private experience for our users with Enhanced Tracking Protection 2.0, where we will block a new advanced tracking technique called redirect tracking, also known as bounce tracking. ETP 2.0 clears cookies and site data from tracking sites every 24 hours, except for those you regularly interact with. We’ll be rolling ETP 2.0 out to all Firefox users over the course of the next few weeks.

  •        

  • Fast Company Recognizes Katharina Borchert as one of the Most Creative Business People

    We are proud to share that Katharina Borchert, Mozilla’s Chief Open Innovation Officer, has been named one of the  Most Creative People by Fast Company. The award recognizes her leadership on Common Voice and helping to diversify AI speech through machine learning. Katharina was recognized not just for a groundbreaking idea, but because her work is having a measurable impact in the world.

    [...]

    The full list also includes vintner, Krista Scruggs, dancer and choreographer Twyla Tharp, and Ryan Reynolds: “for delivering an honest message, even when it’s difficult”.

    “‘This is a real honor,” said Katharina, “which also reflects the contributions of an incredible alliance of people at Mozilla and beyond. We have a way to go before the full promise of Common Voice is realized. But I’m incredibly inspired by the different communities globally building it together with Mozilla, because language is so important for our identities and for keeping cultural diversity alive in the digital age. Extending the reach of voice recognition to more languages can only open the doors to more innovation and make tech more inclusive.”

  •        

  • Latest Firefox rolls out Enhanced Tracking Protection 2.0; blocking redirect trackers by default

    Today, Firefox is introducing Enhanced Tracking Protection (ETP) 2.0, our next step in continuing to provide a safe and private experience for our users. ETP 2.0 protects you from an advanced tracking technique called redirect tracking, also known as bounce tracking. We will be rolling out ETP 2.0 over the next couple of weeks.

    Last year we enabled ETP by default in Firefox because we believe that understanding the complexities and sophistication of the ad tracking industry should not be required to be safe online. ETP 1.0 was our first major step in fulfilling that commitment to users. Since we enabled ETP by default, we’ve blocked 3.4 trillion tracking cookies. With ETP 2.0, Firefox brings an additional level of privacy protection to the browser.

    Since the introduction of ETP, ad industry technology has found other ways to track users: creating workarounds and new ways to collect your data in order to identify you as you browse the web. Redirect tracking goes around Firefox’s built-in third-party cookie-blocking policy by passing you through the tracker’s site before landing on your desired website. This enables them to see where you came from and where you are going.

  •        

  • Moth wants you to design a Firefox Theme for San Francisco Shock

    This summer we partnered with Overwatch League’s San Francisco Shock to help the fans at home cheer on their 2019 Grand Finals Champions. This included Firefox Protection Plays and giving viewers a behind-the-scenes look at a day in the life of the SF Shock players.

    Before the summer season ends, we wanted to do one last thing for the SF Shock team and their fans. One of the players, Moth, shared that Firefox is the only browser he uses. He learned about Firefox while studying software engineering in college. Firefox and Mozilla’s mission along with the open source ethos is what keeps him a loyal user. To celebrate that, we’re inviting SF Shock fans — and anyone else who might be interested — to design an original Firefox theme.

Mozilla: Rust 1.45.2 and Code Quality/Security

Filed under
Moz/FF
  • Announcing Rust 1.45.2

    The Rust team is announcing a new version of Rust, 1.45.2. Rust is a programming language that is empowering everyone to build reliable and efficient software.

  • Reference Sheet for Principals in Mozilla Code
  • Understanding Web Security Checks in Firefox (Part 1)

    This is the first part of a blog post series that will allow you to understand how Firefox implements Web Security fundamentals, like the Same-Origin Policy. This first post of the series covers the architectural design, terminology, and introduces core interfaces that our implementation of the Same-Origin Policy relies on: nsIPrincipal and nsILoadinfo.

Mozilla Thunderbird 78.1 Released with Full OpenPGP Support, Search in Preferences Tab

Filed under
Moz/FF
Web

Mozilla Thunderbird 78.1 is now rolling out today to all supported platforms as the first point release to the latest major Mozilla Thunderbird 78 release with a bunch of exciting new features.

