Language Selection

English French German Italian Portuguese Spanish

Moz/FF

Security: Espionage, Mozilla, Apache, and Windows Ransomware

Filed under
Moz/FF
Security
  • Woman from China, with malware in tow, illegally entered Trump’s Mar-a-Lago
  • Govt allocates funds to boost election security

    The Federal Government has allocated an unspecified amount in Tuesday's Federal Budget to improve cyber security arrangements for the forthcoming election.

  • Former Mozilla CTO files complaint against border patrol over warrantless phone search

    According to the ACLU’s complaint, Customs and Border Protection agents in San Francisco International Airport stopped and interrogated Gal — a Hungarian-born US citizen — as he returned from a business trip in Sweden. The agents allegedly demanded that he hand over the passcodes to his Apple-issued phone and computer. When Gal asked to speak to an attorney, they allegedly threatened him with criminal prosecution for resisting a federal officer, “interrogated him about every aspect of his travel and his possessions,” and revoked his expedited Global Entry status for “refusal to comply with a search.”

    [...]

    Gal and the ACLU speculate that the search was motivated by suspicion over Gal’s previous privacy advocacy and his political opinions, stating that the agents asked detailed questions about his work with the privacy-conscious Mozilla — which Gal left back in 2015 to help found Silk Labs, an AI startup that was later acquired by Apple. The Department of Homeland Security didn’t immediately respond to a request for comment on the complaint or its allegations.

  • DNS-over-HTTPS (DoH) Update – Recent Testing Results and Next Steps

    Back in November 2018, we rolled out a test of DoH in the United States to look at possible impacts to Content Delivery Networks (CDNs). Our goal was to closely examine performance again, specifically the case when users get less localized DNS responses that could slow the browsing experience, even if the DNS resolver itself is accurate and fast. We worked with Akamai to help us understand more about the possible impact.

    The results were strong! Like our previous studies, DoH had minimal impact or clearly improved the total time it takes to get a response from the resolver and fetch a web page.

  • Stay and Compile a While | LINUX Unplugged 295

    Is there really any advantage to building your software vs installing the package? We discuss when and why you might want to consider building it yourself.

    Plus some useful things Mozilla is working on and Cassidy joins us to tell us about elementary OS' big choice.

  • Apache web server bug grants root access on shared hosting environments
  • Arizona Beverages knocked offline by ransomware attack

    The ransomware also infected the company’s Windows-powered Exchange server, knocking out email across the entire company. Although its Unix systems were unaffected, the ransomware outbreak left the company without any computers able to process customer orders for almost a week. Staff began processing orders manually several days into the outage.

Mozilla: Edouard Oger, Mike Hoye, Firefox Improvements and Firefox UX

Filed under
Moz/FF
  • Crossing the Rust FFI frontier with Protocol Buffers

    My team, the application services team at Mozilla, works on Firefox Sync, Firefox Accounts and WebPush.

    These features are currently shipped on Firefox Desktop, Android and iOS browsers. They will soon be available in our new products such as our upcoming Android browser, our password manager Lockbox, and Firefox for Fire TV.

  • Mike Hoye: Fixer (Mozilla)

    My name is Mike Hoye; I go by "mhoye" out here on the intertubes, and I have the good fortune to work for Mozilla. I should mention that what follows aren't company opinions, but I suppose that'll be very, very obvious in a moment.

    I started at Mozilla years ago as their first engineering community manager. My early work focused on codebase and organizational accessibility, the ergonomics of Mozilla's commitment to open development. Since then I've been fortunate to work under some excellent managers who've given me the freedom to run towards fires and the support to carry some challenging, sometimes unpleasant tasks over the line. As a result my role has grown in a bunch of interesting directions, to the point where it's now hard to define; on top of the community work and organizational accessibility, I'm involved in training, licensing, communications mentoring, incident response coordination and a number of other org-crosscutting efforts. I've even ended up in charge of the venerable Planet Mozilla in the process somehow.

