For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×
Firefox

Firefox 39 Released, Bringing Security Improvements and Social Sharing 157 157

An anonymous reader writes: Today Mozilla announced the release of Firefox 39.0, which brings an number of minor improvements to the open source browser. (Full release notes.) They've integrated Firefox Share with Firefox Hello, which means that users will be able to open video calls through links sent over social media. Internally, the browser dropped support for the insecure SSLv3 and disabled use of RC4 except where explicitly whitelisted. The SafeBrowsing malware detection now works for downloads on OS X and Linux. (Full list of security changes.) The Mac OS X version of Firefox is now running Project Silk, which makes animations and scrolling noticeably smoother. Developers now have access to the powerful Fetch API, which should provide a better interface for grabbing things over a network.
Safari

Is Safari the New Internet Explorer? 307 307

An anonymous reader writes: Software developer Nolan Lawson says Apple's Safari has taken the place of Microsoft's Internet Explorer as the major browser that lags behind all the others. This comes shortly after the Edge Conference, where major players in web technologies got together to discuss the state of the industry and what's ahead. Lawson says Mozilla, Google, Opera, and Microsoft were all in attendance and willing to talk — but not Apple.

"It's hard to get insight into why Apple is behaving this way. They never send anyone to web conferences, their Surfin' Safari blog is a shadow of its former self, and nobody knows what the next version of Safari will contain until that year's WWDC. In a sense, Apple is like Santa Claus, descending yearly to give us some much-anticipated presents, with no forewarning about which of our wishes he'll grant this year. And frankly, the presents have been getting smaller and smaller lately."

He argues, "At this point, we in the web community need to come to terms with the fact that Safari has become the new IE. Microsoft is repentant these days, Google is pushing the web as far as it can go, and Mozilla is still being Mozilla. Apple is really the one singer in that barbershop quartet hitting all the sour notes, and it's time we start talking about it openly instead of tiptoeing around it like we're going to hurt somebody's feelings."
Programming

WebAssembly: An Attempt To Give the Web Its Own Bytecode 126 126

New submitter Josiah Daniels writes with this kernel from a much more detailed article at Ars Technica about what already looks like a very important initiative: WebAssembly is a new project being worked on by people from Mozilla, Microsoft, Google, and Apple, to produce a bytecode for the Web. WebAssembly, or wasm for short, is intended to be a portable bytecode that will be efficient for browsers to download and load, providing a more efficient target for compilers than plain JavaScript or even asm.js
Security

"Let's Encrypt" Project To Issue First Free Digital Certificates Next Month 97 97

An anonymous reader writes: Let's Encrypt, the project that hopes to increase the use of encryption across websites by issuing free digital certificates, is planning to issue the first ones next month. Backed by the EFF, the Mozilla Foundation, the Linux Foundation, Akamai, IdenTrust, Automattic, and Cisco, Let's Encrypt will provide free-of-charge SSL and TSL certificates to any webmaster interested in implementing HTTPS for their products. The Stack reports: "Let's Encrypt's root certificate will be cross-signed by IdenTrust, a public key CA owned by smartphone government ID card provider HID Global. Website operators are generally hesitant to use SSL/TLS certificates due to their cost. An extended validation (EV) SSL certificates can cost up to $1,000. It is also a complication for operators to set up encryption for larger web services. Let's Encrypt aims to remove these obstacles by eliminating the related costs and automating the entire process."
Firefox

Mozilla Responds To Firefox User Backlash Over Pocket Integration 351 351

An anonymous reader writes: Last week, Mozilla updated Firefox to add Pocket integration — software that lets you save web articles to read later. Over the weekend, some Firefox users began to voice their displeasure over the move on public forums like Bugzilla, Google Groups, and Hacker News. The complaints center around Pocket being a proprietary third-party service, which already exists as an add-on, and is not a required component for a browser. Integrating Pocket directly into Firefox means it cannot be removed, only disabled. In response, Mozilla has released a statement saying users like the integration and the integration code is open source.
Mozilla

Mozilla Plans To Build Virtual Reality APIs Into Firefox By the End of 2015 91 91

