IT

Adobe Announces that in 2020, Flash Player Will Reach Its 'End-of-Life' in Light of Newer Technologies (webkit.org) 152

Adobe said on Tuesday it will stop distributing and updating Flash Player at the end of 2020 and is encouraging web developers to migrate any existing Flash content to open standards. Apple is working with Adobe, industry partners, and developers to complete this transition. From a blog post: Apple users have been experiencing the web without Flash for some time. iPhone, iPad, and iPod touch never supported Flash. For the Mac, the transition from Flash began in 2010 when Flash was no longer pre-installed. Today, if users install Flash, it remains off by default. Safari requires explicit approval on each website before running the Flash plugin.
AI

Mozilla's New Open Source Voice-Recognition Project Wants Your Voice (mashable.com) 55

An anonymous reader quotes Mashable: Mozilla is building a massive repository of voice recordings for the voice apps of the future -- and it wants you to add yours to the collection. The organization behind the Firefox browser is launching Common Voice, a project to crowdsource audio samples from the public. The goal is to collect about 10,000 hours of audio in various accents and make it publicly available for everyone... Mozilla hopes to hand over the public dataset to independent developers so they can harness the crowdsourced audio to build the next generation of voice-powered apps and speech-to-text programs... You can also help train the speech-to-text capabilities by validating the recordings already submitted to the project. Just listen to a short clip, and report back if text on the screen matches what you heard... Mozilla says it aims is to expand the tech beyond just a standard voice recognition experience, including multiple accents, demographics and eventually languages for more accessible programs. Past open source voice-recognition projects have included Sphinx 4 and VoxForge, but unfortunately most of today's systems are still "locked up behind proprietary code at various companies, such as Amazon, Apple, and Microsoft."
Encryption

Let's Encrypt Criticized Over Speedy HTTPS Certifications (threatpost.com) 203

100 million HTTPS certificates were issued in the last year by Let's Encrypt -- a free certificate authority founded by Mozilla, Cisco and the Electronic Frontier Foundation -- and they're now issuing more than 100,000 HTTPS certificates every day. Should they be performing more vetting? msm1267 shared this article from Kaspersky Lab's ThreatPost blog: [S]ome critics are sounding alarm bells and warning that Let's Encrypt might be guilty of going too far, too fast, and delivering too much of a good thing without the right checks and balances in place. The primary concern has been that while the growth of SSL/TLS encryption is a positive trend, it also offers criminals an easy way to facilitate website spoofing, server impersonation, man-in-the-middle attacks, and a way to sneak malware through company firewalls... Critics do not contend Let's Encrypt is responsible for these types of abuses. Rather, because it is the 800-pound gorilla when it comes to issuing basic domain validation certificates, critics believe Let's Encrypt could do a better job vetting applicants to weed out bad actors... "I think there should be some type of vetting process. That would make it more difficult for malicious actors to get them," said Justin Jett, director of audit and compliance at Plixer, a network traffic analytics firm...

Josh Aas, executive director of the Internet Security Research Group, the organization that oversees Let's Encrypt, points out that its role is not to police the internet, rather its mission is to make communications secure. He added that, unlike commercial certificate authorities, it keeps a searchable public database of every single domain it issues. "When people get surprised at the number of PayPal phishing sites and get worked up about it, the reason they know about it is because we allow anyone to search our records," he said. Many other certificate authorities keep their databases of issued certificates private, citing competitive reasons and that customers don't want to broadcast the names of their servers... The reason people treat us like a punching bag is that we are big and we are transparent. "

The criticism intensified after Let's Encrypt announced they'd soon offer wildcard certificates for subdomains. But the article also cites security researcher Scott Helme, who "argued if encryption is to be available to all then that includes the small percent of bad actors. 'I don't think it's for Signal, or Let's Encrypt, to decide who should have access to encryption."
Mozilla

