Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Firefox

Firefox 37 Released 150

Posted by Soulskill
from the onward-and-upward dept.
Today Mozilla began rolling out Firefox version 37.0 to release channel users. This update mostly focuses on behind-the-scenes changes. Security improvements include opportunistic encryption where servers support it and improved protection against site impersonation. They also disabled insecure TLS version fallback and added a security panel within the developer tools. One of the things end users will see is the Heartbeat feedback collection system. It will pop up a small rating widget to a random selection of users every day. After a user rates Firefox, an "engagement" page may open in the background, with links to social media pages and a donation page. Here are the release notes and full changelist.
Security

Chinese CA Issues Certificates To Impersonate Google 134

Posted by Soulskill
from the doing-trust-wrong dept.
Trailrunner7 writes: Google security engineers, investigating fraudulent certificates issued for several of the company's domains, discovered that a Chinese certificate authority was using an intermediate CA, MCS Holdings, that issued the unauthorized Google certificates, and could have issued certificates for virtually any domain. Google's engineers were able to block the fraudulent certificates in the company's Chrome browser by pushing an update to the CRLset, which tracks revoked certificates. The company also alerted other browser vendors to the problem, which was discovered on March 20. Google contacted officials at CNNIC, the Chinese registrar who authorized the intermediate CA, and the officials said that they were working with MCS to issue certificates for domains that it registered. But, instead of simply doing that, and storing the private key for the registrar in a hardware security module, MCS put the key in a proxy device designed to intercept secure traffic.
Chrome

Every Browser Hacked At Pwn2own 2015, HP Pays Out $557,500 In Awards 237

Posted by Soulskill
from the another-four-bite-the-dust dept.
darthcamaro writes: Every year, browser vendors patch their browsers ahead of the annual HP Pwn2own browser hacking competition in a bid to prevent exploitation. The sad truth is that it's never enough. This year, security researchers were able to exploit fully patched versions of Mozilla Firefox, Google Chrome, Microsoft Internet Explorer 11 and Apple Safari in record time. For their efforts, HP awarded researchers $557,500. Is it reasonable to expect browser makers to hold their own in an arms race against exploits? "Every year, we run the competition, the browsers get stronger, but attackers react to changes in defenses by taking different, and sometimes unexpected, approaches," Brian Gorenc manager of vulnerability research for HP Security Research said.
Mozilla

Mozilla: Following In Sun's Faltering Footsteps? 300

Posted by Soulskill
from the don't-let-the-sun-go-down-on-them dept.
snydeq writes: The trajectory of Mozilla, from the trail-blazing technologies to the travails of being left in the dust, may be seen as paralleling that of the now-defunct Unix systems giant Sun. The article claims, "Mozilla has become the modern-day Sun Microsystems: While known for churning out showstopping innovation, its bread-and-butter technology now struggles." It goes on to mention Firefox's waning market share, questions over tooling for the platform, Firefox's absence on mobile devices, developers' lack of standard tools (e.g., 'Gecko-flavored JavaScript'), and relatively slow development of Firefox OS, in comparison with mobile incumbents.
Chrome

Firefox 37 To Check Security Certificates Via Blocklist 29

Posted by timothy
from the making-a-list-pushing-it-multiple-times dept.
An anonymous reader writes The next version of Firefox will roll out a 'pushed' blocklist of revoked intermediate security certificates, in an effort to avoid using 'live' Online Certificate Status Protocol (OCSP) checks. The 'OneCRL' feature is similar to Google Chrome's CRLSet, but like that older offering, is limited to intermediate certificates, due to size restrictions in the browser. OneCRL will permit non-live verification on EV certificates, trading off currency for speed. Chrome pushes its trawled list of CA revocations every few hours, and Firefox seems set to follow that method and frequency. Both Firefox and Chrome developers admit that OCSP stapling would be the better solution, but it is currently only supported in 9% of TLS certificates.
The Internet

Republicans Back Down, FCC To Enforce Net Neutrality Rules 599

Posted by Soulskill
from the on-to-the-courts dept.
An anonymous reader writes: Republican resistance has ended for the FCC's plans to regulate the internet as a public utility. FCC commissioners are working out the final details, and they're expected to approve the plan themselves on Thursday. "The F.C.C. plan would let the agency regulate Internet access as if it is a public good.... In addition, it would ban the intentional slowing of the Internet for companies that refuse to pay broadband providers. The plan would also give the F.C.C. the power to step in if unforeseen impediments are thrown up by the handful of giant companies that run many of the country's broadband and wireless networks." Dave Steer of the Mozilla Foundation said, "We've been outspent, outlobbied. We were going up against the second-biggest corporate lobby in D.C., and it looks like we've won."
Firefox

