Forgot your password?
typodupeerror

Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

Google

Google To Disable Fallback To SSL 3.0 In Chrome 39 and Remove In Chrome 40 60

Posted by samzenpus
from the get-it-out dept.
An anonymous reader writes Google today announced plans to disable fallback to version 3 of the SSL protocol in Chrome 39, and remove SSL 3.0 completely in Chrome 40. The decision follows the company's disclosure of a serious security vulnerability in SSL 3.0 on October 14, the attack for which it dubbed Padding Oracle On Downgraded Legacy Encryption (POODLE). Following Mozilla's decision on the same day to disable SSL 3.0 by default in Firefox 34, which will be released on November 25, Google has laid out its plans for Chrome. This was expected, given that Google Security Team's Bodo Möller stated at the time: "In the coming months, we hope to remove support for SSL 3.0 completely from our client products."
Windows

Windows 10 Gets a Package Manager For the Command Line 229

Posted by Soulskill
from the baby-steps dept.
aojensen writes: ExtremeTech reports that the most recent build of Windows 10 Technical Preview shows that Windows is finally getting a package manager. The package manager is built for the PowerShell command line based on OneGet. OneGet is a command line utility for PowerShell very similar to classic Linux utilities such as apt-get and yum, which enable administrators and power users comfortable with the command line to install software packages without the need for a graphical installer. ExtremeTech emphasizes that "you can open up PowerShell and use OneGet to install thousands of applications with commands such as Find-Package VLC and Install-Package Firefox." It's a missing feature Linux advocates have long used to argue against Windows in terms of automation and scale. The package manage is open to any software repository and is based on the Chocolatey format for defining package repositories."
Chromium

Building All the Major Open-Source Web Browsers 106

Posted by Soulskill
from the who-needs-packages dept.
An anonymous reader writes: Cristophe de Dinechin, long-time software developer, has an interesting article on the processes involved in building the major browsers. From the article:

"Mozilla Firefox, Chromium (the open-source variant of Chrome) and WebKit (the basis for Safari) are all great examples of open-source software. The Qt project has a simple webkit-based web browser in their examples. So that's at least four different open-source web browsers to choose from. But what does it take to actually build them? The TL;DR answer is that these are complex pieces of software, each of them with rather idiosyncratic build systems, and that you should consider 100GB of disk space to build all the browsers, a few hours of download, and be prepared to learn lots of new, rather specific tools."
Internet Explorer

Microsoft's JavaScript Engine Gets Two-Tiered Compilation 46

Posted by Soulskill
from the under-the-hood dept.
jones_supa writes: The Internet Explorer team at Microsoft recently detailed changes to the JavaScript engine coming in Windows 10. A significant change is the addition of a new tier in the Just-in-Time (JIT) compiler. In Windows 10, the Chakra JS engine now includes a second JIT compiler that bridges the gap between slow, interpreted code and fast, optimized code. It uses this middle-tier compiler, called Simple JIT, as a "good enough" layer that can move execution away from the interpreter quicker than the Full JIT can. Microsoft claims that the changes will allow certain workloads to "run up to 30% faster". The move to a two-tiered JIT compiler structure mirrors what other browsers have done. SpiderMonkey, the JavaScript engine in Firefox, has an interpreter and two compilers: Baseline and IonMonkey. In Google Chrome, the V8 JavaScript engine is also a two-tiered system. It does not use an interpreter, but compiles on a discrete background thread.
DRM

Mozilla Teams Up With Humble Bundle To Offer Eight Plugin-Free Games 67

Posted by samzenpus
from the stay-inside-and-play dept.
An anonymous reader writes Mozilla and Humble Bundle announced a new package that features award-winning indie best-sellers for which gamers can choose how much they want to pay. Naturally called the Humble Mozilla Bundle, the package consists of eight games that have been ported to the Web. The first five games (Super Hexagon, AaaaaAAaaaAAAaaAAAAaAAAAA!!! for the Awesome, Osmos, Zen Bound 2, and Dustforce DX) can cost you whatever you want. The next two (Voxatron and FTL: Faster Than Light) can be had if you beat the average price for the bundle. You can pay $8 or more to receive all of the above, plus the last game, Democracy 3. Previously, all of these indie games were available only on PC or mobile. Now they all work in browsers on Windows, Mac, and Linux without having to install any plugins.
Firefox

Firefox 33 Arrives With OpenH264 Support 114

Posted by Soulskill
from the onward-and-upward dept.
An anonymous reader writes: Mozilla today officially launched Firefox 33 for Windows, Mac, Linux, and Android. Additions include OpenH264 support as well as the ability to send video content from webpages to a second screen. Firefox 33 for the desktop is available for download now on Firefox.com, and all existing users should be able to upgrade to it automatically. As always, the Android version is trickling out slowly on Google Play. Full changelogs are available here: desktop and Android."
Cellphones

Test-Driving a $35 Firefox OS Smartphone 132

Posted by Soulskill
from the or-at-least-a-phone-of-middling-intelligence dept.
An anonymous reader writes: Ars Technica got its hands on one of the extremely low-cost smart phones running Firefox OS. The Intex Cloud FX retails for about $35 in India, and its intent is to bring smartphones to people who traditionally can't afford them. So, what do you have to sacrifice to bring a smartphone's costs down that far? Well, it has a 3.5" 480x320 display, a 1Ghz A5 CPU, 128MB of RAM, and 256 MB of storage. (Those a megabytes.) There's no GPS, no notification LED, and not even 3G support. They say the build quality is as poor as you'd expect, and if you aren't at a 90 degree angle with the screen, colors are distorted. But, again: it's $35 — this is to be expected.

