Google

Google Experiment Tests Top 5 Browsers, Finds Safari Riddled With Security Bugs (bleepingcomputer.com) 80

An anonymous reader writes from a report via Bleeping Computer: The Project Zero team at Google has created a new tool for testing browser DOM engines and has unleashed it on today's top five browsers, finding most bugs in Apple's Safari. Results showed that Safari had by far the worst DOM engine, with 17 new bugs discovered after Fratric's test. Second was Edge with 6, then IE and Firefox with 4, and last was Chrome with only 2 new issues. The tests were carried out with a new fuzzing tool created by Google engineers named Domato, also open-sourced on GitHub. This is the third fuzzing tool Google creates and releases into open-source after OSS-Fuzz and syzkaller. Researchers focused on testing DOM engines for vulnerabilities because they expect them to be the next target for browser exploitation after Flash reaches end-of-life in 2020.
Security

Adobe Security Team Accidentally Posts Private PGP Key On Blog (arstechnica.com) 45

A member of Adobe's Product Security Incident Response Team (PSIRT) accidentally posted the PGP keys for PSIRT's email account -- both the public and the private keys. According to Ars Technica, "the keys have since been taken down, and a new public key has been posted in its stead." From the report: The faux pas was spotted at 1:49pm ET by security researcher Juho Nurminen. Nurminen was able to confirm that the key was associated with the psirt@adobe.com e-mail account. To be fair to Adobe, PGP security is harder than it should be. What obviously happened is that a PSIRT team member exported a text file from PSIRT's shared webmail account using Mailvelope, the Chrome and Firefox browser extension, to add to the team's blog. But instead of clicking on the "public" button, the person responsible clicked on "all" and exported both keys into a text file. Then, without realizing the error, the text file was cut/pasted directly to Adobe's PSIRT blog.
Firefox

Firefox For iOS Gets Tracking Protection, Firefox Focus For Android Gets Tabs 28

An anonymous reader quotes a report from VentureBeat: Mozilla today released Firefox 9.0 for iOS and updated Firefox Focus for Android. The iOS browser is getting tracking protection, improved sync, and iOS 11 compatibility. The Android privacy browser is getting tabs. You can download the former from Apple's App Store and the latter from Google Play. This is the first time Firefox has offered tracking protection on iOS, and Nick Nguyen, vice president of product at Mozilla, notes that it's finally possible "thanks to changes by Apple to enable the option for 3rd party browsers." This essentially means iPhone and iPad users with Firefox and iOS 11 will have automatic ad and content blocking in Private Browsing mode, and the option to turn it on in regular browsing. This is the same feature that's available in Firefox for Android, Windows, Mac, and Linux, as well as the same ad blocking technology used in Firefox Focus for Android and iOS.
DRM

Corporations Just Quietly Changed How the Web Works (theoutline.com) 242

Adrianne Jeffries, a reporter at The Outline, writes on W3C's announcement from earlier this week: The trouble with DRM is that it's sort of ineffective. It tends to make things inconvenient for people who legitimately bought a song or movie while failing to stop piracy. Some rights holders, like Ubisoft, have come around to the idea that DRM is counterproductive. Steve Jobs famously wrote about the inanity of DRM in 2007. But other rights holders, like Netflix, are doubling down. The prevailing winds at the consortium concluded that DRM is now a fact of life, and so it would be be better to at least make the experience a bit smoother for users. If the consortium didn't work with companies like Netflix, Berners-Lee wrote in a blog post, those companies would just stop delivering video over the web and force people into their own proprietary apps. The idea that the best stuff on the internet will be hidden behind walls in apps rather than accessible through any browser is the mortal fear for open web lovers; it's like replacing one library with many stores that each only carry books for one publisher. "It is important to support EME as providing a relatively safe online environment in which to watch a movie, as well as the most convenient," Berners-Lee wrote, "and one which makes it a part of the interconnected discourse of humanity." Mozilla, the nonprofit that makes the browser Firefox, similarly held its nose and cooperated on the EME standard. "It doesn't strike the correct balance between protecting individual people and protecting digital content," it said in a blog post. "The content providers require that a key part of the system be closed source, something that goes against Mozilla's fundamental approach. We very much want to see a different system. Unfortunately, Mozilla alone cannot change the industry on DRM at this point."
Chrome

Google Chrome Most Resilient Against Attacks, Researchers Find (helpnetsecurity.com) 98