As you know, Mozilla Thunderbird 78 arrived two weeks ago with many exciting changes, including OpenPGP support, new minimum runtime requirements for Linux systems, DM support for Matrix, a new, centralized Account Hub, Lightning integration, and support for the Red Hat Enterprise Linux 7 operating system series.

Probably the most exciting new feature in Mozilla Thunderbird 78 is support for the OpenPGP open standard of PGP encryption, which lets users send encrypted emails without relying on a third-party add-on. However, OpenPGP support wasn’t feature complete in the Thunderbird 78 release and it was disable by default.

With the Thunderbird 78.1 point release, Mozilla says that OpenPGP support is now feature complete, including the new Key Wizard, the ability to search online for OpenPGP keys, and many other goodies. But it’s still disable by default to allow more time for testing, so you need to enable it manually to take full advantage of the new Thunderbird release.

Read more

The Rust Programming Language Blog: Announcing Rust 1.45.1

Filed under
Development
Moz/FF

The Rust team is happy to announce a new version of Rust, 1.45.1. Rust is a programming language that is empowering everyone to build reliable and efficient software.

Read more

Mozilla: Firefox, Rust, Redox, Servo, Telecommunications and Other Legislation Amendment (TOLA), Open Technology Fund and Tor

Filed under
Moz/FF

  • Karl Dubost: Formatted console.log lines. Stacktraces export wish.

    When we select the console.log lines in Firefox devtools, and cut and paste in an editor, there are newline characters added to the output.

    [...]

    Silly idea of the day. This is not available right now in devtools, but I wish it was.

    Put two breakpoints in devtools.
    Run the code as record stacktrace in between these two targets
    export the stack trace as a json in a standard format in between these two breakpoints (do the same thing in another browser)
    Have a diff tool giving the possibility to explore the differences in between the two stack traces.

  • Rust-Written Redox OS Now Supports GDB Debugging

    For helping to debug more issues within the Rust-written Redox operating system, the GNU Debugger (GDB) is beginning to work well on the platform.

    Thanks to work being achieved during the Redox Summer of Code, the GDB debugger is beginning to work well enough on the platform that bugs are being evaluated with the popular GNU Debugger. In recent weeks it's been serving well for debugging the operating system's dynamic linker and issues with shared libraries.

  • This Week In Servo 134

    In the past week, we merged 69 PRs in the Servo organization’s repositories.

    The latest nightly builds for common platforms are available at download.servo.org.

    Servo has been successfully integrated into 3d Unity scenes as a 2d browser plugin.

  • Australian watchdog recommends major changes to exceptional access law TOLA

    Australia’s Independent National Security Legislation Monitor (INSLM) earlier this month released a 316-page report calling for significant, and much needed, reforms to the nation’s 2018 Telecommunications and Other Legislation Amendment (TOLA) law. The Parliamentary Joint Committee on Intelligence and Security (PJCIS) will meet later this month to consider the INSLM’s recommendations. While we still believe this dangerous law should be repealed, if enacted, these recommendations would go a long way in reducing the risk of this flawed piece of legislation.

    This legislation – which Mozilla has continually opposed – allows Australian authorities to force nearly all actors in the digital ecosystem (Designated Communications Providers or DCPs) to do “acts or things” with an explicit goal of weakening security safeguards. For example, under this law, using a Technical Assistance Notice (TAN), Australian authorities could force a company to turn over sensitive security information, or using a Technical Capability Notice (TCN), they could force a company to redesign its software.

    [...]

    Mozilla has been involved throughout the legislative process and the development of the INSLM’s report. We filed comments to the PJCIS in late 2018 and early 2019 warning of TOLA’s dangerous effects. Martin Thomson, Mozilla Distinguished Engineer, testified at a hearing held by the INSLM – which ultimately proceeded to quote a portion of Martin’s testimony in his final report. Moreover, our team has provided comments to the Australian Ministry of Communications, Cyber Safety & the Arts relating specifically to the significant security risks posed by TCNs. Our December 2019 cover letter to the INSLM contributing input to his report can be found here. A detailed list of Mozilla’s recommendations alongside related INSLM recommendations can be found here.