The New Firefox and Ridiculous Numbers of Tabs (metafluff.com) 210

An anonymous reader shares a blog post: I've got a Firefox profile with 1691 tabs. As you would expect, Firefox handled this profile quite poorly for a long time. I got used to multi-minute startup time, waiting 15-30 seconds for tabs from external apps to show up, and all manner of non-responsive behavior. And then, quite recently, everything changed. Right now, more effort is being put into making Firefox fast than I've seen since... well, since I've been working on Firefox. And I've been at Mozilla for more than a decade. Part of this effort is a project called Quantum Flow -- a bunch of engineers making changes that directly impact Firefox responsiveness. A lot of the improvement in this particular scenario is from Kevin Jones' work on bringing the overall cost of unloaded tabs as close to zero as possible. While the major work has landed, the work continues in Bug 906076. Test scenario: I took my 1691 tab browser profile, and did a wall-clock measurement of start-up time and memory use for Firefox versions 20, 30, 40, and 50 through 56. In the result, the person found that Firefox startup time has gotten worse over time... until Firefox 51.
Mozilla

Mozilla Employee Denied Entry To the United States (gizmodo.com) 420

Reader Artem Tashkinov writes: Daniel Stenberg, an employee at Mozilla and the author of the command-line tool curl, was not allowed to board his flight to the meeting from Sweden—despite the fact that he'd previously obtained a visa waiver allowing him to travel to the US. Stenberg was unable to check in for his flight, and was notified at the airport ticket counter that his entry to the US had been denied. Although Mozilla doesn't believe that the incident is related to Trump's travel ban, the incident stirred fears among international tech workers, who fear they'll miss out on work and research opportunities if they're not allowed to travel to the US. The situation even caught the eye of Microsoft's chief legal officer Brad Smith, who tweeted at Stenberg to offer legal assistance.
Microsoft

Google Chrome Bests Microsoft Edge, Mozilla Firefox, Opera In Independent Battery Life Tests (betanews.com) 114

An anonymous reader shares a report: YouTuber Linus Tech Tips has pitted Microsoft Edge against Google Chrome, Mozilla Firefox and Opera and discovered that it does not deliver as strong a performance as Microsoft claims. Linus Tech Tips took four Dell Inspiron laptops, with the same specs, and found that Microsoft Edge trails Chrome and Opera in battery life tests. It would seem that it still beats Firefox, after all. However, the results are much, much closer than what Microsoft's own tests indicate. On average, the difference between Chrome, which offers the best battery life, and Microsoft Edge is under 40 minutes. Opera comes closer to Microsoft Edge than Chrome in this test. Even Creators Update, which based on Microsoft's test should help Microsoft Edge obliterate the competition, didn't help make it faster than Chrome. Linus says he used the same methodology that Microsoft used in its set of battery tests earlier this year, in which it declared Edge as the winner.
The Internet

If You Can Decentralize the Internet, Mozilla Has $2 Million For You (cnet.com) 127

Mozilla and the National Science Foundation want a new internet. And they want it to be free and accessible for everybody. From a report: They'll pay $2 million for it. On Wednesday, the two organizations issued a call to action for "big ideas that decentralize the web" as part of the "Wireless Innovation for a Networked Society" challenges. The challenges include getting the internet to communities off the grid, with proposals like a backpack with a computer and Wi-Fi router inside.
Firefox

Chrome and Firefox Headless Modes May Spur New Adware & Clickfraud Tactics (bleepingcomputer.com) 80

From a report: During the past month, both Google and Mozilla developers have added support in their respective browsers for "headless mode," a mechanism that allows browsers to run silently in the OS background and with no visible GUI. [...] While this feature sounds very useful for developers and very uninteresting for day-to-day users, it is excellent news for malware authors, and especially for the ones dabbling with adware. In the future, adware or clickfraud bots could boot-up Chrome or Firefox in headless mode (no visible GUI), load pages, and click on ads without the user's knowledge. The adware won't need to include or download any extra tools and could use locally installed software to perform most of its malicious actions. In the past, there have been quite a few adware families that used headless browsers to perform clickfraud. Martijn Grooten, an editor at Virus Bulletin, also pointed Bleeping Computer to a report where miscreants had abused PhantomJS, a headless browser, to post forum spam. The addition of headless mode in Chrome and Firefox will most likely provide adware devs with a new method of performing surreptitious ad clicks.
Android

Mozilla Launches Privacy-Minded 'Firefox Focus' Browser For Android (venturebeat.com) 58

An anonymous reader quotes a report from VentureBeat: Mozilla today launched a new browser for Android. In addition to Firefox, the company now also offers Firefox Focus, a browser dedicated to user privacy that by default blocks many web trackers, including analytics, social, and advertising. You can download the new app now from Google Play. Because Google isn't as strict as Apple, Android users can set Firefox Focus as their default browser. There are many use cases for wanting to browse the web without being tracked, but Mozilla offers a common example: reading articles via apps "like Facebook." On iOS, Firefox Focus is basically just a web view with tracking protection. On Android, Firefox Focus is the same, with a few additional features (which are still "under consideration" for iOS):
  • Ad tracker counter -- Lists the number of ads that are blocked per site while using the app.
  • Disable tracker blocker -- For sites that are not loading correctly, you can disable the tracker blocker to fix the issues.
  • Notification reminder -- When Firefox Focus is running in the background, a notification will remind you so you can easily tap to erase your browsing history.