Between Google Chrome, Microsoft Edge, and Internet Explorer, Chrome has been found to be the most resilient against attacks, an analysis by security researchers has found. Firefox, Safari, and Opera were not included in the test. From a report: "Modern web browsers such as Chrome or Edge improved security in recent years. Exploitation of vulnerabilities is certainly more complex today and requires a higher skill than in the past. However, the attack surface of modern web browsers is increasing due to new technologies and the increasing complexity of web browsers themselves," noted Markus Vervier, Managing Director of German IT security outfit X41 D-Sec (and one of the researchers involved in the analysis). The researchers' aim was to determine which browser provides the highest level of security in common enterprise usage scenarios.
Firefox

Firefox 57 Will Hide Search Bar and Use a Uni-Bar Approach, Like Chrome (bleepingcomputer.com) 315

An anonymous reader quotes a report from Bleeping Computer: Mozilla will drop an iconic section of its UI -- the search bar -- and will use one singular input bar atop the browser, similar to the approach of most Chromium browsers. This change will go live in Firefox 57, scheduled for release on November 14, and will be part of Photon -- the codename used to describe Firefox's new user interface (UI) -- also scheduled for a public release in v57. Mozilla engineers aren't removing the search bar altogether, but Firefox will hide this UI element by default. Users can still re-enable it by going to "Preferences -> Search -> Search Bar" and choosing the second option. The current Firefox search bar is redundant since most of its features can be performed by the URL address bar.
Firefox

AskSlashdot: How Do You See Your Life After Firefox 52 ESR? (mozilla.org) 465

Artem Tashkinov writes: Soon to be released Firefox 56 says that out of 35+ add-ons that I have installed only a single one is a proper WebExtension which means that Firefox 57 will disable over 95% of my add-ons many of which I just cannot live without and for most of them there are simply no alternatives. This number of add-ons sound like an overkill, but actually they are all pretty neat and improve your browsing abilities. That's the reason why I'm using Firefox 52 ESR, which still fully supports XUL add-ons, however after June 2018, it will stop being supported.

Let's list the most famous ones:
  • DownThemAll is still largely irreplaceable since you can download from many parts of the internet much faster if you split the downloaded files in chunks and download them simultaneously;
  • GreaseMonkey allows you to fix or extend your favourite websites using JavaScript;Lazarus: Form Recovery has saved my time and life numerous times; it regularly backups the contents of web forms and allows to restore them after browser restart or accidental page refresh;
  • NoScript: allows you to whitelist JS execution only for websites that you really trust; JS has been used as an attack and tracking tool since its inception;
  • Status-4-Ever and Classic Theme Restorer return Firefox to the time when it was a powerful tool with its own identity and looks, and not a Chrome clone;
  • UnMHT add-on allows you to save complete web pages as a single MHT file;

So what will you do less than a year from now?


Firefox

TechRepublic: Mozilla 'Is Desperately Needed to Save the Web' (techrepublic.com) 317

"I can't remember the last time I cared about Mozilla," writes Matt Asay at TechRepublic. "I also can't remember a time when we needed it more." An anonymous reader quotes TechRepublic: Mozilla's Firefox is almost a rounding error in desktop market share, and nonexistent in mobile browser market share. It offers a few other services, like Pocket, but largely gets ignored... This is a mistake. Our world is increasingly mediated by the internet, and that internet has just a few gatekeepers, collecting tolls as we browse. As Python guru Matt Harrison put it, "Vendors control the default browser which 99.9% of people use." Those vendors are happy to sell us access to information. Nothing about it is free. You are most definitely the product.

On mobile, where the majority of the world's content is now consumed, Google and Facebook own eight of the top 10 apps, with apps devouring 87% of our time spent on smartphones and tablets, according to new comScore data. For that remaining 13% of time spent on the mobile web, Google and Apple offer the two dominant browsers... the majority of our time online is now mediated by just a few megacorporations, and for the most part their top incentive is to borrow our privacy just long enough to target an ad at us. Then there's Mozilla, an organization whose mantra is "Internet for people, not profit." That feels like a necessary voice to add to today's internet oligopoly, but it's not one we're hearing... We clearly need an organization standing up for web freedom, as expecting Google to do that is like asking the fox to guard the henhouse. Google does many great things, but its clear incentive is to sell ads. We are Google's product, as the saying goes.