    The PJCIS will hold a hearing later this month to discuss the recommendations and likely begin the process of discussing amendments to TOLA. This presents the PJCIS with a unique opportunity to demonstrate leadership in defending individuals’ online privacy and security while enabling effective access to justice. The implementation of TOLA continues to pose serious privacy, security, and due process issues for both users and developers, and Mozilla will continue to oppose this law. In the event that the bill is not repealed, we strongly urge the involved MPs and Senators to adopt the INSLM’s recommendations which may help soften the blow of some of the law’s most damaging provisions.

  • The Open Technology Fund’s vital role for democracy worldwide should not be undermined

    The Open Technology Fund plays a vital role for democracy worldwide. That’s why Mozilla on Friday joined a friend of the court brief in support of the Open Technology Fund’s independence from government control as OTF’s case moves forward to the D.C. Circuit Court of Appeals.

    The Open Technology Fund is a U.S. government funded, independent nonprofit corporation with a mission to support development of open-source technologies that “increase free expression, circumvent censorship, and obstruct repressive surveillance as a way to promote human rights and open societies.” One such OTF-supported project is Tor Browser, which is built on the Firefox codebase and enables encrypted access to the web for anonymous browsing. Another is Let’s Encrypt, a free certificate authority enabling more secure web connections that began as a project of Mozilla, EFF, and the University of Michigan. These are invaluable tools not only to citizens of authoritarian regimes, but more broadly to internet users everywhere who rely on them to protect the privacy of their personal associations, communications, and interests.

  • New alpha release: Tor 0.4.4.3-alpha

    There's a new alpha release available for download. If you build Tor from source, you can download the source code for 0.4.4.3-alpha from the download page on the website. Packages should be available over the coming weeks, with a new alpha Tor Browser release by mid-August.

    Remember, this is an alpha release: you should only run this if you'd like to find and report more bugs than usual.

Mozilla Firefox 79 Is Now Available for Download with New Password Export Feature

Filed under
Moz/FF

The Mozilla Firefox 79 web browser is now available for download ahead of tomorrow’s official launch with a new password export fearture and various other improvements.

Firefox 79 entered public beta testing at the end of June 2020, shortly after Mozilla launched Firefox 78 as the newest ESR (Extended Support Release) series. Since then, the new release received a total of nine beta versions which brought just a handful of changes to out beloved web browser.

One of the coolest new features of the Firefox 79 release is the ability to export saved passwords and logins to a CSV file without having to install a third-party extension like FF Password Exporter, which I saw featured in numerous tutorials all over the Web.

Read more

Also Mozilla: A-localized work or distributed work

Mozilla: Flatpak, Extensions and VR

Filed under
Moz/FF

  • Firefox Beta via Flatpak

    What I've tried.

    Firefox beta as a snap. (Definitely easy to install. But not as quick and harder to use for managing files - makes it's own Downloads directory, etc)

    Firefox (stock) with custom AppArmor confinement. (Fun to do once, but the future is clearly using portals for file access, etc)

    Firefox beta as a Flatpak.

  • Extensions in Firefox 79

    To optimize resource usage, render information on inactive tabs is discarded. When Firefox anticipates that a tab will be activated, the tab is “warmed up”. Switching to it then feels much more instantaneous. With the new tabs.warmup function, tab manager extensions will be able to benefit from the same perceived performance improvements. Note this API does not work on discarded tabs and does not need to be called immediately prior to switching tabs. It is merely a performance improvement when the tab switch can be anticipated, such as when hovering over a button that when clicked would switch to the tab.

  • Mozilla VR Blog: A browser plugin for Unity

    Unity's development tools and engine are far and away the most common way to build applications for VR and AR today. Previously, we've made it possible to export web-based experiences from Unity. Today, we're excited to show some early work addressing the other way that Unity developers want to use the web: as a component in their Unity-based virtual environments.

