Language Selection

English French German Italian Portuguese Spanish

Moz/FF

Improved Security and Privacy Indicators in Firefox 70

Filed under
Moz/FF
Security
Web

The upcoming Firefox 70 release will update the security and privacy indicators in the URL bar.

In recent years we have seen a great increase in the number of websites that are delivered securely via HTTPS. At the same time, privacy threats have become more prevalent on the web and Firefox has shipped new technologies to protect our users against tracking.

To better reflect this new environment, the updated UI takes a step towards treating secure HTTPS as the default method of transport for websites, instead of a way to identify website security. It also puts greater emphasis on user privacy.

Read more

Mozilla: Firefox, Monitor and Search Engine Add-ons

Filed under
Moz/FF
  • has google won the browser wars? – should Mozilla build their own SmartPhones?

    on the desktop: one refuses to believe it.

    on mobile: should Mozilla start building their own SmartPhone and ship Firefox.apk per default?

  • Why you should review your credit report after a data breach

    When significant data breaches happen where high risk data is at stake, there’s often a lot of talk about credit reports. Some companies that have been hacked may even be required to provide credit monitoring to their customers as part of their breach notification requirements. Whether the breached company provides credit monitoring or not, security experts recommend you check your credit reports for suspicious activity. To protect your identity, they also recommend you freeze your credit. Here’s what that means and why it’s important.

  • Search Engine add-ons to be removed from addons.mozilla.org

    For the last eleven years, Firefox Search Engine add-ons have been powered by OpenSearch. With the recent implementation of the search overrides API, a WebExtensions API that offers users more controls for opting into changes, Mozilla intends to deprecate OpenSearch and eventually remove it from Firefox. Search Engine add-ons will be removed from AMO on December 5, 2019.

Firefox’s New WebSocket Inspector

Filed under
Moz/FF

The Firefox DevTools team and our contributors were hard at work over the summer, getting Firefox 70 jam-packed with improvements. We are especially excited about our new WebSocket inspection feature, because you told us in feedback how important it would be for your daily work.

To use the inspector now, download Firefox Developer Edition, open DevTools’ Network panel to find the Messages tab. Then, keep reading to learn more about WebSockets and the tricks that the new panel has up its sleeve.

But first, big thanks to Heng Yeow Tan, the Google Summer of Code (GSoC) student who’s responsible for the implementation.

Read more

Announcing Rustup 1.20.0

Filed under
Development
Moz/FF

The rustup working group is happy to announce the release of rustup version 1.20.0. Rustup is the recommended tool to install Rust, a programming language that is empowering everyone to build reliable and efficient software.

Read more

Also Mozilla: Karl Dubost: This is not a remote work

Chrome users gloriously freed from obviously treacherous and unsafe uBlock Origin

Filed under
Google
Moz/FF
OSS
Web

Thank you, O Great Chrome Web Store, for saving us from the clearly hazardous, manifestly unscrupulous, overtly duplicitous uBlock Origin. Because, doubtlessly, this open-source ad-block extension by its very existence and nature could never "have a single purpose that is clear to users." I mean, it's an ad-blocker. Those are bad.
Really, this is an incredible own goal on Google's part. Although I won't resist the opportunity to rag on them, I also grudgingly admit that this is probably incompetence rather than malice and likely yet another instance of something falling through the cracks in Google's all-powerful, rarely examined automatic algorithms (though there is circumstantial evidence to the contrary). Having a human examine these choices costs money in engineering time, and frankly when the automated systems are misjudging something that will probably cost Google's ad business money as well, there's just no incentive to do anything about it. But it's a bad look, especially with how two-faced the policy on Manifest V3 has turned out to be and its effect on ad-blocker options for Chrome.

It is important to note that this block is for Chrome rather than Chromium-based browsers (like Edge, Opera, Brave, etc.). That said, Chrome is clearly the one-ton gorilla, and Google doesn't like you sideloading extensions. While Mozilla reviews extensions too, and there have been controversial rejections on their part, speaking as an add-on author of over a decade there is at least a human on the other end even if once in a while the human is a butthead. (A volunteer butthead, to be sure, but still a butthead.) Plus, you can sideload with a little work, even unsigned add-ons. So far I think they've reached a reasonable compromise between safety and user choice even if sometimes the efforts don't scale. On the other hand, Google clearly hasn't by any metric.