An anonymous reader writes: Mozilla's VR research team is hard at work making virtual reality native to the web. The group wants more than a few experimental VR-only websites, they want responsive VR websites that can adapt seamlessly between VR and non-VR, from mobile to desktop, built with HTML and CSS . Experimental work is already underway, and now the team says that they 'aim to have support for the WebVR API shipping with our release channel builds of Firefox Desktop by end of this year.' Those with the Oculus Rift developer kit can already try out a few native WebVR experiences using Firefox Nightly.
Chrome

Ask Slashdot: Options After Google Chrome Discontinues NPAPI Support? 208 208

An anonymous reader writes: I've been using Google Chrome almost exclusively for more than 3 years. I stopped using Mozilla Firefox because it was becoming bloated and slow, and I migrated all my bookmarks etc. to Chrome. Now Chrome plans to end NPAPI support — which means that I will not be able to access any sites that use Java, and I need this for work. I tried going back to Firefox for a couple of days but it still seems slow — starting it takes time, even the time taken to load a page seems more than Chrome. So what are my options now? Export all my bookmarks and go back to Mozilla Firefox and just learn to live with the performance drop? Or can I tweak Firefox performance in any way? FWIW, I am on a Windows 7 machine at work.
Cellphones

Mozilla Drops $25 Smartphone Plans, Will Focus On Higher Quality Devices 90 90

An anonymous reader writes: When Mozilla developed Firefox OS, its goal was not to provide the best smartphone experience, but to provide a "good enough" smartphone experience for a very low price. Unfortunately, these cheap handsets failed to make a dent in the overall smartphone market, and the organization is now shifting its strategy to start producing a better experience for better devices. CEO Chris Beard said, "If you are going to try to play in that world, you need to offer something that is so valuable that people are willing to give up access to the broader ecosystem. In the mass market, that's basically impossible." Of course, when moving to the midrange smartphone market, or even the high end, there's still plenty of competition, so the new strategy may not work any better. However, they've hinted at plans to start supporting Android apps, which could help them play catch-up. Beard seems fixated on this new goal: "We won't allow ourselves to be distracted, and we won't expand to new segments until significant traction is demonstrated." He adds, "We will build products that feel like Mozilla."
Firefox

Firefox's Optional Tracking Protection Reduces Load Time For News Sites By 44% 207 207

An anonymous reader writes: Former Mozilla software engineer Monica Chew and Computer Science researcher Georgios Kontaxis recently released a paper (PDF) that examines Firefox's optional Tracking Protection feature. The duo found that with Tracking Protection enabled, the Alexa top 200 news sites saw a 67.5 percent reduction in the number of HTTP cookies set. Furthermore, performance benefits included a 44 percent median reduction in page load time and 39 percent reduction in data usage.
Firefox

Ads Based On Browsing History Are Coming To All Firefox Users 531 531

An anonymous reader writes: Mozilla has announced plans to launch a feature called "Suggested Tiles," which will provide sponsored recommendations to visit certain websites when other websites show up in the user's new tab page. The tiles will begin to show up for beta channel users next week, and the company is asking for feedback. For testing purposes, users will only see Suggested Tiles "promoting Firefox for Android, Firefox Marketplace, and other Mozilla causes." It's not yet known what websites will show up on the tiles when the feature launches later this summer. The company says, "With Suggested Tiles, we want to show the world that it is possible to do relevant advertising and content recommendations while still respecting users’ privacy and giving them control over their data."
Firefox

First Smart TVs Powered By Firefox OS On Sale In Europe, Worldwide Soon 119 119

An anonymous reader writes: The first smart TVs powered by Firefox OS have gone on sale in Europe. Panasonic's line of Viera smart TVs includes six that are powered by Firefox OS — CR850, CR730, CX800, CX750, CX700 and CX680 — including their first curved LED LCD TV. The full global launch of the TVs is expected “in the coming months.” From the Mozilla blog: "We’re happy to partner with Panasonic to bring the first Smart TVs powered by Firefox OS to the world,” said Andreas Gal, Mozilla CTO. “With Firefox and Firefox OS powered devices, users can enjoy a custom and connected Web experience and take their favorite content (apps, videos, photos, websites) across devices without being locked into one proprietary ecosystem or brand.”
Programming

