An anonymous reader quotes a report from Motherboard: Now, for Pi Day (March 14), music software programmer Canton Becker has crafted a million-hour song based on Pi that unfolds generatively on a virtual tape deck. Titled "Shepard's Pi," the song combines two of Becker's favorite infinities: Pi, and an auditory illusion called a Shepard tone, which he describes as an "unsettling sonic illusion of a pitch that climbs or descends forever, never reaching a top or a bottom." Found at PiSongs.com, users can tune into "Shepard's Pi" in real time with a custom virtual tape deck. The track itself evolves moment to moment, but the synthesized and sampled tones will be familiar to anyone who has ever listened to the electronic music of Kraftwerk, Tangerine Dream, Aphex Twin, and Global Communication. Far from being a mere gimmick, it is a highly evocative and transporting piece of electronic music, alternately ambient, glitchy, and interestingly rhythmic. The 58,999 GB MP3 file needed to be distributed via a webpage or app, so Becker "started hacking away at the basic algorithm in the programming languages PHP and Javascript," reports Motherboard. "In between coding marathons, Becker composed and recorded the loops and samples that would form the basis of the song. He experimented with sounds that would work well together regardless of being stacked one upon the other."

"When users hit 'play' on the virtual tape deck, the algorithm actually 'performs' the piece," the report says. "This way, the 114-year song can fit in just one gigabyte of space, which is mostly comprised of the digits of Pi. The virtual tape deck was also a solution to a built-in quirk of browsers such as Chrome, Safari, and Firefox -- users must click on a webpage to trigger a sound." From start to finish, the song lasts 999,999 hours, "a limitation imposed by only considering the first one billion digits of Pi."

In 2017, Mozilla experimented with a service that let you transfer 1GB files by sharing a web address with the recipient. Firefox Send is now out of testing and boasts a magnified 2.5GB file-size limit if you log into your Firefox account. From a report: Firefox Send is handy for those moments when you need to share video, audio or photo files that can be too big to squeeze into an email attachment. [...] Firefox Send, which will also be available as an Android app, illustrates one of Mozilla's efforts to diversify beyond the Firefox browser. Mozilla touts Firefox Send as focusing on privacy and uses encryption to protect files. Firefox Send files are available for up to seven days and can be password-protected. You can also limit the number of times they're downloaded.

"Japanese police have brought in, questioned, and charged a 13-year-old female student from the city of Kariya for sharing [links to] browser exploit code online," writes ZDNet. An anonymous reader shares their report: The code was a mere prank that triggered an infinite loop in JavaScript to show an "unclosable" popup when users accessed a certain link, Japanese news agency NHK reported yesterday. The popup could be closed in some browsers -- such as Edge and Firefox on desktop -- but couldn't be closed in others, such as Chrome on desktop and the majority of mobile browsers.

The popup was hosted in several places online, and police say the teenager helped spread the links... The teenage girl did not create the malicious code, which had been shared on online forums by multiple users for the past few years. NHK reported that police also searched the house of a second suspect, 47-year-old man from Yamaguchi, and are also looking at three other suspects for the same "crime" of sharing the link on internet forums.
Ars Technica found a tweet suggesting that the code was actually written in 2014.

Microsoft this week revamped Skype's browser-based client with a slew of new features. From a report: The Seattle company this week announced the rollout of a major Skype for Web update, which introduces high-definition video calling, a redesigned notifications panels, a revamped media gallery, and more. It's available on any PC running Windows 10 and Mac OS X 10.12 or higher with the latest versions of Google Chrome or Microsoft Edge. The bulk of the new capabilities debuted in preview last October, but they're available widely starting this week. Skype for Web does not support Safari, Firefox, and Opera browsers, Microsoft has confirmed.

Mozilla is scheduled to add a new user anti-fingerprinting technique to Firefox with the release of version 67, scheduled for mid-May this year. "Called 'letterboxing,' this new technique adds 'gray spaces' to the sides of a web page when the user resizes the browser window, which are then gradually removed after the window resize operation has finished," reports ZDNet. From the report: Advertising networks often sniff certain browser features, such as the window size to create user profiles and track users as they resize their browser and move across new URLs and browser tabs. The general idea is that "letterboxing" will mask the window's real dimensions by keeping the window width and height at multiples of 200px and 100px during the resize operation -- generating the same window dimensions for all users -- and then adding a "gray space" at the top, bottom, left, or right of the current page.