The article applauds the Mozilla-sponsored Rust programming language as promising, "but not to save the web from the all-consuming embrace of Facebook and Google, especially as they wall off the experience in apps... "If I sound like I don't know what to propose Mozilla should do, it's because I don't. I simply feel strongly that the role Mozilla played in the early browser wars needs to be resurrected to save the web today."
Facebook

Fake Messages Rigged With Malware Are Spreading Via Facebook Messenger (bleepingcomputer.com) 44

According to recent warnings issued by Avira, CSIS Security Group, and Kaspersky Lab, a virulent spam campaign has hit Facebook Messenger during the past few days. "The Facebook spam messages contain a link to what appears to be a video," reports Bleeping Computer. "The messages arrive from one of the user's friends, suggesting that person's account was also compromised." From the report: The format of the spam message is the user's first name, the word video, and a bit.ly or t.cn short-link. Users that click on the links are redirected to different pages based on their geographical location and the type of browser and operating system they use. It's been reported that Firefox users on Windows and Mac are being redirected to a page offering a fake Flash Player installer. Kaspersky says this file installs adware on users' PCs. On Chrome, the spam campaign redirects users to a fake YouTube page pushing a malicious extension. It is believed that crooks use this Chrome extension to push adware and collect credentials for new Facebook accounts, which they later use to push the spam messages to new users.
Firefox

Mozilla Testing an Opt-Out System For Firefox Telemetry Collection (bleepingcomputer.com) 227

An anonymous reader writes: "Mozilla engineers are discussing plans to change the way Firefox collects usage data (telemetry), and the organization is currently preparing to test an opt-out clause so they could collect more data relevant to the browser's usage," reports Bleeping Computer. "In a Google Groups discussion that's been taking place since Monday, Mozilla engineers cite the lack of usable data the Foundation is currently receiving via its data collection program. The problem is that Firefox collects data from a very small fraction of its userbase, and this data may not be representative of the browser's real usage." Mozilla would like to fix this by flipping everyone's telemetry setting to enabled and adding an opt-out clause. Engineers also plan to embed Google's RAPPAR project [1, 2] for anonymous data collection.
Mozilla

64-bit Firefox is the New Default on 64-bit Windows (mozilla.org) 178

An anonymous reader shares a blog post: Users on 64-bit Windows who download Firefox will now get our 64-bit version by default. That means they'll install a more secure version of Firefox, one that also crashes a whole lot less. How much less? In our tests so far, 64-bit Firefox reduced crashes by 39% on machines with 4GB of RAM or more.
Firefox

'See the Future Firefox Right Now' (cnet.com) 293

"Mozilla is prepping a new version of Firefox in an effort to rally in the race for browser supremacy," writes CNET's Matt Elliott, who decided to test drive a new nightly build of Firefox 57 which "promises fast speeds and a new look." An anonymous reader quotes their report: Firefox 57 has added a screenshot button in the top-right corner... It highlights different elements on a page as you mouse over them, or you can just click-and-drag the old-school way to take a screenshot of a portion of a page. Screenshots are saved within Firefox. Click the scissors button and then click the little My Shots window to open a new tab of all of your saved screenshots. From here you can download them or share them... The bookmark and Pocket buttons have been moved from the right of the URL bar to inside it, but the Page Actions button is new. Click it and you'll get a small menu to Copy URL, Email Link and Send to Device. The Page Actions menu also has bookmark and Pocket buttons, which seems redundant at first but then I realized you can remove those items from the URL bar by right-clicking them. You can't remove the new, triple-dot Page Actions button...

As with any prerelease software, Firefox Nightly 57 is meant for developers and will likely exhibit strange and unstable behavior from time to time. Also, there is no guarantee that the final release will look like what you see in the current version of Nightly. For example, I have read reports that the search box next to Firefox's URL bar may be on the chopping block. It's part of the design of the current Nightly build but I wouldn't be surprised if it gets dropped between now and November since most web users have grown accustomed to entering their search queries right in the URL bar. Just as you can with the current version of Firefox, however, you can customize which elements are displayed at the top of Firefox Nightly 57, including the search box.

Mozilla

Firefox 55 Arrives With WebVR on Windows, Performance Panel, and Click-to-Play Flash (venturebeat.com) 129

Mozilla today made available a new update to Firefox for Windows to introduce support for WebVR, that the company says, will enable desktop VR users to dive into web-based experiences with ease. Firefox 55 also includes performance panel, faster startup when restoring multiple tabs, a quicker way to search across various search engines, and click-to-play Flash by default. From a report: WebVR is an experimental JavaScript API that provides support for virtual reality devices, such as the HTC Vive, Oculus Rift, and Google Cardboard. As its name implies, the technology is meant for browsers. If you find a web game or app that supports VR, just click the VR goggles icon visible on the web page to experience it using your VR headset. WebVR supports navigating and controlling VR experiences with handset controllers or your movements in physical space. [...] Firefox 55 also allows users to adjust the number of processes and how much resources they want to allocate to any of them. This setting is at the bottom of the General section in Options. In fact, if your computer has more than 8GB of RAM, Mozilla recommends "bumping up the number of content processes that Firefox uses" because it will make Firefox faster, though at the expense of using more memory. In its own tests on Windows 10, the company found that Firefox uses less memory than Chrome, even with eight content processes running.
Debian