Read more

Mozilla: Firefox, Rust and XUL Extensions

Filed under
Moz/FF
  • These Weeks in Firefox: Issue 66
  • How to speed up the Rust compiler some more in 2019

    In July I wrote about my efforts to speed up the Rust compiler in 2019. I also described how the Rust compiler has gotten faster in 2019, with compile time reductions of 20-50% on most benchmarks. Now that Q3 is finished it’s a good time to see how things have changed since then.

  • Extensions in Firefox 70

    Welcome to another round of new additions and changes to extensions, this time in Firefox 70. We have a new API, some improvements on existing APIs, and some great additions to Firefox Developer Tools to make it easier to debug your extensions.

    [...]

    We’ve made a few improvements to the downloads API in Firefox 70. By popular request, the Referer header is now allowed in the browser.downloads.download API’s headers object. This allows extensions, such as download managers, to download files for sites that require a referrer to be set.

    Also, we’ve improved error reporting for failed downloads. In addition to previously reported failures, the browser.downloads.download API will now report an error in case of various http 4xx failures. This makes the API more compatible with Chrome and gives developers a way to react to these errors in their code.

  • Last version

    Yesterday I released Mail Redirect 0.10.5, which may very well be the last version of Mail Redirect, at least in this form. The version contains some small bug fixes, with relation to compatibility with other extensions, Cardbook and Thunderbird Conversations to be precise.

    I already started trying to make Mail Redirect compatible with Thunderbird 71.0a1, when the Thunderbird developers announced that support traditional XUL-overlay add-ons, which Mail Redirect is, will be dropped in Thunderbird 72. This means that any effort I put in the add-on now with relation to compatibility with future Thunderbird versions will stop working in a month or so, so that won’t do any good.

    The good thing is that XUL-overlay add-ons will beep working in this major ESR-release, so Mail Redirect 0.10.5 will keep on working in Thunderbird 68., and will only stop working in Daily and Beta and in the next major Thunderbird release 76, which is planned to be released somewhere in july, I think.

    I haven’t decided what to do with Mail Redirect. In order to keep on working in Thunderbird 72+, I need to convert it to a WebExtension Experiment, but that will be a major rewrite and the future of WebExtension Experiments isn’t clear either. Thunderbird developers indicated that support for WebExtension Experiments will also be dropped somewhere in the future, so I’m not quite convinced yet that it will be worth the effort.

Critical Security Issue identified in iTerm2 as part of Mozilla Open Source Audit

Filed under
Mac
Moz/FF
Security

A security audit funded by the Mozilla Open Source Support Program (MOSS) has discovered a critical security vulnerability in the widely used macOS terminal emulator iTerm2. After finding the vulnerability, Mozilla, Radically Open Security (ROS, the firm that conducted the audit), and iTerm2’s developer George Nachman worked closely together to develop and release a patch to ensure users were no longer subject to this security threat. All users of iTerm2 should update immediately to the latest version (3.3.6) which has been published concurrent with this blog post.

Founded in 2015, MOSS broadens access, increases security, and empowers users by providing catalytic support to open source technologists. Track III of MOSS — created in the wake of the 2014 Heartbleed vulnerability — supports security audits for widely used open source technologies like iTerm2. Mozilla is an open source company, and the funding MOSS provides is one of the key ways that we continue to ensure the open source ecosystem is healthy and secure.

iTerm2 is one of the most popular terminal emulators in the world, and frequently used by developers. MOSS selected iTerm2 for a security audit because it processes untrusted data and it is widely used, including by high-risk targets (like developers and system administrators).

Read more

Firefox 71: new kiosk mode for the browser

Filed under
Moz/FF

Mozilla plans to integrate kiosk mode functionality in version 71 of the Firefox web browser that users of the browser may launch from the command line.

First requested more than 17 years ago, work on integrating a kiosk mode in the Firefox web browser started five months ago. Current Firefox Nightly versions support the new mode already.

Kiosk mode refers to a special display mode that launches the browser without interface elements in fullscreen. It is different from the browser's fullscreen mode that users can activate with a tap on the F11-key on the keyboard. F11 switches the browser to fullscreen and removes interface elements by default, but these can be displayed by moving the mouse to the top; additionally, another tap on F11 exits fullscreen mode again and restores the default browsing mode.

Read more

Also: Future OpenPGP Support in Thunderbird

Browsers: Opera 64 (Proprietary), Firefox and Chrome Benchmarks, New Firefox Features

Filed under
Google
Moz/FF
Web
  • Opera 64 is out: New tracker blocker promises you up to 20% faster page loads

    Browser maker Opera is releasing Opera 64 to the stable channel, offering users improved privacy protections from online tracking and updates to its Snapshot tool.