Firefox 36 Arrives With Full HTTP/2 Support, New Design For Android Tablets 147

Posted by Soulskill
from the onward-and-upward dept.
An anonymous reader writes: Mozilla today launched Firefox 36 for Windows, Mac, Linux, and Android. Additions to the browser include some security improvements, better HTML 5 support, and a new tablet user interface on Android. The biggest news for the browser is undoubtedly HTTP/2 support, the roadmap for which Mozilla outlined just last week. Mozilla plans to keep various draft levels of HTTP/2, already in Firefox, for a few versions. These will be removed "sometime in the near future." The full changelog is here.
Mozilla

Firefox To Mandate Extension Signing 196

Posted by samzenpus
from the changing-things-up dept.
First time accepted submitter x0ra writes In a recent blog post, Mozilla announced its intention to require extensions to be signed in Firefox, without any possible user override. From the post: "For developers hosting their add-ons on AMO, this means that they will have to either test on Developer Edition, Nightly, or one of the unbranded builds. The rest of the submission and review process will remain unchanged, except that extensions will be automatically signed once they pass review. For other developers, this is a larger change. For testing development versions, they’ll have the same options available as AMO add-on developers. For release versions, however, we’re introducing the required step of uploading the extension file to AMO for signing. For most cases, this step will be automatic, but in cases where the extension doesn’t pass these tests, there will be the option to request a manual code review."
DRM

Kickstarted Firefox OS HDMI Dongle Delayed, DRM Support Being Added 106

Posted by Soulskill
from the surprise! dept.
An anonymous reader writes: You may recall last September when Mozilla and a new company named Matchstick announced a Kickstarter project for a new device that would compete with Google's Chromecast. It was an HDMI dongle for streaming media that runs on Firefox OS. They easily quadrupled their $100,000 funding goal, and estimated a ship date of February, 2015. Well, they emailed backers today to say that the Matchstick's release is being pushed back to August. They list a few reasons for the delay. For one, they want to upgrade some of the hardware: they're swapping the dual-core CPU for a quad-core model, and they're working on the Wi-Fi antenna to boost reception. But on the software side, the biggest change they mention is that they're adding support for DRM. This is a bit of a surprise, since all they said on the Kickstarter about DRM was that they hoped it would be handled "either via the playback app itself or the OS." Apparently this wasn't possible, so they're implementing Microsoft PlayReady tech on the Matchstick.
Firefox

Firefox Succeeded In Its Goal -- But What's Next? 296

Posted by Soulskill
from the building-actual-foxes-made-of-fire dept.
trawg writes: It's been more than 10 years since Mozilla released version 1.0 of Firefox, one of their first steps in their mission to 'preserve choice and innovation on the Internet'. Firefox was instrumental in shattering the web monoculture, but the last few years of development have left users uninspired. "Their goal was never to create the most popular browser in the world, or the one with the best UX, or the one with the most features, or the one with the best developer mode. ... It would be foolish to say a monoculture will never arise again (Google are making some scary moves with Chrome-only web applications). But at this point in time while Chrome is the ascendant browser (largely at the expense of Firefox), Mozilla’s ability to impact the web in general is greatly reduced." Perhaps it is time to move on to the next challenge — ensuring there is a strong Thunderbird to help preserve a free and open email ecosystem.
Communications

Mozilla Dusts Off Old Servers, Lights Up Tor Relays 80

Posted by timothy
from the good-citizenship dept.
TechCurmudgeon writes According to The Register, "Mozilla has given the Tor network a capacity kick with the launch of 14 relays that will help distribute user traffic. Engineers working under the Foundation's Polaris Project inked in November pulled Mozilla's spare and decommissioned hardware out of the cupboard for dedicated use in the Tor network. It included a pair of Juniper EX4200 switches and three HP SL170zG6 (48GB ram, 2*Xeon L5640, 2*1Gbps NIC) servers, along with a dedicated existing IP transit provider (2 X 10Gbps). French Mozilla engineer Arzhel Younsi (@xionoxfr) said its network was designed to fall no lower than half of its network capacity in the event of maintenance or failure. The Polaris initiative was a effort of Mozilla, the Tor Project and the Centre for Democracy and Technology to help build more privacy controls into technology."
Youtube