OpenSSL Support In Debian Unstable Drops TLS 1.0/1.1 Support (debian.org) 76

An anonymous reader writes: Debian Linux "sid" is deprecating TLS 1.0 Encryption. A new version of OpenSSL has been uploaded to Debian Linux unstable. This version disables the TLS 1.0 and 1.1 protocol. This currently leaves TLS 1.2 as the only supported SSL/TLS protocol version. This will likely break certain things that for whatever reason still don't support TLS 1.2. I strongly suggest that if it's not supported that you add support for it, or get the other side to add support for it. OpenSSL made a release 5 years ago that supported TLS 1.2. The current support of the server side seems to be around 90%. I hope that by the time Buster releases the support for TLS 1.2 will be high enough that I don't need to enable them again. This move caused some concern among Debian users and sysadmins. If you are running Debian Unstable on server tons of stuff is going to broken cryptographically. Not to mention legacy hardware and firmware that still uses TLS 1.0. On the client side (i.e. your users), you need to use the latest version of a browser such as Chrome/Chromium and Firefox. The Older version of Android (e.g. Android v5.x and earlier) do not support TLS 1.2. You need to use minimum iOS 5 for TLS 1.2 support. Same goes with SMTP/mail servers, desktop email clients, FTP clients and more. All of them using old outdated crypto.

This move will also affect for Android 4.3 users or stock MS-Windows 7/IE users (which has TLS 1.2 switched off in Internet Options.) Not to mention all the mail servers out there running outdated crypto.

Mozilla

Inside Mozilla's Fight To Make Firefox Relevant Again (cnet.com) 276

News outlet CNET has a big profile on Firefox today, for which it has spoken with several Mozilla executives. Mozilla hopes to fight back Chrome, which owns more than half of the desktop market share, with Firefox 57, a massive overhaul due November 14. From the report: "It's going to add up to be a big bang," Mozilla Chief Executive Chris Beard promises, speaking at the company's Mountain View, California, headquarters. "We're going to win back a lot of people." "Some of the stuff they're doing from a technology perspective is amazing," says Andreas Gal, who became CEO of startup Silk Labs after leaving the Mozilla chief technology officer job in 2015. "I just don't think it makes a difference." [...] You may not care which browser you use, but the popularity of Firefox has helped keep browsers competitive and build the web into a foundation for online innovations over the last decade. Are you a fan of Google Maps, Facebook, Twitter or YouTube? That's partly thanks to Firefox. Mozilla's mission is to keep the web vibrant enough for the next big innovation even as companies offer mobile apps instead of websites, dump privacy-invading ads on you or try to confine your activity to their own walled gardens. [...] To Mozilla, each tap or click on a webpage in Firefox is more than you browsing the internet. It's a statement that you'd prefer a more open future where online services can start up on their own. The alternative, as Mozilla sees it, is a future where everyone kowtows to Apple's app store, Google's search results, Facebook's news feed or Amazon's Prime video streaming. That's why Mozilla bought billboard ads saying "Browse against the machine" and "Big browser is watching you," a jab at Google. [...] Improvements within a project called Quantum are responsible for much of the difference. One part, Stylo, accelerates formatting operations. Quantum Flow squashes dozens of small slowdown bugs. Quantum Compositor speeds website display. And Firefox 57 also will lay the groundwork for WebRender, which uses a computing device's graphics chip to draw webpages on the screen faster. "You can do user interface and animation and interactive content that you simply can't do in any other browser," says Firefox chief Mayo, speaking from his office in Toronto -- over video chat technology Firefox helped make possible. It all adds up to a very different engine at the core of Firefox. That kind of speedup can really excite web developers -- an influential community key to Firefox's success in taking on IE back in 2004.
Mozilla

Mozilla's Send is Basically the Snapchat of File Sharing (theverge.com) 107

Mozilla has launched a new website that makes it really easy to send a file from one person to another. From a report: The site is called Send, and it's basically the Snapchat of file sharing: after a file has been downloaded once, it disappears for good. That might sound like a gimmick, but it underscores what the site is meant for. It's designed for quick and private sharing between two people -- not for long-term hosting or distributing files to a large group. It supports files up to 1GB, and after uploading something, it'll give you a link to send to someone else. That link will expire once they've downloaded it or once 24 hours have passed.
Mozilla