    Presently my title is "Senior Staff Project Manager" because, as my boss puts it, it's the closest thing on the list to "fixer". I mostly help people talk to each other; I seem to have found my niche solving problems that are supposedly about the tech but really about the people around it. My boss describes these as "mhoye-shaped problems", to my ongoing delight. It makes me think of the outline Wile E. Coyote leaves in the cliff face.

    Between all that I write about software, history, team-building, the industry in general or random nonsense, sometimes because I have something to say but often just to sharpen the tools.

    I should caution you: a few years ago a research paper was published that described a class of people whose technology choices were a reliable predictor those products would fail in the market. For a while now some colleagues have enjoyed keeping track of my tech choices so that they can short the companies that make them, so that paper quickly made the rounds attached to alarmed emails that basically said "there are more like him, we must warn the village". So on the one hand, if you're asking me for technology recommendations, you should know that I'm the angel of death. On the other hand, all my favorite Uses This interviews call to mind the Matsuo Bashō line that the footprints of the wise lead nowhere, a bar I'd like to clear as well. And it goes without saying that any sufficiently advanced aesthetic is indistinguishable from cosplay, that if your aesthetic is easily distinguished from cosplay it's insufficiently advanced. So calibrate your expectations accordingly and let's get into it.

  • Stop videos from automatically playing with new autoplay controls from Firefox

    The web is 30 years old. Over its lifetime we’ve had developments that have brought us to peaks of delight and others to the pits of frustration. The blink tag, pop-up ads, click bait and trolls are all things that diminish our web experience. Perhaps the greatest offender of internet etiquette today is video autoplay. Be it an ad, a YouTube video or a site that just can’t wait to tell you all about itself, autoplay video is an annoyance. In our own study 90% of the users polled wanted Firefox to stop videos from automatically playing. We’re here for you, so we’ve added a new feature called Block Autoplay to stop all that noise from starting in the first place.

  • Firefox UX: An exception to our ‘No Guerrilla Research’ practice: A tale of user research at MozFest

    Sometimes, when you’re doing user research, things just don’t quite go as planned. MozFest was one of those times for us.

    MozFest, the Mozilla Festival, is a vibrant conference and week-long “celebration for, by, and about people who love the internet.” Held at a Ravensbourne university in London, the festival features nine floors of simultaneous sessions. The Add-ons UX team had the opportunity to host a workshop at MozFest about co-designing a new submission flow for browser extensions and themes. The workshop was a version of the Add-ons community workshop we held the previous day.

    On the morning of our workshop, we showed up bright-eyed, bushy-tailed, and fully caffeinated. Materials in place, slides loaded…we were ready. And then, no one showed up.

    Perhaps because 1) there was too much awesome stuff going on at the same time as our workshop, 2) we were in a back corner, and 3) we didn’t proactively advertise our talk enough.

    After processing our initial heartache and disappointment, Emanuela, a designer on the team, suggested we try something we don’t do often at Mozilla, if at all: guerrilla research. Guerrilla user research usually means getting research participants from “the street.” For example, a researcher could stand in front of a grocery store with a tablet computer and ask people to use a new app. This type of research method is different than “normal” user research methods (e.g. field research in a person’s home, interviewing someone remotely over video call, conducting a usability study in a conference room at an office) because there is much less control in screening participants, and all the research is conducted in the public eye [1].

Mozilla/Firefox: TenFourFox and Listening Devices

Filed under
Moz/FF
  • TenFourFox FPR14b1 available (now with H.264 video)

    I had originally plotted three main features for this release, but getting the urgent FPR13 SPR1 set me back a few days with confidence testing and rebuilds and I have business trips and some vacation time coming up, so I jettisoned the riskiest of the three features (a set of JavaScript updates and a ugly hack to get Github and other sites working fully again) and concentrated on the other two. I'll be looking at that again for FPR15, so more on that later.