Criticizing the Rust Language, and Why C/C++ Will Never Die 386 386

An anonymous reader sends an article taking a harsh look at Rust, the language created by Mozilla Research, and arguing that despite all the flaws of C and C++, the two older languages are likely to remain in heavy use for a long time to come. Here are a few of the arguments: "[W]hat actually makes Rust safe, by the way? To put it simple, this is a language with a built-in code analyzer and it's a pretty tough one: it can catch all the bugs typical of C++ and dealing not only with memory management, but multithreading as well. Pass a reference to an assignable object through a pipe to another thread and then try to use this reference yourself - the program just will refuse to compile. And that's really cool. But C++ too hasn't stood still during the last 30 years, and plenty of both static and dynamic analyzers supporting it have been released during this time."

Further, "Like many of new languages, Rust is walking the path of simplification. I can generally understand why it doesn't have a decent inheritance and exceptions, but the fact itself that someone is making decisions for me regarding things like that makes me feel somewhat displeased. C++ doesn't restrict programmers regarding what they can or cannot use." And finally, "I can't but remind you for one more time that the source of troubles is usually in humans, not technology . If your C++ code is not good enough or Java code is painfully slow, it's not because the technology is bad - it's because you haven't learned how to use it right. That way, you won't be satisfied with Rust either, but just for some other reasons."
DRM

Firefox 38 Arrives With DRM Required To Watch Netflix 371 371

An anonymous reader writes with this excerpt from VentureBeat: Mozilla today launched Firefox 38 for Windows, Mac, Linux, and Android. Notable additions to the browser include Digital Rights Management (DRM) tech for playing protected content in the HTML5 video tag on Windows, Ruby annotation support, and improved user interfaces on Android. Firefox 38 for the desktop is available for download now on Firefox.com, and all existing users should be able to upgrade to it automatically. As always, the Android version is trickling out slowly on Google Play. Note that there is a separate download for Firefox 38 without the DRM support. Our anonymous reader adds links to the release notes for desktop and Android.
Mozilla

Mozilla Begins To Move Towards HTTPS-Only Web 324 324

jones_supa writes: Mozilla is officially beginning to phase out non-secure HTTP to prefer HTTPS instead. After a robust discussion on the mailing list, the company will boldly start removing capabilities of the non-secure web. There are two broad elements of this plan: setting a date after which all new features will be available only to secure websites, and gradually phasing out access to browser features for non-secure websites, especially regarding features that pose risks to users' security and privacy. This plan still allows for usage of the "http" URI scheme for legacy content. With HSTS and the upgrade-insecure-requests CSP attribute, the "http" scheme can be automatically translated to "https" by the browser, and thus run securely. The goal of this effort is also to send a message to the web developer community that they need to be secure. Mozilla expects to make some proposals to the W3C WebAppSec Working Group soon.
Android

Cyanogen Partners With Microsoft To Replace Google Apps 179 179

Unknown Lamer writes: Microsoft and Cyanogen Inc have announced a partnership to bring Microsoft applications to Cyanogen OS. "Under the partnership, Cyanogen will integrate and distribute Microsoft's consumer apps and services across core categories, including productivity, messaging, utilities, and cloud-based services. As part of this collaboration, Microsoft will create native integrations on Cyanogen OS, enabling a powerful new class of experiences." Ars Technica comments, "If Cyanogen really wants to ship a Googleless Android, it will need to provide alternatives to Google's services, and this Microsoft deal is a small start. Microsoft can provide alternatives for Search (Bing), Google Drive (OneDrive and Office), and Gmail (Outlook). The real missing pieces are alternatives to Google Play, Google Maps, and Google Play Services."