The advertising code, which listens to window resize events, then reads the generic dimensions, sends the data to its server, and only after does Firefox remove the "gray spaces" using a smooth animation a few milliseconds later. In other words, letterboxing delays filling the newly-resized browser window with the actual page content long enough to trick the advertising code into reading incorrect window dimensions. The feature was first developed for the Tor Browser, and can be seen in action here. In order to enable the feature in Firefox, "users will first need to visit the about:config page, enter 'privacy.resistFingerprinting' in the search box, and toggle the browser's anti-fingerprinting features to 'true,'" reports ZDNet.

An anonymous reader quotes a report from Patently Apple: Firefox browser-maker Mozilla is considering whether to block cybersecurity company DarkMatter from serving as one of its internet security gatekeepers after a Reuters report linked the United Arab Emirates-based firm to a cyber espionage program. Reuters reported in January that DarkMatter provided staff for a secret hacking operation, codenamed Project Raven, on behalf of an Emirati intelligence agency. The unit was largely comprised of former U.S. intelligence officials who conducted offensive cyber operations for the UAE government. Former Raven operatives told Reuters that many DarkMatter executives were unaware of the secretive program, which operated from a converted Abu Dhabi mansion away from DarkMatter's headquarters.

Those operations included hacking into the internet accounts of human rights activists, journalists and officials from rival governments, Reuters found. DarkMatter has denied conducting the operations and says it focuses on protecting computer networks. While Mozilla had been considering whether to grant DarkMatter the authority to certify websites as safe, two Mozilla executives said in an interview last week that Reuters' report raised concerns about whether DarkMatter would abuse that authority. Mozilla said the company has not yet come to a decision on whether to deny the authority to DarkMatter, but expects to decide within weeks. Further reading available via Reuters

The World Wide Web Consortium (W3C) today declared that the Web Authentication API (WebAuthn) is now an official web standard. From a report: First announced by the W3C and the FIDO Alliance in February 2016, WebAuthn is now an open standard for password-free logins on the web. It is supported by W3C contributors, including Airbnb, Alibaba, Apple, Google, IBM, Intel, Microsoft, Mozilla, PayPal, SoftBank, Tencent, and Yubico. The specification lets users log into online accounts using biometrics, mobile devices, and/or FIDO security keys. WebAuthn is supported by Android and Windows 10. On the browser side, Google Chrome, Mozilla Firefox, and Microsoft Edge all added support last year. Apple has supported WebAuthn in preview versions of Safari since December.

An anonymous reader shares a report: News subscription service Scroll, which is yet to launch to consumers but has received the backing of several top publishers, courted another major player today: Mozilla. The browser maker says it will work with Scroll to better understand how consumers react to ad-free experiences on the web and subscription-based funding models. As part of the deal, Mozilla said it would test features and product ideas provided by Scroll, which itself has been conducting internal tests with a number of outlets. Small groups of Firefox users will be invited at random to share feedback and also respond to surveys, Mozilla said.

Opera has unveiled a major redesign for its browser that's expected to ship in version 59. As Peter Bright writes via Ars Technica, "the new appearance adopts the same square edges and clean lines that we've seen in other browsers, giving the browser a passing similarity to both Firefox and Edge." From the report: The principles of the new design? "We put Web content at center stage," the Opera team writes on its blog. The design is pared down so that you can browse "unhindered by unnecessary distractions." Borders and dividing lines have been removed, flattening out parts of the browser's interface and making them look more uniform and less eye-catching. The new design comes with the requisite dark and light modes, a welcome trend that we're glad to see is being widely adopted.

Being Web-centric is not a bad principle for an application such as a browser, where the bulk of the functionality and interest comes from the pages we're viewing rather than the browser itself. At first blush, I think that Opera has come up with something that looks good, but it does feel like an awfully familiar design rationale. [...] Opera plans to ship the R3 release in March, and a developer preview can be downloaded today to give the new appearance a spin. The new design isn't the only notable feature of R3; it also integrates a crypto wallet for Ethereum transactions. In conjunction with Opera on your phone, this feature can be used to securely make online payments to sites using Coinbase Commerce for their payment processing.

jrepin writes: Today, KDE launched Plasma 5.15, the first stable release of the popular desktop environment in 2019. For this release the Plasma team has focused on hunting down and removing all the paper cuts that slow you down. Plasma 5.15 brings a number of changes to the configuration interfaces, including more options for complex network configurations. Many icons have been added or redesigned to make them clearer. Integration with third-party technologies like GTK and Firefox has been improved substantially. Discover, Plasma's software and add-on installer, has received tons of improvements to help you stay up-to-date and find the tools you need to get your tasks done. For a more detailed list of features/changes, you can browse the full Plasma 5.15 changelog.