    Building on our work porting a browser engine to many platforms and embedding scenarios, including as Firefox Reality AR for HoloLens 2, we have built a new Unity component based on Servo, a modern web engine written in the Rust language.

    The Unity engine has a very adaptable multi-platform plugin system with a healthy ecosystem of third-party plugins, both open-source and proprietary. The plugin system allows us to run OS-native modules and connect them directly to components executing in the Unity scripting environment.

Chrome and Firefox: Chrome 85 Beta, #StopHateForProfit in FB, Firefox 79 Credits and MDN Web Docs

Filed under
Google
Moz/FF
Web

  • Chrome 85: Upload Streaming, Human Interface Devices, Custom Properties with Inheritance and More

    Unless otherwise noted, changes described below apply to the newest Chrome beta channel release for Android, Chrome OS, Linux, macOS, and Windows. Learn more about the features listed here through the provided links or from the list on ChromeStatus.com. Chrome 85 is beta as of July 23, 2020.

  • Chrome 85 Beta Brings WebHID API For Better Gamepad Support, AVIF Image Decode

    Following the recent Chrome 84 stable release, Google has now promoted Chrome 85 to beta as their latest feature update to this cross-platform web browser.

    Chrome 85 Beta brings initial fetch upload streaming capabilities, the WebHID API is taking shape to improve gamepad support within web browsers, a declarative shadow DOM API is now available as an origin trial, and auto-upgrading of images served over HTTP from HTTPS sites.

  • Use your voice to #StopHateForProfit

    Facebook is still a place where it’s too easy to find hate, bigotry, racism, antisemitism and calls to violence.

    Today, we are standing alongside our partners in the #StopHateForProfit coalition and joining the global day of action to tell Facebook CEO Mark Zuckerberg: Enough is Enough.

  • Firefox 79 new contributors

    With the release of Firefox 79, we are pleased to welcome the 21 developers who contributed their first code change to Firefox in this release, 18 of whom were brand new volunteers!

  • MDN Web Docs: 15 years young

    On July 23, MDN Web Docs turned 15 years old. From humble beginnings, rising out of the ashes of Netscape DevEdge, MDN has grown to be one of the best-respected web platform documentation sites out there. Our popularity is growing, and new content and features arrive just about every day.

    When we turned 10, we had a similar celebration, talking about MDN Web Docs’ origins, history, and what we’d achieved up until then. Refer to MDN at ten if you want to go further back!

    In the last five years, we’ve broken much more ground. These days, we can boast roughly 15 million views per month, a comprehensive browser compatibility database, an active beginner’s learning community, editable interactive examples, and many other exciting features that didn’t exist in 2015. An anniversary to be proud of!

Web/WWW: WordPress and Mozilla

Filed under
Moz/FF
Web

  • Safely reviving shared memory (Mozilla Hacks)

    The Mozilla Hacks blog covers some recent Firefox changes that will allow code from web sites to use shared memory and high-resolution timers in a (hopefully) safe manner.

  • Hacks.Mozilla.Org: Safely reviving shared memory

    At Mozilla, we want the web to be capable of running high-performance applications so that users and content authors can choose the safety, agency, and openness of the web platform. One essential low-level building block for many high-performance applications is shared-memory multi-threading. That’s why it was so exciting to deliver shared memory to JavaScript and WebAssembly in 2016. This provided extremely fast communication between threads.

    However, we also want the web to be secure from attackers. Keeping users safe is paramount, which is why shared memory and high-resolution timers were effectively disabled at the start of 2018, in light of Spectre. Unfortunately, Spectre-attacks are made significantly more effective with high-resolution timers. And such timers can be created with shared memory. (This is accomplished by having one thread increment a shared memory location in a tight loop that another thread can sample as a nanosecond-resolution timer.)

  • Extension Spotlight: SponsorBlock for YouTube

    Have you ever been engrossed in music or a great video when YouTube suddenly interrupts your experience to inject an ad? It’s jarring and ruins the mood of any moment.

    [...]

