Forgot your password?
typodupeerror

Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

Encryption

Why Google Is Pushing For a Web Free of SHA-1 108

Posted by Soulskill
from the collision-course dept.
An anonymous reader writes: Google recently announced Chrome will be gradually phasing out support for certificates using SHA-1 encryption. They said, "We need to ensure that by the time an attack against SHA-1 is demonstrated publicly, the web has already moved away from it." Developer Eric Mill has written up a post explaining why SHA-1 is dangerously weak, and why moving browsers away from acceptance of SHA-1 is a lengthy, but important process. Both Microsoft and Mozilla have deprecation plans in place, but Google's taking the additional step of showing the user that it's not secure. "This is a gutsy move by Google, and represents substantial risk. One major reason why it's been so hard for browsers to move away from signature algorithms is that when browsers tell a user an important site is broken, the user believes the browser is broken and switches browsers. Google seems to be betting that Chrome is trusted enough for its security and liked enough by its users that they can withstand the first mover disadvantage. Opera has also backed Google's plan. The Safari team is watching developments and hasn't announced anything."
Security

Mozilla 1024-Bit Cert Deprecation Leaves 107,000 Sites Untrusted 67

Posted by Soulskill
from the 2048-bits-ought-to-be-enough-for-anyone dept.
msm1267 writes: Mozilla has deprecated 1024-bit RSA certificate authority certificates in Firefox 32 and Thunderbird. While there are pluses to the move such as a requirement for longer, stronger keys, at least 107,000 websites will no longer be trusted by Mozilla. Data from HD Moore's Project Sonar, which indexes more than 20 million websites, found 107,535 sites using a cert signed by what will soon be an untrusted CA certificate. Grouping those 107,000-plus sites by certificate expiration date, the results show that 76,185 certificates had expired as of Aug. 25; of the 65 million certificates in the total scan, 845,599 had expired but were still in use as of Aug. 25, Moore said.
Firefox

Firefox 32 Arrives With New HTTP Cache, Public Key Pinning Support 220

Posted by Soulskill
from the cache-money dept.
An anonymous reader writes: Mozilla today officially launched Firefox 32 for Windows, Mac, Linux, and Android. Additions include a new HTTP cache for improved performance, public key pinning support, and easy language switching on Android. The Android version is trickling out slowly on Google Play. Changelogs are here: desktop and mobile.
Firefox

Mozilla To Support Public Key Pinning In Firefox 32 90

Posted by Soulskill
from the pin-the-key-on-the-fox dept.
Trailrunner7 writes: Mozilla is planning to add support for public-key pinning in its Firefox browser in an upcoming version. In version 32, which would be the next stable version of the browser, Firefox will have key pins for a long list of sites, including many of Mozilla's own sites, all of the sites pinned in Google Chrome and several Twitter sites. Public-key pinning has emerged as an important defense against a variety of attacks, especially man-in-the-middle attacks and the issuance of fraudulent certificates. The function essentially ties a public key, or set of keys, issued by known-good certificate authorities to a given domain. So if a user's browser encounters a site that's presenting a certificate that isn't included in the set of pinned public keys for that domain, it will then reject the connection. The idea is to prevent attackers from using fake certificates in order to intercept secure traffic between a user and the target site.
Firefox

Mozilla Rolls Out Sponsored Tiles To Firefox Nightly's New Tab Page 171

Posted by timothy
from the now-how-much-would-you-pay? dept.
An anonymous reader writes Mozilla has rolled out directory tiles, the company's advertising experiment for its browser's new tab page, to the Firefox Nightly channel. We installed the latest browser build to give the sponsored ads a test drive. When you first launch Firefox, a message on the new tab page informs you of the following: what tiles are (with a link to a support page about how sponsored tiles work), a promise that the feature abides by the Mozilla Privacy Policy, and a reminder that you can turn tiles off completely and choose to have a blank new tab page. It's quite a lot to take in all at once.
Mozilla

$33 Firefox Phone Launched In India 83

Posted by samzenpus
from the cheaper-by-the-dozen dept.
davidshenba writes Intex and Mozilla have launched Cloud FX, a smartphone powered by Mozilla's Firefox OS. The phone has a 1 GHz processor, 2 Megapixel camera, dual SIM, 3.5 inch capacitive touchscreen. Though the phone has limited features, initial reviews say that the build quality is good for the price range. With a price tag of $33 (2000 INR), and local languages support the new Firefox phone is hitting the Indian market of nearly 1 billion mobile users.
Real Time Strategy (Games)

Auralux Release For Browsers Shows Emscripten Is Reaching Indie Devs 44

Posted by Soulskill
from the hope-your-servers-are-ready dept.
New submitter MorgyTheMole writes Porting C++/OpenGL based games using Emscripten and WebGL has been an approach pushed by Mozilla for some time now. Games using the technology are compatible with most modern browsers and require no separate install. We've seen Epic Games demonstrate UnrealEngine 4 in browser as well as Unity show off a variety of games. Now as the technology matures, indie devs are looking to get into the mix, including this near one-to-one port of E McNeill's Auralux, a simplified RTS game, from Android and iOS. (Disclosure: I am a programmer who worked on this title.)
Mozilla