How well does the phone work? Well, the UI works well enough, but multitasking is rough. Everything's functional, but slow, sometimes taking several seconds to register touch input. The real killer, according to the article, is the on-screen keyboard, which is unbearable. The article concludes, "Sure, we're spoiled, "rich" people compared to the target market, but it's hard to believe that this is a "best attempt" at a cheap smartphone. ... The problem is that Firefox OS just isn't the right choice of operating system for this device—it's trying to do way too much with the limited hardware. It isn't configurable enough." They say the phone doesn't even make sense for a $35 budget.
Media

Matchstick and Mozilla Take On Google's Chromecast With $25 Firefox OS Dongle 106

Posted by timothy
from the what-can-it-slurp dept.
An anonymous reader writes Matchstick and Mozilla today announced their open-source take on the Chromecast: a $25 Firefox OS-powered HDMI dongle. The streaming Internet and media stick will be available first through Kickstarter, in the hopes to drive down the price tag. Jack Chang, Matchstick General Manager in the US, described the device to me as "essentially an open Chromecast." He explained that while the MSRP is $25 (Google's Chromecast retails for $35), the Kickstarter campaign is offering a regular price of $18, and an early bird price of $12.
Encryption

Tor Executive Director Hints At Firefox Integration 117

Posted by Soulskill
from the foxes-love-onions dept.
blottsie writes: Several major tech firms are in talks with Tor to include the software in products that can potentially reach over 500 million Internet users around the world. One particular firm wants to include Tor as a "private browsing mode" in a mainstream Web browser, allowing users to easily toggle connectivity to the Tor anonymity network on and off. "They very much like Tor Browser and would like to ship it to their customer base," Tor executive director Andrew Lewman wrote, explaining the discussions but declining to name the specific company. "Their product is 10-20 percent of the global market, this is of roughly 2.8 billion global Internet users." The product that best fits Lewman's description, by our estimation, is Mozilla Firefox, the third-most popular Web browser online today and home to, you guessed it, 10 to 20 percent of global Internet users.
KDE

OpenMandriva Lx 2014.1 Released 30

Posted by timothy
from the tradition-of-heritage dept.
jrepin writes OpenMandriva is proud to announce the release of OpenMandriva Lx 2014.1 distribution of the GNU/Linux operating system. Most of developers efforts were focused on reducing system boot up time and memory usage. This version brings Linux kernel 3.15.10 (with special patches for desktop system performance, responsiveness, and realtime capabilities), KDE Software Compilation 4.13.3, Xorg 1.15.1, Mesa 10.2.6, LibreOffice 4.3.1, Firefox 32, GNU bash with latest security fixes, and many other updated software packages.
Encryption

Why Google Is Pushing For a Web Free of SHA-1 108

Posted by Soulskill
from the collision-course dept.
An anonymous reader writes: Google recently announced Chrome will be gradually phasing out support for certificates using SHA-1 encryption. They said, "We need to ensure that by the time an attack against SHA-1 is demonstrated publicly, the web has already moved away from it." Developer Eric Mill has written up a post explaining why SHA-1 is dangerously weak, and why moving browsers away from acceptance of SHA-1 is a lengthy, but important process. Both Microsoft and Mozilla have deprecation plans in place, but Google's taking the additional step of showing the user that it's not secure. "This is a gutsy move by Google, and represents substantial risk. One major reason why it's been so hard for browsers to move away from signature algorithms is that when browsers tell a user an important site is broken, the user believes the browser is broken and switches browsers. Google seems to be betting that Chrome is trusted enough for its security and liked enough by its users that they can withstand the first mover disadvantage. Opera has also backed Google's plan. The Safari team is watching developments and hasn't announced anything."
Security

Mozilla 1024-Bit Cert Deprecation Leaves 107,000 Sites Untrusted 67

Posted by Soulskill
from the 2048-bits-ought-to-be-enough-for-anyone dept.
msm1267 writes: Mozilla has deprecated 1024-bit RSA certificate authority certificates in Firefox 32 and Thunderbird. While there are pluses to the move such as a requirement for longer, stronger keys, at least 107,000 websites will no longer be trusted by Mozilla. Data from HD Moore's Project Sonar, which indexes more than 20 million websites, found 107,535 sites using a cert signed by what will soon be an untrusted CA certificate. Grouping those 107,000-plus sites by certificate expiration date, the results show that 76,185 certificates had expired as of Aug. 25; of the 65 million certificates in the total scan, 845,599 had expired but were still in use as of Aug. 25, Moore said.
Firefox