YouTube Ditches Flash For HTML5 Video By Default 225

Posted by Soulskill
from the now-if-they-can-ditch-the-commenters dept.
An anonymous reader writes: YouTube today announced it has finally stopped using Adobe Flash by default. The site now uses its HTML5 video player by default in Google's Chrome, Microsoft's IE11, Apple's Safari 8, and in beta versions of Mozilla's Firefox browser. At the same time, YouTube is now also defaulting to its HTML5 player on the web. In fact, the company is deprecating the "old style" Flash object embeds and its Flash API, pointing users to the iFrame API instead, since the latter can adapt depending on the device and browser you're using.
Firefox

Firefox 35 Arrives With MP4 Playback On Mac, Android Download Manager Support 177

Posted by Soulskill
from the onward-and-upward dept.
An anonymous reader writes: Mozilla today launched Firefox 35 for Windows, Mac, Linux, and Android. Major additions to the browser include room-based Firefox Hello conversations, H.264 (MP4 files) playback on OS X, and integration with the Android download manager. Mozilla has opened up the Firefox Marketplace for the desktop, currently in beta. While Firefox Marketplace is already available on Firefox OS and Firefox for Android, the company is now asking users to help test apps on Windows, Mac, and Linux. Full changelogs: desktop and Android.
Education

Chicago E-Learning Scheme Embraces Virtual Badges For Public Schoolers 46

Posted by timothy
from the credit-for-hooky dept.
theodp (442580) writes "Over at the Chicago City of Learning, children are asked to join the CPS Connects initiative and instructed to provide their Chicago Public School (CPS) student ID to "connect your learning experiences in your school and around the city". Doing so, explains the website, will allow kids to "earn digital badges that unlock new, related opportunities and can give access to live learning experiences throughout Chicago from program partners," which will serve as "an indicator of achievement to colleges and employers." The initiative aims to "get 80% of all 3rd-12th grade students to claim their accounts by January 30th." Before you scoff at the idea that a child's future could depend on his or her Digital Badge collection, consider that the supporters helping government make it happen include the MacArthur Foundation, Gates Foundation, and Mozilla, and a number of business and education partners have made public pledges committing to help accelerate the spread and scale of digital badges for learning. Digital badge-based employment has also earned a thumbs-up from the White House. It's unclear, but might make sense that Chicago kids' digital badges will be collected and shared in the citywide data warehouse being built by the 'cradle-to-career' Thrive Chicago initiative, which is working with the Mayor's Office and CPS to develop a "data system that integrates data from multiple partner agencies, links program participation data to other youth data, and provides a web interface where partner agencies can access youth data targeted on improving youth outcomes at the individual and aggregate levels." After all, the data collected will include "student demographics, school attendance, grades, student behavior, out of school time program participation, and progress to graduation." Not only that, Thrive Chicago's Leadership Council includes the interim President of the MacArthur Foundation (as well as Microsoft and IBM employees)." Update: 01/12 15:52 GMT by T : An earlier version of this story misstated the name of the MacArthur Foundation, which has now been corrected.
Censorship

Inside North Korea's Naenara Browser 159

Posted by timothy
from the threat-is-right dept.
msm1267 (2804139) writes with this excerpt from Threatpost Up until a few weeks ago, the number of people outside of North Korea who gave much thought to the Internet infrastructure in that country was vanishingly small. But the speculation about the Sony hack has fixed that, and now a security researcher has taken a hard look at the national browser used in North Korea and found more than a little weirdness. The Naenara browser is part of the Red Star operating system used in North Korea and it's a derivative of an outdated version of Mozilla Firefox. The country is known to tightly control the communications and activities of its citizens and that extends online, as well. Robert Hansen, vice president of WhiteHat Labs at WhiteHat Security, and an accomplished security researcher, recently got a copy of Naenara and began looking at its behavior, and he immediately realized that every time the browser loads, its first move is to make a request to a non-routable IP address, http://10.76.1.11./ That address is not reachable from networks outside the DPRK.