Mozilla Launches Experimental Voice Search, File-Sharing and Note-Taking Tools For Firefox (techcrunch.com) 74

Firefox has just launched three new Test Pilot experiments that bring voice search, built-in note taking and a tool for sending large files to the browser. From a report: While the new voice search, which currently works on the Google, Yahoo and DuckDuckGo homepages, and note-taking features are browser plugins, the new Send tool is web-based and allows anybody -- no matter which browser they use -- to send files up to 1GB in size. It encrypts the file as it is uploaded and gives you a link you can share with your friends and co-workers. Files are automatically deleted after one download or after one day. That's not exactly the most novel concept (and Mozilla has often been criticized for diverting its attention from its core competencies), but the built-in encryption and the open-source nature of the tool do make up for that.
AI

Mozilla's New Open Source Voice-Recognition Project Wants Your Voice (mashable.com) 55

An anonymous reader quotes Mashable: Mozilla is building a massive repository of voice recordings for the voice apps of the future -- and it wants you to add yours to the collection. The organization behind the Firefox browser is launching Common Voice, a project to crowdsource audio samples from the public. The goal is to collect about 10,000 hours of audio in various accents and make it publicly available for everyone... Mozilla hopes to hand over the public dataset to independent developers so they can harness the crowdsourced audio to build the next generation of voice-powered apps and speech-to-text programs... You can also help train the speech-to-text capabilities by validating the recordings already submitted to the project. Just listen to a short clip, and report back if text on the screen matches what you heard... Mozilla says it aims is to expand the tech beyond just a standard voice recognition experience, including multiple accents, demographics and eventually languages for more accessible programs. Past open source voice-recognition projects have included Sphinx 4 and VoxForge, but unfortunately most of today's systems are still "locked up behind proprietary code at various companies, such as Amazon, Apple, and Microsoft."
Mozilla

The New Firefox and Ridiculous Numbers of Tabs (metafluff.com) 210

An anonymous reader shares a blog post: I've got a Firefox profile with 1691 tabs. As you would expect, Firefox handled this profile quite poorly for a long time. I got used to multi-minute startup time, waiting 15-30 seconds for tabs from external apps to show up, and all manner of non-responsive behavior. And then, quite recently, everything changed. Right now, more effort is being put into making Firefox fast than I've seen since... well, since I've been working on Firefox. And I've been at Mozilla for more than a decade. Part of this effort is a project called Quantum Flow -- a bunch of engineers making changes that directly impact Firefox responsiveness. A lot of the improvement in this particular scenario is from Kevin Jones' work on bringing the overall cost of unloaded tabs as close to zero as possible. While the major work has landed, the work continues in Bug 906076. Test scenario: I took my 1691 tab browser profile, and did a wall-clock measurement of start-up time and memory use for Firefox versions 20, 30, 40, and 50 through 56. In the result, the person found that Firefox startup time has gotten worse over time... until Firefox 51.
Ubuntu

Ask Slashdot: Ubuntu 18.04 LTS Desktop Default Application Survey 298

Dustin Kirkland, Ubuntu Product and Strategy at Canonical, writes: Howdy all- Back in March, we asked the HackerNews community, "What do you want to see in Ubuntu 17.10?": https://ubu.one/AskHN. A passionate discussion ensued, the results of which are distilled into this post: http://ubu.one/thankHN. In fact, you can check that link, http://bit.ly/thankHN and see our progress so far this cycle. We already have a beta code in 17.10 available for your testing for several of those:

- GNOME replaced Unity
- Bluetooth improvements with a new BlueZ
- Switched to libinput
- 4K/Multimonitor/HiDPI improvements
- Upgraded to Network Manager 1.8
- New Subiquity server installer
- Minimal images (36MB, 18% smaller)

And several others have excellent work in progress, and will be complete by 17.10:

- Autoremove old kernels from /boot
- EXT4 encryption with fscrypt
- Better GPU/CUDA support

In summary -- your feedback matters! There are hundreds of engineers and designers working for *you* to continue making Ubuntu amazing! Along with the switch from Unity to GNOME, we're also reviewing some of the desktop applications we package and ship in Ubuntu. We're looking to crowdsource input on your favorite Linux applications across a broad set of classic desktop functionality. We invite you to contribute by listing the applications you find most useful in Linux in order of preference.


Click through for info on how to contribute.

Slashdot Top Deals