Rather than distribute more proprietary services, how about ownCloud for Drive, K-9 Mail for Gmail, OsmAnd for Maps, and F-Droid for an app store? Mozilla and DuckDuckGo provide Free Software search providers for Android, too. With Google neglecting the Android Open Source Project and Cyanogen partnering with Microsoft, the future for Free Software Android as anything but a shell for proprietary software looks bleak.
Encryption

'Let's Encrypt' Project Strives To Make Encryption Simple 116 116

jones_supa writes: As part of an effort to make encryption a standard component of every application, the Linux Foundation has launched the Let's Encrypt project (announcement) and stated its intention to provide access to a free certificate management service. Jim Zemlin, executive director for the Linux Foundation, says the goal for the project is nothing less than universal adoption of encryption to disrupt a multi-billion dollar hacker economy. While there may never be such a thing as perfect security, Zemlin says it's just too easy to steal data that is not encrypted. In its current form, encryption is difficult to implement and a lot of cost and overhead is associated with managing encryption keys. Zemlin claims the Let's Encrypt project will reduce the effort it takes to encrypt data in an application down to two simple commands. The project is being hosted by the Linux Foundation, but the actual project is being managed by the Internet Security Research Group. This work is sponsored by Akamai, Cisco, EFF, Mozilla, IdenTrust, and Automattic, which all are Linux Foundation patrons. Visit Let's Encrypt official website to get involved.
Security

Apple Leaves Chinese CNNIC Root In OS X and iOS Trusted Stores 100 100

Trailrunner7 writes When it was revealed late last month that a Chinese certificate authority had allowed an intermediate CA to issue unauthorized certificates for some Google domains, both Google and Mozilla reacted quickly and dropped trust in CNNIC altogether. Apple on Wednesday released major security upgrades for both of its operating systems, and the root certificate for CNNIC, the Chinese CA at the heart of the controversy, remains in the trusted stores for iOS and OS X. The company has not made any public statements on the incident or the continued inclusion of CNNIC's certificates in the trusted stores.
Firefox

Mozilla Rolls Back Firefox 37's Opportunistic Encryption Over Security Issue 42 42

darthcamaro writes: Barely a week ago, Mozilla released Firefox 37, which had a key new feature called opportunistic encryption. The basic idea is that it will do some baseline encryption for data that would have otherwise been sent by a user via clear text. Unfortunately, Mozilla has already issued Firefox 37.0.1, which removes opportunistic encryption. A security vulnerability was reported in the underlying Alternative Services capability that helps to enable opportunistic encryption. "If an Alt-Svc header is specified in the HTTP/2 response, SSL certificate verification can be bypassed for the specified alternate server. As a result of this, warnings of invalid SSL certificates will not be displayed and an attacker could potentially impersonate another site through a man-in-the-middle, replacing the original certificate with their own." They plan to re-enable opportunistic encryption when this issue is investigated and fixed.
China

Chinese Certificate Authority CNNIC Is Dropped From Google Products 176 176

eldavojohn writes A couple weeks ago, Google contacted the CNNIC (China's CA) to alert them of a problem regarding the delegated power of issuing fraudulent certificates for domains (in fact this came to light after fraudulent certificates were issued for Google's domains). Following this, Google decided to remove the CNNIC Root and EV CA as trusted CAs in its Chrome browser and all Google products. Today, the CNNIC responded to Google: "1. The decision that Google has made is unacceptable and unintelligible to CNNIC, and meanwhile CNNIC sincerely urge that Google would take users' rights and interests into full consideration. 2. For the users that CNNIC has already issued the certificates to, we guarantee that your lawful rights and interests will not be affected." Mozilla is waiting to formulate a plan.
Firefox

MP3 Backend of Firefox and Thunderbird Found Vulnerable 60 60

jones_supa writes A critical vulnerability has been found in the MPEG-1 Layer III playback backend of Mozilla Firefox and Thunderbird. Security researcher Aki Helin reported a use-after-free scenario when playing certain audio files on the web using the Fluendo MP3 plugin for GStreamer on Linux. This is due to a flaw in handling certain MP3 files by the plugin and its interaction with Mozilla code. A maliciously crafted MP3 file can lead to a potentially exploitable crash. Linux is the only affected platform, so Windows and OS X users are safe from this particular vulnerability.