"Here's where things start to go off the rails: what this means is that all of the DPRK's national network is non-routable IP space. You heard me; they're treating their entire country like some small to medium business might treat their corporate office," Hansen wrote in a blog post detailing his findings. "The entire country of North Korea is sitting on one class A network (16,777,216 addresses). I was always under the impression they were just pretending that they owned large blocks of public IP space from a networking perspective, blocking everything and selectively turning on outbound traffic via access control lists."
Firefox

Firefox 34 Arrives With Video Chat, Yahoo Search As Default 237

Posted by Soulskill
from the onward-and-upward dept.
An anonymous reader writes: Mozilla today launched Firefox 34 for Windows, Mac, Linux, and Android. Major additions to the browser include a built-in video chat feature, a revamped search bar, and tab mirroring from Android to Chromecast. This release also makes Yahoo Search the default in North America, in place of Google. Full changelogs: desktop and Android."
Firefox

Firefox Will Soon Offer One-Click Buttons For Your Search Engines 101

Posted by Soulskill
from the who-needs-keyword-search dept.
An anonymous reader writes: Mozilla today unveiled some of the new search features coming to Firefox. The company says the new additions are "coming soon to a Firefox near you" but didn't give a more specific timeline. The news comes less than a week after Mozilla struck a deal with Yahoo to replace Google as the default search engine in its browser for U.S. users. At the time, the company said a new search experience was coming in December, so we're betting the search revamp will come with the release of Firefox 34, which is currently in beta. In the future release, when you type a search term into the Firefox search box, you will get a list of reorganized search suggestions from the default search provider. Better yet, a new array of buttons below these suggestions will let you pick which search engine you want to send the query to.
Mozilla

Mozilla's 2013 Report: Revenue Up 1% To $314M; 90% From Google 161

Posted by timothy
from the that's-money-alright dept.
An anonymous reader writes Mozilla has released its annual financial report for 2013, and the numbers hint as to why the organization signed a five-year deal with Yahoo, announced by the duo on November 19. Revenue increased just 1 percent, and the organization's reliance on Google stayed flat at 90 percent. The total revenue for the Mozilla Foundation and its subsidiaries in 2011 was $163 million, and it increased 90.2 percent to $311 million for 2012. Yet that growth all but disappeared last year, as the total revenue moved up less than 1 percent (0.995 percent to be more precise) to $311 million in 2013. 85 percent of Mozilla's revenue came from Google in 2011, and that figure increased to 90 percent in 2012. While the 90 percent number remained for 2013, it's still a massive proportion and shows Mozilla last year could not figure out a way to differentiate where its money comes from.
Yahoo!

Firefox Signs Five-Year Deal With Yahoo, Drops Google as Default Search Engine 400

Posted by samzenpus
from the new-couple dept.
mpicpp writes with news that Yahoo will soon become the default search engine in Firefox. Google's 10-year run as Firefox's default search engine is over. Yahoo wants more search traffic, and a deal with Mozilla will bring it. In a major departure for both Mozilla and Yahoo, Firefox's default search engine is switching from Google to Yahoo in the United States. "I'm thrilled to announce that we've entered into a five-year partnership with Mozilla to make Yahoo the default search experience on Firefox across mobile and desktop," Yahoo Chief Executive Marissa Mayer said in a blog post Wednesday. "This is the most significant partnership for Yahoo in five years." The change will come to Firefox users in the US in December, and later Yahoo will bring that new "clean, modern and immersive search experience" to all Yahoo search users. In another part of the deal, Yahoo will support the Do Not Track technology for Firefox users, meaning that it will respect users' preferences not to be tracked for advertising purposes. With millions of users who perform about 100 billion searches a year, Firefox is a major source of the search traffic that's Google's bread and butter. Some of those searches produce search ads, and Mozilla has been funded primarily from a portion of that revenue that Google shares. In 2012, the most recent year for which figures are available, that search revenue brought in the lion's share of Mozilla's $311 million in revenue.
Encryption

Launching 2015: a New Certificate Authority To Encrypt the Entire Web 212

Posted by Soulskill
from the respect-their-authority dept.
Peter Eckersley writes: Today EFF, Mozilla, Cisco, and Akamai announced a forthcoming project called Let's Encrypt. Let's Encrypt will be a certificate authority that issues free certificates to any website, using automated protocols (demo video here). Launching in summer 2015, we believe this will be the missing piece that deprecates the woefully insecure HTTP protocol in favor of HTTPS.