Security

Cisco Subdomain Private Key Found in Embedded Executable (google.com) 53

Earlier this month, a developer accidentally discovered the private key of a Cisco subdomain. An anonymous reader shares the post: Last weekend, in an attempt to get Sky's NOW TV video player (for Mac) to work on my machine, I noticed that one of the Cisco executables contains a private key that is associated with the public key in a trusted certificate for a cisco.com sub domain. This certificate is used in a local WebSocket server, presumably to allow secure Sky/NOW TV origins to communicate with the video player on the users' local machines. I read the Baseline Requirements document (version 1.4.5, section 4.9.1.1), but I wasn't entirely sure whether this is considered a key compromise. I asked Hanno Bock on Twitter, and he advised me to post the matter to this mailing list. The executable containing the private key is named 'CiscoVideoGuardMonitor', and is shipped as part of the NOW TV video player. In case you are interested, the installer can be found here (SHA-256: 56feeef4c3d141562900f9f0339b120d4db07ae2777cc73a31e3b830022241e6). I would recommend to run this installer in a virtual machine, because it drops files all over the place, and installs a few launch items (agents/daemons). The executable 'CiscoVideoGuardMonitor' can be found at '$HOME/Library/Cisco/VideoGuardPlayer/VideoGuardMonitor/ VideoGuardMonitor.bundle/Contents/MacOS/CiscoVideoGuardMonitor'. Certificate details: Serial number: 66170CE2EC8B7D88B4E2EB732E738FE3A67CF672, DNS names: drmlocal.cisco.com, Issued by: HydrantID SSL ICA G2. The issuer HydrantID has since communicated with the certificate holder Cisco, and the certificate has been revoked.
Mozilla

Firefox 54 Arrives With Multi-Process Support For All Users (venturebeat.com) 102

An anonymous reader writes: Mozilla today launched Firefox 54 for Windows, Mac, Linux, and Android. The new version includes the next major phase of multi-process support, which streamlines memory use, improving responsiveness and speed. The Electrolysis project, which is the largest change to Firefox code ever, is live. Firefox now uses up to four processes to run webpage content across all open tabs. This means that complex webpages in one tab have a much lower impact on responsiveness and speed in other tabs, and Firefox finally makes better use of your computer's hardware.
Mozilla

Americans From Both Political Parties Overwhelmingly Support Net Neutrality, Poll Shows (mozilla.org) 245

Mozilla conducted a survey in which it found that a majority of Americans do not trust the government to protect Internet access. From an article, shared by a reader: A recent public opinion poll carried out by Mozilla and Ipsos revealed overwhelming support across party lines for net neutrality, with over three quarters of Americans (76%) supporting net neutrality. Eighty-one percent of Democrats and 73% of Republicans are in favor of it. Another key finding: Most Americans do not trust the U.S. government to protect access to the Internet. Seventy percent of Americans place no or little trust in the Trump administration or Congress (78%) to do so. Mozilla and Ipsos carried out the poll in late May, on the heels of the FCC's vote to begin dismantling Obama-era net neutrality rules. We polled approximately 1,000 American adults across the U.S., a sample that included 354 Democrats, 344 Republicans, and 224 Independents.
Mozilla

Amazon, Mozilla, Kickstarter, and Reddit Are Staging a Net Neutrality Online Protest (washingtonpost.com) 70

An anonymous reader shares a report: Some of the Internet's biggest names are banding together for a "day of action" to oppose the Federal Communications Commission (alternative source), which is working to undo regulations for Internet providers that it passed during the Obama administration. Among the participants are Etsy, Kickstarter and Mozilla, the maker of the popular Firefox Web browser. Also joining the day of protest will be Reddit, the start-up incubator Y Combinator, and Amazon. On July 12, the companies and organizations are expected to change their websites to raise awareness of the FCC effort, which is aimed at deregulating the telecom and cable industries. Mozilla, for example, will change what users see on their screens when they open a new browser window. Other participants include Demand Progress, Etsy, Vimeo, Private Internet Access, Fight for the Future, EFF, DreamHost, Creative Commons, BitTorrent, American Library Association, ACLU, GreenPeace, Open Media, and Patreon. Find more details here.
Ubuntu