  • Firefox 69 + Chrome 77 On Windows 10 vs. Ubuntu / Clear Linux Benchmarks

    With running some fresh cross-OS benchmarks now that Ubuntu 19.10 is imminent followed by Ubuntu 19.10, a new Windows 10 update coming in the days ahead, and also the release of macOS 10.15, a lot of fun benchmarks are ahead. In today's article is a quick look at the Windows 10 vs. Ubuntu 19.10 vs. Clear Linux web browser performance for both Mozilla Firefox and Google Chrome.

  • Firefox 71 Landing Wayland DMA-BUF Textures Support

    Landing recently into the Mozilla code-base for the Firefox 71 release is DMA-BUF textures support on Wayland. When using Firefox with the OpenGL compositor enabled, the DMA-BUF EGL texture back-end is used that allows for sharing of buffers between the main/compositor process, working directly in GPU memory, and other benefits with this DMA-BUF usage. That code has been merged as another step forward for Firefox on Linux/Wayland.

Thunderbird, Enigmail and OpenPGP

Filed under
Moz/FF

Today the Thunderbird project is happy to announce that for the future Thunderbird 78 release, planned for summer 2020, we will add built-in functionality for email encryption and digital signatures using the OpenPGP standard. This new functionality will replace the Enigmail add-on, which will continue to be supported until Thunderbird 68 end of life, in the Fall of 2020.

For some background on encrypted email in Thunderbird: Two popular technologies exist that add support for end-to-end encryption and digital signatures to email. Thunderbird has been offering built-in support for S/MIME for many years and will continue to do so.

The Enigmail Add-on has made it possible to use Thunderbird with external GnuPG software for OpenPGP messaging. Because the types of add-ons supported in Thunderbird will change with version 78, the current Thunderbird 68.x branch (maintained until Fall 2020) will be the last that can be used with Enigmail.

Read more

Syndicate content

More in Tux Machines

Programming: Python, LLVM and Erlang

  • Sending Emails in Python — Tutorial with Code Examples

    What do you need to send an email with Python? Some basic programming and web knowledge along with the elementary Python skills. I assume you’ve already had a web app built with this language and now you need to extend its functionality with notifications or other emails sending. [...] Sending multiple emails to different recipients and making them personal is the special thing about emails in Python. To add several more recipients, you can just type their addresses in separated by a comma, add Cc and Bcc. But if you work with a bulk email sending, Python will save you with loops. One of the options is to create a database in a CSV format (we assume it is saved to the same folder as your Python script). We often see our names in transactional or even promotional examples. Here is how we can make it with Python.

  • Binning Data with Pandas qcut and cut

    When dealing with continuous numeric data, it is often helpful to bin the data into multiple buckets for further analysis. There are several different terms for binning including bucketing, discrete binning, discretization or quantization. Pandas supports these approaches using the cut and qcut functions. This article will briefly describe why you may want to bin your data and how to use the pandas functions to convert continuous data to a set of discrete buckets. Like many pandas functions, cut and qcut may seem simple but there is a lot of capability packed into those functions. Even for more experience users, I think you will learn a couple of tricks that will be useful for your own analysis. [...] The concept of breaking continuous values into discrete bins is relatively straightforward to understand and is a useful concept in real world analysis. Fortunately, pandas provides the cut and qcut functions to make this as simple or complex as you need it to be. I hope this article proves useful in understanding these pandas functions. Please feel free to comment below if you have any questions.

  • Analysing music habits with Spotify API and Python

    I’m using Spotify since 2013 as the main source of music, and back at that time the app automatically created a playlist for songs that I liked from artists’ radios. By innertion I’m still using the playlist to save songs that I like. As the playlist became a bit big and a bit old (6 years, huh), I’ve decided to try to analyze it.

  • Python IDEs and Code Editors

    A code editor is a tool that is used to write and edit code. They are usually lightweight and can be great for learning. However, once your program gets larger, you need to test and debug your code, that's where IDEs come in. An IDE (Integrated Development Environment) understand your code much better than a text editor. It usually provides features such as build automation, code linting, testing and debugging. This can significantly speed up your work. The downside is that IDEs can be complicated to use.