Mozilla Dumps Info of 76,000 Developers To Public Web Server 80

Posted by samzenpus
from the for-everyone's-eyes dept.
wiredmikey writes Mozilla warned on Friday that it had mistakenly exposed information on almost 80,000 members of its Mozilla Developer Network (MDN) as a result of a botched data sanitization process. The discovery was made around June 22 by one of Mozilla's Web developers, Stormy Peters, Director of Developer Relations at Mozilla, said in a security advisory posted to the Mozilla Security Blog on Friday. "Starting on about June 23, for a period of 30 days, a data sanitization process of the Mozilla Developer Network (MDN) site database had been failing, resulting in the accidental disclosure of MDN email addresses of about 76,000 users and encrypted passwords of about 4,000 users on a publicly accessible server," Peters wrote. According to Peters, the encrypted passwords were salted hashes and they by themselves cannot currently be used to authenticate with the MDN. However, Peters warned that MDN users may be at risk if they reused their original MDN passwords on other non-Mozilla websites or authentication systems.
Firefox

Firefox 33 Integrates Cisco's OpenH264 194

Posted by Unknown Lamer
from the monty-does-it-better dept.
NotInHere (3654617) writes As promised, version 33 of the Firefox browser will fetch the OpenH264 module from Cisco, which enables Firefox to decode and encode H.264 video, for both the <video> tag and WebRTC, which has a codec war on this matter. The module won't be a traditional NPAPI plugin, but a so-called Gecko Media Plugin (GMP), Mozilla's answer to the disliked Pepper API. Firefox had no cross-platform support for H.264 before. Note that only the particular copy of the implementation built and blessed by Cisco is licensed to use the h.264 patents.
Firefox

Firefox 31 Released 172

Posted by Soulskill
from the baskin-robbins-edition dept.
An anonymous reader writes Mozilla has released version 31 of its Firefox web browser for desktops and Android devices. According to the release notes, major new features include malware blocking for file downloads, automatic handling of PDF and OGG files if no other software is available to do so, and a new certificate verification library. Smaller features include a search field on the new tab page, better support for parental controls, and partial implementation of the OpenType MATH table. Firefox 31 is also loaded with new features for developers. Mozilla also took the opportunity to note the launch of a new game, Dungeon Defenders Eternity, which will run at near-native speeds on the web using asm.js, WebGL, and Web Audio. "We're pleased to see more developers using asm.js to distribute and now monetize their plug-in free games on the Web as it strengthens support for Mozilla's vision of a high performance, plugin-free Web."
Mozilla

Mozilla Doubles Down on JPEG Encoding with mozjpeg 2.0 129

Posted by Soulskill
from the more-cats-per-internet dept.
An anonymous reader writes: Mozilla today announced the release of mozjpeg version 2.0. The JPEG encoder is now capable of reducing the size of both baseline and progressive JPEGs by 5 percent on average (compared to those produced by the standard JPEG library libjpeg-turbo upon which mozjpeg is based). Mozilla today also revealed that Facebook is testing mozjpeg 2.0 to see whether it can be used to improve the compression of images on Facebook.com. The company has even donated $60,000 to contribute to the ongoing development of the technology.
Mozilla

Mozilla Introduces Browser-Based WebIDE 132

Posted by Unknown Lamer
from the every-greenspunned-program-eventually-sprouts-emacs dept.
mpicpp (3454017) writes with word that Mozilla released a full development environment integrated into Firefox (available now in nightly builds). From the announcement: Developers tell us that they are not sure how to start app development on the Web, with so many different tools and templates that they need to download from a variety of different sources. We’re solving that problem with WebIDE, built directly into Firefox. Instead of starting from zero we provide you with a functioning blueprint app with the click of a button. You then have all the tools you need to start creating your own app based on a solid foundation. WebIDE helps you create, edit, and test a new Web application right from your browser. It lets you install and test apps on Firefox OS devices and simulators and integrates the Firefox Developer Tools for seamless debugging and inspection across those devices. This is a first step towards debugging across various platforms and devices over WiFi using open remote debugging APIs. The default editor is based on CodeMirror, but the protocol for interacting with the IDE is open and support for other editors (Emacs anyone?) should appear soon.
Open Source

EFF To Unveil Open Wireless Router For Open Wireless Movement 184

Posted by samzenpus
from the router-to-the-people dept.
hypnosec writes A new movement dubbed the Open Wireless Movement is asking users to open up their private Wi-Fi networks to total strangers – a random act of kindness – with an aim of better securing networks and facilitating better use of finite broadband resources. The movement is supported by non-profit and pro-internet rights organizations like the Electronic Frontier Foundation (EFF), Mozilla, Open Rights Group, and Free Press among others. The EFF is planning to unveil one such innovation – Open Wireless Router – at the Hackers on Planet Earth (HOPE X) conference to be held next month on New York. This firmware will allow individuals to share their private Wi-Fi to total strangers to anyone without a password.
Media