    Before we get to the marquee features, though, there are two changes which you may not immediately notice. The first is a mitigation for a long-standing issue where some malicious sites keep popping up authentication modals using HTTP Auth. Essentially you can't do anything with the window until the modal is dealt with, so the site just asks for your credentials over and over, ultimately making the browser useless (as a means to make you call their "support line" where they can then social engineer their way into your computer). The ultimate solution is to make such things tab-modal rather than window-modal, but that's involved and sort of out of scope, so we now implement a similar change to what current Firefox does where there is a cap of three Cancels. If you cancel three times, the malicious site is not allowed to issue any more requests until you reload it. No actual data is leaked, assuming you don't type anything in, but it can be a nasty denial of service and it would have succeeded in ruining your day on TenFourFox just as easily as any other Firefox derivative. That said, just avoid iffy sites, yes?

    The second change is more fundamental. For Firefox 66 Mozilla briefly experimented with setting a frame rate cap on low-end devices. Surprise, surprise: all of our systems are low-end devices! In FPR13 and prior, TenFourFox would try to push as many frames to the compositor as possible, no matter what it was trying to do, to achieve a 60fps target or better. However, probably none of our computers with the possible exception of high-end G5s were probably achieving 60fps consistently on most modern websites, and the browser would flail trying to desperately keep up. Instead, by setting a cap and enforcing it with software v-sync, frames aren't pushed as often and the browser can do more layout and rendering work per frame. Mozilla selected a 30fps cap, so that's what I selected as an arbitrary first cut. Some sites are less smooth, but many sites now render faster to first paint, particularly pages that do a lot of DOM transforms because now the resulting visual changes are batched. This might seem like an obvious change to make but the numbers had never been proven until then.

  • Sustainable smart home with the TXT

    Mozilla started venturing into IoT recently. They are trying to advocate for better privacy and user freedom by promoting interoperability. These goals are unified in a proposal for a device API that is based on web protocols called “Web of Things”. It is developed in collaboration with smart home and “industry 4.0” manufacturers. This API isn’t necessarily implemented by each device directly, some devices are too low powered to provide a web server or are using other successful local mesh networks like Z-Wave or Zigbee. In these cases a gateway that is connected to the user’s local network would provide the web thing API.

    The web thing API breaks physical devices down into three attributes: properties, actions and events. Properties as stateful values that can both be changed by the device and the user (I’ll often refer to the user as the client). A device can however declare a property as read-only or add input value restrictions. Actions let the user execute an action on the device that either isn’t stateful or affects multiple properties. Lastly, events are fired by the device to indicate a momentary effect that is not reflected in the state. Above that is a capabilities system, with which devices can indicate the semantics of their features. For example a light bulb can advertise itself as being a “Lamp”, it’s brightness property will be a “BrightnessProperty” and the power toggle will be an “OnOffProperty”. These allow clients to expose appropriate UIs and behaviors for devices. The protocol is available over HTTP(S) and optionally WebSockets for real-time communication of changes.

    Mozilla is developing both a reference gateway to control devices using this protocol and reference implementations in multiple languages to build web things with. The “WebThing gateway” also has an adapter system to bridge other smart home protocols to the web of things data model.

Mozilla: Extensions in Firefox 67, Firefox 66.0.2, and Mozilla’s Firefox Lockbox

Filed under
Moz/FF
  • Mozilla Addons Blog: Extensions in Firefox 67

    There are a couple of major changes coming to Firefox. One is in the current Beta 67 release, while the other in the Nightly 68 release, but is covered here as an early preview for extension developers.

  • Firefox 66.0.2 Now Available for Download

    Mozilla has just released a new Firefox update, only a few days after the company previously published another version to address a couple of security vulnerabilities.

    Firefox 66.0.2, however, comes with no release notes, as Mozilla has just published the new version on its FTP server to begin serving the downloads. However, further information on what’s been changed in the update should be provided later today.

    Nevertheless, unless Mozilla introduces further security improvements, this browser version should be all about fixing bugs under the hood, so there’s a good chance you won’t notice any difference after installing it. Obviously, you’re still recommended to install it to get all these latest refinements.

  • Mozilla’s Firefox Lockbox To Store Passwords Now On Android

    The Firefox Lockbox password manager app allows users to securely store passwords, which are already stored in the Mozilla Firefox browser. Therefore, a downside appears; it doesn’t let users add new passwords or delete the existing ones.