  • Announcing Anaconda Distribution 2019.10

    As there were some significant changes in the previous Anaconda Distribution 2019.07 installers, this release focuses on polishing up rough edges in that release and bringing all the packages up to date with the latest available in repo.anaconda.com. This means many key packages are updated including Numpy, Scipy, Scikit-Learn, Matplotlib, Pandas, Jupyter Notebook, and many more. As many of the package updates have addressed Common Vulnerabilities and Exposures (CVEs), it is important to update to the latest. Another key change since the last release is that Apple released macOS version 10.15 – Catalina. Unfortunately, this was a breaking release for previous versions of Anaconda that used the pkg installer. The Anaconda Distribution 2019.10 installers address the issues and should install without trouble on macOS Catalina. If you would rather repair your current Anaconda installation, please check out this blog post for tips.

  • Apple's Numbers and the All-in-One CSV export

    The hierarchical form requires a number of generator functions for Sheet-from-CSV, Table-from-CSV, and Row-from-CSV. Each of these works with a single underlying iterator over the source file and a fairly complex hand-off of state. If we only use the sheet iterator, the tables and rows are skipped. If we use the table within a sheet, the first table name comes from the header that started a sheet; the table names come from distinct headers until the sheet name changes. The table-within-sheet iteration is very tricky. The first table is a simple yield of information gathered by the sheet iterator. Any subsequent tables, however, may be based one one of two conditions: either no rows have been consumed, in which case the table iterator consumes (and ignores) rows; or, all the rows of the table have been consumed and the current row is another "sheet: table" header.

  • Formatting NFL data for doing data science with Python

    No matter what medium of content you consume these days (podcasts, articles, tweets, etc.), you'll probably come across some reference to data. Whether it's to back up a talking point or put a meta-view on how data is everywhere, data and its analysis are in high demand. As a programmer, I've found data science to be more comparable to wizardry than an exact science. I've coveted the ability to get ahold of raw data and glean something useful and concrete from it. What a useful talent!

  • Sony Pushes More AMD Jaguar Optimizations To Upstream LLVM 10 Compiler

    Sony engineers working on the PlayStation compiler toolchain continue upstreaming various improvements to the LLVM source tree for helping the AMD APUs powering their latest game console. Several times now we've pointed out Sony engineers contributing AMD "btver2" improvements to upstream LLVM with the company using LLVM/Clang as their default code compiler and the PlayStation 4 relying on a Jaguar APU.

  • [llvm-dev] GitHub Migration Schedule and Plans
    Hi,
    
    We're less than 2 weeks away from the developer meeting, so I wanted to
    give an update on the GitHub migration and what's (hopefully) going to
    happen during the developer meeting.
    
    Everyone who has added their information to the github-usernames.txt
    file in SVN before today should have received an invite to become a collaborator
    on the llvm-project repository.  If you did not receive an invite and think
    you should have, please contact me off-list.  I will continue to monitor the
    file for new updates and periodically send out new batches of invites.
    
    There is still some ongoing work to get the buildbots ready and the mailing lists
    ready, but we are optimistic that the work will be done in time.
    
    The team at GitHub has finished implementing the "Require Linear History"
    branch protection that we requested.  The feature is in beta and currently
    enabled in the llvm-project repository.  This means that we will have the
    option to commit directly via git, in addition to using the git-llvm script.
    A patch that updates git-llvm to push to git instead of svn can be found here:
    https://reviews.llvm.org/D67772.  You should be able to test it out on your
    own fork of the llvm-project repository.
    
    The current plan is to begin the final migration steps on the evening (PDT)
    of October 21.  Here is what will happen:
    
    1. Make SVN read-only.
    2. Turn-off the SVN->git update process.
    3. Commit the new git-llvm script directly to github.
    4. Grant all contributors write access to the repository.
    5. Email lists announcing that the migration is complete.
    
    Once the migration is complete, if you run into any issues, please file
    a bug, and mark it as a blocker for the github metabug PR39393.
    
    If you have any questions or think I am missing something, please
    let me know.
    
    Thanks,
    Tom
    
    
  • LLVM Plans To Switch From Its SVN To Git Workflow Next Week

    On 21 October they plan to make LLVM's SVN repository read-only and finish their git-llvm script to bring all the changes into Git, and then allow developers to begin contributing to the LLVM GitHub project as the new official source repository.