Video game publisher Ubisoft is working with Mozilla to develop an AI coding assistant called Clever-Commit, head of Ubisoft La Forge Yves Jacquier announced during DICE Summit 2019 on Tuesday. From a report: Clever-Commit reportedly helps programmers evaluate whether or not a code change will introduce a new bug by learning from past bugs and fixes. The prototype, called Commit-Assistant, was tested using data collected during game development, Ubisoft said, and it's already contributing to some major AAA titles. The publisher is also working on integrating it into other brands. "Working with Mozilla on Clever-Commit allows us to support other programming languages and increase the overall performances of the technology. Using this tech in our games and Firefox will allow developers to be more productive as they can spend more time creating the next feature rather than fixing bugs. Ultimately, this will allow us to create even better experiences for our gamers and increase the frequency of our game updates," said Mathieu Nayrolles, technical architect, data scientist, and member of the Technological Group at Ubisoft Montreal.

An anonymous reader shares a report: Samsung's mobile internet browser, if you ask its users, is pretty great. A lot of folks even say it's better than Chrome. That appreciation has manifested in the app hitting a very exclusive Play Store milestone: Samsung Internet Browser now has more than one billion installs. That impressive figure puts the browser's install base ahead of those of Firefox and Opera combined. Now, there are a couple of caveats here: for one, Samsung's browser comes pre-loaded on Samsung devices, of which each activation counts as an "install." What's more, both Firefox's and Opera's Play Store listings report that each browser has "100,000,000+" installs, which, because of the somewhat silly way figures are reported on Android's app marketplace, means their combined installs total anywhere between 200 million and 999,999,998. Still, though, Samsung's browser is on more devices than the both of 'em.

The Google Play Store has been caught hosting an app designed to steal cryptocurrency from unwitting end users, according to researchers with Eset security company. "The malware, which masqueraded as a legitimate cryptocurrency app, worked by replacing wallet addresses copied into the Android clipboard with one belonging to attackers," reports Ars Technica. "As a result, people who intended to use the app to transfer digital coins into a wallet of their choosing would instead deposit the funds into a wallet belonging to the attackers." From the report: So-called clipper malware has targeted Windows users since at least 2017. The clipper malware available in Google Play impersonated a service called MetaMask, which is designed to allow browsers to run apps that work with the digital coin Ethereum. The primary purpose of Android/Clipper.C, as Eset has dubbed the malware, was to steal credentials needed to gain control of Ethereum funds. It also replaced both bitcoin and Ethereum wallet addresses copied to the clipboard with ones belonging to the attackers. Eset spotted the app shortly after its introduction to Google Play on February 1. Google has since removed it. Stefanko said it's the first time clipper malware has been hosted in the Android app bazaar. Eset malware researcher Lukas Stefanko wrote: "This attack targets users who want to use the mobile version of the MetaMask service, which is designed to run Ethereum decentralized apps in a browser, without having to run a full Ethereum node. However, the service currently does not offer a mobile app -- only add-ons for desktop browsers such as Chrome and Firefox. Several malicious apps have been caught previously on Google Play impersonating MetaMask. However, they merely phished for sensitive information with the goal of accessing the victims' cryptocurrency funds."

Microsoft cybersecurity expert Chris Jackson recently published a post on the official Windows IT Pro blog, titled "The perils of using Internet Explorer as your default browser." Jackson urges users that it's time to stop using its old web browser, a product Microsoft officially discontinued in 2015. From a report: In his post, Jackson explains how Microsoft customers still ask him Internet Explorer related questions for their business. The fact of the matter is that while most average internet users have moved on to Google Chrome, Firefox, or Microsoft's Edge, some businesses are still working with older web apps or sites that were designed for Internet Explorer. Instead of updating its tech, many companies have chosen to just keep using the various enterprise compatibility modes of Microsoft's old web browser. But, Jackson says "enough is enough." It's time to event stop calling Internet Explorer a web browser.

An anonymous reader quotes a report from ZDNet: After a year of secret preparations, Mozilla has publicly announced plans today to implement a "site isolation" feature, which works by splitting Firefox code in isolated OS processes, on a per-domain (site) basis. The concept behind this feature isn't new, as it's already present in Chrome, since May 2018. Currently, Firefox comes with one process for the browser's user interface, and a few (two to ten) processes for the Firefox code that renders the websites. With Project Fission (as this was named), Firefox split processes will change, and a separate one will be created for each website a user is accessing. This separation will be so fine-grained that just like in Chrome, if there's an iframe on the page, that iframe will receive its own process as well, helping protect users from threat actors that hide malicious code inside iframes (HTML elements that load other websites inside the current website). This is the same approach Chrome has taken with its "Site Isolation."