  • Firefox Lockbox Now on Android, Keeping your Passwords Safe

    If you’re like most Firefox users, you have dozens if not hundreds of stored logins in your browser. When you use Firefox Accounts you get to take your logins on the web in Firefox Mobile. Today, many of those logins are the same ones used in the apps you download on mobile, so we’ve been working on making your various online identities work on your terms.

    Today, we are excited to bring Firefox Lockbox to Android users, a secure app that keeps people’s passwords with them wherever they go.

Mozilla Thunderbird 60.6.1 Released with Critical Security Fixes

Filed under
Moz/FF
Security

Mozilla Thunderbird 60.6.1 comes with the same security patches that were released as part of Firefox 66.0.1 last week.

As explained in the official advisory here, Mozilla resolved two different security flaws, both of which were reported by Trend Micro’s Zero Day Initiative.

Read more

Google Chrome and Mozilla Firefox Leftovers

Filed under
Google
Moz/FF
Web
  • Chrome 74 beta: reducing unwanted motion, private class fields, and feature policy API

    Unless otherwise noted, changes described below apply to the newest Chrome Beta channel release for Android, Android WebView, Chrome OS, Linux, macOS, and Windows. View a complete list of the features in Chrome 74 on ChromeStatus.com. Chrome 74 is beta as of March 22, 2019.

  • Chrome 74 Beta Released With CSS Media Query To Prefer Reduced Motion/Animations

    Google engineers are ending out their work week by issuing the beta of Chrome 74. 

    The Chrome 74 Beta features the CSS "prefers-reduced-motion" media query for honoring accessibility settings for those that may want to reduce/eliminate animations or other motions. Also on the developer side is ECMAScript private class fields, a JavaScript API for feature policy, CSS transition events, WebRTC additions, and other changes.

  • Mike Conley: Firefox Front-End Performance Update #15

    Firefox 66 has been released, Firefox 67 is out on the beta channel, and Firefox 68 is cooking for the folks on the Nightly channel! These trains don’t stop!

    With that, let’s take a quick peek at what the Firefox Front-end Performance team has been doing these past few weeks…

  • SUMO A/B Experiments

    This year the SUMO team is focused on learning what to improve on our site. As part of that, we spent January setting support.mozilla.org up for A/B testing and last week we ran our first test!

  • Get the tablet experience you deserve with Firefox for iPad

    We know that iPads aren’t just bigger versions of iPhones. You use them differently, you need them for different things. So rather than just make a bigger version of our browser for iOS, we made Firefox for iPad look and feel like it was custom made for a tablet. Mostly because it was.

Firefox 66 Is Now Available for Ubuntu 18.10, 18.04 LTS, and 16.04 LTS Users

Filed under
Moz/FF
Ubuntu

Released earlier this week, the Mozilla Firefox 66 web browser has landed in Ubuntu's repositories with a bunch of great improvements, such as the hidden system title bar that respects the GNOME guidelines. Not only Firefox will now look good, but you won't have two title bars, nor you'll have to use extensions to get rid of one.

Apart from the looks for GNOME users, which is now the default desktop environment on Ubuntu 18.10 (Cosmic Cuttlefish), Mozilla Firefox 66 comes with various under the hood improvements, such as freezeless downloading of files and faster web content loading by reducing the crash rates and increasing the processes from 4 to 8.

Read more

Mozilla, Firefox and ChromeOS/Chrome

Filed under
Google
Moz/FF
Web
  • Sharing our Common Voices

    From the onset, our vision for Common Voice has been to build the world’s most diverse voice dataset, optimized for building voice technologies. We also made a promise of openness: we would make the high quality, transcribed voice data that was collected publicly available to startups, researchers, and anyone interested in voice-enabled technologies.

    Today, we’re excited to share our first multi-language dataset with 18 languages represented, including English, French, German and Mandarin Chinese (Traditional), but also for example Welsh and Kabyle. Altogether, the new dataset includes approximately 1,400 hours of voice clips from more than 42,000 people.