Ubuntu Touch Mobile OS Now Maintained By UBports (phoronix.com) 22

An anonymous reader quotes Phoronix: UBports continues to be the leading community project for trying to let Ubuntu Touch live on and evolve under their direction... Among their recent achievements were acquiring more sponsors, all devices that were sold with Ubuntu Touch can now run with UBports' builds, they are working on their own version of Mozilla's AGPS Location Service to replace Canonical's GPS system, the Halium OS platform continues evolving, the Dekko email client is back under development, installation improvements are being worked on, they are still striving for Wayland support, and more.
The UBports Patreon page has even raised enough to allow UBports founder Marius Gripsgard to work full-time on what they're calling "a beautiful, free and open-source mobile OS." Their recent community update announced that "we are seeing more activity on Ubuntu Touch than for a very long time, and that is really encouraging."
Chrome

Chrome To Deprecate PNaCl, Embrace New WebAssembly Standard (tomshardware.com) 108

An anonymous reader quotes Tom's Hardware Google announced that its Portable Native Client (PNaCl) solution for making native code run inside the browser will be replaced by the new cross-browser web standard called WebAssembly... Even though Google open sourced PNaCl, as part of the Chromium project, Mozilla ended up creating its own alternative called "asm.js," an optimized subset of JavaScript that could also compile to the assembly language. Mozilla thought that asm.js was far simpler to implement and required no API compatibility, as PNaCl did. As these projects seemed to go nowhere, with everyone promoting their own standard, the major browser vendors seem to have eventually decided on creating WebAssembly. WebAssembly can give web apps near-native performance, offers support for more CPU features, and is simpler to implement in browsers and use by developers.
Mozilla

Former Mozilla CTO: 'Chrome Won' (andreasgal.com) 272

Responding to Firefox marketing head Eric Petitt's blog post from earlier this week, Andreas Gal, former chief technology officer of Mozilla (who spent seven years at the company) offers his insights. Citing latest market share figures, Gal says "it's safe to say that Chrome is eating the browser market, and everyone else except Safari is getting obliterated." From his blog post (edited and condensed for length): With a CEO transition about 3 years ago there was a major strategic shift at Mozilla to re-focus efforts on Firefox and thus the Desktop. Prior to 2014 Mozilla heavily invested in building a Mobile OS to compete with Android: Firefox OS. I started the Firefox OS project and brought it to scale. While we made quite a splash and sold several million devices, in the end we were a bit too late and we didn't manage to catch up with Android's explosive growth. Mozilla's strategic rationale for building Firefox OS was often misunderstood. Mozilla's founding mission was to build the Web by building a browser. [...] Browsers are a commodity product. They all pretty much look the same and feel the same. All browsers work pretty well, and being slightly faster or using slightly less memory is unlikely to sway users. If even Eric -- who heads Mozilla's marketing team -- uses Chrome every day as he mentioned in the first sentence, it's not surprising that almost 65% of desktop users are doing the same. [...] I don't think there will be a new browser war where Firefox or some other competitor re-captures market share from Chrome. It's like launching a new and improved horse in the year 2017. We all drive cars now. Some people still use horses, and there is value to horses, but technology has moved on when it comes to transportation. Does this mean Google owns the Web if they own Chrome? No. Absolutely not. Browsers are what the Web looked like in the first decades of the Internet. Mobile disrupted the Web, but the Web embraced mobile and at the heart of most apps beats a lot of JavaScript and HTTPS and REST these days. The future Web will look yet again completely different. Much will survive, and some parts of it will get disrupted.
Mozilla

Firefox Marketing Head Expresses Concerns Over Google's Apparent 'Only Be On Chrome' Push (medium.com) 189