Mozilla Is Working On a Firefox OS-powered Streaming Stick 89

Posted by Soulskill
from the casting-video-is-finally-arriving dept.
SmartAboutThings writes: Mozilla took the world by surprise when it announced that it was developing a Firefox operating system that would be used for mobile phones, particularly in developing markets. Such devices have already arrived, but they aren't the only targets for the new operating. According to a report from GigaOM, Mozilla is currently working on a secretive project to develop a Chromecast-like media streaming stick powered by Firefox-OS. Mozilla's Christian Heilmann shared a picture of a prototype.
Mozilla

Mozilla Working On a New Website Comment System 142

Posted by samzenpus
from the fight-the-trolls dept.
sfcrazy writes Mozilla is working on developing a content and commenting platform in collaboration with The New York Times and The Washington Post. The platform aims to be the next-generation commenting and content creation platform which will give more control to readers. Mozilla says in a blog post, “The community platform will allow news organizations to connect with audiences beyond the comments section, deepening opportunities for engagement. Through the platform, readers will be able to submit pictures, links and other media; track discussions, and manage their contributions and online identities. Publishers will then be able to collect and use this content for other forms of storytelling and spark ongoing discussions by providing readers with targeted content and notifications.” The project is being funded by Knights Foundation.
Cellphones

Mozilla To Sell '$25' Firefox OS Smartphones In India 82

Posted by timothy
from the prosperity-sensors dept.
mrspoonsi (2955715) writes Mozilla, the organisation behind the Firefox browser, has announced it will start selling low-cost smartphones in India within the "next few months". Speaking to the Wall Street Journal, the firm's chief operating officer suggested the handsets, which will be manufactured by two Indian companies, would retail at $25 (£15) [note: full article paywalled]. They will run Mozilla's HTML5 web-based mobile operating system, Firefox OS. The firm already sells Firefox-powered phones in Europe and Latin America. Firefox OS has come a long way even in the year since we saw a tech demo at Linux Fest Northwest.
Firefox

Firefox 30 Available, Firebug 2.0 Released 270

Posted by Soulskill
from the 30-is-over-the-hill dept.
Today Mozilla made Firefox 30 available, a relatively minor release after the massive redesign in version 29. According to the changelog, new features include VP9 video decoding, support for Opus in WebM, and horizontal volume control for HTML5 video and audio. Developers got support for multi-line flexboxes and hang reporting for background threads. There were also a number of security fixes. The Android version of Firefox received better support for native text selection, cutting, and copying, as well as predictive lookup for Awesomebar entries. The availability of Firefox 30 coincides with the launch of Firebug 2.0, which features an updated UI and a new debugging engine called JSD2. Significant new features include JavaScript syntax highlighting and de-minifying, improved code auto-complete, and the capability to hide or show individual Firebug panels.
Firefox

Firefox OS Powered Flame Available For Pre-order; Ships Globally 109

Posted by Unknown Lamer
from the everyone-has-a-phone dept.
sfcrazy (1542989) writes "Developers need access to device running the platform for which they develop. Nexus was Google's reference device and now Mozilla is coming out with its own device. Mozilla has opened pre-order for Flame, its Firefox OS reference devices for $170 including free shipping." Specs are, of course, modest: a dual core 1.2GHz snapdragon, 1G of RAM, 8G of flash, an 854×480 4.5" screen, and a 5MP camera. Now, if only they would release a device with a keyboard.
Firefox

Did Mozilla Have No Choice But To Add DRM To Firefox? 406

Posted by samzenpus
from the let-the-flamewar-begin dept.
JimLynch (684194) writes "Mozilla has been in the news quite a lot over the last few months. This time the organization is being hammered by open source advocates for adding Adobe DRM to Firefox. But did the folks at Mozilla really have a choice when it comes adding DRM? An open source project like Mozilla is not immune to market pressures. And with so many competing browsers such as Chrome adding DRM for Netflix, etc. how could Firefox avoid adding it? Is it realistic to think that Firefox can simply ignore such things? I don't think so and the reason why is in Firefox's usage numbers over the last few years."
Chrome

Chromecast Support Coming To Mobile Firefox 26

Posted by samzenpus
from the watch-it dept.
sfcrazy (1542989) writes "Chromecast is a great device, and concept, however it is more or less limited to Google's Chrome browser and supported apps. That seems to be changing: Mozilla is working on bringing Chromecast support to its Firefox browser. Mozilla meeting notes from 14 May clearly mention Chromecast support for the browser: 'Work week in SF, making good progress. Hoping to have Netcast and Chromecast support landed by the end of the week.'"

"Marriage is like a cage; one sees the birds outside desperate to get in, and those inside desperate to get out." -- Montaigne

Working...