Firefox 32 Arrives With New HTTP Cache, Public Key Pinning Support 220

Posted by Soulskill
from the cache-money dept.
An anonymous reader writes: Mozilla today officially launched Firefox 32 for Windows, Mac, Linux, and Android. Additions include a new HTTP cache for improved performance, public key pinning support, and easy language switching on Android. The Android version is trickling out slowly on Google Play. Changelogs are here: desktop and mobile.
The Internet

New HTML Picture Element To Make Future Web Faster 161

Posted by Soulskill
from the until-it's-used-for-ads dept.
nerdyalien writes: At some point, haven't all web developers spent an unjustifiable number of hours trying to optimize a desktop site for mobile devices? Responsive web design provides a solution: "develop once, works in every device." However, still it downloads multi-MB images and re-sizes them based on device screen resolution. Retrieving optimized images from the server, based on device (desktop, tablet, phone) and the device's internet connection (fiber, broadband, mobile), has always been an open problem. Recently, a number of freelance developers are tackling this with a new HTML element, <picture>, which informs the web browser to download optimized images from the server. The tag will be featured in Chrome and Firefox later this year. Will this finally deliver us faster web browsing on mobile devices and an easier web development experience?
Cloud

Hackers Behind Biggest-Ever Password Theft Begin Attacks 107

Posted by Soulskill
from the 123456-letmein-iloveyou-trustno1 dept.
An anonymous reader writes Back in August, groups of Russian hackers assembled the biggest list of compromised login credentials ever seen: 1.2 billion accounts. Now, domain registrar Namecheap reports the hackers have begun using the list to try and access accounts. "Overnight, our intrusion detection systems alerted us to a much higher than normal load against our login systems. ... The group behind this is using the stored usernames and passwords to simulate a web browser login through fake browser software. This software simulates the actual login process a user would use if they are using Firefox/Safari/Chrome to access their Namecheap account. The hackers are going through their username/password list and trying each and every one to try and get into Namecheap user accounts." They report that most login attempts are failing, but some are succeeding. Now is a good time to check that none of your important accounts share passwords.
Firefox

Mozilla To Support Public Key Pinning In Firefox 32 90

Posted by Soulskill
from the pin-the-key-on-the-fox dept.
Trailrunner7 writes: Mozilla is planning to add support for public-key pinning in its Firefox browser in an upcoming version. In version 32, which would be the next stable version of the browser, Firefox will have key pins for a long list of sites, including many of Mozilla's own sites, all of the sites pinned in Google Chrome and several Twitter sites. Public-key pinning has emerged as an important defense against a variety of attacks, especially man-in-the-middle attacks and the issuance of fraudulent certificates. The function essentially ties a public key, or set of keys, issued by known-good certificate authorities to a given domain. So if a user's browser encounters a site that's presenting a certificate that isn't included in the set of pinned public keys for that domain, it will then reject the connection. The idea is to prevent attackers from using fake certificates in order to intercept secure traffic between a user and the target site.
Firefox

Mozilla Rolls Out Sponsored Tiles To Firefox Nightly's New Tab Page 171

Posted by timothy
from the now-how-much-would-you-pay? dept.
An anonymous reader writes Mozilla has rolled out directory tiles, the company's advertising experiment for its browser's new tab page, to the Firefox Nightly channel. We installed the latest browser build to give the sponsored ads a test drive. When you first launch Firefox, a message on the new tab page informs you of the following: what tiles are (with a link to a support page about how sponsored tiles work), a promise that the feature abides by the Mozilla Privacy Policy, and a reminder that you can turn tiles off completely and choose to have a blank new tab page. It's quite a lot to take in all at once.
Mozilla

$33 Firefox Phone Launched In India 83

Posted by samzenpus
from the cheaper-by-the-dozen dept.
davidshenba writes Intex and Mozilla have launched Cloud FX, a smartphone powered by Mozilla's Firefox OS. The phone has a 1 GHz processor, 2 Megapixel camera, dual SIM, 3.5 inch capacitive touchscreen. Though the phone has limited features, initial reviews say that the build quality is good for the price range. With a price tag of $33 (2000 INR), and local languages support the new Firefox phone is hitting the Indian market of nearly 1 billion mobile users.
Encryption

Tor Browser Security Under Scrutiny 80

Posted by Soulskill
from the shouldn't-we-be-funding-this-better dept.
msm1267 writes: The keepers of Tor commissioned a study testing the defenses and viability of their Firefox-based browser as a privacy tool. The results (PDF) were a bit eye-opening since the report's recommendations don't favor Firefox as a baseline for Tor, rather Google Chrome. But Tor's handlers concede that budget constraints and Chrome's limitations on proxy support make a switch or a fork impossible.

The unfacts, did we have them, are too imprecisely few to warrant our certitude.

Working...