Eric Petitt, head up Firefox marketing, writing in a blog: I use Chrome every day. Works fine. Easy to use. There are multiple things that bug me about the Chrome product, for sure, but I'm OK with Chrome. I just don't like only being on Chrome. And that's what Chrome wants. It wants you to only use Chrome. Chrome is not evil, it's just too big for its britches. Its influence on the internet economy and individuals is out of balance. Chrome, with 4 times the market share of its nearest competitor (Firefox), is an eight-lane highway to the largest advertising company in the world. Google built it to maximize revenue from your searches and deliver display ads on millions of websites. To monetize every... single... click. And today, there exists no meaningful safety valve on its market dominance. Beyond Google, the web looks more and more like a feudal system, where the geography of the web has been partitioned off by the Frightful Five. Google, Facebook, Microsoft, Apple and Amazon are our lord and protectors, exacting a royal sum for our online behaviors. We're the serfs and tenants, providing homage inside their walled fortresses. Noble upstarts are erased or subsumed under their existing order. (Footnote: Petitt has made it clear that the aforementioned views are his own, and not those of Mozilla.)
United States

Aftermath From The Net Neutrality Vote: A Mass Movement To Protect The Open Internet? (mashable.com) 132

After Thursday's net neutrality vote, two security guards pinned a reporter against a wall until FCC Commissioner Michael O'Rielly had left the room, the Los Angeles Times reports. The Writers Guild of America calls the FCC's 2-to-1 vote to initiate a repeal of net neutrality rules a "war on the open internet," according to The Guardian. But the newspaper now predicts that online activists will continue their massive campaign "as the month's long process of reviewing the rules begins." The Hill points out that Mozilla is already hiring a high-profile tech lobbyist to press for both cybersecurity and an open internet, and in a blog post earlier this week the Mozilla Foundation's executive director sees a larger movement emerging from the engagement of millions of internet users. Today's support for net neutrality isn't the start of the Internet health movement. People have been standing up for an open web since its inception -- by advocating for browser choice, for open source practices, for mass surveillance reform. But net neutrality is an opportunity to propel this movement into the mainstream... If we make Internet health a mainstream issue, we can cement the web as a public resource. If we don't, mass surveillance, exclusion and insecurity can creep into every aspect of society. Hospitals held hostage by rogue hackers can become the status quo.
Meanwhile, The Guardian reports that it's not till the end of the FCC's review process that "a final FCC vote will decide the future of internet regulation," adding that however they vote, "court challenges are inevitable."
Firefox

Firefox 55: Flash Will Become 'Ask To Activate' For Everyone (bleepingcomputer.com) 114

An anonymous reader quotes a report from BleepingComputer: Starting with the release of Firefox 55, the Adobe Flash plugin for Firefox will be set to "Ask to Activate" by default for all users. This move was announced in August 2016, as part of Mozilla's plan to move away from plugins built around the NPAPI technology. Flash is currently the only NPAPI plugin still supported in Firefox, and moving its default setting from "Always Activate" to "Ask to Activate" is just another step towards the final step of stop supporting Flash altogether. This new Flash default setting is already live in Firefox's Nightly Edition and will move through the Alpha and Beta versions as Firefox nears its v55 Stable release. By moving Flash to a click-to-play setting, Firefox will indirectly start to favor HTML5 content over Flash for all multimedia content. Other browsers like Google Chrome, Brave, or Opera already run Flash on a click-to-play setting, or disabled by default. Firefox is scheduled to be released on August 8, 2017.
Television

HBO's 'Silicon Valley' Joins The Push For A Decentralized Web (ieee.org) 115

Tekla Perry writes: HBO's fictional Silicon Valley character Richard Hendricks sets out to reinvent the Internet into something decentralized. ["What if we used all those phones to build a massive network...we could build a completely decentralized version of our current Internet with no firewalls, no tolls, no government regulation, no spying. Information would be totally free in every sense of the word."] That sound a lot like what Brewster Kahle, Tim Berners-Lee, and Vint Cerf have been calling the decentralized web. Kahle tells IEEE Spectrum about how closely HBO's vision matches his own, and why he's happy to have this light shined on the movement.
In 2015 Kahle pointed out the current web isn't private. "People, corporations, countries can spy on what you are reading. And they do." But in a decentralized web, "the bits will be distributed -- across the net -- so no one can track the readers of a site from a single point or connection."

He tells IEEE Spectrum that though the idea is hard to execute, a lot of people are already working on it. "I recently talked to a couple of engineers working for Mozilla, and brought up the idea of decentralizing the web. They said, 'Oh, we have a group working on that, are you thinking about that as well?'"

Slashdot Top Deals