    With this release, the continuously growing Common Voice dataset is now the largest ever of its kind, with tens of thousands of people contributing their voices and original written sentences to the public domain (CC0). Moving forward, the full dataset will be available for download on the Common Voice site.

  • Mozilla GFX: WebRender newsletter #42

    WebRender is a GPU based 2D rendering engine for web written in Rust, currently powering Mozilla’s research web browser servo and on its way to becoming Firefox‘s rendering engine.

  • Firefox UX: Look over here! Results from a Firefox user research study about interruptions.

    The Attention War. There have been many headlines related to it in the past decade. This is the idea that apps and companies are stealing attention. It’s the idea that technologists throw up ads on websites in a feeble attempt to get the attention of the people who visit the website.

    In tech, or any industry really, people often say something to the effect of, “well if the person using this product or service only read the instructions, or clicked on the message, or read our email, they’d understand and wouldn’t have any problems”. We need people’s attention to provide a product experience or service. We’re all in the “attention war”, product designers and users alike.

    And what’s a sure-fire way to grab someone’s attention? Interruptions. Regardless if they’re good, bad, or neutral. Interruptions are not necessarily a “bad” thing, they can also lead to good behavior, actions, or knowledge.

  • Google Releases Chrome 73 Update for Linux, Windows, and macOS

    Google has just released an update for Chrome 73, the major update of the browser that was shipped to all supported platforms earlier this month.

    Now at version 73.0.3683.86, Google Chrome comes with under-the-hood improvements on Windows, Linux, and macOS, and you can download it using the links here.

  • Google will implement a Microsoft-style browser picker for EU Android devices

     

    We don't have many details on exactly how Google's new search and browser picker will work; there's just a single paragraph in the company's blog post. Google says it will "do more to ensure that Android phone owners know about the wide choice of browsers and search engines available to download to their phones. This will involve asking users of existing and new Android devices in Europe which browser and search apps they would like to use."

  • EU hits Google with fine for abuse of AdSense service

     

    The European Commission has hit search giant Google with a third fine, related to abuse of its AdSense advertising service, and told the company to fork out €1.49 billion (A$2.38 billion) for breaching EU anti-trust rules.  

  • The EU fines Google $1.69 billion for bundling search and advertising

     

    Google and the EU's European Commission are making all sorts of announcements lately. Fresh off the revelation that Google would implement a browser and search-engine picker in EU-sold Android devices, Google's advertising division is getting slapped with a fine next, to the tune of €1.5 billion ($1.69 billion). The European Commission's latest antitrust ruling says that Google's bundling of its advertising platform with its custom search engine program is anti-competitive toward other ad providers.

Firefox 66 Released

Filed under
Moz/FF

Firefox now prevents websites from automatically playing sound. You can add individual sites to an exceptions list or turn blocking off.

Read more

Also: Firefox 66 Arrives - Blocks Auto-Playing Sounds, Hides Title Bar By Default For Linux

Mozilla/Firefox: Reducing Your Online Annoyances, This Week in Servo Development and Vista 10 Integration

Filed under
Moz/FF
  • Today’s Firefox Aims to Reduce Your Online Annoyances

    Almost a hundred years ago, John Maynard Keyes suggested that the industrial revolution would effectively end work for humans within a couple of generations, and our biggest challenge would be figuring what to do with that time. That definitely hasn’t happened, and we always seem to have lots to do, much of it online. When you’re on the web, you’re trying to get stuff done, and therefore online annoyances are just annoyances. Whether it’s autoplaying videos, page jumps or finding a topic within all your multiple tabs, Firefox can help. Today’s Firefox release minimizes those online inconveniences, and puts you back in control.

  • This Week In Servo 127

    In the past week, we merged 50 PRs in the Servo organization’s repositories.

  • Passwordless Web Authentication Support via Windows Hello

    Firefox 66, being released this week, supports using the Windows Hello feature for Web Authentication on Windows 10, enabling a passwordless experience on the web that is hassle-free and more secure. Firefox has supported Web Authentication for all desktop platforms since version 60, but Windows 10 marks our first platform to support the new FIDO2 “passwordless” capabilities for Web Authentication.

Syndicate content