  • Excellent Free Books to Learn Erlang

    Erlang is a general-purpose, concurrent, declarative, functional programming language and runtime environment developed by Ericsson, a Swedish multinational provider of communications technology and services. Erlang is dynamically typed and has a pattern matching syntax. The language solves difficult problems inherent in parallel, concurrent environments. It uses sets of parallel supervised processes, not a single sequential process as found in most programming languages. Erlang was created in 1986 at the Ellemtel Telecommunication Systems Laboratories for telecommunication systems. The objective was to build a simple and efficient programming language resilient large-scale concurrent industrial applications. Besides telecommunication systems and applications and other large industrial real-time systems, Erlang is particularly suitable for servers for internet applications, e-commerce, and networked database applications. The versatility of the language is, in part, due to its extensive collection of libraries.

today's howtos

Kubernetes at SUSE and Red Hat

  • Eirinix: Writing Extensions for Eirini

    At the recent Cloud Foundry Summit EU in the Netherlands, Vlad Iovanov and Ettore Di Giacinto of SUSE presented a talk about Eirini — a project that allows the deployment and management of applications on Kubernetes using the Cloud Foundry Platform. They introduced eirinix — a framework that allows developers to extend Eirini. Eirinix is built from the Quarks codebase, which leverages Kubernetes Mutating Webhooks. With the flexibility of Kubernetes and Eirini’s architecture, developers can now build features around Eirini, like Persi support, access to the application via SSH, ASGs via Network Policies and more. In this talk, they explained how this can be done, and how everyone can start contributing to a rich ecosystem of extensions that will improve Eirini and the developer experience of Cloud Foundry.

  • Building an open ML platform with Red Hat OpenShift and Open Data Hub Project

    Unaddressed, these challenges impact the speed, efficiency and productivity of the highly valuable data science teams. This leads to frustration, lack of job satisfaction and ultimately the promise of AI/ML to the business is not redeemed. IT departments are being challenged to address the above. IT has to deliver a cloud-like experience to data scientists. That means a platform that offers freedom of choice, is easy to access, is fast and agile, scales on-demand and is resilient. The use of open source technologies will prevent lockin, and maintain long term strategic leverage over cost. In many ways, a similar dynamic has played out in the world of application development in the past few years that has led to microservices, the hybrid cloud and automation and agile processes. And IT has addressed this with containers, kubernetes and open hybrid cloud. So how does IT address this challenge in the world of AI – by learning from their own experiences in the world of application development and applying to the world of AI/ML. IT addresses the challenge by building an AI platform that is container based, that helps build AI/ML services with agile process that accelerates innovation and is built with the hybrid cloud in mind.

  • Launching OpenShift/Kubernetes Support for Solarflare Cloud Onload

    This is a guest post co-written by Solarflare, a Xilinx company. Miklos Reiter is Software Development Manager at Solarflare and leads the development of Solarflare’s Cloud Onload Operator. Zvonko Kaiser is Team Lead at Red Hat and leads the development of the Node Feature Discovery operator.

Python Across Platforms

  • Chemists bitten by Python scripts: How different OSes produced different results during test number-crunching

    Chemistry boffins at the University of Hawaii have found, rather disturbingly, that different computer operating systems running a particular set of Python scripts used for their research can produce different results when running the same code. In a research paper published last week in the academic journal Organic Letters, chemists Jayanti Bhandari Neupane, Ram Neupane, Yuheng Luo, Wesley Yoshida, Rui Sun, and Philip Williams describe their efforts to verify an experiment involving cyanobacteria, better known as blue-green algae. Williams, associate chair and professor in the department of chemistry at the University of Hawaii at Manoa, said in a phone interview with The Register on Monday this week that his group was looking at secondary metabolites, like penicillin, that can be used to treat cancer or Alzheimer's.

  • Chemists discover cross-platform Python scripts not so cross-platform

    In a paper published October 8, researchers at the University of Hawaii found that a programming error in a set of Python scripts commonly used for computational analysis of chemistry data returned varying results based on which operating system they were run on—throwing doubt on the results of more than 150 published chemistry studies. While trying to analyze results from an experiment involving cyanobacteria, the researchers—Jayanti Bhandari Neupane, Ram Neupane, Yuheng Luo, Wesley Yoshida, Rui Sun, and Philip Williams—discovered significant variations in results run against the same nuclear magnetic resonance spectroscopy (NMR) data. The scripts, called the "Willoughby-Hoye" scripts after their authors—Patrick Willoughby and Thomas Hoye of the University of Minnesota—were found to return correct results on macOS Mavericks and Windows 10. But on macOS Mojave and Ubuntu, the results were off by nearly a full percent.