An anonymous reader writes: Starting with Firefox 66 -- scheduled for release on March 19, 2019 -- Mozilla plans to block auto-playing audio on both desktop and mobile -- a feature it began to test on Nightly builds last year. The new rule will apply to any website that plays audio without user interaction in advance -- such as a user clicking a button. The audio autoplay ban will apply to both HTML5 audio and video elements used for media playback in modern browsers, meaning Firefox will block sound coming from both ads and video players, the most common sources of such abuse. Mozilla's move comes almost a year after Chrome took a similar decision to block all auto-playing sound by default with the release of Chrome 66 in April 2018. Microsoft similarly announced plans to block auto-playing sounds in Edge, but the feature never made it to production.

Mozilla has halted the rollout of v65 update to Firefox browser on Windows platform after learning about an issue with certain antivirus products. Users of Firefox 65, an update which was released last week, reported seeing "Your connection is not secure" error warnings when visiting popular sites. From a report: The issue mostly affected Firefox 65 users running AVG or Avast antivirus. The message appeared when users visited an HTTPS website and stated the 'Certificate is not trusted because the issuer is unknown' and that 'The server might not be sending the inappropriate intermediate certificates'.

The problem, reported on Mozilla's bug report page and first spotted by Techdows, is due to the HTTPS-filtering feature in Avast and AVG antivirus. Avast owns AVG. The bug prevented users from visiting any HTTPS site with Firefox 65. To limit the impact on users, Mozilla decided to temporarily halt all automatic updates on Windows. In the meantime, Avast, which owns AVG, released a new virus engine update that completely disabled Firefox HTTPS filtering in Avast and AVG products. HTTPS filtering remains enabled on other browsers.

"In the last year, a swell of privacy-focused website analytics platforms have started to provide an alternative to Google's tracking behemoth," reports Fast Company.

An anonymous reader shares their article about startups providing "privacy-centric analytics, claiming not to collect any personal data and only display simple metrics like page views, referral websites, and screen sizes in clean, pared-down interfaces."

While Simple Analytics and Fathom are both recent additions to the world of privacy-focused data analytics, 1.5% of the internet already uses an open-source, decentralized platform called Matomo, according to the company... "When [Google] released Google Analytics, [it] was obvious to me that a certain percent of the world would want the same technology, but decentralized, where it's not provided by a centralized corporation and you're not dependent on them," says Matthieu Aubry, Matomo's founder. "If you use it on your own server, it's impossible for us to get any data from it."

Aubry says that 99% of Matomo users use the analytics code, which is open for anyone to use, and host their analytics on their own servers -- which means that the company has no access to it whatsoever. For Aubry, that's his way of ensuring privacy by design. United Nations, Amnesty International, NASA, and the European Commission and about 1.5 million other websites use Matomo. But Matomo also offers significantly more robust tracking than Fathom or Simple Analytics -- Aubry says it can do about 95% of what Google Analytics does. Still, there are a few key differences. Like Simple Analytics, Matomo honors Do Not Track....

The rise of these analytics startups speaks to a growing desire for alternatives to the corporate ecosystems controlled by giants like Google, Amazon, and Apple, a swell that has helped privacy-focused search engine Duck Duck Go reach 36 million searches in a day. There's even an entire website dedicated to alternates to all of Google's services. For Aubry of Matomo, this concentration of power in the hands (or servers) of billion-dollar companies is the reason to support smaller, decentralized networks like his own that share code. "We want to control our future technology -- be able to understand it, study it, see what it does beneath the hood," he says. "And when it doesn't work we can fix it ourselves."

The Firefox browser will soon come with a new security feature that will detect and then warn users when a third-party app is performing a Man-in-the-Middle (MitM) attack by hijacking the user's HTTPS traffic. From a report: The new feature is expected to land in Firefox 66, Firefox's current beta version, scheduled for an official release in mid-March. The way this feature works is to show a visual error page when, according to a Mozilla help page, "something on your system or network is intercepting your connection and injecting certificates in a way that is not trusted by Firefox." An error message that reads "MOZILLA_PKIX_ERROR_MITM_DETECTED" will be shown whenever something like the above happens.

Mark Wilson writes: Facebook has been no stranger to controversy and scandal over the years, but things have been particularly bad over the last twelve months. The latest troubles find Mozilla complaining to the European Commission about the social network's lack of transparency, particularly when it comes to political advertising. Mozilla's Chief Operating Officer, Denelle Dixon, has penned a missive to Mariya Gabriel, the European Commissioner for Digital Economy and Society. She bemoans the fact that Facebook makes it impossible to conduct analysis of ads, and this in turn prevents Mozilla from offering full transparency to European citizens -- something it sees as important in light of the impending EU elections.