    A new SponsorBlock feature offers the ability to skip different types of unwanted sections like intros, outros, and those incessant pleas to subscribe to the channel. Ajay says future plans involve developing distinct section categories that will allow users to submit labels for different parts of the video, in case you want to skip forward or back to certain spots.

    The SponsorBlock extension for Firefox is one of the more original content blockers we’ve seen developed in some time. It’s a perfect example of the creative problem-solving potential of browser extensions. So give SponsorBlock a spin and enjoy fewer interruptions while you let loose for your solo living room dance party set to YouTube music.

  • WordPress 5.5 Beta 3

    This software is still in development,so it’s not recommended to run this version on a production site. Consider setting up a test site to play with the new version.

    [...]

    WordPress 5.5 is slated for release on August 11th, 2020, and we need your help to get there!

    Thank you to all of the contributors who tested the beta 2 development release and gave feedback. Testing for bugs is a critical part of polishing every release and a great way to contribute to WordPress.

    [...]

    WordPress 5.5 has lots of refinements to polish the developer experience. To keep up, subscribe to the Make WordPress Core blog and pay special attention to the developers’ notes for updates on those and other changes that could affect your products.

Syndicate content

More in Tux Machines

5 reasons to run Kubernetes on your Raspberry Pi homelab

There's a saying about the cloud, and it goes something like this: The cloud is just somebody else's computer. While the cloud is actually more complex than that (it's a lot of computers), there's a lot of truth to the sentiment. When you move to the cloud, you're moving data and services and computing power to an entity you don't own or fully control. On the one hand, this frees you from having to perform administrative tasks you don't want to do, but, on the other hand, it could mean you no longer control your own computer. This is why the open source world likes to talk about an open hybrid cloud, a model that allows you to choose your own infrastructure, select your own OS, and orchestrate your workloads as you see fit. However, if you don't happen to have an open hybrid cloud available to you, you can create your own—either to help you learn how the cloud works or to serve your local network. Read more

today's howtos and leftovers

  • Linux commands for user management
  • CONSOOM All Your PODCASTS From Your Terminal With Castero
  • Install Blender 3D on Debian 10 (Buster)
  • Things To Do After Installing openSUSE Leap 15.2
  • GSoC Reports: Fuzzing Rumpkernel Syscalls, Part 2

    I have been working on Fuzzing Rumpkernel Syscalls. This blogpost details the work I have done during my second coding period.

  • Holger Levsen: DebConf7

    DebConf7 was also special because it had a very special night venue, which was in an ex-church in a rather normal building, operated as sort of community center or some such, while the old church interior was still very much visible as in everything new was build around the old stuff. And while the night venue was cool, it also ment we (video team) had no access to our machines over night (or for much of the evening), because we had to leave the university over night and the networking situation didn't allow remote access with the bandwidth needed to do anything video. The night venue had some very simple house rules, like don't rearrange stuff, don't break stuff, don't fix stuff and just a few little more and of course we broke them in the best possible way: Toresbe with the help of people I don't remember fixed the organ, which was broken for decades. And so the house sounded in some very nice new old tune and I think everybody was happy we broke that rule.

Programming Leftovers

  • Podcast: COBOL development on the mainframe

    Nic reached out when COBOL hit the news this spring to get some background on what COBOL is good for historically, and where it lives in the modern infrastructure stack. I was able to talk about the basics of COBOL and the COBOL standard, strengths today in concert with the latest mainframes, and how COBOL back-end code is now being integrated into front ends via intermediary databases and data-interchange formats like JSON, which COBOL natively supports.

  • What I learned while teaching C programming on YouTube

    The act of breaking something down in order to teach it to others can be a great way to reacquaint yourself with some old concepts and, in many cases, gain new insights. I have a YouTube channel where I demonstrate FreeDOS programs and show off classic DOS applications and games. The channel has a small following, so I tend to explore the topics directly suggested by my audience. When several subscribers asked if I could do more videos about programming, I decided to launch a new video series to teach C programming. I learned a lot from teaching C, and in the process, I came across some meaningful takeaways I think others will appreciate. Make a plan For my day job, I lead training and workshops to help new and emerging IT leaders develop new skills. Outside of regular work, I also enjoy teaching as an adjunct professor. So I'm very comfortable constructing a course outline and designing a curriculum. That's where I started. If you want to teach a subject effectively, you can't just wing it. Start by writing an outline of what topics you want to cover and figure out how each new topic will build on the previous ones. The "building block" method of adding new knowledge is key to an effective training program.

  • Google's Flutter 1.20 framework is out: VS Code extension and mobile autofill support
  • Google Engineers Propose "Machine Function Splitter" For Faster Performance

    Google engineers have been working on the Machine Function Splitter as their means of making binaries up to a few percent faster thanks to this compiler-based approach. They are now seeking to upstream the Machine Function Splitter into LLVM. The Machine Function Splitter is a code generation optimization pass for splitting code functions into hot and cold parts. They are doing this stemming from research that in roughly half of code functions that more than 50% of the code bytes are never executed but generally loaded into the CPU's data cache.

  • Modernize network function development with this Rust-based framework

    The world of networking has undergone monumental shifts over the past decade, particularly in the ongoing move from specialized hardware into software defined network functions (NFV) for data plane1 and packet processing. While the transition to software has fashioned the rise of SDN (Software-defined networking) and programmable networks, new challenges have arisen in making these functions flexible, efficient, easier to use, and fast (i.e. little to no performance overhead). Our team at Comcast wanted to both leverage what the network does best, especially with regards to its transport capacity and routing mechanisms, while also being able to develop network programs through a modern software lens—stressing testing, swift iteration, and deployment. So, with these goals in mind, we developed Capsule, a new framework for network function development, written in Rust, inspired by Berkeley's NetBricks research, and built-on Intel's Data Plane Development Kit (DPDK).

  • This Week in Rust 350
  • Firefox extended tracking protection

    This Mozilla Security Blog entry describes the new redirect-tracking protections soon to be provided by the Firefox browser.

  • Karl Dubost: Browser developer tools timeline

    I was reading In a Land Before Dev Tools by Amber, and I thought, Oh here missing in the history the beautifully chiseled Opera Dragonfly and F12 for Internet Explorer. So let's see what are all the things I myself didn't know.

  • Daniel Stenberg: Upcoming Webinar: curl: How to Make Your First Code Contribution

    Abstract: curl is a wildly popular and well-used open source tool and library, and is the result of more than 2,200 named contributors helping out. Over 800 individuals wrote at least one commit so far. In this presentation, curl’s lead developer Daniel Stenberg talks about how any developer can proceed in order to get their first code contribution submitted and ultimately landed in the curl git repository. Approach to code and commits, style, editing, pull-requests, using github etc. After you’ve seen this, you’ll know how to easily submit your improvement to curl and potentially end up running in ten billion installations world-wide.

Security: Zoom Holes, New Patches and etcd Project Security Committee

  • Zoombomber crashes court hearing on Twitter hack with Pornhub video
  • Security updates for Wednesday

    Security updates have been issued by Debian (net-snmp), Fedora (mingw-curl), openSUSE (firefox, ghostscript, and opera), Oracle (libvncserver and postgresql-jdbc), Scientific Linux (postgresql-jdbc), SUSE (firefox, kernel, libX11, xen, and xorg-x11-libX11), and Ubuntu (apport, grub2, grub2-signed, libssh, libvirt, mysql-8.0, ppp, tomcat8, and whoopsie).

  • The CNCF etcd project reaches a significant milestone with completion of security audit

    This week, a third-party security audit was published on etcd, the open source distributed key-value store that plays a crucial role in scaling Kubernetes in the cloud. For etcd, this audit was important in multiple ways. The audit validates the project’s maturity and sheds light on some areas where the project can improve. This sort of audit is required criteria for any project in the Cloud Native Computing Foundation (CNCF) to qualify for graduation from the CNCF. Read the CNCF blog post that I co-authored to learn more about the audit and what it uncovered. As one of the project maintainers and one of two members of the etcd Project Security Committee, I’d love to share a few reasons I’m hopeful for etcd’s future and why now is a great time to contribute to etcd’s open source community.